public static WindowsIdentity GetProcessIdentity()
{
SafeCloseHandle tokenHandle = null;
lock (lockObject)
{
try
{
if (!SafeNativeMethods.GetCurrentProcessToken(SafeNativeMethods.GetCurrentProcess(), TokenAccessLevels.Query, out tokenHandle))
{
int error = Marshal.GetLastWin32Error();
Utility.CloseInvalidOutSafeHandle(tokenHandle);
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, System.ServiceModel.SR.GetString("OpenProcessTokenFailed", new object[] { error })));
}
processIdentity = new WindowsIdentity(tokenHandle.DangerousGetHandle());
}
finally
{
if (tokenHandle != null)
{
tokenHandle.Dispose();
}
}
}
return(processIdentity);
}
public static FileSystemRights GetEffectivePermissions(
WindowsIdentity clientIdentity,
FileSecurity securityDescriptor)
{
bool isAccessAllowed = false;
byte[] binaryForm = securityDescriptor.GetSecurityDescriptorBinaryForm();
SafeCloseHandle newToken = null;
SafeCloseHandle token = new SafeCloseHandle(clientIdentity.Token, false);
try
{
if (IsPrimaryToken(token) &&
!DuplicateTokenEx(
token,
TokenAccessLevels.Query,
IntPtr.Zero,
SecurityImpersonationLevel.Identification,
TokenType.TokenImpersonation,
out newToken))
{
int err = Marshal.GetLastWin32Error();
CloseInvalidOutSafeHandle(newToken);
throw new Win32Exception(err, "DuplicateTokenExFailed");
}
GENERIC_MAPPING genericMapping = new GENERIC_MAPPING();
PRIVILEGE_SET structPrivilegeSet = new PRIVILEGE_SET();
uint privilegeSetLength = (uint)Marshal.SizeOf(structPrivilegeSet);
uint grantedAccess = 0;
if (!AccessCheck(
binaryForm,
newToken ?? token,
0x2000000,
genericMapping,
out structPrivilegeSet,
ref privilegeSetLength,
out grantedAccess,
out isAccessAllowed))
{
throw new Win32Exception(Marshal.GetLastWin32Error(), "AccessCheckFailed");
}
return((FileSystemRights)grantedAccess);
}
finally
{
if (newToken != null)
{
newToken.Dispose();
}
}
}
private void CheckAccess(WindowsIdentity clientIdentity, out bool IsAccessAllowed)
{
if (this.securityDescriptor == null)
{
throw Fx.AssertAndThrowFatal("Security Descriptor must not be NULL");
}
IsAccessAllowed = false;
byte[] binaryForm = new byte[this.securityDescriptor.BinaryLength];
this.securityDescriptor.GetBinaryForm(binaryForm, 0);
SafeCloseHandle newToken = null;
SafeCloseHandle token = new SafeCloseHandle(clientIdentity.Token, false);
try
{
if (System.ServiceModel.ComIntegration.SecurityUtils.IsPrimaryToken(token) && !SafeNativeMethods.DuplicateTokenEx(token, TokenAccessLevels.Query, IntPtr.Zero, SecurityImpersonationLevel.Identification, System.ServiceModel.ComIntegration.TokenType.TokenImpersonation, out newToken))
{
int error = Marshal.GetLastWin32Error();
Utility.CloseInvalidOutSafeHandle(newToken);
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, System.ServiceModel.SR.GetString("DuplicateTokenExFailed", new object[] { error })));
}
GENERIC_MAPPING genericMapping = new GENERIC_MAPPING();
PRIVILEGE_SET structure = new PRIVILEGE_SET();
uint privilegeSetLength = (uint)Marshal.SizeOf(structure);
uint grantedAccess = 0;
if (!SafeNativeMethods.AccessCheck(binaryForm, (newToken != null) ? newToken : token, 1, genericMapping, out structure, ref privilegeSetLength, out grantedAccess, out IsAccessAllowed))
{
int num4 = Marshal.GetLastWin32Error();
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(num4, System.ServiceModel.SR.GetString("AccessCheckFailed", new object[] { num4 })));
}
}
finally
{
if (newToken != null)
{
newToken.Dispose();
}
}
}
