public override bool Equals(object obj) { User user = obj as User; if (user != null) { return(this.Equals(user)); } WindowsIdentity wid = obj as WindowsIdentity; if (wid != null && sid != null) { return(sid.Equals(wid.User)); } try { string un = obj as string; if (un != null) { return(this.Equals(new User(un))); } } catch { } return(base.Equals(obj)); }
public void EqualsNull() { SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null); Assert.IsFalse(sid.Equals((object)null)); Assert.IsFalse(sid.Equals((SecurityIdentifier)null)); }
private static bool ExchangeSharePointUserMatch(ADUser exUser, User spUser) { if (spUser.UserId != null && spUser.UserId.NameId != null) { string nameId = spUser.UserId.NameId; if (!VariantConfiguration.InvariantNoFlightingSnapshot.Global.MultiTenancy.Enabled) { try { SecurityIdentifier securityIdentifier = new SecurityIdentifier(nameId); return(securityIdentifier.Equals(exUser.Sid) || securityIdentifier.Equals(exUser.MasterAccountSid)); } catch (ArgumentException) { } return(false); } NetID other; if (NetID.TryParse(nameId, out other)) { return(exUser.NetID.Equals(other)); } } return(false); }
public static bool IsWellKnownIdentity(String accountName) { NTAccount ntaccount = new NTAccount(accountName); SecurityIdentifier sid = (SecurityIdentifier)ntaccount.Translate(typeof(SecurityIdentifier)); SecurityIdentifier networkServiceSid = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null); SecurityIdentifier localServiceSid = new SecurityIdentifier(WellKnownSidType.LocalServiceSid, null); SecurityIdentifier localSystemSid = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null); return(sid.Equals(networkServiceSid) || sid.Equals(localServiceSid) || sid.Equals(localSystemSid)); }
/// <summary>Determines whether the specified <see cref="System.Object"/>, is equal to this instance.</summary> /// <param name="obj">The <see cref="System.Object"/> to compare with this instance.</param> /// <returns><c>true</c> if the specified <see cref="System.Object"/> is equal to this instance; otherwise, <c>false</c>.</returns> public override bool Equals(object obj) { if (obj is User user) return Equals(user); if (obj is WindowsIdentity wid && sid != null) return sid.Equals(wid.User); try { if (obj is string un) return Equals(new User(un)); } catch { } return base.Equals(obj); }
private RawSecurityDescriptor ApplyAcesToTargetSecurityDescriptor(RawSecurityDescriptor targetSd, List <GenericAce> sourceAces) { List <GenericAce> list = new List <GenericAce>(); foreach (GenericAce genericAce in targetSd.DiscretionaryAcl) { SecurityIdentifier sidFromAce = TenantRelocationSecurityDescriptorHandler.GetSidFromAce(genericAce); if (!(sidFromAce == null)) { SecurityIdentifier accountDomainSid = sidFromAce.AccountDomainSid; if (sidFromAce.IsAccountSid() && !accountDomainSid.Equals(this.targetDomainSid)) { ExTraceGlobals.TenantRelocationTracer.TraceDebug <string>((long)this.GetHashCode(), "ApplyAcesToTargetSecurityDescriptor: customized SID found {0} on target object, removed.", sidFromAce.ToString()); } else { list.Add(genericAce); } } } RawAcl rawAcl = new RawAcl(targetSd.DiscretionaryAcl.Revision, list.Count + sourceAces.Count); int num = 0; foreach (GenericAce ace in list) { rawAcl.InsertAce(num++, ace); } foreach (GenericAce ace2 in sourceAces) { rawAcl.InsertAce(num++, ace2); } targetSd.DiscretionaryAcl = rawAcl; return(targetSd); }
