mirror of https://github.com/dahall/Vanara.git
Added and fixed XML documentation
parent
9143f753a2
commit
7ebcd7f00c
|
@ -27,6 +27,7 @@ namespace Vanara.PInvoke
|
|||
/// <summary>Specifies the default event tracing security</summary>
|
||||
public static readonly Guid DefaultTraceSecurityGuid = new Guid("0811c1af-7a07-4a06-82ed-869455cdf713");
|
||||
|
||||
/// <summary/>
|
||||
public static readonly Guid Dummy = new Guid("3595ab5c-042a-4c8e-b942-2d059bfeb1b1");
|
||||
|
||||
/// <summary>Used to report system configuration records</summary>
|
||||
|
@ -1089,13 +1090,17 @@ namespace Vanara.PInvoke
|
|||
/// <summary>Include a time stamp in the message.</summary>
|
||||
TRACE_MESSAGE_TIMESTAMP = 8,
|
||||
|
||||
/// <summary/>
|
||||
TRACE_MESSAGE_PERFORMANCE_TIMESTAMP = 16,
|
||||
|
||||
/// <summary>Include the thread identifier and process identifier in the message.</summary>
|
||||
TRACE_MESSAGE_SYSTEMINFO = 32,
|
||||
|
||||
/// <summary/>
|
||||
TRACE_MESSAGE_POINTER32 = 0x0040,
|
||||
/// <summary/>
|
||||
TRACE_MESSAGE_POINTER64 = 0x0080,
|
||||
/// <summary/>
|
||||
TRACE_MESSAGE_FLAG_MASK = 0xFFFF,
|
||||
}
|
||||
|
||||
|
@ -1183,6 +1188,7 @@ namespace Vanara.PInvoke
|
|||
// - TraceSetInformation Sets a list of provider GUIDs that should not be enabled via Provider Groups on the specified logging session.
|
||||
//
|
||||
// Input Format: An array of GUIDs.
|
||||
/// <summary/>
|
||||
[CorrespondingType(typeof(Guid[]), CorrespondingAction.Set)]
|
||||
TraceSetDisallowList = 10,
|
||||
|
||||
|
@ -1198,6 +1204,7 @@ namespace Vanara.PInvoke
|
|||
// - EnumerateTraceGuidsEx. Returns a list of Group GUIDs that are currently known to the kernel.
|
||||
//
|
||||
// Input Format: None. Output Format: An array of GUIDs.
|
||||
/// <summary/>
|
||||
[CorrespondingType(typeof(Guid[]), CorrespondingAction.Get)]
|
||||
TraceGroupQueryList,
|
||||
|
||||
|
@ -1211,6 +1218,7 @@ namespace Vanara.PInvoke
|
|||
//
|
||||
// PseudoStructure - struct TRACE_GROUP_INFO { ULONG TraceEnableInfoSize; TRACE_ENABLE_INFO
|
||||
// TraceEnableInfos[TraceEnableInfoSize]; ULONG GuidArraySize; GUID UniqueProviders[GuidArraySize]; }
|
||||
/// <summary/>
|
||||
[CorrespondingType(typeof(IntPtr), CorrespondingAction.Get)]
|
||||
TraceGroupQueryInfo,
|
||||
|
||||
|
@ -1219,9 +1227,11 @@ namespace Vanara.PInvoke
|
|||
// logging session.
|
||||
//
|
||||
// Output Format: An array of GUIDs.
|
||||
/// <summary/>
|
||||
[CorrespondingType(typeof(Guid[]), CorrespondingAction.Get)]
|
||||
TraceDisallowListQuery,
|
||||
|
||||
/// <summary/>
|
||||
TraceInfoReserved15,
|
||||
|
||||
// TracePeriodicCaptureStateListInfo:
|
||||
|
@ -1229,6 +1239,7 @@ namespace Vanara.PInvoke
|
|||
// specified logging session. If a NULL input buffer is specified, then the current periodic capture state settings are cleared.
|
||||
//
|
||||
// Input Format: TRACE_PERIODIC_CAPTURE_STATE_INFO followed by an array of ProviderCount Provider GUIDs. Or a NULL Buffer.
|
||||
/// <summary/>
|
||||
[CorrespondingType(typeof(TRACE_PERIODIC_CAPTURE_STATE_INFO), CorrespondingAction.Set)]
|
||||
TracePeriodicCaptureStateListInfo,
|
||||
|
||||
|
@ -1237,6 +1248,7 @@ namespace Vanara.PInvoke
|
|||
// and the maximum number of providers that can be enabled for periodic capture state.
|
||||
//
|
||||
// Output Format: TRACE_PERIODIC_CAPTURE_STATE_INFO
|
||||
/// <summary/>
|
||||
[CorrespondingType(typeof(TRACE_PERIODIC_CAPTURE_STATE_INFO), CorrespondingAction.Get)]
|
||||
TracePeriodicCaptureStateInfo,
|
||||
|
||||
|
@ -1254,6 +1266,7 @@ namespace Vanara.PInvoke
|
|||
// The binary tracking events will come from the EventTraceGuid provider, with an opcode of WMI_LOG_TYPE_BINARY_PATH.
|
||||
//
|
||||
// Input Format: BOOLEAN (The 1-byte type, rather than the 4-byte BOOL.) True to turn tracking on. False to turn tracking off.
|
||||
/// <summary/>
|
||||
[CorrespondingType(typeof(byte), CorrespondingAction.Set)]
|
||||
TraceProviderBinaryTracking,
|
||||
|
||||
|
@ -1272,6 +1285,7 @@ namespace Vanara.PInvoke
|
|||
// - TraceSetInformation Sets a bitfield of configuration options for Last Branch Record tracing.
|
||||
//
|
||||
// Input Format: ULONG
|
||||
/// <summary/>
|
||||
[CorrespondingType(typeof(uint), CorrespondingAction.Set)]
|
||||
TraceLbrConfigurationInfo,
|
||||
|
||||
|
@ -1279,6 +1293,7 @@ namespace Vanara.PInvoke
|
|||
// - TraceSetInformation Provides a list of kernel events to collect Last Branch Records on. The events are specified by their HookIds.
|
||||
//
|
||||
// Input Format: An array of ULONGs
|
||||
/// <summary/>
|
||||
[CorrespondingType(typeof(uint[]), CorrespondingAction.Set)]
|
||||
TraceLbrEventListInfo,
|
||||
|
||||
|
@ -1286,6 +1301,7 @@ namespace Vanara.PInvoke
|
|||
// - TraceQueryInformation Queries the maximum number of PMC counters supported on this platform
|
||||
//
|
||||
// Output Format: ULONG
|
||||
/// <summary/>
|
||||
[CorrespondingType(typeof(uint), CorrespondingAction.Get)]
|
||||
TraceMaxPmcCounterQuery,
|
||||
}
|
||||
|
@ -1347,9 +1363,13 @@ namespace Vanara.PInvoke
|
|||
[PInvokeData("wmistr.h")]
|
||||
public enum WMIDPREQUESTCODE
|
||||
{
|
||||
/// <summary/>
|
||||
WMI_GET_ALL_DATA = 0,
|
||||
/// <summary/>
|
||||
WMI_GET_SINGLE_INSTANCE = 1,
|
||||
/// <summary/>
|
||||
WMI_SET_SINGLE_INSTANCE = 2,
|
||||
/// <summary/>
|
||||
WMI_SET_SINGLE_ITEM = 3,
|
||||
|
||||
/// <summary>Enables the provider.</summary>
|
||||
|
@ -1358,38 +1378,67 @@ namespace Vanara.PInvoke
|
|||
/// <summary>Disables the provider.</summary>
|
||||
WMI_DISABLE_EVENTS = 5,
|
||||
|
||||
/// <summary/>
|
||||
WMI_ENABLE_COLLECTION = 6,
|
||||
/// <summary/>
|
||||
WMI_DISABLE_COLLECTION = 7,
|
||||
/// <summary/>
|
||||
WMI_REGINFO = 8,
|
||||
/// <summary/>
|
||||
WMI_EXECUTE_METHOD = 9,
|
||||
/// <summary/>
|
||||
WMI_CAPTURE_STATE = 10
|
||||
}
|
||||
|
||||
/// <summary/>
|
||||
[Flags]
|
||||
public enum WNODE_FLAG : uint
|
||||
{
|
||||
/// <summary/>
|
||||
WNODE_FLAG_ALL_DATA = 0x00000001,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_SINGLE_INSTANCE = 0x00000002,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_SINGLE_ITEM = 0x00000004,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_EVENT_ITEM = 0x00000008,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_FIXED_INSTANCE_SIZE = 0x00000010,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_TOO_SMALL = 0x00000020,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_INSTANCES_SAME = 0x00000040,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_STATIC_INSTANCE_NAMES = 0x00000080,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_INTERNAL = 0x00000100,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_USE_TIMESTAMP = 0x00000200,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_PERSIST_EVENT = 0x00000400,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_EVENT_REFERENCE = 0x00002000,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_ANSI_INSTANCENAMES = 0x00004000,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_METHOD_ITEM = 0x00008000,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_PDO_INSTANCE_NAMES = 0x00010000,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_TRACED_GUID = 0x00020000,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_LOG_WNODE = 0x00040000,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_USE_GUID_PTR = 0x00080000,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_USE_MOF_PTR = 0x00100000,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_NO_HEADER = 0x00200000,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_SEND_DATA_BLOCK = 0x00400000,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_VERSIONED_PROPERTIES = 0x00800000,
|
||||
/// <summary/>
|
||||
WNODE_FLAG_SEVERITY_MASK = 0xff000000,
|
||||
}
|
||||
|
||||
|
@ -6093,6 +6142,7 @@ namespace Vanara.PInvoke
|
|||
[FieldOffset(20)]
|
||||
public uint Tags;
|
||||
|
||||
/// <summary/>
|
||||
[StructLayout(LayoutKind.Sequential)]
|
||||
public struct NONSTRUCTTYPE
|
||||
{
|
||||
|
@ -6119,6 +6169,7 @@ namespace Vanara.PInvoke
|
|||
public uint MapNameOffset;
|
||||
}
|
||||
|
||||
/// <summary/>
|
||||
[StructLayout(LayoutKind.Sequential)]
|
||||
public struct STRUCTTYPE
|
||||
{
|
||||
|
@ -6132,6 +6183,7 @@ namespace Vanara.PInvoke
|
|||
public uint padding;
|
||||
}
|
||||
|
||||
/// <summary/>
|
||||
[StructLayout(LayoutKind.Sequential)]
|
||||
public struct CUSTOMSCHEMATYPE
|
||||
{
|
||||
|
@ -6363,6 +6415,7 @@ namespace Vanara.PInvoke
|
|||
[FieldOffset(40)]
|
||||
public ulong ProcessorTime;
|
||||
|
||||
/// <summary/>
|
||||
[StructLayout(LayoutKind.Sequential)]
|
||||
public struct CLASS
|
||||
{
|
||||
|
@ -6535,6 +6588,7 @@ namespace Vanara.PInvoke
|
|||
/// </summary>
|
||||
public IntPtr Context;
|
||||
|
||||
/// <summary/>
|
||||
[StructLayout(LayoutKind.Explicit, CharSet = CharSet.Auto)]
|
||||
public struct CALLBACK_UNION
|
||||
{
|
||||
|
@ -6597,7 +6651,9 @@ namespace Vanara.PInvoke
|
|||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
|
||||
public struct EVENT_TRACE_PROPERTIES
|
||||
{
|
||||
/// <summary/>
|
||||
public const int MaxLoggerNameLength = 1024;
|
||||
/// <summary/>
|
||||
public const int MaxLogFileNameLength = 1024;
|
||||
|
||||
private static readonly uint SizeOf = (uint)Marshal.SizeOf(typeof(EVENT_TRACE_PROPERTIES));
|
||||
|
@ -6814,7 +6870,7 @@ namespace Vanara.PInvoke
|
|||
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = MaxLogFileNameLength)]
|
||||
public string LogFileName;
|
||||
|
||||
// Reserve buffer space so the ETW system can fill this with the logger name
|
||||
/// <summary>Reserve buffer space so the ETW system can fill this with the logger name</summary>
|
||||
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = MaxLoggerNameLength)]
|
||||
public string LoggerName;
|
||||
|
||||
|
@ -7422,13 +7478,20 @@ namespace Vanara.PInvoke
|
|||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
|
||||
public struct PROFILE_SOURCE_INFO
|
||||
{
|
||||
/// <summary/>
|
||||
public uint NextEntryOffset;
|
||||
/// <summary/>
|
||||
public uint Source;
|
||||
/// <summary/>
