3.1.5.1.12 Inserting a Message into Its Destination Queue

  • Article

The protocol MUST perform an access check to authorize access to the queue that is addressed by SRMPMessage.DestinationQueueFormatName, using the following logic:

  • The protocol MUST declare the destinationQueue variable and set it equal to the Queue specified by SRMPMessage.DestinationQueueFormatName.

  • The protocol MUST declare the queueSecurityDescriptor variable and set it equal to destinationQueue.Security.

  • If destinationQueue.QueueType = Public, the destinationQueue security descriptor MUST be queried from the directory by raising a Read Directory ([MS-MQDMPR] section 3.1.7.1.20) event with the following arguments:

    • iDirectoryObjectType: "Queue"

    • iFilter: "Identifier" EQUALS destinationQueue.Identifier

  • If the query returns an rStatus value that is not equal to DirectoryOperationResult.Success, the protocol MUST disregard the message and perform no further processing.

  • The protocol MUST set queueSecurityDescriptor equal to rDirectoryObject.Security.

  • The protocol MUST declare the userSID variable and set it to the well-known SID with string representation S-1-1-0 (relative identifier SECURITY_WORLD_RID combined with identifier authority SECURITY_WORLD_SID_AUTHORITY).

  • The protocol MUST perform an access check by invoking the Access Check Algorithm ([MS-DTYP] section 2.5.3.2) with the following parameters:

    • SecurityDescriptor: queueSecurityDescriptor

    • Token: Perform the following actions to generate a token to represent the sender's authorization data. If any failure occurs in these actions, the protocol MUST continue as if access_denied is returned from the Access Check Algorithm.

      • Construct an RPC binding to the Local Security Authority (Translation Methods) Remote Protocol server on the local machine ([MS-LSAT] section 2.1).

      • Invoke the LsarOpenPolicy (Opnum 6) method ([MS-LSAT] section 3.1.4.2) to obtain a policy handle with the DesiredAccess parameter set to POLICY_LOOKUP_NAMES.

      • Invoke the LsarLookupSids (Opnum 15) method ([MS-LSAT] section 3.1.4.11) to obtain the account name of the message sender with the following parameters:

        • PolicyHandle: the policy handle obtained in the preceding step.

        • SidEnumBuffer: contains one SID, which is userSID.

        • ReferencedDomains: a pointer to a PLSAPR_REFERENCED_DOMAIN_LIST structure ([MS-LSAT] section 2.2.12).

        • TranslatedNames: a pointer to a PLSAPR_TRANSLATED_NAMES structure ([MS-LSAT] section 2.2.20). The sender's account name is placed in this parameter on successful return from LsarLookupSids.

        • LookupLevel: LsapLookupWksta.

        • MappedCount: A pointer to an unsigned long integer.

      • Invoke the LsarClose (Opnum 0) method ([MS-LSAT] section 3.1.4.3) to close the policy handle.

      • Use the sender's account name to obtain its Privilege Attribute Certificate (PAC), [MS-PAC] as specified in [MS-SFU] section 3.1.5.1.1.2.

      • Create a token and populate its Sids[] field with the SIDs of the user, the user's primary group and other groups contained in the PAC ([MS-PAC] section 2.5). The KERB_VALIDATION_INFO.LogonDomainId is used to construct the SIDs from relative identifiers.

    • Access Request mask: MQSEC_WRITE_MESSAGE ([MS-MQMQ] section 2.2.25).

    • Object Tree: NULL

    • PrincipalSelfSubst SID: NULL

  • If the Access Check Algorithm does not return success, the protocol MUST disregard the message and perform no further processing.

The protocol MUST insert a message into its destination queue by generating the Enqueue Message ([MS-MQDMPR] section 3.1.7.1.9) event with the following arguments:

  • iQueue: A reference to the Queue ADM element instance that is addressed by SRMPMessage.DestinationQueueFormatName.

  • iMessage: A reference to the SRMPMessage element.

If rStatus returned by the Enqueue Message event is not zero:

  • If rStatus is 1, indicating that the Quota ADM attribute of the Queue ADM element instance referenced by iQueue would be exceeded, the protocol MUST disregard the message.

  • If rStatus is 2, indicating that the QueueManagerQuota ADM attribute of the local QueueManager ADM element instance would be exceeded, the protocol MUST disregard the message and return the "HTTP 500 Internal Server Error" error message to the sender.