using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Security; using Vanara.Extensions; using Vanara.InteropServices; using static Vanara.PInvoke.AdvApi32; using static Vanara.PInvoke.Kernel32; namespace Vanara.PInvoke { ///

Platform invokable enumerated types, constants and functions from authz.h

public static partial class Authz { ///

/// The AuthzAccessCheckCallback function is an application-defined function that handles callback access control entries (ACEs) /// during an access check. AuthzAccessCheckCallback is a placeholder for the application-defined function name. The application /// registers this callback by calling AuthzInitializeResourceManager. ///

/// A handle to a client context. /// A pointer to the ACE to evaluate for inclusion in the call to the AuthzAccessCheck function. /// Data passed in the DynamicGroupArgs parameter of the call to AuthzAccessCheck or AuthzCachedAccessCheck. /// /// A pointer to a Boolean variable that receives the results of the evaluation of the logic defined by the application. /// /// The results are TRUE if the logic determines that the ACE is applicable and will be included in the call to AuthzAccessCheck; /// otherwise, the results are FALSE. /// /// /// /// If the function succeeds, the function returns TRUE. /// /// If the function is unable to perform the evaluation, it returns FALSE. Use SetLastError to return an error to the access check function. /// /// [UnmanagedFunctionPointer(CallingConvention.Winapi, SetLastError = true, CharSet = CharSet.Unicode)] [SuppressUnmanagedCodeSecurity] [return: MarshalAs(UnmanagedType.Bool)] public delegate bool AuthzAccessCheckCallback(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, PACE pAce, IntPtr pArgs, [MarshalAs(UnmanagedType.Bool)] ref bool pbAceApplicable); ///

/// The AuthzComputeGroupsCallback function is an application-defined function that creates a list of security identifiers /// (SIDs) that apply to a client. AuthzComputeGroupsCallback is a placeholder for the application-defined function name. ///

/// A handle to a client context. /// /// Data passed in the DynamicGroupArgs parameter of a call to the AuthzInitializeContextFromAuthzContext, /// AuthzInitializeContextFromSid, or AuthzInitializeContextFromToken function. /// /// /// A pointer to a pointer variable that receives the address of an array of SID_AND_ATTRIBUTES structures. These structures /// represent the groups to which the client belongs. /// /// The number of structures in pSidAttrArray. /// /// A pointer to a pointer variable that receives the address of an array of SID_AND_ATTRIBUTES structures. These structures /// represent the groups from which the client is restricted. /// /// The number of structures in pSidRestrictedAttrArray. /// /// If the function successfully returns a list of SIDs, the return value is TRUE. /// If the function fails, the return value is FALSE. /// /// /// Applications can also add SIDs to the client context by calling AuthzAddSidsToContext. /// /// Attribute variables must be in the form of an expression when used with logical operators; otherwise, they are evaluated as unknown. /// /// // https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/authzcomputegroupscallback BOOL CALLBACK AuthzComputeGroupsCallback( // _In_ AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, _In_ PVOID Args, _Out_ PSID_AND_ATTRIBUTES *pSidAttrArray, _Out_ PDWORD // pSidCount, _Out_ PSID_AND_ATTRIBUTES *pRestrictedSidAttrArray, _Out_ PDWORD pRestrictedSidCount ); [UnmanagedFunctionPointer(CallingConvention.Winapi, SetLastError = true, CharSet = CharSet.Unicode)] [PInvokeData("authz.h", MSDNShortId = "c20a02a0-5303-4433-a484-5a89999b32b9")] [return: MarshalAs(UnmanagedType.Bool)] public delegate bool AuthzComputeGroupsCallback(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, IntPtr pArgs, out IntPtr pSidAttrArray, out uint pSidCount, out IntPtr pRestrictedSidAttrArray, out uint pRestrictedSidCount); ///

/// The AuthzFreeCentralAccessPolicyCallback function is an application-defined function that frees memory allocated by the /// AuthzGetCentralAccessPolicyCallback function. AuthzFreeCentralAccessPolicyCallback is a placeholder for the application-defined /// function name. ///

/// Pointer to the central access policy to be freed. /// /// If the function succeeds, the function returns TRUE. /// /// If the function is unable to perform the evaluation, it returns FALSE. Use SetLastError to return an error to the /// access check function. /// /// // https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/authzfreecentralaccesspolicycallback BOOL CALLBACK // AuthzFreeCentralAccessPolicyCallback( _In_ PVOID pCentralAccessPolicy ); [PInvokeData("authz.h", MSDNShortId = "F0859A67-4D20-4189-8F35-A78034E41E6A")] [UnmanagedFunctionPointer(CallingConvention.Winapi, SetLastError = true, CharSet = CharSet.Unicode)] [return: MarshalAs(UnmanagedType.Bool)] public delegate bool AuthzFreeCentralAccessPolicyCallback(IntPtr pCentralAccessPolicy); ///

/// The AuthzFreeGroupsCallback function is an application-defined function that frees memory allocated by the /// AuthzComputeGroupsCallback function. AuthzFreeGroupsCallback is a placeholder for the application-defined function name. ///

/// A pointer to memory allocated by AuthzComputeGroupsCallback. [UnmanagedFunctionPointer(CallingConvention.Winapi, SetLastError = true, CharSet = CharSet.Unicode)] [SuppressUnmanagedCodeSecurity] public delegate void AuthzFreeGroupsCallback(IntPtr pSidAttrArray); ///

/// The AuthzGetCentralAccessPolicyCallback function is an application-defined function that retrieves the central access policy. /// AuthzGetCentralAccessPolicyCallback is a placeholder for the application-defined function name. ///

/// Handle to the client context. /// ID of the central access policy to retrieve. /// /// Optional arguments that were passed to the AuthzAccessCheck function through the OptionalArguments member of the /// AUTHZ_ACCESS_REQUEST structure. /// /// /// Pointer to a Boolean value that the resource manager uses to indicate whether a central access policy should be used during /// access evaluation. /// /// /// Pointer to the central access policy (CAP) to be used for evaluating access. If this value is NULL, the default CAP is applied. /// /// /// If the function succeeds, the function returns TRUE. /// /// If the function is unable to perform the evaluation, it returns FALSE. Use SetLastError to return an error to the /// access check function. /// /// // https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/authzgetcentralaccesspolicycallback- BOOL CALLBACK // AuthzGetCentralAccessPolicyCallback ( _In_ AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, _In_ PSID capid, _In_opt_ PVOID pArgs, // _Out_ PBOOL pCentralAccessPolicyApplicable, _Out_ PVOID ppCentralAccessPolicy ); [PInvokeData("authz.h", MSDNShortId = "1D5831EF-ACA8-4EE9-A7C1-E1A3CB74CEC0")] [UnmanagedFunctionPointer(CallingConvention.Winapi, SetLastError = true, CharSet = CharSet.Unicode)] [return: MarshalAs(UnmanagedType.Bool)] public delegate bool AuthzGetCentralAccessPolicyCallback([In] AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, [In] PSID capid, [In, Optional] IntPtr pArgs, [MarshalAs(UnmanagedType.Bool)] out bool pCentralAccessPolicyApplicable, out IntPtr ppCentralAccessPolicy); ///

Flags that specify the type of audit generated.

[PInvokeData("authz.h", MSDNShortId = "95d561ef-3233-433a-a1e7-b914df1dd211")] [Flags] public enum APF { ///

Failure audits are generated.

APF_AuditFailure = 0x00000000, ///

Success audits are generated.

APF_AuditSuccess = 0x00000001, } ///

/// /// The AUTHZ_CONTEXT_INFORMATION_CLASS enumeration specifies the type of information to be retrieved from an existing /// AuthzClientContext. This enumeration is used by the AuthzGetInformationFromContext function. /// ///

// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ne-authz-_authz_context_information_class typedef enum // _AUTHZ_CONTEXT_INFORMATION_CLASS { AuthzContextInfoUserSid , AuthzContextInfoGroupsSids , AuthzContextInfoRestrictedSids , // AuthzContextInfoPrivileges , AuthzContextInfoExpirationTime , AuthzContextInfoServerContext , AuthzContextInfoIdentifier , // AuthzContextInfoSource , AuthzContextInfoAll , AuthzContextInfoAuthenticationId , AuthzContextInfoSecurityAttributes , // AuthzContextInfoDeviceSids , AuthzContextInfoUserClaims , AuthzContextInfoDeviceClaims , AuthzContextInfoAppContainerSid , // AuthzContextInfoCapabilitySids } AUTHZ_CONTEXT_INFORMATION_CLASS; [PInvokeData("authz.h", MSDNShortId = "5eb752dc-17f7-4510-8aef-d18280322e76")] public enum AUTHZ_CONTEXT_INFORMATION_CLASS { ///

Retrieves a TOKEN_USER structure that contains a user security identifier (SID) and its attribute.

[CorrespondingType(typeof(TOKEN_USER))] AuthzContextInfoUserSid = 1, ///

Retrieves a TOKEN_GROUPS structure that contains the group SIDs to which the user belongs and their attributes.

[CorrespondingType(typeof(TOKEN_GROUPS))] AuthzContextInfoGroupsSids, ///

Retrieves a TOKEN_GROUPS structure that contains the restricted group SIDs in the context and their attributes.

[CorrespondingType(typeof(TOKEN_GROUPS))] AuthzContextInfoRestrictedSids, ///

Retrieves a TOKEN_PRIVILEGES structure that contains the privileges held by the user.

[CorrespondingType(typeof(TOKEN_PRIVILEGES))] AuthzContextInfoPrivileges, ///

Retrieves the expiration time set on the context.

[CorrespondingType(typeof(long))] AuthzContextInfoExpirationTime, ///

This constant is reserved. Do not use it.

AuthzContextInfoServerContext, ///

Retrieves an LUID structures used by the resource manager to identify the context.

[CorrespondingType(typeof(LUID))] AuthzContextInfoIdentifier, ///

This constant is reserved. Do not use it.

AuthzContextInfoSource, ///

This constant is reserved. Do not use it.

AuthzContextInfoAll, ///

This constant is reserved. Do not use it.

AuthzContextInfoAuthenticationId, ///

/// Retrieves an AUTHZ_SECURITY_ATTRIBUTES_INFORMATION structure that contains security attributes. /// Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported. ///

[CorrespondingType(typeof(AUTHZ_SECURITY_ATTRIBUTES_INFORMATION))] AuthzContextInfoSecurityAttributes, ///

/// Retrieves a TOKEN_GROUPS structure that contains device SIDs and their attributes. /// /// Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value /// is not supported. /// ///

[CorrespondingType(typeof(TOKEN_GROUPS))] AuthzContextInfoDeviceSids, ///

/// Retrieves a AUTHZ_SECURITY_ATTRIBUTES_INFORMATION structure that contains user claims. /// /// Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value /// is not supported. /// ///

[CorrespondingType(typeof(AUTHZ_SECURITY_ATTRIBUTES_INFORMATION))] AuthzContextInfoUserClaims, ///

/// Retrieves a AUTHZ_SECURITY_ATTRIBUTES_INFORMATION structure that contains device claims. /// /// Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value /// is not supported. /// ///

[CorrespondingType(typeof(AUTHZ_SECURITY_ATTRIBUTES_INFORMATION))] AuthzContextInfoDeviceClaims, ///

/// Retrieves a TOKEN_APPCONTAINER_INFORMATION structure that contains the app container SID. /// /// Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value /// is not supported. /// ///

[CorrespondingType(typeof(TOKEN_APPCONTAINER_INFORMATION))] AuthzContextInfoAppContainerSid, ///

/// Retrieves a TOKEN_GROUPS structure that contains capability SIDs. /// /// Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value /// is not supported. /// ///

[CorrespondingType(typeof(TOKEN_GROUPS))] AuthzContextInfoCapabilitySids, } ///

Used by the structure.

[PInvokeData("authz.h")] public enum AUTHZ_SECURITY_ATTRIBUTE_DATATYPE : ushort { ///

Invalid value.

AUTHZ_SECURITY_ATTRIBUTE_TYPE_INVALID = 0x00, ///

The Values member refers to a security attribute that is of INT64 type.

AUTHZ_SECURITY_ATTRIBUTE_TYPE_INT64 = 0x01, ///

The Values member refers to a security attribute that is of UINT64 type.

AUTHZ_SECURITY_ATTRIBUTE_TYPE_UINT64 = 0x02, ///

The Values member refers to a security attribute that is of STRING type.

AUTHZ_SECURITY_ATTRIBUTE_TYPE_STRING = 0x03, ///

The Values member refers to a security attribute that is of AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN type.

AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN = 0x04, ///

/// The Values member refers to a security attribute that is of AUTHZ_SECURITY_ATTRIBUTE_TYPE_SID type. /// Windows Server 2008 R2 and Windows 7: This value type is not available. ///

AUTHZ_SECURITY_ATTRIBUTE_TYPE_SID = 0x05, ///

/// The Values member refers to a security attribute that is of AUTHZ_SECURITY_ATTRIBUTE_TYPE_BOOLEAN type. /// Windows Server 2008 R2 and Windows 7: This value type is not available. ///

AUTHZ_SECURITY_ATTRIBUTE_TYPE_BOOLEAN = 0x06, ///

The Values member refers to a security attribute that is of AUTHZ_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING type.

AUTHZ_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING = 0x10 } ///

Used by the structure.

[PInvokeData("authz.h")] public enum AUTHZ_SECURITY_ATTRIBUTE_FLAGS { ///

No flags specified.

NONE = 0, ///

This security attribute is not inherited across processes.

AUTHZ_SECURITY_ATTRIBUTE_NON_INHERITABLE = 1, ///

The value of the attribute is case sensitive. This flag is valid for values that contain string types.

AUTHZ_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE = 2 } ///

/// The AUTHZ_SECURITY_ATTRIBUTE_OPERATION enumeration indicates the type of modification to be made to security attributes by a call /// to the AuthzModifySecurityAttributes function. ///

///

/// /// The AUTHZ_SECURITY_ATTRIBUTE_OPERATION enumeration indicates the type of modification to be made to security attributes by /// a call to the AuthzModifySecurityAttributes function. /// ///

// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ne-authz-authz_security_attribute_operation typedef enum // AUTHZ_SECURITY_ATTRIBUTE_OPERATION { AUTHZ_SECURITY_ATTRIBUTE_OPERATION_NONE , AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE_ALL , // AUTHZ_SECURITY_ATTRIBUTE_OPERATION_ADD , AUTHZ_SECURITY_ATTRIBUTE_OPERATION_DELETE , AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE } *PAUTHZ_SECURITY_ATTRIBUTE_OPERATION; [PInvokeData("authz.h", MSDNShortId = "c1716cdb-87f9-47d6-bfc3-ae6cc043e917")] public enum AUTHZ_SECURITY_ATTRIBUTE_OPERATION { ///

Do not perform any modification.

