sean-m
/
Vanara
mirror of https://github.com/dahall/Vanara.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Vanara/PInvoke/Security/Authz/Authz.cs

2045 lines
105 KiB
C#
Raw Blame History

using System;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security;
using Vanara.Extensions;
using Vanara.InteropServices;
using static Vanara.PInvoke.AdvApi32;
namespace Vanara.PInvoke
{
/// <summary>Platform invokable enumerated types, constants and functions from authz.h</summary>
public static partial class Authz
{
/// <summary>
/// The AuthzAccessCheckCallback function is an application-defined function that handles callback access control entries (ACEs)
/// during an access check. AuthzAccessCheckCallback is a placeholder for the application-defined function name. The application
/// registers this callback by calling AuthzInitializeResourceManager.
/// </summary>
/// <param name="hAuthzClientContext">A handle to a client context.</param>
/// <param name="pAce">A pointer to the ACE to evaluate for inclusion in the call to the AuthzAccessCheck function.</param>
/// <param name="pArgs">Data passed in the DynamicGroupArgs parameter of the call to AuthzAccessCheck or AuthzCachedAccessCheck.</param>
/// <param name="pbAceApplicable">
/// A pointer to a Boolean variable that receives the results of the evaluation of the logic defined by the application.
/// <para>
/// The results are TRUE if the logic determines that the ACE is applicable and will be included in the call to AuthzAccessCheck;
/// otherwise, the results are FALSE.
/// </para>
/// </param>
/// <returns>
/// If the function succeeds, the function returns TRUE.
/// <para>
/// If the function is unable to perform the evaluation, it returns FALSE. Use SetLastError to return an error to the access check function.
/// </para>
/// </returns>
[UnmanagedFunctionPointer(CallingConvention.Winapi, SetLastError = true, CharSet = CharSet.Unicode)]
[SuppressUnmanagedCodeSecurity]
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool AuthzAccessCheckCallback(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, ref ACE_HEADER pAce, IntPtr pArgs, [MarshalAs(UnmanagedType.Bool)] ref bool pbAceApplicable);
/// <summary>
/// The AuthzComputeGroupsCallback function is an application-defined function that creates a list of security identifiers (SIDs)
/// that apply to a client. AuthzComputeGroupsCallback is a placeholder for the application-defined function name.
/// </summary>
/// <param name="hAuthzClientContext">A handle to a client context.</param>
/// <param name="Args">
/// Data passed in the DynamicGroupArgs parameter of a call to the AuthzInitializeContextFromAuthzContext,
/// AuthzInitializeContextFromSid, or AuthzInitializeContextFromToken function.
/// </param>
/// <param name="pSidAttrArray">
/// A pointer to a pointer variable that receives the address of an array of SID_AND_ATTRIBUTES structures. These structures
/// represent the groups to which the client belongs.
/// </param>
/// <param name="pSidCount">The number of structures in pSidAttrArray.</param>
/// <param name="pRestrictedSidAttrArray">
/// A pointer to a pointer variable that receives the address of an array of SID_AND_ATTRIBUTES structures. These structures
/// represent the groups from which the client is restricted.
/// </param>
/// <param name="pRestrictedSidCount">The number of structures in pSidRestrictedAttrArray.</param>
/// <returns>
/// If the function successfully returns a list of SIDs, the return value is TRUE.
/// <para>If the function fails, the return value is FALSE.</para>
/// </returns>
[UnmanagedFunctionPointer(CallingConvention.Winapi, SetLastError = true, CharSet = CharSet.Unicode)]
[SuppressUnmanagedCodeSecurity]
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool AuthzComputeGroupsCallback(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, IntPtr Args, ref SID_AND_ATTRIBUTES pSidAttrArray, out uint pSidCount, out SID_AND_ATTRIBUTES pRestrictedSidAttrArray, out uint pRestrictedSidCount);
/// <summary>
/// The AuthzFreeGroupsCallback function is an application-defined function that frees memory allocated by the
/// AuthzComputeGroupsCallback function. AuthzFreeGroupsCallback is a placeholder for the application-defined function name.
/// </summary>
/// <param name="pSidAttrArray">A pointer to memory allocated by AuthzComputeGroupsCallback.</param>
[UnmanagedFunctionPointer(CallingConvention.Winapi, SetLastError = true, CharSet = CharSet.Unicode)]
[SuppressUnmanagedCodeSecurity]
public delegate void AuthzFreeGroupsCallback(ref SID_AND_ATTRIBUTES pSidAttrArray);
/// <summary>
/// <para>
/// The <c>AUTHZ_CONTEXT_INFORMATION_CLASS</c> enumeration specifies the type of information to be retrieved from an existing
/// AuthzClientContext. This enumeration is used by the AuthzGetInformationFromContext function.
/// </para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ne-authz-_authz_context_information_class typedef enum
// _AUTHZ_CONTEXT_INFORMATION_CLASS { AuthzContextInfoUserSid , AuthzContextInfoGroupsSids , AuthzContextInfoRestrictedSids ,
// AuthzContextInfoPrivileges , AuthzContextInfoExpirationTime , AuthzContextInfoServerContext , AuthzContextInfoIdentifier ,
// AuthzContextInfoSource , AuthzContextInfoAll , AuthzContextInfoAuthenticationId , AuthzContextInfoSecurityAttributes ,
// AuthzContextInfoDeviceSids , AuthzContextInfoUserClaims , AuthzContextInfoDeviceClaims , AuthzContextInfoAppContainerSid ,
// AuthzContextInfoCapabilitySids } AUTHZ_CONTEXT_INFORMATION_CLASS;
[PInvokeData("authz.h", MSDNShortId = "5eb752dc-17f7-4510-8aef-d18280322e76")]
public enum AUTHZ_CONTEXT_INFORMATION_CLASS
{
/// <summary>Retrieves a TOKEN_USER structure that contains a user security identifier (SID) and its attribute.</summary>
[CorrespondingType(typeof(TOKEN_USER))]
AuthzContextInfoUserSid = 1,
/// <summary>Retrieves a TOKEN_GROUPS structure that contains the group SIDs to which the user belongs and their attributes.</summary>
[CorrespondingType(typeof(TOKEN_GROUPS))]
AuthzContextInfoGroupsSids,
/// <summary>Retrieves a TOKEN_GROUPS structure that contains the restricted group SIDs in the context and their attributes.</summary>
[CorrespondingType(typeof(TOKEN_GROUPS))]
AuthzContextInfoRestrictedSids,
/// <summary>Retrieves a TOKEN_PRIVILEGES structure that contains the privileges held by the user.</summary>
[CorrespondingType(typeof(PTOKEN_PRIVILEGES))]
AuthzContextInfoPrivileges,
/// <summary>Retrieves the expiration time set on the context.</summary>
[CorrespondingType(typeof(long))]
AuthzContextInfoExpirationTime,
/// <summary>This constant is reserved. Do not use it.</summary>
AuthzContextInfoServerContext,
/// <summary>Retrieves an LUID structures used by the resource manager to identify the context.</summary>
[CorrespondingType(typeof(LUID))]
AuthzContextInfoIdentifier,
/// <summary>This constant is reserved. Do not use it.</summary>
AuthzContextInfoSource,
/// <summary>This constant is reserved. Do not use it.</summary>
AuthzContextInfoAll,
/// <summary>This constant is reserved. Do not use it.</summary>
AuthzContextInfoAuthenticationId,
/// <summary>
/// Retrieves an AUTHZ_SECURITY_ATTRIBUTES_INFORMATION structure that contains security attributes.
/// <para><c>Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:</c> This value is not supported.</para>
/// </summary>
[CorrespondingType(typeof(AUTHZ_SECURITY_ATTRIBUTES_INFORMATION))]
AuthzContextInfoSecurityAttributes,
/// <summary>
/// Retrieves a TOKEN_GROUPS structure that contains device SIDs and their attributes.
/// <para>
/// <c>Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:</c> This value
/// is not supported.
/// </para>
/// </summary>
[CorrespondingType(typeof(TOKEN_GROUPS))]
AuthzContextInfoDeviceSids,
/// <summary>
/// Retrieves a AUTHZ_SECURITY_ATTRIBUTES_INFORMATION structure that contains user claims.
/// <para>
/// <c>Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:</c> This value
/// is not supported.
/// </para>
/// </summary>
[CorrespondingType(typeof(AUTHZ_SECURITY_ATTRIBUTES_INFORMATION))]
AuthzContextInfoUserClaims,
/// <summary>
/// Retrieves a AUTHZ_SECURITY_ATTRIBUTES_INFORMATION structure that contains device claims.
/// <para>
/// <c>Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:</c> This value
/// is not supported.
/// </para>
/// </summary>
[CorrespondingType(typeof(AUTHZ_SECURITY_ATTRIBUTES_INFORMATION))]
AuthzContextInfoDeviceClaims,
/// <summary>
/// Retrieves a TOKEN_APPCONTAINER_INFORMATION structure that contains the app container SID.
/// <para>
/// <c>Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:</c> This value
/// is not supported.
/// </para>
/// </summary>
[CorrespondingType(typeof(TOKEN_APPCONTAINER_INFORMATION))]
AuthzContextInfoAppContainerSid,
/// <summary>
/// Retrieves a TOKEN_GROUPS structure that contains capability SIDs.
/// <para>
/// <c>Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:</c> This value
/// is not supported.
/// </para>
/// </summary>
[CorrespondingType(typeof(TOKEN_GROUPS))]
AuthzContextInfoCapabilitySids,
}
/// <summary>Used by the <see cref="AUTHZ_SECURITY_ATTRIBUTE_V1"/> structure.</summary>
[PInvokeData("authz.h")]
public enum AUTHZ_SECURITY_ATTRIBUTE_DATATYPE : ushort
{
/// <summary>Invalid value.</summary>
AUTHZ_SECURITY_ATTRIBUTE_TYPE_INVALID = 0x00,
/// <summary>The Values member refers to a security attribute that is of INT64 type.</summary>
AUTHZ_SECURITY_ATTRIBUTE_TYPE_INT64 = 0x01,
/// <summary>The Values member refers to a security attribute that is of UINT64 type.</summary>
AUTHZ_SECURITY_ATTRIBUTE_TYPE_UINT64 = 0x02,
/// <summary>The Values member refers to a security attribute that is of STRING type.</summary>
AUTHZ_SECURITY_ATTRIBUTE_TYPE_STRING = 0x03,
/// <summary>The Values member refers to a security attribute that is of AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN type.</summary>
AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN = 0x04,
/// <summary>
/// The Values member refers to a security attribute that is of AUTHZ_SECURITY_ATTRIBUTE_TYPE_SID type.
/// <para><c>Windows Server 2008 R2 and Windows 7:</c> This value type is not available.</para>
/// </summary>
AUTHZ_SECURITY_ATTRIBUTE_TYPE_SID = 0x05,
/// <summary>
/// The Values member refers to a security attribute that is of AUTHZ_SECURITY_ATTRIBUTE_TYPE_BOOLEAN type.
/// <para><c>Windows Server 2008 R2 and Windows 7:</c> This value type is not available.</para>
/// </summary>
AUTHZ_SECURITY_ATTRIBUTE_TYPE_BOOLEAN = 0x06,
/// <summary>The Values member refers to a security attribute that is of AUTHZ_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING type.</summary>
AUTHZ_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING = 0x10
}
/// <summary>Used by the <see cref="AUTHZ_SECURITY_ATTRIBUTE_V1"/> structure.</summary>
[PInvokeData("authz.h")]
public enum AUTHZ_SECURITY_ATTRIBUTE_FLAGS
{
/// <summary>No flags specified.</summary>
NONE = 0,
/// <summary>This security attribute is not inherited across processes.</summary>
AUTHZ_SECURITY_ATTRIBUTE_NON_INHERITABLE = 1,
/// <summary>The value of the attribute is case sensitive. This flag is valid for values that contain string types.</summary>
AUTHZ_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE = 2
}
/// <summary>
/// The AUTHZ_SECURITY_ATTRIBUTE_OPERATION enumeration indicates the type of modification to be made to security attributes by a call
/// to the AuthzModifySecurityAttributes function.
/// </summary>
/// <summary>
/// <para>
/// The <c>AUTHZ_SECURITY_ATTRIBUTE_OPERATION</c> enumeration indicates the type of modification to be made to security attributes by
/// a call to the AuthzModifySecurityAttributes function.
