/// <summary>
/// Allocates resources for an access reply
/// Call UninitializeAuthzAccessReply to free the resources
/// </summary>
/// <param name="accessReply"></param>
public static void InitializeAuthzAccessReply(ref UnsafeNativeMethods.AuthzAccessReply accessReply)
{
accessReply.ResultListLength = 1;
accessReply.GrantedAccessMask = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(int)) * accessReply.ResultListLength);
accessReply.SaclEvaluationResults = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(int)) * accessReply.ResultListLength);
accessReply.Error = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(int)) * accessReply.ResultListLength);
}
/// <summary>
/// Frees resources associated with an initialized access reply
/// </summary>
/// <param name="accessReply"></param>
public static void UninitializeAuthzAccessReply(ref UnsafeNativeMethods.AuthzAccessReply accessReply)
{
if (accessReply.GrantedAccessMask != IntPtr.Zero)
{
Marshal.FreeHGlobal(accessReply.GrantedAccessMask);
}
if (accessReply.SaclEvaluationResults != IntPtr.Zero)
{
Marshal.FreeHGlobal(accessReply.SaclEvaluationResults);
}
if (accessReply.Error != IntPtr.Zero)
{
Marshal.FreeHGlobal(accessReply.Error);
}
}
private static bool AuthzAccessCheck(SecurityIdentifier roleSid, SecurityIdentifier userSid)
{
IntPtr resourceManager = IntPtr.Zero;
try
{
resourceManager = UserAccountHelper.CreateAuthzResourceManager();
IntPtr clientContext = IntPtr.Zero;
try
{
clientContext = UserAccountHelper.CreateAuthzClientContext(userSid, resourceManager);
UnsafeNativeMethods.AuthzAccessReply accessReply = new UnsafeNativeMethods.AuthzAccessReply();
try
{
UserAccountHelper.InitializeAuthzAccessReply(ref accessReply);
UnsafeNativeMethods.AuthzAccessRequest accessRequest = new UnsafeNativeMethods.AuthzAccessRequest(
UserAccountHelper.MaximumAllowed);
byte[] roleSecurityDescriptorData = UserAccountHelper.GetRoleSecurityDescriptorData(
roleSid,
UserAccountHelper.StandardAccess);
if (!UnsafeNativeMethods.AuthzAccessCheck(
0,
clientContext,
ref accessRequest,
IntPtr.Zero,
roleSecurityDescriptorData,
IntPtr.Zero,
0,
ref accessReply,
IntPtr.Zero))
{
throw new Exception("Failed to get authorization information");
}
return(UnsafeNativeMethods.AuthzAccessIsGranted(ref accessReply));
}
finally
{
UserAccountHelper.UninitializeAuthzAccessReply(ref accessReply);
}
}
finally
{
if (clientContext != IntPtr.Zero)
{
if (!UnsafeNativeMethods.AuthzFreeContext(clientContext))
{
throw new Exception("Failed to get authorization information");
}
}
}
}
finally
{
if (resourceManager != IntPtr.Zero)
{
if (!UnsafeNativeMethods.AuthzFreeResourceManager(resourceManager))
{
throw new Exception("Failed to get authorization information");
}
}
}
}
