private IIdentity GetExecutingUserIdentity()
{
if (this.executingUserIdentity == null)
{
switch (this.contextType)
{
case RBACContext.RBACContextType.Delegated:
break;
case (RBACContext.RBACContextType) 3:
goto IL_69;
case RBACContext.RBACContextType.Windows:
using (MemoryStream memoryStream = new MemoryStream(Encoding.UTF8.GetBytes(this.serializedExecutingUser)))
{
this.executingUserIdentity = new SerializedIdentity(new SerializedAccessToken(memoryStream));
goto IL_69;
}
break;
default:
goto IL_69;
}
this.executingUserIdentity = DelegatedPrincipal.GetDelegatedIdentity(this.serializedExecutingUser);
}
IL_69:
return(this.executingUserIdentity);
}
private static IIdentity InternalGetExecutingUserIdentity(PSPrincipal psPrincipal, string connectionUrl, out UserToken userToken, out Microsoft.Exchange.Configuration.Core.AuthenticationType authenticationType, out string sessionId, out string firstRequestId)
{
authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Unknown;
userToken = null;
sessionId = null;
firstRequestId = null;
if (psPrincipal.Identity.AuthenticationType.StartsWith("Cafe-", StringComparison.OrdinalIgnoreCase))
{
using (WinRMDataReceiver winRMDataReceiver = new WinRMDataReceiver(connectionUrl, psPrincipal.Identity.Name, psPrincipal.Identity.AuthenticationType, AuthZLogHelper.LantencyTracker))
{
userToken = winRMDataReceiver.UserToken;
sessionId = winRMDataReceiver.SessionId;
firstRequestId = winRMDataReceiver.RequestId;
string text = winRMDataReceiver.AuthenticationType.Substring("Cafe-".Length);
if (text.Equals("GenericIdentity", StringComparison.OrdinalIgnoreCase))
{
return(AuthZPluginHelper.ConstructGenericIdentityFromUserToken(userToken));
}
if (userToken.CommonAccessToken != null)
{
return(new WindowsTokenIdentity(userToken.CommonAccessToken.WindowsAccessToken).ToSerializedIdentity());
}
}
}
if (DelegatedPrincipal.DelegatedAuthenticationType.Equals(psPrincipal.Identity.AuthenticationType, StringComparison.OrdinalIgnoreCase))
{
authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.RemotePowerShellDelegated;
return(DelegatedPrincipal.GetDelegatedIdentity(psPrincipal.Identity.Name));
}
if (psPrincipal.WindowsIdentity != null)
{
string authenticationType2 = psPrincipal.Identity.AuthenticationType;
if (authenticationType2 != null && authenticationType2.StartsWith("Converted-", StringComparison.OrdinalIgnoreCase))
{
if (authenticationType2.StartsWith("Converted-Kerberos", StringComparison.OrdinalIgnoreCase))
{
authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Kerberos;
}
else
{
AuthZLogger.SafeAppendGenericError("InternalGetExecutingUserIdentity", "Unexpected AuthenticationType " + authenticationType2, true);
}
using (WinRMDataReceiver winRMDataReceiver2 = new WinRMDataReceiver(connectionUrl, psPrincipal.Identity.Name, psPrincipal.Identity.AuthenticationType, AuthZLogHelper.LantencyTracker))
{
userToken = winRMDataReceiver2.UserToken;
sessionId = winRMDataReceiver2.SessionId;
firstRequestId = winRMDataReceiver2.RequestId;
if (userToken.CommonAccessToken == null)
{
throw new AuthzException("DEV BUG, the CommonAccessToken should not be NULL when passing from Locally Kerberos logon.");
}
return(new WindowsTokenIdentity(userToken.CommonAccessToken.WindowsAccessToken).ToSerializedIdentity());
}
}
if ("CertificateLinkedUser".Equals(authenticationType2, StringComparison.OrdinalIgnoreCase))
{
authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.CertificateLinkedUser;
return(new GenericIdentity(psPrincipal.Identity.Name));
}
try
{
authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Certificate;
new SecurityIdentifier(psPrincipal.Identity.Name);
return(new GenericIdentity(psPrincipal.Identity.Name));
}
catch (ArgumentException)
{
authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Unknown;
return(psPrincipal.WindowsIdentity);
}
}
if ("RPS".Equals(psPrincipal.Identity.AuthenticationType, StringComparison.OrdinalIgnoreCase) || "Kerberos".Equals(psPrincipal.Identity.AuthenticationType, StringComparison.OrdinalIgnoreCase) || "Basic".Equals(psPrincipal.Identity.AuthenticationType, StringComparison.OrdinalIgnoreCase))
{
authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Kerberos;
SecurityIdentifier securityIdentifier = (SecurityIdentifier) new NTAccount(psPrincipal.Identity.Name).Translate(typeof(SecurityIdentifier));
return(new GenericIdentity(securityIdentifier.ToString()));
}
authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Unknown;
return(new GenericIdentity(psPrincipal.Identity.Name));
}
