Powershell-Modules
/
NTFSSecurity-Module
mirror of https://github.com/raandree/NTFSSecurity
1
0
Fork 0
Code Issues 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
98 Commits
3 Branches
7.1 MiB
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
NTFSSecurity-Module/ProcessPrivileges/PrivilegeEnabler.cs

220 lines
11 KiB
Raw Permalink Blame History 

  1. // <copyright file="PrivilegeEnabler.cs" company="Nick Lowe">

  2. // Copyright © Nick Lowe 2009

  3. // </copyright>

  4. // <author>Nick Lowe</author>

  5. // <email>nick@int-r.net</email>

  6. // <url>http://processprivileges.codeplex.com/</url>

  7. 

  8. namespace ProcessPrivileges

  9. {

  10.     using System;

  11.     using System.Collections.Generic;

  12.     using System.Diagnostics;

  13.     using System.Linq;

  14.     using System.Security.Permissions;

  15. 

  16.     /// <summary>Enables privileges on a process in a safe way, ensuring that they are returned to their original state when an operation that requires a privilege completes.</summary>

  17.     /// <example>

  18.     ///     <code>

  19.     /// using System;

  20.     /// using System.Diagnostics;

  21.     /// using ProcessPrivileges;

  22.     /// 

  23.     /// internal static class PrivilegeEnablerExample

  24.     /// {

  25.     ///     public static void Main()

  26.     ///     {

  27.     ///         Process process = Process.GetCurrentProcess();

  28.     /// 

  29.     ///         using (new PrivilegeEnabler(process, Privilege.TakeOwnership))

  30.     ///         {

  31.     ///             // Privilege is enabled within the using block.

  32.     ///             Console.WriteLine(

  33.     ///                 "{0} => {1}",

  34.     ///                 Privilege.TakeOwnership,

  35.     ///                 process.GetPrivilegeState(Privilege.TakeOwnership));

  36.     ///         }

  37.     /// 

  38.     ///         // Privilege is disabled outside the using block.

  39.     ///         Console.WriteLine(

  40.     ///             "{0} => {1}",

  41.     ///             Privilege.TakeOwnership,

  42.     ///             process.GetPrivilegeState(Privilege.TakeOwnership));

  43.     ///     }

  44.     /// }

  45.     ///     </code>

  46.     /// </example>

  47.     /// <remarks>

  48.     ///     <para>When disabled, privileges are enabled until the instance of the PrivilegeEnabler class is disposed.</para>

  49.     ///     <para>If the privilege specified is already enabled, it is not modified and will not be disabled when the instance of the PrivilegeEnabler class is disposed.</para>

  50.     ///     <para>If desired, multiple privileges can be specified in the constructor.</para>

  51.     ///     <para>If using multiple instances on the same process, do not dispose of them out-of-order. Making use of a using statement, the recommended method, enforces this.</para>

  52.     ///     <para>For more information on privileges, see:</para>

  53.     ///     <para><a href="http://msdn.microsoft.com/en-us/library/aa379306.aspx">Privileges</a></para>

  54.     ///     <para><a href="http://msdn.microsoft.com/en-us/library/bb530716.aspx">Privilege Constants</a></para>

  55.     /// </remarks>

  56.     public sealed class PrivilegeEnabler : IDisposable

  57.     {

  58.         private static readonly Dictionary<Privilege, PrivilegeEnabler> sharedPrivileges =

  59.             new Dictionary<Privilege, PrivilegeEnabler>();

  60. 

  61.         private static readonly Dictionary<Process, AccessTokenHandle> accessTokenHandles =

  62.             new Dictionary<Process, AccessTokenHandle>();

  63. 

  64.         private AccessTokenHandle accessTokenHandle;

  65. 

  66.         private bool disposed;

  67. 

  68.         private bool ownsHandle;

  69. 

  70.         private Process process;

  71. 