AUTHZ_SECURITY_ATTRIBUTE_OPERATION_NONE = 0, ///

/// Delete all existing security attributes and their values in the token and replace them with the specified attributes and values. /// If no new attributes are specified, all existing attributes and values are deleted. /// /// This operation must be the only operation specified and can be specified only once in a single call to /// AuthzModifySecurityAttributes. If the operation is not specified as the first in the list of operations, the call to /// AuthzModifySecurityAttributes fails. If the operation is specified as the first in the array of operations performed, the /// rest of the operations are ignored. /// ///

AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE_ALL, ///

/// Add a new attribute or a new value to an existing attribute. /// /// If the value specified for any attribute already exists for that attribute, the call to AuthzModifySecurityAttributes fails. /// ///

AUTHZ_SECURITY_ATTRIBUTE_OPERATION_ADD, ///

/// Delete the specified values of the specified attributes. If an attribute is specified without a value, that attribute is deleted. /// If this operation results in an attribute that does not contain any values, that attribute is deleted. /// /// If a value is specified that does not match an existing attribute, no modifications are performed and the call to /// AuthzModifySecurityAttributes fails. /// ///

AUTHZ_SECURITY_ATTRIBUTE_OPERATION_DELETE, ///

/// The existing values of the specified security attributes are replaced by the specified new values. /// If any of the specified attributes does not already exist, they are added. /// /// When no value is specified for an attribute, that attribute is deleted. Otherwise, the operation is simply ignored and no /// failure is reported. /// ///

AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE } ///

/// The AUTHZ_SID_OPERATION enumeration indicates the type of SID operations that can be made by a call to the AuthzModifySids function. ///

///

/// /// The AUTHZ_SID_OPERATION enumeration indicates the type of SID operations that can be made by a call to the AuthzModifySids function. /// ///

// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ne-authz-authz_sid_operation typedef enum AUTHZ_SID_OPERATION { // AUTHZ_SID_OPERATION_NONE , AUTHZ_SID_OPERATION_REPLACE_ALL , AUTHZ_SID_OPERATION_ADD , AUTHZ_SID_OPERATION_DELETE , // AUTHZ_SID_OPERATION_REPLACE } *PAUTHZ_SID_OPERATION; [PInvokeData("authz.h", MSDNShortId = "C312BE7D-DA1B-47FE-80BA-7506B9A26E9E")] public enum AUTHZ_SID_OPERATION { ///

Do not modify anything.

AUTHZ_SID_OPERATION_NONE = 0, ///

/// Deletes all existing SIDs and replaces them with the specified SIDs. If the replacement SIDs are not specified, all existing /// SIDs are deleted. This operation can be specified only once and must be the only operation specified. ///

AUTHZ_SID_OPERATION_REPLACE_ALL = 1, ///

Adds a new SID. If the SID already exists, the call fails.

AUTHZ_SID_OPERATION_ADD = 2, ///

Deletes the specified SID. If no matching SID is found, no modifications are done and the call fails.

AUTHZ_SID_OPERATION_DELETE = 3, ///

Replaces the existing SID with the specified SID. If the SID does not already exist, then adds the SID.

AUTHZ_SID_OPERATION_REPLACE = 4 } ///

/// Flags used in the /// method. ///

[PInvokeData("authz.h")] [Flags] public enum AuthzAccessCheckFlags { ///

/// If phAccessCheckResults is not NULL, a deep copy of the security descriptor is copied to the handle referenced by phAccessCheckResults. ///

NONE = 0, ///

/// A deep copy of the security descriptor is not performed. The calling application must pass the address of an /// AUTHZ_ACCESS_CHECK_RESULTS_HANDLE handle in phAccessCheckResults. The AuthzAccessCheck function sets this handle to a /// security descriptor that must remain valid during subsequent calls to AuthzCachedAccessCheck. ///

AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD = 0x00000001, } ///

Flags for the method.

[PInvokeData("authz.h")] [Flags] public enum AuthzAuditEventFlags { ///

No flags set.

NONE = 0, ///

Disable generation of success audits.

AUTHZ_NO_SUCCESS_AUDIT = 0x00000001, ///

Disable generation of failure audits.

AUTHZ_NO_FAILURE_AUDIT = 0x00000002, ///

/// Use pointers to the passed strings instead of allocating memory and copying the strings. The calling application must ensure /// that the passed memory stays valid during access checks. ///

AUTHZ_NO_ALLOC_STRINGS = 0x00000004, ///

Undocumented.

AUTHZ_WPD_CATEGORY_FLAG = 0x00000010, } ///

Flags for the method.

[PInvokeData("authz.h")] [Flags] public enum AuthzContextFlags { ///

/// Default value. /// AuthzInitializeContextFromSid attempts to retrieve the user's token group information by performing an S4U logon. /// /// If S4U logon is not supported by the user's domain or the calling computer, AuthzInitializeContextFromSid queries the user's /// account object for group information. When an account is queried directly, some groups that represent logon characteristics, /// such as Network, Interactive, Anonymous, Network Service, or Local Service, are omitted. Applications can explicitly add such /// group SIDs by implementing the AuthzComputeGroupsCallback function or calling the AuthzAddSidsToContext function. /// ///

DEFAULT = 0, ///

/// Causes AuthzInitializeContextFromSid to skip all group evaluations. When this flag is used, the context returned contains /// only the SID specified by the UserSid parameter. The specified SID can be an arbitrary or application-specific SID. Other /// SIDs can be added to this context by implementing the AuthzComputeGroupsCallback function or by calling the /// AuthzAddSidsToContext function. ///

AUTHZ_SKIP_TOKEN_GROUPS = 0x2, ///

/// Causes AuthzInitializeContextFromSid to fail if Windows Services For User is not available to retrieve token group information. /// Windows XP: This flag is not supported. ///

AUTHZ_REQUIRE_S4U_LOGON = 0x4, ///

/// Causes AuthzInitializeContextFromSid to retrieve privileges for the new context. If this function performs an S4U logon, it /// retrieves privileges from the token. Otherwise, the function retrieves privileges from all SIDs in the context. ///

AUTHZ_COMPUTE_PRIVILEGES = 0x8 } ///

Flags for the method.

[PInvokeData("authz.h")] [Flags] public enum AuthzResourceManagerFlags { ///

/// Default call to the function. The resource manager is initialized as the principal identified in the process token, and /// auditing is in effect. Note that unless the AUTHZ_RM_FLAG_NO_AUDIT flag is set, SeAuditPrivilege must be enabled for the /// function to succeed. ///

DEFAULT = 0, ///

/// Auditing is not in effect. If this flag is set, the caller does not need to have SeAuditPrivilege enabled to call this function. ///

AUTHZ_RM_FLAG_NO_AUDIT = 0x1, ///

The resource manager is initialized as the identity of the thread token.

AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION = 0x2, ///

The resource manager ignores CAP IDs and does not evaluate centralized access policies.

AUTHZ_RM_FLAG_NO_CENTRALIZED_ACCESS_POLICIES = 0x4 } ///

Flags that control the behavior of the operation.

[PInvokeData("authz.h", MSDNShortId = "8b4d6e14-fb9c-428a-bd94-34eba668edc6")] [Flags] public enum SOURCE_SCHEMA_REGISTRATION_FLAGS { ///

/// Allows registration of multiple sources with the same name. Use of this flag means that more than one source can call the /// AuthzRegisterSecurityEventSource function with the same szEventSourceName at runtime. ///

AUTHZ_ALLOW_MULTIPLE_SOURCE_INSTANCES = 0x1, ///

/// The caller is a migrated publisher that has registered a manifest with WEvtUtil.exe. The GUID of the provider specified by /// the pProviderGuid member is stored in the registry. ///

AUTHZ_MIGRATED_LEGACY_PUBLISHER = 0x2, } ///

/// /// The AuthzAccessCheck function determines which access bits can be granted to a client for a given set of security /// descriptors. The AUTHZ_ACCESS_REPLY structure returns an array of granted access masks and error status. Optionally, access masks /// that will always be granted can be cached, and a handle to cached values is returned. /// ///

/// /// /// A DWORD value that specifies how the security descriptor is copied. This parameter can be one of the following values. /// /// /// Starting with Windows 8 and Windows Server 2012, when you call this function on a remote context handle, the upper 16 bits must /// be zero. /// /// /// /// Value /// Meaning /// /// /// 0 /// If phAccessCheckResults is not NULL, a deep copy of the security descriptor is copied to the handle referenced by phAccessCheckResults. /// /// /// AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD 1 /// /// A deep copy of the security descriptor is not performed. The calling application must pass the address of an /// AUTHZ_ACCESS_CHECK_RESULTS_HANDLE handle in phAccessCheckResults. The AuthzAccessCheck function sets this handle to a security /// descriptor that must remain valid during subsequent calls to AuthzCachedAccessCheck. /// /// /// /// /// /// A handle to a structure that represents the client. /// Starting with Windows 8 and Windows Server 2012, the client context can be local or remote. /// /// /// /// A pointer to an AUTHZ_ACCESS_REQUEST structure that specifies the desired access mask, principal self security identifier (SID), /// and the object type list structure, if it exists. /// /// /// /// /// A structure that contains object-specific audit information. When the value of this parameter is not null, an audit is /// automatically requested. Static audit information is read from the resource manager structure. /// /// /// Starting with Windows 8 and Windows Server 2012, when you use this function with a remote context handle, the value of the /// parameter must be NULL. /// /// /// /// /// A pointer to a SECURITY_DESCRIPTOR structure to be used for access checks. The owner SID for the object is picked from this /// security descriptor. A NULL discretionary access control list (DACL) in this security descriptor represents a NULL /// DACL for the entire object. Make sure the security descriptor contains OWNER and DACL information, or an error code 87 or /// "invalid parameter" message will be generated. /// /// /// ImportantNULL DACLs permit all types of access to all users; therefore, do not use NULL DACLs. For /// information about creating a DACL, see Creating a DACL. /// /// A /// NULL /// system access control list /// (SACL) in this security descriptor is treated the same way as an empty SACL. /// /// /// /// An array of SECURITY_DESCRIPTOR structures. NULL access control lists (ACLs) in these security descriptors are treated as /// empty ACLs. The ACL for the entire object is the logical concatenation of all of the ACLs. /// /// /// /// The number of security descriptors not including the primary security descriptor. /// /// /// /// A pointer to an AUTHZ_ACCESS_REPLY structure that contains the results of the access check. Before calling the /// AuthzAccessCheck function, an application must allocate memory for the GrantedAccessMask and /// SaclEvaluationResults members of the AUTHZ_ACCESS_REPLY structure referenced by pReply. /// /// /// /// /// A pointer to return a handle to the cached results of the access check. When this parameter value is not null, the results /// of this access check call will be cached. This results in a MAXIMUM_ALLOWED check. /// /// /// Starting with Windows 8 and Windows Server 2012, when you use this function with a remote context handle, the value of the /// parameter must be NULL. /// /// /// /// If the function succeeds, the function returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// /// /// /// The AuthzAccessCheckCallback callback function will be called if the DACL of the SECURITY_DESCRIPTOR structure pointed to by the /// pSecurityDescriptor parameter contains a callback access control entry (ACE). /// /// /// Security attribute variables must be present in the client context if referred to in a conditional expression, otherwise the /// conditional expression term referencing them will evaluate to unknown. For more information, see the Security Descriptor /// Definition Language for Conditional ACEs topic. /// /// For more information, see the How AccessCheck Works and Centralized Authorization Policy overviews. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzaccesscheck AUTHZAPI BOOL AuthzAccessCheck( DWORD Flags, // AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, PAUTHZ_ACCESS_REQUEST pRequest, AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent, // PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR *OptionalSecurityDescriptorArray, DWORD // OptionalSecurityDescriptorCount, PAUTHZ_ACCESS_REPLY pReply, PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE phAccessCheckResults ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "633c2a73-169c-4e0c-abb6-96c360bd63cf")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzAccessCheck(AuthzAccessCheckFlags Flags, AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, in AUTHZ_ACCESS_REQUEST pRequest, [Optional] AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent, PSECURITY_DESCRIPTOR pSecurityDescriptor, [Optional, MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 6)] SECURITY_DESCRIPTOR[] OptionalSecurityDescriptorArray, uint OptionalSecurityDescriptorCount, [In, Out] AUTHZ_ACCESS_REPLY pReply, out SafeAUTHZ_ACCESS_CHECK_RESULTS_HANDLE phAccessCheckResults); ///

/// The AuthzAddSidsToContext function creates a copy of an existing context and appends a given set of security identifiers /// (SIDs) and restricted SIDs. ///

/// An AUTHZ_CLIENT_CONTEXT_HANDLE structure to be copied as the basis for NewClientContext. /// /// A pointer to a SID_AND_ATTRIBUTES structure containing the SIDs and attributes to be added to the unrestricted part of the client context. /// /// The number of SIDs to be added. /// /// A pointer to a SID_AND_ATTRIBUTES structure containing the SIDs and attributes to be added to the restricted part of the client context. /// /// Number of restricted SIDs to be added. /// /// A pointer to the created AUTHZ_CLIENT_CONTEXT_HANDLE structure containing input values for expiration time, identifier, /// flags, additional SIDs and restricted SIDs. /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzaddsidstocontext AUTHZAPI BOOL AuthzAddSidsToContext( // AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, PSID_AND_ATTRIBUTES Sids, DWORD SidCount, PSID_AND_ATTRIBUTES RestrictedSids, // DWORD RestrictedSidCount, PAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzClientContext ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "4744013b-7f2e-4ebb-8944-10ffcc6006d0")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzAddSidsToContext(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, in SID_AND_ATTRIBUTES Sids, uint SidCount, in SID_AND_ATTRIBUTES RestrictedSids, uint RestrictedSidCount, out SafeAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzClientContext); ///

/// The AuthzAddSidsToContext function creates a copy of an existing context and appends a given set of security identifiers /// (SIDs) and restricted SIDs. ///

/// An AUTHZ_CLIENT_CONTEXT_HANDLE structure to be copied as the basis for NewClientContext. /// /// A pointer to a SID_AND_ATTRIBUTES structure containing the SIDs and attributes to be added to the unrestricted part of the client context. /// /// The number of SIDs to be added. /// /// A pointer to a SID_AND_ATTRIBUTES structure containing the SIDs and attributes to be added to the restricted part of the client context. /// /// Number of restricted SIDs to be added. /// /// A pointer to the created AUTHZ_CLIENT_CONTEXT_HANDLE structure containing input values for expiration time, identifier, /// flags, additional SIDs and restricted SIDs. /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzaddsidstocontext AUTHZAPI BOOL AuthzAddSidsToContext( // AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, PSID_AND_ATTRIBUTES Sids, DWORD SidCount, PSID_AND_ATTRIBUTES RestrictedSids, // DWORD RestrictedSidCount, PAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzClientContext ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "4744013b-7f2e-4ebb-8944-10ffcc6006d0")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzAddSidsToContext(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, [Optional] IntPtr Sids, uint SidCount, [Optional] IntPtr RestrictedSids, uint RestrictedSidCount, out SafeAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzClientContext); ///

/// The AuthzCachedAccessCheck function performs a fast access check based on a cached handle containing the static granted /// bits from a previous AuthzAccessCheck call. ///

