From e07a068d7871869ca4d34813d5d29bad33adce3c Mon Sep 17 00:00:00 2001 From: Hugh Bellamy Date: Sat, 13 Apr 2019 17:52:14 +0100 Subject: [PATCH] Fix LsaOpenPolicy interop definition * Move Lsa handles to Interop code * Fix implementation of LsaOpenPolicy * Move LSA_STRING and LSA_UNICODE_STRING to Advapi32 * Consolidate LSA_UNICODE_STRING and UNICODE_STRING Commit migrated from https://github.com/dotnet/corefx/commit/f5e2679e76c102aea8218ae290ffb7f4d97e9cc2 --- .../Interop.LSA_STRING.cs} | 2 +- .../Windows/Advapi32/Interop.LsaLookupNames2.cs | 13 ++- .../Windows/Advapi32/Interop.LsaLookupSids.cs | 2 +- .../Windows/Advapi32/Interop.LsaOpenPolicy.cs | 30 +++++- .../Interop/Windows/Interop.OBJECT_ATTRIBUTES.cs | 103 +++++++++++++++++++++ .../Interop/Windows/NtDll/Interop.NtCreateFile.cs | 94 ------------------- .../Windows/SspiCli/Interop.KerbS4uLogin.cs | 4 +- .../Interop/Windows/SspiCli/Interop.LSAStructs.cs | 11 --- .../Windows/SspiCli/Interop.LsaLogonUser.cs | 2 +- .../Interop.LsaLookupAuthenticationPackage.cs | 7 +- .../Windows/SspiCli/Interop.LsaUnicodeString.cs | 38 -------- .../Windows/SspiCli/Interop.UNICODE_STRING.cs | 18 ---- .../Win32/SafeHandles/SafeLsaMemoryHandle.cs | 25 +++++ .../Win32/SafeHandles/SafeLsaPolicyHandle.cs | 24 +++++ .../Win32/SafeHandles/SafeLsaReturnBufferHandle.cs | 27 ++++++ .../Win32/SafeHandles/SafeTokenHandle.cs} | 0 .../src/Microsoft.IO.Redist.csproj | 3 + .../src/System.Data.SqlClient.csproj | 3 + .../Microsoft/Win32/SafeHandles/SafeTokenHandle.cs | 45 --------- .../src/System.Diagnostics.Process.csproj | 4 +- .../src/System.IO.FileSystem.csproj | 3 + .../src/System.Security.AccessControl.csproj | 4 +- .../Win32/SafeHandles/SafeSecurityHandles.cs | 59 ------------ .../src/System.Security.Principal.Windows.csproj | 28 ++++-- .../src/System/Security/Principal/NTAccount.cs | 2 +- .../src/System/Security/Principal/Win32.cs | 27 ++---- .../System/Security/Principal/WindowsIdentity.cs | 2 +- 27 files changed, 274 insertions(+), 306 deletions(-) rename src/libraries/Common/src/Interop/Windows/{SspiCli/Interop.LsaString.cs => Advapi32/Interop.LSA_STRING.cs} (97%) create mode 100644 src/libraries/Common/src/Interop/Windows/Interop.OBJECT_ATTRIBUTES.cs delete mode 100644 src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LsaUnicodeString.cs delete mode 100644 src/libraries/Common/src/Interop/Windows/SspiCli/Interop.UNICODE_STRING.cs create mode 100644 src/libraries/Common/src/Microsoft/Win32/SafeHandles/SafeLsaMemoryHandle.cs create mode 100644 src/libraries/Common/src/Microsoft/Win32/SafeHandles/SafeLsaPolicyHandle.cs create mode 100644 src/libraries/Common/src/Microsoft/Win32/SafeHandles/SafeLsaReturnBufferHandle.cs rename src/libraries/{System.Security.AccessControl/src/System/Security/SafeSecurityHandles.cs => Common/src/Microsoft/Win32/SafeHandles/SafeTokenHandle.cs} (100%) delete mode 100644 src/libraries/System.Diagnostics.Process/src/Microsoft/Win32/SafeHandles/SafeTokenHandle.cs delete mode 100644 src/libraries/System.Security.Principal.Windows/src/Microsoft/Win32/SafeHandles/SafeSecurityHandles.cs diff --git a/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LsaString.cs b/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.LSA_STRING.cs similarity index 97% rename from src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LsaString.cs rename to src/libraries/Common/src/Interop/Windows/Advapi32/Interop.LSA_STRING.cs index 1c108df..7cd34c1 100644 --- a/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LsaString.cs +++ b/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.LSA_STRING.cs @@ -7,7 +7,7 @@ using System.Runtime.InteropServices; internal partial class Interop { - internal partial class SspiCli + internal partial class Advapi32 { [StructLayout(LayoutKind.Sequential)] internal struct LSA_STRING diff --git a/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.LsaLookupNames2.cs b/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.LsaLookupNames2.cs