sean-m
/
Vanara
mirror of https://github.com/dahall/Vanara.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Added and fixed XML documentation

pull/119/head
dahall 2020-03-13 15:43:39 -06:00
parent 9143f753a2
commit 7ebcd7f00c
17 changed files with 1115 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
PInvoke/Security/AdvApi32/Evntrace.cs
View File

@ -27,6 +27,7 @@ namespace Vanara.PInvoke
/// <summary>Specifies the default event tracing security</summary>
public static readonly Guid DefaultTraceSecurityGuid = new Guid("0811c1af-7a07-4a06-82ed-869455cdf713");
/// <summary/>
public static readonly Guid Dummy = new Guid("3595ab5c-042a-4c8e-b942-2d059bfeb1b1");
/// <summary>Used to report system configuration records</summary>
@ -1089,13 +1090,17 @@ namespace Vanara.PInvoke
/// <summary>Include a time stamp in the message.</summary>
TRACE_MESSAGE_TIMESTAMP = 8,
/// <summary/>
TRACE_MESSAGE_PERFORMANCE_TIMESTAMP = 16,
/// <summary>Include the thread identifier and process identifier in the message.</summary>
TRACE_MESSAGE_SYSTEMINFO = 32,
/// <summary/>
TRACE_MESSAGE_POINTER32 = 0x0040,
/// <summary/>
TRACE_MESSAGE_POINTER64 = 0x0080,
/// <summary/>
TRACE_MESSAGE_FLAG_MASK = 0xFFFF,
}
@ -1183,6 +1188,7 @@ namespace Vanara.PInvoke
// - TraceSetInformation Sets a list of provider GUIDs that should not be enabled via Provider Groups on the specified logging session.
//
// Input Format: An array of GUIDs.
/// <summary/>
[CorrespondingType(typeof(Guid[]), CorrespondingAction.Set)]
TraceSetDisallowList = 10,
@ -1198,6 +1204,7 @@ namespace Vanara.PInvoke
// - EnumerateTraceGuidsEx. Returns a list of Group GUIDs that are currently known to the kernel.
//
// Input Format: None. Output Format: An array of GUIDs.
/// <summary/>
[CorrespondingType(typeof(Guid[]), CorrespondingAction.Get)]
TraceGroupQueryList,
@ -1211,6 +1218,7 @@ namespace Vanara.PInvoke
//
// PseudoStructure - struct TRACE_GROUP_INFO { ULONG TraceEnableInfoSize; TRACE_ENABLE_INFO
// TraceEnableInfos[TraceEnableInfoSize]; ULONG GuidArraySize; GUID UniqueProviders[GuidArraySize]; }
/// <summary/>
[CorrespondingType(typeof(IntPtr), CorrespondingAction.Get)]
TraceGroupQueryInfo,
@ -1219,9 +1227,11 @@ namespace Vanara.PInvoke
// logging session.
//
// Output Format: An array of GUIDs.
/// <summary/>
[CorrespondingType(typeof(Guid[]), CorrespondingAction.Get)]
TraceDisallowListQuery,
/// <summary/>
TraceInfoReserved15,
// TracePeriodicCaptureStateListInfo:
@ -1229,6 +1239,7 @@ namespace Vanara.PInvoke
// specified logging session. If a NULL input buffer is specified, then the current periodic capture state settings are cleared.
//
// Input Format: TRACE_PERIODIC_CAPTURE_STATE_INFO followed by an array of ProviderCount Provider GUIDs. Or a NULL Buffer.
/// <summary/>
[CorrespondingType(typeof(TRACE_PERIODIC_CAPTURE_STATE_INFO), CorrespondingAction.Set)]
TracePeriodicCaptureStateListInfo,
@ -1237,6 +1248,7 @@ namespace Vanara.PInvoke
// and the maximum number of providers that can be enabled for periodic capture state.
//
// Output Format: TRACE_PERIODIC_CAPTURE_STATE_INFO
/// <summary/>
[CorrespondingType(typeof(TRACE_PERIODIC_CAPTURE_STATE_INFO), CorrespondingAction.Get)]
TracePeriodicCaptureStateInfo,
@ -1254,6 +1266,7 @@ namespace Vanara.PInvoke
// The binary tracking events will come from the EventTraceGuid provider, with an opcode of WMI_LOG_TYPE_BINARY_PATH.
//
// Input Format: BOOLEAN (The 1-byte type, rather than the 4-byte BOOL.) True to turn tracking on. False to turn tracking off.
/// <summary/>
[CorrespondingType(typeof(byte), CorrespondingAction.Set)]
TraceProviderBinaryTracking,
@ -1272,6 +1285,7 @@ namespace Vanara.PInvoke
// - TraceSetInformation Sets a bitfield of configuration options for Last Branch Record tracing.
//
// Input Format: ULONG
/// <summary/>
[CorrespondingType(typeof(uint), CorrespondingAction.Set)]
TraceLbrConfigurationInfo,
@ -1279,6 +1293,7 @@ namespace Vanara.PInvoke
// - TraceSetInformation Provides a list of kernel events to collect Last Branch Records on. The events are specified by their HookIds.
//
// Input Format: An array of ULONGs
/// <summary/>
[CorrespondingType(typeof(uint[]), CorrespondingAction.Set)]
TraceLbrEventListInfo,
@ -1286,6 +1301,7 @@ namespace Vanara.PInvoke
// - TraceQueryInformation Queries the maximum number of PMC counters supported on this platform
//
// Output Format: ULONG
/// <summary/>
[CorrespondingType(typeof(uint), CorrespondingAction.Get)]
TraceMaxPmcCounterQuery,
}
@ -1347,9 +1363,13 @@ namespace Vanara.PInvoke
[PInvokeData("wmistr.h")]
public enum WMIDPREQUESTCODE
{
/// <summary/>
WMI_GET_ALL_DATA = 0,
/// <summary/>
WMI_GET_SINGLE_INSTANCE = 1,
/// <summary/>
WMI_SET_SINGLE_INSTANCE = 2,
/// <summary/>
WMI_SET_SINGLE_ITEM = 3,
/// <summary>Enables the provider.</summary>
@ -1358,38 +1378,67 @@ namespace Vanara.PInvoke
/// <summary>Disables the provider.</summary>
WMI_DISABLE_EVENTS = 5,
/// <summary/>
WMI_ENABLE_COLLECTION = 6,
/// <summary/>
WMI_DISABLE_COLLECTION = 7,
/// <summary/>
WMI_REGINFO = 8,
/// <summary/>
WMI_EXECUTE_METHOD = 9,
/// <summary/>
WMI_CAPTURE_STATE = 10
}
/// <summary/>
[Flags]
public enum WNODE_FLAG : uint
{
/// <summary/>
WNODE_FLAG_ALL_DATA = 0x00000001,
/// <summary/>
WNODE_FLAG_SINGLE_INSTANCE = 0x00000002,
/// <summary/>
WNODE_FLAG_SINGLE_ITEM = 0x00000004,
/// <summary/>
WNODE_FLAG_EVENT_ITEM = 0x00000008,
/// <summary/>
WNODE_FLAG_FIXED_INSTANCE_SIZE = 0x00000010,
/// <summary/>
WNODE_FLAG_TOO_SMALL = 0x00000020,
/// <summary/>
WNODE_FLAG_INSTANCES_SAME = 0x00000040,
/// <summary/>
WNODE_FLAG_STATIC_INSTANCE_NAMES = 0x00000080,
/// <summary/>
WNODE_FLAG_INTERNAL = 0x00000100,
/// <summary/>
WNODE_FLAG_USE_TIMESTAMP = 0x00000200,
/// <summary/>
WNODE_FLAG_PERSIST_EVENT = 0x00000400,
/// <summary/>
WNODE_FLAG_EVENT_REFERENCE = 0x00002000,
/// <summary/>
WNODE_FLAG_ANSI_INSTANCENAMES = 0x00004000,
/// <summary/>
WNODE_FLAG_METHOD_ITEM = 0x00008000,
/// <summary/>
WNODE_FLAG_PDO_INSTANCE_NAMES = 0x00010000,
/// <summary/>
WNODE_FLAG_TRACED_GUID = 0x00020000,
/// <summary/>
WNODE_FLAG_LOG_WNODE = 0x00040000,
/// <summary/>
WNODE_FLAG_USE_GUID_PTR = 0x00080000,
/// <summary/>
WNODE_FLAG_USE_MOF_PTR = 0x00100000,
/// <summary/>
WNODE_FLAG_NO_HEADER = 0x00200000,
/// <summary/>
WNODE_FLAG_SEND_DATA_BLOCK = 0x00400000,
/// <summary/>
WNODE_FLAG_VERSIONED_PROPERTIES = 0x00800000,
/// <summary/>
WNODE_FLAG_SEVERITY_MASK = 0xff000000,
}
@ -6093,6 +6142,7 @@ namespace Vanara.PInvoke
[FieldOffset(20)]
public uint Tags;
/// <summary/>
[StructLayout(LayoutKind.Sequential)]
public struct NONSTRUCTTYPE
{
@ -6119,6 +6169,7 @@ namespace Vanara.PInvoke
public uint MapNameOffset;
}
/// <summary/>
[StructLayout(LayoutKind.Sequential)]
public struct STRUCTTYPE
{
@ -6132,6 +6183,7 @@ namespace Vanara.PInvoke
public uint padding;
}
/// <summary/>
[StructLayout(LayoutKind.Sequential)]
public struct CUSTOMSCHEMATYPE
{
@ -6363,6 +6415,7 @@ namespace Vanara.PInvoke
[FieldOffset(40)]
public ulong ProcessorTime;
/// <summary/>
[StructLayout(LayoutKind.Sequential)]
public struct CLASS
{
@ -6535,6 +6588,7 @@ namespace Vanara.PInvoke
/// </summary>
public IntPtr Context;
/// <summary/>
[StructLayout(LayoutKind.Explicit, CharSet = CharSet.Auto)]
public struct CALLBACK_UNION
{
@ -6597,7 +6651,9 @@ namespace Vanara.PInvoke
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct EVENT_TRACE_PROPERTIES
{
/// <summary/>
public const int MaxLoggerNameLength = 1024;
/// <summary/>
public const int MaxLogFileNameLength = 1024;
private static readonly uint SizeOf = (uint)Marshal.SizeOf(typeof(EVENT_TRACE_PROPERTIES));
@ -6814,7 +6870,7 @@ namespace Vanara.PInvoke
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = MaxLogFileNameLength)]
public string LogFileName;
// Reserve buffer space so the ETW system can fill this with the logger name
/// <summary>Reserve buffer space so the ETW system can fill this with the logger name</summary>
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = MaxLoggerNameLength)]
public string LoggerName;
@ -7422,13 +7478,20 @@ namespace Vanara.PInvoke
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct PROFILE_SOURCE_INFO
{
/// <summary/>
public uint NextEntryOffset;
/// <summary/>
public uint Source;
/// <summary/>
public uint MinInterval;
/// <summary/>
public uint MaxInterval;
/// <summary/>
public ulong Reserved;
/// <summary/>
public ushort _Description;
/// <summary/>
public string Description
{
get
@ -8126,7 +8189,9 @@ namespace Vanara.PInvoke
[StructLayout(LayoutKind.Sequential)]
public struct TRACE_PROFILE_INTERVAL
{
/// <summary/>
public uint Source;
/// <summary/>
public uint Interval;
}
@ -8389,15 +8454,19 @@ namespace Vanara.PInvoke
public WNODE_FLAG Flags;
}
/// <summary/>
[StructLayout(LayoutKind.Sequential)]
public abstract class PEVENT_INSTANCE_HEADER
{
/// <summary/>
public EVENT_INSTANCE_HEADER Header;
}
/// <summary/>
[StructLayout(LayoutKind.Sequential)]
public abstract class PEVENT_TRACE_HEADER
{
/// <summary/>
public EVENT_TRACE_HEADER Header;
}

16
PInvoke/Security/AdvApi32/NTSecApi.Lsa.cs
View File

@ -18,13 +18,29 @@ namespace Vanara.PInvoke
[Flags]
public enum CollisionFlags
{
/// <summary>The top-level name trust record is disabled during initial creation.</summary>
LSA_TLN_DISABLED_NEW = 0x00000001,
/// <summary>The top-level name trust record is disabled by the domain administrator.</summary>
LSA_TLN_DISABLED_ADMIN = 0x00000002,
/// <summary>The top-level name trust record is disabled due to a conflict.</summary>
LSA_TLN_DISABLED_CONFLICT = 0x00000004,
/// <summary>The domain information trust record is disabled by the domain administrator.</summary>
LSA_SID_DISABLED_ADMIN = 0x00000001,
/// <summary>The domain information trust record is disabled due to a conflict.</summary>
LSA_SID_DISABLED_CONFLICT = 0x00000002,
/// <summary>The domain information trust record is disabled by the domain administrator.</summary>
LSA_NB_DISABLED_ADMIN = 0x00000004,
/// <summary>The domain information trust record is disabled due to a conflict.</summary>
LSA_NB_DISABLED_CONFLICT = 0x00000008,
/// <summary>The domain information trust record is disabled.</summary>
LSA_FTRECORD_DISABLED_REASONS = 0x0000FFFF,
}
/// <summary>

8
PInvoke/Security/AdvApi32/NTSecApi.cs
View File

@ -199,13 +199,21 @@ namespace Vanara.PInvoke
[PInvokeData("ntsecapi.h")]
public enum POLICY_QOS : uint
{
/// <summary/>
POLICY_QOS_SCHANNEL_REQUIRED = 0x00000001,
/// <summary/>
POLICY_QOS_OUTBOUND_INTEGRITY = 0x00000002,
/// <summary/>
POLICY_QOS_OUTBOUND_CONFIDENTIALITY = 0x00000004,
/// <summary/>
POLICY_QOS_INBOUND_INTEGRITY = 0x00000008,
/// <summary/>
POLICY_QOS_INBOUND_CONFIDENTIALITY = 0x00000010,
/// <summary/>
POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE = 0x00000020,
/// <summary/>
POLICY_QOS_RAS_SERVER_ALLOWED = 0x00000040,
/// <summary/>
POLICY_QOS_DHCP_SERVER_ALLOWED = 0x00000080,
}

1
PInvoke/Security/AdvApi32/PerfLib.cs
View File

@ -7,6 +7,7 @@ namespace Vanara.PInvoke
{
public static partial class AdvApi32
{
/// <summary/>
public const uint PERF_WILDCARD_COUNTER = uint.MaxValue;
/// <summary>

7
PInvoke/Security/AdvApi32/SecurityBaseApi.cs
View File

@ -6094,7 +6094,10 @@ namespace Vanara.PInvoke
return sz;
}
/// <summary>Provides a <see cref="SafeHandle"/> to a that releases a created HTOKEN instance at disposal using CloseHandle.</summary>
/// <summary>
/// Provides a <see cref="SafeHandle" /> to a that releases a created HTOKEN instance at disposal using CloseHandle.
/// </summary>
/// <seealso cref="Vanara.PInvoke.Kernel32.SafeKernelHandle" />
public class SafeHTOKEN : SafeKernelHandle
{
/// <summary>
@ -6216,6 +6219,8 @@ namespace Vanara.PInvoke
public static implicit operator HTOKEN(SafeHTOKEN h) => h.handle;
#if NETSTANDARD2_0 || NETCOREAPP2_0 || NETCOREAPP2_1
/// <summary>Conversion operator from SafeHTOKEN to SafeAccessTokenHandle.</summary>
/// <param name="h">The handle.</param>
public static explicit operator Microsoft.Win32.SafeHandles.SafeAccessTokenHandle(SafeHTOKEN h)
{
var dup = h.DuplicatePrimary();

1
PInvoke/Security/AdvApi32/WinBase.EventLog.cs
View File

@ -5,6 +5,7 @@ namespace Vanara.PInvoke
{
public static partial class AdvApi32
{
/// <summary/>
public const uint ELF_LOG_SIGNATURE = 0x654c664c;
/// <summary>Saves the specified event log to a backup file. The function does not clear the event log.</summary>

7
PInvoke/Security/AdvApi32/WinBase.cs
View File

@ -18,8 +18,10 @@ namespace Vanara.PInvoke
/// <summary>Computer name length</summary>
public const int CNLEN = 15;
/// <summary/>
public const int CRYPT_KEY_LEN = 7;
/// <summary/>
public const int CRYPT_TXT_LEN = 8;
/// <summary>Device name length</summary>
@ -28,6 +30,7 @@ namespace Vanara.PInvoke
/// <summary>Maximum domain name length</summary>
public const int DNLEN = CNLEN;
/// <summary/>
public const int ENCRYPTED_PWLEN = 16;
/// <summary>Event name length</summary>
@ -78,6 +81,7 @@ namespace Vanara.PInvoke
/// <summary>LM 2.0 Maximum user name length</summary>
public const int LM20_UNLEN = 20;
/// <summary/>
public const uint MAX_PREFERRED_LENGTH = uint.MaxValue;
/// <summary>Multipurpose comment length</summary>
@ -89,6 +93,7 @@ namespace Vanara.PInvoke
/// <summary>Net name length (share name)</summary>
public const int NNLEN = 80;
/// <summary/>
public const uint OPERATION_API_VERSION = 1;
/// <summary>Max. path (not including drive name)</summary>
@ -103,8 +108,10 @@ namespace Vanara.PInvoke
/// <summary>Max remote name length</summary>
public const int RMLEN = (UNCLEN + 1 + NNLEN);
/// <summary/>
public const int SESSION_CRYPT_KLEN = 21;
/// <summary/>
public const int SESSION_PWLEN = 24;
/// <summary>Share password length (bytes)</summary>

20
PInvoke/Security/AdvApi32/WinCred.cs
View File

@ -55,6 +55,7 @@ namespace Vanara.PInvoke
[Flags]
public enum CRED_FLAGS
{
/// <summary/>
CRED_FLAGS_PASSWORD_FOR_CERT = 0x1,
/// <summary>
@ -81,12 +82,19 @@ namespace Vanara.PInvoke
/// </summary>
CRED_FLAGS_USERNAME_TARGET = 0x4,
/// <summary/>
CRED_FLAGS_OWF_CRED_BLOB = 0x0008,
/// <summary/>
CRED_FLAGS_REQUIRE_CONFIRMATION = 0x0010,
/// <summary/>
CRED_FLAGS_WILDCARD_MATCH = 0x0020,
/// <summary/>
CRED_FLAGS_VSM_PROTECTED = 0x0040,
/// <summary/>
CRED_FLAGS_NGC_CERT = 0x0080,
/// <summary/>
CRED_FLAGS_VALID_FLAGS = 0xF0FF,
/// <summary/>
CRED_FLAGS_VALID_INPUT_FLAGS = 0xF09F,
}
@ -1877,12 +1885,24 @@ namespace Vanara.PInvoke
/// <param name="own">if set to <c>true</c> release the memory when out of scope.</param>
public SafeCredMemoryHandle(IntPtr ptr, bool own = true) : base(ptr, h => { CredFree(h); return true; }, own) { }
/// <summary>Performs an implicit conversion from <see cref="SafeCredMemoryHandle"/> to <see cref="CREDENTIAL"/>.</summary>
/// <param name="h">The handle.</param>
/// <returns>The resulting <see cref="CREDENTIAL"/> instance from the conversion.</returns>
public static implicit operator CREDENTIAL(SafeCredMemoryHandle h) => h.ToStructure<CREDENTIAL>();
/// <summary>Performs an implicit conversion from <see cref="SafeCredMemoryHandle"/> to <see cref="CREDENTIAL_MGD"/>.</summary>
/// <param name="h">The handle.</param>
/// <returns>The resulting <see cref="CREDENTIAL_MGD"/> instance from the conversion.</returns>
public static implicit operator CREDENTIAL_MGD(SafeCredMemoryHandle h) => new CREDENTIAL_MGD(h.ToStructure<CREDENTIAL>());
/// <summary>Performs an implicit conversion from <see cref="SafeCredMemoryHandle"/> to <see cref="CREDENTIAL_TARGET_INFORMATION"/>.</summary>
/// <param name="h">The handle.</param>
/// <returns>The resulting <see cref="CREDENTIAL_TARGET_INFORMATION"/> instance from the conversion.</returns>
public static implicit operator CREDENTIAL_TARGET_INFORMATION(SafeCredMemoryHandle h) => h.ToStructure<CREDENTIAL_TARGET_INFORMATION>();
/// <summary>Performs an implicit conversion from <see cref="SafeCredMemoryHandle"/> to <see cref="System.String"/>.</summary>
/// <param name="h">The handle.</param>
/// <returns>The resulting <see cref="System.String"/> instance from the conversion.</returns>
public static implicit operator string(SafeCredMemoryHandle h) => Marshal.PtrToStringAuto(h.handle);
/// <summary>Marshals data to the type specified by a generic type parameter.</summary>

