public static extern NtStatus NtDuplicateToken(
SafeKernelObjectHandle ExistingTokenHandle,
TokenAccessRights DesiredAccess,
ObjectAttributes ObjectAttributes,
bool EffectiveOnly,
TokenType TokenType,
out SafeKernelObjectHandle NewTokenHandle
);
internal AccessTokenHandle(ProcessHandle processHandle, TokenAccessRights tokenAccessRights)
: base(true)
{
if (!NativeMethods.OpenProcessToken(processHandle, tokenAccessRights, ref handle))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
internal AccessTokenHandle(ProcessHandle processHandle, TokenAccessRights tokenAccessRights)
: base(true)
{
if (!NativeMethods.OpenProcessToken(processHandle, tokenAccessRights, ref handle))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
private static SafeKernelObjectHandle OpenClipboardToken(TokenAccessRights desired_access)
{
if (!Win32NativeMethods.GetClipboardAccessToken(out SafeKernelObjectHandle handle, desired_access))
{
throw new NtException(NtStatus.STATUS_NO_TOKEN);
}
return(handle);
}
public TokenHandle DuplicateTokenEx(TokenAccessRights desiredAccess, SecurityImpersonationLevel impersonationLevel, TokenType tokenType)
{
TokenHandle newHandle;
if (!NativeMethods.DuplicateTokenEx(this, desiredAccess, null, impersonationLevel, tokenType, out newHandle))
{
ErrorHelper.ThrowCustomWin32Exception();
}
return newHandle;
}
/// <summary>
/// Open the current clipboard token.
/// </summary>
/// <param name="desired_access"></param>
/// <param name="throw_on_error"></param>
/// <returns></returns>
public static NtResult <NtToken> OpenClipboardToken(TokenAccessRights desired_access, bool throw_on_error)
{
if (Win32NativeMethods.GetClipboardAccessToken(out SafeKernelObjectHandle handle, desired_access))
{
return(NtToken.FromHandle(handle).CreateResult());
}
return(NtStatus.STATUS_NO_TOKEN.CreateResultFromError <NtToken>(throw_on_error));
}
private NtToken GetPrimaryToken(TokenAccessRights desired_access)
{
if (ProcessId.HasValue)
{
return(NtToken.OpenProcessToken(ProcessId.Value, false, desired_access));
}
return(NtToken.OpenProcessToken(Process ?? NtProcess.Current, false, desired_access));
}
private NtToken GetImpersonationToken(TokenAccessRights desired_access)
{
if (ThreadId.HasValue)
{
return(NtToken.OpenThreadToken(ThreadId.Value, OpenAsSelf, false, desired_access));
}
return(NtToken.OpenThreadToken(Thread ?? NtThread.Current, OpenAsSelf, false, desired_access));
}
private NtToken GetToken(TokenAccessRights desired_access)
{
if (Impersonation)
{
return(GetImpersonationToken(desired_access));
}
else if (Effective)
{
return(GetEffectiveToken(desired_access));
}
else if (Clipboard)
{
return(GetClipboardToken(desired_access));
}
else if (Logon)
{
return(GetLogonToken(desired_access));
}
else if (S4U)
{
return(GetS4UToken(desired_access));
}
else if (Ticket != null)
{
return(GetTicketToken(desired_access));
}
else if (Anonymous)
{
return(GetAnonymousToken(desired_access));
}
else if (LowBox || AppContainer)
{
return(GetRelatedToken(desired_access, GetLowBoxToken));
}
else if (Filtered)
{
return(GetRelatedToken(desired_access, GetFilteredToken));
}
else if (Service.HasValue)
{
return(GetServiceToken(desired_access, Service.Value));
}
else if (Session)
{
return(GetSessionToken(desired_access, SessionId));
}
else if (Linked)
{
return(GetRelatedToken(desired_access, t => t.GetLinkedToken()));
}
else
{
// The default is primary token.
return(GetPrimaryToken(desired_access));
}
}
public TokenHandle OpenProcessToken(TokenAccessRights desiredAccess)
{
TokenHandle tokenHandle;
if (!NativeMethods.OpenProcessToken(this, desiredAccess, out tokenHandle))
{
ErrorHelper.ThrowCustomWin32Exception();
}
return(tokenHandle);
}
/// <summary>
/// Get the token from the clipboard.
