internal static void RestoreCurrentWI(ExecutionContext.Reader currentEC, ExecutionContext.Reader prevEC, WindowsIdentity targetWI, bool cachedAlwaysFlowImpersonationPolicy) { if (cachedAlwaysFlowImpersonationPolicy || prevEC.SecurityContext.WindowsIdentity != targetWI) { SecurityContext.RestoreCurrentWIInternal(targetWI); } }
[System.Security.SecurityCritical] // auto-generated static private SecurityContext CaptureCore(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark) { SecurityContext sc = new SecurityContext(); sc.isNewCapture = true; #if !FEATURE_PAL && FEATURE_IMPERSONATION // Force create WindowsIdentity if (!IsWindowsIdentityFlowSuppressed()) { WindowsIdentity currentIdentity = GetCurrentWI(currThreadEC); if (currentIdentity != null) { sc._windowsIdentity = new WindowsIdentity(currentIdentity.AccessToken); } } else { sc._disableFlow = SecurityContextDisableFlow.WI; } #endif // !FEATURE_PAL && FEATURE_IMPERSONATION // Force create CompressedStack sc.CompressedStack = CompressedStack.GetCompressedStack(ref stackMark); return(sc); }
public static void Run(SecurityContext securityContext, ContextCallback callback, object state) { if (securityContext == null) { throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_NullContext")); } StackCrawlMark stackCrawlMark = StackCrawlMark.LookForMe; if (!securityContext.isNewCapture) { throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_NotNewCaptureContext")); } securityContext.isNewCapture = false; ExecutionContext.Reader executionContextReader = Thread.CurrentThread.GetExecutionContextReader(); if (SecurityContext.CurrentlyInDefaultFTSecurityContext(executionContextReader) && securityContext.IsDefaultFTSecurityContext()) { callback(state); if (SecurityContext.GetCurrentWI(Thread.CurrentThread.GetExecutionContextReader()) != null) { WindowsIdentity.SafeRevertToSelf(ref stackCrawlMark); return; } } else { SecurityContext.RunInternal(securityContext, callback, state); } }
internal static WindowsIdentity GetCurrentWI(ExecutionContext.Reader threadEC, bool cachedAlwaysFlowImpersonationPolicy) { if (cachedAlwaysFlowImpersonationPolicy) { return(WindowsIdentity.GetCurrentInternal(TokenAccessLevels.MaximumAllowed, true)); } return(threadEC.SecurityContext.WindowsIdentity); }
internal static bool CurrentlyInDefaultFTSecurityContext(ExecutionContext.Reader threadEC) { if (SecurityContext.IsDefaultThreadSecurityInfo()) { return(SecurityContext.GetCurrentWI(threadEC) == null); } return(false); }
[System.Security.SecurityCritical] // auto-generated static private SecurityContext CaptureCore(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark) { SecurityContext sc = new SecurityContext(); sc.isNewCapture = true; // Force create CompressedStack sc.CompressedStack = CompressedStack.GetCompressedStack(ref stackMark); return(sc); }
static internal WindowsIdentity GetCurrentWI(ExecutionContext.Reader threadEC, bool cachedAlwaysFlowImpersonationPolicy) { Contract.Assert(cachedAlwaysFlowImpersonationPolicy == _alwaysFlowImpersonationPolicy); if (cachedAlwaysFlowImpersonationPolicy) { // Examine the threadtoken at the cost of a kernel call if the user has set the IMP_ALWAYSFLOW mode return(WindowsIdentity.GetCurrentInternal(TokenAccessLevels.MaximumAllowed, true)); } return(threadEC.SecurityContext.WindowsIdentity); }
internal static SecurityContext Capture(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark) { if (currThreadEC.SecurityContext.IsFlowSuppressed(SecurityContextDisableFlow.All)) { return(null); } if (SecurityContext.CurrentlyInDefaultFTSecurityContext(currThreadEC)) { return(null); } return(SecurityContext.CaptureCore(currThreadEC, ref stackMark)); }
static internal void RestoreCurrentWI(ExecutionContext.Reader currentEC, ExecutionContext.Reader prevEC, WindowsIdentity targetWI, bool cachedAlwaysFlowImpersonationPolicy) { Contract.Assert(currentEC.IsSame(Thread.CurrentThread.GetExecutionContextReader())); Contract.Assert(cachedAlwaysFlowImpersonationPolicy == _alwaysFlowImpersonationPolicy); // NOTE: cachedAlwaysFlowImpersonationPolicy is a perf optimization to avoid always having to access a static variable here. if (cachedAlwaysFlowImpersonationPolicy || prevEC.SecurityContext.WindowsIdentity != targetWI) { // // Either we're always flowing, or the target WI was obtained from the current EC in the first place. // Contract.Assert(_alwaysFlowImpersonationPolicy || currentEC.SecurityContext.WindowsIdentity == targetWI); RestoreCurrentWIInternal(targetWI); } }
static internal SecurityContext Capture(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark) { // check to see if Flow is suppressed if (currThreadEC.SecurityContext.IsFlowSuppressed(SecurityContextDisableFlow.All)) { return(null); } // If we're in FT right now, return null if (CurrentlyInDefaultFTSecurityContext(currThreadEC)) { return(null); } return(CaptureCore(currThreadEC, ref stackMark)); }
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable public static void Run(SecurityContext securityContext, ContextCallback callback, Object state) { if (securityContext == null) { throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_NullContext")); } Contract.EndContractBlock(); StackCrawlMark stackMark = StackCrawlMark.LookForMe; if (!securityContext.isNewCapture) { throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_NotNewCaptureContext")); } securityContext.isNewCapture = false; #if !MOBILE ExecutionContext.Reader ec = Thread.CurrentThread.GetExecutionContextReader(); // Optimization: do the callback directly if both the current and target contexts are equal to the // default full-trust security context if (SecurityContext.CurrentlyInDefaultFTSecurityContext(ec) && securityContext.IsDefaultFTSecurityContext()) { callback(state); if (GetCurrentWI(Thread.CurrentThread.GetExecutionContextReader()) != null) { // If we enter here it means the callback did an impersonation // that we need to revert. // We don't need to revert any other security state since it is stack-based // and automatically goes away when the callback returns. WindowsIdentity.SafeRevertToSelf(ref stackMark); // Ensure we have reverted to the state we entered in. Contract.Assert(GetCurrentWI(Thread.CurrentThread.GetExecutionContextReader()) == null); } } else #endif { RunInternal(securityContext, callback, state); } }
private static SecurityContext CaptureCore(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark) { SecurityContext securityContext = new SecurityContext(); securityContext.isNewCapture = true; if (!SecurityContext.IsWindowsIdentityFlowSuppressed()) { WindowsIdentity currentWI = SecurityContext.GetCurrentWI(currThreadEC); if (currentWI != null) { securityContext._windowsIdentity = new WindowsIdentity(currentWI.AccessToken); } } else { securityContext._disableFlow = SecurityContextDisableFlow.WI; } securityContext.CompressedStack = CompressedStack.GetCompressedStack(ref stackMark); return(securityContext); }
static internal bool CurrentlyInDefaultFTSecurityContext(ExecutionContext.Reader threadEC) { return(IsDefaultThreadSecurityInfo() && GetCurrentWI(threadEC) == null); }
static internal WindowsIdentity GetCurrentWI(ExecutionContext.Reader threadEC) { return(GetCurrentWI(threadEC, _alwaysFlowImpersonationPolicy)); }
internal void SetExecutionContext(ExecutionContext.Reader value, bool belongsToCurrentScope);