9
PInvoke/Security/AdvApi32/WinNT.cs
View File

@ -12,10 +12,15 @@ namespace Vanara.PInvoke
{
public static partial class AdvApi32
{
/// <summary/>
public const uint SECURITY_DESCRIPTOR_REVISION = 1;
/// <summary/>
public const uint SECURITY_DESCRIPTOR_REVISION1 = 1;
/// <summary/>
public const int SID_MAX_SUB_AUTHORITIES = 15;
/// <summary/>
public const int SID_RECOMMENDED_SUB_AUTHORITIES = 1; // Will change to around 6
/// <summary/>
public const uint SID_REVISION = 1; // Current revision level
/// <summary>Indicates whether the ObjectTypeName and InheritedObjectTypeName members contain strings.</summary>
@ -2530,6 +2535,7 @@ namespace Vanara.PInvoke
/// <summary>An array of security attribute values of the type specified in the <c>ValueType</c> member.</summary>
public VALUESUNION Values;
/// <summary/>
[StructLayout(LayoutKind.Explicit)]
public struct VALUESUNION
{
@ -4167,10 +4173,13 @@ namespace Vanara.PInvoke
/// <summary>Known RIDs</summary>
public static class KnownSIDRelativeID
{
/// <summary/>
public const int SECURITY_APP_PACKAGE_BASE_RID = 0x00000002;
/// <summary/>
public const int SECURITY_CAPABILITY_APP_RID = 0x00000040;
/// <summary/>
public const int SECURITY_CAPABILITY_BASE_RID = 0x00000003;
/// <summary>The security creator group rid</summary>

67
PInvoke/Security/AdvApi32/WinSvc.cs
View File

@ -9,6 +9,7 @@ namespace Vanara.PInvoke
{
public static partial class AdvApi32
{
/// <summary/>
public const uint SERVICE_DYNAMIC_INFORMATION_LEVEL_START_REASON = 1;
/// <summary>
@ -520,6 +521,7 @@ namespace Vanara.PInvoke
/// <summary>Info levels for <see cref="QueryServiceStatusEx"/></summary>
public enum SC_STATUS_TYPE
{
/// <summary/>
[CorrespondingType(typeof(SERVICE_STATUS_PROCESS))]
SC_STATUS_PROCESS_INFO = 0
}
@ -648,62 +650,109 @@ namespace Vanara.PInvoke
SERVICE_STATE_ALL = 0x00000003,
}
/// <summary/>
[Flags]
public enum SERVICE_STOP_REASON : uint
{
// Stop reason flags. Update SERVICE_STOP_REASON_FLAG_MAX when new flags are added.
/// <summary/>
SERVICE_STOP_REASON_FLAG_MIN = 0x00000000,
/// <summary/>
SERVICE_STOP_REASON_FLAG_UNPLANNED = 0x10000000,
/// <summary/>
SERVICE_STOP_REASON_FLAG_CUSTOM = 0x20000000,
/// <summary/>
SERVICE_STOP_REASON_FLAG_PLANNED = 0x40000000,
/// <summary/>
SERVICE_STOP_REASON_FLAG_MAX = 0x80000000,
// Microsoft major reasons. Update SERVICE_STOP_REASON_MAJOR_MAX when new codes are added.
/// <summary/>
SERVICE_STOP_REASON_MAJOR_MIN = 0x00000000,
/// <summary/>
SERVICE_STOP_REASON_MAJOR_OTHER = 0x00010000,
/// <summary/>
SERVICE_STOP_REASON_MAJOR_HARDWARE = 0x00020000,
/// <summary/>
SERVICE_STOP_REASON_MAJOR_OPERATINGSYSTEM = 0x00030000,
/// <summary/>
SERVICE_STOP_REASON_MAJOR_SOFTWARE = 0x00040000,
/// <summary/>
SERVICE_STOP_REASON_MAJOR_APPLICATION = 0x00050000,
/// <summary/>
SERVICE_STOP_REASON_MAJOR_NONE = 0x00060000,
/// <summary/>
SERVICE_STOP_REASON_MAJOR_MAX = 0x00070000,
/// <summary/>
SERVICE_STOP_REASON_MAJOR_MIN_CUSTOM = 0x00400000,
/// <summary/>
SERVICE_STOP_REASON_MAJOR_MAX_CUSTOM = 0x00ff0000,
// Microsoft minor reasons. Update SERVICE_STOP_REASON_MINOR_MAX when new codes are added.
/// <summary/>
SERVICE_STOP_REASON_MINOR_MIN = 0x00000000,
/// <summary/>
SERVICE_STOP_REASON_MINOR_OTHER = 0x00000001,
/// <summary/>
SERVICE_STOP_REASON_MINOR_MAINTENANCE = 0x00000002,
/// <summary/>
SERVICE_STOP_REASON_MINOR_INSTALLATION = 0x00000003,
/// <summary/>
SERVICE_STOP_REASON_MINOR_UPGRADE = 0x00000004,
/// <summary/>
SERVICE_STOP_REASON_MINOR_RECONFIG = 0x00000005,
/// <summary/>
SERVICE_STOP_REASON_MINOR_HUNG = 0x00000006,
/// <summary/>
SERVICE_STOP_REASON_MINOR_UNSTABLE = 0x00000007,
/// <summary/>
SERVICE_STOP_REASON_MINOR_DISK = 0x00000008,
/// <summary/>
SERVICE_STOP_REASON_MINOR_NETWORKCARD = 0x00000009,
/// <summary/>
SERVICE_STOP_REASON_MINOR_ENVIRONMENT = 0x0000000a,
/// <summary/>
SERVICE_STOP_REASON_MINOR_HARDWARE_DRIVER = 0x0000000b,
/// <summary/>
SERVICE_STOP_REASON_MINOR_OTHERDRIVER = 0x0000000c,
/// <summary/>
SERVICE_STOP_REASON_MINOR_SERVICEPACK = 0x0000000d,
/// <summary/>
SERVICE_STOP_REASON_MINOR_SOFTWARE_UPDATE = 0x0000000e,
/// <summary/>
SERVICE_STOP_REASON_MINOR_SECURITYFIX = 0x0000000f,
/// <summary/>
SERVICE_STOP_REASON_MINOR_SECURITY = 0x00000010,
/// <summary/>
SERVICE_STOP_REASON_MINOR_NETWORK_CONNECTIVITY = 0x00000011,
/// <summary/>
SERVICE_STOP_REASON_MINOR_WMI = 0x00000012,
/// <summary/>
SERVICE_STOP_REASON_MINOR_SERVICEPACK_UNINSTALL = 0x00000013,
/// <summary/>
SERVICE_STOP_REASON_MINOR_SOFTWARE_UPDATE_UNINSTALL = 0x00000014,
/// <summary/>
SERVICE_STOP_REASON_MINOR_SECURITYFIX_UNINSTALL = 0x00000015,
/// <summary/>
SERVICE_STOP_REASON_MINOR_MMC = 0x00000016,
/// <summary/>
SERVICE_STOP_REASON_MINOR_NONE = 0x00000017,
/// <summary/>
SERVICE_STOP_REASON_MINOR_MEMOTYLIMIT = 0x00000018,
/// <summary/>
SERVICE_STOP_REASON_MINOR_MAX = 0x00000019,
/// <summary/>
SERVICE_STOP_REASON_MINOR_MIN_CUSTOM = 0x00000100,
/// <summary/>
SERVICE_STOP_REASON_MINOR_MAX_CUSTOM = 0x0000FFFF
}
/// <summary>Service control codes.</summary>
[PInvokeData("winsvc.h", MSDNShortId = "d268609b-d442-4d0f-9d49-ed23fee84961")]
[Flags]
public enum ServiceAcceptedControlCodes : uint
@ -788,6 +837,7 @@ namespace Vanara.PInvoke
SERVICE_ACCEPT_SYSTEMLOWRESOURCES = 0x00004000,
}
/// <summary>Service access rights.</summary>
[Flags]
public enum ServiceAccessRights : uint
{
@ -851,8 +901,11 @@ namespace Vanara.PInvoke
/// </summary>
WRITE_OWNER = ACCESS_MASK.WRITE_OWNER,
/// <summary/>
GENERIC_READ = ACCESS_MASK.STANDARD_RIGHTS_READ | SERVICE_QUERY_CONFIG | SERVICE_QUERY_STATUS | SERVICE_INTERROGATE | SERVICE_ENUMERATE_DEPENDENTS,
/// <summary/>
GENERIC_WRITE = ACCESS_MASK.STANDARD_RIGHTS_WRITE | SERVICE_CHANGE_CONFIG,
/// <summary/>
GENERIC_EXECUTE = ACCESS_MASK.STANDARD_RIGHTS_EXECUTE | SERVICE_START | SERVICE_STOP | SERVICE_PAUSE_CONTINUE | SERVICE_USER_DEFINED_CONTROL,
}
@ -1132,17 +1185,24 @@ namespace Vanara.PInvoke
/// <summary>Info levels for <see cref="ControlServiceEx"/></summary>
public enum ServiceInfoLevels : uint
{
/// <summary/>
[CorrespondingType(typeof(SERVICE_CONTROL_STATUS_REASON_PARAMS))]
SERVICE_CONTROL_STATUS_REASON_INFO = 1
}
/// <summary/>
[Flags]
public enum ServiceStartReason : uint
{
/// <summary/>
SERVICE_START_REASON_DEMAND = 1 << 0,
/// <summary/>
SERVICE_START_REASON_AUTO = 1 << 1,
/// <summary/>
SERVICE_START_REASON_TRIGGER = 1 << 2,
/// <summary/>
SERVICE_START_REASON_RESTART_ON_FAILURE = 1 << 3,
/// <summary/>
SERVICE_START_REASON_DELAYEDAUTO = 1 << 4,
}
@ -4961,6 +5021,7 @@ namespace Vanara.PInvoke
/// </summary>
public string lpDisplayName;
/// <summary/>
public IEnumerable<string> Dependencies => lpDependencies.ToStringEnum();
}
@ -5460,6 +5521,7 @@ namespace Vanara.PInvoke
/// </summary>
public IntPtr lpsaActions;
/// <summary/>
public SC_ACTION[] Actions => lpsaActions.ToArray<SC_ACTION>((int)cActions);
}
@ -5753,9 +5815,11 @@ namespace Vanara.PInvoke
public uint dwServiceSidType;
}
/// <summary/>
[StructLayout(LayoutKind.Sequential)]
public readonly struct SERVICE_START_REASON
{
/// <summary/>
public readonly ServiceStartReason dwReason;
}
@ -6599,8 +6663,10 @@ namespace Vanara.PInvoke
/// </summary>
public IntPtr pDataItems;
/// <summary/>
public Guid TriggerSubType => pTriggerSubtype.ToStructure<Guid>();
/// <summary/>
public SERVICE_TRIGGER_SPECIFIC_DATA_ITEM[] DataItems => pDataItems.ToArray<SERVICE_TRIGGER_SPECIFIC_DATA_ITEM>((int)cDataItems);
}
@ -6637,6 +6703,7 @@ namespace Vanara.PInvoke
/// </summary>
public IntPtr pReserved;
/// <summary/>
public SERVICE_TRIGGER[] Triggers => pTriggers.ToArray<SERVICE_TRIGGER>((int)cTriggers);
}

