Esempio n. 1
0
        public override bool Equals(object obj)
        {
            User user = obj as User;

            if (user != null)
            {
                return(this.Equals(user));
            }
            WindowsIdentity wid = obj as WindowsIdentity;

            if (wid != null && sid != null)
            {
                return(sid.Equals(wid.User));
            }
            try
            {
                string un = obj as string;
                if (un != null)
                {
                    return(this.Equals(new User(un)));
                }
            }
            catch { }
            return(base.Equals(obj));
        }
Esempio n. 2
0
        public void EqualsNull()
        {
            SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);

            Assert.IsFalse(sid.Equals((object)null));
            Assert.IsFalse(sid.Equals((SecurityIdentifier)null));
        }
 private static bool ExchangeSharePointUserMatch(ADUser exUser, User spUser)
 {
     if (spUser.UserId != null && spUser.UserId.NameId != null)
     {
         string nameId = spUser.UserId.NameId;
         if (!VariantConfiguration.InvariantNoFlightingSnapshot.Global.MultiTenancy.Enabled)
         {
             try
             {
                 SecurityIdentifier securityIdentifier = new SecurityIdentifier(nameId);
                 return(securityIdentifier.Equals(exUser.Sid) || securityIdentifier.Equals(exUser.MasterAccountSid));
             }
             catch (ArgumentException)
             {
             }
             return(false);
         }
         NetID other;
         if (NetID.TryParse(nameId, out other))
         {
             return(exUser.NetID.Equals(other));
         }
     }
     return(false);
 }
        public static bool IsWellKnownIdentity(String accountName)
        {
            NTAccount          ntaccount = new NTAccount(accountName);
            SecurityIdentifier sid       = (SecurityIdentifier)ntaccount.Translate(typeof(SecurityIdentifier));

            SecurityIdentifier networkServiceSid = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null);
            SecurityIdentifier localServiceSid   = new SecurityIdentifier(WellKnownSidType.LocalServiceSid, null);
            SecurityIdentifier localSystemSid    = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);

            return(sid.Equals(networkServiceSid) ||
                   sid.Equals(localServiceSid) ||
                   sid.Equals(localSystemSid));
        }
Esempio n. 5
0
		/// <summary>Determines whether the specified <see cref="System.Object"/>, is equal to this instance.</summary>
		/// <param name="obj">The <see cref="System.Object"/> to compare with this instance.</param>
		/// <returns><c>true</c> if the specified <see cref="System.Object"/> is equal to this instance; otherwise, <c>false</c>.</returns>
		public override bool Equals(object obj)
		{
			if (obj is User user)
				return Equals(user);
			if (obj is WindowsIdentity wid && sid != null)
				return sid.Equals(wid.User);
			try
			{
				if (obj is string un)
					return Equals(new User(un));
			}
			catch { }
			return base.Equals(obj);
		}
        private RawSecurityDescriptor ApplyAcesToTargetSecurityDescriptor(RawSecurityDescriptor targetSd, List <GenericAce> sourceAces)
        {
            List <GenericAce> list = new List <GenericAce>();

            foreach (GenericAce genericAce in targetSd.DiscretionaryAcl)
            {
                SecurityIdentifier sidFromAce = TenantRelocationSecurityDescriptorHandler.GetSidFromAce(genericAce);
                if (!(sidFromAce == null))
                {
                    SecurityIdentifier accountDomainSid = sidFromAce.AccountDomainSid;
                    if (sidFromAce.IsAccountSid() && !accountDomainSid.Equals(this.targetDomainSid))
                    {
                        ExTraceGlobals.TenantRelocationTracer.TraceDebug <string>((long)this.GetHashCode(), "ApplyAcesToTargetSecurityDescriptor: customized SID found {0} on target object, removed.", sidFromAce.ToString());
                    }
                    else
                    {
                        list.Add(genericAce);
                    }
                }
            }
            RawAcl rawAcl = new RawAcl(targetSd.DiscretionaryAcl.Revision, list.Count + sourceAces.Count);
            int    num    = 0;

