Exemplo n.º 1
0
        unsafe bool HasTcbPrivilege()
        {
            if (!PInvoke.LookupPrivilegeValue(null, "SeTcbPrivilege", out var tcbPrivilege))
            {
                return(false);
            }

            if (!PInvoke.OpenProcessToken(PInvoke.GetCurrentProcess(), Native.TOKEN_QUERY, out var processToken))
            {
                return(false);
            }

            try
            {
                var privilegeSet = new PRIVILEGE_SET()
                {
                    PrivilegeCount = 1,
                };
                privilegeSet.Privilege[0].Luid = tcbPrivilege;
                if (!PInvoke.PrivilegeCheck(new CloseHandleSafeHandle(processToken), ref privilegeSet, out var checkResult) || checkResult == 0)
                {
                    return(false);
                }

                return(true);
            }
            finally
            {
                PInvoke.CloseHandle(new HANDLE(processToken));
            }
        }
Exemplo n.º 2
0
        /// <summary>
        /// Checks if the given privilege is enabled. This does not tell you whether or not it
        /// is possible to get a privilege- most held privileges are not enabled by default.
        /// </summary>
        public static bool IsPrivilegeEnabled(SafeTokenHandle token, Privileges privilege)
        {
            LUID luid = LookupPrivilegeValue(privilege.ToString());

            var luidAttributes = new LUID_AND_ATTRIBUTES
            {
                Luid       = luid,
                Attributes = (uint)PrivilegeAttributes.SE_PRIVILEGE_ENABLED
            };

            var set = new PRIVILEGE_SET
            {
                Control        = PRIVILEGE_SET_ALL_NECESSARY,
                PrivilegeCount = 1,
                Privilege      = new[] { luidAttributes }
            };


            bool result;

            if (!Direct.PrivilegeCheck(token, ref set, out result))
            {
                throw ErrorHelper.GetIoExceptionForLastError(privilege.ToString());
            }

            return(result);
        }
Exemplo n.º 3
0
            /// <summary>
            /// Checks if the given privilege is enabled. This does not tell you whether or not it
            /// is possible to get a privilege- most held privileges are not enabled by default.
            /// </summary>
            internal static bool IsPrivilegeEnabled(SafeCloseHandle token, Privileges privilege)
            {
                LUID luid = LookupPrivilegeValue(privilege.ToString());

                var luidAttributes = new LUID_AND_ATTRIBUTES
                {
                    Luid       = luid,
                    Attributes = SE_PRIVILEGE_ENABLED
                };

                var set = new PRIVILEGE_SET
                {
                    Control        = PRIVILEGE_SET_ALL_NECESSARY,
                    PrivilegeCount = 1,
                    Privilege      = new[] { luidAttributes }
                };


                bool result;

                if (!Private.PrivilegeCheck(token, ref set, out result))
                {
                    int error = Marshal.GetLastWin32Error();
                    throw GetIoExceptionForError(error, privilege.ToString());
                }

                return(result);
            }
        // Now I will create functions that use the above definitions, so we can use them directly from PowerShell :P
        public static bool IsPrivilegeEnabled(string Privilege)
        {
            bool ret;

            LUID   luid     = new LUID();
            IntPtr hProcess = GetCurrentProcess();
            IntPtr hToken;

            if (hProcess == IntPtr.Zero)
            {
                return(false);
            }
            if (!OpenProcessToken(hProcess, TOKEN_QUERY, out hToken))
            {
                return(false);
            }
            if (!LookupPrivilegeValue(null, Privilege, out luid))
            {
                return(false);
            }
            PRIVILEGE_SET privs = new PRIVILEGE_SET {
                Privilege = new LUID_AND_ATTRIBUTES[1], Control = PRIVILEGE_SET.PRIVILEGE_SET_ALL_NECESSARY, PrivilegeCount = 1
            };

