public static extern NtStatus NtDuplicateToken( SafeKernelObjectHandle ExistingTokenHandle, TokenAccessRights DesiredAccess, ObjectAttributes ObjectAttributes, bool EffectiveOnly, TokenType TokenType, out SafeKernelObjectHandle NewTokenHandle );
internal AccessTokenHandle(ProcessHandle processHandle, TokenAccessRights tokenAccessRights) : base(true) { if (!NativeMethods.OpenProcessToken(processHandle, tokenAccessRights, ref handle)) { throw new Win32Exception(Marshal.GetLastWin32Error()); } }
private static SafeKernelObjectHandle OpenClipboardToken(TokenAccessRights desired_access) { if (!Win32NativeMethods.GetClipboardAccessToken(out SafeKernelObjectHandle handle, desired_access)) { throw new NtException(NtStatus.STATUS_NO_TOKEN); } return(handle); }
public TokenHandle DuplicateTokenEx(TokenAccessRights desiredAccess, SecurityImpersonationLevel impersonationLevel, TokenType tokenType) { TokenHandle newHandle; if (!NativeMethods.DuplicateTokenEx(this, desiredAccess, null, impersonationLevel, tokenType, out newHandle)) { ErrorHelper.ThrowCustomWin32Exception(); } return newHandle; }
/// <summary> /// Open the current clipboard token. /// </summary> /// <param name="desired_access"></param> /// <param name="throw_on_error"></param> /// <returns></returns> public static NtResult <NtToken> OpenClipboardToken(TokenAccessRights desired_access, bool throw_on_error) { if (Win32NativeMethods.GetClipboardAccessToken(out SafeKernelObjectHandle handle, desired_access)) { return(NtToken.FromHandle(handle).CreateResult()); } return(NtStatus.STATUS_NO_TOKEN.CreateResultFromError <NtToken>(throw_on_error)); }
private NtToken GetPrimaryToken(TokenAccessRights desired_access) { if (ProcessId.HasValue) { return(NtToken.OpenProcessToken(ProcessId.Value, false, desired_access)); } return(NtToken.OpenProcessToken(Process ?? NtProcess.Current, false, desired_access)); }
private NtToken GetImpersonationToken(TokenAccessRights desired_access) { if (ThreadId.HasValue) { return(NtToken.OpenThreadToken(ThreadId.Value, OpenAsSelf, false, desired_access)); } return(NtToken.OpenThreadToken(Thread ?? NtThread.Current, OpenAsSelf, false, desired_access)); }
private NtToken GetToken(TokenAccessRights desired_access) { if (Impersonation) { return(GetImpersonationToken(desired_access)); } else if (Effective) { return(GetEffectiveToken(desired_access)); } else if (Clipboard) { return(GetClipboardToken(desired_access)); } else if (Logon) { return(GetLogonToken(desired_access)); } else if (S4U) { return(GetS4UToken(desired_access)); } else if (Ticket != null) { return(GetTicketToken(desired_access)); } else if (Anonymous) { return(GetAnonymousToken(desired_access)); } else if (LowBox || AppContainer) { return(GetRelatedToken(desired_access, GetLowBoxToken)); } else if (Filtered) { return(GetRelatedToken(desired_access, GetFilteredToken)); } else if (Service.HasValue) { return(GetServiceToken(desired_access, Service.Value)); } else if (Session) { return(GetSessionToken(desired_access, SessionId)); } else if (Linked) { return(GetRelatedToken(desired_access, t => t.GetLinkedToken())); } else { // The default is primary token. return(GetPrimaryToken(desired_access)); } }
public TokenHandle OpenProcessToken(TokenAccessRights desiredAccess) { TokenHandle tokenHandle; if (!NativeMethods.OpenProcessToken(this, desiredAccess, out tokenHandle)) { ErrorHelper.ThrowCustomWin32Exception(); } return(tokenHandle); }
/// <summary> /// Get the token from the clipboard. /// </summary> /// <param name="desired_access">The access rights for the opened token.</param> /// <returns>The clipboard token.</returns> public static NtToken GetTokenFromClipboard(TokenAccessRights desired_access) { try { return(NtToken.FromHandle(OpenClipboardToken(desired_access))); } catch (NtException) { throw; } catch { throw new InvalidOperationException("GetClipboardAccessToken doesn't exist"); } }