            foreach (GenericAce ace in list)
            {
                rawAcl.InsertAce(num++, ace);
            }
            foreach (GenericAce ace2 in sourceAces)
            {
                rawAcl.InsertAce(num++, ace2);
            }
            targetSd.DiscretionaryAcl = rawAcl;
            return(targetSd);
        }
Esempio n. 7
0
 /// <summary>Determines whether the specified <see cref="System.Object"/>, is equal to this instance.</summary>
 /// <param name="obj">The <see cref="System.Object"/> to compare with this instance.</param>
 /// <returns><c>true</c> if the specified <see cref="System.Object"/> is equal to this instance; otherwise, <c>false</c>.</returns>
 public override bool Equals(object obj)
 {
     if (obj is User user)
     {
         return(Equals(user));
     }
     if (obj is WindowsIdentity wid && sid != null)
     {
         return(sid.Equals(wid.User));
     }
     try
     {
         if (obj is string un)
         {
             return(Equals(new User(un)));
         }
     }
     catch { }
     return(base.Equals(obj));
 }
 private Claim CheckSidEquivalence(SecurityIdentifier identitySid, ClaimSet claimSet)
 {
     foreach (Claim claim in claimSet)
     {
         SecurityIdentifier securityIdentifier = this.GetSecurityIdentifier(claim);
         if ((securityIdentifier != null) && identitySid.Equals(securityIdentifier))
         {
             return(claim);
         }
     }
     return(null);
 }
Esempio n. 9
0
        void RemoveCertificatePrivateKeyAccess(X509Certificate2 cert)
        {
            if (cert != null && cert.HasPrivateKey)
            {
                try
                {
                    AsymmetricAlgorithm key = cert.PrivateKey;

                    // Only RSA provider is supported here
                    if (key is RSACryptoServiceProvider)
                    {
                        RSACryptoServiceProvider prov   = key as RSACryptoServiceProvider;
                        CspKeyContainerInfo      info   = prov.CspKeyContainerInfo;
                        CryptoKeySecurity        keySec = info.CryptoKeySecurity;

                        SecurityIdentifier          ns    = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null);
                        AuthorizationRuleCollection rules = keySec.GetAccessRules(true, false, typeof(SecurityIdentifier));
                        foreach (AuthorizationRule rule in rules)
                        {
                            CryptoKeyAccessRule keyAccessRule = (CryptoKeyAccessRule)rule;

                            if (keyAccessRule.AccessControlType == AccessControlType.Allow &&
                                (int)(keyAccessRule.CryptoKeyRights & CryptoKeyRights.GenericRead) != 0)
                            {
                                SecurityIdentifier sid = keyAccessRule.IdentityReference as SecurityIdentifier;
                                if (ns.Equals(sid))
                                {
                                    CryptoKeyAccessRule nsReadRule = new CryptoKeyAccessRule(ns,
                                                                                             CryptoKeyRights.GenericRead,
                                                                                             AccessControlType.Allow);
                                    keySec.RemoveAccessRule(nsReadRule);

                                    CommitCryptoKeySecurity(info, keySec);
                                    break;
                                }
                            }
                        }
                    }
                }
#pragma warning suppress 56500
                catch (Exception e)
                {
                    // CommitCryptoKeySecurity can actually throw any exception,
                    // so the safest way here is to catch a generic exception while throw on critical ones
                    if (Utilities.IsCriticalException(e))
                    {
                        throw;
                    }
                    throw new WsatAdminException(WsatAdminErrorCode.CANNOT_UPDATE_PRIVATE_KEY_PERM,
                                                 SR.GetString(SR.ErrorUpdateCertPrivateKeyPerm), e);
                }
            }
        }
Esempio n. 10
0
        public bool Equals(SidName other)
        {
            if (other is null)
            {
                return(false);
            }

            if (ReferenceEquals(this, other))
            {
                return(true);
            }

            return(value.Equals(other.value));
        }
Esempio n. 11
0
 Claim CheckSidEquivalence(SecurityIdentifier identitySid, ClaimSet claimSet)
 {
     foreach (Claim claim in claimSet)
     {
         SecurityIdentifier sid = GetSecurityIdentifier(claim);
         if (sid != null)
         {
             if (identitySid.Equals(sid))
             {
                 return(claim);
             }
         }
     }
     return(null);
 }
Esempio n. 12
0
        public UserInfo()
        {
            var wi = WindowsIdentity.GetCurrent();

            Sid = wi.User;

            if (wi.IsSystem)
            {
                IsSystemAccount = true;
            }
            else
            {
                var serviceSid = new SecurityIdentifier(WellKnownSidType.LocalServiceSid, null);
                IsServiceAccount = serviceSid.Equals(Sid);
            }
            Name = ((NTAccount)Sid.Translate(typeof(NTAccount))).Value;
        }
Esempio n. 13
0
        internal static bool DirectoryHasRights(string folderPath, FileSystemRights rights)
        {
            var currentUserIdentity           = WindowsIdentity.GetCurrent();
            SecurityIdentifier currentUserSID = currentUserIdentity.User;
            bool allow            = false;
            bool deny             = false;
            DirectorySecurity acl = Directory.GetAccessControl(folderPath);

            if (acl == null)
            {
                return(false);
            }

            AuthorizationRuleCollection accessRules = acl.GetAccessRules(true, true, typeof(SecurityIdentifier));

            if (accessRules == null)
            {
                return(false);
            }