/// Reserved for future use. /// A handle to the cached access check results. /// /// Access request handle specifying the desired access mask, principal self SID, and the object type list structure (if any). /// /// /// A structure that contains object-specific audit information. When the value of this parameter is not null, an audit is /// automatically requested. Static audit information is read from the resource manager structure. /// /// /// A pointer to an AUTHZ_ACCESS_REPLY handle that returns the results of access check as an array of GrantedAccessMask/ErrorValue /// pairs. The number of pairs returned is supplied by the caller in the ResultListLength member of the /// AUTHZ_ACCESS_REPLY structure. /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// Expected values of the Error members of array elements returned are shown in the following table. /// /// /// Return code /// Description /// /// /// ERROR_SUCCESS /// /// All the access bits, not including MAXIMUM_ALLOWED, are granted and the GrantedAccessMask member of the pReply parameter is not zero. /// /// /// /// ERROR_PRIVILEGE_NOT_HELD /// /// The DesiredAccess member of the pRequest parameter includes ACCESS_SYSTEM_SECURITY, and the client does not have the /// SeSecurityPrivilege privilege. /// /// /// /// ERROR_ACCESS_DENIED /// One or more of the following is true: /// /// /// /// /// /// The client context pointer is stored in the AuthzHandle parameter. The structure of the client context must be exactly the same /// as it was at the time AuthzHandle was created. This restriction is for the following fields: /// /// /// /// SIDs /// /// /// RestrictedSids /// /// /// Privileges /// /// /// /// Pointers to the primary security descriptor and the optional security descriptor array are stored in AuthzHandle at the time of /// handle creation. These pointers must still be valid. /// /// /// The AuthzCachedAccessCheck function maintains a cache as a result of evaluating Central Access Policies (CAP) on objects /// unless CAPs are ignored, for example when the AUTHZ_RM_FLAG_NO_CENTRAL_ACCESS_POLICIES flag is used. The client may call the /// AuthzFreeCentralAccessPolicyCache function to free up this cache. Note that this requires a subsequent call to /// AuthzCachedAccessCheck to rebuild the cache if necessary. /// /// For more information, see the How AccessCheck Works and Centralized Authorization Policy overviews. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzcachedaccesscheck AUTHZAPI BOOL AuthzCachedAccessCheck( // DWORD Flags, AUTHZ_ACCESS_CHECK_RESULTS_HANDLE hAccessCheckResults, PAUTHZ_ACCESS_REQUEST pRequest, AUTHZ_AUDIT_EVENT_HANDLE // hAuditEvent, PAUTHZ_ACCESS_REPLY pReply ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "8b3bb69f-7bf9-4e4a-b870-081dd92c7ee4")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzCachedAccessCheck([Optional] uint Flags, AUTHZ_ACCESS_CHECK_RESULTS_HANDLE hAccessCheckResults, in AUTHZ_ACCESS_REQUEST pRequest, [Optional] AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent, AUTHZ_ACCESS_REPLY pReply); ///

/// The AuthzEnumerateSecurityEventSources function retrieves the registered security event sources that are not installed by default. ///

/// Reserved for future use; set this parameter to zero. /// /// A pointer to an array of AUTHZ_SOURCE_SCHEMA_REGISTRATION structures that returns the registered security event sources. /// /// A pointer to a variable that receives the number of event sources found. /// /// A pointer to a variable that specifies the length of the Buffer parameter in bytes. On output, this parameter receives the number /// of bytes used or required. /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. For extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzenumeratesecurityeventsources AUTHZAPI BOOL // AuthzEnumerateSecurityEventSources( DWORD dwFlags, PAUTHZ_SOURCE_SCHEMA_REGISTRATION Buffer, PDWORD pdwCount, PDWORD pdwLength ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "2a20ccc9-f2ac-41e4-9d86-745004775e67")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzEnumerateSecurityEventSources([Optional] uint dwFlags, IntPtr Buffer, out uint pdwCount, ref uint pdwLength); ///

/// The AuthzEnumerateSecurityEventSources function retrieves the registered security event sources that are not installed by default. ///

/// An array of AUTHZ_SOURCE_SCHEMA_REGISTRATION structures that returns the registered security event sources. // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzenumeratesecurityeventsources AUTHZAPI BOOL [PInvokeData("authz.h", MSDNShortId = "2a20ccc9-f2ac-41e4-9d86-745004775e67")] public static IEnumerable AuthzEnumerateSecurityEventSources() { var len = 0U; if (!AuthzEnumerateSecurityEventSources(0, IntPtr.Zero, out _, ref len) && len == 0) Win32Error.ThrowLastError(); using var mem = new SafeHGlobalHandle((int)len); Win32Error.ThrowLastErrorIfFalse(AuthzEnumerateSecurityEventSources(0, mem, out var cnt, ref len)); return mem.ToEnumerable((int)cnt).ToArray(); } ///

/// The AuthzFreeAuditEvent function frees the structure allocated by the AuthzInitializeObjectAccessAuditEvent function. ///

/// /// A pointer to the AUTHZ_AUDIT_EVENT_HANDLE structure to be freed. /// /// /// If the function succeeds, the function returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzfreeauditevent AUTHZAPI BOOL AuthzFreeAuditEvent( // AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "e2980ef7-45dd-47c7-ba4d-f36b52bbd7dc")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzFreeAuditEvent(AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent); ///

/// The AuthzFreeCentralAccessPolicyCache function frees the cache maintained as a result of AuthzCachedAccessCheck evaluating /// the Central Access Policies (CAP) that applies for the resource. ///

/// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// /// For more information, see the How AccessCheck Works and Centralized Authorization Policy overviews. // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzfreecentralaccesspolicycache AUTHZAPI BOOL // AuthzFreeCentralAccessPolicyCache( ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "0F972A95-3CD7-4C86-99DE-5B3D50CE9A34")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzFreeCentralAccessPolicyCache(); ///

/// /// The AuthzFreeContext function frees all structures and memory associated with the client context. The list of handles for /// a client is freed in this call. /// /// /// Starting with Windows Server 2012 and Windows 8, this function also frees the memory associated with device groups, user claims, /// and device claims. /// ///

/// /// The AUTHZ_CLIENT_CONTEXT_HANDLE structure to be freed. /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzfreecontext [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "cad9fff0-9aa6-4cb2-a34f-94cf72f66bca")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzFreeContext(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext); ///

/// The AuthzFreeHandle function finds and deletes a handle from the handle list. ///

/// /// A handle to be freed. /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzfreehandle AUTHZAPI BOOL AuthzFreeHandle( // AUTHZ_ACCESS_CHECK_RESULTS_HANDLE hAccessCheckResults ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "8d2e2ae9-b515-4a02-b366-5b107b4f7ffa")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzFreeHandle(AUTHZ_ACCESS_CHECK_RESULTS_HANDLE hAccessCheckResults); ///

/// The AuthzFreeResourceManager function frees a resource manager object. ///

/// /// The AUTHZ_RESOURCE_MANAGER_HANDLE to be freed. /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzfreeresourcemanager AUTHZAPI BOOL // AuthzFreeResourceManager( AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "8b716368-8d81-4c62-9086-0976b39bbcf8")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzFreeResourceManager(AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager); ///

/// The AuthzGetInformationFromContext function returns information about an Authz context. /// /// Starting with Windows Server 2012 and Windows 8, device groups are returned as a TOKEN_GROUPS structure. User and device claims /// are returned as an AUTHZ_SECURITY_ATTRIBUTES_INFORMATION structure. /// ///

/// /// A handle to the context. /// /// /// A value of the AUTHZ_CONTEXT_INFORMATION_CLASS enumeration that indicates the type of information to be returned. /// /// /// Size of the buffer passed. /// /// /// A pointer to a DWORD of the buffer size required for returning the structure. /// /// /// /// A pointer to memory that can receive the information. The structure returned depends on the information requested in the /// InfoClass parameter. /// /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzgetinformationfromcontext AUTHZAPI BOOL // AuthzGetInformationFromContext( AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, AUTHZ_CONTEXT_INFORMATION_CLASS InfoClass, DWORD // BufferSize, PDWORD pSizeRequired, PVOID Buffer ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "c365029a-3ff3-49c1-9dfc-b52948e466f3")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzGetInformationFromContext(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, AUTHZ_CONTEXT_INFORMATION_CLASS InfoClass, uint BufferSize, out uint pSizeRequired, IntPtr Buffer); ///

/// /// The AuthzInitializeCompoundContext function creates a user-mode context from the given user and device security contexts. /// ///

/// /// User context to create the compound context from. /// /// /// Device context to create the compound context from. This must not be the same as the user context. /// /// /// Used to return the resultant compound context. /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzinitializecompoundcontext AUTHZAPI BOOL // AuthzInitializeCompoundContext( AUTHZ_CLIENT_CONTEXT_HANDLE UserContext, AUTHZ_CLIENT_CONTEXT_HANDLE DeviceContext, // PAUTHZ_CLIENT_CONTEXT_HANDLE phCompoundContext ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "2EC9EE76-9A92-40DF-9884-547D96FF3E09")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzInitializeCompoundContext(AUTHZ_CLIENT_CONTEXT_HANDLE UserContext, AUTHZ_CLIENT_CONTEXT_HANDLE DeviceContext, out SafeAUTHZ_CLIENT_CONTEXT_HANDLE phCompoundContext); ///

/// The AuthzInitializeContextFromAuthzContext function creates a new client context based on an existing client context. /// /// Starting with Windows Server 2012 and Windows 8, this function also duplicates device groups, user claims, and device claims. /// ///

/// Reserved for future use. /// The handle to an existing client context. /// /// Sets the time limit for how long the returned context structure is valid. If no value is passed, then the token never expires. /// Expiration time is not currently enforced. /// /// The specific identifier for the resource manager. /// /// A pointer to parameters to be passed to the callback function that computes dynamic groups. If the value is NULL, then the /// callback function is not called. /// /// /// A pointer to the duplicated AUTHZ_CLIENT_CONTEXT_HANDLE handle. When you have finished using the handle, release it by calling /// the AuthzFreeContext function. /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// /// /// This function calls the AuthzComputeGroupsCallback callback function to add security identifiers to the newly created context. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzinitializecontextfromauthzcontext AUTHZAPI BOOL // AuthzInitializeContextFromAuthzContext( DWORD Flags, AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, PLARGE_INTEGER // pExpirationTime, LUID Identifier, PVOID DynamicGroupArgs, PAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzClientContext ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "dac5e354-ee31-45e3-9eb8-8f3263161ad2")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzInitializeContextFromAuthzContext([Optional] uint Flags, AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, in long pExpirationTime, LUID Identifier, IntPtr DynamicGroupArgs, out SafeAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzClientContext); ///

/// Reserved for future use. /// The handle to an existing client context. /// /// Sets the time limit for how long the returned context structure is valid. If no value is passed, then the token never expires. /// Expiration time is not currently enforced. /// /// The specific identifier for the resource manager. /// /// A pointer to parameters to be passed to the callback function that computes dynamic groups. If the value is NULL, then the /// callback function is not called. /// /// /// A pointer to the duplicated AUTHZ_CLIENT_CONTEXT_HANDLE handle. When you have finished using the handle, release it by calling /// the AuthzFreeContext function. /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// /// /// This function calls the AuthzComputeGroupsCallback callback function to add security identifiers to the newly created context. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzinitializecontextfromauthzcontext AUTHZAPI BOOL // AuthzInitializeContextFromAuthzContext( DWORD Flags, AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, PLARGE_INTEGER // pExpirationTime, LUID Identifier, PVOID DynamicGroupArgs, PAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzClientContext ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "dac5e354-ee31-45e3-9eb8-8f3263161ad2")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzInitializeContextFromAuthzContext([Optional] uint Flags, AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, [Optional] IntPtr pExpirationTime, LUID Identifier, IntPtr DynamicGroupArgs, out SafeAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzClientContext); ///

/// /// The AuthzInitializeContextFromSid function creates a user-mode client context from a user security identifier (SID). /// Domain SIDs retrieve token group attributes from the Active Directory. /// ///

/// /// The following flags are defined. /// /// Starting with Windows 8 and Windows Server 2012, when you call this function on a remote context handle, the upper 16 bits must /// be zero. /// /// /// /// Value /// Meaning /// /// /// 0 (0x0) /// /// Default value. AuthzInitializeContextFromSid attempts to retrieve the user's token group information by performing an S4U logon. /// If S4U logon is not supported by the user's domain or the calling computer, AuthzInitializeContextFromSid queries the user's /// account object for group information. When an account is queried directly, some groups that represent logon characteristics, such /// as Network, Interactive, Anonymous, Network Service, or Local Service, are omitted. Applications can explicitly add such group /// SIDs by implementing the AuthzComputeGroupsCallback function or calling the AuthzAddSidsToContext function. /// /// /// /// AUTHZ_SKIP_TOKEN_GROUPS 2 (0x2) /// /// Causes AuthzInitializeContextFromSid to skip all group evaluations. When this flag is used, the context returned contains only /// the SID specified by the UserSid parameter. The specified SID can be an arbitrary or application-specific SID. Other SIDs can be /// added to this context by implementing the AuthzComputeGroupsCallback function or by calling the AuthzAddSidsToContext function. /// /// /// /// AUTHZ_REQUIRE_S4U_LOGON 4 (0x4) /// /// Causes AuthzInitializeContextFromSid to fail if Windows Services For User is not available to retrieve token group information. /// Windows XP: This flag is not supported. /// /// /// /// AUTHZ_COMPUTE_PRIVILEGES 8 (0x8) /// /// Causes AuthzInitializeContextFromSid to retrieve privileges for the new context. If this function performs an S4U logon, it /// retrieves privileges from the token. Otherwise, the function retrieves privileges from all SIDs in the context. /// /// /// /// /// /// /// The SID of the user for whom a client context will be created. This must be a valid user or computer account unless the /// AUTHZ_SKIP_TOKEN_GROUPS flag is used. /// /// /// /// A handle to the resource manager creating this client context. This handle is stored in the client context structure. /// /// Starting with Windows 8 and Windows Server 2012, the resource manager can be local or remote and is obtained by calling the /// AuthzInitializeRemoteResourceManager function. /// /// /// /// /// Expiration date and time of the token. If no value is passed, the token never expires. Expiration time is not currently enforced. /// /// /// /// Specific identifier of the resource manager. This parameter is not currently used. /// /// /// /// A pointer to parameters to be passed to the callback function that computes dynamic groups. This parameter can be NULL if /// no dynamic parameters are passed to the callback function. /// /// /// Starting with Windows 8 and Windows Server 2012, this parameter must be NULL if the resource manager is remote. Otherwise, /// ERROR_NOT_SUPPORTED will be set. /// /// /// /// /// A pointer to the handle to the client context that the AuthzInitializeContextFromSid function creates. When you have /// finished using the handle, free it by calling the AuthzFreeContext function. /// /// /// /// If the function succeeds, the function returns nonzero. /// If the function fails, it returns zero. To get extended error information, call GetLastError. /// /// /// /// If possible, call the AuthzInitializeContextFromToken function instead of AuthzInitializeContextFromSid. /// AuthzInitializeContextFromSid attempts to retrieve the information available in a logon token had the client actually /// logged on. An actual logon token provides more information, such as logon type and logon properties, and reflects the behavior of /// the authentication package used for the logon. The client context created by AuthzInitializeContextFromToken uses a logon /// token, and the resulting client context is more complete and accurate than a client context created by AuthzInitializeContextFromSid. /// /// This function resolves valid user SIDs only. /// /// Windows XP: This function resolves group memberships for valid user and group SIDs (unless the AUTHZ_SKIP_TOKEN_GROUPS /// flag is used). Support for resolving memberships of group SIDs may be altered or unavailable in subsequent versions. /// /// This function calls the AuthzComputeGroupsCallback callback function to add SIDs to the newly created context. /// /// Important Applications should not assume that the calling context has permission to use this function. The /// AuthzInitializeContextFromSid function reads the tokenGroupsGlobalAndUniversal attribute of the SID specified in the call /// to determine the current user's group memberships. If the user's object is in Active Directory, the calling context must have /// read access to the tokenGroupsGlobalAndUniversal attribute on the user object. When a new domain is created, the default access /// compatibility selection is Permissions compatible with Windows 2000 and Windows Server 2003 operating systems. When this /// option is set, the Pre-Windows 2000 Compatible Access group includes only the Authenticated Users built-in security /// identifiers. Therefore, applications may not have access to the tokenGroupsGlobalAndUniversal attribute; in this case, the /// AuthzInitializeContextFromSid function fails with ACCESS_DENIED. Applications that use this function should correctly /// handle this error and provide supporting documentation. To simplify granting accounts permission to query a user's group /// information, add accounts that need the ability to look up group information to the Windows Authorization Access Group. /// /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzinitializecontextfromsid AUTHZAPI BOOL // AuthzInitializeContextFromSid( DWORD Flags, PSID UserSid, AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager, PLARGE_INTEGER // pExpirationTime, LUID Identifier, PVOID DynamicGroupArgs, PAUTHZ_CLIENT_CONTEXT_HANDLE phAuthzClientContext ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "402a8641-5644-45c1-80e9-c60321c1ac38")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzInitializeContextFromSid( AuthzContextFlags Flags, PSID UserSid, [Optional] AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager, [Optional] IntPtr pExpirationTime, LUID Identifier, [Optional] IntPtr DynamicGroupArgs, out SafeAUTHZ_CLIENT_CONTEXT_HANDLE phAuthzClientContext); ///