index dcb76be..084dfee 100644 --- a/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.LsaLookupNames2.cs +++ b/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.LsaLookupNames2.cs @@ -15,9 +15,18 @@ internal static partial class Interop SafeLsaPolicyHandle handle, int flags, int count, - UNICODE_STRING[] names, + MARSHALLED_UNICODE_STRING[] names, out SafeLsaMemoryHandle referencedDomains, out SafeLsaMemoryHandle sids - ); + ); + + [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] + internal struct MARSHALLED_UNICODE_STRING + { + internal ushort Length; + internal ushort MaximumLength; + [MarshalAs(UnmanagedType.LPWStr)] + internal string Buffer; + } } } diff --git a/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.LsaLookupSids.cs b/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.LsaLookupSids.cs index 576d8e5..b28132a 100644 --- a/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.LsaLookupSids.cs +++ b/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.LsaLookupSids.cs @@ -17,6 +17,6 @@ internal static partial class Interop IntPtr[] sids, out SafeLsaMemoryHandle referencedDomains, out SafeLsaMemoryHandle names - ); + ); } } diff --git a/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.LsaOpenPolicy.cs b/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.LsaOpenPolicy.cs index ca7ae1c..4360f33 100644 --- a/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.LsaOpenPolicy.cs +++ b/src/libraries/Common/src/Interop/Windows/Advapi32/Interop.LsaOpenPolicy.cs @@ -11,6 +11,34 @@ internal static partial class Interop internal static partial class Advapi32 { [DllImport(Interop.Libraries.Advapi32, EntryPoint = "LsaOpenPolicy", SetLastError = true, CharSet = CharSet.Unicode)] - internal static extern uint LsaOpenPolicy(string systemName, ref LSA_OBJECT_ATTRIBUTES attributes, int accessMask, out SafeLsaPolicyHandle handle); + private static extern uint LsaOpenPolicy( + ref UNICODE_STRING SystemName, + ref OBJECT_ATTRIBUTES ObjectAttributes, + int AccessMask, + out SafeLsaPolicyHandle PolicyHandle + ); + + internal static unsafe uint LsaOpenPolicy( + string SystemName, + ref OBJECT_ATTRIBUTES Attributes, + int AccessMask, + out SafeLsaPolicyHandle PolicyHandle) + { + var systemNameUnicode = new UNICODE_STRING(); + if (SystemName != null) + { + fixed (char* c = SystemName) + { + systemNameUnicode.Length = checked((ushort)(SystemName.Length * sizeof(char))); + systemNameUnicode.MaximumLength = checked((ushort)(SystemName.Length * sizeof(char))); + systemNameUnicode.Buffer = (IntPtr)c; + return LsaOpenPolicy(ref systemNameUnicode, ref Attributes, AccessMask, out PolicyHandle); + } + } + else + { + return LsaOpenPolicy(ref systemNameUnicode, ref Attributes, AccessMask, out PolicyHandle); + } + } } } diff --git a/src/libraries/Common/src/Interop/Windows/Interop.OBJECT_ATTRIBUTES.cs b/src/libraries/Common/src/Interop/Windows/Interop.OBJECT_ATTRIBUTES.cs new file mode 100644 index 0000000..c6e51ae --- /dev/null +++ b/src/libraries/Common/src/Interop/Windows/Interop.OBJECT_ATTRIBUTES.cs @@ -0,0 +1,103 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +using System; +using System.Runtime.InteropServices; + +internal static partial class Interop +{ + /// + /// OBJECT_ATTRIBUTES structure. + /// The OBJECT_ATTRIBUTES structure specifies attributes that can be applied to objects or object handles by routines + /// that create objects and/or return handles to objects. + /// + internal unsafe struct OBJECT_ATTRIBUTES + { + public uint Length; + + /// + /// Optional handle to root object directory for the given ObjectName. + /// Can be a file system directory or object manager directory. + /// + public IntPtr RootDirectory; + + /// + /// Name of the object. Must be fully qualified if RootDirectory isn't set. + /// Otherwise is relative to RootDirectory. + /// + public UNICODE_STRING* ObjectName; + + public ObjectAttributes Attributes; + + /// + /// If null, object will receive