/// <summary> /// Return the token handle of a thread given its id. /// If the thread is not impersonating, return "null". /// </summary> /// <param name="threadId">The system-wide thread id</param> /// <param name="desiredAccess">The desired access to the token</param> /// <returns>The token handle or null if the thread is not impersonating</returns> private static IntPtr TryOpenThreadToken(int threadId, TokenAccessType desiredAccess) { IntPtr threadHandle = Win32.OpenThread( ThreadAccessType.THREAD_QUERY_INFORMATION, Win32.FALSE, (uint)threadId); if (threadHandle == IntPtr.Zero) { return(IntPtr.Zero); } Win32.CheckCall(threadHandle); try { IntPtr handle; BOOL rc = Win32.OpenThreadToken(threadHandle, (uint)desiredAccess, Win32.FALSE, out handle); if (rc == Win32.FALSE) { return(IntPtr.Zero); } return(handle); } finally { Win32.CloseHandle(threadHandle); } }
private static IntPtr TryOpenProcessToken(int pid, TokenAccessType desiredAccess) { var processHandle = Win32.OpenProcess( ProcessAccessType.PROCESS_QUERY_INFORMATION, Win32.FALSE, (uint)pid); if (processHandle == IntPtr.Zero) { return(IntPtr.Zero); } Win32.CheckCall(processHandle); try { IntPtr handle; var rc = Win32.OpenProcessToken(processHandle, desiredAccess, out handle); if (rc == Win32.FALSE) { return(IntPtr.Zero); } return(handle); } finally { Win32.CloseHandle(processHandle); } }
private static IntPtr OpenProcessToken(int pid, TokenAccessType desiredAccess) { var handle = TryOpenProcessToken(pid, desiredAccess); if (handle == IntPtr.Zero) Win32.ThrowLastError(); return handle; }
private static IntPtr OpenProcessToken(int pid, TokenAccessType desiredAccess) { var handle = TryOpenProcessToken(pid, desiredAccess); if (handle == IntPtr.Zero) { Win32.ThrowLastError(); } return(handle); }
private static IntPtr OpenThreadToken(int threadId, TokenAccessType desiredAccess) { IntPtr hToken = TryOpenThreadToken(threadId, desiredAccess); if (hToken == IntPtr.Zero) { throw new NoThreadTokenException("No token on thread " + threadId); } return(hToken); }
public static AccessTokenThread TryOpenToken(int pid, TokenAccessType desiredAccess) { IntPtr handle = TryOpenThreadToken(pid, desiredAccess); if (handle != IntPtr.Zero) { return(new AccessTokenThread(handle)); } return(null); }
private static IntPtr TryOpenProcessToken(int pid, TokenAccessType desiredAccess) { var processHandle = Win32.OpenProcess( ProcessAccessType.PROCESS_QUERY_INFORMATION, Win32.FALSE, (uint)pid); if (processHandle == IntPtr.Zero) return IntPtr.Zero; Win32.CheckCall(processHandle); try { IntPtr handle; var rc = Win32.OpenProcessToken(processHandle, desiredAccess, out handle); return rc == Win32.FALSE ? IntPtr.Zero : handle; } finally { Win32.CloseHandle(processHandle); } }
public AccessTokenThread(int threadId, TokenAccessType desiredAccess) : base(OpenThreadToken(threadId, desiredAccess)) { }
public AccessTokenProcess(int pid, TokenAccessType desiredAccess) : base(OpenProcessToken(pid, desiredAccess)) { }
/// <summary> /// Gets the URI used to start the OAuth2.0 authorization flow. Passes in codeChallenge generated in this class /// </summary> /// <param name="oauthResponseType">The grant type requested, either <c>Token</c> or <c>Code</c>.</param> /// <param name="clientId">The apps key, found in the /// <a href="https://www.dropbox.com/developers/apps">App Console</a>.</param> /// <param name="redirectUri">Where to redirect the user after authorization has completed. This must be the exact URI /// registered in the <a href="https://www.dropbox.com/developers/apps">App Console</a>; even <c>localhost</c> /// must be listed if it is used for testing. A redirect URI is required for a token flow, but optional for code. /// If the redirect URI is omitted, the code will be presented directly to the user and they will be invited to enter /// the information in your app.</param> /// <param name="state">Up to 500 bytes of arbitrary data that will be passed back to <paramref name="redirectUri"/>. /// This parameter should be used to protect against cross-site request forgery (CSRF).</param> /// <param name="forceReapprove">Whether or not to force the user to approve the app again if they've already done so. /// If <c>false</c> (default), a user who has already approved the application may be automatically redirected to /// <paramref name="redirectUri"/>If <c>true</c>, the user will not be automatically redirected and will have to approve /// the app again.