/// <summary>Runs the specified method in the specified security context on the current thread.</summary>
/// <param name="securityContext">The <see cref="T:System.Security.SecurityContext" /> to set.</param>
/// <param name="callback">The <see cref="T:System.Threading.ContextCallback" /> delegate that represents the method to run in the specified security context.</param>
/// <param name="state">The object to pass to the callback method.</param>
/// <exception cref="T:System.InvalidOperationException">
/// <paramref name="securityContext" /> is null.-or-<paramref name="securityContext" /> was not acquired through a capture operation -or-<paramref name="securityContext" /> has already been used as the argument to a <see cref="M:System.Security.SecurityContext.Run(System.Security.SecurityContext,System.Threading.ContextCallback,System.Object)" /> method call.</exception>
/// <PermissionSet>
/// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Infrastructure" />
/// </PermissionSet>
public static void Run(SecurityContext securityContext, ContextCallback callback, object state)
{
if (securityContext == null)
{
throw new InvalidOperationException(Locale.GetText("Null SecurityContext"));
}
SecurityContext securityContext2 = Thread.CurrentThread.ExecutionContext.SecurityContext;
IPrincipal currentPrincipal = Thread.CurrentPrincipal;
try
{
if (securityContext2.IdentityToken != IntPtr.Zero)
{
Thread.CurrentPrincipal = new WindowsPrincipal(new WindowsIdentity(securityContext2.IdentityToken));
}
if (securityContext.CompressedStack != null)
{
CompressedStack.Run(securityContext.CompressedStack, callback, state);
}
else
{
callback(state);
}
}
finally
{
if (currentPrincipal != null && securityContext2.IdentityToken != IntPtr.Zero)
{
Thread.CurrentPrincipal = currentPrincipal;
}
}
}
public void GetObjectData_Null()
{
StreamingContext sc = new StreamingContext();
CompressedStack cs = CompressedStack.Capture();
cs.GetObjectData(null, sc);
}
private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptorWithResolver fsdWithResolver)
{
CompressedStack securityContext = fsdWithResolver.Resolver.GetSecurityContext();
securityContext.CompleteConstruction((CompressedStack)null);
return(this.Update(currentTriple, securityContext.PLS));
}
[System.Security.SecurityCritical] // auto-generated
static internal PermissionListSet CreateCompressedState_HG()
{
PermissionListSet pls = new PermissionListSet();
CompressedStack.GetHomogeneousPLS(pls);
return(pls);
}
private static void ReflectionTargetDemandHelper(int permission, PermissionSet targetGrant)
{
StackCrawlMark stackCrawlMark = StackCrawlMark.LookForMyCaller;
CompressedStack compressedStack = CompressedStack.GetCompressedStack(ref stackCrawlMark);
CodeAccessSecurityEngine.ReflectionTargetDemandHelper(permission, targetGrant, compressedStack);
}
private static void ReflectionTargetDemandHelper(int permission, PermissionSet targetGrant)
{
StackCrawlMark lookForMyCaller = StackCrawlMark.LookForMyCaller;
CompressedStack compressedStack = CompressedStack.GetCompressedStack(ref lookForMyCaller);
ReflectionTargetDemandHelper(permission, targetGrant, compressedStack);
}
internal static PermissionListSet CreateCompressedState_HG()
{
PermissionListSet hgPLS = new PermissionListSet();
CompressedStack.GetHomogeneousPLS(hgPLS);
return(hgPLS);
}
static public void Run(SecurityContext securityContext, ContextCallback callback, object state)
{
if (securityContext == null)
{
throw new InvalidOperationException(Locale.GetText(
"Null SecurityContext"));
}
SecurityContext sc = Thread.CurrentThread.ExecutionContext.SecurityContext;
