public override bool Equals(object obj)
{
User user = obj as User;
if (user != null)
{
return(this.Equals(user));
}
WindowsIdentity wid = obj as WindowsIdentity;
if (wid != null && sid != null)
{
return(sid.Equals(wid.User));
}
try
{
string un = obj as string;
if (un != null)
{
return(this.Equals(new User(un)));
}
}
catch { }
return(base.Equals(obj));
}
public void EqualsNull()
{
SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
Assert.IsFalse(sid.Equals((object)null));
Assert.IsFalse(sid.Equals((SecurityIdentifier)null));
}
private static bool ExchangeSharePointUserMatch(ADUser exUser, User spUser)
{
if (spUser.UserId != null && spUser.UserId.NameId != null)
{
string nameId = spUser.UserId.NameId;
if (!VariantConfiguration.InvariantNoFlightingSnapshot.Global.MultiTenancy.Enabled)
{
try
{
SecurityIdentifier securityIdentifier = new SecurityIdentifier(nameId);
return(securityIdentifier.Equals(exUser.Sid) || securityIdentifier.Equals(exUser.MasterAccountSid));
}
catch (ArgumentException)
{
}
return(false);
}
NetID other;
if (NetID.TryParse(nameId, out other))
{
return(exUser.NetID.Equals(other));
}
}
return(false);
}
public static bool IsWellKnownIdentity(String accountName)
{
NTAccount ntaccount = new NTAccount(accountName);
SecurityIdentifier sid = (SecurityIdentifier)ntaccount.Translate(typeof(SecurityIdentifier));
SecurityIdentifier networkServiceSid = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null);
SecurityIdentifier localServiceSid = new SecurityIdentifier(WellKnownSidType.LocalServiceSid, null);
SecurityIdentifier localSystemSid = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);
return(sid.Equals(networkServiceSid) ||
sid.Equals(localServiceSid) ||
sid.Equals(localSystemSid));
}
/// <summary>Determines whether the specified <see cref="System.Object"/>, is equal to this instance.</summary>
/// <param name="obj">The <see cref="System.Object"/> to compare with this instance.</param>
/// <returns><c>true</c> if the specified <see cref="System.Object"/> is equal to this instance; otherwise, <c>false</c>.</returns>
public override bool Equals(object obj)
{
if (obj is User user)
return Equals(user);
if (obj is WindowsIdentity wid && sid != null)
return sid.Equals(wid.User);
try
{
if (obj is string un)
return Equals(new User(un));
}
catch { }
return base.Equals(obj);
}
private RawSecurityDescriptor ApplyAcesToTargetSecurityDescriptor(RawSecurityDescriptor targetSd, List <GenericAce> sourceAces)
{
List <GenericAce> list = new List <GenericAce>();
foreach (GenericAce genericAce in targetSd.DiscretionaryAcl)
{
SecurityIdentifier sidFromAce = TenantRelocationSecurityDescriptorHandler.GetSidFromAce(genericAce);
if (!(sidFromAce == null))
{
SecurityIdentifier accountDomainSid = sidFromAce.AccountDomainSid;
if (sidFromAce.IsAccountSid() && !accountDomainSid.Equals(this.targetDomainSid))
{
ExTraceGlobals.TenantRelocationTracer.TraceDebug <string>((long)this.GetHashCode(), "ApplyAcesToTargetSecurityDescriptor: customized SID found {0} on target object, removed.", sidFromAce.ToString());
}
else
{
list.Add(genericAce);
}
}
}
RawAcl rawAcl = new RawAcl(targetSd.DiscretionaryAcl.Revision, list.Count + sourceAces.Count);
int num = 0;
foreach (GenericAce ace in list)
{
rawAcl.InsertAce(num++, ace);
}
foreach (GenericAce ace2 in sourceAces)
{
rawAcl.InsertAce(num++, ace2);
}
targetSd.DiscretionaryAcl = rawAcl;
return(targetSd);
}
/// <summary>Determines whether the specified <see cref="System.Object"/>, is equal to this instance.</summary>
/// <param name="obj">The <see cref="System.Object"/> to compare with this instance.</param>
/// <returns><c>true</c> if the specified <see cref="System.Object"/> is equal to this instance; otherwise, <c>false</c>.</returns>
public override bool Equals(object obj)
{
