DuplicateTokenEx ImpersonationLevel argument mismatches

[forderud]

There appear to be a mismatches in the DllImport signatures for DuplicateTokenEx in this project. The 4th ImpersonationLevel argument is supposed to be of type SECURITY_IMPERSONATION_LEVEL, but is mapped to the .Net TokenImpersonationLevel counterpart. This .Net enumeration does on the surface appear identical, but the underlying values are shifted by one.

Affected files:

• ProcessUtilities.cs
• ProcessHelper.cs

Suggested fix

• Change TokenImpersonationLevel ImpersonationLevel argument to uint ImpersonationLevel or define a matching .Net SECURITY_IMPERSONATION_LEVEL enumeration. Both strategies are already applied in the dotnet/runtime repo.

Background material

From winnt.h SECURITY_IMPERSONATION_LEVEL:

// Impersonation Level
//
// Impersonation level is represented by a pair of bits in Windows.
// If a new impersonation level is added or lowest value is changed from
// 0 to something else, fix the Windows CreateFile call.
//

typedef enum _SECURITY_IMPERSONATION_LEVEL {
    SecurityAnonymous,
    SecurityIdentification,
    SecurityImpersonation,
    SecurityDelegation
    } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;

From .NET TokenImpersonationLevel:

namespace System.Security.Principal
{
    //
    // Summary:
    //     Defines security impersonation levels. Security impersonation levels govern the
    //     degree to which a server process can act on behalf of a client process.
    public enum TokenImpersonationLevel
    {
        None = 0,
        Anonymous = 1,
        Identification = 2,
        Impersonation = 3,
        Delegation = 4
    }
}