            foreach (FileSystemAccessRule accessRule in accessRules)
            {
                if (currentUserSID.Equals(accessRule.IdentityReference))
                {
                    if ((rights & accessRule.FileSystemRights) != rights)
                    {
                        continue;
                    }

                    if (accessRule.AccessControlType == AccessControlType.Allow)
                    {
                        allow = true;
                    }
                    else if (accessRule.AccessControlType == AccessControlType.Deny)
                    {
                        deny = true;
                    }
                }
            }

            return(allow && !deny);
        }
Esempio n. 14
0
 /// <summary>
 /// Indicates whether the current object is equal to another object of the same type.
 /// </summary>
 /// <returns>
 /// true if the current object is equal to the <paramref name="other"/> parameter; otherwise, false.
 /// </returns>
 /// <param name="other">An object to compare with this object.</param>
 public bool Equals(SubscriptionDataConfig other)
 {
     if (ReferenceEquals(null, other))
     {
         return(false);
     }
     if (ReferenceEquals(this, other))
     {
         return(true);
     }
     return(_sid.Equals(other._sid) && Type == other.Type &&
            TickType == other.TickType &&
            Resolution == other.Resolution &&
            FillDataForward == other.FillDataForward &&
            ExtendedMarketHours == other.ExtendedMarketHours &&
            IsInternalFeed == other.IsInternalFeed &&
            IsCustomData == other.IsCustomData &&
            DataTimeZone.Equals(other.DataTimeZone) &&
            ExchangeTimeZone.Equals(other.ExchangeTimeZone) &&
            IsFilteredSubscription == other.IsFilteredSubscription);
 }
Esempio n. 15
0
        private static bool CallerHasFullPermission(ClientSecurityContext clientSecurityContext, FreeBusyQuery freeBusyQuery)
        {
            SecurityIdentifier sid = freeBusyQuery.RecipientData.Sid;
            SecurityIdentifier masterAccountSid = freeBusyQuery.RecipientData.MasterAccountSid;
            bool flag = (sid != null && sid.Equals(clientSecurityContext.UserSid)) || (masterAccountSid != null && masterAccountSid.Equals(clientSecurityContext.UserSid));

            if (flag)
            {
                FreeBusyPermission.SecurityTracer.TraceDebug(0L, "{0}: Caller {1} is owner of mailbox {2}, mailbox user SID {3}, master account SID {4}.", new object[]
                {
                    TraceContext.Get(),
                    clientSecurityContext,
                    freeBusyQuery.Email,
                    sid,
                    masterAccountSid
                });
                return(true);
            }
            RawSecurityDescriptor exchangeSecurityDescriptor = freeBusyQuery.RecipientData.ExchangeSecurityDescriptor;

            if (exchangeSecurityDescriptor != null)
            {
                if (FreeBusyPermission.SecurityTracer.IsTraceEnabled(TraceType.DebugTrace))
                {
                    string sddlForm = exchangeSecurityDescriptor.GetSddlForm(AccessControlSections.All);
                    FreeBusyPermission.SecurityTracer.TraceDebug <object, EmailAddress, string>(0L, "{0}: The SDDL form of mailbox security descriptor of mailbox {1} is: {2}.", TraceContext.Get(), freeBusyQuery.Email, sddlForm);
                }
                if (clientSecurityContext.GetGrantedAccess(exchangeSecurityDescriptor, AccessMask.CreateChild) == 1 || clientSecurityContext.GetGrantedAccess(exchangeSecurityDescriptor, AccessMask.List) == 4)
                {
                    FreeBusyPermission.SecurityTracer.TraceDebug <object, EmailAddress>(0L, "{0}: Caller does have 'owner' rights in mailbox {1}.", TraceContext.Get(), freeBusyQuery.Email);
                    return(true);
                }
            }
            else
            {
                FreeBusyPermission.SecurityTracer.TraceDebug <object, EmailAddress>(0L, "{0}: User does not have an ExchangeSecurityDescriptor.", TraceContext.Get(), freeBusyQuery.Email);
            }
            FreeBusyPermission.SecurityTracer.TraceDebug <object, EmailAddress>(0L, "{0}: Caller does NOT have 'owner' rights in mailbox {1}.", TraceContext.Get(), freeBusyQuery.Email);
            return(false);
        }
Esempio n. 16
0
        public static IEnumerable <SafeNativeHandle> EnumerateUserTokens(SecurityIdentifier sid,
                                                                         TokenAccessLevels access = TokenAccessLevels.Query)
        {
            foreach (System.Diagnostics.Process process in System.Diagnostics.Process.GetProcesses())
            {
                // We always need the Query access level so we can query the TokenUser
                using (process)
                    using (SafeNativeHandle hToken = TryOpenAccessToken(process, access | TokenAccessLevels.Query))
                    {
                        if (hToken == null)
                        {
                            continue;
                        }

