public void BuildExplicitAccessWithNameTest()
{
EXPLICIT_ACCESS ea = default;
Assert.That(() => BuildExplicitAccessWithName(out ea, userName, 0x10000000, ACCESS_MODE.SET_ACCESS, INHERIT_FLAGS.SUB_CONTAINERS_AND_OBJECTS_INHERIT), Throws.Nothing);
Assert.That(ea.grfAccessMode, Is.Not.Zero);
ea.WriteValues();
}
public void AuditQuerySetGlobalSaclTest()
{
Assert.That(AuditQueryGlobalSacl("Key", out var orig), ResultIs.Successful);
var explAcc = new EXPLICIT_ACCESS
{
grfAccessMode = ACCESS_MODE.SET_AUDIT_SUCCESS,
grfAccessPermissions = 0x20006 /* KEY_WRITE */,
grfInheritance = INHERIT_FLAGS.NO_INHERITANCE,
Trustee = new TRUSTEE(SafePSID.Everyone, TRUSTEE_TYPE.TRUSTEE_IS_WELL_KNOWN_GROUP)
};
Assert.That(SetEntriesInAcl(1, new[] { explAcc }, PACL.NULL, out var newAcl), ResultIs.Successful);
Assert.That(AuditSetGlobalSacl("Key", newAcl), ResultIs.Successful);
Assert.That(AuditSetGlobalSacl("Key", orig), ResultIs.Successful);
}
public void AuditQuerySetGlobalSaclTest()
{
Assert.That(AuditQueryGlobalSacl("Key", out var orig), Is.True);
var psid = SafePSID.CreateWellKnown(WELL_KNOWN_SID_TYPE.WinWorldSid);
var explAcc = new EXPLICIT_ACCESS
{
grfAccessMode = ACCESS_MODE.SET_AUDIT_SUCCESS,
grfAccessPermissions = 0x20006 /* KEY_WRITE */,
grfInheritance = INHERIT_FLAGS.NO_INHERITANCE,
Trustee = new TRUSTEE(psid, TRUSTEE_TYPE.TRUSTEE_IS_WELL_KNOWN_GROUP)
};
SetEntriesInAcl(1, new[] { explAcc }, PACL.NULL, out var newAcl).ThrowIfFailed();
Assert.That(AuditSetGlobalSacl("Key", newAcl), Is.True);
Assert.That(AuditSetGlobalSacl("Key", orig), Is.True);
}
public static int AdjustAccessControlListForUwp(string dllPath)
{
// Get current Access Control List
int errorCode = GetNamedSecurityInfo(dllPath, SE_OBJECT_TYPE.SE_FILE_OBJECT, SecurityInfos.DiscretionaryAcl, out _, out _, out IntPtr currentAcl, out _, out IntPtr securityDescriptor);
if (errorCode != 0)
{
Debug.WriteLine("Call to 'GetNamedSecurityInfoA' failed");
return(11);
}
// sid for all application packages
if (ConvertStringSidToSid("S-1-15-2-1", out IntPtr sid) == 0)
{
Debug.WriteLine("Call to 'ConvertStringSidToSidA' failed");
return(12);
}
EXPLICIT_ACCESS access = new EXPLICIT_ACCESS
{
AccessPermissions = ACCESS_MASK.GENERIC_READ | ACCESS_MASK.GENERIC_EXECUTE,
AccessMode = ACCESS_MODE.SET_ACCESS,
Inheritance = ACCESS_INHERITANCE.SUB_CONTAINERS_AND_OBJECTS_INHERIT,
trustee = new TRUSTEE
{
TrusteeForm = TRUSTEE_FORM.TRUSTEE_IS_SID,
TrusteeType = TRUSTEE_TYPE.TRUSTEE_IS_WELL_KNOWN_GROUP,
Name = sid
}
};
// Set new access entry in the Access Control List
errorCode = SetEntriesInAcl(1, ref access, currentAcl, out IntPtr updatedAcl);
if (errorCode != 0)
{
Debug.WriteLine("Call to 'SetEntriesInAclA' failed");
return(13);
}
// Set new Access Control List