IPrincipal original = Thread.CurrentPrincipal;
try {
if (sc.IdentityToken != IntPtr.Zero)
{
Thread.CurrentPrincipal = new WindowsPrincipal(new WindowsIdentity(sc.IdentityToken));
}
// FIXME: is the security manager isn't active then we may not have
// a compressed stack (bug #78652)
if (securityContext.CompressedStack != null)
{
CompressedStack.Run(securityContext.CompressedStack, callback, state);
}
else
{
callback(state);
}
}
finally {
if ((original != null) && (sc.IdentityToken != IntPtr.Zero))
{
Thread.CurrentPrincipal = original;
}
}
}
// for NET_1_0 and NET_1_1 no (public) ExecutionContext exists
// so we must use the System.Threading.CompressedStack class
internal static void ExecuteClientMessage(GCHandle gchandle)
{
AsyncMethodData data = (AsyncMethodData)gchandle.Target;
CompressedStack original = null;
#if !MWF_ON_MSRUNTIME
// Stack is non-null only if the security manager is active
if (data.Stack != null)
{
original = Thread.CurrentThread.GetCompressedStack();
Thread.CurrentThread.SetCompressedStack(data.Stack);
}
#endif
AsyncMethodResult result = data.Result;
object ret;
try {
ret = data.Method.DynamicInvoke(data.Args);
result.Complete(ret);
} catch (Exception ex) {
result.CompleteWithException(ex);
return;
} finally {
#if !MWF_ON_MSRUNTIME
if (data.Stack != null)
{
// whatever occurs we must revert to the original compressed
// stack (null being a valid, empty, value in this case).
Thread.CurrentThread.SetCompressedStack(original);
}
#endif
gchandle.Free();
}
}
private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptorWithResolver fsdWithResolver)
{
System.Reflection.Emit.DynamicResolver resolver = fsdWithResolver.Resolver;
CompressedStack dynamicCompressedStack = resolver.GetSecurityContext();
dynamicCompressedStack.CompleteConstruction(null);
return(this.Update(currentTriple, dynamicCompressedStack.PLS));
}
// copy constructor
internal SecurityContext(SecurityContext sc)
{
_capture = true;
_winid = sc._winid;
if (sc._stack != null)
{
_stack = sc._stack.CreateCopy();
}
}
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
private static void ReflectionTargetDemandHelper(int permission, PermissionSet targetGrant)
{
// Capture a compressed stack so that we can make both permission checks without walking the stack
// multiple times.
StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
CompressedStack cs = CompressedStack.GetCompressedStack(ref stackMark);
ReflectionTargetDemandHelper(permission, targetGrant, cs);
}
public static void Capture_GetCompressedStack_CreateCopy_Test()
{
CompressedStack compressedStack = CompressedStack.Capture();
Assert.NotNull(compressedStack);
Assert.NotNull(compressedStack.CreateCopy());
Assert.NotNull(CompressedStack.GetCompressedStack());
Assert.NotNull(CompressedStack.GetCompressedStack().CreateCopy());
}
public void CreateCopy()
{
CompressedStack cs1 = CompressedStack.Capture ();
CompressedStack cs2 = cs1.CreateCopy ();
Assert.IsFalse (cs1.Equals (cs2), "cs1.Equals (cs2)");
Assert.IsFalse (cs2.Equals (cs1), "cs2.Equals (cs1)");
Assert.IsFalse (cs1.GetHashCode () == cs2.GetHashCode (), "GetHashCode");
Assert.IsFalse (Object.ReferenceEquals (cs1, cs2), "ReferenceEquals");
}
internal static void CheckSetHelper(CompressedStack cs, PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandleInternal rmh, RuntimeAssembly asm, SecurityAction action)
{
if (cs != null)
{
cs.CheckSetDemand(demands, rmh);
return;
}
CodeAccessSecurityEngine.CheckSetHelper(grants, refused, demands, rmh, asm, action, true);
}
