Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / cdf / src / WCF / IdentityModel / System / IdentityModel / Privilege.cs / 1305376 / Privilege.cs
//------------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace System.IdentityModel
{
using System.Collections.Generic;
using System.ComponentModel;
using System.Runtime.CompilerServices;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Security.AccessControl;
using System.Security.Principal;
using System.ServiceModel.Diagnostics;
using System.Runtime.Versioning;
class Privilege
{
static Dictionary luids = new Dictionary();
public const string SeAuditPrivilege = "SeAuditPrivilege";
public const string SeTcbPrivilege = "SeTcbPrivilege";
const uint SE_PRIVILEGE_DISABLED = 0x00000000;
const uint SE_PRIVILEGE_ENABLED_BY_DEFAULT = 0x00000001;
const uint SE_PRIVILEGE_ENABLED = 0x00000002;
const uint SE_PRIVILEGE_USED_FOR_ACCESS = 0x80000000;
const int ERROR_SUCCESS = 0x0;
const int ERROR_NO_TOKEN = 0x3F0;
const int ERROR_NOT_ALL_ASSIGNED = 0x514;
string privilege;
LUID luid;
bool needToRevert = false;
bool initialEnabled = false;
bool isImpersonating = false;
SafeCloseHandle threadToken = null;
public Privilege(string privilege)
{
this.privilege = privilege;
this.luid = LuidFromPrivilege(privilege);
}
public void Enable()
{
// Note: AdjustTokenPrivileges should not try to adjust if the token is
// Primary token (process). Duplicate the process token (impersonation) and
// then set token to current thread and unsetting (RevertToSelf) later.
DiagnosticUtility.DebugAssert(this.threadToken == null, "");
this.threadToken = GetThreadToken();
EnableTokenPrivilege(this.threadToken);
}
// Have to run in CER
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
public int Revert()
{
if (!this.isImpersonating)
{
if (this.needToRevert && !this.initialEnabled)
{
TOKEN_PRIVILEGE newState;
newState.PrivilegeCount = 1;
newState.Privilege.Luid = this.luid;
newState.Privilege.Attributes = SE_PRIVILEGE_DISABLED;
TOKEN_PRIVILEGE previousState;
uint previousSize = 0;
if (!NativeMethods.AdjustTokenPrivileges(
this.threadToken,
false,
ref newState,
TOKEN_PRIVILEGE.Size,
out previousState,
out previousSize))
{
return Marshal.GetLastWin32Error();
}
}
this.needToRevert = false;
}
else
{
if (!NativeMethods.RevertToSelf())
{
return Marshal.GetLastWin32Error();
}
this.isImpersonating = false;
}
if (this.threadToken != null)
{
this.threadToken.Close();
this.threadToken = null;
}
return ERROR_SUCCESS;
}
[ResourceExposure(ResourceScope.None)]
[ResourceConsumption( ResourceScope.Process, ResourceScope.Process )]
SafeCloseHandle GetThreadToken()
{
//
// Open the thread token; if there is no thread token, get one from
// the process token by impersonating self.