/// </para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ne-authz-authz_security_attribute_operation typedef enum
// AUTHZ_SECURITY_ATTRIBUTE_OPERATION { AUTHZ_SECURITY_ATTRIBUTE_OPERATION_NONE , AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE_ALL ,
// AUTHZ_SECURITY_ATTRIBUTE_OPERATION_ADD , AUTHZ_SECURITY_ATTRIBUTE_OPERATION_DELETE , AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE } *PAUTHZ_SECURITY_ATTRIBUTE_OPERATION;
[PInvokeData("authz.h", MSDNShortId = "c1716cdb-87f9-47d6-bfc3-ae6cc043e917")]
public enum AUTHZ_SECURITY_ATTRIBUTE_OPERATION
{
/// <summary>Do not perform any modification.</summary>
AUTHZ_SECURITY_ATTRIBUTE_OPERATION_NONE = 0,
/// <summary>
/// Delete all existing security attributes and their values in the token and replace them with the specified attributes and values.
/// <para>If no new attributes are specified, all existing attributes and values are deleted.</para>
/// <para>
/// This operation must be the only operation specified and can be specified only once in a single call to
/// AuthzModifySecurityAttributes. If the operation is not specified as the first in the list of operations, the call to
/// AuthzModifySecurityAttributes fails. If the operation is specified as the first in the array of operations performed, the
/// rest of the operations are ignored.
/// </para>
/// </summary>
AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE_ALL,
/// <summary>
/// Add a new attribute or a new value to an existing attribute.
/// <para>
/// If the value specified for any attribute already exists for that attribute, the call to AuthzModifySecurityAttributes fails.
/// </para>
/// </summary>
AUTHZ_SECURITY_ATTRIBUTE_OPERATION_ADD,
/// <summary>
/// Delete the specified values of the specified attributes. If an attribute is specified without a value, that attribute is deleted.
/// <para>If this operation results in an attribute that does not contain any values, that attribute is deleted.</para>
/// <para>
/// If a value is specified that does not match an existing attribute, no modifications are performed and the call to
/// AuthzModifySecurityAttributes fails.
/// </para>
/// </summary>
AUTHZ_SECURITY_ATTRIBUTE_OPERATION_DELETE,
/// <summary>
/// The existing values of the specified security attributes are replaced by the specified new values.
/// <para>If any of the specified attributes does not already exist, they are added.</para>
/// <para>
/// When no value is specified for an attribute, that attribute is deleted. Otherwise, the operation is simply ignored and no
/// failure is reported.
/// </para>
/// </summary>
AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE
}
/// <summary>
/// The AUTHZ_SID_OPERATION enumeration indicates the type of SID operations that can be made by a call to the AuthzModifySids function.
/// </summary>
/// <summary>
/// <para>
/// The <c>AUTHZ_SID_OPERATION</c> enumeration indicates the type of SID operations that can be made by a call to the AuthzModifySids function.
/// </para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ne-authz-authz_sid_operation typedef enum AUTHZ_SID_OPERATION {
// AUTHZ_SID_OPERATION_NONE , AUTHZ_SID_OPERATION_REPLACE_ALL , AUTHZ_SID_OPERATION_ADD , AUTHZ_SID_OPERATION_DELETE ,
// AUTHZ_SID_OPERATION_REPLACE } *PAUTHZ_SID_OPERATION;
[PInvokeData("authz.h", MSDNShortId = "C312BE7D-DA1B-47FE-80BA-7506B9A26E9E")]
public enum AUTHZ_SID_OPERATION
{
/// <summary>Do not modify anything.</summary>
AUTHZ_SID_OPERATION_NONE = 0,
/// <summary>
/// Deletes all existing SIDs and replaces them with the specified SIDs. If the replacement SIDs are not specified, all existing
/// SIDs are deleted. This operation can be specified only once and must be the only operation specified.
/// </summary>
AUTHZ_SID_OPERATION_REPLACE_ALL = 1,
/// <summary>Adds a new SID. If the SID already exists, the call fails.</summary>
AUTHZ_SID_OPERATION_ADD = 2,
/// <summary>Deletes the specified SID. If no matching SID is found, no modifications are done and the call fails.</summary>
AUTHZ_SID_OPERATION_DELETE = 3,
/// <summary>Replaces the existing SID with the specified SID. If the SID does not already exist, then adds the SID.</summary>
AUTHZ_SID_OPERATION_REPLACE = 4
}
/// <summary>
/// Flags used in the <see cref="AuthzAccessCheck(AuthzAccessCheckFlags, AUTHZ_CLIENT_CONTEXT_HANDLE, in AUTHZ_ACCESS_REQUEST, AUTHZ_AUDIT_EVENT_HANDLE, PSECURITY_DESCRIPTOR, SECURITY_DESCRIPTOR[], uint, AUTHZ_ACCESS_REPLY, IntPtr)"/> method.
/// </summary>
[PInvokeData("authz.h")]
[Flags]
public enum AuthzAccessCheckFlags
{
/// <summary>
/// If phAccessCheckResults is not NULL, a deep copy of the security descriptor is copied to the handle referenced by phAccessCheckResults.
/// </summary>
NONE = 0,
/// <summary>
/// A deep copy of the security descriptor is not performed. The calling application must pass the address of an
/// AUTHZ_ACCESS_CHECK_RESULTS_HANDLE handle in phAccessCheckResults. The AuthzAccessCheck function sets this handle to a
/// security descriptor that must remain valid during subsequent calls to AuthzCachedAccessCheck.
/// </summary>
AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD = 0x00000001,
}
/// <summary>Flags for the <see cref="AuthzInitializeObjectAccessAuditEvent"/> method.</summary>
[PInvokeData("authz.h")]
[Flags]
public enum AuthzAuditEventFlags
{
/// <summary>No flags set.</summary>
NONE = 0,
/// <summary>Disable generation of success audits.</summary>
AUTHZ_NO_SUCCESS_AUDIT = 0x00000001,
/// <summary>Disable generation of failure audits.</summary>
AUTHZ_NO_FAILURE_AUDIT = 0x00000002,
/// <summary>
/// Use pointers to the passed strings instead of allocating memory and copying the strings. The calling application must ensure
/// that the passed memory stays valid during access checks.
/// </summary>
AUTHZ_NO_ALLOC_STRINGS = 0x00000004,
/// <summary>Undocumented.</summary>
AUTHZ_WPD_CATEGORY_FLAG = 0x00000010,
}
/// <summary>Flags for the <see cref="Authz.AuthzInitializeContextFromSid"/> method.</summary>
[PInvokeData("authz.h")]
[Flags]
public enum AuthzContextFlags
{
/// <summary>
/// Default value.
/// <para>AuthzInitializeContextFromSid attempts to retrieve the user's token group information by performing an S4U logon.</para>
/// <para>
/// If S4U logon is not supported by the user's domain or the calling computer, AuthzInitializeContextFromSid queries the user's
/// account object for group information. When an account is queried directly, some groups that represent logon characteristics,
/// such as Network, Interactive, Anonymous, Network Service, or Local Service, are omitted. Applications can explicitly add such
/// group SIDs by implementing the AuthzComputeGroupsCallback function or calling the AuthzAddSidsToContext function.
/// </para>
/// </summary>
DEFAULT = 0,
/// <summary>
/// Causes AuthzInitializeContextFromSid to skip all group evaluations. When this flag is used, the context returned contains
/// only the SID specified by the UserSid parameter. The specified SID can be an arbitrary or application-specific SID. Other
/// SIDs can be added to this context by implementing the AuthzComputeGroupsCallback function or by calling the
/// AuthzAddSidsToContext function.
/// </summary>
AUTHZ_SKIP_TOKEN_GROUPS = 0x2,
/// <summary>
/// Causes AuthzInitializeContextFromSid to fail if Windows Services For User is not available to retrieve token group information.
/// <para><c>Windows XP:</c> This flag is not supported.</para>
/// </summary>
AUTHZ_REQUIRE_S4U_LOGON = 0x4,
/// <summary>
/// Causes AuthzInitializeContextFromSid to retrieve privileges for the new context. If this function performs an S4U logon, it
/// retrieves privileges from the token. Otherwise, the function retrieves privileges from all SIDs in the context.
/// </summary>
AUTHZ_COMPUTE_PRIVILEGES = 0x8
}
/// <summary>Flags for the <see cref="Authz.AuthzInitializeResourceManager"/> method.</summary>
[PInvokeData("authz.h")]
[Flags]
public enum AuthzResourceManagerFlags
{
/// <summary>
/// Default call to the function. The resource manager is initialized as the principal identified in the process token, and
/// auditing is in effect. Note that unless the AUTHZ_RM_FLAG_NO_AUDIT flag is set, SeAuditPrivilege must be enabled for the
/// function to succeed.
/// </summary>
DEFAULT = 0,
/// <summary>
/// Auditing is not in effect. If this flag is set, the caller does not need to have SeAuditPrivilege enabled to call this function.
/// </summary>
AUTHZ_RM_FLAG_NO_AUDIT = 0x1,
/// <summary>The resource manager is initialized as the identity of the thread token.</summary>
AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION = 0x2,
/// <summary>The resource manager ignores CAP IDs and does not evaluate centralized access policies.</summary>
AUTHZ_RM_FLAG_NO_CENTRALIZED_ACCESS_POLICIES = 0x4
}
/// <summary>
/// <para>
/// The <c>AuthzAccessCheck</c> function determines which access bits can be granted to a client for a given set of security
/// descriptors. The AUTHZ_ACCESS_REPLY structure returns an array of granted access masks and error status. Optionally, access masks
/// that will always be granted can be cached, and a handle to cached values is returned.
/// </para>
/// </summary>
/// <param name="Flags">
/// <para>
/// A <c>DWORD</c> value that specifies how the security descriptor is copied. This parameter can be one of the following values.
/// </para>
/// <para>
/// Starting with Windows 8 and Windows Server 2012, when you call this function on a remote context handle, the upper 16 bits must
/// be zero.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>0</term>
/// <term>If phAccessCheckResults is not NULL, a deep copy of the security descriptor is copied to the handle referenced by phAccessCheckResults.</term>
/// </item>
/// <item>
/// <term>AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD 1</term>
/// <term>
/// A deep copy of the security descriptor is not performed. The calling application must pass the address of an
/// AUTHZ_ACCESS_CHECK_RESULTS_HANDLE handle in phAccessCheckResults. The AuthzAccessCheck function sets this handle to a security
/// descriptor that must remain valid during subsequent calls to AuthzCachedAccessCheck.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="hAuthzClientContext">
/// <para>A handle to a structure that represents the client.</para>
/// <para>Starting with Windows 8 and Windows Server 2012, the client context can be local or remote.</para>
/// </param>
/// <param name="pRequest">
/// <para>
/// A pointer to an AUTHZ_ACCESS_REQUEST structure that specifies the desired access mask, principal self security identifier (SID),
/// and the object type list structure, if it exists.
/// </para>
/// </param>
/// <param name="hAuditEvent">
/// <para>
/// A structure that contains object-specific audit information. When the value of this parameter is not <c>null</c>, an audit is
/// automatically requested. Static audit information is read from the resource manager structure.
/// </para>
/// <para>
/// Starting with Windows 8 and Windows Server 2012, when you use this function with a remote context handle, the value of the
/// parameter must be <c>NULL</c>.
/// </para>
/// </param>
/// <param name="pSecurityDescriptor">
/// <para>
/// A pointer to a SECURITY_DESCRIPTOR structure to be used for access checks. The owner SID for the object is picked from this
/// security descriptor. A <c>NULL</c> discretionary access control list (DACL) in this security descriptor represents a <c>NULL</c>
/// DACL for the entire object. Make sure the security descriptor contains OWNER and DACL information, or an error code 87 or
/// "invalid parameter" message will be generated.
/// </para>
/// <para>
/// <c>Important</c><c>NULL</c> DACLs permit all types of access to all users; therefore, do not use <c>NULL</c> DACLs. For
/// information about creating a DACL, see Creating a DACL.
/// </para>
/// <para>A</para>
/// <para>NULL</para>
/// <para>system access control list</para>
/// <para>(SACL) in this security descriptor is treated the same way as an empty SACL.</para>
/// </param>
/// <param name="OptionalSecurityDescriptorArray">
/// <para>
/// An array of SECURITY_DESCRIPTOR structures. <c>NULL</c> access control lists (ACLs) in these security descriptors are treated as
/// empty ACLs. The ACL for the entire object is the logical concatenation of all of the ACLs.
/// </para>
/// </param>
/// <param name="OptionalSecurityDescriptorCount">
/// <para>The number of security descriptors not including the primary security descriptor.</para>
/// </param>
/// <param name="pReply">
/// <para>
/// A pointer to an AUTHZ_ACCESS_REPLY structure that contains the results of the access check. Before calling the
/// <c>AuthzAccessCheck</c> function, an application must allocate memory for the <c>GrantedAccessMask</c> and
/// <c>SaclEvaluationResults</c> members of the <c>AUTHZ_ACCESS_REPLY</c> structure referenced by pReply.
