Powershell-Modules
/
NTFSSecurity-Module
mirror of https://github.com/raandree/NTFSSecurity
1
0
Fork 0
Code Issues 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
98 Commits
3 Branches
7.1 MiB
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
NTFSSecurity-Module/ProcessPrivileges/Privileges.cs

319 lines
15 KiB
Raw Permalink Blame History 

  1. // <copyright file="Privileges.cs" company="Nick Lowe">

  2. // Copyright © Nick Lowe 2009

  3. // </copyright>

  4. // <author>Nick Lowe</author>

  5. // <email>nick@int-r.net</email>

  6. // <url>http://processprivileges.codeplex.com/</url>

  7. 

  8. namespace ProcessPrivileges

  9. {

  10.     using System;

  11.     using System.Collections.Generic;

  12.     using System.ComponentModel;

  13.     using System.Runtime.InteropServices;

  14.     using System.Text;

  15. 

  16.     internal static class Privileges

  17.     {

  18.         private const int PrivilegesCount = 35;

  19. 

  20.         private const string SeAssignPrimaryTokenPrivilege = "SeAssignPrimaryTokenPrivilege";

  21.         private const string SeAuditPrivilege = "SeAuditPrivilege";

  22.         private const string SeBackupPrivilege = "SeBackupPrivilege";

  23.         private const string SeChangeNotifyPrivilege = "SeChangeNotifyPrivilege";

  24.         private const string SeCreateGlobalPrivilege = "SeCreateGlobalPrivilege";

  25.         private const string SeCreatePagefilePrivilege = "SeCreatePagefilePrivilege";

  26.         private const string SeCreatePermanentPrivilege = "SeCreatePermanentPrivilege";

  27.         private const string SeCreateSymbolicLinkPrivilege = "SeCreateSymbolicLinkPrivilege";

  28.         private const string SeCreateTokenPrivilege = "SeCreateTokenPrivilege";

  29.         private const string SeDebugPrivilege = "SeDebugPrivilege";

  30.         private const string SeEnableDelegationPrivilege = "SeEnableDelegationPrivilege";

  31.         private const string SeImpersonatePrivilege = "SeImpersonatePrivilege";

  32.         private const string SeIncreaseBasePriorityPrivilege = "SeIncreaseBasePriorityPrivilege";

  33.         private const string SeIncreaseQuotaPrivilege = "SeIncreaseQuotaPrivilege";

  34.         private const string SeIncreaseWorkingSetPrivilege = "SeIncreaseWorkingSetPrivilege";

  35.         private const string SeLoadDriverPrivilege = "SeLoadDriverPrivilege";

  36.         private const string SeLockMemoryPrivilege = "SeLockMemoryPrivilege";

  37.         private const string SeMachineAccountPrivilege = "SeMachineAccountPrivilege";

  38.         private const string SeManageVolumePrivilege = "SeManageVolumePrivilege";

  39.         private const string SeProfileSingleProcessPrivilege = "SeProfileSingleProcessPrivilege";

  40.         private const string SeRelabelPrivilege = "SeRelabelPrivilege";

  41.         private const string SeRemoteShutdownPrivilege = "SeRemoteShutdownPrivilege";

  42.         private const string SeRestorePrivilege = "SeRestorePrivilege";

  43.         private const string SeSecurityPrivilege = "SeSecurityPrivilege";

  44.         private const string SeShutdownPrivilege = "SeShutdownPrivilege";

  45.         private const string SeSyncAgentPrivilege = "SeSyncAgentPrivilege";

  46.         private const string SeSystemEnvironmentPrivilege = "SeSystemEnvironmentPrivilege";

  47.         private const string SeSystemProfilePrivilege = "SeSystemProfilePrivilege";

  48.         private const string SeSystemTimePrivilege = "SeSystemtimePrivilege";

  49.         private const string SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege";

  50.         private const string SeTcbPrivilege = "SeTcbPrivilege";

  51.         private const string SeTimeZonePrivilege = "SeTimeZonePrivilege";

  52.         private const string SeTrustedCredManAccessPrivilege = "SeTrustedCredManAccessPrivilege";

  53.         private const string SeUndockPrivilege = "SeUndockPrivilege";

  54.         private const string SeUnsolicitedInputPrivilege = "SeUnsolicitedInputPrivilege";

  55. 

  56.         private static readonly Dictionary<Privilege, Luid> luidDictionary =

  57.             new Dictionary<Privilege, Luid>(PrivilegesCount);

  58. 

