private void ThrottleRequest(HttpContext context)
{
ExTraceGlobals.HttpModuleTracer.TraceFunction((long)this.GetHashCode(), "[ThrottlingHttpModule::ThrottleRequest] Enter");
WinRMInfo winRMInfo = context.Items["X-RemotePS-WinRMInfo"] as WinRMInfo;
if (winRMInfo == null)
{
ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[ThrottlingHttpModule::ThrottleRequest] WinRMInfo = null.");
return;
}
string action = winRMInfo.Action;
if (string.IsNullOrEmpty(action))
{
ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[ThrottlingHttpModule::ThrottleRequest] WinRMInfo.Action = null.");
return;
}
if (!action.EndsWith(":Command", StringComparison.OrdinalIgnoreCase) && !action.Equals("Command", StringComparison.OrdinalIgnoreCase))
{
ExTraceGlobals.HttpModuleTracer.TraceDebug <string>((long)this.GetHashCode(), "[ThrottlingHttpModule::ThrottleRequest] Not Command Request. WinRMInfo.Action = {0}.", action);
return;
}
IPowerShellBudget powerShellBudget = null;
OverBudgetException ex = null;
try
{
try
{
using (new MonitoredScope("ThrottlingHttpModule", "GetBudget", HttpModuleHelper.HttpPerfMonitors))
{
powerShellBudget = this.GetBudget(context);
}
if (powerShellBudget == null)
{
ExTraceGlobals.HttpModuleTracer.TraceDebug((long)this.GetHashCode(), "[ThrottlingHttpModule::ThrottleRequest] budget = null.");
return;
}
using (new MonitoredScope("ThrottlingHttpModule", "CheckBudgetAndStartCmdlet", HttpModuleHelper.HttpPerfMonitors))
{
powerShellBudget.StartCmdlet(null);
powerShellBudget.TryCheckOverBudget(CostType.CMDLET, out ex);
}
}
finally
{
if (powerShellBudget != null)
{
powerShellBudget.Dispose();
}
}
if (ex != null)
{
string windowsLiveId = context.CurrentUserToken().WindowsLiveId;
if (windowsLiveId != null)
{
FailFastUserCache.Instance.AddUserToCache(windowsLiveId, BlockedType.NewRequest, TimeSpan.Zero);
HttpLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-UserSelf", LoggerHelper.GetContributeToFailFastValue("User", windowsLiveId, BlockedType.NewRequest.ToString(), -1.0));
}
HttpModuleHelper.EndPowerShellRequestWithFriendlyError(context, FailureCategory.AuthZ, ex.GetType().Name, Strings.ErrorOperationTarpitting(ex.BackoffTime / 1000) + string.Format("{2}Policy: {0}; {2}Snapshot: {1}", ex.ThrottlingPolicyDN, ex.Snapshot, Environment.NewLine), "ThrottlingHttpModule", false);
}
}
catch (Exception ex2)
{
if (!(ex2 is ThreadAbortException))
{
HttpLogger.SafeAppendGenericError("ThrottlingHttpModule", ex2, new Func <Exception, bool>(KnownException.IsUnhandledException));
ExTraceGlobals.HttpModuleTracer.TraceError <Exception>((long)this.GetHashCode(), "[ThrottlingHttpModule::ThrottleRequest] Get un-Excpected Exception. {0}", ex2);
}
}
}
private void CheckSessionOverBudget()
{
OverBudgetException exception;
if (WSManBudgetManager.Instance.CheckOverBudget(this.currentAuthZUserToken, CostType.ActiveRunspace, out exception))
{
LocalizedString message = AuthZPluginHelper.HandleUserOverBudgetException(exception, this.currentAuthZUserToken);
throw new AuthorizationException(message);
}
if (this.currentAuthZUserToken.OrgId != null && WSManTenantBudgetManager.Instance.CheckOverBudget(this.currentAuthZUserToken, CostType.ActiveRunspace, out exception))
{
LocalizedString message2 = AuthZPluginHelper.HandleTenantOverBudgetException(exception, this.currentAuthZUserToken);
throw new AuthorizationException(message2);
}
if (AppSettings.Current.MaxPowershellAppPoolConnections > 0 && WSManBudgetManager.Instance.TotalActiveRunspaces >= AppSettings.Current.MaxPowershellAppPoolConnections)
{
string windowsLiveId = this.currentAuthZUserToken.WindowsLiveId;
if (!string.IsNullOrEmpty(windowsLiveId))
{
FailFastUserCache.Instance.AddUserToCache(windowsLiveId, BlockedType.NewSession, TimeSpan.Zero);
}
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-Machine", LoggerHelper.GetContributeToFailFastValue("AllUsers", "-1", "NewSesion", -1.0));
FailFastUserCache.Instance.AddAllUsersToCache(BlockedType.NewSession, TimeSpan.Zero);
LocalizedString localizedString = Strings.ErrorMaxConnectionLimit(AppSettings.Current.VDirName);
ExTraceGlobals.RunspaceConfigTracer.TraceError(0L, localizedString);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxPSConnectionLimit, null, new object[]
{
AppSettings.Current.VDirName,
AppSettings.Current.MaxPowershellAppPoolConnections
});
throw new AuthorizationException(localizedString);