public static extern NtStatus NtCreateLowBoxToken( out SafeKernelObjectHandle token, SafeHandle original_token, TokenAccessRights access, ObjectAttributes object_attribute, byte[] appcontainer_sid, int capabilityCount, SidAndAttributes[] capabilities, int handle_count, IntPtr[] handles);
public TokenHandle DuplicateTokenEx(TokenAccessRights desiredAccess, SecurityImpersonationLevel impersonationLevel, TokenType tokenType) { TokenHandle newHandle; if (!NativeMethods.DuplicateTokenEx(this, desiredAccess, null, impersonationLevel, tokenType, out newHandle)) { ErrorHelper.ThrowCustomWin32Exception(); } return(newHandle); }
private NtToken GetS4UToken(TokenAccessRights desired_access) { using (NtToken token = LogonUtils.LogonS4U(User, Domain, LogonType)) { if (desired_access == TokenAccessRights.MaximumAllowed) { return(token.Duplicate()); } return(token.Duplicate(desired_access)); } }
private NtToken GetTicketToken(TokenAccessRights desired_access) { using (NtToken token = LogonUtils.LsaLogonTicket(LogonType, Ticket, KerbCred)) { if (desired_access == TokenAccessRights.MaximumAllowed) { return(token.Duplicate()); } return(token.Duplicate(desired_access)); } }
private NtToken GetS4UToken(TokenAccessRights desired_access) { using (NtToken token = LogonUtils.LsaLogonS4U(User, Domain, LogonType, AuthenticationPackage.NEGOSSP_NAME)) { if (desired_access == TokenAccessRights.MaximumAllowed) { return(token.Duplicate()); } return(token.Duplicate(desired_access)); } }
public static SafeNativeHandle OpenProcessToken(SafeHandle process, TokenAccessRights access) { SafeNativeHandle handle; if (!NativeOpenProcessToken(process, access, out handle)) { throw new Win32Exception(); } return(handle); }
private NtToken GetLogonToken(TokenAccessRights desired_access) { using (NtToken token = TokenUtils.GetLogonUserToken(User, Domain, Password, LogonType)) { if (desired_access == TokenAccessRights.MaximumAllowed) { return(token.Duplicate()); } return(token.Duplicate(desired_access)); } }
private NtToken GetServiceNameToken(TokenAccessRights desired_access) { int pid = ServiceUtils.GetServiceProcessId(ServiceName); if (pid == 0) { throw new ArgumentException($"{ServiceName} is not current running."); } using (var process = NtProcess.Open(pid, ProcessAccessRights.QueryLimitedInformation)) { return(NtToken.OpenProcessToken(process, false, desired_access)); } }
private bool ShowTokenPermissions(TokenAccessRights access, bool throw_on_error) { using (var result = _token.Duplicate(access, AttributeFlags.None, DuplicateObjectOptions.None, throw_on_error)) { if (result.IsSuccess) { Win32Utils.EditSecurity(Handle, result.Result, "Token", false); return(true); } } return(false); }
private NtToken GetSandboxedToken(TokenAccessRights desired_access, Func <NtToken, NtToken> sandbox_func) { using (NtToken token = Token != null ? Token.Duplicate() : NtToken.OpenProcessToken()) { using (NtToken sandbox_token = sandbox_func(token)) { if (desired_access == TokenAccessRights.MaximumAllowed) { return(token.Duplicate()); } return(token.Duplicate(desired_access)); } } }
public static extern NtStatus NtCreateToken( out SafeKernelObjectHandle TokenHandle, TokenAccessRights DesiredAccess, [In] ObjectAttributes ObjectAttributes, TokenType TokenType, [In] ref Luid AuthenticationId, [In] LargeInteger ExpirationTime, [In] ref TokenUser TokenUser, [In] SafeTokenGroupsBuffer TokenGroups, [In] SafeTokenPrivilegesBuffer TokenPrivileges, [In] ref TokenOwner TokenOwner, [In] ref TokenPrimaryGroup TokenPrimaryGroup, [In] ref TokenDefaultDacl TokenDefaultDacl, [In] TokenSource TokenSource);
