Code:
/ WCF / WCF / 3.5.30729.1 / untmp / Orcas / SP / ndp / cdf / src / WCF / IdentityModel / System / IdentityModel / Privilege.cs / 1 / Privilege.cs
//------------------------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //----------------------------------------------------------------------------- namespace System.IdentityModel { using System.Collections.Generic; using System.ComponentModel; using System.Runtime.CompilerServices; using System.Runtime.ConstrainedExecution; using System.Runtime.InteropServices; using System.Security.AccessControl; using System.Security.Principal; using System.ServiceModel.Diagnostics; class Privilege { static Dictionaryluids = new Dictionary (); public const string SeAuditPrivilege = "SeAuditPrivilege"; public const string SeTcbPrivilege = "SeTcbPrivilege"; const uint SE_PRIVILEGE_DISABLED = 0x00000000; const uint SE_PRIVILEGE_ENABLED_BY_DEFAULT = 0x00000001; const uint SE_PRIVILEGE_ENABLED = 0x00000002; const uint SE_PRIVILEGE_USED_FOR_ACCESS = 0x80000000; const int ERROR_SUCCESS = 0x0; const int ERROR_NO_TOKEN = 0x3F0; const int ERROR_NOT_ALL_ASSIGNED = 0x514; string privilege; LUID luid; bool needToRevert = false; bool initialEnabled = false; bool isImpersonating = false; SafeCloseHandle threadToken = null; public Privilege(string privilege) { this.privilege = privilege; this.luid = LuidFromPrivilege(privilege); } public void Enable() { // Note: AdjustTokenPrivileges should not try to adjust if the token is // Primary token (process). Duplicate the process token (impersonation) and // then set token to current thread and unsetting (RevertToSelf) later. DiagnosticUtility.DebugAssert(this.threadToken == null, ""); this.threadToken = GetThreadToken(); EnableTokenPrivilege(this.threadToken); } // Have to run in CER [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] public int Revert() { if (!this.isImpersonating) { if (this.needToRevert && !this.initialEnabled) { TOKEN_PRIVILEGE newState; newState.PrivilegeCount = 1; newState.Privilege.Luid = this.luid; newState.Privilege.Attributes = SE_PRIVILEGE_DISABLED; TOKEN_PRIVILEGE previousState; uint previousSize = 0; if (!NativeMethods.AdjustTokenPrivileges( this.threadToken, false, ref newState, TOKEN_PRIVILEGE.Size, out previousState, out previousSize)) { return Marshal.GetLastWin32Error(); } } this.needToRevert = false; } else { if (!NativeMethods.RevertToSelf()) { return Marshal.GetLastWin32Error(); } this.isImpersonating = false; } if (this.threadToken != null) { this.threadToken.Close(); this.threadToken = null; } return ERROR_SUCCESS; } SafeCloseHandle GetThreadToken() { // // Open the thread token; if there is no thread token, get one from // the process token by impersonating self. // SafeCloseHandle threadToken; if (!NativeMethods.OpenThreadToken( NativeMethods.GetCurrentThread(), TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, true, out threadToken)) { int error = Marshal.GetLastWin32Error(); Utility.CloseInvalidOutSafeHandle(threadToken); if (error != ERROR_NO_TOKEN) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } else { SafeCloseHandle processToken; if (!NativeMethods.OpenProcessToken( NativeMethods.GetCurrentProcess(), TokenAccessLevels.Duplicate, out processToken)) { error = Marshal.GetLastWin32Error(); Utility.CloseInvalidOutSafeHandle(processToken); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } try { if (!NativeMethods.DuplicateTokenEx( processToken, TokenAccessLevels.Impersonate | TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, IntPtr.Zero, SECURITY_IMPERSONATION_LEVEL.Impersonation, TokenType.TokenImpersonation, out threadToken)) { error = Marshal.GetLastWin32Error(); Utility.CloseInvalidOutSafeHandle(threadToken); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } SetThreadToken(threadToken); } finally { processToken.Close(); } } } return threadToken; } void EnableTokenPrivilege(SafeCloseHandle threadToken) { DiagnosticUtility.DebugAssert(!this.needToRevert, ""); TOKEN_PRIVILEGE newState; newState.PrivilegeCount = 