jeff/NSspi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed enum value. Any actual unicode strings passed in will only use the first character because the 0 byte after the first character is treated as a terminator.

Browse Source 
Added ability to set the current thread principal so it's inline with the actual security context.
This commit is contained in:
Steve Syfuhs
2018-03-30 11:40:37 -07:00
parent 8355a6b821
commit f0820875c3
3 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
NSspi/Contexts/ImpersonationHandle.cs
View File

@@ -1,4 +1,6 @@
using System; using System;
using System.Security.Principal;
using System.Threading;
namespace NSspi.Contexts namespace NSspi.Contexts
{ {
@@ -29,6 +31,14 @@ namespace NSspi.Contexts
this.disposed = false; this.disposed = false;
} }
/// <summary>
/// Set the current thread security context to the impersonated identity
/// </summary>
public void SetThreadIdentity()
{
Thread.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent(TokenAccessLevels.AllAccess));
}
~ImpersonationHandle() ~ImpersonationHandle()
{ {
Dispose( false ); Dispose( false );
@@ -45,7 +55,7 @@ namespace NSspi.Contexts
protected virtual void Dispose( bool disposing ) protected virtual void Dispose( bool disposing )
{ {
if( disposing && this.disposed == false && this.server != null && this.server.Disposed == false ) if ( disposing && this.disposed == false && this.server != null && this.server.Disposed == false )
{ {
this.server.RevertImpersonate(); this.server.RevertImpersonate();
} }

10
NSspi/Contexts/ServerContext.cs
View File

@@ -14,6 +14,7 @@ namespace NSspi.Contexts
private ContextAttrib finalAttribs; private ContextAttrib finalAttribs;
private bool impersonating; private bool impersonating;
private bool setThreadIdentity;
/// <summary> /// <summary>
/// Performs basic initialization of a new instance of the ServerContext class. The ServerContext /// Performs basic initialization of a new instance of the ServerContext class. The ServerContext
@@ -21,12 +22,14 @@ namespace NSspi.Contexts
/// </summary> /// </summary>
/// <param name="cred"></param> /// <param name="cred"></param>
/// <param name="requestedAttribs"></param> /// <param name="requestedAttribs"></param>
public ServerContext( Credential cred, ContextAttrib requestedAttribs ) : base( cred ) /// <param name="setThreadIdentity">True to automatically set the thread identity while impersonating</param>
public ServerContext( Credential cred, ContextAttrib requestedAttribs, bool setThreadIdentity = false ) : base( cred )
{ {
this.requestedAttribs = requestedAttribs; this.requestedAttribs = requestedAttribs;
this.finalAttribs = ContextAttrib.Zero; this.finalAttribs = ContextAttrib.Zero;
this.impersonating = false; this.impersonating = false;
this.setThreadIdentity = setThreadIdentity;
this.SupportsImpersonate = this.Credential.PackageInfo.Capabilities.HasFlag( SecPkgCapability.Impersonation ); this.SupportsImpersonate = this.Credential.PackageInfo.Capabilities.HasFlag( SecPkgCapability.Impersonation );
} }
@@ -237,6 +240,11 @@ namespace NSspi.Contexts
throw new SSPIException( "Failed to impersonate the client", status ); throw new SSPIException( "Failed to impersonate the client", status );
} }
if ( this.impersonating && this.setThreadIdentity )
{
handle.SetThreadIdentity();
}
return handle; return handle;
} }

2
NSspi/Credentials/AuthData.cs
View File

@@ -50,6 +50,6 @@ namespace NSspi.Credentials
{ {
Ansi = 1, Ansi = 1,
Unicode = 1 Unicode = 2
} }
} }