138 lines
5.7 KiB
C#
138 lines
5.7 KiB
C#
using System;
|
|
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using System.Text;
|
|
using System.Threading.Tasks;
|
|
|
|
namespace NSspi.Contexts
|
|
{
|
|
/// <summary>
|
|
/// Defines options for creating a security context via win32 InitializeSecurityContext
|
|
/// (used by clients) and AcceptSecurityContext (used by servers).
|
|
/// Required attribute flags are specified when creating the context. InitializeSecurityContext
|
|
/// and AcceptSecurityContext returns a value indicating what final attributes the created context
|
|
/// actually has.
|
|
/// </summary>
|
|
[Flags]
|
|
public enum ContextAttrib : int
|
|
{
|
|
/// <summary>
|
|
/// No additional attributes are provided.
|
|
/// </summary>
|
|
Zero = 0,
|
|
|
|
/// <summary>
|
|
/// The server can use the context to authenticate to other servers as the client. The
|
|
/// MutualAuth flag must be set for this flag to work. Valid for Kerberos. Ignore this flag for
|
|
/// constrained delegation, (TODO)(which is handled through a separate mechanism?).
|
|
/// </summary>
|
|
Delegate = 0x00000001,
|
|
|
|
/// <summary>
|
|
/// The mutual authentication policy of the service will be satisfied.
|
|
/// *Caution* - This does not necessarily mean that mutual authentication is performed, only that
|
|
/// the authentication policy of the service is satisfied. To ensure that mutual authentication is
|
|
/// performed, query the context attributes after it is created.
|
|
/// </summary>
|
|
MutualAuth = 0x00000002,
|
|
|
|
|
|
/// <summary>
|
|
/// Detect replayed messages that have been encoded by using the EncryptMessage or MakeSignature
|
|
/// message support functionality.
|
|
/// </summary>
|
|
ReplayDetect = 0x00000004,
|
|
|
|
/// <summary>
|
|
/// Detect messages received out of sequence when using the message support functionality.
|
|
/// This flag implies all of the conditions specified by the Integrity flag - out-of-order sequence
|
|
/// detection can only be trusted if the integrity of any underlying sequence detection mechanism
|
|
/// in transmitted data can be trusted.
|
|
/// </summary>
|
|
SequenceDetect = 0x00000008,
|
|
|
|
// The context must protect data while in transit.
|
|
// Confidentiality is supported for NTLM with Microsoft
|
|
// Windows NT version 4.0, SP4 and later and with the
|
|
// Kerberos protocol in Microsoft Windows 2000 and later.
|
|
|
|
/// <summary>
|
|
/// The context must protect data while in transit. Encrypt messages by using the EncryptMessage function.
|
|
/// </summary>
|
|
Confidentiality = 0x00000010,
|
|
|
|
/// <summary>
|
|
/// A new session key must be negotiated.
|
|
/// This value is supported only by the Kerberos security package.
|
|
/// </summary>
|
|
UseSessionKey = 0x00000020,
|
|
|
|
/// <summary>
|
|
/// The security package allocates output buffers for you. Buffers allocated by the security package have
|
|
/// to be released by the context memory management functions.
|
|
/// </summary>
|
|
AllocateMemory = 0x00000100,
|
|
|
|
/// <summary>
|
|
/// The security context will not handle formatting messages. This value is the default for the Kerberos,
|
|
/// Negotiate, and NTLM security packages.
|
|
/// </summary>
|
|
Connection = 0x00000800,
|
|
|
|
/// <summary>
|
|
/// When errors occur, the remote party will be notified.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// A client specifies InitExtendedError in InitializeSecurityContext
|
|
/// and the server specifies AcceptExtendedError in AcceptSecurityContext.
|
|
/// </remarks>
|
|
InitExtendedError = 0x00004000,
|
|
|
|
/// <summary>
|
|
/// When errors occur, the remote party will be notified.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// A client specifies InitExtendedError in InitializeSecurityContext
|
|
/// and the server specifies AcceptExtendedError in AcceptSecurityContext.
|
|
/// </remarks>
|
|
AcceptExtendedError = 0x00008000,
|
|
|
|
/// <summary>
|
|
/// Support a stream-oriented connection. Provided by clients.
|
|
/// </summary>
|
|
InitStream = 0x00008000,
|
|
|
|
/// <summary>
|
|
/// Support a stream-oriented connection. Provided by servers.
|
|
/// </summary>
|
|
AcceptStream = 0x00010000,
|
|
|
|
/// <summary>
|
|
/// Sign messages and verify signatures by using the EncryptMessage and MakeSignature functions.
|
|
/// Replayed and out-of-sequence messages will not be detected with the setting of this attribute.
|
|
/// Set ReplayDetect and SequenceDetect also if these behaviors are desired.
|
|
/// </summary>
|
|
InitIntegrity = 0x00010000,
|
|
|
|
/// <summary>
|
|
/// Sign messages and verify signatures by using the EncryptMessage and MakeSignature functions.
|
|
/// Replayed and out-of-sequence messages will not be detected with the setting of this attribute.
|
|
/// Set ReplayDetect and SequenceDetect also if these behaviors are desired.
|
|
/// </summary>
|
|
AcceptIntegrity = 0x00020000,
|
|
|
|
InitIdentify = 0x00020000,
|
|
AcceptIdentify = 0x00080000,
|
|
|
|
/// <summary>
|
|
/// An Schannel provider connection is instructed to not authenticate the server automatically.
|
|
/// </summary>
|
|
InitManualCredValidation = 0x00080000,
|
|
|
|
/// <summary>
|
|
/// An Schannel provider connection is instructed to not authenticate the client automatically.
|
|
/// </summary>
|
|
InitUseSuppliedCreds = 0x00000080,
|
|
}
|
|
}
|