</param> /// <param name="disableSignup">When <c>true</c> (default is <c>false</c>) users will not be able to sign up for a /// Dropbox account via the authorization page. Instead, the authorization page will show a link to the Dropbox /// iOS app in the App Store. This is only intended for use when necessary for compliance with App Store policies.</param> /// <param name="requireRole">If this parameter is specified, the user will be asked to authorize with a particular /// type of Dropbox account, either work for a team account or personal for a personal account. Your app should still /// verify the type of Dropbox account after authorization since the user could modify or remove the require_role /// parameter.</param> /// <param name="forceReauthentication"> If <c>true</c>, users will be signed out if they are currently signed in. /// This will make sure the user is brought to a page where they can create a new account or sign in to another account. /// This should only be used when there is a definite reason to believe that the user needs to sign in to a new or /// different account.</param> /// <param name="tokenAccessType">Determines the type of token to request. See <see cref="TokenAccessType" /> /// for information on specific types available. If none is specified, this will use the legacy type.</param> /// <param name="scopeList">list of scopes to request in base oauth flow. If left blank, will default to all scopes for app</param> /// <param name="includeGrantedScopes">which scopes to include from previous grants. Note: if this user has never linked the app, include_granted_scopes must be None</param> /// <returns>The uri of a web page which must be displayed to the user in order to authorize the app.</returns> public Uri GetAuthorizeUri(OAuthResponseType oauthResponseType, string clientId, string redirectUri = null, string state = null, bool forceReapprove = false, bool disableSignup = false, string requireRole = null, bool forceReauthentication = false, TokenAccessType tokenAccessType = TokenAccessType.Legacy, string[] scopeList = null, IncludeGrantedScopes includeGrantedScopes = IncludeGrantedScopes.None) { return(DropboxOAuth2Helper.GetAuthorizeUri(oauthResponseType, clientId, redirectUri, state, forceReapprove, disableSignup, requireRole, forceReauthentication, tokenAccessType, scopeList, includeGrantedScopes, this.CodeChallenge)); }
public static AccessTokenThread TryOpenToken(int pid, TokenAccessType desiredAccess) { IntPtr handle = TryOpenThreadToken (pid, desiredAccess); if (handle != IntPtr.Zero) return new AccessTokenThread(handle); return null; }
/// <summary> /// Gets the URI used to start the OAuth2.0 authorization flow. /// </summary> /// <param name="oauthResponseType">The grant type requested, either <c>Token</c> or <c>Code</c>.</param> /// <param name="clientId">The apps key, found in the /// <a href="https://www.dropbox.com/developers/apps">App Console</a>.</param> /// <param name="redirectUri">Where to redirect the user after authorization has completed. This must be the exact URI /// registered in the <a href="https://www.dropbox.com/developers/apps">App Console</a>; even <c>localhost</c> /// must be listed if it is used for testing. A redirect URI is required for a token flow, but optional for code. /// If the redirect URI is omitted, the code will be presented directly to the user and they will be invited to enter /// the information in your app.</param> /// <param name="state">Up to 500 bytes of arbitrary data that will be passed back to <paramref name="redirectUri"/>. /// This parameter should be used to protect against cross-site request forgery (CSRF).</param> /// <param name="forceReapprove">Whether or not to force the user to approve the app again if they've already done so. /// If <c>false</c> (default), a user who has already approved the application may be automatically redirected to /// <paramref name="redirectUri"/>If <c>true</c>, the user will not be automatically redirected and will have to approve /// the app again.</param> /// <param name="disableSignup">When <c>true</c> (default is <c>false</c>) users will not be able to sign up for a /// Dropbox account via the authorization page. Instead, the authorization page will show a link to the Dropbox /// iOS app in the App Store. This is only intended for use when necessary for compliance with App Store policies.