|
||||
public uint MinInterval;
|
||||
/// <summary/>
|
||||
public uint MaxInterval;
|
||||
/// <summary/>
|
||||
public ulong Reserved;
|
||||
/// <summary/>
|
||||
public ushort _Description;
|
||||
|
||||
/// <summary/>
|
||||
public string Description
|
||||
{
|
||||
get
|
||||
|
@ -8126,7 +8189,9 @@ namespace Vanara.PInvoke
|
|||
[StructLayout(LayoutKind.Sequential)]
|
||||
public struct TRACE_PROFILE_INTERVAL
|
||||
{
|
||||
/// <summary/>
|
||||
public uint Source;
|
||||
/// <summary/>
|
||||
public uint Interval;
|
||||
}
|
||||
|
||||
|
@ -8389,15 +8454,19 @@ namespace Vanara.PInvoke
|
|||
public WNODE_FLAG Flags;
|
||||
}
|
||||
|
||||
/// <summary/>
|
||||
[StructLayout(LayoutKind.Sequential)]
|
||||
public abstract class PEVENT_INSTANCE_HEADER
|
||||
{
|
||||
/// <summary/>
|
||||
public EVENT_INSTANCE_HEADER Header;
|
||||
}
|
||||
|
||||
/// <summary/>
|
||||
[StructLayout(LayoutKind.Sequential)]
|
||||
public abstract class PEVENT_TRACE_HEADER
|
||||
{
|
||||
/// <summary/>
|
||||
public EVENT_TRACE_HEADER Header;
|
||||
}
|
||||
|
||||
|
|
|
@ -18,13 +18,29 @@ namespace Vanara.PInvoke
|
|||
[Flags]
|
||||
public enum CollisionFlags
|
||||
{
|
||||
/// <summary>The top-level name trust record is disabled during initial creation.</summary>
|
||||
LSA_TLN_DISABLED_NEW = 0x00000001,
|
||||
|
||||
/// <summary>The top-level name trust record is disabled by the domain administrator.</summary>
|
||||
LSA_TLN_DISABLED_ADMIN = 0x00000002,
|
||||
|
||||
/// <summary>The top-level name trust record is disabled due to a conflict.</summary>
|
||||
LSA_TLN_DISABLED_CONFLICT = 0x00000004,
|
||||
|
||||
/// <summary>The domain information trust record is disabled by the domain administrator.</summary>
|
||||
LSA_SID_DISABLED_ADMIN = 0x00000001,
|
||||
|
||||
/// <summary>The domain information trust record is disabled due to a conflict.</summary>
|
||||
LSA_SID_DISABLED_CONFLICT = 0x00000002,
|
||||
|
||||
/// <summary>The domain information trust record is disabled by the domain administrator.</summary>
|
||||
LSA_NB_DISABLED_ADMIN = 0x00000004,
|
||||
|
||||
/// <summary>The domain information trust record is disabled due to a conflict.</summary>
|
||||
LSA_NB_DISABLED_CONFLICT = 0x00000008,
|
||||
|
||||
/// <summary>The domain information trust record is disabled.</summary>
|
||||
LSA_FTRECORD_DISABLED_REASONS = 0x0000FFFF,
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
|
|
|
@ -199,13 +199,21 @@ namespace Vanara.PInvoke
|
|||
[PInvokeData("ntsecapi.h")]
|
||||
public enum POLICY_QOS : uint
|
||||
{
|
||||
/// <summary/>
|
||||
POLICY_QOS_SCHANNEL_REQUIRED = 0x00000001,
|
||||
/// <summary/>
|
||||
POLICY_QOS_OUTBOUND_INTEGRITY = 0x00000002,
|
||||
/// <summary/>
|
||||
POLICY_QOS_OUTBOUND_CONFIDENTIALITY = 0x00000004,
|
||||
/// <summary/>
|
||||
POLICY_QOS_INBOUND_INTEGRITY = 0x00000008,
|
||||
/// <summary/>
|
||||
POLICY_QOS_INBOUND_CONFIDENTIALITY = 0x00000010,
|
||||
/// <summary/>
|
||||
POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE = 0x00000020,
|
||||
/// <summary/>
|
||||
POLICY_QOS_RAS_SERVER_ALLOWED = 0x00000040,
|
||||
/// <summary/>
|
||||
POLICY_QOS_DHCP_SERVER_ALLOWED = 0x00000080,
|
||||
}
|
||||
|
||||
|
|
|
@ -7,6 +7,7 @@ namespace Vanara.PInvoke
|
|||
{
|
||||
public static partial class AdvApi32
|
||||
{
|
||||
/// <summary/>
|
||||
public const uint PERF_WILDCARD_COUNTER = uint.MaxValue;
|
||||
|
||||
/// <summary>
|
||||
|
|
|
@ -6094,7 +6094,10 @@ namespace Vanara.PInvoke
|
|||
return sz;
|
||||
}
|
||||
|
||||
/// <summary>Provides a <see cref="SafeHandle"/> to a that releases a created HTOKEN instance at disposal using CloseHandle.</summary>
|
||||
/// <summary>
|
||||
/// Provides a <see cref="SafeHandle" /> to a that releases a created HTOKEN instance at disposal using CloseHandle.
|
||||
/// </summary>
|
||||
/// <seealso cref="Vanara.PInvoke.Kernel32.SafeKernelHandle" />
|
||||
public class SafeHTOKEN : SafeKernelHandle
|
||||
{
|
||||
/// <summary>
|
||||
|
@ -6216,6 +6219,8 @@ namespace Vanara.PInvoke
|
|||
public static implicit operator HTOKEN(SafeHTOKEN h) => h.handle;
|
||||
|
||||
#if NETSTANDARD2_0 || NETCOREAPP2_0 || NETCOREAPP2_1
|
||||
/// <summary>Conversion operator from SafeHTOKEN to SafeAccessTokenHandle.</summary>
|
||||
/// <param name="h">The handle.</param>
|
||||
public static explicit operator Microsoft.Win32.SafeHandles.SafeAccessTokenHandle(SafeHTOKEN h)
|
||||
{
|
||||
var dup = h.DuplicatePrimary();
|
||||
|
|
|
@ -5,6 +5,7 @@ namespace Vanara.PInvoke
|
|||
{
|
||||
public static partial class AdvApi32
|
||||
{
|
||||
/// <summary/>
|
||||
public const uint ELF_LOG_SIGNATURE = 0x654c664c;
|
||||
|
||||
/// <summary>Saves the specified event log to a backup file. The function does not clear the event log.</summary>
|
||||
|
|
|
@ -18,8 +18,10 @@ namespace Vanara.PInvoke
|
|||
/// <summary>Computer name length</summary>
|
||||
public const int CNLEN = 15;
|
||||
|
||||
/// <summary/>
|
||||
public const int CRYPT_KEY_LEN = 7;
|
||||
|
||||
/// <summary/>
|
||||
public const int CRYPT_TXT_LEN = 8;
|
||||
|
||||
/// <summary>Device name length</summary>
|
||||
|
@ -28,6 +30,7 @@ namespace Vanara.PInvoke
|
|||
/// <summary>Maximum domain name length</summary>
|
||||
public const int DNLEN = CNLEN;
|
||||
|
||||
/// <summary/>
|
||||
public const int ENCRYPTED_PWLEN = 16;
|
||||
|
||||
/// <summary>Event name length</summary>
|
||||
|
@ -78,6 +81,7 @@ namespace Vanara.PInvoke
|
|||
/// <summary>LM 2.0 Maximum user name length</summary>
|
||||
public const int LM20_UNLEN = 20;
|
||||
|
||||
/// <summary/>
|
||||
public const uint MAX_PREFERRED_LENGTH = uint.MaxValue;
|
||||
|
||||
/// <summary>Multipurpose comment length</summary>
|
||||
|
@ -89,6 +93,7 @@ namespace Vanara.PInvoke
|
|||
/// <summary>Net name length (share name)</summary>
|
||||
public const int NNLEN = 80;
|
||||
|
||||
/// <summary/>
|
||||
public const uint OPERATION_API_VERSION = 1;
|
||||
|
||||
/// <summary>Max. path (not including drive name)</summary>
|
||||
|
@ -103,8 +108,10 @@ namespace Vanara.PInvoke
|
|||
/// <summary>Max remote name length</summary>
|
||||
public const int RMLEN = (UNCLEN + 1 + NNLEN);
|
||||
|
||||
/// <summary/>
|
||||
public const int SESSION_CRYPT_KLEN = 21;
|
||||
|
||||
/// <summary/>
|
||||
public const int SESSION_PWLEN = 24;
|
||||
|
||||
/// <summary>Share password length (bytes)</summary>
|
||||
|
|
|
@ -55,6 +55,7 @@ namespace Vanara.PInvoke
|
|||
[Flags]
|
||||
public enum CRED_FLAGS
|
||||
{
|
||||
/// <summary/>
|
||||
CRED_FLAGS_PASSWORD_FOR_CERT = 0x1,
|
||||
|
||||
/// <summary>
|
||||
|
@ -81,12 +82,19 @@ namespace Vanara.PInvoke
|
|||
/// </summary>
|
||||
CRED_FLAGS_USERNAME_TARGET = 0x4,
|
||||
|
||||
/// <summary/>
|
||||
CRED_FLAGS_OWF_CRED_BLOB = 0x0008,
|
||||
/// <summary/>
|
||||
CRED_FLAGS_REQUIRE_CONFIRMATION = 0x0010,
|
||||
/// <summary/>
|
||||
CRED_FLAGS_WILDCARD_MATCH = 0x0020,
|
||||
/// <summary/>
|
||||
CRED_FLAGS_VSM_PROTECTED = 0x0040,
|
||||
/// <summary/>
|
||||
CRED_FLAGS_NGC_CERT = 0x0080,
|
||||
/// <summary/>
|
||||
CRED_FLAGS_VALID_FLAGS = 0xF0FF,
|
||||
/// <summary/>
|
||||
CRED_FLAGS_VALID_INPUT_FLAGS = 0xF09F,
|
||||
}
|
||||
|
||||
|
@ -1877,12 +1885,24 @@ namespace Vanara.PInvoke
|
|||
/// <param name="own">if set to <c>true</c> release the memory when out of scope.</param>
|
||||
public SafeCredMemoryHandle(IntPtr ptr, bool own = true) : base(ptr, h => { CredFree(h); return true; }, own) { }
|
||||
|
||||
/// <summary>Performs an implicit conversion from <see cref="SafeCredMemoryHandle"/> to <see cref="CREDENTIAL"/>.</summary>
|
||||
/// <param name="h">The handle.</param>
|
||||
/// <returns>The resulting <see cref="CREDENTIAL"/> instance from the conversion.</returns>
|
||||
public static implicit operator CREDENTIAL(SafeCredMemoryHandle h) => h.ToStructure<CREDENTIAL>();
|
||||
|
||||
/// <summary>Performs an implicit conversion from <see cref="SafeCredMemoryHandle"/> to <see cref="CREDENTIAL_MGD"/>.</summary>
|
||||
/// <param name="h">The handle.</param>
|
||||
/// <returns>The resulting <see cref="CREDENTIAL_MGD"/> instance from the conversion.</returns>
|
||||
public static implicit operator CREDENTIAL_MGD(SafeCredMemoryHandle h) => new CREDENTIAL_MGD(h.ToStructure<CREDENTIAL>());
|
||||
|
||||
/// <summary>Performs an implicit conversion from <see cref="SafeCredMemoryHandle"/> to <see cref="CREDENTIAL_TARGET_INFORMATION"/>.</summary>
|
||||
/// <param name="h">The handle.</param>
|
||||
/// <returns>The resulting <see cref="CREDENTIAL_TARGET_INFORMATION"/> instance from the conversion.</returns>
|
||||
public static implicit operator CREDENTIAL_TARGET_INFORMATION(SafeCredMemoryHandle h) => h.ToStructure<CREDENTIAL_TARGET_INFORMATION>();
|
||||
|
||||
/// <summary>Performs an implicit conversion from <see cref="SafeCredMemoryHandle"/> to <see cref="System.String"/>.</summary>
|
||||
/// <param name="h">The handle.</param>
|
||||
/// <returns>The resulting <see cref="System.String"/> instance from the conversion.</returns>
|
||||
public static implicit operator string(SafeCredMemoryHandle h) => Marshal.PtrToStringAuto(h.handle);
|
||||
|
||||
/// <summary>Marshals data to the type specified by a generic type parameter.</summary>
|
||||
|
|
|
@ -12,10 +12,15 @@ namespace Vanara.PInvoke
|
|||
{
|
||||
public static partial class AdvApi32
|
||||
{
|
||||
/// <summary/>
|
||||
public const uint SECURITY_DESCRIPTOR_REVISION = 1;
|
||||
/// <summary/>
|
||||
public const uint SECURITY_DESCRIPTOR_REVISION1 = 1;
|
||||
/// <summary/>
|
||||
public const int SID_MAX_SUB_AUTHORITIES = 15;
|
||||
/// <summary/>
|
||||
public const int SID_RECOMMENDED_SUB_AUTHORITIES = 1; // Will change to around 6
|
||||
/// <summary/>
|
||||
public const uint SID_REVISION = 1; // Current revision level
|
||||
|
||||
/// <summary>Indicates whether the ObjectTypeName and InheritedObjectTypeName members contain strings.</summary>
|
||||
|
@ -2530,6 +2535,7 @@ namespace Vanara.PInvoke
|
|||
/// <summary>An array of security attribute values of the type specified in the <c>ValueType</c> member.</summary>
|
||||
public VALUESUNION Values;
|
||||
|
||||
/// <summary/>
|
||||
[StructLayout(LayoutKind.Explicit)]
|
||||
public struct VALUESUNION
|
||||
{
|
||||
|
@ -4167,10 +4173,13 @@ namespace Vanara.PInvoke
|
|||
/// <summary>Known RIDs</summary>
|
||||
public static class KnownSIDRelativeID
|
||||
{
|
||||
/// <summary/>
|
||||
public const int SECURITY_APP_PACKAGE_BASE_RID = 0x00000002;
|
||||
|
||||
/// <summary/>
|
||||
public const int SECURITY_CAPABILITY_APP_RID = 0x00000040;
|
||||
|
||||
/// <summary/>
|
||||
public const int SECURITY_CAPABILITY_BASE_RID = 0x00000003;
|
||||
|
||||
/// <summary>The security creator group rid</summary>
|
||||
|
|
|
@ -9,6 +9,7 @@ namespace Vanara.PInvoke
|
|||
{
|
||||
public static partial class AdvApi32
|
||||
{
|
||||
/// <summary/>
|
||||
public const uint SERVICE_DYNAMIC_INFORMATION_LEVEL_START_REASON = 1;
|
||||
|
||||
/// <summary>
|
||||
|
@ -520,6 +521,7 @@ namespace Vanara.PInvoke
|
|||
/// <summary>Info levels for <see cref="QueryServiceStatusEx"/></summary>
|
||||
public enum SC_STATUS_TYPE
|
||||
{
|
||||
/// <summary/>
|
||||
[CorrespondingType(typeof(SERVICE_STATUS_PROCESS))]
|
||||
SC_STATUS_PROCESS_INFO = 0
|
||||
}
|
||||
|
@ -648,62 +650,109 @@ namespace Vanara.PInvoke
|
|||
SERVICE_STATE_ALL = 0x00000003,
|
||||
}
|
||||
|
||||
/// <summary/>
|
||||
[Flags]
|
||||
public enum SERVICE_STOP_REASON : uint
|
||||
{
|
||||
// Stop reason flags. Update SERVICE_STOP_REASON_FLAG_MAX when new flags are added.
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_FLAG_MIN = 0x00000000,
|
||||
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_FLAG_UNPLANNED = 0x10000000,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_FLAG_CUSTOM = 0x20000000,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_FLAG_PLANNED = 0x40000000,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_FLAG_MAX = 0x80000000,
|
||||
|
||||
// Microsoft major reasons. Update SERVICE_STOP_REASON_MAJOR_MAX when new codes are added.
|
||||
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MAJOR_MIN = 0x00000000,
|
||||
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MAJOR_OTHER = 0x00010000,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MAJOR_HARDWARE = 0x00020000,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MAJOR_OPERATINGSYSTEM = 0x00030000,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MAJOR_SOFTWARE = 0x00040000,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MAJOR_APPLICATION = 0x00050000,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MAJOR_NONE = 0x00060000,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MAJOR_MAX = 0x00070000,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MAJOR_MIN_CUSTOM = 0x00400000,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MAJOR_MAX_CUSTOM = 0x00ff0000,
|
||||
|
||||
// Microsoft minor reasons. Update SERVICE_STOP_REASON_MINOR_MAX when new codes are added.
|
||||
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_MIN = 0x00000000,
|
||||
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_OTHER = 0x00000001,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_MAINTENANCE = 0x00000002,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_INSTALLATION = 0x00000003,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_UPGRADE = 0x00000004,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_RECONFIG = 0x00000005,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_HUNG = 0x00000006,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_UNSTABLE = 0x00000007,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_DISK = 0x00000008,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_NETWORKCARD = 0x00000009,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_ENVIRONMENT = 0x0000000a,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_HARDWARE_DRIVER = 0x0000000b,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_OTHERDRIVER = 0x0000000c,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_SERVICEPACK = 0x0000000d,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_SOFTWARE_UPDATE = 0x0000000e,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_SECURITYFIX = 0x0000000f,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_SECURITY = 0x00000010,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_NETWORK_CONNECTIVITY = 0x00000011,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_WMI = 0x00000012,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_SERVICEPACK_UNINSTALL = 0x00000013,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_SOFTWARE_UPDATE_UNINSTALL = 0x00000014,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_SECURITYFIX_UNINSTALL = 0x00000015,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_MMC = 0x00000016,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_NONE = 0x00000017,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_MEMOTYLIMIT = 0x00000018,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_MAX = 0x00000019,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_MIN_CUSTOM = 0x00000100,
|
||||
/// <summary/>
|
||||
SERVICE_STOP_REASON_MINOR_MAX_CUSTOM = 0x0000FFFF
|
||||
}
|
||||
|
||||
/// <summary>Service control codes.</summary>
|
||||
[PInvokeData("winsvc.h", MSDNShortId = "d268609b-d442-4d0f-9d49-ed23fee84961")]
|
||||
[Flags]
|
||||
public enum ServiceAcceptedControlCodes : uint
|
||||
|
@ -788,6 +837,7 @@ namespace Vanara.PInvoke
|
|||
SERVICE_ACCEPT_SYSTEMLOWRESOURCES = 0x00004000,
|
||||
}
|
||||
|
||||
/// <summary>Service access rights.</summary>
|
||||
[Flags]
|
||||
public enum ServiceAccessRights : uint
|
||||
{
|
||||
|
@ -851,8 +901,11 @@ namespace Vanara.PInvoke
|
|||
/// </summary>
|
||||
WRITE_OWNER = ACCESS_MASK.WRITE_OWNER,
|
||||
|
||||
/// <summary/>
|
||||
GENERIC_READ = ACCESS_MASK.STANDARD_RIGHTS_READ | SERVICE_QUERY_CONFIG | SERVICE_QUERY_STATUS | SERVICE_INTERROGATE | SERVICE_ENUMERATE_DEPENDENTS,
|
||||
/// <summary/>
|
||||
GENERIC_WRITE = ACCESS_MASK.STANDARD_RIGHTS_WRITE | SERVICE_CHANGE_CONFIG,
|
||||
/// <summary/>
|
||||
GENERIC_EXECUTE = ACCESS_MASK.STANDARD_RIGHTS_EXECUTE | SERVICE_START | SERVICE_STOP | SERVICE_PAUSE_CONTINUE | SERVICE_USER_DEFINED_CONTROL,
|
||||
}
|
||||
|
||||
|
@ -1132,17 +1185,24 @@ namespace Vanara.PInvoke
|
|||
/// <summary>Info levels for <see cref="ControlServiceEx"/></summary>
|
||||
public enum ServiceInfoLevels : uint
|
||||
{
|
||||
/// <summary/>
|
||||
[CorrespondingType(typeof(SERVICE_CONTROL_STATUS_REASON_PARAMS))]
|
||||
SERVICE_CONTROL_STATUS_REASON_INFO = 1
|
||||
}
|
||||
|
||||
/// <summary/>
|
||||
[Flags]
|
||||
public enum ServiceStartReason : uint
|
||||
{
|
||||
/// <summary/>
|
||||
SERVICE_START_REASON_DEMAND = 1 << 0,
|
||||
/// <summary/>
|
||||
SERVICE_START_REASON_AUTO = 1 << 1,
|
||||
/// <summary/>
|
||||
SERVICE_START_REASON_TRIGGER = 1 << 2,
|
||||
/// <summary/>
|
||||
SERVICE_START_REASON_RESTART_ON_FAILURE = 1 << 3,
|
||||
/// <summary/>
|
||||
SERVICE_START_REASON_DELAYEDAUTO = 1 << 4,
|
||||
}
|
||||
|
||||
|
@ -4961,6 +5021,7 @@ namespace Vanara.PInvoke
|
|||
/// </summary>
|
||||
public string lpDisplayName;
|
||||
|
||||
/// <summary/>
|
||||
public IEnumerable<string> Dependencies => lpDependencies.ToStringEnum();
|
||||
}
|
||||
|
||||
|
@ -5460,6 +5521,7 @@ namespace Vanara.PInvoke
|
|||
/// </summary>
|
||||
public IntPtr lpsaActions;
|
||||
|
||||
/// <summary/>
|
||||
public SC_ACTION[] Actions => lpsaActions.ToArray<SC_ACTION>((int)cActions);
|
||||
}
|
||||
|
||||
|
@ -5753,9 +5815,11 @@ namespace Vanara.PInvoke
|
|||
public uint dwServiceSidType;
|
||||
}
|
||||
|
||||
/// <summary/>
|
||||
[StructLayout(LayoutKind.Sequential)]
|
||||
public readonly struct SERVICE_START_REASON
|
||||
{
|
||||
/// <summary/>
|
||||
public readonly ServiceStartReason dwReason;
|
||||
}
|
||||
|
||||
|
@ -6599,8 +6663,10 @@ namespace Vanara.PInvoke
|
|||
/// </summary>
|
||||
public IntPtr pDataItems;
|
||||
|
||||
/// <summary/>
|
||||
public Guid TriggerSubType => pTriggerSubtype.ToStructure<Guid>();
|
||||
|
||||
/// <summary/>
|
||||
public SERVICE_TRIGGER_SPECIFIC_DATA_ITEM[] DataItems => pDataItems.ToArray<SERVICE_TRIGGER_SPECIFIC_DATA_ITEM>((int)cDataItems);
|
||||
}
|
||||
|
||||
|
@ -6637,6 +6703,7 @@ namespace Vanara.PInvoke
|
|||
/// </summary>
|
||||
public IntPtr pReserved;
|
||||
|
||||
/// <summary/>
|
||||
public SERVICE_TRIGGER[] Triggers => pTriggers.ToArray<SERVICE_TRIGGER>((int)cTriggers);
|
||||
}
|
||||
|
||||
|
|
|
@ -7,6 +7,7 @@ namespace Vanara.PInvoke
|
|||
{
|
||||
public static partial class AdvApi32
|
||||
{
|
||||
/// <summary/>
|
||||
public const uint WCT_MAX_NODE_COUNT = 16;
|
||||
|
||||
/// <summary>
|
||||
|
@ -77,16 +78,27 @@ namespace Vanara.PInvoke
|
|||
[PInvokeData("wct.h", MSDNShortId = "7a333924-79a3-4522-aa5a-4fc60690667d")]
|
||||
public enum WCT_OBJECT_STATUS
|
||||
{
|
||||
/// <summary/>
|
||||
WctStatusNoAccess = 1,
|
||||
/// <summary/>
|
||||
WctStatusRunning,
|
||||
/// <summary/>
|
||||
WctStatusBlocked,
|
||||
/// <summary/>
|
||||
WctStatusPidOnly,
|
||||
/// <summary/>
|
||||
WctStatusPidOnlyRpcss,
|
||||
/// <summary/>
|
||||
WctStatusOwned,
|
||||
/// <summary/>
|
||||
WctStatusNotOwned,
|
||||
/// <summary/>
|
||||
WctStatusAbandoned,
|
||||
/// <summary/>
|
||||
WctStatusUnknown,
|
||||
/// <summary/>
|
||||
WctStatusError,
|
||||
/// <summary/>
|
||||
WctStatusMax
|
||||
}
|
||||
|
||||
|
@ -94,18 +106,31 @@ namespace Vanara.PInvoke
|
|||
[PInvokeData("wct.h", MSDNShortId = "7a333924-79a3-4522-aa5a-4fc60690667d")]
|
||||
public enum WCT_OBJECT_TYPE
|
||||
{
|
||||
/// <summary/>
|
||||
WctCriticalSectionType = 1,
|
||||
/// <summary/>
|
||||
WctSendMessageType,
|
||||
/// <summary/>
|
||||
WctMutexType,
|
||||
/// <summary/>
|
||||
WctAlpcType,
|
||||
/// <summary/>
|
||||
WctComType,
|
||||
/// <summary/>
|
||||
WctThreadWaitType,
|
||||
/// <summary/>
|
||||
WctProcessWaitType,
|
||||
/// <summary/>
|
||||
WctThreadType,
|
||||
/// <summary/>
|
||||
WctComActivationType,
|
||||
/// <summary/>
|
||||
WctUnknownType,
|
||||
/// <summary/>
|
||||
WctSocketIoType,
|
||||
/// <summary/>
|
||||
WctSmbIoType,
|
