using System;
using System.Runtime.InteropServices;
using Vanara.InteropServices;
namespace Vanara.PInvoke
{
/// Items from the Rpc.dll
public static partial class Rpc
{
/// Specifies that a client waits an indefinite amount of time.
public const int RPC_C_CANCEL_INFINITE_TIMEOUT = -1;
/// Max calls value.
public const uint RPC_C_LISTEN_MAX_CALLS_DEFAULT = 1234;
/// Max length value.
public const uint RPC_C_PROTSEQ_MAX_REQS_DEFAULT = 10;
private const string Lib_rpcrt4 = "rpcrt4.dll";
///
/// The RPC library uses the binding time-out constants to specify the relative amount of time that should be spent to establish a
/// binding to the server before giving up. The timeout can be enabled with a call to the RpcMgmtSetComTimeout function. The
/// following list contains the valid time-out values.
///
///
/// The values in the preceding table are not in seconds. These values represent a relative amount of time on a scale of zero to 10.
/// For more information on avoiding communication delays, refer to Preventing Client-side Hangs.
///
// https://docs.microsoft.com/en-us/windows/win32/rpc/binding-time-out-constants
[PInvokeData("rpcdce.h")]
public enum RCP_C_BINDING_TIMEOUT : uint
{
/// Keeps trying to establish communications forever.
RPC_C_BINDING_INFINITE_TIMEOUT = 10,
///
/// Tries the minimum amount of time for the network protocol being used. This value favors response time over correctness in
/// determining whether the server is running.
///
RPC_C_BINDING_MIN_TIMEOUT = 0,
///
/// Tries an average amount of time for the network protocol being used. This value gives correctness in determining whether a
/// server is running and gives response time equal weight. This is the default value.
///
RPC_C_BINDING_DEFAULT_TIMEOUT = 5,
///
/// Tries the longest amount of time for the network protocol being used. This value favors correctness in determining whether a
/// server is running over response time.
///
RPC_C_BINDING_MAX_TIMEOUT = 9,
}
/// A set of flags describing specific RPC behaviors.
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_BINDING_HANDLE_OPTIONS_V1")]
[Flags]
public enum RPC_BHO : uint
{
/// Specifies causal ordering whereby calls are executed independently of one another rather than in order of submission.
RPC_BHO_NONCAUSAL = 0x1,
/// Specifies that a socket association must be shutdown after the last binding handle on it is freed.
RPC_BHO_DONTLINGER = 0x2,
///
RPC_BHO_EXCLUSIVE_AND_GUARANTEED = 0x4,
}
///
/// The authentication-level constants represent authentication levels passed to various run-time functions. These levels are listed
/// in order of increasing authentication. Each new level adds to the authentication provided by the previous level. If the RPC
/// run-time library does not support the specified level, it automatically upgrades to the next higher supported level.
///
/// Regardless of the value specified by the constant, ncalrpc always uses RPC_C_AUTHN_LEVEL_PKT_PRIVACY.
// https://docs.microsoft.com/en-us/windows/win32/rpc/authentication-level-constants
[PInvokeData("rpcdce.h")]
public enum RPC_C_AUTHN : uint
{
/// No authentication.
RPC_C_AUTHN_NONE = 0,
/// Use Distributed Computing Environment (DCE) private key authentication.
RPC_C_AUTHN_DCE_PRIVATE = 1,
/// DCE public key authentication (reserved for future use).
RPC_C_AUTHN_DCE_PUBLIC = 2,
/// DEC public key authentication (reserved for future use).
RPC_C_AUTHN_DEC_PUBLIC = 4,
///
/// Use the Microsoft Negotiate SSP. This SSP negotiates between the use of the NTLM and Kerberos protocol Security Support
/// Providers (SSP).
///
RPC_C_AUTHN_GSS_NEGOTIATE = 9,
/// Use the Microsoft NT LAN Manager (NTLM) SSP.
RPC_C_AUTHN_WINNT = 10,
///
/// Use the Schannel SSP. This SSP supports Secure Socket Layer (SSL), private communication technology (PCT), and transport
/// level security (TLS).
///
RPC_C_AUTHN_GSS_SCHANNEL = 14,
/// Use the Microsoft Kerberos SSP.
RPC_C_AUTHN_GSS_KERBEROS = 16,
/// Use Distributed Password Authentication (DPA).
RPC_C_AUTHN_DPA = 17,
/// Authentication protocol SSP used for the Microsoft Network (MSN).
RPC_C_AUTHN_MSN = 18,
/// Windows XP or later: Use the Microsoft Digest SSP
RPC_C_AUTHN_DIGEST = 21,
/// Windows 7 or later: Reserved. Do not use
RPC_C_AUTHN_NEGO_EXTENDER = 30,
/// This SSP provides an SSPI-compatible wrapper for the Microsoft Message Queue (MSMQ) transport-level protocol.
RPC_C_AUTHN_MQ = 100,
/// Use the default authentication service.
RPC_C_AUTHN_DEFAULT = 0xffffffff,
///
RPC_C_AUTHN_KERNEL = 20,
///
RPC_C_AUTHN_PKU2U = 31,
///
RPC_C_AUTHN_LIVE_SSP = 32,
///
RPC_C_AUTHN_LIVEXP_SSP = 35,
///
RPC_C_AUTHN_CLOUD_AP = 36,
///
RPC_C_AUTHN_MSONLINE = 82,
}
/// Specifies the type of additional credentials present in the u union.
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_SECURITY_QOS_V2_A")]
public enum RPC_C_AUTHN_INFO_TYPE
{
/// No additional credentials are passed in the u union.
RPC_C_AUTHN_INFO_TYPE_NONE,
///
/// The HttpCredentials member of the u union points to a RPC_HTTP_TRANSPORT_CREDENTIALS structure. This value can be used only
/// when the protocol sequence is ncacn_http. Any other protocol sequence returns RPC_S_INVALID_ARG.
///
[CorrespondingType(typeof(RPC_HTTP_TRANSPORT_CREDENTIALS))]
RPC_C_AUTHN_INFO_TYPE_HTTP,
}
///
/// The authentication-level constants represent authentication levels passed to various run-time functions. These levels are listed
/// in order of increasing authentication. Each new level adds to the authentication provided by the previous level. If the RPC
/// run-time library does not support the specified level, it automatically upgrades to the next higher supported level.
///
/// Regardless of the value specified by the constant, ncalrpc always uses RPC_C_AUTHN_LEVEL_PKT_PRIVACY.
// https://docs.microsoft.com/en-us/windows/win32/rpc/authentication-level-constants
[PInvokeData("rpcdce.h")]
public enum RPC_C_AUTHN_LEVEL
{
/// Uses the default authentication level for the specified authentication service.
RPC_C_AUTHN_LEVEL_DEFAULT = 0,
/// Performs no authentication.
RPC_C_AUTHN_LEVEL_NONE = 1,
/// Authenticates only when the client establishes a relationship with a server.
RPC_C_AUTHN_LEVEL_CONNECT = 2,
///
/// Authenticates only at the beginning of each remote procedure call when the server receives the request. Does not apply to
/// remote procedure calls made using the connection-based protocol sequences (those that start with the prefix "ncacn"). If the
/// protocol sequence in a binding handle is a connection-based protocol sequence and you specify this level, this routine
/// instead uses the RPC_C_AUTHN_LEVEL_PKT constant.
///
RPC_C_AUTHN_LEVEL_CALL = 3,
/// Authenticates only that all data received is from the expected client. Does not validate the data itself.
RPC_C_AUTHN_LEVEL_PKT = 4,
/// Authenticates and verifies that none of the data transferred between client and server has been modified.
RPC_C_AUTHN_LEVEL_PKT_INTEGRITY = 5,
///
/// Includes all previous levels, and ensures clear text data can only be seen by the sender and the receiver. In the local
/// case, this involves using a secure channel. In the remote case, this involves encrypting the argument value of each remote
/// procedure call.
///
RPC_C_AUTHN_LEVEL_PKT_PRIVACY = 6,
}
///
/// The authorization service constants represent the authorization services passed to various run-time functions.
/// Most applications find RPC_C_AUTHZ_NON sufficient.
///
// https://docs.microsoft.com/en-us/windows/win32/rpc/authorization-service-constants
[PInvokeData("rpcdce.h")]
public enum RPC_C_AUTHZ : uint
{
/// Server performs no authorization.
RPC_C_AUTHZ_NONE = 0,
/// Server performs authorization based on the client's principal name.
RPC_C_AUTHZ_NAME = 1,
///
/// Server performs authorization checking using the client's DCE privilege attribute certificate (PAC) information, which is
/// sent to the server with each remote procedure call made using the binding handle. Generally, access is checked against DCE
/// access control lists (ACLs).
///
RPC_C_AUTHZ_DCE = 2,
/// Server uses the default authorization service for the current SSP.
RPC_C_AUTHZ_DEFAULT = 0xffffffff,
}
/// RPC authentication schemes.
[PInvokeData("rpcdce.h")]
[Flags]
public enum RPC_C_HTTP_AUTHN_SCHEME : uint
{
///
RPC_C_HTTP_AUTHN_SCHEME_BASIC = 0x00000001,
///
RPC_C_HTTP_AUTHN_SCHEME_NTLM = 0x00000002,
///
RPC_C_HTTP_AUTHN_SCHEME_PASSPORT = 0x00000004,
///
RPC_C_HTTP_AUTHN_SCHEME_DIGEST = 0x00000008,
///
RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE = 0x00000010,
///
RPC_C_HTTP_AUTHN_SCHEME_CERT = 0x00010000,
}
/// Specifies the authentication target.
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_HTTP_TRANSPORT_CREDENTIALS_A")]
[Flags]
public enum RPC_C_HTTP_AUTHN_TARGET : uint
{
///
/// Authenticate against the RPC Proxy, which is the HTTP Server from an HTTP perspective. This is the most common value.
///
RPC_C_HTTP_AUTHN_TARGET_SERVER = 1,
/// Authenticate against the HTTP Proxy. This value is uncommon.
RPC_C_HTTP_AUTHN_TARGET_PROXY = 2,
}
/// A set of flags that can be combined with the bitwise OR operator.
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_HTTP_TRANSPORT_CREDENTIALS_A")]
[Flags]
public enum RPC_C_HTTP_FLAG : uint
{
/// Instructs RPC to use SSL to communicate with the RPC Proxy.
RPC_C_HTTP_FLAG_USE_SSL = 1,
///
/// When set, RPC chooses the first scheme in the AuthnSchemes array and attempts to authenticate to the RPC Proxy. If the RPC
/// Proxy does not support the selected authentication scheme, the call fails. When not set, the RPC client queries the RPC
/// Proxy for supported authentication schemes, and chooses one.
///
RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME = 2,
///
RPC_C_HTTP_FLAG_IGNORE_CERT_CN_INVALID = 8,
///
RPC_C_HTTP_FLAG_ENABLE_CERT_REVOCATION_CHECK = 16,
}
///
///
/// Specifies an impersonation level, which indicates the amount of authority given to the server when it is impersonating the client.
///
///
///
///
/// GetUserName will fail while impersonating at identify level. The workaround is to impersonate, call
/// OpenThreadToken, revert, call GetTokenInformation, and finally, call LookupAccountSid. Using
/// CoSetProxyBlanket, the client sets the impersonation level
///
///
/// Using CoSetProxyBlanket, the client sets the impersonation level and proxy identity that will be available when a server
/// calls CoImpersonateClient. The identity the server will see when impersonating takes place is described in Cloaking. Note
/// that when making a call while impersonating, the callee will normally receive the caller's process token, not the caller's
/// impersonation token. To receive the caller's impersonation token, the caller must enable cloaking.
///
///
// https://docs.microsoft.com/en-us/windows/win32/com/com-impersonation-level-constants
[PInvokeData("rpcdce.h")]
public enum RPC_C_IMP_LEVEL
{
///
/// DCOM can choose the impersonation level using its normal security blanket negotiation algorithm. For more information, see
/// Security Blanket Negotiation.
///
RPC_C_IMP_LEVEL_DEFAULT = 0,
///
/// The client is anonymous to the server. The server process can impersonate the client, but the impersonation token will not
/// contain any information and cannot be used.
///
RPC_C_IMP_LEVEL_ANONYMOUS = 1,
///
/// The server can obtain the client's identity. The server can impersonate the client for ACL checking, but it cannot access
/// system objects as the client.
///
RPC_C_IMP_LEVEL_IDENTIFY = 2,
///
/// The server process can impersonate the client's security context while acting on behalf of the client. This level of
/// impersonation can be used to access local resources such as files. When impersonating at this level, the impersonation token
/// can only be passed across one machine boundary. The Schannel authentication service only supports this level of impersonation.
///
RPC_C_IMP_LEVEL_IMPERSONATE = 3,
///
/// The server process can impersonate the client's security context while acting on behalf of the client. The server process
/// can also make outgoing calls to other servers while acting on behalf of the client, using cloaking. The server may use the
/// client's security context on other machines to access local and remote resources as the client. When impersonating at this
/// level, the impersonation token can be passed across any number of computer boundaries.
///
RPC_C_IMP_LEVEL_DELEGATE = 4,
}
/// Values passed to RPC_MGMT_AUTHORIZATION_FN.
[PInvokeData("rpcdce.h")]
public enum RPC_C_MGMT : uint
{
/// RpcMgmtInqIfIds
RPC_C_MGMT_INQ_IF_IDS = 0,
/// RpcMgmtInqServerPrincName
RPC_C_MGMT_INQ_PRINC_NAME = 1,
/// RpcMgmtInqStats
RPC_C_MGMT_INQ_STATS = 2,
/// RpcMgmtIsServerListening
RPC_C_MGMT_IS_SERVER_LISTEN = 3,
/// RpcMgmtStopServerListening
RPC_C_MGMT_STOP_SERVER_LISTEN = 4,
}
///
/// Applications set the binding option constants to control how the RPC run-time library processes remote procedure calls. The
/// following table lists each binding property, and the relevant constant values for the binding properties.
///
///
///
/// By default, the RPC run-time library executes the calls on a given binding handle from each thread of an application in strict
/// order of submission. This does not guarantee that calls from different threads on the same binding handle are serialized.
/// Multithreaded applications must serialize their RPC calls. If this behavior is too restrictive, you can enable noncausal
/// ordering. When you do, the RPC run-time library executes calls independently. It imposes no ordering on their submission.
///
///
/// One example of an application that might find noncausal ordering useful is a multithreaded program whose threads make calls on
/// the same binding handle. Similarly, a program that uses multiple asynchronous calls on a binding handle will find noncausal
/// ordering a convenient option. Another example might be an Internet proxy program that uses a single thread to handle requests
/// for several clients. In each of these cases, it would be extremely restrictive to try to serialize the remote procedure calls.
///
///
/// The RPC_C_OPT_DONT_LINGER option can be set only on binding handles that use the ncalrpc or ncacn_*
/// protocol sequences. It cannot be used on ncadg_* protocol sequences. The RpcBindingSetOption function with this
/// option must be called on a binding handle on which at least one RPC call has been made. If no RPC call have been made on the
/// binding handle, RPC_S_WRONG_KIND_OF_BINDING is returned from the RpcBindingSetOption function call. The option
/// takes effect for the entire association, regardless of how many binding handles are attached to the association. Since it is
/// checked before the association is destroyed, it can be set at any time before the binding handle is closed.
///
///
// https://docs.microsoft.com/en-us/windows/win32/rpc/binding-option-constants
[PInvokeData("rpcdce.h")]
public enum RPC_C_OPT : uint
{
///
/// Default. If FALSE, causal call ordering. RPC calls are executed in strict order of submission. See Remarks.
