public static WindowsIdentity GetProcessIdentity()
        {
            SafeCloseHandle tokenHandle = null;

            lock (lockObject)
            {
                try
                {
                    if (!SafeNativeMethods.GetCurrentProcessToken(SafeNativeMethods.GetCurrentProcess(), TokenAccessLevels.Query, out tokenHandle))
                    {
                        int error = Marshal.GetLastWin32Error();
                        Utility.CloseInvalidOutSafeHandle(tokenHandle);
                        throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, System.ServiceModel.SR.GetString("OpenProcessTokenFailed", new object[] { error })));
                    }
                    processIdentity = new WindowsIdentity(tokenHandle.DangerousGetHandle());
                }
                finally
                {
                    if (tokenHandle != null)
                    {
                        tokenHandle.Dispose();
                    }
                }
            }
            return(processIdentity);
        }
        public static FileSystemRights GetEffectivePermissions(
            WindowsIdentity clientIdentity,
            FileSecurity securityDescriptor)
        {
            bool isAccessAllowed = false;

            byte[]          binaryForm = securityDescriptor.GetSecurityDescriptorBinaryForm();
            SafeCloseHandle newToken   = null;
            SafeCloseHandle token      = new SafeCloseHandle(clientIdentity.Token, false);

            try
            {
                if (IsPrimaryToken(token) &&
                    !DuplicateTokenEx(
                        token,
                        TokenAccessLevels.Query,
                        IntPtr.Zero,
                        SecurityImpersonationLevel.Identification,
                        TokenType.TokenImpersonation,
                        out newToken))
                {
                    int err = Marshal.GetLastWin32Error();
                    CloseInvalidOutSafeHandle(newToken);
                    throw new Win32Exception(err, "DuplicateTokenExFailed");
                }

                GENERIC_MAPPING genericMapping     = new GENERIC_MAPPING();
                PRIVILEGE_SET   structPrivilegeSet = new PRIVILEGE_SET();
                uint            privilegeSetLength = (uint)Marshal.SizeOf(structPrivilegeSet);
                uint            grantedAccess      = 0;
                if (!AccessCheck(
                        binaryForm,
                        newToken ?? token,
                        0x2000000,
                        genericMapping,
                        out structPrivilegeSet,
                        ref privilegeSetLength,
                        out grantedAccess,
                        out isAccessAllowed))
                {
                    throw new Win32Exception(Marshal.GetLastWin32Error(), "AccessCheckFailed");
                }

                return((FileSystemRights)grantedAccess);
            }
            finally
            {
                if (newToken != null)
                {
                    newToken.Dispose();
                }
            }
        }
Example #3
0
        private void CheckAccess(WindowsIdentity clientIdentity, out bool IsAccessAllowed)
        {
            if (this.securityDescriptor == null)
            {
                throw Fx.AssertAndThrowFatal("Security Descriptor must not be NULL");
            }
            IsAccessAllowed = false;
            byte[] binaryForm = new byte[this.securityDescriptor.BinaryLength];
            this.securityDescriptor.GetBinaryForm(binaryForm, 0);
            SafeCloseHandle newToken = null;
            SafeCloseHandle token    = new SafeCloseHandle(clientIdentity.Token, false);

            try
            {
                if (System.ServiceModel.ComIntegration.SecurityUtils.IsPrimaryToken(token) && !SafeNativeMethods.DuplicateTokenEx(token, TokenAccessLevels.Query, IntPtr.Zero, SecurityImpersonationLevel.Identification, System.ServiceModel.ComIntegration.TokenType.TokenImpersonation, out newToken))
                {
                    int error = Marshal.GetLastWin32Error();
                    Utility.CloseInvalidOutSafeHandle(newToken);
                    throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, System.ServiceModel.SR.GetString("DuplicateTokenExFailed", new object[] { error })));
                }
                GENERIC_MAPPING genericMapping     = new GENERIC_MAPPING();
                PRIVILEGE_SET   structure          = new PRIVILEGE_SET();
                uint            privilegeSetLength = (uint)Marshal.SizeOf(structure);
                uint            grantedAccess      = 0;
                if (!SafeNativeMethods.AccessCheck(binaryForm, (newToken != null) ? newToken : token, 1, genericMapping, out structure, ref privilegeSetLength, out grantedAccess, out IsAccessAllowed))
                {
                    int num4 = Marshal.GetLastWin32Error();
                    throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(num4, System.ServiceModel.SR.GetString("AccessCheckFailed", new object[] { num4 })));
                }
            }
            finally
            {
                if (newToken != null)
                {
                    newToken.Dispose();
                }
            }
        }