Example #1
0
        private void RunspacesLeakDetected(string key, string relatedBudgetKey)
        {
            int num = 0;
            IPowerShellBudget powerShellBudget = null;

            if (this.budgets.TryGetValue(key, out powerShellBudget))
            {
                num = powerShellBudget.TotalActiveRunspacesCount;
            }
            if (powerShellBudget != null)
            {
                ExTraceGlobals.PublicPluginAPITracer.TraceError <string, string, int>(0L, "Connection leak detected for Key {0} in class {1}. Leaked value {2}.", key, base.GetType().ToString(), num);
                if (num > 0)
                {
                    AuthZLogger.SafeAppendGenericError("WSManBudgetManagerBase.RunspacesLeakDetected", string.Format("Connection leak detected for Key {0} in class {1}. Leaked value {2}.", key, base.GetType(), num), false);
                    TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_PSConnectionLeakDetected, null, new object[]
                    {
                        key,
                        base.GetType().ToString(),
                        num
                    });
                    this.UpdateConnectionLeakPerfCounter(num);
                }
                powerShellBudget.Dispose();
            }
            if (num > 0 && relatedBudgetKey != null)
            {
                this.CorrectRelatedBudgetWhenLeak(relatedBudgetKey, num);
            }
        }
Example #2
0
 internal void RemoveBudgetIfNoActiveRunspace(AuthZPluginUserToken userToken)
 {
     lock (this.instanceLock)
     {
         IPowerShellBudget budget = this.GetBudget(userToken, false, false);
         if (budget != null && budget.TotalActiveRunspacesCount <= 0)
         {
             string           text = this.CreateKey(userToken);
             Unlimited <uint> powerShellMaxRunspacesTimePeriod = budget.ThrottlingPolicy.PowerShellMaxRunspacesTimePeriod;
             if (powerShellMaxRunspacesTimePeriod.IsUnlimited)
             {
                 ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>(0L, "Key {0} is removed from budgets dictionary immediately.", text);
                 this.budgets.Remove(text);
                 this.keyToRemoveBudgets.Remove(text);
             }
             else
             {
                 int num = (int)(powerShellMaxRunspacesTimePeriod.Value + 5U);
                 ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string, int>(0L, "Register key {0} to keyToRemoveBudgets, timeout {1} seconds.", text, num);
                 this.keyToRemoveBudgets.InsertAbsolute(text, BudgetManager.NormalCleanupCacheValue, TimeSpan.FromSeconds((double)num), new RemoveItemDelegate <string, string>(this.OnKeyToRemoveBudgetsCacheValueRemoved));
             }
         }
     }
     this.UpdateBudgetsPerfCounter(this.budgets.Count);
     this.UpdateKeyToRemoveBudgetsPerfCounter(this.keyToRemoveBudgets.Count);
 }
Example #3
0
        protected void EnforceDelay()
        {
            if (this.context.ErrorInfo.TerminatePipeline)
            {
                return;
            }
            IPowerShellBudget psbudget = this.PSBudget;

            if (psbudget != null)
            {
                T t = (default(T) == null) ? Activator.CreateInstance <T>() : default(T);
                DelayEnforcementResults delayEnforcementResults = t.EnforceDelay(this, ThrottlingModule <T> .costTypesInEnforceDelay, ThrottlingModule <T> .CmdletMaxPreferredDelay);
                LocalizedString         localizedString         = this.GenerateDelayInfoLogString(this.PSBudget, delayEnforcementResults);
                if (!string.IsNullOrEmpty(localizedString))
                {
                    string          text           = string.Format("; PolicyDN: {0}; Snapshot: {1}", psbudget.ThrottlingPolicy.GetIdentityString(), psbudget);
                    LocalizedString warningMessage = new LocalizedString(localizedString + text);
                    this.context.Items["ThrottlingInfo"] = text;
                    this.context.Items["DelayedInfo"]    = localizedString;
                    Guid uniqueId = this.context.UniqueId;
                    CmdletLogger.SafeSetLogger(uniqueId, RpsCmdletMetadata.ThrottlingInfo, text);
                    CmdletLogger.SafeSetLogger(uniqueId, RpsCmdletMetadata.DelayInfo, CmdletLogHelper.NeedConvertLogMessageToUS ? localizedString.ToString(CmdletLogHelper.DefaultLoggingCulture) : localizedString);
                    this.WriteCmdletMicroDelayMessage(warningMessage, delayEnforcementResults.DelayInfo.Delay.TotalSeconds);
                }
                PowerShellBudgetWrapper powerShellBudgetWrapper = psbudget as PowerShellBudgetWrapper;
                WorkloadManagementLogger.SetBudgetBalance(powerShellBudgetWrapper.GetInnerBudget().CasTokenBucket.GetBalance().ToString(), null);
            }
        }
Example #4
0
        protected virtual CostHandle StartRunspaceImpl(AuthZPluginUserToken userToken)
        {
            IPowerShellBudget budget = this.GetBudget(userToken, true, true);

