private void CheckAddGroup(SidInfo sInfo)
{
if (this.SidList.AddSafe(sInfo.Sid))
{
int pos = this.Groups.Count + 1;
sInfo.Position = pos;
this.Groups.AddSafe(sInfo);
}
}
protected List <SidInfo> GetTokenGroups(string targetDC, string sddlSid)
{
List <SidInfo> ret = new List <SidInfo> {
};
LDAPHelper ldap = new LDAPHelper();
List <SearchResultEntry> res = ldap.Query(targetDC,
String.Format("<SID={0}>", sddlSid),
"(objectClass=*)",
new string[] { "tokenGroups", "userPrincipalName" },
SearchScope.Base,
ReferralChasingOptions.None,
new QueryControl()
{
CurrentResultEventType = QUERY_RESULT_EVENT_TYPE.FROM_DECODING
},
returnResults: true);
if (res.Count > 0)
{
foreach (byte[] bsid in res[0].Attributes["tokenGroups"].GetValues(typeof(byte[])))
{
SecurityIdentifier sid = new SecurityIdentifier(bsid, 0);
SidInfo sinfo = new SidInfo(bsid);
ret.Add(sinfo);
}
foreach (string upn in res[0].Attributes["userPrincipalName"].GetValues(typeof(string)))
{
GlobalUserStore.UPN = upn;
}
}
else
{
Info.AddFormatted("Failed on TokenGroups for {0}", sddlSid);
GlobalEventHandler.RaiseDebugInfoOccured("Failed on TokenGroups for {0}", sddlSid);
}
return(ret);
}
public static void RaiseNestingFound(string groupSid, SidInfo memberInfo)
{
GlobalEventArgs nargs = new GlobalEventArgs();
EventValue sid = new EventValue();
sid.SetDefaultValue <string>(groupSid);
nargs.Values.Add("group", sid);
EventValue member = new EventValue();
member.SetDefaultValue <SidInfo>(memberInfo);
nargs.Values.Add("member", member);
RaiseNestingFound(null, nargs);
}
protected void GetPrivilegeAndPrincipals(string privName)
{
IntPtr enumbuffer = IntPtr.Zero;
ulong cnt = 0;
LSA_UNICODE_STRING lsapriv = NativeHelper.InitLSAString(privName);
uint rc = Advapi32.LsaEnumerateAccountsWithUserRight(PolicyHandle, lsapriv, out enumbuffer, out cnt);
if (rc == 0)
{
PrivilegeAndPrincipals privinfo = new PrivilegeAndPrincipals(privName);
for (int step = 0; step < (int)cnt; step++)
{
LSA_ENUMERATION_INFORMATION lsaenum = (LSA_ENUMERATION_INFORMATION)Marshal.PtrToStructure(enumbuffer, typeof(LSA_ENUMERATION_INFORMATION));
SidInfo sinfo = new SidInfo(lsaenum.Sid);
privinfo.Principals.AddSafe(sinfo);
privinfo.SidPrincipals.AddSafe(sinfo.Sid);
try
{ enumbuffer = (IntPtr)((Int64)enumbuffer + Marshal.SizeOf(typeof(LSA_ENUMERATION_INFORMATION))); }
catch (Exception)
{ break; }
}
this.Privileges.AddSafe(privinfo);
}
else
{
string errmsg = null;
if (NativeHelper.GetLastError(out errmsg) != 0)
{
Messages.Add("\tLsaEnumerateAccountsWithUserRight: " + errmsg);
}
}
}
private void HandleNesting(object sender, GlobalEventArgs args)
{
EventValue gval = args.Values.GetValueSafe("Group");
string groupsid = gval.GetTypedValue <string>();
EventValue mval = args.Values.GetValueSafe("Member");
SidInfo member = (SidInfo)mval.GetTypedValue <object>();
if (!this.SidList.Contains(groupsid))
{
this.Members.Add(member);
this.SidList.Add(member.Sid);
GlobalEventHandler.RaiseNestingFound(this.Sid, member);
}
}
private void HandleLocalGroup(LOCALGROUP_INFO_0 ginfo)
{
IntPtr enumbuffer = IntPtr.Zero;
uint entriesread = 0;
uint totalentries = 0;
string sid = GetAccountSid(ginfo.lgrpi0_name);
GroupInfo group = new GroupInfo(sid, ginfo.lgrpi0_name);
uint rc = NetApi32.NetLocalGroupGetMembers(null, group.NTName, 1, ref enumbuffer, 0xFFFFFFFF, out entriesread, out totalentries, IntPtr.Zero);
this.Success = (rc == 0);
if (this.Success)
{
for (int cnt = 0; cnt < totalentries; cnt++)
{
LOCALGROUP_MEMBERS_INFO_1 member = (LOCALGROUP_MEMBERS_INFO_1)Marshal.PtrToStructure(enumbuffer, typeof(LOCALGROUP_MEMBERS_INFO_1));
string msid = GetAccountSid(member.lgrmi1_sid);
SidInfo sinfo = new SidInfo(msid, member.lgrmi1_name, member.lgrmi1_sidusage);
group.Members.Add(sinfo);
group.SidList.Add(msid);
try
{ enumbuffer = (IntPtr)((Int64)enumbuffer + Marshal.SizeOf(typeof(LOCALGROUP_MEMBERS_INFO_1))); }
catch (Exception)
{ break; }
}
this.Groups.AddSafe(group);
NetApi32.NetApiBufferFree(enumbuffer);
}
}
private void DecodeGroups()
{
IntPtr ipsids = TGP.Sids;
for (int sidcnt = 1; sidcnt <= TGP.SidCount; sidcnt++)
{
SID_AND_ATTRIBUTES sa = (SID_AND_ATTRIBUTES)Marshal.PtrToStructure(ipsids, typeof(SID_AND_ATTRIBUTES));
SidInfo sinfo = new SidInfo(sidcnt, sa);
this.SidList.AddSafe(sinfo.Sid);
this.Groups.AddSafe(sinfo);
try
{
ipsids = (IntPtr)((Int64)ipsids + Marshal.SizeOf(typeof(SID_AND_ATTRIBUTES)));
}
catch (Exception)
{ break; }
}
}