if (obj is User user)
{
return(Equals(user));
}
if (obj is WindowsIdentity wid && sid != null)
{
return(sid.Equals(wid.User));
}
try
{
if (obj is string un)
{
return(Equals(new User(un)));
}
}
catch { }
return(base.Equals(obj));
}
private Claim CheckSidEquivalence(SecurityIdentifier identitySid, ClaimSet claimSet)
{
foreach (Claim claim in claimSet)
{
SecurityIdentifier securityIdentifier = this.GetSecurityIdentifier(claim);
if ((securityIdentifier != null) && identitySid.Equals(securityIdentifier))
{
return(claim);
}
}
return(null);
}
void RemoveCertificatePrivateKeyAccess(X509Certificate2 cert)
{
if (cert != null && cert.HasPrivateKey)
{
try
{
AsymmetricAlgorithm key = cert.PrivateKey;
// Only RSA provider is supported here
if (key is RSACryptoServiceProvider)
{
RSACryptoServiceProvider prov = key as RSACryptoServiceProvider;
CspKeyContainerInfo info = prov.CspKeyContainerInfo;
CryptoKeySecurity keySec = info.CryptoKeySecurity;
SecurityIdentifier ns = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null);
AuthorizationRuleCollection rules = keySec.GetAccessRules(true, false, typeof(SecurityIdentifier));
foreach (AuthorizationRule rule in rules)
{
CryptoKeyAccessRule keyAccessRule = (CryptoKeyAccessRule)rule;
if (keyAccessRule.AccessControlType == AccessControlType.Allow &&
(int)(keyAccessRule.CryptoKeyRights & CryptoKeyRights.GenericRead) != 0)
{
SecurityIdentifier sid = keyAccessRule.IdentityReference as SecurityIdentifier;
if (ns.Equals(sid))
{
CryptoKeyAccessRule nsReadRule = new CryptoKeyAccessRule(ns,
CryptoKeyRights.GenericRead,
AccessControlType.Allow);
keySec.RemoveAccessRule(nsReadRule);
CommitCryptoKeySecurity(info, keySec);
break;
}
}
}
}
}
#pragma warning suppress 56500
catch (Exception e)
{
// CommitCryptoKeySecurity can actually throw any exception,
// so the safest way here is to catch a generic exception while throw on critical ones
if (Utilities.IsCriticalException(e))
{
throw;
}
throw new WsatAdminException(WsatAdminErrorCode.CANNOT_UPDATE_PRIVATE_KEY_PERM,
SR.GetString(SR.ErrorUpdateCertPrivateKeyPerm), e);
}
}
}
public bool Equals(SidName other)
{
if (other is null)
{
return(false);
}
if (ReferenceEquals(this, other))
{
return(true);
}
return(value.Equals(other.value));
}
Claim CheckSidEquivalence(SecurityIdentifier identitySid, ClaimSet claimSet)
{
foreach (Claim claim in claimSet)
{
SecurityIdentifier sid = GetSecurityIdentifier(claim);
if (sid != null)
{
if (identitySid.Equals(sid))
{
return(claim);
}
}
}
return(null);
}
public UserInfo()
{
var wi = WindowsIdentity.GetCurrent();
Sid = wi.User;
if (wi.IsSystem)
{
IsSystemAccount = true;
}
else
{
var serviceSid = new SecurityIdentifier(WellKnownSidType.LocalServiceSid, null);
IsServiceAccount = serviceSid.Equals(Sid);
}
Name = ((NTAccount)Sid.Translate(typeof(NTAccount))).Value;
}
internal static bool DirectoryHasRights(string folderPath, FileSystemRights rights)
{
var currentUserIdentity = WindowsIdentity.GetCurrent();
SecurityIdentifier currentUserSID = currentUserIdentity.User;
bool allow = false;
bool deny = false;
DirectorySecurity acl = Directory.GetAccessControl(folderPath);
if (acl == null)
{
return(false);
}
AuthorizationRuleCollection accessRules = acl.GetAccessRules(true, true, typeof(SecurityIdentifier));
if (accessRules == null)
{
return(false);
}
foreach (FileSystemAccessRule accessRule in accessRules)
{
if (currentUserSID.Equals(accessRule.IdentityReference))
{
if ((rights & accessRule.FileSystemRights) != rights)
{
continue;
}
if (accessRule.AccessControlType == AccessControlType.Allow)
{
allow = true;
}
else if (accessRule.AccessControlType == AccessControlType.Deny)
{
deny = true;
}
}
}
return(allow && !deny);
}
/// <summary>
/// Indicates whether the current object is equal to another object of the same type.
