internal static IdentityReferenceCollection Translate(IdentityReferenceCollection sourceSids, Type targetType, out bool someFailed)
{
ArgumentNullException.ThrowIfNull(sourceSids);
if (targetType == typeof(NTAccount))
{
return(TranslateToNTAccounts(sourceSids, out someFailed));
}
throw new ArgumentException(SR.IdentityReference_MustBeIdentityReference, nameof(targetType));
}
internal IdentityReferenceEnumerator(IdentityReferenceCollection collection)
{
if (collection == null)
{
throw new ArgumentNullException(nameof(collection));
}
Contract.EndContractBlock();
_collection = collection;
_current = -1;
}
internal static IdentityReferenceCollection Translate(IdentityReferenceCollection sourceAccounts, Type targetType, out bool someFailed)
{
if (sourceAccounts == null)
{
throw new ArgumentNullException("sourceAccounts");
}
if (targetType != typeof(SecurityIdentifier))
{
throw new ArgumentException(Environment.GetResourceString("IdentityReference_MustBeIdentityReference"), "targetType");
}
return(TranslateToSids(sourceAccounts, out someFailed));
}
internal static IdentityReferenceCollection Translate(IdentityReferenceCollection sourceAccounts, Type targetType, out bool someFailed)
{
if (sourceAccounts == null)
{
throw new ArgumentNullException(nameof(sourceAccounts));
}
if (targetType == typeof(SecurityIdentifier))
{
return(TranslateToSids(sourceAccounts, out someFailed));
}
throw new ArgumentException(SR.IdentityReference_MustBeIdentityReference, nameof(targetType));
}
internal static IdentityReferenceCollection Translate(IdentityReferenceCollection sourceSids, Type targetType, out bool someFailed)
{
if (sourceSids == null)
{
throw new ArgumentNullException("sourceSids");
}
Contract.EndContractBlock();
if (targetType == typeof(NTAccount))
{
return(TranslateToNTAccounts(sourceSids, out someFailed));
}
throw new ArgumentException(SR.IdentityReference_MustBeIdentityReference, "targetType");
}
public override bool IsInRole(string role)
{
if (role == null || role.Length == 0)
{
return(false);
}
NTAccount identity = new NTAccount(role);
IdentityReferenceCollection identityReferenceCollection = NTAccount.Translate(new IdentityReferenceCollection(1)
{
identity
}, typeof(SecurityIdentifier), false);
SecurityIdentifier securityIdentifier = identityReferenceCollection[0] as SecurityIdentifier;
return((securityIdentifier != null && this.IsInRole(securityIdentifier)) || base.IsInRole(role));
}
internal static IdentityReferenceCollection Translate(IdentityReferenceCollection sourceSids, Type targetType, bool forceSuccess)
{
bool flag = false;
IdentityReferenceCollection identityReferenceCollection = SecurityIdentifier.Translate(sourceSids, targetType, out flag);
if (forceSuccess && flag)
{
IdentityReferenceCollection identityReferenceCollection2 = new IdentityReferenceCollection();
foreach (IdentityReference identityReference in identityReferenceCollection)
{
if (identityReference.GetType() != targetType)
{
identityReferenceCollection2.Add(identityReference);
}
}
throw new IdentityNotMappedException(Environment.GetResourceString("IdentityReference_IdentityNotMapped"), identityReferenceCollection2);
}
return(identityReferenceCollection);
}
internal static IdentityReferenceCollection Translate(IdentityReferenceCollection sourceSids, Type targetType, bool forceSuccess)
{
bool someFailed = false;
IdentityReferenceCollection referenceCollection = SecurityIdentifier.Translate(sourceSids, targetType, out someFailed);
if (forceSuccess & someFailed)
{
IdentityReferenceCollection unmappedIdentities = new IdentityReferenceCollection();
foreach (IdentityReference identity in referenceCollection)
{
if (identity.GetType() != targetType)
{
unmappedIdentities.Add(identity);
}
}
throw new IdentityNotMappedException(Environment.GetResourceString("IdentityReference_IdentityNotMapped"), unmappedIdentities);
}
return(referenceCollection);
}
public override bool IsInRole(string role)
{
if (role == null || role.Length == 0)
{
return(false);
}
NTAccount ntAccount = new NTAccount(role);
IdentityReferenceCollection sourceAccounts = new IdentityReferenceCollection(1);
sourceAccounts.Add((IdentityReference)ntAccount);
Type targetType = typeof(SecurityIdentifier);
int num = 0;
SecurityIdentifier sid = NTAccount.Translate(sourceAccounts, targetType, num != 0)[0] as SecurityIdentifier;
if (sid != (SecurityIdentifier)null && this.IsInRole(sid))
{
return(true);
}
return(base.IsInRole(role));
}
public override IdentityReference Translate(Type targetType)
{
if (targetType == null)
{
throw new ArgumentNullException("targetType");
}
if (targetType == typeof(SecurityIdentifier))
{
return(this);
}
if (targetType == typeof(NTAccount))
{
IdentityReferenceCollection identityReferenceCollection = SecurityIdentifier.Translate(new IdentityReferenceCollection(1)
{
this
}, targetType, true);
return(identityReferenceCollection[0]);
}
throw new ArgumentException(Environment.GetResourceString("IdentityReference_MustBeIdentityReference"), "targetType");
}
internal static IdentityReferenceCollection Translate(IdentityReferenceCollection sourceAccounts, Type targetType, bool forceSuccess)
{
bool someFailed = false;
IdentityReferenceCollection references = Translate(sourceAccounts, targetType, out someFailed);
if (!forceSuccess || !someFailed)
{
return(references);
}
IdentityReferenceCollection unmappedIdentities = new IdentityReferenceCollection();
foreach (IdentityReference reference in references)
{
if (reference.GetType() != targetType)
{
unmappedIdentities.Add(reference);
}
}
throw new IdentityNotMappedException(Environment.GetResourceString("IdentityReference_IdentityNotMapped"), unmappedIdentities);
}
internal static IdentityReferenceCollection Translate(IdentityReferenceCollection sourceAccounts, Type targetType, bool forceSuccess)
{
IdentityReferenceCollection result = Translate(sourceAccounts, targetType, out bool someFailed);
if (forceSuccess && someFailed)
{
IdentityReferenceCollection UnmappedIdentities = new IdentityReferenceCollection();
foreach (IdentityReference id in result)
{
if (id.GetType() != targetType)
{
UnmappedIdentities.Add(id);
}
}
throw new IdentityNotMappedException(SR.IdentityReference_IdentityNotMapped, UnmappedIdentities);
}
return(result);
}
public override IdentityReference Translate(Type targetType)
{
if (targetType == (Type)null)
{
throw new ArgumentNullException("targetType");
}
if (targetType == typeof(SecurityIdentifier))
{
return((IdentityReference)this);
}
if (!(targetType == typeof(NTAccount)))
{
throw new ArgumentException(Environment.GetResourceString("IdentityReference_MustBeIdentityReference"), "targetType");
}
IdentityReferenceCollection sourceSids = new IdentityReferenceCollection(1);
sourceSids.Add((IdentityReference)this);
Type targetType1 = targetType;
int num = 1;
return(SecurityIdentifier.Translate(sourceSids, targetType1, num != 0)[0]);
}
public override IdentityReference Translate(Type targetType)
{
ArgumentNullException.ThrowIfNull(targetType);
if (targetType == typeof(SecurityIdentifier))
{
return(this); // assumes SecurityIdentifier objects are immutable
}
else if (targetType == typeof(NTAccount))
{
IdentityReferenceCollection irSource = new IdentityReferenceCollection(1);
irSource.Add(this);
IdentityReferenceCollection irTarget;
irTarget = SecurityIdentifier.Translate(irSource, targetType, true);
return(irTarget[0]);
}
else
{
throw new ArgumentException(SR.IdentityReference_MustBeIdentityReference, nameof(targetType));
}
}
//
// Public methods.