                        if (!sid.Equals(GetTokenUser(hToken)))
                        {
                            continue;
                        }

                        yield return(hToken);
                    }
            }
        }
Esempio n. 17
0
        // Token: 0x060017DC RID: 6108 RVA: 0x0008CD78 File Offset: 0x0008AF78
        public void Add(EasDeviceBudget budget)
        {
            EasDeviceBudgetKey easDeviceBudgetKey = budget.Owner as EasDeviceBudgetKey;
            SecurityIdentifier sid = easDeviceBudgetKey.Sid;

            if (!sid.Equals(this.UserSid))
            {
                throw new InvalidOperationException(string.Format("[EasDeviceBudgetAllocator.Add] Attempted to add a budget for user {0} to allocator for user {1}. That is very naughty.", sid, this.UserSid));
            }
            bool flag = false;

            lock (this.instanceLock)
            {
                if (!this.activeBudgets.ContainsKey(easDeviceBudgetKey))
                {
                    this.activeBudgets[easDeviceBudgetKey] = budget;
                    flag = true;
                }
            }
            if (flag)
            {
                this.UpdateIfNecessary(true);
            }
        }
Esempio n. 18
0
        private static AnchorMailbox CreateFromLogonIdentity(IRequestContext requestContext)
        {
            HttpContext   httpContext   = requestContext.HttpContext;
            IPrincipal    user          = httpContext.User;
            IIdentity     identity      = httpContext.User.Identity;
            string        text          = httpContext.Items[Constants.WLIDMemberName] as string;
            OAuthIdentity oauthIdentity = identity as OAuthIdentity;

