internal static extern NtStatus LsaLookupSids( SafeLsaHandle PolicyHandle, int Count, IntPtr[] Sids, out SafeLsaMemoryBuffer ReferencedDomains, out SafeLsaMemoryBuffer Names );
/// <summary> /// Add a SID to name mapping with LSA. /// </summary> /// <param name="domain">The domain name for the SID. The SID must be in the NT authority.</param> /// <param name="name">The account name for the SID. Can be null for a domain SID.</param> /// <param name="sid">The SID to add.</param> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The NT status result.</returns> public static NtStatus AddSidNameMapping(string domain, string name, Sid sid, bool throw_on_error) { using (var sid_buffer = sid.ToSafeBuffer()) { LSA_SID_NAME_MAPPING_OPERATION_ADD_INPUT input = new LSA_SID_NAME_MAPPING_OPERATION_ADD_INPUT { Sid = sid_buffer.DangerousGetHandle(), DomainName = new UnicodeStringIn(domain) }; if (!string.IsNullOrEmpty(name)) { input.AccountName = new UnicodeStringIn(name); } using (var input_buffer = input.ToBuffer()) { SafeLsaMemoryBuffer output = null; try { return(SecurityNativeMethods.LsaManageSidNameMapping(LSA_SID_NAME_MAPPING_OPERATION_TYPE.LsaSidNameMappingOperation_Add, input_buffer, out output).ToNtException(throw_on_error)); } finally { output?.Dispose(); } } } }
/// <summary> /// Remove a SID to name mapping with LSA. /// </summary> /// <param name="domain">The domain name for the SID.</param> /// <param name="name">The account name for the SID. Can be null for a domain SID.</param> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The NT status result.</returns> public static NtStatus RemoveSidNameMapping(string domain, string name, bool throw_on_error) { LSA_SID_NAME_MAPPING_OPERATION_REMOVE_INPUT input = new LSA_SID_NAME_MAPPING_OPERATION_REMOVE_INPUT { DomainName = new UnicodeStringIn(domain) }; if (name != null) { input.AccountName = new UnicodeStringIn(name); } using (var input_buffer = input.ToBuffer()) { SafeLsaMemoryBuffer output = null; try { return(SecurityNativeMethods.LsaManageSidNameMapping(LSA_SID_NAME_MAPPING_OPERATION_TYPE.LsaSidNameMappingOperation_Remove, input_buffer, out output).ToNtException(throw_on_error)); } finally { output?.Dispose(); } } }
internal static extern NtStatus LsaQuerySecret( SafeLsaHandle SecretHandle, out SafeLsaMemoryBuffer CurrentValue, LargeInteger CurrentValueSetTime, out SafeLsaMemoryBuffer OldValue, LargeInteger OldValueSetTime );
internal static extern NtStatus LsaEnumerateAccounts( SafeLsaHandle PolicyHandle, ref int EnumerationContext, out SafeLsaMemoryBuffer EnumerationBuffer, // PLSAPR_ACCOUNT_INFORMATION int PreferedMaximumLength, out int EntriesRead );
internal LsaSecretValue(SafeLsaMemoryBuffer current_value, LargeInteger current_value_set_time, SafeLsaMemoryBuffer old_value, LargeInteger old_value_set_time) { if (!current_value.IsInvalid) { CurrentValue = current_value.GetUnicodeString().ToArray(); CurrentValueSetTime = current_value_set_time.ToDateTime(); } else { CurrentValue = new byte[0]; CurrentValueSetTime = DateTime.MinValue; } if (!old_value.IsInvalid) { OldValue = old_value.GetUnicodeString().ToArray(); OldValueSetTime = old_value_set_time.ToDateTime(); } else { OldValue = new byte[0]; OldValueSetTime = DateTime.MinValue; } }
internal static extern NtStatus LsaEnumerateTrustedDomainsEx( SafeLsaHandle PolicyHandle, ref int EnumerationContext, out SafeLsaMemoryBuffer Buffer, int PreferedMaximumLength, out int CountReturned );
private static IReadOnlyList <string> ParseRights(SafeLsaMemoryBuffer buffer, int count) { using (buffer) { buffer.Initialize <UnicodeStringOut>((uint)count); return(buffer.ReadArray <UnicodeStringOut>(0, count).Select(n => n.ToString()).ToList().AsReadOnly()); } }
private LsaTrustedDomainInformation QueryDomainInfo(SafeLsaMemoryBuffer buffer) { using (buffer) { buffer.Initialize <TRUSTED_DOMAIN_INFORMATION_EX>(1); return(new LsaTrustedDomainInformation(buffer.Read <TRUSTED_DOMAIN_INFORMATION_EX>(0))); } }
internal static extern NtStatus LsaLookupNames2( SafeLsaHandle PolicyHandle, LsaLookupNameOptionFlags Flags, int Count, UnicodeStringIn[] Names, out SafeLsaMemoryBuffer ReferencedDomains, out SafeLsaMemoryBuffer Sids // PLSA_TRANSLATED_SID );
