Documentation
¶
Index ¶
- Variables
- func AuthzrServerHandle(ctx context.Context, o AuthzrServer, opNum int, r ndr.Reader) (dcerpc.Operation, error)
- func NewAuthzrServerHandle(o AuthzrServer) dcerpc.ServerHandle
- func RegisterAuthzrServer(conn dcerpc.Conn, o AuthzrServer, opts ...dcerpc.Option)
- type AccessCheckRequest
- type AccessCheckResponse
- type AccessReply
- type AccessRequest
- type AuthzrClient
- type AuthzrServer
- type ContextInformation
- type ContextInformationClass
- type ContextInformation_ContextInfoUnion
- func (o *ContextInformation_ContextInfoUnion) GetValue() any
- func (o *ContextInformation_ContextInfoUnion) MarshalUnionNDR(ctx context.Context, w ndr.Writer, sw uint16) error
- func (o *ContextInformation_ContextInfoUnion) NDRSwitchValue(sw uint16) uint16
- func (o *ContextInformation_ContextInfoUnion) UnmarshalUnionNDR(ctx context.Context, w ndr.Reader, sw uint16) error
- type ContextInformation_ContextInfoUnion_TokenClaims
- type ContextInformation_ContextInfoUnion_TokenGroups
- type ContextInformation_ContextInfoUnion_TokenUser
- type FreeContextRequest
- type FreeContextResponse
- type GetInformationFromContextRequest
- type GetInformationFromContextResponse
- type Handle
- type InitializeCompoundContextRequest
- type InitializeCompoundContextResponse
- type InitializeContextFromSIDRequest
- type InitializeContextFromSIDResponse
- type ModifyClaimsRequest
- type ModifyClaimsResponse
- type ModifySIDsRequest
- type ModifySIDsResponse
- type SIDAndAttributes
- type SIDOperation
- type SecurityAttributeOperation
- type SecurityAttributeStringValue
- type SecurityAttributeV1
- type SecurityAttributeV1Value
- type SecurityAttributeV1Value_AttributeUnion
- func (o *SecurityAttributeV1Value_AttributeUnion) GetValue() any
- func (o *SecurityAttributeV1Value_AttributeUnion) MarshalUnionNDR(ctx context.Context, w ndr.Writer, sw uint16) error
- func (o *SecurityAttributeV1Value_AttributeUnion) NDRSwitchValue(sw uint16) uint16
- func (o *SecurityAttributeV1Value_AttributeUnion) UnmarshalUnionNDR(ctx context.Context, w ndr.Reader, sw uint16) error
- type SecurityAttributeV1Value_AttributeUnion_Int64
- type SecurityAttributeV1Value_AttributeUnion_String
- type SecurityAttributeV1Value_AttributeUnion_Uint64
- type SecurityAttributesInformation
- type SelfRelativeSecurityDescriptor
- type TokenGroups
- type TokenUser
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // Syntax UUID AuthzrSyntaxUUID = &uuid.UUID{TimeLow: 0xb1c2170, TimeMid: 0x5732, TimeHiAndVersion: 0x4e0e, ClockSeqHiAndReserved: 0x8c, ClockSeqLow: 0xd3, Node: [6]uint8{0xd9, 0xb1, 0x6f, 0x3b, 0x84, 0xd7}} // Syntax ID AuthzrSyntaxV0_0 = &dcerpc.SyntaxID{IfUUID: AuthzrSyntaxUUID, IfVersionMajor: 0, IfVersionMinor: 0} )
View Source
var (
// import guard
GoPackage = "raa"
)
Functions ¶
func AuthzrServerHandle ¶
func NewAuthzrServerHandle ¶
func NewAuthzrServerHandle(o AuthzrServer) dcerpc.ServerHandle
func RegisterAuthzrServer ¶
func RegisterAuthzrServer(conn dcerpc.Conn, o AuthzrServer, opts ...dcerpc.Option)
Types ¶
type AccessCheckRequest ¶
type AccessCheckRequest struct {
// ContextHandle: An AUTHZR_HANDLE structure, as defined in section 2.2.1.1, containing
// the client context handle.
ContextHandle *Handle `idl:"name:ContextHandle" json:"context_handle"`
// Flags: Reserved. This parameter MUST be set to zero.
Flags uint32 `idl:"name:Flags" json:"flags"`
// pRequest: A pointer to an AUTHZR_ACCESS_REQUEST structure, as defined in section
// 2.2.3.2. This structure contains the body of the "what-if" access check request.
Request *AccessRequest `idl:"name:pRequest" json:"request"`
// SecurityDescriptorCount: The number of security descriptors in the pSecurityDescriptors
// parameter, not including the primary security descriptor.
SecurityDescriptorCount uint32 `idl:"name:SecurityDescriptorCount" json:"security_descriptor_count"`
// pSecurityDescriptors: A pointer to an array of SR_SD structures, as defined in section
// 2.2.3.11. The first entry in this array is the primary security descriptor, and it
// will be used as the security descriptor for the AccessCheck evaluation.
SecurityDescriptors []*SelfRelativeSecurityDescriptor `idl:"name:pSecurityDescriptors;size_is:(SecurityDescriptorCount)" json:"security_descriptors"`
// pReply: A pointer to an AUTHZR_ACCESS_REPLY structure, as defined in section 2.2.3.1.
// This parameter will contain the body of the access check response.
Reply *AccessReply `idl:"name:pReply" json:"reply"`
}
AccessCheckRequest structure represents the AuthzrAccessCheck operation request
func (*AccessCheckRequest) MarshalNDR ¶
func (*AccessCheckRequest) UnmarshalNDR ¶
type AccessCheckResponse ¶
type AccessCheckResponse struct {
// pReply: A pointer to an AUTHZR_ACCESS_REPLY structure, as defined in section 2.2.3.1.
// This parameter will contain the body of the access check response.
Reply *AccessReply `idl:"name:pReply" json:"reply"`
// Return: The AuthzrAccessCheck return value.
