mirror of https://github.com/dahall/Vanara.git
3260 lines
158 KiB
C#
3260 lines
158 KiB
C#
using System;
|
||
using System.Runtime.InteropServices;
|
||
using Vanara.InteropServices;
|
||
|
||
namespace Vanara.PInvoke
|
||
{
|
||
/// <summary>Items from the Rpc.dll</summary>
|
||
public static partial class Rpc
|
||
{
|
||
/// <summary>Specifies that a client waits an indefinite amount of time.</summary>
|
||
public const int RPC_C_CANCEL_INFINITE_TIMEOUT = -1;
|
||
|
||
/// <summary>Max calls value.</summary>
|
||
public const uint RPC_C_LISTEN_MAX_CALLS_DEFAULT = 1234;
|
||
|
||
/// <summary>Max length value.</summary>
|
||
public const uint RPC_C_PROTSEQ_MAX_REQS_DEFAULT = 10;
|
||
|
||
private const string Lib_rpcrt4 = "rpcrt4.dll";
|
||
|
||
/// <summary>
|
||
/// The RPC library uses the binding time-out constants to specify the relative amount of time that should be spent to establish a
|
||
/// binding to the server before giving up. The timeout can be enabled with a call to the <c>RpcMgmtSetComTimeout</c> function. The
|
||
/// following list contains the valid time-out values.
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// The values in the preceding table are not in seconds. These values represent a relative amount of time on a scale of zero to 10.
|
||
/// For more information on avoiding communication delays, refer to Preventing Client-side Hangs.
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/rpc/binding-time-out-constants
|
||
[PInvokeData("rpcdce.h")]
|
||
public enum RCP_C_BINDING_TIMEOUT : uint
|
||
{
|
||
/// <summary>Keeps trying to establish communications forever.</summary>
|
||
RPC_C_BINDING_INFINITE_TIMEOUT = 10,
|
||
|
||
/// <summary>
|
||
/// Tries the minimum amount of time for the network protocol being used. This value favors response time over correctness in
|
||
/// determining whether the server is running.
|
||
/// </summary>
|
||
RPC_C_BINDING_MIN_TIMEOUT = 0,
|
||
|
||
/// <summary>
|
||
/// Tries an average amount of time for the network protocol being used. This value gives correctness in determining whether a
|
||
/// server is running and gives response time equal weight. This is the default value.
|
||
/// </summary>
|
||
RPC_C_BINDING_DEFAULT_TIMEOUT = 5,
|
||
|
||
/// <summary>
|
||
/// Tries the longest amount of time for the network protocol being used. This value favors correctness in determining whether a
|
||
/// server is running over response time.
|
||
/// </summary>
|
||
RPC_C_BINDING_MAX_TIMEOUT = 9,
|
||
}
|
||
|
||
/// <summary>A set of flags describing specific RPC behaviors.</summary>
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_BINDING_HANDLE_OPTIONS_V1")]
|
||
[Flags]
|
||
public enum RPC_BHO : uint
|
||
{
|
||
/// <summary>Specifies causal ordering whereby calls are executed independently of one another rather than in order of submission.</summary>
|
||
RPC_BHO_NONCAUSAL = 0x1,
|
||
|
||
/// <summary>Specifies that a socket association must be shutdown after the last binding handle on it is freed.</summary>
|
||
RPC_BHO_DONTLINGER = 0x2,
|
||
|
||
/// <summary/>
|
||
RPC_BHO_EXCLUSIVE_AND_GUARANTEED = 0x4,
|
||
}
|
||
|
||
/// <summary>
|
||
/// The authentication-level constants represent authentication levels passed to various run-time functions. These levels are listed
|
||
/// in order of increasing authentication. Each new level adds to the authentication provided by the previous level. If the RPC
|
||
/// run-time library does not support the specified level, it automatically upgrades to the next higher supported level.
|
||
/// </summary>
|
||
/// <remarks>Regardless of the value specified by the constant, <c>ncalrpc</c> always uses RPC_C_AUTHN_LEVEL_PKT_PRIVACY.</remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/rpc/authentication-level-constants
|
||
[PInvokeData("rpcdce.h")]
|
||
public enum RPC_C_AUTHN : uint
|
||
{
|
||
/// <summary>No authentication.</summary>
|
||
RPC_C_AUTHN_NONE = 0,
|
||
|
||
/// <summary>Use Distributed Computing Environment (DCE) private key authentication.</summary>
|
||
RPC_C_AUTHN_DCE_PRIVATE = 1,
|
||
|
||
/// <summary>DCE public key authentication (reserved for future use).</summary>
|
||
RPC_C_AUTHN_DCE_PUBLIC = 2,
|
||
|
||
/// <summary>DEC public key authentication (reserved for future use).</summary>
|
||
RPC_C_AUTHN_DEC_PUBLIC = 4,
|
||
|
||
/// <summary>
|
||
/// Use the Microsoft Negotiate SSP. This SSP negotiates between the use of the NTLM and Kerberos protocol Security Support
|
||
/// Providers (SSP).
|
||
/// </summary>
|
||
RPC_C_AUTHN_GSS_NEGOTIATE = 9,
|
||
|
||
/// <summary>Use the Microsoft NT LAN Manager (NTLM) SSP.</summary>
|
||
RPC_C_AUTHN_WINNT = 10,
|
||
|
||
/// <summary>
|
||
/// Use the Schannel SSP. This SSP supports Secure Socket Layer (SSL), private communication technology (PCT), and transport
|
||
/// level security (TLS).
|
||
/// </summary>
|
||
RPC_C_AUTHN_GSS_SCHANNEL = 14,
|
||
|
||
/// <summary>Use the Microsoft Kerberos SSP.</summary>
|
||
RPC_C_AUTHN_GSS_KERBEROS = 16,
|
||
|
||
/// <summary>Use Distributed Password Authentication (DPA).</summary>
|
||
RPC_C_AUTHN_DPA = 17,
|
||
|
||
/// <summary>Authentication protocol SSP used for the Microsoft Network (MSN).</summary>
|
||
RPC_C_AUTHN_MSN = 18,
|
||
|
||
/// <summary>Windows XP or later: Use the Microsoft Digest SSP</summary>
|
||
RPC_C_AUTHN_DIGEST = 21,
|
||
|
||
/// <summary>Windows 7 or later: Reserved. Do not use</summary>
|
||
RPC_C_AUTHN_NEGO_EXTENDER = 30,
|
||
|
||
/// <summary>This SSP provides an SSPI-compatible wrapper for the Microsoft Message Queue (MSMQ) transport-level protocol.</summary>
|
||
RPC_C_AUTHN_MQ = 100,
|
||
|
||
/// <summary>Use the default authentication service.</summary>
|
||
RPC_C_AUTHN_DEFAULT = 0xffffffff,
|
||
|
||
/// <summary/>
|
||
RPC_C_AUTHN_KERNEL = 20,
|
||
|
||
/// <summary/>
|
||
RPC_C_AUTHN_PKU2U = 31,
|
||
|
||
/// <summary/>
|
||
RPC_C_AUTHN_LIVE_SSP = 32,
|
||
|
||
/// <summary/>
|
||
RPC_C_AUTHN_LIVEXP_SSP = 35,
|
||
|
||
/// <summary/>
|
||
RPC_C_AUTHN_CLOUD_AP = 36,
|
||
|
||
/// <summary/>
|
||
RPC_C_AUTHN_MSONLINE = 82,
|
||
}
|
||
|
||
/// <summary>Specifies the type of additional credentials present in the <c>u</c> union.</summary>
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_SECURITY_QOS_V2_A")]
|
||
public enum RPC_C_AUTHN_INFO_TYPE
|
||
{
|
||
/// <summary>No additional credentials are passed in the u union.</summary>
|
||
RPC_C_AUTHN_INFO_TYPE_NONE,
|
||
|
||
/// <summary>
|
||
/// The HttpCredentials member of the u union points to a RPC_HTTP_TRANSPORT_CREDENTIALS structure. This value can be used only
|
||
/// when the protocol sequence is ncacn_http. Any other protocol sequence returns RPC_S_INVALID_ARG.
|
||
/// </summary>
|
||
[CorrespondingType(typeof(RPC_HTTP_TRANSPORT_CREDENTIALS))]
|
||
RPC_C_AUTHN_INFO_TYPE_HTTP,
|
||
}
|
||
|
||
/// <summary>
|
||
/// The authentication-level constants represent authentication levels passed to various run-time functions. These levels are listed
|
||
/// in order of increasing authentication. Each new level adds to the authentication provided by the previous level. If the RPC
|
||
/// run-time library does not support the specified level, it automatically upgrades to the next higher supported level.
|
||
/// </summary>
|
||
/// <remarks>Regardless of the value specified by the constant, <c>ncalrpc</c> always uses RPC_C_AUTHN_LEVEL_PKT_PRIVACY.</remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/rpc/authentication-level-constants
|
||
[PInvokeData("rpcdce.h")]
|
||
public enum RPC_C_AUTHN_LEVEL
|
||
{
|
||
/// <summary>Uses the default authentication level for the specified authentication service.</summary>
|
||
RPC_C_AUTHN_LEVEL_DEFAULT = 0,
|
||
|
||
/// <summary>Performs no authentication.</summary>
|
||
RPC_C_AUTHN_LEVEL_NONE = 1,
|
||
|
||
/// <summary>Authenticates only when the client establishes a relationship with a server.</summary>
|
||
RPC_C_AUTHN_LEVEL_CONNECT = 2,
|
||
|
||
/// <summary>
|
||
/// Authenticates only at the beginning of each remote procedure call when the server receives the request. Does not apply to
|
||
/// remote procedure calls made using the connection-based protocol sequences (those that start with the prefix "ncacn"). If the
|
||
/// protocol sequence in a binding handle is a connection-based protocol sequence and you specify this level, this routine
|
||
/// instead uses the RPC_C_AUTHN_LEVEL_PKT constant.
|
||
/// </summary>
|
||
RPC_C_AUTHN_LEVEL_CALL = 3,
|
||
|
||
/// <summary>Authenticates only that all data received is from the expected client. Does not validate the data itself.</summary>
|
||
RPC_C_AUTHN_LEVEL_PKT = 4,
|
||
|
||
/// <summary>Authenticates and verifies that none of the data transferred between client and server has been modified.</summary>
|
||
RPC_C_AUTHN_LEVEL_PKT_INTEGRITY = 5,
|
||
|
||
/// <summary>
|
||
/// Includes all previous levels, and ensures clear text data can only be seen by the sender and the receiver. In the local
|
||
/// case, this involves using a secure channel. In the remote case, this involves encrypting the argument value of each remote
|
||
/// procedure call.
|
||
/// </summary>
|
||
RPC_C_AUTHN_LEVEL_PKT_PRIVACY = 6,
|
||
}
|
||
|
||
/// <summary>
|
||
/// <para>The authorization service constants represent the authorization services passed to various run-time functions.</para>
|
||
/// <para>Most applications find RPC_C_AUTHZ_NON sufficient.</para>
|
||
/// </summary>
|
||
// https://docs.microsoft.com/en-us/windows/win32/rpc/authorization-service-constants
|
||
[PInvokeData("rpcdce.h")]
|
||
public enum RPC_C_AUTHZ : uint
|
||
{
|
||
/// <summary>Server performs no authorization.</summary>
|
||
RPC_C_AUTHZ_NONE = 0,
|
||
|
||
/// <summary>Server performs authorization based on the client's principal name.</summary>
|
||
RPC_C_AUTHZ_NAME = 1,
|
||
|
||
/// <summary>
|
||
/// Server performs authorization checking using the client's DCE privilege attribute certificate (PAC) information, which is
|
||
/// sent to the server with each remote procedure call made using the binding handle. Generally, access is checked against DCE
|
||
/// access control lists (ACLs).
|
||
/// </summary>
|
||
RPC_C_AUTHZ_DCE = 2,
|
||
|
||
/// <summary>Server uses the default authorization service for the current SSP.</summary>
|
||
RPC_C_AUTHZ_DEFAULT = 0xffffffff,
|
||
}
|
||
|
||
/// <summary>RPC authentication schemes.</summary>
|
||
[PInvokeData("rpcdce.h")]
|
||
[Flags]
|
||
public enum RPC_C_HTTP_AUTHN_SCHEME : uint
|
||
{
|
||
/// <summary/>
|
||
RPC_C_HTTP_AUTHN_SCHEME_BASIC = 0x00000001,
|
||
|
||
/// <summary/>
|
||
RPC_C_HTTP_AUTHN_SCHEME_NTLM = 0x00000002,
|
||
|
||
/// <summary/>
|
||
RPC_C_HTTP_AUTHN_SCHEME_PASSPORT = 0x00000004,
|
||
|
||
/// <summary/>
|
||
RPC_C_HTTP_AUTHN_SCHEME_DIGEST = 0x00000008,
|
||
|
||
/// <summary/>
|
||
RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE = 0x00000010,
|
||
|
||
/// <summary/>
|
||
RPC_C_HTTP_AUTHN_SCHEME_CERT = 0x00010000,
|
||
}
|
||
|
||
/// <summary>Specifies the authentication target.</summary>
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_HTTP_TRANSPORT_CREDENTIALS_A")]
|
||
[Flags]
|
||
public enum RPC_C_HTTP_AUTHN_TARGET : uint
|
||
{
|
||
/// <summary>
|
||
/// Authenticate against the RPC Proxy, which is the HTTP Server from an HTTP perspective. This is the most common value.
|
||
/// </summary>
|
||
RPC_C_HTTP_AUTHN_TARGET_SERVER = 1,
|
||
|
||
/// <summary>Authenticate against the HTTP Proxy. This value is uncommon.</summary>
|
||
RPC_C_HTTP_AUTHN_TARGET_PROXY = 2,
|
||
}
|
||
|
||
/// <summary>A set of flags that can be combined with the bitwise OR operator.</summary>
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_HTTP_TRANSPORT_CREDENTIALS_A")]
|
||
[Flags]
|
||
public enum RPC_C_HTTP_FLAG : uint
|
||
{
|
||
/// <summary>Instructs RPC to use SSL to communicate with the RPC Proxy.</summary>
|
||
RPC_C_HTTP_FLAG_USE_SSL = 1,
|
||
|
||
/// <summary>
|
||
/// When set, RPC chooses the first scheme in the AuthnSchemes array and attempts to authenticate to the RPC Proxy. If the RPC
|
||
/// Proxy does not support the selected authentication scheme, the call fails. When not set, the RPC client queries the RPC
|
||
/// Proxy for supported authentication schemes, and chooses one.
|
||
/// </summary>
|
||
RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME = 2,
|
||
|
||
/// <summary/>
|
||
RPC_C_HTTP_FLAG_IGNORE_CERT_CN_INVALID = 8,
|
||
|
||
/// <summary/>
|
||
RPC_C_HTTP_FLAG_ENABLE_CERT_REVOCATION_CHECK = 16,
|
||
}
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// Specifies an impersonation level, which indicates the amount of authority given to the server when it is impersonating the client.
|
||
/// </para>
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// <c>GetUserName</c> will fail while impersonating at identify level. The workaround is to impersonate, call
|
||
/// <c>OpenThreadToken</c>, revert, call <c>GetTokenInformation</c>, and finally, call <c>LookupAccountSid</c>. Using
|
||
/// <c>CoSetProxyBlanket</c>, the client sets the impersonation level
|
||
/// </para>
|
||
/// <para>
|
||
/// Using <c>CoSetProxyBlanket</c>, the client sets the impersonation level and proxy identity that will be available when a server
|
||
/// calls <c>CoImpersonateClient</c>. The identity the server will see when impersonating takes place is described in Cloaking. Note
|
||
/// that when making a call while impersonating, the callee will normally receive the caller's process token, not the caller's
|
||
/// impersonation token. To receive the caller's impersonation token, the caller must enable cloaking.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/com/com-impersonation-level-constants
|
||
[PInvokeData("rpcdce.h")]
|
||
public enum RPC_C_IMP_LEVEL
|
||
{
|
||
/// <summary>
|
||
/// DCOM can choose the impersonation level using its normal security blanket negotiation algorithm. For more information, see
|
||
/// Security Blanket Negotiation.
|
||
/// </summary>
|
||
RPC_C_IMP_LEVEL_DEFAULT = 0,
|
||
|
||
/// <summary>
|
||
/// The client is anonymous to the server. The server process can impersonate the client, but the impersonation token will not
|
||
/// contain any information and cannot be used.
|
||
/// </summary>
|
||
RPC_C_IMP_LEVEL_ANONYMOUS = 1,
|
||
|
||
/// <summary>
|
||
/// The server can obtain the client's identity. The server can impersonate the client for ACL checking, but it cannot access
|
||
/// system objects as the client.
|
||
/// </summary>
|
||
RPC_C_IMP_LEVEL_IDENTIFY = 2,
|
||
|
||
/// <summary>
|
||
/// The server process can impersonate the client's security context while acting on behalf of the client. This level of
|
||
/// impersonation can be used to access local resources such as files. When impersonating at this level, the impersonation token
|
||
/// can only be passed across one machine boundary. The Schannel authentication service only supports this level of impersonation.
|
||
/// </summary>
|
||
RPC_C_IMP_LEVEL_IMPERSONATE = 3,
|
||
|
||
/// <summary>
|
||
/// The server process can impersonate the client's security context while acting on behalf of the client. The server process
|
||
/// can also make outgoing calls to other servers while acting on behalf of the client, using cloaking. The server may use the
|
||
/// client's security context on other machines to access local and remote resources as the client. When impersonating at this
|
||
/// level, the impersonation token can be passed across any number of computer boundaries.
|
||
/// </summary>
|
||
RPC_C_IMP_LEVEL_DELEGATE = 4,
|
||
}
|
||
|
||
/// <summary>Values passed to RPC_MGMT_AUTHORIZATION_FN.</summary>
|
||
[PInvokeData("rpcdce.h")]
|
||
public enum RPC_C_MGMT : uint
|
||
{
|
||
/// <summary>RpcMgmtInqIfIds</summary>
|
||
RPC_C_MGMT_INQ_IF_IDS = 0,
|
||
|
||
/// <summary>RpcMgmtInqServerPrincName</summary>
|
||
RPC_C_MGMT_INQ_PRINC_NAME = 1,
|
||
|
||
/// <summary>RpcMgmtInqStats</summary>
|
||
RPC_C_MGMT_INQ_STATS = 2,
|
||
|
||
/// <summary>RpcMgmtIsServerListening</summary>
|
||
RPC_C_MGMT_IS_SERVER_LISTEN = 3,
|
||
|
||
/// <summary>RpcMgmtStopServerListening</summary>
|
||
RPC_C_MGMT_STOP_SERVER_LISTEN = 4,
|
||
}
|
||
|
||
/// <summary>
|
||
/// Applications set the binding option constants to control how the RPC run-time library processes remote procedure calls. The
|
||
/// following table lists each binding property, and the relevant constant values for the binding properties.
