SpQueryMetaDataFn callback function (ntsecpkg.h)
Gets metadata from a security support provider (SSP) when it is initiating a security context.
Syntax
SpQueryMetaDataFn Spquerymetadatafn;
NTSTATUS Spquerymetadatafn(
[in] LSA_SEC_HANDLE CredentialHandle,
[in, optional] PUNICODE_STRING TargetName,
[in] ULONG ContextRequirements,
[out] PULONG MetaDataLength,
[out] PUCHAR *MetaData,
[in, out] PLSA_SEC_HANDLE ContextHandle
)
{...}
Parameters
[in] CredentialHandle
A handle to the credentials to use for the security context. If the ContextHandle parameter points to NULL on input, this function uses the value of this parameter to create a security context.
The value of this parameter cannot be NULL if the ContextHandle parameter points to NULL on input.
[in, optional] TargetName
A pointer to a UNICODE_STRING that contains the name of the target of the context.
[in] ContextRequirements
Flags that indicate the context attributes required by the client.
The following are valid values. Values can be combined by using a logical OR operation.
| Value | Meaning |
|---|---|
|
The server is allowed to impersonate the client. |
|
Both the client and the server are required to prove their identity. |
|
The security context will support the detection of replayed packets. |
|
The security context will support the detection of out-of-order messages. |
|
A new session key must be negotiated. |
|
If the client is an interactive user, the package must, if possible, prompt the user for the appropriate credentials. |
|
The input buffer contains package-specific credential information which should be used to authenticate the connection. |
|
The package must allocate memory. The caller must eventually call the FreeContextBuffer function to free memory allocated by the package. |
|
The caller expects a three-leg mutual authentication transaction. |
|
A datagram-type communications channel should be used. For more information, see Datagram Contexts. |
|
A connection-type communications channel should be used. For more information, see Connection-Oriented Contexts. |
|
If the context fails, generate an error reply message to send back to the client. |
|
A stream-type communications channel should be used. For more information, see Stream Contexts. |
|
Buffer integrity is verified; however, replayed and out-of-sequence messages will not be detected. |
[out] MetaDataLength
The size, in characters, of the MetaData buffer.
[out] MetaData
The metadata that the SSP provides.
[in, out] ContextHandle
A handle to the security handle to use. If this parameter points to NULL on input, this function allocates and initializes a security context by using the values of the CredentialHandle and TargetName parameters.
If this parameter points to NULL on input, the CredentialHandle cannot be NULL.
Return value
If the function succeeds, return STATUS_SUCCESS, or an informational status code.
If the function fails, return an NTSTATUS error code that indicates the reason it failed. For more information, see Remarks.
Remarks
A pointer to the SpQueryMetaDataFn function is available in the SECPKG_FUNCTION_TABLE structure received from the SpLsaModeInitialize function.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 7 [desktop apps only] |
| Minimum supported server | Windows Server 2008 R2 [desktop apps only] |
| Target Platform | Windows |
| Header | ntsecpkg.h |