            privs.Privilege[0].Luid       = luid;
            privs.Privilege[0].Attributes = LUID_AND_ATTRIBUTES.SE_PRIVILEGE_ENABLED;
            if (!PrivilegeCheck(hToken, ref privs, out ret))
            {
                return(false);
            }
            return(ret);
        }
Exemplo n.º 5
0
 internal static extern bool AccessCheck(
     SecurityDescriptor securityDescriptor,
     IntPtr clientToken,
     int desiredAccess,
     GENERIC_MAPPING genericMapping,
     PRIVILEGE_SET privilegeSet,
     ref int privilegeSetLength,
     out int grandtedAccess,
     [MarshalAs(UnmanagedType.Bool)] out bool accessStatus);
 internal static extern bool AccessCheck(
     [In] byte[] securityDescriptor,
     [In] SafeCloseHandle clientToken,
     [In] int desiredAccess,
     [In] GENERIC_MAPPING genericMapping,
     out PRIVILEGE_SET privilegeSet,
     [In, Out] ref uint privilegeSetLength,
     out uint grantedAccess,
     out bool accessStatus);
Exemplo n.º 7
0
 public static extern bool AccessCheck
 (
     IntPtr pSecurityDescriptor,
     IntPtr ClientToken,
     uint DesiredAccess,
     ref GENERIC_MAPPING GenericMapping,
     ref PRIVILEGE_SET PrivilegeSet,
     ref int PrivilegeSetLength,
     out uint GrantedAccess,
     out bool AccessStatus
 );
        public static FileSystemRights GetEffectivePermissions(
            WindowsIdentity clientIdentity,
            FileSecurity securityDescriptor)
        {
            bool isAccessAllowed = false;

            byte[]          binaryForm = securityDescriptor.GetSecurityDescriptorBinaryForm();
            SafeCloseHandle newToken   = null;
            SafeCloseHandle token      = new SafeCloseHandle(clientIdentity.Token, false);

            try
            {
                if (IsPrimaryToken(token) &&
                    !DuplicateTokenEx(
                        token,
                        TokenAccessLevels.Query,
                        IntPtr.Zero,
                        SecurityImpersonationLevel.Identification,
                        TokenType.TokenImpersonation,
                        out newToken))
                {
                    int err = Marshal.GetLastWin32Error();
                    CloseInvalidOutSafeHandle(newToken);
                    throw new Win32Exception(err, "DuplicateTokenExFailed");
                }

                GENERIC_MAPPING genericMapping     = new GENERIC_MAPPING();
                PRIVILEGE_SET   structPrivilegeSet = new PRIVILEGE_SET();
                uint            privilegeSetLength = (uint)Marshal.SizeOf(structPrivilegeSet);
                uint            grantedAccess      = 0;
                if (!AccessCheck(
                        binaryForm,
                        newToken ?? token,
                        0x2000000,
                        genericMapping,
                        out structPrivilegeSet,
                        ref privilegeSetLength,
                        out grantedAccess,
                        out isAccessAllowed))
                {
                    throw new Win32Exception(Marshal.GetLastWin32Error(), "AccessCheckFailed");
                }

                return((FileSystemRights)grantedAccess);
            }
            finally
            {
                if (newToken != null)
                {
                    newToken.Dispose();
                }
            }
        }
Exemplo n.º 9
0
 public void AccessCheckByTypeResultListTest()
 {
     using (var pSD = AdvApi32Tests.GetSD(AdvApi32Tests.fn, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION | SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION | SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION))
         using (var hTok = SafeHTOKEN.FromProcess(GetCurrentProcess(), TokenAccess.TOKEN_IMPERSONATE | TokenAccess.TOKEN_DUPLICATE | TokenAccess.TOKEN_READ).Duplicate(SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation))
         {
             var         ps         = PRIVILEGE_SET.InitializeWithCapacity(100);
             var         psSz       = ps.SizeInBytes;
             var         gm         = GENERIC_MAPPING.GenericFileMapping;
             ACCESS_MASK accessMask = ACCESS_MASK.GENERIC_READ;
             MapGenericMask(ref accessMask, gm);
             var otl    = new[] { new OBJECT_TYPE_LIST(ObjectTypeListLevel.ACCESS_OBJECT_GUID) };
             var access = new uint[otl.Length];
             var status = new uint[otl.Length];
             Assert.That(AccessCheckByTypeResultList(pSD, default, hTok, accessMask, otl, (uint)otl.Length, gm, ps, ref psSz, access, status), ResultIs.Successful);
Exemplo n.º 10
0
 public void AccessCheckTest()
 {
     using (var pSD = GetSD(fn, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION | SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION | SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION))
         using (var hTok = SafeHTOKEN.FromProcess(GetCurrentProcess(), TokenAccess.TOKEN_IMPERSONATE | TokenAccess.TOKEN_DUPLICATE | TokenAccess.TOKEN_READ).Duplicate(SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation))
         {
             var ps         = PRIVILEGE_SET.InitializeWithCapacity(10);
             var psSz       = ps.SizeInBytes;
             var gm         = GENERIC_MAPPING.GenericFileMapping;
             var accessMask = (uint)Kernel32.FileAccess.GENERIC_READ;
             MapGenericMask(ref accessMask, gm);
             var b = AccessCheck(pSD, hTok, accessMask, gm, ref ps, ref psSz, out var access, out var status);
             if (!b)
             {
                 TestContext.WriteLine($"AccessCheck failed: {Win32Error.GetLastError()}");
             }
             Assert.That(b, Is.True);
             TestContext.WriteLine($"Access={(Kernel32.FileAccess)access}; Status={status}");
         }
 }
Exemplo n.º 11
0
        private static int CheckSeDebugPrivilege(out bool isDebugEnabled)
        {
            isDebugEnabled = false;

            if (!OpenProcessToken(GetCurrentProcess(), 0x8 /*TOKEN_QUERY*/, out IntPtr tokenHandle))
            {
                return(Marshal.GetLastWin32Error());
            }

            LUID luidDebugPrivilege = default;

            if (!LookupPrivilegeValue(null, "SeDebugPrivilege", ref luidDebugPrivilege))
            {
                return(Marshal.GetLastWin32Error());
            }

            PRIVILEGE_SET requiredPrivileges = new PRIVILEGE_SET
            {
                PrivilegeCount = 1,
                Control        = 1 /* PRIVILEGE_SET_ALL_NECESSARY */,
                Privilege      = new LUID_AND_ATTRIBUTES[1],
            };

            requiredPrivileges.Privilege[0].Luid       = luidDebugPrivilege;
            requiredPrivileges.Privilege[0].Attributes = 2 /* SE_PRIVILEGE_ENABLED */;

            if (!PrivilegeCheck(tokenHandle, ref requiredPrivileges, out bool bResult))
            {
                return(Marshal.GetLastWin32Error());
            }

            // bResult == true => SeDebugPrivilege is on; otherwise it's off
            isDebugEnabled = bResult;

            CloseHandle(tokenHandle);

            return(0);
        }
Exemplo n.º 12
0
        /// <summary>
        /// Checks if the given privilege is enabled. This does not tell you whether or not it
        /// is possible to get a privilege- most held privileges are not enabled by default.
        /// </summary>
        public unsafe static bool IsPrivilegeEnabled(AccessToken token, Privilege privilege)
        {
            LUID luid = LookupPrivilegeValue(privilege);

            var luidAttributes = new LUID_AND_ATTRIBUTES {
                Luid = luid
            };

            var set = new PRIVILEGE_SET
            {
                Control        = PRIVILEGE_SET_ALL_NECESSARY,
                PrivilegeCount = 1,
                Privilege      = new LUID_AND_ATTRIBUTES {
                    Luid = luid
                }
            };

            if (!Imports.PrivilegeCheck(token, &set, out BOOL result))
            {
                throw Errors.GetIoExceptionForLastError(privilege.ToString());
            }

            return(result);
        }
Exemplo n.º 13
0
 public static extern bool ObjectPrivilegeAuditAlarmA([In][MarshalAs(UnmanagedType.LPStr)] string SubsystemName, [In] IntPtr HandleId, [In] IntPtr ClientToken, uint DesiredAccess, [In] ref PRIVILEGE_SET Privileges, [MarshalAs(UnmanagedType.Bool)] bool AccessGranted);
Exemplo n.º 14
0
            FileAttributes dwFileAttributes); // _In_  DWORD