//
public override bool IsInRole(string role)
{
if (role == null || role.Length == 0)
{
return(false);
}
NTAccount ntAccount = new NTAccount(role);
IdentityReferenceCollection source = new IdentityReferenceCollection(1);
source.Add(ntAccount);
IdentityReferenceCollection target = NTAccount.Translate(source, typeof(SecurityIdentifier), false);
if (target[0] is SecurityIdentifier sid)
{
if (IsInRole(sid))
{
return(true);
}
}
// possible that identity has other role claims that match
return(base.IsInRole(role));
}
private static IdentityReferenceCollection TranslateToNTAccounts(IdentityReferenceCollection sourceSids, out bool someFailed)
{
if (sourceSids == null)
{
throw new ArgumentNullException("sourceSids");
}
if (sourceSids.Count == 0)
{
throw new ArgumentException(SR.Arg_EmptyCollection, "sourceSids");
}
Contract.EndContractBlock();
IntPtr[] SidArrayPtr = new IntPtr[sourceSids.Count];
GCHandle[] HandleArray = new GCHandle[sourceSids.Count];
SafeLsaPolicyHandle LsaHandle = SafeLsaPolicyHandle.InvalidHandle;
SafeLsaMemoryHandle ReferencedDomainsPtr = SafeLsaMemoryHandle.InvalidHandle;
SafeLsaMemoryHandle NamesPtr = SafeLsaMemoryHandle.InvalidHandle;
try
{
//
// Pin all elements in the array of SIDs
//
int currentSid = 0;
foreach (IdentityReference id in sourceSids)
{
SecurityIdentifier sid = id as SecurityIdentifier;
if (sid == null)
{
throw new ArgumentException(SR.Argument_ImproperType, "sourceSids");
}
HandleArray[currentSid] = GCHandle.Alloc(sid.BinaryForm, GCHandleType.Pinned);
SidArrayPtr[currentSid] = HandleArray[currentSid].AddrOfPinnedObject();
currentSid++;
}
//
// Open LSA policy (for lookup requires it)
//
LsaHandle = Win32.LsaOpenPolicy(null, PolicyRights.POLICY_LOOKUP_NAMES);
//
// Perform the actual lookup
//
someFailed = false;
uint ReturnCode;
ReturnCode = Interop.mincore.LsaLookupSids(LsaHandle, sourceSids.Count, SidArrayPtr, ref ReferencedDomainsPtr, ref NamesPtr);
//
// Make a decision regarding whether it makes sense to proceed
// based on the return code and the value of the forceSuccess argument
//
if (ReturnCode == Interop.StatusOptions.STATUS_NO_MEMORY ||
ReturnCode == Interop.StatusOptions.STATUS_INSUFFICIENT_RESOURCES)
{
throw new OutOfMemoryException();
}
else if (ReturnCode == Interop.StatusOptions.STATUS_ACCESS_DENIED)
{
throw new UnauthorizedAccessException();
}
else if (ReturnCode == Interop.StatusOptions.STATUS_NONE_MAPPED ||
ReturnCode == Interop.StatusOptions.STATUS_SOME_NOT_MAPPED)
{
someFailed = true;
}
else if (ReturnCode != 0)
{
int win32ErrorCode = Interop.mincore.RtlNtStatusToDosError(unchecked ((int)ReturnCode));
Debug.Assert(false, string.Format(CultureInfo.InvariantCulture, "Interop.LsaLookupSids returned {0}", win32ErrorCode));
throw new Win32Exception(win32ErrorCode);
}
NamesPtr.Initialize((uint)sourceSids.Count, (uint)Marshal.SizeOf <Interop.LSA_TRANSLATED_NAME>());
Win32.InitializeReferencedDomainsPointer(ReferencedDomainsPtr);
//
// Interpret the results and generate NTAccount objects
//
IdentityReferenceCollection Result = new IdentityReferenceCollection(sourceSids.Count);
if (ReturnCode == 0 || ReturnCode == Interop.StatusOptions.STATUS_SOME_NOT_MAPPED)
{
//
// Interpret the results and generate NT Account objects
//
Interop.LSA_REFERENCED_DOMAIN_LIST rdl = ReferencedDomainsPtr.Read <Interop.LSA_REFERENCED_DOMAIN_LIST>(0);
string[] ReferencedDomains = new string[rdl.Entries];
for (int i = 0; i < rdl.Entries; i++)
{
Interop.LSA_TRUST_INFORMATION ti = (Interop.LSA_TRUST_INFORMATION)Marshal.PtrToStructure <Interop.LSA_TRUST_INFORMATION>(new IntPtr((long)rdl.Domains + i * Marshal.SizeOf <Interop.LSA_TRUST_INFORMATION>()));
ReferencedDomains[i] = Marshal.PtrToStringUni(ti.Name.Buffer, ti.Name.Length / sizeof(char));
}
Interop.LSA_TRANSLATED_NAME[] translatedNames = new Interop.LSA_TRANSLATED_NAME[sourceSids.Count];
NamesPtr.ReadArray(0, translatedNames, 0, translatedNames.Length);
for (int i = 0; i < sourceSids.Count; i++)
{
Interop.LSA_TRANSLATED_NAME Ltn = translatedNames[i];
switch ((SidNameUse)Ltn.Use)
{
case SidNameUse.User:
case SidNameUse.Group:
case SidNameUse.Alias:
case SidNameUse.Computer:
case SidNameUse.WellKnownGroup:
string account = Marshal.PtrToStringUni(Ltn.Name.Buffer, Ltn.Name.Length / sizeof(char));;
string domain = ReferencedDomains[Ltn.DomainIndex];
Result.Add(new NTAccount(domain, account));
break;
default:
someFailed = true;
Result.Add(sourceSids[i]);
break;
}
}
}
else
{
for (int i = 0; i < sourceSids.Count; i++)
{
Result.Add(sourceSids[i]);
}
}
return(Result);
}
finally
{
for (int i = 0; i < sourceSids.Count; i++)
{
if (HandleArray[i].IsAllocated)
{
HandleArray[i].Free();
}
}
LsaHandle.Dispose();
ReferencedDomainsPtr.Dispose();
NamesPtr.Dispose();
}
}
private static IdentityReferenceCollection TranslateToNTAccounts(IdentityReferenceCollection sourceSids, out bool someFailed)
{
IdentityReferenceCollection references2;
if (sourceSids == null)
{
throw new ArgumentNullException("sourceSids");
}
if (sourceSids.Count == 0)
{
throw new ArgumentException(Environment.GetResourceString("Arg_EmptyCollection"), "sourceSids");
}
IntPtr[] sids = new IntPtr[sourceSids.Count];
GCHandle[] handleArray = new GCHandle[sourceSids.Count];
SafeLsaPolicyHandle invalidHandle = SafeLsaPolicyHandle.InvalidHandle;
SafeLsaMemoryHandle referencedDomains = SafeLsaMemoryHandle.InvalidHandle;
SafeLsaMemoryHandle names = SafeLsaMemoryHandle.InvalidHandle;
try
{
int index = 0;
foreach (IdentityReference reference in sourceSids)
{
SecurityIdentifier identifier = reference as SecurityIdentifier;
if (identifier == null)
{
throw new ArgumentException(Environment.GetResourceString("Argument_ImproperType"), "sourceSids");
}
handleArray[index] = GCHandle.Alloc(identifier.BinaryForm, GCHandleType.Pinned);
sids[index] = handleArray[index].AddrOfPinnedObject();
index++;
}
invalidHandle = Win32.LsaOpenPolicy(null, PolicyRights.POLICY_LOOKUP_NAMES);
someFailed = false;
uint num2 = Win32Native.LsaLookupSids(invalidHandle, sourceSids.Count, sids, ref referencedDomains, ref names);
switch (num2)
{
case 0xc0000017:
case 0xc000009a:
throw new OutOfMemoryException();
case 0xc0000022:
throw new UnauthorizedAccessException();
}
if ((num2 == 0xc0000073) || (num2 == 0x107))
{
someFailed = true;
}
else if (num2 != 0)
{
throw new SystemException(Win32Native.GetMessage(Win32Native.LsaNtStatusToWinError((int)num2)));
}
names.Initialize((uint)sourceSids.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_NAME)));
Win32.InitializeReferencedDomainsPointer(referencedDomains);
IdentityReferenceCollection references = new IdentityReferenceCollection(sourceSids.Count);
if ((num2 == 0) || (num2 == 0x107))
{
Win32Native.LSA_REFERENCED_DOMAIN_LIST lsa_referenced_domain_list = referencedDomains.Read <Win32Native.LSA_REFERENCED_DOMAIN_LIST>(0L);
string[] strArray = new string[lsa_referenced_domain_list.Entries];
for (int i = 0; i < lsa_referenced_domain_list.Entries; i++)
{
Win32Native.LSA_TRUST_INFORMATION lsa_trust_information = (Win32Native.LSA_TRUST_INFORMATION)Marshal.PtrToStructure(new IntPtr(((long)lsa_referenced_domain_list.Domains) + (i * Marshal.SizeOf(typeof(Win32Native.LSA_TRUST_INFORMATION)))), typeof(Win32Native.LSA_TRUST_INFORMATION));
strArray[i] = Marshal.PtrToStringUni(lsa_trust_information.Name.Buffer, lsa_trust_information.Name.Length / 2);
}
Win32Native.LSA_TRANSLATED_NAME[] array = new Win32Native.LSA_TRANSLATED_NAME[sourceSids.Count];
names.ReadArray <Win32Native.LSA_TRANSLATED_NAME>(0L, array, 0, array.Length);
for (int j = 0; j < sourceSids.Count; j++)
{
Win32Native.LSA_TRANSLATED_NAME lsa_translated_name = array[j];
switch (lsa_translated_name.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
{
string accountName = Marshal.PtrToStringUni(lsa_translated_name.Name.Buffer, lsa_translated_name.Name.Length / 2);
