diff --git a/Contexts/ContextAttrib.cs b/Contexts/ContextAttrib.cs
index de04053..9d2b5fb 100644
--- a/Contexts/ContextAttrib.cs
+++ b/Contexts/ContextAttrib.cs
@@ -6,16 +6,134 @@ using System.Threading.Tasks;
namespace NSspi.Contexts
{
+ ///
+ /// Defines options for creating a security context via win32 InitializeSecurityContext
+ /// (used by clients) and AcceptSecurityContext (used by servers).
+ /// Required attribute flags are specified when creating the context. InitializeSecurityContext
+ /// and AcceptSecurityContext returns a value indicating what final attributes the created context
+ /// actually has.
+ ///
[Flags]
- public enum ContextReqAttrib : int
+ public enum ContextAttrib : int
{
- None = 0,
- Delegate = 1,
- Identify = 2,
- MutualAuth = 4,
- }
+ ///
+ /// No additional attributes are provided.
+ ///
+ Zero = 0,
+
+ ///
+ /// The server can use the context to authenticate to other servers as the client. The
+ /// MutualAuth flag must be set for this flag to work. Valid for Kerberos. Ignore this flag for
+ /// constrained delegation, (TODO)(which is handled through a separate mechanism?).
+ ///
+ Delegate = 0x00000001,
- public enum ContextResultAttrib : int
- {
+ ///
+ /// The mutual authentication policy of the service will be satisfied.
+ /// *Caution* - This does not necessarily mean that mutual authentication is performed, only that
+ /// the authentication policy of the service is satisfied. To ensure that mutual authentication is
+ /// performed, query the context attributes after it is created.
+ ///
+ MutualAuth = 0x00000002,
+
+
+ ///
+ /// Detect replayed messages that have been encoded by using the EncryptMessage or MakeSignature
+ /// message support functionality.
+ ///
+ ReplayDetect = 0x00000004,
+
+ // The context must be allowed to detect out-of-order
+ // delivery of packets later through the message support
+ // functions. Use of this flag implies all of the
+ // conditions specified by the Integrity flag.
+
+ ///
+ /// Detect messages received out of sequence when using the message support functionality.
+ /// This flag implies all of the conditions specified by the Integrity flag - out-of-order sequence
+ /// detection can only be trusted if the integrity of any underlying sequence detection mechanism
+ /// in transmitted data can be trusted.
+ ///
+ SequenceDetect = 0x00000008,
+
+ // The context must protect data while in transit.
+ // Confidentiality is supported for NTLM with Microsoft
+ // Windows NT version 4.0, SP4 and later and with the
+ // Kerberos protocol in Microsoft Windows 2000 and later.
+
+ ///
+ /// The context must protect data while in transit. Encrypt messages by using the EncryptMessage function.
+ ///
+ Confidentiality = 0x00000010,
+
+ ///
+ /// A new session key must be negotiated.
+ /// This value is supported only by the Kerberos security package.
+ ///
+ UseSessionKey = 0x00000020,
+
+ ///
+ /// The security package allocates output buffers for you. Buffers allocated by the security package have
+ /// to be released by the context memory management functions.
+ ///
+ AllocateMemory = 0x00000100,
+
+ ///
+ /// The security context will not handle formatting messages. This value is the default for the Kerberos,
+ /// Negotiate, and NTLM security packages.
+ ///
+ Connection = 0x00000800,
+
+ ///
+ /// When errors occur, the remote party will be notified.
+ ///
+ ///
+ /// A client specifies InitExtendedError in InitializeSecurityContext
+ /// and the server specifies AcceptExtendedError in AcceptSecurityContext.
+ ///
+ InitExtendedError = 0x00004000,
+
+ ///
+ /// When errors occur, the remote party will be notified.
+ ///
+ ///
+ /// A client specifies InitExtendedError in InitializeSecurityContext
+ /// and the server specifies AcceptExtendedError in AcceptSecurityContext.
+ ///
+ AcceptExtendedError = 0x00008000,
+
+ ///
+ /// Support a stream-oriented connection. Provided by clients.
+ ///
+ InitStream = 0x00008000,
+
+ ///
+ /// Support a stream-oriented connection. Provided by servers.
+ ///
+ AcceptStream = 0x00010000,
+
+ ///
+ /// Sign messages and verify signatures by using the EncryptMessage and MakeSignature functions.
+ /// Replayed and out-of-sequence messages will not be detected with the setting of this attribute.
+ /// Set ReplayDetect and SequenceDetect also if these behaviors are desired.
+ ///
+ InitIntegrity = 0x00010000,
+
+ ///
+ /// Sign messages and verify signatures by using the EncryptMessage and MakeSignature functions.
+ /// Replayed and out-of-sequence messages will not be detected with the setting of this attribute.
+ /// Set ReplayDetect and SequenceDetect also if these behaviors are desired.
+ ///
+ AcceptIntegrity = 0x00020000,
+
+ ///
+ /// An Schannel provider connection is instructed to not authenticate the server automatically.
+ ///
+ InitManualCredValidation = 0x00080000,
+
+ ///
+ /// An Schannel provider connection is instructed to not authenticate the client automatically.
+ ///
+ InitUseSuppliedCreds = 0x00000080,
}
}