private IReadOnlyList <TokenPrivilege> GetPrivileges(SafeLsaMemoryBuffer buffer) { using (buffer) { buffer.Initialize <PrivilegeSet>(1); SafePrivilegeSetBuffer priv_set = new SafePrivilegeSetBuffer(buffer.DangerousGetHandle(), buffer.Read <PrivilegeSet>(0).PrivilegeCount); return(priv_set.GetPrivileges(SystemName).ToList().AsReadOnly()); } }
private static List <Sid> ParseSids(SafeLsaMemoryBuffer buffer, int count) { using (buffer) { buffer.Initialize <LSA_ENUMERATION_INFORMATION>((uint)count); LSA_ENUMERATION_INFORMATION[] ss = new LSA_ENUMERATION_INFORMATION[count]; buffer.ReadArray(0, ss, 0, count); return(ss.Select(s => new Sid(s.Sid)).ToList()); } }
private static IReadOnlyList <SidName> GetSidNameSids(string[] names, SafeLsaMemoryBuffer domains, SafeLsaMemoryBuffer sids) { using (SafeBufferGeneric a = domains, b = sids) { List <SidName> ret = new List <SidName>(); domains.Initialize <LSA_REFERENCED_DOMAIN_LIST>(1); sids.Initialize <LSA_TRANSLATED_SID2>((uint)names.Length); var domain_list = domains.Read <LSA_REFERENCED_DOMAIN_LIST>(0); var domains_entries = NtProcess.Current.ReadMemoryArray <LSA_TRUST_INFORMATION>(domain_list.Domains.ToInt64(), domain_list.Entries); var sid_list = sids.ReadArray <LSA_TRANSLATED_SID2>(0, names.Length); for (int i = 0; i < names.Length; ++i) { ret.Add(new SidName(sid_list[i].GetSid(), sid_list[i].GetDomain(domains_entries), names[i], SidNameSource.Account, sid_list[i].Use, false)); } return(ret.AsReadOnly()); } }
private static IEnumerable <SidName> GetSidNames(Sid[] sids, SafeLsaMemoryBuffer domains, SafeLsaMemoryBuffer names) { List <SidName> ret = new List <SidName>(); domains.Initialize <LSA_REFERENCED_DOMAIN_LIST>(1); names.Initialize <LSA_TRANSLATED_NAME>((uint)sids.Length); var domain_list = domains.Read <LSA_REFERENCED_DOMAIN_LIST>(0); var domains_entries = NtProcess.Current.ReadMemoryArray <LSA_TRUST_INFORMATION>(domain_list.Domains.ToInt64(), domain_list.Entries); var name_list = names.ReadArray <LSA_TRANSLATED_NAME>(0, sids.Length); for (int i = 0; i < sids.Length; ++i) { var name = name_list[i]; ret.Add(new SidName(sids[i], name.GetDomain(domains_entries), name.GetName(), SidNameSource.Account, name.Use, false)); } return(ret.AsReadOnly()); }
internal static extern NtStatus LsaQueryCAPs( IntPtr CAPIDs, int CAPIDCount, out SafeLsaMemoryBuffer CAPs, out uint CAPCount );
internal static extern NtStatus LsaEnumeratePrivilegesOfAccount( SafeLsaHandle AccountHandle, out SafeLsaMemoryBuffer Privileges // PPRIVILEGE_SET );
internal static extern NtStatus LsaRetrievePrivateData( SafeLsaHandle PolicyHandle, [In] UnicodeString KeyName, out SafeLsaMemoryBuffer PrivateData // PLSA_UNICODE_STRING );
internal static extern NtStatus LsaManageSidNameMapping( LSA_SID_NAME_MAPPING_OPERATION_TYPE OperationType, SafeBuffer OperationInput, out SafeLsaMemoryBuffer OperationOutput );
internal static extern NtStatus LsaQueryTrustedDomainInfoByName( SafeLsaHandle PolicyHandle, UnicodeString TrustedDomainName, TRUSTED_INFORMATION_CLASS InformationClass, out SafeLsaMemoryBuffer Buffer );
internal static extern NtStatus LsaQueryInfoTrustedDomain( SafeLsaHandle TrustedDomainHandle, TRUSTED_INFORMATION_CLASS InformationClass, out SafeLsaMemoryBuffer Buffer );
internal static extern NtStatus LsaGetAppliedCAPIDs( UnicodeString SystemName, out SafeLsaMemoryBuffer CAPIDs, out int CAPIDCount );
private static IEnumerable <AccountRight> ParseRights(SafeLsaHandle policy, string system_name, SafeLsaMemoryBuffer buffer, int count) { using (buffer) { buffer.Initialize <UnicodeStringOut>((uint)count); UnicodeStringOut[] ss = new UnicodeStringOut[count]; buffer.ReadArray(0, ss, 0, count); return(ss.Select(s => new AccountRight(system_name, s.ToString(), GetSids(policy, s.ToString(), false).GetResultOrDefault())).ToList()); } }
internal static extern NtStatus LsaQueryTrustedDomainInfo( SafeLsaHandle PolicyHandle, SafeSidBufferHandle TrustedDomainSid, TRUSTED_INFORMATION_CLASS InformationClass, out SafeLsaMemoryBuffer Buffer );
internal static extern NtStatus LsaEnumerateAccountRights( SafeLsaHandle PolicyHandle, SafeSidBufferHandle AccountSid, out SafeLsaMemoryBuffer UserRights, out int CountOfRights );
internal static extern NtStatus LsaQuerySecurityObject( SafeLsaHandle ObjectHandle, SecurityInformation SecurityInformation, out SafeLsaMemoryBuffer SecurityDescriptor );
internal static extern NtStatus LsaEnumerateAccountsWithUserRight( SafeLsaHandle PolicyHandle, UnicodeString UserRight, out SafeLsaMemoryBuffer Buffer, out int CountReturned );