private NtToken GetToken(TokenAccessRights desired_access) { if (Impersonation) { return(GetImpersonationToken(desired_access)); } else if (Effective) { return(GetEffectiveToken(desired_access)); } else if (Clipboard) { return(GetClipboardToken(desired_access)); } else if (Logon) { return(GetLogonToken(desired_access)); } else if (S4U) { return(GetS4UToken(desired_access)); } else if (Anonymous) { return(GetAnonymousToken(desired_access)); } else if (LowBox) { return(GetSandboxedToken(desired_access, GetLowBoxToken)); } else if (Filtered) { return(GetSandboxedToken(desired_access, GetFilteredToken)); } else if (Service.HasValue) { return(GetServiceToken(desired_access, Service.Value)); } else if (Session) { return(GetSessionToken(desired_access, SessionId)); } else { // The default is primary token. return(GetPrimaryToken(desired_access)); } }
internal AccessTokenHandle(ThreadHandle threadHandle, TokenAccessRights tokenAccessRights) : base(true) { if (!NativeMethods.OpenThreadToken(threadHandle, tokenAccessRights, true, ref handle)) { var error = Marshal.GetLastWin32Error(); if (error == NativeMethods.ErrorNoToken) { SetHandleAsInvalid(); } else { throw new Win32Exception(error); } } }
/// <summary> /// Get token for this cmdlet. /// </summary> /// <param name="desired_access">The token access required.</param> /// <returns>The token object.</returns> protected override NtToken GetToken(TokenAccessRights desired_access) { NtToken token = base.GetToken(desired_access); if (token == null) { if (Thread == null) { token = NtToken.OpenProcessToken(NtProcess.Current, false, desired_access); } else { token = NtToken.OpenProcessToken(Thread.ProcessId, false, desired_access); } } return(token); }
private NtToken GetLogonToken(TokenAccessRights desired_access) { IEnumerable <UserGroup> groups = null; if (AdditionalGroups != null && AdditionalGroups.Length > 0) { groups = AdditionalGroups.Select(s => new UserGroup(s, GroupAttributes.Enabled | GroupAttributes.EnabledByDefault | GroupAttributes.Mandatory)); } using (NtToken token = TokenUtils.GetLogonUserToken(User, Domain, Password, LogonType, groups)) { if (desired_access == TokenAccessRights.MaximumAllowed) { return(token.Duplicate()); } return(token.Duplicate(desired_access)); } }
private NtToken GetToken() { TokenAccessRights access_rights = Audit ? TokenAccessRights.Impersonate : 0; if (Token != null) { return(Token.DuplicateToken(TokenType.Impersonation, SecurityImpersonationLevel.Identification, access_rights | TokenAccessRights.Query)); } else { using (NtToken token = NtToken.OpenEffectiveToken()) { return(token.DuplicateToken(TokenType.Impersonation, SecurityImpersonationLevel.Identification, access_rights | TokenAccessRights.Query)); } } }
private NtToken GetLogonToken(TokenAccessRights desired_access, string user, string domain, SecureString password, SecurityLogonType logon_type) { IEnumerable <UserGroup> groups = null; if (AdditionalGroup != null && AdditionalGroup.Length > 0) { groups = AdditionalGroup.Select(s => new UserGroup(s, GetAttributes(s))); } using (NtToken token = Win32Security.LsaLogonUser(user, domain, password, logon_type, LogonProvider, groups)) { if (desired_access == TokenAccessRights.MaximumAllowed) { return(token.Duplicate()); } return(token.Duplicate(desired_access)); } }
private NtToken GetSessionToken(TokenAccessRights desired_access, int session_id) { if (!NtToken.EnableEffectivePrivilege(TokenPrivilegeValue.SeTcbPrivilege)) { WriteWarning("Getting session token requires SeTcbPrivilege"); } if (session_id < 0) { session_id = NtProcess.Current.SessionId; } using (var token = TokenUtils.GetSessionToken(session_id)) { if (desired_access == TokenAccessRights.MaximumAllowed) { return(token.Duplicate()); } return(token.Duplicate(desired_access)); } }