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// By default, the RPC run-time library executes the calls on a given binding handle from each thread of an application in strict
|
||
/// order of submission. This does not guarantee that calls from different threads on the same binding handle are serialized.
|
||
/// Multithreaded applications must serialize their RPC calls. If this behavior is too restrictive, you can enable noncausal
|
||
/// ordering. When you do, the RPC run-time library executes calls independently. It imposes no ordering on their submission.
|
||
/// </para>
|
||
/// <para>
|
||
/// One example of an application that might find noncausal ordering useful is a multithreaded program whose threads make calls on
|
||
/// the same binding handle. Similarly, a program that uses multiple asynchronous calls on a binding handle will find noncausal
|
||
/// ordering a convenient option. Another example might be an Internet proxy program that uses a single thread to handle requests
|
||
/// for several clients. In each of these cases, it would be extremely restrictive to try to serialize the remote procedure calls.
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>RPC_C_OPT_DONT_LINGER</c> option can be set only on binding handles that use the <c>ncalrpc</c> or <c>ncacn_*</c>
|
||
/// protocol sequences. It cannot be used on <c>ncadg_*</c> protocol sequences. The <c>RpcBindingSetOption</c> function with this
|
||
/// option must be called on a binding handle on which at least one RPC call has been made. If no RPC call have been made on the
|
||
/// binding handle, <c>RPC_S_WRONG_KIND_OF_BINDING</c> is returned from the <c>RpcBindingSetOption</c> function call. The option
|
||
/// takes effect for the entire association, regardless of how many binding handles are attached to the association. Since it is
|
||
/// checked before the association is destroyed, it can be set at any time before the binding handle is closed.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/rpc/binding-option-constants
|
||
[PInvokeData("rpcdce.h")]
|
||
public enum RPC_C_OPT : uint
|
||
{
|
||
/// <summary>
|
||
/// Default. If FALSE, causal call ordering. RPC calls are executed in strict order of submission. See Remarks.
|
||
/// <para>If TRUE, noncausal call ordering. RPC calls are executed independently. See Remarks.</para>
|
||
/// </summary>
|
||
[CorrespondingType(typeof(BOOL))]
|
||
RPC_C_OPT_BINDING_NONCAUSAL = 9,
|
||
|
||
/// <summary>Not needed for application programs. Used internally by Microsoft.</summary>
|
||
RPC_C_OPT_MAX_OPTIONS = 17,
|
||
|
||
/// <summary>Not needed for application programs. Used internally by Microsoft.</summary>
|
||
RPC_C_DONT_FAIL = 4,
|
||
|
||
/// <summary>If TRUE, a session ID is generated for each connection.</summary>
|
||
[CorrespondingType(typeof(BOOL))]
|
||
RPC_C_OPT_SESSION_ID = 6,
|
||
|
||
/// <summary>
|
||
/// If TRUE, client-side cookie-based authentication is used for connections. A pointer to the RPC_C_OPT_COOKIE_AUTH_DESCRIPTOR
|
||
/// structure is passed as the OptionValue parameter in RpcBindingSetOption.
|
||
/// </summary>
|
||
[CorrespondingType(typeof(BOOL))]
|
||
RPC_C_OPT_COOKIE_AUTH = 7,
|
||
|
||
/// <summary>Not needed for application programs. Used internally by Microsoft.</summary>
|
||
RPC_C_OPT_RESOURCE_TYPE_UUID = 8,
|
||
|
||
/// <summary>If TRUE, force shutdown of the association after the last binding handle/context handle on it is freed.</summary>
|
||
[CorrespondingType(typeof(BOOL))]
|
||
RPC_C_OPT_DONT_LINGER = 13,
|
||
|
||
/// <summary>
|
||
/// When set to true, RPC does not reuse existing connections. A unique binding handle is opened for each connection and state
|
||
/// is maintained for each unique binding handle.
|
||
/// </summary>
|
||
[CorrespondingType(typeof(BOOL))]
|
||
RPC_C_OPT_UNIQUE_BINDING = 11,
|
||
}
|
||
|
||
/// <summary>Set of flags that determine the attributes of the port or ports where the server receives remote procedure calls.</summary>
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_POLICY")]
|
||
[Flags]
|
||
public enum RPC_C_POL_ENDPT : uint
|
||
{
|
||
/// <summary>
|
||
/// Allocates the endpoint from one of the ports defined in the registry as "Internet Available." Valid only with ncacn_ip_tcp
|
||
/// and ncadg_ip_udp protocol sequences.
|
||
/// </summary>
|
||
RPC_C_USE_INTERNET_PORT = 0x1,
|
||
|
||
/// <summary>
|
||
/// Allocates the endpoint from one of the ports defined in the registry as "Intranet Available." Valid only with ncacn_ip_tcp
|
||
/// and ncadg_ip_udp protocol sequences.
|
||
/// </summary>
|
||
RPC_C_USE_INTRANET_PORT = 0x2,
|
||
|
||
/// <summary/>
|
||
RPC_C_DONT_FAIL = 0x4,
|
||
|
||
/// <summary/>
|
||
RPC_C_RPCHTTP_USE_LOAD_BALANCE = 0x8,
|
||
}
|
||
|
||
/// <summary>Policy for binding to Network Interface Cards (NICs).</summary>
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_POLICY")]
|
||
public enum RPC_C_POL_NIC
|
||
{
|
||
/// <summary>
|
||
/// Binds to NICs on the basis of the registry settings. Always use this value when you are using the RPC_POLICY structure to
|
||
/// define message-queue properties.
|
||
/// </summary>
|
||
RPC_C_BIND_TO_REG_NICS,
|
||
|
||
/// <summary>
|
||
/// Overrides the registry settings and binds to all NICs. If the Bind key is missing from the registry, then the NICFlags
|
||
/// member will have no effect at run time. If the key contains an invalid value, then the entire configuration is marked as
|
||
/// invalid and all calls to RpcServerUseProtseq* will fail.
|
||
/// </summary>
|
||
RPC_C_BIND_TO_ALL_NICS,
|
||
}
|
||
|
||
/// <summary>Security services being provided to the application.</summary>
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_SECURITY_QOS")]
|
||
[Flags]
|
||
public enum RPC_C_QOS_CAPABILITIES : uint
|
||
{
|
||
/// <summary>Used when no provider-specific capabilities are needed.</summary>
|
||
RPC_C_QOS_CAPABILITIES_DEFAULT = 0x0,
|
||
|
||
/// <summary>
|
||
/// Specifying this flag causes the RPC run time to request mutual authentication from the security provider. Some security
|
||
/// providers do not support mutual authentication. If the security provider does not support mutual authentication, or the
|
||
/// identity of the server cannot be established, a remote procedure call to such server fails with error RPC_S_SEC_PKG_ERROR.
|
||
/// </summary>
|
||
RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH = 0x1,
|
||
|
||
/// <summary>Not currently implemented.</summary>
|
||
RPC_C_QOS_CAPABILITIES_MAKE_FULLSIC = 0x2,
|
||
|
||
/// <summary>
|
||
/// Accepts the client's credentials even if the certificate authority (CA) is not in the server's list of trusted CAs. This
|
||
/// constant is used only by the SCHANNEL SSP.
|
||
/// </summary>
|
||
RPC_C_QOS_CAPABILITIES_ANY_AUTHORITY = 0x4,
|
||
|
||
/// <summary>
|
||
/// When specified, this flag directs the RPC runtime on the client to ignore an error to establish a security context that
|
||
/// supports delegation. Normally, if the client asks for delegation and the security system cannot establish a security context
|
||
/// that supports delegation, error RPC_S_SEC_PKG_ERROR is returned; when this flag is specified, no error is returned.
|
||
/// </summary>
|
||
RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE = 0x8,
|
||
|
||
/// <summary>
|
||
/// This flag specifies to RPC that the server is local to the machine making the RPC call. In this situation RPC instructs the
|
||
/// endpoint mapper to pick up only endpoints registered by the principal specified in the ServerPrincName or Sid members (these
|
||
/// members are available in RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4, and RPC_SECURITY_QOS_V5 only). See Remarks for more information.
|
||
/// </summary>
|
||
RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT = 0x10,
|
||
|
||
/// <summary>
|
||
/// If set, the RPC runtime uses the SChannel SSP to perform smartcard-based authentication without displaying a PIN prompt
|
||
/// dialog box by the cryptographic services provider (CSP). In the call to RpcBindingSetAuthInfoEx, the AuthIdentity parameter
|
||
/// must be a SEC_WINNT_AUTH_IDENTITY structure whose members contain the following: If the
|
||
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY flag is used for any SSP other than SChannel, or if the members of
|
||
/// SEC_WINNT_AUTH_IDENTITY do not conform to the above, RPC_S_INVALID_ARG will be returned by RpcBindingSetAuthInfoEx.
|
||
/// </summary>
|
||
RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY = 0x20,
|
||
}
|
||
|
||
/// <summary>Sets the context tracking mode.</summary>
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_SECURITY_QOS")]
|
||
[Flags]
|
||
public enum RPC_C_QOS_IDENTITY : uint
|
||
{
|
||
/// <summary>
|
||
/// Security context is created only once and is never revised during the entire communication, even if the client side changes
|
||
/// it. This is the default behavior if RPC_SECURITY_QOS is not specified.
|
||
/// </summary>
|
||
RPC_C_QOS_IDENTITY_STATIC = 0,
|
||
|
||
/// <summary>
|
||
/// Context is revised whenever the ModifiedId in the client's token is changed. All protocols use the ModifiedId (see note).
|
||
/// Windows 2000: All remote protocols (all protocols other than ncalrpc) use the AuthenticationID, also known as the LogonId,
|
||
/// to track changes in the client's identity. The ncalrpc protocol uses ModifiedId.
|
||
/// </summary>
|
||
RPC_C_QOS_IDENTITY_DYNAMIC = 1,
|
||
}
|
||
|
||
/// <summary>
|
||
/// <para>Interface Registration Flags</para>
|
||
/// <para>These constants are used in the Flags parameter of the <c>RpcServerRegisterIf2</c> and <c>RpcServerRegisterIfEx</c> functions.</para>
|
||
/// </summary>
|
||
// https://docs.microsoft.com/en-us/windows/win32/rpc/interface-registration-flags
|
||
[PInvokeData("rpcdce.h")]
|
||
[Flags]
|
||
public enum RPC_IF
|
||
{
|
||
/// <summary>
|
||
/// This is an auto-listen interface. The run time begins listening for calls as soon as the first autolisten interface is
|
||
/// registered, and stops listening when the last autolisten interface is unregistered.
|
||
/// </summary>
|
||
RPC_IF_AUTOLISTEN = 0x0001,
|
||
|
||
/// <summary>Reserved for OLE. Do not use this flag.</summary>
|
||
RPC_IF_OLE = 0x0002,
|
||
|
||
/// <summary>Currently not implemented.</summary>
|
||
RPC_IF_ALLOW_UNKNOWN_AUTHORITY = 0x0004,
|
||
|
||
/// <summary>
|
||
/// Limits connections to clients that use an authorization level higher than RPC_C_AUTHN_LEVEL_NONE. Specifying this flag
|
||
/// allows clients to come through on the NULL session. On Windows XP and Windows Server 2003, such clients are not allowed.
|
||
/// Clients that fail the RPC_IF_ALLOW_SECURE_ONLY test receive an RPC_S_ACCESS_DENIED error. Using the RPC_IF_ALLOW_SECURE_ONLY
|
||
/// flag does not imply or guarantee a high level of privilege on the part of the calling user. RPC only checks that the user
|
||
/// has valid credentials; the calling user may be using the guest account or other low privileged accounts. Do not assume high
|
||
/// privilege when RPC_IF_ALLOW_SECURE_ONLY is used. Windows NT 4.0 and Windows Me/98/95:
|
||
/// </summary>
|
||
RPC_IF_ALLOW_SECURE_ONLY = 0x0008,
|
||
|
||
/// <summary>
|
||
/// When this interface flag is registered, the RPC runtime invokes the registered security callback for all calls, regardless
|
||
/// of identity, protocol sequence, or authentication level of the client.
|
||
/// </summary>
|
||
RPC_IF_ALLOW_CALLBACKS_WITH_NO_AUTH = 0x0010,
|
||
|
||
/// <summary>
|
||
/// When this interface flag is registered, the RPC runtime rejects calls made by remote clients. All local calls using ncadg_*
|
||
/// and ncacn_* protocol sequences are also rejected, with the exception of ncacn_np. RPC allows ncacn_NP calls only if the call
|
||
/// does not come from SRV. Calls from ncalrpc are always processed.
|
||
/// </summary>
|
||
RPC_IF_ALLOW_LOCAL_ONLY = 0x0020,
|
||
|
||
/// <summary>Disables security callback caching, forcing a security callback for each RPC call on a given interface.</summary>
|
||
RPC_IF_SEC_NO_CACHE = 0x0040,
|
||
|
||
/// <summary/>
|
||
RPC_IF_SEC_CACHE_PER_PROC = 0x0080,
|
||
|
||
/// <summary/>
|
||
RPC_IF_ASYNC_CALLBACK = 0x0100,
|
||
}
|
||
|
||
/// <summary>Character set used by <see cref="SEC_WINNT_AUTH_IDENTITY"/></summary>
|
||
public enum SEC_WINNT_AUTH_IDENTITY_CHARSET
|
||
{
|
||
/// <summary>The strings in this structure are in ANSI format.</summary>
|
||
SEC_WINNT_AUTH_IDENTITY_ANSI = 0x1,
|
||
|
||
/// <summary>The strings in this structure are in Unicode format.</summary>
|
||
SEC_WINNT_AUTH_IDENTITY_UNICODE = 0x2
|
||
}
|
||
|
||
/// <summary>Provides a RPC_AUTH_IDENTITY_HANDLE.</summary>
|
||
[PInvokeData("rpcdce.h")]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct RPC_AUTH_IDENTITY_HANDLE : IHandle
|
||
{
|
||
private readonly IntPtr handle;
|
||
|
||
/// <summary>Initializes a new instance of the <see cref="RPC_AUTH_IDENTITY_HANDLE"/> struct.</summary>
|
||
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
|
||
public RPC_AUTH_IDENTITY_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle;
|
||
|
||
/// <summary>Returns an invalid handle by instantiating a <see cref="RPC_AUTH_IDENTITY_HANDLE"/> object with <see cref="IntPtr.Zero"/>.</summary>
|
||
public static RPC_AUTH_IDENTITY_HANDLE NULL => new RPC_AUTH_IDENTITY_HANDLE(IntPtr.Zero);
|
||
|
||
/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
|
||
public bool IsNull => handle == IntPtr.Zero;
|
||
|
||
/// <summary>Performs an explicit conversion from <see cref="RPC_AUTH_IDENTITY_HANDLE"/> to <see cref="IntPtr"/>.</summary>
|
||
/// <param name="h">The handle.</param>
|
||
/// <returns>The result of the conversion.</returns>
|
||
public static explicit operator IntPtr(RPC_AUTH_IDENTITY_HANDLE h) => h.handle;
|
||
|
||
/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="RPC_AUTH_IDENTITY_HANDLE"/>.</summary>
|
||
/// <param name="h">The pointer to a handle.</param>
|
||
/// <returns>The result of the conversion.</returns>
|
||
public static implicit operator RPC_AUTH_IDENTITY_HANDLE(IntPtr h) => new RPC_AUTH_IDENTITY_HANDLE(h);
|
||
|
||
/// <summary>Implements the operator !=.</summary>
|
||
/// <param name="h1">The first handle.</param>
|
||
/// <param name="h2">The second handle.</param>
|
||
/// <returns>The result of the operator.</returns>
|
||
public static bool operator !=(RPC_AUTH_IDENTITY_HANDLE h1, RPC_AUTH_IDENTITY_HANDLE h2) => !(h1 == h2);
|
||
|
||
/// <summary>Implements the operator ==.</summary>
|
||
/// <param name="h1">The first handle.</param>
|
||
/// <param name="h2">The second handle.</param>
|
||
/// <returns>The result of the operator.</returns>
|
||
public static bool operator ==(RPC_AUTH_IDENTITY_HANDLE h1, RPC_AUTH_IDENTITY_HANDLE h2) => h1.Equals(h2);
|
||
|
||
/// <inheritdoc/>
|
||
public override bool Equals(object obj) => obj is RPC_AUTH_IDENTITY_HANDLE h && handle == h.handle;
|
||
|
||
/// <inheritdoc/>
|
||
public override int GetHashCode() => handle.GetHashCode();
|
||
|
||
/// <inheritdoc/>
|
||
public IntPtr DangerousGetHandle() => handle;
|
||
}
|
||
|
||
/// <summary>Provides a RPC_AUTHZ_HANDLE.</summary>
|
||
[PInvokeData("rpcdce.h")]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct RPC_AUTHZ_HANDLE : IHandle
|
||
{
|
||
private readonly IntPtr handle;
|
||
|
||
/// <summary>Initializes a new instance of the <see cref="RPC_AUTHZ_HANDLE"/> struct.</summary>
|
||
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
|
||
public RPC_AUTHZ_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle;
|
||
|
||
/// <summary>Returns an invalid handle by instantiating a <see cref="RPC_AUTHZ_HANDLE"/> object with <see cref="IntPtr.Zero"/>.</summary>
|
||
public static RPC_AUTHZ_HANDLE NULL => new RPC_AUTHZ_HANDLE(IntPtr.Zero);
|
||
|
||
/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
|
||
public bool IsNull => handle == IntPtr.Zero;
|
||
|
||
/// <summary>Performs an explicit conversion from <see cref="RPC_AUTHZ_HANDLE"/> to <see cref="IntPtr"/>.</summary>
|
||
/// <param name="h">The handle.</param>
|
||
/// <returns>The result of the conversion.</returns>
|
||
public static explicit operator IntPtr(RPC_AUTHZ_HANDLE h) => h.handle;
|
||
|
||
/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="RPC_AUTHZ_HANDLE"/>.</summary>
|
||
/// <param name="h">The pointer to a handle.</param>
|
||
/// <returns>The result of the conversion.</returns>
|
||
public static implicit operator RPC_AUTHZ_HANDLE(IntPtr h) => new RPC_AUTHZ_HANDLE(h);
|
||
|
||
/// <summary>Implements the operator !=.</summary>
|
||
/// <param name="h1">The first handle.</param>
|
||
/// <param name="h2">The second handle.</param>
|
||
/// <returns>The result of the operator.</returns>
|
||
public static bool operator !=(RPC_AUTHZ_HANDLE h1, RPC_AUTHZ_HANDLE h2) => !(h1 == h2);
|
||
|
||
/// <summary>Implements the operator ==.</summary>
|
||
/// <param name="h1">The first handle.</param>
|
||
/// <param name="h2">The second handle.</param>
|
||
/// <returns>The result of the operator.</returns>
|
||
public static bool operator ==(RPC_AUTHZ_HANDLE h1, RPC_AUTHZ_HANDLE h2) => h1.Equals(h2);
|
||
|
||
/// <inheritdoc/>
|
||
public override bool Equals(object obj) => obj is RPC_AUTHZ_HANDLE h && handle == h.handle;
|
||
|
||
/// <inheritdoc/>
|
||
public override int GetHashCode() => handle.GetHashCode();
|
||
|
||
/// <inheritdoc/>
|
||
public IntPtr DangerousGetHandle() => handle;
|
||
}
|
||
|
||
/// <summary>Provides a handle to an RPC binding.</summary>
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct RPC_BINDING_HANDLE : IHandle
|
||
{
|
||
private readonly IntPtr handle;
|
||
|
||
/// <summary>Initializes a new instance of the <see cref="RPC_BINDING_HANDLE"/> struct.</summary>
|
||
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
|
||
public RPC_BINDING_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle;
|
||
|
||
/// <summary>Returns an invalid handle by instantiating a <see cref="RPC_BINDING_HANDLE"/> object with <see cref="IntPtr.Zero"/>.</summary>
|
||
public static RPC_BINDING_HANDLE NULL => new RPC_BINDING_HANDLE(IntPtr.Zero);
|
||
|
||
/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
|
||
public bool IsNull => handle == IntPtr.Zero;
|
||
|
||
/// <summary>Performs an explicit conversion from <see cref="RPC_BINDING_HANDLE"/> to <see cref="IntPtr"/>.</summary>
|
||
/// <param name="h">The handle.</param>
|
||
/// <returns>The result of the conversion.</returns>
|
||
public static explicit operator IntPtr(RPC_BINDING_HANDLE h) => h.handle;
|
||
|
||
/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="RPC_BINDING_HANDLE"/>.</summary>
|
||
/// <param name="h">The pointer to a handle.</param>
|
||
/// <returns>The result of the conversion.</returns>
|
||
public static implicit operator RPC_BINDING_HANDLE(IntPtr h) => new RPC_BINDING_HANDLE(h);
|
||
|
||
/// <summary>Implements the operator !=.</summary>
|
||
/// <param name="h1">The first handle.</param>
|
||
/// <param name="h2">The second handle.</param>
|
||
/// <returns>The result of the operator.</returns>
|
||
public static bool operator !=(RPC_BINDING_HANDLE h1, RPC_BINDING_HANDLE h2) => !(h1 == h2);
|
||
|
||
/// <summary>Implements the operator ==.</summary>
|
||
/// <param name="h1">The first handle.</param>
|
||
/// <param name="h2">The second handle.</param>
|
||
/// <returns>The result of the operator.</returns>
|
||
public static bool operator ==(RPC_BINDING_HANDLE h1, RPC_BINDING_HANDLE h2) => h1.Equals(h2);
|
||
|
||
/// <inheritdoc/>
|
||
public override bool Equals(object obj) => obj is RPC_BINDING_HANDLE h && handle == h.handle;
|
||
|
||
/// <inheritdoc/>
|
||
public override int GetHashCode() => handle.GetHashCode();
|
||
|
||
/// <inheritdoc/>
|
||
public IntPtr DangerousGetHandle() => handle;
|
||
}
|
||
|
||
/// <summary>
|
||
/// The <c>RPC_BINDING_HANDLE_OPTIONS_V1</c> structure contains additional options with which to create an RPC binding handle.