/// </para>
/// </param>
/// <param name="phAccessCheckResults">
/// <para>
/// A pointer to return a handle to the cached results of the access check. When this parameter value is not <c>null</c>, the results
/// of this access check call will be cached. This results in a MAXIMUM_ALLOWED check.
/// </para>
/// <para>
/// Starting with Windows 8 and Windows Server 2012, when you use this function with a remote context handle, the value of the
/// parameter must be <c>NULL</c>.
/// </para>
/// </param>
/// <returns>
/// <para>If the function succeeds, the function returns <c>TRUE</c>.</para>
/// <para>If the function fails, it returns <c>FALSE</c>. To get extended error information, call GetLastError.</para>
/// </returns>
/// <remarks>
/// <para>
/// The AuthzAccessCheckCallback callback function will be called if the DACL of the SECURITY_DESCRIPTOR structure pointed to by the
/// pSecurityDescriptor parameter contains a callback access control entry (ACE).
/// </para>
/// <para>
/// Security attribute variables must be present in the client context if referred to in a conditional expression, otherwise the
/// conditional expression term referencing them will evaluate to unknown. For more information, see the Security Descriptor
/// Definition Language for Conditional ACEs topic.
/// </para>
/// <para>For more information, see the How AccessCheck Works and Centralized Authorization Policy overviews.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzaccesscheck AUTHZAPI BOOL AuthzAccessCheck( DWORD Flags,
// AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, PAUTHZ_ACCESS_REQUEST pRequest, AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent,
// PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR *OptionalSecurityDescriptorArray, DWORD
// OptionalSecurityDescriptorCount, PAUTHZ_ACCESS_REPLY pReply, PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE phAccessCheckResults );
[DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)]
[PInvokeData("authz.h", MSDNShortId = "633c2a73-169c-4e0c-abb6-96c360bd63cf")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzAccessCheck(AuthzAccessCheckFlags Flags, AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, in AUTHZ_ACCESS_REQUEST pRequest,
[Optional] AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent, PSECURITY_DESCRIPTOR pSecurityDescriptor,
[Optional, MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 6)] SECURITY_DESCRIPTOR[] OptionalSecurityDescriptorArray,
uint OptionalSecurityDescriptorCount, [In, Out] AUTHZ_ACCESS_REPLY pReply, out SafeAUTHZ_ACCESS_CHECK_RESULTS_HANDLE phAccessCheckResults);
/// <summary>
/// <para>
/// The <c>AuthzAccessCheck</c> function determines which access bits can be granted to a client for a given set of security
/// descriptors. The AUTHZ_ACCESS_REPLY structure returns an array of granted access masks and error status. Optionally, access masks
/// that will always be granted can be cached, and a handle to cached values is returned.
/// </para>
/// </summary>
/// <param name="Flags">
/// <para>
/// A <c>DWORD</c> value that specifies how the security descriptor is copied. This parameter can be one of the following values.
/// </para>
/// <para>
/// Starting with Windows 8 and Windows Server 2012, when you call this function on a remote context handle, the upper 16 bits must
/// be zero.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>0</term>
/// <term>If phAccessCheckResults is not NULL, a deep copy of the security descriptor is copied to the handle referenced by phAccessCheckResults.</term>
/// </item>
/// <item>
/// <term>AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD 1</term>
/// <term>
/// A deep copy of the security descriptor is not performed. The calling application must pass the address of an
/// AUTHZ_ACCESS_CHECK_RESULTS_HANDLE handle in phAccessCheckResults. The AuthzAccessCheck function sets this handle to a security
/// descriptor that must remain valid during subsequent calls to AuthzCachedAccessCheck.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="hAuthzClientContext">
/// <para>A handle to a structure that represents the client.</para>
/// <para>Starting with Windows 8 and Windows Server 2012, the client context can be local or remote.</para>
/// </param>
/// <param name="pRequest">
/// <para>
/// A pointer to an AUTHZ_ACCESS_REQUEST structure that specifies the desired access mask, principal self security identifier (SID),
/// and the object type list structure, if it exists.
/// </para>
/// </param>
/// <param name="hAuditEvent">
/// <para>
/// A structure that contains object-specific audit information. When the value of this parameter is not <c>null</c>, an audit is
/// automatically requested. Static audit information is read from the resource manager structure.
/// </para>
/// <para>
/// Starting with Windows 8 and Windows Server 2012, when you use this function with a remote context handle, the value of the
/// parameter must be <c>NULL</c>.
/// </para>
/// </param>
/// <param name="pSecurityDescriptor">
/// <para>
/// A pointer to a SECURITY_DESCRIPTOR structure to be used for access checks. The owner SID for the object is picked from this
/// security descriptor. A <c>NULL</c> discretionary access control list (DACL) in this security descriptor represents a <c>NULL</c>
/// DACL for the entire object. Make sure the security descriptor contains OWNER and DACL information, or an error code 87 or
/// "invalid parameter" message will be generated.
/// </para>
/// <para>
/// <c>Important</c><c>NULL</c> DACLs permit all types of access to all users; therefore, do not use <c>NULL</c> DACLs. For
/// information about creating a DACL, see Creating a DACL.
/// </para>
/// <para>A</para>
/// <para>NULL</para>
/// <para>system access control list</para>
/// <para>(SACL) in this security descriptor is treated the same way as an empty SACL.</para>
/// </param>
/// <param name="OptionalSecurityDescriptorArray">
/// <para>
/// An array of SECURITY_DESCRIPTOR structures. <c>NULL</c> access control lists (ACLs) in these security descriptors are treated as
/// empty ACLs. The ACL for the entire object is the logical concatenation of all of the ACLs.
/// </para>
/// </param>
/// <param name="OptionalSecurityDescriptorCount">
/// <para>The number of security descriptors not including the primary security descriptor.</para>
/// </param>
/// <param name="pReply">
/// <para>
/// A pointer to an AUTHZ_ACCESS_REPLY structure that contains the results of the access check. Before calling the
/// <c>AuthzAccessCheck</c> function, an application must allocate memory for the <c>GrantedAccessMask</c> and
/// <c>SaclEvaluationResults</c> members of the <c>AUTHZ_ACCESS_REPLY</c> structure referenced by pReply.
/// </para>
/// </param>
/// <param name="phAccessCheckResults">
/// <para>
/// A pointer to return a handle to the cached results of the access check. When this parameter value is not <c>null</c>, the results
/// of this access check call will be cached. This results in a MAXIMUM_ALLOWED check.
/// </para>
/// <para>
/// Starting with Windows 8 and Windows Server 2012, when you use this function with a remote context handle, the value of the
/// parameter must be <c>NULL</c>.
/// </para>
/// </param>
/// <returns>
/// <para>If the function succeeds, the function returns <c>TRUE</c>.</para>
/// <para>If the function fails, it returns <c>FALSE</c>. To get extended error information, call GetLastError.</para>
/// </returns>
/// <remarks>
/// <para>
/// The AuthzAccessCheckCallback callback function will be called if the DACL of the SECURITY_DESCRIPTOR structure pointed to by the
/// pSecurityDescriptor parameter contains a callback access control entry (ACE).
/// </para>
/// <para>
/// Security attribute variables must be present in the client context if referred to in a conditional expression, otherwise the
/// conditional expression term referencing them will evaluate to unknown. For more information, see the Security Descriptor
/// Definition Language for Conditional ACEs topic.
/// </para>
/// <para>For more information, see the How AccessCheck Works and Centralized Authorization Policy overviews.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzaccesscheck AUTHZAPI BOOL AuthzAccessCheck( DWORD Flags,
// AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, PAUTHZ_ACCESS_REQUEST pRequest, AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent,
// PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR *OptionalSecurityDescriptorArray, DWORD
// OptionalSecurityDescriptorCount, PAUTHZ_ACCESS_REPLY pReply, PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE phAccessCheckResults );
[DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)]
[PInvokeData("authz.h", MSDNShortId = "633c2a73-169c-4e0c-abb6-96c360bd63cf")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzAccessCheck(AuthzAccessCheckFlags Flags, AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, in AUTHZ_ACCESS_REQUEST pRequest,
[Optional] AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent, PSECURITY_DESCRIPTOR pSecurityDescriptor,
[Optional, MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 6)] SECURITY_DESCRIPTOR[] OptionalSecurityDescriptorArray,
uint OptionalSecurityDescriptorCount, [In, Out] AUTHZ_ACCESS_REPLY pReply, [Optional] IntPtr phAccessCheckResults);
/// <summary>
/// <para>The <c>AuthzFreeAuditEvent</c> function frees the structure allocated by the AuthzInitializeObjectAccessAuditEvent function.</para>
/// </summary>
/// <param name="hAuditEvent">
/// <para>A pointer to the <c>AUTHZ_AUDIT_EVENT_HANDLE</c> structure to be freed.</para>
/// </param>
/// <returns>
/// <para>If the function succeeds, the function returns <c>TRUE</c>.</para>
/// <para>If the function fails, it returns <c>FALSE</c>. To get extended error information, call GetLastError.</para>
/// </returns>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzfreeauditevent AUTHZAPI BOOL AuthzFreeAuditEvent(
// AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent );
[DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)]
[PInvokeData("authz.h", MSDNShortId = "e2980ef7-45dd-47c7-ba4d-f36b52bbd7dc")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzFreeAuditEvent(AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent);
/// <summary>
/// <para>
/// The <c>AuthzFreeContext</c> function frees all structures and memory associated with the client context. The list of handles for
/// a client is freed in this call.
/// </para>
/// <para>
/// Starting with Windows Server 2012 and Windows 8, this function also frees the memory associated with device groups, user claims,
/// and device claims.
/// </para>
/// </summary>
/// <param name="hAuthzClientContext">
/// <para>The <c>AUTHZ_CLIENT_CONTEXT_HANDLE</c> structure to be freed.</para>
/// </param>
/// <returns>
/// <para>If the function succeeds, it returns <c>TRUE</c>.</para>
/// <para>If the function fails, it returns <c>FALSE</c>. To get extended error information, call GetLastError.</para>
/// </returns>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzfreecontext
[DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)]
[PInvokeData("authz.h", MSDNShortId = "cad9fff0-9aa6-4cb2-a34f-94cf72f66bca")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzFreeContext(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext);
/// <summary>
/// <para>The <c>AuthzFreeHandle</c> function finds and deletes a handle from the handle list.</para>
/// </summary>
/// <param name="hAccessCheckResults">
/// <para>A handle to be freed.</para>
/// </param>
/// <returns>
/// <para>If the function succeeds, it returns <c>TRUE</c>.</para>
/// <para>If the function fails, it returns <c>FALSE</c>. To get extended error information, call GetLastError.</para>
/// </returns>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzfreehandle AUTHZAPI BOOL AuthzFreeHandle(
// AUTHZ_ACCESS_CHECK_RESULTS_HANDLE hAccessCheckResults );
[DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)]
[PInvokeData("authz.h", MSDNShortId = "8d2e2ae9-b515-4a02-b366-5b107b4f7ffa")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzFreeHandle(AUTHZ_ACCESS_CHECK_RESULTS_HANDLE hAccessCheckResults);
/// <summary>
/// <para>The <c>AuthzFreeResourceManager</c> function frees a resource manager object.</para>
/// </summary>
/// <param name="hAuthzResourceManager">
/// <para>The <c>AUTHZ_RESOURCE_MANAGER_HANDLE</c> to be freed.</para>
/// </param>
/// <returns>
/// <para>If the function succeeds, it returns <c>TRUE</c>.</para>
/// <para>If the function fails, it returns <c>FALSE</c>. To get extended error information, call GetLastError.</para>
/// </returns>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzfreeresourcemanager AUTHZAPI BOOL
// AuthzFreeResourceManager( AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager );
[DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)]
[PInvokeData("authz.h", MSDNShortId = "8b716368-8d81-4c62-9086-0976b39bbcf8")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzFreeResourceManager(AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager);
/// <summary>
/// <para>The <c>AuthzGetInformationFromContext</c> function returns information about an Authz context.</para>
/// <para>
/// Starting with Windows Server 2012 and Windows 8, device groups are returned as a TOKEN_GROUPS structure. User and device claims
/// are returned as an AUTHZ_SECURITY_ATTRIBUTES_INFORMATION structure.
/// </para>
/// </summary>
/// <param name="hAuthzClientContext">
/// <para>A handle to the context.</para>
/// </param>
/// <param name="InfoClass">
/// <para>A value of the AUTHZ_CONTEXT_INFORMATION_CLASS enumeration that indicates the type of information to be returned.</para>
/// </param>
/// <param name="BufferSize">
/// <para>Size of the buffer passed.</para>
/// </param>
/// <param name="pSizeRequired">
/// <para>A pointer to a <c>DWORD</c> of the buffer size required for returning the structure.</para>
/// </param>
/// <param name="Buffer">
/// <para>
/// A pointer to memory that can receive the information. The structure returned depends on the information requested in the
/// InfoClass parameter.
