Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.

275 rader
17 KiB

  1. /* Copyright (C) 2008-2016 Peter Palotas, Jeffrey Jangli, Alexandr Normuradov
  2. *
  3. * Permission is hereby granted, free of charge, to any person obtaining a copy
  4. * of this software and associated documentation files (the "Software"), to deal
  5. * in the Software without restriction, including without limitation the rights
  6. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  7. * copies of the Software, and to permit persons to whom the Software is
  8. * furnished to do so, subject to the following conditions:
  9. *
  10. * The above copyright notice and this permission notice shall be included in
  11. * all copies or substantial portions of the Software.
  12. *
  13. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  14. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  15. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  16. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  17. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  18. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  19. * THE SOFTWARE.
  20. */
  21. using System;
  22. using System.Diagnostics.CodeAnalysis;
  23. using System.Runtime.InteropServices;
  24. using System.Security;
  25. using System.Text;
  26. namespace Alphaleonis.Win32.Security
  27. {
  28. internal static partial class NativeMethods
  29. {
  30. #region AdjustTokenPrivileges
  31. /// <summary>The AdjustTokenPrivileges function enables or disables privileges in the specified access token. Enabling or disabling privileges in an access token requires TOKEN_ADJUST_PRIVILEGES access.</summary>
  32. /// <returns>
  33. /// If the function succeeds, the return value is nonzero.
  34. /// To determine whether the function adjusted all of the specified privileges, call GetLastError.
  35. /// </returns>
  36. /// <remarks>Minimum supported client: Windows XP [desktop apps only]</remarks>
  37. /// <remarks>Minimum supported server: Windows Server 2003 [desktop apps only]</remarks>
  38. [SuppressMessage("Microsoft.Security", "CA5122:PInvokesShouldNotBeSafeCriticalFxCopRule")]
  39. [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity]
  40. [return: MarshalAs(UnmanagedType.Bool)]
  41. internal static extern bool AdjustTokenPrivileges(IntPtr tokenHandle, [MarshalAs(UnmanagedType.Bool)] bool disableAllPrivileges, ref TokenPrivileges newState, uint bufferLength, out TokenPrivileges previousState, out uint returnLength);
  42. #endregion // AdjustTokenPrivileges
  43. #region LookupPrivilegeDisplayName
  44. /// <summary>The LookupPrivilegeDisplayName function retrieves the display name that represents a specified privilege.</summary>
  45. /// <returns>
  46. /// If the function succeeds, the return value is nonzero.
  47. /// If the function fails, it returns zero. To get extended error information, call GetLastError.
  48. /// </returns>
  49. /// <remarks>Minimum supported client: Windows XP [desktop apps only]</remarks>
  50. /// <remarks>Minimum supported server: Windows Server 2003 [desktop apps only]</remarks>
  51. [SuppressMessage("Microsoft.Security", "CA5122:PInvokesShouldNotBeSafeCriticalFxCopRule")]
  52. [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode, EntryPoint = "LookupPrivilegeDisplayNameW"), SuppressUnmanagedCodeSecurity]
  53. [return: MarshalAs(UnmanagedType.Bool)]
  54. internal static extern bool LookupPrivilegeDisplayName([MarshalAs(UnmanagedType.LPWStr)] string lpSystemName, [MarshalAs(UnmanagedType.LPWStr)] string lpName, ref StringBuilder lpDisplayName, ref uint cchDisplayName, out uint lpLanguageId);
  55. #endregion // LookupPrivilegeDisplayName
  56. #region LookupPrivilegeValue
  57. /// <summary>The LookupPrivilegeValue function retrieves the locally unique identifier (LUID) used on a specified system to locally represent the specified privilege name.</summary>
  58. /// <returns>
  59. /// If the function succeeds, the function returns nonzero.
  60. /// If the function fails, it returns zero. To get extended error information, call GetLastError.
  61. /// </returns>
  62. /// <remarks>Minimum supported client: Windows XP [desktop apps only]</remarks>
  63. /// <remarks>Minimum supported server: Windows Server 2003 [desktop apps only]</remarks>
  64. [SuppressMessage("Microsoft.Security", "CA5122:PInvokesShouldNotBeSafeCriticalFxCopRule")]
  65. [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode, EntryPoint = "LookupPrivilegeValueW"), SuppressUnmanagedCodeSecurity]
  66. [return: MarshalAs(UnmanagedType.Bool)]
  67. internal static extern bool LookupPrivilegeValue([MarshalAs(UnmanagedType.LPWStr)] string lpSystemName, [MarshalAs(UnmanagedType.LPWStr)] string lpName, out Luid lpLuid);
  68. #endregion // LookupPrivilegeValue
  69. #region GetNamedSecurityInfo
  70. /// <summary>The GetNamedSecurityInfo function retrieves a copy of the security descriptor for an object specified by name.