/// /// The AuthzInitializeContextFromToken function initializes a client authorization context from a kernel token. The kernel /// token must have been opened for TOKEN_QUERY. /// /// Starting with Windows Server 2012 and Windows 8, this function can also copy device groups, user claims, and device claims. ///

/// /// Reserved for future use. /// /// /// /// A handle to the client token used to initialize the pAuthzClientContext parameter. The token must have been opened with /// TOKEN_QUERY access. /// /// /// /// A handle to the resource manager that created this client context. This handle is stored in the client context structure. /// /// /// /// Expiration date and time of the token. If no value is passed, the token never expires. Expiration time is not currently enforced. /// /// /// /// Identifier that is specific to the resource manager. This parameter is not currently used. /// /// /// A pointer to parameters to be passed to the callback function that computes dynamic groups. /// /// /// A pointer to the AuthzClientContext handle returned. Call AuthzFreeContext when done with the client context. /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// /// /// /// This function calls the AuthzComputeGroupsCallback callback function to add security identifiers to the newly created context. /// /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzinitializecontextfromtoken AUTHZAPI BOOL // AuthzInitializeContextFromToken( DWORD Flags, HANDLE TokenHandle, AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager, // PLARGE_INTEGER pExpirationTime, LUID Identifier, PVOID DynamicGroupArgs, PAUTHZ_CLIENT_CONTEXT_HANDLE phAuthzClientContext ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "75a7fb3f-6b3a-42ca-b467-f57baf6c60c6")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzInitializeContextFromToken(uint Flags, HTOKEN TokenHandle, AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager, [Optional] IntPtr pExpirationTime, LUID Identifier, [Optional] IntPtr DynamicGroupArgs, out SafeAUTHZ_CLIENT_CONTEXT_HANDLE phAuthzClientContext); ///

/// The AuthzInitializeObjectAccessAuditEvent function initializes auditing for an object. ///

/// /// Modifies the audit. This parameter can be one of the following values. /// /// /// Value /// Meaning /// /// /// AUTHZ_NO_SUCCESS_AUDIT /// Disable generation of success audits. /// /// /// AUTHZ_NO_FAILURE_AUDIT /// Disable generation of failure audits. /// /// /// AUTHZ_NO_ALLOC_STRINGS /// /// Use pointers to the passed strings instead of allocating memory and copying the strings. The calling application must ensure that /// the passed memory stays valid during access checks. /// /// /// /// /// /// Reserved. This parameter should be set to NULL. /// /// /// String that indicates the operation that is to be audited. /// /// /// String that indicates the type of object being accessed. /// /// /// String the indicates the name of the object being accessed. /// /// /// String, defined by the Resource Manager, for additional audit information. /// /// /// Pointer that receives an AUTHZ_AUDIT_EVENT_HANDLE structure. /// /// /// Must be set to zero. /// /// Additional parameters. /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. For extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzinitializeobjectaccessauditevent AUTHZAPI BOOL // AuthzInitializeObjectAccessAuditEvent( DWORD Flags, AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAuditEventType, PWSTR szOperationType, PWSTR // szObjectType, PWSTR szObjectName, PWSTR szAdditionalInfo, PAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent, DWORD // dwAdditionalParameterCount, ... ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Unicode)] [PInvokeData("authz.h", MSDNShortId = "cf79a92f-31e0-47cf-8990-4dbd46056a90")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzInitializeObjectAccessAuditEvent(AuthzAuditEventFlags Flags, [Optional] IntPtr hAuditEventType, string szOperationType, string szObjectType, string szObjectName, string szAdditionalInfo, out SafeAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent, uint dwAdditionalParameterCount = 0, IntPtr parameters = default); ///

/// The AuthzInitializeObjectAccessAuditEvent2 function allocates and initializes an AUTHZ_AUDIT_EVENT_HANDLE handle /// for use with the AuthzAccessCheck function. ///

/// /// Flags that modify the behavior of the audit. The following table shows the possible values. /// /// /// Value /// Meaning /// /// /// AUTHZ_NO_ALLOC_STRINGS /// /// Uses pointers to the passed strings instead of allocating memory and copying the strings. The calling application must ensure /// that the passed memory remains valid during access checks. /// /// /// /// AUTHZ_NO_FAILURE_AUDIT /// Disables generation of failure audits. /// /// /// AUTHZ_NO_SUCCESS_AUDIT /// Disables generation of success audits. /// /// /// /// Reserved. This parameter should be set to NULL. /// A pointer to a string that indicates the operation that is to be audited. /// A pointer to a string that indicates the type of object accessed. /// A pointer to a string that indicates the name of the object accessed. /// Pointer to a string defined by the Resource Manager that contains additional audit information. /// Pointer to a string defined by the Resource Manager that contains additional audit information. /// A pointer to the returned AUTHZ_AUDIT_EVENT_HANDLE handle. /// Must be set to zero. /// Additional parameters. /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. For extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzinitializeobjectaccessauditevent2 AUTHZAPI BOOL // AuthzInitializeObjectAccessAuditEvent2( DWORD Flags, AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAuditEventType, PWSTR szOperationType, PWSTR // szObjectType, PWSTR szObjectName, PWSTR szAdditionalInfo, PWSTR szAdditionalInfo2, PAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent, DWORD // dwAdditionalParameterCount, ... ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Unicode)] [PInvokeData("authz.h", MSDNShortId = "c65bb799-0158-496a-b428-0331c4474b74")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzInitializeObjectAccessAuditEvent2(AuthzAuditEventFlags Flags, [Optional] IntPtr hAuditEventType, string szOperationType, string szObjectType, string szObjectName, string szAdditionalInfo, string szAdditionalInfo2, out SafeAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent, uint dwAdditionalParameterCount = 0, IntPtr parameters = default); ///

/// /// The AuthzInitializeRemoteResourceManager function allocates and initializes a remote resource manager. The caller can use /// the resulting handle to make AuthZ calls over RPC to a remote instance of the resource manager configured on a server. /// ///

/// /// Pointer to an AUTHZ_RPC_INIT_INFO_CLIENT structure containing the initial information needed to configure the connection. /// /// /// /// A handle to the resource manager. When you have finished using the handle, free it by calling the AuthzFreeResourceManager function. /// /// /// /// If the function succeeds, the function returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzinitializeremoteresourcemanager AUTHZAPI BOOL // AuthzInitializeRemoteResourceManager( PAUTHZ_RPC_INIT_INFO_CLIENT pRpcInitInfo, PAUTHZ_RESOURCE_MANAGER_HANDLE // phAuthzResourceManager ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "C3B6C75B-13A5-49CC-BB01-DA1EEC292C20")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzInitializeRemoteResourceManager(in AUTHZ_RPC_INIT_INFO_CLIENT pRpcInitInfo, out SafeAUTHZ_RESOURCE_MANAGER_HANDLE phAuthzResourceManager); ///

The AuthzInitializeResourceManager function uses Authz to verify that clients have access to various resources.

/// /// A DWORD value that defines how the resource manager is initialized. /// AUTHZ_RM_FLAG_NO_AUDIT and AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION can be bitwise-combined. /// /// /// A pointer to the AuthzAccessCheckCallback callback function that the resource manager calls each time it encounters a callback /// access control entry (ACE) during access control list (ACL) evaluation in AuthzAccessCheck or AuthzCachedAccessCheck. This /// parameter can be NULL if no access check callback function is used. /// /// /// A pointer to the AuthzComputeGroupsCallback callback function called by the resource manager during initialization of an /// AuthzClientContext handle. This parameter can be NULL if no callback function is used to compute dynamic groups. /// /// /// A pointer to the AuthzFreeGroupsCallback callback function called by the resource manager to free security identifier (SID) /// attribute arrays allocated by the compute dynamic groups callback. This parameter can be NULL if no callback function is used to /// compute dynamic groups. /// /// /// A string that identifies the resource manager. This parameter can be NULL if the resource manager does not need a name. /// /// /// A pointer to the returned resource manager handle. When you have finished using the handle, free it by calling the /// AuthzFreeResourceManager function. /// /// /// If the function succeeds, the function returns TRUE. If the function fails, it returns FALSE. To get extended error information, /// call GetLastError. /// [DllImport(Lib.Authz, ExactSpelling = true, SetLastError = true, CharSet = CharSet.Unicode)] [PInvokeData("authz.h", MSDNShortId = "aa376313")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzInitializeResourceManager( AuthzResourceManagerFlags flags, [Optional] AuthzAccessCheckCallback pfnAccessCheck, [Optional] AuthzComputeGroupsCallback pfnComputeDynamicGroups, [Optional] AuthzFreeGroupsCallback pfnFreeDynamicGroups, [Optional, MarshalAs(UnmanagedType.LPWStr)] string name, out SafeAUTHZ_RESOURCE_MANAGER_HANDLE rm); ///

/// The AuthzInitializeResourceManagerEx function initializes an Authz resource manager and returns a handle to it. Use this /// function rather than AuthzInitializeResourceManager when you want the resource manager to manage Central Access Policies (CAPs). ///

/// /// /// A DWORD value that defines how the resource manager is initialized. This parameter can be one or more of the following values. /// /// /// /// Value /// Meaning /// /// /// 0 /// /// Default call to the function. The resource manager is initialized as the principal identified in the process token, and auditing /// is in effect. Unless the AUTHZ_RM_FLAG_NO_AUDIT flag is set, SeAuditPrivilege must be enabled for the function to succeed. /// /// /// /// AUTHZ_RM_FLAG_NO_AUDIT 1 /// /// Auditing is not in effect. If this flag is set, the caller does not need to have SeAuditPrivilege enabled to call this function. /// Use this flag if the resource manager will never generate an audit for best performance. /// /// /// /// AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION 2 /// /// The resource manager is initialized as the identity of the thread token. If the current thread is impersonating, then use the /// impersonation token as the identity of the resource manager. /// /// /// /// AUTHZ_RM_FLAG_NO_CENTRAL_ACCESS_POLICIES 4 /// The central access policy IDs are ignored. Do not evaluate central access policies. /// /// /// /// /// A pointer to a AUTHZ_INIT_INFO structure that contains the authorization resource manager initialization information. /// /// /// A pointer to the returned resource manager handle. When you have finished using the handle, free it by using the /// AuthzFreeResourceManager function. /// /// /// If the function succeeds, the function returns a value of TRUE. /// If the function fails, it returns a value of FALSE. To get extended error information, call GetLastError. /// /// /// /// If the AUTHZ_RM_FLAG_NO_CENTRAL_ACCESS_POLICIES flag is specified, then AuthzAccessCheck and AuthzCachedAccessCheck ignore CAPID /// (Central Access Policies ID) access control entriesSYSTEM_SCOPED_POLICY_ID_ACE and will not evaluate CAPs. /// /// /// If the AUTHZ_RM_FLAG_NO_CENTRAL_ACCESS_POLICIES flag is not specified and pfnGetCentralAccessPolicy is NULL, then /// AuthzAccessCheck and AuthzCachedAccessCheck will get CAPs from LSA. For more information, see LsaGetAppliedCAPIDs. /// /// /// If the AUTHZ_RM_FLAG_NO_CENTRAL_ACCESS_POLICIES flag is not specified and a central access policy callback is provided by the /// resource manager, then AuthzAccessCheck and AuthzCachedAccessCheck will get CAPs from the resource manager by invoking the callback. /// /// /// The LSA and the central access policy callback can indicate that CAPs are not supported, in which case AuthzAccessCheck and /// AuthzCachedAccessCheck ignore CAPID ACEs and will not evaluate CAPs. /// /// /// The LSA and the central access policy callback may fail to return a CAP that corresponds to a particular CAPID, in which case /// AuthzAccessCheck and AuthzCachedAccessCheck use the same default CAP as the kernel AccessCheck. /// /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzinitializeresourcemanagerex AUTHZAPI BOOL // AuthzInitializeResourceManagerEx( DWORD Flags, PAUTHZ_INIT_INFO pAuthzInitInfo, PAUTHZ_RESOURCE_MANAGER_HANDLE // phAuthzResourceManager ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "CDB78606-1B53-4516-90E6-1FF096B3D7D9")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzInitializeResourceManagerEx(AuthzResourceManagerFlags Flags, in AUTHZ_INIT_INFO pAuthzInitInfo, out SafeAUTHZ_RESOURCE_MANAGER_HANDLE phAuthzResourceManager); ///

The AuthzInstallSecurityEventSource function installs the specified source as a security event source.

