private IIdentity GetExecutingUserIdentity() { if (this.executingUserIdentity == null) { switch (this.contextType) { case RBACContext.RBACContextType.Delegated: break; case (RBACContext.RBACContextType) 3: goto IL_69; case RBACContext.RBACContextType.Windows: using (MemoryStream memoryStream = new MemoryStream(Encoding.UTF8.GetBytes(this.serializedExecutingUser))) { this.executingUserIdentity = new SerializedIdentity(new SerializedAccessToken(memoryStream)); goto IL_69; } break; default: goto IL_69; } this.executingUserIdentity = DelegatedPrincipal.GetDelegatedIdentity(this.serializedExecutingUser); } IL_69: return(this.executingUserIdentity); }
private static IIdentity InternalGetExecutingUserIdentity(PSPrincipal psPrincipal, string connectionUrl, out UserToken userToken, out Microsoft.Exchange.Configuration.Core.AuthenticationType authenticationType, out string sessionId, out string firstRequestId) { authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Unknown; userToken = null; sessionId = null; firstRequestId = null; if (psPrincipal.Identity.AuthenticationType.StartsWith("Cafe-", StringComparison.OrdinalIgnoreCase)) { using (WinRMDataReceiver winRMDataReceiver = new WinRMDataReceiver(connectionUrl, psPrincipal.Identity.Name, psPrincipal.Identity.AuthenticationType, AuthZLogHelper.LantencyTracker)) { userToken = winRMDataReceiver.UserToken; sessionId = winRMDataReceiver.SessionId; firstRequestId = winRMDataReceiver.RequestId; string text = winRMDataReceiver.AuthenticationType.Substring("Cafe-".Length); if (text.Equals("GenericIdentity", StringComparison.OrdinalIgnoreCase)) { return(AuthZPluginHelper.ConstructGenericIdentityFromUserToken(userToken)); } if (userToken.CommonAccessToken != null) { return(new WindowsTokenIdentity(userToken.CommonAccessToken.WindowsAccessToken).ToSerializedIdentity()); } } } if (DelegatedPrincipal.DelegatedAuthenticationType.Equals(psPrincipal.Identity.AuthenticationType, StringComparison.OrdinalIgnoreCase)) { authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.RemotePowerShellDelegated; return(DelegatedPrincipal.GetDelegatedIdentity(psPrincipal.Identity.Name)); } if (psPrincipal.WindowsIdentity != null) { string authenticationType2 = psPrincipal.Identity.AuthenticationType; if (authenticationType2 != null && authenticationType2.StartsWith("Converted-", StringComparison.OrdinalIgnoreCase)) { if (authenticationType2.StartsWith("Converted-Kerberos", StringComparison.OrdinalIgnoreCase)) { authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Kerberos; } else { AuthZLogger.SafeAppendGenericError("InternalGetExecutingUserIdentity", "Unexpected AuthenticationType " + authenticationType2, true); } using (WinRMDataReceiver winRMDataReceiver2 = new WinRMDataReceiver(connectionUrl, psPrincipal.Identity.Name, psPrincipal.Identity.AuthenticationType, AuthZLogHelper.LantencyTracker)) { userToken = winRMDataReceiver2.UserToken; sessionId = winRMDataReceiver2.SessionId; firstRequestId = winRMDataReceiver2.RequestId; if (userToken.CommonAccessToken == null) { throw new AuthzException("DEV BUG, the CommonAccessToken should not be NULL when passing from Locally Kerberos logon."); } return(new WindowsTokenIdentity(userToken.CommonAccessToken.WindowsAccessToken).ToSerializedIdentity()); } } if ("CertificateLinkedUser".Equals(authenticationType2, StringComparison.OrdinalIgnoreCase)) { authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.CertificateLinkedUser; return(new GenericIdentity(psPrincipal.Identity.Name)); } try { authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Certificate; new SecurityIdentifier(psPrincipal.Identity.Name); return(new GenericIdentity(psPrincipal.Identity.Name)); } catch (ArgumentException) { authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Unknown; return(psPrincipal.WindowsIdentity); } } if ("RPS".Equals(psPrincipal.Identity.AuthenticationType, StringComparison.OrdinalIgnoreCase) || "Kerberos".Equals(psPrincipal.Identity.AuthenticationType, StringComparison.OrdinalIgnoreCase) || "Basic".Equals(psPrincipal.Identity.AuthenticationType, StringComparison.OrdinalIgnoreCase)) { authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Kerberos; SecurityIdentifier securityIdentifier = (SecurityIdentifier) new NTAccount(psPrincipal.Identity.Name).Translate(typeof(SecurityIdentifier)); return(new GenericIdentity(securityIdentifier.ToString())); } authenticationType = Microsoft.Exchange.Configuration.Core.AuthenticationType.Unknown; return(new GenericIdentity(psPrincipal.Identity.Name)); }