|
||
/// </summary>
|
||
/// <remarks>If this structure is not specified in a call to RpcBindingCreate, the default values for each option are used.</remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_binding_handle_options_v1 typedef struct
|
||
// _RPC_BINDING_HANDLE_OPTIONS_V1 { unsigned long Version; unsigned long Flags; unsigned long ComTimeout; unsigned long CallTimeout;
|
||
// } RPC_BINDING_HANDLE_OPTIONS_V1, *PRPC_BINDING_HANDLE_OPTIONS_V1;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_BINDING_HANDLE_OPTIONS_V1")]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct RPC_BINDING_HANDLE_OPTIONS_V1
|
||
{
|
||
/// <summary>The version of this structure. For <c>RPC_BINDING_HANDLE_OPTIONS_V1</c> this must be set to 1.</summary>
|
||
public uint Version;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// A set of flags describing specific RPC behaviors. This parameter can be set to one or more of the following values. Note
|
||
/// that by default, RPC calls use causal order and socket lingering.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_BHO_NONCAUSAL</term>
|
||
/// <term>Specifies causal ordering whereby calls are executed independently of one another rather than in order of submission.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_BHO_DONTLINGER</term>
|
||
/// <term>Specifies that a socket association must be shutdown after the last binding handle on it is freed.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public uint Flags;
|
||
|
||
/// <summary>
|
||
/// The communication timeout value, specified in microseconds. The default value for RPC is <see
|
||
/// cref="RCP_C_BINDING_TIMEOUT.RPC_C_BINDING_DEFAULT_TIMEOUT"/>. This option can be changed later by calling RpcMgmtSetComTimeout.
|
||
/// </summary>
|
||
public uint ComTimeout;
|
||
|
||
/// <summary>The call timeout value, specified in microseconds. The default value for RPC is 0.</summary>
|
||
public uint CallTimeout;
|
||
}
|
||
|
||
/// <summary>
|
||
/// The <c>RPC_BINDING_HANDLE_SECURITY_V1</c> structure contains the basic security options with which to create an RPC binding handle.
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// If this structure is not passed to RpcBindingCreate -- that is, if the Security parameter of <c>RpcBindingCreate</c> is set to
|
||
/// <c>NULL</c> -- then the following default security behaviors are assumed:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>
|
||
/// For the protocol sequence ncalrpc (local RPC), RPC will use transport-level security. This means that RPC will use the security
|
||
/// mechanisms offered by the Windows kernel to provide security, and RPC will not authenticate the server since it connects using
|
||
/// the current thread identity. In this case, the identity tracking is static, the impersonation type is set to "Impersonate", and
|
||
/// the authentication level is set to "Privacy".
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// For the protocol sequence ncacn_np, RPC will also use transport-level security. If the call is remote, RPC uses the security
|
||
/// mechanisms provided by the Windows file system redirector and there is no mutual authentication. In this case, the identity is
|
||
/// the current thread identity, the identity tracking state is static, the impersonation type is set to "Impersonate", and the
|
||
/// authentication level is determined by the policies of the remote machine.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// For the protocol sequences ncacn_ip_tcp, ncacn_ip_udp and ncacn_http, no security is used when Security is set to <c>NULL</c>.
|
||
/// The server will not perform impersonation, and all data will be sent as clear text. To provide maximum protection for data, the
|
||
/// application must always provide security data.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// The following table summarizes the default security settings for the different protocol sequences if the Security parameter of
|
||
/// RpcBindingCreate is set to <c>NULL</c>.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Default Security Settings</term>
|
||
/// <term>ncalrpc</term>
|
||
/// <term>local ncacn_np</term>
|
||
/// <term>remote ncacn_np</term>
|
||
/// <term>ncacn_ip_tcp, ncacn_ip_udp, and ncacn_http</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>Security Mechanism</term>
|
||
/// <term>Windows Kernel</term>
|
||
/// <term>NPFS</term>
|
||
/// <term>File system redirector</term>
|
||
/// <term>None</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Authentication Level</term>
|
||
/// <term>Privacy</term>
|
||
/// <term>Privacy</term>
|
||
/// <term>Server policy dependent</term>
|
||
/// <term>None</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Mutual Authentication?</term>
|
||
/// <term>No</term>
|
||
/// <term>No</term>
|
||
/// <term>No</term>
|
||
/// <term>No</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Impersonation Type</term>
|
||
/// <term>Impersonate</term>
|
||
/// <term>Impersonate</term>
|
||
/// <term>Impersonate</term>
|
||
/// <term>N/A</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Identity Tracking Type</term>
|
||
/// <term>Static</term>
|
||
/// <term>Dynamic</term>
|
||
/// <term>Static</term>
|
||
/// <term>N/A</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Effective Only?</term>
|
||
/// <term>Yes</term>
|
||
/// <term>No</term>
|
||
/// <term>N/A</term>
|
||
/// <term>N/A</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Call Identity</term>
|
||
/// <term>Current thread</term>
|
||
/// <term>Current thread</term>
|
||
/// <term>Current thread or "net use" settings</term>
|
||
/// <term>N/A</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// <c>Note</c> If you create your binding handle by calling the RpcBindingFromStringBinding API, the default identity tracking for
|
||
/// ncalrpc in the absence of specific security settings is dynamic. If you create a fast binding handle by calling the
|
||
/// RpcBindingCreate API, the default identity tracking for ncalrpc in the absence of specific security settings is static. You
|
||
/// should be aware of the differences in these two APIs if you are switching between them in your application. After the binding
|
||
/// handle is created, the RpcBindingSetAuthInfo and RpcBindingSetAuthInfoEx APIs can be used to change the settings of the binding
|
||
/// handle set with this structure.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_binding_handle_security_v1_a typedef struct
|
||
// _RPC_BINDING_HANDLE_SECURITY_V1_A { unsigned long Version; unsigned char *ServerPrincName; unsigned long AuthnLevel; unsigned
|
||
// long AuthnSvc; SEC_WINNT_AUTH_IDENTITY_A *AuthIdentity; RPC_SECURITY_QOS *SecurityQos; } RPC_BINDING_HANDLE_SECURITY_V1_A, *PRPC_BINDING_HANDLE_SECURITY_V1_A;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_BINDING_HANDLE_SECURITY_V1_A")]
|
||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
|
||
public struct RPC_BINDING_HANDLE_SECURITY_V1
|
||
{
|
||
/// <summary>The version of this structure. For <c>RPC_BINDING_HANDLE_SECURITY_V1</c> this must be set to 1.</summary>
|
||
public uint Version;
|
||
|
||
/// <summary>
|
||
/// Pointer to a string that contains the server principal name referenced by the binding handle. The content of the name and
|
||
/// its syntax are defined by the authentication service in use.
|
||
/// </summary>
|
||
[MarshalAs(UnmanagedType.LPTStr)]
|
||
public string ServerPrincName;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// Level of authentication to be performed on remote procedure calls made using this binding handle. For a list of the
|
||
/// RPC-supported authentication levels, see Authentication-Level Constants.
|
||
/// </para>
|
||
/// <para>If AuthnSvc is set to RPC_C_AUTHN_NONE, this member must likewise be set to RPC_C_AUTHN_NONE.</para>
|
||
/// </summary>
|
||
public RPC_C_AUTHN AuthnLevel;
|
||
|
||
/// <summary>
|
||
/// <para>Authentication service to use when binding.</para>
|
||
/// <para>Specify RPC_C_AUTHN_NONE to turn off authentication for remote procedure calls made using the binding handle.</para>
|
||
/// <para>
|
||
/// If RPC_C_AUTHN_DEFAULT is specified, the RPC run-time library uses the RPC_C_AUTHN_WINNT authentication service for remote
|
||
/// procedure calls made using the binding handle.
|
||
/// </para>
|
||
/// <para>If AuthnLevel is set to RPC_C_AUTHN_NONE, this member must likewise be set to RPC_C_AUTHN_NONE.</para>
|
||
/// </summary>
|
||
public RPC_C_AUTHN AuthnSvc;
|
||
|
||
/// <summary>
|
||
/// <see cref="Secur32.SEC_WINNT_AUTH_IDENTITY"/> structure that contains the client's authentication and authorization
|
||
/// credentials appropriate for the selected authentication and authorization service.
|
||
/// </summary>
|
||
public IntPtr AuthIdentity;
|
||
|
||
/// <summary>
|
||
/// <para><see cref="RPC_SECURITY_QOS"/> structure that contains the security quality-of-service settings for the binding handle.</para>
|
||
/// <para><c>Note</c> For a list of the RPC-supported authentication services, see Authentication-Service Constants.</para>
|
||
/// </summary>
|
||
public IntPtr SecurityQos;
|
||
}
|
||
|
||
/// <summary>
|
||
/// The <c>RPC_BINDING_HANDLE_TEMPLATE_V1</c> structure contains the basic options with which to create an RPC binding handle.
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// Fast binding handles are slightly different from "classic" binding handles in the way they are handled during calls to
|
||
/// RpcBindingReset. <c>RpcBindingReset</c> is a no-op call for static fast binding handles. For classic binding handles, however,
|
||
/// <c>RpcBindingReset</c> converts a static binding handle into a dynamic one to preserve backwards compatibility.
|
||
/// </para>
|
||
/// <para>
|
||
/// The following table demonstrates the behavior of static and dynamic binding handles with regards to RpcBindingReset and RpcEpResolveBinding.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Endpoint Type</term>
|
||
/// <term>Static</term>
|
||
/// <term>Dynamic</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>Binding Handle Type</term>
|
||
/// <term>Fast</term>
|
||
/// <term>Classic</term>
|
||
/// <term>Fast</term>
|
||
/// <term>Classic</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RpcBindingReset</term>
|
||
/// <term>No-op</term>
|
||
/// <term>Converts to dynamic</term>
|
||
/// <term>Removes resolved endpoint if one is present</term>
|
||
/// <term>Removes resolved endpoint if one is present</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RpcEpResolveBinding</term>
|
||
/// <term>No-op</term>
|
||
/// <term>No-op</term>
|
||
/// <term>Resolves endpoint if not previously resolved</term>
|
||
/// <term>Resolves endpoint if not previously resolved</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_binding_handle_template_v1_a typedef struct
|
||
// _RPC_BINDING_HANDLE_TEMPLATE_V1_A { unsigned long Version; unsigned long Flags; unsigned long ProtocolSequence; unsigned char
|
||
// *NetworkAddress; unsigned char *StringEndpoint; union { unsigned char *Reserved; } u1; UUID ObjectUuid; }
|
||
// RPC_BINDING_HANDLE_TEMPLATE_V1_A, *PRPC_BINDING_HANDLE_TEMPLATE_V1_A;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_BINDING_HANDLE_TEMPLATE_V1_A")]
|
||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
|
||
public struct RPC_BINDING_HANDLE_TEMPLATE_V1
|
||
{
|
||
/// <summary>The version of this structure. For <c>RPC_BINDING_HANDLE_TEMPLATE_V1</c> this must be set to 1.</summary>
|
||
public uint Version;
|
||
|
||
/// <summary>
|
||
/// <para>Flag values that describe specific properties of the RPC template.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_BHT_OBJECT_UUID_VALID</term>
|
||
/// <term>
|
||
/// The ObjectUuid member contains a valid value. If this flag is not set, then the ObjectUuid member does not contain a valid UUID.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public uint Flags;
|
||
|
||
/// <summary>
|
||
/// <para>A protocol sequence string literal associated with this binding handle. It can be one of the following values.</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term><c>ncalrpc</c> - Specifies local RPC.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term><c>ncacn_ip_tcp</c> - Specifies RPC over TCP/IP.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term><c>ncacn_np</c> - Specifies RPC over named pipes.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term><c>ncacn_http</c> - Specifies RPC over HTTP.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public uint ProtocolSequence;
|
||
|
||
/// <summary>Pointer to a string representation of the network address to bind to.</summary>
|
||
[MarshalAs(UnmanagedType.LPTStr)]
|
||
public string NetworkAddress;
|
||
|
||
/// <summary>
|
||
/// Pointer to a string representation of the endpoint to bind to. If a dynamic endpoint is used, set this member to
|
||
/// <c>NULL</c>. After the endpoint is resolved, use RpcBindingToStringBinding to obtain it.
|
||
/// </summary>
|
||
[MarshalAs(UnmanagedType.LPTStr)]
|
||
public string StringEndpoint;
|
||
|
||
/// <summary>Reserved. This member must be set to <c>NULL</c>.</summary>
|
||
public IntPtr u1;
|
||
|
||
/// <summary>
|
||
/// The UUID of the remote object. The semantics for this UUID are the same as those for a string binding. After the binding
|
||
/// handle is created, call RpcBindingSetObject to change the UUID as needed.
|
||
/// </summary>
|
||
public Guid ObjectUuid;
|
||
}
|
||
|
||
/// <summary>
|
||
/// The <c>RPC_BINDING_VECTOR</c> structure contains a list of binding handles over which a server application can receive remote
|
||
/// procedure calls.
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// The binding vector contains a count member ( <c>Count</c>), followed by an array of binding-handle ( <c>BindingH</c>) elements.
|
||
/// </para>
|
||
/// <para>
|
||
/// The RPC run-time library creates binding handles when a server application registers protocol sequences. To obtain a binding
|
||
/// vector, a server application calls RpcServerInqBindings.
|
||
/// </para>
|
||
/// <para>A client application obtains a binding vector of compatible servers from the name-service database by calling RpcNsBindingLookupNext.</para>
|
||
/// <para>
|
||
/// In both routines, the RPC run-time library allocates memory for the binding vector. An application calls RpcBindingVectorFree to
|
||
/// free the binding vector.
|
||
/// </para>
|
||
/// <para>
|
||
/// To remove an individual binding handle from the vector, the application must set the value in the vector to <c>NULL</c>. When
|
||
/// setting a vector element to <c>NULL</c>, the application must:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>Free the individual binding.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Not change the value of <c>Count</c>.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>Calling RpcBindingFree allows an application to free all binding handles in the vector.</para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_binding_vector typedef struct _RPC_BINDING_VECTOR {
|
||
// unsigned long Count; RPC_BINDING_HANDLE BindingH[1]; } RPC_BINDING_VECTOR;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_BINDING_VECTOR")]
|
||
[VanaraMarshaler(typeof(SafeAnysizeStructMarshaler<RPC_BINDING_VECTOR>), nameof(Count))]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct RPC_BINDING_VECTOR
|
||
{
|
||
/// <summary>Number of binding handles present in the binding-handle array <c>BindingH</c>.</summary>
|
||
public uint Count;
|
||
|
||
/// <summary>Array of binding handles that contains <c>Count</c> elements.</summary>
|
||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
|
||
public RPC_BINDING_HANDLE[] BindingH;
|
||
}
|
||
|
||
/// <summary>
|
||
/// The <c>RPC_ENDPOINT_TEMPLATE</c> structure specifies the properties of an RPC interface group server endpoint, including
|
||
/// protocol sequence and name.
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// The value provided in Backlog by applications is only a hint. The RPC run time or the Windows Sockets provider may override the
|
||
/// value. For example, on Windows XP or Windows 2000 Professional, the value is limited to 5. Values greater than 5 are ignored and
|
||
/// 5 is used instead. On Windows Server 2003 and Windows 2000 Server, the value will be honored.
|
||
/// </para>
|
||
/// <para>
|
||
/// Applications must be careful to pass reasonable values in Backlog. Large values on Server, Advanced Server, or Datacenter Server
|
||
/// can cause a large amount of non-paged pool memory to be used. Using too small a value is also unfavorable, as it may result in
|
||
/// TCP SYN packets being met by TCP RST from the server if the backlog queue gets exhausted.
|
||
/// </para>
|
||
/// <para>
|
||
/// An application developer should balance memory footprint versus scalability requirements when determining the proper value for Backlog.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_endpoint_template typedef struct { unsigned long Version;
|
||
// RPC_CSTR ProtSeq; RPC_CSTR Endpoint; void *SecurityDescriptor; unsigned long Backlog; } RPC_ENDPOINT_TEMPLATE, *PRPC_ENDPOINT_TEMPLATE;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce.__unnamed_struct_5")]
|
||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
|
||
public struct RPC_ENDPOINT_TEMPLATE
|
||
{
|
||
/// <summary>This field is reserved and must be set to 0.</summary>
|
||
public uint Version;
|
||
|
||
/// <summary>
|
||
/// Pointer to a string identifier of the protocol sequence to register with the RPC run-time library. Only ncalrpc,
|
||
/// ncacn_ip_tcp, and ncacn_np are supported. This value must not be <c>NULL</c>.
|
||
/// </summary>
|
||
[MarshalAs(UnmanagedType.LPTStr)]
|
||
public string ProtSeq;
|
||
|
||
/// <summary>
|
||
/// Optional pointer to the endpoint-address information to use in creating a binding for the protocol sequence specified in the
|
||
/// Protseq parameter. Specify <c>NULL</c> to use dynamic endpoints.
|
||
/// </summary>
|
||
[MarshalAs(UnmanagedType.LPTStr)]
|
||
public string Endpoint;
|
||
|
||
/// <summary>
|
||
/// Pointer to an optional parameter provided for the security subsystem. Used only for ncacn_np and ncalrpc protocol sequences.
|
||
/// All other protocol sequences ignore this parameter. Using a security descriptor on the endpoint in order to make a server
|
||
/// secure is not recommended.
|
||
/// </summary>
|
||
public IntPtr SecurityDescriptor;
|
||
|
||
/// <summary>
|
||
/// Backlog queue length for the ncacn_ip_tcp protocol sequence. All other protocol sequences ignore this parameter. Use
|
||
/// <c>RPC_C_PROTSEQ_MAX_REQS_DEFAULT</c> to specify the default value. See Remarks for more informatation.
|
||
/// </summary>
|
||
public uint Backlog;
|
||
}
|
||
|
||
/// <summary>
|
||
/// The <c>RPC_HTTP_TRANSPORT_CREDENTIALS</c> structure defines additional credentials to authenticate to an RPC proxy server when
|
||
/// using RPC/HTTP.
