internal SecurityDescriptor MakeClientPortSD()
{
//Allow only local service to connect
int errorCode = 0;
ExplicitAccessList dacl = new ExplicitAccessList(1);
Sid serverSid;
#if DEBUG
if (ServerIsLocalService)
#endif
serverSid = new LocalServiceSid();
#if DEBUG
else
{
serverSid = new WellKnownSid(WellKnownSidType.WinWorldSid);
}
#endif
dacl.AddAccessAllowedAce(0,//ACE index 0
AccessPermissions.PortConnect,
AceFlags.NoInheritance,
serverSid,
out errorCode);
if (errorCode != 0)
{
return(null);//error creating local service sid
}
return(new SecurityDescriptor(dacl));
}
public static _SID GetWellKnownSid(WellKnownSid type, uint[] domain)
{
switch (type)
{
case WellKnownSid.DOMAIN_USERS:
case WellKnownSid.DOMAIN_GUESTS:
case WellKnownSid.DOMAIN_COMPUTERS:
case WellKnownSid.DOMAIN_DOMAIN_CONTROLLERS:
case WellKnownSid.CERT_PUBLISHERS:
case WellKnownSid.SCHEMA_ADMINISTRATORS:
case WellKnownSid.ENTERPRISE_ADMINS:
case WellKnownSid.RAS_SERVERS:
case WellKnownSid.GROUP_POLICY_CREATOR_OWNERS:
if (domain == null)
{
throw new ArgumentNullException("domain");
}
if (domain.Length != 3)
{
throw new ArgumentException("The domain parameter is invalid", "domain");
}
break;
}
switch (type)
{
case WellKnownSid.NULL:
return CreateWellKnownSid(0, 0);
case WellKnownSid.EVERYONE:
return CreateWellKnownSid(1, 0);
case WellKnownSid.LOCAL:
return CreateWellKnownSid(2, 0);
case WellKnownSid.CONSOLE_LOGON:
return CreateWellKnownSid(2, 1);
case WellKnownSid.CREATOR_OWNER:
return CreateWellKnownSid(3, 0);
case WellKnownSid.CREATOR_GROUP:
return CreateWellKnownSid(3, 1);
case WellKnownSid.OWNER_SERVER:
return CreateWellKnownSid(3, 2);
case WellKnownSid.GROUP_SERVER:
return CreateWellKnownSid(3, 3);
case WellKnownSid.OWNER_RIGHTS:
return CreateWellKnownSid(3, 4);
case WellKnownSid.NT_AUTHORITY:
return CreateWellKnownSid(5);
case WellKnownSid.DIALUP:
return CreateWellKnownSid(5, 1);
case WellKnownSid.NETWORK:
return CreateWellKnownSid(5, 2);
case WellKnownSid.BATCH:
return CreateWellKnownSid(5, 3);
case WellKnownSid.INTERACTIVE:
return CreateWellKnownSid(5, 4);
case WellKnownSid.SERVICE:
return CreateWellKnownSid(5, 6);
case WellKnownSid.ANONYMOUS:
return CreateWellKnownSid(5, 7);
case WellKnownSid.PROXY:
return CreateWellKnownSid(5, 8);
case WellKnownSid.ENTERPRISE_DOMAIN_CONTROLLERS:
return CreateWellKnownSid(5, 9);
case WellKnownSid.PRINCIPAL_SELF:
return CreateWellKnownSid(5, 10);
case WellKnownSid.AUTHENTICATED_USERS:
return CreateWellKnownSid(5, 11);
case WellKnownSid.RESTRICTED_CODE:
return CreateWellKnownSid(5, 12);
case WellKnownSid.TERMINAL_SERVER_USER:
return CreateWellKnownSid(5, 13);
case WellKnownSid.REMOTE_INTERACTIVE_LOGON:
return CreateWellKnownSid(5, 14);
case WellKnownSid.THIS_ORGANIZATION:
return CreateWellKnownSid(5, 15);
case WellKnownSid.IUSR:
return CreateWellKnownSid(5, 17);
case WellKnownSid.LOCAL_SYSTEM:
return CreateWellKnownSid(5, 18);
case WellKnownSid.LOCAL_SERVICE:
return CreateWellKnownSid(5, 19);
case WellKnownSid.NETWORK_SERVICE:
return CreateWellKnownSid(5, 20);
case WellKnownSid.DOMAIN_USERS:
return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 513);
case WellKnownSid.DOMAIN_GUESTS:
return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 514);
case WellKnownSid.DOMAIN_COMPUTERS:
return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 515);
case WellKnownSid.DOMAIN_DOMAIN_CONTROLLERS:
return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 516);
case WellKnownSid.CERT_PUBLISHERS:
return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 517);
case WellKnownSid.SCHEMA_ADMINISTRATORS:
return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 518);
case WellKnownSid.ENTERPRISE_ADMINS:
return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 519);
case WellKnownSid.RAS_SERVERS:
return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 553);
