using static Vanara.PInvoke.AdvApi32;
using static Vanara.PInvoke.Secur32;
namespace Vanara.PInvoke;
/// Functions and definitions from CredUI.dll
public static partial class CredUI
{
/// The credential is a certificate.
public static readonly Guid SEC_WINNT_AUTH_DATA_TYPE_CERT = new("{0x235f69ad, 0x73fb, 0x4dbc, { 0x82, 0x3, 0x6, 0x29, 0xe7, 0x39, 0x33, 0x9b } }");
/// The credential is authentication data from a cryptographic service provider (CSP).
public static readonly Guid SEC_WINNT_AUTH_DATA_TYPE_CSP_DATA = new("{0x68fd9879, 0x79c, 0x4dfe, { 0x82, 0x81, 0x57, 0x8a, 0xad, 0xc1, 0xc1, 0x0 } }");
/// The credential is a password.
public static readonly Guid SEC_WINNT_AUTH_DATA_TYPE_PASSWORD = new("{0x28bfc32f, 0x10f6, 0x4738, { 0x98, 0xd1, 0x1a, 0xc0, 0x61, 0xdf, 0x71, 0x6a } }");
/// Flags that determine the behavior of this function.
[Flags]
public enum SSPIPFC
{
///
/// The value of the pfSave parameter is ignored, and the credentials collected by this function are not saved.
///
/// Windows 7 and Windows Server 2008 R2: The value of the pfSave parameter is ignored, and the credentials collected by this
/// function are not saved. Only the name of this possible value was SSPIPFC_SAVE_CRED_BY_CALLER.
///
///
SSPIPFC_CREDPROV_DO_NOT_SAVE = 0x00000001,
///
/// The value signifies that password and smart card credential providers will not display the "Remember my credentials" checkbox
/// to the user. The SspiPromptForCredentials function passes this flag value, SSPIPFC_NO_CHECKBOX, in the pvInAuthBuffer
/// parameter of CredUIPromptForWindowsCredentials function.
///
SSPIPFC_NO_CHECKBOX = 0x00000002,
}
/// Retrieves context information from a credential provider.
///
/// A pointer to a SEC_WINNT_CREDUI_CONTEXT structure retrieved during a previous call to the SspiUnmarshalCredUIContext function.
///
/// The type of credential specified by the ContextHandle parameter.
///
/// The logon ID associated with the credential specified by the ContextHandle parameter. The caller must be running as LocalSystem
/// to specify a logon ID.
///
///
/// A pointer to a SEC_WINNT_CREDUI_CONTEXT_VECTOR structure that specifies the offset and size of the data in the structure
/// specified by the ContextHandle parameter.
///
/// A handle to the specified user's token.
/// If the function succeeds, it returns SEC_E_OK. If the function fails, it returns a nonzero error code.
[DllImport(Lib.CredUI, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sspi.h")]
public static extern Win32Error SspiGetCredUIContext(PSEC_WINNT_CREDUI_CONTEXT ContextHandle, in Guid CredType, LUID LogonId, out PSEC_WINNT_CREDUI_CONTEXT_VECTOR CredUIContexts, out SafeHTOKEN TokenHandle);
///
/// Indicates whether an error returned after a call to either the InitializeSecurityContext or the AcceptSecurityContext function
/// requires an additional call to the SspiPromptForCredentials function.
///
/// The error to test.
///
/// TRUE if the error specified by the ErrorOrNtStatus parameter indicates that an additional call to SspiPromptForCredentials is
/// necessary; otherwise, FALSE.
///
[DllImport(Lib.CredUI, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sspi.h")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SspiIsPromptingNeeded(uint ErrorOrNtStatus);
/// Allows a Security Support Provider Interface (SSPI) application to prompt a user to enter credentials.
/// The name of the target to use.
///
/// A pointer to a CREDUI_INFO structure that contains information for customizing the appearance of the dialog box that this
/// function displays.
///
/// If the hwndParent member of the CREDUI_INFO structure is not NULL, this function displays a modal dialog box centered on the
/// parent window.
///
/// If the hwndParent member of the CREDUI_INFO structure is NULL, the function displays a dialog box centered on the screen.
/// This function ignores the hbmBanner member of the CREDUI_INFO structure.
///
///
/// A Windows error code, defined in Winerror.h, that is displayed in the dialog box. If credentials previously collected were not
/// valid, the caller uses this parameter to pass the error message from the API that collected the credentials (for example,
/// Winlogon) to this function. The corresponding error message is formatted and displayed in the dialog box. Set the value of this
/// parameter to zero to display no error message.