//
SafeCloseHandle threadToken;
if (!NativeMethods.OpenThreadToken(
NativeMethods.GetCurrentThread(),
TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges,
true,
out threadToken))
{
int error = Marshal.GetLastWin32Error();
Utility.CloseInvalidOutSafeHandle(threadToken);
if (error != ERROR_NO_TOKEN)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
else
{
SafeCloseHandle processToken;
if (!NativeMethods.OpenProcessToken(
NativeMethods.GetCurrentProcess(),
TokenAccessLevels.Duplicate,
out processToken))
{
error = Marshal.GetLastWin32Error();
Utility.CloseInvalidOutSafeHandle(processToken);
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
try
{
if (!NativeMethods.DuplicateTokenEx(
processToken,
TokenAccessLevels.Impersonate | TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges,
IntPtr.Zero,
SECURITY_IMPERSONATION_LEVEL.Impersonation,
TokenType.TokenImpersonation,
out threadToken))
{
error = Marshal.GetLastWin32Error();
Utility.CloseInvalidOutSafeHandle(threadToken);
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
SetThreadToken(threadToken);
}
finally
{
processToken.Close();
}
}
}
return threadToken;
}
void EnableTokenPrivilege(SafeCloseHandle threadToken)
{
DiagnosticUtility.DebugAssert(!this.needToRevert, "");
TOKEN_PRIVILEGE newState;
newState.PrivilegeCount = 1;
newState.Privilege.Luid = this.luid;
newState.Privilege.Attributes = SE_PRIVILEGE_ENABLED;
TOKEN_PRIVILEGE previousState;
uint previousSize = 0;
bool success = false;
int error = 0;
// CER
RuntimeHelpers.PrepareConstrainedRegions();
try
{
}
finally
{
success = NativeMethods.AdjustTokenPrivileges(
threadToken,
false,
ref newState,
TOKEN_PRIVILEGE.Size,
out previousState,
out previousSize);
error = Marshal.GetLastWin32Error();
if (success && error == ERROR_SUCCESS)
{
this.initialEnabled = (0 != (previousState.Privilege.Attributes & SE_PRIVILEGE_ENABLED));
this.needToRevert = true;
}
}
if (error == ERROR_NOT_ALL_ASSIGNED)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new PrivilegeNotHeldException(this.privilege));
}
else if (!success)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
void SetThreadToken(SafeCloseHandle threadToken)
{
DiagnosticUtility.DebugAssert(!this.isImpersonating, "");
int error = 0;
// CER
RuntimeHelpers.PrepareConstrainedRegions();
try
{
}
finally
{
if (!NativeMethods.SetThreadToken(IntPtr.Zero, threadToken))
{
error = Marshal.GetLastWin32Error();
}
else
{
this.isImpersonating = true;
}
}
if (!this.isImpersonating)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
static LUID LuidFromPrivilege(string privilege)
{
LUID luid;
lock (luids)
{
if (luids.TryGetValue(privilege, out luid))
{
return luid;
}
}
if (!NativeMethods.LookupPrivilegeValueW(null, privilege, out luid))
{
int error = Marshal.GetLastWin32Error();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
lock (luids)
{
if (!luids.ContainsKey(privilege))
{
luids[privilege] = luid;
}
}
return luid;
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace System.IdentityModel
{
using System.Collections.Generic;
using System.ComponentModel;
using System.Runtime.CompilerServices;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Security.AccessControl;
using System.Security.Principal;
using System.ServiceModel.Diagnostics;
using System.Runtime.Versioning;
class Privilege
{
static Dictionary luids = new Dictionary();
public const string SeAuditPrivilege = "SeAuditPrivilege";
public const string SeTcbPrivilege = "SeTcbPrivilege";
const uint SE_PRIVILEGE_DISABLED = 0x00000000;
const uint SE_PRIVILEGE_ENABLED_BY_DEFAULT = 0x00000001;
const uint SE_PRIVILEGE_ENABLED = 0x00000002;
const uint SE_PRIVILEGE_USED_FOR_ACCESS = 0x80000000;
const int ERROR_SUCCESS = 0x0;
const int ERROR_NO_TOKEN = 0x3F0;
const int ERROR_NOT_ALL_ASSIGNED = 0x514;
string privilege;
LUID luid;
bool needToRevert = false;
bool initialEnabled = false;
bool isImpersonating = false;
SafeCloseHandle threadToken = null;
public Privilege(string privilege)
{
this.privilege = privilege;
this.luid = LuidFromPrivilege(privilege);
}
public void Enable()
{
// Note: AdjustTokenPrivileges should not try to adjust if the token is
// Primary token (process). Duplicate the process token (impersonation) and
// then set token to current thread and unsetting (RevertToSelf) later.