/// </summary>
/// <returns>
/// true if the current object is equal to the <paramref name="other"/> parameter; otherwise, false.
/// </returns>
/// <param name="other">An object to compare with this object.</param>
public bool Equals(SubscriptionDataConfig other)
{
if (ReferenceEquals(null, other))
{
return(false);
}
if (ReferenceEquals(this, other))
{
return(true);
}
return(_sid.Equals(other._sid) && Type == other.Type &&
TickType == other.TickType &&
Resolution == other.Resolution &&
FillDataForward == other.FillDataForward &&
ExtendedMarketHours == other.ExtendedMarketHours &&
IsInternalFeed == other.IsInternalFeed &&
IsCustomData == other.IsCustomData &&
DataTimeZone.Equals(other.DataTimeZone) &&
ExchangeTimeZone.Equals(other.ExchangeTimeZone) &&
IsFilteredSubscription == other.IsFilteredSubscription);
}
private static bool CallerHasFullPermission(ClientSecurityContext clientSecurityContext, FreeBusyQuery freeBusyQuery)
{
SecurityIdentifier sid = freeBusyQuery.RecipientData.Sid;
SecurityIdentifier masterAccountSid = freeBusyQuery.RecipientData.MasterAccountSid;
bool flag = (sid != null && sid.Equals(clientSecurityContext.UserSid)) || (masterAccountSid != null && masterAccountSid.Equals(clientSecurityContext.UserSid));
if (flag)
{
FreeBusyPermission.SecurityTracer.TraceDebug(0L, "{0}: Caller {1} is owner of mailbox {2}, mailbox user SID {3}, master account SID {4}.", new object[]
{
TraceContext.Get(),
clientSecurityContext,
freeBusyQuery.Email,
sid,
masterAccountSid
});
return(true);
}
RawSecurityDescriptor exchangeSecurityDescriptor = freeBusyQuery.RecipientData.ExchangeSecurityDescriptor;
if (exchangeSecurityDescriptor != null)
{
if (FreeBusyPermission.SecurityTracer.IsTraceEnabled(TraceType.DebugTrace))
{
string sddlForm = exchangeSecurityDescriptor.GetSddlForm(AccessControlSections.All);
FreeBusyPermission.SecurityTracer.TraceDebug <object, EmailAddress, string>(0L, "{0}: The SDDL form of mailbox security descriptor of mailbox {1} is: {2}.", TraceContext.Get(), freeBusyQuery.Email, sddlForm);
}
if (clientSecurityContext.GetGrantedAccess(exchangeSecurityDescriptor, AccessMask.CreateChild) == 1 || clientSecurityContext.GetGrantedAccess(exchangeSecurityDescriptor, AccessMask.List) == 4)
{
FreeBusyPermission.SecurityTracer.TraceDebug <object, EmailAddress>(0L, "{0}: Caller does have 'owner' rights in mailbox {1}.", TraceContext.Get(), freeBusyQuery.Email);
return(true);
}
}
else
{
FreeBusyPermission.SecurityTracer.TraceDebug <object, EmailAddress>(0L, "{0}: User does not have an ExchangeSecurityDescriptor.", TraceContext.Get(), freeBusyQuery.Email);
}
FreeBusyPermission.SecurityTracer.TraceDebug <object, EmailAddress>(0L, "{0}: Caller does NOT have 'owner' rights in mailbox {1}.", TraceContext.Get(), freeBusyQuery.Email);
return(false);
}
public static IEnumerable <SafeNativeHandle> EnumerateUserTokens(SecurityIdentifier sid,
TokenAccessLevels access = TokenAccessLevels.Query)
{
foreach (System.Diagnostics.Process process in System.Diagnostics.Process.GetProcesses())
{
// We always need the Query access level so we can query the TokenUser
using (process)
using (SafeNativeHandle hToken = TryOpenAccessToken(process, access | TokenAccessLevels.Query))
{
if (hToken == null)
{
continue;
}
if (!sid.Equals(GetTokenUser(hToken)))
{
continue;
}
yield return(hToken);
}
}
}
// Token: 0x060017DC RID: 6108 RVA: 0x0008CD78 File Offset: 0x0008AF78
public void Add(EasDeviceBudget budget)
{
EasDeviceBudgetKey easDeviceBudgetKey = budget.Owner as EasDeviceBudgetKey;
