/// <summary>
/// Get a known SID based on a specific enumeration.
/// </summary>
/// <param name="sid">The enumerated sid value.</param>
/// <returns></returns>
public static Sid GetKnownSid(KnownSidValue sid)
{
switch (sid)
{
case KnownSidValue.Null: return(new Sid(SecurityAuthority.Null, 0));
case KnownSidValue.World: return(new Sid(SecurityAuthority.World, 0));
case KnownSidValue.Local: return(new Sid(SecurityAuthority.Local, 0));
case KnownSidValue.CreatorOwner: return(new Sid(SecurityAuthority.Creator, 0));
case KnownSidValue.CreatorGroup: return(new Sid(SecurityAuthority.Creator, 1));
case KnownSidValue.OwnerRights: return(new Sid(SecurityAuthority.Creator, 4));
case KnownSidValue.Service: return(new Sid(SecurityAuthority.Nt, 6));
case KnownSidValue.Anonymous: return(new Sid(SecurityAuthority.Nt, 7));
case KnownSidValue.AuthenticatedUsers: return(new Sid(SecurityAuthority.Nt, 11));
case KnownSidValue.Restricted: return(new Sid(SecurityAuthority.Nt, 12));
case KnownSidValue.LocalSystem: return(new Sid(SecurityAuthority.Nt, 18));
case KnownSidValue.LocalService: return(new Sid(SecurityAuthority.Nt, 19));
case KnownSidValue.NetworkService: return(new Sid(SecurityAuthority.Nt, 20));
case KnownSidValue.AllApplicationPackages: return(new Sid(SecurityAuthority.Package, 2, 1));
case KnownSidValue.AllRestrictedApplicationPackages: return(new Sid(SecurityAuthority.Package, 2, 2));
case KnownSidValue.TrustedInstaller: return(NtSecurity.GetServiceSid("TrustedInstaller"));
case KnownSidValue.BuiltinUsers: return(new Sid(SecurityAuthority.Nt, 32, 545));
case KnownSidValue.BuiltinAdministrators: return(new Sid(SecurityAuthority.Nt, 32, 544));
case KnownSidValue.CapabilityInternetClient: return(GetCapabilitySid(1));
case KnownSidValue.CapabilityInternetClientServer: return(GetCapabilitySid(2));
case KnownSidValue.CapabilityPrivateNetworkClientServer: return(GetCapabilitySid(3));
case KnownSidValue.CapabilityPicturesLibrary: return(GetCapabilitySid(4));
case KnownSidValue.CapabilityVideosLibrary: return(GetCapabilitySid(5));
case KnownSidValue.CapabilityMusicLibrary: return(GetCapabilitySid(6));
case KnownSidValue.CapabilityDocumentsLibrary: return(GetCapabilitySid(7));
case KnownSidValue.CapabilityEnterpriseAuthentication: return(GetCapabilitySid(8));
case KnownSidValue.CapabilitySharedUserCertificates: return(GetCapabilitySid(9));
case KnownSidValue.CapabilityRemovableStorage: return(GetCapabilitySid(10));
case KnownSidValue.CapabilityAppointments: return(GetCapabilitySid(11));
case KnownSidValue.CapabilityContacts: return(GetCapabilitySid(12));
case KnownSidValue.CapabilityInternetExplorer: return(GetCapabilitySid(4096));
case KnownSidValue.CapabilityConstrainedImpersonation:
return(GetCapabilitySid(1024, 1604681682, 535129537, 3273749797, 3666938095, 336295784, 2177615760, 2743807136, 2867270584));
case KnownSidValue.Self: return(new Sid(SecurityAuthority.Nt, 10));
default:
throw new ArgumentException("Unknown SID type");
}
}
/// <summary>
/// Process record.
/// </summary>
protected override void ProcessRecord()
{
Sid sid;
switch (ParameterSetName)
{
case "sddl":
sid = new Sid(Sddl);
break;
case "name":
sid = NtSecurity.LookupAccountName(Name);
break;
case "service":
sid = NtSecurity.GetServiceSid(ServiceName);
break;
case "il":
sid = NtSecurity.GetIntegritySid(IntegrityLevel);
break;
case "il_raw":
sid = NtSecurity.GetIntegritySidRaw(IntegrityLevelRaw);
break;
case "package":
sid = TokenUtils.DerivePackageSidFromName(PackageName);
if (RestrictedPackageName != null)
{
sid = TokenUtils.DeriveRestrictedPackageSidFromSid(sid, RestrictedPackageName);
}
break;
case "known":
sid = KnownSids.GetKnownSid(KnownSid);
break;
case "token":
using (NtToken token = NtToken.OpenProcessToken())
{
if (PrimaryGroup)
{
sid = token.PrimaryGroup;
}
else if (Owner)
{
sid = token.Owner;
}
else if (LogonGroup)
{
sid = token.LogonSid.Sid;
}
else if (AppContainer)
{
sid = token.AppContainerSid;
}
else if (Label)
{
sid = token.IntegrityLevelSid.Sid;
}
else
{
sid = token.User.Sid;
}
}
break;
case "cap":
sid = CapabilityGroup ? NtSecurity.GetCapabilityGroupSid(CapabilityName)
: NtSecurity.GetCapabilitySid(CapabilityName);
break;
case "sid":
sid = new Sid(SecurityAuthority, RelativeIdentifiers);
break;
case "logon":
sid = NtSecurity.GetLogonSessionSid();
break;
default:
throw new ArgumentException("No SID type specified");
}
if (ToSddl)
{
WriteObject(sid.ToString());
}
else if (ToName)
{
WriteObject(sid.Name);
}
else
{
WriteObject(sid);
}
}
/// <summary>
/// Process record.
/// </summary>
protected override void ProcessRecord()
{
Sid sid;
if (Sddl != null)
{
sid = new Sid(Sddl);
}
else if (Name != null)
{
sid = NtSecurity.LookupAccountName(Name);
}
else if (ServiceName != null)
{
sid = NtSecurity.GetServiceSid(ServiceName);
}
else if (IntegrityLevel.HasValue)
{
sid = NtSecurity.GetIntegritySid(IntegrityLevel.Value);
}
else if (IntegrityLevelRaw.HasValue)
{
sid = NtSecurity.GetIntegritySidRaw(IntegrityLevelRaw.Value);
}
else if (PackageName != null)
{
sid = TokenUtils.DerivePackageSidFromName(PackageName);
if (RestrictedPackageName != null)
{
sid = TokenUtils.DeriveRestrictedPackageSidFromSid(sid, RestrictedPackageName);
}
}
else if (KnownSid.HasValue)
{
sid = KnownSids.GetKnownSid(KnownSid.Value);
}
else if (Token)
{
using (NtToken token = NtToken.OpenProcessToken())
{
if (PrimaryGroup)
{
sid = token.PrimaryGroup;
}
else if (Owner)
{
sid = token.Owner;
}
else if (LogonGroup)
{
sid = token.LogonSid.Sid;
}
else if (AppContainer)
{
sid = token.AppContainerSid;
}
else if (Label)
{
sid = token.IntegrityLevelSid.Sid;
}
else
{
sid = token.User.Sid;
}
}
}
else if (CapabilityName != null)
{
sid = CapabilityGroup ? NtSecurity.GetCapabilityGroupSid(CapabilityName)
: NtSecurity.GetCapabilitySid(CapabilityName);
}
else if (RelativeIdentifiers != null)
{
sid = new Sid(SecurityAuthority, RelativeIdentifiers);
}
else
{
throw new ArgumentException("No SID type specified");
}
WriteObject(sid);
}