Fixed enum value. Any actual unicode strings passed in will only use the first character because the 0 byte after the first character is treated as a terminator.

Added ability to set the current thread principal so it's inline with the actual security context.
2018-03-30 11:40:37 -07:00
parent 8355a6b821
commit f0820875c3
3 changed files with 21 additions and 3 deletions
--- a/NSspi/Contexts/ImpersonationHandle.cs
+++ b/NSspi/Contexts/ImpersonationHandle.cs
@@ -1,4 +1,6 @@
 using System;
+using System.Security.Principal;
+using System.Threading;

 namespace NSspi.Contexts
 {
@@ -29,6 +31,14 @@ namespace NSspi.Contexts
            this.disposed = false;
        }

+        /// <summary>
+        /// Set the current thread security context to the impersonated identity
+        /// </summary>
+        public void SetThreadIdentity()
+        {
+            Thread.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent(TokenAccessLevels.AllAccess));
+        }
+
        ~ImpersonationHandle()
        {
            Dispose( false );
--- a/NSspi/Contexts/ServerContext.cs
+++ b/NSspi/Contexts/ServerContext.cs
@@ -14,6 +14,7 @@ namespace NSspi.Contexts
        private ContextAttrib finalAttribs;

        private bool impersonating;
+        private bool setThreadIdentity;

        /// <summary>
        /// Performs basic initialization of a new instance of the ServerContext class. The ServerContext
@@ -21,12 +22,14 @@ namespace NSspi.Contexts
        /// </summary>
        /// <param name="cred"></param>
        /// <param name="requestedAttribs"></param>
-        public ServerContext( Credential cred, ContextAttrib requestedAttribs ) : base( cred )
+        /// <param name="setThreadIdentity">True to automatically set the thread identity while impersonating</param>
+        public ServerContext( Credential cred, ContextAttrib requestedAttribs, bool setThreadIdentity = false ) : base( cred )
        {
            this.requestedAttribs = requestedAttribs;
            this.finalAttribs = ContextAttrib.Zero;

            this.impersonating = false;
+            this.setThreadIdentity = setThreadIdentity;

            this.SupportsImpersonate = this.Credential.PackageInfo.Capabilities.HasFlag( SecPkgCapability.Impersonation );
        }
@@ -237,6 +240,11 @@ namespace NSspi.Contexts
                throw new SSPIException( "Failed to impersonate the client", status );
            }

+            if ( this.impersonating && this.setThreadIdentity )
+            {
+                handle.SetThreadIdentity();
+            }
+
            return handle;
        }

--- a/NSspi/Credentials/AuthData.cs
+++ b/NSspi/Credentials/AuthData.cs
@@ -50,6 +50,6 @@ namespace NSspi.Credentials
    {
        Ansi = 1,

-        Unicode = 1
+        Unicode = 2
    }
 }