||||
/// <summary/>
|
||||
WctMaxType
|
||||
}
|
||||
|
||||
|
|
|
@ -69,42 +69,55 @@ namespace Vanara.PInvoke
|
|||
[StructLayout(LayoutKind.Explicit, Size = 32, CharSet = CharSet.Unicode)]
|
||||
public struct AUDIT_PARAM
|
||||
{
|
||||
/// <summary/>
|
||||
[FieldOffset(0)]
|
||||
public AUDIT_PARAM_TYPE Type;
|
||||
|
||||
/// <summary/>
|
||||
[FieldOffset(4)]
|
||||
public uint Length;
|
||||
|
||||
/// <summary/>
|
||||
[FieldOffset(8)]
|
||||
public uint Flags;
|
||||
|
||||
/// <summary/>
|
||||
[FieldOffset(16)]
|
||||
public IntPtr Data0;
|
||||
|
||||
/// <summary/>
|
||||
[FieldOffset(16)]
|
||||
public StrPtrUni String;
|
||||
|
||||
/// <summary/>
|
||||
[FieldOffset(16)]
|
||||
public IntPtr u;
|
||||
|
||||
/// <summary/>
|
||||
[FieldOffset(16)]
|
||||
public PSID psid;
|
||||
|
||||
/// <summary/>
|
||||
[FieldOffset(16)]
|
||||
public IntPtr pguid;
|
||||
|
||||
/// <summary/>
|
||||
[FieldOffset(16)]
|
||||
public int LogonId_LowPart;
|
||||
|
||||
/// <summary/>
|
||||
[FieldOffset(16)]
|
||||
public IntPtr pObjectTypes;
|
||||
|
||||
/// <summary/>
|
||||
[FieldOffset(16)]
|
||||
public IntPtr pIpAddress;
|
||||
|
||||
/// <summary/>
|
||||
[FieldOffset(24)]
|
||||
public IntPtr Data1;
|
||||
|
||||
/// <summary/>
|
||||
[FieldOffset(24)]
|
||||
public int LogonId_HighPart;
|
||||
}
|
||||
|
@ -114,12 +127,16 @@ namespace Vanara.PInvoke
|
|||
[StructLayout(LayoutKind.Sequential)]
|
||||
public struct AUDIT_PARAMS
|
||||
{
|
||||
/// <summary/>
|
||||
public uint Length;
|
||||
|
||||
/// <summary/>
|
||||
public uint Flags;
|
||||
|
||||
/// <summary/>
|
||||
public ushort Count;
|
||||
|
||||
/// <summary/>
|
||||
public IntPtr Parameters;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2719,6 +2719,7 @@ namespace Vanara.PInvoke
|
|||
public AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET ObjectTypeNames;
|
||||
}
|
||||
|
||||
/// <summary/>
|
||||
public class SafeAUTHZ_SOURCE_SCHEMA_REGISTRATION : IDisposable
|
||||
{
|
||||
private List<SafeHGlobalHandle> mem = new List<SafeHGlobalHandle>(7);
|
||||
|
@ -2830,6 +2831,7 @@ namespace Vanara.PInvoke
|
|||
}
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public void Dispose() { foreach (var m in mem) m.Dispose(); mem.Clear(); }
|
||||
}
|
||||
|
||||
|
@ -3207,8 +3209,10 @@ namespace Vanara.PInvoke
|
|||
|
||||
// Pack it all behind a pointer
|
||||
var retPtr = Marshal.AllocHGlobal((int)(sz1 + sz2));
|
||||
#pragma warning disable CS0618 // Type or member is obsolete
|
||||
var ms = new MarshalingStream(retPtr, (int)sz1);
|
||||
var ms2 = new MarshalingStream(retPtr.Offset(sz1), (int)sz2);
|
||||
#pragma warning restore CS0618 // Type or member is obsolete
|
||||
var iV1s = new Internal_AUTHZ_SECURITY_ATTRIBUTE_V1[attrInfo.AttributeCount];
|
||||
for (var i = 0; i < attrInfo.AttributeCount; i++)
|
||||
{
|
||||
|
|
|
@ -6,15 +6,24 @@ using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME;
|
|||
|
||||
namespace Vanara.PInvoke
|
||||
{
|
||||
/// <summary>Functions, structures and constants for schannel.dll</summary>
|
||||
public static partial class Schannel
|
||||
{
|
||||
/// <summary/>
|
||||
public const uint CF_CERT_FROM_FILE = 2;
|
||||
/// <summary/>
|
||||
public const string DEFAULT_TLS_SSP_NAME = "Default TLS SSP";
|
||||
/// <summary/>
|
||||
public const string PCT1SP_NAME = "Microsoft PCT 1.0";
|
||||
/// <summary/>
|
||||
public const string SCHANNEL_NAME = "Schannel";
|
||||
/// <summary/>
|
||||
public const string SSL2SP_NAME = "Microsoft SSL 2.0";
|
||||
/// <summary/>
|
||||
public const string SSL3SP_NAME = "Microsoft SSL 3.0";
|
||||
/// <summary/>
|
||||
public const string TLS1SP_NAME = "Microsoft TLS 1.0";
|
||||
/// <summary/>
|
||||
public const string UNISP_NAME = "Microsoft Unified Security Protocol Provider";
|
||||
|
||||
private const int SECPKGCONTEXT_CONNECTION_INFO_EX_V1 = 1;
|
||||
|
|
|
@ -42,48 +42,88 @@ namespace Vanara.PInvoke
|
|||
/// <summary>Digest Authentication for Windows.</summary>
|
||||
[PInvokeData("wdigest.h")]
|
||||
public const string WDIGEST_SP_NAME = "WDigest";
|
||||
|
||||
/// <summary>Kerberos encryption types.</summary>
|
||||
[PInvokeData("Ntsecapi.h", MSDNShortId = "3b088c94-810b-44c7-887a-58e8dbd13603")]
|
||||
public enum KERB_ETYPE
|
||||
{
|
||||
/// <summary/>
|
||||
KERB_ETYPE_NULL = 0,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_DES_CBC_CRC = 1,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_DES_CBC_MD4 = 2,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_DES_CBC_MD5 = 3,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_AES128_CTS_HMAC_SHA1_96 = 17,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_AES256_CTS_HMAC_SHA1_96 = 18,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RC4_MD4 = -128,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RC4_PLAIN2 = -129,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RC4_LM = -130,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RC4_SHA = -131,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_DES_PLAIN = -132,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RC4_HMAC_OLD = -133,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RC4_PLAIN_OLD = -134,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RC4_HMAC_OLD_EXP = -135,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RC4_PLAIN_OLD_EXP = -136,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RC4_PLAIN = -140,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RC4_PLAIN_EXP = -141,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_AES128_CTS_HMAC_SHA1_96_PLAIN = -148,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_AES256_CTS_HMAC_SHA1_96_PLAIN = -149,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_NTLM_HASH = -150,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_DSA_SHA1_CMS = 9,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RSA_MD5_CMS = 10,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RSA_SHA1_CMS = 11,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RC2_CBC_ENV = 12,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RSA_ENV = 13,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RSA_ES_OEAP_ENV = 14,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_DES_EDE3_CBC_ENV = 15,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_DSA_SIGN = 8,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RSA_PRIV = 9,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RSA_PUB = 10,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RSA_PUB_MD5 = 11,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RSA_PUB_SHA1 = 12,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_PKCS7_PUB = 13,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_DES3_CBC_MD5 = 5,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_DES3_CBC_SHA1 = 7,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_DES3_CBC_SHA1_KD = 16,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_DES_CBC_MD5_NT = 20,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RC4_HMAC_NT = 23,
|
||||
/// <summary/>
|
||||
KERB_ETYPE_RC4_HMAC_NT_EXP = 24
|
||||
}
|
||||
|
||||
|
@ -215,6 +255,7 @@ namespace Vanara.PInvoke
|
|||
/// <summary>This message is a request to refresh the smart card credentials.</summary>
|
||||
KerbRefreshSmartcardCredentialsMessage,
|
||||
|
||||
/// <summary/>
|
||||
KerbAddExtraCredentialsMessage,
|
||||
|
||||
/// <summary>This constant is reserved.</summary>
|
||||
|
@ -226,6 +267,7 @@ namespace Vanara.PInvoke
|
|||
/// </summary>
|
||||
KerbTransferCredentialsMessage,
|
||||
|
||||
/// <summary/>
|
||||
KerbQueryTicketCacheEx2Message,
|
||||
|
||||
/// <summary>
|
||||
|
@ -234,6 +276,7 @@ namespace Vanara.PInvoke
|
|||
/// </summary>
|
||||
KerbSubmitTicketMessage,
|
||||
|
||||
/// <summary/>
|
||||
KerbAddExtraCredentialsExMessage,
|
||||
|
||||
/// <summary>
|
||||
|
@ -242,6 +285,7 @@ namespace Vanara.PInvoke
|
|||
/// </summary>
|
||||
KerbQueryKdcProxyCacheMessage,
|
||||
|
||||
/// <summary/>
|
||||
KerbPurgeKdcProxyCacheMessage,
|
||||
|
||||
/// <summary>
|
||||
|
@ -251,6 +295,7 @@ namespace Vanara.PInvoke
|
|||
/// </summary>
|
||||
KerbQueryTicketCacheEx3Message,
|
||||
|
||||
/// <summary/>
|
||||
KerbCleanupMachinePkinitCredsMessage,
|
||||
|
||||
/// <summary>
|
||||
|
@ -259,6 +304,7 @@ namespace Vanara.PInvoke
|
|||
/// </summary>
|
||||
KerbAddBindingCacheEntryExMessage,
|
||||
|
||||
/// <summary/>
|
||||
KerbQueryBindingCacheMessage,
|
||||
|
||||
/// <summary>
|
||||
|
@ -267,8 +313,11 @@ namespace Vanara.PInvoke
|
|||
/// </summary>
|
||||
KerbPurgeBindingCacheMessage,
|
||||
|
||||
/// <summary/>
|
||||
KerbPinKdcMessage,
|
||||
/// <summary/>
|
||||
KerbUnpinAllKdcsMessage,
|
||||
/// <summary/>
|
||||
KerbQueryDomainExtendedPoliciesMessage,
|
||||
|
||||
/// <summary>
|
||||
|
@ -351,6 +400,7 @@ namespace Vanara.PInvoke
|
|||
KERB_TICKET_FLAGS_reserved1 = 0x00000001,
|
||||
}
|
||||
|
||||
/// <summary>Kerberos name type.</summary>
|
||||
[PInvokeData("ntsecapi.h", MSDNShortId = "8ed37546-6443-4010-a078-4359dd1c2861")]
|
||||
public enum KRB_NT : short
|
||||
{
|
||||
|
|
|
@ -47,6 +47,7 @@ namespace Vanara.PInvoke
|
|||
/// <summary>A new session key must be negotiated. This value is supported only by the Kerberos security package.</summary>
|
||||
ASC_REQ_USE_SESSION_KEY = 0x00000020,
|
||||
|
||||
/// <summary/>
|
||||
ASC_REQ_SESSION_TICKET = 0x00000040,
|
||||
|
||||
/// <summary>
|
||||
|
@ -55,13 +56,17 @@ namespace Vanara.PInvoke
|
|||
/// </summary>
|
||||
ASC_REQ_ALLOCATE_MEMORY = 0x00000100,
|
||||
|
||||
/// <summary/>
|
||||
ASC_REQ_USE_DCE_STYLE = 0x00000200,
|
||||
/// <summary/>
|
||||
ASC_REQ_DATAGRAM = 0x00000400,
|
||||
|
||||
/// <summary>The security context will not handle formatting messages.</summary>
|
||||
ASC_REQ_CONNECTION = 0x00000800,
|
||||
|
||||
/// <summary/>
|
||||
ASC_REQ_CALL_LEVEL = 0x00001000,
|
||||
/// <summary/>
|
||||
ASC_REQ_FRAGMENT_SUPPLIED = 0x00002000,
|
||||
|
||||
/// <summary>When errors occur, the remote party will be notified.</summary>
|
||||
|
@ -73,14 +78,23 @@ namespace Vanara.PInvoke
|
|||
