public Privilege(string privilegeName) { if (privilegeName == null) { throw new ArgumentNullException(nameof(privilegeName)); } Contract.EndContractBlock(); this.luid = LuidFromPrivilege(privilegeName); }
private static void SetPrivilege(string privilegeName, int attrib) { SafeTokenHandle hToken = null; Interop.mincore.LUID debugValue = new Interop.mincore.LUID(); // this is only a "pseudo handle" to the current process - no need to close it later SafeProcessHandle processHandle = Interop.mincore.GetCurrentProcess(); // get the process token so we can adjust the privilege on it. We DO need to // close the token when we're done with it. if (!Interop.mincore.OpenProcessToken(processHandle, Interop.mincore.HandleOptions.TOKEN_ADJUST_PRIVILEGES, out hToken)) { throw new Win32Exception(); } try { if (!Interop.mincore.LookupPrivilegeValue(null, privilegeName, out debugValue)) { throw new Win32Exception(); } Interop.mincore.TokenPrivileges tkp = new Interop.mincore.TokenPrivileges(); tkp.Luid = debugValue; tkp.Attributes = attrib; Interop.mincore.AdjustTokenPrivileges(hToken, false, tkp, 0, IntPtr.Zero, IntPtr.Zero); // AdjustTokenPrivileges can return true even if it failed to // set the privilege, so we need to use GetLastError if (Marshal.GetLastWin32Error() != Interop.mincore.Errors.ERROR_SUCCESS) { throw new Win32Exception(); } } finally { #if FEATURE_TRACESWITCH Debug.WriteLineIf(_processTracing.TraceVerbose, "Process - CloseHandle(processToken)"); #endif if (hToken != null) { hToken.Dispose(); } } }
// // This routine is a wrapper around a hashtable containing mappings // of privilege names to LUIDs // private static Luid LuidFromPrivilege(string privilege) { Luid luid; luid.LowPart = 0; luid.HighPart = 0; // // Look up the privilege LUID inside the cache // try { privilegeLock.EnterReadLock(); if (luids.ContainsKey(privilege)) { luid = luids[privilege]; privilegeLock.ExitReadLock(); } else { privilegeLock.ExitReadLock(); if (false == Interop.mincore.LookupPrivilegeValue(null, privilege, out luid)) { int error = Marshal.GetLastWin32Error(); if (error == Interop.mincore.Errors.ERROR_NOT_ENOUGH_MEMORY) { throw new OutOfMemoryException(); } else if (error == Interop.mincore.Errors.ERROR_ACCESS_DENIED) { throw new UnauthorizedAccessException(); } else if (error == Interop.mincore.Errors.ERROR_NO_SUCH_PRIVILEGE) { throw new ArgumentException( SR.Format(SR.Argument_InvalidPrivilegeName, privilege)); } else { System.Diagnostics.Debug.Assert(false, string.Format(CultureInfo.InvariantCulture, "LookupPrivilegeValue() failed with unrecognized error code {0}", error)); throw new InvalidOperationException(); } } privilegeLock.EnterWriteLock(); } } finally { if (privilegeLock.IsReadLockHeld) { privilegeLock.ExitReadLock(); } if (privilegeLock.IsWriteLockHeld) { if (!luids.ContainsKey(privilege)) { luids[privilege] = luid; privileges[luid] = privilege; } privilegeLock.ExitWriteLock(); } } return(luid); }
// ----------------------------- // ---- PAL layer ends here ---- // ----------------------------- static ProcessManager() { // In order to query information (OpenProcess) on some protected processes // like csrss, we need SeDebugPrivilege privilege. // After removing the dependency on Performance Counter, we don't have a chance // to run the code in CLR performance counter to ask for this privilege. // So we will try to get the privilege here. // We could fail if the user account doesn't have right to do this, but that's fair. Interop.mincore.LUID luid = new Interop.mincore.LUID(); if (!Interop.mincore.LookupPrivilegeValue(null, Interop.mincore.SeDebugPrivilege, out luid)) { return; } SafeTokenHandle tokenHandle = null; try { if (!Interop.mincore.OpenProcessToken( Interop.mincore.GetCurrentProcess(), Interop.mincore.HandleOptions.TOKEN_ADJUST_PRIVILEGES, out tokenHandle)) { return; } Interop.mincore.TokenPrivileges tp = new Interop.mincore.TokenPrivileges(); tp.Luid = luid; tp.Attributes = Interop.mincore.SEPrivileges.SE_PRIVILEGE_ENABLED; // AdjustTokenPrivileges can return true even if it didn't succeed (when ERROR_NOT_ALL_ASSIGNED is returned). Interop.mincore.AdjustTokenPrivileges(tokenHandle, false, tp, 0, IntPtr.Zero, IntPtr.Zero); } finally { if (tokenHandle != null) { tokenHandle.Dispose(); } } }
// // This routine is a wrapper around a hashtable containing mappings // of privilege names to LUIDs // private static Luid LuidFromPrivilege(string privilege) { Luid luid; luid.LowPart = 0; luid.HighPart = 0; // // Look up the privilege LUID inside the cache // try { privilegeLock.EnterReadLock(); if (luids.ContainsKey(privilege)) { luid = luids[privilege]; privilegeLock.ExitReadLock(); } else { privilegeLock.ExitReadLock(); if (false == Interop.mincore.LookupPrivilegeValue(null, privilege, out luid)) { int error = Marshal.GetLastWin32Error(); if (error == Interop.mincore.Errors.ERROR_NOT_ENOUGH_MEMORY) { throw new OutOfMemoryException(); } else if (error == Interop.mincore.Errors.ERROR_ACCESS_DENIED) { throw new UnauthorizedAccessException(); } else if (error == Interop.mincore.Errors.ERROR_NO_SUCH_PRIVILEGE) { throw new ArgumentException( SR.Format(SR.Argument_InvalidPrivilegeName, privilege)); } else { Contract.Assert(false, string.Format(CultureInfo.InvariantCulture, "LookupPrivilegeValue() failed with unrecognized error code {0}", error)); throw new InvalidOperationException(); } } privilegeLock.EnterWriteLock(); } } finally { if (privilegeLock.IsReadLockHeld) { privilegeLock.ExitReadLock(); } if (privilegeLock.IsWriteLockHeld) { if (!luids.ContainsKey(privilege)) { luids[privilege] = luid; privileges[luid] = privilege; } privilegeLock.ExitWriteLock(); } } return luid; }
public Privilege(string privilegeName) { if (privilegeName == null) { throw new ArgumentNullException("privilegeName"); } Contract.EndContractBlock(); this.luid = LuidFromPrivilege(privilegeName); }