internal static void RestoreCurrentWI(ExecutionContext.Reader currentEC, ExecutionContext.Reader prevEC, WindowsIdentity targetWI, bool cachedAlwaysFlowImpersonationPolicy)
{
if (cachedAlwaysFlowImpersonationPolicy || prevEC.SecurityContext.WindowsIdentity != targetWI)
{
SecurityContext.RestoreCurrentWIInternal(targetWI);
}
}
[System.Security.SecurityCritical] // auto-generated
static private SecurityContext CaptureCore(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark)
{
SecurityContext sc = new SecurityContext();
sc.isNewCapture = true;
#if !FEATURE_PAL && FEATURE_IMPERSONATION
// Force create WindowsIdentity
if (!IsWindowsIdentityFlowSuppressed())
{
WindowsIdentity currentIdentity = GetCurrentWI(currThreadEC);
if (currentIdentity != null)
{
sc._windowsIdentity = new WindowsIdentity(currentIdentity.AccessToken);
}
}
else
{
sc._disableFlow = SecurityContextDisableFlow.WI;
}
#endif // !FEATURE_PAL && FEATURE_IMPERSONATION
// Force create CompressedStack
sc.CompressedStack = CompressedStack.GetCompressedStack(ref stackMark);
return(sc);
}
public static void Run(SecurityContext securityContext, ContextCallback callback, object state)
{
if (securityContext == null)
{
throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_NullContext"));
}
StackCrawlMark stackCrawlMark = StackCrawlMark.LookForMe;
if (!securityContext.isNewCapture)
{
throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_NotNewCaptureContext"));
}
securityContext.isNewCapture = false;
ExecutionContext.Reader executionContextReader = Thread.CurrentThread.GetExecutionContextReader();
if (SecurityContext.CurrentlyInDefaultFTSecurityContext(executionContextReader) && securityContext.IsDefaultFTSecurityContext())
{
callback(state);
if (SecurityContext.GetCurrentWI(Thread.CurrentThread.GetExecutionContextReader()) != null)
{
WindowsIdentity.SafeRevertToSelf(ref stackCrawlMark);
return;
}
}
else
{
SecurityContext.RunInternal(securityContext, callback, state);
}
}
internal static WindowsIdentity GetCurrentWI(ExecutionContext.Reader threadEC, bool cachedAlwaysFlowImpersonationPolicy)
{
if (cachedAlwaysFlowImpersonationPolicy)
{
return(WindowsIdentity.GetCurrentInternal(TokenAccessLevels.MaximumAllowed, true));
}
return(threadEC.SecurityContext.WindowsIdentity);
}
internal static bool CurrentlyInDefaultFTSecurityContext(ExecutionContext.Reader threadEC)
{
if (SecurityContext.IsDefaultThreadSecurityInfo())
{
return(SecurityContext.GetCurrentWI(threadEC) == null);
}
return(false);
}
[System.Security.SecurityCritical] // auto-generated
static private SecurityContext CaptureCore(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark)
{
SecurityContext sc = new SecurityContext();
sc.isNewCapture = true;
// Force create CompressedStack
sc.CompressedStack = CompressedStack.GetCompressedStack(ref stackMark);
return(sc);
}
static internal WindowsIdentity GetCurrentWI(ExecutionContext.Reader threadEC, bool cachedAlwaysFlowImpersonationPolicy)
{
Contract.Assert(cachedAlwaysFlowImpersonationPolicy == _alwaysFlowImpersonationPolicy);
if (cachedAlwaysFlowImpersonationPolicy)
{
// Examine the threadtoken at the cost of a kernel call if the user has set the IMP_ALWAYSFLOW mode
return(WindowsIdentity.GetCurrentInternal(TokenAccessLevels.MaximumAllowed, true));
}
return(threadEC.SecurityContext.WindowsIdentity);
}
internal static SecurityContext Capture(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark)
{
if (currThreadEC.SecurityContext.IsFlowSuppressed(SecurityContextDisableFlow.All))
{
return(null);
}
if (SecurityContext.CurrentlyInDefaultFTSecurityContext(currThreadEC))
{
return(null);
}
return(SecurityContext.CaptureCore(currThreadEC, ref stackMark));
}
static internal void RestoreCurrentWI(ExecutionContext.Reader currentEC, ExecutionContext.Reader prevEC, WindowsIdentity targetWI, bool cachedAlwaysFlowImpersonationPolicy)
{
Contract.Assert(currentEC.IsSame(Thread.CurrentThread.GetExecutionContextReader()));
Contract.Assert(cachedAlwaysFlowImpersonationPolicy == _alwaysFlowImpersonationPolicy);
// NOTE: cachedAlwaysFlowImpersonationPolicy is a perf optimization to avoid always having to access a static variable here.
