public void DuplicateTokenExTest()
{
using (var tok = SafeHTOKEN.FromThread(GetCurrentThread()))
{
Assert.That(tok.IsInvalid, Is.False);
}
}
public void AdjustTokenPrivilegesTest()
{
using (var t = SafeHTOKEN.FromThread(SafeHTHREAD.Current, TokenAccess.TOKEN_ADJUST_PRIVILEGES | TokenAccess.TOKEN_QUERY))
{
Assert.That(LookupPrivilegeValue(null, "SeShutdownPrivilege", out var luid));
var ptp = new PTOKEN_PRIVILEGES(luid, PrivilegeAttributes.SE_PRIVILEGE_ENABLED);
var old = PTOKEN_PRIVILEGES.GetAllocatedAndEmptyInstance();
Assert.That(AdjustTokenPrivileges(t, false, ptp, (uint)old.Size, old, out var rLen));
Assert.That(AdjustTokenPrivileges(t, false, ptp));
}
}
public void AdjustTokenPrivilegesTest()
{
using (var t = SafeHTOKEN.FromThread(GetCurrentThread(), TokenAccess.TOKEN_ADJUST_PRIVILEGES | TokenAccess.TOKEN_QUERY))
{
Assert.That(LookupPrivilegeValue(null, "SeShutdownPrivilege", out var luid));
var ptp = new PTOKEN_PRIVILEGES(luid, PrivilegeAttributes.SE_PRIVILEGE_ENABLED);
var old = PTOKEN_PRIVILEGES.GetAllocatedAndEmptyInstance();
var rLen = (uint)old.Size;
Assert.That(AdjustTokenPrivileges(t, false, ptp, ptp.SizeInBytes, old, ref rLen));
rLen = 0U;
Assert.That(AdjustTokenPrivileges(t, false, ptp, ptp.SizeInBytes, SafeCoTaskMemHandle.Null, ref rLen));
}
}
public void GetTokenInformationTest()
{
//var p = SafeTokenHandle.CurrentProcessToken.GetInfo<PTOKEN_PRIVILEGES>(TOKEN_INFORMATION_CLASS.TokenPrivileges).Privileges;
using (var t = SafeHTOKEN.FromProcess(Process.GetCurrentProcess(), TokenAccess.TOKEN_QUERY))
{
Assert.That(t, Is.Not.Null);
var p = t.GetInfo <PTOKEN_PRIVILEGES>(TOKEN_INFORMATION_CLASS.TokenPrivileges);
Assert.That(p, Is.Not.Null);
Assert.That(p.PrivilegeCount, Is.GreaterThan(0));
TestContext.WriteLine("Privs: " + string.Join("; ", p.Privileges.Select(i => i.ToString())));
using (var hMem = PTOKEN_PRIVILEGES.GetAllocatedAndEmptyInstance(50))
{
var b = GetTokenInformation(t, TOKEN_INFORMATION_CLASS.TokenPrivileges, hMem, hMem.Size, out var sz);
Assert.That(b);
var p1 = PTOKEN_PRIVILEGES.FromPtr((IntPtr)hMem);
Assert.That(p1.PrivilegeCount, Is.EqualTo(p.PrivilegeCount));
Assert.That(p.Privileges, Is.EquivalentTo(p1.Privileges));
}
}
using (var t = SafeHTOKEN.FromThread(GetCurrentThread(), TokenAccess.TOKEN_QUERY))
{
var id = t.GetInfo <uint>(TOKEN_INFORMATION_CLASS.TokenSessionId);
Assert.That(id, Is.Not.Zero);
TestContext.WriteLine($"SessId: {id}");
var ve = t.GetInfo <uint>(TOKEN_INFORMATION_CLASS.TokenVirtualizationEnabled);
Assert.That(ve, Is.Zero);
TestContext.WriteLine($"VirtEnable: {ve}");
var et = t.GetInfo <TOKEN_ELEVATION_TYPE>(TOKEN_INFORMATION_CLASS.TokenElevationType);
Assert.That(et, Is.Not.Zero);
TestContext.WriteLine($"ElevType: {et}");
var e = t.GetInfo <TOKEN_ELEVATION>(TOKEN_INFORMATION_CLASS.TokenElevation);
Assert.That(e, Is.Not.Zero);
TestContext.WriteLine($"Elev: {e.TokenIsElevated}");
}
}
/****************************************************************************++
*
* Routine Description:
*
* Verifies whether specified well-known SID is in the current user token
*
* Arguments:
*
* sid - one of the WELL_KNOWN_SID_TYPE consts
* hToken - Optional the token for which we want to test membership
* pfMember - [Receives] TRUE if specified sid is a member of the user token, false otherwise
*
* Notes:
*
* -
*
* Return Value:
*
* Errors returned by CreateWellKnownSid
* Errors returned by CheckTokenMembership
* --*****************************************************************************/
static HRESULT IsMemberOf(WELL_KNOWN_SID_TYPE sid, HTOKEN hToken, out bool pfMember)
{
pfMember = false;
try
{
var hTok = new SafeHTOKEN((IntPtr)hToken, false);
using var pUserToken = hTok.GetInfo(TOKEN_INFORMATION_CLASS.TokenUser);
SafePSID pSID = null;
try
{
//
// create SID for the authenticated users
//
pSID = SafePSID.CreateWellKnown(sid);
}
catch
{
//
// In case of invalid-arg we might need to provide the domain, so create well known sid for domain
//
pSID = CreateWellKnownSidForAccount(hToken, sid);
}
//
// check whether token has this sid
//
if (!CheckTokenMembership(hToken, pSID, out pfMember))
{
var hr = Win32Error.GetLastError().ToHRESULT();
// just to be on the safe side (as we don't know that CheckTokenMembership
// does not modify fAuthenticated in case of error)
pfMember = false;
if (hr == HRESULT.E_ACCESSDENIED && hToken.IsNull)
{
// unable to query the thread token. Open as self and try again
using var ttok = SafeHTOKEN.FromThread(GetCurrentThread(), TokenAccess.TOKEN_QUERY);
{
if (CheckTokenMembership(ttok, pSID, out pfMember))
{
return(HRESULT.S_OK);
}
else
{
// stick with the original error code, but ensure that fMember is correct
pfMember = false;
}
}
}
}
return(HRESULT.S_OK);
}
catch (Exception ex)
{
var hr = HRESULT.FromException(ex);
if (hr == (HRESULT)Win32Error.ERROR_NON_ACCOUNT_SID)
{
return(HRESULT.S_OK);
}
return(hr);
}
}