/// </summary>
/// <param name="desired_access">The access rights for the opened token.</param>
/// <returns>The clipboard token.</returns>
public static NtToken GetTokenFromClipboard(TokenAccessRights desired_access)
{
try {
return(NtToken.FromHandle(OpenClipboardToken(desired_access)));
} catch (NtException) {
throw;
} catch {
throw new InvalidOperationException("GetClipboardAccessToken doesn't exist");
}
}
public static extern NtStatus NtCreateLowBoxToken(
out SafeKernelObjectHandle token,
SafeHandle original_token,
TokenAccessRights access,
ObjectAttributes object_attribute,
byte[] appcontainer_sid,
int capabilityCount,
SidAndAttributes[] capabilities,
int handle_count,
IntPtr[] handles);
public TokenHandle DuplicateTokenEx(TokenAccessRights desiredAccess, SecurityImpersonationLevel impersonationLevel, TokenType tokenType)
{
TokenHandle newHandle;
if (!NativeMethods.DuplicateTokenEx(this, desiredAccess, null, impersonationLevel, tokenType, out newHandle))
{
ErrorHelper.ThrowCustomWin32Exception();
}
return(newHandle);
}
private NtToken GetS4UToken(TokenAccessRights desired_access)
{
using (NtToken token = LogonUtils.LogonS4U(User, Domain, LogonType))
{
if (desired_access == TokenAccessRights.MaximumAllowed)
{
return(token.Duplicate());
}
return(token.Duplicate(desired_access));
}
}
private NtToken GetTicketToken(TokenAccessRights desired_access)
{
using (NtToken token = LogonUtils.LsaLogonTicket(LogonType, Ticket, KerbCred))
{
if (desired_access == TokenAccessRights.MaximumAllowed)
{
return(token.Duplicate());
}
return(token.Duplicate(desired_access));
}
}
private NtToken GetS4UToken(TokenAccessRights desired_access)
{
using (NtToken token = LogonUtils.LsaLogonS4U(User, Domain, LogonType, AuthenticationPackage.NEGOSSP_NAME))
{
if (desired_access == TokenAccessRights.MaximumAllowed)
{
return(token.Duplicate());
}
return(token.Duplicate(desired_access));
}
}
public static SafeNativeHandle OpenProcessToken(SafeHandle process, TokenAccessRights access)
{
SafeNativeHandle handle;
if (!NativeOpenProcessToken(process, access, out handle))
{
throw new Win32Exception();
}
return(handle);
}
private NtToken GetLogonToken(TokenAccessRights desired_access)
{
using (NtToken token = TokenUtils.GetLogonUserToken(User, Domain, Password, LogonType))
{
if (desired_access == TokenAccessRights.MaximumAllowed)
{
return(token.Duplicate());
}
return(token.Duplicate(desired_access));
}
}
private NtToken GetServiceNameToken(TokenAccessRights desired_access)
{
int pid = ServiceUtils.GetServiceProcessId(ServiceName);
if (pid == 0)
{
throw new ArgumentException($"{ServiceName} is not current running.");
}
using (var process = NtProcess.Open(pid, ProcessAccessRights.QueryLimitedInformation))
{
return(NtToken.OpenProcessToken(process, false, desired_access));
}
}
private bool ShowTokenPermissions(TokenAccessRights access, bool throw_on_error)
{
using (var result = _token.Duplicate(access, AttributeFlags.None, DuplicateObjectOptions.None, throw_on_error))
{
if (result.IsSuccess)
{
Win32Utils.EditSecurity(Handle,
result.Result,
"Token", false);
return(true);
}
}
return(false);
}
private NtToken GetSandboxedToken(TokenAccessRights desired_access, Func <NtToken, NtToken> sandbox_func)
{
using (NtToken token = Token != null ? Token.Duplicate() : NtToken.OpenProcessToken())
{
using (NtToken sandbox_token = sandbox_func(token))
{
if (desired_access == TokenAccessRights.MaximumAllowed)
{
return(token.Duplicate());
}
return(token.Duplicate(desired_access));
}
}
}
public static extern NtStatus NtCreateToken(
out SafeKernelObjectHandle TokenHandle,
TokenAccessRights DesiredAccess,
[In] ObjectAttributes ObjectAttributes,
TokenType TokenType,
[In] ref Luid AuthenticationId,
[In] LargeInteger ExpirationTime,