25
PInvoke/Security/AdvApi32/wct.cs
View File

@ -7,6 +7,7 @@ namespace Vanara.PInvoke
{
public static partial class AdvApi32
{
/// <summary/>
public const uint WCT_MAX_NODE_COUNT = 16;
/// <summary>
@ -77,16 +78,27 @@ namespace Vanara.PInvoke
[PInvokeData("wct.h", MSDNShortId = "7a333924-79a3-4522-aa5a-4fc60690667d")]
public enum WCT_OBJECT_STATUS
{
/// <summary/>
WctStatusNoAccess = 1,
/// <summary/>
WctStatusRunning,
/// <summary/>
WctStatusBlocked,
/// <summary/>
WctStatusPidOnly,
/// <summary/>
WctStatusPidOnlyRpcss,
/// <summary/>
WctStatusOwned,
/// <summary/>
WctStatusNotOwned,
/// <summary/>
WctStatusAbandoned,
/// <summary/>
WctStatusUnknown,
/// <summary/>
WctStatusError,
/// <summary/>
WctStatusMax
}
@ -94,18 +106,31 @@ namespace Vanara.PInvoke
[PInvokeData("wct.h", MSDNShortId = "7a333924-79a3-4522-aa5a-4fc60690667d")]
public enum WCT_OBJECT_TYPE
{
/// <summary/>
WctCriticalSectionType = 1,
/// <summary/>
WctSendMessageType,
/// <summary/>
WctMutexType,
/// <summary/>
WctAlpcType,
/// <summary/>
WctComType,
/// <summary/>
WctThreadWaitType,
/// <summary/>
WctProcessWaitType,
/// <summary/>
WctThreadType,
/// <summary/>
WctComActivationType,
/// <summary/>
WctUnknownType,
/// <summary/>
WctSocketIoType,
/// <summary/>
WctSmbIoType,
/// <summary/>
WctMaxType
}

17
PInvoke/Security/Authz/AdtGen.cs
View File

@ -69,42 +69,55 @@ namespace Vanara.PInvoke
[StructLayout(LayoutKind.Explicit, Size = 32, CharSet = CharSet.Unicode)]
public struct AUDIT_PARAM
{
/// <summary/>
[FieldOffset(0)]
public AUDIT_PARAM_TYPE Type;
/// <summary/>
[FieldOffset(4)]
public uint Length;
/// <summary/>
[FieldOffset(8)]
public uint Flags;
/// <summary/>
[FieldOffset(16)]
public IntPtr Data0;
/// <summary/>
[FieldOffset(16)]
public StrPtrUni String;
/// <summary/>
[FieldOffset(16)]
public IntPtr u;
/// <summary/>
[FieldOffset(16)]
public PSID psid;
/// <summary/>
[FieldOffset(16)]
public IntPtr pguid;
/// <summary/>
[FieldOffset(16)]
public int LogonId_LowPart;
/// <summary/>
[FieldOffset(16)]
public IntPtr pObjectTypes;
/// <summary/>
[FieldOffset(16)]
public IntPtr pIpAddress;
/// <summary/>
[FieldOffset(24)]
public IntPtr Data1;
/// <summary/>
[FieldOffset(24)]
public int LogonId_HighPart;
}
@ -114,12 +127,16 @@ namespace Vanara.PInvoke
[StructLayout(LayoutKind.Sequential)]
public struct AUDIT_PARAMS
{
/// <summary/>
public uint Length;
/// <summary/>
public uint Flags;
/// <summary/>
public ushort Count;
/// <summary/>
public IntPtr Parameters;
}
}

4
PInvoke/Security/Authz/Authz.cs
View File

@ -2719,6 +2719,7 @@ namespace Vanara.PInvoke
public AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET ObjectTypeNames;
}
/// <summary/>
public class SafeAUTHZ_SOURCE_SCHEMA_REGISTRATION : IDisposable
{
private List<SafeHGlobalHandle> mem = new List<SafeHGlobalHandle>(7);
@ -2830,6 +2831,7 @@ namespace Vanara.PInvoke
}
}
/// <inheritdoc/>
public void Dispose() { foreach (var m in mem) m.Dispose(); mem.Clear(); }
}
@ -3207,8 +3209,10 @@ namespace Vanara.PInvoke
// Pack it all behind a pointer
var retPtr = Marshal.AllocHGlobal((int)(sz1 + sz2));
#pragma warning disable CS0618 // Type or member is obsolete
var ms = new MarshalingStream(retPtr, (int)sz1);
var ms2 = new MarshalingStream(retPtr.Offset(sz1), (int)sz2);
#pragma warning restore CS0618 // Type or member is obsolete
var iV1s = new Internal_AUTHZ_SECURITY_ATTRIBUTE_V1[attrInfo.AttributeCount];
for (var i = 0; i < attrInfo.AttributeCount; i++)
{

9
PInvoke/Security/Schannel/Schannel.cs
View File

@ -6,15 +6,24 @@ using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME;
namespace Vanara.PInvoke
{
/// <summary>Functions, structures and constants for schannel.dll</summary>
public static partial class Schannel
{
/// <summary/>
public const uint CF_CERT_FROM_FILE = 2;
/// <summary/>
public const string DEFAULT_TLS_SSP_NAME = "Default TLS SSP";
/// <summary/>
public const string PCT1SP_NAME = "Microsoft PCT 1.0";
/// <summary/>
public const string SCHANNEL_NAME = "Schannel";
/// <summary/>
public const string SSL2SP_NAME = "Microsoft SSL 2.0";
/// <summary/>
public const string SSL3SP_NAME = "Microsoft SSL 3.0";
/// <summary/>
public const string TLS1SP_NAME = "Microsoft TLS 1.0";
/// <summary/>
public const string UNISP_NAME = "Microsoft Unified Security Protocol Provider";
private const int SECPKGCONTEXT_CONNECTION_INFO_EX_V1 = 1;

50
PInvoke/Security/Secur32/NTSecApi.cs
View File

@ -42,48 +42,88 @@ namespace Vanara.PInvoke
/// <summary>Digest Authentication for Windows.</summary>
[PInvokeData("wdigest.h")]
public const string WDIGEST_SP_NAME = "WDigest";
/// <summary>Kerberos encryption types.</summary>
[PInvokeData("Ntsecapi.h", MSDNShortId = "3b088c94-810b-44c7-887a-58e8dbd13603")]
public enum KERB_ETYPE
{
/// <summary/>
KERB_ETYPE_NULL = 0,
/// <summary/>
KERB_ETYPE_DES_CBC_CRC = 1,
/// <summary/>
KERB_ETYPE_DES_CBC_MD4 = 2,
/// <summary/>
KERB_ETYPE_DES_CBC_MD5 = 3,
/// <summary/>
KERB_ETYPE_AES128_CTS_HMAC_SHA1_96 = 17,
/// <summary/>
KERB_ETYPE_AES256_CTS_HMAC_SHA1_96 = 18,
/// <summary/>
KERB_ETYPE_RC4_MD4 = -128,
/// <summary/>
KERB_ETYPE_RC4_PLAIN2 = -129,
/// <summary/>
KERB_ETYPE_RC4_LM = -130,
/// <summary/>
KERB_ETYPE_RC4_SHA = -131,
/// <summary/>
KERB_ETYPE_DES_PLAIN = -132,
/// <summary/>
KERB_ETYPE_RC4_HMAC_OLD = -133,
/// <summary/>
KERB_ETYPE_RC4_PLAIN_OLD = -134,
/// <summary/>
KERB_ETYPE_RC4_HMAC_OLD_EXP = -135,
/// <summary/>
KERB_ETYPE_RC4_PLAIN_OLD_EXP = -136,
/// <summary/>
KERB_ETYPE_RC4_PLAIN = -140,
/// <summary/>
KERB_ETYPE_RC4_PLAIN_EXP = -141,
/// <summary/>
KERB_ETYPE_AES128_CTS_HMAC_SHA1_96_PLAIN = -148,
/// <summary/>
KERB_ETYPE_AES256_CTS_HMAC_SHA1_96_PLAIN = -149,
/// <summary/>
KERB_ETYPE_NTLM_HASH = -150,
/// <summary/>
KERB_ETYPE_DSA_SHA1_CMS = 9,
/// <summary/>
KERB_ETYPE_RSA_MD5_CMS = 10,
/// <summary/>
KERB_ETYPE_RSA_SHA1_CMS = 11,
/// <summary/>
KERB_ETYPE_RC2_CBC_ENV = 12,
/// <summary/>
KERB_ETYPE_RSA_ENV = 13,
/// <summary/>
KERB_ETYPE_RSA_ES_OEAP_ENV = 14,
/// <summary/>
KERB_ETYPE_DES_EDE3_CBC_ENV = 15,
/// <summary/>
KERB_ETYPE_DSA_SIGN = 8,
/// <summary/>
KERB_ETYPE_RSA_PRIV = 9,
/// <summary/>
KERB_ETYPE_RSA_PUB = 10,
/// <summary/>
KERB_ETYPE_RSA_PUB_MD5 = 11,
/// <summary/>
KERB_ETYPE_RSA_PUB_SHA1 = 12,
/// <summary/>
KERB_ETYPE_PKCS7_PUB = 13,
/// <summary/>
KERB_ETYPE_DES3_CBC_MD5 = 5,
/// <summary/>
KERB_ETYPE_DES3_CBC_SHA1 = 7,
/// <summary/>
KERB_ETYPE_DES3_CBC_SHA1_KD = 16,
/// <summary/>
KERB_ETYPE_DES_CBC_MD5_NT = 20,
/// <summary/>
KERB_ETYPE_RC4_HMAC_NT = 23,
/// <summary/>
KERB_ETYPE_RC4_HMAC_NT_EXP = 24
}
@ -215,6 +255,7 @@ namespace Vanara.PInvoke
/// <summary>This message is a request to refresh the smart card credentials.</summary>
KerbRefreshSmartcardCredentialsMessage,
/// <summary/>
KerbAddExtraCredentialsMessage,
/// <summary>This constant is reserved.</summary>
@ -226,6 +267,7 @@ namespace Vanara.PInvoke
/// </summary>
KerbTransferCredentialsMessage,
/// <summary/>
KerbQueryTicketCacheEx2Message,
/// <summary>
@ -234,6 +276,7 @@ namespace Vanara.PInvoke
/// </summary>
KerbSubmitTicketMessage,
/// <summary/>
KerbAddExtraCredentialsExMessage,
/// <summary>
@ -242,6 +285,7 @@ namespace Vanara.PInvoke
/// </summary>
KerbQueryKdcProxyCacheMessage,
/// <summary/>
KerbPurgeKdcProxyCacheMessage,
/// <summary>
@ -251,6 +295,7 @@ namespace Vanara.PInvoke
/// </summary>
KerbQueryTicketCacheEx3Message,
/// <summary/>
KerbCleanupMachinePkinitCredsMessage,
/// <summary>
@ -259,6 +304,7 @@ namespace Vanara.PInvoke
/// </summary>
KerbAddBindingCacheEntryExMessage,
/// <summary/>
KerbQueryBindingCacheMessage,
/// <summary>
@ -267,8 +313,11 @@ namespace Vanara.PInvoke
/// </summary>
KerbPurgeBindingCacheMessage,
/// <summary/>
KerbPinKdcMessage,
/// <summary/>
KerbUnpinAllKdcsMessage,
/// <summary/>
KerbQueryDomainExtendedPoliciesMessage,
/// <summary>
@ -351,6 +400,7 @@ namespace Vanara.PInvoke
KERB_TICKET_FLAGS_reserved1 = 0x00000001,
}
/// <summary>Kerberos name type.</summary>
[PInvokeData("ntsecapi.h", MSDNShortId = "8ed37546-6443-4010-a078-4359dd1c2861")]
public enum KRB_NT : short
{

801
PInvoke/Security/Secur32/Sspi.cs
View File

@ -47,6 +47,7 @@ namespace Vanara.PInvoke
/// <summary>A new session key must be negotiated. This value is supported only by the Kerberos security package.</summary>
ASC_REQ_USE_SESSION_KEY = 0x00000020,
/// <summary/>
ASC_REQ_SESSION_TICKET = 0x00000040,
/// <summary>
@ -55,13 +56,17 @@ namespace Vanara.PInvoke
/// </summary>
ASC_REQ_ALLOCATE_MEMORY = 0x00000100,
/// <summary/>
ASC_REQ_USE_DCE_STYLE = 0x00000200,
/// <summary/>
ASC_REQ_DATAGRAM = 0x00000400,
/// <summary>The security context will not handle formatting messages.</summary>
ASC_REQ_CONNECTION = 0x00000800,
/// <summary/>
ASC_REQ_CALL_LEVEL = 0x00001000,
/// <summary/>
ASC_REQ_FRAGMENT_SUPPLIED = 0x00002000,
/// <summary>When errors occur, the remote party will be notified.</summary>
@ -73,14 +78,23 @@ namespace Vanara.PInvoke
/// <summary>Sign messages and verify signatures by using the EncryptMessage and MakeSignature functions.</summary>
ASC_REQ_INTEGRITY = 0x00020000,
/// <summary/>
ASC_REQ_LICENSING = 0x00040000,
/// <summary/>
ASC_REQ_IDENTIFY = 0x00080000,
/// <summary/>
ASC_REQ_ALLOW_NULL_SESSION = 0x00100000,
/// <summary/>
ASC_REQ_ALLOW_NON_USER_LOGONS = 0x00200000,
/// <summary/>
ASC_REQ_ALLOW_CONTEXT_REPLAY = 0x00400000,
/// <summary/>
ASC_REQ_FRAGMENT_TO_FIT = 0x00800000,
/// <summary/>
ASC_REQ_NO_TOKEN = 0x01000000,
/// <summary/>
ASC_REQ_PROXY_BINDINGS = 0x04000000,
/// <summary/>
ASC_REQ_ALLOW_MISSING_BINDINGS = 0x10000000,
}
@ -323,6 +337,7 @@ namespace Vanara.PInvoke
SEC_WINNT_AUTH_IDENTITY_FLAGS_ID_PROVIDER = 0x80000,
}
/// <summary/>
[Flags]
public enum SecBufferType : uint
{
@ -3159,6 +3174,399 @@ namespace Vanara.PInvoke
public static extern HRESULT InitializeSecurityContext(in CredHandle phCredential, [In, Optional] IntPtr phContext, string pszTargetName, [In] ASC_REQ fContextReq, [Optional] int Reserved1, [In] DREP TargetDataRep,
[In, Optional] IntPtr pInput, [Optional] int Reserved2, ref CtxtHandle phNewContext, ref SecBufferDesc pOutput, out ASC_RET pfContextAttr, out TimeStamp ptsExpiry);
/// <summary>
/// <para>
/// The <c>InitializeSecurityContext (General)</c> function initiates the client side, outbound security context from a credential
/// handle. The function is used to build a security context between the client application and a remote peer.
/// <c>InitializeSecurityContext (General)</c> returns a token that the client must pass to the remote peer, which the peer in turn
/// submits to the local security implementation through the AcceptSecurityContext (General) call. The token generated should be
/// considered opaque by all callers.
/// </para>
/// <para>
/// Typically, the <c>InitializeSecurityContext (General)</c> function is called in a loop until a sufficient security context is established.
/// </para>
/// <para>For information about using this function with a specific security support provider (SSP), see the following topics.</para>
/// <list type="table">
/// <listheader>
/// <term>Topic</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>InitializeSecurityContext (CredSSP)</term>
/// <term>
/// Initiates the client side, outbound security context from a credential handle by using the Credential Security Support Provider (CredSSP).
/// </term>
/// </item>
/// <item>
/// <term>InitializeSecurityContext (Digest)</term>
/// <term>Initiates the client side, outbound security context from a credential handle by using the Digest security package.</term>
/// </item>
/// <item>
/// <term>InitializeSecurityContext (Kerberos)</term>
/// <term>Initiates the client side, outbound security context from a credential handle by using the Kerberos security package.</term>
/// </item>
/// <item>
/// <term>InitializeSecurityContext (Negotiate)</term>
/// <term>Initiates the client side, outbound security context from a credential handle by using the Negotiate security package.</term>
/// </item>
/// <item>
/// <term>InitializeSecurityContext (NTLM)</term>
/// <term>Initiates the client side, outbound security context from a credential handle by using the NTLM security package.</term>
/// </item>
/// <item>
/// <term>InitializeSecurityContext (Schannel)</term>
/// <term>Initiates the client side, outbound security context from a credential handle by using the Schannel security package.</term>
/// </item>
/// </list>
/// </summary>
/// <param name="phCredential">A handle to the credentials returned by AcquireCredentialsHandle (General). This handle is used to build the security context.
/// The <c>InitializeSecurityContext (General)</c> function requires at least OUTBOUND credentials.</param>
/// <param name="phContext"><para>
/// A pointer to a CtxtHandle structure. On the first call to <c>InitializeSecurityContext (General)</c>, this pointer is
/// <c>NULL</c>. On the second call, this parameter is a pointer to the handle to the partially formed context returned in the
/// phNewContext parameter by the first call.
/// </para>
/// <para>This parameter is optional with the Microsoft Digest SSP and can be set to <c>NULL</c>.</para>
/// <para>
/// When using the Schannel SSP, on the first call to <c>InitializeSecurityContext (General)</c>, specify <c>NULL</c>. On future
/// calls, specify the token received in the phNewContext parameter after the first call to this function.
/// </para></param>
/// <param name="pszTargetName">TBD</param>
/// <param name="fContextReq"><para>
/// Bit flags that indicate requests for the context. Not all packages can support all requirements. Flags used for this parameter
/// are prefixed with ISC_REQ_, for example, ISC_REQ_DELEGATE. This parameter can be one or more of the following attributes flags.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>ISC_REQ_ALLOCATE_MEMORY</term>
/// <term>
/// The security package allocates output buffers for you. When you have finished using the output buffers, free them by calling the
/// FreeContextBuffer function.
/// </term>
/// </item>
/// <item>
/// <term>ISC_REQ_CONFIDENTIALITY</term>
/// <term>Encrypt messages by using the EncryptMessage function.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_CONNECTION</term>
/// <term>
/// The security context will not handle formatting messages. This value is the default for the Kerberos, Negotiate, and NTLM
/// security packages.
/// </term>
/// </item>
/// <item>
/// <term>ISC_REQ_DELEGATE</term>
/// <term>
/// The server can use the context to authenticate to other servers as the client. The ISC_REQ_MUTUAL_AUTH flag must be set for this
/// flag to work. Valid for Kerberos. Ignore this flag for constrained delegation.
/// </term>
/// </item>
/// <item>
/// <term>ISC_REQ_EXTENDED_ERROR</term>
/// <term>When errors occur, the remote party will be notified.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_HTTP</term>
/// <term>Use Digest for HTTP. Omit this flag to use Digest as a SASL mechanism.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_INTEGRITY</term>
/// <term>Sign messages and verify signatures by using the EncryptMessage and MakeSignature functions.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_MANUAL_CRED_VALIDATION</term>
/// <term>Schannel must not authenticate the server automatically.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_MUTUAL_AUTH</term>
/// <term>The mutual authentication policy of the service will be satisfied.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_NO_INTEGRITY</term>
/// <term>
/// If this flag is set, the ISC_REQ_INTEGRITY flag is ignored. This value is supported only by the Negotiate and Kerberos security packages.
/// </term>
/// </item>
/// <item>
/// <term>ISC_REQ_REPLAY_DETECT</term>
/// <term>Detect replayed messages that have been encoded by using the EncryptMessage or MakeSignature functions.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_SEQUENCE_DETECT</term>
/// <term>Detect messages received out of sequence.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_STREAM</term>
/// <term>Support a stream-oriented connection.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_USE_SESSION_KEY</term>
/// <term>A new session key must be negotiated. This value is supported only by the Kerberos security package.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_USE_SUPPLIED_CREDS</term>
/// <term>Schannel must not attempt to supply credentials for the client automatically.</term>
/// </item>
/// </list>
/// <para>The requested attributes may not be supported by the client. For more information, see the pfContextAttr parameter.</para>
/// <para>For further descriptions of the various attributes, see Context Requirements.</para></param>
/// <param name="TargetDataRep"><para>The data representation, such as byte ordering, on the target. This parameter can be either SECURITY_NATIVE_DREP or SECURITY_NETWORK_DREP.</para>
/// <para>This parameter is not used with Digest or Schannel. Set it to zero.</para></param>
/// <param name="pInput">A pointer to a SecBufferDesc structure that contains pointers to the buffers supplied as input to the package. Unless the client
/// context was initiated by the server, the value of this parameter must be <c>NULL</c> on the first call to the function. On
/// subsequent calls to the function or when the client context was initiated by the server, the value of this parameter is a pointer
/// to a buffer allocated with enough memory to hold the token returned by the remote computer.</param>
/// <param name="outputType">Type of the output.</param>
/// <param name="pOutput"><para>
/// A pointer to a SecBufferDesc structure that contains pointers to the SecBuffer structure that receives the output data. If a
/// buffer was typed as SEC_READWRITE in the input, it will be there on output. The system will allocate a buffer for the security
/// token if requested (through ISC_REQ_ALLOCATE_MEMORY) and fill in the address in the buffer descriptor for the security token.
/// </para>
/// <para>When using the Microsoft Digest SSP, this parameter receives the challenge response that must be sent to the server.</para>
/// <para>
/// When using the Schannel SSP, if the ISC_REQ_ALLOCATE_MEMORY flag is specified, the Schannel SSP will allocate memory for the
/// buffer and put the appropriate information in the SecBufferDesc. In addition, the caller must pass in a buffer of type
/// <c>SECBUFFER_ALERT</c>. On output, if an alert is generated, this buffer contains information about that alert, and the function fails.
/// </para></param>
/// <param name="pfContextAttr"><para>
/// A pointer to a variable to receive a set of bit flags that indicate the attributes of the established context. For a description
/// of the various attributes, see Context Requirements.
/// </para>
/// <para>Flags used for this parameter are prefixed with ISC_RET, such as ISC_RET_DELEGATE.</para>
/// <para>For a list of valid values, see the fContextReq parameter.</para>
/// <para>
/// Do not check for security-related attributes until the final function call returns successfully. Attribute flags that are not
/// related to security, such as the ASC_RET_ALLOCATED_MEMORY flag, can be checked before the final return.
/// </para>