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// If the <c>TransportCredentials</c> member is <c>NULL</c> and the authentication scheme is NTLM, the credentials of the currently
|
||
/// logged on user are used. To avoid exposing user credentials on the network through a weak LM hash, user logon credentials are
|
||
/// used only if one or both of the following conditions are true:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>
|
||
/// Caller requested use of SSL and used the <c>ServerCertificateSubject</c> member. This scenario guarantees credentials are
|
||
/// protected both in transit and at the final destination, even if a weak hash is used.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// The lncompatibilitylevel key is set to 2 or higher. This causes the NTLM security provider to emit or respond to only the strong
|
||
/// NT hash, not the weak LM hash. In addition, customers are encouraged to use level 3 or higher, which will attempt NTLMv2.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the Unicode version of the RpcBindingSetAuthInfoEx function is used, Unicode versions of the
|
||
/// <c>RPC_HTTP_TRANSPORT_CREDENTIALS</c> and SEC_WINNT_AUTH_IDENTITY structures must also be provided, and the <c>Flags</c> member
|
||
/// in <c>TransportCredentials</c> must be set to SEC_WINNT_AUTH_IDENTITY_UNICODE. If the ANSI version of the
|
||
/// <c>RpcBindingSetAuthInfoEx</c> function is used, ANSI versions of <c>RPC_HTTP_TRANSPORT_CREDENTIALS</c> and
|
||
/// <c>SEC_WINNT_AUTH_IDENTITY</c> structures must be provided, and the <c>Flags</c> member in <c>TransportCredentials</c> must be
|
||
/// set to SEC_WINNT_AUTH_IDENTITY_ANSI.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_http_transport_credentials_a typedef struct
|
||
// _RPC_HTTP_TRANSPORT_CREDENTIALS_A { SEC_WINNT_AUTH_IDENTITY_A *TransportCredentials; unsigned long Flags; unsigned long
|
||
// AuthenticationTarget; unsigned long NumberOfAuthnSchemes; unsigned long *AuthnSchemes; unsigned char *ServerCertificateSubject; }
|
||
// RPC_HTTP_TRANSPORT_CREDENTIALS_A, *PRPC_HTTP_TRANSPORT_CREDENTIALS_A;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_HTTP_TRANSPORT_CREDENTIALS_A")]
|
||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
|
||
public struct RPC_HTTP_TRANSPORT_CREDENTIALS
|
||
{
|
||
/// <summary>
|
||
/// A pointer to a <see cref="Secur32.SEC_WINNT_AUTH_IDENTITY"/> structure that contains the user name, domain, and password for
|
||
/// the user.
|
||
/// </summary>
|
||
public IntPtr TransportCredentials;
|
||
|
||
/// <summary>
|
||
/// <para>A set of flags that can be combined with the bitwise OR operator.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_HTTP_FLAG_USE_SSL</term>
|
||
/// <term>Instructs RPC to use SSL to communicate with the RPC Proxy.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME</term>
|
||
/// <term>
|
||
/// When set, RPC chooses the first scheme in the AuthnSchemes array and attempts to authenticate to the RPC Proxy. If the RPC
|
||
/// Proxy does not support the selected authentication scheme, the call fails. When not set, the RPC client queries the RPC
|
||
/// Proxy for supported authentication schemes, and chooses one.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_HTTP_FLAG Flags;
|
||
|
||
/// <summary>
|
||
/// <para>Specifies the authentication target.</para>
|
||
/// <para>Should be set to one or both of the following values:</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_HTTP_AUTHN_TARGET_SERVER</term>
|
||
/// <term>Authenticate against the RPC Proxy, which is the HTTP Server from an HTTP perspective. This is the most common value.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_HTTP_AUTHN_TARGET_PROXY</term>
|
||
/// <term>Authenticate against the HTTP Proxy. This value is uncommon.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_HTTP_AUTHN_TARGET AuthenticationTarget;
|
||
|
||
/// <summary>The number of elements in the <c>AuthnScheme</c> array.</summary>
|
||
public uint NumberOfAuthnSchemes;
|
||
|
||
/// <summary/>
|
||
public IntPtr AuthnSchemes;
|
||
|
||
/// <summary>
|
||
/// Contains an optional string with the expected server principal name. The principal name is in the same format as that
|
||
/// generated for RpcCertGeneratePrincipalName (see Principal Names for more information). This member is used only when SSL is
|
||
/// used. In such cases, the server certificate is checked against the generated principal name. If they do not match, an error
|
||
/// is returned. This member enables clients to authenticate the RPC Proxy.
|
||
/// </summary>
|
||
[MarshalAs(UnmanagedType.LPTStr)]
|
||
public string ServerCertificateSubject;
|
||
}
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// The <c>RPC_HTTP_TRANSPORT_CREDENTIALS_V2</c> structure defines additional credentials to authenticate to an RPC proxy server or
|
||
/// HTTP proxy server when using RPC/HTTP.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>RPC_HTTP_TRANSPORT_CREDENTIALS_V2</c> extends RPC_HTTP_TRANSPORT_CREDENTIALS by allowing authentication against an HTTP proxy server.
|
||
/// </para>
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// If the <c>TransportCredentials</c> member is <c>NULL</c> and the authentication scheme is NTLM, the credentials of the currently
|
||
/// logged on user are used. To avoid exposing user credentials on the network through a weak LM hash, user logon credentials are
|
||
/// used only if one or both of the following conditions are true:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>
|
||
/// Caller requested use of SSL and used the <c>ServerCertificateSubject</c> member. This scenario guarantees credentials are
|
||
/// protected both in transit and at the final destination, even if a weak hash is used.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// The lncompatibilitylevel key is set to 2 or higher. This causes the NTLM security provider to emit or respond to only the strong
|
||
/// NT hash, not the weak LM hash. In addition, customers are encouraged to use level 3 or higher, which will attempt NTLMv2.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the Unicode version of the RpcBindingSetAuthInfoEx function is used, Unicode versions of the
|
||
/// <c>RPC_HTTP_TRANSPORT_CREDENTIALS_V2</c> and SEC_WINNT_AUTH_IDENTITY structures must also be provided, and the <c>Flags</c>
|
||
/// member in <c>TransportCredentials</c> must be set to SEC_WINNT_AUTH_IDENTITY_UNICODE. If the ANSI version of the
|
||
/// <c>RpcBindingSetAuthInfoEx</c> function is used, ANSI versions of <c>RPC_HTTP_TRANSPORT_CREDENTIALS_V2</c> and
|
||
/// <c>SEC_WINNT_AUTH_IDENTITY</c> structures must be provided, and the <c>Flags</c> member in <c>TransportCredentials</c> must be
|
||
/// set to SEC_WINNT_AUTH_IDENTITY_ANSI.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_http_transport_credentials_v2_a typedef struct
|
||
// _RPC_HTTP_TRANSPORT_CREDENTIALS_V2_A { SEC_WINNT_AUTH_IDENTITY_A *TransportCredentials; unsigned long Flags; unsigned long
|
||
// AuthenticationTarget; unsigned long NumberOfAuthnSchemes; unsigned long *AuthnSchemes; unsigned char *ServerCertificateSubject;
|
||
// SEC_WINNT_AUTH_IDENTITY_A *ProxyCredentials; unsigned long NumberOfProxyAuthnSchemes; unsigned long *ProxyAuthnSchemes; }
|
||
// RPC_HTTP_TRANSPORT_CREDENTIALS_V2_A, *PRPC_HTTP_TRANSPORT_CREDENTIALS_V2_A;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_HTTP_TRANSPORT_CREDENTIALS_V2_A")]
|
||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
|
||
public struct RPC_HTTP_TRANSPORT_CREDENTIALS_V2
|
||
{
|
||
/// <summary>
|
||
/// A pointer to a <see cref="Secur32.SEC_WINNT_AUTH_IDENTITY"/> structure that contains the user name, domain, and password for
|
||
/// the user.
|
||
/// </summary>
|
||
public IntPtr TransportCredentials;
|
||
|
||
/// <summary>
|
||
/// <para>A set of flags that can be combined with the bitwise OR operator.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_HTTP_FLAG_USE_SSL</term>
|
||
/// <term>Instructs RPC to use SSL to communicate with the RPC Proxy.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME</term>
|
||
/// <term>
|
||
/// When set, RPC chooses the first scheme in the AuthnSchemes array and attempts to authenticate to the RPC Proxy. If the RPC
|
||
/// Proxy does not support the selected authentication scheme, the call fails. When not set, the RPC client queries the RPC
|
||
/// Proxy for supported authentication schemes, and chooses one.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_HTTP_FLAG Flags;
|
||
|
||
/// <summary>
|
||
/// <para>Specifies the authentication target.</para>
|
||
/// <para>Should be set to one or both of the following values:</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_HTTP_AUTHN_TARGET_SERVER</term>
|
||
/// <term>Authenticate against the RPC Proxy, which is the HTTP Server from an HTTP perspective. This is the most common value.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_HTTP_AUTHN_TARGET_PROXY</term>
|
||
/// <term>Authenticate against the HTTP Proxy. This value is uncommon.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_HTTP_AUTHN_TARGET AuthenticationTarget;
|
||
|
||
/// <summary>The number of elements in the <c>AuthnScheme</c> array.</summary>
|
||
public uint NumberOfAuthnSchemes;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// A pointer to an array of <see cref="RPC_C_HTTP_AUTHN_SCHEME"/> values representing authentication schemes the client is
|
||
/// willing to use. Each element of the array can contain one of the following constants:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_BASIC</item>
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_NTLM</item>
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_PASSPORT</item>
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_DIGEST</item>
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE</item>
|
||
/// </list>
|
||
/// <para>
|
||
/// RPC_C_HTTP_AUTHN_SCHEME_PASSPORT, RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE and RPC_C_HTTP_AUTHN_SCHEME_DIGEST are defined as
|
||
/// constants, but not currently supported. Callers should not specify them; doing so results in RPC_S_CANNOT_SUPPORT error.
|
||
/// Each constant can be specified once. RPC does not verify this restriction for performance reasons, but specifying a constant
|
||
/// more than once produces undefined results.
|
||
/// </para>
|
||
/// <para>The algorithm for choosing the actual authentication scheme is as follows:</para>
|
||
/// <para>
|
||
/// If RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME is specified, the first authentication scheme is chosen. If it is not supported by
|
||
/// the server, the connection establishment fails. If RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME is not specified, the RPC client
|
||
/// first attempts anonymous connection to the RPC Proxy. If IIS returns authentication challenge, the RPC client chooses the
|
||
/// authentication scheme preferred by the server if it is also in the <c>AuthnScheme</c> array. If the scheme preferred by the
|
||
/// server is not in the <c>AuthnScheme</c> array, the <c>AuthnScheme</c> array will be traversed from start to finish, and if a
|
||
/// scheme is found that is also supported by the server, that authentication scheme is used.
|
||
/// </para>
|
||
/// </summary>
|
||
public IntPtr AuthnSchemes;
|
||
|
||
/// <summary>
|
||
/// Contains an optional string with the expected server principal name. The principal name is in the same format as that
|
||
/// generated for RpcCertGeneratePrincipalName (see Principal Names for more information). This member is used only when SSL is
|
||
/// used. In such cases, the server certificate is checked against the generated principal name. If they do not match, an error
|
||
/// is returned. This member enables clients to authenticate the RPC Proxy.
|
||
/// </summary>
|
||
[MarshalAs(UnmanagedType.LPTStr)]
|
||
public string ServerCertificateSubject;
|
||
|
||
/// <summary>
|
||
/// A pointer to a <see cref="Secur32.SEC_WINNT_AUTH_IDENTITY"/> structure that contains the user name, domain, and password for
|
||
/// the user when authenticating against an HTTP proxy server. <c>ProxyCredentials</c> is only valid when
|
||
/// <c>AuthenticationTarget</c> contains <c>RPC_C_HTTP_AUTHN_TARGET_PROXY</c>.
|
||
/// </summary>
|
||
public IntPtr ProxyCredentials;
|
||
|
||
/// <summary>
|
||
/// The number of elements in the <c>ProxyAuthnSchemes</c> array when authenticating against an HTTP proxy server.
|
||
/// <c>NumberOfProxyAuthnSchemes</c> is only valid when <c>AuthenticationTarget</c> contains <c>RPC_C_HTTP_AUTHN_TARGET_PROXY</c>.
|
||
/// </summary>
|
||
public uint NumberOfProxyAuthnSchemes;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// A pointer to an array of <see cref="RPC_C_HTTP_AUTHN_SCHEME"/> values representing authentication schemes the client is
|
||
/// willing to use when authenticating against an HTTP proxy server. Each element of the array can contain one of the following
|
||
/// constants. <c>ProxyAuthnSchemes</c> is only valid when <c>AuthenticationTarget</c> contains <c>RPC_C_HTTP_AUTHN_TARGET_PROXY</c>.
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_BASIC</item>
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_NTLM</item>
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_PASSPORT</item>
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_DIGEST</item>
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE</item>
|
||
/// </list>
|
||
/// </summary>
|
||
public IntPtr ProxyAuthnSchemes;
|
||
}
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// The <c>RPC_HTTP_TRANSPORT_CREDENTIALS_V3</c> structure defines additional credentials to authenticate to an RPC proxy server or
|
||
/// HTTP proxy server when using RPC/HTTP.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>RPC_HTTP_TRANSPORT_CREDENTIALS_V3</c> extends RPC_HTTP_TRANSPORT_CREDENTIALS_V2 by allowing arbitrary credential forms to be used.
|
||
/// </para>
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// If the <c>TransportCredentials</c> member is <c>NULL</c> and the authentication scheme is NTLM, the credentials of the currently
|
||
/// logged on user are used. To avoid exposing user credentials on the network through a weak LM hash, user logon credentials are
|
||
/// used only if one or both of the following conditions are true:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>
|
||
/// Caller requested use of SSL and used the <c>ServerCertificateSubject</c> member. This scenario guarantees credentials are
|
||
/// protected both in transit and at the final destination, even if a weak hash is used.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// The lncompatibilitylevel key is set to 2 or higher. This causes the NTLM security provider to emit or respond to only the strong
|
||
/// NT hash, not the weak LM hash. In addition, customers are encouraged to use level 3 or higher, which will attempt NTLMv2.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the Unicode version of the RpcBindingSetAuthInfoEx function is used, Unicode versions of the
|
||
/// <c>RPC_HTTP_TRANSPORT_CREDENTIALS_V3</c> and SEC_WINNT_AUTH_IDENTITY structures must also be provided, and the <c>Flags</c>
|
||
/// member in <c>TransportCredentials</c> must be set to SEC_WINNT_AUTH_IDENTITY_UNICODE. If the ANSI version of the
|
||
/// <c>RpcBindingSetAuthInfoEx</c> function is used, ANSI versions of <c>RPC_HTTP_TRANSPORT_CREDENTIALS_V3</c> and
|
||
/// <c>SEC_WINNT_AUTH_IDENTITY</c> structures must be provided, and the <c>Flags</c> member in <c>TransportCredentials</c> must be
|
||
/// set to SEC_WINNT_AUTH_IDENTITY_ANSI.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_http_transport_credentials_v3_a typedef struct
|
||
// _RPC_HTTP_TRANSPORT_CREDENTIALS_V3_A { RPC_AUTH_IDENTITY_HANDLE TransportCredentials; unsigned long Flags; unsigned long
|
||
// AuthenticationTarget; unsigned long NumberOfAuthnSchemes; unsigned long *AuthnSchemes; unsigned char *ServerCertificateSubject;
|
||
// RPC_AUTH_IDENTITY_HANDLE ProxyCredentials; unsigned long NumberOfProxyAuthnSchemes; unsigned long *ProxyAuthnSchemes; }
|
||
// RPC_HTTP_TRANSPORT_CREDENTIALS_V3_A, *PRPC_HTTP_TRANSPORT_CREDENTIALS_V3_A;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_HTTP_TRANSPORT_CREDENTIALS_V3_A")]
|
||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
|
||
public struct RPC_HTTP_TRANSPORT_CREDENTIALS_V3
|
||
{
|
||
/// <summary>
|
||
/// A pointer to a <see cref="Secur32.SEC_WINNT_AUTH_IDENTITY"/> structure that contains the user name, domain, and password for
|
||
/// the user.
|
||
/// </summary>
|
||
public IntPtr TransportCredentials;
|
||
|
||
/// <summary>
|
||
/// <para>A set of flags that can be combined with the bitwise OR operator.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_HTTP_FLAG_USE_SSL</term>
|
||
/// <term>Instructs RPC to use SSL to communicate with the RPC Proxy.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME</term>
|
||
/// <term>
|
||
/// When set, RPC chooses the first scheme in the AuthnSchemes array and attempts to authenticate to the RPC Proxy. If the RPC
|
||
/// Proxy does not support the selected authentication scheme, the call fails. When not set, the RPC client queries the RPC
|
||
/// Proxy for supported authentication schemes, and chooses one.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_HTTP_FLAG Flags;
|
||
|
||
/// <summary>
|
||
/// <para>Specifies the authentication target.</para>
|
||
/// <para>Should be set to one or both of the following values:</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_HTTP_AUTHN_TARGET_SERVER</term>
|
||
/// <term>Authenticate against the RPC Proxy, which is the HTTP Server from an HTTP perspective. This is the most common value.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_HTTP_AUTHN_TARGET_PROXY</term>
|
||
/// <term>Authenticate against the HTTP Proxy. This value is uncommon.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_HTTP_AUTHN_TARGET AuthenticationTarget;
|
||
|
||
/// <summary>The number of elements in the <c>AuthnScheme</c> array.</summary>
|
||
public uint NumberOfAuthnSchemes;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// A pointer to an array of <see cref="RPC_C_HTTP_AUTHN_SCHEME"/> values representing authentication schemes the client is
|
||
/// willing to use. Each element of the array can contain one of the following constants:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_BASIC</item>
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_NTLM</item>
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_PASSPORT</item>
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_DIGEST</item>
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE</item>
|
||
/// </list>
|
||
/// <para>
|
||
/// RPC_C_HTTP_AUTHN_SCHEME_PASSPORT, RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE and RPC_C_HTTP_AUTHN_SCHEME_DIGEST are defined as
|
||
/// constants, but not currently supported. Callers should not specify them; doing so results in RPC_S_CANNOT_SUPPORT error.
