summaryrefslogtreecommitdiff
path: root/src/mscorlib/src/System/Security/SecurityContext.cs
diff options
context:
space:
mode:
Diffstat (limited to 'src/mscorlib/src/System/Security/SecurityContext.cs')
-rw-r--r--src/mscorlib/src/System/Security/SecurityContext.cs238
1 files changed, 11 insertions, 227 deletions
diff --git a/src/mscorlib/src/System/Security/SecurityContext.cs b/src/mscorlib/src/System/Security/SecurityContext.cs
index e422a312df..674c04196f 100644
--- a/src/mscorlib/src/System/Security/SecurityContext.cs
+++ b/src/mscorlib/src/System/Security/SecurityContext.cs
@@ -12,14 +12,11 @@
**
===========================================================*/
namespace System.Security
-{
+{
using Microsoft.Win32;
using Microsoft.Win32.SafeHandles;
using System.Threading;
using System.Runtime.Remoting;
-#if FEATURE_IMPERSONATION
- using System.Security.Principal;
-#endif
using System.Collections;
using System.Runtime.Serialization;
using System.Security.Permissions;
@@ -30,6 +27,7 @@ namespace System.Security
#endif // FEATURE_CORRUPTING_EXCEPTIONS
using System.Runtime.ConstrainedExecution;
using System.Runtime.Versioning;
+ using System.Diagnostics;
using System.Diagnostics.Contracts;
// This enum must be kept in sync with the SecurityContextSource enum in the VM
@@ -46,15 +44,6 @@ namespace System.Security
All = 0x3FFF
}
-#if FEATURE_IMPERSONATION
- internal enum WindowsImpersonationFlowMode {
- IMP_FASTFLOW = 0,
- IMP_NOFLOW = 1,
- IMP_ALWAYSFLOW = 2,
- IMP_DEFAULT = IMP_FASTFLOW
- }
-#endif
-
#if FEATURE_COMPRESSEDSTACK
internal struct SecurityContextSwitcher: IDisposable
{
@@ -62,17 +51,12 @@ namespace System.Security
internal SecurityContext currSC; //current SC - SetSecurityContext that created the switcher set this on the Thread
internal ExecutionContext currEC; // current ExecutionContext on Thread
internal CompressedStackSwitcher cssw;
-#if FEATURE_IMPERSONATION
- internal WindowsImpersonationContext wic;
-#endif
- [System.Security.SecuritySafeCritical] // overrides public transparent member
public void Dispose()
{
Undo();
}
- [System.Security.SecurityCritical] // auto-generated
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
#if FEATURE_CORRUPTING_EXCEPTIONS
[HandleProcessCorruptedStateExceptions]
@@ -90,7 +74,6 @@ namespace System.Security
return true;
}
- [System.Security.SecurityCritical] // auto-generated
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
#if FEATURE_CORRUPTING_EXCEPTIONS
[HandleProcessCorruptedStateExceptions]
@@ -104,8 +87,8 @@ namespace System.Security
if (currEC != null)
{
- Contract.Assert(currEC == Thread.CurrentThread.GetMutableExecutionContext(), "SecurityContextSwitcher used from another thread");
- Contract.Assert(currSC == currEC.SecurityContext, "SecurityContextSwitcher context mismatch");
+ Debug.Assert(currEC == Thread.CurrentThread.GetMutableExecutionContext(), "SecurityContextSwitcher used from another thread");
+ Debug.Assert(currSC == currEC.SecurityContext, "SecurityContextSwitcher context mismatch");
// restore the saved security context
currEC.SecurityContext = prevSC.DangerousGetRawSecurityContext();
@@ -113,26 +96,13 @@ namespace System.Security
else
{
// caller must have already restored the ExecutionContext
- Contract.Assert(Thread.CurrentThread.GetExecutionContextReader().SecurityContext.IsSame(prevSC));
+ Debug.Assert(Thread.CurrentThread.GetExecutionContextReader().SecurityContext.IsSame(prevSC));
}
currSC = null; // this will prevent the switcher object being used again
bool bNoException = true;
-#if FEATURE_IMPERSONATION
- try
- {
- if (wic != null)
- bNoException &= wic.UndoNoThrow();
- }
- catch
- {
- // Failfast since we can't continue safely...