/// <para>
/// <c>Note</c> Particular context attributes can change during negotiation with a remote peer.</para></param>
/// <param name="ptsExpiry"><para>
/// A pointer to a TimeStamp structure that receives the expiration time of the context. It is recommended that the security package
/// always return this value in local time. This parameter is optional and <c>NULL</c> should be passed for short-lived clients.
/// </para>
/// <para>There is no expiration time for Microsoft Digest SSP security contexts or credentials.</para></param>
/// <returns>
/// <para>If the function succeeds, the function returns one of the following success codes.</para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>SEC_I_COMPLETE_AND_CONTINUE</term>
/// <term>
/// The client must call CompleteAuthToken and then pass the output to the server. The client then waits for a returned token and
/// passes it, in another call, to InitializeSecurityContext (General).
/// </term>
/// </item>
/// <item>
/// <term>SEC_I_COMPLETE_NEEDED</term>
/// <term>The client must finish building the message and then call the CompleteAuthToken function.</term>
/// </item>
/// <item>
/// <term>SEC_I_CONTINUE_NEEDED</term>
/// <term>
/// The client must send the output token to the server and wait for a return token. The returned token is then passed in another
/// call to InitializeSecurityContext (General). The output token can be empty.
/// </term>
/// </item>
/// <item>
/// <term>SEC_I_INCOMPLETE_CREDENTIALS</term>
/// <term>
/// Use with Schannel. The server has requested client authentication, and the supplied credentials either do not include a
/// certificate or the certificate was not issued by a certification authority that is trusted by the server. For more information,
/// see Remarks.
/// </term>
/// </item>
/// <item>
/// <term>SEC_E_INCOMPLETE_MESSAGE</term>
/// <term>
/// Use with Schannel. Data for the whole message was not read from the wire. When this value is returned, the pInput buffer contains
/// a SecBuffer structure with a BufferType member of SECBUFFER_MISSING. The cbBuffer member of SecBuffer contains a value that
/// indicates the number of additional bytes that the function must read from the client before this function succeeds. While this
/// number is not always accurate, using it can help improve performance by avoiding multiple calls to this function.
/// </term>
/// </item>
/// <item>
/// <term>SEC_E_OK</term>
/// <term>
/// The security context was successfully initialized. There is no need for another InitializeSecurityContext (General) call. If the
/// function returns an output token, that is, if the SECBUFFER_TOKEN in pOutput is of nonzero length, that token must be sent to the server.
/// </term>
/// </item>
/// </list>
/// <para>If the function fails, the function returns one of the following error codes.</para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>SEC_E_INSUFFICIENT_MEMORY</term>
/// <term>There is not enough memory available to complete the requested action.</term>
/// </item>
/// <item>
/// <term>SEC_E_INTERNAL_ERROR</term>
/// <term>An error occurred that did not map to an SSPI error code.</term>
/// </item>
/// <item>
/// <term>SEC_E_INVALID_HANDLE</term>
/// <term>The handle passed to the function is not valid.</term>
/// </item>
/// <item>
/// <term>SEC_E_INVALID_TOKEN</term>
/// <term>
/// The error is due to a malformed input token, such as a token corrupted in transit, a token of incorrect size, or a token passed
/// into the wrong security package. Passing a token to the wrong package can happen if the client and server did not negotiate the
/// proper security package.
/// </term>
/// </item>
/// <item>
/// <term>SEC_E_LOGON_DENIED</term>
/// <term>The logon failed.</term>
/// </item>
/// <item>
/// <term>SEC_E_NO_AUTHENTICATING_AUTHORITY</term>
/// <term>
/// No authority could be contacted for authentication. The domain name of the authenticating party could be wrong, the domain could
/// be unreachable, or there might have been a trust relationship failure.
/// </term>
/// </item>
/// <item>
/// <term>SEC_E_NO_CREDENTIALS</term>
/// <term>No credentials are available in the security package.</term>
/// </item>
/// <item>
/// <term>SEC_E_TARGET_UNKNOWN</term>
/// <term>The target was not recognized.</term>
/// </item>
/// <item>
/// <term>SEC_E_UNSUPPORTED_FUNCTION</term>
/// <term>
/// A context attribute flag that is not valid (ISC_REQ_DELEGATE or ISC_REQ_PROMPT_FOR_CREDS) was specified in the fContextReq parameter.
/// </term>
/// </item>
/// <item>
/// <term>SEC_E_WRONG_PRINCIPAL</term>
/// <term>
/// The principal that received the authentication request is not the same as the one passed into the pszTargetName parameter. This
/// indicates a failure in mutual authentication.
/// </term>
/// </item>
/// </list>
/// </returns>
/// <remarks>
/// <para>
/// The caller is responsible for determining whether the final context attributes are sufficient. If, for example, confidentiality
/// was requested, but could not be established, some applications may choose to shut down the connection immediately.
/// </para>
/// <para>
/// If attributes of the security context are not sufficient, the client must free the partially created context by calling the
/// DeleteSecurityContext function.
/// </para>
/// <para>The <c>InitializeSecurityContext (General)</c> function is used by a client to initialize an outbound context.</para>
/// <para>For a two-leg security context, the calling sequence is as follows:</para>
/// <list type="number">
/// <item>
/// <term>The client calls the function with phContext set to <c>NULL</c> and fills in the buffer descriptor with the input message.</term>
/// </item>
/// <item>
/// <term>
/// The security package examines the parameters and constructs an opaque token, placing it in the TOKEN element in the buffer array.
/// If the fContextReq parameter includes the ISC_REQ_ALLOCATE_MEMORY flag, the security package allocates the memory and returns the
/// pointer in the TOKEN element.
/// </term>
/// </item>
/// <item>
/// <term>
/// The client sends the token returned in the pOutput buffer to the target server. The server then passes the token as an input
/// argument in a call to the AcceptSecurityContext (General) function.
/// </term>
/// </item>
/// <item>
/// <term>
/// AcceptSecurityContext (General) may return a token, which the server sends to the client for a second call to
/// <c>InitializeSecurityContext (General)</c> if the first call returned SEC_I_CONTINUE_NEEDED.
/// </term>
/// </item>
/// </list>
/// <para>For multiple-leg security contexts, such as mutual authentication, the calling sequence is as follows:</para>
/// <list type="number">
/// <item>
/// <term>The client calls the function as described earlier, but the package returns the SEC_I_CONTINUE_NEEDED success code.</term>
/// </item>
/// <item>
/// <term>The client sends the output token to the server and waits for the server's reply.</term>
/// </item>
/// <item>
/// <term>
/// Upon receipt of the server's response, the client calls <c>InitializeSecurityContext (General)</c> again, with phContext set to
/// the handle that was returned from the last call. The token received from the server is supplied in the pInput parameter.
/// </term>
/// </item>
/// </list>
/// <para>If the server has successfully responded, the security package returns SEC_E_OK and a secure session is established.</para>
/// <para>If the function returns one of the error responses, the server's response is not accepted, and the session is not established.</para>
/// <para>
/// If the function returns SEC_I_CONTINUE_NEEDED, SEC_I_COMPLETE_NEEDED, or SEC_I_COMPLETE_AND_CONTINUE, steps 2 and 3 are repeated.
/// </para>
/// <para>
/// To initialize a security context, more than one call to this function may be required, depending on the underlying authentication
/// mechanism as well as the choices specified in the fContextReq parameter.
/// </para>
/// <para>
/// The fContextReq and pfContextAttributes parameters are bitmasks that represent various context attributes. For a description of
/// the various attributes, see Context Requirements. The pfContextAttributes parameter is valid on any successful return, but only
/// on the final successful return should you examine the flags that pertain to security aspects of the context. Intermediate returns
/// can set, for example, the ISC_RET_ALLOCATED_MEMORY flag.
/// </para>
/// <para>
/// If the ISC_REQ_USE_SUPPLIED_CREDS flag is set, the security package must look for a SECBUFFER_PKG_PARAMS buffer type in the
/// pInput input buffer. This is not a generic solution, but it allows for a strong pairing of security package and application when appropriate.
/// </para>
/// <para>If ISC_REQ_ALLOCATE_MEMORY was specified, the caller must free the memory by calling the FreeContextBuffer function.</para>
/// <para>
/// For example, the input token could be the challenge from a LAN Manager. In this case, the output token would be the
/// NTLM-encrypted response to the challenge.
/// </para>
/// <para>
/// The action the client takes depends on the return code from this function. If the return code is SEC_E_OK, there will be no
/// second <c>InitializeSecurityContext (General)</c> call, and no response from the server is expected. If the return code is
/// SEC_I_CONTINUE_NEEDED, the client expects a token in response from the server and passes it in a second call to
/// <c>InitializeSecurityContext (General)</c>. The SEC_I_COMPLETE_NEEDED return code indicates that the client must finish building
/// the message and call the CompleteAuthToken function. The SEC_I_COMPLETE_AND_CONTINUE code incorporates both of these actions.
/// </para>
/// <para>
/// If <c>InitializeSecurityContext (General)</c> returns success on the first (or only) call, then the caller must eventually call
/// the DeleteSecurityContext function on the returned handle, even if the call fails on a later leg of the authentication exchange.
/// </para>
/// <para>
/// The client may call <c>InitializeSecurityContext (General)</c> again after it has completed successfully. This indicates to the
/// security package that a reauthentication is wanted.
/// </para>
/// <para>
/// Kernel mode callers have the following differences: the target name is a Unicode string that must be allocated in virtual memory
/// by using VirtualAlloc; it must not be allocated from the pool. Buffers passed and supplied in pInput and pOutput must be in
/// virtual memory, not in the pool.
/// </para>
/// <para>
/// When using the Schannel SSP, if the function returns SEC_I_INCOMPLETE_CREDENTIALS, check that you specified a valid and trusted
/// certificate in your credentials. The certificate is specified when calling the AcquireCredentialsHandle (General) function. The
/// certificate must be a client authentication certificate issued by a certification authority (CA) trusted by the server. To obtain
/// a list of the CAs trusted by the server, call the QueryContextAttributes (General) function and specify the
/// SECPKG_ATTR_ISSUER_LIST_EX attribute.
/// </para>