string domainName = strArray[lsa_translated_name.DomainIndex];
references.Add(new NTAccount(domainName, accountName));
continue;
}
}
someFailed = true;
references.Add(sourceSids[j]);
}
}
else
{
for (int k = 0; k < sourceSids.Count; k++)
{
references.Add(sourceSids[k]);
}
}
references2 = references;
}
finally
{
for (int m = 0; m < sourceSids.Count; m++)
{
if (handleArray[m].IsAllocated)
{
handleArray[m].Free();
}
}
invalidHandle.Dispose();
referencedDomains.Dispose();
names.Dispose();
}
return(references2);
}
[System.Security.SecurityCritical] // auto-generated
private static IdentityReferenceCollection TranslateToSids(IdentityReferenceCollection sourceAccounts, out bool someFailed)
{
if (sourceAccounts == null)
{
throw new ArgumentNullException("sourceAccounts");
}
if (sourceAccounts.Count == 0)
{
throw new ArgumentException(Environment.GetResourceString("Arg_EmptyCollection"), "sourceAccounts");
}
Contract.EndContractBlock();
SafeLsaPolicyHandle LsaHandle = SafeLsaPolicyHandle.InvalidHandle;
SafeLsaMemoryHandle ReferencedDomainsPtr = SafeLsaMemoryHandle.InvalidHandle;
SafeLsaMemoryHandle SidsPtr = SafeLsaMemoryHandle.InvalidHandle;
try
{
//
// Construct an array of unicode strings
//
Win32Native.UNICODE_STRING[] Names = new Win32Native.UNICODE_STRING[sourceAccounts.Count];
int currentName = 0;
foreach (IdentityReference id in sourceAccounts)
{
NTAccount nta = id as NTAccount;
if (nta == null)
{
throw new ArgumentException(Environment.GetResourceString("Argument_ImproperType"), "sourceAccounts");
}
Names[currentName].Buffer = nta.ToString();
if (Names[currentName].Buffer.Length * 2 + 2 > ushort.MaxValue)
{
// this should never happen since we are already validating account name length in constructor and
// it is less than this limit
Contract.Assert(false, "NTAccount::TranslateToSids - source account name is too long.");
throw new SystemException();
}
Names[currentName].Length = (ushort)(Names[currentName].Buffer.Length * 2);
Names[currentName].MaximumLength = (ushort)(Names[currentName].Length + 2);
currentName++;
}
//
// Open LSA policy (for lookup requires it)
//
LsaHandle = Win32.LsaOpenPolicy(null, PolicyRights.POLICY_LOOKUP_NAMES);
//
// Now perform the actual lookup
//
someFailed = false;
uint ReturnCode;
if (Win32.LsaLookupNames2Supported)
{
ReturnCode = Win32Native.LsaLookupNames2(LsaHandle, 0, sourceAccounts.Count, Names, ref ReferencedDomainsPtr, ref SidsPtr);
}
else
{
ReturnCode = Win32Native.LsaLookupNames(LsaHandle, sourceAccounts.Count, Names, ref ReferencedDomainsPtr, ref SidsPtr);
}
//
// Make a decision regarding whether it makes sense to proceed
// based on the return code and the value of the forceSuccess argument
//
if (ReturnCode == Win32Native.STATUS_NO_MEMORY ||
ReturnCode == Win32Native.STATUS_INSUFFICIENT_RESOURCES)
{
throw new OutOfMemoryException();
}
else if (ReturnCode == Win32Native.STATUS_ACCESS_DENIED)
{
throw new UnauthorizedAccessException();
}
else if (ReturnCode == Win32Native.STATUS_NONE_MAPPED ||
ReturnCode == Win32Native.STATUS_SOME_NOT_MAPPED)
{
someFailed = true;
}
else if (ReturnCode != 0)
{
int win32ErrorCode = Win32Native.LsaNtStatusToWinError(unchecked ((int)ReturnCode));
if (win32ErrorCode != Win32Native.ERROR_TRUSTED_RELATIONSHIP_FAILURE)
{
Contract.Assert(false, string.Format(CultureInfo.InvariantCulture, "Win32Native.LsaLookupNames(2) returned unrecognized error {0}", win32ErrorCode));
}
throw new SystemException(Win32Native.GetMessage(win32ErrorCode));
}
//
// Interpret the results and generate SID objects
//
IdentityReferenceCollection Result = new IdentityReferenceCollection(sourceAccounts.Count);
if (ReturnCode == 0 || ReturnCode == Win32Native.STATUS_SOME_NOT_MAPPED)
{
if (Win32.LsaLookupNames2Supported)
{
SidsPtr.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID2)));
Win32.InitializeReferencedDomainsPointer(ReferencedDomainsPtr);
Win32Native.LSA_TRANSLATED_SID2[] translatedSids = new Win32Native.LSA_TRANSLATED_SID2[sourceAccounts.Count];
SidsPtr.ReadArray(0, translatedSids, 0, translatedSids.Length);
for (int i = 0; i < sourceAccounts.Count; i++)
{
Win32Native.LSA_TRANSLATED_SID2 Lts = translatedSids[i];
//
// Only some names are recognized as NTAccount objects
//
switch ((SidNameUse)Lts.Use)
{
case SidNameUse.User:
case SidNameUse.Group:
case SidNameUse.Alias:
case SidNameUse.Computer:
case SidNameUse.WellKnownGroup:
Result.Add(new SecurityIdentifier(Lts.Sid, true));
break;
default:
someFailed = true;
Result.Add(sourceAccounts[i]);
break;
}
}
}
else
{
SidsPtr.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID)));
Win32.InitializeReferencedDomainsPointer(ReferencedDomainsPtr);
Win32Native.LSA_REFERENCED_DOMAIN_LIST rdl = ReferencedDomainsPtr.Read <Win32Native.LSA_REFERENCED_DOMAIN_LIST>(0);
SecurityIdentifier[] ReferencedDomains = new SecurityIdentifier[rdl.Entries];
for (int i = 0; i < rdl.Entries; i++)
{
Win32Native.LSA_TRUST_INFORMATION ti = (Win32Native.LSA_TRUST_INFORMATION)Marshal.PtrToStructure(new IntPtr(( long )rdl.Domains + i * Marshal.SizeOf(typeof(Win32Native.LSA_TRUST_INFORMATION))), typeof(Win32Native.LSA_TRUST_INFORMATION));
ReferencedDomains[i] = new SecurityIdentifier(ti.Sid, true);
}
Win32Native.LSA_TRANSLATED_SID[] translatedSids = new Win32Native.LSA_TRANSLATED_SID[sourceAccounts.Count];
SidsPtr.ReadArray(0, translatedSids, 0, translatedSids.Length);
for (int i = 0; i < sourceAccounts.Count; i++)
{
Win32Native.LSA_TRANSLATED_SID Lts = translatedSids[i];
switch ((SidNameUse)Lts.Use)
{
case SidNameUse.User:
case SidNameUse.Group:
case SidNameUse.Alias:
case SidNameUse.Computer:
case SidNameUse.WellKnownGroup:
Result.Add(new SecurityIdentifier(ReferencedDomains[Lts.DomainIndex], Lts.Rid));
break;
default:
someFailed = true;
Result.Add(sourceAccounts[i]);
break;
}
}
}
}
else
{
for (int i = 0; i < sourceAccounts.Count; i++)
{
Result.Add(sourceAccounts[i]);
}
}
return(Result);
}
finally
{
LsaHandle.Dispose();
ReferencedDomainsPtr.Dispose();
SidsPtr.Dispose();
}
}
private static IdentityReferenceCollection TranslateToSids(IdentityReferenceCollection sourceAccounts, out bool someFailed)
{
IdentityReferenceCollection references2;
if (sourceAccounts == null)
{
throw new ArgumentNullException("sourceAccounts");
}
if (sourceAccounts.Count == 0)
{
throw new ArgumentException(Environment.GetResourceString("Arg_EmptyCollection"), "sourceAccounts");
}
SafeLsaPolicyHandle invalidHandle = SafeLsaPolicyHandle.InvalidHandle;
SafeLsaMemoryHandle referencedDomains = SafeLsaMemoryHandle.InvalidHandle;
SafeLsaMemoryHandle sids = SafeLsaMemoryHandle.InvalidHandle;
try
{
uint num2;
Win32Native.UNICODE_STRING[] names = new Win32Native.UNICODE_STRING[sourceAccounts.Count];
int index = 0;
foreach (IdentityReference reference in sourceAccounts)
{
NTAccount account = reference as NTAccount;
if (account == null)
{
throw new ArgumentException(Environment.GetResourceString("Argument_ImproperType"), "sourceAccounts");
}
names[index].Buffer = account.ToString();
if (((names[index].Buffer.Length * 2) + 2) > 0xffff)
{
throw new SystemException();
}
names[index].Length = (ushort)(names[index].Buffer.Length * 2);
names[index].MaximumLength = (ushort)(names[index].Length + 2);
index++;
}
invalidHandle = Win32.LsaOpenPolicy(null, PolicyRights.POLICY_LOOKUP_NAMES);
someFailed = false;
if (Win32.LsaLookupNames2Supported)
{
num2 = Win32Native.LsaLookupNames2(invalidHandle, 0, sourceAccounts.Count, names, ref referencedDomains, ref sids);
}
else
{
num2 = Win32Native.LsaLookupNames(invalidHandle, sourceAccounts.Count, names, ref referencedDomains, ref sids);
}
if ((num2 == 0xc0000017) || (num2 == 0xc000009a))
{
throw new OutOfMemoryException();
}
if (num2 == 0xc0000022)
{
throw new UnauthorizedAccessException();
}
if ((num2 == 0xc0000073) || (num2 == 0x107))