/// If TRUE, noncausal call ordering. RPC calls are executed independently. See Remarks.
///
[CorrespondingType(typeof(BOOL))]
RPC_C_OPT_BINDING_NONCAUSAL = 9,
/// Not needed for application programs. Used internally by Microsoft.
RPC_C_OPT_MAX_OPTIONS = 17,
/// Not needed for application programs. Used internally by Microsoft.
RPC_C_DONT_FAIL = 4,
/// If TRUE, a session ID is generated for each connection.
[CorrespondingType(typeof(BOOL))]
RPC_C_OPT_SESSION_ID = 6,
///
/// If TRUE, client-side cookie-based authentication is used for connections. A pointer to the RPC_C_OPT_COOKIE_AUTH_DESCRIPTOR
/// structure is passed as the OptionValue parameter in RpcBindingSetOption.
///
[CorrespondingType(typeof(BOOL))]
RPC_C_OPT_COOKIE_AUTH = 7,
/// Not needed for application programs. Used internally by Microsoft.
RPC_C_OPT_RESOURCE_TYPE_UUID = 8,
/// If TRUE, force shutdown of the association after the last binding handle/context handle on it is freed.
[CorrespondingType(typeof(BOOL))]
RPC_C_OPT_DONT_LINGER = 13,
///
/// When set to true, RPC does not reuse existing connections. A unique binding handle is opened for each connection and state
/// is maintained for each unique binding handle.
///
[CorrespondingType(typeof(BOOL))]
RPC_C_OPT_UNIQUE_BINDING = 11,
}
/// Set of flags that determine the attributes of the port or ports where the server receives remote procedure calls.
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_POLICY")]
[Flags]
public enum RPC_C_POL_ENDPT : uint
{
///
/// Allocates the endpoint from one of the ports defined in the registry as "Internet Available." Valid only with ncacn_ip_tcp
/// and ncadg_ip_udp protocol sequences.
///
RPC_C_USE_INTERNET_PORT = 0x1,
///
/// Allocates the endpoint from one of the ports defined in the registry as "Intranet Available." Valid only with ncacn_ip_tcp
/// and ncadg_ip_udp protocol sequences.
///
RPC_C_USE_INTRANET_PORT = 0x2,
///
RPC_C_DONT_FAIL = 0x4,
///
RPC_C_RPCHTTP_USE_LOAD_BALANCE = 0x8,
}
/// Policy for binding to Network Interface Cards (NICs).
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_POLICY")]
public enum RPC_C_POL_NIC
{
///
/// Binds to NICs on the basis of the registry settings. Always use this value when you are using the RPC_POLICY structure to
/// define message-queue properties.
///
RPC_C_BIND_TO_REG_NICS,
///
/// Overrides the registry settings and binds to all NICs. If the Bind key is missing from the registry, then the NICFlags
/// member will have no effect at run time. If the key contains an invalid value, then the entire configuration is marked as
/// invalid and all calls to RpcServerUseProtseq* will fail.
///
RPC_C_BIND_TO_ALL_NICS,
}
/// Security services being provided to the application.
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_SECURITY_QOS")]
[Flags]
public enum RPC_C_QOS_CAPABILITIES : uint
{
/// Used when no provider-specific capabilities are needed.
RPC_C_QOS_CAPABILITIES_DEFAULT = 0x0,
///
/// Specifying this flag causes the RPC run time to request mutual authentication from the security provider. Some security
/// providers do not support mutual authentication. If the security provider does not support mutual authentication, or the
/// identity of the server cannot be established, a remote procedure call to such server fails with error RPC_S_SEC_PKG_ERROR.
///
RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH = 0x1,
/// Not currently implemented.
RPC_C_QOS_CAPABILITIES_MAKE_FULLSIC = 0x2,
///
/// Accepts the client's credentials even if the certificate authority (CA) is not in the server's list of trusted CAs. This
/// constant is used only by the SCHANNEL SSP.
///
RPC_C_QOS_CAPABILITIES_ANY_AUTHORITY = 0x4,
///
/// When specified, this flag directs the RPC runtime on the client to ignore an error to establish a security context that
/// supports delegation. Normally, if the client asks for delegation and the security system cannot establish a security context
/// that supports delegation, error RPC_S_SEC_PKG_ERROR is returned; when this flag is specified, no error is returned.
///
RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE = 0x8,
///
/// This flag specifies to RPC that the server is local to the machine making the RPC call. In this situation RPC instructs the
/// endpoint mapper to pick up only endpoints registered by the principal specified in the ServerPrincName or Sid members (these
/// members are available in RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4, and RPC_SECURITY_QOS_V5 only). See Remarks for more information.
///
RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT = 0x10,
///
/// If set, the RPC runtime uses the SChannel SSP to perform smartcard-based authentication without displaying a PIN prompt
/// dialog box by the cryptographic services provider (CSP). In the call to RpcBindingSetAuthInfoEx, the AuthIdentity parameter
/// must be a SEC_WINNT_AUTH_IDENTITY structure whose members contain the following: If the
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY flag is used for any SSP other than SChannel, or if the members of
/// SEC_WINNT_AUTH_IDENTITY do not conform to the above, RPC_S_INVALID_ARG will be returned by RpcBindingSetAuthInfoEx.
///
RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY = 0x20,
}
/// Sets the context tracking mode.
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_SECURITY_QOS")]
[Flags]
public enum RPC_C_QOS_IDENTITY : uint
{
///
/// Security context is created only once and is never revised during the entire communication, even if the client side changes
/// it. This is the default behavior if RPC_SECURITY_QOS is not specified.
///
RPC_C_QOS_IDENTITY_STATIC = 0,
///
/// Context is revised whenever the ModifiedId in the client's token is changed. All protocols use the ModifiedId (see note).
/// Windows 2000: All remote protocols (all protocols other than ncalrpc) use the AuthenticationID, also known as the LogonId,
/// to track changes in the client's identity. The ncalrpc protocol uses ModifiedId.
///
RPC_C_QOS_IDENTITY_DYNAMIC = 1,
}
///
/// Interface Registration Flags
/// These constants are used in the Flags parameter of the RpcServerRegisterIf2 and RpcServerRegisterIfEx functions.
///
// https://docs.microsoft.com/en-us/windows/win32/rpc/interface-registration-flags
[PInvokeData("rpcdce.h")]
[Flags]
public enum RPC_IF
{
///
/// This is an auto-listen interface. The run time begins listening for calls as soon as the first autolisten interface is
/// registered, and stops listening when the last autolisten interface is unregistered.
///
RPC_IF_AUTOLISTEN = 0x0001,
/// Reserved for OLE. Do not use this flag.
RPC_IF_OLE = 0x0002,
/// Currently not implemented.
RPC_IF_ALLOW_UNKNOWN_AUTHORITY = 0x0004,
///
/// Limits connections to clients that use an authorization level higher than RPC_C_AUTHN_LEVEL_NONE. Specifying this flag
/// allows clients to come through on the NULL session. On Windows XP and Windows Server 2003, such clients are not allowed.
/// Clients that fail the RPC_IF_ALLOW_SECURE_ONLY test receive an RPC_S_ACCESS_DENIED error. Using the RPC_IF_ALLOW_SECURE_ONLY
/// flag does not imply or guarantee a high level of privilege on the part of the calling user. RPC only checks that the user
/// has valid credentials; the calling user may be using the guest account or other low privileged accounts. Do not assume high
/// privilege when RPC_IF_ALLOW_SECURE_ONLY is used. Windows NT 4.0 and Windows Me/98/95:
///
RPC_IF_ALLOW_SECURE_ONLY = 0x0008,
///
/// When this interface flag is registered, the RPC runtime invokes the registered security callback for all calls, regardless
/// of identity, protocol sequence, or authentication level of the client.
///
RPC_IF_ALLOW_CALLBACKS_WITH_NO_AUTH = 0x0010,
///
/// When this interface flag is registered, the RPC runtime rejects calls made by remote clients. All local calls using ncadg_*
/// and ncacn_* protocol sequences are also rejected, with the exception of ncacn_np. RPC allows ncacn_NP calls only if the call
/// does not come from SRV. Calls from ncalrpc are always processed.
///
RPC_IF_ALLOW_LOCAL_ONLY = 0x0020,
/// Disables security callback caching, forcing a security callback for each RPC call on a given interface.
RPC_IF_SEC_NO_CACHE = 0x0040,
///
RPC_IF_SEC_CACHE_PER_PROC = 0x0080,
///
RPC_IF_ASYNC_CALLBACK = 0x0100,
}
/// Character set used by
public enum SEC_WINNT_AUTH_IDENTITY_CHARSET
{
/// The strings in this structure are in ANSI format.
SEC_WINNT_AUTH_IDENTITY_ANSI = 0x1,
/// The strings in this structure are in Unicode format.
SEC_WINNT_AUTH_IDENTITY_UNICODE = 0x2
}
/// Provides a RPC_AUTH_IDENTITY_HANDLE.
[PInvokeData("rpcdce.h")]
[StructLayout(LayoutKind.Sequential)]
public struct RPC_AUTH_IDENTITY_HANDLE : IHandle
{
private readonly IntPtr handle;
/// Initializes a new instance of the struct.
/// An object that represents the pre-existing handle to use.
public RPC_AUTH_IDENTITY_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle;
/// Returns an invalid handle by instantiating a object with .
public static RPC_AUTH_IDENTITY_HANDLE NULL => new RPC_AUTH_IDENTITY_HANDLE(IntPtr.Zero);
/// Gets a value indicating whether this instance is a null handle.
public bool IsNull => handle == IntPtr.Zero;
/// Performs an explicit conversion from to .
/// The handle.
/// The result of the conversion.
public static explicit operator IntPtr(RPC_AUTH_IDENTITY_HANDLE h) => h.handle;
/// Performs an implicit conversion from to .
/// The pointer to a handle.
/// The result of the conversion.
public static implicit operator RPC_AUTH_IDENTITY_HANDLE(IntPtr h) => new RPC_AUTH_IDENTITY_HANDLE(h);
/// Implements the operator !=.
/// The first handle.
/// The second handle.
/// The result of the operator.
public static bool operator !=(RPC_AUTH_IDENTITY_HANDLE h1, RPC_AUTH_IDENTITY_HANDLE h2) => !(h1 == h2);
/// Implements the operator ==.
/// The first handle.
/// The second handle.
/// The result of the operator.
public static bool operator ==(RPC_AUTH_IDENTITY_HANDLE h1, RPC_AUTH_IDENTITY_HANDLE h2) => h1.Equals(h2);
///
public override bool Equals(object obj) => obj is RPC_AUTH_IDENTITY_HANDLE h && handle == h.handle;
///
public override int GetHashCode() => handle.GetHashCode();
///
public IntPtr DangerousGetHandle() => handle;
}
/// Provides a RPC_AUTHZ_HANDLE.
[PInvokeData("rpcdce.h")]
[StructLayout(LayoutKind.Sequential)]
public struct RPC_AUTHZ_HANDLE : IHandle
{
private readonly IntPtr handle;
/// Initializes a new instance of the struct.
/// An object that represents the pre-existing handle to use.
public RPC_AUTHZ_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle;
/// Returns an invalid handle by instantiating a object with .
public static RPC_AUTHZ_HANDLE NULL => new RPC_AUTHZ_HANDLE(IntPtr.Zero);
/// Gets a value indicating whether this instance is a null handle.
public bool IsNull => handle == IntPtr.Zero;
/// Performs an explicit conversion from to .
/// The handle.
/// The result of the conversion.
public static explicit operator IntPtr(RPC_AUTHZ_HANDLE h) => h.handle;
/// Performs an implicit conversion from to .
/// The pointer to a handle.
/// The result of the conversion.
public static implicit operator RPC_AUTHZ_HANDLE(IntPtr h) => new RPC_AUTHZ_HANDLE(h);
/// Implements the operator !=.
/// The first handle.
/// The second handle.
/// The result of the operator.
public static bool operator !=(RPC_AUTHZ_HANDLE h1, RPC_AUTHZ_HANDLE h2) => !(h1 == h2);
/// Implements the operator ==.
/// The first handle.
/// The second handle.
/// The result of the operator.
public static bool operator ==(RPC_AUTHZ_HANDLE h1, RPC_AUTHZ_HANDLE h2) => h1.Equals(h2);
///
public override bool Equals(object obj) => obj is RPC_AUTHZ_HANDLE h && handle == h.handle;
///
public override int GetHashCode() => handle.GetHashCode();
///
public IntPtr DangerousGetHandle() => handle;
}
/// Provides a handle to an RPC binding.
[StructLayout(LayoutKind.Sequential)]
public struct RPC_BINDING_HANDLE : IHandle
{
private readonly IntPtr handle;
/// Initializes a new instance of the struct.
/// An object that represents the pre-existing handle to use.
public RPC_BINDING_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle;
/// Returns an invalid handle by instantiating a object with .
public static RPC_BINDING_HANDLE NULL => new RPC_BINDING_HANDLE(IntPtr.Zero);
/// Gets a value indicating whether this instance is a null handle.
public bool IsNull => handle == IntPtr.Zero;
/// Performs an explicit conversion from to .
/// The handle.
/// The result of the conversion.
public static explicit operator IntPtr(RPC_BINDING_HANDLE h) => h.handle;
/// Performs an implicit conversion from to .
/// The pointer to a handle.
/// The result of the conversion.
public static implicit operator RPC_BINDING_HANDLE(IntPtr h) => new RPC_BINDING_HANDLE(h);
/// Implements the operator !=.
/// The first handle.
/// The second handle.
/// The result of the operator.
public static bool operator !=(RPC_BINDING_HANDLE h1, RPC_BINDING_HANDLE h2) => !(h1 == h2);
/// Implements the operator ==.
/// The first handle.
/// The second handle.
/// The result of the operator.
public static bool operator ==(RPC_BINDING_HANDLE h1, RPC_BINDING_HANDLE h2) => h1.Equals(h2);
///
public override bool Equals(object obj) => obj is RPC_BINDING_HANDLE h && handle == h.handle;
///
public override int GetHashCode() => handle.GetHashCode();
///
public IntPtr DangerousGetHandle() => handle;
}
///
/// The RPC_BINDING_HANDLE_OPTIONS_V1 structure contains additional options with which to create an RPC binding handle.
///
/// If this structure is not specified in a call to RpcBindingCreate, the default values for each option are used.
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_binding_handle_options_v1 typedef struct
// _RPC_BINDING_HANDLE_OPTIONS_V1 { unsigned long Version; unsigned long Flags; unsigned long ComTimeout; unsigned long CallTimeout;
// } RPC_BINDING_HANDLE_OPTIONS_V1, *PRPC_BINDING_HANDLE_OPTIONS_V1;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_BINDING_HANDLE_OPTIONS_V1")]
[StructLayout(LayoutKind.Sequential)]
public struct RPC_BINDING_HANDLE_OPTIONS_V1
{
/// The version of this structure. For RPC_BINDING_HANDLE_OPTIONS_V1 this must be set to 1.
public uint Version;
///
///
/// A set of flags describing specific RPC behaviors. This parameter can be set to one or more of the following values. Note
/// that by default, RPC calls use causal order and socket lingering.
///
///
///
/// Value
/// Meaning
///
/// -
/// RPC_BHO_NONCAUSAL
/// Specifies causal ordering whereby calls are executed independently of one another rather than in order of submission.