</param> /// <param name="requireRole">If this parameter is specified, the user will be asked to authorize with a particular /// type of Dropbox account, either work for a team account or personal for a personal account. Your app should still /// verify the type of Dropbox account after authorization since the user could modify or remove the require_role /// parameter.</param> /// <param name="forceReauthentication"> If <c>true</c>, users will be signed out if they are currently signed in. /// This will make sure the user is brought to a page where they can create a new account or sign in to another account. /// This should only be used when there is a definite reason to believe that the user needs to sign in to a new or /// different account.</param> /// <param name="tokenAccessType">Determines the type of token to request. See <see cref="TokenAccessType" /> /// for information on specific types available. If none is specified, this will use the legacy type.</param> /// <param name="scopeList">list of scopes to request in base oauth flow. If left blank, will default to all scopes for app</param> /// <param name="includeGrantedScopes">which scopes to include from previous grants. Note: if this user has never linked the app, include_granted_scopes must be None</param> /// <returns>The uri of a web page which must be displayed to the user in order to authorize the app.</returns> public static Uri GetAuthorizeUri(OAuthResponseType oauthResponseType, string clientId, Uri redirectUri = null, string state = null, bool forceReapprove = false, bool disableSignup = false, string requireRole = null, bool forceReauthentication = false, TokenAccessType tokenAccessType = TokenAccessType.Legacy, string[] scopeList = null, IncludeGrantedScopes includeGrantedScopes = IncludeGrantedScopes.None ) { if (string.IsNullOrWhiteSpace(clientId)) { throw new ArgumentNullException("clientId"); } if (redirectUri == null && oauthResponseType != OAuthResponseType.Code) { throw new ArgumentNullException("redirectUri"); } var queryBuilder = new StringBuilder(); queryBuilder.Append("response_type="); switch (oauthResponseType) { case OAuthResponseType.Token: queryBuilder.Append("token"); break; case OAuthResponseType.Code: queryBuilder.Append("code"); break; default: throw new ArgumentOutOfRangeException("oauthResponseType"); } queryBuilder.Append("&client_id=").Append(Uri.EscapeDataString(clientId)); if (redirectUri != null) { queryBuilder.Append("&redirect_uri=").Append(Uri.EscapeDataString(redirectUri.ToString())); } if (!string.IsNullOrWhiteSpace(state)) { queryBuilder.Append("&state=").Append(Uri.EscapeDataString(state)); } if (forceReapprove) { queryBuilder.Append("&force_reapprove=true"); } if (disableSignup) { queryBuilder.Append("&disable_signup=true"); } if (!string.IsNullOrWhiteSpace(requireRole)) { queryBuilder.Append("&require_role=").Append(requireRole); } if (forceReauthentication) { queryBuilder.Append("&force_reauthentication=true"); } if (tokenAccessType != TokenAccessType.Legacy) { queryBuilder.Append("&token_access_type=").Append(tokenAccessType.ToString().ToLower()); } if (scopeList != null) { queryBuilder.Append("&scope=").Append(String.Join(" ", scopeList)); } if (includeGrantedScopes != IncludeGrantedScopes.None) { queryBuilder.Append("&include_granted_scopes=").Append(includeGrantedScopes.ToString().ToLower()); } var uriBuilder = new UriBuilder("https://www.dropbox.com/oauth2/authorize") { Query = queryBuilder.ToString() }; return(uriBuilder.Uri); }
/// <summary> /// Gets the URI used to start the OAuth2.0 authorization flow. /// </summary> /// <param name="oauthResponseType">The grant type requested, either <c>Token</c> or <c>Code</c>.</param> /// <param name="clientId">The apps key, found in the /// <a href="https://www.dropbox.com/developers/apps">App Console</a>.</param> /// <param name="redirectUri">Where to redirect the user after authorization has completed. This must be the exact URI /// registered in the <a href="https://www.dropbox.com/developers/apps">App Console</a>; even <c>localhost</c> /// must be listed if it is used for testing. A redirect URI is required for a token flow, but optional for code. /// If the redirect URI is omitted, the code will be presented directly to the user and they will be invited to enter /// the information in your app.