{
someFailed = true;
}
else if (num2 != 0)
{
int errorCode = Win32Native.LsaNtStatusToWinError((int)num2);
throw new SystemException(Win32Native.GetMessage(errorCode));
}
IdentityReferenceCollection references = new IdentityReferenceCollection(sourceAccounts.Count);
switch (num2)
{
case 0:
case 0x107:
if (Win32.LsaLookupNames2Supported)
{
sids.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID2)));
Win32.InitializeReferencedDomainsPointer(referencedDomains);
Win32Native.LSA_TRANSLATED_SID2[] array = new Win32Native.LSA_TRANSLATED_SID2[sourceAccounts.Count];
sids.ReadArray <Win32Native.LSA_TRANSLATED_SID2>(0L, array, 0, array.Length);
for (int i = 0; i < sourceAccounts.Count; i++)
{
Win32Native.LSA_TRANSLATED_SID2 lsa_translated_sid = array[i];
switch (lsa_translated_sid.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
{
references.Add(new SecurityIdentifier(lsa_translated_sid.Sid, true));
continue;
}
}
someFailed = true;
references.Add(sourceAccounts[i]);
}
}
else
{
sids.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID)));
Win32.InitializeReferencedDomainsPointer(referencedDomains);
Win32Native.LSA_REFERENCED_DOMAIN_LIST lsa_referenced_domain_list = referencedDomains.Read <Win32Native.LSA_REFERENCED_DOMAIN_LIST>(0L);
SecurityIdentifier[] identifierArray = new SecurityIdentifier[lsa_referenced_domain_list.Entries];
for (int j = 0; j < lsa_referenced_domain_list.Entries; j++)
{
Win32Native.LSA_TRUST_INFORMATION lsa_trust_information = (Win32Native.LSA_TRUST_INFORMATION)Marshal.PtrToStructure(new IntPtr(((long)lsa_referenced_domain_list.Domains) + (j * Marshal.SizeOf(typeof(Win32Native.LSA_TRUST_INFORMATION)))), typeof(Win32Native.LSA_TRUST_INFORMATION));
identifierArray[j] = new SecurityIdentifier(lsa_trust_information.Sid, true);
}
Win32Native.LSA_TRANSLATED_SID[] lsa_translated_sidArray2 = new Win32Native.LSA_TRANSLATED_SID[sourceAccounts.Count];
sids.ReadArray <Win32Native.LSA_TRANSLATED_SID>(0L, lsa_translated_sidArray2, 0, lsa_translated_sidArray2.Length);
for (int k = 0; k < sourceAccounts.Count; k++)
{
Win32Native.LSA_TRANSLATED_SID lsa_translated_sid2 = lsa_translated_sidArray2[k];
switch (lsa_translated_sid2.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
{
references.Add(new SecurityIdentifier(identifierArray[lsa_translated_sid2.DomainIndex], lsa_translated_sid2.Rid));
continue;
}
}
someFailed = true;
references.Add(sourceAccounts[k]);
}
}
break;
default:
for (int m = 0; m < sourceAccounts.Count; m++)
{
references.Add(sourceAccounts[m]);
}
break;
}
references2 = references;
}
finally
{
invalidHandle.Dispose();
referencedDomains.Dispose();
sids.Dispose();
}
return(references2);
}
private static IdentityReferenceCollection TranslateToNTAccounts(IdentityReferenceCollection sourceSids, out bool someFailed)
{
if (sourceSids == null)
{
throw new ArgumentNullException("sourceSids");
}
if (sourceSids.Count == 0)
{
throw new ArgumentException(Environment.GetResourceString("Arg_EmptyCollection"), "sourceSids");
}
IntPtr[] array = new IntPtr[sourceSids.Count];
GCHandle[] array2 = new GCHandle[sourceSids.Count];
SafeLsaPolicyHandle safeLsaPolicyHandle = SafeLsaPolicyHandle.InvalidHandle;
SafeLsaMemoryHandle invalidHandle = SafeLsaMemoryHandle.InvalidHandle;
SafeLsaMemoryHandle invalidHandle2 = SafeLsaMemoryHandle.InvalidHandle;
IdentityReferenceCollection result;
try
{
int num = 0;
foreach (IdentityReference identityReference in sourceSids)
{
SecurityIdentifier securityIdentifier = identityReference as SecurityIdentifier;
if (securityIdentifier == null)
{
throw new ArgumentException(Environment.GetResourceString("Argument_ImproperType"), "sourceSids");
}
array2[num] = GCHandle.Alloc(securityIdentifier.BinaryForm, GCHandleType.Pinned);
array[num] = array2[num].AddrOfPinnedObject();
num++;
}
safeLsaPolicyHandle = Win32.LsaOpenPolicy(null, PolicyRights.POLICY_LOOKUP_NAMES);
someFailed = false;
uint num2 = Win32Native.LsaLookupSids(safeLsaPolicyHandle, sourceSids.Count, array, ref invalidHandle, ref invalidHandle2);
if (num2 == 3221225495U || num2 == 3221225626U)
{
throw new OutOfMemoryException();
}
if (num2 == 3221225506U)
{
throw new UnauthorizedAccessException();
}
if (num2 == 3221225587U || num2 == 263U)
{
someFailed = true;
}
else if (num2 != 0U)
{
int errorCode = Win32Native.LsaNtStatusToWinError((int)num2);
throw new SystemException(Win32Native.GetMessage(errorCode));
}
invalidHandle2.Initialize((uint)sourceSids.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_NAME)));
Win32.InitializeReferencedDomainsPointer(invalidHandle);
IdentityReferenceCollection identityReferenceCollection = new IdentityReferenceCollection(sourceSids.Count);
if (num2 == 0U || num2 == 263U)
{
Win32Native.LSA_REFERENCED_DOMAIN_LIST lsa_REFERENCED_DOMAIN_LIST = invalidHandle.Read <Win32Native.LSA_REFERENCED_DOMAIN_LIST>(0UL);
string[] array3 = new string[lsa_REFERENCED_DOMAIN_LIST.Entries];
for (int i = 0; i < lsa_REFERENCED_DOMAIN_LIST.Entries; i++)
{
Win32Native.LSA_TRUST_INFORMATION lsa_TRUST_INFORMATION = (Win32Native.LSA_TRUST_INFORMATION)Marshal.PtrToStructure(new IntPtr((long)lsa_REFERENCED_DOMAIN_LIST.Domains + (long)(i * Marshal.SizeOf(typeof(Win32Native.LSA_TRUST_INFORMATION)))), typeof(Win32Native.LSA_TRUST_INFORMATION));
array3[i] = Marshal.PtrToStringUni(lsa_TRUST_INFORMATION.Name.Buffer, (int)(lsa_TRUST_INFORMATION.Name.Length / 2));
}
Win32Native.LSA_TRANSLATED_NAME[] array4 = new Win32Native.LSA_TRANSLATED_NAME[sourceSids.Count];
invalidHandle2.ReadArray <Win32Native.LSA_TRANSLATED_NAME>(0UL, array4, 0, array4.Length);
int j = 0;
while (j < sourceSids.Count)
{
Win32Native.LSA_TRANSLATED_NAME lsa_TRANSLATED_NAME = array4[j];
switch (lsa_TRANSLATED_NAME.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
{
string accountName = Marshal.PtrToStringUni(lsa_TRANSLATED_NAME.Name.Buffer, (int)(lsa_TRANSLATED_NAME.Name.Length / 2));
string domainName = array3[lsa_TRANSLATED_NAME.DomainIndex];
identityReferenceCollection.Add(new NTAccount(domainName, accountName));
break;
}
case 3:
case 6:
case 7:
case 8:
goto IL_2C4;
default:
goto IL_2C4;
}
IL_2D6:
j++;
continue;
IL_2C4:
someFailed = true;
identityReferenceCollection.Add(sourceSids[j]);
goto IL_2D6;
}
}
else
{
for (int k = 0; k < sourceSids.Count; k++)
{
identityReferenceCollection.Add(sourceSids[k]);
}
}
result = identityReferenceCollection;
}
finally
{
for (int l = 0; l < sourceSids.Count; l++)
{
if (array2[l].IsAllocated)
{
array2[l].Free();
}
}
safeLsaPolicyHandle.Dispose();
invalidHandle.Dispose();
invalidHandle2.Dispose();
}
return(result);
}
public IdentityReferenceCollection Translate(Type targetType, bool forceSuccess)
{
if (targetType == null)
{
throw new ArgumentNullException("targetType");
}
if (!targetType.IsSubclassOf(typeof(IdentityReference)))
{
throw new ArgumentException(Environment.GetResourceString("IdentityReference_MustBeIdentityReference"), "targetType");
}
if (this.Identities.Count == 0)
{
return(new IdentityReferenceCollection());
}
int capacity = 0;
int num2 = 0;
for (int i = 0; i < this.Identities.Count; i++)
{
Type type = this.Identities[i].GetType();
if (type != targetType)
{
if (type != typeof(SecurityIdentifier))
{
if (type != typeof(NTAccount))
{
throw new SystemException();
}
num2++;
}
else
{
capacity++;
}
}
}
bool flag = false;
IdentityReferenceCollection sourceSids = null;
IdentityReferenceCollection sourceAccounts = null;
if (capacity == this.Count)
{
flag = true;
sourceSids = this;
}
else if (capacity > 0)
{
sourceSids = new IdentityReferenceCollection(capacity);
}
if (num2 == this.Count)
{
flag = true;
sourceAccounts = this;
}
else if (num2 > 0)
{
sourceAccounts = new IdentityReferenceCollection(num2);
}
IdentityReferenceCollection unmappedIdentities = null;
if (!flag)
{
unmappedIdentities = new IdentityReferenceCollection(this.Identities.Count);
