raa

package

v1.0.0 Latest Latest Go to latest Published: Apr 30, 2024 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/oiweiwei/go-msrpc

Links

Open Source Insights

Documentation ¶

Overview ¶

The raa package implements the RAA client protocol.

Introduction ¶

This document specifies the Remote Authorization API Protocol. The Remote Authorization API Protocol is a Remote Procedure Call (RPC)-based protocol used to perform various authorization queries on remote computers.

Overview ¶

The Remote Authorization API (RAZA) protocol is designed to allow applications to simulate an access control decision that would be made when a given principal attempts to access a resource on a remote service that is protected with a given authorization policy. Because these are simulations, they can vary from the actual groups and/or claims in a user's token.

For example, a user can log on with a password, or the user can log on using a smart card (with authentication assurance provisioned). Each type of logon will result in a different kind of impersonation token. Logging on using the password produces an impersonation token with a mapped group or claim; logging on using the smart card produces an impersonation token without a mapped group or claim.

The following are some of the examples of this protocol's applications:

* Simulate the groups and/or claims that a user would have if the user were to authenticate to a remote service.

* Simulate a user's access to a hypothetical resource on a specific remote service that is protected with a given authorization policy.

* Simulate how potential changes to the user's group or claim assignments can affect access to resources on the remote machine.

The RAZA protocol defines client and server protocol roles.<1> A general description of message flow is as follows:

*

The RAZA client initiates a RAZA conversation by issuing a request to a RAZA server to initialize and maintain a resource manager object.

*

The RAZA server listens to an RPC endpoint ( c83d08f7-2128-4124-9674-3f5c23739ff9#gt_8be6a1fb-bc3c-4ee3-8018-c236f351222a ). When a client makes the preceding request, the RAZA server creates and maintains state for a resource manager object on behalf of the client.

*

The RAZA client can then request creation of a client context ( c83d08f7-2128-4124-9674-3f5c23739ff9#gt_519bff3c-1c9f-4d5a-aa88-a3c820a4ff3a ) for a user by specifying the user's security identifier (SID) ( c83d08f7-2128-4124-9674-3f5c23739ff9#gt_83f2020d-0804-4840-a5ac-e06439d50f8d ). After a client context is successfully created on the server, the RAZA client can examine the contents of the client context (for example, the group SIDs and claims within the client context) and/or modify the client context. Additionally, the RAZA client can perform an "AccessCheck" using the client context and a specified security descriptor ( c83d08f7-2128-4124-9674-3f5c23739ff9#gt_e5213722-75a9-44e7-b026-8e4833f0d350 ).

RAZA supports the following method calls to provide clients a way to simulate access control decisions.

* AuthzrFreeContext

* AuthzrInitializeContextFromSid

* AuthzrInitializeCompoundContext

* AuthzrAccessCheck

* AuthzGetInformationFromContext

* AuthzrModifyClaims

* AuthzrModifySids

Index ¶

Variables

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// import guard
	GoPackage = "raa"
)

Functions ¶

This section is empty.

Types ¶

This section is empty.

Source Files ¶

View all Source files

raa.go

Directories ¶

Path	Synopsis
authzr
v0

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL