JwaNtSecApi.pas
上传用户:davidchvip
上传日期:2009-07-28
资源大小:1749k
文件大小:146k
源码类别:

Windows编程

开发平台:

Delphi

  1. {******************************************************************************}
  2. {                                                                       }
  3. { LSA API interface Unit for Object Pascal                                     }
  4. {                                                                       }
  5. { Portions created by Microsoft are Copyright (C) 1995-2001 Microsoft          }
  6. { Corporation. All Rights Reserved.                                            }
  7. {                 }
  8. { The original file is: ntsecapi.h, released June 2000. The original Pascal    }
  9. { code is: NtSecApi.pas, released December 2000. The initial developer of the  }
  10. { Pascal code is Marcel van Brakel (brakelm@chello.nl).                        }
  11. {                                                                              }
  12. { Portions created by Marcel van Brakel are Copyright (C) 1999-2001            }
  13. { Marcel van Brakel. All Rights Reserved.                                      }
  14. {                 }
  15. { Obtained through: Joint Endeavour of Delphi Innovators (Project JEDI)        }
  16. {                }
  17. { You may retrieve the latest version of this file at the Project JEDI home    }
  18. { page, located at http://delphi-jedi.org or my personal homepage located at   }
  19. { http://members.chello.nl/m.vanbrakel2                                        }
  20. {                }
  21. { The contents of this file are used with permission, subject to the Mozilla   }
  22. { Public License Version 1.1 (the "License"); you may not use this file except }
  23. { in compliance with the License. You may obtain a copy of the License at      }
  24. { http://www.mozilla.org/MPL/MPL-1.1.html                                      }
  25. {                                                                              }
  26. { Software distributed under the License is distributed on an "AS IS" basis,   }
  27. { WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for }
  28. { the specific language governing rights and limitations under the License.    }
  29. {                                                                              }
  30. { Alternatively, the contents of this file may be used under the terms of the  }
  31. { GNU Lesser General Public License (the  "LGPL License"), in which case the   }
  32. { provisions of the LGPL License are applicable instead of those above.        }
  33. { If you wish to allow use of your version of this file only under the terms   }
  34. { of the LGPL License and not to allow others to use your version of this file }
  35. { under the MPL, indicate your decision by deleting  the provisions above and  }
  36. { replace  them with the notice and other provisions required by the LGPL      }
  37. { License.  If you do not delete the provisions above, a recipient may use     }
  38. { your version of this file under either the MPL or the LGPL License.          }
  39. {                 }
  40. { For more information about the LGPL: http://www.gnu.org/copyleft/lesser.html }
  41. {                 }
  42. {******************************************************************************}
  43. unit JwaNtSecApi;
  44. {$WEAKPACKAGEUNIT}
  45. {$HPPEMIT ''}
  46. {$HPPEMIT '#include "ntsecapi.h"'}
  47. {$HPPEMIT ''}
  48. {$I WINDEFINES.INC}
  49. interface
  50. uses
  51.   JwaWinType, JwaNtStatus, JwaWinNT;
  52. //
  53. // Security operation mode of the system is held in a control
  54. // longword.
  55. //
  56. type
  57.   LSA_OPERATIONAL_MODE = ULONG;
  58.   {$EXTERNALSYM LSA_OPERATIONAL_MODE}
  59.   PLSA_OPERATIONAL_MODE = ^LSA_OPERATIONAL_MODE;
  60.   {$EXTERNALSYM PLSA_OPERATIONAL_MODE}
  61. //
  62. // The flags in the security operational mode are defined
  63. // as:
  64. //
  65. //    PasswordProtected - Some level of authentication (such as
  66. //        a password) must be provided by users before they are
  67. //        allowed to use the system.  Once set, this value will
  68. //        not be cleared without re-booting the system.
  69. //
  70. //    IndividualAccounts - Each user must identify an account to
  71. //        logon to.  This flag is only meaningful if the
  72. //        PasswordProtected flag is also set.  If this flag is
  73. //        not set and the PasswordProtected flag is set, then all
  74. //        users may logon to the same account.  Once set, this value
  75. //        will not be cleared without re-booting the system.
  76. //
  77. //    MandatoryAccess - Indicates the system is running in a mandatory
  78. //        access control mode (e.g., B-level as defined by the U.S.A's
  79. //        Department of Defense's "Orange Book").  This is not utilized
  80. //        in the current release of NT.  This flag is only meaningful
  81. //        if both the PasswordProtected and IndividualAccounts flags are
  82. //        set.  Once set, this value will not be cleared without
  83. //        re-booting the system.
  84. //
  85. //    LogFull - Indicates the system has been brought up in a mode in
  86. //        which if must perform security auditing, but its audit log
  87. //        is full.  This may (should) restrict the operations that
  88. //        can occur until the audit log is made not-full again.  THIS
  89. //        VALUE MAY BE CLEARED WHILE THE SYSTEM IS RUNNING (I.E., WITHOUT
  90. //        REBOOTING).
  91. //
  92. // If the PasswordProtected flag is not set, then the system is running
  93. // without security, and user interface should be adjusted appropriately.
  94. //
  95. const
  96.   LSA_MODE_PASSWORD_PROTECTED  = ($00000001);
  97.   {$EXTERNALSYM LSA_MODE_PASSWORD_PROTECTED}
  98.   LSA_MODE_INDIVIDUAL_ACCOUNTS = ($00000002);
  99.   {$EXTERNALSYM LSA_MODE_INDIVIDUAL_ACCOUNTS}
  100.   LSA_MODE_MANDATORY_ACCESS    = ($00000004);
  101.   {$EXTERNALSYM LSA_MODE_MANDATORY_ACCESS}
  102.   LSA_MODE_LOG_FULL            = ($00000008);
  103.   {$EXTERNALSYM LSA_MODE_LOG_FULL}
  104. //
  105. // Used by a logon process to indicate what type of logon is being
  106. // requested.
  107. //
  108. type
  109.   _SECURITY_LOGON_TYPE = (
  110.     seltFiller0, seltFiller1,
  111.     Interactive,        // Interactively logged on (locally or remotely)
  112.     Network,            // Accessing system via network
  113.     Batch,              // Started via a batch queue
  114.     Service,            // Service started by service controller
  115.     Proxy,              // Proxy logon
  116.     Unlock,             // Unlock workstation
  117.     NetworkCleartext,   // Network logon with cleartext credentials
  118.     NewCredentials,     // Clone caller, new default credentials
  119.     RemoteInteractive,  // Remote, yet interactive.  Terminal server
  120.     CachedInteractive,  // Try cached credentials without hitting the net.
  121.     CachedRemoteInteractive); // Same as RemoteInteractive, this is used internally for auditing purpose
  122.   {$EXTERNALSYM _SECURITY_LOGON_TYPE}
  123.   SECURITY_LOGON_TYPE = _SECURITY_LOGON_TYPE;
  124.   {$EXTERNALSYM SECURITY_LOGON_TYPE}
  125.   PSECURITY_LOGON_TYPE = ^SECURITY_LOGON_TYPE;
  126.   {$EXTERNALSYM PSECURITY_LOGON_TYPE}
  127.   TSecurityLogonType = SECURITY_LOGON_TYPE;
  128.   PSecurityLogonType = PSECURITY_LOGON_TYPE;
  129. //
  130. // Audit Event Categories
  131. //
  132. // The following are the built-in types or Categories of audit event.
  133. // WARNING!  This structure is subject to expansion.  The user should not
  134. // compute the number of elements of this type directly, but instead
  135. // should obtain the count of elements by calling LsaQueryInformationPolicy()
  136. // for the PolicyAuditEventsInformation class and extracting the count from
  137. // the MaximumAuditEventCount field of the returned structure.
  138. //
  139.   _POLICY_AUDIT_EVENT_TYPE = (
  140.     AuditCategorySystem,
  141.     AuditCategoryLogon,
  142.     AuditCategoryObjectAccess,
  143.     AuditCategoryPrivilegeUse,
  144.     AuditCategoryDetailedTracking,
  145.     AuditCategoryPolicyChange,
  146.     AuditCategoryAccountManagement,
  147.     AuditCategoryDirectoryServiceAccess,
  148.     AuditCategoryAccountLogon);
  149.   {$EXTERNALSYM _POLICY_AUDIT_EVENT_TYPE}
  150.   POLICY_AUDIT_EVENT_TYPE = _POLICY_AUDIT_EVENT_TYPE;
  151.   {$EXTERNALSYM POLICY_AUDIT_EVENT_TYPE}
  152.   PPOLICY_AUDIT_EVENT_TYPE = ^POLICY_AUDIT_EVENT_TYPE;
  153.   {$EXTERNALSYM PPOLICY_AUDIT_EVENT_TYPE}
  154.   TPolicyAuditEventType = POLICY_AUDIT_EVENT_TYPE;
  155.   PPolicyAuditEventType = PPOLICY_AUDIT_EVENT_TYPE;  
  156. //
  157. // The following defines describe the auditing options for each
  158. // event type
  159. //
  160. const
  161. // Leave options specified for this event unchanged
  162.   POLICY_AUDIT_EVENT_UNCHANGED = ($00000000);
  163.   {$EXTERNALSYM POLICY_AUDIT_EVENT_UNCHANGED}
  164. // Audit successful occurrences of events of this type
  165.   POLICY_AUDIT_EVENT_SUCCESS = ($00000001);
  166.   {$EXTERNALSYM POLICY_AUDIT_EVENT_SUCCESS}
  167. // Audit failed attempts to cause an event of this type to occur
  168.   POLICY_AUDIT_EVENT_FAILURE = ($00000002);
  169.   {$EXTERNALSYM POLICY_AUDIT_EVENT_FAILURE}
  170.   POLICY_AUDIT_EVENT_NONE    = ($00000004);
  171.   {$EXTERNALSYM POLICY_AUDIT_EVENT_NONE}
  172. // Mask of valid event auditing options
  173.   POLICY_AUDIT_EVENT_MASK = (POLICY_AUDIT_EVENT_SUCCESS or POLICY_AUDIT_EVENT_FAILURE or
  174.     POLICY_AUDIT_EVENT_UNCHANGED or POLICY_AUDIT_EVENT_NONE);
  175.   {$EXTERNALSYM POLICY_AUDIT_EVENT_MASK}
  176.   TPolicyAuditEventMask = POLICY_AUDIT_EVENT_MASK;
  177. type
  178.   PLSA_UNICODE_STRING = ^LSA_UNICODE_STRING;
  179.   {$EXTERNALSYM PLSA_UNICODE_STRING}
  180.   _LSA_UNICODE_STRING = record
  181.     Length: USHORT;
  182.     MaximumLength: USHORT;
  183.     Buffer: PWSTR;
  184.   end;
  185.   {$EXTERNALSYM _LSA_UNICODE_STRING}
  186.   LSA_UNICODE_STRING = _LSA_UNICODE_STRING;
  187.   {$EXTERNALSYM LSA_UNICODE_STRING}
  188.   TLsaUnicodeString = LSA_UNICODE_STRING;
  189.   PLsaUnicodeString = PLSA_UNICODE_STRING;
  190.   PLSA_STRING = ^LSA_STRING;
  191.   {$EXTERNALSYM PLSA_STRING}
  192.   _LSA_STRING = record
  193.     Length: USHORT;
  194.     MaximumLength: USHORT;
  195.     Buffer: PCHAR;
  196.   end;
  197.   {$EXTERNALSYM _LSA_STRING}
  198.   LSA_STRING = _LSA_STRING;
  199.   {$EXTERNALSYM LSA_STRING}
  200.   TLsaString = LSA_STRING;
  201.   PLsaString = PLSA_STRING;
  202.   PLSA_OBJECT_ATTRIBUTES = ^LSA_OBJECT_ATTRIBUTES;
  203.   {$EXTERNALSYM PLSA_OBJECT_ATTRIBUTES}
  204.   _LSA_OBJECT_ATTRIBUTES = record
  205.     Length: ULONG;
  206.     RootDirectory: HANDLE;
  207.     ObjectName: PLSA_UNICODE_STRING;
  208.     Attributes: ULONG;
  209.     SecurityDescriptor: PVOID; // Points to type SECURITY_DESCRIPTOR
  210.     SecurityQualityOfService: PVOID; // Points to type SECURITY_QUALITY_OF_SERVICE
  211.   end;
  212.   {$EXTERNALSYM _LSA_OBJECT_ATTRIBUTES}
  213.   LSA_OBJECT_ATTRIBUTES = _LSA_OBJECT_ATTRIBUTES;
  214.   {$EXTERNALSYM LSA_OBJECT_ATTRIBUTES}
  215.   TLsaObjectAttributes = LSA_OBJECT_ATTRIBUTES;
  216.   PLsaObjectAttributes = PLSA_OBJECT_ATTRIBUTES;
  217. //
  218. // Macro for determining whether an API succeeded.
