private static SafeAuthzResourceManagerHandle InitializeResourceManager(string authzServerName, bool allowLocalFallback, out bool localFallbackOccurred)
{
SafeAuthzResourceManagerHandle authzRm = null;
localFallbackOccurred = false;
if (!string.IsNullOrWhiteSpace(authzServerName) && Environment.OSVersion.Version.Major < 6 || (Environment.OSVersion.Version.Major == 6 && Environment.OSVersion.Version.Minor < 2))
{
throw new PlatformNotSupportedException("Specifying a remote server name requires Windows 8 or Windows Server 2012");
}
try
{
if (!string.IsNullOrWhiteSpace(authzServerName))
{
AuthzRpcInitInfoClient client = new AuthzRpcInitInfoClient
{
Version = AuthzRpcClientVersion.V1,
ObjectUuid = NativeMethods.AuthzObjectUuidWithoutCap,
Protocol = NativeMethods.RcpOverTcpProtocol,
Server = authzServerName
};
SafeAllocHGlobalHandle clientInfo = new SafeAllocHGlobalHandle(Marshal.SizeOf(typeof(AuthzRpcInitInfoClient)));
IntPtr pClientInfo = clientInfo.DangerousGetHandle();
Marshal.StructureToPtr(client, pClientInfo, false);
if (!NativeMethods.AuthzInitializeRemoteResourceManager(pClientInfo, out authzRm))
{
throw new AuthorizationContextException("AuthzInitializeRemoteResourceManager failed", new Win32Exception(Marshal.GetLastWin32Error()));
}
}
}
catch (Exception)
{
if (allowLocalFallback)
{
localFallbackOccurred = true;
}
else
{
throw;
}
}
if (authzRm == null || authzRm.IsInvalid)
{
if (!NativeMethods.AuthzInitializeResourceManager(AuthzResourceManagerFlags.NO_AUDIT, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, null, out authzRm))
{
throw new AuthorizationContextException("AuthzInitializeResourceManager failed", new Win32Exception(Marshal.GetLastWin32Error()));
}
}
return(authzRm);
}
private static SafeAuthzContextHandle InitializeAuthorizationContextFromSid(SafeAuthzResourceManagerHandle authzRm, SecurityIdentifier sid, AuthzInitFlags flags)
{
byte[] sidBytes = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBytes, 0);
if (!NativeMethods.AuthzInitializeContextFromSid(flags, sidBytes, authzRm, IntPtr.Zero, Luid.NullLuid, IntPtr.Zero, out SafeAuthzContextHandle userClientCtxt))
{
int errorCode = Marshal.GetLastWin32Error();
throw new AuthorizationContextException("AuthzInitializeContextFromSid failed", new Win32Exception(errorCode));
}
return(userClientCtxt);
}
/// <summary>
/// Initializes a new instance of the AuthorizationContext class
/// </summary>
/// <param name="accessToken">The access token of the principal to build the authorization context for</param>
/// <param name="server">The remote server to use to build the authorization context</param>
/// <param name="allowLocalFallback">A value that indicates if automatically falling back to the local server is allowed if the remote context fails to be established. If fallback occurs, the context will be initialized with the <see cref="Server"/> field set to null</param>
/// <param name="flags">The initialization flags used to build the context</param>
public AuthorizationContext(SafeAccessTokenHandle accessToken, string server, bool allowLocalFallback, AuthzInitFlags flags)
{
this.authzRm = InitializeResourceManager(server, allowLocalFallback, out bool localFallbackOccurred);
this.SecurityIdentifer = GetSecurityIdentifierFromAccessToken(accessToken.DangerousGetHandle());
if (localFallbackOccurred)
{
this.Server = null;
}
else
{
this.Server = server;
}
this.authzContext = InitializeAuthorizationContextFromToken(this.authzRm, accessToken, flags);
}
/// <summary>
/// Initializes a new instance of the AuthorizationContext class
/// </summary>
/// <param name="principal">The security identifier of the principal to build the authorization context for</param>
/// <param name="server">The remote server to use to build the authorization context</param>
/// <param name="allowLocalFallback">A value that indicates if automatically falling back to the local server is allowed if the remote context fails to be established. If fallback occurs, the context will be initialized with the <see cref="Server"/> field set to null</param>
/// <param name="flags">The initialization flags used to build the context</param>
public AuthorizationContext(SecurityIdentifier principal, string server, bool allowLocalFallback, AuthzInitFlags flags)
{
this.SecurityIdentifer = principal;
this.authzRm = InitializeResourceManager(server, allowLocalFallback, out bool localFallbackOccurred);
if (localFallbackOccurred)
{
this.Server = null;
}
else
{
this.Server = server;
}
this.authzContext = InitializeAuthorizationContextFromSid(this.authzRm, this.SecurityIdentifer, flags);
}
private static SafeAuthzContextHandle InitializeAuthorizationContextFromToken(SafeAuthzResourceManagerHandle authzRm, SafeAccessTokenHandle accessToken, AuthzInitFlags flags)
{
if (!NativeMethods.AuthzInitializeContextFromToken(flags, accessToken, authzRm, IntPtr.Zero, Luid.NullLuid, IntPtr.Zero, out SafeAuthzContextHandle userClientCtxt))
{
int errorCode = Marshal.GetLastWin32Error();
throw new AuthorizationContextException("AuthzInitializeContextFromSid failed", new Win32Exception(errorCode));
}
return(userClientCtxt);
}