  71. /// <para>&#160;</para>
  72. /// <returns>
  73. /// <para>If the function succeeds, the return value is ERROR_SUCCESS.</para>
  74. /// <para>If the function fails, the return value is a nonzero error code defined in WinError.h.</para>
  75. /// </returns>
  76. /// <para>&#160;</para>
  77. /// <remarks>
  78. /// <para>Minimum supported client: Windows XP [desktop apps only]</para>
  79. /// <para>Minimum supported server: Windows Server 2003 [desktop apps only]</para>
  80. /// </remarks>
  81. /// </summary>
  82. [SuppressMessage("Microsoft.Security", "CA5122:PInvokesShouldNotBeSafeCriticalFxCopRule")]
  83. [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode, EntryPoint = "GetNamedSecurityInfoW"), SuppressUnmanagedCodeSecurity]
  84. [return: MarshalAs(UnmanagedType.U4)]
  85. internal static extern uint GetNamedSecurityInfo([MarshalAs(UnmanagedType.LPWStr)] string pObjectName, ObjectType objectType, SecurityInformation securityInfo, out IntPtr pSidOwner, out IntPtr pSidGroup, out IntPtr pDacl, out IntPtr pSacl, out SafeGlobalMemoryBufferHandle pSecurityDescriptor);
  86. #endregion // GetNamedSecurityInfo
  87. #region GetSecurityInfo
  88. /// <summary>The GetSecurityInfo function retrieves a copy of the security descriptor for an object specified by a handle.</summary>
  89. /// <returns>
  90. /// If the function succeeds, the function returns nonzero.
  91. /// If the function fails, it returns zero. To get extended error information, call GetLastError.
  92. /// </returns>
  93. /// <remarks>Minimum supported client: Windows XP [desktop apps only]</remarks>
  94. /// <remarks>Minimum supported server: Windows Server 2003 [desktop apps only]</remarks>
  95. [SuppressMessage("Microsoft.Security", "CA5122:PInvokesShouldNotBeSafeCriticalFxCopRule")]
  96. [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity]
  97. [return: MarshalAs(UnmanagedType.U4)]
  98. internal static extern uint GetSecurityInfo(SafeHandle handle, ObjectType objectType, SecurityInformation securityInfo, out IntPtr pSidOwner, out IntPtr pSidGroup, out IntPtr pDacl, out IntPtr pSacl, out SafeGlobalMemoryBufferHandle pSecurityDescriptor);
  99. #endregion // GetSecurityInfo
  100. #region SetSecurityInfo
  101. /// <summary>The SetSecurityInfo function sets specified security information in the security descriptor of a specified object.
  102. /// The caller identifies the object by a handle.</summary>
  103. /// <returns>
  104. /// If the function succeeds, the function returns ERROR_SUCCESS.
  105. /// If the function fails, it returns a nonzero error code defined in WinError.h.
  106. /// </returns>
  107. /// <remarks>Minimum supported client: Windows XP [desktop apps only]</remarks>
  108. /// <remarks>Minimum supported server: Windows Server 2003 [desktop apps only]</remarks>
  109. [SuppressMessage("Microsoft.Security", "CA5122:PInvokesShouldNotBeSafeCriticalFxCopRule")]
  110. [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity]
  111. [return: MarshalAs(UnmanagedType.U4)]
  112. internal static extern uint SetSecurityInfo(SafeHandle handle, ObjectType objectType, SecurityInformation securityInfo, IntPtr psidOwner, IntPtr psidGroup, IntPtr pDacl, IntPtr pSacl);
  113. #endregion // SetSecurityInfo
  114. #region SetNamedSecurityInfo
  115. /// <summary>The SetNamedSecurityInfo function sets specified security information in the security descriptor of a specified object. The caller identifies the object by name.
