Documentation ¶
Index ¶
- Variables
- func AuthzrServerHandle(ctx context.Context, o AuthzrServer, opNum int, r ndr.Reader) (dcerpc.Operation, error)
- func NewAuthzrServerHandle(o AuthzrServer) dcerpc.ServerHandle
- func RegisterAuthzrServer(conn dcerpc.Conn, o AuthzrServer, opts ...dcerpc.Option)
- type AccessCheckRequest
- type AccessCheckResponse
- type AccessReply
- type AccessRequest
- type AuthzrClient
- type AuthzrServer
- type ContextInformation
- type ContextInformationClass
- type ContextInformation_ContextInfoUnion
- func (o *ContextInformation_ContextInfoUnion) GetValue() any
- func (o *ContextInformation_ContextInfoUnion) MarshalUnionNDR(ctx context.Context, w ndr.Writer, sw uint16) error
- func (o *ContextInformation_ContextInfoUnion) NDRSwitchValue(sw uint16) uint16
- func (o *ContextInformation_ContextInfoUnion) UnmarshalUnionNDR(ctx context.Context, w ndr.Reader, sw uint16) error
- type ContextInformation_ContextInfoUnion_TokenClaims
- type ContextInformation_ContextInfoUnion_TokenGroups
- type ContextInformation_ContextInfoUnion_TokenUser
- type FreeContextRequest
- type FreeContextResponse
- type GetInformationFromContextRequest
- type GetInformationFromContextResponse
- type Handle
- type InitializeCompoundContextRequest
- type InitializeCompoundContextResponse
- type InitializeContextFromSIDRequest
- type InitializeContextFromSIDResponse
- type ModifyClaimsRequest
- type ModifyClaimsResponse
- type ModifySIDsRequest
- type ModifySIDsResponse
- type SIDAndAttributes
- type SIDOperation
- type SecurityAttributeOperation
- type SecurityAttributeStringValue
- type SecurityAttributeV1
- type SecurityAttributeV1Value
- type SecurityAttributeV1Value_AttributeUnion
- func (o *SecurityAttributeV1Value_AttributeUnion) GetValue() any
- func (o *SecurityAttributeV1Value_AttributeUnion) MarshalUnionNDR(ctx context.Context, w ndr.Writer, sw uint16) error
- func (o *SecurityAttributeV1Value_AttributeUnion) NDRSwitchValue(sw uint16) uint16
- func (o *SecurityAttributeV1Value_AttributeUnion) UnmarshalUnionNDR(ctx context.Context, w ndr.Reader, sw uint16) error
- type SecurityAttributeV1Value_AttributeUnion_Int64
- type SecurityAttributeV1Value_AttributeUnion_String
- type SecurityAttributeV1Value_AttributeUnion_Uint64
- type SecurityAttributesInformation
- type SelfRelativeSecurityDescriptor
- type TokenGroups
- type TokenUser
Constants ¶
This section is empty.
Variables ¶
var ( // Syntax UUID AuthzrSyntaxUUID = &uuid.UUID{TimeLow: 0xb1c2170, TimeMid: 0x5732, TimeHiAndVersion: 0x4e0e, ClockSeqHiAndReserved: 0x8c, ClockSeqLow: 0xd3, Node: [6]uint8{0xd9, 0xb1, 0x6f, 0x3b, 0x84, 0xd7}} // Syntax ID AuthzrSyntaxV0_0 = &dcerpc.SyntaxID{IfUUID: AuthzrSyntaxUUID, IfVersionMajor: 0, IfVersionMinor: 0} )
var (
// import guard
GoPackage = "raa"
)
Functions ¶
func AuthzrServerHandle ¶
func NewAuthzrServerHandle ¶
func NewAuthzrServerHandle(o AuthzrServer) dcerpc.ServerHandle
func RegisterAuthzrServer ¶
func RegisterAuthzrServer(conn dcerpc.Conn, o AuthzrServer, opts ...dcerpc.Option)
Types ¶
type AccessCheckRequest ¶
type AccessCheckRequest struct { // ContextHandle: An AUTHZR_HANDLE structure, as defined in section 2.2.1.1, containing // the client context handle. ContextHandle *Handle `idl:"name:ContextHandle" json:"context_handle"` // Flags: Reserved. This parameter MUST be set to zero. Flags uint32 `idl:"name:Flags" json:"flags"` // pRequest: A pointer to an AUTHZR_ACCESS_REQUEST structure, as defined in section // 2.2.3.2. This structure contains the body of the "what-if" access check request. Request *AccessRequest `idl:"name:pRequest" json:"request"` // SecurityDescriptorCount: The number of security descriptors in the pSecurityDescriptors // parameter, not including the primary security descriptor. SecurityDescriptorCount uint32 `idl:"name:SecurityDescriptorCount" json:"security_descriptor_count"` // pSecurityDescriptors: A pointer to an array of SR_SD structures, as defined in section // 2.2.3.11. The first entry in this array is the primary security descriptor, and it // will be used as the security descriptor for the AccessCheck evaluation. SecurityDescriptors []*SelfRelativeSecurityDescriptor `idl:"name:pSecurityDescriptors;size_is:(SecurityDescriptorCount)" json:"security_descriptors"` // pReply: A pointer to an AUTHZR_ACCESS_REPLY structure, as defined in section 2.2.3.1. // This parameter will contain the body of the access check response. Reply *AccessReply `idl:"name:pReply" json:"reply"` }
AccessCheckRequest structure represents the AuthzrAccessCheck operation request
func (*AccessCheckRequest) MarshalNDR ¶
func (*AccessCheckRequest) UnmarshalNDR ¶
type AccessCheckResponse ¶
type AccessCheckResponse struct { // pReply: A pointer to an AUTHZR_ACCESS_REPLY structure, as defined in section 2.2.3.1. // This parameter will contain the body of the access check response. Reply *AccessReply `idl:"name:pReply" json:"reply"` // Return: The AuthzrAccessCheck return value. Return uint32 `idl:"name:Return" json:"return"` }
AccessCheckResponse structure represents the AuthzrAccessCheck operation response
func (*AccessCheckResponse) MarshalNDR ¶
func (*AccessCheckResponse) UnmarshalNDR ¶
type AccessReply ¶
type AccessReply struct { // ResultListLength: The number of elements in the GrantedAccessMask and Error arrays. // This number matches the number of entries in the object type list structure used // in the access check. The length MUST be between 1 and 256. If no object type is used // to represent the object, ResultListLength MUST be set to 1. ResultListLength uint32 `idl:"name:ResultListLength" json:"result_list_length"` // GrantedAccessMask: A pointer to an array of granted access masks. GrantedAccessMask []uint32 `idl:"name:GrantedAccessMask;size_is:(ResultListLength)" json:"granted_access_mask"` // Error: A pointer to an array of DWORD error code results for each element of the // array. Error []uint32 `idl:"name:Error;size_is:(ResultListLength)" json:"error"` }
AccessReply structure represents AUTHZR_ACCESS_REPLY RPC structure.
The AUTHZR_ACCESS_REPLY structure defines the contents of a remote access check reply.
func (*AccessReply) MarshalNDR ¶
func (*AccessReply) UnmarshalNDR ¶
type AccessRequest ¶
type AccessRequest struct { // DesiredAccess: The type of access to test. DesiredAccess uint32 `idl:"name:DesiredAccess" json:"desired_access"` // PrincipalSelfSid: A pointer to the security identifier (SID) to use for the principal // self SID in the access control list (ACL). PrincipalSelfSID *dtyp.SID `idl:"name:PrincipalSelfSid" json:"principal_self_sid"` // ObjectTypeListLength: The number of elements in the ObjectTypeList array. ObjectTypeListLength uint32 `idl:"name:ObjectTypeListLength" json:"object_type_list_length"` // ObjectTypeList: A pointer to an array of OBJECT_TYPE_LIST structures in the object // tree for the object. ObjectTypeList []*dtyp.ObjectTypeList `idl:"name:ObjectTypeList;size_is:(ObjectTypeListLength)" json:"object_type_list"` }
AccessRequest structure represents AUTHZR_ACCESS_REQUEST RPC structure.
The AUTHZR_ACCESS_REQUEST structure defines the contents of a remote access check request.
func (*AccessRequest) MarshalNDR ¶
func (*AccessRequest) UnmarshalNDR ¶
type AuthzrClient ¶
type AuthzrClient interface { // The AuthzrFreeContext method (opnum 0) frees all remote structures and memory associated // with the client context identified by the ContextHandle parameter. // // Return Values: // // If the function succeeds, it MUST return 0x00000000. // // If the function fails, it MUST return a nonzero 32-bit error code. // // When a remote authorization server receives this message, it MUST look up the ClientContext // structure in the ClientContextTable ADM element and free all structures and memory // associated with the ClientContext. FreeContext(context.Context, *FreeContextRequest, ...dcerpc.CallOption) (*FreeContextResponse, error) // The AuthzrInitializeContextFromSid method (opnum 1) creates a client context from // a given security identifier (SID). For domain SIDs, token group and claim attributes // will be retrieved from Active Directory through Kerberos. // // Return Values: // // If the function succeeds, the function MUST return 0x00000000. // // If the function fails, it MUST return a nonzero error code. InitializeContextFromSID(context.Context, *InitializeContextFromSIDRequest, ...dcerpc.CallOption) (*InitializeContextFromSIDResponse, error) // The AuthzrInitializeCompoundContext method (opnum 2) creates a compound context from // two specified context handles. // // Return Values: // // If the function succeeds, the function MUST return 0x00000000. If the function fails, // it MUST return a nonzero value. InitializeCompoundContext(context.Context, *InitializeCompoundContextRequest, ...dcerpc.CallOption) (*InitializeCompoundContextResponse, error) // The AuthzrAccessCheck method (opnum 3) determines which access bits can be granted // to a client for a given set of security descriptors. The AUTHZR_ACCESS_REPLY structure // returns an array of granted access masks and error status. // // Return Values: // // If the function succeeds, the function MUST return 0x00000000. // // If the function fails, it MUST return a nonzero error code. AccessCheck(context.Context, *AccessCheckRequest, ...dcerpc.CallOption) (*AccessCheckResponse, error) // The AuthzGetInformationFromContext method (opnum 4) returns information about the // identified client context. // // Return Values: // // If the function succeeds, the function MUST return 0x00000000. // // If the function fails, it MUST return a nonzero error code value. GetInformationFromContext(context.Context, *GetInformationFromContextRequest, ...dcerpc.CallOption) (*GetInformationFromContextResponse, error) // The AuthzrModifyClaims method (opnum 5) modifies information about the identified // client context. // // Return Values: // // If the function succeeds, the function MUST return 0x00000000. // // If the function fails, it MUST return a nonzero error code value. ModifyClaims(context.Context, *ModifyClaimsRequest, ...dcerpc.CallOption) (*ModifyClaimsResponse, error) // The AuthzrModifySids method (opnum 6) modifies the list of SIDs associated with the // identified client context. // // Return Values: // // If the function succeeds, it MUST return 0x00000000. // // If the function fails, it MUST return a nonzero error code value. ModifySIDs(context.Context, *ModifySIDsRequest, ...dcerpc.CallOption) (*ModifySIDsResponse, error) // AlterContext alters the client context. AlterContext(context.Context, ...dcerpc.Option) error }
authzr interface.
func NewAuthzrClient ¶
type AuthzrServer ¶
type AuthzrServer interface { // The AuthzrFreeContext method (opnum 0) frees all remote structures and memory associated // with the client context identified by the ContextHandle parameter. // // Return Values: // // If the function succeeds, it MUST return 0x00000000. // // If the function fails, it MUST return a nonzero 32-bit error code. // // When a remote authorization server receives this message, it MUST look up the ClientContext // structure in the ClientContextTable ADM element and free all structures and memory // associated with the ClientContext. FreeContext(context.Context, *FreeContextRequest) (*FreeContextResponse, error) // The AuthzrInitializeContextFromSid method (opnum 1) creates a client context from // a given security identifier (SID). For domain SIDs, token group and claim attributes // will be retrieved from Active Directory through Kerberos. // // Return Values: // // If the function succeeds, the function MUST return 0x00000000. // // If the function fails, it MUST return a nonzero error code. InitializeContextFromSID(context.Context, *InitializeContextFromSIDRequest) (*InitializeContextFromSIDResponse, error) // The AuthzrInitializeCompoundContext method (opnum 2) creates a compound context from // two specified context handles. // // Return Values: // // If the function succeeds, the function MUST return 0x00000000. If the function fails, // it MUST return a nonzero value. InitializeCompoundContext(context.Context, *InitializeCompoundContextRequest) (*InitializeCompoundContextResponse, error) // The AuthzrAccessCheck method (opnum 3) determines which access bits can be granted // to a client for a given set of security descriptors. The AUTHZR_ACCESS_REPLY structure // returns an array of granted access masks and error status. // // Return Values: // // If the function succeeds, the function MUST return 0x00000000. // // If the function fails, it MUST return a nonzero error code. AccessCheck(context.Context, *AccessCheckRequest) (*AccessCheckResponse, error) // The AuthzGetInformationFromContext method (opnum 4) returns information about the // identified client context. // // Return Values: // // If the function succeeds, the function MUST return 0x00000000. // // If the function fails, it MUST return a nonzero error code value. GetInformationFromContext(context.Context, *GetInformationFromContextRequest) (*GetInformationFromContextResponse, error) // The AuthzrModifyClaims method (opnum 5) modifies information about the identified // client context. // // Return Values: // // If the function succeeds, the function MUST return 0x00000000. // // If the function fails, it MUST return a nonzero error code value. ModifyClaims(context.Context, *ModifyClaimsRequest) (*ModifyClaimsResponse, error) // The AuthzrModifySids method (opnum 6) modifies the list of SIDs associated with the // identified client context. // // Return Values: // // If the function succeeds, it MUST return 0x00000000. // // If the function fails, it MUST return a nonzero error code value. ModifySIDs(context.Context, *ModifySIDsRequest) (*ModifySIDsResponse, error) }
authzr server interface.
type ContextInformation ¶
type ContextInformation struct { // ValueType: Identifies the type of the ContextInfoUnion member. // // +-------------------------------------------------------------------+----------------------------------------------------------------------------------+ // | | | // | VALUE | MEANING | // | | | // +-------------------------------------------------------------------+----------------------------------------------------------------------------------+ // +-------------------------------------------------------------------+----------------------------------------------------------------------------------+ // | 0x0001 (user) | ContextInfoUnion contains an AUTHZR_TOKEN_USER structure, as specified in | // | | section 2.2.3.10. | // +-------------------------------------------------------------------+----------------------------------------------------------------------------------+ // | 0x0002 (groups) 0x0003 (restricted groups) 0x000C (device groups) | ContextInfoUnion contains an AUTHZR_TOKEN_GROUPS structure, as specified in | // | | section 2.2.3.9. | // +-------------------------------------------------------------------+----------------------------------------------------------------------------------+ // | 0x000D (user claim) 0x000E (device claim) | ContextInfoUnion contains an AUTHZR_SECURITY_ATTRIBUTES_INFORMATION structure, | // | | as specified in section 2.2.3.7. | // +-------------------------------------------------------------------+----------------------------------------------------------------------------------+ ValueType uint16 `idl:"name:ValueType" json:"value_type"` // ContextInfoUnion: A pointer to an AUTHZR_TOKEN_USER, AUTHZR_TOKEN_GROUPS, or AUTHZR_SECURITY_ATTRIBUTES_INFORMATION // structure, depending on the value of ValueType. ContextInfoUnion *ContextInformation_ContextInfoUnion `idl:"name:ContextInfoUnion;switch_is:ValueType" json:"context_info_union"` }
ContextInformation structure represents AUTHZR_CONTEXT_INFORMATION RPC structure.
The AUTHZR_CONTEXT_INFORMATION structure contains security information about a principal.
func (*ContextInformation) MarshalNDR ¶
func (*ContextInformation) UnmarshalNDR ¶
type ContextInformationClass ¶
type ContextInformationClass uint16
ContextInformationClass type represents AUTHZ_CONTEXT_INFORMATION_CLASS RPC enumeration.
The AUTHZ_CONTEXT_INFORMATION_CLASS enumeration is used to indicate security attributes of a principal represented by an AUTHZR_HANDLE.
var ( // AuthzContextInfoUserSid: Indicates the principal's user SID and its attribute. ContextInformationClassUserSID ContextInformationClass = 1 // AuthzContextInfoGroupsSids: Indicates the groups to which the principal belongs and // their attributes. ContextInformationClassGroupsSIDs ContextInformationClass = 2 // AuthzContextInfoRestrictedSids: Indicates the restricted SIDs in the principal's // security context and their attributes. ContextInformationClassRestrictedSIDs ContextInformationClass = 3 // ReservedEnumValue4: Not used. ContextInformationClassReservedEnumValue4 ContextInformationClass = 4 // ReservedEnumValue5: Not used. ContextInformationClassReservedEnumValue5 ContextInformationClass = 5 // ReservedEnumValue6: Not used. ContextInformationClassReservedEnumValue6 ContextInformationClass = 6 // ReservedEnumValue7: Not used. ContextInformationClassReservedEnumValue7 ContextInformationClass = 7 // ReservedEnumValue8: Not used. ContextInformationClassReservedEnumValue8 ContextInformationClass = 8 // ReservedEnumValue9: Not used. ContextInformationClassReservedEnumValue9 ContextInformationClass = 9 // ReservedEnumValue10: Not used. ContextInformationClassReservedEnumValue10 ContextInformationClass = 10 // ReservedEnumValue11: Not used. ContextInformationClassReservedEnumValue11 ContextInformationClass = 11 // AuthzContextInfoDeviceSids: Indicates the groups to which the device principal belongs // and their attributes. ContextInformationClassDeviceSIDs ContextInformationClass = 12 // AuthzContextInfoUserClaims: Indicates the user's security attributes information. ContextInformationClassUserClaims ContextInformationClass = 13 // AuthzContextInfoDeviceClaims: Indicates the device's security attributes information. ContextInformationClassDeviceClaims ContextInformationClass = 14 // ReservedEnumValue15: Not used. ContextInformationClassReservedEnumValue15 ContextInformationClass = 15 // ReservedEnumValue16: Not used. ContextInformationClassReservedEnumValue16 ContextInformationClass = 16 )
func (ContextInformationClass) String ¶
func (o ContextInformationClass) String() string
type ContextInformation_ContextInfoUnion ¶
type ContextInformation_ContextInfoUnion struct { // Types that are assignable to Value // // *ContextInformation_ContextInfoUnion_TokenUser // *ContextInformation_ContextInfoUnion_TokenGroups // *ContextInformation_ContextInfoUnion_TokenClaims Value is_ContextInformation_ContextInfoUnion `json:"value"` }
ContextInformation_ContextInfoUnion structure represents AUTHZR_CONTEXT_INFORMATION union anonymous member.
The AUTHZR_CONTEXT_INFORMATION structure contains security information about a principal.
func (*ContextInformation_ContextInfoUnion) GetValue ¶
func (o *ContextInformation_ContextInfoUnion) GetValue() any
func (*ContextInformation_ContextInfoUnion) MarshalUnionNDR ¶
func (*ContextInformation_ContextInfoUnion) NDRSwitchValue ¶
func (o *ContextInformation_ContextInfoUnion) NDRSwitchValue(sw uint16) uint16
func (*ContextInformation_ContextInfoUnion) UnmarshalUnionNDR ¶
type ContextInformation_ContextInfoUnion_TokenClaims ¶
type ContextInformation_ContextInfoUnion_TokenClaims struct {
TokenClaims *SecurityAttributesInformation `idl:"name:pTokenClaims" json:"token_claims"`
}
ContextInformation_ContextInfoUnion_TokenClaims structure represents ContextInformation_ContextInfoUnion RPC union arm.
It has following labels: 13, 14
func (*ContextInformation_ContextInfoUnion_TokenClaims) MarshalNDR ¶
func (*ContextInformation_ContextInfoUnion_TokenClaims) UnmarshalNDR ¶
type ContextInformation_ContextInfoUnion_TokenGroups ¶
type ContextInformation_ContextInfoUnion_TokenGroups struct {
TokenGroups *TokenGroups `idl:"name:pTokenGroups" json:"token_groups"`
}
ContextInformation_ContextInfoUnion_TokenGroups structure represents ContextInformation_ContextInfoUnion RPC union arm.
It has following labels: 2, 3, 12
func (*ContextInformation_ContextInfoUnion_TokenGroups) MarshalNDR ¶
func (*ContextInformation_ContextInfoUnion_TokenGroups) UnmarshalNDR ¶
type ContextInformation_ContextInfoUnion_TokenUser ¶
type ContextInformation_ContextInfoUnion_TokenUser struct {
TokenUser *TokenUser `idl:"name:pTokenUser" json:"token_user"`
}
ContextInformation_ContextInfoUnion_TokenUser structure represents ContextInformation_ContextInfoUnion RPC union arm.
It has following labels: 1
func (*ContextInformation_ContextInfoUnion_TokenUser) MarshalNDR ¶
func (*ContextInformation_ContextInfoUnion_TokenUser) UnmarshalNDR ¶
type FreeContextRequest ¶
type FreeContextRequest struct { // ContextHandle: A pointer to an AUTHZR_HANDLE structure, as defined in section 2.2.1.1. // This handle indicates the client context to be freed. ContextHandle *Handle `idl:"name:ContextHandle" json:"context_handle"` }
FreeContextRequest structure represents the AuthzrFreeContext operation request
func (*FreeContextRequest) MarshalNDR ¶
func (*FreeContextRequest) UnmarshalNDR ¶
type FreeContextResponse ¶
type FreeContextResponse struct { // ContextHandle: A pointer to an AUTHZR_HANDLE structure, as defined in section 2.2.1.1. // This handle indicates the client context to be freed. ContextHandle *Handle `idl:"name:ContextHandle" json:"context_handle"` // Return: The AuthzrFreeContext return value. Return uint32 `idl:"name:Return" json:"return"` }
FreeContextResponse structure represents the AuthzrFreeContext operation response
func (*FreeContextResponse) MarshalNDR ¶
func (*FreeContextResponse) UnmarshalNDR ¶
type GetInformationFromContextRequest ¶
type GetInformationFromContextRequest struct { // ContextHandle: An AUTHZR_HANDLE structure, as defined in section 2.2.1.1. Represents // the client context to retrieve information from. ContextHandle *Handle `idl:"name:ContextHandle" json:"context_handle"` // InfoClass: An AUTHZ_CONTEXT_INFORMATION_CLASS enumeration, as defined in section // 2.2.2.1. Possible values for this field are specified in section 2.2.2.1. InfoClass ContextInformationClass `idl:"name:InfoClass" json:"info_class"` }
GetInformationFromContextRequest structure represents the AuthzGetInformationFromContext operation request
func (*GetInformationFromContextRequest) MarshalNDR ¶
func (*GetInformationFromContextRequest) UnmarshalNDR ¶
type GetInformationFromContextResponse ¶
type GetInformationFromContextResponse struct { // ppContextInformation: A two-layer pointer to an AUTHZR_CONTEXT_INFORMATION structure, // as defined in section 2.2.3.3. Used to return the context information. ContextInformation *ContextInformation `idl:"name:ppContextInformation" json:"context_information"` // Return: The AuthzGetInformationFromContext return value. Return uint32 `idl:"name:Return" json:"return"` }
GetInformationFromContextResponse structure represents the AuthzGetInformationFromContext operation response
func (*GetInformationFromContextResponse) MarshalNDR ¶
func (*GetInformationFromContextResponse) UnmarshalNDR ¶
type Handle ¶
type Handle dcetypes.ContextHandle
Handle structure represents AUTHZR_HANDLE RPC structure.
func (*Handle) ContextHandle ¶
func (o *Handle) ContextHandle() *dcetypes.ContextHandle
type InitializeCompoundContextRequest ¶
type InitializeCompoundContextRequest struct { // UserContextHandle: An AUTHZR_HANDLE structure, as defined in section 2.2.1.1, that // represents the user context for the compound context. User *Handle `idl:"name:UserContextHandle" json:"user"` // DeviceContextHandle: An AUTHZR_HANDLE structure, as defined in section 2.2.1.1, that // represents the device context for the compound context. Device *Handle `idl:"name:DeviceContextHandle" json:"device"` }
InitializeCompoundContextRequest structure represents the AuthzrInitializeCompoundContext operation request
func (*InitializeCompoundContextRequest) MarshalNDR ¶
func (*InitializeCompoundContextRequest) UnmarshalNDR ¶
type InitializeCompoundContextResponse ¶
type InitializeCompoundContextResponse struct { // CompoundContextHandle: A pointer to an AUTHZR_HANDLE structure, as defined in section // 2.2.1.1. Compound *Handle `idl:"name:CompoundContextHandle" json:"compound"` // Return: The AuthzrInitializeCompoundContext return value. Return uint32 `idl:"name:Return" json:"return"` }
InitializeCompoundContextResponse structure represents the AuthzrInitializeCompoundContext operation response
func (*InitializeCompoundContextResponse) MarshalNDR ¶
func (*InitializeCompoundContextResponse) UnmarshalNDR ¶
type InitializeContextFromSIDRequest ¶
type InitializeContextFromSIDRequest struct { // Flags: Indicates the type of logon behavior when initializing the client context. // The following flags are defined. // // +---------------------------------------+----------------------------------------------------------------------------------+ // | | | // | VALUE | DESCRIPTION | // | | | // +---------------------------------------+----------------------------------------------------------------------------------+ // +---------------------------------------+----------------------------------------------------------------------------------+ // | 0x00000000 | When no flags are set, AuthzInitializeContextFromSid attempts to retrieve the | // | | user's token group information by performing an S4U logon. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | AUTHZ_COMPUTE_PRIVILEGES (0x00000008) | AuthzInitializeContextFromSid retrieves privileges for the new context. If | // | | this function performs an S4U logon, it retrieves privileges from the token. | // | | Otherwise, it retrieves privileges from all SIDs in the context. | // +---------------------------------------+----------------------------------------------------------------------------------+ Flags uint32 `idl:"name:Flags" json:"flags"` // Sid: A pointer to the SID of the principal for whom a remote client context will // be created. This MUST be a valid user or computer account. SID *dtyp.SID `idl:"name:Sid" json:"sid"` // pExpirationTime: Reserved. This parameter MUST be set to NULL when sent and MUST // be ignored when received. ExpirationTime *dtyp.LargeInteger `idl:"name:pExpirationTime;pointer:unique" json:"expiration_time"` // Identifier: Reserved. This parameter MUST be set to zero when sent and MUST be // ignored when received. ID *dtyp.LUID `idl:"name:Identifier" json:"id"` }
InitializeContextFromSIDRequest structure represents the AuthzrInitializeContextFromSid operation request
func (*InitializeContextFromSIDRequest) MarshalNDR ¶
func (*InitializeContextFromSIDRequest) UnmarshalNDR ¶
type InitializeContextFromSIDResponse ¶
type InitializeContextFromSIDResponse struct { // ContextHandle: A pointer to an AUTHZR_HANDLE structure, as defined in section 2.2.1.1. ContextHandle *Handle `idl:"name:ContextHandle" json:"context_handle"` // Return: The AuthzrInitializeContextFromSid return value. Return uint32 `idl:"name:Return" json:"return"` }
InitializeContextFromSIDResponse structure represents the AuthzrInitializeContextFromSid operation response
func (*InitializeContextFromSIDResponse) MarshalNDR ¶
func (*InitializeContextFromSIDResponse) UnmarshalNDR ¶
type ModifyClaimsRequest ¶
type ModifyClaimsRequest struct { // ContextHandle: An AUTHZR_HANDLE structure, as defined in section 2.2.1.1. Represents // the client context to modify. ContextHandle *Handle `idl:"name:ContextHandle" json:"context_handle"` // ClaimClass: An AUTHZ_CONTEXT_INFORMATION_CLASS enumeration, as defined in section // 2.2.2.1. Indicates the claim class. ClaimClass ContextInformationClass `idl:"name:ClaimClass" json:"claim_class"` // OperationCount: The number of operations to be performed. OperationCount uint32 `idl:"name:OperationCount" json:"operation_count"` // pClaimOperations: A pointer to an array of AUTHZ_SECURITY_ATTRIBUTE_OPERATION enumerations, // as defined in section 2.2.2.2. Specifies the operations to be performed on each claim. ClaimOperations []SecurityAttributeOperation `idl:"name:pClaimOperations;size_is:(OperationCount)" json:"claim_operations"` // pClaims: A pointer to an array of AUTHZR_SECURITY_ATTRIBUTES_INFORMATION structures, // as defined in section 2.2.3.7. Contains the claim(s) used to modify the client context. Claims *SecurityAttributesInformation `idl:"name:pClaims;pointer:unique" json:"claims"` }
ModifyClaimsRequest structure represents the AuthzrModifyClaims operation request
func (*ModifyClaimsRequest) MarshalNDR ¶
func (*ModifyClaimsRequest) UnmarshalNDR ¶
type ModifyClaimsResponse ¶
type ModifyClaimsResponse struct { // Return: The AuthzrModifyClaims return value. Return uint32 `idl:"name:Return" json:"return"` }
ModifyClaimsResponse structure represents the AuthzrModifyClaims operation response
func (*ModifyClaimsResponse) MarshalNDR ¶
func (*ModifyClaimsResponse) UnmarshalNDR ¶
type ModifySIDsRequest ¶
type ModifySIDsRequest struct { // ContextHandle: An AUTHZR_HANDLE structure, as defined in section 2.2.1.1, representing // the client context to be modified. ContextHandle *Handle `idl:"name:ContextHandle" json:"context_handle"` // SidClass: An AUTHZ_CONTEXT_INFORMATION_CLASS enumeration value, as defined in section // 2.2.2.1, indicating the SID class. SIDClass ContextInformationClass `idl:"name:SidClass" json:"sid_class"` // OperationCount: The number of operations to be performed. OperationCount uint32 `idl:"name:OperationCount" json:"operation_count"` // pSidOperations: A pointer to an array of AUTHZ_SID_OPERATION enumeration values that // specify the group modifications to be made. SIDOperations []SIDOperation `idl:"name:pSidOperations;size_is:(OperationCount)" json:"sid_operations"` // pSids: A pointer to an AUTHZR_TOKEN_GROUPS structure, as defined in section 2.2.3.9, // specifying the groups to be modified. SIDs *TokenGroups `idl:"name:pSids;pointer:unique" json:"sids"` }
ModifySIDsRequest structure represents the AuthzrModifySids operation request
func (*ModifySIDsRequest) MarshalNDR ¶
func (*ModifySIDsRequest) UnmarshalNDR ¶
type ModifySIDsResponse ¶
type ModifySIDsResponse struct { // Return: The AuthzrModifySids return value. Return uint32 `idl:"name:Return" json:"return"` }
ModifySIDsResponse structure represents the AuthzrModifySids operation response
func (*ModifySIDsResponse) MarshalNDR ¶
func (*ModifySIDsResponse) UnmarshalNDR ¶
type SIDAndAttributes ¶
type SIDAndAttributes struct { // Sid: A SID structure, as specified in [MS-DTYP] section 2.4.2.3. This is a pass-through // value and SHOULD NOT be interpreted by the RAZA protocol. SID *dtyp.SID `idl:"name:Sid" json:"sid"` // Attributes: Specifies attributes associated with the SID. This is a pass-through // value and SHOULD NOT be interpreted by the RAZA protocol. Attributes uint32 `idl:"name:Attributes" json:"attributes"` }
SIDAndAttributes structure represents AUTHZR_SID_AND_ATTRIBUTES RPC structure.
The AUTHZR_SID_AND_ATTRIBUTES structure contains information about the security identifiers (SIDs) in a token.
func (*SIDAndAttributes) MarshalNDR ¶
func (*SIDAndAttributes) UnmarshalNDR ¶
type SIDOperation ¶
type SIDOperation uint16
SIDOperation type represents AUTHZ_SID_OPERATION RPC enumeration.
The AUTHZ_SID_OPERATION enumeration indicates the type of SID operations that can be made by a call to the AuthzrModifySids operation (section 3.1.4.7).
var ( // AUTHZ_SID_OPERATION_NONE: Do not modify anything. SIDOperationNone SIDOperation = 0 // AUTHZ_SID_OPERATION_REPLACE_ALL: Replace the existing SIDs with the specified SIDs. // If replacement SIDs are not specified, delete the existing SIDs. This operation can // be specified only once and must be the only operation specified. SIDOperationReplaceAll SIDOperation = 1 // AUTHZ_SID_OPERATION_ADD: Add a new SID. If the SID already exists, fail the call. SIDOperationAdd SIDOperation = 2 // AUTHZ_SID_OPERATION_DELETE: Delete the specified SID. If the specified SID is not // found, fail the call without taking action. SIDOperationDelete SIDOperation = 3 // AUTHZ_SID_OPERATION_REPLACE: Replace the existing SID with the specified SID. If // the SID does not exist, add the specified SID. SIDOperationReplace SIDOperation = 4 )
func (SIDOperation) String ¶
func (o SIDOperation) String() string
type SecurityAttributeOperation ¶
type SecurityAttributeOperation uint16
SecurityAttributeOperation type represents AUTHZ_SECURITY_ATTRIBUTE_OPERATION RPC enumeration.