            if (budget != null)
            {
                ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>(0L, "Start budget tracking for ActiveRunspaces, key {0}", this.CreateKey(userToken));
                return(budget.StartActiveRunspace());
            }
            ExTraceGlobals.PublicPluginAPITracer.TraceError <string>(0L, "Try to start budget tracking for ActiveRunspaces, key {0} But the budget doesn't exist.", this.CreateKey(userToken));
            return(null);
        }
Example #5
0
 internal IThrottlingPolicy GetThrottlingPolicy()
 {
     using (IPowerShellBudget powerShellBudget = this.CreateBudget(BudgetType.PowerShell))
     {
         if (powerShellBudget != null)
         {
             return(powerShellBudget.ThrottlingPolicy);
         }
     }
     if (this.UserEntry is MiniRecipient)
     {
         return((this.UserEntry as MiniRecipient).ReadThrottlingPolicy());
     }
     return((this.UserEntry as ADUser).ReadThrottlingPolicy());
 }
 // Token: 0x06001493 RID: 5267 RVA: 0x0004CD60 File Offset: 0x0004AF60
 internal CostHandle StartCmdlet(AuthZPluginUserToken userToken)
 {
     if (!this.ShouldThrottling(userToken))
     {
         return(null);
     }
     lock (base.InstanceLock)
     {
         IPowerShellBudget budget = base.GetBudget(userToken, true, true);
         if (budget != null)
         {
             ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>(0L, "Start budget tracking for Cmdlet, key {0}", this.CreateKey(userToken));
             return(budget.StartCmdlet(null));
         }
         ExTraceGlobals.PublicPluginAPITracer.TraceError <string>(0L, "Try to start budget tracking for Cmdlet, key {0} But the budget doesn't exist.", this.CreateKey(userToken));
     }
     return(null);
 }
Example #7
0
 internal bool CheckOverBudget(AuthZPluginUserToken userToken, CostType costType, out OverBudgetException exception)
 {
     exception = null;
     if (!this.ShouldThrottling(userToken))
     {
         return(false);
     }
     lock (this.instanceLock)
     {
         IPowerShellBudget budget = this.GetBudget(userToken, false, false);
         if (budget != null)
         {
             return(budget.TryCheckOverBudget(costType, out exception));
         }
         ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>(0L, "Try to check overbudget for key {0}. But the budget doesn't exist.", this.CreateKey(userToken));
     }
     return(false);
 }
Example #8
0
        internal string GetWSManBudgetUsage(AuthZPluginUserToken userToken)
        {
            string result;

            lock (this.instanceLock)
            {
                IPowerShellBudget budget = this.GetBudget(userToken, false, false);
                if (budget == null)
                {
                    result = null;
                }
                else
                {
                    result = budget.GetWSManBudgetUsage();
                }
            }
            return(result);
        }
Example #9
0
        internal virtual IPowerShellBudget CreateBudget(BudgetType budgetType)
        {
            IPowerShellBudget result = null;