  219. //
  220. function LSA_SUCCESS(Error: NTSTATUS): BOOL;
  221. {$EXTERNALSYM LSA_SUCCESS}
  222. function LsaRegisterLogonProcess(const LogonProcessName: LSA_STRING;
  223.   var LsaHandle: HANDLE; SecurityMode: PLSA_OPERATIONAL_MODE): NTSTATUS; stdcall;
  224. {$EXTERNALSYM LsaRegisterLogonProcess}
  225. function LsaLogonUser(LsaHandle: HANDLE; const OriginName: LSA_STRING;
  226.   LogonType: SECURITY_LOGON_TYPE; AuthenticationPackage: ULONG;
  227.   AuthenticationInformation: PVOID; AuthenticationInformationLength: ULONG;
  228.   LocalGroups: PTOKEN_GROUPS; SourceContext: PTOKEN_SOURCE;
  229.   var ProfileBuffer: PVOID; var ProfileBufferLength: ULONG; var LogonId: LUID;
  230.   var Token: HANDLE; var Quotas: QUOTA_LIMITS; var SubStatus: NTSTATUS): NTSTATUS; stdcall;
  231. {$EXTERNALSYM LsaLogonUser}
  232. function LsaLookupAuthenticationPackage(LsaHandle: HANDLE;
  233.   const PackageName: LSA_STRING; var AuthenticationPackage: ULONG): NTSTATUS; stdcall;
  234. {$EXTERNALSYM LsaLookupAuthenticationPackage}
  235. function LsaFreeReturnBuffer(Buffer: PVOID): NTSTATUS; stdcall;
  236. {$EXTERNALSYM LsaFreeReturnBuffer}
  237. function LsaCallAuthenticationPackage(LsaHandle: HANDLE;
  238.   AuthenticationPackage: ULONG; ProtocolSubmitBuffer: PVOID;
  239.   SubmitBufferLength: ULONG; var ProtocolReturnBuffer: PVOID;
  240.   var ReturnBufferLength: ULONG; var ProtocolStatus: NTSTATUS): NTSTATUS; stdcall;
  241. {$EXTERNALSYM LsaCallAuthenticationPackage}
  242. function LsaDeregisterLogonProcess(LsaHandle: HANDLE): NTSTATUS; stdcall;
  243. {$EXTERNALSYM LsaDeregisterLogonProcess}
  244. function LsaConnectUntrusted(var LsaHandle: HANDLE): NTSTATUS; stdcall;
  245. {$EXTERNALSYM LsaConnectUntrusted}
  246. ////////////////////////////////////////////////////////////////////////////
  247. //                                                                        //
  248. // Local Security Policy Administration API datatypes and defines         //
  249. //                                                                        //
  250. ////////////////////////////////////////////////////////////////////////////
  251. //
  252. // Access types for the Policy object
  253. //
  254. const
  255.   POLICY_VIEW_LOCAL_INFORMATION   = $00000001;
  256.   {$EXTERNALSYM POLICY_VIEW_LOCAL_INFORMATION}
  257.   POLICY_VIEW_AUDIT_INFORMATION   = $00000002;
  258.   {$EXTERNALSYM POLICY_VIEW_AUDIT_INFORMATION}
  259.   POLICY_GET_PRIVATE_INFORMATION  = $00000004;
  260.   {$EXTERNALSYM POLICY_GET_PRIVATE_INFORMATION}
  261.   POLICY_TRUST_ADMIN              = $00000008;
  262.   {$EXTERNALSYM POLICY_TRUST_ADMIN}
  263.   POLICY_CREATE_ACCOUNT           = $00000010;
  264.   {$EXTERNALSYM POLICY_CREATE_ACCOUNT}
  265.   POLICY_CREATE_SECRET            = $00000020;
  266.   {$EXTERNALSYM POLICY_CREATE_SECRET}
  267.   POLICY_CREATE_PRIVILEGE         = $00000040;
  268.   {$EXTERNALSYM POLICY_CREATE_PRIVILEGE}
  269.   POLICY_SET_DEFAULT_QUOTA_LIMITS = $00000080;
  270.   {$EXTERNALSYM POLICY_SET_DEFAULT_QUOTA_LIMITS}
  271.   POLICY_SET_AUDIT_REQUIREMENTS   = $00000100;
  272.   {$EXTERNALSYM POLICY_SET_AUDIT_REQUIREMENTS}
  273.   POLICY_AUDIT_LOG_ADMIN          = $00000200;
  274.   {$EXTERNALSYM POLICY_AUDIT_LOG_ADMIN}
  275.   POLICY_SERVER_ADMIN             = $00000400;
  276.   {$EXTERNALSYM POLICY_SERVER_ADMIN}
  277.   POLICY_LOOKUP_NAMES             = $00000800;
  278.   {$EXTERNALSYM POLICY_LOOKUP_NAMES}
  279.   POLICY_NOTIFICATION             = $00001000;
  280.   {$EXTERNALSYM POLICY_NOTIFICATION}
  281.   POLICY_ALL_ACCESS =         (STANDARD_RIGHTS_REQUIRED         or
  282.                                POLICY_VIEW_LOCAL_INFORMATION    or
  283.                                POLICY_VIEW_AUDIT_INFORMATION    or
  284.                                POLICY_GET_PRIVATE_INFORMATION   or
  285.                                POLICY_TRUST_ADMIN               or
  286.                                POLICY_CREATE_ACCOUNT            or
  287.                                POLICY_CREATE_SECRET             or
  288.                                POLICY_CREATE_PRIVILEGE          or
  289.                                POLICY_SET_DEFAULT_QUOTA_LIMITS  or
  290.                                POLICY_SET_AUDIT_REQUIREMENTS    or
  291.                                POLICY_AUDIT_LOG_ADMIN           or
  292.                                POLICY_SERVER_ADMIN              or
  293.                                POLICY_LOOKUP_NAMES);
  294.   {$EXTERNALSYM POLICY_ALL_ACCESS}
  295.   POLICY_READ =               (STANDARD_RIGHTS_READ or
  296.                                POLICY_VIEW_AUDIT_INFORMATION or
  297.                                POLICY_GET_PRIVATE_INFORMATION);
  298.   {$EXTERNALSYM POLICY_READ}
  299.   POLICY_WRITE =              (STANDARD_RIGHTS_WRITE            or
  300.                                POLICY_TRUST_ADMIN               or
  301.                                POLICY_CREATE_ACCOUNT            or
  302.                                POLICY_CREATE_SECRET             or
  303.                                POLICY_CREATE_PRIVILEGE          or
  304.                                POLICY_SET_DEFAULT_QUOTA_LIMITS  or
  305.                                POLICY_SET_AUDIT_REQUIREMENTS    or
  306.                                POLICY_AUDIT_LOG_ADMIN           or
  307.                                POLICY_SERVER_ADMIN);
  308.   {$EXTERNALSYM POLICY_WRITE}
  309.   POLICY_EXECUTE =            (STANDARD_RIGHTS_EXECUTE          or
  310.                                POLICY_VIEW_LOCAL_INFORMATION    or
  311.                                POLICY_LOOKUP_NAMES);
  312.   {$EXTERNALSYM POLICY_EXECUTE}
  313. //
  314. // Policy object specific data types.
  315. //
  316. //
  317. // The following data type is used to identify a domain
  318. //
  319. type
  320.   PLSA_TRUST_INFORMATION = ^LSA_TRUST_INFORMATION;
  321.   {$EXTERNALSYM PLSA_TRUST_INFORMATION}
  322.   _LSA_TRUST_INFORMATION = record
  323.     Name: LSA_UNICODE_STRING;
  324.     Sid: PSID;
  325.   end;
  326.   {$EXTERNALSYM _LSA_TRUST_INFORMATION}
  327.   LSA_TRUST_INFORMATION = _LSA_TRUST_INFORMATION;
  328.   {$EXTERNALSYM LSA_TRUST_INFORMATION}
  329.   TLsaTrustInformation = LSA_TRUST_INFORMATION;
  330.   PLsaTrustInformation = PLSA_TRUST_INFORMATION;
  331. // where members have the following usage:
  332. //
  333. //     Name - The name of the domain.
  334. //
  335. //     Sid - A pointer to the Sid of the Domain
  336. //
  337. //
  338. // The following data type is used in name and SID lookup services to
  339. // describe the domains referenced in the lookup operation.
