public Privilege(string privilegeName)
{
if (privilegeName == null)
{
throw new ArgumentNullException(nameof(privilegeName));
}
Contract.EndContractBlock();
this.luid = LuidFromPrivilege(privilegeName);
}
private static void SetPrivilege(string privilegeName, int attrib)
{
SafeTokenHandle hToken = null;
Interop.mincore.LUID debugValue = new Interop.mincore.LUID();
// this is only a "pseudo handle" to the current process - no need to close it later
SafeProcessHandle processHandle = Interop.mincore.GetCurrentProcess();
// get the process token so we can adjust the privilege on it. We DO need to
// close the token when we're done with it.
if (!Interop.mincore.OpenProcessToken(processHandle, Interop.mincore.HandleOptions.TOKEN_ADJUST_PRIVILEGES, out hToken))
{
throw new Win32Exception();
}
try
{
if (!Interop.mincore.LookupPrivilegeValue(null, privilegeName, out debugValue))
{
throw new Win32Exception();
}
Interop.mincore.TokenPrivileges tkp = new Interop.mincore.TokenPrivileges();
tkp.Luid = debugValue;
tkp.Attributes = attrib;
Interop.mincore.AdjustTokenPrivileges(hToken, false, tkp, 0, IntPtr.Zero, IntPtr.Zero);
// AdjustTokenPrivileges can return true even if it failed to
// set the privilege, so we need to use GetLastError
if (Marshal.GetLastWin32Error() != Interop.mincore.Errors.ERROR_SUCCESS)
{
throw new Win32Exception();
}
}
finally
{
#if FEATURE_TRACESWITCH
Debug.WriteLineIf(_processTracing.TraceVerbose, "Process - CloseHandle(processToken)");
#endif
if (hToken != null)
{
hToken.Dispose();
}
}
}
//
// This routine is a wrapper around a hashtable containing mappings
// of privilege names to LUIDs
//
private static Luid LuidFromPrivilege(string privilege)
{
Luid luid;
luid.LowPart = 0;
luid.HighPart = 0;
//
// Look up the privilege LUID inside the cache
//
try
{
privilegeLock.EnterReadLock();
if (luids.ContainsKey(privilege))
{
luid = luids[privilege];
privilegeLock.ExitReadLock();
}
else
{
privilegeLock.ExitReadLock();
if (false == Interop.mincore.LookupPrivilegeValue(null, privilege, out luid))
{
int error = Marshal.GetLastWin32Error();
if (error == Interop.mincore.Errors.ERROR_NOT_ENOUGH_MEMORY)
{
throw new OutOfMemoryException();
}
else if (error == Interop.mincore.Errors.ERROR_ACCESS_DENIED)
{
throw new UnauthorizedAccessException();
}
else if (error == Interop.mincore.Errors.ERROR_NO_SUCH_PRIVILEGE)
{
throw new ArgumentException(
SR.Format(SR.Argument_InvalidPrivilegeName,
privilege));
}
else
{
System.Diagnostics.Debug.Assert(false, string.Format(CultureInfo.InvariantCulture, "LookupPrivilegeValue() failed with unrecognized error code {0}", error));
throw new InvalidOperationException();
}
}
privilegeLock.EnterWriteLock();
}
}
finally
{
if (privilegeLock.IsReadLockHeld)
{
privilegeLock.ExitReadLock();
}
if (privilegeLock.IsWriteLockHeld)
{
if (!luids.ContainsKey(privilege))
{
luids[privilege] = luid;
privileges[luid] = privilege;
}
privilegeLock.ExitWriteLock();
}
}
return(luid);
}
// -----------------------------
// ---- PAL layer ends here ----
// -----------------------------
static ProcessManager()
{
// In order to query information (OpenProcess) on some protected processes
// like csrss, we need SeDebugPrivilege privilege.
// After removing the dependency on Performance Counter, we don't have a chance
// to run the code in CLR performance counter to ask for this privilege.
// So we will try to get the privilege here.
// We could fail if the user account doesn't have right to do this, but that's fair.