/// <summary>Determines whether the specified <see cref="System.Object"/>, is equal to this instance.</summary> /// <param name="obj">The <see cref="System.Object"/> to compare with this instance.</param> /// <returns><c>true</c> if the specified <see cref="System.Object"/> is equal to this instance; otherwise, <c>false</c>.</returns> public override bool Equals(object obj) { if (obj is User user) { return(Equals(user)); } if (obj is WindowsIdentity wid && sid != null) { return(sid.Equals(wid.User)); } try { if (obj is string un) { return(Equals(new User(un))); } } catch { } return(base.Equals(obj)); }
private Claim CheckSidEquivalence(SecurityIdentifier identitySid, ClaimSet claimSet) { foreach (Claim claim in claimSet) { SecurityIdentifier securityIdentifier = this.GetSecurityIdentifier(claim); if ((securityIdentifier != null) && identitySid.Equals(securityIdentifier)) { return(claim); } } return(null); }
void RemoveCertificatePrivateKeyAccess(X509Certificate2 cert) { if (cert != null && cert.HasPrivateKey) { try { AsymmetricAlgorithm key = cert.PrivateKey; // Only RSA provider is supported here if (key is RSACryptoServiceProvider) { RSACryptoServiceProvider prov = key as RSACryptoServiceProvider; CspKeyContainerInfo info = prov.CspKeyContainerInfo; CryptoKeySecurity keySec = info.CryptoKeySecurity; SecurityIdentifier ns = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null); AuthorizationRuleCollection rules = keySec.GetAccessRules(true, false, typeof(SecurityIdentifier)); foreach (AuthorizationRule rule in rules) { CryptoKeyAccessRule keyAccessRule = (CryptoKeyAccessRule)rule; if (keyAccessRule.AccessControlType == AccessControlType.Allow && (int)(keyAccessRule.CryptoKeyRights & CryptoKeyRights.GenericRead) != 0) { SecurityIdentifier sid = keyAccessRule.IdentityReference as SecurityIdentifier; if (ns.Equals(sid)) { CryptoKeyAccessRule nsReadRule = new CryptoKeyAccessRule(ns, CryptoKeyRights.GenericRead, AccessControlType.Allow); keySec.RemoveAccessRule(nsReadRule); CommitCryptoKeySecurity(info, keySec); break; } } } } } #pragma warning suppress 56500 catch (Exception e) { // CommitCryptoKeySecurity can actually throw any exception, // so the safest way here is to catch a generic exception while throw on critical ones if (Utilities.IsCriticalException(e)) { throw; } throw new WsatAdminException(WsatAdminErrorCode.CANNOT_UPDATE_PRIVATE_KEY_PERM, SR.GetString(SR.ErrorUpdateCertPrivateKeyPerm), e); } } }
public bool Equals(SidName other) { if (other is null) { return(false); } if (ReferenceEquals(this, other)) { return(true); } return(value.Equals(other.value)); }
Claim CheckSidEquivalence(SecurityIdentifier identitySid, ClaimSet claimSet) { foreach (Claim claim in claimSet) { SecurityIdentifier sid = GetSecurityIdentifier(claim); if (sid != null) { if (identitySid.Equals(sid)) { return(claim); } } } return(null); }
public UserInfo() { var wi = WindowsIdentity.GetCurrent(); Sid = wi.User; if (wi.IsSystem) { IsSystemAccount = true; } else { var serviceSid = new SecurityIdentifier(WellKnownSidType.LocalServiceSid, null); IsServiceAccount = serviceSid.Equals(Sid); } Name = ((NTAccount)Sid.Translate(typeof(NTAccount))).Value; }
internal static bool DirectoryHasRights(string folderPath, FileSystemRights rights) { var currentUserIdentity = WindowsIdentity.GetCurrent(); SecurityIdentifier currentUserSID = currentUserIdentity.User; bool allow = false; bool deny = false; DirectorySecurity acl = Directory.GetAccessControl(folderPath); if (acl == null) { return(false); } AuthorizationRuleCollection accessRules = acl.GetAccessRules(true, true, typeof(SecurityIdentifier)); if (accessRules == null) { return(false); } foreach (FileSystemAccessRule accessRule in accessRules) { if (currentUserSID.Equals(accessRule.IdentityReference)) { if ((rights & accessRule.FileSystemRights) != rights) { continue; } if (accessRule.AccessControlType == AccessControlType.Allow) { allow = true; } else if (accessRule.AccessControlType == AccessControlType.Deny) { deny = true; } } } return(allow && !deny); }