///
/// The name of the security package to use.
///
/// An identity structure that is used to populate credential fields in the dialog box. To leave the credential fields empty, set the
/// value of this parameter to NULL.
///
///
/// An identity structure that represents the credentials this function collects. When you have finished using this structure, free
/// it by calling the SspiFreeAuthIdentity function.
///
///
/// A pointer to a Boolean value that, on input, specifies whether the Save check box is selected in the dialog box that this
/// function displays. On output, the value of this parameter specifies whether the Save check box was selected when the user clicked
/// the Submit button in the dialog box. Set this parameter to NULL to ignore the Save check box.
/// This parameter is ignored if the CREDUIWIN_CHECKBOX flag is not set in the dwFlags parameter.
///
/// Flags that determine the behavior of this function.
/// If the function succeeds, it returns SEC_E_OK. If the function fails, it returns a nonzero error code.
[DllImport(Lib.CredUI, SetLastError = false, CharSet = CharSet.Auto)]
[PInvokeData("Sspi.h")]
public static extern Win32Error SspiPromptForCredentials(string pszTargetName, in CREDUI_INFO pUiInfo, uint dwAuthError, string pszPackage,
[Optional] PSEC_WINNT_AUTH_IDENTITY_OPAQUE pInputAuthIdentity, out SafePSEC_WINNT_AUTH_IDENTITY_OPAQUE ppAuthIdentity, ref bool pfSave, SSPIPFC dwFlags);
///
/// Deserializes credential information obtained by a credential provider during a previous call to the
/// ICredentialProvider::SetSerialization method.
///
///
/// The serialized credential information obtained as the rgbSerialization member of the CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION
/// structure retrieved from a call to the ICredentialProvider::SetSerialization method.
///
/// The size, in bytes, of the MarshaledCredUIContext buffer.
/// A pointer to a SEC_WINNT_CREDUI_CONTEXT structure that specifies the deserialized credential information.
///
[DllImport(Lib.CredUI, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sspi.h")]
public static extern Win32Error SspiUnmarshalCredUIContext([MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 1)] byte[] MarshaledCredUIContext, uint MarshaledCredUIContextLength, out PSEC_WINNT_CREDUI_CONTEXT CredUIContext);
/// Updates the credentials associated with the specified context.
///
/// A pointer to a SEC_WINNT_CREDUI_CONTEXT structure retrieved during a previous call to the SspiUnmarshalCredUIContext function.
///
/// The type of credential specified by the ContextHandle parameter.
/// The size, in bytes, of the FlatCredUIContext buffer.
/// The values with which to update the specified credentials.
/// If the function succeeds, it returns SEC_E_OK. If the function fails, it returns a nonzero error code.
[DllImport(Lib.CredUI, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sspi.h")]
public static extern Win32Error SspiUpdateCredentials(IntPtr ContextHandle, in Guid CredType, uint FlatCredUIContextLength, [MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 2)] byte[] FlatCredUIContext);
///
/// Specifies unserialized credential information. The credential information can be serialized by passing it as the rgbSerialization
/// member of a CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION structure in a call to the ICredentialProvider::SetSerialization method.
/// The unserialized information can be obtained by calling the SspiUnmarshalCredUIContext function.
///
[StructLayout(LayoutKind.Sequential)]
public class PSEC_WINNT_CREDUI_CONTEXT
{
/// The size, in bytes, of the header.
public ushort cbHeaderLength;
/// A handle to the credential context.
public IntPtr CredUIContextHandle;
///
/// Specifies why prompting for credentials is needed. A caller can pass this Windows error parameter, returned by another
/// authentication call, to allow the dialog box to accommodate certain errors. For example, if the password expired status code
/// is passed, the dialog box prompts the user to change the password on the account.
///
public Win32Error dwAuthError;
/// The opaque authentication identity data. SEC_WINNT_AUTH_IDENTITY_OPAQUE.
public IntPtr pInputAuthIdentity;
/// The name of the target.
public StrPtrUni TargetName;
/// A pointer to a CREDUI_INFO structure that specifies information for the credential prompt dialog box.
public IntPtr UIInfo;
}
/// Specifies the offset and size of the credential context data in a SEC_WINNT_CREDUI_CONTEXT structure.
[StructLayout(LayoutKind.Sequential)]
public class PSEC_WINNT_CREDUI_CONTEXT_VECTOR
{
/// The number of bytes from the beginning of the structure to the context data.
public uint CredUIContextArrayOffset;
/// The size, in bytes, of the context data.
public ushort CredUIContextCount;
}
}