DiagnosticUtility.DebugAssert(this.threadToken == null, "");
this.threadToken = GetThreadToken();
EnableTokenPrivilege(this.threadToken);
}
// Have to run in CER
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
public int Revert()
{
if (!this.isImpersonating)
{
if (this.needToRevert && !this.initialEnabled)
{
TOKEN_PRIVILEGE newState;
newState.PrivilegeCount = 1;
newState.Privilege.Luid = this.luid;
newState.Privilege.Attributes = SE_PRIVILEGE_DISABLED;
TOKEN_PRIVILEGE previousState;
uint previousSize = 0;
if (!NativeMethods.AdjustTokenPrivileges(
this.threadToken,
false,
ref newState,
TOKEN_PRIVILEGE.Size,
out previousState,
out previousSize))
{
return Marshal.GetLastWin32Error();
}
}
this.needToRevert = false;
}
else
{
if (!NativeMethods.RevertToSelf())
{
return Marshal.GetLastWin32Error();
}
this.isImpersonating = false;
}
if (this.threadToken != null)
{
this.threadToken.Close();
this.threadToken = null;
}
return ERROR_SUCCESS;
}
[ResourceExposure(ResourceScope.None)]
[ResourceConsumption( ResourceScope.Process, ResourceScope.Process )]
SafeCloseHandle GetThreadToken()
{
//
// Open the thread token; if there is no thread token, get one from
// the process token by impersonating self.
//
SafeCloseHandle threadToken;
if (!NativeMethods.OpenThreadToken(
NativeMethods.GetCurrentThread(),
TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges,
true,
out threadToken))
{
int error = Marshal.GetLastWin32Error();
Utility.CloseInvalidOutSafeHandle(threadToken);
if (error != ERROR_NO_TOKEN)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
else
{
SafeCloseHandle processToken;
if (!NativeMethods.OpenProcessToken(
NativeMethods.GetCurrentProcess(),
TokenAccessLevels.Duplicate,
out processToken))
{
error = Marshal.GetLastWin32Error();
Utility.CloseInvalidOutSafeHandle(processToken);
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
try
{
if (!NativeMethods.DuplicateTokenEx(
processToken,
TokenAccessLevels.Impersonate | TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges,
IntPtr.Zero,
SECURITY_IMPERSONATION_LEVEL.Impersonation,
TokenType.TokenImpersonation,
out threadToken))
{
error = Marshal.GetLastWin32Error();
Utility.CloseInvalidOutSafeHandle(threadToken);
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
SetThreadToken(threadToken);
}
finally
{
processToken.Close();
}
}
}
return threadToken;
}
void EnableTokenPrivilege(SafeCloseHandle threadToken)
{
DiagnosticUtility.DebugAssert(!this.needToRevert, "");
TOKEN_PRIVILEGE newState;
newState.PrivilegeCount = 1;
newState.Privilege.Luid = this.luid;
newState.Privilege.Attributes = SE_PRIVILEGE_ENABLED;
TOKEN_PRIVILEGE previousState;
uint previousSize = 0;
bool success = false;
int error = 0;
// CER
RuntimeHelpers.PrepareConstrainedRegions();
try
{
}
finally
{
success = NativeMethods.AdjustTokenPrivileges(
threadToken,
false,
ref newState,
TOKEN_PRIVILEGE.Size,
out previousState,
out previousSize);
error = Marshal.GetLastWin32Error();
if (success && error == ERROR_SUCCESS)
{
this.initialEnabled = (0 != (previousState.Privilege.Attributes & SE_PRIVILEGE_ENABLED));
this.needToRevert = true;
}
}
if (error == ERROR_NOT_ALL_ASSIGNED)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new PrivilegeNotHeldException(this.privilege));
}
