static private CreateWellKnownSid ( WellKnownSidType sidType, System.Security.Principal.SecurityIdentifier domainSid, byte &resultSid ) : int | ||
sidType | WellKnownSidType | |
domainSid | System.Security.Principal.SecurityIdentifier | |
resultSid | byte | |
Результат | int |
public SecurityIdentifier(WellKnownSidType sidType, SecurityIdentifier domainSid) { if (sidType == WellKnownSidType.LogonIdsSid) { throw new ArgumentException(Environment.GetResourceString("IdentityReference_CannotCreateLogonIdsSid"), "sidType"); } if (!Win32.WellKnownSidApisSupported) { throw new PlatformNotSupportedException(Environment.GetResourceString("PlatformNotSupported_RequiresW2kSP3")); } if (sidType < WellKnownSidType.NullSid || sidType > WellKnownSidType.WinBuiltinTerminalServerLicenseServersSid) { throw new ArgumentException(Environment.GetResourceString("Argument_InvalidValue"), "sidType"); } if (sidType >= WellKnownSidType.AccountAdministratorSid && sidType <= WellKnownSidType.AccountRasAndIasServersSid) { if (domainSid == null) { throw new ArgumentNullException("domainSid", Environment.GetResourceString("IdentityReference_DomainSidRequired", new object[] { sidType })); } SecurityIdentifier left; int windowsAccountDomainSid = Win32.GetWindowsAccountDomainSid(domainSid, out left); if (windowsAccountDomainSid == 122) { throw new OutOfMemoryException(); } if (windowsAccountDomainSid == 1257) { throw new ArgumentException(Environment.GetResourceString("IdentityReference_NotAWindowsDomain"), "domainSid"); } if (windowsAccountDomainSid != 0) { throw new SystemException(Win32Native.GetMessage(windowsAccountDomainSid)); } if (left != domainSid) { throw new ArgumentException(Environment.GetResourceString("IdentityReference_NotAWindowsDomain"), "domainSid"); } } byte[] binaryForm; int num = Win32.CreateWellKnownSid(sidType, domainSid, out binaryForm); if (num == 87) { throw new ArgumentException(Win32Native.GetMessage(num), "sidType/domainSid"); } if (num != 0) { throw new SystemException(Win32Native.GetMessage(num)); } this.CreateFromBinaryForm(binaryForm, 0); }
public SecurityIdentifier(WellKnownSidType sidType, SecurityIdentifier domainSid) { byte[] buffer; if (sidType == WellKnownSidType.LogonIdsSid) { throw new ArgumentException(Environment.GetResourceString("IdentityReference_CannotCreateLogonIdsSid"), "sidType"); } if (!Win32.WellKnownSidApisSupported) { throw new PlatformNotSupportedException(Environment.GetResourceString("PlatformNotSupported_RequiresW2kSP3")); } if ((sidType < WellKnownSidType.NullSid) || (sidType > WellKnownSidType.WinBuiltinTerminalServerLicenseServersSid)) { throw new ArgumentException(Environment.GetResourceString("Argument_InvalidValue"), "sidType"); } if ((sidType >= WellKnownSidType.AccountAdministratorSid) && (sidType <= WellKnownSidType.AccountRasAndIasServersSid)) { SecurityIdentifier identifier; if (domainSid == null) { throw new ArgumentNullException("domainSid", Environment.GetResourceString("IdentityReference_DomainSidRequired", new object[] { sidType })); } int windowsAccountDomainSid = Win32.GetWindowsAccountDomainSid(domainSid, out identifier); switch (windowsAccountDomainSid) { case 0x7a: throw new OutOfMemoryException(); case 0x4e9: throw new ArgumentException(Environment.GetResourceString("IdentityReference_NotAWindowsDomain"), "domainSid"); } if (windowsAccountDomainSid != 0) { throw new SystemException(Win32Native.GetMessage(windowsAccountDomainSid)); } if (identifier != domainSid) { throw new ArgumentException(Environment.GetResourceString("IdentityReference_NotAWindowsDomain"), "domainSid"); } } int errorCode = Win32.CreateWellKnownSid(sidType, domainSid, out buffer); if (errorCode == 0x57) { throw new ArgumentException(Win32Native.GetMessage(errorCode), "sidType/domainSid"); } if (errorCode != 0) { throw new SystemException(Win32Native.GetMessage(errorCode)); } this.CreateFromBinaryForm(buffer, 0); }
// // Constructs a well-known SID // The 'domainSid' parameter is optional and only used // by the well-known types that require it // NOTE: although there is a P/Invoke call involved in the implementation of this constructor, // there is no security risk involved, so no security demand is being made. // public SecurityIdentifier(WellKnownSidType sidType, SecurityIdentifier domainSid) { // // sidType must not be equal to LogonIdsSid // if (sidType == WellKnownSidType.LogonIdsSid) { throw new ArgumentException(SR.IdentityReference_CannotCreateLogonIdsSid, "sidType"); } Contract.EndContractBlock(); byte[] resultSid; int Error; // // sidType should not exceed the max defined value // if ((sidType < WellKnownSidType.NullSid) || (sidType > WellKnownSidType.MaxDefined)) { throw new ArgumentException(SR.Argument_InvalidValue, "sidType"); } // // for sidType between 