Interop.mincore.LUID luid = new Interop.mincore.LUID();
if (!Interop.mincore.LookupPrivilegeValue(null, Interop.mincore.SeDebugPrivilege, out luid))
{
return;
}
SafeTokenHandle tokenHandle = null;
try
{
if (!Interop.mincore.OpenProcessToken(
Interop.mincore.GetCurrentProcess(),
Interop.mincore.HandleOptions.TOKEN_ADJUST_PRIVILEGES,
out tokenHandle))
{
return;
}
Interop.mincore.TokenPrivileges tp = new Interop.mincore.TokenPrivileges();
tp.Luid = luid;
tp.Attributes = Interop.mincore.SEPrivileges.SE_PRIVILEGE_ENABLED;
// AdjustTokenPrivileges can return true even if it didn't succeed (when ERROR_NOT_ALL_ASSIGNED is returned).
Interop.mincore.AdjustTokenPrivileges(tokenHandle, false, tp, 0, IntPtr.Zero, IntPtr.Zero);
}
finally
{
if (tokenHandle != null)
{
tokenHandle.Dispose();
}
}
}
//
// This routine is a wrapper around a hashtable containing mappings
// of privilege names to LUIDs
//
private static Luid LuidFromPrivilege(string privilege)
{
Luid luid;
luid.LowPart = 0;
luid.HighPart = 0;
//
// Look up the privilege LUID inside the cache
//
try
{
privilegeLock.EnterReadLock();
if (luids.ContainsKey(privilege))
{
luid = luids[privilege];
privilegeLock.ExitReadLock();
}
else
{
privilegeLock.ExitReadLock();
if (false == Interop.mincore.LookupPrivilegeValue(null, privilege, out luid))
{
int error = Marshal.GetLastWin32Error();
if (error == Interop.mincore.Errors.ERROR_NOT_ENOUGH_MEMORY)
{
throw new OutOfMemoryException();
}
else if (error == Interop.mincore.Errors.ERROR_ACCESS_DENIED)
{
throw new UnauthorizedAccessException();
}
else if (error == Interop.mincore.Errors.ERROR_NO_SUCH_PRIVILEGE)
{
throw new ArgumentException(
SR.Format(SR.Argument_InvalidPrivilegeName,
privilege));
}
else
{
Contract.Assert(false, string.Format(CultureInfo.InvariantCulture, "LookupPrivilegeValue() failed with unrecognized error code {0}", error));
throw new InvalidOperationException();
}
}
privilegeLock.EnterWriteLock();
}
}
finally
{
if (privilegeLock.IsReadLockHeld)
{
privilegeLock.ExitReadLock();
}
if (privilegeLock.IsWriteLockHeld)
{
if (!luids.ContainsKey(privilege))
{
luids[privilege] = luid;
privileges[luid] = privilege;
}
privilegeLock.ExitWriteLock();
}
}
return luid;
}
public Privilege(string privilegeName)
{
if (privilegeName == null)
{
throw new ArgumentNullException("privilegeName");
}
Contract.EndContractBlock();
this.luid = LuidFromPrivilege(privilegeName);
}
private static void SetPrivilege(string privilegeName, int attrib)
{
SafeTokenHandle hToken = null;
Interop.mincore.LUID debugValue = new Interop.mincore.LUID();
// this is only a "pseudo handle" to the current process - no need to close it later
SafeProcessHandle processHandle = Interop.mincore.GetCurrentProcess();
// get the process token so we can adjust the privilege on it. We DO need to
// close the token when we're done with it.
if (!Interop.mincore.OpenProcessToken(processHandle, Interop.mincore.HandleOptions.TOKEN_ADJUST_PRIVILEGES, out hToken))
{
throw new Win32Exception();
}
try
{
if (!Interop.mincore.LookupPrivilegeValue(null, privilegeName, out debugValue))
{
throw new Win32Exception();
}
Interop.mincore.TokenPrivileges tkp = new Interop.mincore.TokenPrivileges();
tkp.Luid = debugValue;
tkp.Attributes = attrib;
Interop.mincore.AdjustTokenPrivileges(hToken, false, tkp, 0, IntPtr.Zero, IntPtr.Zero);
// AdjustTokenPrivileges can return true even if it failed to
// set the privilege, so we need to use GetLastError
if (Marshal.GetLastWin32Error() != Interop.mincore.Errors.ERROR_SUCCESS)
{
throw new Win32Exception();
}
}
finally
{
#if FEATURE_TRACESWITCH
Debug.WriteLineIf(_processTracing.TraceVerbose, "Process - CloseHandle(processToken)");
#endif
if (hToken != null)
{
hToken.Dispose();
}
}
}