default security settings. + /// + public void* SecurityDescriptor; + + /// + /// Optional quality of service to be applied to the object. Used to indicate + /// security impersonation level and context tracking mode (dynamic or static). + /// + public void* SecurityQualityOfService; + + /// + /// Equivalent of InitializeObjectAttributes macro with the exception that you can directly set SQOS. + /// + public unsafe OBJECT_ATTRIBUTES(UNICODE_STRING* objectName, ObjectAttributes attributes, IntPtr rootDirectory) + { + Length = (uint)sizeof(OBJECT_ATTRIBUTES); + RootDirectory = rootDirectory; + ObjectName = objectName; + Attributes = attributes; + SecurityDescriptor = null; + SecurityQualityOfService = null; + } + } + + [Flags] + public enum ObjectAttributes : uint + { + // https://msdn.microsoft.com/en-us/library/windows/hardware/ff564586.aspx + // https://msdn.microsoft.com/en-us/library/windows/hardware/ff547804.aspx + + /// + /// This handle can be inherited by child processes of the current process. + /// + OBJ_INHERIT = 0x00000002, + + /// + /// This flag only applies to objects that are named within the object manager. + /// By default, such objects are deleted when all open handles to them are closed. + /// If this flag is specified, the object is not deleted when all open handles are closed. + /// + OBJ_PERMANENT = 0x00000010, + + /// + /// Only a single handle can be open for this object. + /// + OBJ_EXCLUSIVE = 0x00000020, + + /// + /// Lookups for this object should be case insensitive. + /// + OBJ_CASE_INSENSITIVE = 0x00000040, + + /// + /// Create on existing object should open, not fail with STATUS_OBJECT_NAME_COLLISION. + /// + OBJ_OPENIF = 0x00000080, + + /// + /// Open the symbolic link, not its target. + /// + OBJ_OPENLINK = 0x00000100, + + // Only accessible from kernel mode + // OBJ_KERNEL_HANDLE + + // Access checks enforced, even in kernel mode + // OBJ_FORCE_ACCESS_CHECK + // OBJ_VALID_ATTRIBUTES = 0x000001F2 + } +} diff --git a/src/libraries/Common/src/Interop/Windows/NtDll/Interop.NtCreateFile.cs b/src/libraries/Common/src/Interop/Windows/NtDll/Interop.NtCreateFile.cs index 967b7bf..1fa7b72 100644 --- a/src/libraries/Common/src/Interop/Windows/NtDll/Interop.NtCreateFile.cs +++ b/src/libraries/Common/src/Interop/Windows/NtDll/Interop.NtCreateFile.cs @@ -69,100 +69,6 @@ internal partial class Interop } /// - /// OBJECT_ATTRIBUTES structure. - /// The OBJECT_ATTRIBUTES structure specifies attributes that can be applied to objects or object handles by routines - /// that create objects and/or return handles to objects. - /// - internal unsafe struct OBJECT_ATTRIBUTES - { - public uint Length; - - /// - /// Optional handle to root object directory for the given ObjectName. - /// Can be a file system directory or object manager directory. - /// - public IntPtr RootDirectory; - - /// - /// Name of the object. Must be fully qualified if RootDirectory isn't set. - /// Otherwise is relative to RootDirectory. - /// - public UNICODE_STRING* ObjectName; - - public ObjectAttributes Attributes; - - /// - /// If null, object will receive default security settings. - /// - public void* SecurityDescriptor; - - /// - /// Optional quality of service to be applied to the object. Used to indicate - /// security impersonation level and context tracking mode (dynamic or static). - /// - public void* SecurityQualityOfService; - - /// - /// Equivalent of InitializeObjectAttributes macro with the exception that you can directly set SQOS. - /// - public unsafe OBJECT_ATTRIBUTES(UNICODE_STRING* objectName, ObjectAttributes attributes, IntPtr rootDirectory) - { - Length = (uint)sizeof(OBJECT_ATTRIBUTES); - RootDirectory = rootDirectory; - ObjectName = objectName; - Attributes = attributes; - SecurityDescriptor = null; - SecurityQualityOfService = null; - } - } - - [Flags] - public enum ObjectAttributes : uint - { - // https://msdn.microsoft.com/en-us/library/windows/hardware/ff564586.aspx - // https://msdn.microsoft.com/en-us/library/windows/hardware/ff547804.aspx - - /// - /// This handle can be inherited by child processes of the current process. - /// - OBJ_INHERIT = 0x00000002, - - /// - /// This flag only applies to objects that are named within the object manager. - /// By default, such objects are deleted when all open handles to them are closed. - /// If this flag is specified, the object is not deleted when all open handles are closed. - /// - OBJ_PERMANENT = 0x00000010, - - /// - /// Only a single handle can be open for this object. - /// - OBJ_EXCLUSIVE = 0x00000020, - - /// - /// Lookups for this object should be case insensitive. - /// - OBJ_CASE_INSENSITIVE = 0x00000040, - - /// - /// Create on existing object should open, not fail with STATUS_OBJECT_NAME_COLLISION. - /// - OBJ_OPENIF = 0x00000080, - - /// - /// Open the symbolic link, not its target. - /// - OBJ_OPENLINK = 0x00000100, - - // Only accessible from kernel mode - // OBJ_KERNEL_HANDLE - - // Access checks enforced, even in kernel mode - // OBJ_FORCE_ACCESS_CHECK - // OBJ_VALID_ATTRIBUTES = 0x000001F2 - } - - /// /// File creation disposition when calling directly to NT APIs. /// public enum CreateDisposition : uint diff --git a/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.KerbS4uLogin.cs b/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.KerbS4uLogin.cs index 68e0022..2e9dd97 100644 --- a/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.KerbS4uLogin.cs +++ b/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.KerbS4uLogin.cs @@ -14,8 +14,8 @@ internal partial class Interop { internal KERB_LOGON_SUBMIT_TYPE MessageType; internal KerbS4uLogonFlags Flags; - internal LSA_UNICODE_STRING ClientUpn; - internal LSA_UNICODE_STRING ClientRealm; + internal UNICODE_STRING ClientUpn; + internal UNICODE_STRING ClientRealm; } [Flags] diff --git a/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LSAStructs.cs b/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LSAStructs.cs index 3d0d6a6..bba8c14 100644 --- a/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LSAStructs.cs +++ b/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LSAStructs.cs @@ -18,17 +18,6 @@ internal static partial class Interop } [StructLayout(LayoutKind.Sequential)] - internal struct LSA_OBJECT_ATTRIBUTES - { - internal int Length; - internal IntPtr RootDirectory; - internal IntPtr ObjectName; - internal int Attributes; - internal IntPtr SecurityDescriptor; - internal IntPtr SecurityQualityOfService; - } - - [StructLayout(LayoutKind.Sequential)] internal struct LSA_TRANSLATED_SID2 { internal int Use; diff --git a/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LsaLogonUser.cs b/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LsaLogonUser.cs index 86d4be2..268688c 100644 --- a/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LsaLogonUser.cs +++ b/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LsaLogonUser.cs @@ -14,7 +14,7 @@ internal partial class Interop [DllImport(Libraries.SspiCli)] internal static extern int LsaLogonUser( [In] SafeLsaHandle LsaHandle, - [In] ref LSA_STRING OriginName, + [In] ref Advapi32.LSA_STRING OriginName, [In] SECURITY_LOGON_TYPE LogonType, [In] int AuthenticationPackage, [In] IntPtr AuthenticationInformation, diff --git a/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LsaLookupAuthenticationPackage.cs b/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LsaLookupAuthenticationPackage.cs index 950cde7..6080240 100644 --- a/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LsaLookupAuthenticationPackage.cs +++ b/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LsaLookupAuthenticationPackage.cs @@ -4,7 +4,6 @@ using System; using System.Runtime.InteropServices; - using Microsoft.Win32.SafeHandles; internal partial class Interop @@ -12,6 +11,10 @@ internal partial class Interop internal partial class SspiCli { [DllImport(Libraries.SspiCli)] - internal static extern int