Code:
/ 4.0 / 4.0 / untmp / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Data / System / Data / ProviderBase / DbConnectionPoolIdentity.cs / 1305376 / DbConnectionPoolIdentity.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Data.ProviderBase {
using System;
using System.Collections;
using System.Data.Common;
using System.Diagnostics;
using System.Globalization;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.Permissions;
using System.Security.Principal;
using System.Threading;
using System.Runtime.Versioning;
[Serializable] // Serializable so SqlDependencyProcessDispatcher can marshall cross domain to SqlDependency.
sealed internal class DbConnectionPoolIdentity {
private const int E_NotImpersonationToken = unchecked((int)0x8007051D);
private const int Win32_CheckTokenMembership = 1;
private const int Win32_GetTokenInformation_1 = 2;
private const int Win32_GetTokenInformation_2 = 3;
private const int Win32_ConvertSidToStringSidW = 4;
private const int Win32_CreateWellKnownSid = 5;
static public readonly DbConnectionPoolIdentity NoIdentity = new DbConnectionPoolIdentity(String.Empty, false, true);
static private readonly byte[] NetworkSid = (ADP.IsWindowsNT ? CreateWellKnownSid(WellKnownSidType.NetworkSid) : null);
private readonly string _sidString;
private readonly bool _isRestricted;
private readonly bool _isNetwork;
private DbConnectionPoolIdentity (string sidString, bool isRestricted, bool isNetwork) {
_sidString = sidString;
_isRestricted = isRestricted;
_isNetwork = isNetwork;
}
internal bool IsRestricted {
get { return _isRestricted; }
}
#if !ORACLE
internal bool IsNetwork {
get { return _isNetwork; }
}
#endif
static private byte[] CreateWellKnownSid(WellKnownSidType sidType) {
// Passing an array as big as it can ever be is a small price to pay for
// not having to P/Invoke twice (once to get the buffer, once to get the data)
uint length = ( uint )SecurityIdentifier.MaxBinaryLength;
byte[] resultSid = new byte[ length ];
// NOTE - We copied this code from System.Security.Principal.Win32.CreateWellKnownSid...
if ( 0 == UnsafeNativeMethods.CreateWellKnownSid(( int )sidType, null, resultSid, ref length )) {
IntegratedSecurityError(Win32_CreateWellKnownSid);
}
return resultSid;
}
override public bool Equals(object value) {
bool result = ((this == NoIdentity) || (this == value));
if (!result && (null != value)) {
DbConnectionPoolIdentity that = ((DbConnectionPoolIdentity) value);
result = ((this._sidString == that._sidString) && (this._isRestricted == that._isRestricted) && (this._isNetwork == that._isNetwork));
}
return result;
}
[SecurityPermission(SecurityAction.Assert, Flags=SecurityPermissionFlag.ControlPrincipal)]
static internal WindowsIdentity GetCurrentWindowsIdentity() {
return WindowsIdentity.GetCurrent();
}
[SecurityPermission(SecurityAction.Assert, Flags=SecurityPermissionFlag.UnmanagedCode)]
static private IntPtr GetWindowsIdentityToken(WindowsIdentity identity) {
return identity.Token;
}
[ResourceExposure(ResourceScope.None)] // SxS: this method does not create named objects
[ResourceConsumption(ResourceScope.Process, ResourceScope.Process)]
static internal DbConnectionPoolIdentity GetCurrent() {
// DEVNOTE: GetTokenInfo and EqualSID do not work on 9x. WindowsIdentity does not
// work either on 9x. In fact, after checking with native there is no way
// to validate the user on 9x, so simply don't. It is a known issue in
// native, and we will handle this the same way.
if (!ADP.IsWindowsNT) {
return NoIdentity;
}
WindowsIdentity identity = GetCurrentWindowsIdentity();
IntPtr token = GetWindowsIdentityToken(identity); // Free'd by WindowsIdentity.