The AUTHZ_SECURITY_ATTRIBUTE_OPERATION enumeration structure is used with the AuthzrModifyClaims operation (section 3.1.4.6) to identify operation types on a client context object.
var ( // AUTHZ_SECURITY_ATTRIBUTE_OPERATION_NONE: No operation will be performed. SecurityAttributeOperationNone SecurityAttributeOperation = 0 // AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE_ALL: The ImpersonationAccessToken on the // specified client context will be replaced. SecurityAttributeOperationReplaceAll SecurityAttributeOperation = 1 // AUTHZ_SECURITY_ATTRIBUTE_OPERATION_ADD: A new claim will be added to the server's // ImpersonationAccessToken associated with the specified client context. SecurityAttributeOperationAdd SecurityAttributeOperation = 2 // AUTHZ_SECURITY_ATTRIBUTE_OPERATION_DELETE: An existing claim will be deleted from // the ImpersonationAccessToken array associated with the specified client context if // it is present in that array. SecurityAttributeOperationDelete SecurityAttributeOperation = 3 // AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE: An existing claim will be replaced in // the ImpersonationAccessToken array associated with the specified client context if // it is present in the array. SecurityAttributeOperationReplace SecurityAttributeOperation = 4 )
func (SecurityAttributeOperation) String ¶
func (o SecurityAttributeOperation) String() string
type SecurityAttributeStringValue ¶
type SecurityAttributeStringValue struct { // Length: The length of the string in the Value parameter. Length uint32 `idl:"name:Length" json:"length"` // Value: A Unicode string containing the pass-through string value of the claim. Value string `idl:"name:Value;size_is:(Length);string" json:"value"` }
SecurityAttributeStringValue structure represents AUTHZR_SECURITY_ATTRIBUTE_STRING_VALUE RPC structure.
The AUTHZR_SECURITY_ATTRIBUTE_STRING_VALUE structure contains the string value of a claim.
func (*SecurityAttributeStringValue) MarshalNDR ¶
func (*SecurityAttributeStringValue) UnmarshalNDR ¶
type SecurityAttributeV1 ¶
type SecurityAttributeV1 struct { // Length: The length of the Value parameter, in bytes. MUST be between 2 and 256. Length uint32 `idl:"name:Length" json:"length"` // Value: A Unicode string containing the security value. This string MUST be between // 2 and 256 bytes in length, inclusive. Value string `idl:"name:Value;size_is:(Length);string" json:"value"` // ValueType: A union tag value indicating the type of information contained in Values // member. ValueType uint16 `idl:"name:ValueType" json:"value_type"` // Flags: MUST be zero or a combination of one or more of the following values. // // +----------------------------------------------------------+----------------------------------------------------------------------------------+ // | | | // | VALUE | DESCRIPTION | // | | | // +----------------------------------------------------------+----------------------------------------------------------------------------------+ // +----------------------------------------------------------+----------------------------------------------------------------------------------+ // | AUTHZ_SECURITY_ATTRIBUTE_NON_INHERITABLE 0x00000001 | This security attribute is not inherited across processes. | // +----------------------------------------------------------+----------------------------------------------------------------------------------+ // | AUTHZ_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE 0x00000002 | The value of the attribute is case sensitive. This flag is valid for values that | // | | contain string types. | // +----------------------------------------------------------+----------------------------------------------------------------------------------+ Flags uint32 `idl:"name:Flags" json:"flags"` // ValueCount: The number of attribute and value pairs pointed to by the Values member. // The number of attribute and value pairs MUST be between 0 and 1,024, inclusive. ValueCount uint32 `idl:"name:ValueCount" json:"value_count"` // Values: An array of AUTHZR_SECURITY_ATTRIBUTE_V1_VALUE structures, as defined in // section 2.2.3.6. Each structure contains a security attribute and value pair. Values []*SecurityAttributeV1Value `idl:"name:Values;size_is:(ValueCount)" json:"values"` // contains filtered or unexported fields }
SecurityAttributeV1 structure represents AUTHZR_SECURITY_ATTRIBUTE_V1 RPC structure.
The AUTHZR_SECURITY_ATTRIBUTE_V1 structure specifies one or more security attribute and value pairs that are associated with a remote authorization context.
func (*SecurityAttributeV1) MarshalNDR ¶
func (*SecurityAttributeV1) UnmarshalNDR ¶
type SecurityAttributeV1Value ¶
type SecurityAttributeV1Value struct { // ValueType: Identifies the type of the AttributeUnion member. // // +----------------+----------------------------------------------------------------------------------+ // | | | // | VALUE | MEANING | // | | | // +----------------+----------------------------------------------------------------------------------+ // +----------------+----------------------------------------------------------------------------------+ // | 0x0001 | AttributeUnion contains a LONG64 value. | // +----------------+----------------------------------------------------------------------------------+ // | 0x0002, 0x0006 | AttributeUnion contains a ULONG64 value. | // +----------------+----------------------------------------------------------------------------------+ // | 0x0003 | AttributeUnion contains an AUTHZR_SECURITY_ATTRIBUTE_STRING_VALUE structure, as | // | | specified in section 2.2.3.4. | // +----------------+----------------------------------------------------------------------------------+ ValueType uint16 `idl:"name:ValueType" json:"value_type"` // AttributeUnion: A LONG64, ULONG64, or AUTHZR_SECURITY_ATTRIBUTE_STRING_VALUE, depending // on the value of ValueType. AttributeUnion *SecurityAttributeV1Value_AttributeUnion `idl:"name:AttributeUnion;switch_is:ValueType" json:"attribute_union"` }
SecurityAttributeV1Value structure represents AUTHZR_SECURITY_ATTRIBUTE_V1_VALUE RPC structure.
The AUTHZR_SECURITY_ATTRIBUTE_V1_VALUE structure defines a claim.
func (*SecurityAttributeV1Value) MarshalNDR ¶
func (*SecurityAttributeV1Value) UnmarshalNDR ¶
type SecurityAttributeV1Value_AttributeUnion ¶
type SecurityAttributeV1Value_AttributeUnion struct { // Types that are assignable to Value // // *SecurityAttributeV1Value_AttributeUnion_Int64 // *SecurityAttributeV1Value_AttributeUnion_Uint64 // *SecurityAttributeV1Value_AttributeUnion_String Value is_SecurityAttributeV1Value_AttributeUnion `json:"value"` }
SecurityAttributeV1Value_AttributeUnion structure represents AUTHZR_SECURITY_ATTRIBUTE_V1_VALUE union anonymous member.
The AUTHZR_SECURITY_ATTRIBUTE_V1_VALUE structure defines a claim.
func (*SecurityAttributeV1Value_AttributeUnion) GetValue ¶
func (o *SecurityAttributeV1Value_AttributeUnion) GetValue() any
func (*SecurityAttributeV1Value_AttributeUnion) MarshalUnionNDR ¶
func (*SecurityAttributeV1Value_AttributeUnion) NDRSwitchValue ¶
func (o *SecurityAttributeV1Value_AttributeUnion) NDRSwitchValue(sw uint16) uint16
func (*SecurityAttributeV1Value_AttributeUnion) UnmarshalUnionNDR ¶
type SecurityAttributeV1Value_AttributeUnion_Int64 ¶
type SecurityAttributeV1Value_AttributeUnion_Int64 struct {
Int64 int64 `idl:"name:Int64" json:"int64"`
}
SecurityAttributeV1Value_AttributeUnion_Int64 structure represents SecurityAttributeV1Value_AttributeUnion RPC union arm.
It has following labels: 1
func (*SecurityAttributeV1Value_AttributeUnion_Int64) MarshalNDR ¶
func (*SecurityAttributeV1Value_AttributeUnion_Int64) UnmarshalNDR ¶
type SecurityAttributeV1Value_AttributeUnion_String ¶
type SecurityAttributeV1Value_AttributeUnion_String struct {
String *SecurityAttributeStringValue `idl:"name:String" json:"string"`
}
SecurityAttributeV1Value_AttributeUnion_String structure represents SecurityAttributeV1Value_AttributeUnion RPC union arm.
It has following labels: 3
func (*SecurityAttributeV1Value_AttributeUnion_String) MarshalNDR ¶
func (*SecurityAttributeV1Value_AttributeUnion_String) UnmarshalNDR ¶
type SecurityAttributeV1Value_AttributeUnion_Uint64 ¶
type SecurityAttributeV1Value_AttributeUnion_Uint64 struct {
Uint64 uint64 `idl:"name:Uint64" json:"uint64"`
}
SecurityAttributeV1Value_AttributeUnion_Uint64 structure represents SecurityAttributeV1Value_AttributeUnion RPC union arm.
It has following labels: 2, 6
func (*SecurityAttributeV1Value_AttributeUnion_Uint64) MarshalNDR ¶
func (*SecurityAttributeV1Value_AttributeUnion_Uint64) UnmarshalNDR ¶
type SecurityAttributesInformation ¶
type SecurityAttributesInformation struct { // Version: The version of this structure. This value MUST be set to 0x0001. Version uint16 `idl:"name:Version" json:"version"` // AttributeCount: The number of attributes specified by the Attribute member. The // number of attributes MUST be between zero and 1,024, inclusive. AttributeCount uint32 `idl:"name:AttributeCount" json:"attribute_count"` // Attributes: A pointer to an array of AUTHZR_SECURITY_ATTRIBUTE_V1 structures, defined // in section 2.2.3.5. Attributes []*SecurityAttributeV1 `idl:"name:Attributes;size_is:(AttributeCount)" json:"attributes"` // contains filtered or unexported fields }
SecurityAttributesInformation structure represents AUTHZR_SECURITY_ATTRIBUTES_INFORMATION RPC structure.
The AUTHZR_SECURITY_ATTRUBUTES_INFORMATION structure specifies one or more security attributes.
func (*SecurityAttributesInformation) MarshalNDR ¶
func (*SecurityAttributesInformation) UnmarshalNDR ¶
type SelfRelativeSecurityDescriptor ¶
type SelfRelativeSecurityDescriptor struct { // dwLength: The length, in bytes, of the data pointed to in the pSrSd member. Length uint32 `idl:"name:dwLength" json:"length"` // pSrSd: A pointer to a self-relative security descriptor. SelfRelativeSecurityDescriptor []byte `idl:"name:pSrSd;size_is:(dwLength)" json:"self_relative_security_descriptor"` }
SelfRelativeSecurityDescriptor structure represents SR_SD RPC structure.
The SR_SD structure defines a self-relative security descriptor. A self-relative security descriptor contains the security descriptor structure itself and the necessary security information associated with the descriptor.
func (*SelfRelativeSecurityDescriptor) MarshalNDR ¶
func (*SelfRelativeSecurityDescriptor) UnmarshalNDR ¶
type TokenGroups ¶
type TokenGroups struct { // GroupCount: Indicates the number of structures in the Groups array. GroupCount uint32 `idl:"name:GroupCount" json:"group_count"` // Groups: An array of AUTHZR_SID_AND_ATTRIBUTES structures (section 2.2.3.8) representing // groups associated with the token. Groups []*SIDAndAttributes `idl:"name:Groups;size_is:(GroupCount)" json:"groups"` }
TokenGroups structure represents AUTHZR_TOKEN_GROUPS RPC structure.
The AUTHZR_TOKEN_GROUPS structure represents a security identifier (SID) and its attributes.
func (*TokenGroups) MarshalNDR ¶
func (*TokenGroups) NDRSizeInfo ¶
func (o *TokenGroups) NDRSizeInfo() []uint64
func (*TokenGroups) UnmarshalNDR ¶
type TokenUser ¶
type TokenUser struct { // User: Contains an AUTHZR_SID_AND_ATTRIBUTES structure (section 2.2.3.8) representing // the user associated with the access token. User *SIDAndAttributes `idl:"name:User" json:"user"` }
TokenUser structure represents AUTHZR_TOKEN_USER RPC structure.
The AUTHZR_TOKEN_USER structure identifies the user associated with a token.