errorCode = SetNamedSecurityInfo(dllPath, SE_OBJECT_TYPE.SE_FILE_OBJECT, SecurityInfos.DiscretionaryAcl, IntPtr.Zero, IntPtr.Zero, updatedAcl, IntPtr.Zero);
if (errorCode != 0)
{
Debug.WriteLine("Call to 'SetNamedSecurityInfoA' failed");
return(14);
}
if (securityDescriptor != IntPtr.Zero)
{
Kernel32.LocalFree(securityDescriptor);
}
if (updatedAcl != IntPtr.Zero)
{
Kernel32.LocalFree(updatedAcl);
}
return(0);
}
internal static extern int SetEntriesInAcl(int cCountOfExplicitEntries, ref EXPLICIT_ACCESS pListOfExplicitEntries, IntPtr oldAcl, out IntPtr newAcl);
public static extern void BuildExplicitAccessWithName(
ref EXPLICIT_ACCESS pExplicitAccess,
string pTrusteeName,
uint AccessPermissions,
uint AccessMode,
uint Inheritance);
static extern int SetEntriesInAcl(int CountofExplicitEntries, ref EXPLICIT_ACCESS ea, IntPtr OldAcl, out IntPtr NewAcl);
public static extern void BuildExplicitAccessWithName(
ref EXPLICIT_ACCESS pExplicitAccess,
string pTrusteeName,
uint AccessPermissions,
uint AccessMode,
uint Inheritance);
public static extern uint SetEntriesInAcl( ulong cCountOfExplicitEntries, EXPLICIT_ACCESS[] pListOfExplicitEntries, LwACL OldAcl, ref LwACL NewAcl );
public static void GrantAdministratorsAccess(string name, SE_OBJECT_TYPE type)
{
SID_IDENTIFIER_AUTHORITY sidNTAuthority = SECURITY_NT_AUTHORITY;
// Create a SID for the BUILTIN\Administrators group.
IntPtr sidAdmin = IntPtr.Zero;
AllocateAndInitializeSid(ref sidNTAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
ref sidAdmin);
// Set full control for Administrators.
EXPLICIT_ACCESS[] explicitAccesss = new EXPLICIT_ACCESS[1];
explicitAccesss[0].grfAccessPermissions = ACCESS_MASK.GENERIC_ALL;
explicitAccesss[0].grfAccessMode = ACCESS_MODE.SET_ACCESS;
explicitAccesss[0].grfInheritance = NO_INHERITANCE;
explicitAccesss[0].Trustee.TrusteeForm = TRUSTEE_FORM.TRUSTEE_IS_SID;
explicitAccesss[0].Trustee.TrusteeType = TRUSTEE_TYPE.TRUSTEE_IS_GROUP;
explicitAccesss[0].Trustee.ptstrName = sidAdmin;
IntPtr acl = IntPtr.Zero;
SetEntriesInAcl(1,
ref explicitAccesss[0],
0,
ref acl);
Action <string, bool> setPrivilege = (privilege, allow) =>
{
IntPtr token = IntPtr.Zero;
TOKEN_PRIVILEGES tokenPrivileges = new TOKEN_PRIVILEGES();
OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out token);
if (allow)
{
LUID luid;
LookupPrivilegeValueA(null, privilege, out luid);
tokenPrivileges.PrivilegeCount = 1;
tokenPrivileges.Privileges = new LUID_AND_ATTRIBUTES[1];
tokenPrivileges.Privileges[0].Luid = luid;
tokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
}
AdjustTokenPrivileges(token, false, ref tokenPrivileges, 0,
IntPtr.Zero, IntPtr.Zero);
CloseHandle(token);
};
// Enable the SE_TAKE_OWNERSHIP_NAME privilege.
setPrivilege(SE_TAKE_OWNERSHIP_NAME, true);
// Set the owner in the object's security descriptor.
