You've already forked linux-packaging-mono
Imported Upstream version 4.3.2.467
Former-commit-id: 9c2cb47f45fa221e661ab616387c9cda183f283d
This commit is contained in:
Xamarin Public Jenkins
@@ -3,7 +3,7 @@
|
||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
//
|
||||
// ==--==
|
||||
// <OWNER>[....]</OWNER>
|
||||
// <OWNER>ShawnFa</OWNER>
|
||||
//
|
||||
|
||||
//
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
//
|
||||
// ==--==
|
||||
// <OWNER>[....]</OWNER>
|
||||
// <OWNER>ShawnFa</OWNER>
|
||||
//
|
||||
|
||||
//
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
//
|
||||
// ==--==
|
||||
// <OWNER>[....]</OWNER>
|
||||
// <OWNER>ShawnFa</OWNER>
|
||||
//
|
||||
|
||||
//
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
//
|
||||
// ==--==
|
||||
// <OWNER>[....]</OWNER>
|
||||
// <OWNER>ShawnFa</OWNER>
|
||||
//
|
||||
|
||||
namespace System.Security.Principal
|
||||
|
||||
@@ -3,12 +3,12 @@
|
||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
//
|
||||
// ==--==
|
||||
// <OWNER>[....]</OWNER>
|
||||
// <OWNER>ShawnFa</OWNER>
|
||||
//
|
||||
|
||||
namespace System.Security.Principal
|
||||
{
|
||||
#if !FEATURE_NETCORE
|
||||
#if !FEATURE_CORECLR
|
||||
[Serializable]
|
||||
[System.Runtime.InteropServices.ComVisible(true)]
|
||||
#endif
|
||||
@@ -19,4 +19,4 @@ namespace System.Security.Principal
|
||||
Impersonation = 3,
|
||||
Delegation = 4
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -436,12 +436,12 @@ namespace System.Security.Principal
|
||||
[System.Security.SecurityCritical] // auto-generated
|
||||
[ResourceExposure(ResourceScope.Process)]
|
||||
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity]
|
||||
internal static extern int ImpersonateLoggedOnUser (SafeTokenHandle hToken);
|
||||
internal static extern int ImpersonateLoggedOnUser (SafeAccessTokenHandle hToken);
|
||||
|
||||
[System.Security.SecurityCritical] // auto-generated
|
||||
[ResourceExposure(ResourceScope.Process)]
|
||||
[MethodImplAttribute(MethodImplOptions.InternalCall)]
|
||||
internal static extern int OpenThreadToken (TokenAccessLevels dwDesiredAccess, WinSecurityContext OpenAs, out SafeTokenHandle phThreadToken);
|
||||
internal static extern int OpenThreadToken (TokenAccessLevels dwDesiredAccess, WinSecurityContext OpenAs, out SafeAccessTokenHandle phThreadToken);
|
||||
|
||||
[System.Security.SecurityCritical] // auto-generated
|
||||
[ResourceExposure(ResourceScope.None)]
|
||||
@@ -451,7 +451,7 @@ namespace System.Security.Principal
|
||||
[System.Security.SecurityCritical] // auto-generated
|
||||
[ResourceExposure(ResourceScope.None)]
|
||||
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity]
|
||||
internal static extern int SetThreadToken(SafeTokenHandle hToken);
|
||||
internal static extern int SetThreadToken(SafeAccessTokenHandle hToken);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
@@ -67,13 +67,13 @@ namespace System.Security.Principal
|
||||
public class WindowsIdentity : IIdentity, ISerializable, IDeserializationCallback, IDisposable {
|
||||
#endif
|
||||
[System.Security.SecurityCritical] // auto-generated
|
||||
static SafeTokenHandle s_invalidTokenHandle = SafeTokenHandle.InvalidHandle;
|
||||
static SafeAccessTokenHandle s_invalidTokenHandle = SafeAccessTokenHandle.InvalidHandle;
|
||||
private string m_name = null;
|
||||
private SecurityIdentifier m_owner = null;
|
||||
private SecurityIdentifier m_user = null;
|
||||
private object m_groups = null;
|
||||