  116. /// <para>&#160;</para>
  117. /// <returns>
  118. /// <para>If the function succeeds, the function returns ERROR_SUCCESS.</para>
  119. /// <para>If the function fails, it returns a nonzero error code defined in WinError.h.</para>
  120. /// </returns>
  121. /// <para>&#160;</para>
  122. /// <remarks>
  123. /// <para>Minimum supported client: Windows XP [desktop apps only]</para>
  124. /// <para>Minimum supported server: Windows Server 2003 [desktop apps only]</para>
  125. /// </remarks>
  126. /// </summary>
  127. [SuppressMessage("Microsoft.Security", "CA5122:PInvokesShouldNotBeSafeCriticalFxCopRule")]
  128. [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode, EntryPoint = "SetNamedSecurityInfoW"), SuppressUnmanagedCodeSecurity]
  129. [return: MarshalAs(UnmanagedType.U4)]
  130. internal static extern uint SetNamedSecurityInfo([MarshalAs(UnmanagedType.LPWStr)] string pObjectName, ObjectType objectType, SecurityInformation securityInfo, IntPtr pSidOwner, IntPtr pSidGroup, IntPtr pDacl, IntPtr pSacl);
  131. #endregion // SetNamedSecurityInfo
  132. #region GetSecurityDescriptorDacl
  133. /// <summary>The GetSecurityDescriptorDacl function retrieves a pointer to the discretionary access control list (DACL) in a specified security descriptor.</summary>
  134. /// <returns>
  135. /// If the function succeeds, the function returns nonzero.
  136. /// If the function fails, it returns zero. To get extended error information, call GetLastError.
  137. /// </returns>
  138. /// <remarks>Minimum supported client: Windows XP [desktop apps only]</remarks>
  139. /// <remarks>Minimum supported server: Windows Server 2003 [desktop apps only]</remarks>
  140. [SuppressMessage("Microsoft.Security", "CA5122:PInvokesShouldNotBeSafeCriticalFxCopRule")]
  141. [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity]
  142. [return: MarshalAs(UnmanagedType.Bool)]
  143. internal static extern bool GetSecurityDescriptorDacl(SafeGlobalMemoryBufferHandle pSecurityDescriptor, [MarshalAs(UnmanagedType.Bool)] out bool lpbDaclPresent, out IntPtr pDacl, [MarshalAs(UnmanagedType.Bool)] out bool lpbDaclDefaulted);
  144. #endregion // GetSecurityDescriptorDacl
  145. #region GetSecurityDescriptorSacl
  146. /// <summary>The GetSecurityDescriptorSacl function retrieves a pointer to the system access control list (SACL) in a specified security descriptor.</summary>
  147. /// <returns>
  148. /// If the function succeeds, the function returns nonzero.
  149. /// If the function fails, it returns zero. To get extended error information, call GetLastError.
  150. /// </returns>
  151. /// <remarks>Minimum supported client: Windows XP [desktop apps only]</remarks>
  152. /// <remarks>Minimum supported server: Windows Server 2003 [desktop apps only]</remarks>
  153. [SuppressMessage("Microsoft.Security", "CA5122:PInvokesShouldNotBeSafeCriticalFxCopRule")]
  154. [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity]
  155. [return: MarshalAs(UnmanagedType.Bool)]
  156. internal static extern bool GetSecurityDescriptorSacl(SafeGlobalMemoryBufferHandle pSecurityDescriptor, [MarshalAs(UnmanagedType.Bool)] out bool lpbSaclPresent, out IntPtr pSacl, [MarshalAs(UnmanagedType.Bool)] out bool lpbSaclDefaulted);
  157. #endregion // GetSecurityDescriptorSacl
  158. #region GetSecurityDescriptorGroup
  159. /// <summary>The GetSecurityDescriptorGroup function retrieves the primary group information from a security descriptor.</summary>
  160. /// <returns>
  161. /// If the function succeeds, the function returns nonzero.
  162. /// If the function fails, it returns zero. To get extended error information, call GetLastError.
  163. /// </returns>
  164. /// <remarks>Minimum supported client: Windows XP [desktop apps only]</remarks>
  165. /// <remarks>Minimum supported server: Windows Server 2003 [desktop apps only]</remarks>
  166. [SuppressMessage("Microsoft.Security", "CA5122:PInvokesShouldNotBeSafeCriticalFxCopRule")]
  167. [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity]
  168. [return: MarshalAs(UnmanagedType.Bool)]
  169. internal static extern bool GetSecurityDescriptorGroup(SafeGlobalMemoryBufferHandle pSecurityDescriptor, out IntPtr pGroup, [MarshalAs(UnmanagedType.Bool)] out bool lpbGroupDefaulted);
  170. #endregion // GetSecurityDescriptorGroup
  171. #region GetSecurityDescriptorControl
  172. /// <summary>The GetSecurityDescriptorControl function retrieves a security descriptor control and revision information.</summary>
  173. /// <returns>
  174. /// If the function succeeds, the function returns nonzero.
