/// <summary>Extracts the user account SID associated with a security token.</summary>
/// <param name="hToken">The security token handle.</param>
/// <returns>A <see cref="SafePSID"/> instance of the user account SID associated with a security token.</returns>
public static SafePSID FromToken(HTOKEN hToken)
{
var hTok = new SafeHTOKEN((IntPtr)hToken, false);
using var pUserToken = hTok.GetInfo(TOKEN_INFORMATION_CLASS.TokenUser);
return(new SafePSID(pUserToken.ToStructure <TOKEN_USER>().User.Sid));
}
/// <summary>
/// The function gets the integrity level of the token. Integrity level is only available on Windows Vista and newer operating
/// systems, thus GetIntegrityLevel throws an exception if it is called on systems prior to Windows Vista.
/// </summary>
/// <returns>Returns the integrity level of the token.</returns>
public static MANDATORY_LEVEL GetIntegrityLevel(this HTOKEN token)
{
// Marshal the TOKEN_MANDATORY_LABEL struct from native to .NET object.
var tokenIL = GetTokenInformation <TOKEN_MANDATORY_LABEL>(token, TOKEN_INFORMATION_CLASS.TokenIntegrityLevel);
// Integrity Level SIDs are in the form of S-1-16-0xXXXX. (e.g. S-1-16-0x1000 stands for low integrity level SID). There is one and only one subauthority.
return((MANDATORY_LEVEL)GetSidSubAuthority(tokenIL.Label.Sid, 0));
}
/****************************************************************************++
*
* Description :
*
* This function creates a well known sid using User domain. CreateWellKnownSid requires
* domain sid to be provided to generate such sids. This function first gets the domain sid
* out of the user information in the token and then generate a well known sid.
*
* Arguments:
*
* hToken - [supplies] The token for which sid has to be generated
* sidType - [supplies] The type of well known sid
* pSid - [receives] The newly create sid
* pdwSidSize - [Supplies/Receives] The size of the memory allocated for ppSid
*
* Returns:
*
* Errors returned by GetTokenInformation
* Errors returned by CreateWellKnownSid
* E_OUTOFMEMORY In case there is not enough memory
* Errors returned by GetWindowsAccountDomainSid
* --***************************************************************************/
static SafePSID CreateWellKnownSidForAccount(HTOKEN hToken, WELL_KNOWN_SID_TYPE sidType)
{
var hTok = new SafeHTOKEN((IntPtr)hToken, false);
using var pUserToken = hTok.GetInfo(TOKEN_INFORMATION_CLASS.TokenUser);
//
// Now get the domain sid from the TokenUser
//
Win32Error.ThrowLastErrorIfFalse(GetWindowsAccountDomainSid(pUserToken.ToStructure <TOKEN_USER>().User.Sid, out var pDomainSid));
return(SafePSID.CreateWellKnown(sidType, pDomainSid));
}
public static extern bool CreateProcessAsUser(HTOKEN hToken, [Optional] string lpApplicationName, [Optional] StringBuilder lpCommandLine, [Optional] SECURITY_ATTRIBUTES lpProcessAttributes, [Optional] SECURITY_ATTRIBUTES lpThreadAttributes,
[MarshalAs(UnmanagedType.Bool)] bool bInheritHandles, CREATE_PROCESS dwCreationFlags, [Optional] IntPtr lpEnvironment, [Optional] string lpCurrentDirectory, in STARTUPINFO lpStartupInfo, [Out] PROCESS_INFORMATION lpProcessInformation);
public ElevPriv(string[] privs, HTOKEN hToken)
{
tok = new SafeHTOKEN((IntPtr)hToken, false);
ElevatePrivileges(privs);
}
public ElevPriv(string priv, HTOKEN hToken) : this(new[] { priv }, hToken)
{
}
/// <summary>Extracts the user account SID associated with a security token.</summary>
/// <param name="hToken">The security token handle.</param>
/// <returns>A <see cref="SafePSID"/> instance of the user account SID associated with a security token.</returns>
public static SafePSID FromToken(HTOKEN hToken)
{
using var hTok = new SafeHTOKEN((IntPtr)hToken, false);
return(hTok.GetInfo <TOKEN_USER>(TOKEN_INFORMATION_CLASS.TokenUser).User.Sid);
}
public static extern bool GetAppContainerNamedObjectPath([Optional] HTOKEN Token, IntPtr AppContainerSid, uint ObjectPathLength, StringBuilder ObjectPath, out uint ReturnLength);
/****************************************************************************++
*
* Routine Description:
*
* Verifies whether specified well-known SID is in the current user token
*
* Arguments:
*
* sid - one of the WELL_KNOWN_SID_TYPE consts
* hToken - Optional the token for which we want to test membership
* pfMember - [Receives] TRUE if specified sid is a member of the user token, false otherwise
*
* Notes:
*
* -
*
* Return Value:
*
* Errors returned by CreateWellKnownSid
* Errors returned by CheckTokenMembership
* --*****************************************************************************/
static HRESULT IsMemberOf(WELL_KNOWN_SID_TYPE sid, HTOKEN hToken, out bool pfMember)
{
pfMember = false;
try
{
var hTok = new SafeHTOKEN((IntPtr)hToken, false);
using var pUserToken = hTok.GetInfo(TOKEN_INFORMATION_CLASS.TokenUser);
SafePSID pSID = null;
try
{
//
// create SID for the authenticated users
//
pSID = SafePSID.CreateWellKnown(sid);
}
catch
{
//
// In case of invalid-arg we might need to provide the domain, so create well known sid for domain
//
pSID = CreateWellKnownSidForAccount(hToken, sid);
}
//
// check whether token has this sid
//
if (!CheckTokenMembership(hToken, pSID, out pfMember))
{
var hr = Win32Error.GetLastError().ToHRESULT();
// just to be on the safe side (as we don't know that CheckTokenMembership
// does not modify fAuthenticated in case of error)
pfMember = false;
if (hr == HRESULT.E_ACCESSDENIED && hToken.IsNull)
{
// unable to query the thread token. Open as self and try again
using var ttok = SafeHTOKEN.FromThread(GetCurrentThread(), TokenAccess.TOKEN_QUERY);
{
if (CheckTokenMembership(ttok, pSID, out pfMember))
{
return(HRESULT.S_OK);
}
else
{
// stick with the original error code, but ensure that fMember is correct
pfMember = false;
}
}
}
}
return(HRESULT.S_OK);
}
catch (Exception ex)
{
var hr = HRESULT.FromException(ex);
if (hr == (HRESULT)Win32Error.ERROR_NON_ACCOUNT_SID)
{
return(HRESULT.S_OK);
}
return(hr);
}
}
public static extern bool GetAppContainerNamedObjectPath([Optional] HTOKEN Token, [Optional] PSID AppContainerSid, uint ObjectPathLength, [MarshalAs(UnmanagedType.LPWStr)] StringBuilder ObjectPath, out uint ReturnLength);