            if (oauthIdentity != null)
            {
                string text2 = httpContext.Request.Headers[Constants.ExternalDirectoryObjectIdHeaderName];
                if (!string.IsNullOrEmpty(text2))
                {
                    requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-ExternalDirectoryObjectId");
                    return(new ExternalDirectoryObjectIdAnchorMailbox(text2, oauthIdentity.OrganizationId, requestContext));
                }
                if (oauthIdentity.ActAsUser != null)
                {
                    requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-ActAsUser");
                    return(new OAuthActAsUserAnchorMailbox(oauthIdentity.ActAsUser, requestContext));
                }
                requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-AppOrganization");
                return(new OrganizationAnchorMailbox(oauthIdentity.OrganizationId, requestContext));
            }
            else
            {
                GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
                if (genericSidIdentity != null)
                {
                    requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "GenericSidIdentity");
                    return(new SidAnchorMailbox(genericSidIdentity.Sid, requestContext)
                    {
                        PartitionId = genericSidIdentity.PartitionId,
                        SmtpOrLiveId = text
                    });
                }
                DelegatedPrincipal delegatedPrincipal = user as DelegatedPrincipal;
                if (delegatedPrincipal != null && delegatedPrincipal.DelegatedOrganization != null && string.IsNullOrEmpty(text))
                {
                    requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "DelegatedPrincipal-DelegatedOrganization");
                    return(new DomainAnchorMailbox(delegatedPrincipal.DelegatedOrganization, requestContext));
                }
                WindowsIdentity windowsIdentity = identity as WindowsIdentity;
                if (windowsIdentity != null)
                {
                    if (string.IsNullOrEmpty(text))
                    {
                        requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "WindowsIdentity");
                    }
                    else
                    {
                        requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "WindowsIdentity-LiveIdMemberName");
                    }
                    return(new SidAnchorMailbox(windowsIdentity.User, requestContext)
                    {
                        SmtpOrLiveId = text
                    });
                }
                try
                {
                    SecurityIdentifier securityIdentifier = identity.GetSecurityIdentifier();
                    if (!securityIdentifier.Equals(AuthCommon.MemberNameNullSid))
                    {
                        if (string.IsNullOrEmpty(text))
                        {
                            requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "SID");
                        }
                        else
                        {
                            requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "SID-LiveIdMemberName");
                        }
                        return(new SidAnchorMailbox(securityIdentifier, requestContext)
                        {
                            SmtpOrLiveId = text
                        });
                    }
                }
                catch (Exception)
                {
                }
                if (requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth)
                {
                    AnchorMailbox anchorMailbox = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext);
                    if (anchorMailbox != null)
                    {
                        return(anchorMailbox);
                    }
                }
                if (!string.IsNullOrEmpty(text))
                {
                    requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "Smtp-LiveIdMemberName");
                    return(new SmtpAnchorMailbox(text, requestContext));
                }
                throw new InvalidOperationException(string.Format("Unknown idenity {0} with type {1}.", identity.GetSafeName(true), identity.ToString()));
            }
        }
Esempio n. 19
0
    public UserAccessRights(string path, string UserId)
    {
        if ((!String.IsNullOrEmpty(UserId)) && !String.IsNullOrEmpty(path))
        {
            NTAccount n = new NTAccount(UserId);
            _principalSid = (SecurityIdentifier)n.Translate(typeof(SecurityIdentifier));
            this._path    = path;
            System.IO.FileInfo          fi  = new System.IO.FileInfo(_path);
            AuthorizationRuleCollection acl = fi.GetAccessControl().GetAccessRules(true, true, typeof(SecurityIdentifier));
            for (int i = 0; i < acl.Count; i++)
            {
                System.Security.AccessControl.FileSystemAccessRule rule = (System.Security.AccessControl.FileSystemAccessRule)acl[i];
                if (_principalSid.Equals(rule.IdentityReference))
                {
                    if (System.Security.AccessControl.AccessControlType.Deny.Equals(rule.AccessControlType))
                    {
                        if (Contains(FileSystemRights.AppendData, rule))
                        {
                            _denyAppendData = true;
                        }
                        if (Contains(FileSystemRights.ChangePermissions, rule))
                        {
                            _denyChangePermissions = true;
                        }
                        if (Contains(FileSystemRights.CreateDirectories, rule))
                        {
                            _denyCreateDirectories = true;
                        }
                        if (Contains(FileSystemRights.CreateFiles, rule))
                        {
                            _denyCreateFiles = true;
                        }
                        if (Contains(FileSystemRights.Delete, rule))
                        {
                            _denyDelete = true;
                        }
                        if (Contains(FileSystemRights.DeleteSubdirectoriesAndFiles, rule))
                        {
                            _denyDeleteSubdirectoriesAndFiles = true;
                        }
                        if (Contains(FileSystemRights.ExecuteFile, rule))
                        {
                            _denyExecuteFile = true;
                        }
                        if (Contains(FileSystemRights.FullControl, rule))
                        {
                            _denyFullControl = true;
                        }
                        if (Contains(FileSystemRights.ListDirectory, rule))
                        {
                            _denyListDirectory = true;