|
||
/// Each constant can be specified once. RPC does not verify this restriction for performance reasons, but specifying a constant
|
||
/// more than once produces undefined results.
|
||
/// </para>
|
||
/// <para>The algorithm for choosing the actual authentication scheme is as follows:</para>
|
||
/// <para>
|
||
/// If RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME is specified, the first authentication scheme is chosen. If it is not supported by
|
||
/// the server, the connection establishment fails. If RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME is not specified, the RPC client
|
||
/// first attempts anonymous connection to the RPC Proxy. If IIS returns authentication challenge, the RPC client chooses the
|
||
/// authentication scheme preferred by the server if it is also in the <c>AuthnScheme</c> array. If the scheme preferred by the
|
||
/// server is not in the <c>AuthnScheme</c> array, the <c>AuthnScheme</c> array will be traversed from start to finish, and if a
|
||
/// scheme is found that is also supported by the server, that authentication scheme is used.
|
||
/// </para>
|
||
/// </summary>
|
||
public IntPtr AuthnSchemes;
|
||
|
||
/// <summary>
|
||
/// Contains an optional string with the expected server principal name. The principal name is in the same format as that
|
||
/// generated for RpcCertGeneratePrincipalName (see Principal Names for more information). This member is used only when SSL is
|
||
/// used. In such cases, the server certificate is checked against the generated principal name. If they do not match, an error
|
||
/// is returned. This member enables clients to authenticate the RPC Proxy.
|
||
/// </summary>
|
||
[MarshalAs(UnmanagedType.LPTStr)]
|
||
public string ServerCertificateSubject;
|
||
|
||
/// <summary>
|
||
/// A pointer to an opaque authentication handle in the form of an RPC_AUTH_IDENTITY_HANDLE structure when authenticating
|
||
/// against an HTTP proxy server. <c>ProxyCredentials</c> is only valid when <c>AuthenticationTarget</c> contains <c>RPC_C_HTTP_AUTHN_TARGET_PROXY</c>.
|
||
/// </summary>
|
||
public RPC_AUTH_IDENTITY_HANDLE ProxyCredentials;
|
||
|
||
/// <summary>
|
||
/// The number of elements in the <c>ProxyAuthnSchemes</c> array when authenticating against an HTTP proxy server.
|
||
/// <c>NumberOfProxyAuthnSchemes</c> is only valid when <c>AuthenticationTarget</c> contains <c>RPC_C_HTTP_AUTHN_TARGET_PROXY</c>.
|
||
/// </summary>
|
||
public uint NumberOfProxyAuthnSchemes;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// A pointer to an array of <see cref="RPC_C_HTTP_AUTHN_SCHEME"/> values representing authentication schemes the client is
|
||
/// willing to use when authenticating against an HTTP proxy server. Each element of the array can contain one of the following
|
||
/// constants. <c>ProxyAuthnSchemes</c> is only valid when <c>AuthenticationTarget</c> contains <c>RPC_C_HTTP_AUTHN_TARGET_PROXY</c>.
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_BASIC</item>
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_NTLM</item>
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_PASSPORT</item>
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_DIGEST</item>
|
||
/// <item>RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE</item>
|
||
/// </list>
|
||
/// </summary>
|
||
public IntPtr ProxyAuthnSchemes;
|
||
}
|
||
|
||
/// <summary>Provides a handle to an RPC interface.</summary>
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct RPC_IF_HANDLE : IHandle
|
||
{
|
||
private readonly IntPtr handle;
|
||
|
||
/// <summary>Initializes a new instance of the <see cref="RPC_IF_HANDLE"/> struct.</summary>
|
||
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
|
||
public RPC_IF_HANDLE(IntPtr preexistingHandle) => handle = preexistingHandle;
|
||
|
||
/// <summary>Returns an invalid handle by instantiating a <see cref="RPC_IF_HANDLE"/> object with <see cref="IntPtr.Zero"/>.</summary>
|
||
public static RPC_IF_HANDLE NULL => new RPC_IF_HANDLE(IntPtr.Zero);
|
||
|
||
/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
|
||
public bool IsNull => handle == IntPtr.Zero;
|
||
|
||
/// <summary>Performs an explicit conversion from <see cref="RPC_IF_HANDLE"/> to <see cref="IntPtr"/>.</summary>
|
||
/// <param name="h">The handle.</param>
|
||
/// <returns>The result of the conversion.</returns>
|
||
public static explicit operator IntPtr(RPC_IF_HANDLE h) => h.handle;
|
||
|
||
/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="RPC_IF_HANDLE"/>.</summary>
|
||
/// <param name="h">The pointer to a handle.</param>
|
||
/// <returns>The result of the conversion.</returns>
|
||
public static implicit operator RPC_IF_HANDLE(IntPtr h) => new RPC_IF_HANDLE(h);
|
||
|
||
/// <summary>Implements the operator !=.</summary>
|
||
/// <param name="h1">The first handle.</param>
|
||
/// <param name="h2">The second handle.</param>
|
||
/// <returns>The result of the operator.</returns>
|
||
public static bool operator !=(RPC_IF_HANDLE h1, RPC_IF_HANDLE h2) => !(h1 == h2);
|
||
|
||
/// <summary>Implements the operator ==.</summary>
|
||
/// <param name="h1">The first handle.</param>
|
||
/// <param name="h2">The second handle.</param>
|
||
/// <returns>The result of the operator.</returns>
|
||
public static bool operator ==(RPC_IF_HANDLE h1, RPC_IF_HANDLE h2) => h1.Equals(h2);
|
||
|
||
/// <inheritdoc/>
|
||
public override bool Equals(object obj) => obj is RPC_IF_HANDLE h && handle == h.handle;
|
||
|
||
/// <inheritdoc/>
|
||
public override int GetHashCode() => handle.GetHashCode();
|
||
|
||
/// <inheritdoc/>
|
||
public IntPtr DangerousGetHandle() => handle;
|
||
}
|
||
|
||
/// <summary>The <c>RPC_IF_ID</c> structure contains the interface UUID and major and minor version numbers of an interface.</summary>
|
||
/// <remarks>
|
||
/// An interface identification is a subset of the data contained in the interface-specification structure. Routines that require an
|
||
/// interface identification structure show a data type of <c>RPC_IF_ID</c>. In those routines, the application is responsible for
|
||
/// providing memory for the structure.
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_if_id typedef struct _RPC_IF_ID { UUID Uuid; unsigned
|
||
// short VersMajor; unsigned short VersMinor; } RPC_IF_ID;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_IF_ID")]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct RPC_IF_ID
|
||
{
|
||
/// <summary>Specifies the interface UUID.</summary>
|
||
public Guid Uuid;
|
||
|
||
/// <summary>Major version number, an integer from 0 to 65535, inclusive.</summary>
|
||
public ushort VersMajor;
|
||
|
||
/// <summary>Minor version number, an integer from 0 to 65535, inclusive.</summary>
|
||
public ushort VersMinor;
|
||
}
|
||
|
||
/// <summary>The <c>RPC_IF_ID_VECTOR</c> structure contains a list of interfaces offered by a server.</summary>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// The interface identification vector contains a count member ( <c>Count</c>), followed by an array of pointers to interface
|
||
/// identifiers ( RPC_IF_ID).
|
||
/// </para>
|
||
/// <para>
|
||
/// The interface identification vector is a read-only vector. To obtain a vector of the interface identifiers registered by a
|
||
/// server with the run-time library, an application calls RpcMgmtInqIfIds. To obtain a vector of the interface identifiers exported
|
||
/// by a server, an application calls RpcNsMgmtEntryInqIfIds.
|
||
/// </para>
|
||
/// <para>
|
||
/// The RPC run-time library allocates memory for the interface identification vector. The application calls RpcIfIdVectorFree to
|
||
/// free the interface identification vector.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_if_id_vector typedef struct { unsigned long Count;
|
||
// RPC_IF_ID *IfId[1]; } RPC_IF_ID_VECTOR;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce.__unnamed_struct_1")]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct RPC_IF_ID_VECTOR : IArrayStruct<RPC_IF_ID>
|
||
{
|
||
/// <summary>Number of interface-identification structures present in the array <c>IfHandl</c>.</summary>
|
||
public uint Count;
|
||
|
||
/// <summary>An array of pointers to interface identifiers ( <see cref="RPC_IF_ID"/>).</summary>
|
||
public IntPtr IfId;
|
||
}
|
||
|
||
/// <summary>Provides a handle to an RPC interface group.</summary>
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct RPC_INTERFACE_GROUP : IHandle
|
||
{
|
||
private readonly IntPtr handle;
|
||
|
||
/// <summary>Initializes a new instance of the <see cref="RPC_INTERFACE_GROUP"/> struct.</summary>
|
||
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
|
||
public RPC_INTERFACE_GROUP(IntPtr preexistingHandle) => handle = preexistingHandle;
|
||
|
||
/// <summary>Returns an invalid handle by instantiating a <see cref="RPC_INTERFACE_GROUP"/> object with <see cref="IntPtr.Zero"/>.</summary>
|
||
public static RPC_INTERFACE_GROUP NULL => new RPC_INTERFACE_GROUP(IntPtr.Zero);
|
||
|
||
/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
|
||
public bool IsNull => handle == IntPtr.Zero;
|
||
|
||
/// <summary>Performs an explicit conversion from <see cref="RPC_INTERFACE_GROUP"/> to <see cref="IntPtr"/>.</summary>
|
||
/// <param name="h">The handle.</param>
|
||
/// <returns>The result of the conversion.</returns>
|
||
public static explicit operator IntPtr(RPC_INTERFACE_GROUP h) => h.handle;
|
||
|
||
/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="RPC_INTERFACE_GROUP"/>.</summary>
|
||
/// <param name="h">The pointer to a handle.</param>
|
||
/// <returns>The result of the conversion.</returns>
|
||
public static implicit operator RPC_INTERFACE_GROUP(IntPtr h) => new RPC_INTERFACE_GROUP(h);
|
||
|
||
/// <summary>Implements the operator !=.</summary>
|
||
/// <param name="h1">The first handle.</param>
|
||
/// <param name="h2">The second handle.</param>
|
||
/// <returns>The result of the operator.</returns>
|
||
public static bool operator !=(RPC_INTERFACE_GROUP h1, RPC_INTERFACE_GROUP h2) => !(h1 == h2);
|
||
|
||
/// <summary>Implements the operator ==.</summary>
|
||
/// <param name="h1">The first handle.</param>
|
||
/// <param name="h2">The second handle.</param>
|
||
/// <returns>The result of the operator.</returns>
|
||
public static bool operator ==(RPC_INTERFACE_GROUP h1, RPC_INTERFACE_GROUP h2) => h1.Equals(h2);
|
||
|
||
/// <inheritdoc/>
|
||
public override bool Equals(object obj) => obj is RPC_INTERFACE_GROUP h && handle == h.handle;
|
||
|
||
/// <inheritdoc/>
|
||
public override int GetHashCode() => handle.GetHashCode();
|
||
|
||
/// <inheritdoc/>
|
||
public IntPtr DangerousGetHandle() => handle;
|
||
}
|
||
|
||
/// <summary>The <c>RPC_INTERFACE_TEMPLATE</c> structure defines an RPC interface group server interface.</summary>
|
||
/// <remarks>
|
||
/// <para>To register an interface, the server provides the following information:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>Interface specificationThe interface specification is a data structure that the MIDL compiler generates.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// Manager type UUID and manager EPVThe manager type UUID and the manager EPV determine which manager routine executes when a
|
||
/// server receives a remote procedure call request from a client. For each implementation of an interface offered by a server, it
|
||
/// must register a separate manager EPV. Note that when specifying a non-nil, manager type <c>UUID</c>, the server must also call
|
||
/// RpcObjectSetType to register objects of this non-nil type.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// All interface group interfaces are treated as <c>auto-listen</c>. The runtime begins listening for calls as soon as the
|
||
/// interface group is activated. Calls to RpcServerListen and RpcMgmtStopServerListening do not affect the interface, nor does a
|
||
/// call to RpcServerUnregisterIf with IfSpec set to <c>NULL</c>.
|
||
/// </para>
|
||
/// <para>
|
||
/// Specifying a security-callback function in IfCallback allows the server application to restrict access to its interfaces on an
|
||
/// individual client basis. That is, by default, security is optional; the server run-time will dispatch unsecured calls even if
|
||
/// the server has called RpcServerRegisterAuthInfo. If the server wants to accept only authenticated clients, an interface callback
|
||
/// function must call RpcBindingInqAuthClient, RpcGetAuthorizationContextForClient, or RpcServerInqCallAttributes to retrieve the
|
||
/// security level, or attempt to impersonate the client with RpcImpersonateClient. It can also specify the RPC_IF_ALLOW_SECURE_ONLY
|
||
/// flag in Flags to reject unauthenticated calls.
|
||
/// </para>
|
||
/// <para>
|
||
/// When a server application specifies a security-callback function for its interface(s) in IfCallback, the RPC run time
|
||
/// automatically rejects calls without authentication information to that interface. In addition, the run-time records the
|
||
/// interfaces each client has used. When a client makes an RPC to an interface that it has not used during the current
|
||
/// communication session, the RPC run-time library calls the interface's security-callback function. Specifying
|
||
/// RPC_IF_ALLOW_CALLBACKS_WITH_NO_AUTH in Flags will prevent the automatic rejection of unauthenticated clients. Note that calls on
|
||
/// the <c>NULL</c> security session can have authentication information, even though they come from anonymous clients. Thus, the
|
||
/// existence of a callback alone is not sufficient to prevent anonymous clients from connecting; either the security callback
|
||
/// function must check for that, or the RPC_IF_ALLOW_SECURE_ONLY flag must be used. RPC_IF_ALLOW_SECURE_ONLY rejects null session
|
||
/// calls only on Windows XP and later versions of Windows.
|
||
/// </para>
|
||
/// <para>For the signature for the callback function, see RPC_IF_CALLBACK_FN.</para>
|
||
/// <para>
|
||
/// The callback function in IfCallback should return <c>RPC_S_OK</c> if the client is allowed to call methods in this interface.
|
||
/// Any other return code will cause the client to receive the exception <c>RPC_S_ACCESS_DENIED</c>.
|
||
/// </para>
|
||
/// <para>
|
||
/// In some cases, the RPC run time may call the security-callback function more than once per client, per interface. The callback
|
||
/// function must be able to handle this possibility.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_interface_templatea typedef struct { unsigned long
|
||
// Version; RPC_IF_HANDLE IfSpec; UUID *MgrTypeUuid; RPC_MGR_EPV *MgrEpv; unsigned int Flags; unsigned int MaxCalls; unsigned int
|
||
// MaxRpcSize; RPC_IF_CALLBACK_FN *IfCallback; UUID_VECTOR *UuidVector; RPC_CSTR Annotation; void *SecurityDescriptor; }
|
||
// RPC_INTERFACE_TEMPLATEA, *PRPC_INTERFACE_TEMPLATEA;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce.__unnamed_struct_6")]
|
||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
|
||
public struct RPC_INTERFACE_TEMPLATE
|
||
{
|
||
/// <summary>This field is reserved and must be set to 0.</summary>
|
||
public uint Version;
|
||
|
||
/// <summary>MIDL-generated structure that defines the interface to register.</summary>
|
||
public RPC_IF_HANDLE IfSpec;
|
||
|
||
/// <summary>Pointer to a UUID to associate with MgrEpv. <c>NULL</c> or a nil <c>UUID</c> registers IfSpec with a nil <c>UUID</c>.</summary>
|
||
public GuidPtr MgrTypeUuid;
|
||
|
||
/// <summary>
|
||
/// Pointer to a RPC_MGR_EPV structure that contains the manager routines' entry-point vector (EPV). If
|
||
/// <c>NULL</c>,the MIDL-generated default EPV is used.
|
||
/// </summary>
|
||
public IntPtr MgrEpv;
|
||
|
||
/// <summary>
|
||
/// Flags. For a list of flag values, see Interface Registration Flags. Interface group interfaces are always treated as <c>auto-listen</c>.
|
||
/// </summary>
|
||
public RPC_IF Flags;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// Maximum number of concurrent remote procedure call requests the server can accept on this interface. The RPC run-time
|
||
/// library makes its best effort to ensure the server does not allow more concurrent call requests than the number of calls
|
||
/// specified in MaxCalls. However, the actual number can be greater than MaxCalls and can vary for each protocol sequence.
|
||
/// </para>
|
||
/// <para>Calls on other interfaces are governed by the value of the process-wide MaxCalls parameter specified in RpcServerListen.</para>
|
||
/// <para>
|
||
/// If the number of concurrent calls is not a concern, slightly better server-side performance can be achieved by specifying
|
||
/// the default value using <c>RPC_C_LISTEN_MAX_CALLS_DEFAULT</c>. Doing so relieves the RPC run-time environment from enforcing
|
||
/// an unnecessary restriction.
|
||
/// </para>
|
||
/// </summary>
|
||
public uint MaxCalls;
|
||
|
||
/// <summary>
|
||
/// Maximum size, in bytes, of incoming data blocks. MaxRpcSize may be used to help prevent malicious denial-of-service attacks.
|
||
/// If the data block of a remote procedure call is larger than MaxRpcSize, the RPC run-time library rejects the call and sends
|
||
/// an <c>RPC_S_ACCESS_DENIED</c> error to the client. Specifying a value of (unsigned int) <20>1 in MaxRpcSize removes the limit
|
||
/// on the size of incoming data blocks. This parameter has no effect on calls made over the ncalrpc protocol.
|
||
/// </summary>
|
||
public uint MaxRpcSize;
|
||
|
||
/// <summary>
|
||
/// A pointer to a RPC_INTERFACE_GROUP_IDLE_CALLBACK_FN security-callback function, or <c>NULL</c> for no callback. Each
|
||
/// registered interface can have a different callback function.
|
||
/// </summary>
|
||
[MarshalAs(UnmanagedType.FunctionPtr)]
|
||
public RPC_INTERFACE_GROUP_IDLE_CALLBACK_FN IfCallback;
|
||
|
||
/// <summary>
|
||
/// Pointer to a vector of object UUIDs offered by the server to be registered with the RPC endpoint mapper. The server
|
||
/// application constructs this vector. <c>NULL</c> indicates there are no object <c>UUIDs</c> to register.
|
||
/// </summary>
|
||
public IntPtr UuidVector;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// Pointer to the character-string comment applied to each cross-product element added to the local endpoint-map database. The
|
||
/// string can be up to 64 characters long, including the null terminating character. Specify a null value or a null-terminated
|
||
/// string ("\0") if there is no annotation string.
|
||
/// </para>
|
||
/// <para>
|
||
/// The annotation string is used by applications for information only. RPC does not use this string to determine which server
|
||
/// instance a client communicates with or for enumerating elements in the endpoint-map database.
|
||
/// </para>
|
||
/// </summary>
|
||
[MarshalAs(UnmanagedType.LPTStr)]
|
||
public string Annotation;
|
||
|
||
/// <summary>Optional security descriptor describing which clients have the right to access the interface.</summary>
|
||
public IntPtr SecurityDescriptor;
|
||
}
|
||
|
||
/// <summary>
|
||
/// The <c>RPC_POLICY</c> structure contains flags that determine binding on multihomed computers, and port allocations when using
|
||
/// the ncacn_ip_tcp and ncadg_ip_udp protocols.