/// <para>
/// When using the Schannel SSP, after a client application receives an authentication certificate from a CA that is trusted by the
/// server, the application creates a new credential by calling the AcquireCredentialsHandle (General) function and then calling
/// <c>InitializeSecurityContext (General)</c> again, specifying the new credential in the phCredential parameter.
/// </para>
/// </remarks>
public static HRESULT InitializeSecurityContext(in CredHandle phCredential, [In, Out] SafeCtxtHandle phContext, string pszTargetName, ASC_REQ fContextReq, DREP TargetDataRep,
[In, Optional] SecBufferDesc? pInput, SecBufferType outputType, out SafeSecBufferDesc pOutput, out ASC_RET pfContextAttr, out TimeStamp ptsExpiry)
{
@ -3166,6 +3574,399 @@ namespace Vanara.PInvoke
return InitializeSecurityContext(phCredential, phContext, pszTargetName, fContextReq, TargetDataRep, pInput, pOutput, out pfContextAttr, out ptsExpiry);
}
/// <summary>
/// <para>
/// The <c>InitializeSecurityContext (General)</c> function initiates the client side, outbound security context from a credential
/// handle. The function is used to build a security context between the client application and a remote peer.
/// <c>InitializeSecurityContext (General)</c> returns a token that the client must pass to the remote peer, which the peer in turn
/// submits to the local security implementation through the AcceptSecurityContext (General) call. The token generated should be
/// considered opaque by all callers.
/// </para>
/// <para>
/// Typically, the <c>InitializeSecurityContext (General)</c> function is called in a loop until a sufficient security context is established.
/// </para>
/// <para>For information about using this function with a specific security support provider (SSP), see the following topics.</para>
/// <list type="table">
/// <listheader>
/// <term>Topic</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>InitializeSecurityContext (CredSSP)</term>
/// <term>
/// Initiates the client side, outbound security context from a credential handle by using the Credential Security Support Provider (CredSSP).
/// </term>
/// </item>
/// <item>
/// <term>InitializeSecurityContext (Digest)</term>
/// <term>Initiates the client side, outbound security context from a credential handle by using the Digest security package.</term>
/// </item>
/// <item>
/// <term>InitializeSecurityContext (Kerberos)</term>
/// <term>Initiates the client side, outbound security context from a credential handle by using the Kerberos security package.</term>
/// </item>
/// <item>
/// <term>InitializeSecurityContext (Negotiate)</term>
/// <term>Initiates the client side, outbound security context from a credential handle by using the Negotiate security package.</term>
/// </item>
/// <item>
/// <term>InitializeSecurityContext (NTLM)</term>
/// <term>Initiates the client side, outbound security context from a credential handle by using the NTLM security package.</term>
/// </item>
/// <item>
/// <term>InitializeSecurityContext (Schannel)</term>
/// <term>Initiates the client side, outbound security context from a credential handle by using the Schannel security package.</term>
/// </item>
/// </list>
/// </summary>
/// <param name="phCredential">A handle to the credentials returned by AcquireCredentialsHandle (General). This handle is used to build the security context.
/// The <c>InitializeSecurityContext (General)</c> function requires at least OUTBOUND credentials.</param>
/// <param name="phContext"><para>
/// A pointer to a CtxtHandle structure. On the first call to <c>InitializeSecurityContext (General)</c>, this pointer is
/// <c>NULL</c>. On the second call, this parameter is a pointer to the handle to the partially formed context returned in the
/// phNewContext parameter by the first call.
/// </para>
/// <para>This parameter is optional with the Microsoft Digest SSP and can be set to <c>NULL</c>.</para>
/// <para>
/// When using the Schannel SSP, on the first call to <c>InitializeSecurityContext (General)</c>, specify <c>NULL</c>. On future
/// calls, specify the token received in the phNewContext parameter after the first call to this function.
/// </para></param>
/// <param name="pszTargetName">TBD</param>
/// <param name="fContextReq"><para>
/// Bit flags that indicate requests for the context. Not all packages can support all requirements. Flags used for this parameter
/// are prefixed with ISC_REQ_, for example, ISC_REQ_DELEGATE. This parameter can be one or more of the following attributes flags.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>ISC_REQ_ALLOCATE_MEMORY</term>
/// <term>
/// The security package allocates output buffers for you. When you have finished using the output buffers, free them by calling the
/// FreeContextBuffer function.
/// </term>
/// </item>
/// <item>
/// <term>ISC_REQ_CONFIDENTIALITY</term>
/// <term>Encrypt messages by using the EncryptMessage function.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_CONNECTION</term>
/// <term>
/// The security context will not handle formatting messages. This value is the default for the Kerberos, Negotiate, and NTLM
/// security packages.
/// </term>
/// </item>
/// <item>
/// <term>ISC_REQ_DELEGATE</term>
/// <term>
/// The server can use the context to authenticate to other servers as the client. The ISC_REQ_MUTUAL_AUTH flag must be set for this
/// flag to work. Valid for Kerberos. Ignore this flag for constrained delegation.
/// </term>
/// </item>
/// <item>
/// <term>ISC_REQ_EXTENDED_ERROR</term>
/// <term>When errors occur, the remote party will be notified.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_HTTP</term>
/// <term>Use Digest for HTTP. Omit this flag to use Digest as a SASL mechanism.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_INTEGRITY</term>
/// <term>Sign messages and verify signatures by using the EncryptMessage and MakeSignature functions.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_MANUAL_CRED_VALIDATION</term>
/// <term>Schannel must not authenticate the server automatically.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_MUTUAL_AUTH</term>
/// <term>The mutual authentication policy of the service will be satisfied.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_NO_INTEGRITY</term>
/// <term>
/// If this flag is set, the ISC_REQ_INTEGRITY flag is ignored. This value is supported only by the Negotiate and Kerberos security packages.
/// </term>
/// </item>
/// <item>
/// <term>ISC_REQ_REPLAY_DETECT</term>
/// <term>Detect replayed messages that have been encoded by using the EncryptMessage or MakeSignature functions.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_SEQUENCE_DETECT</term>
/// <term>Detect messages received out of sequence.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_STREAM</term>
/// <term>Support a stream-oriented connection.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_USE_SESSION_KEY</term>
/// <term>A new session key must be negotiated. This value is supported only by the Kerberos security package.</term>
/// </item>
/// <item>
/// <term>ISC_REQ_USE_SUPPLIED_CREDS</term>
/// <term>Schannel must not attempt to supply credentials for the client automatically.</term>
/// </item>
/// </list>
/// <para>The requested attributes may not be supported by the client. For more information, see the pfContextAttr parameter.</para>
/// <para>For further descriptions of the various attributes, see Context Requirements.</para></param>
/// <param name="TargetDataRep"><para>The data representation, such as byte ordering, on the target. This parameter can be either SECURITY_NATIVE_DREP or SECURITY_NETWORK_DREP.</para>
/// <para>This parameter is not used with Digest or Schannel. Set it to zero.</para></param>
/// <param name="pInput">A pointer to a SecBufferDesc structure that contains pointers to the buffers supplied as input to the package. Unless the client
/// context was initiated by the server, the value of this parameter must be <c>NULL</c> on the first call to the function. On
/// subsequent calls to the function or when the client context was initiated by the server, the value of this parameter is a pointer
/// to a buffer allocated with enough memory to hold the token returned by the remote computer.</param>
/// <param name="pOutput"><para>
/// A pointer to a SecBufferDesc structure that contains pointers to the SecBuffer structure that receives the output data. If a
/// buffer was typed as SEC_READWRITE in the input, it will be there on output. The system will allocate a buffer for the security
/// token if requested (through ISC_REQ_ALLOCATE_MEMORY) and fill in the address in the buffer descriptor for the security token.
/// </para>
/// <para>When using the Microsoft Digest SSP, this parameter receives the challenge response that must be sent to the server.</para>
/// <para>
/// When using the Schannel SSP, if the ISC_REQ_ALLOCATE_MEMORY flag is specified, the Schannel SSP will allocate memory for the
/// buffer and put the appropriate information in the SecBufferDesc. In addition, the caller must pass in a buffer of type
/// <c>SECBUFFER_ALERT</c>. On output, if an alert is generated, this buffer contains information about that alert, and the function fails.
/// </para></param>
/// <param name="pfContextAttr"><para>
/// A pointer to a variable to receive a set of bit flags that indicate the attributes of the established context. For a description
/// of the various attributes, see Context Requirements.
/// </para>
/// <para>Flags used for this parameter are prefixed with ISC_RET, such as ISC_RET_DELEGATE.</para>
/// <para>For a list of valid values, see the fContextReq parameter.</para>
/// <para>
/// Do not check for security-related attributes until the final function call returns successfully. Attribute flags that are not
/// related to security, such as the ASC_RET_ALLOCATED_MEMORY flag, can be checked before the final return.
/// </para>
/// <para>
/// <c>Note</c> Particular context attributes can change during negotiation with a remote peer.</para></param>
/// <param name="ptsExpiry"><para>
/// A pointer to a TimeStamp structure that receives the expiration time of the context. It is recommended that the security package
/// always return this value in local time. This parameter is optional and <c>NULL</c> should be passed for short-lived clients.
/// </para>
/// <para>There is no expiration time for Microsoft Digest SSP security contexts or credentials.</para></param>
/// <returns>
/// <para>If the function succeeds, the function returns one of the following success codes.</para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>SEC_I_COMPLETE_AND_CONTINUE</term>
/// <term>
/// The client must call CompleteAuthToken and then pass the output to the server. The client then waits for a returned token and
/// passes it, in another call, to InitializeSecurityContext (General).
/// </term>
/// </item>
/// <item>
/// <term>SEC_I_COMPLETE_NEEDED</term>
/// <term>The client must finish building the message and then call the CompleteAuthToken function.</term>
/// </item>
/// <item>