/// </para>
/// </param>
/// <returns>
/// <para>If the function succeeds, it returns <c>TRUE</c>.</para>
/// <para>If the function fails, it returns <c>FALSE</c>. To get extended error information, call GetLastError.</para>
/// </returns>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzgetinformationfromcontext AUTHZAPI BOOL
// AuthzGetInformationFromContext( AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, AUTHZ_CONTEXT_INFORMATION_CLASS InfoClass, DWORD
// BufferSize, PDWORD pSizeRequired, PVOID Buffer );
[DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)]
[PInvokeData("authz.h", MSDNShortId = "c365029a-3ff3-49c1-9dfc-b52948e466f3")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzGetInformationFromContext(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
AUTHZ_CONTEXT_INFORMATION_CLASS InfoClass, uint BufferSize, out uint pSizeRequired, IntPtr Buffer);
/// <summary>
/// <para>
/// The <c>AuthzInitializeCompoundContext</c> function creates a user-mode context from the given user and device security contexts.
/// </para>
/// </summary>
/// <param name="UserContext">
/// <para>User context to create the compound context from.</para>
/// </param>
/// <param name="DeviceContext">
/// <para>Device context to create the compound context from. This must not be the same as the user context.</para>
/// </param>
/// <param name="phCompoundContext">
/// <para>Used to return the resultant compound context.</para>
/// </param>
/// <returns>
/// <para>If the function succeeds, it returns <c>TRUE</c>.</para>
/// <para>If the function fails, it returns <c>FALSE</c>. To get extended error information, call GetLastError.</para>
/// </returns>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzinitializecompoundcontext AUTHZAPI BOOL
// AuthzInitializeCompoundContext( AUTHZ_CLIENT_CONTEXT_HANDLE UserContext, AUTHZ_CLIENT_CONTEXT_HANDLE DeviceContext,
// PAUTHZ_CLIENT_CONTEXT_HANDLE phCompoundContext );
[DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)]
[PInvokeData("authz.h", MSDNShortId = "2EC9EE76-9A92-40DF-9884-547D96FF3E09")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzInitializeCompoundContext(AUTHZ_CLIENT_CONTEXT_HANDLE UserContext, AUTHZ_CLIENT_CONTEXT_HANDLE DeviceContext, out SafeAUTHZ_CLIENT_CONTEXT_HANDLE phCompoundContext);
/// <summary>
/// <para>
/// The <c>AuthzInitializeContextFromSid</c> function creates a user-mode client context from a user security identifier (SID).
/// Domain SIDs retrieve token group attributes from the Active Directory.
/// </para>
/// </summary>
/// <param name="Flags">
/// <para>The following flags are defined.</para>
/// <para>
/// Starting with Windows 8 and Windows Server 2012, when you call this function on a remote context handle, the upper 16 bits must
/// be zero.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>0 (0x0)</term>
/// <term>
/// Default value. AuthzInitializeContextFromSid attempts to retrieve the user's token group information by performing an S4U logon.
/// If S4U logon is not supported by the user's domain or the calling computer, AuthzInitializeContextFromSid queries the user's
/// account object for group information. When an account is queried directly, some groups that represent logon characteristics, such
/// as Network, Interactive, Anonymous, Network Service, or Local Service, are omitted. Applications can explicitly add such group
/// SIDs by implementing the AuthzComputeGroupsCallback function or calling the AuthzAddSidsToContext function.
/// </term>
/// </item>
/// <item>
/// <term>AUTHZ_SKIP_TOKEN_GROUPS 2 (0x2)</term>
/// <term>
/// Causes AuthzInitializeContextFromSid to skip all group evaluations. When this flag is used, the context returned contains only
/// the SID specified by the UserSid parameter. The specified SID can be an arbitrary or application-specific SID. Other SIDs can be
/// added to this context by implementing the AuthzComputeGroupsCallback function or by calling the AuthzAddSidsToContext function.
/// </term>
/// </item>
/// <item>
/// <term>AUTHZ_REQUIRE_S4U_LOGON 4 (0x4)</term>
/// <term>
/// Causes AuthzInitializeContextFromSid to fail if Windows Services For User is not available to retrieve token group information.
/// Windows XP: This flag is not supported.
/// </term>
/// </item>
/// <item>
/// <term>AUTHZ_COMPUTE_PRIVILEGES 8 (0x8)</term>
/// <term>
/// Causes AuthzInitializeContextFromSid to retrieve privileges for the new context. If this function performs an S4U logon, it
/// retrieves privileges from the token. Otherwise, the function retrieves privileges from all SIDs in the context.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="UserSid">
/// <para>
/// The SID of the user for whom a client context will be created. This must be a valid user or computer account unless the
/// AUTHZ_SKIP_TOKEN_GROUPS flag is used.
/// </para>
/// </param>
/// <param name="hAuthzResourceManager">
/// <para>A handle to the resource manager creating this client context. This handle is stored in the client context structure.</para>
/// <para>
/// Starting with Windows 8 and Windows Server 2012, the resource manager can be local or remote and is obtained by calling the
/// AuthzInitializeRemoteResourceManager function.
/// </para>
/// </param>
/// <param name="pExpirationTime">
/// <para>
/// Expiration date and time of the token. If no value is passed, the token never expires. Expiration time is not currently enforced.
/// </para>
/// </param>
/// <param name="Identifier">
/// <para>Specific identifier of the resource manager. This parameter is not currently used.</para>
/// </param>
/// <param name="DynamicGroupArgs">
/// <para>
/// A pointer to parameters to be passed to the callback function that computes dynamic groups. This parameter can be <c>NULL</c> if
/// no dynamic parameters are passed to the callback function.
/// </para>
/// <para>
/// Starting with Windows 8 and Windows Server 2012, this parameter must be <c>NULL</c> if the resource manager is remote. Otherwise,
/// ERROR_NOT_SUPPORTED will be set.
/// </para>
/// </param>
/// <param name="phAuthzClientContext">
/// <para>
/// A pointer to the handle to the client context that the <c>AuthzInitializeContextFromSid</c> function creates. When you have
/// finished using the handle, free it by calling the AuthzFreeContext function.
/// </para>
/// </param>
/// <returns>
/// <para>If the function succeeds, the function returns nonzero.</para>
/// <para>If the function fails, it returns zero. To get extended error information, call GetLastError.</para>
/// </returns>
/// <remarks>
/// <para>
/// If possible, call the AuthzInitializeContextFromToken function instead of <c>AuthzInitializeContextFromSid</c>.
/// <c>AuthzInitializeContextFromSid</c> attempts to retrieve the information available in a logon token had the client actually
/// logged on. An actual logon token provides more information, such as logon type and logon properties, and reflects the behavior of
/// the authentication package used for the logon. The client context created by <c>AuthzInitializeContextFromToken</c> uses a logon
/// token, and the resulting client context is more complete and accurate than a client context created by <c>AuthzInitializeContextFromSid</c>.
/// </para>
/// <para>This function resolves valid user SIDs only.</para>
/// <para>
/// <c>Windows XP:</c> This function resolves group memberships for valid user and group SIDs (unless the AUTHZ_SKIP_TOKEN_GROUPS
/// flag is used). Support for resolving memberships of group SIDs may be altered or unavailable in subsequent versions.
/// </para>
/// <para>This function calls the AuthzComputeGroupsCallback callback function to add SIDs to the newly created context.</para>
/// <para>
/// <c>Important</c> Applications should not assume that the calling context has permission to use this function. The
/// <c>AuthzInitializeContextFromSid</c> function reads the tokenGroupsGlobalAndUniversal attribute of the SID specified in the call
/// to determine the current user's group memberships. If the user's object is in Active Directory, the calling context must have
/// read access to the tokenGroupsGlobalAndUniversal attribute on the user object. When a new domain is created, the default access
/// compatibility selection is <c>Permissions compatible with Windows 2000 and Windows Server 2003 operating systems</c>. When this
/// option is set, the <c>Pre-Windows 2000 Compatible Access</c> group includes only the <c>Authenticated Users</c> built-in security
/// identifiers. Therefore, applications may not have access to the tokenGroupsGlobalAndUniversal attribute; in this case, the
/// <c>AuthzInitializeContextFromSid</c> function fails with ACCESS_DENIED. Applications that use this function should correctly
/// handle this error and provide supporting documentation. To simplify granting accounts permission to query a user's group
/// information, add accounts that need the ability to look up group information to the Windows Authorization Access Group.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzinitializecontextfromsid AUTHZAPI BOOL
// AuthzInitializeContextFromSid( DWORD Flags, PSID UserSid, AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager, PLARGE_INTEGER
// pExpirationTime, LUID Identifier, PVOID DynamicGroupArgs, PAUTHZ_CLIENT_CONTEXT_HANDLE phAuthzClientContext );
[DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)]
[PInvokeData("authz.h", MSDNShortId = "402a8641-5644-45c1-80e9-c60321c1ac38")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzInitializeContextFromSid(
AuthzContextFlags Flags,
PSID UserSid,
[Optional] AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager,
[Optional] IntPtr pExpirationTime,
LUID Identifier,
[Optional] IntPtr DynamicGroupArgs,
out SafeAUTHZ_CLIENT_CONTEXT_HANDLE phAuthzClientContext);
/// <summary>
/// <para>
/// The <c>AuthzInitializeContextFromToken</c> function initializes a client authorization context from a kernel token. The kernel
/// token must have been opened for TOKEN_QUERY.
/// </para>
/// <para>Starting with Windows Server 2012 and Windows 8, this function can also copy device groups, user claims, and device claims.</para>
/// </summary>
/// <param name="Flags">
/// <para>Reserved for future use.</para>
/// </param>
/// <param name="TokenHandle">
/// <para>
/// A handle to the client token used to initialize the pAuthzClientContext parameter. The token must have been opened with
/// TOKEN_QUERY access.
/// </para>
/// </param>
/// <param name="hAuthzResourceManager">
/// <para>A handle to the resource manager that created this client context. This handle is stored in the client context structure.</para>
/// </param>
/// <param name="pExpirationTime">
/// <para>
/// Expiration date and time of the token. If no value is passed, the token never expires. Expiration time is not currently enforced.
/// </para>
/// </param>
/// <param name="Identifier">
/// <para>Identifier that is specific to the resource manager. This parameter is not currently used.</para>
/// </param>
/// <param name="DynamicGroupArgs">
/// <para>A pointer to parameters to be passed to the callback function that computes dynamic groups.</para>
/// </param>
/// <param name="phAuthzClientContext">
/// <para>A pointer to the AuthzClientContext handle returned. Call AuthzFreeContext when done with the client context.</para>
/// </param>
/// <returns>
/// <para>If the function succeeds, it returns <c>TRUE</c>.</para>
/// <para>If the function fails, it returns <c>FALSE</c>. To get extended error information, call GetLastError.</para>
/// </returns>
/// <remarks>
/// <para>
/// This function calls the AuthzComputeGroupsCallback callback function to add security identifiers to the newly created context.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzinitializecontextfromtoken AUTHZAPI BOOL
// AuthzInitializeContextFromToken( DWORD Flags, HANDLE TokenHandle, AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager,
// PLARGE_INTEGER pExpirationTime, LUID Identifier, PVOID DynamicGroupArgs, PAUTHZ_CLIENT_CONTEXT_HANDLE phAuthzClientContext );
[DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true)]
[PInvokeData("authz.h", MSDNShortId = "75a7fb3f-6b3a-42ca-b467-f57baf6c60c6")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzInitializeContextFromToken(uint Flags, HTOKEN TokenHandle, AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager,
[Optional] IntPtr pExpirationTime, LUID Identifier, [Optional] IntPtr DynamicGroupArgs, out SafeAUTHZ_CLIENT_CONTEXT_HANDLE phAuthzClientContext);
/// <summary>
/// <para>The <c>AuthzInitializeObjectAccessAuditEvent</c> function initializes auditing for an object.</para>
/// </summary>
/// <param name="Flags">
/// <para>Modifies the audit. This parameter can be one of the following values.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>AUTHZ_NO_SUCCESS_AUDIT</term>
/// <term>Disable generation of success audits.</term>
/// </item>
/// <item>
/// <term>AUTHZ_NO_FAILURE_AUDIT</term>
/// <term>Disable generation of failure audits.</term>
/// </item>
/// <item>
/// <term>AUTHZ_NO_ALLOC_STRINGS</term>
/// <term>
/// Use pointers to the passed strings instead of allocating memory and copying the strings. The calling application must ensure that
/// the passed memory stays valid during access checks.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="hAuditEventType">
/// <para>Reserved. This parameter should be set to <c>NULL</c>.</para>
/// </param>
/// <param name="szOperationType">
/// <para>String that indicates the operation that is to be audited.</para>
/// </param>
/// <param name="szObjectType">
/// <para>String that indicates the type of object being accessed.</para>
/// </param>
/// <param name="szObjectName">
/// <para>String the indicates the name of the object being accessed.</para>
/// </param>
/// <param name="szAdditionalInfo">
/// <para>String, defined by the Resource Manager, for additional audit information.</para>
/// </param>
/// <param name="phAuditEvent">
/// <para>Pointer that receives an <c>AUTHZ_AUDIT_EVENT_HANDLE</c> structure.</para>
/// </param>
/// <param name="dwAdditionalParameterCount">
/// <para>Must be set to zero.</para>
/// </param>
/// <returns>
/// <para>If the function succeeds, it returns <c>TRUE</c>.</para>
/// <para>If the function fails, it returns <c>FALSE</c>. For extended error information, call GetLastError.</para>
/// </returns>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzinitializeobjectaccessauditevent AUTHZAPI BOOL
// AuthzInitializeObjectAccessAuditEvent( DWORD Flags, AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAuditEventType, PWSTR szOperationType, PWSTR
// szObjectType, PWSTR szObjectName, PWSTR szAdditionalInfo, PAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent, DWORD
// dwAdditionalParameterCount, ... );
[DllImport(Lib.Authz, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("authz.h", MSDNShortId = "cf79a92f-31e0-47cf-8990-4dbd46056a90")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzInitializeObjectAccessAuditEvent(AuthzAuditEventFlags Flags, IntPtr hAuditEventType,
string szOperationType, string szObjectType, string szObjectName, string szAdditionalInfo,
out SafeAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent, uint dwAdditionalParameterCount = 0);
/// <summary>The AuthzInitializeResourceManager function uses Authz to verify that clients have access to various resources.</summary>
/// <param name="flags">
/// A DWORD value that defines how the resource manager is initialized.