  59.         private static readonly Dictionary<Privilege, string> privilegeConstantsDictionary =

  60.             new Dictionary<Privilege, string>(PrivilegesCount)

  61.         {

  62.            { Privilege.AssignPrimaryToken, SeAssignPrimaryTokenPrivilege },

  63.            { Privilege.Audit, SeAuditPrivilege },

  64.            { Privilege.Backup, SeBackupPrivilege },

  65.            { Privilege.ChangeNotify, SeChangeNotifyPrivilege },

  66.            { Privilege.CreateGlobal, SeCreateGlobalPrivilege },

  67.            { Privilege.CreatePageFile, SeCreatePagefilePrivilege },

  68.            { Privilege.CreatePermanent, SeCreatePermanentPrivilege },

  69.            { Privilege.CreateSymbolicLink, SeCreateSymbolicLinkPrivilege },

  70.            { Privilege.CreateToken, SeCreateTokenPrivilege },

  71.            { Privilege.Debug, SeDebugPrivilege },

  72.            { Privilege.EnableDelegation, SeEnableDelegationPrivilege },

  73.            { Privilege.Impersonate, SeImpersonatePrivilege },

  74.            { Privilege.IncreaseBasePriority, SeIncreaseBasePriorityPrivilege },

  75.            { Privilege.IncreaseQuota, SeIncreaseQuotaPrivilege },

  76.            { Privilege.IncreaseWorkingSet, SeIncreaseWorkingSetPrivilege },

  77.            { Privilege.LoadDriver, SeLoadDriverPrivilege },

  78.            { Privilege.LockMemory, SeLockMemoryPrivilege },

  79.            { Privilege.MachineAccount, SeMachineAccountPrivilege },

  80.            { Privilege.ManageVolume, SeManageVolumePrivilege },

  81.            { Privilege.ProfileSingleProcess, SeProfileSingleProcessPrivilege },

  82.            { Privilege.Relabel, SeRelabelPrivilege },

  83.            { Privilege.RemoteShutdown, SeRemoteShutdownPrivilege },

  84.            { Privilege.Restore, SeRestorePrivilege },

  85.            { Privilege.Security, SeSecurityPrivilege },

  86.            { Privilege.Shutdown, SeShutdownPrivilege },

  87.            { Privilege.SyncAgent, SeSyncAgentPrivilege },

  88.            { Privilege.SystemEnvironment, SeSystemEnvironmentPrivilege },

  89.            { Privilege.SystemProfile, SeSystemProfilePrivilege },

  90.            { Privilege.SystemTime, SeSystemTimePrivilege },

  91.            { Privilege.TakeOwnership, SeTakeOwnershipPrivilege },

  92.            { Privilege.TrustedComputerBase, SeTcbPrivilege },

  93.            { Privilege.TimeZone, SeTimeZonePrivilege },

  94.            { Privilege.TrustedCredentialManagerAccess, SeTrustedCredManAccessPrivilege },

  95.            { Privilege.Undock, SeUndockPrivilege },

  96.            { Privilege.UnsolicitedInput, SeUnsolicitedInputPrivilege }

  97.         };

  98. 

  99.         private static readonly Dictionary<string, Privilege> privilegesDictionary =

  100.             new Dictionary<string, Privilege>(PrivilegesCount)

  101.         {

  102.            { SeAssignPrimaryTokenPrivilege, Privilege.AssignPrimaryToken },

  103.            { SeAuditPrivilege, Privilege.Audit },

  104.            { SeBackupPrivilege, Privilege.Backup },

  105.            { SeChangeNotifyPrivilege, Privilege.ChangeNotify },

  106.            { SeCreateGlobalPrivilege, Privilege.CreateGlobal },

  107.            { SeCreatePagefilePrivilege, Privilege.CreatePageFile },

  108.            { SeCreatePermanentPrivilege, Privilege.CreatePermanent },

  109.            { SeCreateSymbolicLinkPrivilege, Privilege.CreateSymbolicLink },

  110.            { SeCreateTokenPrivilege, Privilege.CreateToken },

  111.            { SeDebugPrivilege, Privilege.Debug },

  112.            { SeEnableDelegationPrivilege, Privilege.EnableDelegation },

  113.            { SeImpersonatePrivilege, Privilege.Impersonate },

  114.            { SeIncreaseBasePriorityPrivilege, Privilege.IncreaseBasePriority },

  115.            { SeIncreaseQuotaPrivilege, Privilege.IncreaseQuota },

  116.            { SeIncreaseWorkingSetPrivilege, Privilege.IncreaseWorkingSet },

  117.            { SeLoadDriverPrivilege, Privilege.LoadDriver },

  118.            { SeLockMemoryPrivilege, Privilege.LockMemory },

  119.            { SeMachineAccountPrivilege, Privilege.MachineAccount },

  120.            { SeManageVolumePrivilege, Privilege.ManageVolume },

  121.            { SeProfileSingleProcessPrivilege, Privilege.ProfileSingleProcess },