[System.Security.SecurityCritical] // auto-generated
|
||||
private SafeTokenHandle m_safeTokenHandle = SafeTokenHandle.InvalidHandle;
|
||||
private SafeAccessTokenHandle m_safeTokenHandle = SafeAccessTokenHandle.InvalidHandle;
|
||||
private string m_authType = null;
|
||||
private int m_isAuthenticated = -1;
|
||||
private volatile TokenImpersonationLevel m_impersonationLevel;
|
||||
@@ -125,7 +125,7 @@ namespace System.Security.Principal
|
||||
#endif
|
||||
|
||||
[System.Security.SecurityCritical] // auto-generated
|
||||
internal WindowsIdentity (SafeTokenHandle safeTokenHandle) : this (safeTokenHandle.DangerousGetHandle(), null, -1) {
|
||||
internal WindowsIdentity (SafeAccessTokenHandle safeTokenHandle) : this (safeTokenHandle.DangerousGetHandle(), null, -1) {
|
||||
GC.KeepAlive(safeTokenHandle);
|
||||
}
|
||||
|
||||
@@ -400,7 +400,7 @@ namespace System.Security.Principal
|
||||
return false;
|
||||
|
||||
// CheckTokenMembership expects an impersonation token
|
||||
SafeTokenHandle token = SafeTokenHandle.InvalidHandle;
|
||||
SafeAccessTokenHandle token = SafeAccessTokenHandle.InvalidHandle;
|
||||
TokenImpersonationLevel til = ImpersonationLevel;
|
||||
bool isMember = false;
|
||||
|
||||
@@ -423,7 +423,7 @@ namespace System.Security.Principal
|
||||
throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error()));
|
||||
}
|
||||
finally {
|
||||
if (token != SafeTokenHandle.InvalidHandle) {
|
||||
if (token != SafeAccessTokenHandle.InvalidHandle) {
|
||||
token.Dispose();
|
||||
}
|
||||
}
|
||||
@@ -608,6 +608,45 @@ namespace System.Security.Principal
|
||||
//
|
||||
// Public methods.
|
||||
//
|
||||
[SecuritySafeCritical]
|
||||
public static void RunImpersonated(SafeAccessTokenHandle safeAccessTokenHandle, Action action)
|
||||
{
|
||||
if (action == null)
|
||||
throw new ArgumentNullException("action");
|
||||
|
||||
StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
|
||||
|
||||
WindowsIdentity wi = null;
|
||||
if (!safeAccessTokenHandle.IsInvalid)
|
||||
wi = new WindowsIdentity(safeAccessTokenHandle);
|
||||
|
||||
using (WindowsImpersonationContext wiContext = SafeImpersonate(safeAccessTokenHandle, wi, ref stackMark))
|
||||
{
|
||||
action();
|
||||
}
|
||||
}
|
||||
|
||||
[SecuritySafeCritical]
|
||||
public static T RunImpersonated<T>(SafeAccessTokenHandle safeAccessTokenHandle, Func<T> func)
|
||||
{
|
||||
if (func == null)
|
||||
throw new ArgumentNullException("func");
|
||||
|
||||
StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
|
||||
|
||||
WindowsIdentity wi = null;
|
||||
if (!safeAccessTokenHandle.IsInvalid)
|
||||
wi = new WindowsIdentity(safeAccessTokenHandle);
|
||||
|
||||
T result = default(T);
|
||||
using (WindowsImpersonationContext wiContext = SafeImpersonate(safeAccessTokenHandle, wi, ref stackMark))
|
||||
{
|
||||
result = func();
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
[System.Security.SecuritySafeCritical] // auto-generated
|
||||
[DynamicSecurityMethodAttribute()]
|
||||
[ResourceExposure(ResourceScope.Process)] // Call from within a CER, or use a RunAsUser helper.
|
||||
@@ -658,17 +697,17 @@ namespace System.Security.Principal
|
||||
Dispose(true);
|
||||
}
|
||||
|
||||
//
|
||||
// internal.
|
||||
//
|
||||
|
||||
internal SafeTokenHandle TokenHandle {
|
||||
public SafeAccessTokenHandle AccessToken {
|
||||
[System.Security.SecurityCritical] // auto-generated
|
||||
get {
|
||||
return m_safeTokenHandle;
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// internal.