/// <para>AUTHZ_RM_FLAG_NO_AUDIT and AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION can be bitwise-combined.</para>
/// </param>
/// <param name="pfnAccessCheck">
/// A pointer to the AuthzAccessCheckCallback callback function that the resource manager calls each time it encounters a callback
/// access control entry (ACE) during access control list (ACL) evaluation in AuthzAccessCheck or AuthzCachedAccessCheck. This
/// parameter can be NULL if no access check callback function is used.
/// </param>
/// <param name="pfnComputeDynamicGroups">
/// A pointer to the AuthzComputeGroupsCallback callback function called by the resource manager during initialization of an
/// AuthzClientContext handle. This parameter can be NULL if no callback function is used to compute dynamic groups.
/// </param>
/// <param name="pfnFreeDynamicGroups">
/// A pointer to the AuthzFreeGroupsCallback callback function called by the resource manager to free security identifier (SID)
/// attribute arrays allocated by the compute dynamic groups callback. This parameter can be NULL if no callback function is used to
/// compute dynamic groups.
/// </param>
/// <param name="name">
/// A string that identifies the resource manager. This parameter can be NULL if the resource manager does not need a name.
/// </param>
/// <param name="rm">
/// A pointer to the returned resource manager handle. When you have finished using the handle, free it by calling the
/// AuthzFreeResourceManager function.
/// </param>
/// <returns>
/// If the function succeeds, the function returns TRUE. If the function fails, it returns FALSE. To get extended error information,
/// call GetLastError.
/// </returns>
[DllImport(Lib.Authz, ExactSpelling = true, SetLastError = true, CharSet = CharSet.Unicode)]
[PInvokeData("authz.h", MSDNShortId = "aa376313")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzInitializeResourceManager(
AuthzResourceManagerFlags flags,
[Optional] AuthzAccessCheckCallback pfnAccessCheck,
[Optional] AuthzComputeGroupsCallback pfnComputeDynamicGroups,
[Optional] AuthzFreeGroupsCallback pfnFreeDynamicGroups,
[Optional, MarshalAs(UnmanagedType.LPWStr)] string name,
out SafeAUTHZ_RESOURCE_MANAGER_HANDLE rm);
/// <summary>
/// <para>The <c>AuthzModifyClaims</c> function adds, deletes, or modifies user and device claims in the Authz client context.</para>
/// </summary>
/// <param name="hAuthzClientContext">
/// <para>A handle to the client context to be modified.</para>
/// </param>
/// <param name="ClaimClass">
/// <para>Type of information to be modified. The caller can specify AuthzContextInfoUserClaims or AuthzContextInfoDeviceClaims.</para>
/// </param>
/// <param name="pClaimOperations">
/// <para>
/// A pointer to an array of AUTHZ_SECURITY_ATTRIBUTE_OPERATION enumeration values that specify the type of claim modification to make.
/// </para>
/// </param>
/// <param name="pClaims">
/// <para>A pointer to an AUTHZ_SECURITY_ATTRIBUTES_INFORMATION structure that specifies the claims to modify.</para>
/// </param>
/// <returns>
/// <para>If the function succeeds, it returns <c>TRUE</c>.</para>
/// <para>If the function fails, it returns <c>FALSE</c>. To get extended error information, call GetLastError.</para>
/// </returns>
/// <remarks>
/// <para>
/// The AUTHZ_SECURITY_ATTRIBUTE_OPERATION enumeration must have only one element if the value of that element is
/// AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE_ALL. Otherwise, the array has the same number of elements as the corresponding PAUTHZ_SECURITY_ATTRIBUTES_INFORMATION.
/// </para>
/// <para>
/// If the AUTHZ_SECURITY_ATTRIBUTE_OPERATION enumeration is AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE and the function fails, call
/// GetLastError. If the error code is ERROR_ALREADY_EXISTS, the claim's values have duplicate entries.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzmodifyclaims AUTHZAPI BOOL AuthzModifyClaims(
// AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, AUTHZ_CONTEXT_INFORMATION_CLASS ClaimClass, PAUTHZ_SECURITY_ATTRIBUTE_OPERATION
// pClaimOperations, PAUTHZ_SECURITY_ATTRIBUTES_INFORMATION pClaims );
[PInvokeData("authz.h", MSDNShortId = "A93CD1DD-4E87-4C6A-928A-F90AD7F1085E")]
[DllImport(Lib.Authz, ExactSpelling = true, SetLastError = true, CharSet = CharSet.Unicode)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzModifyClaims(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, AUTHZ_CONTEXT_INFORMATION_CLASS ClaimClass,
AUTHZ_SECURITY_ATTRIBUTE_OPERATION[] pClaimOperations,
[In, MarshalAs(UnmanagedType.CustomMarshaler, MarshalTypeRef = typeof(AUTHZ_SECURITY_ATTRIBUTES_INFORMATION_Marshaler))] AUTHZ_SECURITY_ATTRIBUTES_INFORMATION pClaims);
/// <summary>
/// <para>
/// The <c>AuthzModifySecurityAttributes</c> function modifies the security attribute information in the specified client context.
/// </para>
/// </summary>
/// <param name="hAuthzClientContext">
/// <para>A handle to the client context to be modified.</para>
/// </param>
/// <param name="pOperations">
/// <para>
/// A pointer to an array of AUTHZ_SECURITY_ATTRIBUTE_OPERATION enumeration values that specify the types of modifications to make.
/// </para>
/// <para>
/// This array must have only one element if the value of that element is <c>AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE_ALL</c>.
/// Otherwise, the array has the same number of elements as the pAttributes array.
/// </para>
/// </param>
/// <param name="pAttributes">
/// <para>A pointer to an AUTHZ_SECURITY_ATTRIBUTES_INFORMATION structure that specifies the attributes to modify.</para>
/// </param>
/// <returns>
/// <para>If the function succeeds, it returns <c>TRUE</c>.</para>
/// <para>If the function fails, it returns <c>FALSE</c>. To get extended error information, call GetLastError.</para>
/// </returns>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzmodifysecurityattributes AUTHZAPI BOOL
// AuthzModifySecurityAttributes( AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, PAUTHZ_SECURITY_ATTRIBUTE_OPERATION pOperations,
// PAUTHZ_SECURITY_ATTRIBUTES_INFORMATION pAttributes );
[DllImport(Lib.Authz, ExactSpelling = true, SetLastError = true, CharSet = CharSet.Unicode)]
[PInvokeData("authz.h", MSDNShortId = "d84873e2-ecfe-45cf-9048-7ed173117efa")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzModifySecurityAttributes(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
AUTHZ_SECURITY_ATTRIBUTE_OPERATION[] pOperations,
[In, MarshalAs(UnmanagedType.CustomMarshaler, MarshalTypeRef = typeof(AUTHZ_SECURITY_ATTRIBUTES_INFORMATION_Marshaler))] AUTHZ_SECURITY_ATTRIBUTES_INFORMATION pAttributes);
/// <summary>
/// <para>The <c>AuthzModifySids</c> function adds, deletes, or modifies user and device groups in the Authz client context.</para>
/// </summary>
/// <param name="hAuthzClientContext">
/// <para>A handle to the client context to be modified.</para>
/// </param>
/// <param name="SidClass">
/// <para>
/// Type of information to be modified. The caller can specify AuthzContextInfoGroupsSids, AuthzContextInfoRestrictedSids, or AuthzContextInfoDeviceSids.
/// </para>
/// </param>
/// <param name="pSidOperations">
/// <para>A pointer to an array of AUTHZ_SID_OPERATION enumeration values that specify the group modifications to make.</para>
/// </param>
/// <param name="pSids">
/// <para>A pointer to a TOKEN_GROUPS structure that specifies the groups to modify.</para>
/// </param>
/// <returns>
/// <para>If the function succeeds, it returns <c>TRUE</c>.</para>
/// <para>If the function fails, it returns <c>FALSE</c>. To get extended error information, call GetLastError.</para>
/// </returns>
/// <remarks>
/// <para>
/// The AUTHZ_SID_OPERATION enumeration must have only one element if the value of that element is AUTHZ_SID_OPERATION_REPLACE_ALL.
/// Otherwise, the array has the same number of elements as the corresponding PTOKEN_GROUPS.
/// </para>
/// <para>
/// When you want to use <c>AuthzModifySids</c> to delete, the SIDs are matched but not the SID flags. If no matching SID is found,
/// no modifications are done and the call fails.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/nf-authz-authzmodifysids AUTHZAPI BOOL AuthzModifySids(
// AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, AUTHZ_CONTEXT_INFORMATION_CLASS SidClass, PAUTHZ_SID_OPERATION pSidOperations,
// PTOKEN_GROUPS pSids );
[DllImport(Lib.Authz, ExactSpelling = true, SetLastError = true, CharSet = CharSet.Unicode)]
[PInvokeData("authz.h", MSDNShortId = "740569A5-6159-409B-B8CB-B3A8BAE4F398")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AuthzModifySids(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, AUTHZ_CONTEXT_INFORMATION_CLASS SidClass,
AUTHZ_SID_OPERATION[] pSidOperations, in TOKEN_GROUPS pSids);
/// <summary>Provides a handle to an access check results.</summary>
[StructLayout(LayoutKind.Sequential)]
public struct AUTHZ_ACCESS_CHECK_RESULTS_HANDLE : IHandle
{
private IntPtr handle;
/// <summary>Initializes a new instance of the <see cref="AUTHZ_ACCESS_CHECK_RESULTS_HANDLE"/> struct.</summary>
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
public AUTHZ_ACCESS_CHECK_RESULTS_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle;
/// <summary>
/// Returns an invalid handle by instantiating a <see cref="AUTHZ_ACCESS_CHECK_RESULTS_HANDLE"/> object with <see cref="IntPtr.Zero"/>.