/// This parameter is reserved for future use and must be set to zero. /// /// /// A pointer to an AUTHZ_SOURCE_SCHEMA_REGISTRATION structure that contains information about the security event source to be added. /// /// /// The members of the AUTHZ_SOURCE_SCHEMA_REGISTRATION structure are used as follows to install the security event source in the /// security log key: /// /// /// /// The szEventSourceName member is added as a registry key under /// /// /// /// The szEventMessageFile member is added as the data in a REG_SZ value named EventMessageFile under the event source key. /// /// /// /// /// The szEventAccessStringsFile member is added as the data in a REG_SZ value named ParameterMessageFile under the /// event source key. /// /// /// /// If the registry path does not exist, it is created. /// /// /// /// /// /// If the szEventSourceXmlSchemaFile member is not NULL, it is added as the data in a REG_SZ value named /// XmlSchemaFile under the event source key. This value is not used. /// /// /// /// The szExecutableImagePath member may be set to NULL. /// /// /// /// /// If the function succeeds, the function returns TRUE. /// If the function fails, it returns FALSE. For extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzinstallsecurityeventsource AUTHZAPI BOOL // AuthzInstallSecurityEventSource( DWORD dwFlags, PAUTHZ_SOURCE_SCHEMA_REGISTRATION pRegistration ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "77cb5c6c-1634-4449-8d05-ce6357ad4e4b")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzInstallSecurityEventSource([Optional] uint dwFlags, [In, MarshalAs(UnmanagedType.CustomMarshaler, MarshalTypeRef = typeof(VanaraCustomMarshaler))] AUTHZ_SOURCE_SCHEMA_REGISTRATION pRegistration); ///

/// The AuthzModifyClaims function adds, deletes, or modifies user and device claims in the Authz client context. ///

/// /// A handle to the client context to be modified. /// /// /// Type of information to be modified. The caller can specify AuthzContextInfoUserClaims or AuthzContextInfoDeviceClaims. /// /// /// /// A pointer to an array of AUTHZ_SECURITY_ATTRIBUTE_OPERATION enumeration values that specify the type of claim modification to make. /// /// /// /// A pointer to an AUTHZ_SECURITY_ATTRIBUTES_INFORMATION structure that specifies the claims to modify. /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// /// /// /// The AUTHZ_SECURITY_ATTRIBUTE_OPERATION enumeration must have only one element if the value of that element is /// AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE_ALL. Otherwise, the array has the same number of elements as the corresponding PAUTHZ_SECURITY_ATTRIBUTES_INFORMATION. /// /// /// If the AUTHZ_SECURITY_ATTRIBUTE_OPERATION enumeration is AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE and the function fails, call /// GetLastError. If the error code is ERROR_ALREADY_EXISTS, the claim's values have duplicate entries. /// /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzmodifyclaims AUTHZAPI BOOL AuthzModifyClaims( // AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, AUTHZ_CONTEXT_INFORMATION_CLASS ClaimClass, PAUTHZ_SECURITY_ATTRIBUTE_OPERATION // pClaimOperations, PAUTHZ_SECURITY_ATTRIBUTES_INFORMATION pClaims ); [PInvokeData("authz.h", MSDNShortId = "A93CD1DD-4E87-4C6A-928A-F90AD7F1085E")] [DllImport(Lib.Authz, ExactSpelling = true, SetLastError = true, CharSet = CharSet.Unicode)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzModifyClaims(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, AUTHZ_CONTEXT_INFORMATION_CLASS ClaimClass, AUTHZ_SECURITY_ATTRIBUTE_OPERATION[] pClaimOperations, [In, MarshalAs(UnmanagedType.CustomMarshaler, MarshalTypeRef = typeof(AUTHZ_SECURITY_ATTRIBUTES_INFORMATION_Marshaler))] AUTHZ_SECURITY_ATTRIBUTES_INFORMATION pClaims); ///

/// /// The AuthzModifySecurityAttributes function modifies the security attribute information in the specified client context. /// ///

/// /// A handle to the client context to be modified. /// /// /// /// A pointer to an array of AUTHZ_SECURITY_ATTRIBUTE_OPERATION enumeration values that specify the types of modifications to make. /// /// /// This array must have only one element if the value of that element is AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE_ALL. /// Otherwise, the array has the same number of elements as the pAttributes array. /// /// /// /// A pointer to an AUTHZ_SECURITY_ATTRIBUTES_INFORMATION structure that specifies the attributes to modify. /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzmodifysecurityattributes AUTHZAPI BOOL // AuthzModifySecurityAttributes( AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, PAUTHZ_SECURITY_ATTRIBUTE_OPERATION pOperations, // PAUTHZ_SECURITY_ATTRIBUTES_INFORMATION pAttributes ); [DllImport(Lib.Authz, ExactSpelling = true, SetLastError = true, CharSet = CharSet.Unicode)] [PInvokeData("authz.h", MSDNShortId = "d84873e2-ecfe-45cf-9048-7ed173117efa")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzModifySecurityAttributes(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, AUTHZ_SECURITY_ATTRIBUTE_OPERATION[] pOperations, [In, MarshalAs(UnmanagedType.CustomMarshaler, MarshalTypeRef = typeof(AUTHZ_SECURITY_ATTRIBUTES_INFORMATION_Marshaler))] AUTHZ_SECURITY_ATTRIBUTES_INFORMATION pAttributes); ///

/// The AuthzModifySids function adds, deletes, or modifies user and device groups in the Authz client context. ///

/// /// A handle to the client context to be modified. /// /// /// /// Type of information to be modified. The caller can specify AuthzContextInfoGroupsSids, AuthzContextInfoRestrictedSids, or AuthzContextInfoDeviceSids. /// /// /// /// A pointer to an array of AUTHZ_SID_OPERATION enumeration values that specify the group modifications to make. /// /// /// A pointer to a TOKEN_GROUPS structure that specifies the groups to modify. /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// /// /// /// The AUTHZ_SID_OPERATION enumeration must have only one element if the value of that element is AUTHZ_SID_OPERATION_REPLACE_ALL. /// Otherwise, the array has the same number of elements as the corresponding PTOKEN_GROUPS. /// /// /// When you want to use AuthzModifySids to delete, the SIDs are matched but not the SID flags. If no matching SID is found, /// no modifications are done and the call fails. /// /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzmodifysids AUTHZAPI BOOL AuthzModifySids( // AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, AUTHZ_CONTEXT_INFORMATION_CLASS SidClass, PAUTHZ_SID_OPERATION pSidOperations, // PTOKEN_GROUPS pSids ); [DllImport(Lib.Authz, ExactSpelling = true, SetLastError = true, CharSet = CharSet.Unicode)] [PInvokeData("authz.h", MSDNShortId = "740569A5-6159-409B-B8CB-B3A8BAE4F398")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzModifySids(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, AUTHZ_CONTEXT_INFORMATION_CLASS SidClass, AUTHZ_SID_OPERATION[] pSidOperations, in TOKEN_GROUPS pSids); ///

/// The AuthzOpenObjectAudit function reads the system access control list (SACL) of the specified security descriptor and /// generates any appropriate audits specified by that SACL. ///

/// Reserved for future use. /// A handle to the client context of the object to open. /// A pointer to an AUTHZ_ACCESS_REQUEST structure. /// A handle to the audit event to use. /// A pointer to the SECURITY_DESCRIPTOR structure for the object. /// A pointer to an array of SECURITY_DESCRIPTOR structures. /// The number of elements in SecurityDescriptorArray. /// A pointer to an AUTHZ_ACCESS_REPLY structure. /// /// If the function succeeds, it returns a nonzero value. /// If the function fails, it returns a zero value. To get extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzopenobjectaudit AUTHZAPI BOOL AuthzOpenObjectAudit( DWORD // Flags, AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, PAUTHZ_ACCESS_REQUEST pRequest, AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent, // PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR *OptionalSecurityDescriptorArray, DWORD // OptionalSecurityDescriptorCount, PAUTHZ_ACCESS_REPLY pReply ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "39c6f0bc-72bf-4a82-b417-c0c5b2626344")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzOpenObjectAudit([Optional] uint Flags, AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, in AUTHZ_ACCESS_REQUEST pRequest, AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent, [In] PSECURITY_DESCRIPTOR pSecurityDescriptor, [In, Optional] PSECURITY_DESCRIPTOR[] OptionalSecurityDescriptorArray, uint OptionalSecurityDescriptorCount, in AUTHZ_ACCESS_REPLY pReply); ///

The AuthzRegisterCapChangeNotification function registers a CAP update notification callback.

/// /// Pointer to the CAP change notification subscription handle. When you have finished using the handle, unsubscribe by passing this /// parameter to the AuthzUnregisterCapChangeNotification function. /// /// The CAP change notification callback function. /// The context of the user to be passed to the callback function. /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// /// /// This function is intended for applications that manually manage CAP usage to get notified of CAP changes in the system. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzregistercapchangenotification AUTHZAPI BOOL // AuthzRegisterCapChangeNotification( PAUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE phCapChangeSubscription, LPTHREAD_START_ROUTINE // pfnCapChangeCallback, PVOID pCallbackContext ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "B0675BB3-62FA-462E-8DFB-55C47576DFEC")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzRegisterCapChangeNotification(out SafeAUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE phCapChangeSubscription, ThreadProc pfnCapChangeCallback, IntPtr pCallbackContext); ///

/// The AuthzRegisterSecurityEventSource function registers a security event source with the Local Security Authority (LSA). ///

/// This parameter is reserved for future use. Set this parameter to zero. /// A pointer to the name of the security event source to register. /// A pointer to a handle to the registered security event source. /// /// If the function succeeds, the function returns TRUE. /// If the function fails, it returns FALSE. For extended error information, call GetLastError. /// /// /// /// This function validates the szEventSourceName parameter and sets up the appropriate structures and RPC connections to log events /// with that source name. The validation is handled by an underlying call to an LSA API. /// /// The LSA API verifies the following: /// /// /// The caller has the SeAuditPrivilege access right. /// /// /// The event source is not already in use. /// /// /// The event source is registered. /// /// /// The calling application matches the executable image path in the event source registration, if one exists. /// /// /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzregistersecurityeventsource AUTHZAPI BOOL // AuthzRegisterSecurityEventSource( DWORD dwFlags, PCWSTR szEventSourceName, PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "726e480d-1a34-4fd6-ac2d-876fa08f4eae")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzRegisterSecurityEventSource([Optional] uint dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string szEventSourceName, out SafeAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider); ///

/// The AuthzReportSecurityEvent function generates a security audit for a registered security event source. /// /// Auditing for the object access event category must be enabled for the AuthzReportSecurityEvent function to generate a /// security audit. The available audit types are defined in the AUDIT_PARAM_TYPE enumeration. /// ///

/// /// Flags that specify the type of audit generated. The following table shows the possible values. /// /// /// Value /// Meaning /// /// /// APF_AuditFailure 0x00000000 /// Failure audits are generated. /// /// /// APF_AuditSuccess 0x00000001 /// Success audits are generated. /// /// /// /// A handle to the registered security event source to use for the audit. /// The identifier of the audit. /// /// A pointer to the security identifier (SID) that will be listed as the source of the audit in the event log. /// /// /// The number of AuditParamFlag type/value pairs that appear in the variable arguments section that follows this parameter. /// /// /// If the function succeeds, the function returns TRUE. /// If the function fails, it returns FALSE. For extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzreportsecurityevent AUTHZAPI BOOL // AuthzReportSecurityEvent( DWORD dwFlags, AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider, DWORD dwAuditId, PSID pUserSid, // DWORD dwCount, ... ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Unicode, CallingConvention = CallingConvention.Cdecl)] [PInvokeData("authz.h", MSDNShortId = "95d561ef-3233-433a-a1e7-b914df1dd211")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzReportSecurityEvent(APF dwFlags, AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider, uint dwAuditId, [Optional] PSID pUserSid, uint dwCount, __arglist); ///

/// The AuthzReportSecurityEventFromParams function generates a security audit for a registered security event source by /// using the specified array of audit parameters. ///

/// Reserved for future use. /// A handle to the registered security event source to use for the audit. /// The identifier of the audit. /// /// A pointer to the security identifier (SID) that will be listed as the source of the audit in the event log. /// /// An array of audit parameters. /// /// If the function succeeds, the function returns TRUE. /// If the function fails, it returns FALSE. For extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzreportsecurityeventfromparams AUTHZAPI BOOL // AuthzReportSecurityEventFromParams( DWORD dwFlags, AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider, DWORD dwAuditId, PSID // pUserSid, PAUDIT_PARAMS pParams ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Unicode)] [PInvokeData("authz.h", MSDNShortId = "ee5b598a-0a89-4b32-a9bc-e9c811573b08")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzReportSecurityEventFromParams([Optional] uint dwFlags, AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider, uint dwAuditId, [Optional] PSID pUserSid, in AUDIT_PARAMS pParams); ///

/// The AuthzReportSecurityEventFromParams function generates a security audit for a registered security event source by /// using the specified array of audit parameters. ///

/// The AuthzSetAppContainerInformation function sets the app container and capability information in a current Authz context. /// If the passed in context already has an app container security identifier (SID) set or if the passed in context is not a valid /// app container SID, this function fails. ///

/// /// The handle to the client context to which the given app container SID and capability SIDs will be added. /// /// The app container SID. /// The number of capability SIDs to be added. This value can be zero if no capability is to be added. /// /// The capability SIDs to be added to the context. This value must be NULL when the CapabilityCount parameter is zero. /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzsetappcontainerinformation AUTHZAPI BOOL // AuthzSetAppContainerInformation( AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, PSID pAppContainerSid, DWORD CapabilityCount, // PSID_AND_ATTRIBUTES pCapabilitySids ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "CD01C5E1-2367-4CC1-A495-A295E3C82B46")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzSetAppContainerInformation([In] AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, [In] PSID pAppContainerSid, uint CapabilityCount, [In] SID_AND_ATTRIBUTES[] pCapabilitySids); ///

/// The AuthzUninstallSecurityEventSource function removes the specified source from the list of valid security event sources. ///

/// Reserved for future use; set this parameter to zero. /// /// /// Name of the source to remove from the list of valid security event sources. This corresponds to the szEventSourceName /// member of the AUTHZ_SOURCE_SCHEMA_REGISTRATION structure that defines the source. /// /// /// This function removes the source information from the registry. For more information about the registry keys and values affected, /// see the AuthzInstallSecurityEventSource function. /// /// /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. For extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzuninstallsecurityeventsource AUTHZAPI BOOL // AuthzUninstallSecurityEventSource( DWORD dwFlags, PCWSTR szEventSourceName ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "495157da-d4ed-42ff-bcb4-5c07ab9ec0e6")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzUninstallSecurityEventSource([Optional] uint dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string szEventSourceName); ///

/// The AuthzUnregisterCapChangeNotification function removes a previously registered CAP update notification callback. ///

/// Handle of the CAP change notification subscription to unregister. /// /// If the function succeeds, it returns TRUE. /// If the function fails, it returns FALSE. To get extended error information, call GetLastError. /// /// /// This function blocks operations until all callbacks are complete. Do not call this function from inside a callback function /// because it will cause a deadlock. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzunregistercapchangenotification AUTHZAPI BOOL // AuthzUnregisterCapChangeNotification( AUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE hCapChangeSubscription ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "79374C66-CD50-4351-A16B-AF79A579AF74")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzUnregisterCapChangeNotification(AUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE hCapChangeSubscription); ///

/// The AuthzUnregisterSecurityEventSource function unregisters a security event source with the Local Security Authority (LSA). ///

/// This parameter is reserved for future use. Set this parameter to zero. /// A pointer to a handle to the security event source to unregister. /// /// If the function succeeds, the function returns TRUE. /// If the function fails, it returns FALSE. For extended error information, call GetLastError. /// /// /// This function deallocates any resources and closes any RPC connections associated with a previous call to the /// AuthzRegisterSecurityEventSource function. /// // https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzunregistersecurityeventsource AUTHZAPI BOOL // AuthzUnregisterSecurityEventSource( DWORD dwFlags, PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider ); [DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)] [PInvokeData("authz.h", MSDNShortId = "3ca3086b-f9c9-4305-aaf3-c41b5dba30ad")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool AuthzUnregisterSecurityEventSource([Optional] uint dwFlags, in AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider); ///

Provides a handle to an access check results.