            if (this.DelegatedPrincipal != null)
            {
                ExTraceGlobals.PublicPluginAPITracer.TraceDebug <BudgetType, string>(0L, "Create Budge {0} for AuthZPluginUserToken {1} using DelegatedPrincipal.", budgetType, this.UserName);
                result = PowerShellBudget.Acquire(new DelegatedPrincipalBudgetKey(this.DelegatedPrincipal, budgetType));
            }
            else
            {
                ExTraceGlobals.PublicPluginAPITracer.TraceDebug <BudgetType, string>(0L, "Create Budge {0} for AuthZPluginUserToken {1} using UserEntry.", budgetType, this.UserName);
                if (budgetType == BudgetType.WSManTenant)
                {
                    return(PowerShellBudget.Acquire(new TenantBudgetKey(this.OrgId, budgetType)));
                }
                SecurityIdentifier securityIdentifier = (SecurityIdentifier)this.UserEntry[IADSecurityPrincipalSchema.Sid];
                if (securityIdentifier != null)
                {
                    ADObjectId rootOrgId;
                    if (this.OrgId == null || this.OrgId.Equals(OrganizationId.ForestWideOrgId))
                    {
                        rootOrgId = ADSystemConfigurationSession.GetRootOrgContainerIdForLocalForest();
                    }
                    else
                    {
                        rootOrgId = ADSystemConfigurationSession.GetRootOrgContainerId(this.OrgId.PartitionId.ForestFQDN, null, null);
                    }
                    result = PowerShellBudget.Acquire(securityIdentifier, budgetType, ADSessionSettings.FromOrganizationIdWithoutRbacScopes(rootOrgId, this.OrgId, this.OrgId, true));
                }
                else
                {
                    ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>(0L, "Sid is null, return null budget for AuthZPluginUserToken {0}.", this.UserName);
                }
            }
            return(result);
        }
Example #10
0
        private void ThrottleRequest(HttpContext context)
        {
            ExTraceGlobals.HttpModuleTracer.TraceFunction((long)this.GetHashCode(), "[ThrottlingHttpModule::ThrottleRequest] Enter");
            WinRMInfo winRMInfo = context.Items["X-RemotePS-WinRMInfo"] as WinRMInfo;

            if (winRMInfo == null)
            {
                ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[ThrottlingHttpModule::ThrottleRequest] WinRMInfo = null.");
                return;
            }
            string action = winRMInfo.Action;

            if (string.IsNullOrEmpty(action))
            {
                ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[ThrottlingHttpModule::ThrottleRequest] WinRMInfo.Action = null.");
                return;
            }
            if (!action.EndsWith(":Command", StringComparison.OrdinalIgnoreCase) && !action.Equals("Command", StringComparison.OrdinalIgnoreCase))
            {
                ExTraceGlobals.HttpModuleTracer.TraceDebug <string>((long)this.GetHashCode(), "[ThrottlingHttpModule::ThrottleRequest] Not Command Request. WinRMInfo.Action = {0}.", action);
                return;
            }
            IPowerShellBudget   powerShellBudget = null;
            OverBudgetException ex = null;

            try
            {
                try
                {
                    using (new MonitoredScope("ThrottlingHttpModule", "GetBudget", HttpModuleHelper.HttpPerfMonitors))
                    {
                        powerShellBudget = this.GetBudget(context);
                    }
                    if (powerShellBudget == null)
                    {
                        ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[ThrottlingHttpModule::ThrottleRequest] budget = null.");
                        return;
                    }
                    using (new MonitoredScope("ThrottlingHttpModule", "CheckBudgetAndStartCmdlet", HttpModuleHelper.HttpPerfMonitors))
                    {
                        powerShellBudget.StartCmdlet(null);
                        powerShellBudget.TryCheckOverBudget(CostType.CMDLET, out ex);
                    }
                }
                finally
                {
                    if (powerShellBudget != null)
                    {
                        powerShellBudget.Dispose();
                    }
                }
                if (ex != null)
                {
                    string windowsLiveId = context.CurrentUserToken().WindowsLiveId;
                    if (windowsLiveId != null)
                    {
                        FailFastUserCache.Instance.AddUserToCache(windowsLiveId, BlockedType.NewRequest, TimeSpan.Zero);
                        HttpLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-UserSelf", LoggerHelper.GetContributeToFailFastValue("User", windowsLiveId, BlockedType.NewRequest.ToString(), -1.0));
                    }
                    HttpModuleHelper.EndPowerShellRequestWithFriendlyError(context, FailureCategory.AuthZ, ex.GetType().Name, Strings.ErrorOperationTarpitting(ex.BackoffTime / 1000) + string.Format("{2}Policy: {0}; {2}Snapshot: {1}", ex.ThrottlingPolicyDN, ex.Snapshot, Environment.NewLine), "ThrottlingHttpModule", false);
                }
            }
            catch (Exception ex2)
            {
                if (!(ex2 is ThreadAbortException))
                {
                    HttpLogger.SafeAppendGenericError("ThrottlingHttpModule", ex2, new Func <Exception, bool>(KnownException.IsUnhandledException));
                    ExTraceGlobals.HttpModuleTracer.TraceError <Exception>((long)this.GetHashCode(), "[ThrottlingHttpModule::ThrottleRequest] Get un-Excpected Exception. {0}", ex2);
                }
            }
        }
        internal static bool RevertExpiredThrottlingPolicyIfNeeded(IPowerShellBudget budget)
        {
            if (budget == null)
            {
                return(false);
            }
            bool result;

