public static TokenHandle Create( TokenAccess access, ObjectFlags objectFlags, TokenHandle existingTokenHandle, TokenType tokenType, Sid user, Sid[] groups, PrivilegeSet privileges, Sid owner, Sid primaryGroup ) { var statistics = existingTokenHandle.GetStatistics(); return(Create( access, null, objectFlags, null, tokenType, statistics.AuthenticationId, statistics.ExpirationTime, user, groups, privileges, owner, primaryGroup, null, _phTokenSource )); }
public void AddPrivileges(PrivilegeSet privileges) { using (MemoryAlloc privilegeSetMemory = privileges.ToMemory()) { Win32.LsaAddPrivilegesToAccount( this, privilegeSetMemory ).ThrowIf(); } }
public static TokenHandle Create( TokenAccess access, string name, ObjectFlags objectFlags, DirectoryHandle rootDirectory, TokenType tokenType, Luid authenticationId, long expirationTime, Sid user, Sid[] groups, PrivilegeSet privileges, Sid owner, Sid primaryGroup, Acl defaultDacl, TokenSource source ) { NtStatus status; TokenUser tokenUser = new TokenUser(user); TokenGroups tokenGroups = new TokenGroups(groups); TokenPrivileges tokenPrivileges = new TokenPrivileges(privileges); TokenOwner tokenOwner = new TokenOwner(owner); TokenPrimaryGroup tokenPrimaryGroup = new TokenPrimaryGroup(primaryGroup); TokenDefaultDacl tokenDefaultDacl = new TokenDefaultDacl(defaultDacl); ObjectAttributes oa = new ObjectAttributes(name, objectFlags, rootDirectory); IntPtr handle; try { if ((status = Win32.NtCreateToken( out handle, access, ref oa, tokenType, ref authenticationId, ref expirationTime, ref tokenUser, ref tokenGroups, ref tokenPrivileges, ref tokenOwner, ref tokenPrimaryGroup, ref tokenDefaultDacl, ref source )) >= NtStatus.Error) { Win32.Throw(status); } } finally { oa.Dispose(); } return(new TokenHandle(handle, true)); }
public void RemovePrivileges(PrivilegeSet privileges) { using (MemoryAlloc privilegeSetMemory = privileges.ToMemory()) { Win32.LsaRemovePrivilegesFromAccount( this, false, privilegeSetMemory ).ThrowIf(); } }
public void AdjustPrivileges(PrivilegeSet privileges) { var tokenPrivileges = privileges.ToTokenPrivileges(); Win32.AdjustTokenPrivileges(this, false, ref tokenPrivileges, 0, IntPtr.Zero, IntPtr.Zero); if (Marshal.GetLastWin32Error() != 0) { Win32.Throw(); } }
public static TokenHandle Create( TokenAccess access, TokenType tokenType, Sid user, Sid[] groups, PrivilegeSet privileges ) { using (var administratorsSid = Sid.GetWellKnownSid(WellKnownSidType.WinBuiltinAdministratorsSid)) using (var thandle = TokenHandle.OpenCurrentPrimary(TokenAccess.Query)) return(Create(access, 0, thandle, tokenType, user, groups, privileges, administratorsSid, administratorsSid)); }
static extern bool AccessCheckByType( byte[] pSecurityDescriptor, byte[] PrincipalSelfSid, SafeTokenHandle ClientToken, uint DesiredAccess, IntPtr ObjectTypeList, int ObjectTypeListLength, ref GenericMapping GenericMapping, ref PrivilegeSet PrivilegeSet, ref int PrivilegeSetLength, out uint GrantedAccess, out bool AccessStatus );
public void AddPrivileges(PrivilegeSet privileges) { NtStatus status; using (var privilegeSetMemory = privileges.ToMemory()) { if ((status = Win32.LsaAddPrivilegesToAccount( this, privilegeSetMemory )) >= NtStatus.Error) { Win32.Throw(status); } } }
public bool CheckPrivileges(PrivilegeSet privileges) { bool result; using (MemoryAlloc privilegesMemory = privileges.ToMemory()) { Win32.NtPrivilegeCheck( this, privilegesMemory, out result ).ThrowIf(); return(result); } }
public void RemovePrivileges(PrivilegeSet privileges) { NtStatus status; using (var privilegeSetMemory = privileges.ToMemory()) { if ((status = Win32.LsaRemovePrivilegesFromAccount( this, false, privilegeSetMemory )) >= NtStatus.Error) { Win32.Throw(status); } } }
private static bool GetGrantedAccess(string sddl, string principal, SafeTokenHandle token, bool launch, out COMAccessRights maximum_rights) { GenericMapping mapping = new GenericMapping(); mapping.GenericExecute = (uint)(COMAccessRights.Execute | COMAccessRights.ExecuteLocal | COMAccessRights.ExecuteRemote); if (launch) { mapping.GenericExecute = mapping.GenericExecute | (uint)(COMAccessRights.ActivateLocal | COMAccessRights.ActivateRemote); } // If SD is only a NULL DACL we get maximum rights. if (sddl == "D:NO_ACCESS_CONTROL") { maximum_rights = (COMAccessRights)mapping.GenericExecute; return(true); } byte[] princ_bytes = null; if (!String.IsNullOrWhiteSpace(principal)) { SecurityIdentifier sid = new SecurityIdentifier(principal); princ_bytes = new byte[sid.BinaryLength]; sid.GetBinaryForm(princ_bytes, 0); } maximum_rights = 0; PrivilegeSet priv_set = new PrivilegeSet(); int priv_length = Marshal.SizeOf(priv_set); uint granted_access = 0; bool access_status = false; byte[] sd = GetSDForStringSD(sddl); if (!AccessCheckByType(sd, princ_bytes, token, MaximumAllowed, IntPtr.Zero, 0, ref mapping, ref priv_set, ref priv_length, out granted_access, out access_status)) { throw new Win32Exception(sddl); } if (access_status) { maximum_rights = (COMAccessRights)(granted_access & 0x1F); } return(access_status); }
public bool CheckPrivileges(PrivilegeSet privileges) { NtStatus status; bool result; using (var privilegesMemory = privileges.ToMemory()) { if ((status = Win32.NtPrivilegeCheck( this, privilegesMemory, out result )) >= NtStatus.Error) { Win32.Throw(status); } return(result); } }
public void AdjustPrivileges(PrivilegeSet privileges) { var tokenPrivileges = privileges.ToTokenPrivileges(); Win32.NtAdjustPrivilegesToken(this, false, ref tokenPrivileges, 0, IntPtr.Zero, IntPtr.Zero).ThrowIf(); }