}
}
internal void TriggerFailFast(OverBudgetException cmdletOverBudget)
{
if (this.context.UserInfo.ExecutingWindowsLiveId.IsValidAddress)
{
FailFastUserCache.Instance.AddUserToCache(this.context.UserInfo.ExecutingWindowsLiveId.ToString(), BlockedType.NewRequest, (cmdletOverBudget == null) ? TimeSpan.Zero : new TimeSpan(0, 0, 0, 0, cmdletOverBudget.BackoffTime));
CmdletLogger.SafeAppendColumn(this.context.UniqueId, RpsCmdletMetadata.ContributeToFailFast, "Cmdlet", LoggerHelper.GetContributeToFailFastValue("User", this.context.UserInfo.ExecutingUserId.ToString(), "NewRequest", (double)((cmdletOverBudget == null) ? -1 : cmdletOverBudget.BackoffTime)));
}
}
// Token: 0x060012F3 RID: 4851 RVA: 0x0003DE30 File Offset: 0x0003C030
internal static LocalizedString HandleTenantOverBudgetException(OverBudgetException exception, AuthZPluginUserToken userToken)
{
string policyPart = exception.PolicyPart;
string orgIdInString = userToken.OrgIdInString;
string userName = userToken.UserName;
string windowsLiveId = userToken.WindowsLiveId;
ExTraceGlobals.PublicPluginAPITracer.TraceError <string, string, string>(0L, "Get Tenant OverBudgetException for user {0}, Organization {1}. Message: {2}", userName, orgIdInString, exception.ToString());
AuthZLogger.SafeAppendGenericError("Tenant_OverBudgetException", exception.ToString(), false);
TimeSpan blockedTime = TimeSpan.FromMilliseconds((double)exception.BackoffTime);
if (windowsLiveId != null)
{
FailFastUserCache.Instance.AddUserToCache(windowsLiveId, BlockedType.NewSession, blockedTime);
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-UserOrg", LoggerHelper.GetContributeToFailFastValue("User", windowsLiveId, "NewSession", blockedTime.TotalMilliseconds));
}
if (!string.IsNullOrEmpty(orgIdInString))
{
FailFastUserCache.Instance.AddTenantToCache(orgIdInString, BlockedType.NewSession, blockedTime);
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-Org", LoggerHelper.GetContributeToFailFastValue("Tenant", orgIdInString, "NewSession", blockedTime.TotalMilliseconds));
foreach (string text in userToken.DomainsToBlockTogether)
{
FailFastUserCache.Instance.AddTenantToCache(text, BlockedType.NewSession, blockedTime);
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-AcceptedDomain-" + text, LoggerHelper.GetContributeToFailFastValue("Tenant", text, "NewSession", blockedTime.TotalMilliseconds));
}
}
IThrottlingPolicy throttlingPolicy = userToken.GetThrottlingPolicy();
LocalizedString value;
if (policyPart == "MaxTenantConcurrency")
{
value = Strings.ErrorMaxTenantPSConnectionLimit(orgIdInString);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxTenantPSConnectionLimit, null, new object[]
{
userName,
orgIdInString,
throttlingPolicy.PowerShellMaxTenantConcurrency
});
}
else
{
if (!(policyPart == "MaxTenantRunspaces"))
{
throw new NotSupportedException(string.Format("DEV bug. The exception policy part {0} is not expected.", policyPart));
}
value = Strings.ErrorTenantMaxRunspacesTarpitting(orgIdInString, exception.BackoffTime / 1000);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxTenantPSRunspaceInTimePeriodLimit, null, new object[]
{
userName,
orgIdInString,
throttlingPolicy.PowerShellMaxTenantRunspaces,
throttlingPolicy.PowerShellMaxRunspacesTimePeriod,
exception.BackoffTime
});
}
return(new LocalizedString(value + string.Format("{2}Policy: {0}; {2}Snapshot: {1}", exception.ThrottlingPolicyDN, exception.Snapshot, Environment.NewLine)));
}
// Token: 0x060012F2 RID: 4850 RVA: 0x0003DC08 File Offset: 0x0003BE08
internal static LocalizedString HandleUserOverBudgetException(OverBudgetException exception, AuthZPluginUserToken userToken)
{
string policyPart = exception.PolicyPart;
string userName = userToken.UserName;
string windowsLiveId = userToken.WindowsLiveId;
ExTraceGlobals.PublicPluginAPITracer.TraceError <string, string>(0L, "Get User OverBudgetException for user {0}. Message: {1}", userName, exception.ToString());
AuthZLogger.SafeAppendGenericError("User_OverBudgetException", exception.ToString(), false);
if (!string.IsNullOrEmpty(windowsLiveId))
{
BlockedType blockedType = (policyPart == "PowerShellMaxCmdlets") ? BlockedType.NewRequest : BlockedType.NewSession;
FailFastUserCache.Instance.AddUserToCache(userToken.WindowsLiveId, blockedType, TimeSpan.Zero);
