From ed5fe836fe9565a839920993f4446321f827af5e Mon Sep 17 00:00:00 2001 From: Jim Norman Date: Thu, 31 May 2007 18:27:05 +0000 Subject: [PATCH] Fix for Zen on Vista, scope score as elevated user --- .../AppModule.NamedPipes/ImpersonateNative.cs | 39 +++++++-- .../ImpersonateWrapper.cs | 81 ++++++++++++++++++- 2 files changed, 112 insertions(+), 8 deletions(-) diff --git a/CASA/extern/w32/namedpipes/AppModule.NamedPipes/ImpersonateNative.cs b/CASA/extern/w32/namedpipes/AppModule.NamedPipes/ImpersonateNative.cs index 2d179325..09cbcb7c 100644 --- a/CASA/extern/w32/namedpipes/AppModule.NamedPipes/ImpersonateNative.cs +++ b/CASA/extern/w32/namedpipes/AppModule.NamedPipes/ImpersonateNative.cs @@ -69,13 +69,42 @@ namespace AppModule.NamedPipes { TokenDefaultDacl, TokenSource, TokenType, - TokenImpersonationLevel, - TokenStatistics, - TokenRestrictedSids, - TokenSessionId + TokenImpersonationLevel, + TokenStatistics, + TokenRestrictedSids, + TokenSessionId, + TokenGroupsAndPrivileges, + TokenSessionReference, + TokenSandBoxInert, + TokenAuditPolicy, + TokenOrigin, + TokenElevationType, + TokenLinkedToken, + TokenElevation, + TokenHasRestrictions, + TokenAccessInformation, + TokenVirtualizationAllowed, + TokenVirtualizationEnabled, + TokenIntegrityLevel, + TokenUIAccess, + TokenMandatoryPolicy, + TokenLogonSid, + MaxTokenInfoClass } - [StructLayout(LayoutKind.Sequential)] + public enum TOKEN_ELEVATION_TYPE + { + TokenElevationTypeDefault = 1, + TokenElevationTypeFull, + TokenElevationTypeLimited + } + + public struct TOKEN_LINKED_TOKEN + { + public IntPtr LinkedToken; + } + + [StructLayout(LayoutKind.Sequential)] public struct TOKEN_USER { public _SID_AND_ATTRIBUTES User; diff --git a/CASA/extern/w32/namedpipes/AppModule.NamedPipes/ImpersonateWrapper.cs b/CASA/extern/w32/namedpipes/AppModule.NamedPipes/ImpersonateWrapper.cs index 021b0e69..56d308c9 100644 --- a/CASA/extern/w32/namedpipes/AppModule.NamedPipes/ImpersonateWrapper.cs +++ b/CASA/extern/w32/namedpipes/AppModule.NamedPipes/ImpersonateWrapper.cs @@ -104,8 +104,10 @@ namespace AppModule.NamedPipes { Console.WriteLine("failed"); } + + Marshal.FreeHGlobal(tu); - return (int)pUserID; + return (int)pUserID; } @@ -154,6 +156,47 @@ namespace AppModule.NamedPipes return sb.ToString(); } + public static bool GetLinkedToken(IntPtr token, out ImpersonateNative.TOKEN_LINKED_TOKEN linkedToken) + { + int TokenInfLength = 0; + bool TokenInfoSuccess = false; + IntPtr ptrLinkedToken = IntPtr.Zero; + linkedToken = new ImpersonateNative.TOKEN_LINKED_TOKEN(); + + if (token != IntPtr.Zero) + { + // first call gets length of TokenInformation + + ImpersonateNative.GetTokenInformation(token, ImpersonateNative.TOKEN_INFORMATION_CLASS.TokenLinkedToken, IntPtr.Zero, TokenInfLength, ref TokenInfLength); + + + try + { + ptrLinkedToken = Marshal.AllocHGlobal(TokenInfLength); + + TokenInfoSuccess = ImpersonateNative.GetTokenInformation(token, ImpersonateNative.TOKEN_INFORMATION_CLASS.TokenLinkedToken, ptrLinkedToken, TokenInfLength, ref TokenInfLength); + + if (TokenInfoSuccess) + { + linkedToken = (ImpersonateNative.TOKEN_LINKED_TOKEN)Marshal.PtrToStructure(ptrLinkedToken, typeof(ImpersonateNative.TOKEN_LINKED_TOKEN)); + } + } + catch (OutOfMemoryException e) + { + System.Diagnostics.Trace.WriteLine(e.ToString()); + } + finally + { + if (ptrLinkedToken != IntPtr.Zero) + { + Marshal.FreeHGlobal(ptrLinkedToken); + } + } + } + + return TokenInfoSuccess; + } + public static int GetLocalUserID(PipeHandle handle, ref int lowPart, ref int highPart, ref string SidString) { int rcode = -1; @@ -174,13 +217,41 @@ namespace AppModule.NamedPipes if (ImpersonateNative.OpenThreadToken(hThread, iDesiredInfo, true, out userToken)) { - StringBuilder sb = new StringBuilder(); ImpersonateNative.TOKEN_USER tokUser; const int bufLength = 256; IntPtr tu = Marshal.AllocHGlobal( bufLength ); int cb = bufLength; - if (ImpersonateNative.GetTokenInformation( userToken, ImpersonateNative.TOKEN_INFORMATION_CLASS.TokenUser, tu, cb, ref cb )) + + // on Vista use the elevated token if there is one. + System.OperatingSystem os = System.Environment.OSVersion; + System.Diagnostics.Trace.WriteLine("OS Version: {0}", os.Version.ToString()); + if (os.Version.Major > 5) + { + if (ImpersonateNative.GetTokenInformation(userToken, ImpersonateNative.TOKEN_INFORMATION_CLASS.TokenElevationType, tu, cb, ref cb)) + { + int iTokenType; + iTokenType = (int)Marshal.PtrToStructure(tu, typeof(int)); + + System.Diagnostics.Trace.WriteLine("Token Type : {0}", iTokenType.ToString()); + if (iTokenType == 3) //.ToString().Equals(ImpersonateNative.TOKEN_ELEVATION_TYPE.TokenElevationTypeLimited)) + { + ImpersonateNative.TOKEN_LINKED_TOKEN newLinkedToken; + if (GetLinkedToken(userToken, out newLinkedToken)) + { + userToken = newLinkedToken.LinkedToken; + } + } + } + else + { + uint error = ImpersonateNative.GetLastError(); + System.Diagnostics.Trace.WriteLine("linked token error: {0}", error.ToString()); + } + } + + cb = bufLength; + if (ImpersonateNative.GetTokenInformation( userToken, ImpersonateNative.TOKEN_INFORMATION_CLASS.TokenUser, tu, cb, ref cb )) { tokUser = (ImpersonateNative.TOKEN_USER) Marshal.PtrToStructure(tu, typeof(ImpersonateNative.TOKEN_USER) ); IntPtr pUserID = tokUser.User.Sid; @@ -210,6 +281,8 @@ namespace AppModule.NamedPipes Console.WriteLine("error" + error.ToString()); } + Marshal.FreeHGlobal(tu); + // close handle ImpersonateNative.CloseHandle(hThread); ImpersonateNative.RevertToSelf(); @@ -220,6 +293,8 @@ namespace AppModule.NamedPipes uint errorcode = NamedPipeNative.GetLastError(); Console.WriteLine("OpenThreadToken Error: "+ errorcode.ToString() + " code2: "+rcode.ToString()); } + + Marshal.FreeHGlobal(userToken); } catch (Exception ex) {