Skip to content
This repository has been archived by the owner on Jul 26, 2023. It is now read-only.

More from kernel32 & advapi32 #65

Merged
merged 5 commits into from
Nov 17, 2015
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 81 additions & 0 deletions src/AdvApi32.Desktop/AdvApi32+SECURITY_INFORMATION.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
// Copyright (c) to owners found in https://github.com/AArnott/pinvoke/blob/master/COPYRIGHT.md. All rights reserved.
// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.

namespace PInvoke
{
using System;

/// <content>
/// Contains the <see cref="SECURITY_INFORMATION"/> nested type.
/// </content>
public partial class AdvApi32
{
/// <summary>
/// Identifies the object-related security information being set or queried.
/// </summary>
[Flags]
public enum SECURITY_INFORMATION
{
/// <summary>
/// The resource properties of the object being referenced. The resource properties are stored in
/// SYSTEM_RESOURCE_ATTRIBUTE_ACE types in the SACL of the security descriptor.
/// </summary>
/// <remarks>
/// Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP:
/// This bit flag is not available.
/// </remarks>
ATTRIBUTE_SECURITY_INFORMATION,

/// <summary>
/// All parts of the security descriptor. This is useful for backup and restore software that needs to preserve
/// the entire security descriptor.
/// </summary>
/// <remarks>
/// Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP:
/// This bit flag is not available.
/// </remarks>
BACKUP_SECURITY_INFORMATION,

/// <summary>The DACL of the object is being referenced.</summary>
DACL_SECURITY_INFORMATION,

/// <summary>The primary group identifier of the object is being referenced.</summary>
GROUP_SECURITY_INFORMATION,

/// <summary>
/// The mandatory integrity label is being referenced. The mandatory integrity label is an ACE in the SACL of the
/// object.
/// </summary>
/// <remarks>Windows Server 2003 and Windows XP: This bit flag is not available.</remarks>
LABEL_SECURITY_INFORMATION,

/// <summary>The owner identifier of the object is being referenced.</summary>
OWNER_SECURITY_INFORMATION,

/// <summary>The DACL cannot inherit access control entries (ACEs).</summary>
PROTECTED_DACL_SECURITY_INFORMATION,

/// <summary>The SACL cannot inherit ACEs.</summary>
PROTECTED_SACL_SECURITY_INFORMATION,

/// <summary>The SACL of the object is being referenced.</summary>
SACL_SECURITY_INFORMATION,

/// <summary>
/// The Central Access Policy (CAP) identifier applicable on the object that is being referenced. Each CAP
/// identifier is stored in a SYSTEM_SCOPED_POLICY_ID_ACE type in the SACL of the SD.
/// </summary>
/// <remarks>
/// Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP:
/// This bit flag is not available.
/// </remarks>
SCOPE_SECURITY_INFORMATION,

/// <summary>The DACL inherits ACEs from the parent object.</summary>
UNPROTECTED_DACL_SECURITY_INFORMATION,

/// <summary>The SACL inherits ACEs from the parent object.</summary>
UNPROTECTED_SACL_SECURITY_INFORMATION
}
}
}
35 changes: 35 additions & 0 deletions src/AdvApi32.Desktop/AdvApi32+TOKEN_ELEVATION_TYPE.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
// Copyright (c) to owners found in https://github.com/AArnott/pinvoke/blob/master/COPYRIGHT.md. All rights reserved.
// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.

namespace PInvoke
{
/// <content>
/// Contains the <see cref="TOKEN_ELEVATION_TYPE"/> nested type.
/// </content>
public partial class AdvApi32
{
/// <summary>
/// Indicates the elevation type of token being queried by the <see cref="GetTokenInformation"/> function.
/// </summary>
public enum TOKEN_ELEVATION_TYPE
{
/// <summary>
/// Standard user that don't require UAC as he doesn't have any elevated attributes in it's
/// security token.
/// </summary>
TokenElevationTypeDefault = 1,