        /// <summary>
        /// Enable the privilege specified by the privilegeName. If the specified privilege is already enabled, return true
        /// with the oldPrivilegeState.PrivilegeCount set to 0. Otherwise, enable the specified privilege, and the old privilege
        /// state will be saved in oldPrivilegeState.
        /// </summary>
        /// <param name="privilegeName"></param>
        /// <param name="oldPrivilegeState"></param>
        /// <returns></returns>
        internal static bool EnableTokenPrivilege(string privilegeName, ref TOKEN_PRIVILEGE oldPrivilegeState)
        {
            bool success = false;
            TOKEN_PRIVILEGE newPrivilegeState = new TOKEN_PRIVILEGE();

            // Check if the caller has the specified privilege or not
            if (LookupPrivilegeValue(null, privilegeName, ref newPrivilegeState.Privilege.Luid))
            {
                // Get the pseudo handler of the current process
                IntPtr processHandler = GetCurrentProcess();
                if (processHandler != IntPtr.Zero)
                {
                    // Get the handler of the current process's access token
                    IntPtr tokenHandler = IntPtr.Zero;
                    if (OpenProcessToken(processHandler, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out tokenHandler))
                    {
                        // Check if the specified privilege is already enabled
                        PRIVILEGE_SET requiredPrivilege = new PRIVILEGE_SET();
                        requiredPrivilege.Privilege.Luid = newPrivilegeState.Privilege.Luid;
                        requiredPrivilege.PrivilegeCount = 1;
                        // PRIVILEGE_SET_ALL_NECESSARY is defined as 1
                        requiredPrivilege.Control = 1;
                        bool privilegeEnabled = false;

                        if (PrivilegeCheck(tokenHandler, ref requiredPrivilege, out privilegeEnabled) && privilegeEnabled)
                        {
                            // The specified privilege is already enabled
                            oldPrivilegeState.PrivilegeCount = 0;
                            success = true;
                        }
                        else
                        {
                            // The specified privilege is not enabled yet. Enable it.
                            newPrivilegeState.PrivilegeCount = 1;
                            newPrivilegeState.Privilege.Attributes = SE_PRIVILEGE_ENABLED;
                            int bufferSize = ClrFacade.SizeOf<TOKEN_PRIVILEGE>();
                            int returnSize = 0;

                            // enable the specified privilege
                            if (AdjustTokenPrivileges(tokenHandler, false, ref newPrivilegeState, bufferSize, out oldPrivilegeState, ref returnSize))
                            {
                                // AdjustTokenPrivileges returns true does not mean all specified privileges have been successfully enabled
                                int retCode = Marshal.GetLastWin32Error();
                                if (retCode == ERROR_SUCCESS)
                                {
                                    success = true;
                                }
                                else if (retCode == 1300)
                                {
                                    // 1300 - Not all privileges referenced are assigned to the caller. This means the specified privilege is not
                                    // assigned to the current user. For example, suppose the role of current caller is "User", then privilege "SeRemoteShutdownPrivilege"
                                    // is not assigned to the role. In this case, we just return true and leave the call to "Win32Shutdown" to decide
                                    // whether the permission is granted or not.
                                    // Set oldPrivilegeState.PrivilegeCount to 0 to avoid the privilege restore later (PrivilegeCount - how many privileges are modified)
                                    oldPrivilegeState.PrivilegeCount = 0;
                                    success = true;
                                }
                            }
                        }
                    }