38 to 50, the domainSid parameter must be specified // if ((sidType >= WellKnownSidType.AccountAdministratorSid) && (sidType <= WellKnownSidType.AccountRasAndIasServersSid)) { if (domainSid == null) { throw new ArgumentNullException("domainSid", SR.Format(SR.IdentityReference_DomainSidRequired, sidType)); } // // verify that the domain sid is a valid windows domain sid // to do that we call GetAccountDomainSid and the return value should be the same as the domainSid // SecurityIdentifier resultDomainSid; int ErrorCode; ErrorCode = Win32.GetWindowsAccountDomainSid(domainSid, out resultDomainSid); if (ErrorCode == Interop.mincore.Errors.ERROR_INSUFFICIENT_BUFFER) { throw new OutOfMemoryException(); } else if (ErrorCode == Interop.mincore.Errors.ERROR_NON_ACCOUNT_SID) { // this means that the domain sid is not valid throw new ArgumentException(SR.IdentityReference_NotAWindowsDomain, "domainSid"); } else if (ErrorCode != Interop.mincore.Errors.ERROR_SUCCESS) { Debug.Assert(false, string.Format(CultureInfo.InvariantCulture, "Win32.GetWindowsAccountDomainSid returned unrecognized error {0}", ErrorCode)); throw new Win32Exception(ErrorCode); } // // if domainSid is passed in as S-1-5-21-3-4-5-6, the above api will return S-1-5-21-3-4-5 as the domainSid // Since these do not match S-1-5-21-3-4-5-6 is not a valid domainSid (wrong number of subauthorities) // if (resultDomainSid != domainSid) { throw new ArgumentException(SR.IdentityReference_NotAWindowsDomain, "domainSid"); } } Error = Win32.CreateWellKnownSid(sidType, domainSid, out resultSid); if (Error == Interop.mincore.Errors.ERROR_INVALID_PARAMETER) { throw new ArgumentException(new Win32Exception(Error).Message, "sidType/domainSid"); } else if (Error != Interop.mincore.Errors.ERROR_SUCCESS) { Debug.Assert(false, string.Format(CultureInfo.InvariantCulture, "Win32.CreateWellKnownSid returned unrecognized error {0}", Error)); throw new Win32Exception(Error); } CreateFromBinaryForm(resultSid, 0); }
// // Constructs a well-known SID // The 'domainSid' parameter is optional and only used // by the well-known types that require it // NOTE: although there is a P/Invoke call involved in the implementation of this constructor, // there is no security risk involved, so no security demand is being made. // public SecurityIdentifier(WellKnownSidType sidType, SecurityIdentifier?domainSid) { // // sidType must not be equal to LogonIdsSid // if (sidType == WellKnownSidType.LogonIdsSid) { throw new ArgumentException(SR.IdentityReference_CannotCreateLogonIdsSid, nameof(sidType)); } // // sidType should not exceed the max defined value // if ((sidType < WellKnownSidType.NullSid) || (sidType > WellKnownSidType.WinCapabilityRemovableStorageSid)) { throw new ArgumentException(SR.Argument_InvalidValue, nameof(sidType)); } // // for sidType between 38 to 50, the domainSid parameter must be specified // int error; if ((sidType >= WellKnownSidType.AccountAdministratorSid) && (sidType <= WellKnownSidType.AccountRasAndIasServersSid)) { if (domainSid == null) { throw new ArgumentNullException(nameof(domainSid), SR.Format(SR.IdentityReference_DomainSidRequired, sidType)); } // // verify that the domain sid is a valid windows domain sid // to do that we call GetAccountDomainSid and the return value should be the same as the domainSid // error = Win32.GetWindowsAccountDomainSid(domainSid, out SecurityIdentifier? resultDomainSid); if (error == Interop.Errors.ERROR_INSUFFICIENT_BUFFER) { throw new OutOfMemoryException(); } else if (error == Interop.Errors.ERROR_NON_ACCOUNT_SID) { // this means that the domain sid is not valid throw new ArgumentException(SR.IdentityReference_NotAWindowsDomain, nameof(domainSid)); } else if (error != Interop.Errors.ERROR_SUCCESS) { Debug.Fail($"Win32.GetWindowsAccountDomainSid returned unrecognized error {error}"); throw new Win32Exception(error); } // // if domainSid is passed in as S-1-5-21-3-4-5-6, the above api will return S-1-5-21-3-4-5 as the domainSid // Since these do not match S-1-5-21-3-4-5-6 is not a valid domainSid (wrong number of subauthorities) // if (resultDomainSid != domainSid) { throw new ArgumentException(SR.IdentityReference_NotAWindowsDomain, nameof(domainSid)); } } error = Win32.CreateWellKnownSid(sidType, domainSid, out byte[]? resultSid); if (error == Interop.Errors.ERROR_INVALID_PARAMETER) { #pragma warning disable CA2208 // Instantiate argument exceptions correctly, combination of arguments used throw new ArgumentException(new Win32Exception(error).Message, "sidType/domainSid"); #pragma warning restore CS2208 } else if (error != Interop.Errors.ERROR_SUCCESS) { Debug.Fail($"Win32.CreateWellKnownSid returned unrecognized error {error}"); throw new Win32Exception(error); } CreateFromBinaryForm(resultSid !, 0); }