LsaLookupAuthenticationPackage(SafeLsaHandle LsaHandle, [In] ref LSA_STRING PackageName, out int AuthenticationPackage); + internal static extern int LsaLookupAuthenticationPackage( + SafeLsaHandle LsaHandle, + [In] ref Advapi32.LSA_STRING PackageName, + out int AuthenticationPackage + ); } } diff --git a/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LsaUnicodeString.cs b/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LsaUnicodeString.cs deleted file mode 100644 index 205fa8a..0000000 --- a/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.LsaUnicodeString.cs +++ /dev/null @@ -1,38 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -using System; -using System.Runtime.InteropServices; - -internal partial class Interop -{ - internal partial class SspiCli - { - [StructLayout(LayoutKind.Sequential)] - internal struct LSA_UNICODE_STRING - { - internal LSA_UNICODE_STRING(IntPtr pBuffer, ushort length) - { - Length = length; - MaximumLength = length; - Buffer = pBuffer; - } - - /// - /// Specifies the length, in bytes, of the string in Buffer. This value does not include the terminating null character, if any. - /// - internal ushort Length; - - /// - /// Specifies the total size, in bytes, of Buffer. Up to MaximumLength bytes may be written into the buffer without trampling memory. - /// - internal ushort MaximumLength; - - /// - /// Pointer to a wide character string. Note that strings returned by the LSA may not be null-terminated. - /// - internal IntPtr Buffer; - } - } -} diff --git a/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.UNICODE_STRING.cs b/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.UNICODE_STRING.cs deleted file mode 100644 index e81b506..0000000 --- a/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.UNICODE_STRING.cs +++ /dev/null @@ -1,18 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -using System; -using System.Runtime.InteropServices; - -internal static partial class Interop -{ - [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] - internal struct UNICODE_STRING - { - internal ushort Length; - internal ushort MaximumLength; - [MarshalAs(UnmanagedType.LPWStr)] - internal string Buffer; - } -} diff --git a/src/libraries/Common/src/Microsoft/Win32/SafeHandles/SafeLsaMemoryHandle.cs b/src/libraries/Common/src/Microsoft/Win32/SafeHandles/SafeLsaMemoryHandle.cs new file mode 100644 index 0000000..d7beb58 --- /dev/null +++ b/src/libraries/Common/src/Microsoft/Win32/SafeHandles/SafeLsaMemoryHandle.cs @@ -0,0 +1,25 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +using System; +using System.Runtime.InteropServices; + +namespace Microsoft.Win32.SafeHandles +{ + internal sealed class SafeLsaMemoryHandle : SafeBuffer + { + private SafeLsaMemoryHandle() : base(true) { } + + // 0 is an Invalid Handle + internal SafeLsaMemoryHandle(IntPtr handle) : base(true) + { + SetHandle(handle); + } + + override protected bool ReleaseHandle() + { + return Interop.Advapi32.LsaFreeMemory(handle) == 0; + } + } +} diff --git a/src/libraries/Common/src/Microsoft/Win32/SafeHandles/SafeLsaPolicyHandle.cs b/src/libraries/Common/src/Microsoft/Win32/SafeHandles/SafeLsaPolicyHandle.cs new file mode 100644 index 0000000..856bea9 --- /dev/null +++ b/src/libraries/Common/src/Microsoft/Win32/SafeHandles/SafeLsaPolicyHandle.cs @@ -0,0 +1,24 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +using System; + +namespace Microsoft.Win32.SafeHandles +{ + internal sealed class SafeLsaPolicyHandle : SafeHandleZeroOrMinusOneIsInvalid + { + private SafeLsaPolicyHandle() : base(true) { } + + // 0 is an Invalid Handle + internal SafeLsaPolicyHandle(IntPtr handle) : base(true) + { + SetHandle(handle); + } + + override protected bool ReleaseHandle() + { + return Interop.Advapi32.LsaClose(handle) == 0; + } + } +} diff --git a/src/libraries/Common/src/Microsoft/Win32/SafeHandles/SafeLsaReturnBufferHandle.cs b/src/libraries/Common/src/Microsoft/Win32/SafeHandles/SafeLsaReturnBufferHandle.cs new file