/// <summary>Sign messages and verify signatures by using the EncryptMessage and MakeSignature functions.</summary>
|
||||
ASC_REQ_INTEGRITY = 0x00020000,
|
||||
|
||||
/// <summary/>
|
||||
ASC_REQ_LICENSING = 0x00040000,
|
||||
/// <summary/>
|
||||
ASC_REQ_IDENTIFY = 0x00080000,
|
||||
/// <summary/>
|
||||
ASC_REQ_ALLOW_NULL_SESSION = 0x00100000,
|
||||
/// <summary/>
|
||||
ASC_REQ_ALLOW_NON_USER_LOGONS = 0x00200000,
|
||||
/// <summary/>
|
||||
ASC_REQ_ALLOW_CONTEXT_REPLAY = 0x00400000,
|
||||
/// <summary/>
|
||||
ASC_REQ_FRAGMENT_TO_FIT = 0x00800000,
|
||||
/// <summary/>
|
||||
ASC_REQ_NO_TOKEN = 0x01000000,
|
||||
/// <summary/>
|
||||
ASC_REQ_PROXY_BINDINGS = 0x04000000,
|
||||
/// <summary/>
|
||||
ASC_REQ_ALLOW_MISSING_BINDINGS = 0x10000000,
|
||||
}
|
||||
|
||||
|
@ -323,6 +337,7 @@ namespace Vanara.PInvoke
|
|||
SEC_WINNT_AUTH_IDENTITY_FLAGS_ID_PROVIDER = 0x80000,
|
||||
}
|
||||
|
||||
/// <summary/>
|
||||
[Flags]
|
||||
public enum SecBufferType : uint
|
||||
{
|
||||
|
@ -3159,6 +3174,399 @@ namespace Vanara.PInvoke
|
|||
public static extern HRESULT InitializeSecurityContext(in CredHandle phCredential, [In, Optional] IntPtr phContext, string pszTargetName, [In] ASC_REQ fContextReq, [Optional] int Reserved1, [In] DREP TargetDataRep,
|
||||
[In, Optional] IntPtr pInput, [Optional] int Reserved2, ref CtxtHandle phNewContext, ref SecBufferDesc pOutput, out ASC_RET pfContextAttr, out TimeStamp ptsExpiry);
|
||||
|
||||
/// <summary>
|
||||
/// <para>
|
||||
/// The <c>InitializeSecurityContext (General)</c> function initiates the client side, outbound security context from a credential
|
||||
/// handle. The function is used to build a security context between the client application and a remote peer.
|
||||
/// <c>InitializeSecurityContext (General)</c> returns a token that the client must pass to the remote peer, which the peer in turn
|
||||
/// submits to the local security implementation through the AcceptSecurityContext (General) call. The token generated should be
|
||||
/// considered opaque by all callers.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// Typically, the <c>InitializeSecurityContext (General)</c> function is called in a loop until a sufficient security context is established.
|
||||
/// </para>
|
||||
/// <para>For information about using this function with a specific security support provider (SSP), see the following topics.</para>
|
||||
/// <list type="table">
|
||||
/// <listheader>
|
||||
/// <term>Topic</term>
|
||||
/// <term>Description</term>
|
||||
/// </listheader>
|
||||
/// <item>
|
||||
/// <term>InitializeSecurityContext (CredSSP)</term>
|
||||
/// <term>
|
||||
/// Initiates the client side, outbound security context from a credential handle by using the Credential Security Support Provider (CredSSP).
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>InitializeSecurityContext (Digest)</term>
|
||||
/// <term>Initiates the client side, outbound security context from a credential handle by using the Digest security package.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>InitializeSecurityContext (Kerberos)</term>
|
||||
/// <term>Initiates the client side, outbound security context from a credential handle by using the Kerberos security package.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>InitializeSecurityContext (Negotiate)</term>
|
||||
/// <term>Initiates the client side, outbound security context from a credential handle by using the Negotiate security package.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>InitializeSecurityContext (NTLM)</term>
|
||||
/// <term>Initiates the client side, outbound security context from a credential handle by using the NTLM security package.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>InitializeSecurityContext (Schannel)</term>
|
||||
/// <term>Initiates the client side, outbound security context from a credential handle by using the Schannel security package.</term>
|
||||
/// </item>
|
||||
/// </list>
|
||||
/// </summary>
|
||||
/// <param name="phCredential">A handle to the credentials returned by AcquireCredentialsHandle (General). This handle is used to build the security context.
|
||||
/// The <c>InitializeSecurityContext (General)</c> function requires at least OUTBOUND credentials.</param>
|
||||
/// <param name="phContext"><para>
|
||||
/// A pointer to a CtxtHandle structure. On the first call to <c>InitializeSecurityContext (General)</c>, this pointer is
|
||||
/// <c>NULL</c>. On the second call, this parameter is a pointer to the handle to the partially formed context returned in the
|
||||
/// phNewContext parameter by the first call.
|
||||
/// </para>
|
||||
/// <para>This parameter is optional with the Microsoft Digest SSP and can be set to <c>NULL</c>.</para>
|
||||
/// <para>
|
||||
/// When using the Schannel SSP, on the first call to <c>InitializeSecurityContext (General)</c>, specify <c>NULL</c>. On future
|
||||
/// calls, specify the token received in the phNewContext parameter after the first call to this function.
|
||||
/// </para></param>
|
||||
/// <param name="pszTargetName">TBD</param>
|
||||
/// <param name="fContextReq"><para>
|
||||
/// Bit flags that indicate requests for the context. Not all packages can support all requirements. Flags used for this parameter
|
||||
/// are prefixed with ISC_REQ_, for example, ISC_REQ_DELEGATE. This parameter can be one or more of the following attributes flags.
|
||||
/// </para>
|
||||
/// <list type="table">
|
||||
/// <listheader>
|
||||
/// <term>Value</term>
|
||||
/// <term>Meaning</term>
|
||||
/// </listheader>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_ALLOCATE_MEMORY</term>
|
||||
/// <term>
|
||||
/// The security package allocates output buffers for you. When you have finished using the output buffers, free them by calling the
|
||||
/// FreeContextBuffer function.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_CONFIDENTIALITY</term>
|
||||
/// <term>Encrypt messages by using the EncryptMessage function.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_CONNECTION</term>
|
||||
/// <term>
|
||||
/// The security context will not handle formatting messages. This value is the default for the Kerberos, Negotiate, and NTLM
|
||||
/// security packages.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_DELEGATE</term>
|
||||
/// <term>
|
||||
/// The server can use the context to authenticate to other servers as the client. The ISC_REQ_MUTUAL_AUTH flag must be set for this
|
||||
/// flag to work. Valid for Kerberos. Ignore this flag for constrained delegation.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_EXTENDED_ERROR</term>
|
||||
/// <term>When errors occur, the remote party will be notified.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_HTTP</term>
|
||||
/// <term>Use Digest for HTTP. Omit this flag to use Digest as a SASL mechanism.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_INTEGRITY</term>
|
||||
/// <term>Sign messages and verify signatures by using the EncryptMessage and MakeSignature functions.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_MANUAL_CRED_VALIDATION</term>
|
||||
/// <term>Schannel must not authenticate the server automatically.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_MUTUAL_AUTH</term>
|
||||
/// <term>The mutual authentication policy of the service will be satisfied.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_NO_INTEGRITY</term>
|
||||
/// <term>
|
||||
/// If this flag is set, the ISC_REQ_INTEGRITY flag is ignored. This value is supported only by the Negotiate and Kerberos security packages.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_REPLAY_DETECT</term>
|
||||
/// <term>Detect replayed messages that have been encoded by using the EncryptMessage or MakeSignature functions.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_SEQUENCE_DETECT</term>
|
||||
/// <term>Detect messages received out of sequence.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_STREAM</term>
|
||||
/// <term>Support a stream-oriented connection.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_USE_SESSION_KEY</term>
|
||||
/// <term>A new session key must be negotiated. This value is supported only by the Kerberos security package.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_USE_SUPPLIED_CREDS</term>
|
||||
/// <term>Schannel must not attempt to supply credentials for the client automatically.</term>
|
||||
/// </item>
|
||||
/// </list>
|
||||
/// <para>The requested attributes may not be supported by the client. For more information, see the pfContextAttr parameter.</para>
|
||||
/// <para>For further descriptions of the various attributes, see Context Requirements.</para></param>
|
||||
/// <param name="TargetDataRep"><para>The data representation, such as byte ordering, on the target. This parameter can be either SECURITY_NATIVE_DREP or SECURITY_NETWORK_DREP.</para>
|
||||
/// <para>This parameter is not used with Digest or Schannel. Set it to zero.</para></param>
|
||||
/// <param name="pInput">A pointer to a SecBufferDesc structure that contains pointers to the buffers supplied as input to the package. Unless the client
|
||||
/// context was initiated by the server, the value of this parameter must be <c>NULL</c> on the first call to the function. On
|
||||
/// subsequent calls to the function or when the client context was initiated by the server, the value of this parameter is a pointer
|
||||
/// to a buffer allocated with enough memory to hold the token returned by the remote computer.</param>
|
||||
/// <param name="outputType">Type of the output.</param>
|
||||
/// <param name="pOutput"><para>
|
||||
/// A pointer to a SecBufferDesc structure that contains pointers to the SecBuffer structure that receives the output data. If a
|
||||
/// buffer was typed as SEC_READWRITE in the input, it will be there on output. The system will allocate a buffer for the security
|
||||
/// token if requested (through ISC_REQ_ALLOCATE_MEMORY) and fill in the address in the buffer descriptor for the security token.