for (int j = 0; j < this.Identities.Count; j++)
{
IdentityReference identity = this[j];
Type type2 = identity.GetType();
if (type2 != targetType)
{
if (type2 != typeof(SecurityIdentifier))
{
if (type2 != typeof(NTAccount))
{
throw new SystemException();
}
sourceAccounts.Add(identity);
}
else
{
sourceSids.Add(identity);
}
}
}
}
bool someFailed = false;
IdentityReferenceCollection references4 = null;
IdentityReferenceCollection references5 = null;
if (capacity > 0)
{
references4 = SecurityIdentifier.Translate(sourceSids, targetType, out someFailed);
if (flag && (!forceSuccess || !someFailed))
{
unmappedIdentities = references4;
}
}
if (num2 > 0)
{
references5 = NTAccount.Translate(sourceAccounts, targetType, out someFailed);
if (flag && (!forceSuccess || !someFailed))
{
unmappedIdentities = references5;
}
}
if (forceSuccess && someFailed)
{
unmappedIdentities = new IdentityReferenceCollection();
if (references4 != null)
{
foreach (IdentityReference reference2 in references4)
{
if (reference2.GetType() != targetType)
{
unmappedIdentities.Add(reference2);
}
}
}
if (references5 != null)
{
foreach (IdentityReference reference3 in references5)
{
if (reference3.GetType() != targetType)
{
unmappedIdentities.Add(reference3);
}
}
}
throw new IdentityNotMappedException(Environment.GetResourceString("IdentityReference_IdentityNotMapped"), unmappedIdentities);
}
if (!flag)
{
capacity = 0;
num2 = 0;
unmappedIdentities = new IdentityReferenceCollection(this.Identities.Count);
for (int k = 0; k < this.Identities.Count; k++)
{
IdentityReference reference4 = this[k];
Type type3 = reference4.GetType();
if (type3 == targetType)
{
unmappedIdentities.Add(reference4);
}
else if (type3 == typeof(SecurityIdentifier))
{
unmappedIdentities.Add(references4[capacity++]);
}
else
{
if (type3 != typeof(NTAccount))
{
throw new SystemException();
}
unmappedIdentities.Add(references5[num2++]);
}
}
}
return(unmappedIdentities);
}
private static IdentityReferenceCollection TranslateToSids(IdentityReferenceCollection sourceAccounts, out bool someFailed)
{
if (sourceAccounts == null)
{
throw new ArgumentNullException("sourceAccounts");
}
if (sourceAccounts.Count == 0)
{
throw new ArgumentException(Environment.GetResourceString("Arg_EmptyCollection"), "sourceAccounts");
}
SafeLsaPolicyHandle handle = SafeLsaPolicyHandle.InvalidHandle;
SafeLsaMemoryHandle invalidHandle1 = SafeLsaMemoryHandle.InvalidHandle;
SafeLsaMemoryHandle invalidHandle2 = SafeLsaMemoryHandle.InvalidHandle;
try
{
Win32Native.UNICODE_STRING[] names = new Win32Native.UNICODE_STRING[sourceAccounts.Count];
int index1 = 0;
foreach (IdentityReference sourceAccount in sourceAccounts)
{
NTAccount ntAccount = sourceAccount as NTAccount;
if (ntAccount == (NTAccount)null)
{
throw new ArgumentException(Environment.GetResourceString("Argument_ImproperType"), "sourceAccounts");
}
names[index1].Buffer = ntAccount.ToString();
if (names[index1].Buffer.Length * 2 + 2 > (int)ushort.MaxValue)
{
throw new SystemException();
}
names[index1].Length = (ushort)(names[index1].Buffer.Length * 2);
names[index1].MaximumLength = (ushort)((uint)names[index1].Length + 2U);
++index1;
}
handle = System.Security.Principal.Win32.LsaOpenPolicy((string)null, PolicyRights.POLICY_LOOKUP_NAMES);
someFailed = false;
uint num = !System.Security.Principal.Win32.LsaLookupNames2Supported ? Win32Native.LsaLookupNames(handle, sourceAccounts.Count, names, ref invalidHandle1, ref invalidHandle2) : Win32Native.LsaLookupNames2(handle, 0, sourceAccounts.Count, names, ref invalidHandle1, ref invalidHandle2);
if ((int)num == -1073741801 || (int)num == -1073741670)
{
throw new OutOfMemoryException();
}
if ((int)num == -1073741790)
{
throw new UnauthorizedAccessException();
}
if ((int)num == -1073741709 || (int)num == 263)
{
someFailed = true;
}
else if ((int)num != 0)
{
throw new SystemException(Win32Native.GetMessage(Win32Native.LsaNtStatusToWinError((int)num)));
}
IdentityReferenceCollection referenceCollection = new IdentityReferenceCollection(sourceAccounts.Count);
if ((int)num == 0 || (int)num == 263)
{
if (System.Security.Principal.Win32.LsaLookupNames2Supported)
{
invalidHandle2.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID2)));
System.Security.Principal.Win32.InitializeReferencedDomainsPointer(invalidHandle1);
Win32Native.LSA_TRANSLATED_SID2[] array = new Win32Native.LSA_TRANSLATED_SID2[sourceAccounts.Count];
invalidHandle2.ReadArray <Win32Native.LSA_TRANSLATED_SID2>(0UL, array, 0, array.Length);
for (int index2 = 0; index2 < sourceAccounts.Count; ++index2)
{
Win32Native.LSA_TRANSLATED_SID2 lsaTranslatedSiD2 = array[index2];
switch (lsaTranslatedSiD2.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
referenceCollection.Add((IdentityReference) new SecurityIdentifier(lsaTranslatedSiD2.Sid, true));
break;
default:
someFailed = true;
referenceCollection.Add(sourceAccounts[index2]);
break;
}
}
}
else
{
invalidHandle2.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID)));
System.Security.Principal.Win32.InitializeReferencedDomainsPointer(invalidHandle1);
Win32Native.LSA_REFERENCED_DOMAIN_LIST referencedDomainList = invalidHandle1.Read <Win32Native.LSA_REFERENCED_DOMAIN_LIST>(0UL);
SecurityIdentifier[] securityIdentifierArray = new SecurityIdentifier[referencedDomainList.Entries];
for (int index2 = 0; index2 < referencedDomainList.Entries; ++index2)
{
Win32Native.LSA_TRUST_INFORMATION trustInformation = (Win32Native.LSA_TRUST_INFORMATION)Marshal.PtrToStructure(new IntPtr((long)referencedDomainList.Domains + (long)(index2 * Marshal.SizeOf(typeof(Win32Native.LSA_TRUST_INFORMATION)))), typeof(Win32Native.LSA_TRUST_INFORMATION));
securityIdentifierArray[index2] = new SecurityIdentifier(trustInformation.Sid, true);
}
Win32Native.LSA_TRANSLATED_SID[] array = new Win32Native.LSA_TRANSLATED_SID[sourceAccounts.Count];
invalidHandle2.ReadArray <Win32Native.LSA_TRANSLATED_SID>(0UL, array, 0, array.Length);
for (int index2 = 0; index2 < sourceAccounts.Count; ++index2)
{
Win32Native.LSA_TRANSLATED_SID lsaTranslatedSid = array[index2];
switch (lsaTranslatedSid.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
referenceCollection.Add((IdentityReference) new SecurityIdentifier(securityIdentifierArray[lsaTranslatedSid.DomainIndex], lsaTranslatedSid.Rid));
break;
default:
someFailed = true;
referenceCollection.Add(sourceAccounts[index2]);
break;
}
}
}
}
else
{
for (int index2 = 0; index2 < sourceAccounts.Count; ++index2)
{
referenceCollection.Add(sourceAccounts[index2]);
}
}
return(referenceCollection);
}
finally
{
handle.Dispose();
invalidHandle1.Dispose();
invalidHandle2.Dispose();
}
}
internal IdentityNotMappedException(string message, IdentityReferenceCollection unmappedIdentities)
: this( message )
{
this.unmappedIdentities = unmappedIdentities;
}
private static IdentityReferenceCollection TranslateToSids(IdentityReferenceCollection sourceAccounts, out bool someFailed)
{
if (sourceAccounts == null)
{
throw new ArgumentNullException("sourceAccounts");
}
if (sourceAccounts.Count == 0)
{
throw new ArgumentException(Environment.GetResourceString("Arg_EmptyCollection"), "sourceAccounts");
}
SafeLsaPolicyHandle safeLsaPolicyHandle = SafeLsaPolicyHandle.InvalidHandle;
SafeLsaMemoryHandle invalidHandle = SafeLsaMemoryHandle.InvalidHandle;
SafeLsaMemoryHandle invalidHandle2 = SafeLsaMemoryHandle.InvalidHandle;
IdentityReferenceCollection result;
try
{
Win32Native.UNICODE_STRING[] array = new Win32Native.UNICODE_STRING[sourceAccounts.Count];
int num = 0;
foreach (IdentityReference identityReference in sourceAccounts)
{
NTAccount ntaccount = identityReference as NTAccount;
if (ntaccount == null)
{
throw new ArgumentException(Environment.GetResourceString("Argument_ImproperType"), "sourceAccounts");
}
