Moved SetThreadIdentity into the ServerContext
The ImpersonationHandle class should probably stay as bare as possible since it's provided to the caller and we don't want to expose anything more than we need. Since the ServerContext is capable of performing this as a private method, move it there. Updated the comments and variable names on the constructor to better indicate what exactly the option does, especially since modification of this property seems to be such a touchy subject.
This commit is contained in:
Kevin Thompson
@@ -31,14 +31,6 @@ namespace NSspi.Contexts
|
|||||||
this.disposed = false;
|
this.disposed = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Set the current thread security context to the impersonated identity
|
|
||||||
/// </summary>
|
|
||||||
public void SetThreadIdentity()
|
|
||||||
{
|
|
||||||
Thread.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent(TokenAccessLevels.AllAccess));
|
|
||||||
}
|
|
||||||
|
|
||||||
~ImpersonationHandle()
|
~ImpersonationHandle()
|
||||||
{
|
{
|
||||||
Dispose( false );
|
Dispose( false );
|
||||||
|
|||||||
@@ -1,5 +1,7 @@
|
|||||||
using System;
|
using System;
|
||||||
using System.Runtime.CompilerServices;
|
using System.Runtime.CompilerServices;
|
||||||
|
using System.Security.Principal;
|
||||||
|
using System.Threading;
|
||||||
using NSspi.Buffers;
|
using NSspi.Buffers;
|
||||||
using NSspi.Credentials;
|
using NSspi.Credentials;
|
||||||
|
|
||||||
@@ -14,22 +16,25 @@ namespace NSspi.Contexts
|
|||||||
private ContextAttrib finalAttribs;
|
private ContextAttrib finalAttribs;
|
||||||
|
|
||||||
private bool impersonating;
|
private bool impersonating;
|
||||||
private bool setThreadIdentity;
|
private bool impersonationSetsThreadPrinciple;
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Performs basic initialization of a new instance of the ServerContext class. The ServerContext
|
/// Performs basic initialization of a new instance of the ServerContext class. The
|
||||||
/// is not ready for message manipulation until a security context has been established with a client.
|
/// ServerContext is not ready for message manipulation until a security context has been
|
||||||
|
/// established with a client.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="cred"></param>
|
/// <param name="cred"></param>
|
||||||
/// <param name="requestedAttribs"></param>
|
/// <param name="requestedAttribs"></param>
|
||||||
/// <param name="setThreadIdentity">True to automatically set the thread identity while impersonating</param>
|
/// <param name="impersonationSetsThreadPrinciple">
|
||||||
public ServerContext( Credential cred, ContextAttrib requestedAttribs, bool setThreadIdentity = false ) : base( cred )
|
/// If true, the `Thread.CurrentPrinciple` property will be modified by successful impersonation.
|
||||||
|
/// </param>
|
||||||
|
public ServerContext( Credential cred, ContextAttrib requestedAttribs, bool impersonationSetsThreadPrinciple = false ) : base( cred )
|
||||||
{
|
{
|
||||||
this.requestedAttribs = requestedAttribs;
|
this.requestedAttribs = requestedAttribs;
|
||||||
this.finalAttribs = ContextAttrib.Zero;
|
this.finalAttribs = ContextAttrib.Zero;
|
||||||
|
|
||||||
this.impersonating = false;
|
this.impersonating = false;
|
||||||
this.setThreadIdentity = setThreadIdentity;
|
this.impersonationSetsThreadPrinciple = impersonationSetsThreadPrinciple;
|
||||||
|
|
||||||
this.SupportsImpersonate = this.Credential.PackageInfo.Capabilities.HasFlag( SecPkgCapability.Impersonation );
|
this.SupportsImpersonate = this.Credential.PackageInfo.Capabilities.HasFlag( SecPkgCapability.Impersonation );
|
||||||
}
|
}
|
||||||
@@ -223,7 +228,7 @@ namespace NSspi.Contexts
|
|||||||
|
|
||||||
this.ContextHandle.DangerousRelease();
|
this.ContextHandle.DangerousRelease();
|
||||||
|
|
||||||
this.impersonating = true;
|
this.impersonating = status == SecurityStatus.OK;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -240,9 +245,9 @@ namespace NSspi.Contexts
|
|||||||
throw new SSPIException( "Failed to impersonate the client", status );
|
throw new SSPIException( "Failed to impersonate the client", status );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( this.impersonating && this.setThreadIdentity )
|
if( this.impersonating && this.impersonationSetsThreadPrinciple )
|
||||||
{
|
{
|
||||||
handle.SetThreadIdentity();
|
SetThreadPrinciple();
|
||||||
}
|
}
|
||||||
|
|
||||||
return handle;
|
return handle;
|
||||||
@@ -307,5 +312,15 @@ namespace NSspi.Contexts
|
|||||||
|
|
||||||
base.Dispose( disposing );
|
base.Dispose( disposing );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Set the current thread security context to the impersonated identity.
|
||||||
|
/// </summary>
|
||||||
|
private void SetThreadPrinciple()
|
||||||
|
{
|
||||||
|
Thread.CurrentPrincipal = new WindowsPrincipal(
|
||||||
|
WindowsIdentity.GetCurrent( TokenAccessLevels.AllAccess )
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Reference in New Issue
Block a user