/// <summary>Runs the specified method in the specified security context on the current thread.</summary> /// <param name="securityContext">The <see cref="T:System.Security.SecurityContext" /> to set.</param> /// <param name="callback">The <see cref="T:System.Threading.ContextCallback" /> delegate that represents the method to run in the specified security context.</param> /// <param name="state">The object to pass to the callback method.</param> /// <exception cref="T:System.InvalidOperationException"> /// <paramref name="securityContext" /> is null.-or-<paramref name="securityContext" /> was not acquired through a capture operation -or-<paramref name="securityContext" /> has already been used as the argument to a <see cref="M:System.Security.SecurityContext.Run(System.Security.SecurityContext,System.Threading.ContextCallback,System.Object)" /> method call.</exception> /// <PermissionSet> /// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Infrastructure" /> /// </PermissionSet> public static void Run(SecurityContext securityContext, ContextCallback callback, object state) { if (securityContext == null) { throw new InvalidOperationException(Locale.GetText("Null SecurityContext")); } SecurityContext securityContext2 = Thread.CurrentThread.ExecutionContext.SecurityContext; IPrincipal currentPrincipal = Thread.CurrentPrincipal; try { if (securityContext2.IdentityToken != IntPtr.Zero) { Thread.CurrentPrincipal = new WindowsPrincipal(new WindowsIdentity(securityContext2.IdentityToken)); } if (securityContext.CompressedStack != null) { CompressedStack.Run(securityContext.CompressedStack, callback, state); } else { callback(state); } } finally { if (currentPrincipal != null && securityContext2.IdentityToken != IntPtr.Zero) { Thread.CurrentPrincipal = currentPrincipal; } } }
public void GetObjectData_Null() { StreamingContext sc = new StreamingContext(); CompressedStack cs = CompressedStack.Capture(); cs.GetObjectData(null, sc); }
private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptorWithResolver fsdWithResolver) { CompressedStack securityContext = fsdWithResolver.Resolver.GetSecurityContext(); securityContext.CompleteConstruction((CompressedStack)null); return(this.Update(currentTriple, securityContext.PLS)); }
[System.Security.SecurityCritical] // auto-generated static internal PermissionListSet CreateCompressedState_HG() { PermissionListSet pls = new PermissionListSet(); CompressedStack.GetHomogeneousPLS(pls); return(pls); }
private static void ReflectionTargetDemandHelper(int permission, PermissionSet targetGrant) { StackCrawlMark stackCrawlMark = StackCrawlMark.LookForMyCaller; CompressedStack compressedStack = CompressedStack.GetCompressedStack(ref stackCrawlMark); CodeAccessSecurityEngine.ReflectionTargetDemandHelper(permission, targetGrant, compressedStack); }
private static void ReflectionTargetDemandHelper(int permission, PermissionSet targetGrant) { StackCrawlMark lookForMyCaller = StackCrawlMark.LookForMyCaller; CompressedStack compressedStack = CompressedStack.GetCompressedStack(ref lookForMyCaller); ReflectionTargetDemandHelper(permission, targetGrant, compressedStack); }
internal static PermissionListSet CreateCompressedState_HG() { PermissionListSet hgPLS = new PermissionListSet(); CompressedStack.GetHomogeneousPLS(hgPLS); return(hgPLS); }
static public void Run(SecurityContext securityContext, ContextCallback callback, object state) { if (securityContext == null) { throw new InvalidOperationException(Locale.GetText( "Null SecurityContext")); } SecurityContext sc = Thread.CurrentThread.ExecutionContext.SecurityContext; IPrincipal original = Thread.CurrentPrincipal; try { if (sc.IdentityToken != IntPtr.Zero) { Thread.CurrentPrincipal = new WindowsPrincipal(new WindowsIdentity(sc.IdentityToken)); } // FIXME: is the security manager isn't active then we may not have // a compressed stack (bug #78652) if (securityContext.CompressedStack != null) { CompressedStack.Run(securityContext.CompressedStack, callback, state); } else { callback(state); } } finally { if ((original != null) && (sc.IdentityToken != IntPtr.Zero)) { Thread.CurrentPrincipal = original; } } }