  122.            { SeRelabelPrivilege, Privilege.Relabel },

  123.            { SeRemoteShutdownPrivilege, Privilege.RemoteShutdown },

  124.            { SeRestorePrivilege, Privilege.Restore },

  125.            { SeSecurityPrivilege, Privilege.Security },

  126.            { SeShutdownPrivilege, Privilege.Shutdown },

  127.            { SeSyncAgentPrivilege, Privilege.SyncAgent },

  128.            { SeSystemEnvironmentPrivilege, Privilege.SystemEnvironment },

  129.            { SeSystemProfilePrivilege, Privilege.SystemProfile },

  130.            { SeSystemTimePrivilege, Privilege.SystemTime },

  131.            { SeTakeOwnershipPrivilege, Privilege.TakeOwnership },

  132.            { SeTcbPrivilege, Privilege.TrustedComputerBase },

  133.            { SeTimeZonePrivilege, Privilege.TimeZone },

  134.            { SeTrustedCredManAccessPrivilege, Privilege.TrustedCredentialManagerAccess },

  135.            { SeUndockPrivilege, Privilege.Undock },

  136.            { SeUnsolicitedInputPrivilege, Privilege.UnsolicitedInput }

  137.         };

  138. 

  139.         internal static AdjustPrivilegeResult DisablePrivilege(AccessTokenHandle accessTokenHandle, Privilege privilege)

  140.         {

  141.             return AdjustPrivilege(accessTokenHandle, privilege, PrivilegeAttributes.Disabled);

  142.         }

  143. 

  144.         internal static AdjustPrivilegeResult EnablePrivilege(AccessTokenHandle accessTokenHandle, Privilege privilege)

  145.         {

  146.             return AdjustPrivilege(accessTokenHandle, privilege, PrivilegeAttributes.Enabled);

  147.         }

  148. 

  149.         internal static AdjustPrivilegeResult RemovePrivilege(AccessTokenHandle accessTokenHandle, Privilege privilege)

  150.         {

  151.             return AdjustPrivilege(accessTokenHandle, privilege, PrivilegeAttributes.Removed);

  152.         }

  153. 

  154.         internal static PrivilegeAttributes GetPrivilegeAttributes(Privilege privilege, PrivilegeAndAttributesCollection privileges)

  155.         {

  156.             foreach (PrivilegeAndAttributes privilegeAndAttributes in privileges)

  157.             {

  158.                 if (privilegeAndAttributes.Privilege == privilege)

  159.                 {

  160.                     return privilegeAndAttributes.PrivilegeAttributes;

  161.                 }

  162.             }

  163. 

  164.             GetLuid(privilege);

  165. 

  166.             return PrivilegeAttributes.Removed;

  167.         }

  168. 

  169.         internal static PrivilegeAndAttributesCollection GetPrivileges(AccessTokenHandle accessTokenHandle)

  170.         {

  171.             LuidAndAttributes[] luidAndAttributesArray = GetTokenPrivileges(accessTokenHandle);

  172.             int length = luidAndAttributesArray.Length;

  173.             List<PrivilegeAndAttributes> privilegeAndAttributes = new List<PrivilegeAndAttributes>(length);

  174.             for (int i = 0; i < length; i++)

  175.             {

  176.                 LuidAndAttributes luidAndAttributes = luidAndAttributesArray[i];

  177.                 string name = GetPrivilegeName(luidAndAttributes.Luid);

  178.                 if (privilegesDictionary.ContainsKey(name))

  179.                 {

  180.                     privilegeAndAttributes.Add(new PrivilegeAndAttributes(

  181.                         privilegesDictionary[name],

  182.                         luidAndAttributes.Attributes));

  183.                 }

  184.             }

  185. 

  186.             return new PrivilegeAndAttributesCollection(privilegeAndAttributes);

  187.         }

  188. 

  189.         private static AdjustPrivilegeResult AdjustPrivilege(

  190.             AccessTokenHandle accessTokenHandle,

  191.             Luid luid,

  192.             PrivilegeAttributes privilegeAttributes)

  193.         {

  194.             TokenPrivilege newState = new TokenPrivilege

  195.             {

  196.                 PrivilegeCount = 1,

  197.                 Privilege = new LuidAndAttributes

  198.                 {

  199.                     Attributes = privilegeAttributes,

  200.                     Luid = luid

  201.                 }

  202.             };

  203.             TokenPrivilege previousState = new TokenPrivilege();

  204.             int returnLength = 0;

  205. 