case WellKnownSid.GROUP_POLICY_CREATOR_OWNERS:
return CreateWellKnownSid(5, 21, domain[0], domain[1], domain[2], 520);
case WellKnownSid.BUILTIN_ADMINISTRATORS:
return CreateWellKnownSid(5, 32, 544);
case WellKnownSid.BUILTIN_USERS:
return CreateWellKnownSid(5, 32, 545);
case WellKnownSid.BUILTIN_GUESTS:
return CreateWellKnownSid(5, 32, 546);
case WellKnownSid.POWER_USERS:
return CreateWellKnownSid(5, 32, 547);
case WellKnownSid.ACCOUNT_OPERATORS:
return CreateWellKnownSid(5, 32, 548);
case WellKnownSid.SERVER_OPERATORS:
return CreateWellKnownSid(5, 32, 549);
case WellKnownSid.PRINTER_OPERATORS:
return CreateWellKnownSid(5, 32, 550);
case WellKnownSid.BACKUP_OPERATORS:
return CreateWellKnownSid(5, 32, 551);
case WellKnownSid.REPLICATOR:
return CreateWellKnownSid(5, 32, 552);
case WellKnownSid.ALIAS_PREW2KCOMPACC:
return CreateWellKnownSid(5, 32, 554);
case WellKnownSid.REMOTE_DESKTOP:
return CreateWellKnownSid(5, 32, 555);
case WellKnownSid.NETWORK_CONFIGURATION_OPS:
return CreateWellKnownSid(5, 32, 556);
case WellKnownSid.INCOMING_FOREST_TRUST_BUILDERS:
return CreateWellKnownSid(5, 32, 557);
case WellKnownSid.PERFMON_USERS:
return CreateWellKnownSid(5, 32, 558);
case WellKnownSid.PERFLOG_USERS:
return CreateWellKnownSid(5, 32, 559);
case WellKnownSid.WINDOWS_AUTHORIZATION_ACCESS_GROUP:
return CreateWellKnownSid(5, 32, 560);
case WellKnownSid.TERMINAL_SERVER_LICENSE_SERVERS:
return CreateWellKnownSid(5, 32, 561);
case WellKnownSid.DISTRIBUTED_COM_USERS:
return CreateWellKnownSid(5, 32, 562);
case WellKnownSid.IIS_IUSRS:
return CreateWellKnownSid(5, 32, 568);
case WellKnownSid.CRYPTOGRAPHIC_OPERATORS:
return CreateWellKnownSid(5, 32, 569);
case WellKnownSid.EVENT_LOG_READERS:
return CreateWellKnownSid(5, 32, 573);
case WellKnownSid.CERTIFICATE_SERVICE_DCOM_ACCESS:
return CreateWellKnownSid(5, 32, 574);
case WellKnownSid.WRITE_RESTRICTED:
return CreateWellKnownSid(5, 33);
case WellKnownSid.NTLM_AUTHENTICATION:
return CreateWellKnownSid(5, 64, 10);
case WellKnownSid.SCHANNEL_AUTHENTICATION:
return CreateWellKnownSid(5, 64, 14);
case WellKnownSid.DIGEST_AUTHENTICATION:
return CreateWellKnownSid(5, 64, 21);
case WellKnownSid.NT_SERVICE:
return CreateWellKnownSid(5, 80);
case WellKnownSid.OTHER_ORGANIZATION:
return CreateWellKnownSid(5, 1000);
case WellKnownSid.ML_UNTRUSTED:
return CreateWellKnownSid(16, 0);
case WellKnownSid.ML_LOW:
return CreateWellKnownSid(16, 4096);
case WellKnownSid.ML_MEDIUM:
return CreateWellKnownSid(16, 8192);
case WellKnownSid.ML_MEDIUM_PLUS:
return CreateWellKnownSid(16, 8448);
case WellKnownSid.ML_HIGH:
return CreateWellKnownSid(16, 12288);
case WellKnownSid.ML_SYSTEM:
return CreateWellKnownSid(16, 16384);
case WellKnownSid.ML_PROTECTED_PROCESS:
return CreateWellKnownSid(16, 20480);
default:
throw new ArgumentException("Invalid Well-known SID type.", "type");
}
}
/// <summary>
/// Retrieve Well-Known RPC_SID defined in MS-DTYP section 2.4.2.3.
/// </summary>
/// <param name="type">The SID type to retrieve.</param>
/// <param name="domain">
/// The domain or root-domain represents the three sub-authority values if required in SID.
/// It can be null for most SID.
/// </param>
/// <returns>Well-Known RPC_SID.</returns>
/// <exception cref="ArgumentException">
/// Thrown when type is invalid.
/// </exception>
/// <exception cref="ArgumentNullException">
/// Thrown when domain is null for DOMAIN_USERS, DOMAIN_GUESTS, DOMAIN_COMPUTERS,
/// DOMAIN_DOMAIN_CONTROLLERS, CERT_PUBLISHERS, SCHEMA_ADMINISTRATORS,
/// ENTERPRISE_ADMINS, RAS_SERVERS, GROUP_POLICY_CREATOR_OWNERS and
/// BUILTIN_ADMINISTRATORS.
/// </exception>
/// <exception cref="ArgumentException">
/// Throw when domain is invalid.
/// </exception>
public static _RPC_SID GetWellKnownRpcSid(WellKnownSid type, uint[] domain)
{
_SID sid = GetWellKnownSid(type, domain);
return CreateRpcSid(sid.IdentifierAuthority, sid.SubAuthority);
}