mode 100644 index 0000000..d310e6a --- /dev/null +++ b/src/libraries/Common/src/Microsoft/Win32/SafeHandles/SafeLsaReturnBufferHandle.cs @@ -0,0 +1,27 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +using System; +using System.Runtime.InteropServices; +using System.Security; + +namespace Microsoft.Win32.SafeHandles +{ + internal sealed class SafeLsaReturnBufferHandle : SafeBuffer + { + private SafeLsaReturnBufferHandle() : base(true) { } + + // 0 is an Invalid Handle + internal SafeLsaReturnBufferHandle(IntPtr handle) : base(true) + { + SetHandle(handle); + } + + override protected bool ReleaseHandle() + { + // LsaFreeReturnBuffer returns an NTSTATUS + return Interop.SspiCli.LsaFreeReturnBuffer(handle) >= 0; + } + } +} diff --git a/src/libraries/System.Security.AccessControl/src/System/Security/SafeSecurityHandles.cs b/src/libraries/Common/src/Microsoft/Win32/SafeHandles/SafeTokenHandle.cs similarity index 100% rename from src/libraries/System.Security.AccessControl/src/System/Security/SafeSecurityHandles.cs rename to src/libraries/Common/src/Microsoft/Win32/SafeHandles/SafeTokenHandle.cs diff --git a/src/libraries/Microsoft.IO.Redist/src/Microsoft.IO.Redist.csproj b/src/libraries/Microsoft.IO.Redist/src/Microsoft.IO.Redist.csproj index feecce9..295b777 100644 --- a/src/libraries/Microsoft.IO.Redist/src/Microsoft.IO.Redist.csproj +++ b/src/libraries/Microsoft.IO.Redist/src/Microsoft.IO.Redist.csproj @@ -52,6 +52,9 @@ Common\Interop\Windows\Interop.UNICODE_STRING.cs + + Common\Interop\Windows\Interop.OBJECT_ATTRIBUTES.cs + Common\Interop\Windows\Interop.BOOLEAN.cs diff --git a/src/libraries/System.Data.SqlClient/src/System.Data.SqlClient.csproj b/src/libraries/System.Data.SqlClient/src/System.Data.SqlClient.csproj index ad70b88..a730f2e 100644 --- a/src/libraries/System.Data.SqlClient/src/System.Data.SqlClient.csproj +++ b/src/libraries/System.Data.SqlClient/src/System.Data.SqlClient.csproj @@ -243,6 +243,9 @@ Common\Interop\Windows\Interop.UNICODE_STRING.cs + + Common\Interop\Windows\Interop.OBJECT_ATTRIBUTES.cs + Common\Interop\Windows\Kernel32\Interop.IoControlCodeAccess.cs diff --git a/src/libraries/System.Diagnostics.Process/src/Microsoft/Win32/SafeHandles/SafeTokenHandle.cs b/src/libraries/System.Diagnostics.Process/src/Microsoft/Win32/SafeHandles/SafeTokenHandle.cs deleted file mode 100644 index 83160f7..0000000 --- a/src/libraries/System.Diagnostics.Process/src/Microsoft/Win32/SafeHandles/SafeTokenHandle.cs +++ /dev/null @@ -1,45 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -/*============================================================ -** -** Class: SafeTokenHandle -** -** A wrapper for a process handle -** -** -===========================================================*/ - -using System; -using System.Diagnostics; -using System.Runtime.InteropServices; -using System.Security; - -namespace Microsoft.Win32.SafeHandles -{ - internal sealed class SafeTokenHandle : SafeHandle - { - private const int DefaultInvalidHandleValue = 0; - - internal static readonly SafeTokenHandle InvalidHandle = new SafeTokenHandle(new IntPtr(DefaultInvalidHandleValue)); - - internal SafeTokenHandle() : base(new IntPtr(DefaultInvalidHandleValue), true) { } - - internal SafeTokenHandle(IntPtr handle) - : base(new IntPtr(DefaultInvalidHandleValue), true) - { - SetHandle(handle); - } - - public override bool IsInvalid - { - get { return handle == IntPtr.Zero || handle == new IntPtr(-1); } - } - - protected override bool ReleaseHandle() - { - return Interop.Kernel32.CloseHandle(handle); - } - } -} diff --git a/src/libraries/System.Diagnostics.Process/src/System.Diagnostics.Process.csproj b/src/libraries/System.Diagnostics.Process/src/System.Diagnostics.Process.csproj index 8a215fb..dcec78c 100644 --- a/src/libraries/System.Diagnostics.Process/src/System.Diagnostics.Process.csproj +++ b/src/libraries/System.Diagnostics.Process/src/System.Diagnostics.Process.csproj @@ -86,6 +86,9 @@ + + Microsoft\Win32\SafeHandles\SafeTokenHandle.cs + Common\Interop\Windows\Interop.Libraries.cs @@ -274,7 +277,6 @@ - diff --git a/src/libraries/System.IO.FileSystem/src/System.IO.FileSystem.csproj b/src/libraries/System.IO.FileSystem/src/System.IO.FileSystem.csproj index 3f5fd4f..539e47f 100644 --- a/src/libraries/System.IO.FileSystem/src/System.IO.FileSystem.csproj +++ b/src/libraries/System.IO.FileSystem/src/System.IO.FileSystem.csproj @@ -191,6 +191,9 @@ Common\Interop\Windows\Interop.UNICODE_STRING.cs + + Common\Interop\Windows\Interop.OBJECT_ATTRIBUTES.cs + Common\Interop\Windows\Interop.BOOLEAN.cs diff --git a/src/libraries/System.Security.AccessControl/src/System.Security.AccessControl.csproj b/src/libraries/System.Security.AccessControl/src/System.Security.AccessControl.csproj index d3a1b96d7..4985809 100644 --- a/src/libraries/System.Security.AccessControl/src/System.Security.AccessControl.csproj +++ b/src/libraries/System.Security.AccessControl/src/System.Security.AccessControl.csproj @@ -24,11 +24,13 @@ - Common\System\NotImplemented.cs + + Microsoft\Win32\SafeHandles\SafeTokenHandle.cs + Common\Interop\Interop.Libraries.cs diff --git a/src/libraries/System.Security.Principal.Windows/src/Microsoft/Win32/SafeHandles/SafeSecurityHandles.cs b/src/libraries/System.Security.Principal.Windows/src/Microsoft/Win32/SafeHandles/SafeSecurityHandles.cs deleted file mode 100644 index 3db3714..0000000 --- a/src/libraries/System.Security.Principal.Windows/src/Microsoft/Win32/SafeHandles/SafeSecurityHandles.cs +++ /dev/null @@ -1,59 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -using System; -using System.Runtime.InteropServices; -using System.Security; - -namespace Microsoft.Win32.SafeHandles -{ - internal sealed class SafeLsaMemoryHandle : SafeBuffer - { - private SafeLsaMemoryHandle() : base(true) { } - - // 0 is an Invalid Handle - internal SafeLsaMemoryHandle(IntPtr handle) : base(true) - { - SetHandle(handle); - } - - override protected bool ReleaseHandle() - { - return Interop.Advapi32.LsaFreeMemory(handle) == 0; - } - } - - internal sealed class SafeLsaPolicyHandle : SafeHandleZeroOrMinusOneIsInvalid - { - private SafeLsaPolicyHandle() : base(true) { } - - // 0 is an Invalid Handle - internal SafeLsaPolicyHandle(IntPtr handle) : base(true) - { - SetHandle(handle); - } - - override protected bool ReleaseHandle() - { - return Interop.Advapi32.LsaClose(handle) == 0; - } - } - - internal sealed class SafeLsaReturnBufferHandle : SafeBuffer - { - private SafeLsaReturnBufferHandle() : base(true) { } - - // 0 is an Invalid Handle - internal SafeLsaReturnBufferHandle(IntPtr handle) : base(true) - { - SetHandle(handle); - } - - override protected bool ReleaseHandle() - { - // LsaFreeReturnBuffer returns an NTSTATUS - return Interop.SspiCli.LsaFreeReturnBuffer(handle) >= 0; - } - } -} diff --git a/src/libraries/System.Security.Principal.Windows/src/System.Security.Principal.Windows.csproj b/src/libraries/System.Security.Principal.Windows/src/System.Security.Principal.Windows.csproj index 9bc6a0b..690f503 100644 --- a/src/libraries/System.Security.Principal.Windows/src/System.Security.Principal.Windows.csproj +++ b/src/libraries/System.Security.Principal.Windows/src/System.Security.Principal.Windows.csproj @@ -10,7 +10,6 @@ - @@ -23,6 +22,12 @@ Common\Interop\Interop.Libraries.cs + + Common\Interop\Windows\Advapi32\Interop.UNICODE_STRING.cs + + + Common\Interop\Windows\Advapi32\Interop.OBJECT_ATTRIBUTES.cs + Common\Interop\Interop.TOKENS.cs @@ -41,9 +46,6 @@ Common\Interop\Interop.SECURITY_LOGON_SESSION_DATA.cs - - Common\Interop\Interop.UNICODE_STRING.cs - Common\Interop\Interop.GetCurrentProcess.cs @@ -116,6 +118,9 @@ Common\Interop\Interop.LsaNtStatusToWinError.cs + + Common\Interop\Windows\Advapi32\Interop.LSA_STRING.cs + Common\Interop\Interop.LocalFree.cs @@ -146,12 +151,6 @@ Common\Interop\Windows\SspiCli\Interop.LsaLookupAuthenticationPackage.cs - - Common\Interop\Windows\SspiCli\Interop.LsaString.cs - - - Common\Interop\Windows\SspiCli\Interop.LsaUnicodeString.cs - Common\Interop\Windows\SspiCli\Interop.QuotaLimits.cs @@ -170,6 +169,15 @@ Common\Microsoft\Win32\SafeHandles\SafeLsaHandle.cs + + Common\Microsoft\Win32\SafeHandles\SafeLsaMemoryHandle.cs + + + Common\Microsoft\Win32\SafeHandles\SafeLsaPolicyHandle.cs + + + Common\Microsoft\Win32\SafeHandles\SafeLsaReturnBufferHandle.cs + diff --git a/src/libraries/System.Security.Principal.Windows/src/System/Security/Principal/NTAccount.cs b/src/libraries/System.Security.Principal.Windows/src/System/Security/Principal/NTAccount.cs index 8ccf20b..c14e184 100644 --- a/src/libraries/System.Security.Principal.Windows/src/System/Security/Principal/NTAccount.cs +++ b/src/libraries/System.Security.Principal.Windows/src/System/Security/Principal/NTAccount.cs @@ -247,7 +247,7 @@ namespace System.Security.Principal // Construct an array of unicode strings // - Interop.UNICODE_STRING[] Names = new Interop.UNICODE_STRING[sourceAccounts.Count]; + Interop.Advapi32.MARSHALLED_UNICODE_STRING[] Names = new Interop.Advapi32.MARSHALLED_UNICODE_STRING[sourceAccounts.Count]; int currentName = 0; foreach (IdentityReference id in sourceAccounts) diff --git a/src/libraries/System.Security.Principal.Windows/src/System/Security/Principal/Win32.cs b/src/libraries/System.Security.Principal.Windows/src/System/Security/Principal/Win32.cs index 4e151b9..524a3e7 100644 --- a/src/libraries/System.Security.Principal.Windows/src/System/Security/Principal/Win32.cs +++ b/src/libraries/System.Security.Principal.Windows/src/System/Security/Principal/Win32.cs @@ -40,33 +40,26 @@ namespace System.Security.Principal string systemName, PolicyRights rights) { - uint ReturnCode; - SafeLsaPolicyHandle Result; - Interop.LSA_OBJECT_ATTRIBUTES Loa; - - Loa.Length = Marshal.SizeOf(); - Loa.RootDirectory = IntPtr.Zero; - Loa.ObjectName = IntPtr.Zero; - Loa.Attributes = 0; - Loa.SecurityDescriptor = IntPtr.Zero; - Loa.SecurityQualityOfService = IntPtr.Zero; - - if (0 == (ReturnCode = Interop.Advapi32.LsaOpenPolicy(systemName, ref Loa, (int)rights, out Result))) + SafeLsaPolicyHandle policyHandle; + + var attributes = new Interop.OBJECT_ATTRIBUTES(); + uint error = Interop.Advapi32.LsaOpenPolicy(systemName, ref attributes, (int)rights, out policyHandle); + if (error == 0) { - return Result; + return policyHandle; } - else if (ReturnCode == Interop.StatusOptions.STATUS_ACCESS_DENIED) + else if (error == Interop.StatusOptions.STATUS_ACCESS_DENIED) { throw new UnauthorizedAccessException(); } - else if (ReturnCode == Interop.StatusOptions.STATUS_INSUFFICIENT_RESOURCES || - ReturnCode == Interop.StatusOptions.STATUS_NO_MEMORY) + else if (error == Interop.StatusOptions.STATUS_INSUFFICIENT_RESOURCES || + error == Interop.StatusOptions.STATUS_NO_MEMORY) { throw new OutOfMemoryException(); } else { - uint win32ErrorCode = Interop.Advapi32.LsaNtStatusToWinError(ReturnCode); + uint win32ErrorCode = Interop.Advapi32.LsaNtStatusToWinError(error); throw new Win32Exception(unchecked((int)win32ErrorCode)); } diff --git a/src/libraries/System.Security.Principal.Windows/src/System/Security/Principal/WindowsIdentity.cs b/src/libraries/System.Security.Principal.Windows/src/System/Security/Principal/WindowsIdentity.cs index fa9f466..aef5d49 100644 --- a/src/libraries/System.Security.Principal.Windows/src/System/Security/Principal/WindowsIdentity.cs +++ b/src/libraries/System.Security.Principal.Windows/src/System/Security/Principal/WindowsIdentity.cs @@ -16,7 +16,7 @@ using KERB_LOGON_SUBMIT_TYPE = Interop.SspiCli.KERB_LOGON_SUBMIT_TYPE; using KERB_S4U_LOGON = Interop.SspiCli.KERB_S4U_LOGON; using KerbS4uLogonFlags = Interop.SspiCli.KerbS4uLogonFlags; using LUID = Interop.LUID; -using LSA_STRING = Interop.SspiCli.LSA_STRING; +using LSA_STRING = Interop.Advapi32.LSA_STRING; using QUOTA_LIMITS = Interop.SspiCli.QUOTA_LIMITS; using SECURITY_LOGON_TYPE = Interop.SspiCli.SECURITY_LOGON_TYPE; using TOKEN_SOURCE = Interop.SspiCli.TOKEN_SOURCE; -- 2.7.4