///
/// -
/// RPC_BHO_DONTLINGER
/// Specifies that a socket association must be shutdown after the last binding handle on it is freed.
///
///
///
public uint Flags;
///
/// The communication timeout value, specified in microseconds. The default value for RPC is . This option can be changed later by calling RpcMgmtSetComTimeout.
///
public uint ComTimeout;
/// The call timeout value, specified in microseconds. The default value for RPC is 0.
public uint CallTimeout;
}
///
/// The RPC_BINDING_HANDLE_SECURITY_V1 structure contains the basic security options with which to create an RPC binding handle.
///
///
///
/// If this structure is not passed to RpcBindingCreate -- that is, if the Security parameter of RpcBindingCreate is set to
/// NULL -- then the following default security behaviors are assumed:
///
///
/// -
///
/// For the protocol sequence ncalrpc (local RPC), RPC will use transport-level security. This means that RPC will use the security
/// mechanisms offered by the Windows kernel to provide security, and RPC will not authenticate the server since it connects using
/// the current thread identity. In this case, the identity tracking is static, the impersonation type is set to "Impersonate", and
/// the authentication level is set to "Privacy".
///
///
/// -
///
/// For the protocol sequence ncacn_np, RPC will also use transport-level security. If the call is remote, RPC uses the security
/// mechanisms provided by the Windows file system redirector and there is no mutual authentication. In this case, the identity is
/// the current thread identity, the identity tracking state is static, the impersonation type is set to "Impersonate", and the
/// authentication level is determined by the policies of the remote machine.
///
///
/// -
///
/// For the protocol sequences ncacn_ip_tcp, ncacn_ip_udp and ncacn_http, no security is used when Security is set to NULL.
/// The server will not perform impersonation, and all data will be sent as clear text. To provide maximum protection for data, the
/// application must always provide security data.
///
///
///
///
/// The following table summarizes the default security settings for the different protocol sequences if the Security parameter of
/// RpcBindingCreate is set to NULL.
///
///
///
/// Default Security Settings
/// ncalrpc
/// local ncacn_np
/// remote ncacn_np
/// ncacn_ip_tcp, ncacn_ip_udp, and ncacn_http
///
/// -
/// Security Mechanism
/// Windows Kernel
/// NPFS
/// File system redirector
/// None
///
/// -
/// Authentication Level
/// Privacy
/// Privacy
/// Server policy dependent
/// None
///
/// -
/// Mutual Authentication?
/// No
/// No
/// No
/// No
///
/// -
/// Impersonation Type
/// Impersonate
/// Impersonate
/// Impersonate
/// N/A
///
/// -
/// Identity Tracking Type
/// Static
/// Dynamic
/// Static
/// N/A
///
/// -
/// Effective Only?
/// Yes
/// No
/// N/A
/// N/A
///
/// -
/// Call Identity
/// Current thread
/// Current thread
/// Current thread or "net use" settings
/// N/A
///
///
///
/// Note If you create your binding handle by calling the RpcBindingFromStringBinding API, the default identity tracking for
/// ncalrpc in the absence of specific security settings is dynamic. If you create a fast binding handle by calling the
/// RpcBindingCreate API, the default identity tracking for ncalrpc in the absence of specific security settings is static. You
/// should be aware of the differences in these two APIs if you are switching between them in your application. After the binding
/// handle is created, the RpcBindingSetAuthInfo and RpcBindingSetAuthInfoEx APIs can be used to change the settings of the binding
/// handle set with this structure.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_binding_handle_security_v1_a typedef struct
// _RPC_BINDING_HANDLE_SECURITY_V1_A { unsigned long Version; unsigned char *ServerPrincName; unsigned long AuthnLevel; unsigned
// long AuthnSvc; SEC_WINNT_AUTH_IDENTITY_A *AuthIdentity; RPC_SECURITY_QOS *SecurityQos; } RPC_BINDING_HANDLE_SECURITY_V1_A, *PRPC_BINDING_HANDLE_SECURITY_V1_A;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_BINDING_HANDLE_SECURITY_V1_A")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct RPC_BINDING_HANDLE_SECURITY_V1
{
/// The version of this structure. For RPC_BINDING_HANDLE_SECURITY_V1 this must be set to 1.
public uint Version;
///
/// Pointer to a string that contains the server principal name referenced by the binding handle. The content of the name and
/// its syntax are defined by the authentication service in use.
///
[MarshalAs(UnmanagedType.LPTStr)]
public string ServerPrincName;
///
///
/// Level of authentication to be performed on remote procedure calls made using this binding handle. For a list of the
/// RPC-supported authentication levels, see Authentication-Level Constants.
///
/// If AuthnSvc is set to RPC_C_AUTHN_NONE, this member must likewise be set to RPC_C_AUTHN_NONE.
///
public RPC_C_AUTHN AuthnLevel;
///
/// Authentication service to use when binding.
/// Specify RPC_C_AUTHN_NONE to turn off authentication for remote procedure calls made using the binding handle.
///
/// If RPC_C_AUTHN_DEFAULT is specified, the RPC run-time library uses the RPC_C_AUTHN_WINNT authentication service for remote
/// procedure calls made using the binding handle.
///
/// If AuthnLevel is set to RPC_C_AUTHN_NONE, this member must likewise be set to RPC_C_AUTHN_NONE.
///
public RPC_C_AUTHN AuthnSvc;
///
/// structure that contains the client's authentication and authorization
/// credentials appropriate for the selected authentication and authorization service.
///
public IntPtr AuthIdentity;
///
/// structure that contains the security quality-of-service settings for the binding handle.
/// Note For a list of the RPC-supported authentication services, see Authentication-Service Constants.
///
public IntPtr SecurityQos;
}
///
/// The RPC_BINDING_HANDLE_TEMPLATE_V1 structure contains the basic options with which to create an RPC binding handle.
///
///
///
/// Fast binding handles are slightly different from "classic" binding handles in the way they are handled during calls to
/// RpcBindingReset. RpcBindingReset is a no-op call for static fast binding handles. For classic binding handles, however,
/// RpcBindingReset converts a static binding handle into a dynamic one to preserve backwards compatibility.
///
///
/// The following table demonstrates the behavior of static and dynamic binding handles with regards to RpcBindingReset and RpcEpResolveBinding.
///
///
///
/// Endpoint Type
/// Static
/// Dynamic
///
/// -
/// Binding Handle Type
/// Fast
/// Classic
/// Fast
/// Classic
///
/// -
/// RpcBindingReset
/// No-op
/// Converts to dynamic
/// Removes resolved endpoint if one is present
/// Removes resolved endpoint if one is present
///
/// -
/// RpcEpResolveBinding
/// No-op
/// No-op
/// Resolves endpoint if not previously resolved
/// Resolves endpoint if not previously resolved
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_binding_handle_template_v1_a typedef struct
// _RPC_BINDING_HANDLE_TEMPLATE_V1_A { unsigned long Version; unsigned long Flags; unsigned long ProtocolSequence; unsigned char
// *NetworkAddress; unsigned char *StringEndpoint; union { unsigned char *Reserved; } u1; UUID ObjectUuid; }
// RPC_BINDING_HANDLE_TEMPLATE_V1_A, *PRPC_BINDING_HANDLE_TEMPLATE_V1_A;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_BINDING_HANDLE_TEMPLATE_V1_A")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct RPC_BINDING_HANDLE_TEMPLATE_V1
{
/// The version of this structure. For RPC_BINDING_HANDLE_TEMPLATE_V1 this must be set to 1.
public uint Version;
///
/// Flag values that describe specific properties of the RPC template.
///
///
/// Value
/// Meaning
///
/// -
/// RPC_BHT_OBJECT_UUID_VALID
///
/// The ObjectUuid member contains a valid value. If this flag is not set, then the ObjectUuid member does not contain a valid UUID.
///
///
///
///
public uint Flags;
///
/// A protocol sequence string literal associated with this binding handle. It can be one of the following values.
///
/// -
/// ncalrpc - Specifies local RPC.
///
/// -
/// ncacn_ip_tcp - Specifies RPC over TCP/IP.
///
/// -
/// ncacn_np - Specifies RPC over named pipes.
///
/// -
/// ncacn_http - Specifies RPC over HTTP.
///
///
///
public uint ProtocolSequence;
/// Pointer to a string representation of the network address to bind to.
[MarshalAs(UnmanagedType.LPTStr)]
public string NetworkAddress;
///
/// Pointer to a string representation of the endpoint to bind to. If a dynamic endpoint is used, set this member to
/// NULL. After the endpoint is resolved, use RpcBindingToStringBinding to obtain it.
///
[MarshalAs(UnmanagedType.LPTStr)]
public string StringEndpoint;
/// Reserved. This member must be set to NULL.
public IntPtr u1;
///
/// The UUID of the remote object. The semantics for this UUID are the same as those for a string binding. After the binding
/// handle is created, call RpcBindingSetObject to change the UUID as needed.
///
public Guid ObjectUuid;
}
///
/// The RPC_BINDING_VECTOR structure contains a list of binding handles over which a server application can receive remote
/// procedure calls.
///
///
///
/// The binding vector contains a count member ( Count), followed by an array of binding-handle ( BindingH) elements.
///
///
/// The RPC run-time library creates binding handles when a server application registers protocol sequences. To obtain a binding
/// vector, a server application calls RpcServerInqBindings.
///
/// A client application obtains a binding vector of compatible servers from the name-service database by calling RpcNsBindingLookupNext.
///
/// In both routines, the RPC run-time library allocates memory for the binding vector. An application calls RpcBindingVectorFree to
/// free the binding vector.
///
///
/// To remove an individual binding handle from the vector, the application must set the value in the vector to NULL. When
/// setting a vector element to NULL, the application must:
///
///
/// -
/// Free the individual binding.
///
/// -
/// Not change the value of Count.
///
///
/// Calling RpcBindingFree allows an application to free all binding handles in the vector.
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_binding_vector typedef struct _RPC_BINDING_VECTOR {
// unsigned long Count; RPC_BINDING_HANDLE BindingH[1]; } RPC_BINDING_VECTOR;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_BINDING_VECTOR")]
[VanaraMarshaler(typeof(SafeAnysizeStructMarshaler), nameof(Count))]
[StructLayout(LayoutKind.Sequential)]
public struct RPC_BINDING_VECTOR
{
/// Number of binding handles present in the binding-handle array BindingH.
public uint Count;
/// Array of binding handles that contains Count elements.
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public RPC_BINDING_HANDLE[] BindingH;
}
///
/// The RPC_ENDPOINT_TEMPLATE structure specifies the properties of an RPC interface group server endpoint, including
/// protocol sequence and name.
///
///
///
/// The value provided in Backlog by applications is only a hint. The RPC run time or the Windows Sockets provider may override the
/// value. For example, on Windows XP or Windows 2000 Professional, the value is limited to 5. Values greater than 5 are ignored and
/// 5 is used instead. On Windows Server 2003 and Windows 2000 Server, the value will be honored.
///
///
/// Applications must be careful to pass reasonable values in Backlog. Large values on Server, Advanced Server, or Datacenter Server
/// can cause a large amount of non-paged pool memory to be used. Using too small a value is also unfavorable, as it may result in
/// TCP SYN packets being met by TCP RST from the server if the backlog queue gets exhausted.
///
///
/// An application developer should balance memory footprint versus scalability requirements when determining the proper value for Backlog.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_endpoint_template typedef struct { unsigned long Version;
// RPC_CSTR ProtSeq; RPC_CSTR Endpoint; void *SecurityDescriptor; unsigned long Backlog; } RPC_ENDPOINT_TEMPLATE, *PRPC_ENDPOINT_TEMPLATE;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce.__unnamed_struct_5")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct RPC_ENDPOINT_TEMPLATE
{
/// This field is reserved and must be set to 0.
public uint Version;
///
/// Pointer to a string identifier of the protocol sequence to register with the RPC run-time library. Only ncalrpc,
/// ncacn_ip_tcp, and ncacn_np are supported. This value must not be NULL.
///
[MarshalAs(UnmanagedType.LPTStr)]
public string ProtSeq;
///
/// Optional pointer to the endpoint-address information to use in creating a binding for the protocol sequence specified in the
/// Protseq parameter. Specify NULL to use dynamic endpoints.
///
[MarshalAs(UnmanagedType.LPTStr)]
public string Endpoint;
///
/// Pointer to an optional parameter provided for the security subsystem. Used only for ncacn_np and ncalrpc protocol sequences.
/// All other protocol sequences ignore this parameter. Using a security descriptor on the endpoint in order to make a server
/// secure is not recommended.
///
public IntPtr SecurityDescriptor;
///
/// Backlog queue length for the ncacn_ip_tcp protocol sequence. All other protocol sequences ignore this parameter. Use
/// RPC_C_PROTSEQ_MAX_REQS_DEFAULT to specify the default value. See Remarks for more informatation.
///
public uint Backlog;
}
///
/// The RPC_HTTP_TRANSPORT_CREDENTIALS structure defines additional credentials to authenticate to an RPC proxy server when
/// using RPC/HTTP.
///
///
///
/// If the TransportCredentials member is NULL and the authentication scheme is NTLM, the credentials of the currently
/// logged on user are used. To avoid exposing user credentials on the network through a weak LM hash, user logon credentials are
/// used only if one or both of the following conditions are true:
///
///
/// -
///
/// Caller requested use of SSL and used the ServerCertificateSubject member. This scenario guarantees credentials are
/// protected both in transit and at the final destination, even if a weak hash is used.
///
///
/// -
///
/// The lncompatibilitylevel key is set to 2 or higher. This causes the NTLM security provider to emit or respond to only the strong
/// NT hash, not the weak LM hash. In addition, customers are encouraged to use level 3 or higher, which will attempt NTLMv2.
///
///
///
///
/// If the Unicode version of the RpcBindingSetAuthInfoEx function is used, Unicode versions of the
/// RPC_HTTP_TRANSPORT_CREDENTIALS and SEC_WINNT_AUTH_IDENTITY structures must also be provided, and the Flags member
/// in TransportCredentials must be set to SEC_WINNT_AUTH_IDENTITY_UNICODE. If the ANSI version of the
/// RpcBindingSetAuthInfoEx function is used, ANSI versions of RPC_HTTP_TRANSPORT_CREDENTIALS and
/// SEC_WINNT_AUTH_IDENTITY structures must be provided, and the Flags member in TransportCredentials must be
/// set to SEC_WINNT_AUTH_IDENTITY_ANSI.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_http_transport_credentials_a typedef struct
// _RPC_HTTP_TRANSPORT_CREDENTIALS_A { SEC_WINNT_AUTH_IDENTITY_A *TransportCredentials; unsigned long Flags; unsigned long
// AuthenticationTarget; unsigned long NumberOfAuthnSchemes; unsigned long *AuthnSchemes; unsigned char *ServerCertificateSubject; }
// RPC_HTTP_TRANSPORT_CREDENTIALS_A, *PRPC_HTTP_TRANSPORT_CREDENTIALS_A;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_HTTP_TRANSPORT_CREDENTIALS_A")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct RPC_HTTP_TRANSPORT_CREDENTIALS
{
///
/// A pointer to a structure that contains the user name, domain, and password for
/// the user.
///
public IntPtr TransportCredentials;
///
/// A set of flags that can be combined with the bitwise OR operator.
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_HTTP_FLAG_USE_SSL
/// Instructs RPC to use SSL to communicate with the RPC Proxy.
///
/// -
/// RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME
///
/// When set, RPC chooses the first scheme in the AuthnSchemes array and attempts to authenticate to the RPC Proxy. If the RPC
/// Proxy does not support the selected authentication scheme, the call fails. When not set, the RPC client queries the RPC
/// Proxy for supported authentication schemes, and chooses one.
///
///
///
///
public RPC_C_HTTP_FLAG Flags;
///
/// Specifies the authentication target.
/// Should be set to one or both of the following values:
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_HTTP_AUTHN_TARGET_SERVER
/// Authenticate against the RPC Proxy, which is the HTTP Server from an HTTP perspective. This is the most common value.
///
/// -
/// RPC_C_HTTP_AUTHN_TARGET_PROXY
/// Authenticate against the HTTP Proxy. This value is uncommon.
///
///
///
public RPC_C_HTTP_AUTHN_TARGET AuthenticationTarget;
/// The number of elements in the AuthnScheme array.
public uint NumberOfAuthnSchemes;
///
public IntPtr AuthnSchemes;
///
/// Contains an optional string with the expected server principal name. The principal name is in the same format as that
/// generated for RpcCertGeneratePrincipalName (see Principal Names for more information). This member is used only when SSL is
/// used. In such cases, the server certificate is checked against the generated principal name. If they do not match, an error
/// is returned. This member enables clients to authenticate the RPC Proxy.
///
[MarshalAs(UnmanagedType.LPTStr)]
public string ServerCertificateSubject;
}
///
///
/// The RPC_HTTP_TRANSPORT_CREDENTIALS_V2 structure defines additional credentials to authenticate to an RPC proxy server or
/// HTTP proxy server when using RPC/HTTP.
///
///
/// RPC_HTTP_TRANSPORT_CREDENTIALS_V2 extends RPC_HTTP_TRANSPORT_CREDENTIALS by allowing authentication against an HTTP proxy server.
///
///
///
///
/// If the TransportCredentials member is NULL and the authentication scheme is NTLM, the credentials of the currently
/// logged on user are used. To avoid exposing user credentials on the network through a weak LM hash, user logon credentials are
/// used only if one or both of the following conditions are true:
///
///
/// -
///
/// Caller requested use of SSL and used the ServerCertificateSubject member. This scenario guarantees credentials are
/// protected both in transit and at the final destination, even if a weak hash is used.
///
///
/// -
///
/// The lncompatibilitylevel key is set to 2 or higher. This causes the NTLM security provider to emit or respond to only the strong
/// NT hash, not the weak LM hash. In addition, customers are encouraged to use level 3 or higher, which will attempt NTLMv2.
///
///
///
///
/// If the Unicode version of the RpcBindingSetAuthInfoEx function is used, Unicode versions of the
/// RPC_HTTP_TRANSPORT_CREDENTIALS_V2 and SEC_WINNT_AUTH_IDENTITY structures must also be provided, and the Flags
/// member in TransportCredentials must be set to SEC_WINNT_AUTH_IDENTITY_UNICODE. If the ANSI version of the
/// RpcBindingSetAuthInfoEx function is used, ANSI versions of RPC_HTTP_TRANSPORT_CREDENTIALS_V2 and
/// SEC_WINNT_AUTH_IDENTITY structures must be provided, and the Flags member in TransportCredentials must be
/// set to SEC_WINNT_AUTH_IDENTITY_ANSI.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_http_transport_credentials_v2_a typedef struct
// _RPC_HTTP_TRANSPORT_CREDENTIALS_V2_A { SEC_WINNT_AUTH_IDENTITY_A *TransportCredentials; unsigned long Flags; unsigned long
// AuthenticationTarget; unsigned long NumberOfAuthnSchemes; unsigned long *AuthnSchemes; unsigned char *ServerCertificateSubject;
// SEC_WINNT_AUTH_IDENTITY_A *ProxyCredentials; unsigned long NumberOfProxyAuthnSchemes; unsigned long *ProxyAuthnSchemes; }
// RPC_HTTP_TRANSPORT_CREDENTIALS_V2_A, *PRPC_HTTP_TRANSPORT_CREDENTIALS_V2_A;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_HTTP_TRANSPORT_CREDENTIALS_V2_A")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct RPC_HTTP_TRANSPORT_CREDENTIALS_V2
{
///
/// A pointer to a structure that contains the user name, domain, and password for
/// the user.
///
public IntPtr TransportCredentials;
///
/// A set of flags that can be combined with the bitwise OR operator.
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_HTTP_FLAG_USE_SSL
/// Instructs RPC to use SSL to communicate with the RPC Proxy.
///
/// -
/// RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME
///
/// When set, RPC chooses the first scheme in the AuthnSchemes array and attempts to authenticate to the RPC Proxy. If the RPC
/// Proxy does not support the selected authentication scheme, the call fails. When not set, the RPC client queries the RPC
/// Proxy for supported authentication schemes, and chooses one.
///
///
///
///
public RPC_C_HTTP_FLAG Flags;
///
/// Specifies the authentication target.
/// Should be set to one or both of the following values:
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_HTTP_AUTHN_TARGET_SERVER
/// Authenticate against the RPC Proxy, which is the HTTP Server from an HTTP perspective. This is the most common value.
///
/// -
/// RPC_C_HTTP_AUTHN_TARGET_PROXY
/// Authenticate against the HTTP Proxy. This value is uncommon.
///
///
///
public RPC_C_HTTP_AUTHN_TARGET AuthenticationTarget;
/// The number of elements in the AuthnScheme array.
public uint NumberOfAuthnSchemes;
///
///
/// A pointer to an array of values representing authentication schemes the client is
/// willing to use. Each element of the array can contain one of the following constants:
///
///
/// - RPC_C_HTTP_AUTHN_SCHEME_BASIC
/// - RPC_C_HTTP_AUTHN_SCHEME_NTLM
/// - RPC_C_HTTP_AUTHN_SCHEME_PASSPORT
/// - RPC_C_HTTP_AUTHN_SCHEME_DIGEST
/// - RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE
///
///
/// RPC_C_HTTP_AUTHN_SCHEME_PASSPORT, RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE and RPC_C_HTTP_AUTHN_SCHEME_DIGEST are defined as
/// constants, but not currently supported. Callers should not specify them; doing so results in RPC_S_CANNOT_SUPPORT error.
/// Each constant can be specified once. RPC does not verify this restriction for performance reasons, but specifying a constant
/// more than once produces undefined results.
///
/// The algorithm for choosing the actual authentication scheme is as follows:
///
/// If RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME is specified, the first authentication scheme is chosen. If it is not supported by
/// the server, the connection establishment fails. If RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME is not specified, the RPC client
/// first attempts anonymous connection to the RPC Proxy. If IIS returns authentication challenge, the RPC client chooses the
/// authentication scheme preferred by the server if it is also in the AuthnScheme array. If the scheme preferred by the
/// server is not in the AuthnScheme array, the AuthnScheme array will be traversed from start to finish, and if a
/// scheme is found that is also supported by the server, that authentication scheme is used.
///
///
public IntPtr AuthnSchemes;
///
/// Contains an optional string with the expected server principal name. The principal name is in the same format as that
/// generated for RpcCertGeneratePrincipalName (see Principal Names for more information). This member is used only when SSL is
/// used. In such cases, the server certificate is checked against the generated principal name. If they do not match, an error
/// is returned. This member enables clients to authenticate the RPC Proxy.
///
[MarshalAs(UnmanagedType.LPTStr)]
public string ServerCertificateSubject;
///
/// A pointer to a structure that contains the user name, domain, and password for
/// the user when authenticating against an HTTP proxy server. ProxyCredentials is only valid when
/// AuthenticationTarget contains RPC_C_HTTP_AUTHN_TARGET_PROXY.
///
public IntPtr ProxyCredentials;
///
/// The number of elements in the ProxyAuthnSchemes array when authenticating against an HTTP proxy server.
/// NumberOfProxyAuthnSchemes is only valid when AuthenticationTarget contains RPC_C_HTTP_AUTHN_TARGET_PROXY.
///
public uint NumberOfProxyAuthnSchemes;
///
///
/// A pointer to an array of values representing authentication schemes the client is
/// willing to use when authenticating against an HTTP proxy server. Each element of the array can contain one of the following
/// constants. ProxyAuthnSchemes is only valid when AuthenticationTarget contains RPC_C_HTTP_AUTHN_TARGET_PROXY.
///
///
/// - RPC_C_HTTP_AUTHN_SCHEME_BASIC
/// - RPC_C_HTTP_AUTHN_SCHEME_NTLM
/// - RPC_C_HTTP_AUTHN_SCHEME_PASSPORT
/// - RPC_C_HTTP_AUTHN_SCHEME_DIGEST
/// - RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE
///
///
public IntPtr ProxyAuthnSchemes;
}
///
///
/// The RPC_HTTP_TRANSPORT_CREDENTIALS_V3 structure defines additional credentials to authenticate to an RPC proxy server or
/// HTTP proxy server when using RPC/HTTP.
///
///
/// RPC_HTTP_TRANSPORT_CREDENTIALS_V3 extends RPC_HTTP_TRANSPORT_CREDENTIALS_V2 by allowing arbitrary credential forms to be used.
///
///
///
///
/// If the TransportCredentials member is NULL and the authentication scheme is NTLM, the credentials of the currently
/// logged on user are used. To avoid exposing user credentials on the network through a weak LM hash, user logon credentials are
/// used only if one or both of the following conditions are true:
///
///
/// -
///
/// Caller requested use of SSL and used the ServerCertificateSubject member. This scenario guarantees credentials are
/// protected both in transit and at the final destination, even if a weak hash is used.
///
///
/// -
///
/// The lncompatibilitylevel key is set to 2 or higher. This causes the NTLM security provider to emit or respond to only the strong
/// NT hash, not the weak LM hash. In addition, customers are encouraged to use level 3 or higher, which will attempt NTLMv2.
///
///
///
///
/// If the Unicode version of the RpcBindingSetAuthInfoEx function is used, Unicode versions of the
/// RPC_HTTP_TRANSPORT_CREDENTIALS_V3 and SEC_WINNT_AUTH_IDENTITY structures must also be provided, and the Flags
/// member in TransportCredentials must be set to SEC_WINNT_AUTH_IDENTITY_UNICODE. If the ANSI version of the
/// RpcBindingSetAuthInfoEx function is used, ANSI versions of RPC_HTTP_TRANSPORT_CREDENTIALS_V3 and
/// SEC_WINNT_AUTH_IDENTITY structures must be provided, and the Flags member in TransportCredentials must be
/// set to SEC_WINNT_AUTH_IDENTITY_ANSI.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_http_transport_credentials_v3_a typedef struct
// _RPC_HTTP_TRANSPORT_CREDENTIALS_V3_A { RPC_AUTH_IDENTITY_HANDLE TransportCredentials; unsigned long Flags; unsigned long
// AuthenticationTarget; unsigned long NumberOfAuthnSchemes; unsigned long *AuthnSchemes; unsigned char *ServerCertificateSubject;
// RPC_AUTH_IDENTITY_HANDLE ProxyCredentials; unsigned long NumberOfProxyAuthnSchemes; unsigned long *ProxyAuthnSchemes; }
// RPC_HTTP_TRANSPORT_CREDENTIALS_V3_A, *PRPC_HTTP_TRANSPORT_CREDENTIALS_V3_A;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_HTTP_TRANSPORT_CREDENTIALS_V3_A")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct RPC_HTTP_TRANSPORT_CREDENTIALS_V3
{
///
/// A pointer to a structure that contains the user name, domain, and password for
/// the user.
///
public IntPtr TransportCredentials;
///
/// A set of flags that can be combined with the bitwise OR operator.
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_HTTP_FLAG_USE_SSL
/// Instructs RPC to use SSL to communicate with the RPC Proxy.
///
/// -
/// RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME
///
/// When set, RPC chooses the first scheme in the AuthnSchemes array and attempts to authenticate to the RPC Proxy. If the RPC
/// Proxy does not support the selected authentication scheme, the call fails. When not set, the RPC client queries the RPC
/// Proxy for supported authentication schemes, and chooses one.
///
///
///
///
public RPC_C_HTTP_FLAG Flags;
///
/// Specifies the authentication target.
/// Should be set to one or both of the following values:
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_HTTP_AUTHN_TARGET_SERVER
/// Authenticate against the RPC Proxy, which is the HTTP Server from an HTTP perspective. This is the most common value.
///
/// -
/// RPC_C_HTTP_AUTHN_TARGET_PROXY
/// Authenticate against the HTTP Proxy. This value is uncommon.
///
///
///
public RPC_C_HTTP_AUTHN_TARGET AuthenticationTarget;
/// The number of elements in the AuthnScheme array.
public uint NumberOfAuthnSchemes;
///
///
/// A pointer to an array of values representing authentication schemes the client is
/// willing to use. Each element of the array can contain one of the following constants:
///
///
/// - RPC_C_HTTP_AUTHN_SCHEME_BASIC
/// - RPC_C_HTTP_AUTHN_SCHEME_NTLM
/// - RPC_C_HTTP_AUTHN_SCHEME_PASSPORT
/// - RPC_C_HTTP_AUTHN_SCHEME_DIGEST
/// - RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE
///
///
/// RPC_C_HTTP_AUTHN_SCHEME_PASSPORT, RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE and RPC_C_HTTP_AUTHN_SCHEME_DIGEST are defined as
/// constants, but not currently supported. Callers should not specify them; doing so results in RPC_S_CANNOT_SUPPORT error.
/// Each constant can be specified once. RPC does not verify this restriction for performance reasons, but specifying a constant
/// more than once produces undefined results.
///
/// The algorithm for choosing the actual authentication scheme is as follows:
///
/// If RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME is specified, the first authentication scheme is chosen. If it is not supported by
/// the server, the connection establishment fails. If RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME is not specified, the RPC client
/// first attempts anonymous connection to the RPC Proxy. If IIS returns authentication challenge, the RPC client chooses the
/// authentication scheme preferred by the server if it is also in the AuthnScheme array. If the scheme preferred by the
/// server is not in the AuthnScheme array, the AuthnScheme array will be traversed from start to finish, and if a
/// scheme is found that is also supported by the server, that authentication scheme is used.
///
///
public IntPtr AuthnSchemes;
///
/// Contains an optional string with the expected server principal name. The principal name is in the same format as that
/// generated for RpcCertGeneratePrincipalName (see Principal Names for more information). This member is used only when SSL is
/// used. In such cases, the server certificate is checked against the generated principal name. If they do not match, an error
/// is returned. This member enables clients to authenticate the RPC Proxy.
///
[MarshalAs(UnmanagedType.LPTStr)]
public string ServerCertificateSubject;
///
/// A pointer to an opaque authentication handle in the form of an RPC_AUTH_IDENTITY_HANDLE structure when authenticating
/// against an HTTP proxy server. ProxyCredentials is only valid when AuthenticationTarget contains RPC_C_HTTP_AUTHN_TARGET_PROXY.
///
public RPC_AUTH_IDENTITY_HANDLE ProxyCredentials;
///
/// The number of elements in the ProxyAuthnSchemes array when authenticating against an HTTP proxy server.
/// NumberOfProxyAuthnSchemes is only valid when AuthenticationTarget contains RPC_C_HTTP_AUTHN_TARGET_PROXY.
///
public uint NumberOfProxyAuthnSchemes;
///
///
/// A pointer to an array of values representing authentication schemes the client is
/// willing to use when authenticating against an HTTP proxy server. Each element of the array can contain one of the following
/// constants. ProxyAuthnSchemes is only valid when AuthenticationTarget contains RPC_C_HTTP_AUTHN_TARGET_PROXY.
