QueryContextAttributes (Schannel) function

  • Article

The QueryContextAttributes (Schannel) function enables a transport application to query the Schannel security package for certain attributes of a security context.

Syntax

SECURITY_STATUS SEC_ENTRY QueryContextAttributes(
  _In_  PCtxtHandle phContext,
  _In_  ULONG       ulAttribute,
  _Out_ PVOID       pBuffer
);

Parameters

phContext [in]

A handle to the security context to be queried.

ulAttribute [in]

Specifies the attribute of the context to be returned. This parameter can be one of the following values.

Value Meaning
SECPKG_ATTR_ACCESS_TOKEN
13
 The pBuffer parameter contains a pointer to a SecPkgContext_AccessToken structure.
Returns a handle to the access token.
SECPKG_ATTR_APP_DATA
0x5e
 The pBuffer parameter contains a pointer to a SecPkgContext_SessionAppData structure.
Returns or specifies application data for the session.
This attribute is supported only by the Schannel security package.
SECPKG_ATTR_AUTHORITY
6
 The pBuffer parameter contains a pointer to a SecPkgContext_Authority structure.
Queries the name of the authenticating authority.
SECPKG_ATTR_CIPHER_INFO
0x64
 The pBuffer parameter contains a pointer to a SecPkgContext_CipherInfo structure.
Returns a new CNG cipher info structure.
SECPKG_ATTR_CONNECTION_INFO
0x5a
 The pBuffer parameter contains a pointer to a SecPkgContext_ConnectionInfo structure.
Returns detailed information on the established connection.
SECPKG_ATTR_KEYING_MATERIAL
0x6b
 The pBuffer parameter contains a pointer to a SecPkgContext_KeyingMaterial structure. The keying material export feature follows the RFC 5705 standard.
Querying this attribute before the master secret has been generated or before the SECPKG_ATTR_KEYING_MATERIAL_INFO attribute has been set with result in an error.
This attribute is supported only by the Schannel security package in Windows 10 and Windows Server 2016 or later versions.
SECPKG_ATTR_CREDS_2
0x80000086
 The pBuffer parameter contains a pointer to a SecPkgContext_ClientCreds structure that specifies client credentials.
If the client credential is user name and password, the buffer is a packed KERB_INTERACTIVE_LOGON structure.
If the client credential is user name and smart card PIN, the buffer is a packed KERB_CERTIFICATE_LOGON structure.
If the client credential is an online identity credential, the buffer is a marshaled SEC_WINNT_AUTH_IDENTITY_EX2 structure.
This attribute is supported only on the CredSSP server.
Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.
SECPKG_ATTR_DCE_INFO
3
 The pBuffer parameter contains a pointer to a SecPkgContext_DceInfo structure.
Queries for authorization data used by DCE services.
SECPKG_ATTR_EAP_KEY_BLOCK
0x5b
 The pBuffer parameter contains a pointer to a SecPkgContext_EapKeyBlock structure.
Queries for key data used by the EAP TLS protocol.
This attribute is supported only by the Schannel security package.
SECPKG_ATTR_ENDPOINT_BINDINGS
26
 The pBuffer parameter contains a pointer to a SecPkgContext_Bindings structure that contains the Channel Bindings for TLS (RFC 5929).
Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.
SECPKG_ATTR_FLAGS
14
 The pBuffer parameter contains a pointer to a SecPkgContext_Flags structure.
Returns information about the negotiated context flags.
SECPKG_ATTR_ISSUER_LIST_EX
0x59
 The pBuffer parameter contains a pointer to a SecPkgContext_IssuerListInfoEx structure.
Returns a list of certificate issuers that are accepted by the server.
This attribute is supported only by the Schannel security package.
SECPKG_ATTR_KEY_INFO
5
 The pBuffer parameter contains a pointer to a SecPkgContext_KeyInfo structure.
Queries information about the keys used in a security context.
SECPKG_ATTR_LIFESPAN
2
 The pBuffer parameter contains a pointer to a SecPkgContext_Lifespan structure.
Queries the life span of the context.
SECPKG_ATTR_LOCAL_CERT_CONTEXT
0x54
 The pBuffer parameter contains a pointer to a PCCERT_CONTEXTstructure.
Finds a certificate context that contains a local end certificate.
This attribute is supported only by the Schannel security package.
SECPKG_ATTR_LOCAL_CRED
 The pBuffer parameter contains a pointer to a SecPkgContext_LocalCredentialInfo structure. (obsolete)
Superseded by SECPKG_ATTR_LOCAL_CERT_CONTEXT.
SECPKG_ATTR_NAMES
1
 The pBuffer parameter contains a pointer to a SecPkgContext_Names structure.
Queries the name associated with the context.
SECPKG_ATTR_NATIVE_NAMES
13
 The pBuffer parameter contains a pointer to a SecPkgContext_NativeNames structure.
Returns the principal name (CNAME) from the outbound ticket.
SECPKG_ATTR_NEGOTIATION_INFO
12
 The pBuffer parameter contains a pointer to a SecPkgContext_NegotiationInfo structure.
Returns information about the security package to be used with the negotiation process and the current state of the negotiation for the use of that package.
SECPKG_ATTR_PACKAGE_INFO
10
 The pBuffer parameter contains a pointer to a SecPkgContext_PackageInfo structure.
Returns information on the SSP in use.
SECPKG_ATTR_PASSWORD_EXPIRY
8
 The pBuffer parameter contains a pointer to a SecPkgContext_PasswordExpiry structure.
Returns password expiration information.
SECPKG_ATTR_REMOTE_CERT_CONTEXT
0x53
 The pBuffer parameter contains a pointer to a PCCERT_CONTEXTstructure.
Finds a certificate context that contains the end certificate supplied by the server.
This attribute is supported only by the Schannel security package.
SECPKG_ATTR_ROOT_STORE
0x55
 The pBuffer parameter contains a pointer to a HCERTCONTEXT. Finds a certificate context that contains a certificate supplied by the Root store.
SECPKG_ATTR_SESSION_INFO
0x5d
 The pBuffer parameter contains a pointer to a SecPkgContext_SessionInfo structure.
Returns information about the session.
Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.
SECPKG_ATTR_SESSION_KEY
9
 The pBuffer parameter contains a pointer to a SecPkgContext_SessionKey structure.
Returns information about the session keys.
SECPKG_ATTR_SIZES
0
 The pBuffer parameter contains a pointer to a SecPkgContext_Sizes structure.
Queries the sizes of the structures used in the per-message functions.
SECPKG_ATTR_STREAM_SIZES
4
 The pBuffer parameter contains a pointer to a SecPkgContext_StreamSizes structure.
Queries the sizes of the various parts of a stream used in the per-message functions.
SECPKG_ATTR_SUPPORTED_SIGNATURES
0x66
 The pBuffer parameter contains a pointer to a SecPkgContext_SupportedSignatures structure.
This value returns information about the signature types that are supported for the connection.
Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.
SECPKG_ATTR_TARGET_INFORMATION
17
 The pBuffer parameter contains a pointer to a SecPkgContext_TargetInformation structure.
Returns information about the name of the remote server.
SECPKG_ATTR_UNIQUE_BINDINGS
25
 The pBuffer parameter contains a pointer to a SecPkgContext_Bindings structure that contains channel binding information.
Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.
SECPKG_ATTR_APPLICATION_PROTOCOL
35
 The pBuffer parameter contains a negotiated application protocol.
SECPKG_ATTR_DTLS_MTU
34
 Sets and retrieves the MTU (maximum transmission unit) value for use with DTLS. If DTLS is not enabled in a security context, this attribute is not supported.
Valid values are between 200 bytes and 64 kilobytes. The default DTLS MTU value in Schannel is 1096 bytes.

 

pBuffer [out]

A pointer to a structure that receives the attributes. The type of structure pointed to depends on the value specified in the ulAttribute parameter.

Return value

If the function succeeds, the return value is SEC_E_OK.

If the function fails, the return value is a nonzero error code.

Remarks

The structure pointed to by the pBuffer parameter varies depending on the attribute being queried. The caller must allocate the pBuffer structure itself, but the SSP allocates any memory required to hold variable sized members of the pBuffer structure. When you have finished using memory allocated by the SSP, free it by calling the FreeContextBuffer function.

After the SECPKG_ATTR_REMOTE_CERT_CONTEXT or SECPKG_ATTR_LOCAL_CERT_CONTEXT value has been read, the hCertStore member is set to a handle to a certificate store that contains the intermediate certificates, if any. Also, the application has is responsible for calling CertFreeCertificateContext to release the memory used by the certificate context.

Requirements

Requirement Value
Minimum supported client
 Windows 8.1 [desktop apps only]
Minimum supported server
 Windows Server 2012 R2 [desktop apps only]
Header
Sspi.h (include Security.h)
Library
Secur32.lib
DLL
Secur32.dll
Unicode and ANSI names
 QueryContextAttributesW (Unicode) and QueryContextAttributesA (ANSI)

See also

SSPI Functions

CERT_CONTEXT

FreeContextBuffer

SecPkgContext_Authority

SecPkgContext_ConnectionInfo

SecPkgContext_DceInfo

SecPkgContext_IssuerListInfoEx

SecPkgContext_KeyInfo

SecPkgContext_Lifespan

SecPkgContext_Names

SecPkgContext_Sizes

SecPkgContext_StreamSizes