  340. //
  341.   PLSA_REFERENCED_DOMAIN_LIST = ^LSA_REFERENCED_DOMAIN_LIST;
  342.   {$EXTERNALSYM PLSA_REFERENCED_DOMAIN_LIST}
  343.   _LSA_REFERENCED_DOMAIN_LIST = record
  344.     Entries: ULONG;
  345.     Domains: PLSA_TRUST_INFORMATION;
  346.   end;
  347.   {$EXTERNALSYM _LSA_REFERENCED_DOMAIN_LIST}
  348.   LSA_REFERENCED_DOMAIN_LIST = _LSA_REFERENCED_DOMAIN_LIST;
  349.   {$EXTERNALSYM LSA_REFERENCED_DOMAIN_LIST}
  350.   TLsaReferencedDomainList = LSA_REFERENCED_DOMAIN_LIST;
  351.   PLsaReferencedDomainList = PLSA_REFERENCED_DOMAIN_LIST;
  352. // where members have the following usage:
  353. //
  354. //     Entries - Is a count of the number of domains described in the
  355. //         Domains array.
  356. //
  357. //     Domains - Is a pointer to an array of Entries LSA_TRUST_INFORMATION data
  358. //         structures.
  359. //
  360. //
  361. // The following data type is used in name to SID lookup services to describe
  362. // the domains referenced in the lookup operation.
  363. //
  364.   PLSA_TRANSLATED_SID = ^LSA_TRANSLATED_SID;
  365.   {$EXTERNALSYM PLSA_TRANSLATED_SID}
  366.   _LSA_TRANSLATED_SID = record
  367.     Use: SID_NAME_USE;
  368.     RelativeId: ULONG;
  369.     DomainIndex: LONG;
  370.   end;
  371.   {$EXTERNALSYM _LSA_TRANSLATED_SID}
  372.   LSA_TRANSLATED_SID = _LSA_TRANSLATED_SID;
  373.   {$EXTERNALSYM LSA_TRANSLATED_SID}
  374.   TLsaTranslatedSid = LSA_TRANSLATED_SID;
  375.   PLsaTranslatedSid = PLSA_TRANSLATED_SID;
  376. // where members have the following usage:
  377. //
  378. //     Use - identifies the use of the SID.  If this value is SidUnknown or
  379. //         SidInvalid, then the remainder of the record is not set and
  380. //         should be ignored.
  381. //
  382. //     RelativeId - Contains the relative ID of the translated SID.  The
  383. //         remainder of the SID (the prefix) is obtained using the
  384. //         DomainIndex field.
  385. //
  386. //     DomainIndex - Is the index of an entry in a related
  387. //         LSA_REFERENCED_DOMAIN_LIST data structure describing the
  388. //         domain in which the account was found.
  389. //
  390. //         If there is no corresponding reference domain for an entry, then
  391. //         this field will contain a negative value.
  392. //
  393.   _LSA_TRANSLATED_SID2 = record
  394.     Use: SID_NAME_USE;
  395.     Sid: PSID;
  396.     DomainIndex: LONG;
  397.     Flags: ULONG;
  398.   end;
  399.   {$EXTERNALSYM _LSA_TRANSLATED_SID2}
  400.   LSA_TRANSLATED_SID2 = _LSA_TRANSLATED_SID2;
  401.   {$EXTERNALSYM LSA_TRANSLATED_SID2}
  402.   PLSA_TRANSLATED_SID2 = ^LSA_TRANSLATED_SID2;
  403.   {$EXTERNALSYM PLSA_TRANSLATED_SID2}
  404.   TLsaTranslatedSid2 = LSA_TRANSLATED_SID2;
  405.   PLsaTranslatedSid2 = PLSA_TRANSLATED_SID2;  
  406. // where members have the following usage:
  407. //
  408. //     Use - identifies the use of the SID.  If this value is SidUnknown or
  409. //         SidInvalid, then the remainder of the record is not set and
  410. //         should be ignored.
  411. //
  412. //     Sid - Contains the complete Sid of the tranlated SID
  413. //
  414. //     DomainIndex - Is the index of an entry in a related
  415. //         LSA_REFERENCED_DOMAIN_LIST data structure describing the
  416. //         domain in which the account was found.
  417. //
  418. //         If there is no corresponding reference domain for an entry, then
  419. //         this field will contain a negative value.
  420. //
  421. //
  422. // The following data type is used in SID to name lookup services to
  423. // describe the domains referenced in the lookup operation.
  424. //
  425.   PLSA_TRANSLATED_NAME = ^LSA_TRANSLATED_NAME;
  426.   {$EXTERNALSYM PLSA_TRANSLATED_NAME}
  427.   _LSA_TRANSLATED_NAME = record
  428.     Use: SID_NAME_USE;
  429.     Name: LSA_UNICODE_STRING;
  430.     DomainIndex: LONG;
  431.   end;
  432.   {$EXTERNALSYM _LSA_TRANSLATED_NAME}
  433.   LSA_TRANSLATED_NAME = _LSA_TRANSLATED_NAME;
  434.   {$EXTERNALSYM LSA_TRANSLATED_NAME}
  435.   TLsaTranslatedName = LSA_TRANSLATED_NAME;
  436.   PLsaTranslatedName = PLSA_TRANSLATED_NAME;
  437. // where the members have the following usage:
  438. //
  439. //     Use - Identifies the use of the name.  If this value is SidUnknown
  440. //         or SidInvalid, then the remainder of the record is not set and
  441. //         should be ignored.  If this value is SidWellKnownGroup then the
  442. //         Name field is invalid, but the DomainIndex field is not.
  443. //
  444. //     Name - Contains the isolated name of the translated SID.
  445. //
  446. //     DomainIndex - Is the index of an entry in a related
  447. //         LSA_REFERENCED_DOMAIN_LIST data structure describing the domain
  448. //         in which the account was found.
  449. //
  450. //         If there is no corresponding reference domain for an entry, then
  451. //         this field will contain a negative value.
  452. //
  453. //
  454. // The following data type is used to represent the role of the LSA
  455. // server (primary or backup).
  456. //
  457.   _POLICY_LSA_SERVER_ROLE = (plsrFiller0, plsrFiller1, PolicyServerRoleBackup,
  458.     PolicyServerRolePrimary);
  459.   {$EXTERNALSYM _POLICY_LSA_SERVER_ROLE}
  460.   POLICY_LSA_SERVER_ROLE = _POLICY_LSA_SERVER_ROLE;
  461.   {$EXTERNALSYM POLICY_LSA_SERVER_ROLE}
  462.   PPOLICY_LSA_SERVER_ROLE = ^POLICY_LSA_SERVER_ROLE;
  463.   {$EXTERNALSYM PPOLICY_LSA_SERVER_ROLE}
  464.   TPolicyLsaServerRole = POLICY_LSA_SERVER_ROLE;
  465.   PPolicyLsaServerRole = PPOLICY_LSA_SERVER_ROLE;
  466. //
  467. // The following data type is used to specify the auditing options for
  468. // an Audit Event Type.
  469. //
  470.   POLICY_AUDIT_EVENT_OPTIONS = ULONG;
  471.   {$EXTERNALSYM POLICY_AUDIT_EVENT_OPTIONS}
  472.   PPOLICY_AUDIT_EVENT_OPTIONS = POLICY_AUDIT_EVENT_OPTIONS;
  473.   {$EXTERNALSYM PPOLICY_AUDIT_EVENT_OPTIONS}
  474. // where the following flags can be set:
  475. //
  476. //     POLICY_AUDIT_EVENT_UNCHANGED - Leave existing auditing options
  477. //         unchanged for events of this type.  This flag is only used for
  478. //         set operations.  If this flag is set, then all other flags
  479. //         are ignored.
  480. //
  481. //     POLICY_AUDIT_EVENT_NONE - Cancel all auditing options for events
  482. //         of this type.  If this flag is set, the success/failure flags
  483. //         are ignored.
  484. //
  485. //     POLICY_AUDIT_EVENT_SUCCESS - When auditing is enabled, audit all
  486. //         successful occurrences of events of the given type.
  487. //
  488. //     POLICY_AUDIT_EVENT_FAILURE - When auditing is enabled, audit all
  489. //         unsuccessful occurrences of events of the given type.
  490. //
  491. //
  492. // The following data type defines the classes of Policy Information
  493. // that may be queried/set.
  494. //
  495. type
  496.   _POLICY_INFORMATION_CLASS = (
  497.     picFiller0,
  498.     PolicyAuditLogInformation,
  499.     PolicyAuditEventsInformation,
  500.     PolicyPrimaryDomainInformation,
  501.     PolicyPdAccountInformation,
  502.     PolicyAccountDomainInformation,
  503.     PolicyLsaServerRoleInformation,
  504.     PolicyReplicaSourceInformation,
  505.     PolicyDefaultQuotaInformation,
  506.     PolicyModificationInformation,
  507.     PolicyAuditFullSetInformation,
  508.     PolicyAuditFullQueryInformation,
  509.     PolicyDnsDomainInformation,
  510.     PolicyDnsDomainInformationInt);
  511.   {$EXTERNALSYM _POLICY_INFORMATION_CLASS}
  512.   POLICY_INFORMATION_CLASS = _POLICY_INFORMATION_CLASS;
  513.   {$EXTERNALSYM POLICY_INFORMATION_CLASS}
  514.   PPOLICY_INFORMATION_CLASS = ^POLICY_INFORMATION_CLASS;
  515.   {$EXTERNALSYM PPOLICY_INFORMATION_CLASS}
  516.   TPolicyInformationClass = POLICY_INFORMATION_CLASS;
  517.   PPolicyInformationClass = PPOLICY_INFORMATION_CLASS;
  518. //
  519. // The following data type corresponds to the PolicyAuditLogInformation
  520. // information class.  It is used to represent information relating to
  521. // the Audit Log.
  522. //
  523. // This structure may be used in both query and set operations.  However,
  524. // when used in set operations, some fields are ignored.
  525. //
  526.   PPOLICY_AUDIT_LOG_INFO = ^POLICY_AUDIT_LOG_INFO;
  527.   {$EXTERNALSYM PPOLICY_AUDIT_LOG_INFO}
  528.   _POLICY_AUDIT_LOG_INFO = record
  529.     AuditLogPercentFull: ULONG;
  530.     MaximumLogSize: ULONG;
  531.     AuditRetentionPeriod: LARGE_INTEGER;
  532.     AuditLogFullShutdownInProgress: ByteBool;
  533.     TimeToShutdown: LARGE_INTEGER;
  534.     NextAuditRecordId: ULONG;
  535.   end;
  536.   {$EXTERNALSYM _POLICY_AUDIT_LOG_INFO}
  537.   POLICY_AUDIT_LOG_INFO = _POLICY_AUDIT_LOG_INFO;
  538.   {$EXTERNALSYM POLICY_AUDIT_LOG_INFO}
  539.   TPolicyAuditLogInfo = POLICY_AUDIT_LOG_INFO;
  540.   PPolicyAuditLogInfo = PPOLICY_AUDIT_LOG_INFO;
  541. // where the members have the following usage:
  542. //
  543. //     AuditLogPercentFull - Indicates the percentage of the Audit Log
  544. //         currently being used.
  545. //
  546. //     MaximumLogSize - Specifies the maximum size of the Audit Log in
  547. //         kilobytes.
  548. //
  549. //     AuditRetentionPeriod - Indicates the length of time that Audit
  550. //         Records are to be retained.  Audit Records are discardable
  551. //         if their timestamp predates the current time minus the
  552. //         retention period.
  553. //
  554. //     AuditLogFullShutdownInProgress - Indicates whether or not a system
  555. //         shutdown is being initiated due to the security Audit Log becoming
  556. //         full.  This condition will only occur if the system is configured
  557. //         to shutdown when the log becomes full.
  558. //
  559. //         TRUE indicates that a shutdown is in progress
  560. //         FALSE indicates that a shutdown is not in progress.
  561. //
  562. //         Once a shutdown has been initiated, this flag will be set to
  563. //         TRUE.  If an administrator is able to currect the situation
  564. //         before the shutdown becomes irreversible, then this flag will
  565. //         be reset to false.
  566. //
  567. //         This field is ignored for set operations.
  568. //
  569. //     TimeToShutdown - If the AuditLogFullShutdownInProgress flag is set,
  570. //         then this field contains the time left before the shutdown
  571. //         becomes irreversible.
  572. //
  573. //         This field is ignored for set operations.
  574. //
  575. //
  576. // The following data type corresponds to the PolicyAuditEventsInformation
  577. // information class.  It is used to represent information relating to
  578. // the audit requirements.
  579. //
  580.   PPOLICY_AUDIT_EVENTS_INFO = ^POLICY_AUDIT_EVENTS_INFO;
  581.   {$EXTERNALSYM PPOLICY_AUDIT_EVENTS_INFO}
  582.   _POLICY_AUDIT_EVENTS_INFO = record
  583.     AuditingMode: ByteBool;
  584.     EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS;
  585.     MaximumAuditEventCount: ULONG;
  586.   end;
  587.   {$EXTERNALSYM _POLICY_AUDIT_EVENTS_INFO}
  588.   POLICY_AUDIT_EVENTS_INFO = _POLICY_AUDIT_EVENTS_INFO;
  589.   {$EXTERNALSYM POLICY_AUDIT_EVENTS_INFO}
  590.   TPolicyAuditEventsInfo = POLICY_AUDIT_EVENTS_INFO;
  591.   PPolicyAuditEventsInfo = PPOLICY_AUDIT_EVENTS_INFO;
  592. // where the members have the following usage:
  593. //
  594. //     AuditingMode - A Boolean variable specifying the Auditing Mode value.
  595. //         This value is interpreted as follows:
  596. //
  597. //         TRUE - Auditing is to be enabled (set operations) or is enabled
  598. //             (query operations).  Audit Records will be generated according
  599. //             to the Event Auditing Options in effect (see the
  600. //             EventAuditingOptions field.
  601. //
  602. //         FALSE - Auditing is to be disabled (set operations) or is
  603. //             disabled (query operations).  No Audit Records will be
  604. //             generated.  Note that for set operations the Event Auditing
  605. //             Options in effect will still be updated as specified by the
  606. //             EventAuditingOptions field whether Auditing is enabled or
  607. //             disabled.
  608. //
  609. //    EventAuditingOptions - Pointer to an array of Auditing Options
  610. //        indexed by Audit Event Type.
  611. //
  612. //    MaximumAuditEventCount - Specifiesa count of the number of Audit
  613. //        Event Types specified by the EventAuditingOptions parameter.  If
  614. //        this count is less than the number of Audit Event Types supported
  615. //        by the system, the Auditing Options for Event Types with IDs
  616. //        higher than (MaximumAuditEventCount + 1) are left unchanged.
  617. //
  618. //
  619. // The following structure corresponds to the PolicyAccountDomainInformation
  620. // information class.
  621. //
  622.   PPOLICY_ACCOUNT_DOMAIN_INFO = ^POLICY_ACCOUNT_DOMAIN_INFO;
  623.   {$EXTERNALSYM PPOLICY_ACCOUNT_DOMAIN_INFO}
  624.   _POLICY_ACCOUNT_DOMAIN_INFO = record
  625.     DomainName: LSA_UNICODE_STRING;
  626.     DomainSid: PSID;
  627.   end;
  628.   {$EXTERNALSYM _POLICY_ACCOUNT_DOMAIN_INFO}
  629.   POLICY_ACCOUNT_DOMAIN_INFO = _POLICY_ACCOUNT_DOMAIN_INFO;
  630.   {$EXTERNALSYM POLICY_ACCOUNT_DOMAIN_INFO}
  631.   TPolicyAccountDomainInfo = POLICY_ACCOUNT_DOMAIN_INFO;
  632.   PPolicyAccountDomainInfo = PPOLICY_ACCOUNT_DOMAIN_INFO;
  633. // where the members have the following usage:
  634. //
  635. //     DomainName - Is the name of the domain
  636. //
  637. //     DomainSid - Is the Sid of the domain
  638. //
  639. //
  640. // The following structure corresponds to the PolicyPrimaryDomainInformation
  641. // information class.
  642. //
  643.   PPOLICY_PRIMARY_DOMAIN_INFO = ^POLICY_PRIMARY_DOMAIN_INFO;
  644.   {$EXTERNALSYM PPOLICY_PRIMARY_DOMAIN_INFO}
  645.   _POLICY_PRIMARY_DOMAIN_INFO = record
  646.     Name: LSA_UNICODE_STRING;
  647.     Sid: PSID;
  648.   end;
  649.   {$EXTERNALSYM _POLICY_PRIMARY_DOMAIN_INFO}
  650.   POLICY_PRIMARY_DOMAIN_INFO = _POLICY_PRIMARY_DOMAIN_INFO;
  651.   {$EXTERNALSYM POLICY_PRIMARY_DOMAIN_INFO}
  652.   TPolicyPrimaryDomainInfo = POLICY_PRIMARY_DOMAIN_INFO;
  653.   PPolicyPrimaryDomainInfo = PPOLICY_PRIMARY_DOMAIN_INFO;
  654. // where the members have the following usage:
  655. //
  656. //     Name - Is the name of the domain
  657. //
  658. //     Sid - Is the Sid of the domain
  659. //
  660. //
  661. // The following structure corresponds to the PolicyDnsDomainInformation
  662. // information class
  663. //
  664.   PPOLICY_DNS_DOMAIN_INFO = ^POLICY_DNS_DOMAIN_INFO;
  665.   {$EXTERNALSYM PPOLICY_DNS_DOMAIN_INFO}
  666.   _POLICY_DNS_DOMAIN_INFO = record
  667.     Name: LSA_UNICODE_STRING;
  668.     DnsDomainName: LSA_UNICODE_STRING;
  669.     DnsForestName: LSA_UNICODE_STRING;
  670.     DomainGuid: GUID;
  671.     Sid: PSID;
  672.   end;
  673.   {$EXTERNALSYM _POLICY_DNS_DOMAIN_INFO}
  674.   POLICY_DNS_DOMAIN_INFO = _POLICY_DNS_DOMAIN_INFO;
  675.   {$EXTERNALSYM POLICY_DNS_DOMAIN_INFO}
  676.   TPolicyDnsDomainInfo = POLICY_DNS_DOMAIN_INFO;
  677.   PPolicyDnsDomainInfo = PPOLICY_DNS_DOMAIN_INFO;
  678. // where the members have the following usage:
  679. //
  680. //      Name - Is the name of the Domain
  681. //
  682. //      DnsDomainName - Is the DNS name of the domain
  683. //
  684. //      DnsForestName - Is the DNS forest name of the domain
  685. //
  686. //      DomainGuid - Is the GUID of the domain
  687. //
  688. //      Sid - Is the Sid of the domain
  689. //
  690. // The following structure corresponds to the PolicyPdAccountInformation
  691. // information class.  This structure may be used in Query operations
  692. // only.
  693. //
  694.   PPOLICY_PD_ACCOUNT_INFO = ^POLICY_PD_ACCOUNT_INFO;
  695.   {$EXTERNALSYM PPOLICY_PD_ACCOUNT_INFO}
  696.   _POLICY_PD_ACCOUNT_INFO = record
  697.     Name: LSA_UNICODE_STRING;
  698.   end;
  699.   {$EXTERNALSYM _POLICY_PD_ACCOUNT_INFO}
  700.   POLICY_PD_ACCOUNT_INFO = _POLICY_PD_ACCOUNT_INFO;
  701.   {$EXTERNALSYM POLICY_PD_ACCOUNT_INFO}
  702.   TPolicyPdAccountInfo = POLICY_PD_ACCOUNT_INFO;
  703.   PPolicyPdAccountInfo = PPOLICY_PD_ACCOUNT_INFO;
  704. // where the members have the following usage:
  705. //
  706. //     Name - Is the name of an account in the domain that should be used
  707. //         for authentication and name/ID lookup requests.
  708. //
  709. //
  710. // The following structure corresponds to the PolicyLsaServerRoleInformation
  711. // information class.
  712. //
  713.   PPOLICY_LSA_SERVER_ROLE_INFO = ^POLICY_LSA_SERVER_ROLE_INFO;
  714.   {$EXTERNALSYM PPOLICY_LSA_SERVER_ROLE_INFO}
  715.   _POLICY_LSA_SERVER_ROLE_INFO = record
  716.     LsaServerRole: POLICY_LSA_SERVER_ROLE;
  717.   end;
  718.   {$EXTERNALSYM _POLICY_LSA_SERVER_ROLE_INFO}
  719.   POLICY_LSA_SERVER_ROLE_INFO = _POLICY_LSA_SERVER_ROLE_INFO;
  720.   {$EXTERNALSYM POLICY_LSA_SERVER_ROLE_INFO}
  721.   TPolicyLsaServerRoleInfo = POLICY_LSA_SERVER_ROLE_INFO;
  722.   PPolicyLsaServerRoleInfo = PPOLICY_LSA_SERVER_ROLE_INFO;
  723. // where the fields have the following usage:
  724. //
  725. // TBS
  726. //
  727. //
  728. // The following structure corresponds to the PolicyReplicaSourceInformation
  729. // information class.
  730. //
  731.   PPOLICY_REPLICA_SOURCE_INFO = ^POLICY_REPLICA_SOURCE_INFO;
  732.   {$EXTERNALSYM PPOLICY_REPLICA_SOURCE_INFO}
  733.   _POLICY_REPLICA_SOURCE_INFO = record
  734.     ReplicaSource: LSA_UNICODE_STRING;
  735.     ReplicaAccountName: LSA_UNICODE_STRING;
  736.   end;
  737.   {$EXTERNALSYM _POLICY_REPLICA_SOURCE_INFO}
  738.   POLICY_REPLICA_SOURCE_INFO = _POLICY_REPLICA_SOURCE_INFO;
  739.   {$EXTERNALSYM POLICY_REPLICA_SOURCE_INFO}
  740.   TPolicyReplicaSourceInfo = POLICY_REPLICA_SOURCE_INFO;
  741.   PPolicyReplicaSourceInfo = PPOLICY_REPLICA_SOURCE_INFO;
  742. //
  743. // The following structure corresponds to the PolicyDefaultQuotaInformation
  744. // information class.
  745. //
  746.   PPOLICY_DEFAULT_QUOTA_INFO = ^POLICY_DEFAULT_QUOTA_INFO;
  747.   {$EXTERNALSYM PPOLICY_DEFAULT_QUOTA_INFO}
  748.   _POLICY_DEFAULT_QUOTA_INFO = record
  749.     QuotaLimits: QUOTA_LIMITS;
  750.   end;
  751.   {$EXTERNALSYM _POLICY_DEFAULT_QUOTA_INFO}
  752.   POLICY_DEFAULT_QUOTA_INFO = _POLICY_DEFAULT_QUOTA_INFO;
  753.   {$EXTERNALSYM POLICY_DEFAULT_QUOTA_INFO}
  754.   TPolicyDefaultQuotaInfo = POLICY_DEFAULT_QUOTA_INFO;
  755.   PPolicyDefaultQuotaInfo = PPOLICY_DEFAULT_QUOTA_INFO;
  756. //
  757. // The following structure corresponds to the PolicyModificationInformation
  758. // information class.
  759. //
  760.   PPOLICY_MODIFICATION_INFO = ^POLICY_MODIFICATION_INFO;
  761.   {$EXTERNALSYM PPOLICY_MODIFICATION_INFO}
  762.   _POLICY_MODIFICATION_INFO = record
  763.     ModifiedId: LARGE_INTEGER;
  764.     DatabaseCreationTime: LARGE_INTEGER;
  765.   end;
  766.   {$EXTERNALSYM _POLICY_MODIFICATION_INFO}
  767.   POLICY_MODIFICATION_INFO = _POLICY_MODIFICATION_INFO;
  768.   {$EXTERNALSYM POLICY_MODIFICATION_INFO}
  769.   TPolicyModificationInfo = POLICY_MODIFICATION_INFO;
  770.   PPolicyModificationInfo = PPOLICY_MODIFICATION_INFO;
  771. // where the members have the following usage:
  772. //
  773. //     ModifiedId - Is a 64-bit unsigned integer that is incremented each
  774. //         time anything in the LSA database is modified.  This value is
  775. //         only modified on Primary Domain Controllers.
  776. //
  777. //     DatabaseCreationTime - Is the date/time that the LSA Database was
  778. //         created.  On Backup Domain Controllers, this value is replicated
  779. //         from the Primary Domain Controller.
  780. //
  781. //
  782. // The following structure type corresponds to the PolicyAuditFullSetInformation
  783. // Information Class.
  784. //
  785.   PPOLICY_AUDIT_FULL_SET_INFO = ^POLICY_AUDIT_FULL_SET_INFO;
  786.   {$EXTERNALSYM PPOLICY_AUDIT_FULL_SET_INFO}
  787.   _POLICY_AUDIT_FULL_SET_INFO = record
  788.     ShutDownOnFull: ByteBool;
  789.   end;
  790.   {$EXTERNALSYM _POLICY_AUDIT_FULL_SET_INFO}
  791.   POLICY_AUDIT_FULL_SET_INFO = _POLICY_AUDIT_FULL_SET_INFO;
  792.   {$EXTERNALSYM POLICY_AUDIT_FULL_SET_INFO}
  793.   TPolicyAuditFullSetInfo = POLICY_AUDIT_FULL_SET_INFO;
  794.   PPolicyAuditFullSetInfo = PPOLICY_AUDIT_FULL_SET_INFO;
  795. //
  796. // The following structure type corresponds to the PolicyAuditFullQueryInformation
  797. // Information Class.
  798. //
  799.   PPOLICY_AUDIT_FULL_QUERY_INFO = ^POLICY_AUDIT_FULL_QUERY_INFO;
  800.   {$EXTERNALSYM PPOLICY_AUDIT_FULL_QUERY_INFO}
  801.   _POLICY_AUDIT_FULL_QUERY_INFO = record
  802.     ShutDownOnFull: ByteBool;
  803.     LogIsFull: ByteBool;
  804.   end;
  805.   {$EXTERNALSYM _POLICY_AUDIT_FULL_QUERY_INFO}
  806.   POLICY_AUDIT_FULL_QUERY_INFO = _POLICY_AUDIT_FULL_QUERY_INFO;
  807.   {$EXTERNALSYM POLICY_AUDIT_FULL_QUERY_INFO}
  808.   TPolicyAuditFullQueryInfo = POLICY_AUDIT_FULL_QUERY_INFO;
  809.   PPolicyAuditFullQueryInfo = PPOLICY_AUDIT_FULL_QUERY_INFO;
  810. //
  811. // The following data type defines the classes of Policy Information
  812. // that may be queried/set that has domain wide effect.
  813. //
  814.   _POLICY_DOMAIN_INFORMATION_CLASS = (
  815.     pdicFiller0,
  816.     PolicyDomainQualityOfServiceInformation, // value was used in W2K; no longer supported
  817.     PolicyDomainEfsInformation,
  818.     PolicyDomainKerberosTicketInformation);
  819.   {$EXTERNALSYM _POLICY_DOMAIN_INFORMATION_CLASS}
  820.   POLICY_DOMAIN_INFORMATION_CLASS = _POLICY_DOMAIN_INFORMATION_CLASS;
  821.   {$EXTERNALSYM POLICY_DOMAIN_INFORMATION_CLASS}
  822.   PPOLICY_DOMAIN_INFORMATION_CLASS = ^POLICY_DOMAIN_INFORMATION_CLASS;
  823.   {$EXTERNALSYM PPOLICY_DOMAIN_INFORMATION_CLASS}
  824.   TPolicyDomainInformationClass = POLICY_DOMAIN_INFORMATION_CLASS;
  825.   PPolicyDomainInformationClass = PPOLICY_DOMAIN_INFORMATION_CLASS;
  826. type
  827.   // mvb has dissapeared in november 2002 release!
  828.   PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO = ^POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
  829.   {$EXTERNALSYM PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO}
  830.   _POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO = record
  831.     QualityOfService: ULONG;
  832.   end;
  833.   {$EXTERNALSYM _POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO}
  834.   POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO = _POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
  835.   {$EXTERNALSYM POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO}
  836.   TPolicyDomainQualityOfServiceInfo = POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
  837.   PPolicyDomainQualityOfServiceInfo = PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
  838. //
  839. // where the members have the following usage:
  840. //
  841. //  QualityOfService - Determines what specific QOS actions a machine should take
  842. //
  843. //
  844. // The following structure corresponds to the PolicyEfsInformation
  845. // information class
  846. //
  847.   PPOLICY_DOMAIN_EFS_INFO = ^POLICY_DOMAIN_EFS_INFO;
  848.   {$EXTERNALSYM PPOLICY_DOMAIN_EFS_INFO}
  849.   _POLICY_DOMAIN_EFS_INFO = record
  850.     InfoLength: ULONG;
  851.     EfsBlob: PUCHAR;
  852.   end;
  853.   {$EXTERNALSYM _POLICY_DOMAIN_EFS_INFO}
  854.   POLICY_DOMAIN_EFS_INFO = _POLICY_DOMAIN_EFS_INFO;
  855.   {$EXTERNALSYM POLICY_DOMAIN_EFS_INFO}
  856.   TPolicyDomainEfsInfo = POLICY_DOMAIN_EFS_INFO;
  857.   PPolicyDomainEfsInfo = PPOLICY_DOMAIN_EFS_INFO;
  858. // where the members have the following usage:
  859. //
  860. //      InfoLength - Length of the EFS Information blob
  861. //
  862. //      EfsBlob - Efs blob data
  863. //
  864. //
  865. // The following structure corresponds to the PolicyDomainKerberosTicketInformation
  866. // information class
  867. const
  868.   POLICY_KERBEROS_VALIDATE_CLIENT = $00000080;
  869.   {$EXTERNALSYM POLICY_KERBEROS_VALIDATE_CLIENT}
  870. type
  871.   PPOLICY_DOMAIN_KERBEROS_TICKET_INFO = ^POLICY_DOMAIN_KERBEROS_TICKET_INFO;
  872.   {$EXTERNALSYM PPOLICY_DOMAIN_KERBEROS_TICKET_INFO}
  873.   _POLICY_DOMAIN_KERBEROS_TICKET_INFO = record
  874.     AuthenticationOptions: ULONG;
  875.     MaxServiceTicketAge: LARGE_INTEGER;
  876.     MaxTicketAge: LARGE_INTEGER;
  877.     MaxRenewAge: LARGE_INTEGER;
  878.     MaxClockSkew: LARGE_INTEGER;
  879.     Reserved: LARGE_INTEGER;
  880.   end;
  881.   {$EXTERNALSYM _POLICY_DOMAIN_KERBEROS_TICKET_INFO}
  882.   POLICY_DOMAIN_KERBEROS_TICKET_INFO = _POLICY_DOMAIN_KERBEROS_TICKET_INFO;
  883.   {$EXTERNALSYM POLICY_DOMAIN_KERBEROS_TICKET_INFO}
  884.   TPolicyDomainKerberosTicketInfo = POLICY_DOMAIN_KERBEROS_TICKET_INFO;
  885.   PPolicyDomainKerberosTicketInfo = PPOLICY_DOMAIN_KERBEROS_TICKET_INFO;
  886. //
  887. // where the members have the following usage
  888. //
  889. //      AuthenticationOptions -- allowed ticket options (POLICY_KERBEROS_* flags )
  890. //
  891. //      MaxServiceTicketAge   -- Maximum lifetime for a service ticket
  892. //
  893. //      MaxTicketAge -- Maximum lifetime for the initial ticket
  894. //
  895. //      MaxRenewAge -- Maximum cumulative age a renewable ticket can be with
  896. //                     requring authentication
  897. //
  898. //      MaxClockSkew -- Maximum tolerance for synchronization of computer clocks
  899. //
  900. //      Reserved   --  Reserved
  901. //
  902. // The following data type defines the classes of Policy Information / Policy Domain Information
  903. // that may be used to request notification
  904. //
  905.   _POLICY_NOTIFICATION_INFORMATION_CLASS = (
  906.     pnicFiller0,
  907.     PolicyNotifyAuditEventsInformation,
  908.     PolicyNotifyAccountDomainInformation,
  909.     PolicyNotifyServerRoleInformation,
  910.     PolicyNotifyDnsDomainInformation,
  911.     PolicyNotifyDomainEfsInformation,
  912.     PolicyNotifyDomainKerberosTicketInformation,
  913.     PolicyNotifyMachineAccountPasswordInformation);
  914.   {$EXTERNALSYM _POLICY_NOTIFICATION_INFORMATION_CLASS}
  915.   POLICY_NOTIFICATION_INFORMATION_CLASS = _POLICY_NOTIFICATION_INFORMATION_CLASS;
  916.   {$EXTERNALSYM POLICY_NOTIFICATION_INFORMATION_CLASS}
  917.   PPOLICY_NOTIFICATION_INFORMATION_CLASS = ^POLICY_NOTIFICATION_INFORMATION_CLASS;
  918.   {$EXTERNALSYM PPOLICY_NOTIFICATION_INFORMATION_CLASS}
  919.   TPolicyNotificationInformationClass = POLICY_NOTIFICATION_INFORMATION_CLASS;
  920.   PPolicyNotificationInformationClass = PPOLICY_NOTIFICATION_INFORMATION_CLASS;  
  921. //
  922. // LSA RPC Context Handle (Opaque form).  Note that a Context Handle is
  923. // always a pointer type unlike regular handles.