internal static void CheckHelper(CompressedStack cs, PermissionSet grantedSet, PermissionSet refusedSet, CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, RuntimeAssembly asm, SecurityAction action)
{
if (cs != null)
{
cs.CheckDemand(demand, permToken, rmh);
}
else
{
CheckHelper(grantedSet, refusedSet, demand, permToken, rmh, asm, action, true);
}
}
public void GetCompressedStack()
{
CompressedStack cs1 = CompressedStack.GetCompressedStack ();
Assert.IsNotNull (cs1, "GetCompressedStack");
CompressedStack cs2 = CompressedStack.Capture ();
Assert.IsNotNull (cs2, "Capture");
Assert.IsFalse (cs1.Equals (cs2), "cs1.Equals (cs2)");
Assert.IsFalse (cs2.Equals (cs1), "cs2.Equals (cs1)");
Assert.IsFalse (cs1.GetHashCode () == cs2.GetHashCode (), "GetHashCode");
}
// The number of frames to skip depends on who's calling
// - CodeAccessPermission.Demand (imperative)
// - PermissionSet.Demand (imperative)
// - SecurityManager.InternalDemand (declarative)
internal void CasOnlyDemand(int skip)
{
Assembly current = null;
AppDomain domain = null;
if (_ignored == null)
{
// special case when directly called from CodeAccessPermission.Demand
_ignored = new bool [list.Count];
}
ArrayList frames = SecurityFrame.GetStack(skip);
if ((frames != null) && (frames.Count > 0))
{
SecurityFrame first = ((SecurityFrame)frames [0]);
current = first.Assembly;
domain = first.Domain;
// skip ourself, Demand and other security runtime methods
foreach (SecurityFrame sf in frames)
{
if (ProcessFrame(sf, ref current, ref domain))
{
if (AllIgnored())
{
return; // reached Assert
}
}
}
SecurityFrame last = ((SecurityFrame)frames [frames.Count - 1]);
CheckAssembly(current, last);
CheckAppDomain(domain, last);
}
// Is there a CompressedStack to handle ?
CompressedStack stack = Thread.CurrentThread.GetCompressedStack();
if ((stack != null) && !stack.IsEmpty())
{
foreach (SecurityFrame frame in stack.List)
{
if (ProcessFrame(frame, ref current, ref domain))
{
if (AllIgnored())
{
return; // reached Assert
}
}
}
}
}
/// <summary>Captures the security context for the current thread.</summary>
/// <returns>A <see cref="T:System.Security.SecurityContext" /> object representing the security context for the current thread.</returns>
public static SecurityContext Capture()
{
SecurityContext securityContext = Thread.CurrentThread.ExecutionContext.SecurityContext;
if (securityContext.FlowSuppressed)
{
return(null);
}
return(new SecurityContext
{
_capture = true,
_winid = WindowsIdentity.GetCurrentToken(),
_stack = CompressedStack.Capture()
});
}
// public(internal) interface begins...
// Creation functions
static internal PermissionListSet CreateCompressedState(CompressedStack cs, CompressedStack innerCS)
{
// function that completes the construction of the compressed stack if not done so already (bottom half for demand evaluation)
bool bHaltConstruction = false;
if (cs.CompressedStackHandle == null)
{
return(null); // FT case or Security off
}
PermissionListSet pls = new PermissionListSet();
PermissionSetTriple currentTriple = new PermissionSetTriple();
int numDomains = CompressedStack.GetDCSCount(cs.CompressedStackHandle);
for (int i = numDomains - 1; (i >= 0 && !bHaltConstruction); i--)
{
DomainCompressedStack dcs = CompressedStack.GetDomainCompressedStack(cs.CompressedStackHandle, i);
if (dcs == null)
{
continue; // we hit a FT Domain
}
if (dcs.PLS == null)
{
// We failed on some DCS
throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic")));
}
pls.UpdateZoneAndOrigin(dcs.PLS);
pls.Update(currentTriple, dcs.PLS);
bHaltConstruction = dcs.ConstructionHalted;
}
if (!bHaltConstruction)
{
PermissionListSet tmp_pls = null;
// Construction did not halt.
