internal static extern bool DuplicateTokenEx(
SafeAccessTokenHandle hExistingToken,
uint dwDesiredAccess,
IntPtr lpTokenAttributes, // LPSECURITY_ATTRIBUTES
uint ImpersonationLevel,
uint TokenType,
ref SafeAccessTokenHandle phNewToken);
public static extern bool LogonUser(
string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
out Microsoft.Win32.SafeHandles.SafeAccessTokenHandle handle);
internal static extern bool DuplicateHandle(
IntPtr hSourceProcessHandle,
IntPtr hSourceHandle,
IntPtr hTargetProcessHandle,
ref SafeAccessTokenHandle lpTargetHandle,
uint dwDesiredAccess,
bool bInheritHandle,
uint dwOptions);
internal static bool OpenThreadToken(TokenAccessLevels desiredAccess, WinSecurityContext openAs, out SafeAccessTokenHandle tokenHandle)
{
bool openAsSelf = true;
if (openAs == WinSecurityContext.Thread)
openAsSelf = false;
if (OpenThreadToken(GetCurrentThread(), desiredAccess, openAsSelf, out tokenHandle))
return true;
if (openAs == WinSecurityContext.Both)
{
openAsSelf = false;
if (OpenThreadToken(GetCurrentThread(), desiredAccess, openAsSelf, out tokenHandle))
return true;
}
return false;
}
internal WindowsImpersonationContext (SafeAccessTokenHandle safeTokenHandle, WindowsIdentity wi, bool isImpersonating, FrameSecurityDescriptor fsd) {
if (safeTokenHandle.IsInvalid)
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidImpersonationToken"));
Contract.EndContractBlock();
if (isImpersonating) {
if (!Win32Native.DuplicateHandle(Win32Native.GetCurrentProcess(),
safeTokenHandle,
Win32Native.GetCurrentProcess(),
ref m_safeTokenHandle,
0,
true,
Win32Native.DUPLICATE_SAME_ACCESS))
throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error()));
m_wi = wi;
}
m_fsd = fsd;
}
[System.Security.SecurityCritical] // auto-generated
internal void SetTokenHandles (SafeAccessTokenHandle callerToken, SafeAccessTokenHandle impToken)
{
m_callerToken = callerToken;
m_impToken = impToken;
}
internal static extern bool GetTokenInformation(
SafeAccessTokenHandle TokenHandle,
uint TokenInformationClass,
SafeLocalAllocHandle TokenInformation,
uint TokenInformationLength,
out uint ReturnLength);
internal static extern int SetThreadToken(SafeAccessTokenHandle hToken);
internal static extern int OpenThreadToken (TokenAccessLevels dwDesiredAccess, WinSecurityContext OpenAs, out SafeAccessTokenHandle phThreadToken);
internal static extern bool CheckTokenMembership(SafeAccessTokenHandle TokenHandle, byte[] SidToCheck, ref bool IsMember);
private static extern bool OpenThreadToken(IntPtr ThreadHandle, TokenAccessLevels dwDesiredAccess, bool bOpenAsSelf, out SafeAccessTokenHandle phThreadToken);
[System.Security.SecurityCritical] // auto-generated
private void Dispose( bool disposing )
{
if ( this.disposed ) return;
if ( disposing )
{
if ( this.threadHandle != null )
{
this.threadHandle.Dispose();
this.threadHandle = null;
}
}
if ( this.isImpersonating )
{
FCall.RevertToSelf();
}
this.disposed = true;
}
public TlsContents()
{
int error = 0;
int cachingError = 0;
bool success = true;
if ( processHandle.IsInvalid)
{
lock( syncRoot )
{
if ( processHandle.IsInvalid)
{
SafeAccessTokenHandle localProcessHandle;
if ( false == Win32Native.OpenProcessToken(
Win32Native.GetCurrentProcess(),
TokenAccessLevels.Duplicate,
out localProcessHandle))
{
cachingError = Marshal.GetLastWin32Error();
success = false;
}
processHandle = localProcessHandle;
}
}
}
RuntimeHelpers.PrepareConstrainedRegions();
try
{
// Make the sequence non-interruptible
}
finally
{
try
{
//
// Open the thread token; if there is no thread token, get one from
// the process token by impersonating self.
//
SafeAccessTokenHandle threadHandleBefore = this.threadHandle;
error = FCall.OpenThreadToken(
TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges,
WinSecurityContext.Process,
out this.threadHandle );
unchecked { error &= ~(int)0x80070000; }
if ( error != 0 )
{
if ( success == true )
{
this.threadHandle = threadHandleBefore;
if ( error != Win32Native.ERROR_NO_TOKEN )
{
success = false;
}
Contract.Assert( this.isImpersonating == false, "Incorrect isImpersonating state" );
if ( success == true )
{
error = 0;
if ( false == Win32Native.DuplicateTokenEx(
processHandle,
TokenAccessLevels.Impersonate | TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges,
IntPtr.Zero,
Win32Native.SECURITY_IMPERSONATION_LEVEL.Impersonation,
System.Security.Principal.TokenType.TokenImpersonation,
ref this.threadHandle ))
{
error = Marshal.GetLastWin32Error();
success = false;
}
}
if ( success == true )
{
error = FCall.SetThreadToken( this.threadHandle );
unchecked { error &= ~(int)0x80070000; }
if ( error != 0 )
{
success = false;
}
}
if ( success == true )
{
this.isImpersonating = true;
}
}
else
{
error = cachingError;
}
}
else
{
success = true;
}
}
finally
{
if ( !success )
{
Dispose();
}
}
}
if ( error == Win32Native.ERROR_NOT_ENOUGH_MEMORY )
{
throw new OutOfMemoryException();
}
else if ( error == Win32Native.ERROR_ACCESS_DENIED ||
error == Win32Native.ERROR_CANT_OPEN_ANONYMOUS )
{
throw new UnauthorizedAccessException();
}
else if ( error != 0 )
{
Contract.Assert( false, string.Format( CultureInfo.InvariantCulture, "WindowsIdentity.GetCurrentThreadToken() failed with unrecognized error code {0}", error ));
throw new InvalidOperationException();
}
}
internal static extern bool ImpersonateLoggedOnUser(SafeAccessTokenHandle userToken);
internal static extern int ImpersonateLoggedOnUser (SafeAccessTokenHandle hToken);
internal static extern bool OpenProcessToken(IntPtr ProcessToken, TokenAccessLevels DesiredAccess, out SafeAccessTokenHandle TokenHandle);
[SecurityCritical] // auto-generated
private static SafeLocalAllocHandle GetTokenUserFromToken(SafeAccessTokenHandle tokenHandle)
{
SafeLocalAllocHandle safeLocalAllocHandle = SafeLocalAllocHandle.InvalidHandle;
uint dwLength = (uint)Marshal.SizeOf(typeof(uint));
bool result = Win32Native.GetTokenInformation(tokenHandle,
1 /* TokenInformationClass.TokenUser */,
safeLocalAllocHandle,
0,
out dwLength);
int dwErrorCode = Marshal.GetLastWin32Error();
switch (dwErrorCode) {
case Win32Native.ERROR_INSUFFICIENT_BUFFER:
// ptrLength is an [In] param to LocalAlloc
UIntPtr ptrLength = new UIntPtr(dwLength);
safeLocalAllocHandle = Win32Native.LocalAlloc(Win32Native.LMEM_FIXED, ptrLength);
if (safeLocalAllocHandle == null || safeLocalAllocHandle.IsInvalid)
throw new OutOfMemoryException();
safeLocalAllocHandle.Initialize(dwLength);
result = Win32Native.GetTokenInformation(tokenHandle,
1 /* TokenInformationClass.TokenUser */,
safeLocalAllocHandle,
dwLength,
out dwLength);
if (!result) {
Marshal.ThrowExceptionForHR(Marshal.GetHRForLastWin32Error(), new IntPtr(-1));
}
break;
default:
Marshal.ThrowExceptionForHR(Marshal.GetHRForLastWin32Error(), new IntPtr(-1));
break;
}
return safeLocalAllocHandle;
}