  924. //
  925.   LSA_HANDLE = PVOID;
  926.   {$EXTERNALSYM LSA_HANDLE}
  927.   PLSA_HANDLE = ^LSA_HANDLE;
  928.   {$EXTERNALSYM PLSA_HANDLE}
  929.   TLsaHandle = LSA_HANDLE;
  930. //
  931. // Trusted Domain Object specific data types
  932. //
  933. //
  934. // This data type defines the following information classes that may be
  935. // queried or set.
  936. //
  937.   _TRUSTED_INFORMATION_CLASS = (
  938.     ticFiller0,
  939.     TrustedDomainNameInformation,
  940.     TrustedControllersInformation,
  941.     TrustedPosixOffsetInformation,
  942.     TrustedPasswordInformation,
  943.     TrustedDomainInformationBasic,
  944.     TrustedDomainInformationEx,
  945.     TrustedDomainAuthInformation,
  946.     TrustedDomainFullInformation,
  947.     TrustedDomainAuthInformationInternal,
  948.     TrustedDomainFullInformationInternal,
  949.     TrustedDomainInformationEx2Internal,
  950.     TrustedDomainFullInformation2Internal);
  951.   {$EXTERNALSYM _TRUSTED_INFORMATION_CLASS}
  952.   TRUSTED_INFORMATION_CLASS = _TRUSTED_INFORMATION_CLASS;
  953.   {$EXTERNALSYM TRUSTED_INFORMATION_CLASS}
  954.   PTRUSTED_INFORMATION_CLASS = ^TRUSTED_INFORMATION_CLASS;
  955.   {$EXTERNALSYM PTRUSTED_INFORMATION_CLASS}
  956.   TTrustedInfomationClass = TRUSTED_INFORMATION_CLASS;
  957.   PTrustedInfomationClass = PTRUSTED_INFORMATION_CLASS;  
  958. //
  959. // The following data type corresponds to the TrustedDomainNameInformation
  960. // information class.
  961. //
  962.   PTRUSTED_DOMAIN_NAME_INFO = ^TRUSTED_DOMAIN_NAME_INFO;
  963.   {$EXTERNALSYM PTRUSTED_DOMAIN_NAME_INFO}
  964.   _TRUSTED_DOMAIN_NAME_INFO = record
  965.     Name: LSA_UNICODE_STRING;
  966.   end;
  967.   {$EXTERNALSYM _TRUSTED_DOMAIN_NAME_INFO}
  968.   TRUSTED_DOMAIN_NAME_INFO = _TRUSTED_DOMAIN_NAME_INFO;
  969.   {$EXTERNALSYM TRUSTED_DOMAIN_NAME_INFO}
  970.   TTrustedDomainNameInfo = TRUSTED_DOMAIN_NAME_INFO;
  971.   PTrustedDomainNameInfo = PTRUSTED_DOMAIN_NAME_INFO;
  972. // where members have the following meaning:
  973. //
  974. // Name - The name of the Trusted Domain.
  975. //
  976. //
  977. // The following data type corresponds to the TrustedControllersInformation
  978. // information class.
  979. //
  980.   PTRUSTED_CONTROLLERS_INFO = ^TRUSTED_CONTROLLERS_INFO;
  981.   {$EXTERNALSYM PTRUSTED_CONTROLLERS_INFO}
  982.   _TRUSTED_CONTROLLERS_INFO = record
  983.     Entries: ULONG;
  984.     Names: PLSA_UNICODE_STRING;
  985.   end;
  986.   {$EXTERNALSYM _TRUSTED_CONTROLLERS_INFO}
  987.   TRUSTED_CONTROLLERS_INFO = _TRUSTED_CONTROLLERS_INFO;
  988.   {$EXTERNALSYM TRUSTED_CONTROLLERS_INFO}
  989.   TTrustedControllersInfo = TRUSTED_CONTROLLERS_INFO;
  990.   PTrustedControllersInfo = PTRUSTED_CONTROLLERS_INFO;
  991. // where members have the following meaning:
  992. //
  993. // Entries - Indicate how mamy entries there are in the Names array.
  994. //
  995. // Names - Pointer to an array of LSA_UNICODE_STRING structures containing the
  996. //     names of domain controllers of the domain.  This information may not
  997. //     be accurate and should be used only as a hint.  The order of this
  998. //     list is considered significant and will be maintained.
  999. //
  1000. //     By convention, the first name in this list is assumed to be the
  1001. //     Primary Domain Controller of the domain.  If the Primary Domain
  1002. //     Controller is not known, the first name should be set to the NULL
  1003. //     string.
  1004. //
  1005. //
  1006. // The following data type corresponds to the TrustedPosixOffsetInformation
  1007. // information class.
  1008. //
  1009.   PTRUSTED_POSIX_OFFSET_INFO = ^TRUSTED_POSIX_OFFSET_INFO;
  1010.   {$EXTERNALSYM PTRUSTED_POSIX_OFFSET_INFO}
  1011.   _TRUSTED_POSIX_OFFSET_INFO = record
  1012.     Offset: ULONG;
  1013.   end;
  1014.   {$EXTERNALSYM _TRUSTED_POSIX_OFFSET_INFO}
  1015.   TRUSTED_POSIX_OFFSET_INFO = _TRUSTED_POSIX_OFFSET_INFO;
  1016.   {$EXTERNALSYM TRUSTED_POSIX_OFFSET_INFO}
  1017.   TTrustedPosixOffsetInfo = TRUSTED_POSIX_OFFSET_INFO;
  1018.   PTrustedPosixOffsetInfo = PTRUSTED_POSIX_OFFSET_INFO;
  1019. // where members have the following meaning:
  1020. //
  1021. // Offset - Is an offset to use for the generation of Posix user and group
  1022. //     IDs from SIDs.  The Posix ID corresponding to any particular SID is
  1023. //     generated by adding the RID of that SID to the Offset of the SID's
  1024. //     corresponding TrustedDomain object.
  1025. //
  1026. //
  1027. // The following data type corresponds to the TrustedPasswordInformation
  1028. // information class.