  72.         /// <summary>Initializes a new instance of the PrivilegeEnabler class.</summary>

  73.         /// <param name="accessTokenHandle">The <see cref="AccessTokenHandle"/> for a <see cref="Process"/> on which privileges should be enabled.</param>

  74.         /// <exception cref="InvalidOperationException">Thrown when another instance exists and has not been disposed.</exception>

  75.         /// <permission cref="SecurityAction.LinkDemand">Requires the immediate caller to have FullTrust.</permission>

  76.         [PermissionSetAttribute(SecurityAction.LinkDemand, Name = "FullTrust")]

  77.         public PrivilegeEnabler(AccessTokenHandle accessTokenHandle)

  78.         {

  79.             this.accessTokenHandle = accessTokenHandle;

  80.         }

  81. 

  82.         /// <summary>Initializes a new instance of the PrivilegeEnabler class.</summary>

  83.         /// <param name="process">The <see cref="Process"/> on which privileges should be enabled.</param>

  84.         /// <exception cref="InvalidOperationException">Thrown when another instance exists and has not been disposed.</exception>

  85.         /// <permission cref="SecurityAction.LinkDemand">Requires the immediate caller to have FullTrust.</permission>

  86.         [PermissionSetAttribute(SecurityAction.LinkDemand, Name = "FullTrust")]

  87.         public PrivilegeEnabler(Process process)

  88.         {

  89.             lock (accessTokenHandles)

  90.             {

  91.                 if (accessTokenHandles.ContainsKey(process))

  92.                 {

  93.                     this.accessTokenHandle = accessTokenHandles[process];

  94.                 }

  95.                 else

  96.                 {

  97.                     this.accessTokenHandle =

  98.                         process.GetAccessTokenHandle(TokenAccessRights.AdjustPrivileges | TokenAccessRights.Query);

  99.                     accessTokenHandles.Add(process, this.accessTokenHandle);

  100.                     this.ownsHandle = true;

  101.                 }

  102.             }

  103. 

  104.             this.process = process;

  105.         }

  106. 

  107.         /// <summary>Initializes a new instance of the PrivilegeEnabler class with the specified privileges to be enabled.</summary>

  108.         /// <param name="accessTokenHandle">The <see cref="AccessTokenHandle"/> for a <see cref="Process"/> on which privileges should be enabled.</param>

  109.         /// <param name="privileges">The privileges to be enabled.</param>

  110.         /// <exception cref="Win32Exception">Thrown when an underlying Win32 function call does not succeed.</exception>

  111.         /// <permission cref="SecurityAction.LinkDemand">Requires the immediate caller to have FullTrust.</permission>

  112.         [PermissionSetAttribute(SecurityAction.LinkDemand, Name = "FullTrust")]

  113.         public PrivilegeEnabler(AccessTokenHandle accessTokenHandle, params Privilege[] privileges)

  114.             : this(accessTokenHandle)

  115.         {

  116.             foreach (Privilege privilege in privileges)

  117.             {

  118.                 this.EnablePrivilege(privilege);

  119.             }

  120.         }

  121. 

  122.         /// <summary>Initializes a new instance of the PrivilegeEnabler class with the specified privileges to be enabled.</summary>

  123.         /// <param name="process">The <see cref="Process"/> on which privileges should be enabled.</param>

  124.         /// <param name="privileges">The privileges to be enabled.</param>

  125.         /// <exception cref="Win32Exception">Thrown when an underlying Win32 function call does not succeed.</exception>

  126.         /// <permission cref="SecurityAction.LinkDemand">Requires the immediate caller to have FullTrust.</permission>

  127.         [PermissionSetAttribute(SecurityAction.LinkDemand, Name = "FullTrust")]

  128.         public PrivilegeEnabler(Process process, params Privilege[] privileges)

  129.             : this(process)

  130.         {

  131.             foreach (Privilege privilege in privileges)

  132.             {

  133.                 this.EnablePrivilege(privilege);

  134.             }

  135.         }

  136. 

  137.         /// <summary>Finalizes an instance of the PrivilegeEnabler class.</summary>

  138.         ~PrivilegeEnabler()

  139.         {

  140.             this.InternalDispose();

  141.         }

  142. 

