func (self *SecurityPolicy) RemoveAllAccountRights(sid SecurityID) error {
status := wrappers.LsaRemoveAccountRights(self.handle, sid.sid, true, nil, 0)
if err := wrappers.LsaNtStatusToWinError(status); err != nil {
return err
}
return nil
}
func (self *SecurityPolicy) RemoveAccountRight(sid SecurityID, right AccountRightName) error {
var rightString wrappers.UNICODE_STRING
wrappers.RtlInitUnicodeString(&rightString, syscall.StringToUTF16Ptr(string(right)))
status := wrappers.LsaRemoveAccountRights(self.handle, sid.sid, false, &rightString, 1)
if err := wrappers.LsaNtStatusToWinError(status); err != nil {
return err
}
return nil
}
func (self *SecurityPolicy) Close() error {
if self.handle != 0 {
status := wrappers.LsaClose(self.handle)
if err := wrappers.LsaNtStatusToWinError(status); err != nil {
return err
}
self.handle = 0
}
return nil
}
func OpenLocalSecurityPolicy() (*SecurityPolicy, error) {
var handle syscall.Handle
status := wrappers.LsaOpenPolicy(
nil,
&wrappers.OBJECT_ATTRIBUTES{},
wrappers.POLICY_ALL_ACCESS,
&handle)
if err := wrappers.LsaNtStatusToWinError(status); err != nil {
return nil, err
}
return &SecurityPolicy{handle: handle}, nil
}
func (self *SecurityPolicy) GetAccountRights(sid SecurityID) ([]AccountRightName, error) {
var rights *wrappers.UNICODE_STRING
var count uint32
status := wrappers.LsaEnumerateAccountRights(self.handle, sid.sid, &rights, &count)
if err := wrappers.LsaNtStatusToWinError(status); err != nil {
return nil, err
}
defer wrappers.LsaFreeMemory((*byte)(unsafe.Pointer(rights)))
rightNames := make([]AccountRightName, count)
for i := uint32(0); i < count; i++ {
buf := make([]uint16, rights.Length)
wrappers.RtlMoveMemory(
(*byte)(unsafe.Pointer(&buf[0])),
(*byte)(unsafe.Pointer(rights.Buffer)),
uintptr(rights.Length))
rightNames[i] = AccountRightName(syscall.UTF16ToString(buf))
rights = (*wrappers.UNICODE_STRING)(unsafe.Pointer(uintptr(unsafe.Pointer(rights)) + unsafe.Sizeof(*rights)))
}
return rightNames, nil
}