Return uint32 `idl:"name:Return" json:"return"`
}
AccessCheckResponse structure represents the AuthzrAccessCheck operation response
func (*AccessCheckResponse) MarshalNDR ¶
func (*AccessCheckResponse) UnmarshalNDR ¶
type AccessReply ¶
type AccessReply struct {
// ResultListLength: The number of elements in the GrantedAccessMask and Error arrays.
// This number matches the number of entries in the object type list structure used
// in the access check. The length MUST be between 1 and 256. If no object type is used
// to represent the object, ResultListLength MUST be set to 1.
ResultListLength uint32 `idl:"name:ResultListLength" json:"result_list_length"`
// GrantedAccessMask: A pointer to an array of granted access masks.
GrantedAccessMask []uint32 `idl:"name:GrantedAccessMask;size_is:(ResultListLength)" json:"granted_access_mask"`
// Error: A pointer to an array of DWORD error code results for each element of the
// array.
Error []uint32 `idl:"name:Error;size_is:(ResultListLength)" json:"error"`
}
AccessReply structure represents AUTHZR_ACCESS_REPLY RPC structure.
The AUTHZR_ACCESS_REPLY structure defines the contents of a remote access check reply.
func (*AccessReply) MarshalNDR ¶
func (*AccessReply) UnmarshalNDR ¶
type AccessRequest ¶
type AccessRequest struct {
// DesiredAccess: The type of access to test.
DesiredAccess uint32 `idl:"name:DesiredAccess" json:"desired_access"`
// PrincipalSelfSid: A pointer to the security identifier (SID) to use for the principal
// self SID in the access control list (ACL).
PrincipalSelfSID *dtyp.SID `idl:"name:PrincipalSelfSid" json:"principal_self_sid"`
// ObjectTypeListLength: The number of elements in the ObjectTypeList array.
ObjectTypeListLength uint32 `idl:"name:ObjectTypeListLength" json:"object_type_list_length"`
// ObjectTypeList: A pointer to an array of OBJECT_TYPE_LIST structures in the object
// tree for the object.
ObjectTypeList []*dtyp.ObjectTypeList `idl:"name:ObjectTypeList;size_is:(ObjectTypeListLength)" json:"object_type_list"`
}
AccessRequest structure represents AUTHZR_ACCESS_REQUEST RPC structure.
The AUTHZR_ACCESS_REQUEST structure defines the contents of a remote access check request.
func (*AccessRequest) MarshalNDR ¶
func (*AccessRequest) UnmarshalNDR ¶
type AuthzrClient ¶
type AuthzrClient interface {
// The AuthzrFreeContext method (opnum 0) frees all remote structures and memory associated
// with the client context identified by the ContextHandle parameter.
//
// Return Values:
//
// If the function succeeds, it MUST return 0x00000000.
//
// If the function fails, it MUST return a nonzero 32-bit error code.
//
// When a remote authorization server receives this message, it MUST look up the ClientContext
// structure in the ClientContextTable ADM element and free all structures and memory
// associated with the ClientContext.
FreeContext(context.Context, *FreeContextRequest, ...dcerpc.CallOption) (*FreeContextResponse, error)
// The AuthzrInitializeContextFromSid method (opnum 1) creates a client context from
// a given security identifier (SID). For domain SIDs, token group and claim attributes
// will be retrieved from Active Directory through Kerberos.
//
// Return Values:
//
// If the function succeeds, the function MUST return 0x00000000.
//
// If the function fails, it MUST return a nonzero error code.
InitializeContextFromSID(context.Context, *InitializeContextFromSIDRequest, ...dcerpc.CallOption) (*InitializeContextFromSIDResponse, error)
// The AuthzrInitializeCompoundContext method (opnum 2) creates a compound context from
// two specified context handles.
//
// Return Values:
//
// If the function succeeds, the function MUST return 0x00000000. If the function fails,
// it MUST return a nonzero value.
InitializeCompoundContext(context.Context, *InitializeCompoundContextRequest, ...dcerpc.CallOption) (*InitializeCompoundContextResponse, error)
// The AuthzrAccessCheck method (opnum 3) determines which access bits can be granted
// to a client for a given set of security descriptors. The AUTHZR_ACCESS_REPLY structure
// returns an array of granted access masks and error status.
//
// Return Values:
//
// If the function succeeds, the function MUST return 0x00000000.
//
// If the function fails, it MUST return a nonzero error code.
AccessCheck(context.Context, *AccessCheckRequest, ...dcerpc.CallOption) (*AccessCheckResponse, error)
// The AuthzGetInformationFromContext method (opnum 4) returns information about the
// identified client context.
//
// Return Values:
//
// If the function succeeds, the function MUST return 0x00000000.
//
// If the function fails, it MUST return a nonzero error code value.
GetInformationFromContext(context.Context, *GetInformationFromContextRequest, ...dcerpc.CallOption) (*GetInformationFromContextResponse, error)
// The AuthzrModifyClaims method (opnum 5) modifies information about the identified
// client context.
//
// Return Values:
//
// If the function succeeds, the function MUST return 0x00000000.
//
// If the function fails, it MUST return a nonzero error code value.
ModifyClaims(context.Context, *ModifyClaimsRequest, ...dcerpc.CallOption) (*ModifyClaimsResponse, error)
// The AuthzrModifySids method (opnum 6) modifies the list of SIDs associated with the
// identified client context.
//
// Return Values:
//
// If the function succeeds, it MUST return 0x00000000.
//
// If the function fails, it MUST return a nonzero error code value.
ModifySIDs(context.Context, *ModifySIDsRequest, ...dcerpc.CallOption) (*ModifySIDsResponse, error)
// AlterContext alters the client context.
AlterContext(context.Context, ...dcerpc.Option) error
}
authzr interface.
func NewAuthzrClient ¶
type AuthzrServer ¶
type AuthzrServer interface {
// The AuthzrFreeContext method (opnum 0) frees all remote structures and memory associated
// with the client context identified by the ContextHandle parameter.
//
// Return Values:
//
// If the function succeeds, it MUST return 0x00000000.
//
// If the function fails, it MUST return a nonzero 32-bit error code.
//
// When a remote authorization server receives this message, it MUST look up the ClientContext
// structure in the ClientContextTable ADM element and free all structures and memory
// associated with the ClientContext.
FreeContext(context.Context, *FreeContextRequest) (*FreeContextResponse, error)
// The AuthzrInitializeContextFromSid method (opnum 1) creates a client context from
// a given security identifier (SID). For domain SIDs, token group and claim attributes
// will be retrieved from Active Directory through Kerberos.
//
// Return Values:
//
// If the function succeeds, the function MUST return 0x00000000.
//
// If the function fails, it MUST return a nonzero error code.
InitializeContextFromSID(context.Context, *InitializeContextFromSIDRequest) (*InitializeContextFromSIDResponse, error)
// The AuthzrInitializeCompoundContext method (opnum 2) creates a compound context from
// two specified context handles.
//
// Return Values:
//
// If the function succeeds, the function MUST return 0x00000000. If the function fails,
// it MUST return a nonzero value.
InitializeCompoundContext(context.Context, *InitializeCompoundContextRequest) (*InitializeCompoundContextResponse, error)
// The AuthzrAccessCheck method (opnum 3) determines which access bits can be granted
// to a client for a given set of security descriptors. The AUTHZR_ACCESS_REPLY structure
// returns an array of granted access masks and error status.
//
// Return Values:
//
// If the function succeeds, the function MUST return 0x00000000.
//
// If the function fails, it MUST return a nonzero error code.
AccessCheck(context.Context, *AccessCheckRequest) (*AccessCheckResponse, error)
// The AuthzGetInformationFromContext method (opnum 4) returns information about the
// identified client context.
//
// Return Values:
//
// If the function succeeds, the function MUST return 0x00000000.
//
// If the function fails, it MUST return a nonzero error code value.
GetInformationFromContext(context.Context, *GetInformationFromContextRequest) (*GetInformationFromContextResponse, error)
// The AuthzrModifyClaims method (opnum 5) modifies information about the identified
// client context.
//
// Return Values:
//
// If the function succeeds, the function MUST return 0x00000000.
//
// If the function fails, it MUST return a nonzero error code value.
ModifyClaims(context.Context, *ModifyClaimsRequest) (*ModifyClaimsResponse, error)
// The AuthzrModifySids method (opnum 6) modifies the list of SIDs associated with the
// identified client context.
//
// Return Values:
//
// If the function succeeds, it MUST return 0x00000000.
//
// If the function fails, it MUST return a nonzero error code value.
ModifySIDs(context.Context, *ModifySIDsRequest) (*ModifySIDsResponse, error)
}
authzr server interface.
type ContextInformation ¶
type ContextInformation struct {
// ValueType: Identifies the type of the ContextInfoUnion member.
//
// +-------------------------------------------------------------------+----------------------------------------------------------------------------------+
// | | |
// | VALUE | MEANING |
// | | |
// +-------------------------------------------------------------------+----------------------------------------------------------------------------------+
// +-------------------------------------------------------------------+----------------------------------------------------------------------------------+
// | 0x0001 (user) | ContextInfoUnion contains an AUTHZR_TOKEN_USER structure, as specified in |
// | | section 2.2.3.10. |
// +-------------------------------------------------------------------+----------------------------------------------------------------------------------+
// | 0x0002 (groups) 0x0003 (restricted groups) 0x000C (device groups) | ContextInfoUnion contains an AUTHZR_TOKEN_GROUPS structure, as specified in |
// | | section 2.2.3.9. |
// +-------------------------------------------------------------------+----------------------------------------------------------------------------------+
// | 0x000D (user claim) 0x000E (device claim) | ContextInfoUnion contains an AUTHZR_SECURITY_ATTRIBUTES_INFORMATION structure, |
// | | as specified in section 2.2.3.7. |
// +-------------------------------------------------------------------+----------------------------------------------------------------------------------+
ValueType uint16 `idl:"name:ValueType" json:"value_type"`
// ContextInfoUnion: A pointer to an AUTHZR_TOKEN_USER, AUTHZR_TOKEN_GROUPS, or AUTHZR_SECURITY_ATTRIBUTES_INFORMATION
// structure, depending on the value of ValueType.
ContextInfoUnion *ContextInformation_ContextInfoUnion `idl:"name:ContextInfoUnion;switch_is:ValueType" json:"context_info_union"`
}
ContextInformation structure represents AUTHZR_CONTEXT_INFORMATION RPC structure.
The AUTHZR_CONTEXT_INFORMATION structure contains security information about a principal.
func (*ContextInformation) MarshalNDR ¶
func (*ContextInformation) UnmarshalNDR ¶
type ContextInformationClass ¶
type ContextInformationClass uint16
ContextInformationClass type represents AUTHZ_CONTEXT_INFORMATION_CLASS RPC enumeration.
The AUTHZ_CONTEXT_INFORMATION_CLASS enumeration is used to indicate security attributes of a principal represented by an AUTHZR_HANDLE.
var ( // AuthzContextInfoUserSid: Indicates the principal's user SID and its attribute. ContextInformationClassUserSID ContextInformationClass = 1 // AuthzContextInfoGroupsSids: Indicates the groups to which the principal belongs and // their attributes. ContextInformationClassGroupsSIDs ContextInformationClass = 2 // AuthzContextInfoRestrictedSids: Indicates the restricted SIDs in the principal's // security context and their attributes. ContextInformationClassRestrictedSIDs ContextInformationClass = 3 // ReservedEnumValue4: Not used. ContextInformationClassReservedEnumValue4 ContextInformationClass = 4 // ReservedEnumValue5: Not used. ContextInformationClassReservedEnumValue5 ContextInformationClass = 5 // ReservedEnumValue6: Not used. ContextInformationClassReservedEnumValue6 ContextInformationClass = 6 // ReservedEnumValue7: Not used. ContextInformationClassReservedEnumValue7 ContextInformationClass = 7 // ReservedEnumValue8: Not used. ContextInformationClassReservedEnumValue8 ContextInformationClass = 8 // ReservedEnumValue9: Not used. ContextInformationClassReservedEnumValue9 ContextInformationClass = 9 // ReservedEnumValue10: Not used. ContextInformationClassReservedEnumValue10 ContextInformationClass = 10 // ReservedEnumValue11: Not used. ContextInformationClassReservedEnumValue11 ContextInformationClass = 11 // AuthzContextInfoDeviceSids: Indicates the groups to which the device principal belongs // and their attributes. ContextInformationClassDeviceSIDs ContextInformationClass = 12 // AuthzContextInfoUserClaims: Indicates the user's security attributes information. ContextInformationClassUserClaims ContextInformationClass = 13 // AuthzContextInfoDeviceClaims: Indicates the device's security attributes information. ContextInformationClassDeviceClaims ContextInformationClass = 14 // ReservedEnumValue15: Not used. ContextInformationClassReservedEnumValue15 ContextInformationClass = 15 // ReservedEnumValue16: Not used. ContextInformationClassReservedEnumValue16 ContextInformationClass = 16 )
func (ContextInformationClass) String ¶
func (o ContextInformationClass) String() string
type ContextInformation_ContextInfoUnion ¶
type ContextInformation_ContextInfoUnion struct {
// Types that are assignable to Value
//
// *ContextInformation_ContextInfoUnion_TokenUser
// *ContextInformation_ContextInfoUnion_TokenGroups
// *ContextInformation_ContextInfoUnion_TokenClaims
Value is_ContextInformation_ContextInfoUnion `json:"value"`
}
ContextInformation_ContextInfoUnion structure represents AUTHZR_CONTEXT_INFORMATION union anonymous member.
The AUTHZR_CONTEXT_INFORMATION structure contains security information about a principal.
func (*ContextInformation_ContextInfoUnion) GetValue ¶
func (o *ContextInformation_ContextInfoUnion) GetValue() any
func (*ContextInformation_ContextInfoUnion) MarshalUnionNDR ¶
func (*ContextInformation_ContextInfoUnion) NDRSwitchValue ¶
func (o *ContextInformation_ContextInfoUnion) NDRSwitchValue(sw uint16) uint16
func (*ContextInformation_ContextInfoUnion) UnmarshalUnionNDR ¶
type ContextInformation_ContextInfoUnion_TokenClaims ¶
type ContextInformation_ContextInfoUnion_TokenClaims struct {
TokenClaims *SecurityAttributesInformation `idl:"name:pTokenClaims" json:"token_claims"`
}
ContextInformation_ContextInfoUnion_TokenClaims structure represents ContextInformation_ContextInfoUnion RPC union arm.
It has following labels: 13, 14
func (*ContextInformation_ContextInfoUnion_TokenClaims) MarshalNDR ¶
func (*ContextInformation_ContextInfoUnion_TokenClaims) UnmarshalNDR ¶
type ContextInformation_ContextInfoUnion_TokenGroups ¶
type ContextInformation_ContextInfoUnion_TokenGroups struct {
TokenGroups *TokenGroups `idl:"name:pTokenGroups" json:"token_groups"`
}
ContextInformation_ContextInfoUnion_TokenGroups structure represents ContextInformation_ContextInfoUnion RPC union arm.
It has following labels: 2, 3, 12
func (*ContextInformation_ContextInfoUnion_TokenGroups) MarshalNDR ¶
func (*ContextInformation_ContextInfoUnion_TokenGroups) UnmarshalNDR ¶
type ContextInformation_ContextInfoUnion_TokenUser ¶
type ContextInformation_ContextInfoUnion_TokenUser struct {
TokenUser *TokenUser `idl:"name:pTokenUser" json:"token_user"`
}
ContextInformation_ContextInfoUnion_TokenUser structure represents ContextInformation_ContextInfoUnion RPC union arm.
It has following labels: 1
func (*ContextInformation_ContextInfoUnion_TokenUser) MarshalNDR ¶
func (*ContextInformation_ContextInfoUnion_TokenUser) UnmarshalNDR ¶
type FreeContextRequest ¶
type FreeContextRequest struct {
// ContextHandle: A pointer to an AUTHZR_HANDLE structure, as defined in section 2.2.1.1.
// This handle indicates the client context to be freed.
ContextHandle *Handle `idl:"name:ContextHandle" json:"context_handle"`
}
FreeContextRequest structure represents the AuthzrFreeContext operation request
func (*FreeContextRequest) MarshalNDR ¶
func (*FreeContextRequest) UnmarshalNDR ¶
type FreeContextResponse ¶
type FreeContextResponse struct {
// ContextHandle: A pointer to an AUTHZR_HANDLE structure, as defined in section 2.2.1.1.
// This handle indicates the client context to be freed.
ContextHandle *Handle `idl:"name:ContextHandle" json:"context_handle"`
// Return: The AuthzrFreeContext return value.
Return uint32 `idl:"name:Return" json:"return"`
}
FreeContextResponse structure represents the AuthzrFreeContext operation response
func (*FreeContextResponse) MarshalNDR ¶
func (*FreeContextResponse) UnmarshalNDR ¶
type GetInformationFromContextRequest ¶
type GetInformationFromContextRequest struct {
// ContextHandle: An AUTHZR_HANDLE structure, as defined in section 2.2.1.1. Represents
// the client context to retrieve information from.
ContextHandle *Handle `idl:"name:ContextHandle" json:"context_handle"`
// InfoClass: An AUTHZ_CONTEXT_INFORMATION_CLASS enumeration, as defined in section
// 2.2.2.1. Possible values for this field are specified in section 2.2.2.1.
InfoClass ContextInformationClass `idl:"name:InfoClass" json:"info_class"`
}
GetInformationFromContextRequest structure represents the AuthzGetInformationFromContext operation request
func (*GetInformationFromContextRequest) MarshalNDR ¶
func (*GetInformationFromContextRequest) UnmarshalNDR ¶
type GetInformationFromContextResponse ¶
type GetInformationFromContextResponse struct {
// ppContextInformation: A two-layer pointer to an AUTHZR_CONTEXT_INFORMATION structure,
// as defined in section 2.2.3.3. Used to return the context information.
ContextInformation *ContextInformation `idl:"name:ppContextInformation" json:"context_information"`
// Return: The AuthzGetInformationFromContext return value.
Return uint32 `idl:"name:Return" json:"return"`
}
GetInformationFromContextResponse structure represents the AuthzGetInformationFromContext operation response
func (*GetInformationFromContextResponse) MarshalNDR ¶
func (*GetInformationFromContextResponse) UnmarshalNDR ¶
type Handle ¶
type Handle dcetypes.ContextHandle
Handle structure represents AUTHZR_HANDLE RPC structure.
func (*Handle) ContextHandle ¶
func (o *Handle) ContextHandle() *dcetypes.ContextHandle
type InitializeCompoundContextRequest ¶
type InitializeCompoundContextRequest struct {
// UserContextHandle: An AUTHZR_HANDLE structure, as defined in section 2.2.1.1, that
// represents the user context for the compound context.
User *Handle `idl:"name:UserContextHandle" json:"user"`
// DeviceContextHandle: An AUTHZR_HANDLE structure, as defined in section 2.2.1.1, that
// represents the device context for the compound context.
Device *Handle `idl:"name:DeviceContextHandle" json:"device"`
}
InitializeCompoundContextRequest structure represents the AuthzrInitializeCompoundContext operation request
func (*InitializeCompoundContextRequest) MarshalNDR ¶
func (*InitializeCompoundContextRequest) UnmarshalNDR ¶
type InitializeCompoundContextResponse ¶
type InitializeCompoundContextResponse struct {
// CompoundContextHandle: A pointer to an AUTHZR_HANDLE structure, as defined in section
// 2.2.1.1.
Compound *Handle `idl:"name:CompoundContextHandle" json:"compound"`
// Return: The AuthzrInitializeCompoundContext return value.
Return uint32 `idl:"name:Return" json:"return"`
}
InitializeCompoundContextResponse structure represents the AuthzrInitializeCompoundContext operation response
func (*InitializeCompoundContextResponse) MarshalNDR ¶
func (*InitializeCompoundContextResponse) UnmarshalNDR ¶
type InitializeContextFromSIDRequest ¶
type InitializeContextFromSIDRequest struct {
// Flags: Indicates the type of logon behavior when initializing the client context.
// The following flags are defined.
//
// +---------------------------------------+----------------------------------------------------------------------------------+
// | | |
// | VALUE | DESCRIPTION |
// | | |
// +---------------------------------------+----------------------------------------------------------------------------------+
// +---------------------------------------+----------------------------------------------------------------------------------+
// | 0x00000000 | When no flags are set, AuthzInitializeContextFromSid attempts to retrieve the |
// | | user's token group information by performing an S4U logon. |
// +---------------------------------------+----------------------------------------------------------------------------------+
// | AUTHZ_COMPUTE_PRIVILEGES (0x00000008) | AuthzInitializeContextFromSid retrieves privileges for the new context. If |
// | | this function performs an S4U logon, it retrieves privileges from the token. |
// | | Otherwise, it retrieves privileges from all SIDs in the context. |
// +---------------------------------------+----------------------------------------------------------------------------------+
Flags uint32 `idl:"name:Flags" json:"flags"`
// Sid: A pointer to the SID of the principal for whom a remote client context will
// be created. This MUST be a valid user or computer account.
SID *dtyp.SID `idl:"name:Sid" json:"sid"`
// pExpirationTime: Reserved. This parameter MUST be set to NULL when sent and MUST
// be ignored when received.
ExpirationTime *dtyp.LargeInteger `idl:"name:pExpirationTime;pointer:unique" json:"expiration_time"`
// Identifier: Reserved. This parameter MUST be set to zero when sent and MUST be
// ignored when received.
ID *dtyp.LUID `idl:"name:Identifier" json:"id"`
}
InitializeContextFromSIDRequest structure represents the AuthzrInitializeContextFromSid operation request
func (*InitializeContextFromSIDRequest) MarshalNDR ¶
func (*InitializeContextFromSIDRequest) UnmarshalNDR ¶
type InitializeContextFromSIDResponse ¶
type InitializeContextFromSIDResponse struct {
// ContextHandle: A pointer to an AUTHZR_HANDLE structure, as defined in section 2.2.1.1.
ContextHandle *Handle `idl:"name:ContextHandle" json:"context_handle"`
// Return: The AuthzrInitializeContextFromSid return value.
Return uint32 `idl:"name:Return" json:"return"`
}
InitializeContextFromSIDResponse structure represents the AuthzrInitializeContextFromSid operation response
func (*InitializeContextFromSIDResponse) MarshalNDR ¶
func (*InitializeContextFromSIDResponse) UnmarshalNDR ¶
type ModifyClaimsRequest ¶
type ModifyClaimsRequest struct {
// ContextHandle: An AUTHZR_HANDLE structure, as defined in section 2.2.1.1. Represents
// the client context to modify.
ContextHandle *Handle `idl:"name:ContextHandle" json:"context_handle"`
// ClaimClass: An AUTHZ_CONTEXT_INFORMATION_CLASS enumeration, as defined in section
// 2.2.2.1. Indicates the claim class.
ClaimClass ContextInformationClass `idl:"name:ClaimClass" json:"claim_class"`
// OperationCount: The number of operations to be performed.
OperationCount uint32 `idl:"name:OperationCount" json:"operation_count"`
// pClaimOperations: A pointer to an array of AUTHZ_SECURITY_ATTRIBUTE_OPERATION enumerations,
// as defined in section 2.2.2.2. Specifies the operations to be performed on each claim.
ClaimOperations []SecurityAttributeOperation `idl:"name:pClaimOperations;size_is:(OperationCount)" json:"claim_operations"`
// pClaims: A pointer to an array of AUTHZR_SECURITY_ATTRIBUTES_INFORMATION structures,
// as defined in section 2.2.3.7. Contains the claim(s) used to modify the client context.
Claims *SecurityAttributesInformation `idl:"name:pClaims;pointer:unique" json:"claims"`
}
ModifyClaimsRequest structure represents the AuthzrModifyClaims operation request
func (*ModifyClaimsRequest) MarshalNDR ¶
func (*ModifyClaimsRequest) UnmarshalNDR ¶
type ModifyClaimsResponse ¶
type ModifyClaimsResponse struct {
// Return: The AuthzrModifyClaims return value.
Return uint32 `idl:"name:Return" json:"return"`
}
ModifyClaimsResponse structure represents the AuthzrModifyClaims operation response
func (*ModifyClaimsResponse) MarshalNDR ¶
func (*ModifyClaimsResponse) UnmarshalNDR ¶
type ModifySIDsRequest ¶
type ModifySIDsRequest struct {
// ContextHandle: An AUTHZR_HANDLE structure, as defined in section 2.2.1.1, representing
// the client context to be modified.
ContextHandle *Handle `idl:"name:ContextHandle" json:"context_handle"`
// SidClass: An AUTHZ_CONTEXT_INFORMATION_CLASS enumeration value, as defined in section
// 2.2.2.1, indicating the SID class.
SIDClass ContextInformationClass `idl:"name:SidClass" json:"sid_class"`
// OperationCount: The number of operations to be performed.
OperationCount uint32 `idl:"name:OperationCount" json:"operation_count"`
// pSidOperations: A pointer to an array of AUTHZ_SID_OPERATION enumeration values that
// specify the group modifications to be made.
SIDOperations []SIDOperation `idl:"name:pSidOperations;size_is:(OperationCount)" json:"sid_operations"`
// pSids: A pointer to an AUTHZR_TOKEN_GROUPS structure, as defined in section 2.2.3.9,
// specifying the groups to be modified.
SIDs *TokenGroups `idl:"name:pSids;pointer:unique" json:"sids"`
}
ModifySIDsRequest structure represents the AuthzrModifySids operation request
func (*ModifySIDsRequest) MarshalNDR ¶
func (*ModifySIDsRequest) UnmarshalNDR ¶
type ModifySIDsResponse ¶
type ModifySIDsResponse struct {
// Return: The AuthzrModifySids return value.
Return uint32 `idl:"name:Return" json:"return"`
}
ModifySIDsResponse structure represents the AuthzrModifySids operation response
func (*ModifySIDsResponse) MarshalNDR ¶
func (*ModifySIDsResponse) UnmarshalNDR ¶
type SIDAndAttributes ¶
type SIDAndAttributes struct {
// Sid: A SID structure, as specified in [MS-DTYP] section 2.4.2.3. This is a pass-through
// value and SHOULD NOT be interpreted by the RAZA protocol.
SID *dtyp.SID `idl:"name:Sid" json:"sid"`
// Attributes: Specifies attributes associated with the SID. This is a pass-through
// value and SHOULD NOT be interpreted by the RAZA protocol.
Attributes uint32 `idl:"name:Attributes" json:"attributes"`
}
SIDAndAttributes structure represents AUTHZR_SID_AND_ATTRIBUTES RPC structure.
The AUTHZR_SID_AND_ATTRIBUTES structure contains information about the security identifiers (SIDs) in a token.
func (*SIDAndAttributes) MarshalNDR ¶
func (*SIDAndAttributes) UnmarshalNDR ¶
type SIDOperation ¶
type SIDOperation uint16
SIDOperation type represents AUTHZ_SID_OPERATION RPC enumeration.
The AUTHZ_SID_OPERATION enumeration indicates the type of SID operations that can be made by a call to the AuthzrModifySids operation (section 3.1.4.7).
var ( // AUTHZ_SID_OPERATION_NONE: Do not modify anything. SIDOperationNone SIDOperation = 0 // AUTHZ_SID_OPERATION_REPLACE_ALL: Replace the existing SIDs with the specified SIDs. // If replacement SIDs are not specified, delete the existing SIDs. This operation can // be specified only once and must be the only operation specified. SIDOperationReplaceAll SIDOperation = 1 // AUTHZ_SID_OPERATION_ADD: Add a new SID. If the SID already exists, fail the call. SIDOperationAdd SIDOperation = 2 // AUTHZ_SID_OPERATION_DELETE: Delete the specified SID. If the specified SID is not // found, fail the call without taking action. SIDOperationDelete SIDOperation = 3 // AUTHZ_SID_OPERATION_REPLACE: Replace the existing SID with the specified SID. If // the SID does not exist, add the specified SID. SIDOperationReplace SIDOperation = 4 )
func (SIDOperation) String ¶
func (o SIDOperation) String() string
type SecurityAttributeOperation ¶
type SecurityAttributeOperation uint16
SecurityAttributeOperation type represents AUTHZ_SECURITY_ATTRIBUTE_OPERATION RPC enumeration.