SecurityIdentifier sid = easDeviceBudgetKey.Sid;
if (!sid.Equals(this.UserSid))
{
throw new InvalidOperationException(string.Format("[EasDeviceBudgetAllocator.Add] Attempted to add a budget for user {0} to allocator for user {1}. That is very naughty.", sid, this.UserSid));
}
bool flag = false;
lock (this.instanceLock)
{
if (!this.activeBudgets.ContainsKey(easDeviceBudgetKey))
{
this.activeBudgets[easDeviceBudgetKey] = budget;
flag = true;
}
}
if (flag)
{
this.UpdateIfNecessary(true);
}
}
private static AnchorMailbox CreateFromLogonIdentity(IRequestContext requestContext)
{
HttpContext httpContext = requestContext.HttpContext;
IPrincipal user = httpContext.User;
IIdentity identity = httpContext.User.Identity;
string text = httpContext.Items[Constants.WLIDMemberName] as string;
OAuthIdentity oauthIdentity = identity as OAuthIdentity;
if (oauthIdentity != null)
{
string text2 = httpContext.Request.Headers[Constants.ExternalDirectoryObjectIdHeaderName];
if (!string.IsNullOrEmpty(text2))
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-ExternalDirectoryObjectId");
return(new ExternalDirectoryObjectIdAnchorMailbox(text2, oauthIdentity.OrganizationId, requestContext));
}
if (oauthIdentity.ActAsUser != null)
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-ActAsUser");
return(new OAuthActAsUserAnchorMailbox(oauthIdentity.ActAsUser, requestContext));
}
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-AppOrganization");
return(new OrganizationAnchorMailbox(oauthIdentity.OrganizationId, requestContext));
}
else
{
GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
if (genericSidIdentity != null)
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "GenericSidIdentity");
return(new SidAnchorMailbox(genericSidIdentity.Sid, requestContext)
{
PartitionId = genericSidIdentity.PartitionId,
SmtpOrLiveId = text
});
}
DelegatedPrincipal delegatedPrincipal = user as DelegatedPrincipal;
if (delegatedPrincipal != null && delegatedPrincipal.DelegatedOrganization != null && string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "DelegatedPrincipal-DelegatedOrganization");
return(new DomainAnchorMailbox(delegatedPrincipal.DelegatedOrganization, requestContext));
}
WindowsIdentity windowsIdentity = identity as WindowsIdentity;
if (windowsIdentity != null)
{
if (string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "WindowsIdentity");
}
else
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "WindowsIdentity-LiveIdMemberName");
}
return(new SidAnchorMailbox(windowsIdentity.User, requestContext)
{
SmtpOrLiveId = text
});
}
try
{
SecurityIdentifier securityIdentifier = identity.GetSecurityIdentifier();
if (!securityIdentifier.Equals(AuthCommon.MemberNameNullSid))
{
if (string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "SID");
}
else
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "SID-LiveIdMemberName");
}
return(new SidAnchorMailbox(securityIdentifier, requestContext)
{
SmtpOrLiveId = text
});
}
}
catch (Exception)
{
}
if (requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth)
{
AnchorMailbox anchorMailbox = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext);
if (anchorMailbox != null)
{
return(anchorMailbox);
}
}
if (!string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "Smtp-LiveIdMemberName");
return(new SmtpAnchorMailbox(text, requestContext));
}
throw new InvalidOperationException(string.Format("Unknown idenity {0} with type {1}.", identity.GetSafeName(true), identity.ToString()));