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>You can use the <c>RPC_Policy</c> structure to set policies for remote procedure calls at run time. These policies include:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>
|
||
/// Message queuing: Allows the server to specify message-queuing properties, such as security, quality of delivery, and the
|
||
/// lifetime of the server-process queue. This policy is only effective for remote calls over the message-queuing transport (ncadg_mq).
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>
|
||
/// Port allocation for dynamic ports: Specifies whether the endpoint registered by this application should go to the
|
||
/// Internet-available or intranet-available port set.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Selective binding: Allows multihomed machines to bind selectively to NICs.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// <c>Note</c> Port allocation and selective binding policies are effective only for remote calls over TCP ( ncacn_ip_tcp) and UDP
|
||
/// ( ncadg_ip_udp) connections. For more information, see Configuring the Registry for Port Allocations and Selective Binding.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_policy typedef struct _RPC_POLICY { unsigned int Length;
|
||
// unsigned long EndpointFlags; unsigned long NICFlags; } RPC_POLICY, *PRPC_POLICY;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_POLICY")]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct RPC_POLICY
|
||
{
|
||
/// <summary>
|
||
/// Size of the <c>RPC_POLICY</c> structure, in bytes. The <c>Length</c> member allows compatibility with future versions of
|
||
/// this structure, which may contain additional fields. Always set the <c>Length</c> equal to <c>sizeof</c>(RPC_POLICY) when
|
||
/// you initialize the <c>RPC_POLICY</c> structure in your code.
|
||
/// </summary>
|
||
public uint Length;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// Set of flags that determine the attributes of the port or ports where the server receives remote procedure calls. You can
|
||
/// specify more than one flag (by using the bitwise OR operator) from the set of values for a given protocol sequence.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> If the registry does not contain any of the keys that specify the default policies, then the
|
||
/// <c>EndpointFlags</c> member will have no effect at run time. If a key is missing or contains an invalid value, then the
|
||
/// entire configuration for that protocol ( ncacn_ip_tcp, ncadg_ip_udp or ncadg_mq) is marked as invalid and all calls to
|
||
/// <c>RpcServerUseProtseq*</c> functions over that protocol will fail.
|
||
/// </para>
|
||
/// </summary>
|
||
public RPC_C_POL_ENDPT EndpointFlags;
|
||
|
||
/// <summary>Policy for binding to Network Interface Cards (NICs).</summary>
|
||
public RPC_C_POL_NIC NICFlags;
|
||
}
|
||
|
||
/// <summary>
|
||
/// The <c>RPC_PROTSEQ_VECTOR</c> structure contains a list of protocol sequences the RPC run-time library uses to send and receive
|
||
/// remote procedure calls.
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// The protocol-sequence vector contains a count member ( <c>Count</c>), followed by an array of pointers to protocol-sequence
|
||
/// strings ( <c>Protseq</c>).
|
||
/// </para>
|
||
/// <para>
|
||
/// The protocol-sequence vector is a read-only vector. To obtain a protocol-sequence vector, a server application calls
|
||
/// RpcNetworkInqProtseqs. The RPC run-time library allocates memory for the protocol-sequence vector. The server application calls
|
||
/// RpcProtseqVectorFree to free the protocol-sequence vector.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_protseq_vector typedef struct _RPC_PROTSEQ_VECTOR {
|
||
// unsigned int Count; unsigned char *Protseq[1]; } RPC_PROTSEQ_VECTOR;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_PROTSEQ_VECTOR")]
|
||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
|
||
public struct RPC_PROTSEQ_VECTOR : IArrayStruct<StrPtrAuto>
|
||
{
|
||
/// <summary>Number of protocol-sequence strings present in the array <c>Protseq</c>.</summary>
|
||
public uint Count;
|
||
|
||
/// <summary>
|
||
/// Array of pointers to protocol-sequence strings. The number of pointers present is specified by the <c>Count</c> member.
|
||
/// </summary>
|
||
public IntPtr Protseq;
|
||
}
|
||
|
||
/// <summary>
|
||
/// The <c>RPC_SECURITY_QOS</c> structure defines security quality-of-service settings on a binding handle. See Remarks for version
|
||
/// availability on Windows editions.
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>The following listing defines the availability of QOS versions on various Windows operating systems:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>Version 1: Windows 2000 and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 2: Windows XP with Service Pack 1 (SP1) and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 3: Windows Server 2003 and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 4: Windows Vista and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 5: Windows 8 and later.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// Windows editions support downlevel versions as well. For example, Windows Server 2003 supports version 3, but also supports
|
||
/// versions 1 and 2.
|
||
/// </para>
|
||
/// <para>
|
||
/// The client-side security functions RpcBindingInqAuthInfoEx and RpcBindingSetAuthInfo use the <c>RPC_SECURITY_QOS</c> structure
|
||
/// to inquire about, or to set, the security quality of service for a binding handle.
|
||
/// </para>
|
||
/// <para>
|
||
/// RPC supports the RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT hint. This hint is used only when dynamic endpoints and mutual
|
||
/// authentication are used. Furthermore, it is not supported for the <c>ncadg_</c> protocol sequences. If this flag is used for a
|
||
/// <c>ncadg_</c> protocol sequence, or without using mutual authentication, RPC_S_INVALID_ARG is returned from the
|
||
/// RpcBindingSetAuthInfoEx function call. This flag is designed to prevent a Denial of Service Attack. Using this flag forces the
|
||
/// RPC Runtime to ask the endpoint mapper only for endpoints registered by the principal specified in the <c>ServerPrincName</c> or
|
||
/// <c>Sid</c> members. This prevents an attacker on the local machine from trying to trick your RPC client to connect to a spoof
|
||
/// endpoint it has registered in the endpoint mapper. Note that since the attack is local only (such as from a terminal server
|
||
/// machine with many users), the flag also works only for RPC calls made locally.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> Some security providers, such as Kerberos, support delegation-impersonation type. On Windows editions that support
|
||
/// delegation-impersonation type, if the client has asked for delegation but the security provider is unable to provide it, the
|
||
/// call fails with PRC_S_SEC_PKG_ERROR unless the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag is specified.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_security_qos typedef struct _RPC_SECURITY_QOS { unsigned
|
||
// long Version; unsigned long Capabilities; unsigned long IdentityTracking; unsigned long ImpersonationType; } RPC_SECURITY_QOS, *PRPC_SECURITY_QOS;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_SECURITY_QOS")]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct RPC_SECURITY_QOS
|
||
{
|
||
/// <summary>
|
||
/// Version of the <c>RPC_SECURITY_QOS</c> structure being used. This topic documents version 1 of the <c>RPC_SECURITY_QOS</c>
|
||
/// structure. See RPC_SECURITY_QOS_V2, RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4 and RPC_SECURITY_QOS_V5 for other versions.
|
||
/// </summary>
|
||
public uint Version;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// Security services being provided to the application. Capabilities is a set of flags that can be combined using the bitwise
|
||
/// OR operator.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_DEFAULT</term>
|
||
/// <term>Used when no provider-specific capabilities are needed.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH</term>
|
||
/// <term>
|
||
/// Specifying this flag causes the RPC run time to request mutual authentication from the security provider. Some security
|
||
/// providers do not support mutual authentication. If the security provider does not support mutual authentication, or the
|
||
/// identity of the server cannot be established, a remote procedure call to such server fails with error RPC_S_SEC_PKG_ERROR.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_MAKE_FULLSIC</term>
|
||
/// <term>Not currently implemented.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_ANY_AUTHORITY</term>
|
||
/// <term>
|
||
/// Accepts the client's credentials even if the certificate authority (CA) is not in the server's list of trusted CAs. This
|
||
/// constant is used only by the SCHANNEL SSP.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE</term>
|
||
/// <term>
|
||
/// When specified, this flag directs the RPC runtime on the client to ignore an error to establish a security context that
|
||
/// supports delegation. Normally, if the client asks for delegation and the security system cannot establish a security context
|
||
/// that supports delegation, error RPC_S_SEC_PKG_ERROR is returned; when this flag is specified, no error is returned.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT</term>
|
||
/// <term>
|
||
/// This flag specifies to RPC that the server is local to the machine making the RPC call. In this situation RPC instructs the
|
||
/// endpoint mapper to pick up only endpoints registered by the principal specified in the ServerPrincName or Sid members (these
|
||
/// members are available in RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4, and RPC_SECURITY_QOS_V5 only). See Remarks for more information.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY</term>
|
||
/// <term>
|
||
/// If set, the RPC runtime uses the SChannel SSP to perform smartcard-based authentication without displaying a PIN prompt
|
||
/// dialog box by the cryptographic services provider (CSP). In the call to RpcBindingSetAuthInfoEx, the AuthIdentity parameter
|
||
/// must be a SEC_WINNT_AUTH_IDENTITY structure whose members contain the following: If the
|
||
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY flag is used for any SSP other than SChannel, or if the members of
|
||
/// SEC_WINNT_AUTH_IDENTITY do not conform to the above, RPC_S_INVALID_ARG will be returned by RpcBindingSetAuthInfoEx.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_QOS_CAPABILITIES Capabilities;
|
||
|
||
/// <summary>
|
||
/// <para>Sets the context tracking mode. Should be set to one of the values shown in the following table.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_IDENTITY_STATIC</term>
|
||
/// <term>
|
||
/// Security context is created only once and is never revised during the entire communication, even if the client side changes
|
||
/// it. This is the default behavior if RPC_SECURITY_QOS is not specified.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_IDENTITY_DYNAMIC</term>
|
||
/// <term>
|
||
/// Context is revised whenever the ModifiedId in the client's token is changed. All protocols use the ModifiedId (see note).
|
||
/// Windows 2000: All remote protocols (all protocols other than ncalrpc) use the AuthenticationID, also known as the LogonId,
|
||
/// to track changes in the client's identity. The ncalrpc protocol uses ModifiedId.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_QOS_IDENTITY IdentityTracking;
|
||
|
||
/// <summary>
|
||
/// <para>Level at which the server process can impersonate the client.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_DEFAULT</term>
|
||
/// <term>Uses the default impersonation level.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_ANONYMOUS</term>
|
||
/// <term>
|
||
/// Client does not provide identification information to the server. The server cannot impersonate the client or identify the
|
||
/// client. Many servers reject calls with this impersonation type.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_IDENTIFY</term>
|
||
/// <term>
|
||
/// Server can obtain the client's identity, and impersonate the client to perform Access Control List (ACL) checks, but cannot
|
||
/// impersonate the client. See Impersonation Levels for more information.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_IMPERSONATE</term>
|
||
/// <term>Server can impersonate the client's security context on its local system, but not on remote systems.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_DELEGATE</term>
|
||
/// <term>
|
||
/// The server can impersonate the client's security context while acting on behalf of the client. The server can also make
|
||
/// outgoing calls to other servers while acting on behalf of the client. The server may use the client's security context on
|
||
/// other machines to access local and remote resources as the client.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_IMP_LEVEL ImpersonationType;
|
||
}
|
||
|
||
/// <summary>
|
||
/// The <c>RPC_SECURITY_QOS_V2</c> structure defines version 2 security quality-of-service settings on a binding handle. See Remarks
|
||
/// for version availability on Windows editions.
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>The following listing defines the availability of QOS versions on various Windows operating systems:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>Version 1: Windows 2000 and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 2: Windows XP with Service Pack 1 (SP1) and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 3: Windows Server 2003 and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 4: Windows Vista and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 5: Windows 8 and later.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// Windows editions support downlevel versions as well. For example, Windows Server 2003 supports version 3, but also supports
|
||
/// versions 1 and 2.
|
||
/// </para>
|
||
/// <para>
|
||
/// The client-side security functions RpcBindingInqAuthInfoEx and RpcBindingSetAuthInfo use the RPC_SECURITY_QOS structure to
|
||
/// inquire about, or to set, the security quality of service for a binding handle.
|
||
/// </para>
|
||
/// <para>
|
||
/// RPC supports the RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT hint (unsupported on Windows XP and earlier client editions, unsupported
|
||
/// on Windows 2000 and earlier server editions). This hint is used only when dynamic endpoints and mutual authentication are used.
|
||
/// Furthermore, it is not supported for the <c>ncadg_</c> protocol sequences. If this flag is used for a <c>ncadg_</c> protocol
|
||
/// sequence, or without using mutual authentication, RPC_S_INVALID_ARG is returned from the RpcBindingSetAuthInfoEx function call.
|
||
/// This flag is designed to prevent a Denial of Service Attack. Using this flag forces the RPC Runtime to ask the endpoint mapper
|
||
/// only for endpoints registered by the principal specified in the <c>ServerPrincName</c> or <c>Sid</c> members. This prevents an
|
||
/// attacker on the local machine from trying to trick your RPC client to connect to a spoof endpoint it has registered in the
|
||
/// endpoint mapper. Note that since the attack is local only (such as from a terminal server machine with many users), the flag
|
||
/// also works only for RPC calls made locally.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> Some security providers, such as Kerberos, support delegation-impersonation type. On Windows editions that support
|
||
/// delegation-impersonation type, if the client has asked for delegation but the security provider is unable to provide it, the
|
||
/// call fails with PRC_S_SEC_PKG_ERROR unless the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag is specified.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_security_qos_v2_a typedef struct _RPC_SECURITY_QOS_V2_A {
|
||
// unsigned long Version; unsigned long Capabilities; unsigned long IdentityTracking; unsigned long ImpersonationType; unsigned long
|
||
// AdditionalSecurityInfoType; union { RPC_HTTP_TRANSPORT_CREDENTIALS_A *HttpCredentials; } u; } RPC_SECURITY_QOS_V2_A, *PRPC_SECURITY_QOS_V2_A;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_SECURITY_QOS_V2_A")]
|
||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
|
||
public struct RPC_SECURITY_QOS_V2
|
||
{
|
||
/// <summary>
|
||
/// Version of the <c>RPC_SECURITY_QOS</c> structure being used. This topic documents version 1 of the <c>RPC_SECURITY_QOS</c>
|
||
/// structure. See RPC_SECURITY_QOS_V2, RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4 and RPC_SECURITY_QOS_V5 for other versions.
|
||
/// </summary>
|
||
public uint Version;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// Security services being provided to the application. Capabilities is a set of flags that can be combined using the bitwise
|
||
/// OR operator.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_DEFAULT</term>
|
||
/// <term>Used when no provider-specific capabilities are needed.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH</term>
|
||
/// <term>
|
||
/// Specifying this flag causes the RPC run time to request mutual authentication from the security provider. Some security
|
||
/// providers do not support mutual authentication. If the security provider does not support mutual authentication, or the
|
||
/// identity of the server cannot be established, a remote procedure call to such server fails with error RPC_S_SEC_PKG_ERROR.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_MAKE_FULLSIC</term>
|
||
/// <term>Not currently implemented.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_ANY_AUTHORITY</term>
|
||
/// <term>
|
||
/// Accepts the client's credentials even if the certificate authority (CA) is not in the server's list of trusted CAs. This
|
||
/// constant is used only by the SCHANNEL SSP.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE</term>
|
||
/// <term>
|
||
/// When specified, this flag directs the RPC runtime on the client to ignore an error to establish a security context that
|
||
/// supports delegation. Normally, if the client asks for delegation and the security system cannot establish a security context
|
||
/// that supports delegation, error RPC_S_SEC_PKG_ERROR is returned; when this flag is specified, no error is returned.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT</term>
|
||
/// <term>
|
||
/// This flag specifies to RPC that the server is local to the machine making the RPC call. In this situation RPC instructs the
|
||
/// endpoint mapper to pick up only endpoints registered by the principal specified in the ServerPrincName or Sid members (these
|
||
/// members are available in RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4, and RPC_SECURITY_QOS_V5 only). See Remarks for more information.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY</term>
|
||
/// <term>
|
||
/// If set, the RPC runtime uses the SChannel SSP to perform smartcard-based authentication without displaying a PIN prompt
|
||
/// dialog box by the cryptographic services provider (CSP). In the call to RpcBindingSetAuthInfoEx, the AuthIdentity parameter
|
||
/// must be a SEC_WINNT_AUTH_IDENTITY structure whose members contain the following: If the
|
||
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY flag is used for any SSP other than SChannel, or if the members of
|
||
/// SEC_WINNT_AUTH_IDENTITY do not conform to the above, RPC_S_INVALID_ARG will be returned by RpcBindingSetAuthInfoEx.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_QOS_CAPABILITIES Capabilities;
|
||
|
||
/// <summary>
|
||
/// <para>Sets the context tracking mode. Should be set to one of the values shown in the following table.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_IDENTITY_STATIC</term>
|
||
/// <term>
|
||
/// Security context is created only once and is never revised during the entire communication, even if the client side changes
|
||
/// it. This is the default behavior if RPC_SECURITY_QOS is not specified.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_IDENTITY_DYNAMIC</term>
|
||
/// <term>
|
||
/// Context is revised whenever the ModifiedId in the client's token is changed. All protocols use the ModifiedId (see note).
|
||
/// Windows 2000: All remote protocols (all protocols other than ncalrpc) use the AuthenticationID, also known as the LogonId,
|
||
/// to track changes in the client's identity. The ncalrpc protocol uses ModifiedId.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_QOS_IDENTITY IdentityTracking;
|
||
|
||
/// <summary>
|
||
/// <para>Level at which the server process can impersonate the client.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_DEFAULT</term>
|
||
/// <term>Uses the default impersonation level.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_ANONYMOUS</term>
|
||
/// <term>
|
||
/// Client does not provide identification information to the server. The server cannot impersonate the client or identify the
|
||
/// client. Many servers reject calls with this impersonation type.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_IDENTIFY</term>
|
||
/// <term>
|
||
/// Server can obtain the client's identity, and impersonate the client to perform Access Control List (ACL) checks, but cannot
|
||
/// impersonate the client. See Impersonation Levels for more information.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_IMPERSONATE</term>
|
||
/// <term>Server can impersonate the client's security context on its local system, but not on remote systems.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_DELEGATE</term>
|
||
/// <term>
|
||
/// The server can impersonate the client's security context while acting on behalf of the client. The server can also make
|
||
/// outgoing calls to other servers while acting on behalf of the client. The server may use the client's security context on
|
||
/// other machines to access local and remote resources as the client.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_IMP_LEVEL ImpersonationType;
|
||
|
||
/// <summary>
|
||
/// <para>Specifies the type of additional credentials present in the <c>u</c> union. The following constants are supported:</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Supported Constants</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>0</term>
|
||
/// <term>No additional credentials are passed in the u union.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_AUTHN_INFO_TYPE_HTTP</term>
|
||
/// <term>
|
||
/// The HttpCredentials member of the u union points to a RPC_HTTP_TRANSPORT_CREDENTIALS structure. This value can be used only
|
||
/// when the protocol sequence is ncacn_http. Any other protocol sequence returns RPC_S_INVALID_ARG.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_AUTHN_INFO_TYPE AdditionalSecurityInfoType;
|
||
|
||
/// <summary>
|
||
/// Additional set of credentials to pass to RPC, in the form of an RPC_HTTP_TRANSPORT_CREDENTIALS structure. Used when the
|
||
/// <c>AdditionalSecurityInfoType</c> member is set to RPC_C_AUTHN_INFO_TYPE_HTTP.
|
||
/// </summary>
|
||
public IntPtr u;
|
||
}
|
||
|
||
/// <summary>
|
||
/// The <c>RPC_SECURITY_QOS_V3</c> structure defines version 3 security quality-of-service settings on a binding handle. See Remarks
|
||
/// for version availability on Windows editions.
