websspi
websspi copied to clipboard
quasoft
Add linked token resolution
By setting (websspi.Config).ResolveLinked there will be another *websspi.UserInfo placed in the request context with the key websspi.LinkedTokenUserInfoKey.
The example is extended to return both, the regular and linked token (emphasis is not in the example):
Hello BIEWALD\Administrator!
Groups:
- Domain Users
- Everyone
- Users
- INTERACTIVE
- CONSOLE LOGON
- Authenticated Users
- This Organization
- LOCAL
- Security
- Authentication authority asserted identity
- Denied RODC Password Replication Group
Linked Token: BIEWALD\Administrator
Groups:
- Domain Users
- Everyone
- Administrators
- Users
- Pre-Windows 2000 Compatible Access
- INTERACTIVE
- CONSOLE LOGON
- Authenticated Users
- This Organization
- LOCAL
- Domain Admins
- Security
- Group Policy Creator Owners
- Enterprise Admins
- Schema Admins
- Authentication authority asserted identity
- Denied RODC Password Replication Group
If the same site is requested from an elevated command, the tokens are swapped. Tests and improved documentation is missing, hence the draft status of this PR.
Closes #5.
Thanks, at first glance it looks good. Thanks for your effort!
Will have more time to look it more detailed during the weekend.
Noticed a buffer holding the SID is allocated with 50 bytes. May be it would be reasonable to preserve 68 bytes just for the SID as that seems to be the maximum byte size of a user SID.