[StructLayout(LayoutKind.Sequential)] public struct AUTHZ_ACCESS_CHECK_RESULTS_HANDLE : IHandle { private readonly IntPtr handle; ///

Initializes a new instance of the struct.

/// An object that represents the pre-existing handle to use. public AUTHZ_ACCESS_CHECK_RESULTS_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle; ///

Returns an invalid handle by instantiating a object with .

public static AUTHZ_ACCESS_CHECK_RESULTS_HANDLE NULL => new(IntPtr.Zero); ///

Gets a value indicating whether this instance is a null handle.

public bool IsNull => handle == IntPtr.Zero; ///

Performs an explicit conversion from to .

/// The handle. /// The result of the conversion. public static explicit operator IntPtr(AUTHZ_ACCESS_CHECK_RESULTS_HANDLE h) => h.handle; ///

Performs an implicit conversion from to .

/// The pointer to a handle. /// The result of the conversion. public static implicit operator AUTHZ_ACCESS_CHECK_RESULTS_HANDLE(IntPtr h) => new(h); ///

Implements the operator !=.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator !=(AUTHZ_ACCESS_CHECK_RESULTS_HANDLE h1, AUTHZ_ACCESS_CHECK_RESULTS_HANDLE h2) => !(h1 == h2); ///

Implements the operator ==.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator ==(AUTHZ_ACCESS_CHECK_RESULTS_HANDLE h1, AUTHZ_ACCESS_CHECK_RESULTS_HANDLE h2) => h1.Equals(h2); /// public override bool Equals(object obj) => obj is AUTHZ_ACCESS_CHECK_RESULTS_HANDLE h && handle == h.handle; /// public override int GetHashCode() => handle.GetHashCode(); /// public IntPtr DangerousGetHandle() => handle; } ///

/// The AUTHZ_ACCESS_REQUEST structure defines an access check request. ///

// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ns-authz-_authz_access_request typedef struct _AUTHZ_ACCESS_REQUEST { // ACCESS_MASK DesiredAccess; PSID PrincipalSelfSid; POBJECT_TYPE_LIST ObjectTypeList; DWORD ObjectTypeListLength; PVOID // OptionalArguments; } AUTHZ_ACCESS_REQUEST, *PAUTHZ_ACCESS_REQUEST; [PInvokeData("authz.h", MSDNShortId = "3748075c-b31a-4669-b8a6-1a540449d8fa")] [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct AUTHZ_ACCESS_REQUEST { ///

The type of access to test for.

public uint DesiredAccess; ///

The security identifier (SID) to use for the principal self SID in the access control list (ACL).

public byte[] PrincipalSelfSid; ///

/// An array of OBJECT_TYPE_LIST structures in the object tree for the object. Set to NULL unless the application checks access /// at the property level. ///

public IntPtr ObjectTypeList; ///

/// The number of elements in the ObjectTypeList array. This member is necessary only if the application checks access at the /// property level. ///

public uint ObjectTypeListLength; ///

A pointer to memory to pass to AuthzAccessCheckCallback when checking callback access control entries (ACEs).

public IntPtr OptionalArguments; ///

Initializes a new instance of the struct.

/// The access. public AUTHZ_ACCESS_REQUEST(uint access) : this() => DesiredAccess = access; ///

Gets or sets the object types.

/// The object types. public OBJECT_TYPE_LIST[] ObjectTypes => ObjectTypeList.ToIEnum((int)ObjectTypeListLength).Select(p => p.ToStructure()).ToArray(); } ///

Provides a handle to an Audit event.

[StructLayout(LayoutKind.Sequential)] public struct AUTHZ_AUDIT_EVENT_HANDLE : IHandle { private readonly IntPtr handle; ///

Initializes a new instance of the struct.

/// An object that represents the pre-existing handle to use. public AUTHZ_AUDIT_EVENT_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle; ///

Returns an invalid handle by instantiating a object with .

public static AUTHZ_AUDIT_EVENT_HANDLE NULL => new(IntPtr.Zero); ///

Gets a value indicating whether this instance is a null handle.

public bool IsNull => handle == IntPtr.Zero; ///

Performs an explicit conversion from to .

/// The handle. /// The result of the conversion. public static explicit operator IntPtr(AUTHZ_AUDIT_EVENT_HANDLE h) => h.handle; ///

Performs an implicit conversion from to .

/// The pointer to a handle. /// The result of the conversion. public static implicit operator AUTHZ_AUDIT_EVENT_HANDLE(IntPtr h) => new(h); ///

Implements the operator !=.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator !=(AUTHZ_AUDIT_EVENT_HANDLE h1, AUTHZ_AUDIT_EVENT_HANDLE h2) => !(h1 == h2); ///

Implements the operator ==.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator ==(AUTHZ_AUDIT_EVENT_HANDLE h1, AUTHZ_AUDIT_EVENT_HANDLE h2) => h1.Equals(h2); /// public override bool Equals(object obj) => obj is AUTHZ_AUDIT_EVENT_HANDLE h && handle == h.handle; /// public override int GetHashCode() => handle.GetHashCode(); /// public IntPtr DangerousGetHandle() => handle; } ///

Provides a handle to a CAP change notification subscription handle.

[StructLayout(LayoutKind.Sequential)] public struct AUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE : IHandle { private readonly IntPtr handle; ///

Initializes a new instance of the struct.

/// An object that represents the pre-existing handle to use. public AUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle; ///

/// Returns an invalid handle by instantiating a object with . ///

public static AUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE NULL => new(IntPtr.Zero); ///

Gets a value indicating whether this instance is a null handle.

public bool IsNull => handle == IntPtr.Zero; ///

Performs an explicit conversion from to .

/// The handle. /// The result of the conversion. public static explicit operator IntPtr(AUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE h) => h.handle; ///

Performs an implicit conversion from to .

/// The pointer to a handle. /// The result of the conversion. public static implicit operator AUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE(IntPtr h) => new(h); ///

Implements the operator !=.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator !=(AUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE h1, AUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE h2) => !(h1 == h2); ///

Implements the operator ==.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator ==(AUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE h1, AUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE h2) => h1.Equals(h2); /// public override bool Equals(object obj) => obj is AUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE h && handle == h.handle; /// public override int GetHashCode() => handle.GetHashCode(); /// public IntPtr DangerousGetHandle() => handle; } ///

Provides a handle to a client context.

[StructLayout(LayoutKind.Sequential)] public struct AUTHZ_CLIENT_CONTEXT_HANDLE : IHandle { private readonly IntPtr handle; ///

Initializes a new instance of the struct.

/// An object that represents the pre-existing handle to use. public AUTHZ_CLIENT_CONTEXT_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle; ///

Returns an invalid handle by instantiating a object with .

public static AUTHZ_CLIENT_CONTEXT_HANDLE NULL => new(IntPtr.Zero); ///

Gets a value indicating whether this instance is a null handle.

public bool IsNull => handle == IntPtr.Zero; ///

Performs an explicit conversion from to .

/// The handle. /// The result of the conversion. public static explicit operator IntPtr(AUTHZ_CLIENT_CONTEXT_HANDLE h) => h.handle; ///

Performs an implicit conversion from to .

/// The pointer to a handle. /// The result of the conversion. public static implicit operator AUTHZ_CLIENT_CONTEXT_HANDLE(IntPtr h) => new(h); ///

Implements the operator !=.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator !=(AUTHZ_CLIENT_CONTEXT_HANDLE h1, AUTHZ_CLIENT_CONTEXT_HANDLE h2) => !(h1 == h2); ///

Implements the operator ==.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator ==(AUTHZ_CLIENT_CONTEXT_HANDLE h1, AUTHZ_CLIENT_CONTEXT_HANDLE h2) => h1.Equals(h2); /// public override bool Equals(object obj) => obj is AUTHZ_CLIENT_CONTEXT_HANDLE h && handle == h.handle; /// public override int GetHashCode() => handle.GetHashCode(); /// public IntPtr DangerousGetHandle() => handle; } ///

The AUTHZ_INIT_INFO structure defines the initialization information for the resource manager.

// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ns-authz-_authz_init_info typedef struct _AUTHZ_INIT_INFO { USHORT // version; PCWSTR szResourceManagerName; PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnDynamicAccessCheck; PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS // pfnComputeDynamicGroups; PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups; PFN_AUTHZ_GET_CENTRAL_ACCESS_POLICY // pfnGetCentralAccessPolicy; PFN_AUTHZ_FREE_CENTRAL_ACCESS_POLICY pfnFreeCentralAccessPolicy; } AUTHZ_INIT_INFO, *PAUTHZ_INIT_INFO; [PInvokeData("authz.h", MSDNShortId = "30489BE7-5B95-413E-8134-039AD3220A50")] [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct AUTHZ_INIT_INFO { ///

Highest supported version for this structure.

public const ushort AUTHZ_INIT_INFO_VERSION_V1 = 1; ///

/// The version of the authorization resource manager initialization information structure. This must be set to /// AUTHZ_INIT_INFO_VERSION_V1 (1). ///

public ushort version; ///

/// Pointer to a Unicode string that identifies the resource manager. This parameter can be NULL if the resource manager /// does not need a name. ///

[MarshalAs(UnmanagedType.LPWStr)] public string szResourceManagerName; ///

/// Pointer to an AuthzAccessCheckCallback callback function that the resource manager calls each time it encounters a callback /// access control entry (ACE) during access control list (ACL) evaluation in AuthzAccessCheck or AuthzCachedAccessCheck. This /// parameter can be NULL if no access check callback function is used. ///

[MarshalAs(UnmanagedType.FunctionPtr)] public AuthzAccessCheckCallback pfnDynamicAccessCheck; ///

/// Pointer to the AuthzComputeGroupsCallback callback function called by the resource manager during initialization of an /// AuthzClientContext handle. This parameter can be NULL if no callback function is used to compute dynamic groups. ///

[MarshalAs(UnmanagedType.FunctionPtr)] public AuthzComputeGroupsCallback pfnComputeDynamicGroups; ///

/// Pointer to the AuthzFreeGroupsCallback callback function called by the resource manager to free security identifier (SID) /// attribute arrays allocated by the compute dynamic groups callback. This parameter can be NULL if no callback function /// is used to compute dynamic groups. ///

[MarshalAs(UnmanagedType.FunctionPtr)] public AuthzFreeGroupsCallback pfnFreeDynamicGroups; ///

/// Pointer to the AuthzGetCentralAccessPolicyCallback callback function to be called by the resource manager to resolve any /// Central Access Policy ID ACE (SYSTEM_SCOPED_POLICY_ID_ACE) encountered by AuthzAccessCheck or AuthzCachedAccessCheck. If this /// parameter is NULL, the AuthzAccessCheck function will fall back to LSA to resolve the Central Access Policy ID ACE. ///

[MarshalAs(UnmanagedType.FunctionPtr)] public AuthzGetCentralAccessPolicyCallback pfnGetCentralAccessPolicy; ///

/// Pointer to the AuthzFreeCentralAccessPolicyCallback callback function called by the resource manager to free the Central /// Access Policy allocated by the callback to get a central access policy. This parameter can be NULL if no callback /// function is specified for pfnGetCentralAccessPolicy ///

[MarshalAs(UnmanagedType.FunctionPtr)] public AuthzFreeCentralAccessPolicyCallback pfnFreeCentralAccessPolicy; } ///

/// The AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET structure specifies the offset of a registration object type name. ///

// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ns-authz-authz_registration_object_type_name_offset typedef struct // _AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET { PWSTR szObjectTypeName; DWORD dwOffset; } // AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET, *PAUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET; [PInvokeData("authz.h", MSDNShortId = "2ec39edc-7819-41a5-8798-dc51c00ba85e")] [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET { ///

A pointer to a wide character string that represents the name of the object type.

[MarshalAs(UnmanagedType.LPTStr)] public string szObjectTypeName; ///

Offset of the object type name in an object types message DLL.

public uint dwOffset; } ///

Provides a handle to a resource manager.

[StructLayout(LayoutKind.Sequential)] public struct AUTHZ_RESOURCE_MANAGER_HANDLE : IHandle { private readonly IntPtr handle; ///

Initializes a new instance of the struct.

/// An object that represents the pre-existing handle to use. public AUTHZ_RESOURCE_MANAGER_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle; ///

Returns an invalid handle by instantiating a object with .

public static AUTHZ_RESOURCE_MANAGER_HANDLE NULL => new(IntPtr.Zero); ///

Gets a value indicating whether this instance is a null handle.

public bool IsNull => handle == IntPtr.Zero; ///

Performs an explicit conversion from to .

/// The handle. /// The result of the conversion. public static explicit operator IntPtr(AUTHZ_RESOURCE_MANAGER_HANDLE h) => h.handle; ///

Performs an implicit conversion from to .

/// The pointer to a handle. /// The result of the conversion. public static implicit operator AUTHZ_RESOURCE_MANAGER_HANDLE(IntPtr h) => new(h); ///

Implements the operator !=.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator !=(AUTHZ_RESOURCE_MANAGER_HANDLE h1, AUTHZ_RESOURCE_MANAGER_HANDLE h2) => !(h1 == h2); ///

Implements the operator ==.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator ==(AUTHZ_RESOURCE_MANAGER_HANDLE h1, AUTHZ_RESOURCE_MANAGER_HANDLE h2) => h1.Equals(h2); /// public override bool Equals(object obj) => obj is AUTHZ_RESOURCE_MANAGER_HANDLE h && handle == h.handle; /// public override int GetHashCode() => handle.GetHashCode(); /// public IntPtr DangerousGetHandle() => handle; } ///

The AUTHZ_RPC_INIT_INFO_CLIENT structure initializes a remote resource manager for a client.

[PInvokeData("authz.h", MSDNShortId = "6859A0CB-F88E-42BF-A350-293D28E908DD")] [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct AUTHZ_RPC_INIT_INFO_CLIENT { ///

Highest supported version of the AUTHZ_RPC_INIT_INFO_CLIENT structure.

public const ushort AUTHZ_RPC_INIT_INFO_CLIENT_VERSION_V1 = 1; ///

Version of the structure. The highest currently supported version is AUTHZ_RPC_INIT_INFO_CLIENT_VERSION_V1.

public ushort version; ///

/// Null-terminated string representation of the resource manager UUID. Only the following values are valid. /// /// /// /// Use “5fc860e0-6f6e-4fc2-83cd-46324f25e90b” for remote effective access evaluation that ignores central policy. /// /// /// /// /// Use “9a81c2bd-a525-471d-a4ed-49907c0b23da” for remote effective access evaluation that takes central policy into account. /// /// /// ///

[MarshalAs(UnmanagedType.LPWStr)] public string ObjectUuid; ///

/// Null-terminated string representation of a protocol sequence. This can be the following value. /// /// /// "ncacn_ip_tcp". /// /// ///

[MarshalAs(UnmanagedType.LPWStr)] public string ProtSeq; ///

/// Null-terminated string representation of a network address. The network-address format is associated with the protocol sequence. ///

[MarshalAs(UnmanagedType.LPWStr)] public string NetworkAddr; ///

/// Null-terminated string representation of an endpoint. The endpoint format and content are associated with the protocol /// sequence. For example, the endpoint associated with the protocol sequence ncacn_np is a pipe name in the format \\Pipe\PipeName. ///

[MarshalAs(UnmanagedType.LPWStr)] public string Endpoint; ///

/// Null-terminated string representation of network options. The option string is associated with the protocol sequence. ///

[MarshalAs(UnmanagedType.LPWStr)] public string Options; ///

/// Server Principal Name (SPN) of the server. If this member is missing, it is constructed from NetworkAddr assuming "host" /// service class. ///

[MarshalAs(UnmanagedType.LPWStr)] public string ServerSpn; } ///

/// /// The AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE structure specifies a fully qualified binary name value associated with a security attribute. /// ///

// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ns-authz-_authz_security_attribute_fqbn_value typedef struct // _AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE { ULONG64 Version; PWSTR pName; } AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE, *PAUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE; [PInvokeData("authz.h", MSDNShortId = "05b4bf7d-a0d9-473c-b215-9cf566b2a996")] [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE { ///

The version number of the structure.

public ulong Version; ///

/// A pointer to strings that specify the names of the publisher, the product, and the original binary file of the value. ///

public string pName; } ///

/// The AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE structure specifies an octet string value for a security attribute. ///

// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ns-authz-_authz_security_attribute_octet_string_value typedef struct // _AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE { PVOID pValue; ULONG ValueLength; } AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE, *PAUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE; [PInvokeData("authz.h", MSDNShortId = "aebe20d5-280f-45d3-a11d-279a08a1a165")] [StructLayout(LayoutKind.Sequential)] public struct AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE { ///

A pointer to the value.

public byte[] pValue; ///

The length, in bytes, of the pValue member.

public uint ValueLength; } ///

/// /// The AUTHZ_SECURITY_ATTRIBUTE_V1 structure defines a security attribute that can be associated with an authorization context. /// ///

// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ns-authz-_authz_security_attribute_v1 typedef struct // _AUTHZ_SECURITY_ATTRIBUTE_V1 { PWSTR pName; USHORT ValueType; USHORT Reserved; ULONG Flags; ULONG ValueCount; union { PLONG64 // pInt64; PULONG64 pUint64; PWSTR *ppString; PAUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE pFqbn; // PAUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE pOctetString; } Values; } AUTHZ_SECURITY_ATTRIBUTE_V1, *PAUTHZ_SECURITY_ATTRIBUTE_V1; [PInvokeData("authz.h", MSDNShortId = "0c4778bb-1b5d-4422-b066-d2a6aaa1f351")] [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct AUTHZ_SECURITY_ATTRIBUTE_V1 { ///

A pointer to a name of a security attribute.

public string pName; ///

The data type of the values pointed to by the Values member.

public AUTHZ_SECURITY_ATTRIBUTE_DATATYPE ValueType; ///

Reserved for future use.

public ushort Reserved; ///

A combination of one or more of the following values.

public AUTHZ_SECURITY_ATTRIBUTE_FLAGS Flags; ///

The number of values specified in the Values member.

public uint ValueCount; ///

A pointer to the value.

public AUTHZ_SECURITY_ATTRIBUTE_V1_Union Values; ///

Initializes a new instance of the struct.

/// The name. /// The value. public AUTHZ_SECURITY_ATTRIBUTE_V1(string name, params long[] values) : this(name, AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_INT64, values.Length) => Values.pInt64 = values; ///

Initializes a new instance of the struct.

/// The name. /// The value. public AUTHZ_SECURITY_ATTRIBUTE_V1(string name, params ulong[] values) : this(name, AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_UINT64, values.Length) => Values.pUInt64 = values; ///

Initializes a new instance of the struct.

/// The name. /// The value. public AUTHZ_SECURITY_ATTRIBUTE_V1(string name, params bool[] values) : this(name, AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_BOOLEAN, values.Length) => Values.pInt64 = Array.ConvertAll(values, Convert.ToInt64); ///

Initializes a new instance of the struct.

/// The name. /// The value. public AUTHZ_SECURITY_ATTRIBUTE_V1(string name, params string[] values) : this(name, AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_STRING, values.Length) => Values.ppString = values; ///

Initializes a new instance of the struct.

/// The name. /// The value. public AUTHZ_SECURITY_ATTRIBUTE_V1(string name, params AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE[] values) : this(name, AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN, values.Length) => Values.pFqbn = values; ///

Initializes a new instance of the struct.

/// The name. /// The value. public AUTHZ_SECURITY_ATTRIBUTE_V1(string name, params AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE[] values) : this(name, AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING, values.Length) => Values.pOctetString = values; private AUTHZ_SECURITY_ATTRIBUTE_V1(string name, AUTHZ_SECURITY_ATTRIBUTE_DATATYPE type, int count) : this() { pName = name; ValueType = type; ValueCount = (uint)count; } ///

Union.

[StructLayout(LayoutKind.Explicit, CharSet = CharSet.Unicode)] public struct AUTHZ_SECURITY_ATTRIBUTE_V1_Union { ///

A pointer to one or more numeric attribute values.

[FieldOffset(0)] public long[] pInt64; ///

A pointer to one or more numeric attribute values.

[FieldOffset(0)] public ulong[] pUInt64; ///

A pointer to one or more string attribute values.

[FieldOffset(0)] public string[] ppString; ///

A pointer to one or more AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE structures.

[FieldOffset(0)] public AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE[] pFqbn; ///

A pointer to one or more AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE structures.

[FieldOffset(0)] public AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE[] pOctetString; } } ///

Provides a handle to the registered security event source.

[StructLayout(LayoutKind.Sequential)] public struct AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE : IHandle { private readonly IntPtr handle; ///

Initializes a new instance of the struct.

/// An object that represents the pre-existing handle to use. public AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle; ///

/// Returns an invalid handle by instantiating a object with . ///

public static AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE NULL => new(IntPtr.Zero); ///

Gets a value indicating whether this instance is a null handle.

public bool IsNull => handle == IntPtr.Zero; ///

Performs an explicit conversion from to .

/// The handle. /// The result of the conversion. public static explicit operator IntPtr(AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE h) => h.handle; ///

Performs an implicit conversion from to .

/// The pointer to a handle. /// The result of the conversion. public static implicit operator AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE(IntPtr h) => new(h); ///

Implements the operator !=.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator !=(AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE h1, AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE h2) => !(h1 == h2); ///

Implements the operator ==.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator ==(AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE h1, AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE h2) => h1.Equals(h2); /// public override bool Equals(object obj) => obj is AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE h && handle == h.handle; /// public override int GetHashCode() => handle.GetHashCode(); /// public IntPtr DangerousGetHandle() => handle; } ///

The AUTHZ_SOURCE_SCHEMA_REGISTRATION structure specifies information about source schema registration.

// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ns-authz-_authz_source_schema_registration typedef struct // _AUTHZ_SOURCE_SCHEMA_REGISTRATION { DWORD dwFlags; PWSTR szEventSourceName; PWSTR szEventMessageFile; PWSTR // szEventSourceXmlSchemaFile; PWSTR szEventAccessStringsFile; PWSTR szExecutableImagePath; union { PVOID pReserved; GUID // *pProviderGuid; } DUMMYUNIONNAME; DWORD dwObjectTypeNameCount; AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET // ObjectTypeNames[ANYSIZE_ARRAY]; } AUTHZ_SOURCE_SCHEMA_REGISTRATION, *PAUTHZ_SOURCE_SCHEMA_REGISTRATION; [PInvokeData("authz.h", MSDNShortId = "8b4d6e14-fb9c-428a-bd94-34eba668edc6")] [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] [VanaraMarshaler(typeof(SafeAnysizeStructMarshaler), nameof(dwObjectTypeNameCount))] public class AUTHZ_SOURCE_SCHEMA_REGISTRATION { ///

/// Flags that control the behavior of the operation. The following table shows a possible value. /// /// /// Value /// Meaning /// /// /// AUTHZ_ALLOW_MULTIPLE_SOURCE_INSTANCES 0x1 /// /// Allows registration of multiple sources with the same name. Use of this flag means that more than one source can call the /// AuthzRegisterSecurityEventSource function with the same szEventSourceName at runtime. /// /// /// /// AUTHZ_MIGRATED_LEGACY_PUBLISHER 0x2 /// /// The caller is a migrated publisher that has registered a manifest with WEvtUtil.exe. The GUID of the provider specified by /// the pProviderGuid member is stored in the registry. /// /// /// ///

public SOURCE_SCHEMA_REGISTRATION_FLAGS dwFlags; ///

A pointer to a wide character string that represents the name of the event source.

[MarshalAs(UnmanagedType.LPTStr)] public string szEventSourceName; ///

A pointer to a wide character string that represents the name of the resource that contains the event messages.

[MarshalAs(UnmanagedType.LPTStr)] public string szEventMessageFile; ///

A pointer to a wide character string that represents the name of the XML schema file for the event source.

[MarshalAs(UnmanagedType.LPTStr)] public string szEventSourceXmlSchemaFile; ///

/// A pointer to a wide character string that represents the name of the resource that contains the event parameter strings. ///

[MarshalAs(UnmanagedType.LPTStr)] public string szEventAccessStringsFile; ///

This member is reserved and must be set to NULL.

[MarshalAs(UnmanagedType.LPTStr)] public string szExecutableImagePath; ///

/// The GUID of a migrated publisher. The value of this member is converted to a string and stored in the registry if the caller /// is a migrated publisher. ///

public GuidPtr pProviderGuid; ///

The number of objects in the ObjectTypeNames array.

public uint dwObjectTypeNameCount; ///

An array of AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET structures that represents the object types for the events.

[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET[] ObjectTypeNames; } ///

/// The AUTHZ_ACCESS_REPLY structure defines an access check reply. ///

// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ns-authz-_authz_access_reply typedef struct _AUTHZ_ACCESS_REPLY { DWORD // ResultListLength; PACCESS_MASK GrantedAccessMask; PDWORD SaclEvaluationResults; PDWORD Error; } AUTHZ_ACCESS_REPLY, *PAUTHZ_ACCESS_REPLY; [PInvokeData("authz.h", MSDNShortId = "7162bf80-3730-46d7-a603-2a55b969c9ba")] [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public sealed class AUTHZ_ACCESS_REPLY : IDisposable { ///

/// The number of elements in the GrantedAccessMask, SaclEvaluationResults, and Error arrays. This number matches the number of /// entries in the object type list structure used in the access check. If no object type is used to represent the object, then /// set ResultListLength to one. ///

public int ResultListLength; ///

An array of granted access masks. Memory for this array is allocated by the application before calling AccessCheck.

public IntPtr GrantedAccessMask; ///

/// An array of system access control list (SACL) evaluation results. Memory for this array is allocated by the application /// before calling AccessCheck. SACL evaluation will only be performed if auditing is requested. ///

public IntPtr SaclEvaluationResults; ///

/// An array of results for each element of the array. Memory for this array is allocated by the application before calling AccessCheck. ///

public IntPtr Error; ///

Initializes a new instance of the struct.

/// The count of array members in each of the three arrays. public AUTHZ_ACCESS_REPLY(uint count) { if (count == 0) return; ResultListLength = (int)count; var sz = Marshal.SizeOf(typeof(uint)) * (int)count; GrantedAccessMask = Marshal.AllocHGlobal(sz); SaclEvaluationResults = Marshal.AllocHGlobal(sz); Error = Marshal.AllocHGlobal(sz); } ///

Gets or sets the granted access mask values. The length of this array must match the value in .

/// The granted access mask values. public uint[] GrantedAccessMaskValues { get => GrantedAccessMask != IntPtr.Zero && ResultListLength > 0 ? GrantedAccessMask.ToArray(ResultListLength) : (new uint[0]); set { if (value is null && ResultListLength != 0) throw new ArgumentNullException(nameof(GrantedAccessMaskValues), $"Value cannot be null if {nameof(ResultListLength)} field does not equal 0."); if (value is not null && value.Length != ResultListLength) throw new ArgumentOutOfRangeException(nameof(GrantedAccessMaskValues), $"Number of items must match value of {nameof(ResultListLength)} field."); CopyArrayToPtr(value, GrantedAccessMask); } } private static void CopyArrayToPtr(T[] items, IntPtr ptr) { var ms = new MemoryStream(); var bw = new BinaryWriter(ms); foreach (var item in items) bw.Write(item); Marshal.Copy(ms.ToArray(), 0, ptr, (int)ms.Length); } ///

/// Gets or sets the system access control list (SACL) evaluation results values. The length of this array must match the value /// in . ///

/// The system access control list (SACL) evaluation results values. public uint[] SaclEvaluationResultsValues { get => SaclEvaluationResults != IntPtr.Zero && ResultListLength > 0 ? SaclEvaluationResults.ToArray(ResultListLength) : (new uint[0]); set { if (value is null && ResultListLength != 0) throw new ArgumentNullException(nameof(SaclEvaluationResultsValues), $"Value cannot be null if {nameof(ResultListLength)} field does not equal 0."); if (value is not null && value.Length != ResultListLength) throw new ArgumentOutOfRangeException(nameof(SaclEvaluationResultsValues), $"Number of items must match value of {nameof(ResultListLength)} field."); CopyArrayToPtr(value, SaclEvaluationResults); } } ///

Gets or sets the results for each element of the array. The length of this array must match the value in .

/// The results values. public uint[] ErrorValues { get => Error != IntPtr.Zero && ResultListLength > 0 ? Error.ToArray(ResultListLength) : (new uint[0]); set { if (value is null && ResultListLength != 0) throw new ArgumentNullException(nameof(ErrorValues), $"Value cannot be null if {nameof(ResultListLength)} field does not equal 0."); if (value is not null && value.Length != ResultListLength) throw new ArgumentOutOfRangeException(nameof(ErrorValues), $"Number of items must match value of {nameof(ResultListLength)} field."); CopyArrayToPtr(value, Error); } } void IDisposable.Dispose() { Marshal.FreeHGlobal(GrantedAccessMask); Marshal.FreeHGlobal(SaclEvaluationResults); Marshal.FreeHGlobal(Error); ResultListLength = 0; } } ///

/// The AUTHZ_SECURITY_ATTRIBUTES_INFORMATION structure specifies one or more security attributes. ///

// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ns-authz-_authz_security_attributes_information typedef struct // _AUTHZ_SECURITY_ATTRIBUTES_INFORMATION { USHORT Version; USHORT Reserved; ULONG AttributeCount; union { // PAUTHZ_SECURITY_ATTRIBUTE_V1 pAttributeV1; } Attribute; } AUTHZ_SECURITY_ATTRIBUTES_INFORMATION, *PAUTHZ_SECURITY_ATTRIBUTES_INFORMATION; [PInvokeData("authz.h", MSDNShortId = "1db95ab0-951f-488c-b522-b3f38fc74c7c")] public class AUTHZ_SECURITY_ATTRIBUTES_INFORMATION { ///

The number of attributes specified by the Attribute member.

public uint AttributeCount; ///

An array of AUTHZ_SECURITY_ATTRIBUTE_V1 structures of the length of the AttributeCount member.

public AUTHZ_SECURITY_ATTRIBUTE_V1[] pAttributeV1; ///

Reserved. Do not use.

public ushort Reserved; ///

The version of this structure. Currently the only value supported is 1.

public ushort Version; ///

Initializes a new instance of the class.

/// The attributes. public AUTHZ_SECURITY_ATTRIBUTES_INFORMATION(AUTHZ_SECURITY_ATTRIBUTE_V1[] attributes) { Version = 1; Reserved = 0; AttributeCount = (uint)(attributes?.Length ?? 0); pAttributeV1 = attributes; } ///

Create a AUTHZ_SECURITY_ATTRIBUTES_INFORMATION from a pointer.

/// The pointer to a block of memory. /// A AUTHZ_SECURITY_ATTRIBUTES_INFORMATION instance. public static AUTHZ_SECURITY_ATTRIBUTES_INFORMATION FromPtr(IntPtr ptr) => (AUTHZ_SECURITY_ATTRIBUTES_INFORMATION)AUTHZ_SECURITY_ATTRIBUTES_INFORMATION_Marshaler.GetInstance(null).MarshalNativeToManaged(ptr); } ///

/// Provides a to a check results value that releases a created AUTHZ_ACCESS_CHECK_RESULTS_HANDLE instance /// at disposal using AuthzFreeHandle. ///

public class SafeAUTHZ_ACCESS_CHECK_RESULTS_HANDLE : SafeHANDLE { ///

/// Initializes a new instance of the class and assigns an existing handle. ///

/// An object that represents the pre-existing handle to use. /// /// to reliably release the handle during the finalization phase; otherwise, (not recommended). /// public SafeAUTHZ_ACCESS_CHECK_RESULTS_HANDLE(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { } ///

Initializes a new instance of the class.

private SafeAUTHZ_ACCESS_CHECK_RESULTS_HANDLE() : base() { } ///

Performs an implicit conversion from to .

/// The safe handle instance. /// The result of the conversion. public static implicit operator AUTHZ_ACCESS_CHECK_RESULTS_HANDLE(SafeAUTHZ_ACCESS_CHECK_RESULTS_HANDLE h) => h.handle; /// protected override bool InternalReleaseHandle() => AuthzFreeHandle(this); } ///

/// Provides a to an audit event that releases a created AUTHZ_AUDIT_EVENT_HANDLE instance at disposal using AuthzFreeAuditEvent. ///

public class SafeAUTHZ_AUDIT_EVENT_HANDLE : SafeHANDLE { ///

Initializes a new instance of the class and assigns an existing handle.

/// An object that represents the pre-existing handle to use. /// /// to reliably release the handle during the finalization phase; otherwise, (not recommended). /// public SafeAUTHZ_AUDIT_EVENT_HANDLE(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { } ///

Initializes a new instance of the class.

private SafeAUTHZ_AUDIT_EVENT_HANDLE() : base() { } ///

Performs an implicit conversion from to .

/// The safe handle instance. /// The result of the conversion. public static implicit operator AUTHZ_AUDIT_EVENT_HANDLE(SafeAUTHZ_AUDIT_EVENT_HANDLE h) => h.handle; /// protected override bool InternalReleaseHandle() => AuthzFreeAuditEvent(this); } ///

/// Provides a for that is disposed using . ///

public class SafeAUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE : SafeHANDLE { ///

/// Initializes a new instance of the class and assigns an existing handle. ///

/// An object that represents the pre-existing handle to use. /// /// to reliably release the handle during the finalization phase; otherwise, (not recommended). /// public SafeAUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { } ///

Initializes a new instance of the class.

private SafeAUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE() : base() { } ///

Performs an implicit conversion from to .

/// The safe handle instance. /// The result of the conversion. public static implicit operator AUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE(SafeAUTHZ_CAP_CHANGE_SUBSCRIPTION_HANDLE h) => h.handle; /// protected override bool InternalReleaseHandle() => AuthzUnregisterCapChangeNotification(this); } ///

Provides a for that is disposed using .

public class SafeAUTHZ_CLIENT_CONTEXT_HANDLE : SafeHANDLE { ///

/// Initializes a new instance of the class and assigns an existing handle. ///

/// An object that represents the pre-existing handle to use. /// /// to reliably release the handle during the finalization phase; otherwise, (not recommended). /// public SafeAUTHZ_CLIENT_CONTEXT_HANDLE(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { } ///

Initializes a new instance of the class.

private SafeAUTHZ_CLIENT_CONTEXT_HANDLE() : base() { } ///

Performs an implicit conversion from to .

/// The safe handle instance. /// The result of the conversion. public static implicit operator AUTHZ_CLIENT_CONTEXT_HANDLE(SafeAUTHZ_CLIENT_CONTEXT_HANDLE h) => h.handle; /// protected override bool InternalReleaseHandle() => AuthzFreeContext(this); } ///

Provides a for that is disposed using .

public class SafeAUTHZ_RESOURCE_MANAGER_HANDLE : SafeHANDLE { ///

/// Initializes a new instance of the class and assigns an existing handle. ///

/// An object that represents the pre-existing handle to use. /// /// to reliably release the handle during the finalization phase; otherwise, (not recommended). /// public SafeAUTHZ_RESOURCE_MANAGER_HANDLE(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { } ///

Initializes a new instance of the class.

private SafeAUTHZ_RESOURCE_MANAGER_HANDLE() : base() { } ///

Performs an implicit conversion from to .

/// The safe handle instance. /// The result of the conversion. public static implicit operator AUTHZ_RESOURCE_MANAGER_HANDLE(SafeAUTHZ_RESOURCE_MANAGER_HANDLE h) => h.handle; /// protected override bool InternalReleaseHandle() => AuthzFreeResourceManager(this); } ///

/// Provides a for that is disposed using . ///

public class SafeAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE : SafeHANDLE { ///

/// Initializes a new instance of the class and assigns an existing handle. ///

/// An object that represents the pre-existing handle to use. /// /// to reliably release the handle during the finalization phase; otherwise, (not recommended). /// public SafeAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { } ///

Initializes a new instance of the class.

private SafeAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE() : base() { } ///

Performs an implicit conversion from to .

/// The safe handle instance. /// The result of the conversion. public static implicit operator AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE(SafeAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE h) => h.handle; /// protected override bool InternalReleaseHandle() => AuthzUnregisterSecurityEventSource(0, this); } internal class AUTHZ_SECURITY_ATTRIBUTES_INFORMATION_Marshaler : ICustomMarshaler { public static ICustomMarshaler GetInstance(string _) => new AUTHZ_SECURITY_ATTRIBUTES_INFORMATION_Marshaler(); public void CleanUpManagedData(object ManagedObj) { } public void CleanUpNativeData(IntPtr pNativeData) => Marshal.FreeHGlobal(pNativeData); public int GetNativeDataSize() => -1; public IntPtr MarshalManagedToNative(object ManagedObj) { // Determine size if (ManagedObj is not AUTHZ_SECURITY_ATTRIBUTES_INFORMATION attrInfo) throw new InvalidOperationException("This marshaler only works on AUTHZ_SECURITY_ATTRIBUTES_INFORMATION structures."); var sz1 = Marshal.SizeOf(typeof(Internal_AUTHZ_SECURITY_ATTRIBUTES_INFORMATION)) + attrInfo.AttributeCount * Marshal.SizeOf(typeof(Internal_AUTHZ_SECURITY_ATTRIBUTE_V1)); var sz2 = 0L; for (var i = 0; i < attrInfo.AttributeCount; i++) { var v1 = attrInfo.pAttributeV1[i]; if (string.IsNullOrEmpty(v1.pName)) throw new InvalidOperationException("Every instance of AUTHZ_SECURITY_ATTRIBUTE_V1 in the AUTHZ_SECURITY_ATTRIBUTES_INFORMATION.Values field must have a valid string for pName."); sz2 += (v1.pName.Length + 1) * 2; switch (v1.ValueType) { case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_BOOLEAN: case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_INT64: case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_UINT64: sz2 += Marshal.SizeOf(typeof(long)) * v1.ValueCount; break; case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_STRING: foreach (var s in v1.Values.ppString) sz2 += (s.Length + 1) * 2 + IntPtr.Size; sz2 += IntPtr.Size; break; case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN: foreach (var s in v1.Values.pFqbn) sz2 += (s.pName.Length + 1) * 2 + Marshal.SizeOf(s.Version); break; case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING: foreach (var s in v1.Values.pOctetString) sz2 += s.ValueLength + Marshal.SizeOf(s.ValueLength); break; case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_SID: case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_INVALID: default: throw new InvalidOperationException( "An instance of AUTHZ_SECURITY_ATTRIBUTE_V1 in the AUTHZ_SECURITY_ATTRIBUTES_INFORMATION.Values has an invalid data type."); } } // Pack it all behind a pointer var retPtr = Marshal.AllocHGlobal((int)(sz1 + sz2)); #pragma warning disable CS0618 // Type or member is obsolete var ms = new MarshalingStream(retPtr, (int)sz1); var ms2 = new MarshalingStream(retPtr.Offset(sz1), (int)sz2); #pragma warning restore CS0618 // Type or member is obsolete var iV1s = new Internal_AUTHZ_SECURITY_ATTRIBUTE_V1[attrInfo.AttributeCount]; for (var i = 0; i < attrInfo.AttributeCount; i++) { iV1s[i] = new Internal_AUTHZ_SECURITY_ATTRIBUTE_V1(attrInfo.pAttributeV1[i]) { pName = ms2.PositionPtr }; ms2.Write(attrInfo.pAttributeV1[i].pName); iV1s[i].Values = ms2.PositionPtr; switch (iV1s[i].ValueType) { case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_BOOLEAN: case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_INT64: ms2.Write(attrInfo.pAttributeV1[i].Values.pInt64); break; case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_UINT64: ms2.Write(attrInfo.pAttributeV1[i].Values.pUInt64); break; case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_STRING: ms2.Write(attrInfo.pAttributeV1[i].Values.ppString); break; case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN: ms2.Write(attrInfo.pAttributeV1[i].Values.pFqbn); break; case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING: ms2.Write(attrInfo.pAttributeV1[i].Values.pOctetString); break; default: throw new ArgumentOutOfRangeException(); } } var iInfo = new Internal_AUTHZ_SECURITY_ATTRIBUTES_INFORMATION { AttributeCount = attrInfo.AttributeCount, Version = attrInfo.Version }; ms.Write(iInfo); if (attrInfo.AttributeCount > 0) { ms.Poke(ms.PositionPtr, Marshal.OffsetOf(typeof(Internal_AUTHZ_SECURITY_ATTRIBUTES_INFORMATION), "pAttributeV1").ToInt64()); ms.Write(iV1s); } return retPtr; } public object MarshalNativeToManaged(IntPtr pNativeData) { if (pNativeData == IntPtr.Zero) return null; var attrInfo = pNativeData.ToStructure(); return new AUTHZ_SECURITY_ATTRIBUTES_INFORMATION(attrInfo.pAttributeV1 == IntPtr.Zero ? null : Array.ConvertAll(attrInfo.pAttributeV1.ToArray((int)attrInfo.AttributeCount), Conv)); static AUTHZ_SECURITY_ATTRIBUTE_V1 Conv(Internal_AUTHZ_SECURITY_ATTRIBUTE_V1 input) { var v1 = new AUTHZ_SECURITY_ATTRIBUTE_V1 { pName = StringHelper.GetString(input.pName, CharSet.Unicode), Flags = input.Flags, ValueCount = input.ValueCount, ValueType = input.ValueType }; switch (v1.ValueType) { case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_BOOLEAN: case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_INT64: v1.Values.pInt64 = input.Values.ToArray((int)v1.ValueCount); break; case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_UINT64: v1.Values.pUInt64 = input.Values.ToArray((int)v1.ValueCount); break; case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_STRING: v1.Values.ppString = input.Values.ToStringEnum((int)v1.ValueCount, CharSet.Unicode).ToArray(); break; case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN: v1.Values.pFqbn = input.Values.ToArray((int)v1.ValueCount); break; case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING: v1.Values.pOctetString = input.Values.ToArray((int)v1.ValueCount); break; default: throw new ArgumentOutOfRangeException(); } return v1; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] private struct Internal_AUTHZ_SECURITY_ATTRIBUTE_V1 { ///

A pointer to a name of a security attribute.

public IntPtr pName; ///

The data type of the values pointed to by the Values member.

public AUTHZ_SECURITY_ATTRIBUTE_DATATYPE ValueType; ///

Reserved for future use.

public ushort Reserved; ///

A combination of one or more of the following values.

public AUTHZ_SECURITY_ATTRIBUTE_FLAGS Flags; ///

The number of values specified in the Values member.

public uint ValueCount; ///

A pointer to the value.

public IntPtr Values; public Internal_AUTHZ_SECURITY_ATTRIBUTE_V1(AUTHZ_SECURITY_ATTRIBUTE_V1 v1) : this() { ValueType = v1.ValueType; Flags = v1.Flags; ValueCount = v1.ValueCount; } } [StructLayout(LayoutKind.Sequential)] private struct Internal_AUTHZ_SECURITY_ATTRIBUTES_INFORMATION { ///

The version of this structure. Currently the only value supported is 1.

public ushort Version; ///

Reserved. Do not use.

public ushort Reserved; ///

The number of attributes specified by the Attribute member.

public uint AttributeCount; ///

An array of AUTHZ_SECURITY_ATTRIBUTE_V1 structures of the length of the AttributeCount member.

public IntPtr pAttributeV1; } } } }