예제 #1
0
        protected override void ProcessRecord()
        {
            WriteVerbose("Getting current process handle");
            using SafeHandle processToken = PrivilegeHelper.GetCurrentProcess();

            WriteVerbose("Getting privilege info for all privileges on the current process");
            Dictionary <string, PrivilegeAttributes> privilegeInfo = PrivilegeHelper.GetAllPrivilegeInfo(processToken);

            if (Name.Length == 0)
            {
                Name = privilegeInfo.Keys.ToArray();
            }

            foreach (string privName in Name)
            {
                if (!PrivilegeHelper.CheckPrivilegeName(privName))
                {
                    ItemNotFoundException exp = new ItemNotFoundException($"Invalid privilege name '{privName}'");
                    WriteError(new ErrorRecord(exp, "PrivilegeNotFound", ErrorCategory.ObjectNotFound, privName));
                    continue;
                }

                string description       = PrivilegeHelper.GetPrivilegeDisplayName(privName);
                bool   enabled           = false;
                bool   enableByDefault   = false;
                PrivilegeAttributes attr = PrivilegeAttributes.Removed;
                bool isRemoved           = true;

                if (privilegeInfo.ContainsKey(privName))
                {
                    attr            = privilegeInfo[privName];
                    enabled         = (attr & PrivilegeAttributes.Enabled) != 0;
                    enableByDefault = (attr & PrivilegeAttributes.EnabledByDefault) != 0;
                    isRemoved       = false;
                }

                WriteObject(new Privilege()
                {
                    Name             = privName,
                    Description      = description,
                    Enabled          = enabled,
                    EnabledByDefault = enableByDefault,
                    Attributes       = attr,
                    IsRemoved        = isRemoved,
                });
            }
        }
예제 #2
0
        protected override void ProcessRecord()
        {
            foreach (string privName in Name)
            {
                if (!PrivilegeHelper.CheckPrivilegeName(privName))
                {
                    ItemNotFoundException exp = new ItemNotFoundException($"Invalid privilege name '{privName}'");
                    WriteError(new ErrorRecord(exp, "PrivilegeNotFound", ErrorCategory.ObjectNotFound, privName));
                    continue;
                }
                else if (!_privInfo.ContainsKey(privName))
                {
                    if (Action == "remove")
                    {
                        WriteVerbose($"The privilege '{privName}' is already removed, no action necessary");
                    }
                    else
                    {
                        InvalidOperationException exp = new InvalidOperationException(
                            $"Cannot {Action} privilege '{privName}' as it is not set on the current process");
                        WriteError(new ErrorRecord(exp, "", ErrorCategory.InvalidOperation, privName));
                    }
                    continue;
                }

                bool enabled = (_privInfo[privName] & PrivilegeAttributes.Enabled) != 0;
                if (Action == "remove")
                {
                    WriteVerbose($"The privilege '{privName}' is set, removing from process token");
                    _setInfo[privName] = null;
                }
                else if (enabled && Action == "disable")
                {
                    WriteVerbose($"The privilege '{privName}' is enabled, setting new state to disabled");
                    _setInfo[privName] = false;
                }
                else if (!enabled && Action == "enable")
                {
                    WriteVerbose($"The privilege '{privName}' is disabled, setting new state to enabled");
                    _setInfo[privName] = true;
                }
                else
                {
                    WriteVerbose($"The privilege '{privName}' is already {Action}d, no action necessary");
                }
            }
        }
예제 #3
0
        protected override void ProcessRecord()
        {
            // Will be invalid if it failed to be opened in begin.
            if (_lsa.IsInvalid)
            {
                return;
            }

            if (Account == null && Name.Length == 0)
            {
                Name = PrivilegeHelper.ALL_PRIVILEGES.Concat(Lsa.ALL_RIGHTS.Keys).ToArray();
            }
            else if (Account != null)
            {
                string[] accountRights = Lsa.EnumerateAccountRights(_lsa, Account).ToArray();
                if (Name.Length > 0)
                {
                    accountRights = accountRights.Intersect(Name).ToArray();
                }

                Name = accountRights;
            }

            WriteVerbose("Getting details for the following rights: " + String.Join(", ", Name));
            foreach (string right in Name)
            {
                string description = "";
                if (Lsa.ALL_RIGHTS.ContainsKey(right))
                {
                    description = Lsa.ALL_RIGHTS[right];
                }
                else if (PrivilegeHelper.CheckPrivilegeName(right))
                {
                    description = PrivilegeHelper.GetPrivilegeDisplayName(right);
                }
                else
                {
                    WriteWarning($"Unknown right {right}, cannot get description");
                }

                WriteVerbose($"Enumerating accounts with the privilege/rights '{right}'");
                IdentityReference[] rightAccounts;
                try
                {
                    rightAccounts = Lsa.EnumerateAccountsWithUserRight(_lsa, right)
                                    .Select(i => TranslateIdentity(i, IdentityType))
                                    .ToArray();
                }
                catch (ArgumentException e)
                {
                    WriteError(new ErrorRecord(e, "InvalidPrivilegeRightName", ErrorCategory.InvalidArgument, right));
                    continue;
                }

                WriteObject(new Right()
                {
                    Name         = right,
                    ComputerName = ComputerName,
                    Description  = description,
                    Accounts     = rightAccounts,
                });
            }
        }