[In] ref TokenUser TokenUser,
[In] SafeTokenGroupsBuffer TokenGroups,
[In] SafeTokenPrivilegesBuffer TokenPrivileges,
[In] ref TokenOwner TokenOwner,
[In] ref TokenPrimaryGroup TokenPrimaryGroup,
[In] ref TokenDefaultDacl TokenDefaultDacl,
[In] TokenSource TokenSource);
private NtToken GetToken(TokenAccessRights desired_access)
{
if (Impersonation)
{
return(GetImpersonationToken(desired_access));
}
else if (Effective)
{
return(GetEffectiveToken(desired_access));
}
else if (Clipboard)
{
return(GetClipboardToken(desired_access));
}
else if (Logon)
{
return(GetLogonToken(desired_access));
}
else if (S4U)
{
return(GetS4UToken(desired_access));
}
else if (Anonymous)
{
return(GetAnonymousToken(desired_access));
}
else if (LowBox)
{
return(GetSandboxedToken(desired_access, GetLowBoxToken));
}
else if (Filtered)
{
return(GetSandboxedToken(desired_access, GetFilteredToken));
}
else if (Service.HasValue)
{
return(GetServiceToken(desired_access, Service.Value));
}
else if (Session)
{
return(GetSessionToken(desired_access, SessionId));
}
else
{
// The default is primary token.
return(GetPrimaryToken(desired_access));
}
}
internal AccessTokenHandle(ThreadHandle threadHandle, TokenAccessRights tokenAccessRights)
: base(true)
{
if (!NativeMethods.OpenThreadToken(threadHandle, tokenAccessRights, true, ref handle))
{
var error = Marshal.GetLastWin32Error();
if (error == NativeMethods.ErrorNoToken)
{
SetHandleAsInvalid();
}
else
{
throw new Win32Exception(error);
}
}
}
/// <summary>
/// Get token for this cmdlet.
/// </summary>
/// <param name="desired_access">The token access required.</param>
/// <returns>The token object.</returns>
protected override NtToken GetToken(TokenAccessRights desired_access)
{
NtToken token = base.GetToken(desired_access);
if (token == null)
{
if (Thread == null)
{
token = NtToken.OpenProcessToken(NtProcess.Current, false, desired_access);
}
else
{
token = NtToken.OpenProcessToken(Thread.ProcessId, false, desired_access);
}
}
return(token);
}
private NtToken GetLogonToken(TokenAccessRights desired_access)
{
IEnumerable <UserGroup> groups = null;
if (AdditionalGroups != null && AdditionalGroups.Length > 0)
{
groups = AdditionalGroups.Select(s => new UserGroup(s,
GroupAttributes.Enabled | GroupAttributes.EnabledByDefault | GroupAttributes.Mandatory));
}
using (NtToken token = TokenUtils.GetLogonUserToken(User, Domain, Password, LogonType, groups))
{
if (desired_access == TokenAccessRights.MaximumAllowed)
{
return(token.Duplicate());
}
return(token.Duplicate(desired_access));
}
}
private NtToken GetToken()
{
TokenAccessRights access_rights = Audit ? TokenAccessRights.Impersonate : 0;
if (Token != null)
{
return(Token.DuplicateToken(TokenType.Impersonation,
SecurityImpersonationLevel.Identification, access_rights | TokenAccessRights.Query));
}
else
{
using (NtToken token = NtToken.OpenEffectiveToken())
{
return(token.DuplicateToken(TokenType.Impersonation,
SecurityImpersonationLevel.Identification, access_rights | TokenAccessRights.Query));
}
}
}
private NtToken GetLogonToken(TokenAccessRights desired_access, string user,
string domain, SecureString password, SecurityLogonType logon_type)
{
IEnumerable <UserGroup> groups = null;
if (AdditionalGroup != null && AdditionalGroup.Length > 0)
{
groups = AdditionalGroup.Select(s => new UserGroup(s,
GetAttributes(s)));
}
using (NtToken token = Win32Security.LsaLogonUser(user, domain, password, logon_type, LogonProvider, groups))
{
if (desired_access == TokenAccessRights.MaximumAllowed)
{
return(token.Duplicate());
}
return(token.Duplicate(desired_access));
}
}
private NtToken GetSessionToken(TokenAccessRights desired_access, int session_id)
{
if (!NtToken.EnableEffectivePrivilege(TokenPrivilegeValue.SeTcbPrivilege))
{