uint bufferLength = 2048; // Suggested default given by Greg Fee.
uint lengthNeeded = 0;
IntPtr tokenStruct = IntPtr.Zero;
IntPtr SID;
IntPtr sidStringBuffer = IntPtr.Zero;
bool isNetwork;
UnsafeNativeMethods.SetLastError(0); // SQLBUDT #373863 - IsTokenRestricted doesn't clear this in all cases.
bool isRestricted = UnsafeNativeMethods.IsTokenRestricted(token);
int isRestrictedTestError = Marshal.GetLastWin32Error();
if (0 != isRestrictedTestError) {
Marshal.ThrowExceptionForHR(Marshal.GetHRForLastWin32Error()); // will only throw if (hresult < 0)
}
DbConnectionPoolIdentity current = null;
RuntimeHelpers.PrepareConstrainedRegions();
try {
if (!UnsafeNativeMethods.CheckTokenMembership(token, NetworkSid, out isNetwork)) {
// will always fail with 0x8007051D if token is not an impersonation token
IntegratedSecurityError(Win32_CheckTokenMembership);
}
RuntimeHelpers.PrepareConstrainedRegions();
try { } finally {
// allocating memory and assigning to tokenStruct must happen
tokenStruct = SafeNativeMethods.LocalAlloc(DbBuffer.LMEM_FIXED, (IntPtr)bufferLength);
}
if (IntPtr.Zero == tokenStruct) {
throw new OutOfMemoryException();
}
if (!UnsafeNativeMethods.GetTokenInformation(token, 1, tokenStruct, bufferLength, ref lengthNeeded)) {
if (lengthNeeded > bufferLength) {
bufferLength = lengthNeeded;
RuntimeHelpers.PrepareConstrainedRegions();
try { } finally {
// freeing token struct and setting tokenstruct to null must happen together
// allocating memory and assigning to tokenStruct must happen
SafeNativeMethods.LocalFree(tokenStruct);
tokenStruct = IntPtr.Zero; // protect against LocalAlloc throwing an exception
tokenStruct = SafeNativeMethods.LocalAlloc(DbBuffer.LMEM_FIXED, (IntPtr)bufferLength);
}
if (IntPtr.Zero == tokenStruct) {
throw new OutOfMemoryException();
}
if (!UnsafeNativeMethods.GetTokenInformation(token, 1, tokenStruct, bufferLength, ref lengthNeeded)) {
IntegratedSecurityError(Win32_GetTokenInformation_1);
}
}
else {
IntegratedSecurityError(Win32_GetTokenInformation_2);
}
}
identity.Dispose(); // Keep identity variable alive until after GetTokenInformation calls.
SID = Marshal.ReadIntPtr(tokenStruct, 0);
if (!UnsafeNativeMethods.ConvertSidToStringSidW(SID, out sidStringBuffer)) {
IntegratedSecurityError(Win32_ConvertSidToStringSidW);
}
if (IntPtr.Zero == sidStringBuffer) {
throw ADP.InternalError(ADP.InternalErrorCode.ConvertSidToStringSidWReturnedNull);
}
string sidString = Marshal.PtrToStringUni(sidStringBuffer);
current = new DbConnectionPoolIdentity(sidString, isRestricted, isNetwork);
}
finally {
// Marshal.FreeHGlobal does not have a ReliabilityContract
if (IntPtr.Zero != tokenStruct) {
SafeNativeMethods.LocalFree(tokenStruct);
tokenStruct = IntPtr.Zero;
}
if (IntPtr.Zero != sidStringBuffer) {
SafeNativeMethods.LocalFree(sidStringBuffer);
sidStringBuffer = IntPtr.Zero;
}
}
return current;
}
override public int GetHashCode() {
return (null != _sidString) ? _sidString.GetHashCode() : 0;