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-UserSelf", LoggerHelper.GetContributeToFailFastValue("User", userToken.WindowsLiveId, blockedType.ToString(), -1.0));
}
IThrottlingPolicy throttlingPolicy = userToken.GetThrottlingPolicy();
LocalizedString value;
if (policyPart == "MaxConcurrency")
{
value = Strings.ErrorMaxRunspacesLimit(throttlingPolicy.PowerShellMaxConcurrency.ToString(), policyPart);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxUserPSConnectionLimit, null, new object[]
{
userName,
throttlingPolicy.PowerShellMaxConcurrency
});
}
else if (policyPart == "MaxRunspacesTimePeriod")
{
value = Strings.ErrorMaxRunspacesTarpitting(exception.BackoffTime / 1000);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxPSRunspaceInTimePeriodLimit, null, new object[]
{
userName,
throttlingPolicy.PowerShellMaxRunspaces,
throttlingPolicy.PowerShellMaxRunspacesTimePeriod,
exception.BackoffTime
});
}
else
{
if (!(policyPart == "PowerShellMaxCmdlets"))
{
throw new NotSupportedException(string.Format("DEV bug. The exception policy part {0} is not expected.", policyPart));
}
value = Strings.ErrorOperationTarpitting(exception.BackoffTime / 1000);
TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_ReachedMaxPowershellCmdletLimit, null, new object[]
{
userName,
throttlingPolicy.PowerShellMaxCmdlets,
throttlingPolicy.PowerShellMaxCmdletsTimePeriod,
exception.BackoffTime
});
}
return(new LocalizedString(value + string.Format("{2}Policy: {0}; {2}Snapshot: {1}", exception.ThrottlingPolicyDN, exception.Snapshot, Environment.NewLine)));
}
// Token: 0x060012F4 RID: 4852 RVA: 0x0003E08C File Offset: 0x0003C28C
internal static void TriggerFailFastForAuthZFailure(string windowsLiveId)
{
if (string.IsNullOrEmpty(windowsLiveId))
{
return;
}
FailFastUserCache.Instance.AddUserToCache(windowsLiveId, BlockedType.NewSession, TimeSpan.Zero);
AuthZLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "AuthZ-UserSelf", LoggerHelper.GetContributeToFailFastValue("User", windowsLiveId, "NewSession", -1.0));
}
private static void ApplicationPreSendRequestHeaders(object sender, EventArgs e)
{
if (!FailFastUserCache.FailFastEnabled)
{
return;
}
Logger.EnterFunction(ExTraceGlobals.FailureThrottlingTracer, "PowerShellFailureThrottlingModule.ApplicationPreSendRequestContent");
HttpApplication httpApplication = (HttpApplication)sender;
HttpContext context = httpApplication.Context;
if (context == null || context.Request == null || context.Response == null)
{
Logger.TraceDebug(ExTraceGlobals.FailureThrottlingTracer, "context == null || context.Request == null || context.Response == null", new object[0]);
Logger.ExitFunction(ExTraceGlobals.FailureThrottlingTracer, "PowerShellFailureThrottlingModule.ApplicationPreSendRequestContent");
return;
}
string text = context.Response.Headers[FailFastModule.HeaderKeyToStoreUserToken];
Logger.TraceDebug(ExTraceGlobals.FailureThrottlingTracer, "Current UserToken is {0}.", new object[]
{
text
});
context.Response.Headers.Remove(FailFastModule.HeaderKeyToStoreUserToken);
Logger.TraceDebug(ExTraceGlobals.FailureThrottlingTracer, "Remove {0} from header.", new object[]
{
FailFastModule.HeaderKeyToStoreUserToken
});
if (!PowerShellFailureThrottlingModule.failureThrottlingEnabled)
{
Logger.TraceDebug(ExTraceGlobals.FailureThrottlingTracer, "Failure throttling is disabled.", new object[0]);
Logger.ExitFunction(ExTraceGlobals.FailureThrottlingTracer, "PowerShellFailureThrottlingModule.ApplicationPreSendRequestContent");
return;
}
if (!context.Request.IsAuthenticated)
{
Logger.TraceDebug(ExTraceGlobals.FailureThrottlingTracer, "Un-authenticated request.", new object[0]);
Logger.ExitFunction(ExTraceGlobals.FailureThrottlingTracer, "PowerShellFailureThrottlingModule.ApplicationPreSendRequestContent");
return;
}
if (!string.IsNullOrEmpty(text) && FailureThrottling.CountBasedOnStatusCode(text, context.Response.StatusCode))
{
HttpLogger.SafeAppendColumn(RpsCommonMetadata.ContributeToFailFast, "FailureThrottling", LoggerHelper.GetContributeToFailFastValue("User", text, "NewRequest", -1.0));
Logger.TraceDebug(ExTraceGlobals.FailureThrottlingTracer, "Add user {0} to fail-fast user cache.", new object[]
{
text
});
FailFastUserCache.Instance.AddUserToCache(text, BlockedType.NewRequest, TimeSpan.Zero);
}
Logger.ExitFunction(ExTraceGlobals.FailureThrottlingTracer, "PowerShellFailureThrottlingModule.ApplicationPreSendRequestContent");
}