}
}
public UserAccessRights(string path, string UserId)
{
if ((!String.IsNullOrEmpty(UserId)) && !String.IsNullOrEmpty(path))
{
NTAccount n = new NTAccount(UserId);
_principalSid = (SecurityIdentifier)n.Translate(typeof(SecurityIdentifier));
this._path = path;
System.IO.FileInfo fi = new System.IO.FileInfo(_path);
AuthorizationRuleCollection acl = fi.GetAccessControl().GetAccessRules(true, true, typeof(SecurityIdentifier));
for (int i = 0; i < acl.Count; i++)
{
System.Security.AccessControl.FileSystemAccessRule rule = (System.Security.AccessControl.FileSystemAccessRule)acl[i];
if (_principalSid.Equals(rule.IdentityReference))
{
if (System.Security.AccessControl.AccessControlType.Deny.Equals(rule.AccessControlType))
{
if (Contains(FileSystemRights.AppendData, rule))
{
_denyAppendData = true;
}
if (Contains(FileSystemRights.ChangePermissions, rule))
{
_denyChangePermissions = true;
}
if (Contains(FileSystemRights.CreateDirectories, rule))
{
_denyCreateDirectories = true;
}
if (Contains(FileSystemRights.CreateFiles, rule))
{
_denyCreateFiles = true;
}
if (Contains(FileSystemRights.Delete, rule))
{
_denyDelete = true;
}
if (Contains(FileSystemRights.DeleteSubdirectoriesAndFiles, rule))
{
_denyDeleteSubdirectoriesAndFiles = true;
}
if (Contains(FileSystemRights.ExecuteFile, rule))
{
_denyExecuteFile = true;
}
if (Contains(FileSystemRights.FullControl, rule))
{
_denyFullControl = true;
}
if (Contains(FileSystemRights.ListDirectory, rule))
{
_denyListDirectory = true;
}
if (Contains(FileSystemRights.Modify, rule))
{
_denyModify = true;
}
if (Contains(FileSystemRights.Read, rule))
{
_denyRead = true;
}
if (Contains(FileSystemRights.ReadAndExecute, rule))
{
_denyReadAndExecute = true;
}
if (Contains(FileSystemRights.ReadAttributes, rule))
{
_denyReadAttributes = true;
}
if (Contains(FileSystemRights.ReadData, rule))
{
_denyReadData = true;
}
if (Contains(FileSystemRights.ReadExtendedAttributes, rule))
{
_denyReadExtendedAttributes = true;
}
if (Contains(FileSystemRights.ReadPermissions, rule))
{
_denyReadPermissions = true;
}
if (Contains(FileSystemRights.Synchronize, rule))
{
_denySynchronize = true;
}
if (Contains(FileSystemRights.TakeOwnership, rule))
{
_denyTakeOwnership = true;
}
if (Contains(FileSystemRights.Traverse, rule))
{
_denyTraverse = true;
}
if (Contains(FileSystemRights.Write, rule))
{
_denyWrite = true;
}
if (Contains(FileSystemRights.WriteAttributes, rule))
{
_denyWriteAttributes = true;
}
if (Contains(FileSystemRights.WriteData, rule))
{
_denyWriteData = true;
}
if (Contains(FileSystemRights.WriteExtendedAttributes, rule))
{
_denyWriteExtendedAttributes = true;
}
}
else if (System.Security.AccessControl.AccessControlType.Allow.Equals(rule.AccessControlType))
{
if (Contains(FileSystemRights.AppendData, rule))
{
_allowAppendData = true;
}
if (Contains(FileSystemRights.ChangePermissions, rule))
{
_allowChangePermissions = true;
}
if (Contains(FileSystemRights.CreateDirectories, rule))
{
_allowCreateDirectories = true;
}
if (Contains(FileSystemRights.CreateFiles, rule))
{
_allowCreateFiles = true;
}
if (Contains(FileSystemRights.Delete, rule))
{
_allowDelete = true;
}
if (Contains(FileSystemRights.DeleteSubdirectoriesAndFiles, rule))
{
_allowDeleteSubdirectoriesAndFiles = true;
}
if (Contains(FileSystemRights.ExecuteFile, rule))
{
_allowExecuteFile = true;
}
if (Contains(FileSystemRights.FullControl, rule))
{
_allowFullControl = true;
}
if (Contains(FileSystemRights.ListDirectory, rule))
{
_allowListDirectory = true;
}