                    // Close the token handler and the process handler
                    if (tokenHandler != IntPtr.Zero)
                    {
                        CloseHandle(tokenHandler);
                    }
                    CloseHandle(processHandler);
                }
            }

            return success;
        }
Exemplo n.º 15
0
        ////////////////////////////////////////////////////////////////////////////////
        // Prints the tokens privileges // Taken from NetSPI's TokenVader project
        ////////////////////////////////////////////////////////////////////////////////
        public static void EnumerateTokenPrivileges()
        {
            IntPtr hToken = IntPtr.Zero;

            OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, ref hToken);

            UInt32 TokenInfLength;

            GetTokenInformation(hToken, TOKEN_INFORMATION_CLASS.TokenPrivileges, IntPtr.Zero, 0, out TokenInfLength);

            if (TokenInfLength < 0 || TokenInfLength > Int32.MaxValue)
            {
                GetWin32Error("GetTokenInformation - 1 " + TokenInfLength);
                return;
            }
            IntPtr lpTokenInformation = Marshal.AllocHGlobal((Int32)TokenInfLength);

            ////////////////////////////////////////////////////////////////////////////////
            if (!GetTokenInformation(hToken, TOKEN_INFORMATION_CLASS.TokenPrivileges, lpTokenInformation, TokenInfLength, out TokenInfLength))
            {
                GetWin32Error("GetTokenInformation - 2 " + TokenInfLength);
                return;
            }
            TOKEN_PRIVILEGES_ARRAY tokenPrivileges = (TOKEN_PRIVILEGES_ARRAY)Marshal.PtrToStructure(lpTokenInformation, typeof(TOKEN_PRIVILEGES_ARRAY));

            Marshal.FreeHGlobal(lpTokenInformation);
            Console.WriteLine("[*] Enumerated {0} Privileges", tokenPrivileges.PrivilegeCount);
            Console.WriteLine();
            Console.WriteLine("{0,-45}{1,-30}", "Privilege Name", "Enabled");
            Console.WriteLine("{0,-45}{1,-30}", "==============", "=======");
            ////////////////////////////////////////////////////////////////////////////////
            for (Int32 i = 0; i < tokenPrivileges.PrivilegeCount; i++)
            {
                StringBuilder lpName  = new StringBuilder();
                Int32         cchName = 0;
                IntPtr        lpLuid  = Marshal.AllocHGlobal(Marshal.SizeOf(tokenPrivileges.Privileges[i]));
                Marshal.StructureToPtr(tokenPrivileges.Privileges[i].Luid, lpLuid, true);

                LookupPrivilegeName(null, lpLuid, null, ref cchName);
                if (cchName <= 0 || cchName > Int32.MaxValue)
                {
                    GetWin32Error("LookupPrivilegeName Pass 1");
                    Marshal.FreeHGlobal(lpLuid);
                    continue;
                }

                lpName.EnsureCapacity(cchName + 1);
                if (!LookupPrivilegeName(null, lpLuid, lpName, ref cchName))
                {
                    GetWin32Error("LookupPrivilegeName Pass 2");
                    Marshal.FreeHGlobal(lpLuid);
                    continue;
                }

                PRIVILEGE_SET privilegeSet = new PRIVILEGE_SET
                {
                    PrivilegeCount = 1,
                    Control        = PRIVILEGE_SET_ALL_NECESSARY,
                    Privilege      = new LUID_AND_ATTRIBUTES[] { tokenPrivileges.Privileges[i] }
                };

                Int32 pfResult = 0;
                if (!PrivilegeCheck(hToken, ref privilegeSet, out pfResult))
                {
                    GetWin32Error("PrivilegeCheck");
                    Marshal.FreeHGlobal(lpLuid);
                    continue;
                }
                Console.WriteLine("{0,-45}{1,-30}", lpName.ToString(), Convert.ToBoolean(pfResult));
                Marshal.FreeHGlobal(lpLuid);
            }
            Console.WriteLine();
        }
Exemplo n.º 16
0
 public static extern Boolean PrivilegeCheck(IntPtr ClientToken, ref PRIVILEGE_SET RequiredPrivileges, out Int32 pfResult);
Exemplo n.º 17
0
 internal static extern bool PrivilegeCheck(
     SafeCloseHandle ClientToken,
     ref PRIVILEGE_SET RequiredPrivileges,
     [MarshalAs(UnmanagedType.Bool)] out bool pfResult);
Exemplo n.º 18
0
        /// <summary>
        /// To check if path can be accessed or not
        /// </summary>
        /// <param name="path">string value - the patch whose access is being checked</param>
        /// <returns>true if alllowed else false</returns>
        public static bool AccessAllowed(string path)
        {
            bool   accessAllowed = false;
            int    lastError;
            IntPtr fileSD = IntPtr.Zero;
            IntPtr token  = IntPtr.Zero;

