c# – 如何在.Net中操纵令牌权限?

前端之家收集整理的这篇文章主要介绍了c# – 如何在.Net中操纵令牌权限?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我想使用C#来确定为我的进程/线程令牌分配了哪些权限,并根据需要进行调整.例如,为了让我的程序重新启动计算机,它必须首先启用SeShutdownPrivilege权限.

如何从托管代码安全地完成?

解决方法

事实证明这并不重要,因为它没有内置机制.不仅需要P / Invoke,而且您必须仔细编码以确保您不会通过启用它们来“泄漏”权限,然后不会很快禁用它们(如果您重新启动计算机则不会出现问题).

有关描述的完整代码示例,请阅读Mark Novak 2005年3月“Manipulate Privileges in Managed Code Reliably,Securely,and Efficiently”中的MSDN杂志文章.

这是P / Invoke声明:

  1. using System;
  2. using System.Runtime.InteropServices;
  3. using System.Runtime.ConstrainedExecution;
  4.  
  5. namespace PrivilegeClass
  6. {
  7. [Flags]
  8. internal enum TokenAccessLevels
  9. {
  10. AssignPrimary = 0x00000001,Duplicate = 0x00000002,Impersonate = 0x00000004,Query = 0x00000008,QuerySource = 0x00000010,AdjustPrivileges = 0x00000020,AdjustGroups = 0x00000040,AdjustDefault = 0x00000080,AdjustSessionId = 0x00000100,Read = 0x00020000 | Query,Write = 0x00020000 | AdjustPrivileges | AdjustGroups | AdjustDefault,AllAccess = 0x000F0000 |
  11. AssignPrimary |
  12. Duplicate |
  13. Impersonate |
  14. Query |
  15. QuerySource |
  16. AdjustPrivileges |
  17. AdjustGroups |
  18. AdjustDefault |
  19. AdjustSessionId,MaximumAllowed = 0x02000000
  20. }
  21.  
  22. internal enum SecurityImpersonationLevel
  23. {
  24. Anonymous = 0,Identification = 1,Impersonation = 2,Delegation = 3,}
  25.  
  26. internal enum TokenType
  27. {
  28. Primary = 1,}
  29.  
  30. internal sealed class NativeMethods
  31. {
  32. internal const uint SE_PRIVILEGE_DISABLED = 0x00000000;
  33. internal const uint SE_PRIVILEGE_ENABLED = 0x00000002;
  34.  
  35. [StructLayout(LayoutKind.Sequential,CharSet=CharSet.Unicode)]
  36. internal struct LUID
  37. {
  38. internal uint LowPart;
  39. internal uint HighPart;
  40. }
  41.  
  42. [StructLayout(LayoutKind.Sequential,CharSet=CharSet.Unicode)]
  43. internal struct LUID_AND_ATTRIBUTES
  44. {
  45. internal LUID Luid;
  46. internal uint Attributes;
  47. }
  48.  
  49. [StructLayout(LayoutKind.Sequential,CharSet=CharSet.Unicode)]
  50. internal struct TOKEN_PRIVILEGE
  51. {
  52. internal uint PrivilegeCount;
  53. internal LUID_AND_ATTRIBUTES Privilege;
  54. }
  55.  
  56. internal const string ADVAPI32 = "advapi32.dll";
  57. internal const string KERNEL32 = "kernel32.dll";
  58.  
  59. internal const int ERROR_SUCCESS = 0x0;
  60. internal const int ERROR_ACCESS_DENIED = 0x5;
  61. internal const int ERROR_NOT_ENOUGH_MEMORY = 0x8;
  62. internal const int ERROR_NO_TOKEN = 0x3f0;
  63. internal const int ERROR_NOT_ALL_ASSIGNED = 0x514;
  64. internal const int ERROR_NO_SUCH_PRIVILEGE = 0x521;
  65. internal const int ERROR_CANT_OPEN_ANONYMOUS = 0x543;
  66.  
  67. [DllImport(
  68. KERNEL32,SetLastError=true)]
  69. [ReliabilityContract(Consistency.WillNotCorruptState,Cer.MayFail)]
  70. internal static extern bool CloseHandle(IntPtr handle);
  71.  
  72. [DllImport(
  73. ADVAPI32,CharSet=CharSet.Unicode,Cer.MayFail)]
  74. internal static extern bool AdjustTokenPrivileges (
  75. [In] SafeTokenHandle TokenHandle,[In] bool DisableAllPrivileges,[In] ref TOKEN_PRIVILEGE NewState,[In] uint BufferLength,[In,Out] ref TOKEN_PRIVILEGE PrevIoUsState,Out] ref uint ReturnLength);
  76.  
  77. [DllImport(
  78. ADVAPI32,CharSet=CharSet.Auto,Cer.MayFail)]
  79. internal static extern
  80. bool RevertToSelf();
  81.  
  82. [DllImport(
  83. ADVAPI32,EntryPoint="LookupPrivilegeValueW",Cer.MayFail)]
  84. internal static extern
  85. bool LookupPrivilegeValue (
  86. [In] string lpSystemName,[In] string lpName,Out] ref LUID Luid);
  87.  
  88. [DllImport(
  89. KERNEL32,Cer.MayFail)]
  90. internal static extern
  91. IntPtr GetCurrentProcess();
  92.  
  93. [DllImport(
  94. KERNEL32,Cer.MayFail)]
  95. internal static extern
  96. IntPtr GetCurrentThread ();
  97.  
  98. [DllImport(
  99. ADVAPI32,Cer.MayFail)]
  100. internal static extern
  101. bool OpenProcessToken (
  102. [In] IntPtr ProcessToken,[In] TokenAccessLevels DesiredAccess,Out] ref SafeTokenHandle TokenHandle);
  103.  
  104. [DllImport
  105. (ADVAPI32,Cer.MayFail)]
  106. internal static extern
  107. bool OpenThreadToken(
  108. [In] IntPtr ThreadToken,[In] bool OpenAsSelf,Out] ref SafeTokenHandle TokenHandle);
  109.  
  110. [DllImport
  111. (ADVAPI32,Cer.MayFail)]
  112. internal static extern
  113. bool DuplicateTokenEx(
  114. [In] SafeTokenHandle ExistingToken,[In] TokenAccessLevels DesiredAccess,[In] IntPtr TokenAttributes,[In] SecurityImpersonationLevel ImpersonationLevel,[In] TokenType TokenType,Out] ref SafeTokenHandle NewToken);
  115.  
  116. [DllImport
  117. (ADVAPI32,Cer.MayFail)]
  118. internal static extern
  119. bool SetThreadToken(
  120. [In] IntPtr Thread,[In] SafeTokenHandle Token);
  121.  
  122. static NativeMethods()
  123. {
  124. }
  125. }
  126. }

猜你在找的C#相关文章