3.1.4.5 AuthzGetInformationFromContext (Opnum 4)

The AuthzGetInformationFromContext method (opnum 4) returns information about the identified client context.

 DWORD AuthzGetInformationFromContext(
         [in] AUTHZR_HANDLE ContextHandle,
         [in] AUTHZ_CONTEXT_INFORMATION_CLASS InfoClass,
         [out] AUTHZR_CONTEXT_INFORMATION** ppContextInformation);
  

ContextHandle: An AUTHZR_HANDLE structure, as defined in section 2.2.1.1. Represents the client context to retrieve information from.

InfoClass: An AUTHZ_CONTEXT_INFORMATION_CLASS enumeration, as defined in section 2.2.2.1. Possible values for this field are specified in section 2.2.2.1.

ppContextInformation: A two-layer pointer to an AUTHZR_CONTEXT_INFORMATION structure, as defined in section 2.2.3.3. Used to return the context information.

Return Values:

If the function succeeds, the function MUST return 0x00000000.

If the function fails, it MUST return a nonzero error code value.

When a RAZA server receives this message, the server MUST perform the following:

  • If the InfoClass parameter is one of the following values, the RAZA server MUST:

    1. Initialize a new AUTHZR_CONTEXT_INFORMATION structure.

    2. Set the ppContextInformation parameter to the memory address of the new structure.

    3. Perform the corresponding action using the ImpersonationAccessToken in the ClientContext object identified in the ContextHandle parameter:

      • AuthzContextInfoUserSid (1):

        1. Set the ValueType member in the new AUTHZR_CONTEXT_INFORMATION object to 1.

        2. Set the pTokenUser member of the new AUTHZR_CONTEXT_INFORMATION object to the address of the element at the ImpersonationAccessToken.UserIndex of the ImpersonationAccessToken.Sids array.

      • AuthzContextInfoGroupsSids (2):

        1. Set the ValueType member in the new AUTHZR_CONTEXT_INFORMATION object to 2.

        2. Set the pTokenGroups member of the new AUTHZR_CONTEXT_INFORMATION object to the value of the ImpersonationAccessToken.Sids member.

      • AuthzContextInfoRestrictedSids (3):

        1. Set the ValueType member in the new AUTHZR_CONTEXT_INFORMATION object to 3.

        2. Set the pTokenGroups member of the new AUTHZR_CONTEXT_INFORMATION object to the value of the ImpersonationAccessToken.RestrictedSids member.

      • AuthzContextInfoDeviceSids (12):

        1. Set the ValueType member in the new AUTHZR_CONTEXT_INFORMATION object to 12.

        2. Set the pTokenGroups member of the new AUTHZR_CONTEXT_INFORMATION object to the value of the ImpersonationAccessToken.DeviceSids member.

      • AuthzContextInfoUserClaims (13):

        1. Set the ValueType member in the new AUTHZR_CONTEXT_INFORMATION object to 13.

        2. Set the pTokenClaims member of the new AUTHZR_CONTEXT_INFORMATION object to the value of the ImpersonationAccessToken.Claims member.

      • AuthzContextInfoDeviceClaims (14):

        1. Set the ValueType member in the new AUTHZR_CONTEXT_INFORMATION object to 14.

        2. Set the pTokenClaims member of the new AUTHZR_CONTEXT_INFORMATION object to the value of the ImpersonationAccessToken.DeviceClaims member.

  • If the InfoClass parameter is any other value, the requested information is not supported. The RAZA server MUST set ppContextInformation to NULL and return a nonzero error code value.