  143.         /// <summary>Disposes of an instance of the PrivilegeEnabler class.</summary>

  144.         /// <exception cref="Win32Exception">Thrown when an underlying Win32 function call does not succeed.</exception>

  145.         /// <permission cref="SecurityAction.Demand">Requires the call stack to have FullTrust.</permission>

  146.         [PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]

  147.         public void Dispose()

  148.         {

  149.             this.InternalDispose();

  150.             GC.SuppressFinalize(this);

  151.         }

  152. 

  153.         /// <summary>Enables the specified <see cref="Privilege"/>.</summary>

  154.         /// <param name="privilege">The <see cref="Privilege"/> to be enabled.</param>

  155.         /// <returns>

  156.         ///     <para>Result from the privilege adjustment.</para>

  157.         ///     <para>If the <see cref="Privilege"/> is already enabled, <see cref="AdjustPrivilegeResult.None"/> is returned.</para>

  158.         ///     <para>If the <see cref="Privilege"/> is owned by another instance of the PrivilegeEnabler class, <see cref="AdjustPrivilegeResult.None"/> is returned.</para>

  159.         ///     <para>If a <see cref="Privilege"/> is removed from a process, it cannot be enabled.</para>

  160.         /// </returns>

  161.         /// <remarks>

  162.         ///     <para>When disabled, privileges are enabled until the instance of the PrivilegeEnabler class is disposed.</para>

  163.         ///     <para>If the privilege specified is already enabled, it is not modified and will not be disabled when the instance of the PrivilegeEnabler class is disposed.</para>

  164.         /// </remarks>

  165.         /// <exception cref="Win32Exception">Thrown when an underlying Win32 function call does not succeed.</exception>

  166.         /// <permission cref="SecurityAction.LinkDemand">Requires the immediate caller to have FullTrust.</permission>

  167.         [PermissionSetAttribute(SecurityAction.LinkDemand, Name = "FullTrust")]

  168.         public AdjustPrivilegeResult EnablePrivilege(Privilege privilege)

  169.         {

  170.             lock (sharedPrivileges)

  171.             {

  172.                 if (!sharedPrivileges.ContainsKey(privilege) &&

  173.                     this.accessTokenHandle.GetPrivilegeState(privilege) == PrivilegeState.Disabled &&

  174.                     this.accessTokenHandle.EnablePrivilege(privilege) == AdjustPrivilegeResult.PrivilegeModified)

  175.                 {

  176.                     sharedPrivileges.Add(privilege, this);

  177.                     return AdjustPrivilegeResult.PrivilegeModified;

  178.                 }

  179. 

  180.                 return AdjustPrivilegeResult.None;

  181.             }

  182.         }

  183. 

  184.         [PermissionSetAttribute(SecurityAction.LinkDemand, Name = "FullTrust")]

  185.         private void InternalDispose()

  186.         {

  187.             if (!this.disposed)

  188.             {

  189.                 lock (sharedPrivileges)

  190.                 {

  191.                     Privilege[] privileges = sharedPrivileges

  192.                         .Where(keyValuePair => keyValuePair.Value == this)

  193.                         .Select(keyValuePair => keyValuePair.Key)

  194.                         .ToArray();

  195. 

  196.                     foreach (Privilege privilege in privileges)

  197.                     {

  198.                         this.accessTokenHandle.DisablePrivilege(privilege);

  199.                         sharedPrivileges.Remove(privilege);

  200.                     }

  201. 

  202.                     if (this.ownsHandle)

  203.                     {

  204.                         this.accessTokenHandle.Dispose();

  205.                         lock (this.accessTokenHandle)

  206.                         {

  207.                             accessTokenHandles.Remove(this.process);

  208.                         }

  209.                     }

  210. 

  211.                     this.accessTokenHandle = null;

  212.                     this.ownsHandle = false;

  213.                     this.process = null;

  214. 

  215.                     this.disposed = true;

  216.                 }

  217.             }

  218.         }

  219.     }

  220. }