if (Contains(FileSystemRights.Modify, rule))
{
_allowModify = true;
}
if (Contains(FileSystemRights.Read, rule))
{
_allowRead = true;
}
if (Contains(FileSystemRights.ReadAndExecute, rule))
{
_allowReadAndExecute = true;
}
if (Contains(FileSystemRights.ReadAttributes, rule))
{
_allowReadAttributes = true;
}
if (Contains(FileSystemRights.ReadData, rule))
{
_allowReadData = true;
}
if (Contains(FileSystemRights.ReadExtendedAttributes, rule))
{
_allowReadExtendedAttributes = true;
}
if (Contains(FileSystemRights.ReadPermissions, rule))
{
_allowReadPermissions = true;
}
if (Contains(FileSystemRights.Synchronize, rule))
{
_allowSynchronize = true;
}
if (Contains(FileSystemRights.TakeOwnership, rule))
{
_allowTakeOwnership = true;
}
if (Contains(FileSystemRights.Traverse, rule))
{
_allowTraverse = true;
}
if (Contains(FileSystemRights.Write, rule))
{
_allowWrite = true;
}
if (Contains(FileSystemRights.WriteAttributes, rule))
{
_allowWriteAttributes = true;
}
if (Contains(FileSystemRights.WriteData, rule))
{
_allowWriteData = true;
}
if (Contains(FileSystemRights.WriteExtendedAttributes, rule))
{
_allowWriteExtendedAttributes = true;
}
}
}
}
/*
* IdentityReferenceCollection groups = _principal.Groups;
* for (int j = 0; j < groups.Count; j++)
* {
* for (int i = 0; i < acl.Count; i++)
* {
* System.Security.AccessControl.FileSystemAccessRule rule = (System.Security.AccessControl.FileSystemAccessRule)acl[i];
* if (groups[j].Equals(rule.IdentityReference))
* {
* if (System.Security.AccessControl.AccessControlType.Deny.Equals(rule.AccessControlType))
* {
* if (Contains(FileSystemRights.AppendData, rule)) _denyAppendData = true;
* if (Contains(FileSystemRights.ChangePermissions, rule)) _denyChangePermissions = true;
* if (Contains(FileSystemRights.CreateDirectories, rule)) _denyCreateDirectories = true;
* if (Contains(FileSystemRights.CreateFiles, rule)) _denyCreateFiles = true;
* if (Contains(FileSystemRights.Delete, rule)) _denyDelete = true;
* if (Contains(FileSystemRights.DeleteSubdirectoriesAndFiles, rule)) _denyDeleteSubdirectoriesAndFiles = true;
* if (Contains(FileSystemRights.ExecuteFile, rule)) _denyExecuteFile = true;
* if (Contains(FileSystemRights.FullControl, rule)) _denyFullControl = true;
* if (Contains(FileSystemRights.ListDirectory, rule)) _denyListDirectory = true;
* if (Contains(FileSystemRights.Modify, rule)) _denyModify = true;
* if (Contains(FileSystemRights.Read, rule)) _denyRead = true;
* if (Contains(FileSystemRights.ReadAndExecute, rule)) _denyReadAndExecute = true;
* if (Contains(FileSystemRights.ReadAttributes, rule)) _denyReadAttributes = true;
* if (Contains(FileSystemRights.ReadData, rule)) _denyReadData = true;
* if (Contains(FileSystemRights.ReadExtendedAttributes, rule)) _denyReadExtendedAttributes = true;
* if (Contains(FileSystemRights.ReadPermissions, rule)) _denyReadPermissions = true;
* if (Contains(FileSystemRights.Synchronize, rule)) _denySynchronize = true;
* if (Contains(FileSystemRights.TakeOwnership, rule)) _denyTakeOwnership = true;
* if (Contains(FileSystemRights.Traverse, rule)) _denyTraverse = true;
* if (Contains(FileSystemRights.Write, rule)) _denyWrite = true;
* if (Contains(FileSystemRights.WriteAttributes, rule)) _denyWriteAttributes = true;
* if (Contains(FileSystemRights.WriteData, rule)) _denyWriteData = true;
* if (Contains(FileSystemRights.WriteExtendedAttributes, rule)) _denyWriteExtendedAttributes = true;
* }
* else if (System.Security.AccessControl.AccessControlType.Allow.Equals(rule.AccessControlType))
