wpf-test icon indicating copy to clipboard operation
wpf-test copied to clipboard
verified publisher icon dotnet

DuplicateTokenEx ImpersonationLevel argument mismatches

Open forderud opened this issue 1 year ago • 0 comments

There appear to be a mismatches in the DllImport signatures for DuplicateTokenEx in this project. The 4th ImpersonationLevel argument is supposed to be of type SECURITY_IMPERSONATION_LEVEL, but is mapped to the .Net TokenImpersonationLevel counterpart. This .Net enumeration does on the surface appear identical, but the underlying values are shifted by one.

Affected files:

Suggested fix

  • Change TokenImpersonationLevel ImpersonationLevel argument to uint ImpersonationLevel or define a matching .Net SECURITY_IMPERSONATION_LEVEL enumeration. Both strategies are already applied in the dotnet/runtime repo.

Background material

From winnt.h SECURITY_IMPERSONATION_LEVEL:

// Impersonation Level
//
// Impersonation level is represented by a pair of bits in Windows.
// If a new impersonation level is added or lowest value is changed from
// 0 to something else, fix the Windows CreateFile call.
//

typedef enum _SECURITY_IMPERSONATION_LEVEL {
    SecurityAnonymous,
    SecurityIdentification,
    SecurityImpersonation,
    SecurityDelegation
    } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;

From .NET TokenImpersonationLevel:

namespace System.Security.Principal
{
    //
    // Summary:
    //     Defines security impersonation levels. Security impersonation levels govern the
    //     degree to which a server process can act on behalf of a client process.
    public enum TokenImpersonationLevel
    {
        None = 0,
        Anonymous = 1,
        Identification = 2,
        Impersonation = 3,
        Delegation = 4
    }
}

forderud avatar Dec 30 '23 19:12 forderud