/// </summary>
public static AUTHZ_ACCESS_CHECK_RESULTS_HANDLE NULL => new AUTHZ_ACCESS_CHECK_RESULTS_HANDLE(IntPtr.Zero);
/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
public bool IsNull => handle == IntPtr.Zero;
/// <summary>Performs an explicit conversion from <see cref="AUTHZ_ACCESS_CHECK_RESULTS_HANDLE"/> to <see cref="IntPtr"/>.</summary>
/// <param name="h">The handle.</param>
/// <returns>The result of the conversion.</returns>
public static explicit operator IntPtr(AUTHZ_ACCESS_CHECK_RESULTS_HANDLE h) => h.handle;
/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="AUTHZ_ACCESS_CHECK_RESULTS_HANDLE"/>.</summary>
/// <param name="h">The pointer to a handle.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator AUTHZ_ACCESS_CHECK_RESULTS_HANDLE(IntPtr h) => new AUTHZ_ACCESS_CHECK_RESULTS_HANDLE(h);
/// <summary>Implements the operator !=.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
/// <returns>The result of the operator.</returns>
public static bool operator !=(AUTHZ_ACCESS_CHECK_RESULTS_HANDLE h1, AUTHZ_ACCESS_CHECK_RESULTS_HANDLE h2) => !(h1 == h2);
/// <summary>Implements the operator ==.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
/// <returns>The result of the operator.</returns>
public static bool operator ==(AUTHZ_ACCESS_CHECK_RESULTS_HANDLE h1, AUTHZ_ACCESS_CHECK_RESULTS_HANDLE h2) => h1.Equals(h2);
/// <inheritdoc/>
public override bool Equals(object obj) => obj is AUTHZ_ACCESS_CHECK_RESULTS_HANDLE h ? handle == h.handle : false;
/// <inheritdoc/>
public override int GetHashCode() => handle.GetHashCode();
/// <inheritdoc/>
public IntPtr DangerousGetHandle() => handle;
}
/// <summary>
/// <para>The <c>AUTHZ_ACCESS_REQUEST</c> structure defines an access check request.</para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ns-authz-_authz_access_request typedef struct _AUTHZ_ACCESS_REQUEST {
// ACCESS_MASK DesiredAccess; PSID PrincipalSelfSid; POBJECT_TYPE_LIST ObjectTypeList; DWORD ObjectTypeListLength; PVOID
// OptionalArguments; } AUTHZ_ACCESS_REQUEST, *PAUTHZ_ACCESS_REQUEST;
[PInvokeData("authz.h", MSDNShortId = "3748075c-b31a-4669-b8a6-1a540449d8fa")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct AUTHZ_ACCESS_REQUEST
{
/// <summary>The type of access to test for.</summary>
public uint DesiredAccess;
/// <summary>The security identifier (SID) to use for the principal self SID in the access control list (ACL).</summary>
public byte[] PrincipalSelfSid;
/// <summary>
/// An array of OBJECT_TYPE_LIST structures in the object tree for the object. Set to NULL unless the application checks access
/// at the property level.
/// </summary>
public IntPtr ObjectTypeList;
/// <summary>
/// The number of elements in the ObjectTypeList array. This member is necessary only if the application checks access at the
/// property level.
/// </summary>
public uint ObjectTypeListLength;
/// <summary>A pointer to memory to pass to AuthzAccessCheckCallback when checking callback access control entries (ACEs).</summary>
public IntPtr OptionalArguments;
/// <summary>Initializes a new instance of the <see cref="AUTHZ_ACCESS_REQUEST"/> struct.</summary>
/// <param name="access">The access.</param>
public AUTHZ_ACCESS_REQUEST(uint access) : this() => DesiredAccess = access;
/// <summary>Gets or sets the object types.</summary>
/// <value>The object types.</value>
public OBJECT_TYPE_LIST[] ObjectTypes => ObjectTypeList.ToIEnum<IntPtr>((int)ObjectTypeListLength).Select(p => p.ToStructure<OBJECT_TYPE_LIST>()).ToArray();
}
/// <summary>Provides a handle to an Audit event.</summary>
[StructLayout(LayoutKind.Sequential)]
public struct AUTHZ_AUDIT_EVENT_HANDLE : IHandle
{
private IntPtr handle;
/// <summary>Initializes a new instance of the <see cref="AUTHZ_AUDIT_EVENT_HANDLE"/> struct.</summary>
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
public AUTHZ_AUDIT_EVENT_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle;
/// <summary>Returns an invalid handle by instantiating a <see cref="AUTHZ_AUDIT_EVENT_HANDLE"/> object with <see cref="IntPtr.Zero"/>.</summary>
public static AUTHZ_AUDIT_EVENT_HANDLE NULL => new AUTHZ_AUDIT_EVENT_HANDLE(IntPtr.Zero);
/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
public bool IsNull => handle == IntPtr.Zero;
/// <summary>Performs an explicit conversion from <see cref="AUTHZ_AUDIT_EVENT_HANDLE"/> to <see cref="IntPtr"/>.</summary>
/// <param name="h">The handle.</param>
/// <returns>The result of the conversion.</returns>
public static explicit operator IntPtr(AUTHZ_AUDIT_EVENT_HANDLE h) => h.handle;
/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="AUTHZ_AUDIT_EVENT_HANDLE"/>.</summary>
/// <param name="h">The pointer to a handle.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator AUTHZ_AUDIT_EVENT_HANDLE(IntPtr h) => new AUTHZ_AUDIT_EVENT_HANDLE(h);
/// <summary>Implements the operator !=.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
/// <returns>The result of the operator.</returns>
public static bool operator !=(AUTHZ_AUDIT_EVENT_HANDLE h1, AUTHZ_AUDIT_EVENT_HANDLE h2) => !(h1 == h2);
/// <summary>Implements the operator ==.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
/// <returns>The result of the operator.</returns>
public static bool operator ==(AUTHZ_AUDIT_EVENT_HANDLE h1, AUTHZ_AUDIT_EVENT_HANDLE h2) => h1.Equals(h2);
/// <inheritdoc/>
public override bool Equals(object obj) => obj is AUTHZ_AUDIT_EVENT_HANDLE h ? handle == h.handle : false;
/// <inheritdoc/>
public override int GetHashCode() => handle.GetHashCode();
/// <inheritdoc/>
public IntPtr DangerousGetHandle() => handle;
}
/// <summary>Provides a handle to a client context.</summary>
[StructLayout(LayoutKind.Sequential)]
public struct AUTHZ_CLIENT_CONTEXT_HANDLE : IHandle
{
private IntPtr handle;
/// <summary>Initializes a new instance of the <see cref="AUTHZ_CLIENT_CONTEXT_HANDLE"/> struct.</summary>
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
public AUTHZ_CLIENT_CONTEXT_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle;
/// <summary>Returns an invalid handle by instantiating a <see cref="AUTHZ_CLIENT_CONTEXT_HANDLE"/> object with <see cref="IntPtr.Zero"/>.</summary>
public static AUTHZ_CLIENT_CONTEXT_HANDLE NULL => new AUTHZ_CLIENT_CONTEXT_HANDLE(IntPtr.Zero);
/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
public bool IsNull => handle == IntPtr.Zero;
/// <summary>Performs an explicit conversion from <see cref="AUTHZ_CLIENT_CONTEXT_HANDLE"/> to <see cref="IntPtr"/>.</summary>
/// <param name="h">The handle.</param>
/// <returns>The result of the conversion.</returns>
public static explicit operator IntPtr(AUTHZ_CLIENT_CONTEXT_HANDLE h) => h.handle;
/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="AUTHZ_CLIENT_CONTEXT_HANDLE"/>.</summary>
/// <param name="h">The pointer to a handle.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator AUTHZ_CLIENT_CONTEXT_HANDLE(IntPtr h) => new AUTHZ_CLIENT_CONTEXT_HANDLE(h);
/// <summary>Implements the operator !=.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
/// <returns>The result of the operator.</returns>
public static bool operator !=(AUTHZ_CLIENT_CONTEXT_HANDLE h1, AUTHZ_CLIENT_CONTEXT_HANDLE h2) => !(h1 == h2);
/// <summary>Implements the operator ==.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
/// <returns>The result of the operator.</returns>
public static bool operator ==(AUTHZ_CLIENT_CONTEXT_HANDLE h1, AUTHZ_CLIENT_CONTEXT_HANDLE h2) => h1.Equals(h2);
/// <inheritdoc/>
public override bool Equals(object obj) => obj is AUTHZ_CLIENT_CONTEXT_HANDLE h ? handle == h.handle : false;
/// <inheritdoc/>
public override int GetHashCode() => handle.GetHashCode();
/// <inheritdoc/>
public IntPtr DangerousGetHandle() => handle;
}
/// <summary>Provides a handle to a resource manager.</summary>
[StructLayout(LayoutKind.Sequential)]
public struct AUTHZ_RESOURCE_MANAGER_HANDLE : IHandle
{
private IntPtr handle;
/// <summary>Initializes a new instance of the <see cref="AUTHZ_RESOURCE_MANAGER_HANDLE"/> struct.</summary>
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
public AUTHZ_RESOURCE_MANAGER_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle;
/// <summary>Returns an invalid handle by instantiating a <see cref="AUTHZ_RESOURCE_MANAGER_HANDLE"/> object with <see cref="IntPtr.Zero"/>.</summary>
public static AUTHZ_RESOURCE_MANAGER_HANDLE NULL => new AUTHZ_RESOURCE_MANAGER_HANDLE(IntPtr.Zero);
/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
public bool IsNull => handle == IntPtr.Zero;
/// <summary>Performs an explicit conversion from <see cref="AUTHZ_RESOURCE_MANAGER_HANDLE"/> to <see cref="IntPtr"/>.</summary>
/// <param name="h">The handle.</param>
/// <returns>The result of the conversion.</returns>
public static explicit operator IntPtr(AUTHZ_RESOURCE_MANAGER_HANDLE h) => h.handle;
/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="AUTHZ_RESOURCE_MANAGER_HANDLE"/>.</summary>
/// <param name="h">The pointer to a handle.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator AUTHZ_RESOURCE_MANAGER_HANDLE(IntPtr h) => new AUTHZ_RESOURCE_MANAGER_HANDLE(h);
/// <summary>Implements the operator !=.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
/// <returns>The result of the operator.</returns>
public static bool operator !=(AUTHZ_RESOURCE_MANAGER_HANDLE h1, AUTHZ_RESOURCE_MANAGER_HANDLE h2) => !(h1 == h2);
/// <summary>Implements the operator ==.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
/// <returns>The result of the operator.</returns>
public static bool operator ==(AUTHZ_RESOURCE_MANAGER_HANDLE h1, AUTHZ_RESOURCE_MANAGER_HANDLE h2) => h1.Equals(h2);
/// <inheritdoc/>
public override bool Equals(object obj) => obj is AUTHZ_RESOURCE_MANAGER_HANDLE h ? handle == h.handle : false;
/// <inheritdoc/>
public override int GetHashCode() => handle.GetHashCode();
/// <inheritdoc/>
public IntPtr DangerousGetHandle() => handle;
}
/// <summary>
/// <para>
/// The <c>AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE</c> structure specifies a fully qualified binary name value associated with a security attribute.
/// </para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ns-authz-_authz_security_attribute_fqbn_value typedef struct
// _AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE { ULONG64 Version; PWSTR pName; } AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE, *PAUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE;
[PInvokeData("authz.h", MSDNShortId = "05b4bf7d-a0d9-473c-b215-9cf566b2a996")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE
{
/// <summary>The version number of the structure.</summary>
public ulong Version;
/// <summary>
/// A pointer to strings that specify the names of the publisher, the product, and the original binary file of the value.
/// </summary>
public string pName;
}
/// <summary>
/// <para>The <c>AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE</c> structure specifies an octet string value for a security attribute.</para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ns-authz-_authz_security_attribute_octet_string_value typedef struct
// _AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE { PVOID pValue; ULONG ValueLength; } AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE, *PAUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE;
[PInvokeData("authz.h", MSDNShortId = "aebe20d5-280f-45d3-a11d-279a08a1a165")]
[StructLayout(LayoutKind.Sequential)]
public struct AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE
{
/// <summary>A pointer to the value.</summary>
public byte[] pValue;
/// <summary>The length, in bytes, of the pValue member.</summary>
public uint ValueLength;
}
/// <summary>
/// <para>
/// The <c>AUTHZ_SECURITY_ATTRIBUTE_V1</c> structure defines a security attribute that can be associated with an authorization context.