  175. /// If the function fails, it returns zero. To get extended error information, call GetLastError.
  176. /// </returns>
  177. /// <remarks>Minimum supported client: Windows XP [desktop apps only]</remarks>
  178. /// <remarks>Minimum supported server: Windows Server 2003 [desktop apps only]</remarks>
  179. [SuppressMessage("Microsoft.Security", "CA5122:PInvokesShouldNotBeSafeCriticalFxCopRule")]
  180. [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity]
  181. [return: MarshalAs(UnmanagedType.Bool)]
  182. internal static extern bool GetSecurityDescriptorControl(SafeGlobalMemoryBufferHandle pSecurityDescriptor, out SecurityDescriptorControl pControl, out uint lpdwRevision);
  183. #endregion // GetSecurityDescriptorControl
  184. #region GetSecurityDescriptorOwner
  185. /// <summary>The GetSecurityDescriptorOwner function retrieves the owner information from a security descriptor.</summary>
  186. /// <returns>
  187. /// If the function succeeds, the function returns nonzero.
  188. /// If the function fails, it returns zero. To get extended error information, call GetLastError.
  189. /// </returns>
  190. /// <remarks>Minimum supported client: Windows XP [desktop apps only]</remarks>
  191. /// <remarks>Minimum supported server: Windows Server 2003 [desktop apps only]</remarks>
  192. [SuppressMessage("Microsoft.Security", "CA5122:PInvokesShouldNotBeSafeCriticalFxCopRule")]
  193. [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity]
  194. [return: MarshalAs(UnmanagedType.Bool)]
  195. internal static extern bool GetSecurityDescriptorOwner(SafeGlobalMemoryBufferHandle pSecurityDescriptor, out IntPtr pOwner, [MarshalAs(UnmanagedType.Bool)] out bool lpbOwnerDefaulted);
  196. #endregion // GetSecurityDescriptorOwner
  197. #region GetSecurityDescriptorLength
  198. /// <summary>The GetSecurityDescriptorLength function returns the length, in bytes, of a structurally valid security descriptor. The length includes the length of all associated structures.</summary>
  199. /// <returns>
  200. /// If the function succeeds, the function returns the length, in bytes, of the SECURITY_DESCRIPTOR structure.
  201. /// If the SECURITY_DESCRIPTOR structure is not valid, the return value is undefined.
  202. /// </returns>
  203. /// <remarks>Minimum supported client: Windows XP [desktop apps only]</remarks>
  204. /// <remarks>Minimum supported server: Windows Server 2003 [desktop apps only]</remarks>
  205. [SuppressMessage("Microsoft.Security", "CA5122:PInvokesShouldNotBeSafeCriticalFxCopRule")]
  206. [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity]
  207. [return: MarshalAs(UnmanagedType.U4)]
  208. internal static extern uint GetSecurityDescriptorLength(SafeGlobalMemoryBufferHandle pSecurityDescriptor);
  209. #endregion // GetSecurityDescriptorLength
  210. #region LocalFree
  211. /// <summary>Frees the specified local memory object and invalidates its handle.</summary>
  212. /// <returns>
  213. /// If the function succeeds, the return value is <see langword="null"/>.
  214. /// If the function fails, the return value is equal to a handle to the local memory object. To get extended error information, call GetLastError.
  215. /// </returns>
  216. /// <remarks>SetLastError is set to <see langword="false"/>.</remarks>
  217. /// <remarks>
  218. /// Note The local functions have greater overhead and provide fewer features than other memory management functions.
  219. /// New applications should use the heap functions unless documentation states that a local function should be used.
  220. /// For more information, see Global and Local Functions.
  221. /// </remarks>
  222. /// <remarks>Minimum supported client: Windows XP [desktop apps only]</remarks>
  223. /// <remarks>Minimum supported server: Windows Server 2003 [desktop apps only]</remarks>
  224. [SuppressMessage("Microsoft.Security", "CA5122:PInvokesShouldNotBeSafeCriticalFxCopRule")]
  225. [DllImport("kernel32.dll", SetLastError = false, CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity]
  226. internal static extern IntPtr LocalFree(IntPtr hMem);
  227. #endregion // LocalFree
  228. }
  229. }