// for NET_1_0 and NET_1_1 no (public) ExecutionContext exists // so we must use the System.Threading.CompressedStack class internal static void ExecuteClientMessage(GCHandle gchandle) { AsyncMethodData data = (AsyncMethodData)gchandle.Target; CompressedStack original = null; #if !MWF_ON_MSRUNTIME // Stack is non-null only if the security manager is active if (data.Stack != null) { original = Thread.CurrentThread.GetCompressedStack(); Thread.CurrentThread.SetCompressedStack(data.Stack); } #endif AsyncMethodResult result = data.Result; object ret; try { ret = data.Method.DynamicInvoke(data.Args); result.Complete(ret); } catch (Exception ex) { result.CompleteWithException(ex); return; } finally { #if !MWF_ON_MSRUNTIME if (data.Stack != null) { // whatever occurs we must revert to the original compressed // stack (null being a valid, empty, value in this case). Thread.CurrentThread.SetCompressedStack(original); } #endif gchandle.Free(); } }
private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptorWithResolver fsdWithResolver) { System.Reflection.Emit.DynamicResolver resolver = fsdWithResolver.Resolver; CompressedStack dynamicCompressedStack = resolver.GetSecurityContext(); dynamicCompressedStack.CompleteConstruction(null); return(this.Update(currentTriple, dynamicCompressedStack.PLS)); }
// copy constructor internal SecurityContext(SecurityContext sc) { _capture = true; _winid = sc._winid; if (sc._stack != null) { _stack = sc._stack.CreateCopy(); } }
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable private static void ReflectionTargetDemandHelper(int permission, PermissionSet targetGrant) { // Capture a compressed stack so that we can make both permission checks without walking the stack // multiple times. StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; CompressedStack cs = CompressedStack.GetCompressedStack(ref stackMark); ReflectionTargetDemandHelper(permission, targetGrant, cs); }
public static void Capture_GetCompressedStack_CreateCopy_Test() { CompressedStack compressedStack = CompressedStack.Capture(); Assert.NotNull(compressedStack); Assert.NotNull(compressedStack.CreateCopy()); Assert.NotNull(CompressedStack.GetCompressedStack()); Assert.NotNull(CompressedStack.GetCompressedStack().CreateCopy()); }
public void CreateCopy() { CompressedStack cs1 = CompressedStack.Capture (); CompressedStack cs2 = cs1.CreateCopy (); Assert.IsFalse (cs1.Equals (cs2), "cs1.Equals (cs2)"); Assert.IsFalse (cs2.Equals (cs1), "cs2.Equals (cs1)"); Assert.IsFalse (cs1.GetHashCode () == cs2.GetHashCode (), "GetHashCode"); Assert.IsFalse (Object.ReferenceEquals (cs1, cs2), "ReferenceEquals"); }
internal static void CheckSetHelper(CompressedStack cs, PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandleInternal rmh, RuntimeAssembly asm, SecurityAction action) { if (cs != null) { cs.CheckSetDemand(demands, rmh); return; } CodeAccessSecurityEngine.CheckSetHelper(grants, refused, demands, rmh, asm, action, true); }
internal static void CheckHelper(CompressedStack cs, PermissionSet grantedSet, PermissionSet refusedSet, CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, RuntimeAssembly asm, SecurityAction action) { if (cs != null) { cs.CheckDemand(demand, permToken, rmh); } else { CheckHelper(grantedSet, refusedSet, demand, permToken, rmh, asm, action, true); } }
public void GetCompressedStack() { CompressedStack cs1 = CompressedStack.GetCompressedStack (); Assert.IsNotNull (cs1, "GetCompressedStack"); CompressedStack cs2 = CompressedStack.Capture (); Assert.IsNotNull (cs2, "Capture"); Assert.IsFalse (cs1.Equals (cs2), "cs1.Equals (cs2)"); Assert.IsFalse (cs2.Equals (cs1), "cs2.Equals (cs1)"); Assert.IsFalse (cs1.GetHashCode () == cs2.GetHashCode (), "GetHashCode"); }
// The number of frames to skip depends on who's calling // - CodeAccessPermission.Demand (imperative) // - PermissionSet.Demand (imperative) // - SecurityManager.InternalDemand (declarative) internal void CasOnlyDemand(int skip) { Assembly current = null; AppDomain domain = null; if (_ignored == null) { // special case when directly called from CodeAccessPermission.Demand _ignored = new bool [list.Count]; } ArrayList frames = SecurityFrame.GetStack(skip); if ((frames != null) && (frames.Count > 0)) { SecurityFrame first = ((SecurityFrame)frames [0]); current = first.Assembly; domain = first.Domain; // skip ourself, Demand and other security runtime methods foreach (SecurityFrame sf in frames) { if (ProcessFrame(sf, ref current, ref domain)) { if (AllIgnored()) { return; // reached Assert } } } SecurityFrame last = ((SecurityFrame)frames [frames.Count - 1]); CheckAssembly(current, last); CheckAppDomain(domain, last); } // Is there a CompressedStack to handle ? CompressedStack stack = Thread.CurrentThread.GetCompressedStack(); if ((stack != null) && !stack.IsEmpty()) { foreach (SecurityFrame frame in stack.List) { if (ProcessFrame(frame, ref current, ref domain)) { if (AllIgnored()) { return; // reached Assert } } } } }