            try
            {
                // Get the size of the security descriptor for the directory.
                int sdLength = 0;
                if (!GetFileSecurity(path, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, fileSD, 0, out sdLength))
                {
                    lastError = Marshal.GetLastWin32Error();
                    if (lastError != ERROR_INSUFFICIENT_BUFFER)
                    {
                        return(accessAllowed);
                    }

                    fileSD = Marshal.AllocHGlobal(sdLength);

                    // Get the security descriptor for the directory.
                    if (!GetFileSecurity(path, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, fileSD, sdLength, out sdLength))
                    {
                        lastError = Marshal.GetLastWin32Error();
                        return(accessAllowed);
                    }

                    // We will check to see if the user has read/write access.
                    GENERIC_MAPPING genericMapping = new GENERIC_MAPPING();
                    PRIVILEGE_SET   privSet        = new PRIVILEGE_SET();
                    uint            grantedAccess  = 0;

                    genericMapping.GenericRead    = 0x01;
                    genericMapping.GenericWrite   = 0x02;
                    genericMapping.GenericExecute = 0;
                    genericMapping.GenericAll     = 0x03;

                    uint desiredAccess = 3;

                    privSet.Control        = 0;
                    privSet.PrivilegeCount = 0;
                    int privLen = Marshal.SizeOf(privSet);

                    // Impersonate the current user.
                    if (!ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation))
                    {
                        lastError = Marshal.GetLastWin32Error();
                        return(accessAllowed);
                    }
                    try
                    {
                        // Get the users token.
                        if (!OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, true, ref token))
                        {
                            lastError = Marshal.GetLastWin32Error();
                            return(accessAllowed);
                        }

                        // Check the access for this user.
                        if (!AccessCheck(fileSD, token, desiredAccess, ref genericMapping, ref privSet, ref privLen, ref grantedAccess, ref accessAllowed))
                        {
                            lastError = Marshal.GetLastWin32Error();
                        }
                    }
                    finally
                    {
                        RevertToSelf();
                    }
                }
            }
            finally
            {
                if (fileSD != IntPtr.Zero)
                {
                    Marshal.FreeHGlobal(fileSD);
                }

                if (!token.Equals(IntPtr.Zero))
                {
                    CloseHandle(token);
                    token = IntPtr.Zero;
                }
            }

            return(accessAllowed);
        }
Exemplo n.º 19
0
 public static extern bool PrivilegedServiceAuditAlarmW([In][MarshalAs(UnmanagedType.LPWStr)] string SubsystemName, [In][MarshalAs(UnmanagedType.LPWStr)] string ServiceName, [In] IntPtr ClientToken, [In] ref PRIVILEGE_SET Privileges, [MarshalAs(UnmanagedType.Bool)] bool AccessGranted);
Exemplo n.º 20
0
            FileAttributes dwFileAttributes);                    // _In_  DWORD

        /// <summary>
        /// Enable the privilege specified by the privilegeName. If the specified privilege is already enabled, return true
        /// with the oldPrivilegeState.PrivilegeCount set to 0. Otherwise, enable the specified privilege, and the old privilege
        /// state will be saved in oldPrivilegeState.
        /// </summary>
        /// <param name="privilegeName"></param>
        /// <param name="oldPrivilegeState"></param>
        /// <returns></returns>
        internal static bool EnableTokenPrivilege(string privilegeName, ref TOKEN_PRIVILEGE oldPrivilegeState)
        {
            bool success = false;