  1029. //
  1030.   PTRUSTED_PASSWORD_INFO = ^TRUSTED_PASSWORD_INFO;
  1031.   {$EXTERNALSYM PTRUSTED_PASSWORD_INFO}
  1032.   _TRUSTED_PASSWORD_INFO = record
  1033.     Password: LSA_UNICODE_STRING;
  1034.     OldPassword: LSA_UNICODE_STRING;
  1035.   end;
  1036.   {$EXTERNALSYM _TRUSTED_PASSWORD_INFO}
  1037.   TRUSTED_PASSWORD_INFO = _TRUSTED_PASSWORD_INFO;
  1038.   {$EXTERNALSYM TRUSTED_PASSWORD_INFO}
  1039.   TTrustedPasswordInfo = TRUSTED_PASSWORD_INFO;
  1040.   PTrustedPasswordInfo = PTRUSTED_PASSWORD_INFO;
  1041.   TRUSTED_DOMAIN_INFORMATION_BASIC = LSA_TRUST_INFORMATION;
  1042.   {$EXTERNALSYM TRUSTED_DOMAIN_INFORMATION_BASIC}
  1043.   PTRUSTED_DOMAIN_INFORMATION_BASIC = PLSA_TRUST_INFORMATION;
  1044.   {$EXTERNALSYM PTRUSTED_DOMAIN_INFORMATION_BASIC}
  1045.   TTrustedDomainInformationBasic = TRUSTED_DOMAIN_INFORMATION_BASIC;
  1046.   PTrustedDomainInformationBasic = PTRUSTED_DOMAIN_INFORMATION_BASIC;
  1047. //
  1048. // Direction of the trust
  1049. //
  1050. const
  1051.   TRUST_DIRECTION_DISABLED      = $00000000;
  1052.   {$EXTERNALSYM TRUST_DIRECTION_DISABLED}
  1053.   TRUST_DIRECTION_INBOUND       = $00000001;
  1054.   {$EXTERNALSYM TRUST_DIRECTION_INBOUND}
  1055.   TRUST_DIRECTION_OUTBOUND      = $00000002;
  1056.   {$EXTERNALSYM TRUST_DIRECTION_OUTBOUND}
  1057.   TRUST_DIRECTION_BIDIRECTIONAL = (TRUST_DIRECTION_INBOUND or TRUST_DIRECTION_OUTBOUND);
  1058.   {$EXTERNALSYM TRUST_DIRECTION_BIDIRECTIONAL}
  1059.   TRUST_TYPE_DOWNLEVEL = $00000001; // NT4 and before
  1060.   {$EXTERNALSYM TRUST_TYPE_DOWNLEVEL}
  1061.   TRUST_TYPE_UPLEVEL   = $00000002; // NT5
  1062.   {$EXTERNALSYM TRUST_TYPE_UPLEVEL}
  1063.   TRUST_TYPE_MIT       = $00000003; // Trust with a MIT Kerberos realm
  1064.   {$EXTERNALSYM TRUST_TYPE_MIT}
  1065. // TRUST_TYPE_DCE       = $00000004; // Trust with a DCE realm
  1066. // {$EXTERNALSYM TRUST_TYPE_DCE}
  1067. // Levels 0x5 - 0x000FFFFF reserved for future use
  1068. // Provider specific trust levels are from 0x00100000 to 0xFFF00000
  1069.   TRUST_ATTRIBUTE_NON_TRANSITIVE     = $00000001;  // Disallow transitivity
  1070.   {$EXTERNALSYM TRUST_ATTRIBUTE_NON_TRANSITIVE}
  1071.   TRUST_ATTRIBUTE_UPLEVEL_ONLY       = $00000002;  // Trust link only valid for uplevel client
  1072.   {$EXTERNALSYM TRUST_ATTRIBUTE_UPLEVEL_ONLY}
  1073.   TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = $00000004;  // Used to quarantine domains
  1074.   {$EXTERNALSYM TRUST_ATTRIBUTE_QUARANTINED_DOMAIN}
  1075.   TRUST_ATTRIBUTE_FOREST_TRANSITIVE  = $00000008;  // This link may contain forest trust information
  1076.   {$EXTERNALSYM TRUST_ATTRIBUTE_FOREST_TRANSITIVE}
  1077.   TRUST_ATTRIBUTE_CROSS_ORGANIZATION = $00000010;  // This trust is to a domain/forest which is not part of this enterprise
  1078.   {$EXTERNALSYM TRUST_ATTRIBUTE_CROSS_ORGANIZATION}
  1079.   TRUST_ATTRIBUTE_WITHIN_FOREST      = $00000020;  // Trust is internal to this forest
  1080.   {$EXTERNALSYM TRUST_ATTRIBUTE_WITHIN_FOREST}
  1081. // Trust attributes 0x00000040 through 0x00200000 are reserved for future use
  1082. // Trust attributes 0x00400000 through 0x00800000 were used previously (up to W2K) and should not be re-used
  1083. // Trust attributes 0x01000000 through 0x80000000 are reserved for user
  1084.   TRUST_ATTRIBUTES_VALID = DWORD($FF03FFFF);
  1085.   {$EXTERNALSYM TRUST_ATTRIBUTES_VALID}
  1086.   TRUST_ATTRIBUTES_USER  = DWORD($FF000000);
  1087.   {$EXTERNALSYM TRUST_ATTRIBUTES_USER}
  1088. type
  1089.   PTRUSTED_DOMAIN_INFORMATION_EX = ^TRUSTED_DOMAIN_INFORMATION_EX;
  1090.   {$EXTERNALSYM PTRUSTED_DOMAIN_INFORMATION_EX}
  1091.   _TRUSTED_DOMAIN_INFORMATION_EX = record
  1092.     Name: LSA_UNICODE_STRING;
  1093.     FlatName: LSA_UNICODE_STRING;
  1094.     Sid: PSID;
  1095.     TrustDirection: ULONG;
  1096.     TrustType: ULONG;
  1097.     TrustAttributes: ULONG;
  1098.   end;
  1099.   {$EXTERNALSYM _TRUSTED_DOMAIN_INFORMATION_EX}
  1100.   TRUSTED_DOMAIN_INFORMATION_EX = _TRUSTED_DOMAIN_INFORMATION_EX;
  1101.   {$EXTERNALSYM TRUSTED_DOMAIN_INFORMATION_EX}
  1102.   TTrustedDomainInformationEx = TRUSTED_DOMAIN_INFORMATION_EX;
  1103.   PTrustedDomainInformationEx = PTRUSTED_DOMAIN_INFORMATION_EX;
  1104.   _TRUSTED_DOMAIN_INFORMATION_EX2 = record
  1105.     Name: LSA_UNICODE_STRING;
  1106.     FlatName: LSA_UNICODE_STRING;
  1107.     Sid: PSID;
  1108.     TrustDirection: ULONG;
  1109.     TrustType: ULONG;
  1110.     TrustAttributes: ULONG;
  1111.     ForestTrustLength: ULONG;
  1112.     ForestTrustInfo: PUCHAR;
  1113.   end;
  1114.   {$EXTERNALSYM _TRUSTED_DOMAIN_INFORMATION_EX2}
  1115.   TRUSTED_DOMAIN_INFORMATION_EX2 = _TRUSTED_DOMAIN_INFORMATION_EX2;
  1116.   {$EXTERNALSYM TRUSTED_DOMAIN_INFORMATION_EX2}
  1117.   PTRUSTED_DOMAIN_INFORMATION_EX2 = ^TRUSTED_DOMAIN_INFORMATION_EX2;
  1118.   {$EXTERNALSYM PTRUSTED_DOMAIN_INFORMATION_EX2}
  1119.   TTrustedDomainInformationEx2 = TRUSTED_DOMAIN_INFORMATION_EX2;
  1120.   PTrustedDomainInformationEx2 = PTRUSTED_DOMAIN_INFORMATION_EX2;
  1121. //
  1122. // Type of authentication information
  1123. //
  1124. const
  1125.   TRUST_AUTH_TYPE_NONE    = 0; // Ignore this entry
  1126.   {$EXTERNALSYM TRUST_AUTH_TYPE_NONE}
  1127.   TRUST_AUTH_TYPE_NT4OWF  = 1; // NT4 OWF password
  1128.   {$EXTERNALSYM TRUST_AUTH_TYPE_NT4OWF}
  1129.   TRUST_AUTH_TYPE_CLEAR   = 2; // Cleartext password
  1130.   {$EXTERNALSYM TRUST_AUTH_TYPE_CLEAR}
  1131.   TRUST_AUTH_TYPE_VERSION = 3; // Cleartext password version number
  1132.   {$EXTERNALSYM TRUST_AUTH_TYPE_VERSION}
  1133. type
  1134.   PLSA_AUTH_INFORMATION = ^LSA_AUTH_INFORMATION;
  1135.   {$EXTERNALSYM PLSA_AUTH_INFORMATION}
  1136.   _LSA_AUTH_INFORMATION = record
  1137.     LastUpdateTime: LARGE_INTEGER;
  1138.     AuthType: ULONG;
  1139.     AuthInfoLength: ULONG;
  1140.     AuthInfo: PUCHAR;
  1141.   end;
  1142.   {$EXTERNALSYM _LSA_AUTH_INFORMATION}
  1143.   LSA_AUTH_INFORMATION = _LSA_AUTH_INFORMATION;
  1144.   {$EXTERNALSYM LSA_AUTH_INFORMATION}
  1145.   TLsaAuthInformation = LSA_AUTH_INFORMATION;
  1146.   PLsaAuthInformation = PLSA_AUTH_INFORMATION;
  1147.   PTRUSTED_DOMAIN_AUTH_INFORMATION = ^TRUSTED_DOMAIN_AUTH_INFORMATION;
  1148.   {$EXTERNALSYM PTRUSTED_DOMAIN_AUTH_INFORMATION}
  1149.   _TRUSTED_DOMAIN_AUTH_INFORMATION = record
  1150.     IncomingAuthInfos: ULONG;
  1151.     IncomingAuthenticationInformation: PLSA_AUTH_INFORMATION;
  1152.     IncomingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION;
  1153.     OutgoingAuthInfos: ULONG;
  1154.     OutgoingAuthenticationInformation: PLSA_AUTH_INFORMATION;
  1155.     OutgoingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION;
  1156.   end;
  1157.   {$EXTERNALSYM _TRUSTED_DOMAIN_AUTH_INFORMATION}
  1158.   TRUSTED_DOMAIN_AUTH_INFORMATION = _TRUSTED_DOMAIN_AUTH_INFORMATION;
  1159.   {$EXTERNALSYM TRUSTED_DOMAIN_AUTH_INFORMATION}
  1160.   TTrustedDomainAuthInformation = TRUSTED_DOMAIN_AUTH_INFORMATION;
  1161.   PTrustedDomainAuthInformation = PTRUSTED_DOMAIN_AUTH_INFORMATION;
  1162.   PTRUSTED_DOMAIN_FULL_INFORMATION = ^TRUSTED_DOMAIN_FULL_INFORMATION;
  1163.   {$EXTERNALSYM PTRUSTED_DOMAIN_FULL_INFORMATION}
  1164.   _TRUSTED_DOMAIN_FULL_INFORMATION = record
  1165.     Information: TRUSTED_DOMAIN_INFORMATION_EX;
  1166.     PosixOffset: TRUSTED_POSIX_OFFSET_INFO;
  1167.     AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION;
  1168.   end;
  1169.   {$EXTERNALSYM _TRUSTED_DOMAIN_FULL_INFORMATION}
  1170.   TRUSTED_DOMAIN_FULL_INFORMATION = _TRUSTED_DOMAIN_FULL_INFORMATION;
  1171.   {$EXTERNALSYM TRUSTED_DOMAIN_FULL_INFORMATION}
  1172.   TTrustedDomainFullInformation = TRUSTED_DOMAIN_FULL_INFORMATION;
  1173.   PTrustedDomainFullInformation = PTRUSTED_DOMAIN_FULL_INFORMATION;
  1174.   PTRUSTED_DOMAIN_FULL_INFORMATION2 = ^TRUSTED_DOMAIN_FULL_INFORMATION2;
  1175.   {$EXTERNALSYM PTRUSTED_DOMAIN_FULL_INFORMATION2}
  1176.   _TRUSTED_DOMAIN_FULL_INFORMATION2 = record
  1177.     Information: TRUSTED_DOMAIN_INFORMATION_EX2;
  1178.     PosixOffset: TRUSTED_POSIX_OFFSET_INFO;
  1179.     AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION;
  1180.   end;
  1181.   {$EXTERNALSYM _TRUSTED_DOMAIN_FULL_INFORMATION2}
  1182.   TRUSTED_DOMAIN_FULL_INFORMATION2 = _TRUSTED_DOMAIN_FULL_INFORMATION2;
  1183.   {$EXTERNALSYM TRUSTED_DOMAIN_FULL_INFORMATION2}
  1184.   TTrustedDomainFullInformation2 = TRUSTED_DOMAIN_FULL_INFORMATION2;
  1185.   PTrustedDomainFullInformation2 = PTRUSTED_DOMAIN_FULL_INFORMATION2;
  1186.   LSA_FOREST_TRUST_RECORD_TYPE = (
  1187.     ForestTrustTopLevelName,
  1188.     ForestTrustTopLevelNameEx,
  1189.     ForestTrustDomainInfo);
  1190.   {$EXTERNALSYM LSA_FOREST_TRUST_RECORD_TYPE}
  1191.   TLsaForestTrustRecordType = LSA_FOREST_TRUST_RECORD_TYPE;
  1192. const
  1193.   ForestTrustRecordTypeLast = ForestTrustDomainInfo;
  1194.   {$EXTERNALSYM ForestTrustRecordTypeLast}
  1195. //
  1196. // Bottom 16 bits of the flags are reserved for disablement reasons
  1197. //
  1198.   LSA_FTRECORD_DISABLED_REASONS = $0000FFFF;
  1199.   {$EXTERNALSYM LSA_FTRECORD_DISABLED_REASONS}
  1200. //
  1201. // Reasons for a top-level name forest trust record to be disabled
  1202. //
  1203.   LSA_TLN_DISABLED_NEW      = $00000001;
  1204.   {$EXTERNALSYM LSA_TLN_DISABLED_NEW}
  1205.   LSA_TLN_DISABLED_ADMIN    = $00000002;
  1206.   {$EXTERNALSYM LSA_TLN_DISABLED_ADMIN}
  1207.   LSA_TLN_DISABLED_CONFLICT = $00000004;
  1208.   {$EXTERNALSYM LSA_TLN_DISABLED_CONFLICT}
  1209. //
  1210. // Reasons for a domain information forest trust record to be disabled
  1211. //
  1212.   LSA_SID_DISABLED_ADMIN    = $00000001;
  1213.   {$EXTERNALSYM LSA_SID_DISABLED_ADMIN}
  1214.   LSA_SID_DISABLED_CONFLICT = $00000002;
  1215.   {$EXTERNALSYM LSA_SID_DISABLED_CONFLICT}
  1216.   LSA_NB_DISABLED_ADMIN     = $00000004;
  1217.   {$EXTERNALSYM LSA_NB_DISABLED_ADMIN}
  1218.   LSA_NB_DISABLED_CONFLICT  = $00000008;
  1219.   {$EXTERNALSYM LSA_NB_DISABLED_CONFLICT}
  1220. type
  1221.   PLSA_FOREST_TRUST_DOMAIN_INFO = ^LSA_FOREST_TRUST_DOMAIN_INFO;
  1222.   {$EXTERNALSYM PLSA_FOREST_TRUST_DOMAIN_INFO}
  1223.   _LSA_FOREST_TRUST_DOMAIN_INFO = record
  1224.     Sid: PSID;
  1225.     DnsName: LSA_UNICODE_STRING;
  1226.     NetbiosName: LSA_UNICODE_STRING;
  1227.   end;
  1228.   {$EXTERNALSYM _LSA_FOREST_TRUST_DOMAIN_INFO}
  1229.   LSA_FOREST_TRUST_DOMAIN_INFO = _LSA_FOREST_TRUST_DOMAIN_INFO;
  1230.   {$EXTERNALSYM LSA_FOREST_TRUST_DOMAIN_INFO}
  1231.   TLsaForestTrustDomainInfo = LSA_FOREST_TRUST_DOMAIN_INFO;
  1232.   PLsaForestTrustDomainInfo = PLSA_FOREST_TRUST_DOMAIN_INFO;
  1233. //
  1234. //  To prevent huge data to be passed in, we should put a limit on LSA_FOREST_TRUST_BINARY_DATA.
