You've already forked linux-packaging-mono
							
							
		
			
	
	
		
			220 lines
		
	
	
		
			8.3 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
		
		
			
		
	
	
			220 lines
		
	
	
		
			8.3 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
|   | //---------------------------------------------------------- | ||
|  | // Copyright (c) Microsoft Corporation.  All rights reserved. | ||
|  | //------------------------------------------------------------ | ||
|  | 
 | ||
|  | namespace System.ServiceModel | ||
|  | { | ||
|  |     using System; | ||
|  |     using System.ComponentModel; | ||
|  |     using System.Diagnostics; | ||
|  |     using System.IdentityModel.Claims; | ||
|  |     using System.Runtime; | ||
|  |     using System.Runtime.InteropServices; | ||
|  |     using System.Security.Principal; | ||
|  |     using System.ServiceModel.ComIntegration; | ||
|  |     using System.ServiceModel.Diagnostics; | ||
|  |     using System.Text; | ||
|  |     using System.Xml; | ||
|  | 
 | ||
|  |     public class UpnEndpointIdentity : EndpointIdentity | ||
|  |     { | ||
|  |         SecurityIdentifier upnSid; | ||
|  |         bool hasUpnSidBeenComputed; | ||
|  |         WindowsIdentity windowsIdentity; | ||
|  | 
 | ||
|  |         Object thisLock = new Object(); | ||
|  | 
 | ||
|  |         public UpnEndpointIdentity(string upnName) | ||
|  |         { | ||
|  |             if (upnName == null) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("upnName"); | ||
|  | 
 | ||
|  |             base.Initialize(Claim.CreateUpnClaim(upnName)); | ||
|  |             this.hasUpnSidBeenComputed = false; | ||
|  |         } | ||
|  | 
 | ||
|  |         public UpnEndpointIdentity(Claim identity) | ||
|  |         { | ||
|  |             if (identity == null) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("identity"); | ||
|  | 
 | ||
|  |             // PreSharp Bug: Parameter 'identity.ResourceType' to this public method must be validated: A null-dereference can occur here. | ||
|  | #pragma warning suppress 56506 // Claim.ResourceType will never return null | ||
|  |             if (!identity.ClaimType.Equals(ClaimTypes.Upn)) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.UnrecognizedClaimTypeForIdentity, identity.ClaimType, ClaimTypes.Upn)); | ||
|  | 
 | ||
|  |             base.Initialize(identity); | ||
|  |         } | ||
|  | 
 | ||
|  |         internal UpnEndpointIdentity(WindowsIdentity windowsIdentity) | ||
|  |         { | ||
|  |             if (windowsIdentity == null) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("windowsIdentity"); | ||
|  | 
 | ||
|  |             this.windowsIdentity = windowsIdentity; | ||
|  |             this.upnSid = windowsIdentity.User; | ||
|  |             this.hasUpnSidBeenComputed = true; | ||
|  |         } | ||
|  | 
 | ||
|  |         internal override void EnsureIdentityClaim() | ||
|  |         { | ||
|  |             if (this.windowsIdentity != null) | ||
|  |             { | ||
|  |                 lock (thisLock) | ||
|  |                 { | ||
|  |                     if (this.windowsIdentity != null) | ||
|  |                     { | ||
|  |                         base.Initialize(Claim.CreateUpnClaim(GetUpnFromWindowsIdentity(this.windowsIdentity))); | ||
|  |                         this.windowsIdentity.Dispose(); | ||
|  |                         this.windowsIdentity = null; | ||
|  |                     } | ||
|  |                 } | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         string GetUpnFromWindowsIdentity(WindowsIdentity windowsIdentity) | ||
|  |         { | ||
|  |             string downlevelName = null; | ||
|  |             string upnName = null; | ||
|  | 
 | ||
|  |             try | ||
|  |             { | ||
|  |                 downlevelName = windowsIdentity.Name; | ||
|  | 
 | ||
|  |                 if (this.IsMachineJoinedToDomain()) | ||
|  |                 { | ||
|  |                     upnName = GetUpnFromDownlevelName(downlevelName); | ||
|  |                 } | ||
|  |             } | ||
|  | #pragma warning suppress 56500 // covered by FxCOP | ||
|  |             catch (Exception e) | ||
|  |             { | ||
|  |                 if (Fx.IsFatal(e)) | ||
|  |                 { | ||
|  |                     throw; | ||
|  |                 } | ||
|  | 
 | ||
|  |                 DiagnosticUtility.TraceHandledException(e, TraceEventType.Warning); | ||
|  |             } | ||
|  | 
 | ||
|  |             // if the AD cannot be queried for the fully qualified domain name, | ||
|  |             // fall back to the downlevel UPN name | ||
|  |             return upnName ?? downlevelName; | ||
|  |         } | ||
|  | 
 | ||
|  |         bool IsMachineJoinedToDomain() | ||
|  |         { | ||
|  |             IntPtr pDomainControllerInfo = IntPtr.Zero; | ||
|  | 
 | ||
|  |             try | ||
|  |             { | ||
|  |                 int result = SafeNativeMethods.DsGetDcName(null, null, IntPtr.Zero, null, (uint)DSFlags.DS_DIRECTORY_SERVICE_REQUIRED, out pDomainControllerInfo); | ||
|  | 
 | ||
|  |                 return result != (int)Win32Error.ERROR_NO_SUCH_DOMAIN; | ||
|  |             } | ||
|  |             finally | ||
|  |             { | ||
|  |                 if (pDomainControllerInfo != IntPtr.Zero) | ||
