如何从托管代码安全地完成?
解决方法 事实证明这并不重要,因为它没有内置机制.不仅需要P / Invoke,而且您必须仔细编码以确保您不会通过启用它们来“泄漏”权限,然后不会很快禁用它们(如果您重新启动计算机则不会出现问题).有关描述的完整代码示例,请阅读Mark Novak 2005年3月“Manipulate Privileges in Managed Code Reliably,Securely,and Efficiently”中的MSDN杂志文章.
这是P / Invoke声明:
using System;using System.Runtime.InteropServices;using System.Runtime.ConstrainedExecution;namespace PrivilegeClass{ [Flags] internal enum TokenAccessLevels { AssignPrimary = 0x00000001,Duplicate = 0x00000002,Impersonate = 0x00000004,query = 0x00000008,querySource = 0x00000010,AdjustPrivileges = 0x00000020,AdjustGroups = 0x00000040,AdjustDefault = 0x00000080,AdjustSessionID = 0x00000100,Read = 0x00020000 | query,Write = 0x00020000 | AdjustPrivileges | AdjustGroups | AdjustDefault,AllAccess = 0x000F0000 | AssignPrimary | Duplicate | Impersonate | query | querySource | AdjustPrivileges | AdjustGroups | AdjustDefault | AdjustSessionID,MaximumAllowed = 0x02000000 } internal enum SecurityImpersonationLevel { Anonymous = 0,IDentification = 1,Impersonation = 2,Delegation = 3,} internal enum TokenType { Primary = 1,} internal sealed class NativeMethods { internal const uint SE_PRIVILEGE_Disabled = 0x00000000; internal const uint SE_PRIVILEGE_ENABLED = 0x00000002; [StructLayout(LayoutKind.Sequential,CharSet=CharSet.Unicode)] internal struct LUID { internal uint LowPart; internal uint HighPart; } [StructLayout(LayoutKind.Sequential,CharSet=CharSet.Unicode)] internal struct LUID_AND_ATTRIBUTES { internal LUID LuID; internal uint Attributes; } [StructLayout(LayoutKind.Sequential,CharSet=CharSet.Unicode)] internal struct TOKEN_PRIVILEGE { internal uint PrivilegeCount; internal LUID_AND_ATTRIBUTES Privilege; } internal const string ADVAPI32 = "advAPI32.dll"; internal const string KERNEL32 = "kernel32.dll"; internal const int ERROR_SUCCESS = 0x0; internal const int ERROR_ACCESS_DENIED = 0x5; internal const int ERROR_NOT_ENOUGH_MEMORY = 0x8; internal const int ERROR_NO_TOKEN = 0x3f0; internal const int ERROR_NOT_ALL_ASSIGNED = 0x514; internal const int ERROR_NO_SUCH_PRIVILEGE = 0x521; internal const int ERROR_CANT_OPEN_ANONYMOUS = 0x543; [Dllimport( KERNEL32,SetLastError=true)] [ReliabilityContract(Consistency.WillNotCorruptState,Cer.MayFail)] internal static extern bool CloseHandle(IntPtr handle); [Dllimport( ADVAPI32,CharSet=CharSet.Unicode,Cer.MayFail)] internal static extern bool AdjustTokenPrivileges ( [In] SafetokenHandle TokenHandle,[In] bool disableAllPrivileges,[In] ref TOKEN_PRIVILEGE NewState,[In] uint BufferLength,[In,Out] ref TOKEN_PRIVILEGE PrevIoUsstate,Out] ref uint ReturnLength); [Dllimport( ADVAPI32,CharSet=CharSet.auto,Cer.MayFail)] internal static extern bool RevertToSelf(); [Dllimport( ADVAPI32,EntryPoint="LookupPrivilegeValueW",Cer.MayFail)] internal static extern bool LookupPrivilegeValue ( [In] string lpSystemname,[In] string lpname,Out] ref LUID LuID); [Dllimport( KERNEL32,Cer.MayFail)] internal static extern IntPtr GetCurrentProcess(); [Dllimport( KERNEL32,Cer.MayFail)] internal static extern IntPtr GetCurrentThread (); [Dllimport( ADVAPI32,Cer.MayFail)] internal static extern bool OpenProcesstoken ( [In] IntPtr Processtoken,[In] TokenAccessLevels DesiredAccess,Out] ref SafetokenHandle TokenHandle); [Dllimport (ADVAPI32,Cer.MayFail)] internal static extern bool OpenThreadToken( [In] IntPtr ThreadToken,[In] bool OpenAsSelf,Out] ref SafetokenHandle TokenHandle); [Dllimport (ADVAPI32,Cer.MayFail)] internal static extern bool DuplicatetokenEx( [In] SafetokenHandle ExistingToken,[In] TokenAccessLevels DesiredAccess,[In] IntPtr TokenAttributes,[In] SecurityImpersonationLevel ImpersonationLevel,[In] TokenType TokenType,Out] ref SafetokenHandle NewToken); [Dllimport (ADVAPI32,Cer.MayFail)] internal static extern bool SetThreadToken( [In] IntPtr Thread,[In] SafetokenHandle Token); static NativeMethods() { } }} 总结 以上是内存溢出为你收集整理的c# – 如何在.Net中 *** 纵令牌权限?全部内容,希望文章能够帮你解决c# – 如何在.Net中 *** 纵令牌权限?所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)