|
||||
//
|
||||
|
||||
[System.Security.SecurityCritical] // auto-generated
|
||||
[ResourceExposure(ResourceScope.None)]
|
||||
[ResourceConsumption(ResourceScope.Process, ResourceScope.Process)]
|
||||
@@ -680,15 +719,15 @@ namespace System.Security.Principal
|
||||
[System.Security.SecurityCritical] // auto-generated
|
||||
[ResourceExposure(ResourceScope.Process)]
|
||||
[ResourceConsumption(ResourceScope.Process)]
|
||||
internal static WindowsImpersonationContext SafeImpersonate (SafeTokenHandle userToken, WindowsIdentity wi, ref StackCrawlMark stackMark)
|
||||
internal static WindowsImpersonationContext SafeImpersonate (SafeAccessTokenHandle userToken, WindowsIdentity wi, ref StackCrawlMark stackMark)
|
||||
{
|
||||
bool isImpersonating;
|
||||
int hr = 0;
|
||||
SafeTokenHandle safeTokenHandle = GetCurrentToken(TokenAccessLevels.MaximumAllowed, false, out isImpersonating, out hr);
|
||||
SafeAccessTokenHandle safeTokenHandle = GetCurrentToken(TokenAccessLevels.MaximumAllowed, false, out isImpersonating, out hr);
|
||||
if (safeTokenHandle == null || safeTokenHandle.IsInvalid)
|
||||
throw new SecurityException(Win32Native.GetMessage(hr));
|
||||
|
||||
// Set the SafeTokenHandle on the FSD:
|
||||
// Set the SafeAccessTokenHandle on the FSD:
|
||||
FrameSecurityDescriptor secObj = SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);
|
||||
if (secObj == null)
|
||||
{
|
||||
@@ -705,7 +744,7 @@ namespace System.Security.Principal
|
||||
Environment.FailFast(Win32Native.GetMessage(hr));
|
||||
// update identity on the thread
|
||||
UpdateThreadWI(wi);
|
||||
secObj.SetTokenHandles(safeTokenHandle, (wi == null?null:wi.TokenHandle));
|
||||
secObj.SetTokenHandles(safeTokenHandle, (wi == null?null:wi.AccessToken));
|
||||
} else {
|
||||
hr = Win32.RevertToSelf();
|
||||
if (hr < 0)
|
||||
@@ -716,7 +755,7 @@ namespace System.Security.Principal
|
||||
throw new SecurityException(Environment.GetResourceString("Argument_ImpersonateUser"));
|
||||
}
|
||||
UpdateThreadWI(wi);
|
||||
secObj.SetTokenHandles(safeTokenHandle, (wi == null?null:wi.TokenHandle));
|
||||
secObj.SetTokenHandles(safeTokenHandle, (wi == null?null:wi.AccessToken));
|
||||
}
|
||||
|
||||
return context;
|
||||
@@ -758,7 +797,7 @@ namespace System.Security.Principal
|
||||
internal static WindowsIdentity GetCurrentInternal (TokenAccessLevels desiredAccess, bool threadOnly) {
|
||||
int hr = 0;
|
||||
bool isImpersonating;
|
||||
SafeTokenHandle safeTokenHandle = GetCurrentToken(desiredAccess, threadOnly, out isImpersonating, out hr);
|
||||
SafeAccessTokenHandle safeTokenHandle = GetCurrentToken(desiredAccess, threadOnly, out isImpersonating, out hr);
|
||||
if (safeTokenHandle == null || safeTokenHandle.IsInvalid) {
|
||||
// either we wanted only ThreadToken - return null
|
||||
if (threadOnly && !isImpersonating)
|
||||
@@ -803,9 +842,9 @@ namespace System.Security.Principal
|
||||
[System.Security.SecurityCritical] // auto-generated
|
||||
[ResourceExposure(ResourceScope.Process)]
|
||||
[ResourceConsumption(ResourceScope.Process)]
|
||||
private static SafeTokenHandle GetCurrentToken(TokenAccessLevels desiredAccess, bool threadOnly, out bool isImpersonating, out int hr) {
|
||||
private static SafeAccessTokenHandle GetCurrentToken(TokenAccessLevels desiredAccess, bool threadOnly, out bool isImpersonating, out int hr) {
|
||||
isImpersonating = true;
|
||||
SafeTokenHandle safeTokenHandle = GetCurrentThreadToken(desiredAccess, out hr);
|
||||
SafeAccessTokenHandle safeTokenHandle = GetCurrentThreadToken(desiredAccess, out hr);
|
||||
if (safeTokenHandle == null && hr == GetHRForWin32Error(Win32Native.ERROR_NO_TOKEN)) {
|
||||
// No impersonation
|
||||