if (innerCS != null)
{
innerCS.CompleteConstruction(null);
tmp_pls = innerCS.PLS;
}
pls.Terminate(currentTriple, tmp_pls);
}
else
{
pls.Terminate(currentTriple);
}
return(pls);
}
// static methods
static public SecurityContext Capture()
{
SecurityContext sc = Thread.CurrentThread.ExecutionContext.SecurityContext;
if (sc.FlowSuppressed)
{
return(null);
}
SecurityContext capture = new SecurityContext();
capture._capture = true;
capture._winid = WindowsIdentity.GetCurrentToken();
capture._stack = CompressedStack.Capture();
return(capture);
}
public static void SerializationTest()
{
CompressedStack compressedStack = CompressedStack.Capture();
Assert.Throws <ArgumentNullException>(() => compressedStack.GetObjectData(null, new StreamingContext()));
var binaryFormatter = new BinaryFormatter();
var memoryStream = new MemoryStream();
binaryFormatter.Serialize(memoryStream, compressedStack);
memoryStream.Close();
byte[] binaryData = memoryStream.ToArray();
memoryStream = new MemoryStream(binaryData);
compressedStack = (CompressedStack)binaryFormatter.Deserialize(memoryStream);
memoryStream.Close();
}
[System.Security.SecurityCritical] // auto-generated
internal static void CheckSetHelper(CompressedStack cs,
PermissionSet grants,
PermissionSet refused,
PermissionSet demands,
RuntimeMethodHandleInternal rmh,
RuntimeAssembly asm,
SecurityAction action)
{
if (cs != null)
{
cs.CheckSetDemand(demands, rmh);
}
else
{
CheckSetHelper(grants, refused, demands, rmh, (Object)asm, action, true);
}
}
private void Thread_Run_UnmanagedCode()
{
bool result = false;
Assert.IsFalse(success, "pre-check");
try {
CompressedStack cs = GetCompressedStackUnmanaged();
// run with the captured security stack (i.e. deny unmanaged)
CompressedStack.Run(cs, new ContextCallback(Callback), true);
}
catch (SecurityException) {
result = true;
}
finally {
Assert.IsFalse(success, "post-check");
Assert.IsTrue(result, "Result");
}
}
internal static PermissionListSet CreateCompressedState(CompressedStack cs, CompressedStack innerCS)
{
bool flag = false;
if (cs.CompressedStackHandle == null)
{
return(null);
}
PermissionListSet permissionListSet = new PermissionListSet();
PermissionSetTriple currentTriple = new PermissionSetTriple();
int dcscount = CompressedStack.GetDCSCount(cs.CompressedStackHandle);
int num = dcscount - 1;
while (num >= 0 && !flag)
{
DomainCompressedStack domainCompressedStack = CompressedStack.GetDomainCompressedStack(cs.CompressedStackHandle, num);
if (domainCompressedStack != null)
{
if (domainCompressedStack.PLS == null)
{
throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), Array.Empty <object>()));
}
permissionListSet.UpdateZoneAndOrigin(domainCompressedStack.PLS);
permissionListSet.Update(currentTriple, domainCompressedStack.PLS);
flag = domainCompressedStack.ConstructionHalted;
}
num--;
}
if (!flag)
{
PermissionListSet pls = null;
if (innerCS != null)
{
innerCS.CompleteConstruction(null);
pls = innerCS.PLS;
}
permissionListSet.Terminate(currentTriple, pls);
}
else
{
permissionListSet.Terminate(currentTriple);
}
return(permissionListSet);
}
internal static void GetZoneAndOriginHelper(CompressedStack cs, PermissionSet grantSet, PermissionSet refusedSet, ArrayList zoneList, ArrayList originList)
{
if (cs != null)
{
cs.GetZoneAndOrigin(zoneList, originList, PermissionToken.GetToken(typeof(ZoneIdentityPermission)), PermissionToken.GetToken(typeof(UrlIdentityPermission)));
return;
}
ZoneIdentityPermission zoneIdentityPermission = (ZoneIdentityPermission)grantSet.GetPermission(typeof(ZoneIdentityPermission));