* {
* if (Contains(FileSystemRights.AppendData, rule)) _allowAppendData = true;
* if (Contains(FileSystemRights.ChangePermissions, rule)) _allowChangePermissions = true;
* if (Contains(FileSystemRights.CreateDirectories, rule)) _allowCreateDirectories = true;
* if (Contains(FileSystemRights.CreateFiles, rule)) _allowCreateFiles = true;
* if (Contains(FileSystemRights.Delete, rule)) _allowDelete = true;
* if (Contains(FileSystemRights.DeleteSubdirectoriesAndFiles, rule)) _allowDeleteSubdirectoriesAndFiles = true;
* if (Contains(FileSystemRights.ExecuteFile, rule)) _allowExecuteFile = true;
* if (Contains(FileSystemRights.FullControl, rule)) _allowFullControl = true;
* if (Contains(FileSystemRights.ListDirectory, rule)) _allowListDirectory = true;
* if (Contains(FileSystemRights.Modify, rule)) _allowModify = true;
* if (Contains(FileSystemRights.Read, rule)) _allowRead = true;
* if (Contains(FileSystemRights.ReadAndExecute, rule)) _allowReadAndExecute = true;
* if (Contains(FileSystemRights.ReadAttributes, rule)) _allowReadAttributes = true;
* if (Contains(FileSystemRights.ReadData, rule)) _allowReadData = true;
* if (Contains(FileSystemRights.ReadExtendedAttributes, rule)) _allowReadExtendedAttributes = true;
* if (Contains(FileSystemRights.ReadPermissions, rule)) _allowReadPermissions = true;
* if (Contains(FileSystemRights.Synchronize, rule)) _allowSynchronize = true;
* if (Contains(FileSystemRights.TakeOwnership, rule)) _allowTakeOwnership = true;
* if (Contains(FileSystemRights.Traverse, rule)) _allowTraverse = true;
* if (Contains(FileSystemRights.Write, rule)) _allowWrite = true;
* if (Contains(FileSystemRights.WriteAttributes, rule)) _allowWriteAttributes = true;
* if (Contains(FileSystemRights.WriteData, rule)) _allowWriteData = true;
* if (Contains(FileSystemRights.WriteExtendedAttributes, rule)) _allowWriteExtendedAttributes = true;
* }
* }
* }
* }
*/
}
}
// Token: 0x060000EB RID: 235 RVA: 0x00005DD4 File Offset: 0x00003FD4
private static AnchorMailbox CreateFromLogonIdentity(IRequestContext requestContext)
{
HttpContext httpContext = requestContext.HttpContext;
IPrincipal user = httpContext.User;
IIdentity identity = httpContext.User.Identity;
string text;
HttpContextItemParser.TryGetLiveIdMemberName(httpContext.Items, ref text);
OAuthIdentity oauthIdentity = identity as OAuthIdentity;
if (oauthIdentity != null)
{
string externalDirectoryObjectId;
if (RequestHeaderParser.TryGetExternalDirectoryObjectId(httpContext.Request.Headers, ref externalDirectoryObjectId))
{
requestContext.Logger.SafeSet(3, "OAuthIdentity-ExternalDirectoryObjectId");
return(new ExternalDirectoryObjectIdAnchorMailbox(externalDirectoryObjectId, oauthIdentity.OrganizationId, requestContext));
}
if (oauthIdentity.ActAsUser != null)
{
requestContext.Logger.SafeSet(3, "OAuthIdentity-ActAsUser");
return(new OAuthActAsUserAnchorMailbox(oauthIdentity.ActAsUser, requestContext));
}
requestContext.Logger.SafeSet(3, "OAuthIdentity-AppOrganization");
return(new OrganizationAnchorMailbox(oauthIdentity.OrganizationId, requestContext));
}
else
{
GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
if (genericSidIdentity != null)
{
requestContext.Logger.SafeSet(3, "GenericSidIdentity");
return(new SidAnchorMailbox(genericSidIdentity.Sid, requestContext)
{
PartitionId = genericSidIdentity.PartitionId,
SmtpOrLiveId = text
});
}
DelegatedPrincipal delegatedPrincipal = user as DelegatedPrincipal;
