internal static extern bool DuplicateTokenEx( SafeCloseHandle hExistingToken, TokenAccessLevels dwDesiredAccess, IntPtr lpTokenAttributes, SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, TOKEN_TYPE TokenType, ref SafeCloseHandle phNewToken);
internal static SafeCloseHandle OpenThreadToken(TokenAccessLevels desiredAccess, bool openAsSelf) { SafeCloseHandle threadToken; if (!Private.OpenThreadToken(NativeMethods.Private.GetCurrentThread(), desiredAccess, openAsSelf, out threadToken)) { int error = Marshal.GetLastWin32Error(); if (error != WinError.ERROR_NO_TOKEN) { throw GetIoExceptionForError(error, desiredAccess.ToString()); } SafeCloseHandle processToken = OpenProcessToken(TokenAccessLevels.Duplicate); if (!Private.DuplicateTokenEx( processToken, TokenAccessLevels.Impersonate | TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, IntPtr.Zero, SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, TOKEN_TYPE.TokenImpersonation, ref threadToken)) { error = Marshal.GetLastWin32Error(); throw GetIoExceptionForError(error, desiredAccess.ToString()); } } return(threadToken); }
/// <summary> /// Checks if the given privilege is enabled. This does not tell you whether or not it /// is possible to get a privilege- most held privileges are not enabled by default. /// </summary> internal static bool IsPrivilegeEnabled(SafeCloseHandle token, Privileges privilege) { LUID luid = LookupPrivilegeValue(privilege.ToString()); var luidAttributes = new LUID_AND_ATTRIBUTES { Luid = luid, Attributes = SE_PRIVILEGE_ENABLED }; var set = new PRIVILEGE_SET { Control = PRIVILEGE_SET_ALL_NECESSARY, PrivilegeCount = 1, Privilege = new[] { luidAttributes } }; bool result; if (!Private.PrivilegeCheck(token, ref set, out result)) { int error = Marshal.GetLastWin32Error(); throw GetIoExceptionForError(error, privilege.ToString()); } return(result); }
internal static extern bool SetThreadToken( IntPtr Thread, SafeCloseHandle Token);
internal static extern bool PrivilegeCheck( SafeCloseHandle ClientToken, ref PRIVILEGE_SET RequiredPrivileges, [MarshalAs(UnmanagedType.Bool)] out bool pfResult);
/// <summary> /// Checks if the given privilege is enabled. This does not tell you whether or not it /// is possible to get a privilege- most held privileges are not enabled by default. /// </summary> internal static bool IsPrivilegeEnabled(SafeCloseHandle token, Privileges privilege) { LUID luid = LookupPrivilegeValue(privilege.ToString()); var luidAttributes = new LUID_AND_ATTRIBUTES { Luid = luid, Attributes = SE_PRIVILEGE_ENABLED }; var set = new PRIVILEGE_SET { Control = PRIVILEGE_SET_ALL_NECESSARY, PrivilegeCount = 1, Privilege = new[] { luidAttributes } }; bool result; if (!Private.PrivilegeCheck(token, ref set, out result)) { int error = Marshal.GetLastWin32Error(); throw GetIoExceptionForError(error, privilege.ToString()); } return result; }
/// <summary> /// Returns true if the given token has the specified privilege. The privilege may or may not be enabled. /// </summary> internal static bool HasPrivilege(SafeCloseHandle token, Privileges privilege) { return GetTokenPrivileges(token).Any(t => t.Privilege == privilege); }