UrlIdentityPermission urlIdentityPermission = (UrlIdentityPermission)grantSet.GetPermission(typeof(UrlIdentityPermission));
if (zoneIdentityPermission != null)
{
zoneList.Add(zoneIdentityPermission.SecurityZone);
}
if (urlIdentityPermission != null)
{
originList.Add(urlIdentityPermission.Url);
}
}
internal static SecurityContextSwitcher SetSecurityContext(SecurityContext sc, SecurityContext.Reader prevSecurityContext, bool modifyCurrentExecutionContext, ref StackCrawlMark stackMark)
{
SecurityContextDisableFlow contextDisableFlow = sc._disableFlow;
sc._disableFlow = SecurityContextDisableFlow.Nothing;
SecurityContextSwitcher securityContextSwitcher = new SecurityContextSwitcher();
securityContextSwitcher.currSC = sc;
securityContextSwitcher.prevSC = prevSecurityContext;
if (modifyCurrentExecutionContext)
{
ExecutionContext executionContext = Thread.CurrentThread.GetMutableExecutionContext();
securityContextSwitcher.currEC = executionContext;
executionContext.SecurityContext = sc;
}
if (sc != null)
{
RuntimeHelpers.PrepareConstrainedRegions();
try
{
securityContextSwitcher.wic = (WindowsImpersonationContext)null;
if (!SecurityContext._LegacyImpersonationPolicy)
{
if (sc.WindowsIdentity != null)
{
securityContextSwitcher.wic = sc.WindowsIdentity.Impersonate(ref stackMark);
}
else if ((contextDisableFlow & SecurityContextDisableFlow.WI) == SecurityContextDisableFlow.Nothing && prevSecurityContext.WindowsIdentity != null)
{
securityContextSwitcher.wic = WindowsIdentity.SafeRevertToSelf(ref stackMark);
}
}
securityContextSwitcher.cssw = CompressedStack.SetCompressedStack(sc.CompressedStack, prevSecurityContext.CompressedStack);
}
catch
{
securityContextSwitcher.UndoNoThrow();
throw;
}
}
return(securityContextSwitcher);
}
private static SecurityContext CaptureCore(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark)
{
SecurityContext securityContext = new SecurityContext();
securityContext.isNewCapture = true;
if (!SecurityContext.IsWindowsIdentityFlowSuppressed())
{
WindowsIdentity currentWi = SecurityContext.GetCurrentWI(currThreadEC);
if (currentWi != null)
{
securityContext._windowsIdentity = new WindowsIdentity(currentWi.AccessToken);
}
}
else
{
securityContext._disableFlow = SecurityContextDisableFlow.WI;
}
securityContext.CompressedStack = CompressedStack.GetCompressedStack(ref stackMark);
return(securityContext);
}
public static void Run(CompressedStack compressedStack, ContextCallback callback, object state) {}
public void SetCompressedStack(CompressedStack stack)
{
}
private static bool CheckDynamicMethodHelper(DynamicResolver dynamicResolver, IPermission demandIn, PermissionToken permToken, RuntimeMethodHandleInternal rmh)
{
CompressedStack securityContext = dynamicResolver.GetSecurityContext();
try
{
return(securityContext.CheckDemandNoHalt((CodeAccessPermission)demandIn, permToken, rmh));
}
catch (SecurityException ex)
{
throw new SecurityException(Environment.GetResourceString("Security_AnonymouslyHostedDynamicMethodCheckFailed"), (Exception)ex);
}
}
private static bool CheckDynamicMethodSetHelper(DynamicResolver dynamicResolver, PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandleInternal rmh)
{
CompressedStack securityContext = dynamicResolver.GetSecurityContext();
try
{
return(securityContext.CheckSetDemandWithModificationNoHalt(demandSet, out alteredDemandSet, rmh));
}
catch (SecurityException ex)
{
throw new SecurityException(Environment.GetResourceString("Security_AnonymouslyHostedDynamicMethodCheckFailed"), (Exception)ex);
}
}