private NtToken GetServiceToken(TokenAccessRights desired_access, ServiceAccountType service_type) { string user = string.Empty; switch (service_type) { case ServiceAccountType.System: user = "******"; break; case ServiceAccountType.LocalService: user = "******"; break; case ServiceAccountType.NetworkService: user = "******"; break; } return(GetLogonToken(desired_access, user, "NT AUTHORITY", null, SecurityLogonType.Service)); }
/// <summary> /// Get token for this cmdlet. /// </summary> /// <param name="desired_access">The token access required.</param> /// <returns>The token object.</returns> protected abstract NtToken GetToken(TokenAccessRights desired_access);
public static extern bool DuplicateTokenEx(TokenHandle handle, TokenAccessRights desiredAccess, SecurityAttributes securityAttributes, SecurityImpersonationLevel impersonationLevel, TokenType tokenType, out TokenHandle newToken);
/// <summary> /// Get token for this cmdlet. /// </summary> /// <param name="desired_access">The token access required.</param> /// <returns>The token object.</returns> protected override NtToken GetToken(TokenAccessRights desired_access) { NtToken token = base.GetToken(desired_access); if (token == null) { if (Thread == null) { token = NtToken.OpenProcessToken(NtProcess.Current, false, desired_access); } else { token = NtToken.OpenProcessToken(Thread.ProcessId, false, desired_access); } } return token; }
public static extern bool OpenProcessToken( IntPtr processHandle, TokenAccessRights desiredAccess, out SafeObjectHandle tokenHandle);
/// <summary> /// Get token for this cmdlet. /// </summary> /// <param name="desired_access">The token access required.</param> /// <returns>The token object.</returns> protected override NtToken GetToken(TokenAccessRights desired_access) { return NtToken.OpenThreadToken(Thread ?? NtThread.Current, OpenAsSelf, false, desired_access); }
public static extern bool OpenProcessToken(ProcessHandle processHandle, TokenAccessRights desiredAccess, out TokenHandle tokenHandle);
public IToken DuplicateTokenEx(TokenAccessRights desiredAccess, SecurityImpersonationLevel impersonationLevel, TokenType tokenType) { var handle = _handle.DuplicateTokenEx(desiredAccess, impersonationLevel, tokenType); return new Token(handle); }
private static extern bool GetClipboardAccessToken(out SafeKernelObjectHandle handle, TokenAccessRights desired_access);
/// <summary> /// Get token for this cmdlet. /// </summary> /// <param name="desired_access">The token access required.</param> /// <returns>The token object.</returns> protected override NtToken GetToken(TokenAccessRights desired_access) { return NtToken.OpenProcessToken(Process ?? NtProcess.Current, Duplicate, desired_access); }
private NtToken GetAnonymousToken(TokenAccessRights desired_access) { return(TokenUtils.GetAnonymousToken(desired_access)); }
public static AccessTokenHandle GetAccessTokenHandle(this Process process, TokenAccessRights tokenAccessRights) { return new AccessTokenHandle(new ProcessHandle(process.Handle, false), tokenAccessRights); }
public static extern bool OpenProcessToken( [In] ProcessHandle processHandle, [In] TokenAccessRights desiredAccess, [In, Out] ref IntPtr tokenHandle);
public TokenHandle OpenProcessToken(TokenAccessRights desiredAccess) { TokenHandle tokenHandle; if (!NativeMethods.OpenProcessToken(this, desiredAccess, out tokenHandle)) { ErrorHelper.ThrowCustomWin32Exception(); } return tokenHandle; }