  206.             if (!NativeMethods.AdjustTokenPrivileges(

  207.                 accessTokenHandle,

  208.                 false,

  209.                 ref newState,

  210.                 Marshal.SizeOf(previousState),

  211.                 ref previousState,

  212.                 ref returnLength))

  213.             {

  214.                 throw new Win32Exception(Marshal.GetLastWin32Error());

  215.             }

  216. 

  217.             return (AdjustPrivilegeResult)previousState.PrivilegeCount;

  218.         }

  219. 

  220.         private static AdjustPrivilegeResult AdjustPrivilege(

  221.             AccessTokenHandle accessTokenHandle,

  222.             Privilege privilege,

  223.             PrivilegeAttributes privilegeAttributes)

  224.         {

  225.             return AdjustPrivilege(accessTokenHandle, GetLuid(privilege), privilegeAttributes);

  226.         }

  227. 

  228.         private static Luid GetLuid(Privilege privilege)

  229.         {

  230.             if (luidDictionary.ContainsKey(privilege))

  231.             {

  232.                 return luidDictionary[privilege];

  233.             }

  234. 

  235.             Luid luid = new Luid();

  236.             if (!NativeMethods.LookupPrivilegeValue(String.Empty, privilegeConstantsDictionary[privilege], ref luid))

  237.             {

  238.                 throw new Win32Exception(Marshal.GetLastWin32Error());

  239.             }

  240. 

  241.             luidDictionary.Add(privilege, luid);

  242.             return luid;

  243.         }

  244. 

  245.         private static string GetPrivilegeName(Luid luid)

  246.         {

  247.             StringBuilder nameBuilder = new StringBuilder();

  248.             int nameLength = 0;

  249.             if (NativeMethods.LookupPrivilegeName(String.Empty, ref luid, nameBuilder, ref nameLength))

  250.             {

  251.                 return String.Empty;

  252.             }

  253. 

  254.             int lastWin32Error = Marshal.GetLastWin32Error();

  255.             if (lastWin32Error != NativeMethods.ErrorInsufficientBuffer)

  256.             {

  257.                 throw new Win32Exception(lastWin32Error);

  258.             }

  259. 

  260.             nameBuilder.EnsureCapacity(nameLength);

  261.             if (!NativeMethods.LookupPrivilegeName(String.Empty, ref luid, nameBuilder, ref nameLength))

  262.             {

  263.                 throw new Win32Exception(Marshal.GetLastWin32Error());

  264.             }

  265. 

  266.             return nameBuilder.ToString();

  267.         }

  268. 

  269.         private static LuidAndAttributes[] GetTokenPrivileges(AccessTokenHandle accessTokenHandle)

  270.         {

  271.             int tokenInformationLength = 0;

  272.             int returnLength = 0;

  273.             if (NativeMethods.GetTokenInformation(

  274.                 accessTokenHandle,

  275.                 TokenInformationClass.TokenPrivileges,

  276.                 IntPtr.Zero,

  277.                 tokenInformationLength,

  278.                 ref returnLength))

  279.             {

  280.                 return new LuidAndAttributes[0];

  281.             }

  282. 

  283.             int lastWin32Error = Marshal.GetLastWin32Error();

  284.             if (lastWin32Error != NativeMethods.ErrorInsufficientBuffer)

  285.             {

  286.                 throw new Win32Exception(lastWin32Error);

  287.             }

  288. 

  289.             tokenInformationLength = returnLength;

  290.             returnLength = 0;

  291. 

  292.             using (AllocatedMemory allocatedMemory = new AllocatedMemory(tokenInformationLength))

  293.             {

  294.                 if (!NativeMethods.GetTokenInformation(

  295.                     accessTokenHandle,

  296.                     TokenInformationClass.TokenPrivileges,

  297.                     allocatedMemory.Pointer,

  298.                     tokenInformationLength,

  299.                     ref returnLength))

  300.                 {

  301.                     throw new Win32Exception(Marshal.GetLastWin32Error());

  302.                 }

  303. 

  304.                 int privilegeCount = Marshal.ReadInt32(allocatedMemory.Pointer);

  305.                 LuidAndAttributes[] luidAndAttributes = new LuidAndAttributes[privilegeCount];

  306.                 long pointer = allocatedMemory.Pointer.ToInt64() + Marshal.SizeOf(privilegeCount);

  307.                 Type type = typeof(LuidAndAttributes);

  308.                 long size = Marshal.SizeOf(type);

  309.                 for (int i = 0; i < privilegeCount; i++)

  310.                 {

  311.                     luidAndAttributes[i] = (LuidAndAttributes)Marshal.PtrToStructure(new IntPtr(pointer), type);

  312.                     pointer += size;

  313.                 }

  314. 

  315.                 return luidAndAttributes;

  316.             }

  317.         }

  318.     }

  319. }