/// <summary> /// Indicates whether the current object is equal to another object of the same type. /// </summary> /// <returns> /// true if the current object is equal to the <paramref name="other"/> parameter; otherwise, false. /// </returns> /// <param name="other">An object to compare with this object.</param> public bool Equals(SubscriptionDataConfig other) { if (ReferenceEquals(null, other)) { return(false); } if (ReferenceEquals(this, other)) { return(true); } return(_sid.Equals(other._sid) && Type == other.Type && TickType == other.TickType && Resolution == other.Resolution && FillDataForward == other.FillDataForward && ExtendedMarketHours == other.ExtendedMarketHours && IsInternalFeed == other.IsInternalFeed && IsCustomData == other.IsCustomData && DataTimeZone.Equals(other.DataTimeZone) && ExchangeTimeZone.Equals(other.ExchangeTimeZone) && IsFilteredSubscription == other.IsFilteredSubscription); }
private static bool CallerHasFullPermission(ClientSecurityContext clientSecurityContext, FreeBusyQuery freeBusyQuery) { SecurityIdentifier sid = freeBusyQuery.RecipientData.Sid; SecurityIdentifier masterAccountSid = freeBusyQuery.RecipientData.MasterAccountSid; bool flag = (sid != null && sid.Equals(clientSecurityContext.UserSid)) || (masterAccountSid != null && masterAccountSid.Equals(clientSecurityContext.UserSid)); if (flag) { FreeBusyPermission.SecurityTracer.TraceDebug(0L, "{0}: Caller {1} is owner of mailbox {2}, mailbox user SID {3}, master account SID {4}.", new object[] { TraceContext.Get(), clientSecurityContext, freeBusyQuery.Email, sid, masterAccountSid }); return(true); } RawSecurityDescriptor exchangeSecurityDescriptor = freeBusyQuery.RecipientData.ExchangeSecurityDescriptor; if (exchangeSecurityDescriptor != null) { if (FreeBusyPermission.SecurityTracer.IsTraceEnabled(TraceType.DebugTrace)) { string sddlForm = exchangeSecurityDescriptor.GetSddlForm(AccessControlSections.All); FreeBusyPermission.SecurityTracer.TraceDebug <object, EmailAddress, string>(0L, "{0}: The SDDL form of mailbox security descriptor of mailbox {1} is: {2}.", TraceContext.Get(), freeBusyQuery.Email, sddlForm); } if (clientSecurityContext.GetGrantedAccess(exchangeSecurityDescriptor, AccessMask.CreateChild) == 1 || clientSecurityContext.GetGrantedAccess(exchangeSecurityDescriptor, AccessMask.List) == 4) { FreeBusyPermission.SecurityTracer.TraceDebug <object, EmailAddress>(0L, "{0}: Caller does have 'owner' rights in mailbox {1}.", TraceContext.Get(), freeBusyQuery.Email); return(true); } } else { FreeBusyPermission.SecurityTracer.TraceDebug <object, EmailAddress>(0L, "{0}: User does not have an ExchangeSecurityDescriptor.", TraceContext.Get(), freeBusyQuery.Email); } FreeBusyPermission.SecurityTracer.TraceDebug <object, EmailAddress>(0L, "{0}: Caller does NOT have 'owner' rights in mailbox {1}.", TraceContext.Get(), freeBusyQuery.Email); return(false); }
public static IEnumerable <SafeNativeHandle> EnumerateUserTokens(SecurityIdentifier sid, TokenAccessLevels access = TokenAccessLevels.Query) { foreach (System.Diagnostics.Process process in System.Diagnostics.Process.GetProcesses()) { // We always need the Query access level so we can query the TokenUser using (process) using (SafeNativeHandle hToken = TryOpenAccessToken(process, access | TokenAccessLevels.Query)) { if (hToken == null) { continue; } if (!sid.Equals(GetTokenUser(hToken))) { continue; } yield return(hToken); } } }