                        }
                        if (Contains(FileSystemRights.Modify, rule))
                        {
                            _denyModify = true;
                        }
                        if (Contains(FileSystemRights.Read, rule))
                        {
                            _denyRead = true;
                        }
                        if (Contains(FileSystemRights.ReadAndExecute, rule))
                        {
                            _denyReadAndExecute = true;
                        }
                        if (Contains(FileSystemRights.ReadAttributes, rule))
                        {
                            _denyReadAttributes = true;
                        }
                        if (Contains(FileSystemRights.ReadData, rule))
                        {
                            _denyReadData = true;
                        }
                        if (Contains(FileSystemRights.ReadExtendedAttributes, rule))
                        {
                            _denyReadExtendedAttributes = true;
                        }
                        if (Contains(FileSystemRights.ReadPermissions, rule))
                        {
                            _denyReadPermissions = true;
                        }
                        if (Contains(FileSystemRights.Synchronize, rule))
                        {
                            _denySynchronize = true;
                        }
                        if (Contains(FileSystemRights.TakeOwnership, rule))
                        {
                            _denyTakeOwnership = true;
                        }
                        if (Contains(FileSystemRights.Traverse, rule))
                        {
                            _denyTraverse = true;
                        }
                        if (Contains(FileSystemRights.Write, rule))
                        {
                            _denyWrite = true;
                        }
                        if (Contains(FileSystemRights.WriteAttributes, rule))
                        {
                            _denyWriteAttributes = true;
                        }
                        if (Contains(FileSystemRights.WriteData, rule))
                        {
                            _denyWriteData = true;
                        }
                        if (Contains(FileSystemRights.WriteExtendedAttributes, rule))
                        {
                            _denyWriteExtendedAttributes = true;
                        }
                    }
                    else if (System.Security.AccessControl.AccessControlType.Allow.Equals(rule.AccessControlType))
                    {
                        if (Contains(FileSystemRights.AppendData, rule))
                        {
                            _allowAppendData = true;
                        }
                        if (Contains(FileSystemRights.ChangePermissions, rule))
                        {
                            _allowChangePermissions = true;
                        }
                        if (Contains(FileSystemRights.CreateDirectories, rule))
                        {
                            _allowCreateDirectories = true;
                        }
                        if (Contains(FileSystemRights.CreateFiles, rule))
                        {
                            _allowCreateFiles = true;
                        }
                        if (Contains(FileSystemRights.Delete, rule))
                        {
                            _allowDelete = true;
                        }
                        if (Contains(FileSystemRights.DeleteSubdirectoriesAndFiles, rule))
                        {
                            _allowDeleteSubdirectoriesAndFiles = true;
                        }
                        if (Contains(FileSystemRights.ExecuteFile, rule))
                        {
                            _allowExecuteFile = true;
                        }
                        if (Contains(FileSystemRights.FullControl, rule))
                        {
                            _allowFullControl = true;
                        }
                        if (Contains(FileSystemRights.ListDirectory, rule))
                        {
                            _allowListDirectory = true;
                        }
                        if (Contains(FileSystemRights.Modify, rule))
                        {
                            _allowModify = true;
                        }
                        if (Contains(FileSystemRights.Read, rule))
                        {
                            _allowRead = true;
                        }
                        if (Contains(FileSystemRights.ReadAndExecute, rule))
                        {
                            _allowReadAndExecute = true;
                        }
                        if (Contains(FileSystemRights.ReadAttributes, rule))
                        {
                            _allowReadAttributes = true;
                        }
                        if (Contains(FileSystemRights.ReadData, rule))
                        {
                            _allowReadData = true;
                        }
                        if (Contains(FileSystemRights.ReadExtendedAttributes, rule))
                        {
                            _allowReadExtendedAttributes = true;
                        }
                        if (Contains(FileSystemRights.ReadPermissions, rule))
                        {
                            _allowReadPermissions = true;
                        }
                        if (Contains(FileSystemRights.Synchronize, rule))
                        {
                            _allowSynchronize = true;
                        }
                        if (Contains(FileSystemRights.TakeOwnership, rule))
                        {
                            _allowTakeOwnership = true;
                        }
                        if (Contains(FileSystemRights.Traverse, rule))
                        {
                            _allowTraverse = true;
                        }
                        if (Contains(FileSystemRights.Write, rule))
                        {
                            _allowWrite = true;
                        }
                        if (Contains(FileSystemRights.WriteAttributes, rule))
                        {
                            _allowWriteAttributes = true;
                        }
                        if (Contains(FileSystemRights.WriteData, rule))
                        {
                            _allowWriteData = true;
                        }
                        if (Contains(FileSystemRights.WriteExtendedAttributes, rule))
                        {
                            _allowWriteExtendedAttributes = true;
                        }
                    }
                }
            }