SetNamedSecurityInfo(
name,
type,
SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION,
sidAdmin,
IntPtr.Zero,
IntPtr.Zero,
IntPtr.Zero);
// Disable the SE_TAKE_OWNERSHIP_NAME privilege.
setPrivilege(SE_TAKE_OWNERSHIP_NAME, false);
//// Modify the object's DACL,
//SetNamedSecurityInfo(
// name,
// type,
// SECURITY_INFORMATION.DACL_SECURITY_INFORMATION,
// IntPtr.Zero, IntPtr.Zero,
// acl,
// IntPtr.Zero);
FreeSid(sidAdmin);
LocalFree(acl);
}
private static extern uint SetEntriesInAcl(
int CountofExplicitEntries,
ref EXPLICIT_ACCESS ea,
uint OldAcl,
ref IntPtr NewAcl);
public void _createSecuritydesc()
{
byte[] SECURITY_WORLD_SID_AUTHORITY = new byte[6] {
0, 0, 0, 0, 0, 1
};
SidIdentifierAuthority NtAuthority = new SidIdentifierAuthority();
NtAuthority.Value = SECURITY_WORLD_SID_AUTHORITY;
IntPtr AuthenticatedUsersSid = IntPtr.Zero;
//const int AuthenticatedUser = 11;
const int SECURITY_WORLD_RID = 0;
// Get the SID for the Authenticated Uses group
if (!NativeMethods.AllocateAndInitializeSid(ref NtAuthority,
1,
SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0,
out AuthenticatedUsersSid))
{
NativeMethods.FreeSid(AuthenticatedUsersSid);
throw new Win32Exception("Failed to AllocateAndInitializeSid");
}
// Remember to free the SID when you are done
//NativeMethods.FreeSid(AuthenticatedUsersSid);
IntPtr SPECIFIC_RIGHTS_ALL = (IntPtr)0x0000FFFF;
IntPtr STANDARD_RIGHTS_ALL = (IntPtr)0x001F0000;
IntPtr SPECIFIC_N_STANDARD_RIGHTS_ALL = (IntPtr)0x001FFFFF;
uint SET_ACCESS = 2;
EXPLICIT_ACCESS ea = new EXPLICIT_ACCESS();
ea.grfAccessPermissions = (uint)RightFlags.SPECIFIC_N_STANDARD_RIGHTS_ALL;
//(uint)SPECIFIC_N_STANDARD_RIGHTS_ALL;
ea.grfAccessMode = SET_ACCESS;
ea.grfInheritance = 0; //NO_INHERITANCE
ea.Trustee.TrusteeForm = TRUSTEE_FORM.TRUSTEE_IS_SID; //TRUSTEE_IS_SID
ea.Trustee.TrusteeType = TRUSTEE_TYPE.TRUSTEE_IS_WELL_KNOWN_GROUP; //TRUSTEE_IS_WELL_KNOWN_GROUP
ea.Trustee.ptstrName = AuthenticatedUsersSid;
IntPtr NewAclPointer = IntPtr.Zero;
_ACL NewAcl = new _ACL();
// Marshal.StructureToPtr(NewAcl, NewAclPointer, true);
int dwRes = NativeMethods.SetEntriesInAcl(1, ref ea, IntPtr.Zero, out NewAclPointer);
if (dwRes != 0)
{
throw new Win32Exception("Failed to SetEntriesInAcl");
}
SECURITY_DESCRIPTOR sec = new SECURITY_DESCRIPTOR();
Marshal.SizeOf(sec);
IntPtr pSDlocalAlloc = NativeMethods.LocalAlloc((uint)LMEMFlags.LMEM_FIXED_N_ZEROINIT, (UIntPtr)Marshal.SizeOf(sec));
//Marshal.PtrToStructure(pSDlocalAlloc, sec);
if (pSDlocalAlloc == IntPtr.Zero || pSDlocalAlloc == null)
{
throw new Win32Exception("Failed to localAlloc");
}
if (!NativeMethods.InitializeSecurityDescriptor(out sec, 1))
{
throw new Win32Exception("Failed to InitializeSecurityDescriptor");
}
if (!NativeMethods.SetSecurityDescriptorDacl(ref sec, true, NewAclPointer, false))
{
throw new Win32Exception("Failed to SetSecurityDescriptorDacl");
}
//byte[] src = getBytes(sec);
//IntPtr dest = Marshal.AllocHGlobal(src.Length);