1; newState.Privilege.Luid = this.luid; newState.Privilege.Attributes = SE_PRIVILEGE_ENABLED; TOKEN_PRIVILEGE previousState; uint previousSize = 0; bool success = false; int error = 0; // CER RuntimeHelpers.PrepareConstrainedRegions(); try { } finally { success = NativeMethods.AdjustTokenPrivileges( threadToken, false, ref newState, TOKEN_PRIVILEGE.Size, out previousState, out previousSize); error = Marshal.GetLastWin32Error(); if (success && error == ERROR_SUCCESS) { this.initialEnabled = (0 != (previousState.Privilege.Attributes & SE_PRIVILEGE_ENABLED)); this.needToRevert = true; } } if (error == ERROR_NOT_ALL_ASSIGNED) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new PrivilegeNotHeldException(this.privilege)); } else if (!success) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } } void SetThreadToken(SafeCloseHandle threadToken) { DiagnosticUtility.DebugAssert(!this.isImpersonating, ""); int error = 0; // CER RuntimeHelpers.PrepareConstrainedRegions(); try { } finally { if (!NativeMethods.SetThreadToken(IntPtr.Zero, threadToken)) { error = Marshal.GetLastWin32Error(); } else { this.isImpersonating = true; } } if (!this.isImpersonating) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } } static LUID LuidFromPrivilege(string privilege) { LUID luid; lock (luids) { if (luids.TryGetValue(privilege, out luid)) { return luid; } } if (!NativeMethods.LookupPrivilegeValueW(null, privilege, out luid)) { int error = Marshal.GetLastWin32Error(); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } lock (luids) { if (!luids.ContainsKey(privilege)) { luids[privilege] = luid; } } return luid; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- TextSelection.cs
- AssociationSetEnd.cs
- Run.cs
- MetadataFile.cs
- QilScopedVisitor.cs
- SafeMarshalContext.cs
- XmlUtil.cs
- EntitySqlQueryCacheEntry.cs
- VerticalAlignConverter.cs
- BrushMappingModeValidation.cs
- FixedSOMSemanticBox.cs
- NodeLabelEditEvent.cs
- FileSystemEnumerable.cs
- Menu.cs
- WebPartDeleteVerb.cs
- CodeTypeDeclarationCollection.cs
- CommonDialog.cs
- OdbcConnection.cs
- TextSerializer.cs
- AuthenticatingEventArgs.cs
- ZoneIdentityPermission.cs
- ParentControlDesigner.cs
- ToolStrip.cs
- MethodSignatureGenerator.cs
- SqlStatistics.cs
- DataGridCommandEventArgs.cs
- UITypeEditor.cs
- EdmConstants.cs
- x509utils.cs
- SecurityDocument.cs
- CharacterHit.cs
- ObjectAssociationEndMapping.cs
- HtmlDocument.cs
- storepermission.cs
- StylusButton.cs
- OrthographicCamera.cs
- Activity.cs
- SessionSwitchEventArgs.cs
- HtmlEncodedRawTextWriter.cs
- X509Certificate.cs
- Padding.cs
- XmlAnyElementAttribute.cs
- StrokeSerializer.cs
- MetadataCache.cs
- HttpBrowserCapabilitiesWrapper.cs
- XmlSerializationReader.cs
- TypeGeneratedEventArgs.cs
- FormViewUpdateEventArgs.cs
- RoutedPropertyChangedEventArgs.cs
- FillErrorEventArgs.cs
- DateTimeFormatInfoScanner.cs
- AlternateViewCollection.cs
- ListViewTableRow.cs
- MulticastOption.cs
- TreeBuilderXamlTranslator.cs
- IPEndPointCollection.cs
- GeneralTransformCollection.cs
- ResourceDisplayNameAttribute.cs
- Accessible.cs
- DodSequenceMerge.cs
- Keyboard.cs
- SortKey.cs
- PreApplicationStartMethodAttribute.cs
- BaseCodePageEncoding.cs
- ObfuscationAttribute.cs
- DbProviderFactory.cs
- SendKeys.cs
- NegationPusher.cs
- OrderByLifter.cs
- GlyphTypeface.cs
- ErrorBehavior.cs
- AccessViolationException.cs
- ClipboardData.cs
- DataGridPagerStyle.cs
- TemplateEditingFrame.cs
- SingleObjectCollection.cs
- QilGenerator.cs
- TableChangeProcessor.cs
- ResourceExpression.cs
- WCFModelStrings.Designer.cs
- SqlVisitor.cs
- CopyNamespacesAction.cs
- ProcessThreadDesigner.cs
- ValueUnavailableException.cs
- Token.cs
- _RequestLifetimeSetter.cs
- WindowsToolbarItemAsMenuItem.cs
- DbMetaDataCollectionNames.cs
- PcmConverter.cs
- GreenMethods.cs
- Relationship.cs
- DrawingContextDrawingContextWalker.cs
- AnyAllSearchOperator.cs
- DataGridSortCommandEventArgs.cs
- EventLogPermissionAttribute.cs
- RepeatButton.cs
- MemberProjectedSlot.cs
- DataRow.cs
- ThreadExceptionEvent.cs
- RegionInfo.cs