if (cachedAlwaysFlowImpersonationPolicy || prevEC.SecurityContext.WindowsIdentity != targetWI)
{
//
// Either we're always flowing, or the target WI was obtained from the current EC in the first place.
//
Contract.Assert(_alwaysFlowImpersonationPolicy || currentEC.SecurityContext.WindowsIdentity == targetWI);
RestoreCurrentWIInternal(targetWI);
}
}
static internal SecurityContext Capture(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark)
{
// check to see if Flow is suppressed
if (currThreadEC.SecurityContext.IsFlowSuppressed(SecurityContextDisableFlow.All))
{
return(null);
}
// If we're in FT right now, return null
if (CurrentlyInDefaultFTSecurityContext(currThreadEC))
{
return(null);
}
return(CaptureCore(currThreadEC, ref stackMark));
}
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
public static void Run(SecurityContext securityContext, ContextCallback callback, Object state)
{
if (securityContext == null)
{
throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_NullContext"));
}
Contract.EndContractBlock();
StackCrawlMark stackMark = StackCrawlMark.LookForMe;
if (!securityContext.isNewCapture)
{
throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_NotNewCaptureContext"));
}
securityContext.isNewCapture = false;
#if !MOBILE
ExecutionContext.Reader ec = Thread.CurrentThread.GetExecutionContextReader();
// Optimization: do the callback directly if both the current and target contexts are equal to the
// default full-trust security context
if (SecurityContext.CurrentlyInDefaultFTSecurityContext(ec) &&
securityContext.IsDefaultFTSecurityContext())
{
callback(state);
if (GetCurrentWI(Thread.CurrentThread.GetExecutionContextReader()) != null)
{
// If we enter here it means the callback did an impersonation
// that we need to revert.
// We don't need to revert any other security state since it is stack-based
// and automatically goes away when the callback returns.
WindowsIdentity.SafeRevertToSelf(ref stackMark);
// Ensure we have reverted to the state we entered in.
Contract.Assert(GetCurrentWI(Thread.CurrentThread.GetExecutionContextReader()) == null);
}
}
else
#endif
{
RunInternal(securityContext, callback, state);
}
}
private static SecurityContext CaptureCore(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark)
{
SecurityContext securityContext = new SecurityContext();
securityContext.isNewCapture = true;
if (!SecurityContext.IsWindowsIdentityFlowSuppressed())
{
WindowsIdentity currentWI = SecurityContext.GetCurrentWI(currThreadEC);
if (currentWI != null)
{
securityContext._windowsIdentity = new WindowsIdentity(currentWI.AccessToken);
}
}
else
{
securityContext._disableFlow = SecurityContextDisableFlow.WI;
}
securityContext.CompressedStack = CompressedStack.GetCompressedStack(ref stackMark);
return(securityContext);
}
static internal bool CurrentlyInDefaultFTSecurityContext(ExecutionContext.Reader threadEC)
{
return(IsDefaultThreadSecurityInfo() && GetCurrentWI(threadEC) == null);
}
static internal WindowsIdentity GetCurrentWI(ExecutionContext.Reader threadEC)
{
return(GetCurrentWI(threadEC, _alwaysFlowImpersonationPolicy));
}
internal void SetExecutionContext(ExecutionContext.Reader value, bool belongsToCurrentScope);