// Token: 0x060017DC RID: 6108 RVA: 0x0008CD78 File Offset: 0x0008AF78 public void Add(EasDeviceBudget budget) { EasDeviceBudgetKey easDeviceBudgetKey = budget.Owner as EasDeviceBudgetKey; SecurityIdentifier sid = easDeviceBudgetKey.Sid; if (!sid.Equals(this.UserSid)) { throw new InvalidOperationException(string.Format("[EasDeviceBudgetAllocator.Add] Attempted to add a budget for user {0} to allocator for user {1}. That is very naughty.", sid, this.UserSid)); } bool flag = false; lock (this.instanceLock) { if (!this.activeBudgets.ContainsKey(easDeviceBudgetKey)) { this.activeBudgets[easDeviceBudgetKey] = budget; flag = true; } } if (flag) { this.UpdateIfNecessary(true); } }
private static AnchorMailbox CreateFromLogonIdentity(IRequestContext requestContext) { HttpContext httpContext = requestContext.HttpContext; IPrincipal user = httpContext.User; IIdentity identity = httpContext.User.Identity; string text = httpContext.Items[Constants.WLIDMemberName] as string; OAuthIdentity oauthIdentity = identity as OAuthIdentity; if (oauthIdentity != null) { string text2 = httpContext.Request.Headers[Constants.ExternalDirectoryObjectIdHeaderName]; if (!string.IsNullOrEmpty(text2)) { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-ExternalDirectoryObjectId"); return(new ExternalDirectoryObjectIdAnchorMailbox(text2, oauthIdentity.OrganizationId, requestContext)); } if (oauthIdentity.ActAsUser != null) { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-ActAsUser"); return(new OAuthActAsUserAnchorMailbox(oauthIdentity.ActAsUser, requestContext)); } requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "OAuthIdentity-AppOrganization"); return(new OrganizationAnchorMailbox(oauthIdentity.OrganizationId, requestContext)); } else { GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity; if (genericSidIdentity != null) { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "GenericSidIdentity"); return(new SidAnchorMailbox(genericSidIdentity.Sid, requestContext) { PartitionId = genericSidIdentity.PartitionId, SmtpOrLiveId = text }); } DelegatedPrincipal delegatedPrincipal = user as DelegatedPrincipal; if (delegatedPrincipal != null && delegatedPrincipal.DelegatedOrganization != null && string.IsNullOrEmpty(text)) { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "DelegatedPrincipal-DelegatedOrganization"); return(new DomainAnchorMailbox(delegatedPrincipal.DelegatedOrganization, requestContext)); } WindowsIdentity windowsIdentity = identity as WindowsIdentity; if (windowsIdentity != null) { if (string.IsNullOrEmpty(text)) { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "WindowsIdentity"); } else { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "WindowsIdentity-LiveIdMemberName"); } return(new SidAnchorMailbox(windowsIdentity.User, requestContext) { SmtpOrLiveId = text }); } try { SecurityIdentifier securityIdentifier = identity.GetSecurityIdentifier(); if (!securityIdentifier.Equals(AuthCommon.MemberNameNullSid)) { if (string.IsNullOrEmpty(text)) { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "SID"); } else { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "SID-LiveIdMemberName"); } return(new SidAnchorMailbox(securityIdentifier, requestContext) { SmtpOrLiveId = text }); } } catch (Exception) { } if (requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth) { AnchorMailbox anchorMailbox = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext); if (anchorMailbox != null) { return(anchorMailbox); } } if (!string.IsNullOrEmpty(text)) { requestContext.Logger.SafeSet(HttpProxyMetadata.RoutingHint, "Smtp-LiveIdMemberName"); return(new SmtpAnchorMailbox(text, requestContext)); } throw new InvalidOperationException(string.Format("Unknown idenity {0} with type {1}.", identity.GetSafeName(true), identity.ToString())); } }