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>The following listing defines the availability of QOS versions on various Windows operating systems:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>Version 1: Windows 2000 and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 2: Windows XP with Service Pack 1 (SP1) and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 3: Windows Server 2003 and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 4: Windows Vista and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 5: Windows 8 and later.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// Windows editions support downlevel versions as well. For example, Windows Server 2003 supports version 3, but also supports
|
||
/// versions 1 and 2.
|
||
/// </para>
|
||
/// <para>
|
||
/// The client-side security functions RpcBindingInqAuthInfoEx and RpcBindingSetAuthInfo use the RPC_SECURITY_QOS structure to
|
||
/// inquire about, or to set, the security quality of service for a binding handle.
|
||
/// </para>
|
||
/// <para>
|
||
/// RPC supports the RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT hint (unsupported on Windows XP and earlier client editions, unsupported
|
||
/// on Windows 2000 and earlier server editions). This hint is used only when dynamic endpoints and mutual authentication are used.
|
||
/// Furthermore, it is not supported for the <c>ncadg_</c> protocol sequences. If this flag is used for a <c>ncadg_</c> protocol
|
||
/// sequence, or without using mutual authentication, RPC_S_INVALID_ARG is returned from the RpcBindingSetAuthInfoEx function call.
|
||
/// This flag is designed to prevent a Denial of Service Attack. Using this flag forces the RPC Runtime to ask the endpoint mapper
|
||
/// only for endpoints registered by the principal specified in the <c>ServerPrincName</c> or <c>Sid</c> members. This prevents an
|
||
/// attacker on the local machine from trying to trick your RPC client to connect to a spoof endpoint it has registered in the
|
||
/// endpoint mapper. Note that since the attack is local only (such as from a terminal server machine with many users), the flag
|
||
/// also works only for RPC calls made locally.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> Some security providers, such as Kerberos, support delegation-impersonation type. On Windows editions that support
|
||
/// delegation-impersonation type, if the client has asked for delegation but the security provider is unable to provide it, the
|
||
/// call fails with PRC_S_SEC_PKG_ERROR unless the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag is specified.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_security_qos_v3_a typedef struct _RPC_SECURITY_QOS_V3_A {
|
||
// unsigned long Version; unsigned long Capabilities; unsigned long IdentityTracking; unsigned long ImpersonationType; unsigned long
|
||
// AdditionalSecurityInfoType; union { RPC_HTTP_TRANSPORT_CREDENTIALS_A *HttpCredentials; } u; void *Sid; } RPC_SECURITY_QOS_V3_A, *PRPC_SECURITY_QOS_V3_A;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_SECURITY_QOS_V3_A")]
|
||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
|
||
public struct RPC_SECURITY_QOS_V3
|
||
{
|
||
/// <summary>
|
||
/// Version of the <c>RPC_SECURITY_QOS</c> structure being used. This topic documents version 1 of the <c>RPC_SECURITY_QOS</c>
|
||
/// structure. See RPC_SECURITY_QOS_V2, RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4 and RPC_SECURITY_QOS_V5 for other versions.
|
||
/// </summary>
|
||
public uint Version;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// Security services being provided to the application. Capabilities is a set of flags that can be combined using the bitwise
|
||
/// OR operator.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_DEFAULT</term>
|
||
/// <term>Used when no provider-specific capabilities are needed.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH</term>
|
||
/// <term>
|
||
/// Specifying this flag causes the RPC run time to request mutual authentication from the security provider. Some security
|
||
/// providers do not support mutual authentication. If the security provider does not support mutual authentication, or the
|
||
/// identity of the server cannot be established, a remote procedure call to such server fails with error RPC_S_SEC_PKG_ERROR.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_MAKE_FULLSIC</term>
|
||
/// <term>Not currently implemented.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_ANY_AUTHORITY</term>
|
||
/// <term>
|
||
/// Accepts the client's credentials even if the certificate authority (CA) is not in the server's list of trusted CAs. This
|
||
/// constant is used only by the SCHANNEL SSP.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE</term>
|
||
/// <term>
|
||
/// When specified, this flag directs the RPC runtime on the client to ignore an error to establish a security context that
|
||
/// supports delegation. Normally, if the client asks for delegation and the security system cannot establish a security context
|
||
/// that supports delegation, error RPC_S_SEC_PKG_ERROR is returned; when this flag is specified, no error is returned.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT</term>
|
||
/// <term>
|
||
/// This flag specifies to RPC that the server is local to the machine making the RPC call. In this situation RPC instructs the
|
||
/// endpoint mapper to pick up only endpoints registered by the principal specified in the ServerPrincName or Sid members (these
|
||
/// members are available in RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4, and RPC_SECURITY_QOS_V5 only). See Remarks for more information.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY</term>
|
||
/// <term>
|
||
/// If set, the RPC runtime uses the SChannel SSP to perform smartcard-based authentication without displaying a PIN prompt
|
||
/// dialog box by the cryptographic services provider (CSP). In the call to RpcBindingSetAuthInfoEx, the AuthIdentity parameter
|
||
/// must be a SEC_WINNT_AUTH_IDENTITY structure whose members contain the following: If the
|
||
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY flag is used for any SSP other than SChannel, or if the members of
|
||
/// SEC_WINNT_AUTH_IDENTITY do not conform to the above, RPC_S_INVALID_ARG will be returned by RpcBindingSetAuthInfoEx.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_QOS_CAPABILITIES Capabilities;
|
||
|
||
/// <summary>
|
||
/// <para>Sets the context tracking mode. Should be set to one of the values shown in the following table.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_IDENTITY_STATIC</term>
|
||
/// <term>
|
||
/// Security context is created only once and is never revised during the entire communication, even if the client side changes
|
||
/// it. This is the default behavior if RPC_SECURITY_QOS is not specified.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_IDENTITY_DYNAMIC</term>
|
||
/// <term>
|
||
/// Context is revised whenever the ModifiedId in the client's token is changed. All protocols use the ModifiedId (see note).
|
||
/// Windows 2000: All remote protocols (all protocols other than ncalrpc) use the AuthenticationID, also known as the LogonId,
|
||
/// to track changes in the client's identity. The ncalrpc protocol uses ModifiedId.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_QOS_IDENTITY IdentityTracking;
|
||
|
||
/// <summary>
|
||
/// <para>Level at which the server process can impersonate the client.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_DEFAULT</term>
|
||
/// <term>Uses the default impersonation level.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_ANONYMOUS</term>
|
||
/// <term>
|
||
/// Client does not provide identification information to the server. The server cannot impersonate the client or identify the
|
||
/// client. Many servers reject calls with this impersonation type.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_IDENTIFY</term>
|
||
/// <term>
|
||
/// Server can obtain the client's identity, and impersonate the client to perform Access Control List (ACL) checks, but cannot
|
||
/// impersonate the client. See Impersonation Levels for more information.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_IMPERSONATE</term>
|
||
/// <term>Server can impersonate the client's security context on its local system, but not on remote systems.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_DELEGATE</term>
|
||
/// <term>
|
||
/// The server can impersonate the client's security context while acting on behalf of the client. The server can also make
|
||
/// outgoing calls to other servers while acting on behalf of the client. The server may use the client's security context on
|
||
/// other machines to access local and remote resources as the client.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_IMP_LEVEL ImpersonationType;
|
||
|
||
/// <summary>
|
||
/// <para>Specifies the type of additional credentials present in the <c>u</c> union. The following constants are supported:</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Supported Constants</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>0</term>
|
||
/// <term>No additional credentials are passed in the u union.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_AUTHN_INFO_TYPE_HTTP</term>
|
||
/// <term>
|
||
/// The HttpCredentials member of the u union points to a RPC_HTTP_TRANSPORT_CREDENTIALS structure. This value can be used only
|
||
/// when the protocol sequence is ncacn_http. Any other protocol sequence returns RPC_S_INVALID_ARG.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_AUTHN_INFO_TYPE AdditionalSecurityInfoType;
|
||
|
||
/// <summary>
|
||
/// Additional set of credentials to pass to RPC, in the form of an RPC_HTTP_TRANSPORT_CREDENTIALS structure. Used when the
|
||
/// <c>AdditionalSecurityInfoType</c> member is set to RPC_C_AUTHN_INFO_TYPE_HTTP.
|
||
/// </summary>
|
||
public IntPtr u;
|
||
|
||
/// <summary>
|
||
/// Points to a security identifier (SID). The SID is an alternative to the <c>ServerPrincName</c> member, and only one can be
|
||
/// specified. The <c>Sid</c> member cannot be set to non- <c>NULL</c> if the security provider is the SCHANNEL SSP. Some
|
||
/// protocol sequences use <c>Sid</c> internally for security, and some use a <c>ServerPrincName</c>. For example, ncalrpc uses
|
||
/// a <c>Sid</c> internally, and if the caller knows both the SID and the <c>ServerPrincName</c>, a call using <c>ncalrpc</c>
|
||
/// can complete much faster in some cases if the SID is passed. In contrast, the <c>ncacn_</c> and <c>ncadg_</c> protocol
|
||
/// sequences use a <c>ServerPrincName</c> internally, and therefore can execute calls faster when provided the <c>ServerPrincName</c>.
|
||
/// </summary>
|
||
public PSID Sid;
|
||
}
|
||
|
||
/// <summary>
|
||
/// The <c>RPC_SECURITY_QOS_V4</c> structure defines version 4 security quality-of-service settings on a binding handle. See Remarks
|
||
/// for version availability on Windows editions.
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>The following listing defines the availability of QOS versions on various Windows operating systems:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>Version 1: Windows 2000 and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 2: Windows XP with Service Pack 1 (SP1) and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 3: Windows Server 2003 and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 4: Windows Vista and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 5: Windows 8 and later.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// Windows editions support downlevel versions as well. For example, Windows Server 2003 supports version 3, but also supports
|
||
/// versions 1 and 2.
|
||
/// </para>
|
||
/// <para>
|
||
/// The client-side security functions RpcBindingInqAuthInfoEx and RpcBindingSetAuthInfo use the RPC_SECURITY_QOS structure to
|
||
/// inquire about, or to set, the security quality of service for a binding handle.
|
||
/// </para>
|
||
/// <para>
|
||
/// RPC supports the RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT hint (unsupported on Windows XP and earlier client editions, unsupported
|
||
/// on Windows 2000 and earlier server editions). This hint is used only when dynamic endpoints and mutual authentication are used.
|
||
/// Furthermore, it is not supported for the <c>ncadg_</c> protocol sequences. If this flag is used for a <c>ncadg_</c> protocol
|
||
/// sequence, or without using mutual authentication, RPC_S_INVALID_ARG is returned from the RpcBindingSetAuthInfoEx function call.
|
||
/// This flag is designed to prevent a Denial of Service Attack. Using this flag forces the RPC Runtime to ask the endpoint mapper
|
||
/// only for endpoints registered by the principal specified in the <c>ServerPrincName</c> or <c>Sid</c> members. This prevents an
|
||
/// attacker on the local machine from trying to trick your RPC client to connect to a spoof endpoint it has registered in the
|
||
/// endpoint mapper. Note that since the attack is local only (such as from a terminal server machine with many users), the flag
|
||
/// also works only for RPC calls made locally.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> Some security providers, such as Kerberos, support delegation-impersonation type. On Windows editions that support
|
||
/// delegation-impersonation type, if the client has asked for delegation but the security provider is unable to provide it, the
|
||
/// call fails with PRC_S_SEC_PKG_ERROR unless the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag is specified.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_security_qos_v4_a typedef struct _RPC_SECURITY_QOS_V4_A {
|
||
// unsigned long Version; unsigned long Capabilities; unsigned long IdentityTracking; unsigned long ImpersonationType; unsigned long
|
||
// AdditionalSecurityInfoType; union { RPC_HTTP_TRANSPORT_CREDENTIALS_A *HttpCredentials; } u; void *Sid; unsigned int
|
||
// EffectiveOnly; } RPC_SECURITY_QOS_V4_A, *PRPC_SECURITY_QOS_V4_A;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_SECURITY_QOS_V4_A")]
|
||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
|
||
public struct RPC_SECURITY_QOS_V4
|
||
{
|
||
/// <summary>
|
||
/// Version of the <c>RPC_SECURITY_QOS</c> structure being used. This topic documents version 1 of the <c>RPC_SECURITY_QOS</c>
|
||
/// structure. See RPC_SECURITY_QOS_V2, RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4 and RPC_SECURITY_QOS_V5 for other versions.
|
||
/// </summary>
|
||
public uint Version;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// Security services being provided to the application. Capabilities is a set of flags that can be combined using the bitwise
|
||
/// OR operator.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_DEFAULT</term>
|
||
/// <term>Used when no provider-specific capabilities are needed.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH</term>
|
||
/// <term>
|
||
/// Specifying this flag causes the RPC run time to request mutual authentication from the security provider. Some security
|
||
/// providers do not support mutual authentication. If the security provider does not support mutual authentication, or the
|
||
/// identity of the server cannot be established, a remote procedure call to such server fails with error RPC_S_SEC_PKG_ERROR.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_MAKE_FULLSIC</term>
|
||
/// <term>Not currently implemented.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_ANY_AUTHORITY</term>
|
||
/// <term>
|
||
/// Accepts the client's credentials even if the certificate authority (CA) is not in the server's list of trusted CAs. This
|
||
/// constant is used only by the SCHANNEL SSP.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE</term>
|
||
/// <term>
|
||
/// When specified, this flag directs the RPC runtime on the client to ignore an error to establish a security context that
|
||
/// supports delegation. Normally, if the client asks for delegation and the security system cannot establish a security context
|
||
/// that supports delegation, error RPC_S_SEC_PKG_ERROR is returned; when this flag is specified, no error is returned.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT</term>
|
||
/// <term>
|
||
/// This flag specifies to RPC that the server is local to the machine making the RPC call. In this situation RPC instructs the
|
||
/// endpoint mapper to pick up only endpoints registered by the principal specified in the ServerPrincName or Sid members (these
|
||
/// members are available in RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4, and RPC_SECURITY_QOS_V5 only). See Remarks for more information.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY</term>
|
||
/// <term>
|
||
/// If set, the RPC runtime uses the SChannel SSP to perform smartcard-based authentication without displaying a PIN prompt
|
||
/// dialog box by the cryptographic services provider (CSP). In the call to RpcBindingSetAuthInfoEx, the AuthIdentity parameter
|
||
/// must be a SEC_WINNT_AUTH_IDENTITY structure whose members contain the following: If the
|
||
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY flag is used for any SSP other than SChannel, or if the members of
|
||
/// SEC_WINNT_AUTH_IDENTITY do not conform to the above, RPC_S_INVALID_ARG will be returned by RpcBindingSetAuthInfoEx.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_QOS_CAPABILITIES Capabilities;
|
||
|
||
/// <summary>
|
||
/// <para>Sets the context tracking mode. Should be set to one of the values shown in the following table.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_IDENTITY_STATIC</term>
|
||
/// <term>
|
||
/// Security context is created only once and is never revised during the entire communication, even if the client side changes
|
||
/// it. This is the default behavior if RPC_SECURITY_QOS is not specified.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_IDENTITY_DYNAMIC</term>
|
||
/// <term>
|
||
/// Context is revised whenever the ModifiedId in the client's token is changed. All protocols use the ModifiedId (see note).
|
||
/// Windows 2000: All remote protocols (all protocols other than ncalrpc) use the AuthenticationID, also known as the LogonId,
|
||
/// to track changes in the client's identity. The ncalrpc protocol uses ModifiedId.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_QOS_IDENTITY IdentityTracking;
|
||
|
||
/// <summary>
|
||
/// <para>Level at which the server process can impersonate the client.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_DEFAULT</term>
|
||
/// <term>Uses the default impersonation level.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_ANONYMOUS</term>
|
||
/// <term>
|
||
/// Client does not provide identification information to the server. The server cannot impersonate the client or identify the
|
||
/// client. Many servers reject calls with this impersonation type.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_IDENTIFY</term>
|
||
/// <term>
|
||
/// Server can obtain the client's identity, and impersonate the client to perform Access Control List (ACL) checks, but cannot
|
||
/// impersonate the client. See Impersonation Levels for more information.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_IMPERSONATE</term>
|
||
/// <term>Server can impersonate the client's security context on its local system, but not on remote systems.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_DELEGATE</term>
|
||
/// <term>
|
||
/// The server can impersonate the client's security context while acting on behalf of the client. The server can also make
|
||
/// outgoing calls to other servers while acting on behalf of the client. The server may use the client's security context on
|
||
/// other machines to access local and remote resources as the client.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_IMP_LEVEL ImpersonationType;
|
||
|
||
/// <summary>
|
||
/// <para>Specifies the type of additional credentials present in the <c>u</c> union. The following constants are supported:</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Supported Constants</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>0</term>
|
||
/// <term>No additional credentials are passed in the u union.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_AUTHN_INFO_TYPE_HTTP</term>
|
||
/// <term>
|
||
/// The HttpCredentials member of the u union points to a RPC_HTTP_TRANSPORT_CREDENTIALS structure. This value can be used only
|
||
/// when the protocol sequence is ncacn_http. Any other protocol sequence returns RPC_S_INVALID_ARG.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_AUTHN_INFO_TYPE AdditionalSecurityInfoType;
|
||
|
||
/// <summary>
|
||
/// Additional set of credentials to pass to RPC, in the form of an RPC_HTTP_TRANSPORT_CREDENTIALS structure. Used when the
|
||
/// <c>AdditionalSecurityInfoType</c> member is set to RPC_C_AUTHN_INFO_TYPE_HTTP.
|
||
/// </summary>
|
||
public IntPtr u;
|
||
|
||
/// <summary>
|
||
/// Points to a security identifier (SID). The SID is an alternative to the <c>ServerPrincName</c> member, and only one can be
|
||
/// specified. The <c>Sid</c> member cannot be set to non- <c>NULL</c> if the security provider is the SCHANNEL SSP. Some
|
||
/// protocol sequences use <c>Sid</c> internally for security, and some use a <c>ServerPrincName</c>. For example, ncalrpc uses
|
||
/// a <c>Sid</c> internally, and if the caller knows both the SID and the <c>ServerPrincName</c>, a call using <c>ncalrpc</c>
|
||
/// can complete much faster in some cases if the SID is passed. In contrast, the <c>ncacn_</c> and <c>ncadg_</c> protocol
|
||
/// sequences use a <c>ServerPrincName</c> internally, and therefore can execute calls faster when provided the <c>ServerPrincName</c>.
|
||
/// </summary>
|
||
public PSID Sid;
|
||
|
||
/// <summary>If set, only enabled privileges are seen by the server.</summary>
|
||
[MarshalAs(UnmanagedType.Bool)]
|
||
public bool EffectiveOnly;
|
||
}
|
||
|
||
/// <summary>
|
||
/// The <c>RPC_SECURITY_QOS_V5</c> structure defines version 5 security quality-of-service settings on a binding handle. See Remarks
|
||
/// for version availability on Windows editions.
