/// <summary>
/// Convert ACE to a string
/// </summary>
/// <param name="access_rights_type">An enumeration type to format the access mask</param>
/// <param name="resolve_sid">True to try and resolve SID to a name</param>
/// <returns>The ACE as a string</returns>
public string ToString(Type access_rights_type, bool resolve_sid)
{
object mask = Enum.ToObject(access_rights_type, Mask);
string account = Sid.ToString();
if (resolve_sid)
{
account = NtSecurity.LookupAccountSid(Sid) ?? Sid.ToString();
}
return($"Type {Type} - Flags {Flags} - Mask {mask} - Sid {account}");
}
/// <summary>
/// Convert ACE to a string
/// </summary>
/// <param name="access_rights_type">An enumeration type to format the access mask</param>
/// <param name="resolve_sid">True to try and resolve SID to a name</param>
/// <returns>The ACE as a string</returns>
public string ToString(Type access_rights_type, bool resolve_sid)
{
object mask = Enum.ToObject(access_rights_type, Mask);
string account = Sid.ToString();
if (resolve_sid)
{
account = NtSecurity.LookupAccountSid(Sid) ?? Sid.ToString();
}
return(String.Format("Type {0} - Flags {1} - Mask {2} - Sid {3}",
AceType, AceFlags, mask, account));
}
internal SidName(Sid sid, string domain, string name, SidNameSource source, SidNameUse name_use, bool lookup_denied)
{
Domain = domain;
Name = name;
if (string.IsNullOrEmpty(domain))
{
QualifiedName = Name;
}
else
{
QualifiedName = $"{Domain}\\{Name}";
}
Source = source;
NameUse = name_use;
Sddl = sid.ToString();
LookupDenied = lookup_denied;
}
/// <summary>
/// Process record.
/// </summary>
protected override void ProcessRecord()
{
Sid sid;
switch (ParameterSetName)
{
case "sddl":
sid = new Sid(Sddl);
break;
case "name":
sid = NtSecurity.LookupAccountName(Name);
break;
case "service":
sid = NtSecurity.GetServiceSid(ServiceName);
break;
case "il":
sid = NtSecurity.GetIntegritySid(IntegrityLevel);
break;
case "il_raw":
sid = NtSecurity.GetIntegritySidRaw(IntegrityLevelRaw);
break;
case "package":
sid = TokenUtils.DerivePackageSidFromName(PackageName);
if (RestrictedPackageName != null)
{
sid = TokenUtils.DeriveRestrictedPackageSidFromSid(sid, RestrictedPackageName);
}
break;
case "known":
sid = KnownSids.GetKnownSid(KnownSid);
break;
case "token":
using (NtToken token = NtToken.OpenProcessToken())
{
if (PrimaryGroup)
{
sid = token.PrimaryGroup;
}
else if (Owner)
{
sid = token.Owner;
}
else if (LogonGroup)
{
sid = token.LogonSid.Sid;
}
else if (AppContainer)
{
sid = token.AppContainerSid;
}
else if (Label)
{
sid = token.IntegrityLevelSid.Sid;
}
else
{
sid = token.User.Sid;
}
}
break;
case "cap":
sid = CapabilityGroup ? NtSecurity.GetCapabilityGroupSid(CapabilityName)
: NtSecurity.GetCapabilitySid(CapabilityName);
break;
case "sid":
sid = new Sid(SecurityAuthority, RelativeIdentifiers);
break;
case "logon":
sid = NtSecurity.GetLogonSessionSid();
break;
default:
throw new ArgumentException("No SID type specified");
}
if (ToSddl)
{
WriteObject(sid.ToString());
}
else if (ToName)
{
WriteObject(sid.Name);
}
else
{
WriteObject(sid);
}
}
private static SidName GetNameForSidInternal(Sid sid)
{
string name = LookupAccountSid(sid);
if (name != null)
{
return(new SidName(name, SidNameSource.Account));
}
if (IsCapabilitySid(sid))
{
// See if there's a known SID with this name.
name = LookupKnownCapabilityName(sid);
if (name == null)
{
switch (sid.SubAuthorities.Count)
{
case 8:
uint[] sub_authorities = sid.SubAuthorities.ToArray();
// Convert to a package SID.
sub_authorities[0] = 2;
name = LookupPackageName(new Sid(sid.Authority, sub_authorities));
break;
case 5:
name = LookupDeviceCapabilityName(sid);
break;
}
}
if (!string.IsNullOrWhiteSpace(name))
{
return(new SidName(MakeFakeCapabilityName(name, false), SidNameSource.Capability));
}
}
else if (IsCapabilityGroupSid(sid))
{
name = LookupKnownCapabilityName(sid);
if (!string.IsNullOrWhiteSpace(name))
{
return(new SidName(MakeFakeCapabilityName(name, true), SidNameSource.Capability));
}
}
else if (IsPackageSid(sid))
{
name = LookupPackageName(sid);
if (name != null)
{
return(new SidName(name, SidNameSource.Package));
}
}
else if (IsProcessTrustSid(sid))
{
name = LookupProcessTrustName(sid);
if (name != null)
{
return(new SidName($@"TRUST LEVEL\{name}", SidNameSource.ProcessTrust));
}
}
return(new SidName(sid.ToString(), SidNameSource.Sddl));
}
/// <summary>
/// Open a specific user key
/// </summary>
/// <param name="sid">The SID fo the user to open</param>
/// <returns>The opened key</returns>
/// <exception cref="NtException">Thrown on error.</exception>
public static NtKey GetUserKey(Sid sid)
{
return(Open(@"\Registry\User\" + sid.ToString(), null, KeyAccessRights.MaximumAllowed));
}