- bNoException &= cssw.UndoNoThrow();
- System.Environment.FailFast(Environment.GetResourceString("ExecutionContext_UndoFailed"));
-
- }
-#endif
+
bNoException &= cssw.UndoNoThrow();
@@ -144,15 +114,9 @@ namespace System.Security
}
}
-
public sealed class SecurityContext : IDisposable
{
-#if FEATURE_IMPERSONATION
- // Note that only one of the following variables will be true. The way we set up the flow mode in the g_pConfig guarantees this.
- static bool _LegacyImpersonationPolicy = (GetImpersonationFlowMode() == WindowsImpersonationFlowMode.IMP_NOFLOW);
- static bool _alwaysFlowImpersonationPolicy = (GetImpersonationFlowMode() == WindowsImpersonationFlowMode.IMP_ALWAYSFLOW);
-#endif
/*=========================================================================
** Data accessed from managed code that needs to be defined in
** SecurityContextObject to maintain alignment between the two classes.
@@ -160,9 +124,6 @@ namespace System.Security
=========================================================================*/
private ExecutionContext _executionContext;
-#if FEATURE_IMPERSONATION
- private volatile WindowsIdentity _windowsIdentity;
-#endif
private volatile CompressedStack _compressedStack;
static private volatile SecurityContext _fullTrustSC;
@@ -204,7 +165,6 @@ namespace System.Security
static internal SecurityContext FullTrustSecurityContext
{
- [System.Security.SecurityCritical] // auto-generated
get
{
if (_fullTrustSC == null)
@@ -222,27 +182,7 @@ namespace System.Security
_executionContext = value;
}
}
-
-#if FEATURE_IMPERSONATION
-
-
- internal WindowsIdentity WindowsIdentity
- {
- get
- {
- return _windowsIdentity;
- }
- set
- {
- // Note, we do not dispose of the existing windows identity, since some code such as remoting
- // relies on reusing that identity. If you are not going to reuse the existing identity, then
- // you should dispose of the existing identity before resetting it.
- _windowsIdentity = value;
- }
- }
-#endif // FEATURE_IMPERSONATION
-
internal CompressedStack CompressedStack
{
get
@@ -258,25 +198,18 @@ namespace System.Security
public void Dispose()
{
-#if FEATURE_IMPERSONATION
- if (_windowsIdentity != null)
- _windowsIdentity.Dispose();
-#endif // FEATURE_IMPERSONATION
}
- [System.Security.SecurityCritical] // auto-generated_required
public static AsyncFlowControl SuppressFlow()
{
return SuppressFlow(SecurityContextDisableFlow.All);
}
- [System.Security.SecurityCritical] // auto-generated_required
public static AsyncFlowControl SuppressFlowWindowsIdentity()
{
return SuppressFlow(SecurityContextDisableFlow.WI);
}
- [SecurityCritical]
internal static AsyncFlowControl SuppressFlow(SecurityContextDisableFlow flags)
{
if (IsFlowSuppressed(flags))
@@ -292,7 +225,6 @@ namespace System.Security
return afc;
}
- [SecuritySafeCritical]
public static void RestoreFlow()
{
SecurityContext sc = Thread.CurrentThread.GetMutableExecutionContext().SecurityContext;
@@ -307,13 +239,7 @@ namespace System.Security
{
return SecurityContext.IsFlowSuppressed(SecurityContextDisableFlow.All);
}
-#if FEATURE_IMPERSONATION
- public static bool IsWindowsIdentityFlowSuppressed()
- {
- return (_LegacyImpersonationPolicy|| SecurityContext.IsFlowSuppressed(SecurityContextDisableFlow.WI));
- }
-#endif
- [SecuritySafeCritical]
+
internal static bool IsFlowSuppressed(SecurityContextDisableFlow flags)
{
return Thread.CurrentThread.GetExecutionContextReader().SecurityContext.IsFlowSuppressed(flags);
@@ -323,7 +249,6 @@ namespace System.Security
// continue past the call to SecurityContext.Run. If you change the signature to this method, or
// provide an alternate way to do a SecurityContext.Run make sure to update
// SecurityStackWalk::IsSpecialRunFrame in the VM to search for the new method.
- [System.Security.SecurityCritical] // auto-generated_required
[DynamicSecurityMethodAttribute()]
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
public static void Run(SecurityContext securityContext, ContextCallback callback, Object state)
@@ -360,7 +285,7 @@ namespace System.Security
// and automatically goes away when the callback returns.
WindowsIdentity.SafeRevertToSelf(ref stackMark);
// Ensure we have reverted to the state we entered in.
- Contract.Assert(GetCurrentWI(Thread.CurrentThread.GetExecutionContextReader()) == null);
+ Debug.Assert(GetCurrentWI(Thread.CurrentThread.GetExecutionContextReader()) == null);
}
}
else
@@ -369,7 +294,6 @@ namespace System.Security
}
}
- [System.Security.SecurityCritical] // auto-generated
internal static void RunInternal(SecurityContext securityContext, ContextCallback callBack, Object state)
{
if (cleanupCode == null)
@@ -397,7 +321,6 @@ namespace System.Security
}
}
- [System.Security.SecurityCritical] // auto-generated
static internal void runTryCode(Object userData)
{
SecurityContextRunData rData = (SecurityContextRunData) userData;
@@ -406,7 +329,6 @@ namespace System.Security
}
- [System.Security.SecurityCritical] // auto-generated
[PrePrepareMethod]
static internal void runFinallyCode(Object userData, bool exceptionThrown)
{
@@ -421,7 +343,6 @@ namespace System.Security
// Internal API that gets called from public SetSecurityContext and from SetExecutionContext
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
- [System.Security.SecurityCritical] // auto-generated
[DynamicSecurityMethodAttribute()]
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
internal static SecurityContextSwitcher SetSecurityContext(SecurityContext sc, SecurityContext.Reader prevSecurityContext, bool modifyCurrentExecutionContext)
@@ -430,7 +351,6 @@ namespace System.Security
return SetSecurityContext(sc, prevSecurityContext, modifyCurrentExecutionContext, ref stackMark);
}
- [System.Security.SecurityCritical] // auto-generated
#if FEATURE_CORRUPTING_EXCEPTIONS
[HandleProcessCorruptedStateExceptions]
#endif // FEATURE_CORRUPTING_EXCEPTIONS
@@ -458,22 +378,6 @@ namespace System.Security
RuntimeHelpers.PrepareConstrainedRegions();
try
{
-#if FEATURE_IMPERSONATION
- scsw.wic = null;
- if (!_LegacyImpersonationPolicy)
- {
- if (sc.WindowsIdentity != null)
- {
- scsw.wic = sc.WindowsIdentity.Impersonate(ref stackMark);
- }
- else if ( ((_capturedFlowState & SecurityContextDisableFlow.WI) == 0)
- && prevSecurityContext.WindowsIdentity != null)
- {
- // revert impersonation if there was no WI flow supression at capture and we're currently impersonating
- scsw.wic = WindowsIdentity.SafeRevertToSelf(ref stackMark);
- }
- }
-#endif
scsw.cssw = CompressedStack.SetCompressedStack(sc.CompressedStack, prevSecurityContext.CompressedStack);
}
catch
@@ -486,7 +390,6 @@ namespace System.Security
}
/// <internalonly/>
- [System.Security.SecuritySafeCritical] // auto-generated
public SecurityContext CreateCopy()
{
if (!isNewCapture)
@@ -498,11 +401,6 @@ namespace System.Security
sc.isNewCapture = true;
sc._disableFlow = _disableFlow;
-#if FEATURE_IMPERSONATION
- if (WindowsIdentity != null)
- sc._windowsIdentity = new WindowsIdentity(WindowsIdentity.AccessToken);
-#endif //FEATURE_IMPERSONATION
-
if (_compressedStack != null)
sc._compressedStack = _compressedStack.CreateCopy();
@@ -510,26 +408,19 @@ namespace System.Security
}
/// <internalonly/>
- [System.Security.SecuritySafeCritical] // auto-generated
internal SecurityContext CreateMutableCopy()
{
- Contract.Assert(!this.isNewCapture);
+ Debug.Assert(!this.isNewCapture);
SecurityContext sc = new SecurityContext();
sc._disableFlow = this._disableFlow;
-#if FEATURE_IMPERSONATION
- if (this.WindowsIdentity != null)
- sc._windowsIdentity = new WindowsIdentity(this.WindowsIdentity.AccessToken);
-#endif //FEATURE_IMPERSONATION
-
if (this._compressedStack != null)
sc._compressedStack = this._compressedStack.CreateCopy();
return sc;
}
- [System.Security.SecuritySafeCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
public static SecurityContext Capture( )
{
@@ -545,7 +436,6 @@ namespace System.Security
}
// create a clone from a non-existing SecurityContext
- [System.Security.SecurityCritical] // auto-generated
[MethodImpl(MethodImplOptions.AggressiveInlining)]
static internal SecurityContext Capture(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark)
{
@@ -560,125 +450,26 @@ namespace System.Security
return CaptureCore(currThreadEC, ref stackMark);
}
- [System.Security.SecurityCritical] // auto-generated
static private SecurityContext CaptureCore(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark)
{
SecurityContext sc = new SecurityContext();
sc.isNewCapture = true;
-#if FEATURE_IMPERSONATION
- // Force create WindowsIdentity
- if (!IsWindowsIdentityFlowSuppressed())
- {
- WindowsIdentity currentIdentity = GetCurrentWI(currThreadEC);
- if (currentIdentity != null)
- sc._windowsIdentity = new WindowsIdentity(currentIdentity.AccessToken);
- }
- else
- {
- sc._disableFlow = SecurityContextDisableFlow.WI;
- }
-#endif // FEATURE_IMPERSONATION
-
// Force create CompressedStack
sc.CompressedStack = CompressedStack.GetCompressedStack(ref stackMark);
return sc;
}
- [System.Security.SecurityCritical] // auto-generated
+
static internal SecurityContext CreateFullTrustSecurityContext()
{
SecurityContext sc = new SecurityContext();
sc.isNewCapture = true;
-
-#if FEATURE_IMPERSONATION
- if (IsWindowsIdentityFlowSuppressed())
- {
- sc._disableFlow = SecurityContextDisableFlow.WI;
- }
-#endif // FEATURE_IMPERSONATION
-
// Force create CompressedStack
sc.CompressedStack = new CompressedStack(null);
return sc;
}
-#if FEATURE_IMPERSONATION
-
- static internal bool AlwaysFlowImpersonationPolicy { get { return _alwaysFlowImpersonationPolicy; } }
-
- // Check to see if we have a WI on the thread and return if we do
- [System.Security.SecurityCritical] // auto-generated
- [MethodImpl(MethodImplOptions.AggressiveInlining)]
- static internal WindowsIdentity GetCurrentWI(ExecutionContext.Reader threadEC)
- {
- return GetCurrentWI(threadEC, _alwaysFlowImpersonationPolicy);
- }
-
- [System.Security.SecurityCritical] // auto-generated
- [MethodImpl(MethodImplOptions.AggressiveInlining)]
- static internal WindowsIdentity GetCurrentWI(ExecutionContext.Reader threadEC, bool cachedAlwaysFlowImpersonationPolicy)
- {
- Contract.Assert(cachedAlwaysFlowImpersonationPolicy == _alwaysFlowImpersonationPolicy);
- if (cachedAlwaysFlowImpersonationPolicy)
- {
- // Examine the threadtoken at the cost of a kernel call if the user has set the IMP_ALWAYSFLOW mode
- return WindowsIdentity.GetCurrentInternal(TokenAccessLevels.MaximumAllowed, true);
- }
-
- return threadEC.SecurityContext.WindowsIdentity;
- }
-
- [System.Security.SecurityCritical]
- static internal void RestoreCurrentWI(ExecutionContext.Reader currentEC, ExecutionContext.Reader prevEC, WindowsIdentity targetWI, bool cachedAlwaysFlowImpersonationPolicy)
- {
- Contract.Assert(currentEC.IsSame(Thread.CurrentThread.GetExecutionContextReader()));
- Contract.Assert(cachedAlwaysFlowImpersonationPolicy == _alwaysFlowImpersonationPolicy);
-
- // NOTE: cachedAlwaysFlowImpersonationPolicy is a perf optimization to avoid always having to access a static variable here.
- if (cachedAlwaysFlowImpersonationPolicy || prevEC.SecurityContext.WindowsIdentity != targetWI)
- {
- //
- // Either we're always flowing, or the target WI was obtained from the current EC in the first place.
- //
- Contract.Assert(_alwaysFlowImpersonationPolicy || currentEC.SecurityContext.WindowsIdentity == targetWI);
-
- RestoreCurrentWIInternal(targetWI);
- }
- }
-
- [System.Security.SecurityCritical]
- static private void RestoreCurrentWIInternal(WindowsIdentity targetWI)
- {
- int hr = Win32.RevertToSelf();
- if (hr < 0)
- Environment.FailFast(Win32Native.GetMessage(hr));
-
- if (targetWI != null)
- {
- SafeAccessTokenHandle tokenHandle = targetWI.AccessToken;
- if (tokenHandle != null && !tokenHandle.IsInvalid)
- {
- hr = Win32.ImpersonateLoggedOnUser(tokenHandle);
- if (hr < 0)
- Environment.FailFast(Win32Native.GetMessage(hr));
- }
- }
- }
-
- [System.Security.SecurityCritical] // auto-generated
- internal bool IsDefaultFTSecurityContext()
- {
- return (WindowsIdentity == null && (CompressedStack == null || CompressedStack.CompressedStackHandle == null));
- }
- [System.Security.SecurityCritical] // auto-generated
- [MethodImpl(MethodImplOptions.AggressiveInlining)]
- static internal bool CurrentlyInDefaultFTSecurityContext(ExecutionContext.Reader threadEC)
- {
- return (IsDefaultThreadSecurityInfo() && GetCurrentWI(threadEC) == null);
- }
-#else
-
internal bool IsDefaultFTSecurityContext()
{
return (CompressedStack == null || CompressedStack.CompressedStackHandle == null);
@@ -687,16 +478,9 @@ namespace System.Security
{
return (IsDefaultThreadSecurityInfo());
}
-#endif
-#if FEATURE_IMPERSONATION
- [System.Security.SecuritySafeCritical] // auto-generated
- [MethodImplAttribute(MethodImplOptions.InternalCall), ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
- internal extern static WindowsImpersonationFlowMode GetImpersonationFlowMode();
-#endif
- [System.Security.SecurityCritical] // auto-generated
+
[MethodImplAttribute(MethodImplOptions.InternalCall), ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
internal extern static bool IsDefaultThreadSecurityInfo();
-
}
#endif // FEATURE_COMPRESSEDSTACK
}