public UserAccessRights(string path, string UserId) { if ((!String.IsNullOrEmpty(UserId)) && !String.IsNullOrEmpty(path)) { NTAccount n = new NTAccount(UserId); _principalSid = (SecurityIdentifier)n.Translate(typeof(SecurityIdentifier)); this._path = path; System.IO.FileInfo fi = new System.IO.FileInfo(_path); AuthorizationRuleCollection acl = fi.GetAccessControl().GetAccessRules(true, true, typeof(SecurityIdentifier)); for (int i = 0; i < acl.Count; i++) { System.Security.AccessControl.FileSystemAccessRule rule = (System.Security.AccessControl.FileSystemAccessRule)acl[i]; if (_principalSid.Equals(rule.IdentityReference)) { if (System.Security.AccessControl.AccessControlType.Deny.Equals(rule.AccessControlType)) { if (Contains(FileSystemRights.AppendData, rule)) { _denyAppendData = true; } if (Contains(FileSystemRights.ChangePermissions, rule)) { _denyChangePermissions = true; } if (Contains(FileSystemRights.CreateDirectories, rule)) { _denyCreateDirectories = true; } if (Contains(FileSystemRights.CreateFiles, rule)) { _denyCreateFiles = true; } if (Contains(FileSystemRights.Delete, rule)) { _denyDelete = true; } if (Contains(FileSystemRights.DeleteSubdirectoriesAndFiles, rule)) { _denyDeleteSubdirectoriesAndFiles = true; } if (Contains(FileSystemRights.ExecuteFile, rule)) { _denyExecuteFile = true; } if (Contains(FileSystemRights.FullControl, rule)) { _denyFullControl = true; } if (Contains(FileSystemRights.ListDirectory, rule)) { _denyListDirectory = true; } if (Contains(FileSystemRights.Modify, rule)) { _denyModify = true; } if (Contains(FileSystemRights.Read, rule)) { _denyRead = true; } if (Contains(FileSystemRights.ReadAndExecute, rule)) { _denyReadAndExecute = true; } if (Contains(FileSystemRights.ReadAttributes, rule)) { _denyReadAttributes = true; } if (Contains(FileSystemRights.ReadData, rule)) { _denyReadData = true; } if (Contains(FileSystemRights.ReadExtendedAttributes, rule)) { _denyReadExtendedAttributes = true; } if (Contains(FileSystemRights.ReadPermissions, rule)) { _denyReadPermissions = true; } if (Contains(FileSystemRights.Synchronize, rule)) { _denySynchronize = true; } if (Contains(FileSystemRights.TakeOwnership, rule)) { _denyTakeOwnership = true; } if (Contains(FileSystemRights.Traverse, rule)) { _denyTraverse = true; } if (Contains(FileSystemRights.Write, rule)) { _denyWrite = true; } if (Contains(FileSystemRights.WriteAttributes, rule)) { _denyWriteAttributes = true; } if (Contains(FileSystemRights.WriteData, rule)) { _denyWriteData = true; } if (Contains(FileSystemRights.WriteExtendedAttributes, rule)) { _denyWriteExtendedAttributes = true; } } else if (System.Security.AccessControl.AccessControlType.Allow.Equals(rule.AccessControlType)) { if (Contains(FileSystemRights.AppendData, rule)) { _allowAppendData = true; } if (Contains(FileSystemRights.ChangePermissions, rule)) { _allowChangePermissions = true; } if (Contains(FileSystemRights.CreateDirectories, rule)) { _allowCreateDirectories = true; } if (Contains(FileSystemRights.CreateFiles, rule)) { _allowCreateFiles = true; } if (Contains(FileSystemRights.Delete, rule)) { _allowDelete = true; } if (Contains(FileSystemRights.DeleteSubdirectoriesAndFiles, rule)) { _allowDeleteSubdirectoriesAndFiles = true; } if (Contains(FileSystemRights.ExecuteFile, rule)) { _allowExecuteFile = true; } if (Contains(FileSystemRights.FullControl, rule)) { _allowFullControl = true; } if (Contains(FileSystemRights.ListDirectory, rule)) { _allowListDirectory = true; } if (Contains(FileSystemRights.Modify, rule)) { _allowModify = true; } if (Contains(FileSystemRights.Read, rule)) { _allowRead = true; } if (Contains(FileSystemRights.ReadAndExecute, rule)) { _allowReadAndExecute = true; } if (Contains(FileSystemRights.ReadAttributes, rule)) { _allowReadAttributes = true; } if (Contains(FileSystemRights.ReadData, rule)) { _allowReadData = true; } if (Contains(FileSystemRights.ReadExtendedAttributes, rule)) { _allowReadExtendedAttributes = true; } if (Contains(FileSystemRights.ReadPermissions, rule)) { _allowReadPermissions = true; } if (Contains(FileSystemRights.Synchronize, rule)) { _allowSynchronize = true; } if (Contains(FileSystemRights.TakeOwnership, rule)) { _allowTakeOwnership = true; } if (Contains(FileSystemRights.Traverse, rule)) { _allowTraverse = true; } if (Contains(FileSystemRights.Write, rule)) { _allowWrite = true; } if (Contains(FileSystemRights.WriteAttributes, rule)) { _allowWriteAttributes = true; } if (Contains(FileSystemRights.WriteData, rule)) { _allowWriteData = true; } if (Contains(FileSystemRights.WriteExtendedAttributes, rule)) { _allowWriteExtendedAttributes = true; } } } } /* * IdentityReferenceCollection groups = _principal.Groups; * for (int j = 0; j < groups.Count; j++) * { * for (int i = 0; i < acl.Count; i++) * { * System.Security.AccessControl.FileSystemAccessRule rule = (System.Security.AccessControl.FileSystemAccessRule)acl[i]; * if (groups[j].Equals(rule.IdentityReference)) * { * if (System.Security.AccessControl.AccessControlType.Deny.Equals(rule.AccessControlType)) * { * if (Contains(FileSystemRights.AppendData, rule)) _denyAppendData = true; * if (Contains(FileSystemRights.ChangePermissions, rule)) _denyChangePermissions = true; * if (Contains(FileSystemRights.CreateDirectories, rule)) _denyCreateDirectories = true; * if (Contains(FileSystemRights.CreateFiles, rule)) _denyCreateFiles = true; * if (Contains(FileSystemRights.Delete, rule)) _denyDelete = true; * if (Contains(FileSystemRights.DeleteSubdirectoriesAndFiles, rule)) _denyDeleteSubdirectoriesAndFiles = true; * if (Contains(FileSystemRights.ExecuteFile, rule)) _denyExecuteFile = true; * if (Contains(FileSystemRights.FullControl, rule)) _denyFullControl = true; * if (Contains(FileSystemRights.ListDirectory, rule)) _denyListDirectory = true; * if (Contains(FileSystemRights.Modify, rule)) _denyModify = true; * if (Contains(FileSystemRights.Read, rule)) _denyRead = true; * if (Contains(FileSystemRights.ReadAndExecute, rule)) _denyReadAndExecute = true; * if (Contains(FileSystemRights.ReadAttributes, rule)) _denyReadAttributes = true; * if (Contains(FileSystemRights.ReadData, rule)) _denyReadData = true; * if (Contains(FileSystemRights.ReadExtendedAttributes, rule)) _denyReadExtendedAttributes = true; * if (Contains(FileSystemRights.ReadPermissions, rule)) _denyReadPermissions = true; * if (Contains(FileSystemRights.Synchronize, rule)) _denySynchronize = true; * if (Contains(FileSystemRights.TakeOwnership, rule)) _denyTakeOwnership = true; * if (Contains(FileSystemRights.Traverse, rule)) _denyTraverse = true; * if (Contains(FileSystemRights.Write, rule)) _denyWrite = true; * if (Contains(FileSystemRights.WriteAttributes, rule)) _denyWriteAttributes = true; * if (Contains(FileSystemRights.WriteData, rule)) _denyWriteData = true; * if (Contains(FileSystemRights.WriteExtendedAttributes, rule)) _denyWriteExtendedAttributes = true; * } * else if (System.Security.AccessControl.AccessControlType.Allow.Equals(rule.AccessControlType)) * { * if (Contains(FileSystemRights.AppendData, rule)) _allowAppendData = true; * if (Contains(FileSystemRights.ChangePermissions, rule)) _allowChangePermissions = true; * if (Contains(FileSystemRights.CreateDirectories, rule)) _allowCreateDirectories = true; * if (Contains(FileSystemRights.CreateFiles, rule)) _allowCreateFiles = true; * if (Contains(FileSystemRights.Delete, rule)) _allowDelete = true; * if (Contains(FileSystemRights.DeleteSubdirectoriesAndFiles, rule)) _allowDeleteSubdirectoriesAndFiles = true; * if (Contains(FileSystemRights.ExecuteFile, rule)) _allowExecuteFile = true; * if (Contains(FileSystemRights.FullControl, rule)) _allowFullControl = true; * if (Contains(FileSystemRights.ListDirectory, rule)) _allowListDirectory = true; * if (Contains(FileSystemRights.Modify, rule)) _allowModify = true; * if (Contains(FileSystemRights.Read, rule)) _allowRead = true; * if (Contains(FileSystemRights.ReadAndExecute, rule)) _allowReadAndExecute = true; * if (Contains(FileSystemRights.ReadAttributes, rule)) _allowReadAttributes = true; * if (Contains(FileSystemRights.ReadData, rule)) _allowReadData = true; * if (Contains(FileSystemRights.ReadExtendedAttributes, rule)) _allowReadExtendedAttributes = true; * if (Contains(FileSystemRights.ReadPermissions, rule)) _allowReadPermissions = true; * if (Contains(FileSystemRights.Synchronize, rule)) _allowSynchronize = true; * if (Contains(FileSystemRights.TakeOwnership, rule)) _allowTakeOwnership = true; * if (Contains(FileSystemRights.Traverse, rule)) _allowTraverse = true; * if (Contains(FileSystemRights.Write, rule)) _allowWrite = true; * if (Contains(FileSystemRights.WriteAttributes, rule)) _allowWriteAttributes = true; * if (Contains(FileSystemRights.WriteData, rule)) _allowWriteData = true; * if (Contains(FileSystemRights.WriteExtendedAttributes, rule)) _allowWriteExtendedAttributes = true; * } * } * } * } */ } }
// Token: 0x060000EB RID: 235 RVA: 0x00005DD4 File Offset: 0x00003FD4 private static AnchorMailbox CreateFromLogonIdentity(IRequestContext requestContext) { HttpContext httpContext = requestContext.HttpContext; IPrincipal user = httpContext.User; IIdentity identity = httpContext.User.Identity; string text; HttpContextItemParser.TryGetLiveIdMemberName(httpContext.Items, ref text); OAuthIdentity oauthIdentity = identity as OAuthIdentity; if (oauthIdentity != null) { string externalDirectoryObjectId; if (RequestHeaderParser.TryGetExternalDirectoryObjectId(httpContext.Request.Headers, ref externalDirectoryObjectId)) { requestContext.Logger.SafeSet(3, "OAuthIdentity-ExternalDirectoryObjectId"); return(new ExternalDirectoryObjectIdAnchorMailbox(externalDirectoryObjectId, oauthIdentity.OrganizationId, requestContext)); } if (oauthIdentity.ActAsUser != null) { requestContext.Logger.SafeSet(3, "OAuthIdentity-ActAsUser"); return(new OAuthActAsUserAnchorMailbox(oauthIdentity.ActAsUser, requestContext)); } requestContext.Logger.SafeSet(3, "OAuthIdentity-AppOrganization"); return(new OrganizationAnchorMailbox(oauthIdentity.OrganizationId, requestContext)); } else { GenericSidIdentity genericSidIdentity = identity as GenericSidIdentity; if (genericSidIdentity != null) { requestContext.Logger.SafeSet(3, "GenericSidIdentity"); return(new SidAnchorMailbox(genericSidIdentity.Sid, requestContext) { PartitionId = genericSidIdentity.PartitionId, SmtpOrLiveId = text }); } DelegatedPrincipal delegatedPrincipal = user as DelegatedPrincipal; if (delegatedPrincipal != null && delegatedPrincipal.DelegatedOrganization != null && string.IsNullOrEmpty(text)) { requestContext.Logger.SafeSet(3, "DelegatedPrincipal-DelegatedOrganization"); return(new DomainAnchorMailbox(delegatedPrincipal.DelegatedOrganization, requestContext)); } WindowsIdentity windowsIdentity = identity as WindowsIdentity; if (windowsIdentity != null) { if (string.IsNullOrEmpty(text)) { requestContext.Logger.SafeSet(3, "WindowsIdentity"); } else { requestContext.Logger.SafeSet(3, "WindowsIdentity-LiveIdMemberName"); } return(new SidAnchorMailbox(windowsIdentity.User, requestContext) { SmtpOrLiveId = text }); } SecurityIdentifier securityIdentifier = null; if (IIdentityExtensions.TryGetSecurityIdentifier(identity, ref securityIdentifier) && !securityIdentifier.Equals(AuthCommon.MemberNameNullSid)) { if (string.IsNullOrEmpty(text)) { requestContext.Logger.SafeSet(3, "SID"); } else { requestContext.Logger.SafeSet(3, "SID-LiveIdMemberName"); } return(new SidAnchorMailbox(securityIdentifier, requestContext) { SmtpOrLiveId = text }); } if (!HttpProxySettings.IdentityIndependentAuthBehaviorEnabled.Value && requestContext.AuthBehavior.AuthState != AuthState.FrontEndFullAuth) { AnchorMailbox anchorMailbox = requestContext.AuthBehavior.CreateAuthModuleSpecificAnchorMailbox(requestContext); if (anchorMailbox != null) { return(anchorMailbox); } } if (!string.IsNullOrEmpty(text) && SmtpAddress.IsValidSmtpAddress(text)) { requestContext.Logger.SafeSet(3, "Smtp-LiveIdMemberName"); return(new SmtpAnchorMailbox(text, requestContext)); } throw new InvalidOperationException(string.Format("Unknown idenity {0} with type {1}.", IIdentityExtensions.GetSafeName(identity, true), identity.ToString())); } }
private static SafeNativeHandle GetPrimaryTokenForUser(SecurityIdentifier sid, List <string> requiredPrivileges = null) { NativeHelpers.ProcessAccessFlags accessFlags = NativeHelpers.ProcessAccessFlags.PROCESS_QUERY_INFORMATION; // According to CreateProcessWithTokenW we require a token with // TOKEN_QUERY, TOKEN_DUPLICATE and TOKEN_ASSIGN_PRIMARY // Also add in TOKEN_IMPERSONATE so we can get an impersonated token TokenAccessLevels dwAccess = TokenAccessLevels.Query | TokenAccessLevels.Duplicate | TokenAccessLevels.AssignPrimary | TokenAccessLevels.Impersonate; foreach (System.Diagnostics.Process process in System.Diagnostics.Process.GetProcesses()) { using (process) { using (SafeNativeHandle hProcess = NativeMethods.OpenProcess(accessFlags, false, (UInt32)process.Id)) { if (hProcess.IsInvalid) { continue; } SafeNativeHandle hToken; NativeMethods.OpenProcessToken(hProcess, dwAccess, out hToken); if (hToken.IsInvalid) { continue; } using (hToken) { if (!sid.Equals(GetTokenUserSID(hToken))) { continue; } // Filter out any Network logon tokens, using become with that is useless when S4U // can give us a Batch logon NativeHelpers.SECURITY_LOGON_TYPE tokenLogonType = GetTokenLogonType(hToken); if (tokenLogonType == NativeHelpers.SECURITY_LOGON_TYPE.Network) { continue; } // Check that the required privileges are on the token if (requiredPrivileges != null) { List <string> actualPrivileges = GetTokenPrivileges(hToken); int missing = requiredPrivileges.Where(x => !actualPrivileges.Contains(x)).Count(); if (missing > 0) { continue; } } SafeNativeHandle dupToken; if (!NativeMethods.DuplicateTokenEx(hToken, TokenAccessLevels.MaximumAllowed, IntPtr.Zero, NativeHelpers.SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, NativeHelpers.TOKEN_TYPE.TokenPrimary, out dupToken)) { continue; } return(dupToken); } } } } return(null); }