            /*
             * IdentityReferenceCollection groups = _principal.Groups;
             * for (int j = 0; j < groups.Count; j++)
             * {
             *  for (int i = 0; i < acl.Count; i++)
             *  {
             *      System.Security.AccessControl.FileSystemAccessRule rule = (System.Security.AccessControl.FileSystemAccessRule)acl[i];
             *      if (groups[j].Equals(rule.IdentityReference))
             *      {
             *          if (System.Security.AccessControl.AccessControlType.Deny.Equals(rule.AccessControlType))
             *          {
             *              if (Contains(FileSystemRights.AppendData, rule)) _denyAppendData = true;
             *              if (Contains(FileSystemRights.ChangePermissions, rule)) _denyChangePermissions = true;
             *              if (Contains(FileSystemRights.CreateDirectories, rule)) _denyCreateDirectories = true;
             *              if (Contains(FileSystemRights.CreateFiles, rule)) _denyCreateFiles = true;
             *              if (Contains(FileSystemRights.Delete, rule)) _denyDelete = true;
             *              if (Contains(FileSystemRights.DeleteSubdirectoriesAndFiles, rule)) _denyDeleteSubdirectoriesAndFiles = true;
             *              if (Contains(FileSystemRights.ExecuteFile, rule)) _denyExecuteFile = true;
             *              if (Contains(FileSystemRights.FullControl, rule)) _denyFullControl = true;
             *              if (Contains(FileSystemRights.ListDirectory, rule)) _denyListDirectory = true;
             *              if (Contains(FileSystemRights.Modify, rule)) _denyModify = true;
             *              if (Contains(FileSystemRights.Read, rule)) _denyRead = true;
             *              if (Contains(FileSystemRights.ReadAndExecute, rule)) _denyReadAndExecute = true;
             *              if (Contains(FileSystemRights.ReadAttributes, rule)) _denyReadAttributes = true;
             *              if (Contains(FileSystemRights.ReadData, rule)) _denyReadData = true;
             *              if (Contains(FileSystemRights.ReadExtendedAttributes, rule)) _denyReadExtendedAttributes = true;
             *              if (Contains(FileSystemRights.ReadPermissions, rule)) _denyReadPermissions = true;
             *              if (Contains(FileSystemRights.Synchronize, rule)) _denySynchronize = true;
             *              if (Contains(FileSystemRights.TakeOwnership, rule)) _denyTakeOwnership = true;
             *              if (Contains(FileSystemRights.Traverse, rule)) _denyTraverse = true;
             *              if (Contains(FileSystemRights.Write, rule)) _denyWrite = true;
             *              if (Contains(FileSystemRights.WriteAttributes, rule)) _denyWriteAttributes = true;
             *              if (Contains(FileSystemRights.WriteData, rule)) _denyWriteData = true;
             *              if (Contains(FileSystemRights.WriteExtendedAttributes, rule)) _denyWriteExtendedAttributes = true;
             *          }
             *          else if (System.Security.AccessControl.AccessControlType.Allow.Equals(rule.AccessControlType))
             *          {
             *              if (Contains(FileSystemRights.AppendData, rule)) _allowAppendData = true;
             *              if (Contains(FileSystemRights.ChangePermissions, rule)) _allowChangePermissions = true;
             *              if (Contains(FileSystemRights.CreateDirectories, rule)) _allowCreateDirectories = true;
             *              if (Contains(FileSystemRights.CreateFiles, rule)) _allowCreateFiles = true;
             *              if (Contains(FileSystemRights.Delete, rule)) _allowDelete = true;
             *              if (Contains(FileSystemRights.DeleteSubdirectoriesAndFiles, rule)) _allowDeleteSubdirectoriesAndFiles = true;
             *              if (Contains(FileSystemRights.ExecuteFile, rule)) _allowExecuteFile = true;
             *              if (Contains(FileSystemRights.FullControl, rule)) _allowFullControl = true;
             *              if (Contains(FileSystemRights.ListDirectory, rule)) _allowListDirectory = true;
             *              if (Contains(FileSystemRights.Modify, rule)) _allowModify = true;
             *              if (Contains(FileSystemRights.Read, rule)) _allowRead = true;
             *              if (Contains(FileSystemRights.ReadAndExecute, rule)) _allowReadAndExecute = true;
             *              if (Contains(FileSystemRights.ReadAttributes, rule)) _allowReadAttributes = true;
             *              if (Contains(FileSystemRights.ReadData, rule)) _allowReadData = true;
             *              if (Contains(FileSystemRights.ReadExtendedAttributes, rule)) _allowReadExtendedAttributes = true;
             *              if (Contains(FileSystemRights.ReadPermissions, rule)) _allowReadPermissions = true;
             *              if (Contains(FileSystemRights.Synchronize, rule)) _allowSynchronize = true;
             *              if (Contains(FileSystemRights.TakeOwnership, rule)) _allowTakeOwnership = true;
             *              if (Contains(FileSystemRights.Traverse, rule)) _allowTraverse = true;
             *              if (Contains(FileSystemRights.Write, rule)) _allowWrite = true;
             *              if (Contains(FileSystemRights.WriteAttributes, rule)) _allowWriteAttributes = true;
             *              if (Contains(FileSystemRights.WriteData, rule)) _allowWriteData = true;
             *              if (Contains(FileSystemRights.WriteExtendedAttributes, rule)) _allowWriteExtendedAttributes = true;
             *          }
             *      }
             *  }
             * }
             */
        }
    }
Esempio n. 20
0
        // Token: 0x060000EB RID: 235 RVA: 0x00005DD4 File Offset: 0x00003FD4
        private static AnchorMailbox CreateFromLogonIdentity(IRequestContext requestContext)
        {
            HttpContext httpContext = requestContext.HttpContext;
            IPrincipal  user        = httpContext.User;
            IIdentity   identity    = httpContext.User.Identity;
            string      text;