/// <term>SEC_I_CONTINUE_NEEDED</term>
/// <term>
/// The client must send the output token to the server and wait for a return token. The returned token is then passed in another
/// call to InitializeSecurityContext (General). The output token can be empty.
/// </term>
/// </item>
/// <item>
/// <term>SEC_I_INCOMPLETE_CREDENTIALS</term>
/// <term>
/// Use with Schannel. The server has requested client authentication, and the supplied credentials either do not include a
/// certificate or the certificate was not issued by a certification authority that is trusted by the server. For more information,
/// see Remarks.
/// </term>
/// </item>
/// <item>
/// <term>SEC_E_INCOMPLETE_MESSAGE</term>
/// <term>
/// Use with Schannel. Data for the whole message was not read from the wire. When this value is returned, the pInput buffer contains
/// a SecBuffer structure with a BufferType member of SECBUFFER_MISSING. The cbBuffer member of SecBuffer contains a value that
/// indicates the number of additional bytes that the function must read from the client before this function succeeds. While this
/// number is not always accurate, using it can help improve performance by avoiding multiple calls to this function.
/// </term>
/// </item>
/// <item>
/// <term>SEC_E_OK</term>
/// <term>
/// The security context was successfully initialized. There is no need for another InitializeSecurityContext (General) call. If the
/// function returns an output token, that is, if the SECBUFFER_TOKEN in pOutput is of nonzero length, that token must be sent to the server.
/// </term>
/// </item>
/// </list>
/// <para>If the function fails, the function returns one of the following error codes.</para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>SEC_E_INSUFFICIENT_MEMORY</term>
/// <term>There is not enough memory available to complete the requested action.</term>
/// </item>
/// <item>
/// <term>SEC_E_INTERNAL_ERROR</term>
/// <term>An error occurred that did not map to an SSPI error code.</term>
/// </item>
/// <item>
/// <term>SEC_E_INVALID_HANDLE</term>
/// <term>The handle passed to the function is not valid.</term>
/// </item>
/// <item>
/// <term>SEC_E_INVALID_TOKEN</term>
/// <term>
/// The error is due to a malformed input token, such as a token corrupted in transit, a token of incorrect size, or a token passed
/// into the wrong security package. Passing a token to the wrong package can happen if the client and server did not negotiate the
/// proper security package.
/// </term>
/// </item>
/// <item>
/// <term>SEC_E_LOGON_DENIED</term>
/// <term>The logon failed.</term>
/// </item>
/// <item>
/// <term>SEC_E_NO_AUTHENTICATING_AUTHORITY</term>
/// <term>
/// No authority could be contacted for authentication. The domain name of the authenticating party could be wrong, the domain could
/// be unreachable, or there might have been a trust relationship failure.
/// </term>
/// </item>
/// <item>
/// <term>SEC_E_NO_CREDENTIALS</term>
/// <term>No credentials are available in the security package.</term>
/// </item>
/// <item>
/// <term>SEC_E_TARGET_UNKNOWN</term>
/// <term>The target was not recognized.</term>
/// </item>
/// <item>
/// <term>SEC_E_UNSUPPORTED_FUNCTION</term>
/// <term>
/// A context attribute flag that is not valid (ISC_REQ_DELEGATE or ISC_REQ_PROMPT_FOR_CREDS) was specified in the fContextReq parameter.
/// </term>
/// </item>
/// <item>
/// <term>SEC_E_WRONG_PRINCIPAL</term>
/// <term>
/// The principal that received the authentication request is not the same as the one passed into the pszTargetName parameter. This
/// indicates a failure in mutual authentication.
/// </term>
/// </item>
/// </list>
/// </returns>
/// <exception cref="System.ArgumentNullException">phContext</exception>
/// <remarks>
/// <para>
/// The caller is responsible for determining whether the final context attributes are sufficient. If, for example, confidentiality
/// was requested, but could not be established, some applications may choose to shut down the connection immediately.
/// </para>
/// <para>
/// If attributes of the security context are not sufficient, the client must free the partially created context by calling the
/// DeleteSecurityContext function.
/// </para>
/// <para>The <c>InitializeSecurityContext (General)</c> function is used by a client to initialize an outbound context.</para>
/// <para>For a two-leg security context, the calling sequence is as follows:</para>
/// <list type="number">
/// <item>
/// <term>The client calls the function with phContext set to <c>NULL</c> and fills in the buffer descriptor with the input message.</term>
/// </item>
/// <item>
/// <term>
/// The security package examines the parameters and constructs an opaque token, placing it in the TOKEN element in the buffer array.
/// If the fContextReq parameter includes the ISC_REQ_ALLOCATE_MEMORY flag, the security package allocates the memory and returns the
/// pointer in the TOKEN element.
/// </term>
/// </item>
/// <item>
/// <term>
/// The client sends the token returned in the pOutput buffer to the target server. The server then passes the token as an input
/// argument in a call to the AcceptSecurityContext (General) function.
/// </term>
/// </item>
/// <item>
/// <term>
/// AcceptSecurityContext (General) may return a token, which the server sends to the client for a second call to
/// <c>InitializeSecurityContext (General)</c> if the first call returned SEC_I_CONTINUE_NEEDED.
/// </term>
/// </item>
/// </list>
/// <para>For multiple-leg security contexts, such as mutual authentication, the calling sequence is as follows:</para>
/// <list type="number">
/// <item>
/// <term>The client calls the function as described earlier, but the package returns the SEC_I_CONTINUE_NEEDED success code.</term>
/// </item>
/// <item>
/// <term>The client sends the output token to the server and waits for the server's reply.</term>
/// </item>
/// <item>
/// <term>
/// Upon receipt of the server's response, the client calls <c>InitializeSecurityContext (General)</c> again, with phContext set to
/// the handle that was returned from the last call. The token received from the server is supplied in the pInput parameter.
/// </term>
/// </item>
/// </list>
/// <para>If the server has successfully responded, the security package returns SEC_E_OK and a secure session is established.</para>
/// <para>If the function returns one of the error responses, the server's response is not accepted, and the session is not established.</para>
/// <para>
/// If the function returns SEC_I_CONTINUE_NEEDED, SEC_I_COMPLETE_NEEDED, or SEC_I_COMPLETE_AND_CONTINUE, steps 2 and 3 are repeated.
/// </para>
/// <para>
/// To initialize a security context, more than one call to this function may be required, depending on the underlying authentication
/// mechanism as well as the choices specified in the fContextReq parameter.
/// </para>
/// <para>
/// The fContextReq and pfContextAttributes parameters are bitmasks that represent various context attributes. For a description of
/// the various attributes, see Context Requirements. The pfContextAttributes parameter is valid on any successful return, but only
/// on the final successful return should you examine the flags that pertain to security aspects of the context. Intermediate returns
/// can set, for example, the ISC_RET_ALLOCATED_MEMORY flag.
/// </para>
/// <para>
/// If the ISC_REQ_USE_SUPPLIED_CREDS flag is set, the security package must look for a SECBUFFER_PKG_PARAMS buffer type in the
/// pInput input buffer. This is not a generic solution, but it allows for a strong pairing of security package and application when appropriate.
/// </para>
/// <para>If ISC_REQ_ALLOCATE_MEMORY was specified, the caller must free the memory by calling the FreeContextBuffer function.</para>
/// <para>
/// For example, the input token could be the challenge from a LAN Manager. In this case, the output token would be the
/// NTLM-encrypted response to the challenge.
/// </para>
/// <para>
/// The action the client takes depends on the return code from this function. If the return code is SEC_E_OK, there will be no
/// second <c>InitializeSecurityContext (General)</c> call, and no response from the server is expected. If the return code is
/// SEC_I_CONTINUE_NEEDED, the client expects a token in response from the server and passes it in a second call to
/// <c>InitializeSecurityContext (General)</c>. The SEC_I_COMPLETE_NEEDED return code indicates that the client must finish building
/// the message and call the CompleteAuthToken function. The SEC_I_COMPLETE_AND_CONTINUE code incorporates both of these actions.
/// </para>
/// <para>
/// If <c>InitializeSecurityContext (General)</c> returns success on the first (or only) call, then the caller must eventually call
/// the DeleteSecurityContext function on the returned handle, even if the call fails on a later leg of the authentication exchange.
/// </para>
/// <para>
/// The client may call <c>InitializeSecurityContext (General)</c> again after it has completed successfully. This indicates to the
/// security package that a reauthentication is wanted.
/// </para>
/// <para>
/// Kernel mode callers have the following differences: the target name is a Unicode string that must be allocated in virtual memory
/// by using VirtualAlloc; it must not be allocated from the pool. Buffers passed and supplied in pInput and pOutput must be in
/// virtual memory, not in the pool.
/// </para>
/// <para>
/// When using the Schannel SSP, if the function returns SEC_I_INCOMPLETE_CREDENTIALS, check that you specified a valid and trusted
/// certificate in your credentials. The certificate is specified when calling the AcquireCredentialsHandle (General) function. The
/// certificate must be a client authentication certificate issued by a certification authority (CA) trusted by the server. To obtain
/// a list of the CAs trusted by the server, call the QueryContextAttributes (General) function and specify the
/// SECPKG_ATTR_ISSUER_LIST_EX attribute.
/// </para>
/// <para>
/// When using the Schannel SSP, after a client application receives an authentication certificate from a CA that is trusted by the
/// server, the application creates a new credential by calling the AcquireCredentialsHandle (General) function and then calling
/// <c>InitializeSecurityContext (General)</c> again, specifying the new credential in the phCredential parameter.
/// </para>
/// </remarks>
public static HRESULT InitializeSecurityContext(in CredHandle phCredential, [In, Out] SafeCtxtHandle phContext, string pszTargetName, ASC_REQ fContextReq, DREP TargetDataRep,
SecBufferDesc? pInput, [In, Out] SafeSecBufferDesc pOutput, out ASC_RET pfContextAttr, out TimeStamp ptsExpiry)
{

4
PInvoke/Security/Secur32/credssp.cs
View File

@ -57,12 +57,16 @@ namespace Vanara.PInvoke
/// <summary>The CREDSPP_SUBMIT_TYPE enumeration value that specifies the type of credentials contained in this structure.</summary>
public CREDSSP_SUBMIT_TYPE Type;
/// <summary/>
public uint Version;
/// <summary/>
public uint Flags;
/// <summary/>
public uint Reserved;
/// <summary/>
public CREDSSP_CRED Cred;
}