The AUTHZ_SECURITY_ATTRIBUTE_OPERATION enumeration structure is used with the AuthzrModifyClaims operation (section 3.1.4.6) to identify operation types on a client context object.
var ( // AUTHZ_SECURITY_ATTRIBUTE_OPERATION_NONE: No operation will be performed. SecurityAttributeOperationNone SecurityAttributeOperation = 0 // AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE_ALL: The ImpersonationAccessToken on the // specified client context will be replaced. SecurityAttributeOperationReplaceAll SecurityAttributeOperation = 1 // AUTHZ_SECURITY_ATTRIBUTE_OPERATION_ADD: A new claim will be added to the server's // ImpersonationAccessToken associated with the specified client context. SecurityAttributeOperationAdd SecurityAttributeOperation = 2 // AUTHZ_SECURITY_ATTRIBUTE_OPERATION_DELETE: An existing claim will be deleted from // the ImpersonationAccessToken array associated with the specified client context if // it is present in that array. SecurityAttributeOperationDelete SecurityAttributeOperation = 3 // AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE: An existing claim will be replaced in // the ImpersonationAccessToken array associated with the specified client context if // it is present in the array. SecurityAttributeOperationReplace SecurityAttributeOperation = 4 )
func (SecurityAttributeOperation) String ¶
func (o SecurityAttributeOperation) String() string
type SecurityAttributeStringValue ¶
type SecurityAttributeStringValue struct {
// Length: The length of the string in the Value parameter.
Length uint32 `idl:"name:Length" json:"length"`
// Value: A Unicode string containing the pass-through string value of the claim.
Value string `idl:"name:Value;size_is:(Length);string" json:"value"`
}
SecurityAttributeStringValue structure represents AUTHZR_SECURITY_ATTRIBUTE_STRING_VALUE RPC structure.
The AUTHZR_SECURITY_ATTRIBUTE_STRING_VALUE structure contains the string value of a claim.
func (*SecurityAttributeStringValue) MarshalNDR ¶
func (*SecurityAttributeStringValue) UnmarshalNDR ¶
type SecurityAttributeV1 ¶
type SecurityAttributeV1 struct {
// Length: The length of the Value parameter, in bytes. MUST be between 2 and 256.
Length uint32 `idl:"name:Length" json:"length"`
// Value: A Unicode string containing the security value. This string MUST be between
// 2 and 256 bytes in length, inclusive.
Value string `idl:"name:Value;size_is:(Length);string" json:"value"`
// ValueType: A union tag value indicating the type of information contained in Values
// member.
ValueType uint16 `idl:"name:ValueType" json:"value_type"`
// Flags: MUST be zero or a combination of one or more of the following values.
//
// +----------------------------------------------------------+----------------------------------------------------------------------------------+
// | | |
// | VALUE | DESCRIPTION |
// | | |
// +----------------------------------------------------------+----------------------------------------------------------------------------------+
// +----------------------------------------------------------+----------------------------------------------------------------------------------+
// | AUTHZ_SECURITY_ATTRIBUTE_NON_INHERITABLE 0x00000001 | This security attribute is not inherited across processes. |
// +----------------------------------------------------------+----------------------------------------------------------------------------------+
// | AUTHZ_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE 0x00000002 | The value of the attribute is case sensitive. This flag is valid for values that |
// | | contain string types. |
// +----------------------------------------------------------+----------------------------------------------------------------------------------+
Flags uint32 `idl:"name:Flags" json:"flags"`
// ValueCount: The number of attribute and value pairs pointed to by the Values member.
// The number of attribute and value pairs MUST be between 0 and 1,024, inclusive.
ValueCount uint32 `idl:"name:ValueCount" json:"value_count"`
// Values: An array of AUTHZR_SECURITY_ATTRIBUTE_V1_VALUE structures, as defined in
// section 2.2.3.6. Each structure contains a security attribute and value pair.
Values []*SecurityAttributeV1Value `idl:"name:Values;size_is:(ValueCount)" json:"values"`
// contains filtered or unexported fields
}
SecurityAttributeV1 structure represents AUTHZR_SECURITY_ATTRIBUTE_V1 RPC structure.
The AUTHZR_SECURITY_ATTRIBUTE_V1 structure specifies one or more security attribute and value pairs that are associated with a remote authorization context.
func (*SecurityAttributeV1) MarshalNDR ¶
func (*SecurityAttributeV1) UnmarshalNDR ¶
type SecurityAttributeV1Value ¶
type SecurityAttributeV1Value struct {
// ValueType: Identifies the type of the AttributeUnion member.
//
// +----------------+----------------------------------------------------------------------------------+
// | | |
// | VALUE | MEANING |
// | | |
// +----------------+----------------------------------------------------------------------------------+
// +----------------+----------------------------------------------------------------------------------+
// | 0x0001 | AttributeUnion contains a LONG64 value. |
// +----------------+----------------------------------------------------------------------------------+
// | 0x0002, 0x0006 | AttributeUnion contains a ULONG64 value. |
// +----------------+----------------------------------------------------------------------------------+
// | 0x0003 | AttributeUnion contains an AUTHZR_SECURITY_ATTRIBUTE_STRING_VALUE structure, as |
// | | specified in section 2.2.3.4. |
// +----------------+----------------------------------------------------------------------------------+
ValueType uint16 `idl:"name:ValueType" json:"value_type"`
// AttributeUnion: A LONG64, ULONG64, or AUTHZR_SECURITY_ATTRIBUTE_STRING_VALUE, depending
// on the value of ValueType.
AttributeUnion *SecurityAttributeV1Value_AttributeUnion `idl:"name:AttributeUnion;switch_is:ValueType" json:"attribute_union"`
}
SecurityAttributeV1Value structure represents AUTHZR_SECURITY_ATTRIBUTE_V1_VALUE RPC structure.
The AUTHZR_SECURITY_ATTRIBUTE_V1_VALUE structure defines a claim.
func (*SecurityAttributeV1Value) MarshalNDR ¶
func (*SecurityAttributeV1Value) UnmarshalNDR ¶
type SecurityAttributeV1Value_AttributeUnion ¶
type SecurityAttributeV1Value_AttributeUnion struct {
// Types that are assignable to Value
//
// *SecurityAttributeV1Value_AttributeUnion_Int64
// *SecurityAttributeV1Value_AttributeUnion_Uint64
// *SecurityAttributeV1Value_AttributeUnion_String
Value is_SecurityAttributeV1Value_AttributeUnion `json:"value"`
}
SecurityAttributeV1Value_AttributeUnion structure represents AUTHZR_SECURITY_ATTRIBUTE_V1_VALUE union anonymous member.
The AUTHZR_SECURITY_ATTRIBUTE_V1_VALUE structure defines a claim.
func (*SecurityAttributeV1Value_AttributeUnion) GetValue ¶
func (o *SecurityAttributeV1Value_AttributeUnion) GetValue() any
func (*SecurityAttributeV1Value_AttributeUnion) MarshalUnionNDR ¶
func (*SecurityAttributeV1Value_AttributeUnion) NDRSwitchValue ¶
func (o *SecurityAttributeV1Value_AttributeUnion) NDRSwitchValue(sw uint16) uint16
func (*SecurityAttributeV1Value_AttributeUnion) UnmarshalUnionNDR ¶
type SecurityAttributeV1Value_AttributeUnion_Int64 ¶
type SecurityAttributeV1Value_AttributeUnion_Int64 struct {
Int64 int64 `idl:"name:Int64" json:"int64"`
}
SecurityAttributeV1Value_AttributeUnion_Int64 structure represents SecurityAttributeV1Value_AttributeUnion RPC union arm.
It has following labels: 1
func (*SecurityAttributeV1Value_AttributeUnion_Int64) MarshalNDR ¶
func (*SecurityAttributeV1Value_AttributeUnion_Int64) UnmarshalNDR ¶
type SecurityAttributeV1Value_AttributeUnion_String ¶
type SecurityAttributeV1Value_AttributeUnion_String struct {
String *SecurityAttributeStringValue `idl:"name:String" json:"string"`
}
SecurityAttributeV1Value_AttributeUnion_String structure represents SecurityAttributeV1Value_AttributeUnion RPC union arm.
It has following labels: 3
func (*SecurityAttributeV1Value_AttributeUnion_String) MarshalNDR ¶
func (*SecurityAttributeV1Value_AttributeUnion_String) UnmarshalNDR ¶
type SecurityAttributeV1Value_AttributeUnion_Uint64 ¶
type SecurityAttributeV1Value_AttributeUnion_Uint64 struct {
Uint64 uint64 `idl:"name:Uint64" json:"uint64"`
}
SecurityAttributeV1Value_AttributeUnion_Uint64 structure represents SecurityAttributeV1Value_AttributeUnion RPC union arm.
It has following labels: 2, 6
func (*SecurityAttributeV1Value_AttributeUnion_Uint64) MarshalNDR ¶
func (*SecurityAttributeV1Value_AttributeUnion_Uint64) UnmarshalNDR ¶
type SecurityAttributesInformation ¶
type SecurityAttributesInformation struct {
// Version: The version of this structure. This value MUST be set to 0x0001.
Version uint16 `idl:"name:Version" json:"version"`
// AttributeCount: The number of attributes specified by the Attribute member. The
// number of attributes MUST be between zero and 1,024, inclusive.
AttributeCount uint32 `idl:"name:AttributeCount" json:"attribute_count"`
// Attributes: A pointer to an array of AUTHZR_SECURITY_ATTRIBUTE_V1 structures, defined
// in section 2.2.3.5.
Attributes []*SecurityAttributeV1 `idl:"name:Attributes;size_is:(AttributeCount)" json:"attributes"`
// contains filtered or unexported fields
}
SecurityAttributesInformation structure represents AUTHZR_SECURITY_ATTRIBUTES_INFORMATION RPC structure.
The AUTHZR_SECURITY_ATTRUBUTES_INFORMATION structure specifies one or more security attributes.
func (*SecurityAttributesInformation) MarshalNDR ¶
func (*SecurityAttributesInformation) UnmarshalNDR ¶
type SelfRelativeSecurityDescriptor ¶
type SelfRelativeSecurityDescriptor struct {
// dwLength: The length, in bytes, of the data pointed to in the pSrSd member.
Length uint32 `idl:"name:dwLength" json:"length"`
// pSrSd: A pointer to a self-relative security descriptor.
SelfRelativeSecurityDescriptor []byte `idl:"name:pSrSd;size_is:(dwLength)" json:"self_relative_security_descriptor"`
}
SelfRelativeSecurityDescriptor structure represents SR_SD RPC structure.
The SR_SD structure defines a self-relative security descriptor. A self-relative security descriptor contains the security descriptor structure itself and the necessary security information associated with the descriptor.
func (*SelfRelativeSecurityDescriptor) MarshalNDR ¶
func (*SelfRelativeSecurityDescriptor) UnmarshalNDR ¶
type TokenGroups ¶
type TokenGroups struct {
// GroupCount: Indicates the number of structures in the Groups array.
GroupCount uint32 `idl:"name:GroupCount" json:"group_count"`
// Groups: An array of AUTHZR_SID_AND_ATTRIBUTES structures (section 2.2.3.8) representing
// groups associated with the token.
Groups []*SIDAndAttributes `idl:"name:Groups;size_is:(GroupCount)" json:"groups"`
}
TokenGroups structure represents AUTHZR_TOKEN_GROUPS RPC structure.
The AUTHZR_TOKEN_GROUPS structure represents a security identifier (SID) and its attributes.
func (*TokenGroups) MarshalNDR ¶
func (*TokenGroups) NDRSizeInfo ¶
func (o *TokenGroups) NDRSizeInfo() []uint64
func (*TokenGroups) UnmarshalNDR ¶
type TokenUser ¶
type TokenUser struct {
// User: Contains an AUTHZR_SID_AND_ATTRIBUTES structure (section 2.2.3.8) representing
// the user associated with the access token.
User *SIDAndAttributes `idl:"name:User" json:"user"`
}
TokenUser structure represents AUTHZR_TOKEN_USER RPC structure.
The AUTHZR_TOKEN_USER structure identifies the user associated with a token.
func (*TokenUser) MarshalNDR ¶
Source Files
Click to show internal directories.
Click to hide internal directories.