WindowsSystemIdentity.cs

Go to the documentation of this file.

using System;
using System.DirectoryServices.AccountManagement;
using System.Runtime.Versioning;
using System.Security.Principal;
using System.Threading;
using System.Threading.Tasks;
 
using Tgstation.Server.Host.IO;
 
namespace Tgstation.Server.Host.Security
{
    [SupportedOSPlatform("windows")]
    sealed class WindowsSystemIdentity : ISystemIdentity
    {
        public string Uid => (userPrincipal?.Sid ?? identity!.User!).ToString(); // we kno user isn't null because it can only be the case when anonymous (checked in this constructor)
 
        public string Username => userPrincipal?.Name ?? identity!.Name;
 
        public bool CanCreateSymlinks => IsSuperUser;
 
        public bool IsSuperUser => isAdmin ?? throw new NotSupportedException();
 
        readonly WindowsIdentity? identity;
 
        readonly UserPrincipal? userPrincipal;
 
        readonly bool? isAdmin;
 
        public WindowsSystemIdentity(WindowsIdentity identity)
        {
            this.identity = identity ?? throw new ArgumentNullException(nameof(identity));
            if (identity.IsAnonymous)
                throw new ArgumentException($"Cannot use anonymous {nameof(WindowsIdentity)} as a {nameof(WindowsSystemIdentity)}!", nameof(identity));
 
            isAdmin = new WindowsPrincipal(identity).IsInRole(WindowsBuiltInRole.Administrator);
        }
 
        public WindowsSystemIdentity(UserPrincipal userPrincipal)
        {
            this.userPrincipal = userPrincipal ?? throw new ArgumentNullException(nameof(userPrincipal));
        }
 
        public void Dispose()
        {
            if (identity != null)
                identity.Dispose();
            else
            {
                var context = userPrincipal!.Context;
                userPrincipal.Dispose();
                context.Dispose();
            }
        }
 
        public ISystemIdentity Clone()
        {
            if (identity != null)
            {
                // var newIdentity = (WindowsIdentity)identity.Clone(); //doesn't work because of https://github.com/dotnet/corefx/issues/31841
                var newIdentity = new WindowsIdentity(identity.Token); // the handle is cloned internally
 
                return new WindowsSystemIdentity(newIdentity);
            }
 
            // can't clone a UP, shouldn't be trying to anyway, cloning is for impersonation
            throw new NotSupportedException("Cannot clone a UserPrincipal based WindowsSystemIdentity!");
        }
 
        public Task RunImpersonated(Action action, CancellationToken cancellationToken) => Task.Factory.StartNew(
            () =>
            {
                ArgumentNullException.ThrowIfNull(action);
                if (identity == null)
                    throw new NotSupportedException("Impersonate using a UserPrincipal based WindowsSystemIdentity!");
                WindowsIdentity.RunImpersonated(identity.AccessToken, action);
            },
            cancellationToken,
            DefaultIOManager.BlockingTaskCreationOptions,
            TaskScheduler.Current);
    }
}