|
||||
/// </para>
|
||||
/// <para>When using the Microsoft Digest SSP, this parameter receives the challenge response that must be sent to the server.</para>
|
||||
/// <para>
|
||||
/// When using the Schannel SSP, if the ISC_REQ_ALLOCATE_MEMORY flag is specified, the Schannel SSP will allocate memory for the
|
||||
/// buffer and put the appropriate information in the SecBufferDesc. In addition, the caller must pass in a buffer of type
|
||||
/// <c>SECBUFFER_ALERT</c>. On output, if an alert is generated, this buffer contains information about that alert, and the function fails.
|
||||
/// </para></param>
|
||||
/// <param name="pfContextAttr"><para>
|
||||
/// A pointer to a variable to receive a set of bit flags that indicate the attributes of the established context. For a description
|
||||
/// of the various attributes, see Context Requirements.
|
||||
/// </para>
|
||||
/// <para>Flags used for this parameter are prefixed with ISC_RET, such as ISC_RET_DELEGATE.</para>
|
||||
/// <para>For a list of valid values, see the fContextReq parameter.</para>
|
||||
/// <para>
|
||||
/// Do not check for security-related attributes until the final function call returns successfully. Attribute flags that are not
|
||||
/// related to security, such as the ASC_RET_ALLOCATED_MEMORY flag, can be checked before the final return.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// <c>Note</c> Particular context attributes can change during negotiation with a remote peer.</para></param>
|
||||
/// <param name="ptsExpiry"><para>
|
||||
/// A pointer to a TimeStamp structure that receives the expiration time of the context. It is recommended that the security package
|
||||
/// always return this value in local time. This parameter is optional and <c>NULL</c> should be passed for short-lived clients.
|
||||
/// </para>
|
||||
/// <para>There is no expiration time for Microsoft Digest SSP security contexts or credentials.</para></param>
|
||||
/// <returns>
|
||||
/// <para>If the function succeeds, the function returns one of the following success codes.</para>
|
||||
/// <list type="table">
|
||||
/// <listheader>
|
||||
/// <term>Return code</term>
|
||||
/// <term>Description</term>
|
||||
/// </listheader>
|
||||
/// <item>
|
||||
/// <term>SEC_I_COMPLETE_AND_CONTINUE</term>
|
||||
/// <term>
|
||||
/// The client must call CompleteAuthToken and then pass the output to the server. The client then waits for a returned token and
|
||||
/// passes it, in another call, to InitializeSecurityContext (General).
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_I_COMPLETE_NEEDED</term>
|
||||
/// <term>The client must finish building the message and then call the CompleteAuthToken function.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_I_CONTINUE_NEEDED</term>
|
||||
/// <term>
|
||||
/// The client must send the output token to the server and wait for a return token. The returned token is then passed in another
|
||||
/// call to InitializeSecurityContext (General). The output token can be empty.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_I_INCOMPLETE_CREDENTIALS</term>
|
||||
/// <term>
|
||||
/// Use with Schannel. The server has requested client authentication, and the supplied credentials either do not include a
|
||||
/// certificate or the certificate was not issued by a certification authority that is trusted by the server. For more information,
|
||||
/// see Remarks.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_INCOMPLETE_MESSAGE</term>
|
||||
/// <term>
|
||||
/// Use with Schannel. Data for the whole message was not read from the wire. When this value is returned, the pInput buffer contains
|
||||
/// a SecBuffer structure with a BufferType member of SECBUFFER_MISSING. The cbBuffer member of SecBuffer contains a value that
|
||||
/// indicates the number of additional bytes that the function must read from the client before this function succeeds. While this
|
||||
/// number is not always accurate, using it can help improve performance by avoiding multiple calls to this function.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_OK</term>
|
||||
/// <term>
|
||||
/// The security context was successfully initialized. There is no need for another InitializeSecurityContext (General) call. If the
|
||||
/// function returns an output token, that is, if the SECBUFFER_TOKEN in pOutput is of nonzero length, that token must be sent to the server.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// </list>
|
||||
/// <para>If the function fails, the function returns one of the following error codes.</para>
|
||||
/// <list type="table">
|
||||
/// <listheader>
|
||||
/// <term>Return code</term>
|
||||
/// <term>Description</term>
|
||||
/// </listheader>
|
||||
/// <item>
|
||||
/// <term>SEC_E_INSUFFICIENT_MEMORY</term>
|
||||
/// <term>There is not enough memory available to complete the requested action.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_INTERNAL_ERROR</term>
|
||||
/// <term>An error occurred that did not map to an SSPI error code.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_INVALID_HANDLE</term>
|
||||
/// <term>The handle passed to the function is not valid.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_INVALID_TOKEN</term>
|
||||
/// <term>
|
||||
/// The error is due to a malformed input token, such as a token corrupted in transit, a token of incorrect size, or a token passed
|
||||
/// into the wrong security package. Passing a token to the wrong package can happen if the client and server did not negotiate the
|
||||
/// proper security package.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_LOGON_DENIED</term>
|
||||
/// <term>The logon failed.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_NO_AUTHENTICATING_AUTHORITY</term>
|
||||
/// <term>
|
||||
/// No authority could be contacted for authentication. The domain name of the authenticating party could be wrong, the domain could
|
||||
/// be unreachable, or there might have been a trust relationship failure.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_NO_CREDENTIALS</term>
|
||||
/// <term>No credentials are available in the security package.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_TARGET_UNKNOWN</term>
|
||||
/// <term>The target was not recognized.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_UNSUPPORTED_FUNCTION</term>
|
||||
/// <term>
|
||||
/// A context attribute flag that is not valid (ISC_REQ_DELEGATE or ISC_REQ_PROMPT_FOR_CREDS) was specified in the fContextReq parameter.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_WRONG_PRINCIPAL</term>
|
||||
/// <term>
|
||||
/// The principal that received the authentication request is not the same as the one passed into the pszTargetName parameter. This
|
||||
/// indicates a failure in mutual authentication.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// </list>
|
||||
/// </returns>
|
||||
/// <remarks>
|
||||
/// <para>
|
||||
/// The caller is responsible for determining whether the final context attributes are sufficient. If, for example, confidentiality
|
||||
/// was requested, but could not be established, some applications may choose to shut down the connection immediately.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// If attributes of the security context are not sufficient, the client must free the partially created context by calling the
|
||||
/// DeleteSecurityContext function.
|
||||
/// </para>
|
||||
/// <para>The <c>InitializeSecurityContext (General)</c> function is used by a client to initialize an outbound context.</para>
|
||||
/// <para>For a two-leg security context, the calling sequence is as follows:</para>
|
||||
/// <list type="number">
|
||||
/// <item>
|
||||
/// <term>The client calls the function with phContext set to <c>NULL</c> and fills in the buffer descriptor with the input message.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>
|
||||
/// The security package examines the parameters and constructs an opaque token, placing it in the TOKEN element in the buffer array.
|
||||
/// If the fContextReq parameter includes the ISC_REQ_ALLOCATE_MEMORY flag, the security package allocates the memory and returns the
|
||||
/// pointer in the TOKEN element.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>
|
||||
/// The client sends the token returned in the pOutput buffer to the target server. The server then passes the token as an input
|
||||
/// argument in a call to the AcceptSecurityContext (General) function.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>
|
||||
/// AcceptSecurityContext (General) may return a token, which the server sends to the client for a second call to
|
||||
/// <c>InitializeSecurityContext (General)</c> if the first call returned SEC_I_CONTINUE_NEEDED.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// </list>
|
||||
/// <para>For multiple-leg security contexts, such as mutual authentication, the calling sequence is as follows:</para>
|
||||
/// <list type="number">
|
||||
/// <item>
|
||||
/// <term>The client calls the function as described earlier, but the package returns the SEC_I_CONTINUE_NEEDED success code.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>The client sends the output token to the server and waits for the server's reply.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>
|
||||
/// Upon receipt of the server's response, the client calls <c>InitializeSecurityContext (General)</c> again, with phContext set to
|
||||
/// the handle that was returned from the last call. The token received from the server is supplied in the pInput parameter.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// </list>
|
||||
/// <para>If the server has successfully responded, the security package returns SEC_E_OK and a secure session is established.</para>
|
||||
/// <para>If the function returns one of the error responses, the server's response is not accepted, and the session is not established.</para>
|
||||
/// <para>
|
||||
/// If the function returns SEC_I_CONTINUE_NEEDED, SEC_I_COMPLETE_NEEDED, or SEC_I_COMPLETE_AND_CONTINUE, steps 2 and 3 are repeated.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// To initialize a security context, more than one call to this function may be required, depending on the underlying authentication
|
||||
/// mechanism as well as the choices specified in the fContextReq parameter.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// The fContextReq and pfContextAttributes parameters are bitmasks that represent various context attributes. For a description of
|
||||
/// the various attributes, see Context Requirements. The pfContextAttributes parameter is valid on any successful return, but only
|
||||
/// on the final successful return should you examine the flags that pertain to security aspects of the context. Intermediate returns
|
||||
/// can set, for example, the ISC_RET_ALLOCATED_MEMORY flag.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// If the ISC_REQ_USE_SUPPLIED_CREDS flag is set, the security package must look for a SECBUFFER_PKG_PARAMS buffer type in the
|
||||
/// pInput input buffer. This is not a generic solution, but it allows for a strong pairing of security package and application when appropriate.