/// </para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ns-authz-_authz_security_attribute_v1 typedef struct
// _AUTHZ_SECURITY_ATTRIBUTE_V1 { PWSTR pName; USHORT ValueType; USHORT Reserved; ULONG Flags; ULONG ValueCount; union { PLONG64
// pInt64; PULONG64 pUint64; PWSTR *ppString; PAUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE pFqbn;
// PAUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE pOctetString; } Values; } AUTHZ_SECURITY_ATTRIBUTE_V1, *PAUTHZ_SECURITY_ATTRIBUTE_V1;
[PInvokeData("authz.h", MSDNShortId = "0c4778bb-1b5d-4422-b066-d2a6aaa1f351")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct AUTHZ_SECURITY_ATTRIBUTE_V1
{
/// <summary>A pointer to a name of a security attribute.</summary>
public string pName;
/// <summary>The data type of the values pointed to by the Values member.</summary>
public AUTHZ_SECURITY_ATTRIBUTE_DATATYPE ValueType;
/// <summary>Reserved for future use.</summary>
public ushort Reserved;
/// <summary>A combination of one or more of the following values.</summary>
public AUTHZ_SECURITY_ATTRIBUTE_FLAGS Flags;
/// <summary>The number of values specified in the Values member.</summary>
public uint ValueCount;
/// <summary>A pointer to the value.</summary>
public AUTHZ_SECURITY_ATTRIBUTE_V1_Union Values;
/// <summary>Initializes a new instance of the <see cref="AUTHZ_SECURITY_ATTRIBUTE_V1"/> struct.</summary>
/// <param name="name">The name.</param>
/// <param name="values">The value.</param>
public AUTHZ_SECURITY_ATTRIBUTE_V1(string name, params long[] values) : this(name, AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_INT64, values.Length) => Values.pInt64 = values;
/// <summary>Initializes a new instance of the <see cref="AUTHZ_SECURITY_ATTRIBUTE_V1"/> struct.</summary>
/// <param name="name">The name.</param>
/// <param name="values">The value.</param>
public AUTHZ_SECURITY_ATTRIBUTE_V1(string name, params ulong[] values) : this(name, AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_UINT64, values.Length) => Values.pUInt64 = values;
/// <summary>Initializes a new instance of the <see cref="AUTHZ_SECURITY_ATTRIBUTE_V1"/> struct.</summary>
/// <param name="name">The name.</param>
/// <param name="values">The value.</param>
public AUTHZ_SECURITY_ATTRIBUTE_V1(string name, params bool[] values) : this(name, AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_BOOLEAN, values.Length) => Values.pInt64 = Array.ConvertAll(values, Convert.ToInt64);
/// <summary>Initializes a new instance of the <see cref="AUTHZ_SECURITY_ATTRIBUTE_V1"/> struct.</summary>
/// <param name="name">The name.</param>
/// <param name="values">The value.</param>
public AUTHZ_SECURITY_ATTRIBUTE_V1(string name, params string[] values) : this(name, AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_STRING, values.Length) => Values.ppString = values;
/// <summary>Initializes a new instance of the <see cref="AUTHZ_SECURITY_ATTRIBUTE_V1"/> struct.</summary>
/// <param name="name">The name.</param>
/// <param name="values">The value.</param>
public AUTHZ_SECURITY_ATTRIBUTE_V1(string name, params AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE[] values) : this(name, AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN, values.Length) => Values.pFqbn = values;
/// <summary>Initializes a new instance of the <see cref="AUTHZ_SECURITY_ATTRIBUTE_V1"/> struct.</summary>
/// <param name="name">The name.</param>
/// <param name="values">The value.</param>
public AUTHZ_SECURITY_ATTRIBUTE_V1(string name, params AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE[] values) : this(name, AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING, values.Length) => Values.pOctetString = values;
private AUTHZ_SECURITY_ATTRIBUTE_V1(string name, AUTHZ_SECURITY_ATTRIBUTE_DATATYPE type, int count) : this()
{
pName = name;
ValueType = type;
ValueCount = (uint)count;
}
/// <summary>Union.</summary>
[StructLayout(LayoutKind.Explicit, CharSet = CharSet.Unicode)]
public struct AUTHZ_SECURITY_ATTRIBUTE_V1_Union
{
/// <summary>A pointer to one or more numeric attribute values.</summary>
[FieldOffset(0)] public long[] pInt64;
/// <summary>A pointer to one or more numeric attribute values.</summary>
[FieldOffset(0)] public ulong[] pUInt64;
/// <summary>A pointer to one or more string attribute values.</summary>
[FieldOffset(0)] public string[] ppString;
/// <summary>A pointer to one or more AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE structures.</summary>
[FieldOffset(0)] public AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE[] pFqbn;
/// <summary>A pointer to one or more AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE structures.</summary>
[FieldOffset(0)] public AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE[] pOctetString;
}
}
/// <summary>
/// <para>The <c>AUTHZ_ACCESS_REPLY</c> structure defines an access check reply.</para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ns-authz-_authz_access_reply typedef struct _AUTHZ_ACCESS_REPLY { DWORD
// ResultListLength; PACCESS_MASK GrantedAccessMask; PDWORD SaclEvaluationResults; PDWORD Error; } AUTHZ_ACCESS_REPLY, *PAUTHZ_ACCESS_REPLY;
[PInvokeData("authz.h", MSDNShortId = "7162bf80-3730-46d7-a603-2a55b969c9ba")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public sealed class AUTHZ_ACCESS_REPLY : IDisposable
{
/// <summary>
/// The number of elements in the GrantedAccessMask, SaclEvaluationResults, and Error arrays. This number matches the number of
/// entries in the object type list structure used in the access check. If no object type is used to represent the object, then
/// set ResultListLength to one.
/// </summary>
public int ResultListLength;
/// <summary>An array of granted access masks. Memory for this array is allocated by the application before calling AccessCheck.</summary>
public IntPtr GrantedAccessMask;
/// <summary>
/// An array of system access control list (SACL) evaluation results. Memory for this array is allocated by the application
/// before calling AccessCheck. SACL evaluation will only be performed if auditing is requested.
/// </summary>
public IntPtr SaclEvaluationResults;
/// <summary>
/// An array of results for each element of the array. Memory for this array is allocated by the application before calling AccessCheck.
/// </summary>
public IntPtr Error;
/// <summary>Initializes a new instance of the <see cref="AUTHZ_ACCESS_REPLY"/> struct.</summary>
/// <param name="count">The count of array members in each of the three arrays.</param>
public AUTHZ_ACCESS_REPLY(uint count)
{
if (count == 0) return;
ResultListLength = (int)count;
var sz = Marshal.SizeOf(typeof(uint)) * (int)count;
GrantedAccessMask = Marshal.AllocHGlobal(sz);
SaclEvaluationResults = Marshal.AllocHGlobal(sz);
Error = Marshal.AllocHGlobal(sz);
}
#pragma warning disable 612
/// <summary>Gets or sets the granted access mask values. The length of this array must match the value in <see cref="ResultListLength"/>.</summary>
/// <value>The granted access mask values.</value>
public uint[] GrantedAccessMaskValues
{
get
{
if (GrantedAccessMask != IntPtr.Zero && ResultListLength > 0)
return GrantedAccessMask.ToArray<uint>(ResultListLength);
return new uint[0];
}
set
{
if (value == null && ResultListLength != 0)
throw new ArgumentNullException(nameof(GrantedAccessMaskValues), $"Value cannot be null if {nameof(ResultListLength)} field does not equal 0.");
if (value != null && value.Length != ResultListLength)
throw new ArgumentOutOfRangeException(nameof(GrantedAccessMaskValues), $"Number of items must match value of {nameof(ResultListLength)} field.");
CopyArrayToPtr(value, GrantedAccessMask);
}
}
private static void CopyArrayToPtr<T>(T[] items, IntPtr ptr)
{
var ms = new MemoryStream();
var bw = new BinaryWriter(ms);
foreach (var item in items)
bw.Write(item);
Marshal.Copy(ms.ToArray(), 0, ptr, (int)ms.Length);
}
/// <summary>
/// Gets or sets the system access control list (SACL) evaluation results values. The length of this array must match the value
/// in <see cref="ResultListLength"/>.
/// </summary>
/// <value>The system access control list (SACL) evaluation results values.</value>
public uint[] SaclEvaluationResultsValues
{
get
{
if (SaclEvaluationResults != IntPtr.Zero && ResultListLength > 0)
return SaclEvaluationResults.ToArray<uint>(ResultListLength);
return new uint[0];
}
set
{
if (value == null && ResultListLength != 0)
throw new ArgumentNullException(nameof(SaclEvaluationResultsValues), $"Value cannot be null if {nameof(ResultListLength)} field does not equal 0.");
if (value != null && value.Length != ResultListLength)
throw new ArgumentOutOfRangeException(nameof(SaclEvaluationResultsValues), $"Number of items must match value of {nameof(ResultListLength)} field.");
CopyArrayToPtr(value, SaclEvaluationResults);
}
}
/// <summary>
/// Gets or sets the results for each element of the array. The length of this array must match the value in <see cref="ResultListLength"/>.
/// </summary>
/// <value>The results values.</value>
public uint[] ErrorValues
{
get
{
if (Error != IntPtr.Zero && ResultListLength > 0)
return Error.ToArray<uint>(ResultListLength);
return new uint[0];
}
set
{
if (value == null && ResultListLength != 0)
throw new ArgumentNullException(nameof(ErrorValues), $"Value cannot be null if {nameof(ResultListLength)} field does not equal 0.");
if (value != null && value.Length != ResultListLength)
throw new ArgumentOutOfRangeException(nameof(ErrorValues), $"Number of items must match value of {nameof(ResultListLength)} field.");
CopyArrayToPtr(value, Error);
}
}
#pragma warning restore 612
void IDisposable.Dispose()
{
Marshal.FreeHGlobal(GrantedAccessMask);
Marshal.FreeHGlobal(SaclEvaluationResults);
Marshal.FreeHGlobal(Error);
ResultListLength = 0;
}
}
/// <summary>
/// <para>The <c>AUTHZ_SECURITY_ATTRIBUTES_INFORMATION</c> structure specifies one or more security attributes.</para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/authz/ns-authz-_authz_security_attributes_information typedef struct
// _AUTHZ_SECURITY_ATTRIBUTES_INFORMATION { USHORT Version; USHORT Reserved; ULONG AttributeCount; union {
// PAUTHZ_SECURITY_ATTRIBUTE_V1 pAttributeV1; } Attribute; } AUTHZ_SECURITY_ATTRIBUTES_INFORMATION, *PAUTHZ_SECURITY_ATTRIBUTES_INFORMATION;
[PInvokeData("authz.h", MSDNShortId = "1db95ab0-951f-488c-b522-b3f38fc74c7c")]
public class AUTHZ_SECURITY_ATTRIBUTES_INFORMATION
{
/// <summary>The number of attributes specified by the Attribute member.</summary>
public uint AttributeCount;
/// <summary>An array of AUTHZ_SECURITY_ATTRIBUTE_V1 structures of the length of the AttributeCount member.</summary>
public AUTHZ_SECURITY_ATTRIBUTE_V1[] pAttributeV1;
/// <summary>Reserved. Do not use.</summary>
public ushort Reserved;
/// <summary>The version of this structure. Currently the only value supported is 1.</summary>
public ushort Version;
/// <summary>Initializes a new instance of the <see cref="AUTHZ_SECURITY_ATTRIBUTES_INFORMATION"/> class.</summary>
/// <param name="attributes">The attributes.</param>
public AUTHZ_SECURITY_ATTRIBUTES_INFORMATION(AUTHZ_SECURITY_ATTRIBUTE_V1[] attributes)
{
Version = 1;
Reserved = 0;
AttributeCount = (uint)(attributes?.Length ?? 0);
pAttributeV1 = attributes;
}
/// <summary>Create a AUTHZ_SECURITY_ATTRIBUTES_INFORMATION from a pointer.</summary>
/// <param name="ptr">The pointer to a block of memory.</param>
/// <returns>A AUTHZ_SECURITY_ATTRIBUTES_INFORMATION instance.</returns>
public static AUTHZ_SECURITY_ATTRIBUTES_INFORMATION FromPtr(IntPtr ptr) => (AUTHZ_SECURITY_ATTRIBUTES_INFORMATION)AUTHZ_SECURITY_ATTRIBUTES_INFORMATION_Marshaler.GetInstance(null).MarshalNativeToManaged(ptr);
}
/// <summary>
/// Provides a <see cref="SafeHandle"/> to a check results value that releases a created AUTHZ_ACCESS_CHECK_RESULTS_HANDLE instance
/// at disposal using AuthzFreeHandle.
/// </summary>
public class SafeAUTHZ_ACCESS_CHECK_RESULTS_HANDLE : SafeHANDLE
{
/// <summary>
/// Initializes a new instance of the <see cref="AUTHZ_ACCESS_CHECK_RESULTS_HANDLE"/> class and assigns an existing handle.
/// </summary>
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
/// <param name="ownsHandle">
/// <see langword="true"/> to reliably release the handle during the finalization phase; otherwise, <see langword="false"/> (not recommended).
/// </param>
public SafeAUTHZ_ACCESS_CHECK_RESULTS_HANDLE(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { }
/// <summary>Initializes a new instance of the <see cref="AUTHZ_ACCESS_CHECK_RESULTS_HANDLE"/> class.</summary>
private SafeAUTHZ_ACCESS_CHECK_RESULTS_HANDLE() : base() { }
/// <summary>Performs an implicit conversion from <see cref="SafeAUTHZ_ACCESS_CHECK_RESULTS_HANDLE"/> to <see cref="AUTHZ_ACCESS_CHECK_RESULTS_HANDLE"/>.</summary>
/// <param name="h">The safe handle instance.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator AUTHZ_ACCESS_CHECK_RESULTS_HANDLE(SafeAUTHZ_ACCESS_CHECK_RESULTS_HANDLE h) => h.handle;
/// <inheritdoc/>
protected override bool InternalReleaseHandle() => AuthzFreeHandle(this);
}
/// <summary>
/// Provides a <see cref="SafeHandle"/> to an audit event that releases a created AUTHZ_AUDIT_EVENT_HANDLE instance at disposal using AuthzFreeAuditEvent.
