diff --git a/TH-NETII Windows API.sln b/TH-NETII Windows API.sln index 1d34306c..3aa18739 100644 --- a/TH-NETII Windows API.sln +++ b/TH-NETII Windows API.sln @@ -80,7 +80,9 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "THNETII.WinApi.Headers.Proc EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "THNETII.WinApi.Headers.FileApi", "src\THNETII.WinApi.Headers.FileApi\THNETII.WinApi.Headers.FileApi.csproj", "{DC49BB25-34E5-4B07-A527-F341D2EF833B}" EndProject -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "THNETII.WinApi.Headers.SysInfoApi", "src\THNETII.WinApi.Headers.SysInfoApi\THNETII.WinApi.Headers.SysInfoApi.csproj", "{75FD2E4B-27C9-49D0-8869-99C934DAACCF}" +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "THNETII.WinApi.Headers.SysInfoApi", "src\THNETII.WinApi.Headers.SysInfoApi\THNETII.WinApi.Headers.SysInfoApi.csproj", "{75FD2E4B-27C9-49D0-8869-99C934DAACCF}" +EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "THNETII.WinApi.Headers.AuthZ", "src\THNETII.WinApi.Headers.AuthZ\THNETII.WinApi.Headers.AuthZ.csproj", "{6AD87FE7-9FC9-44FB-A22C-FCAD41CB7C3C}" EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution @@ -416,6 +418,18 @@ Global {75FD2E4B-27C9-49D0-8869-99C934DAACCF}.Release|x64.Build.0 = Release|Any CPU {75FD2E4B-27C9-49D0-8869-99C934DAACCF}.Release|x86.ActiveCfg = Release|Any CPU {75FD2E4B-27C9-49D0-8869-99C934DAACCF}.Release|x86.Build.0 = Release|Any CPU + {6AD87FE7-9FC9-44FB-A22C-FCAD41CB7C3C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {6AD87FE7-9FC9-44FB-A22C-FCAD41CB7C3C}.Debug|Any CPU.Build.0 = Debug|Any CPU + {6AD87FE7-9FC9-44FB-A22C-FCAD41CB7C3C}.Debug|x64.ActiveCfg = Debug|Any CPU + {6AD87FE7-9FC9-44FB-A22C-FCAD41CB7C3C}.Debug|x64.Build.0 = Debug|Any CPU + {6AD87FE7-9FC9-44FB-A22C-FCAD41CB7C3C}.Debug|x86.ActiveCfg = Debug|Any CPU + {6AD87FE7-9FC9-44FB-A22C-FCAD41CB7C3C}.Debug|x86.Build.0 = Debug|Any CPU + {6AD87FE7-9FC9-44FB-A22C-FCAD41CB7C3C}.Release|Any CPU.ActiveCfg = Release|Any CPU + {6AD87FE7-9FC9-44FB-A22C-FCAD41CB7C3C}.Release|Any CPU.Build.0 = Release|Any CPU + {6AD87FE7-9FC9-44FB-A22C-FCAD41CB7C3C}.Release|x64.ActiveCfg = Release|Any CPU + {6AD87FE7-9FC9-44FB-A22C-FCAD41CB7C3C}.Release|x64.Build.0 = Release|Any CPU + {6AD87FE7-9FC9-44FB-A22C-FCAD41CB7C3C}.Release|x86.ActiveCfg = Release|Any CPU + {6AD87FE7-9FC9-44FB-A22C-FCAD41CB7C3C}.Release|x86.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -449,6 +463,7 @@ Global {3B25A551-FBEC-4515-9D98-226C51A6E74F} = {9689DB3E-1ED7-478C-AC14-C734B0397619} {DC49BB25-34E5-4B07-A527-F341D2EF833B} = {9689DB3E-1ED7-478C-AC14-C734B0397619} {75FD2E4B-27C9-49D0-8869-99C934DAACCF} = {9689DB3E-1ED7-478C-AC14-C734B0397619} + {6AD87FE7-9FC9-44FB-A22C-FCAD41CB7C3C} = {9689DB3E-1ED7-478C-AC14-C734B0397619} EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {6EF7C9CF-E403-4B60-AB44-5F9FFEB668B7} diff --git a/src-native-c/THNETII.WinApi.Sample.Native/main.c b/src-native-c/THNETII.WinApi.Sample.Native/main.c index f10c4824..1ac4f9ba 100644 --- a/src-native-c/THNETII.WinApi.Sample.Native/main.c +++ b/src-native-c/THNETII.WinApi.Sample.Native/main.c @@ -1,9 +1,11 @@ #include #include +#include + int main(int argc, char* argv[]) { - OSVERSIONINFOW instance; + PAUTHZ_SECURITY_ATTRIBUTE_V1 instance; const int size = sizeof(instance); const int value = VER_PLATFORM_WIN32_NT; diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_ACCESS_REPLY.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_ACCESS_REPLY.cs new file mode 100644 index 00000000..f837ff1a --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_ACCESS_REPLY.cs @@ -0,0 +1,91 @@ +using System; +using System.Runtime.InteropServices; + +using THNETII.WinApi.Native.WinError; +using THNETII.WinApi.Native.WinNT; + +namespace THNETII.WinApi.Native.AuthZ +{ + using static WinNTConstants; + using static WinErrorConstants; + + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 118 + // + // Structure to return the results of the access check call. + // + + /// + /// The structure defines an access check reply. + /// + /// + /// Microsoft Docs page: AUTHZ_ACCESS_REPLY structure + /// + /// + [StructLayout(LayoutKind.Sequential)] + public unsafe struct AUTHZ_ACCESS_REPLY + { + // + // The length of the array representing the object type list structure. If + // no object type is used to represent the object, then the length must be + // set to 1. + // + // Note: This parameter must be filled! + // + + /// + /// The number of elements in the , , and arrays. This number matches the number of entries in the object type list structure used in the access check. If no object type is used to represent the object, then set to one. + /// + public int ResultListLength; + + #region public Span GrantedAccessMask; + // + // Array of granted access masks. This memory is allocated by the RM. Access + // check routines just fill in the values. + // + + public ACCESS_MASK* GrantedAccessMaskPtr; + /// + /// An span of granted access masks. Memory for this array is allocated by the application before calling . + /// + public Span GrantedAccessMask => + new Span(GrantedAccessMaskPtr, ResultListLength); + #endregion + + #region public Span SaclEvaluationResults; + // + // Array of SACL evaluation results. This memory is allocated by the RM, if SACL + // evaluation results are desired. Access check routines just fill in the values. + // Sacl evaluation will only be performed if auditing is requested. + // + + public AUTHZ_GENERATE_RESULT* SaclEvaluationResultsPtr; + /// + /// A span of system access control list (SACL) evaluation results. Memory for this array is allocated by the application before calling . SACL evaluation will only be performed if auditing is requested. + /// + public Span SaclEvaluationResults => + new Span(SaclEvaluationResultsPtr, ResultListLength); + #endregion + + #region public Span Error; + // + // Array of results for each element of the array. This memory is allocated + // by the RM. Access check routines just fill in the values. + // + + public int* ErrorPtr; + /// + /// A span of results for each element of the array. Memory for this array is allocated by the application before calling . + /// + /// The following table lists the possible error values. + /// + /// ValueMeaning + /// All the access bits, not including , are granted and the member is not zero. + /// DesiredAccess includes and the client does not have . + /// Includes each of the following: The requested bits are not granted.MaximumAllowed bit is on and granted access is zero.DesiredAccess is zero. + /// + /// + /// + public Span Error => new Span(ErrorPtr, ResultListLength); + #endregion + } +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_ACCESS_REQUEST.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_ACCESS_REQUEST.cs new file mode 100644 index 00000000..4f7ab56d --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_ACCESS_REQUEST.cs @@ -0,0 +1,68 @@ +using System; +using System.Runtime.InteropServices; +using THNETII.WinApi.Native.WinNT; + +namespace THNETII.WinApi.Native.AuthZ +{ + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 83 + // + // Structure defining the access check request. + // + + /// + /// The structure defines an access check request. + /// + /// + /// Microsoft Docs page: AUTHZ_ACCESS_REQUEST structure + /// + /// + [StructLayout(LayoutKind.Sequential)] + public unsafe struct AUTHZ_ACCESS_REQUEST + { + /// + /// The type of access to test for. + /// + public ACCESS_MASK DesiredAccess; + + // + // To replace the principal self sid in the acl. + // + + /// + /// The security identifier (SID) to use for the principal self SID in the access control list (ACL). + /// + public SID* PrincipalSelfSid; + + // + // Object type list represented by an array of (level, guid) pair and the + // number of elements in the array. This is a post-fix representation of the + // object tree. + // These fields should be set to NULL and 0 respectively except when per + // property access is desired. + // + + #region public Span ObjectTypeList; + public OBJECT_TYPE_LIST* pObjectTypeList; + /// + /// A span of structures in the object tree for the object. Set to an empty span unless the application checks access at the property level. + /// + public Span ObjectTypeList => + new Span(pObjectTypeList, ObjectTypeListLength); + #endregion + /// + /// The number of elements in the array. This member is necessary only if the application checks access at the property level. + /// + public int ObjectTypeListLength; + + // + // To support completely business rules based access. This will be passed as + // input to the callback access check function. Access check algorithm does + // not interpret these. + // + + /// + /// A pointer to memory to pass to when checking callback access control entries (ACEs). + /// + public IntPtr OptionalArguments; + } +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_CLIENT_CONTEXT_HANDLE.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_CLIENT_CONTEXT_HANDLE.cs new file mode 100644 index 00000000..9d4cecb7 --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_CLIENT_CONTEXT_HANDLE.cs @@ -0,0 +1,11 @@ +using System; + +using THNETII.InteropServices.Memory; + +namespace THNETII.WinApi.Native.AuthZ +{ + public struct AUTHZ_CLIENT_CONTEXT_HANDLE : IPointer + { + public IntPtr Pointer { get; } + } +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_COMPUTE_DYNAMIC_GROUPS.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_COMPUTE_DYNAMIC_GROUPS.cs new file mode 100644 index 00000000..9d750951 --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_COMPUTE_DYNAMIC_GROUPS.cs @@ -0,0 +1,65 @@ +using System; +using System.Runtime.InteropServices; + +using THNETII.WinApi.Native.WinNT; + +namespace THNETII.WinApi.Native.AuthZ +{ + // + // Callback compute dynamic groups function takes in + // AuthzClientContext - a client context + // pArgs - Optional arguments that supplied to AuthzInitializeClientContext* + // thru DynamicGroupArgs are passed back here.. + // pSidAttrArray - To allocate and return an array of (sids, attribute) + // pairs to be added to the normal part of the client context. + // pSidCount - Number of elements in pSidAttrArray + // pRestrictedSidAttrArray - To allocate and return an array of (sids, attribute) + // pairs to be added to the restricted part of the client context. + // pRestrictedSidCount - Number of elements in pRestrictedSidAttrArray + // + // Note: + // Memory returned thru both these array will be freed by the callback + // free function defined by the resource manager. + // + // Returns + // TRUE if the API succeeded. + // FALSE on any intermediate errors (like failed memory allocation) + // In case of failure, the caller must use SetLastError(ErrorValue). + // + + /// + /// Callback compute dynamic groups function + /// + /// a client context + /// + /// Optional arguments that supplied to AuthzInitializeClientContext* + /// thru DynamicGroupArgs are passed back here.. + /// + /// + /// To allocate and return an array of (sids, attribute) + /// pairs to be added to the normal part of the client context. + /// + /// Number of elements in + /// + /// To allocate and return an array of (sids, attribute) + /// pairs to be added to the restricted part of the client context. + /// + /// Number of elements in + /// + /// if the API succeeded. + /// + /// on any intermediate errors (like failed memory allocation) + /// In case of failure, the caller must use . + /// + /// + [UnmanagedFunctionPointer(CallingConvention.Winapi, SetLastError = true)] + [return: MarshalAs(UnmanagedType.Bool)] + public unsafe delegate bool AUTHZ_COMPUTE_DYNAMIC_GROUPS( + [In] AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, + [In] IntPtr Args, + out SID_AND_ATTRIBUTES* pSidAttrArray, + out int pSidCount, + out SID_AND_ATTRIBUTES* pRestrictedSidAttrArray, + out int pRestrictedSidCount + ); +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_DYNAMIC_ACCESS_CHECK.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_DYNAMIC_ACCESS_CHECK.cs new file mode 100644 index 00000000..4f84c26b --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_DYNAMIC_ACCESS_CHECK.cs @@ -0,0 +1,56 @@ +using System; +using System.Collections.Generic; +using System.Runtime.InteropServices; +using System.Text; + +namespace THNETII.WinApi.Native.AuthZ +{ + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 161 + // + // Typedefs for callback functions to be provided by the resource manager. + // + + // + // Callback access check function takes in + // AuthzClientContext - a client context + // pAce - pointer to a callback ace + // pArgs - Optional arguments that were passed to AuthzAccessCheck thru + // AuthzAccessRequest->OptionalArguments are passed back here. + // pbAceApplicable - The resource manager must supply whether the ace should + // be used in the computation of access evaluation + // + // Returns + // TRUE if the API succeeded. + // FALSE on any intermediate errors (like failed memory allocation) + // In case of failure, the caller must use SetLastError(ErrorValue). + // + + /// + /// Callback access check function + /// + /// a client context + /// pointer to a callback ace + /// + /// Optional arguments that were passed to AuthzAccessCheck thru + /// AuthzAccessRequest->OptionalArguments are passed back here. + /// + /// + /// The resource manager must supply whether the ace should + /// be used in the computation of access evaluation + /// + /// + /// if the API succeeded. + /// + /// on any intermediate errors (like failed memory allocation) + /// In case of failure, the caller must use . + /// + /// + [UnmanagedFunctionPointer(CallingConvention.Winapi, SetLastError = true)] + [return: MarshalAs(UnmanagedType.Bool)] + public unsafe delegate bool AUTHZ_DYNAMIC_ACCESS_CHECK( + [In] AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, + [In] IntPtr pAce, + [In, Optional] IntPtr pArgs, + [MarshalAs(UnmanagedType.Bool)] ref bool pbAceApplicable + ); +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_FREE_CENTRAL_ACCESS_POLICY.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_FREE_CENTRAL_ACCESS_POLICY.cs new file mode 100644 index 00000000..f63017ba --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_FREE_CENTRAL_ACCESS_POLICY.cs @@ -0,0 +1,24 @@ +using System; +using System.Runtime.InteropServices; + +namespace THNETII.WinApi.Native.AuthZ +{ + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 254 + // + // Callback central access policy free function takes in + // pCentralAccessPolicy - To be freed. This memory has been allocated by + // the central access policy retrieval callback function. + // + + /// + /// Callback central access policy free function + /// + /// + /// To be freed. This memory has been allocated by + /// the central access policy retrieval callback function. + /// + [UnmanagedFunctionPointer(CallingConvention.Winapi)] + public delegate void AUTHZ_FREE_CENTRAL_ACCESS_POLICY( + [In] IntPtr pCentralAccessPolicy + ); +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_FREE_DYNAMIC_GROUPS.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_FREE_DYNAMIC_GROUPS.cs new file mode 100644 index 00000000..1a38355c --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_FREE_DYNAMIC_GROUPS.cs @@ -0,0 +1,24 @@ +using System.Runtime.InteropServices; + +using THNETII.WinApi.Native.WinNT; + +namespace THNETII.WinApi.Native.AuthZ +{ + // + // Callback free function takes in + // pSidAttrArray - To be freed. This has been allocated by the compute + // dynamic groups function. + // + + /// + /// Callback free function + /// + /// + /// To be freed. This has been allocated by the compute + /// dynamic groups function. + /// + [UnmanagedFunctionPointer(CallingConvention.Winapi)] + public unsafe delegate void AUTHZ_FREE_DYNAMIC_GROUPS( + [In] SID_AND_ATTRIBUTES* pSidAttrArray + ); +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_GENERATE_RESULT.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_GENERATE_RESULT.cs new file mode 100644 index 00000000..83cf772c --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_GENERATE_RESULT.cs @@ -0,0 +1,14 @@ +namespace THNETII.WinApi.Native.AuthZ +{ + public enum AUTHZ_GENERATE_RESULT : int + { + /// + /// An audit message that indicates success was generated. + /// + AUTHZ_GENERATE_SUCCESS_AUDIT = AuthZConstants.AUTHZ_GENERATE_SUCCESS_AUDIT, + /// + /// An audit message that indicates failure was generated. + /// + AUTHZ_GENERATE_FAILURE_AUDIT = AuthZConstants.AUTHZ_GENERATE_FAILURE_AUDIT, + } +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_GET_CENTRAL_ACCESS_POLICY.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_GET_CENTRAL_ACCESS_POLICY.cs new file mode 100644 index 00000000..b86bec0b --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_GET_CENTRAL_ACCESS_POLICY.cs @@ -0,0 +1,58 @@ +using System; +using System.Runtime.InteropServices; +using THNETII.WinApi.Native.WinNT; + +namespace THNETII.WinApi.Native.AuthZ +{ + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 229 + // + // Callback central access policy retrieval function takes in + // AuthzClientContext - a client context + // capid - CAPID of the central access policy to retrieve. + // pArgs - Optional arguments that were passed to AuthzAccessCheck through + // AuthzAccessRequest->OptionalArguments are passed back here. + // pCentralAccessPolicyApplicable - The resource manager must indicate + // whether a central access policy should be used in access evaluation. + // ppCentralAccessPolicy - Pointer to the CAP to be used in the + // computation of access evaluation. If NULL, the default CAP is applied. + // + // Returns + // TRUE if the API succeeded. + // FALSE on any intermediate errors (like failed memory allocation) + // In case of failure, the caller must use SetLastError(ErrorValue). + // + + /// + /// Callback central access policy retrieval function + /// + /// a client context + /// CAPID of the central access policy to retrieve. + /// + /// Optional arguments that were passed to AuthzAccessCheck through + /// AuthzAccessRequest->OptionalArguments are passed back here. + /// + /// + /// The resource manager must indicate + /// whether a central access policy should be used in access evaluation. + /// + /// + /// Pointer to the CAP to be used in the + /// computation of access evaluation. If NULL, the default CAP is applied. + /// + /// + /// if the API succeeded. + /// + /// on any intermediate errors (like failed memory allocation) + /// In case of failure, the caller must use . + /// + /// + [UnmanagedFunctionPointer(CallingConvention.Winapi, SetLastError = true)] + [return: MarshalAs(UnmanagedType.Bool)] + public unsafe delegate bool AUTHZ_GET_CENTRAL_ACCESS_POLICY( + [In] AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, + in SID capid, + [In] IntPtr pArgs, + [MarshalAs(UnmanagedType.Bool)] out bool pCentralAccessPolicyApplicable, + out IntPtr ppCentralAccessPolicy + ); +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTES_INFORMATION.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTES_INFORMATION.cs new file mode 100644 index 00000000..39fd0960 --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTES_INFORMATION.cs @@ -0,0 +1,50 @@ +using System.ComponentModel; +using System.Runtime.CompilerServices; +using System.Runtime.InteropServices; + +namespace THNETII.WinApi.Native.AuthZ +{ + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 496 + // + // Set of security attributes. + // + + /// + /// The structure specifies one or more security attributes. + /// + /// + /// Microsoft Docs page: AUTHZ_SECURITY_ATTRIBUTES_INFORMATION structure + /// + [StructLayout(LayoutKind.Sequential)] + public unsafe struct AUTHZ_SECURITY_ATTRIBUTES_INFORMATION + { + // + // Versioning. The interpretation of the pointers in the + // Attribute field below is dependent on the version field. + // + // Get operations return the version while the set operation + // MUST specify the version of the data structure passed in. + // + + // + // MUST BE first. + // + + public ushort Version; + + // + // Pass 0 in set operations and ignore on get operations. + // + + [EditorBrowsable(EditorBrowsableState.Never)] + public ushort Reserved; + + public int AttributeCount; + + #region public AUTHZ_SECURITY_ATTRIBUTE_V1 Attribute; + internal AUTHZ_SECURITY_ATTRIBUTE_V1* pAttributeV1; + public ref AUTHZ_SECURITY_ATTRIBUTE_V1 Attribute => + ref Unsafe.AsRef(pAttributeV1); + #endregion + } +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_FLAGS.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_FLAGS.cs new file mode 100644 index 00000000..43687ba9 --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_FLAGS.cs @@ -0,0 +1,26 @@ +using System; + +namespace THNETII.WinApi.Native.AuthZ +{ + using static AUTHZ_SECURITY_ATTRIBUTE_TYPE; + + [Flags] + public enum AUTHZ_SECURITY_ATTRIBUTE_FLAGS + { + /// + /// Attribute must not be inherited across process spawns. + /// + AUTHZ_SECURITY_ATTRIBUTE_NON_INHERITABLE = AuthZConstants.AUTHZ_SECURITY_ATTRIBUTE_NON_INHERITABLE, + + + /// + /// Attribute value is compared in a case sensitive way. It is valid with string value + /// or composite type containing string value. For other types of value, this flag + /// will be ignored. Currently, it is valid with the two types: + /// and . + /// + AUTHZ_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE = AuthZConstants.AUTHZ_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE, + + AUTHZ_SECURITY_ATTRIBUTE_VALID_FLAGS = AuthZConstants.AUTHZ_SECURITY_ATTRIBUTE_VALID_FLAGS, + } +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE.cs new file mode 100644 index 00000000..5718c0c9 --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE.cs @@ -0,0 +1,31 @@ +using System.Runtime.InteropServices; + +namespace THNETII.WinApi.Native.AuthZ +{ + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 292 + // + // Fully-qualified binary name. + // + + /// + /// The structure specifies a fully qualified binary name value associated with a security attribute. + /// + /// + /// Microsoft Docs page: AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE structure + /// + /// + /// + /// + [StructLayout(LayoutKind.Sequential)] + public unsafe struct AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE + { + /// + /// The version number of the structure. + /// + public ulong Version; + /// + /// A pointer to a string that specify the names of the publisher, the product, and the original binary file of the value. + /// + public LPWSTR pName; + } +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE.cs new file mode 100644 index 00000000..3ace2093 --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE.cs @@ -0,0 +1,41 @@ +using System; +using System.Runtime.InteropServices; + +namespace THNETII.WinApi.Native.AuthZ +{ + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 309 + // + // This is the 'catch all' type. The attribute manipulation + // code really doesn't care about the actual format of the + // value. Value subtypes are defined only for this type. + // Value subtypes permit easy addition of new subtypes + // without having to change the attribute manipulation + // (and WOW64 thunking!) code. + // + + /// + /// The structure specifies an octet string value for a security attribute. + /// + /// + /// Microsoft Docs page: AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE structure + /// + /// + /// + /// + [StructLayout(LayoutKind.Sequential)] + public unsafe struct AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE + { + /// + /// A pointer to the value. + /// + public byte* pValue; // Pointer is BYTE aligned. + /// + /// The length, in bytes, of the member. + /// + public int ValueLength; // In bytes + /// + /// A span of bytes over the value. + /// + public Span Value => new Span(pValue, ValueLength); + } +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_OPERATION.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_OPERATION.cs new file mode 100644 index 00000000..fb23611b --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_OPERATION.cs @@ -0,0 +1,87 @@ +namespace THNETII.WinApi.Native.AuthZ +{ + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 309 + // + // Attribute operations that can be specified for a 'set' API: + // + + /// + /// The enumeration indicates the type of modification to be made to security attributes by a call to the function. + /// + /// + /// Microsoft Docs page: AUTHZ_SECURITY_ATTRIBUTE_OPERATION Enumeration + /// + /// + public enum AUTHZ_SECURITY_ATTRIBUTE_OPERATION + { + // + // No-op + // + + /// + /// Do not perform any modification. + /// + AUTHZ_SECURITY_ATTRIBUTE_OPERATION_NONE = 0, + + // + // Delete all existing security attributes and their values in + // the NT token and replace it with the specified attributes/values. + // If attributes to replace with are not specified, all existing + // attributes and values are deleted. + // + // This operation can be specified at most once and must be the + // only operation specified. + // + + /// + /// + /// Delete all existing security attributes and their values in the token and replace them with the specified attributes and values.
+ /// If no new attributes are specified, all existing attributes and values are deleted. + /// + /// This operation must be the only operation specified and can be specified only once in a single call to . If the operation is not specified as the first in the list of operations, the call to fails. If the operation is specified as the first in the array of operations performed, the rest of the operations are ignored. + /// + AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE_ALL, + + // + // Add a new attribute or a new value to an existing attribute. + // If the value specified for any attribute already exists for + // that attribute, the call fails. + // + + /// + /// Add a new attribute or a new value to an existing attribute.
+ /// If the value specified for any attribute already exists for that attribute, the call to fails. + /// + AUTHZ_SECURITY_ATTRIBUTE_OPERATION_ADD, + + // + // Delete the specified value(s) of the specified attribute(s). + // If the last value is deleted from an attribute, the attribute + // itself is removed. If no matching attribute name was found, no + // modifications are done and the call fails. If no value is specified + // for the attribute, the attribute itself will be deleted. + // + + /// + /// Delete the specified values of the specified attributes. If an attribute is specified without a value, that attribute is deleted.
+ /// If this operation results in an attribute that does not contain any values, that attribute is deleted. + /// If a value is specified that does not match an existing attribute, no modifications are performed and the call to fails. + /// + AUTHZ_SECURITY_ATTRIBUTE_OPERATION_DELETE, + + // + // The value(s) of the specified security attribute(s) completely + // replace(s) the existing value(s) of the attribute(s). If the + // attribute does not already exist, it is added. When no value + // is specified, the attribute is deleted, if it exists; otherwise, + // the operation is simply ignored and no failure is reported. + // + + /// + /// The existing values of the specified security attributes are replaced by the specified new values.
+ /// If any of the specified attributes does not already exist, they are added. + /// When no value is specified for an attribute, that attribute is deleted. Otherwise, the operation is simply ignored and no failure is reported. + /// + AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE + } +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_TYPE.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_TYPE.cs new file mode 100644 index 00000000..3297cb80 --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_TYPE.cs @@ -0,0 +1,15 @@ +namespace THNETII.WinApi.Native.AuthZ +{ + public enum AUTHZ_SECURITY_ATTRIBUTE_TYPE + { + AUTHZ_SECURITY_ATTRIBUTE_TYPE_INVALID = AuthZConstants.AUTHZ_SECURITY_ATTRIBUTE_TYPE_INVALID, + + AUTHZ_SECURITY_ATTRIBUTE_TYPE_INT64 = AuthZConstants.AUTHZ_SECURITY_ATTRIBUTE_TYPE_INT64, + AUTHZ_SECURITY_ATTRIBUTE_TYPE_UINT64 = AuthZConstants.AUTHZ_SECURITY_ATTRIBUTE_TYPE_UINT64, + AUTHZ_SECURITY_ATTRIBUTE_TYPE_STRING = AuthZConstants.AUTHZ_SECURITY_ATTRIBUTE_TYPE_STRING, + AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN = AuthZConstants.AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN, + AUTHZ_SECURITY_ATTRIBUTE_TYPE_SID = AuthZConstants.AUTHZ_SECURITY_ATTRIBUTE_TYPE_SID, + AUTHZ_SECURITY_ATTRIBUTE_TYPE_BOOLEAN = AuthZConstants.AUTHZ_SECURITY_ATTRIBUTE_TYPE_BOOLEAN, + AUTHZ_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING = AuthZConstants.AUTHZ_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING, + } +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_V1.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_V1.cs new file mode 100644 index 00000000..3ab0db95 --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SECURITY_ATTRIBUTE_V1.cs @@ -0,0 +1,131 @@ +using System; +using System.ComponentModel; +using System.Runtime.InteropServices; + +namespace THNETII.WinApi.Native.AuthZ +{ + using static AUTHZ_SECURITY_ATTRIBUTE_FLAGS; + + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 429 + // + // An individual security attribute. + // + + /// + /// The structure defines a security attribute that can be associated with an authorization context. + /// + /// + /// Microsoft Docs page: AUTHZ_SECURITY_ATTRIBUTE_V1 structure + /// + /// + /// + [StructLayout(LayoutKind.Sequential)] + public unsafe struct AUTHZ_SECURITY_ATTRIBUTE_V1 + { + // + // Name of the attribute. + // Case insensitive Windows Unicode string. + // + + /// + /// A pointer to a name of a security attribute. + /// + public LPWSTR pName; + + #region public AUTHZ_SECURITY_ATTRIBUTE_TYPE ValueType; + // + // Data type of attribute. + // + + internal ushort ValueTypeField; + /// + /// The data type of the values pointed to by the member. + /// + public AUTHZ_SECURITY_ATTRIBUTE_TYPE ValueType + { + get => (AUTHZ_SECURITY_ATTRIBUTE_TYPE)ValueTypeField; + set => ValueTypeField = (ushort)value; + } + #endregion + + #region public ushort Reserved; + // + // Pass 0 in a set operation and check for 0 in + // a get operation. + // + + /// + /// Reserved for future use. + /// + [EditorBrowsable(EditorBrowsableState.Never)] + public ushort Reserved; + #endregion + + #region public AUTHZ_SECURITY_ATTRIBUTE_FLAGS Flags; + // + // Attribute must not be inherited across process spawns. + // + + internal int FlagsField; + /// + /// A combination of one or more of the following values. + /// + /// ValueMeaning + ///
0x0001This security attribute is not inherited across processes. + ///
0x0002The value of the attribute is case sensitive. This flag is valid for values that contain string types. + /// + /// + public AUTHZ_SECURITY_ATTRIBUTE_FLAGS Flags + { + get => (AUTHZ_SECURITY_ATTRIBUTE_FLAGS)FlagsField; + set => FlagsField = (int)value; + } + #endregion + + #region public int ValueCount; + // + // Number of values. + // + + /// + /// The number of values specified in the member. + /// + public int ValueCount; + #endregion + + // + // The actual value itself. + // + /// + /// A pointer to the actual value itself. + /// + public void* pValues; + + /// + /// One or more numeric attribute values. + /// + public Span ValuesInt64 => new Span(pValues, ValueCount); + + /// + /// One or more numeric attribute values. + /// + public Span ValuesUInt64 => new Span(pValues, ValueCount); + + /// + /// One or more string attribute values. + /// + public Span ValuesString => new Span(pValues, ValueCount); + + /// + /// One or more structures. + /// + public Span ValuesFqbn => + new Span(pValues, ValueCount); + + /// + /// One or more structures. + /// + public Span ValuesOctetString => + new Span(pValues, ValueCount); + } +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SID_OPERATION.cs b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SID_OPERATION.cs new file mode 100644 index 00000000..57c9c78d --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AUTHZ_SID_OPERATION.cs @@ -0,0 +1,71 @@ +namespace THNETII.WinApi.Native.AuthZ +{ + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 381 + // + // SID operations that can be specified for a 'set' API: + // + + /// + /// The enumeration indicates the type of SID operations that can be made by a call to the function. + /// + /// + /// Microsoft Docs page: AUTHZ_SID_OPERATION Enumeration + /// + public enum AUTHZ_SID_OPERATION + { + // + // No-op + // + + /// + /// Do not modify anything. + /// + AUTHZ_SID_OPERATION_NONE = 0, + + // + // Delete all existing SIDs in the NT token and replace them with + // the specified SIDs. + // If the SIDs to replace with are not specified, all existing + // SIDs are deleted. + // + // This operation can be specified at most once and must be the + // only operation specified. + // + + /// + /// Deletes all existing SIDs and replaces them with the specified SIDs. If the replacement SIDs are not specified, all existing SIDs are deleted. This operation can be specified only once and must be the only operation specified. + /// + AUTHZ_SID_OPERATION_REPLACE_ALL, + + // + // Add a new SID. + // If the SID specified already exists, the call fails. + // + + /// + /// Adds a new SID. If the SID already exists, the call fails. + /// + AUTHZ_SID_OPERATION_ADD, + + // + // Delete the specified SID(s). + // If no matching SID was found, no modifications are done and + // the call fails. + // + + /// + /// Deletes the specified SID. If no matching SID is found, no modifications are done and the call fails. + /// + AUTHZ_SID_OPERATION_DELETE, + + // + // The specified SID(s) completely replace(s) the existing SID(s). + // If the SID does not already exist, it is added. + // + + /// + /// Replaces the existing SID with the specified SID. If the SID does not already exist, then adds the SID. + /// + AUTHZ_SID_OPERATION_REPLACE + } +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/AuthZConstants.cs b/src/THNETII.WinApi.Headers.AuthZ/AuthZConstants.cs new file mode 100644 index 00000000..6d4850d7 --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/AuthZConstants.cs @@ -0,0 +1,76 @@ +namespace THNETII.WinApi.Native.AuthZ +{ + public static class AuthZConstants + { + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 53 + // + // Flags which may be used at the time of client context creation using a sid. + // + + public const int AUTHZ_SKIP_TOKEN_GROUPS = 0x2; + public const int AUTHZ_REQUIRE_S4U_LOGON = 0x4; + public const int AUTHZ_COMPUTE_PRIVILEGES = 0x8; + + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 147 + public const int AUTHZ_GENERATE_SUCCESS_AUDIT = 0x1; + public const int AUTHZ_GENERATE_FAILURE_AUDIT = 0x2; + + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 275 + // + // Security attribute data types ... + // + + public const int AUTHZ_SECURITY_ATTRIBUTE_TYPE_INVALID = 0x00; + + public const int AUTHZ_SECURITY_ATTRIBUTE_TYPE_INT64 = 0x01; + public const int AUTHZ_SECURITY_ATTRIBUTE_TYPE_UINT64 = 0x02; + + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 281 + // + // Case insensitive attribute value string by default. + // Unless the flag AUTHZ_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE + // is set indicating otherwise. + // + + public const int AUTHZ_SECURITY_ATTRIBUTE_TYPE_STRING = 0x03; + + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 301 + public const int AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN = 0x04; + + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 304 + public const int AUTHZ_SECURITY_ATTRIBUTE_TYPE_SID = 0x05; + + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 306 + public const int AUTHZ_SECURITY_ATTRIBUTE_TYPE_BOOLEAN = 0x06; + + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 324 + public const int AUTHZ_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING = 0x10; + + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 455 + // + // Attribute must not be inherited across process spawns. + // + + public const int AUTHZ_SECURITY_ATTRIBUTE_NON_INHERITABLE = 0x0001; + + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 462 + // + // Attribute value is compared in a case sensitive way. It is valid with string value + // or composite type containing string value. For other types of value, this flag + // will be ignored. Currently, it is valid with the two types: + // AUTHZ_SECURITY_ATTRIBUTE_TYPE_STRING and AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN. + // + public const int AUTHZ_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE = 0x0002; + + public const int AUTHZ_SECURITY_ATTRIBUTE_VALID_FLAGS = ( + AUTHZ_SECURITY_ATTRIBUTE_NON_INHERITABLE | + AUTHZ_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE + ); + + // C:\Program Files (x86)\Windows Kits\10\Include\10.0.17134.0\um\AuthZ.h, line 510 + public const ushort AUTHZ_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1 = 1; + + public const ushort AUTHZ_SECURITY_ATTRIBUTES_INFORMATION_VERSION = + AUTHZ_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1; + } +} diff --git a/src/THNETII.WinApi.Headers.AuthZ/GlobalSuppressions.cs b/src/THNETII.WinApi.Headers.AuthZ/GlobalSuppressions.cs new file mode 100644 index 00000000..c9b05378 --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/GlobalSuppressions.cs @@ -0,0 +1,11 @@ +// This file is used by Code Analysis to maintain SuppressMessage +// attributes that are applied to this project. +// Project-level suppressions either have no target or are given +// a specific target and scoped to a namespace, type, member, etc. + +using System.Diagnostics.CodeAnalysis; + +[assembly: SuppressMessage("Naming", "CA1707: Identifiers should not contain underscores")] +[assembly: SuppressMessage("Naming", "CA1712: Do not prefix enum values with type name")] +[assembly: SuppressMessage("Design", "CA1051: Do not declare visible instance fields")] +[assembly: SuppressMessage("Performance", "CA1815: Override equals and operator equals on value types")] diff --git a/src/THNETII.WinApi.Headers.AuthZ/THNETII.WinApi.Headers.AuthZ.csproj b/src/THNETII.WinApi.Headers.AuthZ/THNETII.WinApi.Headers.AuthZ.csproj new file mode 100644 index 00000000..dbc2c84e --- /dev/null +++ b/src/THNETII.WinApi.Headers.AuthZ/THNETII.WinApi.Headers.AuthZ.csproj @@ -0,0 +1,30 @@ + + + + + 7.3 + netstandard1.6;netstandard2.0 + true + CS1591 + true + THNETII.WinApi.Native.AuthZ + + + + + All + + + All + + + + + + + + + + + +