|
||||
/// </para>
|
||||
/// <para>If ISC_REQ_ALLOCATE_MEMORY was specified, the caller must free the memory by calling the FreeContextBuffer function.</para>
|
||||
/// <para>
|
||||
/// For example, the input token could be the challenge from a LAN Manager. In this case, the output token would be the
|
||||
/// NTLM-encrypted response to the challenge.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// The action the client takes depends on the return code from this function. If the return code is SEC_E_OK, there will be no
|
||||
/// second <c>InitializeSecurityContext (General)</c> call, and no response from the server is expected. If the return code is
|
||||
/// SEC_I_CONTINUE_NEEDED, the client expects a token in response from the server and passes it in a second call to
|
||||
/// <c>InitializeSecurityContext (General)</c>. The SEC_I_COMPLETE_NEEDED return code indicates that the client must finish building
|
||||
/// the message and call the CompleteAuthToken function. The SEC_I_COMPLETE_AND_CONTINUE code incorporates both of these actions.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// If <c>InitializeSecurityContext (General)</c> returns success on the first (or only) call, then the caller must eventually call
|
||||
/// the DeleteSecurityContext function on the returned handle, even if the call fails on a later leg of the authentication exchange.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// The client may call <c>InitializeSecurityContext (General)</c> again after it has completed successfully. This indicates to the
|
||||
/// security package that a reauthentication is wanted.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// Kernel mode callers have the following differences: the target name is a Unicode string that must be allocated in virtual memory
|
||||
/// by using VirtualAlloc; it must not be allocated from the pool. Buffers passed and supplied in pInput and pOutput must be in
|
||||
/// virtual memory, not in the pool.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// When using the Schannel SSP, if the function returns SEC_I_INCOMPLETE_CREDENTIALS, check that you specified a valid and trusted
|
||||
/// certificate in your credentials. The certificate is specified when calling the AcquireCredentialsHandle (General) function. The
|
||||
/// certificate must be a client authentication certificate issued by a certification authority (CA) trusted by the server. To obtain
|
||||
/// a list of the CAs trusted by the server, call the QueryContextAttributes (General) function and specify the
|
||||
/// SECPKG_ATTR_ISSUER_LIST_EX attribute.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// When using the Schannel SSP, after a client application receives an authentication certificate from a CA that is trusted by the
|
||||
/// server, the application creates a new credential by calling the AcquireCredentialsHandle (General) function and then calling
|
||||
/// <c>InitializeSecurityContext (General)</c> again, specifying the new credential in the phCredential parameter.
|
||||
/// </para>
|
||||
/// </remarks>
|
||||
public static HRESULT InitializeSecurityContext(in CredHandle phCredential, [In, Out] SafeCtxtHandle phContext, string pszTargetName, ASC_REQ fContextReq, DREP TargetDataRep,
|
||||
[In, Optional] SecBufferDesc? pInput, SecBufferType outputType, out SafeSecBufferDesc pOutput, out ASC_RET pfContextAttr, out TimeStamp ptsExpiry)
|
||||
{
|
||||
|
@ -3166,6 +3574,399 @@ namespace Vanara.PInvoke
|
|||
return InitializeSecurityContext(phCredential, phContext, pszTargetName, fContextReq, TargetDataRep, pInput, pOutput, out pfContextAttr, out ptsExpiry);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// <para>
|
||||
/// The <c>InitializeSecurityContext (General)</c> function initiates the client side, outbound security context from a credential
|
||||
/// handle. The function is used to build a security context between the client application and a remote peer.
|
||||
/// <c>InitializeSecurityContext (General)</c> returns a token that the client must pass to the remote peer, which the peer in turn
|
||||
/// submits to the local security implementation through the AcceptSecurityContext (General) call. The token generated should be
|
||||
/// considered opaque by all callers.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// Typically, the <c>InitializeSecurityContext (General)</c> function is called in a loop until a sufficient security context is established.
|
||||
/// </para>
|
||||
/// <para>For information about using this function with a specific security support provider (SSP), see the following topics.</para>
|
||||
/// <list type="table">
|
||||
/// <listheader>
|
||||
/// <term>Topic</term>
|
||||
/// <term>Description</term>
|
||||
/// </listheader>
|
||||
/// <item>
|
||||
/// <term>InitializeSecurityContext (CredSSP)</term>
|
||||
/// <term>
|
||||
/// Initiates the client side, outbound security context from a credential handle by using the Credential Security Support Provider (CredSSP).
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>InitializeSecurityContext (Digest)</term>
|
||||
/// <term>Initiates the client side, outbound security context from a credential handle by using the Digest security package.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>InitializeSecurityContext (Kerberos)</term>
|
||||
/// <term>Initiates the client side, outbound security context from a credential handle by using the Kerberos security package.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>InitializeSecurityContext (Negotiate)</term>
|
||||
/// <term>Initiates the client side, outbound security context from a credential handle by using the Negotiate security package.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>InitializeSecurityContext (NTLM)</term>
|
||||
/// <term>Initiates the client side, outbound security context from a credential handle by using the NTLM security package.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>InitializeSecurityContext (Schannel)</term>
|
||||
/// <term>Initiates the client side, outbound security context from a credential handle by using the Schannel security package.</term>
|
||||
/// </item>
|
||||
/// </list>
|
||||
/// </summary>
|
||||
/// <param name="phCredential">A handle to the credentials returned by AcquireCredentialsHandle (General). This handle is used to build the security context.
|
||||
/// The <c>InitializeSecurityContext (General)</c> function requires at least OUTBOUND credentials.</param>
|
||||
/// <param name="phContext"><para>
|
||||
/// A pointer to a CtxtHandle structure. On the first call to <c>InitializeSecurityContext (General)</c>, this pointer is
|
||||
/// <c>NULL</c>. On the second call, this parameter is a pointer to the handle to the partially formed context returned in the
|
||||
/// phNewContext parameter by the first call.
|
||||
/// </para>
|
||||
/// <para>This parameter is optional with the Microsoft Digest SSP and can be set to <c>NULL</c>.</para>
|
||||
/// <para>
|
||||
/// When using the Schannel SSP, on the first call to <c>InitializeSecurityContext (General)</c>, specify <c>NULL</c>. On future
|
||||
/// calls, specify the token received in the phNewContext parameter after the first call to this function.
|
||||
/// </para></param>
|
||||
/// <param name="pszTargetName">TBD</param>
|
||||
/// <param name="fContextReq"><para>
|
||||
/// Bit flags that indicate requests for the context. Not all packages can support all requirements. Flags used for this parameter
|
||||
/// are prefixed with ISC_REQ_, for example, ISC_REQ_DELEGATE. This parameter can be one or more of the following attributes flags.
|
||||
/// </para>
|
||||
/// <list type="table">
|
||||
/// <listheader>
|
||||
/// <term>Value</term>
|
||||
/// <term>Meaning</term>
|
||||
/// </listheader>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_ALLOCATE_MEMORY</term>
|
||||
/// <term>
|
||||
/// The security package allocates output buffers for you. When you have finished using the output buffers, free them by calling the
|
||||
/// FreeContextBuffer function.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_CONFIDENTIALITY</term>
|
||||
/// <term>Encrypt messages by using the EncryptMessage function.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_CONNECTION</term>
|
||||
/// <term>
|
||||
/// The security context will not handle formatting messages. This value is the default for the Kerberos, Negotiate, and NTLM
|
||||
/// security packages.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_DELEGATE</term>
|
||||
/// <term>
|
||||
/// The server can use the context to authenticate to other servers as the client. The ISC_REQ_MUTUAL_AUTH flag must be set for this
|
||||
/// flag to work. Valid for Kerberos. Ignore this flag for constrained delegation.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_EXTENDED_ERROR</term>
|
||||
/// <term>When errors occur, the remote party will be notified.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_HTTP</term>
|
||||
/// <term>Use Digest for HTTP. Omit this flag to use Digest as a SASL mechanism.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_INTEGRITY</term>
|
||||
/// <term>Sign messages and verify signatures by using the EncryptMessage and MakeSignature functions.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_MANUAL_CRED_VALIDATION</term>
|
||||
/// <term>Schannel must not authenticate the server automatically.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_MUTUAL_AUTH</term>
|
||||
/// <term>The mutual authentication policy of the service will be satisfied.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_NO_INTEGRITY</term>
|
||||
/// <term>
|
||||
/// If this flag is set, the ISC_REQ_INTEGRITY flag is ignored. This value is supported only by the Negotiate and Kerberos security packages.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_REPLAY_DETECT</term>
|
||||
/// <term>Detect replayed messages that have been encoded by using the EncryptMessage or MakeSignature functions.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_SEQUENCE_DETECT</term>
|
||||
/// <term>Detect messages received out of sequence.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_STREAM</term>
|
||||
/// <term>Support a stream-oriented connection.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_USE_SESSION_KEY</term>
|
||||
/// <term>A new session key must be negotiated. This value is supported only by the Kerberos security package.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>ISC_REQ_USE_SUPPLIED_CREDS</term>
|
||||
/// <term>Schannel must not attempt to supply credentials for the client automatically.</term>
|
||||
/// </item>
|
||||
/// </list>
|
||||
/// <para>The requested attributes may not be supported by the client. For more information, see the pfContextAttr parameter.</para>
|
||||
/// <para>For further descriptions of the various attributes, see Context Requirements.</para></param>
|
||||
/// <param name="TargetDataRep"><para>The data representation, such as byte ordering, on the target. This parameter can be either SECURITY_NATIVE_DREP or SECURITY_NETWORK_DREP.</para>
|
||||
/// <para>This parameter is not used with Digest or Schannel. Set it to zero.</para></param>
|
||||
/// <param name="pInput">A pointer to a SecBufferDesc structure that contains pointers to the buffers supplied as input to the package. Unless the client
|
||||
/// context was initiated by the server, the value of this parameter must be <c>NULL</c> on the first call to the function. On
|
||||
/// subsequent calls to the function or when the client context was initiated by the server, the value of this parameter is a pointer
|
||||
/// to a buffer allocated with enough memory to hold the token returned by the remote computer.</param>
|
||||
/// <param name="pOutput"><para>
|
||||
/// A pointer to a SecBufferDesc structure that contains pointers to the SecBuffer structure that receives the output data. If a
|
||||
/// buffer was typed as SEC_READWRITE in the input, it will be there on output. The system will allocate a buffer for the security
|
||||
/// token if requested (through ISC_REQ_ALLOCATE_MEMORY) and fill in the address in the buffer descriptor for the security token.
|
||||
/// </para>
|
||||
/// <para>When using the Microsoft Digest SSP, this parameter receives the challenge response that must be sent to the server.</para>
|
||||
/// <para>
|
||||
/// When using the Schannel SSP, if the ISC_REQ_ALLOCATE_MEMORY flag is specified, the Schannel SSP will allocate memory for the
|
||||
/// buffer and put the appropriate information in the SecBufferDesc. In addition, the caller must pass in a buffer of type
|
||||
/// <c>SECBUFFER_ALERT</c>. On output, if an alert is generated, this buffer contains information about that alert, and the function fails.
|
||||
/// </para></param>
|
||||
/// <param name="pfContextAttr"><para>
|
||||
/// A pointer to a variable to receive a set of bit flags that indicate the attributes of the established context. For a description
|
||||
/// of the various attributes, see Context Requirements.
|
||||
/// </para>
|
||||
/// <para>Flags used for this parameter are prefixed with ISC_RET, such as ISC_RET_DELEGATE.</para>
|
||||
/// <para>For a list of valid values, see the fContextReq parameter.</para>
|
||||
/// <para>
|
||||
/// Do not check for security-related attributes until the final function call returns successfully. Attribute flags that are not
|
||||
/// related to security, such as the ASC_RET_ALLOCATED_MEMORY flag, can be checked before the final return.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// <c>Note</c> Particular context attributes can change during negotiation with a remote peer.</para></param>
|
||||
/// <param name="ptsExpiry"><para>
|
||||
/// A pointer to a TimeStamp structure that receives the expiration time of the context. It is recommended that the security package
|
||||
/// always return this value in local time. This parameter is optional and <c>NULL</c> should be passed for short-lived clients.
|
||||
/// </para>
|
||||
/// <para>There is no expiration time for Microsoft Digest SSP security contexts or credentials.</para></param>
|
||||
/// <returns>
|
||||
/// <para>If the function succeeds, the function returns one of the following success codes.</para>
|
||||
/// <list type="table">
|
||||
/// <listheader>
|
||||
/// <term>Return code</term>
|
||||
/// <term>Description</term>
|
||||
/// </listheader>
|
||||
/// <item>
|
||||
/// <term>SEC_I_COMPLETE_AND_CONTINUE</term>
|
||||
/// <term>
|
||||
/// The client must call CompleteAuthToken and then pass the output to the server. The client then waits for a returned token and
|
||||
/// passes it, in another call, to InitializeSecurityContext (General).
