QueryContextAttributes (Kerberos) function
The QueryContextAttributes (Kerberos) function enables a transport application to query the Kerberos security package for certain attributes of a security context.
Syntax
SECURITY_STATUS SEC_ENTRY QueryContextAttributes(
_In_ PCtxtHandle phContext,
_In_ ULONG ulAttribute,
_Out_ PVOID pBuffer
);
Parameters
-
phContext [in]
-
A handle to the security context to be queried.
-
ulAttribute [in]
-
Specifies the attribute of the context to be returned. This parameter can be one of the following values.
Value Meaning - SECPKG_ATTR_ACCESS_TOKEN
- 18
The pBuffer parameter contains a pointer to a SecPkgContext_AccessToken structure.
Returns a handle to the access token.- SECPKG_ATTR_AUTHORITY
- 6
The pBuffer parameter contains a pointer to a SecPkgContext_Authority structure.
Queries the name of the authenticating authority.- SECPKG_ATTR_CLIENT_SPECIFIED_TARGET
- 27
The pBuffer parameter contains a pointer to a SecPkgContext_ClientSpecifiedTarget structure that represents the service principal name (SPN) of the initial target supplied by the client.
This value is supported only when using channel bindings.
Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.- SECPKG_ATTR_CREDS_2
- 0x80000086
The pBuffer parameter contains a pointer to a SecPkgContext_ClientCreds structure that specifies client credentials.
If the client credential is user name and password, the buffer is a packed KERB_INTERACTIVE_LOGON structure.
If the client credential is user name and smart card PIN, the buffer is a packed KERB_CERTIFICATE_LOGON structure.
If the client credential is an online identity credential, the buffer is a marshaled SEC_WINNT_AUTH_IDENTITY_EX2 structure.
This attribute is supported only on the CredSSP server.
Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.- SECPKG_ATTR_DCE_INFO
- 3
The pBuffer parameter contains a pointer to a SecPkgContext_DceInfo structure.
Queries for authorization data used by DCE services.- SECPKG_ATTR_FLAGS
- 14
The pBuffer parameter contains a pointer to a SecPkgContext_Flags structure.
Returns information about the negotiated context flags.- SECPKG_ATTR_KEY_INFO
- 5
The pBuffer parameter contains a pointer to a SecPkgContext_KeyInfo structure.
Queries information about the keys used in a security context.- SECPKG_ATTR_LAST_CLIENT_TOKEN_STATUS
- 30
The pBuffer parameter contains a pointer to a SecPkgContext_LastClientTokenStatus structure that specifies whether the token from the most recent call to the InitializeSecurityContext function is the last token from the client.
Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.- SECPKG_ATTR_LIFESPAN
- 2
The pBuffer parameter contains a pointer to a SecPkgContext_Lifespan structure.
Queries the life span of the context.- SECPKG_ATTR_LOCAL_CRED
The pBuffer parameter contains a pointer to a SecPkgContext_LocalCredentialInfo structure. (obsolete)
Superseded by SECPKG_ATTR_LOCAL_CERT_CONTEXT.- SECPKG_ATTR_NAMES
- 1
The pBuffer parameter contains a pointer to a SecPkgContext_Names structure.
Queries the name associated with the context.- SECPKG_ATTR_NATIVE_NAMES
- 13
The pBuffer parameter contains a pointer to a SecPkgContext_NativeNames structure.
Returns the principal name (CNAME) from the outbound ticket.- SECPKG_ATTR_NEGOTIATION_INFO
- 12
The pBuffer parameter contains a pointer to a SecPkgContext_NegotiationInfo structure.
Returns information about the security package to be used with the negotiation process and the current state of the negotiation for the use of that package.- SECPKG_ATTR_PACKAGE_INFO
- 10
The pBuffer parameter contains a pointer to a SecPkgContext_PackageInfo structure.
Returns information on the SSP in use.- SECPKG_ATTR_PASSWORD_EXPIRY
- 8
The pBuffer parameter contains a pointer to a SecPkgContext_PasswordExpiry structure.
Returns password expiration information.- SECPKG_ATTR_ROOT_STORE
- 0x55
The pBuffer parameter contains a pointer to a HCERTCONTEXT. Finds a certificate context that contains a certificate supplied by the Root store. - SECPKG_ATTR_SESSION_KEY
- 9
The pBuffer parameter contains a pointer to a SecPkgContext_SessionKey structure.
Returns information about the session keys.- SECPKG_ATTR_SIZES
- 0
The pBuffer parameter contains a pointer to a SecPkgContext_Sizes structure.
Queries the sizes of the structures used in the per-message functions.- SECPKG_ATTR_TARGET_INFORMATION
- 17
The pBuffer parameter contains a pointer to a SecPkgContext_TargetInformation structure.
Returns information about the name of the remote server. -
pBuffer [out]
-
A pointer to a structure that receives the attributes. The type of structure pointed to depends on the value specified in the ulAttribute parameter.
Return value
If the function succeeds, the return value is SEC_E_OK.
If the function fails, the return value is a nonzero error code.
Remarks
The structure pointed to by the pBuffer parameter varies depending on the attribute being queried. The caller must allocate the pBuffer structure itself, but the SSP allocates any memory required to hold variable sized members of the pBuffer structure. Memory allocated by the SSP can be freed by calling the FreeContextBuffer function.
After the SECPKG_ATTR_REMOTE_CERT_CONTEXT or SECPKG_ATTR_LOCAL_CERT_CONTEXT value has been read, the hCertStore member will be set to a handle to a certificate store that contains the intermediate certificates, if any. Also, the application is responsible for calling CertFreeCertificateContext to release the memory used by the certificate context.
Requirements
Requirement | Value |
---|---|
Minimum supported client |
Windows XP [desktop apps only] |
Minimum supported server |
Windows Server 2003 [desktop apps only] |
Header |
|
Library |
|
DLL |
|
Unicode and ANSI names |
QueryContextAttributesW (Unicode) and QueryContextAttributesA (ANSI) |
See also