//Marshal.Copy(src, 0, dest, src.Length);
//sa.bInheritHandle = 0;
//sa.nLength = Marshal.SizeOf(sa);
//sa.lpSecurityDescriptor = dest;
//Marshal.FreeHGlobal(dest);
//--------------------
//byte[] src = getBytes(sec);
//IntPtr dest = Marshal.AllocHGlobal(src.Length);
//Marshal.Copy(src, 0, dest, src.Length);
//gay1
Marshal.StructureToPtr(sec, pSDlocalAlloc, true);
sa.bInheritHandle = 0;
sa.nLength = (uint)Marshal.SizeOf(sa); // its 24 or 816 (8x100 +8(int) +8(int))
sa.lpSecurityDescriptor = pSDlocalAlloc; // dest;//0x00000193dc8f7420
//gay1 end
//Marshal.FreeHGlobal(dest);
//sa.lpSecurityDescriptor = getBytes(sa);
//Serialize();
// Marshal.by(gay, SECURITY_ATTRIBUTES);
NativeMethods.FreeSid(AuthenticatedUsersSid);
NativeMethods.LocalFree(pSDlocalAlloc);
}
/// <summary>
/// Changes object ownership
/// </summary>
/// <param name="ObjectName"></param>
/// <param name="ObjectType"></param>
/// <returns></returns>
public bool ChangeObjectOwnership(string ObjectName, SE_OBJECT_TYPE ObjectType)
{
bool success = false;
IntPtr pSidAdmin = IntPtr.Zero;
IntPtr pAcl = IntPtr.Zero;
string name = ObjectName;
SID_IDENTIFIER_AUTHORITY sidNTAuthority = new SID_IDENTIFIER_AUTHORITY() { Value = new byte[] { 0, 0, 0, 0, 0, 5 } };
success = AllocateAndInitializeSid(ref sidNTAuthority, (byte)2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, ref pSidAdmin);
if (ObjectName.StartsWith("HKEY_CLASSES_ROOT"))
{
name = ObjectName.Replace("HKEY_CLASSES_ROOT", "CLASSES_ROOT");
}
else if (ObjectName.StartsWith("HKEY_CURRENT_USER"))
{
name = ObjectName.Replace("HKEY_CURRENT_USER", "CURRENT_USER");
}
else if (ObjectName.StartsWith("HKEY_LOCAL_MACHINE"))
{
name = ObjectName.Replace("HKEY_LOCAL_MACHINE", "MACHINE");
}
else if (ObjectName.StartsWith("HKEY_USERS"))
{
name = ObjectName.Replace("HKEY_USERS", "USERS");
}
if (success)
{
EXPLICIT_ACCESS[] explicitAccesss = new EXPLICIT_ACCESS[1];
explicitAccesss[0].grfAccessPermissions = ACCESS_MASK.GENERIC_ALL;
explicitAccesss[0].grfAccessMode = ACCESS_MODE.SET_ACCESS;
explicitAccesss[0].grfInheritance = NO_INHERITANCE;
explicitAccesss[0].Trustee.TrusteeForm = TRUSTEE_FORM.TRUSTEE_IS_SID;
explicitAccesss[0].Trustee.TrusteeType = TRUSTEE_TYPE.TRUSTEE_IS_GROUP;
explicitAccesss[0].Trustee.ptstrName = pSidAdmin;
//modify dacl
SetEntriesInAcl(1, ref explicitAccesss[0], IntPtr.Zero, out pAcl);
success = SetPrivilege(SE_TAKE_OWNERSHIP_NAME, true);
if (success)
{
// set admin as owner
int p = SetNamedSecurityInfo(name, ObjectType, SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION, pSidAdmin, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);
success = SetPrivilege(SE_TAKE_OWNERSHIP_NAME, false);
if (success)
{
SetNamedSecurityInfo(name, ObjectType, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION, IntPtr.Zero, IntPtr.Zero, pAcl, IntPtr.Zero);
}
}
}
if (pSidAdmin != IntPtr.Zero)
{
FreeSid(pSidAdmin);
}
if (pAcl != IntPtr.Zero)
{
LocalFree(pAcl);
}
return success;
}