            TOKEN_PRIVILEGE newPrivilegeState = new TOKEN_PRIVILEGE();

            // Check if the caller has the specified privilege or not
            if (LookupPrivilegeValue(null, privilegeName, ref newPrivilegeState.Privilege.Luid))
            {
                // Get the pseudo handler of the current process
                IntPtr processHandler = GetCurrentProcess();
                if (processHandler != IntPtr.Zero)
                {
                    // Get the handler of the current process's access token
                    IntPtr tokenHandler = IntPtr.Zero;
                    if (OpenProcessToken(processHandler, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out tokenHandler))
                    {
                        // Check if the specified privilege is already enabled
                        PRIVILEGE_SET requiredPrivilege = new PRIVILEGE_SET();
                        requiredPrivilege.Privilege.Luid = newPrivilegeState.Privilege.Luid;
                        requiredPrivilege.PrivilegeCount = 1;
                        // PRIVILEGE_SET_ALL_NECESSARY is defined as 1
                        requiredPrivilege.Control = 1;
                        bool privilegeEnabled = false;

                        if (PrivilegeCheck(tokenHandler, ref requiredPrivilege, out privilegeEnabled) && privilegeEnabled)
                        {
                            // The specified privilege is already enabled
                            oldPrivilegeState.PrivilegeCount = 0;
                            success = true;
                        }
                        else
                        {
                            // The specified privilege is not enabled yet. Enable it.
                            newPrivilegeState.PrivilegeCount       = 1;
                            newPrivilegeState.Privilege.Attributes = SE_PRIVILEGE_ENABLED;
                            int bufferSize = ClrFacade.SizeOf <TOKEN_PRIVILEGE>();
                            int returnSize = 0;

                            // enable the specified privilege
                            if (AdjustTokenPrivileges(tokenHandler, false, ref newPrivilegeState, bufferSize, out oldPrivilegeState, ref returnSize))
                            {
                                // AdjustTokenPrivileges returns true does not mean all specified privileges have been successfully enabled
                                int retCode = Marshal.GetLastWin32Error();
                                if (retCode == ERROR_SUCCESS)
                                {
                                    success = true;
                                }
                                else if (retCode == 1300)
                                {
                                    // 1300 - Not all privileges referenced are assigned to the caller. This means the specified privilege is not
                                    // assigned to the current user. For example, suppose the role of current caller is "User", then privilege "SeRemoteShutdownPrivilege"
                                    // is not assigned to the role. In this case, we just return true and leave the call to "Win32Shutdown" to decide
                                    // whether the permission is granted or not.
                                    // Set oldPrivilegeState.PrivilegeCount to 0 to avoid the privilege restore later (PrivilegeCount - how many privileges are modified)
                                    oldPrivilegeState.PrivilegeCount = 0;
                                    success = true;
                                }
                            }
                        }
                    }

                    // Close the token handler and the process handler
                    if (tokenHandler != IntPtr.Zero)
                    {
                        CloseHandle(tokenHandler);
                    }
                    CloseHandle(processHandler);
                }
            }