internal static IEnumerable<PrivilegeSetting> GetTokenPrivileges(SafeCloseHandle token) { // Get the buffer size we need uint bytesNeeded; if (!Private.GetTokenInformation( token.DangerousGetHandle(), TOKEN_INFORMATION_CLASS.TokenPrivileges, EmptySafeHandle.Instance, 0, out bytesNeeded)) { int error = Marshal.GetLastWin32Error(); if (error != WinError.ERROR_INSUFFICIENT_BUFFER) throw GetIoExceptionForError(error); } else { // Didn't need any space for output, let's assume there are no privileges return Enumerable.Empty<PrivilegeSetting>(); } // Initialize the buffer and get the data var buffer = new StreamBuffer(bytesNeeded); if (!Private.GetTokenInformation( token.DangerousGetHandle(), TOKEN_INFORMATION_CLASS.TokenPrivileges, buffer, (uint)buffer.Length, out bytesNeeded)) { int error = Marshal.GetLastWin32Error(); throw GetIoExceptionForError(error); } // Loop through and get our privileges BinaryReader reader = new BinaryReader(buffer, Encoding.Unicode, leaveOpen: true); uint count = reader.ReadUInt32(); var privileges = new List<PrivilegeSetting>(); StringBuilder sb = new StringBuilder(256); for (int i = 0; i < count; i++) { LUID luid = new LUID { LowPart = reader.ReadUInt32(), HighPart = reader.ReadUInt32(), }; uint length = (uint)sb.Capacity; if (!Private.LookupPrivilegeNameW(IntPtr.Zero, ref luid, sb, ref length)) { int error = Marshal.GetLastWin32Error(); throw GetIoExceptionForError(error); } PrivilegeState state = (PrivilegeState)reader.ReadUInt32(); privileges.Add(new PrivilegeSetting(sb.ToString(), state)); sb.Clear(); } return privileges; }
internal static extern bool OpenThreadToken( IntPtr ThreadHandle, TokenAccessLevels DesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool OpenAsSelf, out SafeCloseHandle TokenHandle);
internal static IEnumerable <PrivilegeSetting> GetTokenPrivileges(SafeCloseHandle token) { // Get the buffer size we need uint bytesNeeded; if (!Private.GetTokenInformation( token.DangerousGetHandle(), TOKEN_INFORMATION_CLASS.TokenPrivileges, EmptySafeHandle.Instance, 0, out bytesNeeded)) { int error = Marshal.GetLastWin32Error(); if (error != WinError.ERROR_INSUFFICIENT_BUFFER) { throw GetIoExceptionForError(error); } } else { // Didn't need any space for output, let's assume there are no privileges return(Enumerable.Empty <PrivilegeSetting>()); } // Initialize the buffer and get the data var buffer = new StreamBuffer(bytesNeeded); if (!Private.GetTokenInformation( token.DangerousGetHandle(), TOKEN_INFORMATION_CLASS.TokenPrivileges, buffer, (uint)buffer.Length, out bytesNeeded)) { int error = Marshal.GetLastWin32Error(); throw GetIoExceptionForError(error); } // Loop through and get our privileges BinaryReader reader = new BinaryReader(buffer, Encoding.Unicode, leaveOpen: true); uint count = reader.ReadUInt32(); var privileges = new List <PrivilegeSetting>(); StringBuilder sb = new StringBuilder(256); for (int i = 0; i < count; i++) { LUID luid = new LUID { LowPart = reader.ReadUInt32(), HighPart = reader.ReadUInt32(), }; uint length = (uint)sb.Capacity; if (!Private.LookupPrivilegeNameW(IntPtr.Zero, ref luid, sb, ref length)) { int error = Marshal.GetLastWin32Error(); throw GetIoExceptionForError(error); } PrivilegeState state = (PrivilegeState)reader.ReadUInt32(); privileges.Add(new PrivilegeSetting(sb.ToString(), state)); sb.Clear(); } return(privileges); }
internal static extern bool OpenProcessToken( IntPtr ProcessHandle, TokenAccessLevels DesiredAccesss, out SafeCloseHandle TokenHandle);
/// <summary> /// Returns true if the given token has the specified privilege. The privilege may or may not be enabled. /// </summary> internal static bool HasPrivilege(SafeCloseHandle token, Privileges privilege) { return(GetTokenPrivileges(token).Any(t => t.Privilege == privilege)); }
private static extern bool SetThreadTokenPrivate( IntPtr Thread, SafeCloseHandle Token);