}
static private void IntegratedSecurityError(int caller) {
// passing 1,2,3,4,5 instead of true/false so that with a debugger
// we could determine more easily which Win32 method call failed
int lastError = Marshal.GetHRForLastWin32Error();
if ((Win32_CheckTokenMembership != caller) || (E_NotImpersonationToken != lastError)) {
Marshal.ThrowExceptionForHR(lastError); // will only throw if (hresult < 0)
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- coordinator.cs
- NativeMethods.cs
- EntityFrameworkVersions.cs
- SiteMapPath.cs
- MessageDroppedTraceRecord.cs
- BindingManagerDataErrorEventArgs.cs
- EventHandlerList.cs
- MouseGestureConverter.cs
- CommentEmitter.cs
- DeviceFilterDictionary.cs
- ProcessDesigner.cs
- CultureData.cs
- StorageInfo.cs
- SQLBoolean.cs
- XmlSiteMapProvider.cs
- AdapterDictionary.cs
- DPTypeDescriptorContext.cs
- SerializationTrace.cs
- DynamicUpdateCommand.cs
- RotateTransform3D.cs
- TransactionException.cs
- TrustManager.cs
- AuthenticationManager.cs
- RNGCryptoServiceProvider.cs
- ListBindingConverter.cs
- rsa.cs
- DataListCommandEventArgs.cs
- DbMetaDataCollectionNames.cs
- ServiceThrottlingElement.cs
- Rijndael.cs
- DbMetaDataCollectionNames.cs
- HttpCookieCollection.cs
- ItemCollection.cs
- AutomationPropertyInfo.cs
- DoubleLinkListEnumerator.cs
- PropertyCondition.cs
- AuthenticationConfig.cs
- DeflateEmulationStream.cs
- TheQuery.cs
- PathFigureCollectionConverter.cs
- SelectionEditor.cs
- NameSpaceExtractor.cs
- CachingParameterInspector.cs
- ObfuscationAttribute.cs
- CodeObject.cs
- GenericRootAutomationPeer.cs
- BinaryCommonClasses.cs
- LoadedEvent.cs
- ErrorWebPart.cs
- followingsibling.cs
- StickyNoteContentControl.cs
- UrlMappingsModule.cs
- DataGridColumnDropSeparator.cs
- HtmlEmptyTagControlBuilder.cs
- ListControlConvertEventArgs.cs
- LineMetrics.cs
- NativeBuffer.cs
- DetailsViewUpdatedEventArgs.cs
- Error.cs
- XDRSchema.cs
- TypeConverterHelper.cs
- PatternMatcher.cs
- EdmValidator.cs
- TreeNode.cs
- FocusTracker.cs
- InitializationEventAttribute.cs
- ScriptControlDescriptor.cs
- LayoutEditorPart.cs
- FormViewUpdatedEventArgs.cs
- BuildProviderAppliesToAttribute.cs
- SkinBuilder.cs
- WaitHandle.cs
- FolderBrowserDialog.cs
- PersonalizationProviderHelper.cs
- EntryPointNotFoundException.cs
- XmlReaderSettings.cs
- ImageCodecInfo.cs
- AsyncOperationManager.cs
- x509utils.cs
- ApplicationServicesHostFactory.cs
- TextTreeExtractElementUndoUnit.cs
- UserControl.cs
- BrushValueSerializer.cs
- ZipIOZip64EndOfCentralDirectoryLocatorBlock.cs
- ZipIOCentralDirectoryFileHeader.cs
- ControlParameter.cs
- AuthenticationService.cs
- RepeatEnumerable.cs
- StdRegProviderWrapper.cs
- ListViewAutomationPeer.cs
- HScrollBar.cs
- StringResourceManager.cs
- CredentialSelector.cs
- WebBrowserEvent.cs
- BamlMapTable.cs
- StatusBarItemAutomationPeer.cs
- CommentEmitter.cs
- MatrixUtil.cs
- PieceDirectory.cs
- RowToParametersTransformer.cs