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_I_COMPLETE_NEEDED</term>
|
||||
/// <term>The client must finish building the message and then call the CompleteAuthToken function.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_I_CONTINUE_NEEDED</term>
|
||||
/// <term>
|
||||
/// The client must send the output token to the server and wait for a return token. The returned token is then passed in another
|
||||
/// call to InitializeSecurityContext (General). The output token can be empty.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_I_INCOMPLETE_CREDENTIALS</term>
|
||||
/// <term>
|
||||
/// Use with Schannel. The server has requested client authentication, and the supplied credentials either do not include a
|
||||
/// certificate or the certificate was not issued by a certification authority that is trusted by the server. For more information,
|
||||
/// see Remarks.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_INCOMPLETE_MESSAGE</term>
|
||||
/// <term>
|
||||
/// Use with Schannel. Data for the whole message was not read from the wire. When this value is returned, the pInput buffer contains
|
||||
/// a SecBuffer structure with a BufferType member of SECBUFFER_MISSING. The cbBuffer member of SecBuffer contains a value that
|
||||
/// indicates the number of additional bytes that the function must read from the client before this function succeeds. While this
|
||||
/// number is not always accurate, using it can help improve performance by avoiding multiple calls to this function.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_OK</term>
|
||||
/// <term>
|
||||
/// The security context was successfully initialized. There is no need for another InitializeSecurityContext (General) call. If the
|
||||
/// function returns an output token, that is, if the SECBUFFER_TOKEN in pOutput is of nonzero length, that token must be sent to the server.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// </list>
|
||||
/// <para>If the function fails, the function returns one of the following error codes.</para>
|
||||
/// <list type="table">
|
||||
/// <listheader>
|
||||
/// <term>Return code</term>
|
||||
/// <term>Description</term>
|
||||
/// </listheader>
|
||||
/// <item>
|
||||
/// <term>SEC_E_INSUFFICIENT_MEMORY</term>
|
||||
/// <term>There is not enough memory available to complete the requested action.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_INTERNAL_ERROR</term>
|
||||
/// <term>An error occurred that did not map to an SSPI error code.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_INVALID_HANDLE</term>
|
||||
/// <term>The handle passed to the function is not valid.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_INVALID_TOKEN</term>
|
||||
/// <term>
|
||||
/// The error is due to a malformed input token, such as a token corrupted in transit, a token of incorrect size, or a token passed
|
||||
/// into the wrong security package. Passing a token to the wrong package can happen if the client and server did not negotiate the
|
||||
/// proper security package.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_LOGON_DENIED</term>
|
||||
/// <term>The logon failed.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_NO_AUTHENTICATING_AUTHORITY</term>
|
||||
/// <term>
|
||||
/// No authority could be contacted for authentication. The domain name of the authenticating party could be wrong, the domain could
|
||||
/// be unreachable, or there might have been a trust relationship failure.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_NO_CREDENTIALS</term>
|
||||
/// <term>No credentials are available in the security package.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_TARGET_UNKNOWN</term>
|
||||
/// <term>The target was not recognized.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_UNSUPPORTED_FUNCTION</term>
|
||||
/// <term>
|
||||
/// A context attribute flag that is not valid (ISC_REQ_DELEGATE or ISC_REQ_PROMPT_FOR_CREDS) was specified in the fContextReq parameter.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>SEC_E_WRONG_PRINCIPAL</term>
|
||||
/// <term>
|
||||
/// The principal that received the authentication request is not the same as the one passed into the pszTargetName parameter. This
|
||||
/// indicates a failure in mutual authentication.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// </list>
|
||||
/// </returns>
|
||||
/// <exception cref="System.ArgumentNullException">phContext</exception>
|
||||
/// <remarks>
|
||||
/// <para>
|
||||
/// The caller is responsible for determining whether the final context attributes are sufficient. If, for example, confidentiality
|
||||
/// was requested, but could not be established, some applications may choose to shut down the connection immediately.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// If attributes of the security context are not sufficient, the client must free the partially created context by calling the
|
||||
/// DeleteSecurityContext function.
|
||||
/// </para>
|
||||
/// <para>The <c>InitializeSecurityContext (General)</c> function is used by a client to initialize an outbound context.</para>
|
||||
/// <para>For a two-leg security context, the calling sequence is as follows:</para>
|
||||
/// <list type="number">
|
||||
/// <item>
|
||||
/// <term>The client calls the function with phContext set to <c>NULL</c> and fills in the buffer descriptor with the input message.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>
|
||||
/// The security package examines the parameters and constructs an opaque token, placing it in the TOKEN element in the buffer array.
|
||||
/// If the fContextReq parameter includes the ISC_REQ_ALLOCATE_MEMORY flag, the security package allocates the memory and returns the
|
||||
/// pointer in the TOKEN element.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>
|
||||
/// The client sends the token returned in the pOutput buffer to the target server. The server then passes the token as an input
|
||||
/// argument in a call to the AcceptSecurityContext (General) function.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>
|
||||
/// AcceptSecurityContext (General) may return a token, which the server sends to the client for a second call to
|
||||
/// <c>InitializeSecurityContext (General)</c> if the first call returned SEC_I_CONTINUE_NEEDED.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// </list>
|
||||
/// <para>For multiple-leg security contexts, such as mutual authentication, the calling sequence is as follows:</para>
|
||||
/// <list type="number">
|
||||
/// <item>
|
||||
/// <term>The client calls the function as described earlier, but the package returns the SEC_I_CONTINUE_NEEDED success code.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>The client sends the output token to the server and waits for the server's reply.</term>
|
||||
/// </item>
|
||||
/// <item>
|
||||
/// <term>
|
||||
/// Upon receipt of the server's response, the client calls <c>InitializeSecurityContext (General)</c> again, with phContext set to
|
||||
/// the handle that was returned from the last call. The token received from the server is supplied in the pInput parameter.
|
||||
/// </term>
|
||||
/// </item>
|
||||
/// </list>
|
||||
/// <para>If the server has successfully responded, the security package returns SEC_E_OK and a secure session is established.</para>
|
||||
/// <para>If the function returns one of the error responses, the server's response is not accepted, and the session is not established.</para>
|
||||
/// <para>
|
||||
/// If the function returns SEC_I_CONTINUE_NEEDED, SEC_I_COMPLETE_NEEDED, or SEC_I_COMPLETE_AND_CONTINUE, steps 2 and 3 are repeated.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// To initialize a security context, more than one call to this function may be required, depending on the underlying authentication
|
||||
/// mechanism as well as the choices specified in the fContextReq parameter.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// The fContextReq and pfContextAttributes parameters are bitmasks that represent various context attributes. For a description of
|
||||
/// the various attributes, see Context Requirements. The pfContextAttributes parameter is valid on any successful return, but only
|
||||
/// on the final successful return should you examine the flags that pertain to security aspects of the context. Intermediate returns
|
||||
/// can set, for example, the ISC_RET_ALLOCATED_MEMORY flag.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// If the ISC_REQ_USE_SUPPLIED_CREDS flag is set, the security package must look for a SECBUFFER_PKG_PARAMS buffer type in the
|
||||
/// pInput input buffer. This is not a generic solution, but it allows for a strong pairing of security package and application when appropriate.
|
||||
/// </para>
|
||||
/// <para>If ISC_REQ_ALLOCATE_MEMORY was specified, the caller must free the memory by calling the FreeContextBuffer function.</para>
|
||||
/// <para>
|
||||
/// For example, the input token could be the challenge from a LAN Manager. In this case, the output token would be the
|
||||
/// NTLM-encrypted response to the challenge.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// The action the client takes depends on the return code from this function. If the return code is SEC_E_OK, there will be no
|
||||
/// second <c>InitializeSecurityContext (General)</c> call, and no response from the server is expected. If the return code is
|
||||
/// SEC_I_CONTINUE_NEEDED, the client expects a token in response from the server and passes it in a second call to
|
||||
/// <c>InitializeSecurityContext (General)</c>. The SEC_I_COMPLETE_NEEDED return code indicates that the client must finish building
|
||||
/// the message and call the CompleteAuthToken function. The SEC_I_COMPLETE_AND_CONTINUE code incorporates both of these actions.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// If <c>InitializeSecurityContext (General)</c> returns success on the first (or only) call, then the caller must eventually call
|
||||
/// the DeleteSecurityContext function on the returned handle, even if the call fails on a later leg of the authentication exchange.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// The client may call <c>InitializeSecurityContext (General)</c> again after it has completed successfully. This indicates to the
|
||||
/// security package that a reauthentication is wanted.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// Kernel mode callers have the following differences: the target name is a Unicode string that must be allocated in virtual memory
|
||||
/// by using VirtualAlloc; it must not be allocated from the pool. Buffers passed and supplied in pInput and pOutput must be in
|
||||
/// virtual memory, not in the pool.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// When using the Schannel SSP, if the function returns SEC_I_INCOMPLETE_CREDENTIALS, check that you specified a valid and trusted
|
||||
/// certificate in your credentials. The certificate is specified when calling the AcquireCredentialsHandle (General) function. The
|
||||
/// certificate must be a client authentication certificate issued by a certification authority (CA) trusted by the server. To obtain
|
||||
/// a list of the CAs trusted by the server, call the QueryContextAttributes (General) function and specify the
|
||||
/// SECPKG_ATTR_ISSUER_LIST_EX attribute.
|
||||
/// </para>
|
||||
/// <para>
|
||||
/// When using the Schannel SSP, after a client application receives an authentication certificate from a CA that is trusted by the
|
||||
/// server, the application creates a new credential by calling the AcquireCredentialsHandle (General) function and then calling
|
||||
/// <c>InitializeSecurityContext (General)</c> again, specifying the new credential in the phCredential parameter.
|
||||
/// </para>
|
||||
/// </remarks>
|
||||
public static HRESULT InitializeSecurityContext(in CredHandle phCredential, [In, Out] SafeCtxtHandle phContext, string pszTargetName, ASC_REQ fContextReq, DREP TargetDataRep,
|
||||
SecBufferDesc? pInput, [In, Out] SafeSecBufferDesc pOutput, out ASC_RET pfContextAttr, out TimeStamp ptsExpiry)
|
||||
{
|
||||
|
|
|
@ -57,12 +57,16 @@ namespace Vanara.PInvoke
|
|||
/// <summary>The CREDSPP_SUBMIT_TYPE enumeration value that specifies the type of credentials contained in this structure.</summary>
|
||||
public CREDSSP_SUBMIT_TYPE Type;
|
||||
|
||||
/// <summary/>
|
||||
public uint Version;
|
||||
|
||||
/// <summary/>
|
||||
public uint Flags;
|
||||
|
||||
/// <summary/>
|
||||
public uint Reserved;
|
||||
|
||||
/// <summary/>
|
||||
public CREDSSP_CRED Cred;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue