From db20f3f1bb8595633a7e16c8900fd401a453a6b5 Mon Sep 17 00:00:00 2001 From: Jiyoung Yun Date: Tue, 27 Dec 2016 16:46:08 +0900 Subject: Imported Upstream version 1.0.0.9127 --- .../src/System/Security/SecurityContext.cs | 238 +-------------------- 1 file changed, 11 insertions(+), 227 deletions(-) (limited to 'src/mscorlib/src/System/Security/SecurityContext.cs') diff --git a/src/mscorlib/src/System/Security/SecurityContext.cs b/src/mscorlib/src/System/Security/SecurityContext.cs index e422a312df..674c04196f 100644 --- a/src/mscorlib/src/System/Security/SecurityContext.cs +++ b/src/mscorlib/src/System/Security/SecurityContext.cs @@ -12,14 +12,11 @@ ** ===========================================================*/ namespace System.Security -{ +{ using Microsoft.Win32; using Microsoft.Win32.SafeHandles; using System.Threading; using System.Runtime.Remoting; -#if FEATURE_IMPERSONATION - using System.Security.Principal; -#endif using System.Collections; using System.Runtime.Serialization; using System.Security.Permissions; @@ -30,6 +27,7 @@ namespace System.Security #endif // FEATURE_CORRUPTING_EXCEPTIONS using System.Runtime.ConstrainedExecution; using System.Runtime.Versioning; + using System.Diagnostics; using System.Diagnostics.Contracts; // This enum must be kept in sync with the SecurityContextSource enum in the VM @@ -46,15 +44,6 @@ namespace System.Security All = 0x3FFF } -#if FEATURE_IMPERSONATION - internal enum WindowsImpersonationFlowMode { - IMP_FASTFLOW = 0, - IMP_NOFLOW = 1, - IMP_ALWAYSFLOW = 2, - IMP_DEFAULT = IMP_FASTFLOW - } -#endif - #if FEATURE_COMPRESSEDSTACK internal struct SecurityContextSwitcher: IDisposable { @@ -62,17 +51,12 @@ namespace System.Security internal SecurityContext currSC; //current SC - SetSecurityContext that created the switcher set this on the Thread internal ExecutionContext currEC; // current ExecutionContext on Thread internal CompressedStackSwitcher cssw; -#if FEATURE_IMPERSONATION - internal WindowsImpersonationContext wic; -#endif - [System.Security.SecuritySafeCritical] // overrides public transparent member public void Dispose() { Undo(); } - [System.Security.SecurityCritical] // auto-generated [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] #if FEATURE_CORRUPTING_EXCEPTIONS [HandleProcessCorruptedStateExceptions] @@ -90,7 +74,6 @@ namespace System.Security return true; } - [System.Security.SecurityCritical] // auto-generated [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] #if FEATURE_CORRUPTING_EXCEPTIONS [HandleProcessCorruptedStateExceptions] @@ -104,8 +87,8 @@ namespace System.Security if (currEC != null) { - Contract.Assert(currEC == Thread.CurrentThread.GetMutableExecutionContext(), "SecurityContextSwitcher used from another thread"); - Contract.Assert(currSC == currEC.SecurityContext, "SecurityContextSwitcher context mismatch"); + Debug.Assert(currEC == Thread.CurrentThread.GetMutableExecutionContext(), "SecurityContextSwitcher used from another thread"); + Debug.Assert(currSC == currEC.SecurityContext, "SecurityContextSwitcher context mismatch"); // restore the saved security context currEC.SecurityContext = prevSC.DangerousGetRawSecurityContext(); @@ -113,26 +96,13 @@ namespace System.Security else { // caller must have already restored the ExecutionContext - Contract.Assert(Thread.CurrentThread.GetExecutionContextReader().SecurityContext.IsSame(prevSC)); + Debug.Assert(Thread.CurrentThread.GetExecutionContextReader().SecurityContext.IsSame(prevSC)); } currSC = null; // this will prevent the switcher object being used again bool bNoException = true; -#if FEATURE_IMPERSONATION - try - { - if (wic != null) - bNoException &= wic.UndoNoThrow(); - } - catch - { - // Failfast since we can't continue safely... - bNoException &= cssw.UndoNoThrow(); - System.Environment.FailFast(Environment.GetResourceString("ExecutionContext_UndoFailed")); - - } -#endif + bNoException &= cssw.UndoNoThrow(); @@ -144,15 +114,9 @@ namespace System.Security } } - public sealed class SecurityContext : IDisposable { -#if FEATURE_IMPERSONATION - // Note that only one of the following variables will be true. The way we set up the flow mode in the g_pConfig guarantees this. - static bool _LegacyImpersonationPolicy = (GetImpersonationFlowMode() == WindowsImpersonationFlowMode.IMP_NOFLOW); - static bool _alwaysFlowImpersonationPolicy = (GetImpersonationFlowMode() == WindowsImpersonationFlowMode.IMP_ALWAYSFLOW); -#endif /*========================================================================= ** Data accessed from managed code that needs to be defined in ** SecurityContextObject to maintain alignment between the two classes. @@ -160,9 +124,6 @@ namespace System.Security =========================================================================*/ private ExecutionContext _executionContext; -#if FEATURE_IMPERSONATION - private volatile WindowsIdentity _windowsIdentity; -#endif private volatile CompressedStack _compressedStack; static private volatile SecurityContext _fullTrustSC; @@ -204,7 +165,6 @@ namespace System.Security static internal SecurityContext FullTrustSecurityContext { - [System.Security.SecurityCritical] // auto-generated get { if (_fullTrustSC == null) @@ -222,27 +182,7 @@ namespace System.Security _executionContext = value; } } - -#if FEATURE_IMPERSONATION - - - internal WindowsIdentity WindowsIdentity - { - get - { - return _windowsIdentity; - } - set - { - // Note, we do not dispose of the existing windows identity, since some code such as remoting - // relies on reusing that identity. If you are not going to reuse the existing identity, then - // you should dispose of the existing identity before resetting it. - _windowsIdentity = value; - } - } -#endif // FEATURE_IMPERSONATION - internal CompressedStack CompressedStack { get @@ -258,25 +198,18 @@ namespace System.Security public void Dispose() { -#if FEATURE_IMPERSONATION - if (_windowsIdentity != null) - _windowsIdentity.Dispose(); -#endif // FEATURE_IMPERSONATION } - [System.Security.SecurityCritical] // auto-generated_required public static AsyncFlowControl SuppressFlow() { return SuppressFlow(SecurityContextDisableFlow.All); } - [System.Security.SecurityCritical] // auto-generated_required public static AsyncFlowControl SuppressFlowWindowsIdentity() { return SuppressFlow(SecurityContextDisableFlow.WI); } - [SecurityCritical] internal static AsyncFlowControl SuppressFlow(SecurityContextDisableFlow flags) { if (IsFlowSuppressed(flags)) @@ -292,7 +225,6 @@ namespace System.Security return afc; } - [SecuritySafeCritical] public static void RestoreFlow() { SecurityContext sc = Thread.CurrentThread.GetMutableExecutionContext().SecurityContext; @@ -307,13 +239,7 @@ namespace System.Security { return SecurityContext.IsFlowSuppressed(SecurityContextDisableFlow.All); } -#if FEATURE_IMPERSONATION - public static bool IsWindowsIdentityFlowSuppressed() - { - return (_LegacyImpersonationPolicy|| SecurityContext.IsFlowSuppressed(SecurityContextDisableFlow.WI)); - } -#endif - [SecuritySafeCritical] + internal static bool IsFlowSuppressed(SecurityContextDisableFlow flags) { return Thread.CurrentThread.GetExecutionContextReader().SecurityContext.IsFlowSuppressed(flags); @@ -323,7 +249,6 @@ namespace System.Security // continue past the call to SecurityContext.Run. If you change the signature to this method, or // provide an alternate way to do a SecurityContext.Run make sure to update // SecurityStackWalk::IsSpecialRunFrame in the VM to search for the new method. - [System.Security.SecurityCritical] // auto-generated_required [DynamicSecurityMethodAttribute()] [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable public static void Run(SecurityContext securityContext, ContextCallback callback, Object state) @@ -360,7 +285,7 @@ namespace System.Security // and automatically goes away when the callback returns. WindowsIdentity.SafeRevertToSelf(ref stackMark); // Ensure we have reverted to the state we entered in. - Contract.Assert(GetCurrentWI(Thread.CurrentThread.GetExecutionContextReader()) == null); + Debug.Assert(GetCurrentWI(Thread.CurrentThread.GetExecutionContextReader()) == null); } } else @@ -369,7 +294,6 @@ namespace System.Security } } - [System.Security.SecurityCritical] // auto-generated internal static void RunInternal(SecurityContext securityContext, ContextCallback callBack, Object state) { if (cleanupCode == null) @@ -397,7 +321,6 @@ namespace System.Security } } - [System.Security.SecurityCritical] // auto-generated static internal void runTryCode(Object userData) { SecurityContextRunData rData = (SecurityContextRunData) userData; @@ -406,7 +329,6 @@ namespace System.Security } - [System.Security.SecurityCritical] // auto-generated [PrePrepareMethod] static internal void runFinallyCode(Object userData, bool exceptionThrown) { @@ -421,7 +343,6 @@ namespace System.Security // Internal API that gets called from public SetSecurityContext and from SetExecutionContext [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] - [System.Security.SecurityCritical] // auto-generated [DynamicSecurityMethodAttribute()] [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable internal static SecurityContextSwitcher SetSecurityContext(SecurityContext sc, SecurityContext.Reader prevSecurityContext, bool modifyCurrentExecutionContext) @@ -430,7 +351,6 @@ namespace System.Security return SetSecurityContext(sc, prevSecurityContext, modifyCurrentExecutionContext, ref stackMark); } - [System.Security.SecurityCritical] // auto-generated #if FEATURE_CORRUPTING_EXCEPTIONS [HandleProcessCorruptedStateExceptions] #endif // FEATURE_CORRUPTING_EXCEPTIONS @@ -458,22 +378,6 @@ namespace System.Security RuntimeHelpers.PrepareConstrainedRegions(); try { -#if FEATURE_IMPERSONATION - scsw.wic = null; - if (!_LegacyImpersonationPolicy) - { - if (sc.WindowsIdentity != null) - { - scsw.wic = sc.WindowsIdentity.Impersonate(ref stackMark); - } - else if ( ((_capturedFlowState & SecurityContextDisableFlow.WI) == 0) - && prevSecurityContext.WindowsIdentity != null) - { - // revert impersonation if there was no WI flow supression at capture and we're currently impersonating - scsw.wic = WindowsIdentity.SafeRevertToSelf(ref stackMark); - } - } -#endif scsw.cssw = CompressedStack.SetCompressedStack(sc.CompressedStack, prevSecurityContext.CompressedStack); } catch @@ -486,7 +390,6 @@ namespace System.Security } /// - [System.Security.SecuritySafeCritical] // auto-generated public SecurityContext CreateCopy() { if (!isNewCapture) @@ -498,11 +401,6 @@ namespace System.Security sc.isNewCapture = true; sc._disableFlow = _disableFlow; -#if FEATURE_IMPERSONATION - if (WindowsIdentity != null) - sc._windowsIdentity = new WindowsIdentity(WindowsIdentity.AccessToken); -#endif //FEATURE_IMPERSONATION - if (_compressedStack != null) sc._compressedStack = _compressedStack.CreateCopy(); @@ -510,26 +408,19 @@ namespace System.Security } /// - [System.Security.SecuritySafeCritical] // auto-generated internal SecurityContext CreateMutableCopy() { - Contract.Assert(!this.isNewCapture); + Debug.Assert(!this.isNewCapture); SecurityContext sc = new SecurityContext(); sc._disableFlow = this._disableFlow; -#if FEATURE_IMPERSONATION - if (this.WindowsIdentity != null) - sc._windowsIdentity = new WindowsIdentity(this.WindowsIdentity.AccessToken); -#endif //FEATURE_IMPERSONATION - if (this._compressedStack != null) sc._compressedStack = this._compressedStack.CreateCopy(); return sc; } - [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable public static SecurityContext Capture( ) { @@ -545,7 +436,6 @@ namespace System.Security } // create a clone from a non-existing SecurityContext - [System.Security.SecurityCritical] // auto-generated [MethodImpl(MethodImplOptions.AggressiveInlining)] static internal SecurityContext Capture(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark) { @@ -560,125 +450,26 @@ namespace System.Security return CaptureCore(currThreadEC, ref stackMark); } - [System.Security.SecurityCritical] // auto-generated static private SecurityContext CaptureCore(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark) { SecurityContext sc = new SecurityContext(); sc.isNewCapture = true; -#if FEATURE_IMPERSONATION - // Force create WindowsIdentity - if (!IsWindowsIdentityFlowSuppressed()) - { - WindowsIdentity currentIdentity = GetCurrentWI(currThreadEC); - if (currentIdentity != null) - sc._windowsIdentity = new WindowsIdentity(currentIdentity.AccessToken); - } - else - { - sc._disableFlow = SecurityContextDisableFlow.WI; - } -#endif // FEATURE_IMPERSONATION - // Force create CompressedStack sc.CompressedStack = CompressedStack.GetCompressedStack(ref stackMark); return sc; } - [System.Security.SecurityCritical] // auto-generated + static internal SecurityContext CreateFullTrustSecurityContext() { SecurityContext sc = new SecurityContext(); sc.isNewCapture = true; - -#if FEATURE_IMPERSONATION - if (IsWindowsIdentityFlowSuppressed()) - { - sc._disableFlow = SecurityContextDisableFlow.WI; - } -#endif // FEATURE_IMPERSONATION - // Force create CompressedStack sc.CompressedStack = new CompressedStack(null); return sc; } -#if FEATURE_IMPERSONATION - - static internal bool AlwaysFlowImpersonationPolicy { get { return _alwaysFlowImpersonationPolicy; } } - - // Check to see if we have a WI on the thread and return if we do - [System.Security.SecurityCritical] // auto-generated - [MethodImpl(MethodImplOptions.AggressiveInlining)] - static internal WindowsIdentity GetCurrentWI(ExecutionContext.Reader threadEC) - { - return GetCurrentWI(threadEC, _alwaysFlowImpersonationPolicy); - } - - [System.Security.SecurityCritical] // auto-generated - [MethodImpl(MethodImplOptions.AggressiveInlining)] - static internal WindowsIdentity GetCurrentWI(ExecutionContext.Reader threadEC, bool cachedAlwaysFlowImpersonationPolicy) - { - Contract.Assert(cachedAlwaysFlowImpersonationPolicy == _alwaysFlowImpersonationPolicy); - if (cachedAlwaysFlowImpersonationPolicy) - { - // Examine the threadtoken at the cost of a kernel call if the user has set the IMP_ALWAYSFLOW mode - return WindowsIdentity.GetCurrentInternal(TokenAccessLevels.MaximumAllowed, true); - } - - return threadEC.SecurityContext.WindowsIdentity; - } - - [System.Security.SecurityCritical] - static internal void RestoreCurrentWI(ExecutionContext.Reader currentEC, ExecutionContext.Reader prevEC, WindowsIdentity targetWI, bool cachedAlwaysFlowImpersonationPolicy) - { - Contract.Assert(currentEC.IsSame(Thread.CurrentThread.GetExecutionContextReader())); - Contract.Assert(cachedAlwaysFlowImpersonationPolicy == _alwaysFlowImpersonationPolicy); - - // NOTE: cachedAlwaysFlowImpersonationPolicy is a perf optimization to avoid always having to access a static variable here. - if (cachedAlwaysFlowImpersonationPolicy || prevEC.SecurityContext.WindowsIdentity != targetWI) - { - // - // Either we're always flowing, or the target WI was obtained from the current EC in the first place. - // - Contract.Assert(_alwaysFlowImpersonationPolicy || currentEC.SecurityContext.WindowsIdentity == targetWI); - - RestoreCurrentWIInternal(targetWI); - } - } - - [System.Security.SecurityCritical] - static private void RestoreCurrentWIInternal(WindowsIdentity targetWI) - { - int hr = Win32.RevertToSelf(); - if (hr < 0) - Environment.FailFast(Win32Native.GetMessage(hr)); - - if (targetWI != null) - { - SafeAccessTokenHandle tokenHandle = targetWI.AccessToken; - if (tokenHandle != null && !tokenHandle.IsInvalid) - { - hr = Win32.ImpersonateLoggedOnUser(tokenHandle); - if (hr < 0) - Environment.FailFast(Win32Native.GetMessage(hr)); - } - } - } - - [System.Security.SecurityCritical] // auto-generated - internal bool IsDefaultFTSecurityContext() - { - return (WindowsIdentity == null && (CompressedStack == null || CompressedStack.CompressedStackHandle == null)); - } - [System.Security.SecurityCritical] // auto-generated - [MethodImpl(MethodImplOptions.AggressiveInlining)] - static internal bool CurrentlyInDefaultFTSecurityContext(ExecutionContext.Reader threadEC) - { - return (IsDefaultThreadSecurityInfo() && GetCurrentWI(threadEC) == null); - } -#else - internal bool IsDefaultFTSecurityContext() { return (CompressedStack == null || CompressedStack.CompressedStackHandle == null); @@ -687,16 +478,9 @@ namespace System.Security { return (IsDefaultThreadSecurityInfo()); } -#endif -#if FEATURE_IMPERSONATION - [System.Security.SecuritySafeCritical] // auto-generated - [MethodImplAttribute(MethodImplOptions.InternalCall), ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] - internal extern static WindowsImpersonationFlowMode GetImpersonationFlowMode(); -#endif - [System.Security.SecurityCritical] // auto-generated + [MethodImplAttribute(MethodImplOptions.InternalCall), ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] internal extern static bool IsDefaultThreadSecurityInfo(); - } #endif // FEATURE_COMPRESSEDSTACK } -- cgit v1.2.3