Example #1
0
        private AuthorizationContextDomainDetails GetDomainDetails(SecurityIdentifier sid)
        {
            if (!domainCache.TryGetValue(sid.AccountDomainSid, out AuthorizationContextDomainDetails value))
            {
                string domainDnsName = this.discoveryServices.GetDomainNameDns(sid);
                value = new AuthorizationContextDomainDetails(sid.AccountDomainSid, domainDnsName, this.discoveryServices)
                {
                    Mapping = this.GetMapping(domainDnsName)
                };

                this.domainCache.TryAdd(sid.AccountDomainSid, value);
                this.logger.LogTrace($"Built AuthorizationContextDomainDetails for domain {domainDnsName}. IsInCurrentForest:{value.IsInCurrentForest} IsRemoteOneWayTrust:{value.IsRemoteOneWayTrust}");
            }

            return(value);
        }
Example #2
0
 protected bool Equals(AuthorizationContextDomainDetails other)
 {
     return(Equals(SecurityIdentifier, other.SecurityIdentifier));
 }
Example #3
0
        public AuthorizationContext GetContext(IUser user, SecurityIdentifier resourceDomain, AuthorizationContextDomainDetails domainDetails)
        {
            AuthorizationServer server = domainDetails.GetServer(false);

            Exception        lastException    = null;
            HashSet <string> attemptedServers = new HashSet <string>(StringComparer.OrdinalIgnoreCase);

            while (attemptedServers.Add(server.Name))
            {
                try
                {
                    this.logger.LogTrace("Attempting to create AuthorizationContext against server {server} in domain {domain} for user {user} requesting access to resource in domain {domain} ", server.Name, domainDetails.DomainDnsName, user.MsDsPrincipalName, resourceDomain);
                    return(new AuthorizationContext(user.Sid, server.Name, domainDetails.Mapping.DoNotRequireS4U ? AuthzInitFlags.Default : AuthzInitFlags.RequireS4ULogon));
                }
                catch (AuthorizationContextException ex) when(ex.InnerException is Win32Exception we && we.HResult == -2147467259)  //RPC_NOT_AVAILABLE
                {
                    lastException = ex;
                    this.logger.LogWarning(EventIDs.AuthZContextServerCantConnect, ex, "Unable to connect to server {server}", server.Name);
                    server = domainDetails.GetServer(true);
                }
                catch (Exception ex)
                {
                    lastException = ex;
                    this.logger.LogError(EventIDs.AuthZContextCreateError, ex, "Unable to create AuthorizationContext against server {server} in domain {domain}", server.Name, domainDetails.DomainDnsName);
                }
            }

            throw lastException ?? new Exception("Unable to create authorization context");
        }