///
///
/// - RPC_C_HTTP_AUTHN_SCHEME_BASIC
/// - RPC_C_HTTP_AUTHN_SCHEME_NTLM
/// - RPC_C_HTTP_AUTHN_SCHEME_PASSPORT
/// - RPC_C_HTTP_AUTHN_SCHEME_DIGEST
/// - RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE
///
///
public IntPtr ProxyAuthnSchemes;
}
/// Provides a handle to an RPC interface.
[StructLayout(LayoutKind.Sequential)]
public struct RPC_IF_HANDLE : IHandle
{
private readonly IntPtr handle;
/// Initializes a new instance of the struct.
/// An object that represents the pre-existing handle to use.
public RPC_IF_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle;
/// Returns an invalid handle by instantiating a object with .
public static RPC_IF_HANDLE NULL => new RPC_IF_HANDLE(IntPtr.Zero);
/// Gets a value indicating whether this instance is a null handle.
public bool IsNull => handle == IntPtr.Zero;
/// Performs an explicit conversion from to .
/// The handle.
/// The result of the conversion.
public static explicit operator IntPtr(RPC_IF_HANDLE h) => h.handle;
/// Performs an implicit conversion from to .
/// The pointer to a handle.
/// The result of the conversion.
public static implicit operator RPC_IF_HANDLE(IntPtr h) => new RPC_IF_HANDLE(h);
/// Implements the operator !=.
/// The first handle.
/// The second handle.
/// The result of the operator.
public static bool operator !=(RPC_IF_HANDLE h1, RPC_IF_HANDLE h2) => !(h1 == h2);
/// Implements the operator ==.
/// The first handle.
/// The second handle.
/// The result of the operator.
public static bool operator ==(RPC_IF_HANDLE h1, RPC_IF_HANDLE h2) => h1.Equals(h2);
///
public override bool Equals(object obj) => obj is RPC_IF_HANDLE h && handle == h.handle;
///
public override int GetHashCode() => handle.GetHashCode();
///
public IntPtr DangerousGetHandle() => handle;
}
/// The RPC_IF_ID structure contains the interface UUID and major and minor version numbers of an interface.
///
/// An interface identification is a subset of the data contained in the interface-specification structure. Routines that require an
/// interface identification structure show a data type of RPC_IF_ID. In those routines, the application is responsible for
/// providing memory for the structure.
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_if_id typedef struct _RPC_IF_ID { UUID Uuid; unsigned
// short VersMajor; unsigned short VersMinor; } RPC_IF_ID;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_IF_ID")]
[StructLayout(LayoutKind.Sequential)]
public struct RPC_IF_ID
{
/// Specifies the interface UUID.
public Guid Uuid;
/// Major version number, an integer from 0 to 65535, inclusive.
public ushort VersMajor;
/// Minor version number, an integer from 0 to 65535, inclusive.
public ushort VersMinor;
}
/// The RPC_IF_ID_VECTOR structure contains a list of interfaces offered by a server.
///
///
/// The interface identification vector contains a count member ( Count), followed by an array of pointers to interface
/// identifiers ( RPC_IF_ID).
///
///
/// The interface identification vector is a read-only vector. To obtain a vector of the interface identifiers registered by a
/// server with the run-time library, an application calls RpcMgmtInqIfIds. To obtain a vector of the interface identifiers exported
/// by a server, an application calls RpcNsMgmtEntryInqIfIds.
///
///
/// The RPC run-time library allocates memory for the interface identification vector. The application calls RpcIfIdVectorFree to
/// free the interface identification vector.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_if_id_vector typedef struct { unsigned long Count;
// RPC_IF_ID *IfId[1]; } RPC_IF_ID_VECTOR;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce.__unnamed_struct_1")]
[StructLayout(LayoutKind.Sequential)]
public struct RPC_IF_ID_VECTOR : IArrayStruct
{
/// Number of interface-identification structures present in the array IfHandl.
public uint Count;
/// An array of pointers to interface identifiers ( ).
public IntPtr IfId;
}
/// Provides a handle to an RPC interface group.
[StructLayout(LayoutKind.Sequential)]
public struct RPC_INTERFACE_GROUP : IHandle
{
private readonly IntPtr handle;
/// Initializes a new instance of the struct.
/// An object that represents the pre-existing handle to use.
public RPC_INTERFACE_GROUP(IntPtr preexistingHandle) => handle = preexistingHandle;
/// Returns an invalid handle by instantiating a object with .
public static RPC_INTERFACE_GROUP NULL => new RPC_INTERFACE_GROUP(IntPtr.Zero);
/// Gets a value indicating whether this instance is a null handle.
public bool IsNull => handle == IntPtr.Zero;
/// Performs an explicit conversion from to .
/// The handle.
/// The result of the conversion.
public static explicit operator IntPtr(RPC_INTERFACE_GROUP h) => h.handle;
/// Performs an implicit conversion from to .
/// The pointer to a handle.
/// The result of the conversion.
public static implicit operator RPC_INTERFACE_GROUP(IntPtr h) => new RPC_INTERFACE_GROUP(h);
/// Implements the operator !=.
/// The first handle.
/// The second handle.
/// The result of the operator.
public static bool operator !=(RPC_INTERFACE_GROUP h1, RPC_INTERFACE_GROUP h2) => !(h1 == h2);
/// Implements the operator ==.
/// The first handle.
/// The second handle.
/// The result of the operator.
public static bool operator ==(RPC_INTERFACE_GROUP h1, RPC_INTERFACE_GROUP h2) => h1.Equals(h2);
///
public override bool Equals(object obj) => obj is RPC_INTERFACE_GROUP h && handle == h.handle;
///
public override int GetHashCode() => handle.GetHashCode();
///
public IntPtr DangerousGetHandle() => handle;
}
/// The RPC_INTERFACE_TEMPLATE structure defines an RPC interface group server interface.
///
/// To register an interface, the server provides the following information:
///
/// -
/// Interface specificationThe interface specification is a data structure that the MIDL compiler generates.
///
/// -
///
/// Manager type UUID and manager EPVThe manager type UUID and the manager EPV determine which manager routine executes when a
/// server receives a remote procedure call request from a client. For each implementation of an interface offered by a server, it
/// must register a separate manager EPV. Note that when specifying a non-nil, manager type UUID, the server must also call
/// RpcObjectSetType to register objects of this non-nil type.
///
///
///
///
/// All interface group interfaces are treated as auto-listen. The runtime begins listening for calls as soon as the
/// interface group is activated. Calls to RpcServerListen and RpcMgmtStopServerListening do not affect the interface, nor does a
/// call to RpcServerUnregisterIf with IfSpec set to NULL.
///
///
/// Specifying a security-callback function in IfCallback allows the server application to restrict access to its interfaces on an
/// individual client basis. That is, by default, security is optional; the server run-time will dispatch unsecured calls even if
/// the server has called RpcServerRegisterAuthInfo. If the server wants to accept only authenticated clients, an interface callback
/// function must call RpcBindingInqAuthClient, RpcGetAuthorizationContextForClient, or RpcServerInqCallAttributes to retrieve the
/// security level, or attempt to impersonate the client with RpcImpersonateClient. It can also specify the RPC_IF_ALLOW_SECURE_ONLY
/// flag in Flags to reject unauthenticated calls.
///
///
/// When a server application specifies a security-callback function for its interface(s) in IfCallback, the RPC run time
/// automatically rejects calls without authentication information to that interface. In addition, the run-time records the
/// interfaces each client has used. When a client makes an RPC to an interface that it has not used during the current
/// communication session, the RPC run-time library calls the interface's security-callback function. Specifying
/// RPC_IF_ALLOW_CALLBACKS_WITH_NO_AUTH in Flags will prevent the automatic rejection of unauthenticated clients. Note that calls on
/// the NULL security session can have authentication information, even though they come from anonymous clients. Thus, the
/// existence of a callback alone is not sufficient to prevent anonymous clients from connecting; either the security callback
/// function must check for that, or the RPC_IF_ALLOW_SECURE_ONLY flag must be used. RPC_IF_ALLOW_SECURE_ONLY rejects null session
/// calls only on Windows XP and later versions of Windows.
///
/// For the signature for the callback function, see RPC_IF_CALLBACK_FN.
///
/// The callback function in IfCallback should return RPC_S_OK if the client is allowed to call methods in this interface.
/// Any other return code will cause the client to receive the exception RPC_S_ACCESS_DENIED.
///
///
/// In some cases, the RPC run time may call the security-callback function more than once per client, per interface. The callback
/// function must be able to handle this possibility.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_interface_templatea typedef struct { unsigned long
// Version; RPC_IF_HANDLE IfSpec; UUID *MgrTypeUuid; RPC_MGR_EPV *MgrEpv; unsigned int Flags; unsigned int MaxCalls; unsigned int
// MaxRpcSize; RPC_IF_CALLBACK_FN *IfCallback; UUID_VECTOR *UuidVector; RPC_CSTR Annotation; void *SecurityDescriptor; }
// RPC_INTERFACE_TEMPLATEA, *PRPC_INTERFACE_TEMPLATEA;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce.__unnamed_struct_6")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct RPC_INTERFACE_TEMPLATE
{
/// This field is reserved and must be set to 0.
public uint Version;
/// MIDL-generated structure that defines the interface to register.
public RPC_IF_HANDLE IfSpec;
/// Pointer to a UUID to associate with MgrEpv. NULL or a nil UUID registers IfSpec with a nil UUID.
public GuidPtr MgrTypeUuid;
///
/// Pointer to a RPC_MGR_EPV structure that contains the manager routines' entry-point vector (EPV). If
/// NULL,the MIDL-generated default EPV is used.
///
public IntPtr MgrEpv;
///
/// Flags. For a list of flag values, see Interface Registration Flags. Interface group interfaces are always treated as auto-listen.
///
public RPC_IF Flags;
///
///
/// Maximum number of concurrent remote procedure call requests the server can accept on this interface. The RPC run-time
/// library makes its best effort to ensure the server does not allow more concurrent call requests than the number of calls
/// specified in MaxCalls. However, the actual number can be greater than MaxCalls and can vary for each protocol sequence.
///
/// Calls on other interfaces are governed by the value of the process-wide MaxCalls parameter specified in RpcServerListen.
///
/// If the number of concurrent calls is not a concern, slightly better server-side performance can be achieved by specifying
/// the default value using RPC_C_LISTEN_MAX_CALLS_DEFAULT. Doing so relieves the RPC run-time environment from enforcing
/// an unnecessary restriction.
///
///
public uint MaxCalls;
///
/// Maximum size, in bytes, of incoming data blocks. MaxRpcSize may be used to help prevent malicious denial-of-service attacks.
/// If the data block of a remote procedure call is larger than MaxRpcSize, the RPC run-time library rejects the call and sends
/// an RPC_S_ACCESS_DENIED error to the client. Specifying a value of (unsigned int) –1 in MaxRpcSize removes the limit
/// on the size of incoming data blocks. This parameter has no effect on calls made over the ncalrpc protocol.
///
public uint MaxRpcSize;
///
/// A pointer to a RPC_INTERFACE_GROUP_IDLE_CALLBACK_FN security-callback function, or NULL for no callback. Each
/// registered interface can have a different callback function.
///
[MarshalAs(UnmanagedType.FunctionPtr)]
public RPC_INTERFACE_GROUP_IDLE_CALLBACK_FN IfCallback;
///
/// Pointer to a vector of object UUIDs offered by the server to be registered with the RPC endpoint mapper. The server
/// application constructs this vector. NULL indicates there are no object UUIDs to register.
///
public IntPtr UuidVector;
///
///
/// Pointer to the character-string comment applied to each cross-product element added to the local endpoint-map database. The
/// string can be up to 64 characters long, including the null terminating character. Specify a null value or a null-terminated
/// string ("\0") if there is no annotation string.
///
///
/// The annotation string is used by applications for information only. RPC does not use this string to determine which server
/// instance a client communicates with or for enumerating elements in the endpoint-map database.
///
///
[MarshalAs(UnmanagedType.LPTStr)]
public string Annotation;
/// Optional security descriptor describing which clients have the right to access the interface.
public IntPtr SecurityDescriptor;
}
///
/// The RPC_POLICY structure contains flags that determine binding on multihomed computers, and port allocations when using
/// the ncacn_ip_tcp and ncadg_ip_udp protocols.
///
///
/// You can use the RPC_Policy structure to set policies for remote procedure calls at run time. These policies include:
///
/// -
///
/// Message queuing: Allows the server to specify message-queuing properties, such as security, quality of delivery, and the
/// lifetime of the server-process queue. This policy is only effective for remote calls over the message-queuing transport (ncadg_mq).
///
///
/// -
///
/// Port allocation for dynamic ports: Specifies whether the endpoint registered by this application should go to the
/// Internet-available or intranet-available port set.
///
///
/// -
/// Selective binding: Allows multihomed machines to bind selectively to NICs.
///
///
///
/// Note Port allocation and selective binding policies are effective only for remote calls over TCP ( ncacn_ip_tcp) and UDP
/// ( ncadg_ip_udp) connections. For more information, see Configuring the Registry for Port Allocations and Selective Binding.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_policy typedef struct _RPC_POLICY { unsigned int Length;
// unsigned long EndpointFlags; unsigned long NICFlags; } RPC_POLICY, *PRPC_POLICY;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_POLICY")]
[StructLayout(LayoutKind.Sequential)]
public struct RPC_POLICY
{
///
/// Size of the RPC_POLICY structure, in bytes. The Length member allows compatibility with future versions of
/// this structure, which may contain additional fields. Always set the Length equal to sizeof(RPC_POLICY) when
/// you initialize the RPC_POLICY structure in your code.
///
public uint Length;
///
///
/// Set of flags that determine the attributes of the port or ports where the server receives remote procedure calls. You can
/// specify more than one flag (by using the bitwise OR operator) from the set of values for a given protocol sequence.
///
///
/// Note If the registry does not contain any of the keys that specify the default policies, then the
/// EndpointFlags member will have no effect at run time. If a key is missing or contains an invalid value, then the
/// entire configuration for that protocol ( ncacn_ip_tcp, ncadg_ip_udp or ncadg_mq) is marked as invalid and all calls to
/// RpcServerUseProtseq* functions over that protocol will fail.
///
///
public RPC_C_POL_ENDPT EndpointFlags;
/// Policy for binding to Network Interface Cards (NICs).
public RPC_C_POL_NIC NICFlags;
}
///
/// The RPC_PROTSEQ_VECTOR structure contains a list of protocol sequences the RPC run-time library uses to send and receive
/// remote procedure calls.
///
///
///
/// The protocol-sequence vector contains a count member ( Count), followed by an array of pointers to protocol-sequence
/// strings ( Protseq).
///
///
/// The protocol-sequence vector is a read-only vector. To obtain a protocol-sequence vector, a server application calls
/// RpcNetworkInqProtseqs. The RPC run-time library allocates memory for the protocol-sequence vector. The server application calls
/// RpcProtseqVectorFree to free the protocol-sequence vector.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_protseq_vector typedef struct _RPC_PROTSEQ_VECTOR {
// unsigned int Count; unsigned char *Protseq[1]; } RPC_PROTSEQ_VECTOR;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_PROTSEQ_VECTOR")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct RPC_PROTSEQ_VECTOR : IArrayStruct
{
/// Number of protocol-sequence strings present in the array Protseq.
public uint Count;
///
/// Array of pointers to protocol-sequence strings. The number of pointers present is specified by the Count member.
