SecPkgInfoA structure

The SecPkgInfo structure provides general information about a security package, such as its name and capabilities.

Syntax

typedef struct _SecPkgInfoA {
  unsigned long  fCapabilities;
  unsigned short wVersion;
  unsigned short wRPCID;
  unsigned long  cbMaxToken;
  SEC_CHAR       *Name;
  SEC_CHAR       *Comment;
} SecPkgInfoA, *PSecPkgInfoA;

Members

fCapabilities

Set of bit flags that describes the capabilities of the security package. This member can be a combination of the following flags.

Value Meaning
SECPKG_FLAG_INTEGRITY
0x1
The security package supports the MakeSignature and VerifySignature functions.
SECPKG_FLAG_PRIVACY
0x2
The security package supports the EncryptMessage (General) and DecryptMessage (General) functions.
SECPKG_FLAG_TOKEN_ONLY
0x4
The package is interested only in the security-token portion of messages, and will ignore any other buffers. This is a performance-related issue.
SECPKG_FLAG_DATAGRAM
0x8
Supports datagram-style authentication. For more information, see SSPI Context Semantics.
Important  The Microsoft Kerberos package does not support datagram contexts in user-to-user mode.
 
SECPKG_FLAG_CONNECTION
0x10
Supports connection-oriented style authentication. For more information, see SSPI Context Semantics.
SECPKG_FLAG_MULTI_REQUIRED
0x20
Multiple legs are required for authentication.
SECPKG_FLAG_CLIENT_ONLY
0x40
Server authentication support is not provided.
SECPKG_FLAG_EXTENDED_ERROR
0x80
Supports extended error handling. For more information, see Extended Error Information.
SECPKG_FLAG_IMPERSONATION
0x100
Supports Windows impersonation in server contexts.
SECPKG_FLAG_ACCEPT_WIN32_NAME
0x200
Understands Windows principal and target names.
SECPKG_FLAG_STREAM
0x400
Supports stream semantics. For more information, see SSPI Context Semantics.
SECPKG_FLAG_NEGOTIABLE
0X800
Can be used by the Microsoft Negotiate security package.
SECPKG_FLAG_GSS_COMPATIBLE
0x1000
Supports GSS compatibility.
SECPKG_FLAG_LOGON
0x2000
Supports LsaLogonUser.
SECPKG_FLAG_ASCII_BUFFERS
0x4000
Token buffers are in ASCII characters format.
SECPKG_FLAG_FRAGMENT
0x8000
Supports separating large tokens into smaller buffers so that applications can make repeated calls to InitializeSecurityContext (General) and AcceptSecurityContext (General) with the smaller buffers to complete authentication.
SECPKG_FLAG_MUTUAL_AUTH
0x10000
Supports mutual authentication.
SECPKG_FLAG_DELEGATION
0x20000
Supports delegation.
SECPKG_FLAG_READONLY_WITH_CHECKSUM
0x40000
The security package supports using a checksum instead of in-place encryption when calling the EncryptMessage function.
SECPKG_FLAG_RESTRICTED_TOKENS
0x80000
Supports callers with restricted tokens.
SECPKG_FLAG_NEGO_EXTENDER
0x00100000
The security package extends the Microsoft Negotiate security package. There can be at most one package of this type.
SECPKG_FLAG_NEGOTIABLE2
0x00200000
This package is negotiated by the package of type SECPKG_FLAG_NEGO_EXTENDER.
SECPKG_FLAG_APPCONTAINER_PASSTHROUGH
0x00400000
This package receives all calls from app container apps.
SECPKG_FLAG_APPCONTAINER_CHECKS
0x00800000
This package receives calls from app container apps if one of the following checks succeeds.
  • Caller has default credentials capability.
  • The target is a proxy server.
  • The caller has supplied credentials.
SECPKG_CALLFLAGS_APPCONTAINER
0x00000001
The caller is an app container.
SECPKG_CALLFLAGS_AUTHCAPABLE
0x00000002
The caller can use default credentials.
SECPKG_CALLFLAGS_FORCE_SUPPLIED
0x00000004
The caller can only use supplied credentials.

wVersion

Specifies the version of the package protocol. Must be 1.

wRPCID

Specifies a DCE RPC identifier, if appropriate. If the package does not implement one of the DCE registered security systems, the reserved value SECPKG_ID_NONE is used.

cbMaxToken

Specifies the maximum size, in bytes, of the token.

Name

Pointer to a null-terminated string that contains the name of the security package.

Comment

Pointer to a null-terminated string. This can be any additional string passed back by the package.

Remarks

Note

The sspi.h header defines SecPkgInfo as an alias which automatically selects the ANSI or Unicode version of this function based on the definition of the UNICODE preprocessor constant. Mixing usage of the encoding-neutral alias with code that not encoding-neutral can lead to mismatches that result in compilation or runtime errors. For more information, see Conventions for Function Prototypes.

Requirements

   
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Header sspi.h (include Security.h)

See also

EnumerateSecurityPackages

QuerySecurityPackageInfo