/// <summary>Captures the security context for the current thread.</summary> /// <returns>A <see cref="T:System.Security.SecurityContext" /> object representing the security context for the current thread.</returns> public static SecurityContext Capture() { SecurityContext securityContext = Thread.CurrentThread.ExecutionContext.SecurityContext; if (securityContext.FlowSuppressed) { return(null); } return(new SecurityContext { _capture = true, _winid = WindowsIdentity.GetCurrentToken(), _stack = CompressedStack.Capture() }); }
// public(internal) interface begins... // Creation functions static internal PermissionListSet CreateCompressedState(CompressedStack cs, CompressedStack innerCS) { // function that completes the construction of the compressed stack if not done so already (bottom half for demand evaluation) bool bHaltConstruction = false; if (cs.CompressedStackHandle == null) { return(null); // FT case or Security off } PermissionListSet pls = new PermissionListSet(); PermissionSetTriple currentTriple = new PermissionSetTriple(); int numDomains = CompressedStack.GetDCSCount(cs.CompressedStackHandle); for (int i = numDomains - 1; (i >= 0 && !bHaltConstruction); i--) { DomainCompressedStack dcs = CompressedStack.GetDomainCompressedStack(cs.CompressedStackHandle, i); if (dcs == null) { continue; // we hit a FT Domain } if (dcs.PLS == null) { // We failed on some DCS throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"))); } pls.UpdateZoneAndOrigin(dcs.PLS); pls.Update(currentTriple, dcs.PLS); bHaltConstruction = dcs.ConstructionHalted; } if (!bHaltConstruction) { PermissionListSet tmp_pls = null; // Construction did not halt. if (innerCS != null) { innerCS.CompleteConstruction(null); tmp_pls = innerCS.PLS; } pls.Terminate(currentTriple, tmp_pls); } else { pls.Terminate(currentTriple); } return(pls); }
// static methods static public SecurityContext Capture() { SecurityContext sc = Thread.CurrentThread.ExecutionContext.SecurityContext; if (sc.FlowSuppressed) { return(null); } SecurityContext capture = new SecurityContext(); capture._capture = true; capture._winid = WindowsIdentity.GetCurrentToken(); capture._stack = CompressedStack.Capture(); return(capture); }
public static void SerializationTest() { CompressedStack compressedStack = CompressedStack.Capture(); Assert.Throws <ArgumentNullException>(() => compressedStack.GetObjectData(null, new StreamingContext())); var binaryFormatter = new BinaryFormatter(); var memoryStream = new MemoryStream(); binaryFormatter.Serialize(memoryStream, compressedStack); memoryStream.Close(); byte[] binaryData = memoryStream.ToArray(); memoryStream = new MemoryStream(binaryData); compressedStack = (CompressedStack)binaryFormatter.Deserialize(memoryStream); memoryStream.Close(); }
[System.Security.SecurityCritical] // auto-generated internal static void CheckSetHelper(CompressedStack cs, PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandleInternal rmh, RuntimeAssembly asm, SecurityAction action) { if (cs != null) { cs.CheckSetDemand(demands, rmh); } else { CheckSetHelper(grants, refused, demands, rmh, (Object)asm, action, true); } }
private void Thread_Run_UnmanagedCode() { bool result = false; Assert.IsFalse(success, "pre-check"); try { CompressedStack cs = GetCompressedStackUnmanaged(); // run with the captured security stack (i.e. deny unmanaged) CompressedStack.Run(cs, new ContextCallback(Callback), true); } catch (SecurityException) { result = true; } finally { Assert.IsFalse(success, "post-check"); Assert.IsTrue(result, "Result"); } }
internal static PermissionListSet CreateCompressedState(CompressedStack cs, CompressedStack innerCS) { bool flag = false; if (cs.CompressedStackHandle == null) { return(null); } PermissionListSet permissionListSet = new PermissionListSet(); PermissionSetTriple currentTriple = new PermissionSetTriple(); int dcscount = CompressedStack.GetDCSCount(cs.CompressedStackHandle); int num = dcscount - 1; while (num >= 0 && !flag) { DomainCompressedStack domainCompressedStack = CompressedStack.GetDomainCompressedStack(cs.CompressedStackHandle, num); if (domainCompressedStack != null) { if (domainCompressedStack.PLS == null) { throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), Array.Empty <object>())); } permissionListSet.UpdateZoneAndOrigin(domainCompressedStack.PLS); permissionListSet.Update(currentTriple, domainCompressedStack.PLS); flag = domainCompressedStack.ConstructionHalted; } num--; } if (!flag) { PermissionListSet pls = null; if (innerCS != null) { innerCS.CompleteConstruction(null); pls = innerCS.PLS; } permissionListSet.Terminate(currentTriple, pls); } else { permissionListSet.Terminate(currentTriple); } return(permissionListSet); }