|  |                 { | ||
|  |                     SafeNativeMethods.NetApiBufferFree(pDomainControllerInfo); | ||
|  |                 } | ||
|  |             } | ||
|  |         } | ||
|  | 
 | ||
|  |         // Duplicate code from SecurityImpersonationBehavior | ||
|  |         string GetUpnFromDownlevelName(string downlevelName) | ||
|  |         { | ||
|  |             if (downlevelName == null) | ||
|  |             { | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("downlevelName"); | ||
|  |             } | ||
|  |             int delimiterPos = downlevelName.IndexOf('\\'); | ||
|  |             if ((delimiterPos < 0) || (delimiterPos == 0) || (delimiterPos == downlevelName.Length - 1)) | ||
|  |             { | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new InvalidOperationException(SR.GetString(SR.DownlevelNameCannotMapToUpn, downlevelName))); | ||
|  |             } | ||
|  | 
 | ||
|  |             string shortDomainName = downlevelName.Substring(0, delimiterPos + 1); | ||
|  |             string userName = downlevelName.Substring(delimiterPos + 1); | ||
|  |             string fullDomainName; | ||
|  | 
 | ||
|  |             uint capacity = 50; | ||
|  |             StringBuilder fullyQualifiedDomainName = new StringBuilder((int)capacity); | ||
|  |             if (!SafeNativeMethods.TranslateName(shortDomainName, EXTENDED_NAME_FORMAT.NameSamCompatible, EXTENDED_NAME_FORMAT.NameCanonical, | ||
|  |                 fullyQualifiedDomainName, out capacity)) | ||
|  |             { | ||
|  |                 int errorCode = Marshal.GetLastWin32Error(); | ||
|  |                 if (errorCode == (int)Win32Error.ERROR_INSUFFICIENT_BUFFER) | ||
|  |                 { | ||
|  |                     fullyQualifiedDomainName = new StringBuilder((int)capacity); | ||
|  |                     if (!SafeNativeMethods.TranslateName(shortDomainName, EXTENDED_NAME_FORMAT.NameSamCompatible, EXTENDED_NAME_FORMAT.NameCanonical, | ||
|  |                         fullyQualifiedDomainName, out capacity)) | ||
|  |                     { | ||
|  |                         errorCode = Marshal.GetLastWin32Error(); | ||
|  |                         throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new Win32Exception(errorCode)); | ||
|  |                     } | ||
|  |                 } | ||
|  |                 else | ||
|  |                 { | ||
|  |                     throw DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new Win32Exception(errorCode)); | ||
|  |                 } | ||
|  |             } | ||
|  |             // trim the trailing / from fqdn | ||
|  |             fullyQualifiedDomainName = fullyQualifiedDomainName.Remove(fullyQualifiedDomainName.Length - 1, 1); | ||
|  |             fullDomainName = fullyQualifiedDomainName.ToString(); | ||
|  | 
 | ||
|  |             return userName + "@" + fullDomainName; | ||
|  |         } | ||
|  | 
 | ||
|  |         internal override void WriteContentsTo(XmlDictionaryWriter writer) | ||
|  |         { | ||
|  |             if (writer == null) | ||
|  |                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer"); | ||
|  | 
 | ||
|  |             writer.WriteElementString(XD.AddressingDictionary.Upn, XD.AddressingDictionary.IdentityExtensionNamespace, (string)this.IdentityClaim.Resource); | ||
|  |         } | ||
|  | 
 | ||
|  |         internal SecurityIdentifier GetUpnSid() | ||
|  |         { | ||
|  |             Fx.Assert(ClaimTypes.Upn.Equals(this.IdentityClaim.ClaimType), ""); | ||
|  |             if (!hasUpnSidBeenComputed) | ||
|  |             { | ||
|  |                 lock (thisLock) | ||
|  |                 { | ||
|  |                     string upn = (string)this.IdentityClaim.Resource; | ||
|  |                     if (!hasUpnSidBeenComputed) | ||
|  |                     { | ||
|  |                         try | ||
|  |                         { | ||
|  |                             NTAccount userAccount = new NTAccount(upn); | ||
|  |                             this.upnSid = userAccount.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier; | ||
|  |                         } | ||
|  | #pragma warning suppress 56500 // covered by FxCOP | ||
|  |                         catch (Exception e) | ||
|  |                         { | ||
|  |                             // Always immediately rethrow fatal exceptions. | ||
|  |                             if (Fx.IsFatal(e)) | ||
|  |                             { | ||
|  |                                 throw; | ||
|  |                             } | ||
|  | 
 | ||
|  |                             if (e is NullReferenceException) | ||
|  |                             { | ||
|  |                                 throw; | ||
|  |                             } | ||
|  | 
 | ||
|  |                             SecurityTraceRecordHelper.TraceSpnToSidMappingFailure(upn, e); | ||
|  |                         } | ||
|  |                         finally | ||
|  |                         { | ||
|  |                             hasUpnSidBeenComputed = true; | ||
|  |                         } | ||
|  |                     } | ||
|  |                 } | ||
|  |             } | ||
|  |             return this.upnSid; | ||
|  |         } | ||
|  |     } | ||
|  | 
 | ||
|  | } |