</param> /// <param name="state">Up to 500 bytes of arbitrary data that will be passed back to <paramref name="redirectUri"/>. /// This parameter should be used to protect against cross-site request forgery (CSRF).</param> /// <param name="forceReapprove">Whether or not to force the user to approve the app again if they've already done so. /// If <c>false</c> (default), a user who has already approved the application may be automatically redirected to /// <paramref name="redirectUri"/>If <c>true</c>, the user will not be automatically redirected and will have to approve /// the app again.</param> /// <param name="disableSignup">When <c>true</c> (default is <c>false</c>) users will not be able to sign up for a /// Dropbox account via the authorization page. Instead, the authorization page will show a link to the Dropbox /// iOS app in the App Store. This is only intended for use when necessary for compliance with App Store policies.</param> /// <param name="requireRole">If this parameter is specified, the user will be asked to authorize with a particular /// type of Dropbox account, either work for a team account or personal for a personal account. Your app should still /// verify the type of Dropbox account after authorization since the user could modify or remove the require_role /// parameter.</param> /// <param name="forceReauthentication"> If <c>true</c>, users will be signed out if they are currently signed in. /// This will make sure the user is brought to a page where they can create a new account or sign in to another account. /// This should only be used when there is a definite reason to believe that the user needs to sign in to a new or /// different account.</param> /// <param name="tokenAccessType">Determines the type of token to request. See <see cref="TokenAccessType" /> /// for information on specific types available. If none is specified, this will use the legacy type.</param> /// <param name="scopeList">list of scopes to request in base oauth flow. If left blank, will default to all scopes for app</param> /// <param name="includeGrantedScopes">which scopes to include from previous grants. Note: if this user has never linked the app, include_granted_scopes must be None</param> /// <returns>The uri of a web page which must be displayed to the user in order to authorize the app.</returns> public static Uri GetAuthorizeUri(OAuthResponseType oauthResponseType, string clientId, string redirectUri = null, string state = null, bool forceReapprove = false, bool disableSignup = false, string requireRole = null, bool forceReauthentication = false, TokenAccessType tokenAccessType = TokenAccessType.Legacy, string[] scopeList = null, IncludeGrantedScopes includeGrantedScopes = IncludeGrantedScopes.None) { var uri = string.IsNullOrEmpty(redirectUri) ? null : new Uri(redirectUri); return(GetAuthorizeUri(oauthResponseType, clientId, uri, state, forceReapprove, disableSignup, requireRole, forceReauthentication, tokenAccessType, scopeList, includeGrantedScopes)); }
/// <summary> /// Return the token handle of a thread given its id. /// If the thread is not impersonating, return "null". /// </summary> /// <param name="threadId">The system-wide thread id</param> /// <param name="desiredAccess">The desired access to the token</param> /// <returns>The token handle or null if the thread is not impersonating</returns> private static IntPtr TryOpenThreadToken(int threadId, TokenAccessType desiredAccess) { IntPtr threadHandle = Win32.OpenThread( ThreadAccessType.THREAD_QUERY_INFORMATION, Win32.FALSE, (uint)threadId); if (threadHandle == IntPtr.Zero) return IntPtr.Zero; Win32.CheckCall(threadHandle); try { IntPtr handle; BOOL rc = Win32.OpenThreadToken(threadHandle, (uint)desiredAccess, Win32.FALSE, out handle); if (rc == Win32.FALSE) return IntPtr.Zero; return handle; } finally { Win32.CloseHandle(threadHandle); } }
private static IntPtr OpenThreadToken(int threadId, TokenAccessType desiredAccess) { IntPtr hToken = TryOpenThreadToken(threadId, desiredAccess); if (hToken == IntPtr.Zero) throw new NoThreadTokenException("No token on thread " + threadId); return hToken; }
public static extern BOOL OpenProcessToken(HANDLE hProcess, TokenAccessType dwDesiredAccess, out HANDLE hToken);