if (delegatedPrincipal != null && delegatedPrincipal.DelegatedOrganization != null && string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(3, "DelegatedPrincipal-DelegatedOrganization");
return(new DomainAnchorMailbox(delegatedPrincipal.DelegatedOrganization, requestContext));
}
WindowsIdentity windowsIdentity = identity as WindowsIdentity;
if (windowsIdentity != null)
{
if (string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(3, "WindowsIdentity");
}
else
{
requestContext.Logger.SafeSet(3, "WindowsIdentity-LiveIdMemberName");
}
return(new SidAnchorMailbox(windowsIdentity.User, requestContext)
{
SmtpOrLiveId = text
});
}
SecurityIdentifier securityIdentifier = null;
if (IIdentityExtensions.TryGetSecurityIdentifier(identity, ref securityIdentifier) && !securityIdentifier.Equals(AuthCommon.MemberNameNullSid))
{
if (string.IsNullOrEmpty(text))
{
requestContext.Logger.SafeSet(3, "SID");
}
else
{
requestContext.Logger.SafeSet(3, "SID-LiveIdMemberName");
}
return(new SidAnchorMailbox(securityIdentifier, requestContext)
{
SmtpOrLiveId = text
});
}
if (!HttpProxySettings.IdentityIndependentAuthBehaviorEnabled.Value && requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth)
{
AnchorMailbox anchorMailbox = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext);
if (anchorMailbox != null)
{
return(anchorMailbox);
}
}
if (!string.IsNullOrEmpty(text) && SmtpAddress.IsValidSmtpAddress(text))
{
requestContext.Logger.SafeSet(3, "Smtp-LiveIdMemberName");
return(new SmtpAnchorMailbox(text, requestContext));
}
throw new InvalidOperationException(string.Format("Unknown idenity {0} with type {1}.", IIdentityExtensions.GetSafeName(identity, true), identity.ToString()));
}
}
private static SafeNativeHandle GetPrimaryTokenForUser(SecurityIdentifier sid, List <string> requiredPrivileges = null)
{
NativeHelpers.ProcessAccessFlags accessFlags = NativeHelpers.ProcessAccessFlags.PROCESS_QUERY_INFORMATION;
// According to CreateProcessWithTokenW we require a token with
// TOKEN_QUERY, TOKEN_DUPLICATE and TOKEN_ASSIGN_PRIMARY
// Also add in TOKEN_IMPERSONATE so we can get an impersonated token
TokenAccessLevels dwAccess = TokenAccessLevels.Query |
TokenAccessLevels.Duplicate |
TokenAccessLevels.AssignPrimary |
TokenAccessLevels.Impersonate;
foreach (System.Diagnostics.Process process in System.Diagnostics.Process.GetProcesses())
{
using (process)
{
using (SafeNativeHandle hProcess = NativeMethods.OpenProcess(accessFlags, false, (UInt32)process.Id))
{
if (hProcess.IsInvalid)
{
continue;
}
SafeNativeHandle hToken;
NativeMethods.OpenProcessToken(hProcess, dwAccess, out hToken);
if (hToken.IsInvalid)
{
continue;
}
using (hToken)
{
if (!sid.Equals(GetTokenUserSID(hToken)))
{
continue;
}
// Filter out any Network logon tokens, using become with that is useless when S4U
// can give us a Batch logon
NativeHelpers.SECURITY_LOGON_TYPE tokenLogonType = GetTokenLogonType(hToken);
if (tokenLogonType == NativeHelpers.SECURITY_LOGON_TYPE.Network)
{
continue;
}
// Check that the required privileges are on the token
if (requiredPrivileges != null)
{
List <string> actualPrivileges = GetTokenPrivileges(hToken);
int missing = requiredPrivileges.Where(x => !actualPrivileges.Contains(x)).Count();
if (missing > 0)
{
continue;
}
}
SafeNativeHandle dupToken;
if (!NativeMethods.DuplicateTokenEx(hToken, TokenAccessLevels.MaximumAllowed,
IntPtr.Zero, NativeHelpers.SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation,
NativeHelpers.TOKEN_TYPE.TokenPrimary, out dupToken))
{
continue;
}
return(dupToken);
}
}
}
}
return(null);
}