else if (!success)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
void SetThreadToken(SafeCloseHandle threadToken)
{
DiagnosticUtility.DebugAssert(!this.isImpersonating, "");
int error = 0;
// CER
RuntimeHelpers.PrepareConstrainedRegions();
try
{
}
finally
{
if (!NativeMethods.SetThreadToken(IntPtr.Zero, threadToken))
{
error = Marshal.GetLastWin32Error();
}
else
{
this.isImpersonating = true;
}
}
if (!this.isImpersonating)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
static LUID LuidFromPrivilege(string privilege)
{
LUID luid;
lock (luids)
{
if (luids.TryGetValue(privilege, out luid))
{
return luid;
}
}
if (!NativeMethods.LookupPrivilegeValueW(null, privilege, out luid))
{
int error = Marshal.GetLastWin32Error();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
lock (luids)
{
if (!luids.ContainsKey(privilege))
{
luids[privilege] = luid;
}
}
return luid;
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- ResourceIDHelper.cs
- VersionedStreamOwner.cs
- SecurityUniqueId.cs
- ObjectQueryExecutionPlan.cs
- AnimationStorage.cs
- CookieParameter.cs
- PropertyToken.cs
- FileSystemEventArgs.cs
- FormsAuthentication.cs
- IDictionary.cs
- ChangeProcessor.cs
- StoryFragments.cs
- HandlerMappingMemo.cs
- BitVector32.cs
- InvokeSchedule.cs
- QuaternionAnimation.cs
- _CookieModule.cs
- dbdatarecord.cs
- DNS.cs
- ListBoxItemWrapperAutomationPeer.cs
- FactoryId.cs
- CmsUtils.cs
- SplineKeyFrames.cs
- Selector.cs
- CompilationRelaxations.cs
- RadioButtonList.cs
- Library.cs
- MarginCollapsingState.cs
- DataControlFieldTypeEditor.cs
- ThreadExceptionEvent.cs
- PolyQuadraticBezierSegment.cs
- ResourceExpression.cs
- ProxyAttribute.cs
- Action.cs
- NameValueFileSectionHandler.cs
- VisualStyleInformation.cs
- SqlClientPermission.cs
- TemplatedWizardStep.cs
- StrokeCollectionConverter.cs
- OdbcDataAdapter.cs
- DataGridBoolColumn.cs
- DataGridToolTip.cs
- LoggedException.cs
- AssemblyBuilder.cs
- GridLength.cs
- ContextStack.cs
- ObjectListCommandCollection.cs
- XmlSchemaCollection.cs
- PenThread.cs
- HttpCookie.cs
- PropertyTab.cs
- AssemblyHash.cs
- FrameworkContentElement.cs
- FloatUtil.cs
- PrintController.cs
- DBSqlParserColumnCollection.cs
- ScrollableControlDesigner.cs
- IdentitySection.cs
- TreeNodeBindingCollection.cs
- SchemaImporterExtensionsSection.cs
- OracleParameterCollection.cs
- ContextDataSourceContextData.cs
- LinkTarget.cs
- DataBinder.cs
- DesignOnlyAttribute.cs
- Transform.cs
- CollectionViewGroupInternal.cs
- DocumentGridPage.cs
- mediapermission.cs
- XPathPatternParser.cs
- CustomErrorCollection.cs
- CodeTypeReference.cs
- UpdateCompiler.cs
- EditorZoneBase.cs
- MailSettingsSection.cs
- WebPartDescriptionCollection.cs
- WebPartConnectionsConnectVerb.cs
- SQLConvert.cs
- ResourceBinder.cs
- ToolStripSettings.cs
- MessageEventSubscriptionService.cs
- ColumnReorderedEventArgs.cs
- PriorityRange.cs
- KnownTypes.cs
- PositiveTimeSpanValidatorAttribute.cs
- Internal.cs
- GeometryValueSerializer.cs
- CodeActivityMetadata.cs
- DetailsViewDeletedEventArgs.cs
- _CacheStreams.cs
- SerTrace.cs
- LeftCellWrapper.cs
- Error.cs
- RSAPKCS1SignatureDeformatter.cs
- xml.cs
- DataGridViewRowConverter.cs
- PrinterResolution.cs
- VideoDrawing.cs
- SqlInternalConnectionTds.cs
- TreeViewItem.cs