/// </summary>
public class SafeAUTHZ_AUDIT_EVENT_HANDLE : SafeHANDLE
{
/// <summary>Initializes a new instance of the <see cref="AUTHZ_AUDIT_EVENT_HANDLE"/> class and assigns an existing handle.</summary>
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
/// <param name="ownsHandle">
/// <see langword="true"/> to reliably release the handle during the finalization phase; otherwise, <see langword="false"/> (not recommended).
/// </param>
public SafeAUTHZ_AUDIT_EVENT_HANDLE(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { }
/// <summary>Initializes a new instance of the <see cref="AUTHZ_AUDIT_EVENT_HANDLE"/> class.</summary>
private SafeAUTHZ_AUDIT_EVENT_HANDLE() : base() { }
/// <summary>Performs an implicit conversion from <see cref="SafeAUTHZ_AUDIT_EVENT_HANDLE"/> to <see cref="AUTHZ_AUDIT_EVENT_HANDLE"/>.</summary>
/// <param name="h">The safe handle instance.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator AUTHZ_AUDIT_EVENT_HANDLE(SafeAUTHZ_AUDIT_EVENT_HANDLE h) => h.handle;
/// <inheritdoc/>
protected override bool InternalReleaseHandle() => AuthzFreeAuditEvent(this);
}
/// <summary>Provides a <see cref="SafeHandle"/> for <see cref="AUTHZ_CLIENT_CONTEXT_HANDLE"/> that is disposed using <see cref="AuthzFreeContext"/>.</summary>
public class SafeAUTHZ_CLIENT_CONTEXT_HANDLE : SafeHANDLE
{
/// <summary>
/// Initializes a new instance of the <see cref="SafeAUTHZ_CLIENT_CONTEXT_HANDLE"/> class and assigns an existing handle.
/// </summary>
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
/// <param name="ownsHandle">
/// <see langword="true"/> to reliably release the handle during the finalization phase; otherwise, <see langword="false"/> (not recommended).
/// </param>
public SafeAUTHZ_CLIENT_CONTEXT_HANDLE(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { }
/// <summary>Initializes a new instance of the <see cref="SafeAUTHZ_CLIENT_CONTEXT_HANDLE"/> class.</summary>
private SafeAUTHZ_CLIENT_CONTEXT_HANDLE() : base() { }
/// <summary>Performs an implicit conversion from <see cref="SafeAUTHZ_CLIENT_CONTEXT_HANDLE"/> to <see cref="AUTHZ_CLIENT_CONTEXT_HANDLE"/>.</summary>
/// <param name="h">The safe handle instance.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator AUTHZ_CLIENT_CONTEXT_HANDLE(SafeAUTHZ_CLIENT_CONTEXT_HANDLE h) => h.handle;
/// <inheritdoc/>
protected override bool InternalReleaseHandle() => AuthzFreeContext(this);
}
/// <summary>
/// Provides a <see cref="SafeHandle"/> for <see cref="AUTHZ_RESOURCE_MANAGER_HANDLE"/> that is disposed using <see cref="AuthzFreeResourceManager"/>.
/// </summary>
public class SafeAUTHZ_RESOURCE_MANAGER_HANDLE : SafeHANDLE
{
/// <summary>
/// Initializes a new instance of the <see cref="SafeAUTHZ_RESOURCE_MANAGER_HANDLE"/> class and assigns an existing handle.
/// </summary>
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
/// <param name="ownsHandle">
/// <see langword="true"/> to reliably release the handle during the finalization phase; otherwise, <see langword="false"/> (not recommended).
/// </param>
public SafeAUTHZ_RESOURCE_MANAGER_HANDLE(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { }
/// <summary>Initializes a new instance of the <see cref="SafeAUTHZ_RESOURCE_MANAGER_HANDLE"/> class.</summary>
private SafeAUTHZ_RESOURCE_MANAGER_HANDLE() : base() { }
/// <summary>Performs an implicit conversion from <see cref="SafeAUTHZ_RESOURCE_MANAGER_HANDLE"/> to <see cref="AUTHZ_RESOURCE_MANAGER_HANDLE"/>.</summary>
/// <param name="h">The safe handle instance.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator AUTHZ_RESOURCE_MANAGER_HANDLE(SafeAUTHZ_RESOURCE_MANAGER_HANDLE h) => h.handle;
/// <inheritdoc/>
protected override bool InternalReleaseHandle() => AuthzFreeResourceManager(this);
}
internal class AUTHZ_SECURITY_ATTRIBUTES_INFORMATION_Marshaler : ICustomMarshaler
{
public static ICustomMarshaler GetInstance(string cookie) => new AUTHZ_SECURITY_ATTRIBUTES_INFORMATION_Marshaler();
public void CleanUpManagedData(object ManagedObj)
{
}
public void CleanUpNativeData(IntPtr pNativeData) => Marshal.FreeHGlobal(pNativeData);
public int GetNativeDataSize() => -1;
public IntPtr MarshalManagedToNative(object ManagedObj)
{
// Determine size
if (!(ManagedObj is AUTHZ_SECURITY_ATTRIBUTES_INFORMATION attrInfo)) throw new InvalidOperationException("This marshaler only works on AUTHZ_SECURITY_ATTRIBUTES_INFORMATION structures.");
var sz1 = Marshal.SizeOf(typeof(Internal_AUTHZ_SECURITY_ATTRIBUTES_INFORMATION)) +
attrInfo.AttributeCount * Marshal.SizeOf(typeof(Internal_AUTHZ_SECURITY_ATTRIBUTE_V1));
var sz2 = 0L;
for (var i = 0; i < attrInfo.AttributeCount; i++)
{
var v1 = attrInfo.pAttributeV1[i];
if (string.IsNullOrEmpty(v1.pName))
throw new InvalidOperationException("Every instance of AUTHZ_SECURITY_ATTRIBUTE_V1 in the AUTHZ_SECURITY_ATTRIBUTES_INFORMATION.Values field must have a valid string for pName.");
sz2 += (v1.pName.Length + 1) * 2;
switch (v1.ValueType)
{
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_BOOLEAN:
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_INT64:
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_UINT64:
sz2 += Marshal.SizeOf(typeof(long)) * v1.ValueCount;
break;
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_STRING:
foreach (var s in v1.Values.ppString)
sz2 += (s.Length + 1) * 2 + IntPtr.Size;
sz2 += IntPtr.Size;
break;
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN:
foreach (var s in v1.Values.pFqbn)
sz2 += (s.pName.Length + 1) * 2 + Marshal.SizeOf(s.Version);
break;
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING:
foreach (var s in v1.Values.pOctetString)
sz2 += s.ValueLength + Marshal.SizeOf(s.ValueLength);
break;
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_SID:
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_INVALID:
default:
throw new InvalidOperationException(
"An instance of AUTHZ_SECURITY_ATTRIBUTE_V1 in the AUTHZ_SECURITY_ATTRIBUTES_INFORMATION.Values has an invalid data type.");
}
}
// Pack it all behind a pointer
var retPtr = Marshal.AllocHGlobal((int)(sz1 + sz2));
var ms = new MarshalingStream(retPtr, (int)sz1);
var ms2 = new MarshalingStream(retPtr.Offset(sz1), (int)sz2);
var iV1s = new Internal_AUTHZ_SECURITY_ATTRIBUTE_V1[attrInfo.AttributeCount];
for (var i = 0; i < attrInfo.AttributeCount; i++)
{
iV1s[i] = new Internal_AUTHZ_SECURITY_ATTRIBUTE_V1(attrInfo.pAttributeV1[i]) { pName = ms2.PositionPtr };
ms2.Write(attrInfo.pAttributeV1[i].pName);
iV1s[i].Values = ms2.PositionPtr;
switch (iV1s[i].ValueType)
{
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_BOOLEAN:
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_INT64:
ms2.Write(attrInfo.pAttributeV1[i].Values.pInt64);
break;
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_UINT64:
ms2.Write(attrInfo.pAttributeV1[i].Values.pUInt64);
break;
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_STRING:
ms2.Write(attrInfo.pAttributeV1[i].Values.ppString);
break;
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN:
ms2.Write(attrInfo.pAttributeV1[i].Values.pFqbn);
break;
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING:
ms2.Write(attrInfo.pAttributeV1[i].Values.pOctetString);
break;
default:
throw new ArgumentOutOfRangeException();
}
}
var iInfo = new Internal_AUTHZ_SECURITY_ATTRIBUTES_INFORMATION
{
AttributeCount = attrInfo.AttributeCount,
Version = attrInfo.Version
};
ms.Write(iInfo);
if (attrInfo.AttributeCount > 0)
{
ms.Poke(ms.PositionPtr, Marshal.OffsetOf(typeof(Internal_AUTHZ_SECURITY_ATTRIBUTES_INFORMATION), "pAttributeV1").ToInt64());
ms.Write(iV1s);
}
return retPtr;
}
public object MarshalNativeToManaged(IntPtr pNativeData)
{
if (pNativeData == IntPtr.Zero) return null;
var attrInfo = pNativeData.ToStructure<Internal_AUTHZ_SECURITY_ATTRIBUTES_INFORMATION>();
return new AUTHZ_SECURITY_ATTRIBUTES_INFORMATION(attrInfo.pAttributeV1 == IntPtr.Zero ? null :
Array.ConvertAll(attrInfo.pAttributeV1.ToArray<Internal_AUTHZ_SECURITY_ATTRIBUTE_V1>((int)attrInfo.AttributeCount), Conv));
AUTHZ_SECURITY_ATTRIBUTE_V1 Conv(Internal_AUTHZ_SECURITY_ATTRIBUTE_V1 input)
{
var v1 = new AUTHZ_SECURITY_ATTRIBUTE_V1 { pName = StringHelper.GetString(input.pName, CharSet.Unicode), Flags = input.Flags, ValueCount = input.ValueCount, ValueType = input.ValueType };
switch (v1.ValueType)
{
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_BOOLEAN:
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_INT64:
v1.Values.pInt64 = input.Values.ToArray<long>((int)v1.ValueCount);
break;
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_UINT64:
v1.Values.pUInt64 = input.Values.ToArray<ulong>((int)v1.ValueCount);
break;
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_STRING:
v1.Values.ppString = input.Values.ToStringEnum((int)v1.ValueCount, CharSet.Unicode).ToArray();
break;
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN:
v1.Values.pFqbn = input.Values.ToArray<AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE>((int)v1.ValueCount);
break;
case AUTHZ_SECURITY_ATTRIBUTE_DATATYPE.AUTHZ_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING:
v1.Values.pOctetString = input.Values.ToArray<AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE>((int)v1.ValueCount);
break;
default:
throw new ArgumentOutOfRangeException();
}
return v1;
}
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
private struct Internal_AUTHZ_SECURITY_ATTRIBUTE_V1
{
/// <summary>A pointer to a name of a security attribute.</summary>
public IntPtr pName;
/// <summary>The data type of the values pointed to by the Values member.</summary>
public AUTHZ_SECURITY_ATTRIBUTE_DATATYPE ValueType;
/// <summary>Reserved for future use.</summary>
public ushort Reserved;
/// <summary>A combination of one or more of the following values.</summary>
public AUTHZ_SECURITY_ATTRIBUTE_FLAGS Flags;
/// <summary>The number of values specified in the Values member.</summary>
public uint ValueCount;
/// <summary>A pointer to the value.</summary>
public IntPtr Values;
public Internal_AUTHZ_SECURITY_ATTRIBUTE_V1(AUTHZ_SECURITY_ATTRIBUTE_V1 v1) : this()
{
ValueType = v1.ValueType;
Flags = v1.Flags;
ValueCount = v1.ValueCount;
}
}
[StructLayout(LayoutKind.Sequential)]
private struct Internal_AUTHZ_SECURITY_ATTRIBUTES_INFORMATION
{
/// <summary>The version of this structure. Currently the only value supported is 1.</summary>
public ushort Version;
/// <summary>Reserved. Do not use.</summary>
public ushort Reserved;
/// <summary>The number of attributes specified by the Attribute member.</summary>
public uint AttributeCount;
/// <summary>An array of AUTHZ_SECURITY_ATTRIBUTE_V1 structures of the length of the AttributeCount member.</summary>
public IntPtr pAttributeV1;
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink