Added WinTcb for sessions.

tyranid · tyranid · commit 78393219d85f · 2021-03-09T19:36:37.000-08:00
diff --git a/NtObjectManager/Cmdlets/Object/GetNtTokenCmdlet.cs b/NtObjectManager/Cmdlets/Object/GetNtTokenCmdlet.cs
@@ -281,6 +281,7 @@ public sealed class GetNtTokenCmdlet : PSCmdlet
         [Parameter(ParameterSetName = "Logon")]
         [Parameter(ParameterSetName = "Service")]
         [Parameter(ParameterSetName = "S4U")]
+        [Parameter(ParameterSetName = "Session")]
         public SwitchParameter WithTcb { get; set; }
 
         /// <summary>
@@ -312,7 +313,8 @@ public sealed class GetNtTokenCmdlet : PSCmdlet
         /// </summary>
         [Parameter(ParameterSetName = "Logon"), 
             Parameter(ParameterSetName = "Service")]
-        public Sid[] AdditionalGroups { get; set; }
+        [Alias("AdditionalGroups")]
+        public Sid[] AdditionalGroup { get; set; }
 
         /// <summary>
         /// <para type="description">Specify domain for logon token.</para>
@@ -605,9 +607,9 @@ private NtToken GetLogonToken(TokenAccessRights desired_access, string user,
             string domain, SecureString password, SecurityLogonType logon_type)
         {
             IEnumerable<UserGroup> groups = null;
-            if (AdditionalGroups != null && AdditionalGroups.Length > 0)
+            if (AdditionalGroup != null && AdditionalGroup.Length > 0)
             {
-                groups = AdditionalGroups.Select(s => new UserGroup(s,
+                groups = AdditionalGroup.Select(s => new UserGroup(s,
                     GetAttributes(s)));
             }
             using (NtToken token = Win32Security.LsaLogonUser(user, domain, password, logon_type, LogonProvider, groups))
@@ -762,22 +764,25 @@ private NtToken GetServiceToken(TokenAccessRights desired_access, ServiceAccount
 
         private NtToken GetSessionToken(TokenAccessRights desired_access, int session_id)
         {
-            if (!NtToken.EnableEffectivePrivilege(TokenPrivilegeValue.SeTcbPrivilege))
+            using (var imp = GetTcbPrivilege())
             {
-                WriteWarning("Getting session token requires SeTcbPrivilege");
-            }
+                if (imp == null)
+                {
+                    WriteWarning("Getting session token requires SeTcbPrivilege");
+                }
 
-            if (session_id < 0)
-            {
-                session_id = NtProcess.Current.SessionId;
-            }
-            using (var token = TokenUtils.GetSessionToken(session_id))
-            {
-                if (desired_access == TokenAccessRights.MaximumAllowed)
+                if (session_id < 0)
                 {
-                    return token.Duplicate();
+                    session_id = NtProcess.Current.SessionId;
+                }
+                using (var token = TokenUtils.GetSessionToken(session_id))
+                {
+                    if (desired_access == TokenAccessRights.MaximumAllowed)
+                    {
+                        return token.Duplicate();
+                    }
+                    return token.Duplicate(desired_access);
                 }
-                return token.Duplicate(desired_access);
             }
         }
 