            HttpContextItemParser.TryGetLiveIdMemberName(httpContext.Items, ref text);
            OAuthIdentity oauthIdentity = identity as OAuthIdentity;

            if (oauthIdentity != null)
            {
                string externalDirectoryObjectId;
                if (RequestHeaderParser.TryGetExternalDirectoryObjectId(httpContext.Request.Headers, ref externalDirectoryObjectId))
                {
                    requestContext.Logger.SafeSet(3, "OAuthIdentity-ExternalDirectoryObjectId");
                    return(new ExternalDirectoryObjectIdAnchorMailbox(externalDirectoryObjectId, oauthIdentity.OrganizationId, requestContext));
                }
                if (oauthIdentity.ActAsUser != null)
                {
                    requestContext.Logger.SafeSet(3, "OAuthIdentity-ActAsUser");
                    return(new OAuthActAsUserAnchorMailbox(oauthIdentity.ActAsUser, requestContext));
                }
                requestContext.Logger.SafeSet(3, "OAuthIdentity-AppOrganization");
                return(new OrganizationAnchorMailbox(oauthIdentity.OrganizationId, requestContext));
            }
            else
            {
                GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity;
                if (genericSidIdentity != null)
                {
                    requestContext.Logger.SafeSet(3, "GenericSidIdentity");
                    return(new SidAnchorMailbox(genericSidIdentity.Sid, requestContext)
                    {
                        PartitionId = genericSidIdentity.PartitionId,
                        SmtpOrLiveId = text
                    });
                }
                DelegatedPrincipal delegatedPrincipal = user as DelegatedPrincipal;
                if (delegatedPrincipal != null && delegatedPrincipal.DelegatedOrganization != null && string.IsNullOrEmpty(text))
                {
                    requestContext.Logger.SafeSet(3, "DelegatedPrincipal-DelegatedOrganization");
                    return(new DomainAnchorMailbox(delegatedPrincipal.DelegatedOrganization, requestContext));
                }
                WindowsIdentity windowsIdentity = identity as WindowsIdentity;
                if (windowsIdentity != null)
                {
                    if (string.IsNullOrEmpty(text))
                    {
                        requestContext.Logger.SafeSet(3, "WindowsIdentity");
                    }
                    else
                    {
                        requestContext.Logger.SafeSet(3, "WindowsIdentity-LiveIdMemberName");
                    }
                    return(new SidAnchorMailbox(windowsIdentity.User, requestContext)
                    {
                        SmtpOrLiveId = text
                    });
                }
                SecurityIdentifier securityIdentifier = null;
                if (IIdentityExtensions.TryGetSecurityIdentifier(identity, ref securityIdentifier) && !securityIdentifier.Equals(AuthCommon.MemberNameNullSid))
                {
                    if (string.IsNullOrEmpty(text))
                    {
                        requestContext.Logger.SafeSet(3, "SID");
                    }
                    else
                    {
                        requestContext.Logger.SafeSet(3, "SID-LiveIdMemberName");
                    }
                    return(new SidAnchorMailbox(securityIdentifier, requestContext)
                    {
                        SmtpOrLiveId = text
                    });
                }
                if (!HttpProxySettings.IdentityIndependentAuthBehaviorEnabled.Value && requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth)
                {
                    AnchorMailbox anchorMailbox = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext);
                    if (anchorMailbox != null)
                    {
                        return(anchorMailbox);
                    }
                }
                if (!string.IsNullOrEmpty(text) && SmtpAddress.IsValidSmtpAddress(text))
                {
                    requestContext.Logger.SafeSet(3, "Smtp-LiveIdMemberName");
                    return(new SmtpAnchorMailbox(text, requestContext));
                }
                throw new InvalidOperationException(string.Format("Unknown idenity {0} with type {1}.", IIdentityExtensions.GetSafeName(identity, true), identity.ToString()));
            }
        }
Esempio n. 21
0
        private static SafeNativeHandle GetPrimaryTokenForUser(SecurityIdentifier sid, List <string> requiredPrivileges = null)
        {
            NativeHelpers.ProcessAccessFlags accessFlags = NativeHelpers.ProcessAccessFlags.PROCESS_QUERY_INFORMATION;
            // According to CreateProcessWithTokenW we require a token with
            //  TOKEN_QUERY, TOKEN_DUPLICATE and TOKEN_ASSIGN_PRIMARY
            // Also add in TOKEN_IMPERSONATE so we can get an impersonated token
            TokenAccessLevels dwAccess = TokenAccessLevels.Query |
                                         TokenAccessLevels.Duplicate |
                                         TokenAccessLevels.AssignPrimary |
                                         TokenAccessLevels.Impersonate;

            foreach (System.Diagnostics.Process process in System.Diagnostics.Process.GetProcesses())
            {
                using (process)
                {
                    using (SafeNativeHandle hProcess = NativeMethods.OpenProcess(accessFlags, false, (UInt32)process.Id))
                    {
                        if (hProcess.IsInvalid)
                        {
                            continue;
                        }

                        SafeNativeHandle hToken;
                        NativeMethods.OpenProcessToken(hProcess, dwAccess, out hToken);
                        if (hToken.IsInvalid)
                        {
                            continue;
                        }

                        using (hToken)
                        {
                            if (!sid.Equals(GetTokenUserSID(hToken)))
                            {
                                continue;
                            }

                            // Filter out any Network logon tokens, using become with that is useless when S4U
                            // can give us a Batch logon
                            NativeHelpers.SECURITY_LOGON_TYPE tokenLogonType = GetTokenLogonType(hToken);
                            if (tokenLogonType == NativeHelpers.SECURITY_LOGON_TYPE.Network)
                            {
                                continue;
                            }

                            // Check that the required privileges are on the token
                            if (requiredPrivileges != null)
                            {
                                List <string> actualPrivileges = GetTokenPrivileges(hToken);
                                int           missing          = requiredPrivileges.Where(x => !actualPrivileges.Contains(x)).Count();
                                if (missing > 0)
                                {
                                    continue;
                                }
                            }

                            SafeNativeHandle dupToken;
                            if (!NativeMethods.DuplicateTokenEx(hToken, TokenAccessLevels.MaximumAllowed,
                                                                IntPtr.Zero, NativeHelpers.SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation,
                                                                NativeHelpers.TOKEN_TYPE.TokenPrimary, out dupToken))
                            {
                                continue;
                            }

                            return(dupToken);
                        }
                    }
                }
            }

            return(null);
        }