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>The following listing defines the availability of QOS versions on various Windows operating systems:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>Version 1: Windows 2000 and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 2: Windows XP with Service Pack 1 (SP1) and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 3: Windows Server 2003 and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 4: Windows Vista and later.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Version 5: Windows 8 and later.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// Windows editions support downlevel versions as well. For example, Windows Server 2003 supports version 3, but also supports
|
||
/// versions 1 and 2.
|
||
/// </para>
|
||
/// <para>
|
||
/// The client-side security functions RpcBindingInqAuthInfoEx and RpcBindingSetAuthInfo use the RPC_SECURITY_QOS structure to
|
||
/// inquire about, or to set, the security quality of service for a binding handle.
|
||
/// </para>
|
||
/// <para>
|
||
/// RPC supports the RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT hint (unsupported on Windows XP and earlier client editions, unsupported
|
||
/// on Windows 2000 and earlier server editions). This hint is used only when dynamic endpoints and mutual authentication are used.
|
||
/// Furthermore, it is not supported for the <c>ncadg_</c> protocol sequences. If this flag is used for a <c>ncadg_</c> protocol
|
||
/// sequence, or without using mutual authentication, RPC_S_INVALID_ARG is returned from the RpcBindingSetAuthInfoEx function call.
|
||
/// This flag is designed to prevent a Denial of Service Attack. Using this flag forces the RPC Runtime to ask the endpoint mapper
|
||
/// only for endpoints registered by the principal specified in the <c>ServerPrincName</c> or <c>Sid</c> members. This prevents an
|
||
/// attacker on the local machine from trying to trick your RPC client to connect to a spoof endpoint it has registered in the
|
||
/// endpoint mapper. Note that since the attack is local only (such as from a terminal server machine with many users), the flag
|
||
/// also works only for RPC calls made locally.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> Some security providers, such as Kerberos, support delegation-impersonation type. On Windows editions that support
|
||
/// delegation-impersonation type, if the client has asked for delegation but the security provider is unable to provide it, the
|
||
/// call fails with PRC_S_SEC_PKG_ERROR unless the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag is specified.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_security_qos_v5_a typedef struct _RPC_SECURITY_QOS_V5_A {
|
||
// unsigned long Version; unsigned long Capabilities; unsigned long IdentityTracking; unsigned long ImpersonationType; unsigned long
|
||
// AdditionalSecurityInfoType; union { RPC_HTTP_TRANSPORT_CREDENTIALS_A *HttpCredentials; } u; void *Sid; unsigned int
|
||
// EffectiveOnly; void *ServerSecurityDescriptor; } RPC_SECURITY_QOS_V5_A, *PRPC_SECURITY_QOS_V5_A;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._RPC_SECURITY_QOS_V5_A")]
|
||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
|
||
public struct RPC_SECURITY_QOS_V5
|
||
{
|
||
/// <summary>
|
||
/// Version of the <c>RPC_SECURITY_QOS</c> structure being used. This topic documents version 1 of the <c>RPC_SECURITY_QOS</c>
|
||
/// structure. See RPC_SECURITY_QOS_V2, RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4 and RPC_SECURITY_QOS_V5 for other versions.
|
||
/// </summary>
|
||
public uint Version;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// Security services being provided to the application. Capabilities is a set of flags that can be combined using the bitwise
|
||
/// OR operator.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_DEFAULT</term>
|
||
/// <term>Used when no provider-specific capabilities are needed.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH</term>
|
||
/// <term>
|
||
/// Specifying this flag causes the RPC run time to request mutual authentication from the security provider. Some security
|
||
/// providers do not support mutual authentication. If the security provider does not support mutual authentication, or the
|
||
/// identity of the server cannot be established, a remote procedure call to such server fails with error RPC_S_SEC_PKG_ERROR.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_MAKE_FULLSIC</term>
|
||
/// <term>Not currently implemented.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_ANY_AUTHORITY</term>
|
||
/// <term>
|
||
/// Accepts the client's credentials even if the certificate authority (CA) is not in the server's list of trusted CAs. This
|
||
/// constant is used only by the SCHANNEL SSP.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE</term>
|
||
/// <term>
|
||
/// When specified, this flag directs the RPC runtime on the client to ignore an error to establish a security context that
|
||
/// supports delegation. Normally, if the client asks for delegation and the security system cannot establish a security context
|
||
/// that supports delegation, error RPC_S_SEC_PKG_ERROR is returned; when this flag is specified, no error is returned.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_LOCAL_MA_HINT</term>
|
||
/// <term>
|
||
/// This flag specifies to RPC that the server is local to the machine making the RPC call. In this situation RPC instructs the
|
||
/// endpoint mapper to pick up only endpoints registered by the principal specified in the ServerPrincName or Sid members (these
|
||
/// members are available in RPC_SECURITY_QOS_V3, RPC_SECURITY_QOS_V4, and RPC_SECURITY_QOS_V5 only). See Remarks for more information.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY</term>
|
||
/// <term>
|
||
/// If set, the RPC runtime uses the SChannel SSP to perform smartcard-based authentication without displaying a PIN prompt
|
||
/// dialog box by the cryptographic services provider (CSP). In the call to RpcBindingSetAuthInfoEx, the AuthIdentity parameter
|
||
/// must be a SEC_WINNT_AUTH_IDENTITY structure whose members contain the following: If the
|
||
/// RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY flag is used for any SSP other than SChannel, or if the members of
|
||
/// SEC_WINNT_AUTH_IDENTITY do not conform to the above, RPC_S_INVALID_ARG will be returned by RpcBindingSetAuthInfoEx.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_QOS_CAPABILITIES Capabilities;
|
||
|
||
/// <summary>
|
||
/// <para>Sets the context tracking mode. Should be set to one of the values shown in the following table.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_IDENTITY_STATIC</term>
|
||
/// <term>
|
||
/// Security context is created only once and is never revised during the entire communication, even if the client side changes
|
||
/// it. This is the default behavior if RPC_SECURITY_QOS is not specified.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_QOS_IDENTITY_DYNAMIC</term>
|
||
/// <term>
|
||
/// Context is revised whenever the ModifiedId in the client's token is changed. All protocols use the ModifiedId (see note).
|
||
/// Windows 2000: All remote protocols (all protocols other than ncalrpc) use the AuthenticationID, also known as the LogonId,
|
||
/// to track changes in the client's identity. The ncalrpc protocol uses ModifiedId.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_QOS_IDENTITY IdentityTracking;
|
||
|
||
/// <summary>
|
||
/// <para>Level at which the server process can impersonate the client.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_DEFAULT</term>
|
||
/// <term>Uses the default impersonation level.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_ANONYMOUS</term>
|
||
/// <term>
|
||
/// Client does not provide identification information to the server. The server cannot impersonate the client or identify the
|
||
/// client. Many servers reject calls with this impersonation type.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_IDENTIFY</term>
|
||
/// <term>
|
||
/// Server can obtain the client's identity, and impersonate the client to perform Access Control List (ACL) checks, but cannot
|
||
/// impersonate the client. See Impersonation Levels for more information.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_IMPERSONATE</term>
|
||
/// <term>Server can impersonate the client's security context on its local system, but not on remote systems.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_IMP_LEVEL_DELEGATE</term>
|
||
/// <term>
|
||
/// The server can impersonate the client's security context while acting on behalf of the client. The server can also make
|
||
/// outgoing calls to other servers while acting on behalf of the client. The server may use the client's security context on
|
||
/// other machines to access local and remote resources as the client.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_IMP_LEVEL ImpersonationType;
|
||
|
||
/// <summary>
|
||
/// <para>Specifies the type of additional credentials present in the <c>u</c> union. The following constants are supported:</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Supported Constants</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>0</term>
|
||
/// <term>No additional credentials are passed in the u union.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_AUTHN_INFO_TYPE_HTTP</term>
|
||
/// <term>
|
||
/// The HttpCredentials member of the u union points to a RPC_HTTP_TRANSPORT_CREDENTIALS structure. This value can be used only
|
||
/// when the protocol sequence is ncacn_http. Any other protocol sequence returns RPC_S_INVALID_ARG.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public RPC_C_AUTHN_INFO_TYPE AdditionalSecurityInfoType;
|
||
|
||
/// <summary>
|
||
/// Additional set of credentials to pass to RPC, in the form of an RPC_HTTP_TRANSPORT_CREDENTIALS structure. Used when the
|
||
/// <c>AdditionalSecurityInfoType</c> member is set to RPC_C_AUTHN_INFO_TYPE_HTTP.
|
||
/// </summary>
|
||
public IntPtr u;
|
||
|
||
/// <summary>
|
||
/// Points to a security identifier (SID). The SID is an alternative to the <c>ServerPrincName</c> member, and only one can be
|
||
/// specified. The <c>Sid</c> member cannot be set to non- <c>NULL</c> if the security provider is the SCHANNEL SSP. Some
|
||
/// protocol sequences use <c>Sid</c> internally for security, and some use a <c>ServerPrincName</c>. For example, ncalrpc uses
|
||
/// a <c>Sid</c> internally, and if the caller knows both the SID and the <c>ServerPrincName</c>, a call using <c>ncalrpc</c>
|
||
/// can complete much faster in some cases if the SID is passed. In contrast, the <c>ncacn_</c> and <c>ncadg_</c> protocol
|
||
/// sequences use a <c>ServerPrincName</c> internally, and therefore can execute calls faster when provided the <c>ServerPrincName</c>.
|
||
/// </summary>
|
||
public PSID Sid;
|
||
|
||
/// <summary>If set, only enabled privileges are seen by the server.</summary>
|
||
[MarshalAs(UnmanagedType.Bool)]
|
||
public bool EffectiveOnly;
|
||
|
||
/// <summary>A pointer to the SECURITY_DESCRIPTOR that identifies the server. It is required for mutual authentication.</summary>
|
||
public PSECURITY_DESCRIPTOR ServerSecurityDescriptor;
|
||
}
|
||
|
||
/// <summary>The <c>RPC_STATS_VECTOR</c> structure contains statistics from the RPC run-time library on a per-server basis.</summary>
|
||
/// <remarks>
|
||
/// The statistics vector contains a count member ( <c>Count</c>), followed by an array of statistics. To obtain run-time
|
||
/// statistics, an application calls RpcMgmtInqStats. The RPC run-time library allocates memory for the statistics vector. The
|
||
/// application calls RpcMgmtStatsVectorFree to free the statistics vector.
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-rpc_stats_vector typedef struct { unsigned int Count;
|
||
// unsigned long Stats[1]; } RPC_STATS_VECTOR;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce.__unnamed_struct_0")]
|
||
[VanaraMarshaler(typeof(SafeAnysizeStructMarshaler<RPC_STATS_VECTOR>), nameof(Count))]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct RPC_STATS_VECTOR
|
||
{
|
||
/// <summary>Number of statistics values present in the array <c>Stats</c>.</summary>
|
||
public uint Count;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// Array of unsigned long integers representing server statistics that contains <c>Count</c> elements. Each array element
|
||
/// contains an unsigned long value from the following list.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Constant</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>RPC_C_STATS_CALLS_IN</term>
|
||
/// <term>The number of remote procedure calls received by the server.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_STATS_CALLS_OUT</term>
|
||
/// <term>The number of remote procedure calls initiated by the server.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_STATS_PKTS_IN</term>
|
||
/// <term>The number of network packets received by the server.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>RPC_C_STATS_PKTS_OUT</term>
|
||
/// <term>The number of network packets sent by the server.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
|
||
public uint[] Stats;
|
||
}
|
||
|
||
/// <summary>Allows you to pass a particular user name and password to the run-time library for the purpose of authentication.</summary>
|
||
/// <remarks>
|
||
/// <para>When this structure is used with RPC, the structure must remain valid for the lifetime of the binding handle.</para>
|
||
/// <para>The strings may be ANSI or Unicode, depending on the value you assign to the <c>Flags</c> member.</para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/sspi/ns-sspi-sec_winnt_auth_identity_w typedef struct
|
||
// _SEC_WINNT_AUTH_IDENTITY_W { unsigned short *User; unsigned long UserLength; unsigned short *Domain; unsigned long DomainLength;
|
||
// unsigned short *Password; unsigned long PasswordLength; unsigned long Flags; } SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W;
|
||
[PInvokeData("sspi.h", MSDNShortId = "NS:sspi._SEC_WINNT_AUTH_IDENTITY_W")]
|
||
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
|
||
public struct SEC_WINNT_AUTH_IDENTITY
|
||
{
|
||
/// <summary>A string that contains the user name.</summary>
|
||
[MarshalAs(UnmanagedType.LPTStr)]
|
||
public string User;
|
||
|
||
/// <summary>The length, in characters, of the user string, not including the terminating null character.</summary>
|
||
public uint UserLength;
|
||
|
||
/// <summary>A string that contains the domain name or the workgroup name.</summary>
|
||
[MarshalAs(UnmanagedType.LPTStr)]
|
||
public string Domain;
|
||
|
||
/// <summary>The length, in characters, of the domain string, not including the terminating null character.</summary>
|
||
public uint DomainLength;
|
||
|
||
/// <summary>
|
||
/// A string that contains the password of the user in the domain or workgroup. When you have finished using the password,
|
||
/// remove the sensitive information from memory by calling SecureZeroMemory. For more information about protecting the
|
||
/// password, see Handling Passwords.
|
||
/// </summary>
|
||
[MarshalAs(UnmanagedType.LPTStr)]
|
||
public string Password;
|
||
|
||
/// <summary>The length, in characters, of the password string, not including the terminating null character.</summary>
|
||
public uint PasswordLength;
|
||
|
||
/// <summary>
|
||
/// <para>This member can be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>SEC_WINNT_AUTH_IDENTITY_ANSI</term>
|
||
/// <term>The strings in this structure are in ANSI format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>SEC_WINNT_AUTH_IDENTITY_UNICODE</term>
|
||
/// <term>The strings in this structure are in Unicode format.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public SEC_WINNT_AUTH_IDENTITY_CHARSET Flags;
|
||
|
||
/// <summary>Gets the default value of the instance and sets <see cref="Flags"/> to the value defined by the runtime.</summary>
|
||
public static readonly SEC_WINNT_AUTH_IDENTITY Default = new SEC_WINNT_AUTH_IDENTITY { Flags = OsCharSet };
|
||
|
||
/// <summary>Initializes a new instance of the <see cref="SEC_WINNT_AUTH_IDENTITY"/> struct.</summary>
|
||
/// <param name="user">The user name.</param>
|
||
/// <param name="domain">The domain name or the workgroup name.</param>
|
||
/// <param name="password">The password of the user in the domain or workgroup.</param>
|
||
public SEC_WINNT_AUTH_IDENTITY(string user, string domain, string password = null)
|
||
{
|
||
User = user;
|
||
UserLength = (uint)(user?.Length ?? 0);
|
||
Domain = domain;
|
||
DomainLength = (uint)(domain?.Length ?? 0);
|
||
Password = password;
|
||
PasswordLength = (uint)(password?.Length ?? 0);
|
||
Flags = OsCharSet;
|
||
}
|
||
|
||
private static readonly SEC_WINNT_AUTH_IDENTITY_CHARSET OsCharSet = Vanara.Extensions.StringHelper.GetCharSize() == 1 ? SEC_WINNT_AUTH_IDENTITY_CHARSET.SEC_WINNT_AUTH_IDENTITY_ANSI : SEC_WINNT_AUTH_IDENTITY_CHARSET.SEC_WINNT_AUTH_IDENTITY_UNICODE;
|
||
}
|
||
|
||
/// <summary>The <c>UUID_VECTOR</c> structure contains a list of UUIDs.</summary>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// The UUID vector contains a count member containing the total number of <c>UUID</c> s in the vector, followed by an array of
|
||
/// pointers to <c>UUID</c> s.
|
||
/// </para>
|
||
/// <para>An application constructs a UUID vector to contain object <c>UUID</c> s to be exported or unexported from the name service.</para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/ns-rpcdce-uuid_vector typedef struct _UUID_VECTOR { unsigned long
|
||
// Count; UUID *Uuid[1]; } UUID_VECTOR;
|
||
[PInvokeData("rpcdce.h", MSDNShortId = "NS:rpcdce._UUID_VECTOR")]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct UUID_VECTOR : IArrayStruct<Guid>
|
||
{
|
||
/// <summary>Number of UUIDs present in the array <c>Uuid</c>.</summary>
|
||
public uint Count;
|
||
|
||
/// <summary>Array of pointers to UUIDs that contains <c>Count</c> elements.</summary>
|
||
public IntPtr Uuid;
|
||
}
|
||
|
||
/// <summary>
|
||
/// Provides a <see cref="SafeHandle"/> for <see cref="RPC_BINDING_HANDLE"/> that is disposed using <see cref="RpcBindingFree(ref RPC_BINDING_HANDLE)"/>.
|
||
/// </summary>
|
||
public class SafeRPC_BINDING_HANDLE : SafeHANDLE
|
||
{
|
||
/// <summary>Initializes a new instance of the <see cref="SafeRPC_BINDING_HANDLE"/> class and assigns an existing handle.</summary>
|
||
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
|
||
/// <param name="ownsHandle">
|
||
/// <see langword="true"/> to reliably release the handle during the finalization phase; otherwise, <see langword="false"/> (not recommended).
|
||
/// </param>
|
||
public SafeRPC_BINDING_HANDLE(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { }
|
||
|
||
/// <summary>Initializes a new instance of the <see cref="SafeRPC_BINDING_HANDLE"/> class.</summary>
|
||
private SafeRPC_BINDING_HANDLE() : base() { }
|
||
|
||
/// <summary>Performs an implicit conversion from <see cref="SafeRPC_BINDING_HANDLE"/> to <see cref="RPC_BINDING_HANDLE"/>.</summary>
|
||
/// <param name="h">The safe handle instance.</param>
|
||
/// <returns>The result of the conversion.</returns>
|
||
public static implicit operator RPC_BINDING_HANDLE(SafeRPC_BINDING_HANDLE h) => h.handle;
|
||
|
||
/// <inheritdoc/>
|
||
protected override bool InternalReleaseHandle()
|
||
{
|
||
RPC_BINDING_HANDLE hrb = handle;
|
||
return RpcBindingFree(ref hrb).Succeeded;
|
||
}
|
||
}
|
||
}
|
||
} |