///
public IntPtr Protseq;
}
///
/// The RPC_SECURITY_QOS structure defines security quality-of-service settings on a binding handle. See Remarks for version
/// availability on Windows editions.
///
///
/// The following listing defines the availability of QOS versions on various Windows operating systems:
///
/// -
/// Version 1: Windows 2000 and later.
///
/// -
/// Version 2: Windows XP with Service Pack 1 (SP1) and later.
///
/// -
/// Version 3: Windows Server 2003 and later.
///
/// -
/// Version 4: Windows Vista and later.
///
/// -
/// Version 5: Windows 8 and later.
///
///
///
/// Windows editions support downlevel versions as well. For example, Windows Server 2003 supports version 3, but also supports
/// versions 1 and 2.
///
///
/// The client-side security functions RpcBindingInqAuthInfoEx and RpcBindingSetAuthInfo use the RPC_SECURITY_QOS structure
/// to inquire about, or to set, the security quality of service for a binding handle.
///
///
/// RPC supports the RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT hint. This hint is used only when dynamic endpoints and mutual
/// authentication are used. Furthermore, it is not supported for the ncadg_ protocol sequences. If this flag is used for a
/// ncadg_ protocol sequence, or without using mutual authentication, RPC_S_INVALID_ARG is returned from the
/// RpcBindingSetAuthInfoEx function call. This flag is designed to prevent a Denial of Service Attack. Using this flag forces the
/// RPC Runtime to ask the endpoint mapper only for endpoints registered by the principal specified in the ServerPrincName or
/// Sid members. This prevents an attacker on the local machine from trying to trick your RPC client to connect to a spoof
/// endpoint it has registered in the endpoint mapper. Note that since the attack is local only (such as from a terminal server
/// machine with many users), the flag also works only for RPC calls made locally.
///
///
/// Note Some security providers, such as Kerberos, support delegation-impersonation type. On Windows editions that support
/// delegation-impersonation type, if the client has asked for delegation but the security provider is unable to provide it, the
/// call fails with PRC_S_SEC_PKG_ERROR unless the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag is specified.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_security_qos typedef struct _RPC_SECURITY_QOS { unsigned
// long Version; unsigned long Capabilities; unsigned long IdentityTracking; unsigned long ImpersonationType; } RPC_SECURITY_QOS, *PRPC_SECURITY_QOS;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_SECURITY_QOS")]
[StructLayout(LayoutKind.Sequential)]
public struct RPC_SECURITY_QOS
{
///
/// Version of the RPC_SECURITY_QOS structure being used. This topic documents version 1 of the RPC_SECURITY_QOS
/// structure. See RPC_SECURITY_QOS_V2, RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4 and RPC_SECURITY_QOS_V5 for other versions.
///
public uint Version;
///
///
/// Security services being provided to the application. Capabilities is a set of flags that can be combined using the bitwise
/// OR operator.
///
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_QOS_CAPABILITIES_DEFAULT
/// Used when no provider-specific capabilities are needed.
///
/// -
/// RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH
///
/// Specifying this flag causes the RPC run time to request mutual authentication from the security provider. Some security
/// providers do not support mutual authentication. If the security provider does not support mutual authentication, or the
/// identity of the server cannot be established, a remote procedure call to such server fails with error RPC_S_SEC_PKG_ERROR.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_MAKE_FULLSIC
/// Not currently implemented.
///
/// -
/// RPC_C_QOS_CAPABILITIES_ANY_AUTHORITY
///
/// Accepts the client's credentials even if the certificate authority (CA) is not in the server's list of trusted CAs. This
/// constant is used only by the SCHANNEL SSP.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE
///
/// When specified, this flag directs the RPC runtime on the client to ignore an error to establish a security context that
/// supports delegation. Normally, if the client asks for delegation and the security system cannot establish a security context
/// that supports delegation, error RPC_S_SEC_PKG_ERROR is returned; when this flag is specified, no error is returned.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT
///
/// This flag specifies to RPC that the server is local to the machine making the RPC call. In this situation RPC instructs the
/// endpoint mapper to pick up only endpoints registered by the principal specified in the ServerPrincName or Sid members (these
/// members are available in RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4, and RPC_SECURITY_QOS_V5 only). See Remarks for more information.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY
///
/// If set, the RPC runtime uses the SChannel SSP to perform smartcard-based authentication without displaying a PIN prompt
/// dialog box by the cryptographic services provider (CSP). In the call to RpcBindingSetAuthInfoEx, the AuthIdentity parameter
/// must be a SEC_WINNT_AUTH_IDENTITY structure whose members contain the following: If the
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY flag is used for any SSP other than SChannel, or if the members of
/// SEC_WINNT_AUTH_IDENTITY do not conform to the above, RPC_S_INVALID_ARG will be returned by RpcBindingSetAuthInfoEx.
///
///
///
///
public RPC_C_QOS_CAPABILITIES Capabilities;
///
/// Sets the context tracking mode. Should be set to one of the values shown in the following table.
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_QOS_IDENTITY_STATIC
///
/// Security context is created only once and is never revised during the entire communication, even if the client side changes
/// it. This is the default behavior if RPC_SECURITY_QOS is not specified.
///
///
/// -
/// RPC_C_QOS_IDENTITY_DYNAMIC
///
/// Context is revised whenever the ModifiedId in the client's token is changed. All protocols use the ModifiedId (see note).
/// Windows 2000: All remote protocols (all protocols other than ncalrpc) use the AuthenticationID, also known as the LogonId,
/// to track changes in the client's identity. The ncalrpc protocol uses ModifiedId.
///
///
///
///
public RPC_C_QOS_IDENTITY IdentityTracking;
///
/// Level at which the server process can impersonate the client.
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_IMP_LEVEL_DEFAULT
/// Uses the default impersonation level.
///
/// -
/// RPC_C_IMP_LEVEL_ANONYMOUS
///
/// Client does not provide identification information to the server. The server cannot impersonate the client or identify the
/// client. Many servers reject calls with this impersonation type.
///
///
/// -
/// RPC_C_IMP_LEVEL_IDENTIFY
///
/// Server can obtain the client's identity, and impersonate the client to perform Access Control List (ACL) checks, but cannot
/// impersonate the client. See Impersonation Levels for more information.
///
///
/// -
/// RPC_C_IMP_LEVEL_IMPERSONATE
/// Server can impersonate the client's security context on its local system, but not on remote systems.
///
/// -
/// RPC_C_IMP_LEVEL_DELEGATE
///
/// The server can impersonate the client's security context while acting on behalf of the client. The server can also make
/// outgoing calls to other servers while acting on behalf of the client. The server may use the client's security context on
/// other machines to access local and remote resources as the client.
///
///
///
///
public RPC_C_IMP_LEVEL ImpersonationType;
}
///
/// The RPC_SECURITY_QOS_V2 structure defines version 2 security quality-of-service settings on a binding handle. See Remarks
/// for version availability on Windows editions.
///
///
/// The following listing defines the availability of QOS versions on various Windows operating systems:
///
/// -
/// Version 1: Windows 2000 and later.
///
/// -
/// Version 2: Windows XP with Service Pack 1 (SP1) and later.
///
/// -
/// Version 3: Windows Server 2003 and later.
///
/// -
/// Version 4: Windows Vista and later.
///
/// -
/// Version 5: Windows 8 and later.
///
///
///
/// Windows editions support downlevel versions as well. For example, Windows Server 2003 supports version 3, but also supports
/// versions 1 and 2.
///
///
/// The client-side security functions RpcBindingInqAuthInfoEx and RpcBindingSetAuthInfo use the RPC_SECURITY_QOS structure to
/// inquire about, or to set, the security quality of service for a binding handle.
///
///
/// RPC supports the RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT hint (unsupported on Windows XP and earlier client editions, unsupported
/// on Windows 2000 and earlier server editions). This hint is used only when dynamic endpoints and mutual authentication are used.
/// Furthermore, it is not supported for the ncadg_ protocol sequences. If this flag is used for a ncadg_ protocol
/// sequence, or without using mutual authentication, RPC_S_INVALID_ARG is returned from the RpcBindingSetAuthInfoEx function call.
/// This flag is designed to prevent a Denial of Service Attack. Using this flag forces the RPC Runtime to ask the endpoint mapper
/// only for endpoints registered by the principal specified in the ServerPrincName or Sid members. This prevents an
/// attacker on the local machine from trying to trick your RPC client to connect to a spoof endpoint it has registered in the
/// endpoint mapper. Note that since the attack is local only (such as from a terminal server machine with many users), the flag
/// also works only for RPC calls made locally.
///
///
/// Note Some security providers, such as Kerberos, support delegation-impersonation type. On Windows editions that support
/// delegation-impersonation type, if the client has asked for delegation but the security provider is unable to provide it, the
/// call fails with PRC_S_SEC_PKG_ERROR unless the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag is specified.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_security_qos_v2_a typedef struct _RPC_SECURITY_QOS_V2_A {
// unsigned long Version; unsigned long Capabilities; unsigned long IdentityTracking; unsigned long ImpersonationType; unsigned long
// AdditionalSecurityInfoType; union { RPC_HTTP_TRANSPORT_CREDENTIALS_A *HttpCredentials; } u; } RPC_SECURITY_QOS_V2_A, *PRPC_SECURITY_QOS_V2_A;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_SECURITY_QOS_V2_A")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct RPC_SECURITY_QOS_V2
{
///
/// Version of the RPC_SECURITY_QOS structure being used. This topic documents version 1 of the RPC_SECURITY_QOS
/// structure. See RPC_SECURITY_QOS_V2, RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4 and RPC_SECURITY_QOS_V5 for other versions.
///
public uint Version;
///
///
/// Security services being provided to the application. Capabilities is a set of flags that can be combined using the bitwise
/// OR operator.
///
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_QOS_CAPABILITIES_DEFAULT
/// Used when no provider-specific capabilities are needed.
///
/// -
/// RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH
///
/// Specifying this flag causes the RPC run time to request mutual authentication from the security provider. Some security
/// providers do not support mutual authentication. If the security provider does not support mutual authentication, or the
/// identity of the server cannot be established, a remote procedure call to such server fails with error RPC_S_SEC_PKG_ERROR.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_MAKE_FULLSIC
/// Not currently implemented.
///
/// -
/// RPC_C_QOS_CAPABILITIES_ANY_AUTHORITY
///
/// Accepts the client's credentials even if the certificate authority (CA) is not in the server's list of trusted CAs. This
/// constant is used only by the SCHANNEL SSP.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE
///
/// When specified, this flag directs the RPC runtime on the client to ignore an error to establish a security context that
/// supports delegation. Normally, if the client asks for delegation and the security system cannot establish a security context
/// that supports delegation, error RPC_S_SEC_PKG_ERROR is returned; when this flag is specified, no error is returned.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT
///
/// This flag specifies to RPC that the server is local to the machine making the RPC call. In this situation RPC instructs the
/// endpoint mapper to pick up only endpoints registered by the principal specified in the ServerPrincName or Sid members (these
/// members are available in RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4, and RPC_SECURITY_QOS_V5 only). See Remarks for more information.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY
///
/// If set, the RPC runtime uses the SChannel SSP to perform smartcard-based authentication without displaying a PIN prompt
/// dialog box by the cryptographic services provider (CSP). In the call to RpcBindingSetAuthInfoEx, the AuthIdentity parameter
/// must be a SEC_WINNT_AUTH_IDENTITY structure whose members contain the following: If the
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY flag is used for any SSP other than SChannel, or if the members of
/// SEC_WINNT_AUTH_IDENTITY do not conform to the above, RPC_S_INVALID_ARG will be returned by RpcBindingSetAuthInfoEx.
///
///
///
///
public RPC_C_QOS_CAPABILITIES Capabilities;
///
/// Sets the context tracking mode. Should be set to one of the values shown in the following table.
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_QOS_IDENTITY_STATIC
///
/// Security context is created only once and is never revised during the entire communication, even if the client side changes
/// it. This is the default behavior if RPC_SECURITY_QOS is not specified.
///
///
/// -
/// RPC_C_QOS_IDENTITY_DYNAMIC
///
/// Context is revised whenever the ModifiedId in the client's token is changed. All protocols use the ModifiedId (see note).
/// Windows 2000: All remote protocols (all protocols other than ncalrpc) use the AuthenticationID, also known as the LogonId,
/// to track changes in the client's identity. The ncalrpc protocol uses ModifiedId.
///
///
///
///
public RPC_C_QOS_IDENTITY IdentityTracking;
///
/// Level at which the server process can impersonate the client.
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_IMP_LEVEL_DEFAULT
/// Uses the default impersonation level.
///
/// -
/// RPC_C_IMP_LEVEL_ANONYMOUS
///
/// Client does not provide identification information to the server. The server cannot impersonate the client or identify the
/// client. Many servers reject calls with this impersonation type.
///
///
/// -
/// RPC_C_IMP_LEVEL_IDENTIFY
///
/// Server can obtain the client's identity, and impersonate the client to perform Access Control List (ACL) checks, but cannot
/// impersonate the client. See Impersonation Levels for more information.
///
///
/// -
/// RPC_C_IMP_LEVEL_IMPERSONATE
/// Server can impersonate the client's security context on its local system, but not on remote systems.
///
/// -
/// RPC_C_IMP_LEVEL_DELEGATE
///
/// The server can impersonate the client's security context while acting on behalf of the client. The server can also make
/// outgoing calls to other servers while acting on behalf of the client. The server may use the client's security context on
/// other machines to access local and remote resources as the client.
///
///
///
///
public RPC_C_IMP_LEVEL ImpersonationType;
///
/// Specifies the type of additional credentials present in the u union. The following constants are supported:
///
///
/// Supported Constants
/// Meaning
///
/// -
/// 0
/// No additional credentials are passed in the u union.
///
/// -
/// RPC_C_AUTHN_INFO_TYPE_HTTP
///
/// The HttpCredentials member of the u union points to a RPC_HTTP_TRANSPORT_CREDENTIALS structure. This value can be used only
/// when the protocol sequence is ncacn_http. Any other protocol sequence returns RPC_S_INVALID_ARG.
///
///
///
///
public RPC_C_AUTHN_INFO_TYPE AdditionalSecurityInfoType;
///
/// Additional set of credentials to pass to RPC, in the form of an RPC_HTTP_TRANSPORT_CREDENTIALS structure. Used when the
/// AdditionalSecurityInfoType member is set to RPC_C_AUTHN_INFO_TYPE_HTTP.
///
public IntPtr u;
}
///
/// The RPC_SECURITY_QOS_V3 structure defines version 3 security quality-of-service settings on a binding handle. See Remarks
/// for version availability on Windows editions.
///
///
/// The following listing defines the availability of QOS versions on various Windows operating systems:
///
/// -
/// Version 1: Windows 2000 and later.
///
/// -
/// Version 2: Windows XP with Service Pack 1 (SP1) and later.
///
/// -
/// Version 3: Windows Server 2003 and later.
///
/// -
/// Version 4: Windows Vista and later.
///
/// -
/// Version 5: Windows 8 and later.
///
///
///
/// Windows editions support downlevel versions as well. For example, Windows Server 2003 supports version 3, but also supports
/// versions 1 and 2.
///
///
/// The client-side security functions RpcBindingInqAuthInfoEx and RpcBindingSetAuthInfo use the RPC_SECURITY_QOS structure to
/// inquire about, or to set, the security quality of service for a binding handle.
///
///
/// RPC supports the RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT hint (unsupported on Windows XP and earlier client editions, unsupported
/// on Windows 2000 and earlier server editions). This hint is used only when dynamic endpoints and mutual authentication are used.
/// Furthermore, it is not supported for the ncadg_ protocol sequences. If this flag is used for a ncadg_ protocol
/// sequence, or without using mutual authentication, RPC_S_INVALID_ARG is returned from the RpcBindingSetAuthInfoEx function call.
/// This flag is designed to prevent a Denial of Service Attack. Using this flag forces the RPC Runtime to ask the endpoint mapper
/// only for endpoints registered by the principal specified in the ServerPrincName or Sid members. This prevents an
/// attacker on the local machine from trying to trick your RPC client to connect to a spoof endpoint it has registered in the
/// endpoint mapper. Note that since the attack is local only (such as from a terminal server machine with many users), the flag
/// also works only for RPC calls made locally.
///
///
/// Note Some security providers, such as Kerberos, support delegation-impersonation type. On Windows editions that support
/// delegation-impersonation type, if the client has asked for delegation but the security provider is unable to provide it, the
/// call fails with PRC_S_SEC_PKG_ERROR unless the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag is specified.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_security_qos_v3_a typedef struct _RPC_SECURITY_QOS_V3_A {
// unsigned long Version; unsigned long Capabilities; unsigned long IdentityTracking; unsigned long ImpersonationType; unsigned long
// AdditionalSecurityInfoType; union { RPC_HTTP_TRANSPORT_CREDENTIALS_A *HttpCredentials; } u; void *Sid; } RPC_SECURITY_QOS_V3_A, *PRPC_SECURITY_QOS_V3_A;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_SECURITY_QOS_V3_A")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct RPC_SECURITY_QOS_V3
{
///
/// Version of the RPC_SECURITY_QOS structure being used. This topic documents version 1 of the RPC_SECURITY_QOS
/// structure. See RPC_SECURITY_QOS_V2, RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4 and RPC_SECURITY_QOS_V5 for other versions.
///
public uint Version;
///
///
/// Security services being provided to the application. Capabilities is a set of flags that can be combined using the bitwise
/// OR operator.
///
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_QOS_CAPABILITIES_DEFAULT
/// Used when no provider-specific capabilities are needed.
///
/// -
/// RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH
///
/// Specifying this flag causes the RPC run time to request mutual authentication from the security provider. Some security
/// providers do not support mutual authentication. If the security provider does not support mutual authentication, or the
/// identity of the server cannot be established, a remote procedure call to such server fails with error RPC_S_SEC_PKG_ERROR.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_MAKE_FULLSIC
/// Not currently implemented.
///
/// -
/// RPC_C_QOS_CAPABILITIES_ANY_AUTHORITY
///
/// Accepts the client's credentials even if the certificate authority (CA) is not in the server's list of trusted CAs. This
/// constant is used only by the SCHANNEL SSP.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE
///
/// When specified, this flag directs the RPC runtime on the client to ignore an error to establish a security context that
/// supports delegation. Normally, if the client asks for delegation and the security system cannot establish a security context
/// that supports delegation, error RPC_S_SEC_PKG_ERROR is returned; when this flag is specified, no error is returned.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT
///
/// This flag specifies to RPC that the server is local to the machine making the RPC call. In this situation RPC instructs the
/// endpoint mapper to pick up only endpoints registered by the principal specified in the ServerPrincName or Sid members (these
/// members are available in RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4, and RPC_SECURITY_QOS_V5 only). See Remarks for more information.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY
///
/// If set, the RPC runtime uses the SChannel SSP to perform smartcard-based authentication without displaying a PIN prompt
/// dialog box by the cryptographic services provider (CSP). In the call to RpcBindingSetAuthInfoEx, the AuthIdentity parameter
/// must be a SEC_WINNT_AUTH_IDENTITY structure whose members contain the following: If the
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY flag is used for any SSP other than SChannel, or if the members of
/// SEC_WINNT_AUTH_IDENTITY do not conform to the above, RPC_S_INVALID_ARG will be returned by RpcBindingSetAuthInfoEx.
///
///
///
///
public RPC_C_QOS_CAPABILITIES Capabilities;
///
/// Sets the context tracking mode. Should be set to one of the values shown in the following table.
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_QOS_IDENTITY_STATIC
///
/// Security context is created only once and is never revised during the entire communication, even if the client side changes
/// it. This is the default behavior if RPC_SECURITY_QOS is not specified.
///
///
/// -
/// RPC_C_QOS_IDENTITY_DYNAMIC
///
/// Context is revised whenever the ModifiedId in the client's token is changed. All protocols use the ModifiedId (see note).
/// Windows 2000: All remote protocols (all protocols other than ncalrpc) use the AuthenticationID, also known as the LogonId,
/// to track changes in the client's identity. The ncalrpc protocol uses ModifiedId.
///
///
///
///
public RPC_C_QOS_IDENTITY IdentityTracking;
///
/// Level at which the server process can impersonate the client.
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_IMP_LEVEL_DEFAULT
/// Uses the default impersonation level.
///
/// -
/// RPC_C_IMP_LEVEL_ANONYMOUS
///
/// Client does not provide identification information to the server. The server cannot impersonate the client or identify the
/// client. Many servers reject calls with this impersonation type.
///
///
/// -
/// RPC_C_IMP_LEVEL_IDENTIFY
///
/// Server can obtain the client's identity, and impersonate the client to perform Access Control List (ACL) checks, but cannot
/// impersonate the client. See Impersonation Levels for more information.
///
///
/// -
/// RPC_C_IMP_LEVEL_IMPERSONATE
/// Server can impersonate the client's security context on its local system, but not on remote systems.
///
/// -
/// RPC_C_IMP_LEVEL_DELEGATE
///
/// The server can impersonate the client's security context while acting on behalf of the client. The server can also make
/// outgoing calls to other servers while acting on behalf of the client. The server may use the client's security context on
/// other machines to access local and remote resources as the client.
///
///
///
///
public RPC_C_IMP_LEVEL ImpersonationType;
///
/// Specifies the type of additional credentials present in the u union. The following constants are supported:
///
///
/// Supported Constants
/// Meaning
///
/// -
/// 0
/// No additional credentials are passed in the u union.
///
/// -
/// RPC_C_AUTHN_INFO_TYPE_HTTP
///
/// The HttpCredentials member of the u union points to a RPC_HTTP_TRANSPORT_CREDENTIALS structure. This value can be used only
/// when the protocol sequence is ncacn_http. Any other protocol sequence returns RPC_S_INVALID_ARG.
///
///
///
///
public RPC_C_AUTHN_INFO_TYPE AdditionalSecurityInfoType;
///
/// Additional set of credentials to pass to RPC, in the form of an RPC_HTTP_TRANSPORT_CREDENTIALS structure. Used when the
/// AdditionalSecurityInfoType member is set to RPC_C_AUTHN_INFO_TYPE_HTTP.
///
public IntPtr u;
///
/// Points to a security identifier (SID). The SID is an alternative to the ServerPrincName member, and only one can be
/// specified. The Sid member cannot be set to non- NULL if the security provider is the SCHANNEL SSP. Some
/// protocol sequences use Sid internally for security, and some use a ServerPrincName. For example, ncalrpc uses
/// a Sid internally, and if the caller knows both the SID and the ServerPrincName, a call using ncalrpc
/// can complete much faster in some cases if the SID is passed. In contrast, the ncacn_ and ncadg_ protocol
/// sequences use a ServerPrincName internally, and therefore can execute calls faster when provided the ServerPrincName.
///
public PSID Sid;
}
///
/// The RPC_SECURITY_QOS_V4 structure defines version 4 security quality-of-service settings on a binding handle. See Remarks
/// for version availability on Windows editions.
///
///
/// The following listing defines the availability of QOS versions on various Windows operating systems:
///
/// -
/// Version 1: Windows 2000 and later.
///
/// -
/// Version 2: Windows XP with Service Pack 1 (SP1) and later.
///
/// -
/// Version 3: Windows Server 2003 and later.
///
/// -
/// Version 4: Windows Vista and later.
///
/// -
/// Version 5: Windows 8 and later.
///
///
///
/// Windows editions support downlevel versions as well. For example, Windows Server 2003 supports version 3, but also supports
/// versions 1 and 2.
///
///
/// The client-side security functions RpcBindingInqAuthInfoEx and RpcBindingSetAuthInfo use the RPC_SECURITY_QOS structure to
/// inquire about, or to set, the security quality of service for a binding handle.
///
///
/// RPC supports the RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT hint (unsupported on Windows XP and earlier client editions, unsupported
/// on Windows 2000 and earlier server editions). This hint is used only when dynamic endpoints and mutual authentication are used.
/// Furthermore, it is not supported for the ncadg_ protocol sequences. If this flag is used for a ncadg_ protocol
/// sequence, or without using mutual authentication, RPC_S_INVALID_ARG is returned from the RpcBindingSetAuthInfoEx function call.
/// This flag is designed to prevent a Denial of Service Attack. Using this flag forces the RPC Runtime to ask the endpoint mapper
/// only for endpoints registered by the principal specified in the ServerPrincName or Sid members. This prevents an
/// attacker on the local machine from trying to trick your RPC client to connect to a spoof endpoint it has registered in the
/// endpoint mapper. Note that since the attack is local only (such as from a terminal server machine with many users), the flag
/// also works only for RPC calls made locally.
///
///
/// Note Some security providers, such as Kerberos, support delegation-impersonation type. On Windows editions that support
/// delegation-impersonation type, if the client has asked for delegation but the security provider is unable to provide it, the
/// call fails with PRC_S_SEC_PKG_ERROR unless the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag is specified.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_security_qos_v4_a typedef struct _RPC_SECURITY_QOS_V4_A {
// unsigned long Version; unsigned long Capabilities; unsigned long IdentityTracking; unsigned long ImpersonationType; unsigned long
// AdditionalSecurityInfoType; union { RPC_HTTP_TRANSPORT_CREDENTIALS_A *HttpCredentials; } u; void *Sid; unsigned int
// EffectiveOnly; } RPC_SECURITY_QOS_V4_A, *PRPC_SECURITY_QOS_V4_A;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_SECURITY_QOS_V4_A")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct RPC_SECURITY_QOS_V4
{
///
/// Version of the RPC_SECURITY_QOS structure being used. This topic documents version 1 of the RPC_SECURITY_QOS
/// structure. See RPC_SECURITY_QOS_V2, RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4 and RPC_SECURITY_QOS_V5 for other versions.
///
public uint Version;
///
///
/// Security services being provided to the application. Capabilities is a set of flags that can be combined using the bitwise
/// OR operator.
///
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_QOS_CAPABILITIES_DEFAULT
/// Used when no provider-specific capabilities are needed.
///
/// -
/// RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH
///
/// Specifying this flag causes the RPC run time to request mutual authentication from the security provider. Some security
/// providers do not support mutual authentication. If the security provider does not support mutual authentication, or the
/// identity of the server cannot be established, a remote procedure call to such server fails with error RPC_S_SEC_PKG_ERROR.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_MAKE_FULLSIC
/// Not currently implemented.
///
/// -
/// RPC_C_QOS_CAPABILITIES_ANY_AUTHORITY
///
/// Accepts the client's credentials even if the certificate authority (CA) is not in the server's list of trusted CAs. This
/// constant is used only by the SCHANNEL SSP.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE
///
/// When specified, this flag directs the RPC runtime on the client to ignore an error to establish a security context that
/// supports delegation. Normally, if the client asks for delegation and the security system cannot establish a security context
/// that supports delegation, error RPC_S_SEC_PKG_ERROR is returned; when this flag is specified, no error is returned.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT
///
/// This flag specifies to RPC that the server is local to the machine making the RPC call. In this situation RPC instructs the
/// endpoint mapper to pick up only endpoints registered by the principal specified in the ServerPrincName or Sid members (these
/// members are available in RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4, and RPC_SECURITY_QOS_V5 only). See Remarks for more information.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY
///
/// If set, the RPC runtime uses the SChannel SSP to perform smartcard-based authentication without displaying a PIN prompt
/// dialog box by the cryptographic services provider (CSP). In the call to RpcBindingSetAuthInfoEx, the AuthIdentity parameter
/// must be a SEC_WINNT_AUTH_IDENTITY structure whose members contain the following: If the
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY flag is used for any SSP other than SChannel, or if the members of
/// SEC_WINNT_AUTH_IDENTITY do not conform to the above, RPC_S_INVALID_ARG will be returned by RpcBindingSetAuthInfoEx.
///
///
///
///
public RPC_C_QOS_CAPABILITIES Capabilities;
///
/// Sets the context tracking mode. Should be set to one of the values shown in the following table.
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_QOS_IDENTITY_STATIC
///
/// Security context is created only once and is never revised during the entire communication, even if the client side changes
/// it. This is the default behavior if RPC_SECURITY_QOS is not specified.
///
///
/// -
/// RPC_C_QOS_IDENTITY_DYNAMIC
///
/// Context is revised whenever the ModifiedId in the client's token is changed. All protocols use the ModifiedId (see note).
/// Windows 2000: All remote protocols (all protocols other than ncalrpc) use the AuthenticationID, also known as the LogonId,
/// to track changes in the client's identity. The ncalrpc protocol uses ModifiedId.
///
///
///
///
public RPC_C_QOS_IDENTITY IdentityTracking;
///
/// Level at which the server process can impersonate the client.
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_IMP_LEVEL_DEFAULT
/// Uses the default impersonation level.
///
/// -
/// RPC_C_IMP_LEVEL_ANONYMOUS
///
/// Client does not provide identification information to the server. The server cannot impersonate the client or identify the
/// client. Many servers reject calls with this impersonation type.
///
///
/// -
/// RPC_C_IMP_LEVEL_IDENTIFY
///
/// Server can obtain the client's identity, and impersonate the client to perform Access Control List (ACL) checks, but cannot
/// impersonate the client. See Impersonation Levels for more information.
///
///
/// -
/// RPC_C_IMP_LEVEL_IMPERSONATE
/// Server can impersonate the client's security context on its local system, but not on remote systems.
///
/// -
/// RPC_C_IMP_LEVEL_DELEGATE
///
/// The server can impersonate the client's security context while acting on behalf of the client. The server can also make
/// outgoing calls to other servers while acting on behalf of the client. The server may use the client's security context on
/// other machines to access local and remote resources as the client.
///
///
///
///
public RPC_C_IMP_LEVEL ImpersonationType;
///
/// Specifies the type of additional credentials present in the u union. The following constants are supported:
///
///
/// Supported Constants
/// Meaning
///
/// -
/// 0
/// No additional credentials are passed in the u union.
///
/// -
/// RPC_C_AUTHN_INFO_TYPE_HTTP
///
/// The HttpCredentials member of the u union points to a RPC_HTTP_TRANSPORT_CREDENTIALS structure. This value can be used only
/// when the protocol sequence is ncacn_http. Any other protocol sequence returns RPC_S_INVALID_ARG.
///
///
///
///
public RPC_C_AUTHN_INFO_TYPE AdditionalSecurityInfoType;
///
/// Additional set of credentials to pass to RPC, in the form of an RPC_HTTP_TRANSPORT_CREDENTIALS structure. Used when the
/// AdditionalSecurityInfoType member is set to RPC_C_AUTHN_INFO_TYPE_HTTP.
///
public IntPtr u;
///
/// Points to a security identifier (SID). The SID is an alternative to the ServerPrincName member, and only one can be
/// specified. The Sid member cannot be set to non- NULL if the security provider is the SCHANNEL SSP. Some
/// protocol sequences use Sid internally for security, and some use a ServerPrincName. For example, ncalrpc uses
/// a Sid internally, and if the caller knows both the SID and the ServerPrincName, a call using ncalrpc
/// can complete much faster in some cases if the SID is passed. In contrast, the ncacn_ and ncadg_ protocol
/// sequences use a ServerPrincName internally, and therefore can execute calls faster when provided the ServerPrincName.
///
public PSID Sid;
/// If set, only enabled privileges are seen by the server.
[MarshalAs(UnmanagedType.Bool)]
public bool EffectiveOnly;
}
///
/// The RPC_SECURITY_QOS_V5 structure defines version 5 security quality-of-service settings on a binding handle. See Remarks
/// for version availability on Windows editions.
///
///
/// The following listing defines the availability of QOS versions on various Windows operating systems:
///
/// -
/// Version 1: Windows 2000 and later.
///
/// -
/// Version 2: Windows XP with Service Pack 1 (SP1) and later.
///
/// -
/// Version 3: Windows Server 2003 and later.
///
/// -
/// Version 4: Windows Vista and later.
///
/// -
/// Version 5: Windows 8 and later.
///
///
///
/// Windows editions support downlevel versions as well. For example, Windows Server 2003 supports version 3, but also supports
/// versions 1 and 2.
///
///
/// The client-side security functions RpcBindingInqAuthInfoEx and RpcBindingSetAuthInfo use the RPC_SECURITY_QOS structure to
/// inquire about, or to set, the security quality of service for a binding handle.
///
///
/// RPC supports the RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT hint (unsupported on Windows XP and earlier client editions, unsupported
/// on Windows 2000 and earlier server editions). This hint is used only when dynamic endpoints and mutual authentication are used.
/// Furthermore, it is not supported for the ncadg_ protocol sequences. If this flag is used for a ncadg_ protocol
/// sequence, or without using mutual authentication, RPC_S_INVALID_ARG is returned from the RpcBindingSetAuthInfoEx function call.
/// This flag is designed to prevent a Denial of Service Attack. Using this flag forces the RPC Runtime to ask the endpoint mapper
/// only for endpoints registered by the principal specified in the ServerPrincName or Sid members. This prevents an
/// attacker on the local machine from trying to trick your RPC client to connect to a spoof endpoint it has registered in the
/// endpoint mapper. Note that since the attack is local only (such as from a terminal server machine with many users), the flag
/// also works only for RPC calls made locally.
///
///
/// Note Some security providers, such as Kerberos, support delegation-impersonation type. On Windows editions that support
/// delegation-impersonation type, if the client has asked for delegation but the security provider is unable to provide it, the
/// call fails with PRC_S_SEC_PKG_ERROR unless the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag is specified.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_security_qos_v5_a typedef struct _RPC_SECURITY_QOS_V5_A {
// unsigned long Version; unsigned long Capabilities; unsigned long IdentityTracking; unsigned long ImpersonationType; unsigned long
// AdditionalSecurityInfoType; union { RPC_HTTP_TRANSPORT_CREDENTIALS_A *HttpCredentials; } u; void *Sid; unsigned int
// EffectiveOnly; void *ServerSecurityDescriptor; } RPC_SECURITY_QOS_V5_A, *PRPC_SECURITY_QOS_V5_A;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_SECURITY_QOS_V5_A")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct RPC_SECURITY_QOS_V5
{
///
/// Version of the RPC_SECURITY_QOS structure being used. This topic documents version 1 of the RPC_SECURITY_QOS
/// structure. See RPC_SECURITY_QOS_V2, RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4 and RPC_SECURITY_QOS_V5 for other versions.
///
public uint Version;
///
///
/// Security services being provided to the application. Capabilities is a set of flags that can be combined using the bitwise
/// OR operator.
///
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_QOS_CAPABILITIES_DEFAULT
/// Used when no provider-specific capabilities are needed.
///
/// -
/// RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH
///
/// Specifying this flag causes the RPC run time to request mutual authentication from the security provider. Some security
/// providers do not support mutual authentication. If the security provider does not support mutual authentication, or the
/// identity of the server cannot be established, a remote procedure call to such server fails with error RPC_S_SEC_PKG_ERROR.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_MAKE_FULLSIC
/// Not currently implemented.
///
/// -
/// RPC_C_QOS_CAPABILITIES_ANY_AUTHORITY
///
/// Accepts the client's credentials even if the certificate authority (CA) is not in the server's list of trusted CAs. This
/// constant is used only by the SCHANNEL SSP.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE
///
/// When specified, this flag directs the RPC runtime on the client to ignore an error to establish a security context that
/// supports delegation. Normally, if the client asks for delegation and the security system cannot establish a security context
/// that supports delegation, error RPC_S_SEC_PKG_ERROR is returned; when this flag is specified, no error is returned.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT
///
/// This flag specifies to RPC that the server is local to the machine making the RPC call. In this situation RPC instructs the
/// endpoint mapper to pick up only endpoints registered by the principal specified in the ServerPrincName or Sid members (these
/// members are available in RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4, and RPC_SECURITY_QOS_V5 only). See Remarks for more information.
///
///
/// -
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY
///
/// If set, the RPC runtime uses the SChannel SSP to perform smartcard-based authentication without displaying a PIN prompt
/// dialog box by the cryptographic services provider (CSP). In the call to RpcBindingSetAuthInfoEx, the AuthIdentity parameter
/// must be a SEC_WINNT_AUTH_IDENTITY structure whose members contain the following: If the
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY flag is used for any SSP other than SChannel, or if the members of
/// SEC_WINNT_AUTH_IDENTITY do not conform to the above, RPC_S_INVALID_ARG will be returned by RpcBindingSetAuthInfoEx.
///
///
///
///
public RPC_C_QOS_CAPABILITIES Capabilities;
///
/// Sets the context tracking mode. Should be set to one of the values shown in the following table.
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_QOS_IDENTITY_STATIC
///
/// Security context is created only once and is never revised during the entire communication, even if the client side changes
/// it. This is the default behavior if RPC_SECURITY_QOS is not specified.
///
///
/// -
/// RPC_C_QOS_IDENTITY_DYNAMIC
///
/// Context is revised whenever the ModifiedId in the client's token is changed. All protocols use the ModifiedId (see note).
/// Windows 2000: All remote protocols (all protocols other than ncalrpc) use the AuthenticationID, also known as the LogonId,
/// to track changes in the client's identity. The ncalrpc protocol uses ModifiedId.
///
///
///
///
public RPC_C_QOS_IDENTITY IdentityTracking;
///
/// Level at which the server process can impersonate the client.
///
///
/// Value
/// Meaning
///
/// -
/// RPC_C_IMP_LEVEL_DEFAULT
/// Uses the default impersonation level.
///
/// -
/// RPC_C_IMP_LEVEL_ANONYMOUS
///
/// Client does not provide identification information to the server. The server cannot impersonate the client or identify the
/// client. Many servers reject calls with this impersonation type.
///
///
/// -
/// RPC_C_IMP_LEVEL_IDENTIFY
///
/// Server can obtain the client's identity, and impersonate the client to perform Access Control List (ACL) checks, but cannot
/// impersonate the client. See Impersonation Levels for more information.
///
///
/// -
/// RPC_C_IMP_LEVEL_IMPERSONATE
/// Server can impersonate the client's security context on its local system, but not on remote systems.
///
/// -
/// RPC_C_IMP_LEVEL_DELEGATE
///
/// The server can impersonate the client's security context while acting on behalf of the client. The server can also make
/// outgoing calls to other servers while acting on behalf of the client. The server may use the client's security context on
/// other machines to access local and remote resources as the client.
///
///
///
///
public RPC_C_IMP_LEVEL ImpersonationType;
///
/// Specifies the type of additional credentials present in the u union. The following constants are supported:
///
///
/// Supported Constants
/// Meaning
///
/// -
/// 0
/// No additional credentials are passed in the u union.
///
/// -
/// RPC_C_AUTHN_INFO_TYPE_HTTP
///
/// The HttpCredentials member of the u union points to a RPC_HTTP_TRANSPORT_CREDENTIALS structure. This value can be used only
/// when the protocol sequence is ncacn_http. Any other protocol sequence returns RPC_S_INVALID_ARG.
///
///
///
///
public RPC_C_AUTHN_INFO_TYPE AdditionalSecurityInfoType;
///
/// Additional set of credentials to pass to RPC, in the form of an RPC_HTTP_TRANSPORT_CREDENTIALS structure. Used when the
/// AdditionalSecurityInfoType member is set to RPC_C_AUTHN_INFO_TYPE_HTTP.
///
public IntPtr u;
///
/// Points to a security identifier (SID). The SID is an alternative to the ServerPrincName member, and only one can be
/// specified. The Sid member cannot be set to non- NULL if the security provider is the SCHANNEL SSP. Some
/// protocol sequences use Sid internally for security, and some use a ServerPrincName. For example, ncalrpc uses
/// a Sid internally, and if the caller knows both the SID and the ServerPrincName, a call using ncalrpc
/// can complete much faster in some cases if the SID is passed. In contrast, the ncacn_ and ncadg_ protocol
/// sequences use a ServerPrincName internally, and therefore can execute calls faster when provided the ServerPrincName.
///
public PSID Sid;
/// If set, only enabled privileges are seen by the server.
[MarshalAs(UnmanagedType.Bool)]
public bool EffectiveOnly;
/// A pointer to the SECURITY_DESCRIPTOR that identifies the server. It is required for mutual authentication.
public PSECURITY_DESCRIPTOR ServerSecurityDescriptor;
}
/// The RPC_STATS_VECTOR structure contains statistics from the RPC run-time library on a per-server basis.
///
/// The statistics vector contains a count member ( Count), followed by an array of statistics. To obtain run-time
/// statistics, an application calls RpcMgmtInqStats. The RPC run-time library allocates memory for the statistics vector. The
/// application calls RpcMgmtStatsVectorFree to free the statistics vector.
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_stats_vector typedef struct { unsigned int Count;
// unsigned long Stats[1]; } RPC_STATS_VECTOR;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce.__unnamed_struct_0")]
[VanaraMarshaler(typeof(SafeAnysizeStructMarshaler), nameof(Count))]
[StructLayout(LayoutKind.Sequential)]
public struct RPC_STATS_VECTOR
{
/// Number of statistics values present in the array Stats.
public uint Count;
///
///
/// Array of unsigned long integers representing server statistics that contains Count elements. Each array element
/// contains an unsigned long value from the following list.
///
///
///
/// Constant
/// Meaning
///
/// -
/// RPC_C_STATS_CALLS_IN
/// The number of remote procedure calls received by the server.
///
/// -
/// RPC_C_STATS_CALLS_OUT
/// The number of remote procedure calls initiated by the server.
///
/// -
/// RPC_C_STATS_PKTS_IN
/// The number of network packets received by the server.
///
/// -
/// RPC_C_STATS_PKTS_OUT
/// The number of network packets sent by the server.
///
///
///
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public uint[] Stats;
}
/// Allows you to pass a particular user name and password to the run-time library for the purpose of authentication.
///
/// When this structure is used with RPC, the structure must remain valid for the lifetime of the binding handle.
/// The strings may be ANSI or Unicode, depending on the value you assign to the Flags member.
///
// https://docs.microsoft.com/en-us/windows/win32/api/sspi/ns-sspi-sec_winnt_auth_identity_w typedef struct
// _SEC_WINNT_AUTH_IDENTITY_W { unsigned short *User; unsigned long UserLength; unsigned short *Domain; unsigned long DomainLength;
// unsigned short *Password; unsigned long PasswordLength; unsigned long Flags; } SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W;
[PInvokeData("sspi.h", MSDNShortId = "NS:sspi._SEC_WINNT_AUTH_IDENTITY_W")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct SEC_WINNT_AUTH_IDENTITY
{
/// A string that contains the user name.
[MarshalAs(UnmanagedType.LPTStr)]
public string User;
/// The length, in characters, of the user string, not including the terminating null character.
public uint UserLength;
/// A string that contains the domain name or the workgroup name.
[MarshalAs(UnmanagedType.LPTStr)]
public string Domain;
/// The length, in characters, of the domain string, not including the terminating null character.
public uint DomainLength;
///
/// A string that contains the password of the user in the domain or workgroup. When you have finished using the password,
/// remove the sensitive information from memory by calling SecureZeroMemory. For more information about protecting the
/// password, see Handling Passwords.
///
[MarshalAs(UnmanagedType.LPTStr)]
public string Password;
/// The length, in characters, of the password string, not including the terminating null character.
public uint PasswordLength;
///
/// This member can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// SEC_WINNT_AUTH_IDENTITY_ANSI
/// The strings in this structure are in ANSI format.
///
/// -
/// SEC_WINNT_AUTH_IDENTITY_UNICODE
/// The strings in this structure are in Unicode format.
///
///
///
public SEC_WINNT_AUTH_IDENTITY_CHARSET Flags;
/// Gets the default value of the instance and sets to the value defined by the runtime.
public static readonly SEC_WINNT_AUTH_IDENTITY Default = new SEC_WINNT_AUTH_IDENTITY { Flags = OsCharSet };
/// Initializes a new instance of the struct.
/// The user name.
/// The domain name or the workgroup name.
/// The password of the user in the domain or workgroup.
public SEC_WINNT_AUTH_IDENTITY(string user, string domain, string password = null)
{
User = user;
UserLength = (uint)(user?.Length ?? 0);
Domain = domain;
DomainLength = (uint)(domain?.Length ?? 0);
Password = password;
PasswordLength = (uint)(password?.Length ?? 0);
Flags = OsCharSet;
}
private static readonly SEC_WINNT_AUTH_IDENTITY_CHARSET OsCharSet = Vanara.Extensions.StringHelper.GetCharSize() == 1 ? SEC_WINNT_AUTH_IDENTITY_CHARSET.SEC_WINNT_AUTH_IDENTITY_ANSI : SEC_WINNT_AUTH_IDENTITY_CHARSET.SEC_WINNT_AUTH_IDENTITY_UNICODE;
}
/// The UUID_VECTOR structure contains a list of UUIDs.
///
///
/// The UUID vector contains a count member containing the total number of UUID s in the vector, followed by an array of
/// pointers to UUID s.
///
/// An application constructs a UUID vector to contain object UUID s to be exported or unexported from the name service.
///
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-uuid_vector typedef struct _UUID_VECTOR { unsigned long
// Count; UUID *Uuid[1]; } UUID_VECTOR;
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._UUID_VECTOR")]
[StructLayout(LayoutKind.Sequential)]
public struct UUID_VECTOR : IArrayStruct
{
/// Number of UUIDs present in the array Uuid.
public uint Count;
/// Array of pointers to UUIDs that contains Count elements.
public IntPtr Uuid;
}
///
/// Provides a for that is disposed using .
///
public class SafeRPC_BINDING_HANDLE : SafeHANDLE
{
/// Initializes a new instance of the class and assigns an existing handle.
/// An object that represents the pre-existing handle to use.
///
/// to reliably release the handle during the finalization phase; otherwise, (not recommended).
///
public SafeRPC_BINDING_HANDLE(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { }
/// Initializes a new instance of the class.
private SafeRPC_BINDING_HANDLE() : base() { }
/// Performs an implicit conversion from to .
/// The safe handle instance.
/// The result of the conversion.
public static implicit operator RPC_BINDING_HANDLE(SafeRPC_BINDING_HANDLE h) => h.handle;
///
protected override bool InternalReleaseHandle()
{
RPC_BINDING_HANDLE hrb = handle;
return RpcBindingFree(ref hrb).Succeeded;
}
}
}
}