array[num].Buffer = ntaccount.ToString();
if (array[num].Buffer.Length * 2 + 2 > 65535)
{
throw new SystemException();
}
array[num].Length = (ushort)(array[num].Buffer.Length * 2);
array[num].MaximumLength = array[num].Length + 2;
num++;
}
safeLsaPolicyHandle = Win32.LsaOpenPolicy(null, PolicyRights.POLICY_LOOKUP_NAMES);
someFailed = false;
uint num2;
if (Win32.LsaLookupNames2Supported)
{
num2 = Win32Native.LsaLookupNames2(safeLsaPolicyHandle, 0, sourceAccounts.Count, array, ref invalidHandle, ref invalidHandle2);
}
else
{
num2 = Win32Native.LsaLookupNames(safeLsaPolicyHandle, sourceAccounts.Count, array, ref invalidHandle, ref invalidHandle2);
}
if (num2 == 3221225495U || num2 == 3221225626U)
{
throw new OutOfMemoryException();
}
if (num2 == 3221225506U)
{
throw new UnauthorizedAccessException();
}
if (num2 == 3221225587U || num2 == 263U)
{
someFailed = true;
}
else if (num2 != 0U)
{
int errorCode = Win32Native.LsaNtStatusToWinError((int)num2);
throw new SystemException(Win32Native.GetMessage(errorCode));
}
IdentityReferenceCollection identityReferenceCollection = new IdentityReferenceCollection(sourceAccounts.Count);
if (num2 == 0U || num2 == 263U)
{
if (Win32.LsaLookupNames2Supported)
{
invalidHandle2.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID2)));
Win32.InitializeReferencedDomainsPointer(invalidHandle);
Win32Native.LSA_TRANSLATED_SID2[] array2 = new Win32Native.LSA_TRANSLATED_SID2[sourceAccounts.Count];
invalidHandle2.ReadArray <Win32Native.LSA_TRANSLATED_SID2>(0UL, array2, 0, array2.Length);
int i = 0;
while (i < sourceAccounts.Count)
{
Win32Native.LSA_TRANSLATED_SID2 lsa_TRANSLATED_SID = array2[i];
switch (lsa_TRANSLATED_SID.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
identityReferenceCollection.Add(new SecurityIdentifier(lsa_TRANSLATED_SID.Sid, true));
break;
case 3:
case 6:
case 7:
case 8:
goto IL_282;
default:
goto IL_282;
}
IL_294:
i++;
continue;
IL_282:
someFailed = true;
identityReferenceCollection.Add(sourceAccounts[i]);
goto IL_294;
}
}
else
{
invalidHandle2.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID)));
Win32.InitializeReferencedDomainsPointer(invalidHandle);
Win32Native.LSA_REFERENCED_DOMAIN_LIST lsa_REFERENCED_DOMAIN_LIST = invalidHandle.Read <Win32Native.LSA_REFERENCED_DOMAIN_LIST>(0UL);
SecurityIdentifier[] array3 = new SecurityIdentifier[lsa_REFERENCED_DOMAIN_LIST.Entries];
for (int j = 0; j < lsa_REFERENCED_DOMAIN_LIST.Entries; j++)
{
Win32Native.LSA_TRUST_INFORMATION lsa_TRUST_INFORMATION = (Win32Native.LSA_TRUST_INFORMATION)Marshal.PtrToStructure(new IntPtr((long)lsa_REFERENCED_DOMAIN_LIST.Domains + (long)(j * Marshal.SizeOf(typeof(Win32Native.LSA_TRUST_INFORMATION)))), typeof(Win32Native.LSA_TRUST_INFORMATION));
array3[j] = new SecurityIdentifier(lsa_TRUST_INFORMATION.Sid, true);
}
Win32Native.LSA_TRANSLATED_SID[] array4 = new Win32Native.LSA_TRANSLATED_SID[sourceAccounts.Count];
invalidHandle2.ReadArray <Win32Native.LSA_TRANSLATED_SID>(0UL, array4, 0, array4.Length);
int k = 0;
while (k < sourceAccounts.Count)
{
Win32Native.LSA_TRANSLATED_SID lsa_TRANSLATED_SID2 = array4[k];
switch (lsa_TRANSLATED_SID2.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
identityReferenceCollection.Add(new SecurityIdentifier(array3[lsa_TRANSLATED_SID2.DomainIndex], lsa_TRANSLATED_SID2.Rid));
break;
case 3:
case 6:
case 7:
case 8:
goto IL_3C8;
default:
goto IL_3C8;
}
IL_3DA:
k++;
continue;
IL_3C8:
someFailed = true;
identityReferenceCollection.Add(sourceAccounts[k]);
goto IL_3DA;
}
}
}
else
{
for (int l = 0; l < sourceAccounts.Count; l++)
{
identityReferenceCollection.Add(sourceAccounts[l]);
}
}
result = identityReferenceCollection;
}
finally
{
safeLsaPolicyHandle.Dispose();
invalidHandle.Dispose();
invalidHandle2.Dispose();
}
return(result);
}
private static IdentityReferenceCollection TranslateToSids(IdentityReferenceCollection sourceAccounts, out bool someFailed)
{
if (sourceAccounts == null)
{
throw new ArgumentNullException(nameof(sourceAccounts));
}
if (sourceAccounts.Count == 0)
{
throw new ArgumentException(SR.Arg_EmptyCollection, nameof(sourceAccounts));
}
SafeLsaPolicyHandle LsaHandle = null;
SafeLsaMemoryHandle ReferencedDomainsPtr = null;
SafeLsaMemoryHandle SidsPtr = null;
try
{
//
// Construct an array of unicode strings
//
Interop.Advapi32.MARSHALLED_UNICODE_STRING[] Names = new Interop.Advapi32.MARSHALLED_UNICODE_STRING[sourceAccounts.Count];
int currentName = 0;
foreach (IdentityReference id in sourceAccounts)
{
NTAccount nta = id as NTAccount;
if (nta == null)
{
throw new ArgumentException(SR.Argument_ImproperType, nameof(sourceAccounts));
}
Names[currentName].Buffer = nta.ToString();
if (Names[currentName].Buffer.Length * 2 + 2 > ushort.MaxValue)
{
// this should never happen since we are already validating account name length in constructor and
// it is less than this limit
Debug.Fail("NTAccount::TranslateToSids - source account name is too long.");
throw new InvalidOperationException();
}
Names[currentName].Length = (ushort)(Names[currentName].Buffer.Length * 2);
Names[currentName].MaximumLength = (ushort)(Names[currentName].Length + 2);
currentName++;
}
//
// Open LSA policy (for lookup requires it)
//
LsaHandle = Win32.LsaOpenPolicy(null, PolicyRights.POLICY_LOOKUP_NAMES);
//
// Now perform the actual lookup
//
someFailed = false;
uint ReturnCode;
ReturnCode = Interop.Advapi32.LsaLookupNames2(LsaHandle, 0, sourceAccounts.Count, Names, out ReferencedDomainsPtr, out SidsPtr);
//
// Make a decision regarding whether it makes sense to proceed
// based on the return code and the value of the forceSuccess argument
//
if (ReturnCode == Interop.StatusOptions.STATUS_NO_MEMORY ||
ReturnCode == Interop.StatusOptions.STATUS_INSUFFICIENT_RESOURCES)
{
throw new OutOfMemoryException();
}
else if (ReturnCode == Interop.StatusOptions.STATUS_ACCESS_DENIED)
{
throw new UnauthorizedAccessException();
}
else if (ReturnCode == Interop.StatusOptions.STATUS_NONE_MAPPED ||
ReturnCode == Interop.StatusOptions.STATUS_SOME_NOT_MAPPED)
{
someFailed = true;
}
else if (ReturnCode != 0)
{
uint win32ErrorCode = Interop.Advapi32.LsaNtStatusToWinError(ReturnCode);
if (unchecked ((int)win32ErrorCode) != Interop.Errors.ERROR_TRUSTED_RELATIONSHIP_FAILURE)
{
Debug.Fail($"Interop.LsaLookupNames(2) returned unrecognized error {win32ErrorCode}");
}
throw new Win32Exception(unchecked ((int)win32ErrorCode));
}
//
// Interpret the results and generate SID objects
//
IdentityReferenceCollection Result = new IdentityReferenceCollection(sourceAccounts.Count);
if (ReturnCode == 0 || ReturnCode == Interop.StatusOptions.STATUS_SOME_NOT_MAPPED)
{
SidsPtr.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf <Interop.LSA_TRANSLATED_SID2>());
Win32.InitializeReferencedDomainsPointer(ReferencedDomainsPtr);
Interop.LSA_TRANSLATED_SID2[] translatedSids = new Interop.LSA_TRANSLATED_SID2[sourceAccounts.Count];
SidsPtr.ReadArray(0, translatedSids, 0, translatedSids.Length);
for (int i = 0; i < sourceAccounts.Count; i++)
{
Interop.LSA_TRANSLATED_SID2 Lts = translatedSids[i];
//
// Only some names are recognized as NTAccount objects
//
switch ((SidNameUse)Lts.Use)
{
case SidNameUse.User:
case SidNameUse.Group:
case SidNameUse.Alias:
case SidNameUse.Computer:
case SidNameUse.WellKnownGroup:
Result.Add(new SecurityIdentifier(Lts.Sid, true));
break;
default:
someFailed = true;
Result.Add(sourceAccounts[i]);
break;
}
}
}
else
{
for (int i = 0; i < sourceAccounts.Count; i++)
{
Result.Add(sourceAccounts[i]);
}
}
return(Result);
}
finally
{
LsaHandle?.Dispose();
ReferencedDomainsPtr?.Dispose();
SidsPtr?.Dispose();
}
}
private static IdentityReferenceCollection TranslateToNTAccounts(IdentityReferenceCollection sourceSids, out bool someFailed)
{
if (sourceSids == null)
{
throw new ArgumentNullException("sourceSids");
}
if (sourceSids.Count == 0)
{
throw new ArgumentException(Environment.GetResourceString("Arg_EmptyCollection"), "sourceSids");
}
IntPtr[] sids = new IntPtr[sourceSids.Count];
GCHandle[] gcHandleArray = new GCHandle[sourceSids.Count];
SafeLsaPolicyHandle handle = SafeLsaPolicyHandle.InvalidHandle;
SafeLsaMemoryHandle invalidHandle1 = SafeLsaMemoryHandle.InvalidHandle;
SafeLsaMemoryHandle invalidHandle2 = SafeLsaMemoryHandle.InvalidHandle;
try
{
int index1 = 0;
foreach (IdentityReference sourceSid in sourceSids)
{
SecurityIdentifier securityIdentifier = sourceSid as SecurityIdentifier;
if (securityIdentifier == (SecurityIdentifier)null)
{
throw new ArgumentException(Environment.GetResourceString("Argument_ImproperType"), "sourceSids");
}
gcHandleArray[index1] = GCHandle.Alloc((object)securityIdentifier.BinaryForm, GCHandleType.Pinned);
sids[index1] = gcHandleArray[index1].AddrOfPinnedObject();
++index1;
}
handle = System.Security.Principal.Win32.LsaOpenPolicy((string)null, PolicyRights.POLICY_LOOKUP_NAMES);
someFailed = false;
uint num = Win32Native.LsaLookupSids(handle, sourceSids.Count, sids, ref invalidHandle1, ref invalidHandle2);
switch (num)
{
case 3221225495:
case 3221225626:
throw new OutOfMemoryException();
case 3221225506:
throw new UnauthorizedAccessException();
case 3221225587:
case 263:
someFailed = true;
goto case 0;
case 0:
invalidHandle2.Initialize((uint)sourceSids.Count, (uint)Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_NAME)));
System.Security.Principal.Win32.InitializeReferencedDomainsPointer(invalidHandle1);
IdentityReferenceCollection referenceCollection = new IdentityReferenceCollection(sourceSids.Count);
if ((int)num == 0 || (int)num == 263)
{
Win32Native.LSA_REFERENCED_DOMAIN_LIST referencedDomainList = invalidHandle1.Read <Win32Native.LSA_REFERENCED_DOMAIN_LIST>(0UL);
string[] strArray = new string[referencedDomainList.Entries];
for (int index2 = 0; index2 < referencedDomainList.Entries; ++index2)
{
Win32Native.LSA_TRUST_INFORMATION trustInformation = (Win32Native.LSA_TRUST_INFORMATION)Marshal.PtrToStructure(new IntPtr((long)referencedDomainList.Domains + (long)(index2 * Marshal.SizeOf(typeof(Win32Native.LSA_TRUST_INFORMATION)))), typeof(Win32Native.LSA_TRUST_INFORMATION));
strArray[index2] = Marshal.PtrToStringUni(trustInformation.Name.Buffer, (int)trustInformation.Name.Length / 2);
}
Win32Native.LSA_TRANSLATED_NAME[] array = new Win32Native.LSA_TRANSLATED_NAME[sourceSids.Count];
invalidHandle2.ReadArray <Win32Native.LSA_TRANSLATED_NAME>(0UL, array, 0, array.Length);
for (int index2 = 0; index2 < sourceSids.Count; ++index2)
{
Win32Native.LSA_TRANSLATED_NAME lsaTranslatedName = array[index2];
switch (lsaTranslatedName.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
string stringUni = Marshal.PtrToStringUni(lsaTranslatedName.Name.Buffer, (int)lsaTranslatedName.Name.Length / 2);
string domainName = strArray[lsaTranslatedName.DomainIndex];
referenceCollection.Add((IdentityReference) new NTAccount(domainName, stringUni));
break;
default:
someFailed = true;
referenceCollection.Add(sourceSids[index2]);
break;
}
}
}
else
{
for (int index2 = 0; index2 < sourceSids.Count; ++index2)
{
referenceCollection.Add(sourceSids[index2]);
}
}
return(referenceCollection);
default:
throw new SystemException(Win32Native.GetMessage(Win32Native.LsaNtStatusToWinError((int)num)));
}
}
finally
{
for (int index = 0; index < sourceSids.Count; ++index)
{
if (gcHandleArray[index].IsAllocated)
{
gcHandleArray[index].Free();
}
}
handle.Dispose();
invalidHandle1.Dispose();
invalidHandle2.Dispose();
}
}
public IdentityReferenceCollection Translate(Type targetType, bool forceSuccess)
{
if (targetType == (Type)null)
{
throw new ArgumentNullException("targetType");
}
if (!targetType.IsSubclassOf(typeof(IdentityReference)))
{
throw new ArgumentException(Environment.GetResourceString("IdentityReference_MustBeIdentityReference"), "targetType");
}
if (this.Identities.Count == 0)
{
return(new IdentityReferenceCollection());
}
int capacity1 = 0;
int capacity2 = 0;
for (int index = 0; index < this.Identities.Count; ++index)
{
Type type = this.Identities[index].GetType();
if (!(type == targetType))
{
if (type == typeof(SecurityIdentifier))
{
++capacity1;
}
else
{
if (!(type == typeof(NTAccount)))
{
throw new SystemException();
}
++capacity2;
}
}
}
bool flag = false;
IdentityReferenceCollection sourceSids = (IdentityReferenceCollection)null;
IdentityReferenceCollection sourceAccounts = (IdentityReferenceCollection)null;
if (capacity1 == this.Count)
{
flag = true;
sourceSids = this;
}
else if (capacity1 > 0)
{
sourceSids = new IdentityReferenceCollection(capacity1);
}
if (capacity2 == this.Count)
{
flag = true;
sourceAccounts = this;
}
else if (capacity2 > 0)
{
sourceAccounts = new IdentityReferenceCollection(capacity2);
}
IdentityReferenceCollection referenceCollection1 = (IdentityReferenceCollection)null;
if (!flag)
{
referenceCollection1 = new IdentityReferenceCollection(this.Identities.Count);
for (int index = 0; index < this.Identities.Count; ++index)
{
IdentityReference identity = this[index];
Type type = identity.GetType();
if (!(type == targetType))
{
if (type == typeof(SecurityIdentifier))
{
sourceSids.Add(identity);
}
else
{
if (!(type == typeof(NTAccount)))
{
throw new SystemException();
}
sourceAccounts.Add(identity);
}
}
}
}
bool someFailed = false;
IdentityReferenceCollection referenceCollection2 = (IdentityReferenceCollection)null;
IdentityReferenceCollection referenceCollection3 = (IdentityReferenceCollection)null;
if (capacity1 > 0)
{
referenceCollection2 = SecurityIdentifier.Translate(sourceSids, targetType, out someFailed);
if (flag && !(forceSuccess & someFailed))
{
referenceCollection1 = referenceCollection2;
}
}
if (capacity2 > 0)
{
referenceCollection3 = NTAccount.Translate(sourceAccounts, targetType, out someFailed);
if (flag && !(forceSuccess & someFailed))
{
referenceCollection1 = referenceCollection3;
}
}
if (forceSuccess & someFailed)
{
IdentityReferenceCollection unmappedIdentities = new IdentityReferenceCollection();
if (referenceCollection2 != null)
{
foreach (IdentityReference identity in referenceCollection2)
{
if (identity.GetType() != targetType)
{
unmappedIdentities.Add(identity);
}
}
}
if (referenceCollection3 != null)
{
foreach (IdentityReference identity in referenceCollection3)
{
if (identity.GetType() != targetType)
{
unmappedIdentities.Add(identity);
}
}
}
throw new IdentityNotMappedException(Environment.GetResourceString("IdentityReference_IdentityNotMapped"), unmappedIdentities);
}
if (!flag)
{
int num1 = 0;
int num2 = 0;
referenceCollection1 = new IdentityReferenceCollection(this.Identities.Count);
for (int index = 0; index < this.Identities.Count; ++index)
{
IdentityReference identity = this[index];
Type type = identity.GetType();
if (type == targetType)
{
referenceCollection1.Add(identity);
}
else if (type == typeof(SecurityIdentifier))
{
referenceCollection1.Add(referenceCollection2[num1++]);
}
else
{
if (!(type == typeof(NTAccount)))
{
throw new SystemException();
}
referenceCollection1.Add(referenceCollection3[num2++]);
}
}
}
return(referenceCollection1);
}
public IdentityReferenceCollection Translate(Type targetType, bool forceSuccess)
{
if (targetType == null)
{
throw new ArgumentNullException(nameof(targetType));
}
//
// Target type must be a subclass of IdentityReference
//
if (!targetType.IsSubclassOf(typeof(IdentityReference)))
{
throw new ArgumentException(SR.IdentityReference_MustBeIdentityReference, nameof(targetType));
}
//
// if the source collection is empty, just return an empty collection
//
if (Identities.Count == 0)
{
return(new IdentityReferenceCollection());
}
int SourceSidsCount = 0;
int SourceNTAccountsCount = 0;
//
// First, see how many of each of the source types we have.
// The cases where source type == target type require no conversion.
//
for (int i = 0; i < Identities.Count; i++)
{
Type type = Identities[i].GetType();
if (type == targetType)
{
continue;
}
else if (type == typeof(SecurityIdentifier))
{
SourceSidsCount += 1;
}
else if (type == typeof(NTAccount))
{
SourceNTAccountsCount += 1;
}
else
{
//
// Rare case that we have defined a type of identity reference and not included it in the code logic above.
// To avoid this we do not allow IdentityReference to be subclassed outside of the BCL.
//
Debug.Fail("Source type is an IdentityReference type which has not been included in translation logic.");
throw new NotSupportedException();
}
}
bool Homogeneous = false;
IdentityReferenceCollection?SourceSids = null;
IdentityReferenceCollection?SourceNTAccounts = null;
if (SourceSidsCount == Count)
{
Homogeneous = true;
SourceSids = this;
}
else if (SourceSidsCount > 0)
{
SourceSids = new IdentityReferenceCollection(SourceSidsCount);
}
if (SourceNTAccountsCount == Count)
{
Homogeneous = true;
SourceNTAccounts = this;
}
else if (SourceNTAccountsCount > 0)
{
SourceNTAccounts = new IdentityReferenceCollection(SourceNTAccountsCount);
}
//
// Repackage only if the source is not homogeneous (contains different source types)
//
IdentityReferenceCollection?Result = null;
if (!Homogeneous)
{
Result = new IdentityReferenceCollection(Identities.Count);
for (int i = 0; i < Identities.Count; i++)
{
IdentityReference id = this[i];
Type type = id.GetType();
if (type == targetType)
{
continue;
}
else if (type == typeof(SecurityIdentifier))
{
SourceSids !.Add(id);
}
else if (type == typeof(NTAccount))
{
SourceNTAccounts !.Add(id);
}
else
{
//
// Rare case that we have defined a type of identity reference and not included it in the code logic above.
// To avoid this we do not allow IdentityReference to be subclassed outside of the BCL.
//
Debug.Fail("Source type is an IdentityReference type which has not been included in translation logic.");
throw new NotSupportedException();
}
}
}
bool someFailed = false;
IdentityReferenceCollection?TargetSids = null, TargetNTAccounts = null;
if (SourceSidsCount > 0)
{
TargetSids = SecurityIdentifier.Translate(SourceSids !, targetType, out someFailed);
if (Homogeneous && !(forceSuccess && someFailed))
{
Result = TargetSids;
}
}
if (SourceNTAccountsCount > 0)
{
TargetNTAccounts = NTAccount.Translate(SourceNTAccounts !, targetType, out someFailed);
if (Homogeneous && !(forceSuccess && someFailed))
{
Result = TargetNTAccounts;
}
}
if (forceSuccess && someFailed)
{
//
// Need to throw an exception here and provide information regarding
// which identity references could not be translated to the target type
//
Result = new IdentityReferenceCollection();
if (TargetSids != null)
{
foreach (IdentityReference id in TargetSids)
{
if (id.GetType() != targetType)
{
Result.Add(id);
}
}
}
if (TargetNTAccounts != null)
{
foreach (IdentityReference id in TargetNTAccounts)
{
if (id.GetType() != targetType)
{
Result.Add(id);
}
}
}
throw new IdentityNotMappedException(SR.IdentityReference_IdentityNotMapped, Result);
}
else if (!Homogeneous)
{
SourceSidsCount = 0;
SourceNTAccountsCount = 0;
Result = new IdentityReferenceCollection(Identities.Count);
for (int i = 0; i < Identities.Count; i++)
{
IdentityReference id = this[i];
Type type = id.GetType();
if (type == targetType)
{
Result.Add(id);
}
else if (type == typeof(SecurityIdentifier))
{
Result.Add(TargetSids ![SourceSidsCount++]);
public IdentityReferenceCollection Translate(Type targetType, bool forceSuccess)
{
if (targetType == null)
{
throw new ArgumentNullException("targetType");
}
if (!targetType.IsSubclassOf(typeof(IdentityReference)))
{
throw new ArgumentException(Environment.GetResourceString("IdentityReference_MustBeIdentityReference"), "targetType");
}
if (this.Identities.Count == 0)
{
return(new IdentityReferenceCollection());
}
int num = 0;
int num2 = 0;
for (int i = 0; i < this.Identities.Count; i++)
{
Type type = this.Identities[i].GetType();
if (!(type == targetType))
{
if (type == typeof(SecurityIdentifier))
{
num++;
}
else
{
if (!(type == typeof(NTAccount)))
{
throw new SystemException();
}
num2++;
}
}
}
bool flag = false;
IdentityReferenceCollection identityReferenceCollection = null;
IdentityReferenceCollection identityReferenceCollection2 = null;
if (num == this.Count)
{
flag = true;
identityReferenceCollection = this;
}
else if (num > 0)
{
identityReferenceCollection = new IdentityReferenceCollection(num);
}
if (num2 == this.Count)
{
flag = true;
identityReferenceCollection2 = this;
}
else if (num2 > 0)
{
identityReferenceCollection2 = new IdentityReferenceCollection(num2);
}
IdentityReferenceCollection identityReferenceCollection3 = null;
if (!flag)
{
identityReferenceCollection3 = new IdentityReferenceCollection(this.Identities.Count);
for (int j = 0; j < this.Identities.Count; j++)
{
IdentityReference identityReference = this[j];
Type type2 = identityReference.GetType();
if (!(type2 == targetType))
{
if (type2 == typeof(SecurityIdentifier))
{
identityReferenceCollection.Add(identityReference);
}
else
{
if (!(type2 == typeof(NTAccount)))
{
throw new SystemException();
}
identityReferenceCollection2.Add(identityReference);
}
}
}
}
bool flag2 = false;
IdentityReferenceCollection identityReferenceCollection4 = null;
IdentityReferenceCollection identityReferenceCollection5 = null;
if (num > 0)
{
identityReferenceCollection4 = SecurityIdentifier.Translate(identityReferenceCollection, targetType, out flag2);
if (flag && (!forceSuccess || !flag2))
{
identityReferenceCollection3 = identityReferenceCollection4;
}
}
if (num2 > 0)
{
identityReferenceCollection5 = NTAccount.Translate(identityReferenceCollection2, targetType, out flag2);
if (flag && (!forceSuccess || !flag2))
{
identityReferenceCollection3 = identityReferenceCollection5;
}
}
if (forceSuccess && flag2)
{
identityReferenceCollection3 = new IdentityReferenceCollection();
if (identityReferenceCollection4 != null)
{
foreach (IdentityReference identityReference2 in identityReferenceCollection4)
{
if (identityReference2.GetType() != targetType)
{
identityReferenceCollection3.Add(identityReference2);
}
}
}
if (identityReferenceCollection5 != null)
{
foreach (IdentityReference identityReference3 in identityReferenceCollection5)
{
if (identityReference3.GetType() != targetType)
{
identityReferenceCollection3.Add(identityReference3);
}
}
}
throw new IdentityNotMappedException(Environment.GetResourceString("IdentityReference_IdentityNotMapped"), identityReferenceCollection3);
}
if (!flag)
{
num = 0;
num2 = 0;
identityReferenceCollection3 = new IdentityReferenceCollection(this.Identities.Count);
for (int k = 0; k < this.Identities.Count; k++)
{
IdentityReference identityReference4 = this[k];
Type type3 = identityReference4.GetType();
if (type3 == targetType)
{
identityReferenceCollection3.Add(identityReference4);
}
else if (type3 == typeof(SecurityIdentifier))
{
identityReferenceCollection3.Add(identityReferenceCollection4[num++]);
}
else
{
if (!(type3 == typeof(NTAccount)))
{
throw new SystemException();
}
identityReferenceCollection3.Add(identityReferenceCollection5[num2++]);
}
}
}
return(identityReferenceCollection3);
}
