internal override bool MoveNext()
{
bool flag;
do
{
flag = false;
AuthZSet authZSet = this;
authZSet.currentGroup = authZSet.currentGroup + 1;
if (this.currentGroup < this.groupSidList.Length)
{
if (this.userType != ContextType.Machine)
{
continue;
}
IntPtr item = this.groupSidList[this.currentGroup].pSid;
bool flag1 = false;
if (Utils.ClassifySID(item) != SidType.RealObject || !UnsafeNativeMethods.EqualDomainSid(this.psUserSid.DangerousGetHandle(), item, ref flag1) || !flag1)
{
continue;
}
int lastRidFromSid = Utils.GetLastRidFromSid(item);
if (lastRidFromSid != 0x201)
{
continue;
}
flag = true;
}
else
{
return(false);
}
}while (flag);
return(true);
}
internal override bool MoveNext()
{
bool needToRetry;
do
{
needToRetry = false;
_currentGroup++;
if (_currentGroup >= _groupSidList.Length)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "AuthZSet", "MoveNext: ran off end of list ({0})", _groupSidList.Length);
return(false);
}
// Test for the NONE group for a local user. We recognize it by:
// * we're enumerating the authz groups for a local machine user
// * it's a domain sid (SidType.RealObject) for the same domain as the user
// * it has the RID of the "Domain Users" group, 513
if (_userType == ContextType.Machine)
{
IntPtr pSid = _groupSidList[_currentGroup].pSid;
bool sameDomain = false;
if (Utils.ClassifySID(pSid) == SidType.RealObject && UnsafeNativeMethods.EqualDomainSid(_psUserSid.DangerousGetHandle(), pSid, ref sameDomain))
{
if (sameDomain)
{
int lastRid = Utils.GetLastRidFromSid(pSid);
if (lastRid == 513) // DOMAIN_GROUP_RID_USERS
{
// This is the NONE group for a local user. This isn't a real group, and
// has no impact on authorization (per ColinBr). Skip it.
needToRetry = true;
GlobalDebug.WriteLineIf(GlobalDebug.Info, "AuthZSet", "MoveNext: found NONE group, skipping");
}
}
}
}
}while (needToRetry);
return(true);
}
internal static bool IsSamUser()
{
bool flag;
bool flag1;
IntPtr zero = IntPtr.Zero;
IntPtr machineDomainSid = IntPtr.Zero;
try
{
zero = Utils.GetCurrentUserSid();
SidType sidType = Utils.ClassifySID(zero);
if (sidType != SidType.RealObject)
{
flag = true;
}
else
{
machineDomainSid = Utils.GetMachineDomainSid();
bool flag2 = false;
UnsafeNativeMethods.EqualDomainSid(zero, machineDomainSid, ref flag2);
if (flag2)
{
flag1 = !Utils.IsMachineDC(null);
}
else
{
flag1 = false;
}
flag = flag1;
}
}
finally
{
if (zero != IntPtr.Zero)
{
Marshal.FreeHGlobal(zero);
}
if (machineDomainSid != IntPtr.Zero)
{
Marshal.FreeHGlobal(machineDomainSid);
}
}
return(flag);
}
internal static bool IsSamUser()
{
//
// Basic algorithm
//
// Get SID of current user (via OpenThreadToken/GetTokenInformation/CloseHandle for TokenUser)
//
// Is the user SID of the form S-1-5-21-... (does GetSidIdentityAuthority(u) == 5 and GetSidSubauthority(u, 0) == 21)?
// If NO ---> is local user
// If YES --->
// Get machine domain SID (via LsaOpenPolicy/LsaQueryInformationPolicy for PolicyAccountDomainInformation/LsaClose)
// Does EqualDomainSid indicate the current user SID and the machine domain SID have the same domain?
// If YES -->
// IS the local machine a DC
// If NO --> is local user
// If YES --> is _not_ local user
// If NO --> is _not_ local user
//
IntPtr pCopyOfUserSid = IntPtr.Zero;
IntPtr pMachineDomainSid = IntPtr.Zero;
try
{
// Get the user's SID
pCopyOfUserSid = GetCurrentUserSid();
// Is it of S-1-5-21 form: Is the issuing authority NT_AUTHORITY and the RID NT_NOT_UNIQUE?
SidType sidType = ClassifySID(pCopyOfUserSid);
if (sidType == SidType.RealObject)
{
// It's a domain SID. Now, is the domain portion for the local machine, or something else?
// Get the machine domain SID
pMachineDomainSid = GetMachineDomainSid();
// Does the user SID have the same domain as the machine SID?
bool sameDomain = false;
bool success = UnsafeNativeMethods.EqualDomainSid(pCopyOfUserSid, pMachineDomainSid, ref sameDomain);
// Since both pCopyOfUserSid and pMachineDomainSid should always be account SIDs
Debug.Assert(success == true);
// If user SID is the same domain as the machine domain, and the machine is not a DC then the user is a local (machine) user
return(sameDomain ? !IsMachineDC(null) : false);
}
else
{
// It's not a domain SID, must be local (e.g., NT AUTHORITY\foo, or BUILTIN\foo)
return(true);
}
}
finally
{
if (pCopyOfUserSid != IntPtr.Zero)
{
Marshal.FreeHGlobal(pCopyOfUserSid);
}
if (pMachineDomainSid != IntPtr.Zero)
{
Marshal.FreeHGlobal(pMachineDomainSid);
}
}
}
