3.1.4.1 RRPC_FWOpenPolicyStore (Opnum 0)

  • Article

The RRPC_FWOpenPolicyStore method requests the server to open a specified policy store. The store can be opened for reading or for editing the firewall policy. The method also returns a handle to the opened store with which the client can then perform operations on this policy store. The server allocates a PolicyStoreConnection object to track the policy store type and the binary version associated with the handle.

 unsigned long RRPC_FWOpenPolicyStore(
   [in] FW_CONN_HANDLE rpcConnHandle,
   [in] unsigned short BinaryVersion,
   [in, range(FW_STORE_TYPE_INVALID+1, FW_STORE_TYPE_MAX-1)] 
     FW_STORE_TYPE StoreType,
   [in, range(FW_POLICY_ACCESS_RIGHT_INVALID+1, FW_POLICY_ACCESS_RIGHT_MAX-1)] 
     FW_POLICY_ACCESS_RIGHT AccessRight,
   [in] unsigned long dwFlags,
   [out] PFW_POLICY_STORE_HANDLE phPolicyStore
 );

rpcConnHandle: This parameter is an RPC binding handle that connects to the RPC interface of the Firewall and Advanced Security Protocol.

BinaryVersion: This parameter specifies the RPC interface binary version. This implies versions of the methods and versions of the structures. This value MUST be a valid protocol Version (see section 1.7 for capability negotiation details and section 2.2.42 for translating Protocol versions to binary and schema versions).

StoreType: This parameter specifies the policy store type that the client wants to open.

AccessRight: This parameter specifies the read or read/write access rights that the client is requesting on the store.

dwFlags: This parameter is not used. The server MUST ignore this parameter. The client SHOULD pass a value of zero.

phPolicyStore: This is an output parameter that provides a pointer to an FW_POLICY_STORE_HANDLE data type. If successful, this parameter contains a handle to the opened store.

Return Values: The method returns 0 if successful; if failed, it returns a nonzero error code. The field can take any specific error code value, as specified in [MS-ERREF].

Exceptions Thrown: No exceptions are thrown beyond those thrown by the underlying RPC protocol, as specified in [MS-RPCE]. If any lower-layer errors are reported by RPC exception, this exception is converted to an error code and reported to higher-layer protocols via the return value.

The server MUST validate that the client is authorized to perform the requested operation (as defined in section 3.1.4) before executing this method.