Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / cdf / src / WCF / IdentityModel / System / IdentityModel / Privilege.cs / 1305376 / Privilege.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.IdentityModel { using System.Collections.Generic; using System.ComponentModel; using System.Runtime.CompilerServices; using System.Runtime.ConstrainedExecution; using System.Runtime.InteropServices; using System.Security.AccessControl; using System.Security.Principal; using System.ServiceModel.Diagnostics; using System.Runtime.Versioning; class Privilege { static Dictionaryluids = new Dictionary (); public const string SeAuditPrivilege = "SeAuditPrivilege"; public const string SeTcbPrivilege = "SeTcbPrivilege"; const uint SE_PRIVILEGE_DISABLED = 0x00000000; const uint SE_PRIVILEGE_ENABLED_BY_DEFAULT = 0x00000001; const uint SE_PRIVILEGE_ENABLED = 0x00000002; const uint SE_PRIVILEGE_USED_FOR_ACCESS = 0x80000000; const int ERROR_SUCCESS = 0x0; const int ERROR_NO_TOKEN = 0x3F0; const int ERROR_NOT_ALL_ASSIGNED = 0x514; string privilege; LUID luid; bool needToRevert = false; bool initialEnabled = false; bool isImpersonating = false; SafeCloseHandle threadToken = null; public Privilege(string privilege) { this.privilege = privilege; this.luid = LuidFromPrivilege(privilege); } public void Enable() { // Note: AdjustTokenPrivileges should not try to adjust if the token is // Primary token (process). Duplicate the process token (impersonation) and // then set token to current thread and unsetting (RevertToSelf) later. DiagnosticUtility.DebugAssert(this.threadToken == null, ""); this.threadToken = GetThreadToken(); EnableTokenPrivilege(this.threadToken); } // Have to run in CER [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] public int Revert() { if (!this.isImpersonating) { if (this.needToRevert && !this.initialEnabled) { TOKEN_PRIVILEGE newState; newState.PrivilegeCount = 1; newState.Privilege.Luid = this.luid; newState.Privilege.Attributes = SE_PRIVILEGE_DISABLED; TOKEN_PRIVILEGE previousState; uint previousSize = 0; if (!NativeMethods.AdjustTokenPrivileges( this.threadToken, false, ref newState, TOKEN_PRIVILEGE.Size, out previousState, out previousSize)) { return Marshal.GetLastWin32Error(); } } this.needToRevert = false; } else { if (!NativeMethods.RevertToSelf()) { return Marshal.GetLastWin32Error(); } this.isImpersonating = false; } if (this.threadToken != null) { this.threadToken.Close(); this.threadToken = null; } return ERROR_SUCCESS; } [ResourceExposure(ResourceScope.None)] [ResourceConsumption( ResourceScope.Process, ResourceScope.Process )] SafeCloseHandle GetThreadToken() { // // Open the thread token; if there is no thread token, get one from // the process token by impersonating self. // SafeCloseHandle threadToken; if (!NativeMethods.OpenThreadToken( NativeMethods.GetCurrentThread(), TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, true, out threadToken)) { int error = Marshal.GetLastWin32Error(); Utility.CloseInvalidOutSafeHandle(threadToken); if (error != ERROR_NO_TOKEN) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } else { SafeCloseHandle processToken; if (!NativeMethods.OpenProcessToken( NativeMethods.GetCurrentProcess(), TokenAccessLevels.Duplicate, out processToken)) { error = Marshal.GetLastWin32Error(); Utility.CloseInvalidOutSafeHandle(processToken); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } try { if (!NativeMethods.DuplicateTokenEx( processToken, TokenAccessLevels.Impersonate | TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, IntPtr.Zero, SECURITY_IMPERSONATION_LEVEL.Impersonation, TokenType.TokenImpersonation, out threadToken)) { error = Marshal.GetLastWin32Error(); Utility.CloseInvalidOutSafeHandle(threadToken); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } SetThreadToken(threadToken); } finally { processToken.Close(); } } } return threadToken; } void EnableTokenPrivilege(SafeCloseHandle threadToken) { DiagnosticUtility.DebugAssert(!this.needToRevert, ""); TOKEN_PRIVILEGE newState; newState.PrivilegeCount = 1; newState.Privilege.Luid = this.luid; newState.Privilege.Attributes = SE_PRIVILEGE_ENABLED; TOKEN_PRIVILEGE previousState; uint previousSize = 0; bool success = false; int error = 0; // CER RuntimeHelpers.PrepareConstrainedRegions(); try { } finally { success = NativeMethods.AdjustTokenPrivileges( threadToken, false, ref newState, TOKEN_PRIVILEGE.Size, out previousState, out previousSize); error = Marshal.GetLastWin32Error(); if (success && error == ERROR_SUCCESS) { this.initialEnabled = (0 != (previousState.Privilege.Attributes & SE_PRIVILEGE_ENABLED)); this.needToRevert = true; } } if (error == ERROR_NOT_ALL_ASSIGNED) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new PrivilegeNotHeldException(this.privilege)); } else if (!success) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } } void SetThreadToken(SafeCloseHandle threadToken) { DiagnosticUtility.DebugAssert(!this.isImpersonating, ""); int error = 0; // CER RuntimeHelpers.PrepareConstrainedRegions(); try { } finally { if (!NativeMethods.SetThreadToken(IntPtr.Zero, threadToken)) { error = Marshal.GetLastWin32Error(); } else { this.isImpersonating = true; } } if (!this.isImpersonating) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } } static LUID LuidFromPrivilege(string privilege) { LUID luid; lock (luids) { if (luids.TryGetValue(privilege, out luid)) { return luid; } } if (!NativeMethods.LookupPrivilegeValueW(null, privilege, out luid)) { int error = Marshal.GetLastWin32Error(); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } lock (luids) { if (!luids.ContainsKey(privilege)) { luids[privilege] = luid; } } return luid; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. //------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.IdentityModel { using System.Collections.Generic; using System.ComponentModel; using System.Runtime.CompilerServices; using System.Runtime.ConstrainedExecution; using System.Runtime.InteropServices; using System.Security.AccessControl; using System.Security.Principal; using System.ServiceModel.Diagnostics; using System.Runtime.Versioning; class Privilege { static Dictionary luids = new Dictionary (); public const string SeAuditPrivilege = "SeAuditPrivilege"; public const string SeTcbPrivilege = "SeTcbPrivilege"; const uint SE_PRIVILEGE_DISABLED = 0x00000000; const uint SE_PRIVILEGE_ENABLED_BY_DEFAULT = 0x00000001; const uint SE_PRIVILEGE_ENABLED = 0x00000002; const uint SE_PRIVILEGE_USED_FOR_ACCESS = 0x80000000; const int ERROR_SUCCESS = 0x0; const int ERROR_NO_TOKEN = 0x3F0; const int ERROR_NOT_ALL_ASSIGNED = 0x514; string privilege; LUID luid; bool needToRevert = false; bool initialEnabled = false; bool isImpersonating = false; SafeCloseHandle threadToken = null; public Privilege(string privilege) { this.privilege = privilege; this.luid = LuidFromPrivilege(privilege); } public void Enable() { // Note: AdjustTokenPrivileges should not try to adjust if the token is // Primary token (process). Duplicate the process token (impersonation) and // then set token to current thread and unsetting (RevertToSelf) later. DiagnosticUtility.DebugAssert(this.threadToken == null, ""); this.threadToken = GetThreadToken(); EnableTokenPrivilege(this.threadToken); } // Have to run in CER [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] public int Revert() { if (!this.isImpersonating) { if (this.needToRevert && !this.initialEnabled) { TOKEN_PRIVILEGE newState; newState.PrivilegeCount = 1; newState.Privilege.Luid = this.luid; newState.Privilege.Attributes = SE_PRIVILEGE_DISABLED; TOKEN_PRIVILEGE previousState; uint previousSize = 0; if (!NativeMethods.AdjustTokenPrivileges( this.threadToken, false, ref newState, TOKEN_PRIVILEGE.Size, out previousState, out previousSize)) { return Marshal.GetLastWin32Error(); } } this.needToRevert = false; } else { if (!NativeMethods.RevertToSelf()) { return Marshal.GetLastWin32Error(); } this.isImpersonating = false; } if (this.threadToken != null) { this.threadToken.Close(); this.threadToken = null; } return ERROR_SUCCESS; } [ResourceExposure(ResourceScope.None)] [ResourceConsumption( ResourceScope.Process, ResourceScope.Process )] SafeCloseHandle GetThreadToken() { // // Open the thread token; if there is no thread token, get one from // the process token by impersonating self. // SafeCloseHandle threadToken; if (!NativeMethods.OpenThreadToken( NativeMethods.GetCurrentThread(), TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, true, out threadToken)) { int error = Marshal.GetLastWin32Error(); Utility.CloseInvalidOutSafeHandle(threadToken); if (error != ERROR_NO_TOKEN) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } else { SafeCloseHandle processToken; if (!NativeMethods.OpenProcessToken( NativeMethods.GetCurrentProcess(), TokenAccessLevels.Duplicate, out processToken)) { error = Marshal.GetLastWin32Error(); Utility.CloseInvalidOutSafeHandle(processToken); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } try { if (!NativeMethods.DuplicateTokenEx( processToken, TokenAccessLevels.Impersonate | TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, IntPtr.Zero, SECURITY_IMPERSONATION_LEVEL.Impersonation, TokenType.TokenImpersonation, out threadToken)) { error = Marshal.GetLastWin32Error(); Utility.CloseInvalidOutSafeHandle(threadToken); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } SetThreadToken(threadToken); } finally { processToken.Close(); } } } return threadToken; } void EnableTokenPrivilege(SafeCloseHandle threadToken) { DiagnosticUtility.DebugAssert(!this.needToRevert, ""); TOKEN_PRIVILEGE newState; newState.PrivilegeCount = 1; newState.Privilege.Luid = this.luid; newState.Privilege.Attributes = SE_PRIVILEGE_ENABLED; TOKEN_PRIVILEGE previousState; uint previousSize = 0; bool success = false; int error = 0; // CER RuntimeHelpers.PrepareConstrainedRegions(); try { } finally { success = NativeMethods.AdjustTokenPrivileges( threadToken, false, ref newState, TOKEN_PRIVILEGE.Size, out previousState, out previousSize); error = Marshal.GetLastWin32Error(); if (success && error == ERROR_SUCCESS) { this.initialEnabled = (0 != (previousState.Privilege.Attributes & SE_PRIVILEGE_ENABLED)); this.needToRevert = true; } } if (error == ERROR_NOT_ALL_ASSIGNED) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new PrivilegeNotHeldException(this.privilege)); } else if (!success) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } } void SetThreadToken(SafeCloseHandle threadToken) { DiagnosticUtility.DebugAssert(!this.isImpersonating, ""); int error = 0; // CER RuntimeHelpers.PrepareConstrainedRegions(); try { } finally { if (!NativeMethods.SetThreadToken(IntPtr.Zero, threadToken)) { error = Marshal.GetLastWin32Error(); } else { this.isImpersonating = true; } } if (!this.isImpersonating) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } } static LUID LuidFromPrivilege(string privilege) { LUID luid; lock (luids) { if (luids.TryGetValue(privilege, out luid)) { return luid; } } if (!NativeMethods.LookupPrivilegeValueW(null, privilege, out luid)) { int error = Marshal.GetLastWin32Error(); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } lock (luids) { if (!luids.ContainsKey(privilege)) { luids[privilege] = luid; } } return luid; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- CommandConverter.cs
- OleDbWrapper.cs
- RoutedEventHandlerInfo.cs
- EditorPartCollection.cs
- EntityContainerAssociationSet.cs
- DataGridViewAutoSizeColumnModeEventArgs.cs
- StylusPointPropertyInfoDefaults.cs
- NamedObject.cs
- HTTPNotFoundHandler.cs
- GraphicsContainer.cs
- ColorConvertedBitmapExtension.cs
- AutomationPropertyInfo.cs
- FormatterServices.cs
- DesignerTransaction.cs
- StorageScalarPropertyMapping.cs
- AggregateNode.cs
- TreeView.cs
- ToolboxItem.cs
- IfJoinedCondition.cs
- HtmlControlDesigner.cs
- ColumnHeaderConverter.cs
- SqlProcedureAttribute.cs
- PrimitiveType.cs
- TextSyndicationContentKindHelper.cs
- LookupNode.cs
- KoreanCalendar.cs
- HyperLinkDataBindingHandler.cs
- PersonalizableTypeEntry.cs
- ValidationHelper.cs
- Int64AnimationBase.cs
- TraceUtility.cs
- RecognizerBase.cs
- ZipIOZip64EndOfCentralDirectoryLocatorBlock.cs
- DataError.cs
- XmlTextReaderImpl.cs
- MobileErrorInfo.cs
- BmpBitmapEncoder.cs
- ConfigurationCollectionAttribute.cs
- ResourceWriter.cs
- Size3D.cs
- WSTrustFeb2005.cs
- PartialCachingControl.cs
- Byte.cs
- SimpleBitVector32.cs
- NullPackagingPolicy.cs
- DirtyTextRange.cs
- PerspectiveCamera.cs
- DefaultAssemblyResolver.cs
- TransformCollection.cs
- XPathSelfQuery.cs
- TemplatedAdorner.cs
- DesignerInterfaces.cs
- XmlBinaryReader.cs
- DataTableClearEvent.cs
- TimeoutException.cs
- SettingsPropertyValueCollection.cs
- XPathAncestorIterator.cs
- Geometry3D.cs
- DataGridLinkButton.cs
- RegularExpressionValidator.cs
- XmlHierarchicalDataSourceView.cs
- PartitionResolver.cs
- DataGridViewAutoSizeModeEventArgs.cs
- controlskin.cs
- CodeDOMProvider.cs
- DesignerWebPartChrome.cs
- SafeHandles.cs
- RootBuilder.cs
- DataSetUtil.cs
- MultipleViewProviderWrapper.cs
- DependencyObjectValidator.cs
- SerializationInfoEnumerator.cs
- ScrollItemPattern.cs
- InvalidDataException.cs
- Tag.cs
- COM2ComponentEditor.cs
- FrameDimension.cs
- EncodingConverter.cs
- Clause.cs
- SspiSafeHandles.cs
- XMLUtil.cs
- ParameterModifier.cs
- Size3DValueSerializer.cs
- Triplet.cs
- SoapEnumAttribute.cs
- ListContractAdapter.cs
- LineServicesRun.cs
- _TLSstream.cs
- FixedHyperLink.cs
- _SafeNetHandles.cs
- Knowncolors.cs
- EdmToObjectNamespaceMap.cs
- NodeInfo.cs
- DataColumnMappingCollection.cs
- AutomationElementCollection.cs
- Pen.cs
- StringResourceManager.cs
- Control.cs
- TextChangedEventArgs.cs
- EventSchemaTraceListener.cs