Bug 314231 (MONO56144) - [PATCH] Environment.UserName must represent the username (not the %USERNAME% variable)
Summary: [PATCH] Environment.UserName must represent the username (not the %USERNAME% ...
Status: RESOLVED FIXED
Alias: MONO56144
Product: Mono: Runtime
Classification: Mono
Component: misc (show other bugs)
Version: unspecified
Hardware: Other All
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Mono Bugs
QA Contact: Mono Bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-03-29 06:06 UTC by Sebastien Pouliot
Modified: 2007-09-15 21:24 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
envun.cs (499 bytes, text/plain)
2004-03-29 06:09 UTC, Thomas Wiest 		Details
newfiles.tar (10.00 KB, application/octet-stream)
2004-04-01 21:58 UTC, Thomas Wiest 		Details
classlib.diff (810 bytes, patch)
2004-04-01 21:59 UTC, Thomas Wiest 		Details | Diff
runtime.diff (2.03 KB, patch)
2004-04-01 22:00 UTC, Thomas Wiest 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Wiest 2007-09-15 18:31:55 UTC 


---- Reported by sebastien@ximian.com 2004-03-28 23:06:12 MST ----

Description of Problem:

We are trusting the environment variables to get the username and userdomain.


Steps to reproduce the problem:
(1) Running on MS runtime

> envun
        GetEnvironmentVariable(%USERNAME%)      toto
        Environment.UserName                    spouliot
        GetEnvironmentVariable(%USERDOMAIN%)    FARSCAPE
        Environment.UserDomainName              FARSCAPE


(2) Running on Mono

> mono envun.exe
        GetEnvironmentVariable(%USERNAME%)      toto
        Environment.UserName                    toto
        GetEnvironmentVariable(%USERDOMAIN%)    FARSCAPE
        Environment.UserDomainName              FARSCAPE


(3) We change the environement variables

> set USERNAME=mono
> set USERDOMAIN=go


(4) Running on MS runtime

> envun
        GetEnvironmentVariable(%USERNAME%)      toto
        Environment.UserName                    spouliot
        GetEnvironmentVariable(%USERDOMAIN%)    go
        Environment.UserDomainName              FARSCAPE


(2) Running on Mono

> mono envun.exe
        GetEnvironmentVariable(%USERNAME%)      toto
        Environment.UserName                    toto
        GetEnvironmentVariable(%USERDOMAIN%)    go
        Environment.UserDomainName              FARSCAPE

Actual Results:

We can change the username by changing the USERNAME or USER variable.
        Environment.UserName                    toto


Expected Results:

The UserName property should always return the current user name.
        Environment.UserName                    spouliot


How often does this happen? 

Always


Additional Information:

- Actually the bug is in the class library (right now) but it's solution is
to move the code into the runtime (like other properties) as it can be
different for each OS.

- Microsoft documentation states that Environment.UserName can be used to
identify the user for security or access purpose. We cannot rely on
environment variables for this.



---- Additional Comments From sebastien@ximian.com 2004-03-28 23:09:25 MST ----

Created an attachment (id=165810)
envun.cs




---- Additional Comments From sebastien@ximian.com 2004-03-28 23:25:01 MST ----

Using a slightly modified [1] version of the
WindowsIdentity.Impersonate sample code from MSDN (not reproduced [2])
on the MS runtime (not yet implemented in Mono) we see that
Environment.UserName isn't cached on the start of the running
assembly. This is really the current OS identity associated with the
Win32 thread/process.

>impersonate

Enter the name of a machine on which to log on: farscape
Enter the login of a user on farscape that you wish to impersonate: test
Enter the password for test: *********
LogonUser called.
Did LogonUser Succeed? Yes
Value of Windows NT token: 1768
Before impersonation: FARSCAPE\spouliot
Env.UserName: spouliot
After impersonation: FARSCAPE\test
Env.UserName: test
After Undo: FARSCAPE\spouliot
Env.UserName: spouliot


[1] Just added a 
Console.WriteLine ("Env.UserName: {0}", Environment.UserName);
after each time WindowsIdentity.GetCurrent().Name was displayed.

[2] Sample can be found at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemsecurityprincipalwindowsidentityclassimpersonatetopic.asp



---- Additional Comments From sebastien@ximian.com 2004-04-01 14:58:02 MST ----

Here's a patch that add runtime support for Environement.UserName. The
patch was tested under Linux (still can't build the runtime under
Windows).

New files (newfiles.tar):
mono/mono/metadata/security.h
mono/mono/metadata/security.c
mono/mono/io-layer/security.h
mono/mono/io-layer/security.c

Patched files (runtime.diff):
mono/mono/metadata/icall.c
mono/mono/metadata/Makefile.am
mono/mono/io-layer/Makefile.am

Patched files (classlib.diff):
mcs/class/corlib/System/Environment.cs




---- Additional Comments From sebastien@ximian.com 2004-04-01 14:58:49 MST ----

Created an attachment (id=165811)
newfiles.tar




---- Additional Comments From sebastien@ximian.com 2004-04-01 14:59:37 MST ----

Created an attachment (id=165812)
classlib.diff




---- Additional Comments From sebastien@ximian.com 2004-04-01 15:00:31 MST ----

Created an attachment (id=165813)
runtime.diff




---- Additional Comments From sebastien@ximian.com 2004-04-02 11:00:38 MST ----

Made some changes to includes following Dick comments and commited to CVS.

Imported an attachment (id=165810)
Imported an attachment (id=165811)
Imported an attachment (id=165812)
Imported an attachment (id=165813)