isImpersonating = false;
|
||||
@@ -818,9 +857,9 @@ namespace System.Security.Principal
|
||||
[System.Security.SecurityCritical] // auto-generated
|
||||
[ResourceExposure(ResourceScope.Process)]
|
||||
[ResourceConsumption(ResourceScope.Process)]
|
||||
private static SafeTokenHandle GetCurrentProcessToken (TokenAccessLevels desiredAccess, out int hr) {
|
||||
private static SafeAccessTokenHandle GetCurrentProcessToken (TokenAccessLevels desiredAccess, out int hr) {
|
||||
hr = 0;
|
||||
SafeTokenHandle safeTokenHandle;
|
||||
SafeAccessTokenHandle safeTokenHandle;
|
||||
if (!Win32Native.OpenProcessToken(Win32Native.GetCurrentProcess(), desiredAccess, out safeTokenHandle))
|
||||
hr = GetHRForWin32Error(Marshal.GetLastWin32Error());
|
||||
return safeTokenHandle;
|
||||
@@ -829,8 +868,8 @@ namespace System.Security.Principal
|
||||
[System.Security.SecurityCritical] // auto-generated
|
||||
[ResourceExposure(ResourceScope.Process)]
|
||||
[ResourceConsumption(ResourceScope.Process)]
|
||||
internal static SafeTokenHandle GetCurrentThreadToken(TokenAccessLevels desiredAccess, out int hr) {
|
||||
SafeTokenHandle safeTokenHandle;
|
||||
internal static SafeAccessTokenHandle GetCurrentThreadToken(TokenAccessLevels desiredAccess, out int hr) {
|
||||
SafeAccessTokenHandle safeTokenHandle;
|
||||
hr = Win32.OpenThreadToken(desiredAccess, WinSecurityContext.Both, out safeTokenHandle);
|
||||
return safeTokenHandle;
|
||||
}
|
||||
@@ -860,7 +899,7 @@ namespace System.Security.Principal
|
||||
[ResourceExposure(ResourceScope.Process)]
|
||||
[ResourceConsumption(ResourceScope.Process)]
|
||||
internal static ImpersonationQueryResult QueryImpersonation() {
|
||||
SafeTokenHandle safeTokenHandle = null;
|
||||
SafeAccessTokenHandle safeTokenHandle = null;
|
||||
int hr = Win32.OpenThreadToken(TokenAccessLevels.Query, WinSecurityContext.Thread, out safeTokenHandle);
|
||||
|
||||
if (safeTokenHandle != null) {
|
||||
@@ -884,7 +923,7 @@ namespace System.Security.Principal
|
||||
}
|
||||
|
||||
[System.Security.SecurityCritical] // auto-generated
|
||||
private static Win32Native.LUID GetLogonAuthId (SafeTokenHandle safeTokenHandle) {
|
||||
private static Win32Native.LUID GetLogonAuthId (SafeAccessTokenHandle safeTokenHandle) {
|
||||
using (SafeLocalAllocHandle pStatistics = GetTokenInformation(safeTokenHandle, TokenInformationClass.TokenStatistics)) {
|
||||
Win32Native.TOKEN_STATISTICS statistics = pStatistics.Read<Win32Native.TOKEN_STATISTICS>(0);
|
||||
return statistics.AuthenticationId;
|
||||
@@ -892,7 +931,7 @@ namespace System.Security.Principal
|
||||
}
|
||||
|
||||
[System.Security.SecurityCritical]
|
||||
private static SafeLocalAllocHandle GetTokenInformation (SafeTokenHandle tokenHandle, TokenInformationClass tokenInformationClass) {
|
||||
private static SafeLocalAllocHandle GetTokenInformation (SafeAccessTokenHandle tokenHandle, TokenInformationClass tokenInformationClass) {
|
||||
SafeLocalAllocHandle safeLocalAllocHandle = SafeLocalAllocHandle.InvalidHandle;
|
||||
uint dwLength = (uint) Marshal.SizeOf(typeof(uint));
|
||||
bool result = Win32Native.GetTokenInformation(tokenHandle,
|
||||
@@ -933,7 +972,7 @@ namespace System.Security.Principal
|
||||
#if FEATURE_CORRUPTING_EXCEPTIONS
|
||||
[HandleProcessCorruptedStateExceptions] //
|
||||
#endif // FEATURE_CORRUPTING_EXCEPTIONS
|
||||
private unsafe static SafeTokenHandle KerbS4ULogon (string upn, ref SafeTokenHandle safeTokenHandle)
|
||||
private unsafe static SafeAccessTokenHandle KerbS4ULogon (string upn, ref SafeAccessTokenHandle safeTokenHandle)
|
||||
{
|
||||
// source name
|
||||
byte[] sourceName = new byte[] { (byte)'C', (byte)'L', (byte)'R' }; // we set the source name to "CLR".
