On Mon, 18 Nov 2024 17:26:12 +0100 Corinna Vinschen wrote: > On Nov 16 00:21, Takashi Yano via Cygwin wrote: > > I built a test program, whose important part is: > > > > AUTHZ_RESOURCE_MANAGER_HANDLE hManager = NULL; > > AUTHZ_CLIENT_CONTEXT_HANDLE hClient = NULL; > > AUTHZ_ACCESS_REQUEST AccessRequest = {0}; > > AUTHZ_ACCESS_REPLY AccessReply = {0}; > > > > AUTHZ_RPC_INIT_INFO_CLIENT authzRpcInitInfoClient = {0}; > > > > WCHAR ObjectUuid[] = L"9a81c2bd-a525-471d-a4ed-49907c0b23da"; > > WCHAR ProtSeq[] = L"ncacn_ip_tcp"; > > WCHAR NetworkAddr[] = L"localhost"; > > WCHAR Endpoint[] = L"135"; > > > > authzRpcInitInfoClient.version = AUTHZ_INIT_INFO_VERSION_V1; > > authzRpcInitInfoClient.ObjectUuid = ObjectUuid; > > authzRpcInitInfoClient.ProtSeq = ProtSeq; > > authzRpcInitInfoClient.NetworkAddr = NetworkAddr; > > authzRpcInitInfoClient.Endpoint = Endpoint; > > > > AuthzInitializeRemoteResourceManager (&authzRpcInitInfoClient, &hManager); > > > > char buf[1024]; > > PTOKEN_USER pTokenUser = (PTOKEN_USER) buf; > > DWORD len; > > > > GetTokenInformation(hToken, TokenUser, pTokenUser, 1024, &len); > > > > LUID luid = {0,}; > > AuthzInitializeContextFromSid(0, pTokenUser->User.Sid, hManager, > > NULL, luid, NULL, &hClient); > > > > > > This test code fails at AuthzInitializeContextFromSid() with > > RPC_S_UNKNOWN_IF. If AuthzInitializeRemoteResourceManager() > > is replaced with AuthzInitializeResourceManager(), the error > > does not occur. > > > > I searched the combination of AuthzInitializeContextFromSid() > > and RPC_S_UNKNOWN_IF, however nothing was found. > > RPC_S_UNKNOWN_IF means "unknown interface". I assume this error has > nothing to do with AuthzInitializeContextFromSid(), but with the > AuthzInitializeRemoteResourceManager() call. > > What I failed, though, is to find a working example for > AuthzInitializeRemoteResourceManager(). > > > Any suggestion would be appreciated. > > As I said in my previous posting, maybe we don't really need > AuthzInitializeRemoteResourceManager(). > > We can safely assume that the current user is already authorized on the > SMB server. So... shouldn't AuthzInitializeResourceManager be > sufficient and the code from class authz_ctx already does what we want? > We may just have to use in in place of calling NtCheckAccess(), > maybe with a tweak or two... I already tried AuthzInitializeResourceManager(), but the result was the same with current implementation... BTW, I come up with another implementation. This make the things much simpler. What do you think of the patch attached? -- Takashi Yano