/// <summary>
/// Process executing with full elevated rights, either UAC is disable or the process is
/// executing in "Run as administrator" mode.
/// </summary>
TokenElevationTypeFull,

/// <summary>
/// Process executing under UAC, the current user got some elevated right but they can't
/// be used in the process as the token is "split".
/// </summary>
TokenElevationTypeLimited
}
}
}
59 changes: 59 additions & 0 deletions src/AdvApi32.Desktop/AdvApi32+TOKEN_INFORMATION_CLASS.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
// Copyright (c) to owners found in https://github.com/AArnott/pinvoke/blob/master/COPYRIGHT.md. All rights reserved.
// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.

namespace PInvoke
{
/// <content>
/// Contains the <see cref="TOKEN_INFORMATION_CLASS"/> nested type.
/// </content>
public partial class AdvApi32
{
/// <summary>
/// Specify the type of information being assigned to or retrieved from an access token.
/// </summary>
public enum TOKEN_INFORMATION_CLASS
{
TokenUser = 1,
TokenGroups,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

double-checking that naturally occurring +1's for each of these values coincide with their native equivalents?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For once it's actually defined as a real enum in native code : https://msdn.microsoft.com/en-us/library/windows/desktop/aa379626(v=vs.85).aspx with the same value generation

TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics,
TokenRestrictedSids,
TokenSessionId,
TokenGroupsAndPrivileges,
TokenSessionReference,
TokenSandBoxInert,
TokenAuditPolicy,
TokenOrigin,
TokenElevationType,
TokenLinkedToken,
TokenElevation,
TokenHasRestrictions,
TokenAccessInformation,
TokenVirtualizationAllowed,
TokenVirtualizationEnabled,
TokenIntegrityLevel,
TokenUiAccess,
TokenMandatoryPolicy,
TokenLogonSid,
TokenIsAppContainer,
TokenCapabilities,
TokenAppContainerSid,
TokenAppContainerNumber,
TokenUserClaimAttributes,
TokenDeviceClaimAttributes,
TokenRestrictedUserClaimAttributes,
TokenRestrictedDeviceClaimAttributes,
TokenDeviceGroups,
TokenRestrictedDeviceGroups,
TokenSecurityAttributes,
TokenIsRestricted,
MaxTokenInfoClass
}
}
}
100 changes: 100 additions & 0 deletions src/AdvApi32.Desktop/AdvApi32+TokenAccessRights.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
// Copyright (c) to owners found in https://github.com/AArnott/pinvoke/blob/master/COPYRIGHT.md. All rights reserved.
// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.

namespace PInvoke
{
using System;

/// <content>
/// Contains the <see cref="TokenAccessRights"/> nested type.
/// </content>
public partial class AdvApi32
{
/// <summary>
/// The different access rights allowed to access an access token.
/// </summary>
[Flags]
public enum TokenAccessRights : uint
{
/// <summary>The right to delete the object.</summary>
DELETE = 0x00010000,

/// <summary>
/// The right to read the information in the object's security descriptor, not including the information in the
/// system access control list (SACL).
/// </summary>
READ_CONTROL = 0x00020000,

/// <summary>The right to modify the discretionary access control list (DACL) in the object's security descriptor.</summary>
WRITE_DAC = 0x00040000,

/// <summary>The right to change the owner in the object's security descriptor.</summary>
WRITE_OWNER = 0x00080000,

/// <summary>Combines DELETE, READ_CONTROL, WRITE_DAC, and WRITE_OWNER access.</summary>
STANDARD_RIGHTS_REQUIRED = 0x000F0000,

/// <summary>Currently defined to equal READ_CONTROL.</summary>
STANDARD_RIGHTS_READ = READ_CONTROL,

/// <summary>Currently defined to equal READ_CONTROL.</summary>
STANDARD_RIGHTS_WRITE = READ_CONTROL,

/// <summary>Currently defined to equal READ_CONTROL.</summary>
STANDARD_RIGHTS_EXECUTE = READ_CONTROL,

/// <summary>
/// Required to attach a primary token to a process. The SE_ASSIGNPRIMARYTOKEN_NAME privilege is also required to
/// accomplish this task.
/// </summary>
TOKEN_ASSIGN_PRIMARY = 0x0001,

/// <summary>Required to duplicate an access token.</summary>
TOKEN_DUPLICATE = 0x0002,

/// <summary>Required to attach an impersonation access token to a process.</summary>
TOKEN_IMPERSONATE = 0x0004,

/// <summary>Required to query an access token.</summary>
TOKEN_QUERY = 0x0008,

/// <summary>Required to query the source of an access token.</summary>
TOKEN_QUERY_SOURCE = 0x0010,

/// <summary>Required to enable or disable the privileges in an access token.</summary>
TOKEN_ADJUST_PRIVILEGES = 0x0020,

/// <summary>Required to adjust the attributes of the groups in an access token.</summary>
TOKEN_ADJUST_GROUPS = 0x0040,

/// <summary>Required to change the default owner, primary group, or DACL of an access token.</summary>
TOKEN_ADJUST_DEFAULT = 0x0080,

/// <summary>Required to adjust the session ID of an access token. The SE_TCB_NAME privilege is required.</summary>
TOKEN_ADJUST_SESSIONID = 0x0100,

/// <summary>Combines STANDARD_RIGHTS_READ and TOKEN_QUERY.</summary>
TOKEN_READ = STANDARD_RIGHTS_READ | TOKEN_QUERY,

/// <summary>Combines STANDARD_RIGHTS_WRITE, TOKEN_ADJUST_PRIVILEGES, TOKEN_ADJUST_GROUPS, and TOKEN_ADJUST_DEFAULT.</summary>
TOKEN_WRITE = STANDARD_RIGHTS_WRITE | TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT,

/// <summary>Required to wait for the process to terminate using the wait functions.</summary>
ACCESS_SYSTEM_SECURITY = 0x01000000,

/// <summary>Combines STANDARD_RIGHTS_EXECUTE and TOKEN_IMPERSONATE.</summary>
TOKEN_EXECUTE = STANDARD_RIGHTS_EXECUTE | TOKEN_IMPERSONATE,

/// <summary>Combines all possible access rights for a token.</summary>
TOKEN_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED |
TOKEN_ASSIGN_PRIMARY |
TOKEN_DUPLICATE |
TOKEN_IMPERSONATE |
TOKEN_QUERY |
TOKEN_QUERY_SOURCE |
TOKEN_ADJUST_PRIVILEGES |
TOKEN_ADJUST_GROUPS |
TOKEN_ADJUST_DEFAULT
}
}
}
4 changes: 4 additions & 0 deletions src/AdvApi32.Desktop/AdvApi32.Desktop.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
</ItemGroup>
<ItemGroup>
<Compile Include="AdvApi32+SafeServiceHandle.cs" />
<Compile Include="AdvApi32+SECURITY_INFORMATION.cs" />
<Compile Include="AdvApi32+ServiceAccess.cs" />
<Compile Include="AdvApi32+ServicePreferredNodeInfo.cs" />
<Compile Include="AdvApi32+ServiceLaunchProtectedInfo.cs" />
Expand All @@ -57,6 +58,9 @@
<Compile Include="AdvApi32+ServiceManagerAccess.cs" />
<Compile Include="AdvApi32+ServiceStartType.cs" />
<Compile Include="AdvApi32+ServiceType.cs" />
<Compile Include="AdvApi32+TokenAccessRights.cs" />
<Compile Include="AdvApi32+TOKEN_ELEVATION_TYPE.cs" />
<Compile Include="AdvApi32+TOKEN_INFORMATION_CLASS.cs" />
<Compile Include="AdvApi32.cs" />
<Compile Include="AdvApi32.Helpers.cs" />
<Compile Include="AdvApi32+ServiceDelayedAutoStartInfo.cs" />
Expand Down
Loading