|
||||
@@ -1119,7 +1158,7 @@ namespace System.Security.Principal
|
||||
RuntimeHelpers.PrepareConstrainedRegions();
|
||||
try
|
||||
{
|
||||
if (!identity.m_safeTokenHandle.IsInvalid && identity.m_safeTokenHandle != SafeTokenHandle.InvalidHandle && identity.m_safeTokenHandle.DangerousGetHandle() != IntPtr.Zero)
|
||||
if (!identity.m_safeTokenHandle.IsInvalid && identity.m_safeTokenHandle != SafeAccessTokenHandle.InvalidHandle && identity.m_safeTokenHandle.DangerousGetHandle() != IntPtr.Zero)
|
||||
{
|
||||
identity.m_safeTokenHandle.DangerousAddRef(ref mustDecrement);
|
||||
|
||||
|
||||
@@ -28,7 +28,7 @@ namespace System.Security.Principal
|
||||
[System.Runtime.InteropServices.ComVisible(true)]
|
||||
public class WindowsImpersonationContext : IDisposable {
|
||||
[System.Security.SecurityCritical] // auto-generated
|
||||
private SafeTokenHandle m_safeTokenHandle = SafeTokenHandle.InvalidHandle;
|
||||
private SafeAccessTokenHandle m_safeTokenHandle = SafeAccessTokenHandle.InvalidHandle;
|
||||
private WindowsIdentity m_wi;
|
||||
private FrameSecurityDescriptor m_fsd;
|
||||
|
||||
@@ -38,7 +38,7 @@ namespace System.Security.Principal
|
||||
[System.Security.SecurityCritical] // auto-generated
|
||||
[ResourceExposure(ResourceScope.None)]
|
||||
[ResourceConsumption(ResourceScope.Machine, ResourceScope.Machine)]
|
||||
internal WindowsImpersonationContext (SafeTokenHandle safeTokenHandle, WindowsIdentity wi, bool isImpersonating, FrameSecurityDescriptor fsd) {
|
||||
internal WindowsImpersonationContext (SafeAccessTokenHandle safeTokenHandle, WindowsIdentity wi, bool isImpersonating, FrameSecurityDescriptor fsd) {
|
||||
if (safeTokenHandle.IsInvalid)
|
||||
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidImpersonationToken"));
|
||||
Contract.EndContractBlock();
|
||||
|
||||
@@ -232,13 +232,13 @@ namespace System.Security.Principal
|
||||
Contract.EndContractBlock();
|
||||
|
||||
// special case the anonymous identity.
|
||||
if (m_identity.TokenHandle.IsInvalid)
|
||||
if (m_identity.AccessToken.IsInvalid)
|
||||
return false;
|
||||
|
||||
// CheckTokenMembership expects an impersonation token
|
||||
SafeTokenHandle token = SafeTokenHandle.InvalidHandle;
|
||||
SafeAccessTokenHandle token = SafeAccessTokenHandle.InvalidHandle;
|
||||
if (m_identity.ImpersonationLevel == TokenImpersonationLevel.None) {
|
||||
if (!Win32Native.DuplicateTokenEx(m_identity.TokenHandle,
|
||||
if (!Win32Native.DuplicateTokenEx(m_identity.AccessToken,
|
||||
(uint) TokenAccessLevels.Query,
|
||||
IntPtr.Zero,
|
||||
(uint) TokenImpersonationLevel.Identification,
|
||||
@@ -249,7 +249,7 @@ namespace System.Security.Principal
|
||||
|
||||
bool isMember = false;
|
||||
// CheckTokenMembership will check if the SID is both present and enabled in the access token.
|
||||
if (!Win32Native.CheckTokenMembership((m_identity.ImpersonationLevel != TokenImpersonationLevel.None ? m_identity.TokenHandle : token),
|
||||
if (!Win32Native.CheckTokenMembership((m_identity.ImpersonationLevel != TokenImpersonationLevel.None ? m_identity.AccessToken : token),
|
||||
sid.BinaryForm,
|
||||
ref isMember))
|
||||
throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error()));
|
||||
|
||||
Reference in New Issue
Block a user