internal static void GetZoneAndOriginHelper(CompressedStack cs, PermissionSet grantSet, PermissionSet refusedSet, ArrayList zoneList, ArrayList originList) { if (cs != null) { cs.GetZoneAndOrigin(zoneList, originList, PermissionToken.GetToken(typeof(ZoneIdentityPermission)), PermissionToken.GetToken(typeof(UrlIdentityPermission))); return; } ZoneIdentityPermission zoneIdentityPermission = (ZoneIdentityPermission)grantSet.GetPermission(typeof(ZoneIdentityPermission)); UrlIdentityPermission urlIdentityPermission = (UrlIdentityPermission)grantSet.GetPermission(typeof(UrlIdentityPermission)); if (zoneIdentityPermission != null) { zoneList.Add(zoneIdentityPermission.SecurityZone); } if (urlIdentityPermission != null) { originList.Add(urlIdentityPermission.Url); } }
internal static SecurityContextSwitcher SetSecurityContext(SecurityContext sc, SecurityContext.Reader prevSecurityContext, bool modifyCurrentExecutionContext, ref StackCrawlMark stackMark) { SecurityContextDisableFlow contextDisableFlow = sc._disableFlow; sc._disableFlow = SecurityContextDisableFlow.Nothing; SecurityContextSwitcher securityContextSwitcher = new SecurityContextSwitcher(); securityContextSwitcher.currSC = sc; securityContextSwitcher.prevSC = prevSecurityContext; if (modifyCurrentExecutionContext) { ExecutionContext executionContext = Thread.CurrentThread.GetMutableExecutionContext(); securityContextSwitcher.currEC = executionContext; executionContext.SecurityContext = sc; } if (sc != null) { RuntimeHelpers.PrepareConstrainedRegions(); try { securityContextSwitcher.wic = (WindowsImpersonationContext)null; if (!SecurityContext._LegacyImpersonationPolicy) { if (sc.WindowsIdentity != null) { securityContextSwitcher.wic = sc.WindowsIdentity.Impersonate(ref stackMark); } else if ((contextDisableFlow & SecurityContextDisableFlow.WI) == SecurityContextDisableFlow.Nothing && prevSecurityContext.WindowsIdentity != null) { securityContextSwitcher.wic = WindowsIdentity.SafeRevertToSelf(ref stackMark); } } securityContextSwitcher.cssw = CompressedStack.SetCompressedStack(sc.CompressedStack, prevSecurityContext.CompressedStack); } catch { securityContextSwitcher.UndoNoThrow(); throw; } } return(securityContextSwitcher); }
private static SecurityContext CaptureCore(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark) { SecurityContext securityContext = new SecurityContext(); securityContext.isNewCapture = true; if (!SecurityContext.IsWindowsIdentityFlowSuppressed()) { WindowsIdentity currentWi = SecurityContext.GetCurrentWI(currThreadEC); if (currentWi != null) { securityContext._windowsIdentity = new WindowsIdentity(currentWi.AccessToken); } } else { securityContext._disableFlow = SecurityContextDisableFlow.WI; } securityContext.CompressedStack = CompressedStack.GetCompressedStack(ref stackMark); return(securityContext); }
public static void Run(CompressedStack compressedStack, ContextCallback callback, object state) {}
public void SetCompressedStack(CompressedStack stack) { }
private static bool CheckDynamicMethodHelper(DynamicResolver dynamicResolver, IPermission demandIn, PermissionToken permToken, RuntimeMethodHandleInternal rmh) { CompressedStack securityContext = dynamicResolver.GetSecurityContext(); try { return(securityContext.CheckDemandNoHalt((CodeAccessPermission)demandIn, permToken, rmh)); } catch (SecurityException ex) { throw new SecurityException(Environment.GetResourceString("Security_AnonymouslyHostedDynamicMethodCheckFailed"), (Exception)ex); } }
private static bool CheckDynamicMethodSetHelper(DynamicResolver dynamicResolver, PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandleInternal rmh) { CompressedStack securityContext = dynamicResolver.GetSecurityContext(); try { return(securityContext.CheckSetDemandWithModificationNoHalt(demandSet, out alteredDemandSet, rmh)); } catch (SecurityException ex) { throw new SecurityException(Environment.GetResourceString("Security_AnonymouslyHostedDynamicMethodCheckFailed"), (Exception)ex); } }