/// <summary>
/// Create a remote AuthZ resource manager from a raw binding string.
/// </summary>
/// <param name="string_binding">The RPC string binding for the server.</param>
/// <param name="server_spn">The SPN for the server.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The created AuthZ resource manager.</returns>
public static NtResult <AuthZResourceManager> Create(string string_binding, string server_spn, bool throw_on_error)
{
var binding = new CrackedBindingString(string_binding);
AUTHZ_RPC_INIT_INFO_CLIENT client_info = new AUTHZ_RPC_INIT_INFO_CLIENT
{
version = AUTHZ_RPC_INIT_INFO_CLIENT.AUTHZ_RPC_INIT_INFO_CLIENT_VERSION_V1,
ProtSeq = binding.Protseq,
Options = binding.NetworkOptions,
NetworkAddr = binding.NetworkAddr,
Endpoint = binding.Endpoint,
ObjectUuid = binding.ObjUuid,
ServerSpn = server_spn
};
return(Create(client_info, throw_on_error));
}
/// <summary>
/// Create a remote AuthZ resource manager from a raw binding string.
/// </summary>
/// <param name="server">The address of the server.</param>
/// <param name="server_spn">The SPN for the server.</param>
/// <param name="type">Specify the type of </param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The created AuthZ resource manager.</returns>
public static NtResult <AuthZResourceManager> Create(string server, string server_spn, AuthZResourceManagerRemoteServiceType type, bool throw_on_error)
{
AUTHZ_RPC_INIT_INFO_CLIENT client_info = new AUTHZ_RPC_INIT_INFO_CLIENT
{
version = AUTHZ_RPC_INIT_INFO_CLIENT.AUTHZ_RPC_INIT_INFO_CLIENT_VERSION_V1,
ProtSeq = "ncacn_ip_tcp",
Options = null,
NetworkAddr = server,
Endpoint = null,
ObjectUuid = type == AuthZResourceManagerRemoteServiceType.Default ?
"5fc860e0-6f6e-4fc2-83cd-46324f25e90b" : "9a81c2bd-a525-471d-a4ed-49907c0b23da",
ServerSpn = string.IsNullOrEmpty(server_spn) ? null : server_spn
};
return(Create(client_info, throw_on_error));
}
private void GetEffectivePermissions_AuthzInitializeResourceManager(string serverName, out bool remoteServerAvailable)
{
remoteServerAvailable = false;
var rpcInitInfo = new AUTHZ_RPC_INIT_INFO_CLIENT();
rpcInitInfo.version = AuthzRpcClientVersion.V1;
rpcInitInfo.objectUuid = AUTHZ_OBJECTUUID_WITHCAP;
rpcInitInfo.protocol = RCP_OVER_TCP_PROTOCOL;
rpcInitInfo.server = serverName;
SafeHGlobalHandle pRpcInitInfo = SafeHGlobalHandle.AllocHGlobalStruct(rpcInitInfo);
if (!AuthzInitializeRemoteResourceManager(pRpcInitInfo.ToIntPtr(), out authzRM))
{
int error = Marshal.GetLastWin32Error();
if (error != Win32Error.EPT_S_NOT_REGISTERED) //if not RPC server unavailable
{
throw new Win32Exception(error);
}
if (serverName == "localhost")
{
remoteServerAvailable = true;
}
//
// As a fallback we do AuthzInitializeResourceManager. But the results can be inaccurate.
//
if (!AuthzInitializeResourceManager(
AuthzResourceManagerFlags.NO_AUDIT,
IntPtr.Zero,
IntPtr.Zero,
IntPtr.Zero,
"EffectiveAccessCheck",
out authzRM))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
else
{
remoteServerAvailable = true;
}
}