            using (new MonitoredScope("PowerShellThrottlingPolicyUpdater", "RevertExpiredThrottlingPolicyIfNeeded", AuthZLogHelper.AuthZPerfMonitors))
            {
                ThrottlingPolicy throttlingPolicy = null;
                try
                {
                    throttlingPolicy = ((EffectiveThrottlingPolicy)budget.ThrottlingPolicy).ThrottlingPolicy;
                    Match    match = Regex.Match(throttlingPolicy.Name, "^\\[(?<expiredtime>[0-9]{4}(-[0-9]{2}){2}T([0-9]{2}:){2}[0-9]{2})\\](?<orginalname>.+)", RegexOptions.Compiled);
                    DateTime t;
                    if (!match.Success)
                    {
                        result = false;
                    }
                    else if (!DateTime.TryParse(match.Groups["expiredtime"].Value, out t))
                    {
                        AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Unrecognized time format in throttling policy '{0}'.", throttlingPolicy.Name));
                        result = false;
                    }
                    else if (t > DateTime.UtcNow)
                    {
                        AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Throttlling policy '{0}' is not expired yet.", throttlingPolicy.Name));
                        result = false;
                    }
                    else
                    {
                        IConfigurationSession configuationSession      = PowerShellThrottlingPolicyUpdater.GetConfiguationSession(throttlingPolicy.OrganizationId);
                        ThrottlingPolicy      writableThrottlingPolicy = PowerShellThrottlingPolicyUpdater.GetWritableThrottlingPolicy(configuationSession, throttlingPolicy);
                        if (writableThrottlingPolicy == null || writableThrottlingPolicy.Name != throttlingPolicy.Name)
                        {
                            AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Throttlling policy '{0}' is updated and don't need to be expired.", throttlingPolicy.Name));
                            result = false;
                        }
                        else
                        {
                            string arg;
                            if (PowerShellThrottlingPolicyUpdater.RevertBackupThrottlingSettings(writableThrottlingPolicy, out arg))
                            {
                                writableThrottlingPolicy.Name = match.Groups["orginalname"].Value;
                                configuationSession.Save(writableThrottlingPolicy);
                                AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Revert throttling policy '{0}' to name: {1} and restore backup throttling value: {2}.", throttlingPolicy.Name, writableThrottlingPolicy.Name, arg));
                            }
                            else
                            {
                                PowerShellThrottlingPolicyUpdater.ClearThrottlingPolicyAssoicate(PowerShellThrottlingPolicyUpdater.GetRecipientSession(throttlingPolicy.OrganizationId), throttlingPolicy);
                                configuationSession.Delete(writableThrottlingPolicy);
                                AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Delete throttling policy '{0}' and clear associates with it.", throttlingPolicy.Name));
                            }
                            result = true;
                        }
                    }
                }
                catch (TransientException arg2)
                {
                    AuthZLogger.SafeAppendGenericInfo("PowerShellThrottlingPolicyUpdater", string.Format("Occur transient exception on revert throttling policy '{0}': {1}", (throttlingPolicy != null) ? throttlingPolicy.Name : string.Empty, arg2));
                    result = false;
                }
                catch (Exception ex)
                {
                    AuthZLogger.SafeAppendGenericError("PowerShellThrottlingPolicyUpdater", string.Format("Error on revert throttling policy '{0}': {1}", (throttlingPolicy != null) ? throttlingPolicy.Name : string.Empty, ex), KnownException.IsUnhandledException(ex));
                    result = false;
                }
            }
            return(result);
        }