WriteWarning("Getting session token requires SeTcbPrivilege");
}
if (session_id < 0)
{
session_id = NtProcess.Current.SessionId;
}
using (var token = TokenUtils.GetSessionToken(session_id))
{
if (desired_access == TokenAccessRights.MaximumAllowed)
{
return(token.Duplicate());
}
return(token.Duplicate(desired_access));
}
}
private NtToken GetServiceToken(TokenAccessRights desired_access, ServiceAccountType service_type)
{
string user = string.Empty;
switch (service_type)
{
case ServiceAccountType.System:
user = "******";
break;
case ServiceAccountType.LocalService:
user = "******";
break;
case ServiceAccountType.NetworkService:
user = "******";
break;
}
return(GetLogonToken(desired_access, user, "NT AUTHORITY", null, SecurityLogonType.Service));
}
/// <summary> /// Get token for this cmdlet. /// </summary> /// <param name="desired_access">The token access required.</param> /// <returns>The token object.</returns> protected abstract NtToken GetToken(TokenAccessRights desired_access);
public static extern bool DuplicateTokenEx(TokenHandle handle, TokenAccessRights desiredAccess, SecurityAttributes securityAttributes, SecurityImpersonationLevel impersonationLevel, TokenType tokenType, out TokenHandle newToken);
/// <summary>
/// Get token for this cmdlet.
/// </summary>
/// <param name="desired_access">The token access required.</param>
/// <returns>The token object.</returns>
protected override NtToken GetToken(TokenAccessRights desired_access)
{
NtToken token = base.GetToken(desired_access);
if (token == null)
{
if (Thread == null)
{
token = NtToken.OpenProcessToken(NtProcess.Current, false, desired_access);
}
else
{
token = NtToken.OpenProcessToken(Thread.ProcessId, false, desired_access);
}
}
return token;
}
public static extern bool OpenProcessToken(
IntPtr processHandle,
TokenAccessRights desiredAccess,
out SafeObjectHandle tokenHandle);
/// <summary>
/// Get token for this cmdlet.
/// </summary>
/// <param name="desired_access">The token access required.</param>
/// <returns>The token object.</returns>
protected override NtToken GetToken(TokenAccessRights desired_access)
{
return NtToken.OpenThreadToken(Thread ?? NtThread.Current, OpenAsSelf, false, desired_access);
}
public static extern bool OpenProcessToken(ProcessHandle processHandle, TokenAccessRights desiredAccess, out TokenHandle tokenHandle);
public IToken DuplicateTokenEx(TokenAccessRights desiredAccess, SecurityImpersonationLevel impersonationLevel, TokenType tokenType)
{
var handle = _handle.DuplicateTokenEx(desiredAccess, impersonationLevel, tokenType);
return new Token(handle);
}
private static extern bool GetClipboardAccessToken(out SafeKernelObjectHandle handle, TokenAccessRights desired_access);
/// <summary>
/// Get token for this cmdlet.
/// </summary>
/// <param name="desired_access">The token access required.</param>
/// <returns>The token object.</returns>
protected override NtToken GetToken(TokenAccessRights desired_access)
{
return NtToken.OpenProcessToken(Process ?? NtProcess.Current, Duplicate, desired_access);
}
private NtToken GetAnonymousToken(TokenAccessRights desired_access)
{
return(TokenUtils.GetAnonymousToken(desired_access));
}
public static AccessTokenHandle GetAccessTokenHandle(this Process process, TokenAccessRights tokenAccessRights)
{
return new AccessTokenHandle(new ProcessHandle(process.Handle, false), tokenAccessRights);
}
public static extern bool OpenProcessToken(
[In] ProcessHandle processHandle,
[In] TokenAccessRights desiredAccess,
[In, Out] ref IntPtr tokenHandle);
public TokenHandle OpenProcessToken(TokenAccessRights desiredAccess)
{
TokenHandle tokenHandle;
if (!NativeMethods.OpenProcessToken(this, desiredAccess, out tokenHandle))
{
ErrorHelper.ThrowCustomWin32Exception();
}
return tokenHandle;
}