            return(success);
        }
Exemplo n.º 21
0
 public static extern bool PrivilegeCheck(IntPtr ClientToken, ref PRIVILEGE_SET RequiredPrivileges, ref bool pfResult);
Exemplo n.º 22
0
 public static bool AccessAllowed(string path)
 {
     bool accessAllowed = false;
        int lastError;
        IntPtr fileSD = IntPtr.Zero;
        IntPtr token = IntPtr.Zero;
        try
        {
     int sdLength = 0;
     if (!GetFileSecurity(path, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, fileSD, 0, out sdLength))
     {
      lastError = Marshal.GetLastWin32Error();
      if (lastError != ERROR_INSUFFICIENT_BUFFER)
      {
       return accessAllowed;
      }
      fileSD = Marshal.AllocHGlobal(sdLength);
      if (!GetFileSecurity(path, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, fileSD, sdLength, out sdLength))
      {
       lastError = Marshal.GetLastWin32Error();
       return accessAllowed;
      }
      GENERIC_MAPPING genericMapping = new GENERIC_MAPPING();
      PRIVILEGE_SET privSet = new PRIVILEGE_SET();
      uint grantedAccess = 0;
      genericMapping.GenericRead = 0x01;
      genericMapping.GenericWrite = 0x02;
      genericMapping.GenericExecute = 0;
      genericMapping.GenericAll = 0x03;
      uint desiredAccess = 3;
      privSet.Control = 0;
      privSet.PrivilegeCount = 0;
      int privLen = Marshal.SizeOf(privSet);
      if (!ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation))
      {
       lastError = Marshal.GetLastWin32Error();
       return accessAllowed;
      }
      try
      {
       if (!OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, true, ref token))
       {
        lastError = Marshal.GetLastWin32Error();
        return accessAllowed;
       }
       if (!AccessCheck(fileSD, token, desiredAccess, ref genericMapping, ref privSet, ref privLen, ref grantedAccess, ref accessAllowed))
       {
        lastError = Marshal.GetLastWin32Error();
       }
      }
      finally
      {
       RevertToSelf();
      }
     }
        }
        finally
        {
     if (fileSD != IntPtr.Zero)
     {
      Marshal.FreeHGlobal(fileSD);
     }
     if (!token.Equals(IntPtr.Zero))
     {
      CloseHandle(token);
      token = IntPtr.Zero;
     }
        }
        return accessAllowed;
 }
Exemplo n.º 23
0
 static extern bool AccessCheck(IntPtr pSecurityDescriptor, IntPtr ClientToken, uint DesiredAccess, ref GENERIC_MAPPING GenericMapping, ref PRIVILEGE_SET PrivilegeSet, ref int PrivilegeSetLength, ref uint GrantedAccess, ref bool AccessStatus);
Exemplo n.º 24
0
 public static extern bool PrivilegeCheck(IntPtr ClientToken, ref PRIVILEGE_SET RequiredPrivileges, ref bool pfResult);
Exemplo n.º 25
0
            /// <summary>
            /// Checks if the given privilege is enabled. This does not tell you whether or not it
            /// is possible to get a privilege- most held privileges are not enabled by default.
            /// </summary>
            internal static bool IsPrivilegeEnabled(SafeCloseHandle token, Privileges privilege)
            {
                LUID luid = LookupPrivilegeValue(privilege.ToString());

                var luidAttributes = new LUID_AND_ATTRIBUTES
                {
                    Luid = luid,
                    Attributes = SE_PRIVILEGE_ENABLED
                };

                var set = new PRIVILEGE_SET
                {
                    Control = PRIVILEGE_SET_ALL_NECESSARY,
                    PrivilegeCount = 1,
                    Privilege = new[] { luidAttributes }
                };


                bool result;
                if (!Private.PrivilegeCheck(token, ref set, out result))
                {
                    int error = Marshal.GetLastWin32Error();
                    throw GetIoExceptionForError(error, privilege.ToString());
                }

                return result;
            }
Exemplo n.º 26
0
 private static extern bool PrivilegeCheck(IntPtr clientToken, ref PRIVILEGE_SET requiredPrivileges, out bool pfResult);
Exemplo n.º 27
0
 internal static extern bool PrivilegeCheck(IntPtr tokenHandler, ref PRIVILEGE_SET requiredPrivileges, out bool pfResult);
Exemplo n.º 28
0
 internal static extern bool PrivilegeCheck(
     SafeCloseHandle ClientToken,
     ref PRIVILEGE_SET RequiredPrivileges,
     [MarshalAs(UnmanagedType.Bool)] out bool pfResult);
Exemplo n.º 29
0
 internal static extern bool PrivilegeCheck(IntPtr tokenHandler, ref PRIVILEGE_SET requiredPrivileges, out bool pfResult);
Exemplo n.º 30
0
 public static extern bool PrivilegeCheck([In] IntPtr ClientToken, ref PRIVILEGE_SET RequiredPrivileges, [Out] out int pfResult);