/// <summary> /// Allocates resources for an access reply /// Call UninitializeAuthzAccessReply to free the resources /// </summary> /// <param name="accessReply"></param> public static void InitializeAuthzAccessReply(ref UnsafeNativeMethods.AuthzAccessReply accessReply) { accessReply.ResultListLength = 1; accessReply.GrantedAccessMask = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(int)) * accessReply.ResultListLength); accessReply.SaclEvaluationResults = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(int)) * accessReply.ResultListLength); accessReply.Error = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(int)) * accessReply.ResultListLength); }
/// <summary> /// Frees resources associated with an initialized access reply /// </summary> /// <param name="accessReply"></param> public static void UninitializeAuthzAccessReply(ref UnsafeNativeMethods.AuthzAccessReply accessReply) { if (accessReply.GrantedAccessMask != IntPtr.Zero) { Marshal.FreeHGlobal(accessReply.GrantedAccessMask); } if (accessReply.SaclEvaluationResults != IntPtr.Zero) { Marshal.FreeHGlobal(accessReply.SaclEvaluationResults); } if (accessReply.Error != IntPtr.Zero) { Marshal.FreeHGlobal(accessReply.Error); } }
private static bool AuthzAccessCheck(SecurityIdentifier roleSid, SecurityIdentifier userSid) { IntPtr resourceManager = IntPtr.Zero; try { resourceManager = UserAccountHelper.CreateAuthzResourceManager(); IntPtr clientContext = IntPtr.Zero; try { clientContext = UserAccountHelper.CreateAuthzClientContext(userSid, resourceManager); UnsafeNativeMethods.AuthzAccessReply accessReply = new UnsafeNativeMethods.AuthzAccessReply(); try { UserAccountHelper.InitializeAuthzAccessReply(ref accessReply); UnsafeNativeMethods.AuthzAccessRequest accessRequest = new UnsafeNativeMethods.AuthzAccessRequest( UserAccountHelper.MaximumAllowed); byte[] roleSecurityDescriptorData = UserAccountHelper.GetRoleSecurityDescriptorData( roleSid, UserAccountHelper.StandardAccess); if (!UnsafeNativeMethods.AuthzAccessCheck( 0, clientContext, ref accessRequest, IntPtr.Zero, roleSecurityDescriptorData, IntPtr.Zero, 0, ref accessReply, IntPtr.Zero)) { throw new Exception("Failed to get authorization information"); } return(UnsafeNativeMethods.AuthzAccessIsGranted(ref accessReply)); } finally { UserAccountHelper.UninitializeAuthzAccessReply(ref accessReply); } } finally { if (clientContext != IntPtr.Zero) { if (!UnsafeNativeMethods.AuthzFreeContext(clientContext)) { throw new Exception("Failed to get authorization information"); } } } } finally { if (resourceManager != IntPtr.Zero) { if (!UnsafeNativeMethods.AuthzFreeResourceManager(resourceManager)) { throw new Exception("Failed to get authorization information"); } } } }