  1235. //      128K is large enough that can't be reached in the near future, and small enough not to
  1236. //      cause memory problems.
  1237. const
  1238.   MAX_FOREST_TRUST_BINARY_DATA_SIZE = (128 * 1024);
  1239.   {$EXTERNALSYM MAX_FOREST_TRUST_BINARY_DATA_SIZE}
  1240. type
  1241.   PLSA_FOREST_TRUST_BINARY_DATA = ^LSA_FOREST_TRUST_BINARY_DATA;
  1242.   {$EXTERNALSYM PLSA_FOREST_TRUST_BINARY_DATA}
  1243.   _LSA_FOREST_TRUST_BINARY_DATA = record
  1244.     Length: ULONG;
  1245.     Buffer: PUCHAR;
  1246.   end;
  1247.   {$EXTERNALSYM _LSA_FOREST_TRUST_BINARY_DATA}
  1248.   LSA_FOREST_TRUST_BINARY_DATA = _LSA_FOREST_TRUST_BINARY_DATA;
  1249.   {$EXTERNALSYM LSA_FOREST_TRUST_BINARY_DATA}
  1250.   TLsaForestTrustBinaryData = LSA_FOREST_TRUST_BINARY_DATA;
  1251.   PLsaForestTrustBinaryData = PLSA_FOREST_TRUST_BINARY_DATA;
  1252.   PLSA_FOREST_TRUST_RECORD = ^LSA_FOREST_TRUST_RECORD;
  1253.   {$EXTERNALSYM PLSA_FOREST_TRUST_RECORD}
  1254.   _LSA_FOREST_TRUST_RECORD = record
  1255.     Flags: ULONG;
  1256.     ForestTrustType: LSA_FOREST_TRUST_RECORD_TYPE; // type of record
  1257.     Time: LARGE_INTEGER;
  1258.     case Integer of                                       // actual data
  1259.       0: (TopLevelName: LSA_UNICODE_STRING);
  1260.       1: (DomainInfo: LSA_FOREST_TRUST_DOMAIN_INFO);
  1261.       2: (Data: LSA_FOREST_TRUST_BINARY_DATA); // used for unrecognized types
  1262.     // } ForestTrustData;
  1263.   end;
  1264.   {$EXTERNALSYM _LSA_FOREST_TRUST_RECORD}
  1265.   LSA_FOREST_TRUST_RECORD = _LSA_FOREST_TRUST_RECORD;
  1266.   {$EXTERNALSYM LSA_FOREST_TRUST_RECORD}
  1267.   TLsaForestTrustRecord = LSA_FOREST_TRUST_RECORD;
  1268.   PLsaForestTrustRecord = PLSA_FOREST_TRUST_RECORD;
  1269. //
  1270. // To prevent forest trust blobs of large size, number of records must be
  1271. // smaller than MAX_RECORDS_IN_FOREST_TRUST_INFO
  1272. //
  1273. const
  1274.   MAX_RECORDS_IN_FOREST_TRUST_INFO = 4000;
  1275.   {$EXTERNALSYM MAX_RECORDS_IN_FOREST_TRUST_INFO}
  1276. type
  1277.   PLSA_FOREST_TRUST_INFORMATION = ^LSA_FOREST_TRUST_INFORMATION;
  1278.   {$EXTERNALSYM PLSA_FOREST_TRUST_INFORMATION}
  1279.   _LSA_FOREST_TRUST_INFORMATION = record
  1280.     RecordCount: ULONG;
  1281.     Entries: ^PLSA_FOREST_TRUST_RECORD;
  1282.   end;
  1283.   {$EXTERNALSYM _LSA_FOREST_TRUST_INFORMATION}
  1284.   LSA_FOREST_TRUST_INFORMATION = _LSA_FOREST_TRUST_INFORMATION;
  1285.   {$EXTERNALSYM LSA_FOREST_TRUST_INFORMATION}
  1286.   TLsaForestTrustInformation = LSA_FOREST_TRUST_INFORMATION;
  1287.   PLsaForestTrustInformation = PLSA_FOREST_TRUST_INFORMATION;
  1288.   LSA_FOREST_TRUST_COLLISION_RECORD_TYPE = (
  1289.     CollisionTdo,
  1290.     CollisionXref,
  1291.     CollisionOther);
  1292.   {$EXTERNALSYM LSA_FOREST_TRUST_COLLISION_RECORD_TYPE}
  1293.   TLsaForestTrustCollisionRecordType = LSA_FOREST_TRUST_COLLISION_RECORD_TYPE;
  1294.   PLSA_FOREST_TRUST_COLLISION_RECORD = ^LSA_FOREST_TRUST_COLLISION_RECORD;
  1295.   {$EXTERNALSYM PLSA_FOREST_TRUST_COLLISION_RECORD}
  1296.   _LSA_FOREST_TRUST_COLLISION_RECORD = record
  1297.     Index: ULONG;
  1298.     Type_: LSA_FOREST_TRUST_COLLISION_RECORD_TYPE;
  1299.     Flags: ULONG;
  1300.     Name: LSA_UNICODE_STRING;
  1301.   end;
  1302.   {$EXTERNALSYM _LSA_FOREST_TRUST_COLLISION_RECORD}
  1303.   LSA_FOREST_TRUST_COLLISION_RECORD = _LSA_FOREST_TRUST_COLLISION_RECORD;
  1304.   {$EXTERNALSYM LSA_FOREST_TRUST_COLLISION_RECORD}
  1305.   TLsaForestTrustCollisionRecord = LSA_FOREST_TRUST_COLLISION_RECORD;
  1306.   PLsaForestTrustCollisionRecord = PLSA_FOREST_TRUST_COLLISION_RECORD;
  1307.   PLSA_FOREST_TRUST_COLLISION_INFORMATION = ^LSA_FOREST_TRUST_COLLISION_INFORMATION;
  1308.   {$EXTERNALSYM PLSA_FOREST_TRUST_COLLISION_INFORMATION}
  1309.   _LSA_FOREST_TRUST_COLLISION_INFORMATION = record
  1310.     RecordCount: ULONG;
  1311.     Entries: ^PLSA_FOREST_TRUST_COLLISION_RECORD;
  1312.   end;
  1313.   {$EXTERNALSYM _LSA_FOREST_TRUST_COLLISION_INFORMATION}
  1314.   LSA_FOREST_TRUST_COLLISION_INFORMATION = _LSA_FOREST_TRUST_COLLISION_INFORMATION;
  1315.   {$EXTERNALSYM LSA_FOREST_TRUST_COLLISION_INFORMATION}
  1316.   TLsaForestTrustCollisionInformation = LSA_FOREST_TRUST_COLLISION_INFORMATION;
  1317.   PLsaForestTrustCollisionInformation = PLSA_FOREST_TRUST_COLLISION_INFORMATION;
  1318. //
  1319. // LSA Enumeration Context
  1320. //
  1321.   LSA_ENUMERATION_HANDLE = ULONG;
  1322.   {$EXTERNALSYM LSA_ENUMERATION_HANDLE}
  1323.   PLSA_ENUMERATION_HANDLE = LSA_ENUMERATION_HANDLE;
  1324.   {$EXTERNALSYM PLSA_ENUMERATION_HANDLE}
  1325. //
  1326. // LSA Enumeration Information
  1327. //
  1328.   PLSA_ENUMERATION_INFORMATION = ^LSA_ENUMERATION_INFORMATION;
  1329.   {$EXTERNALSYM PLSA_ENUMERATION_INFORMATION}
  1330.   _LSA_ENUMERATION_INFORMATION = record
  1331.     Sid: PSID;
  1332.   end;
  1333.   {$EXTERNALSYM _LSA_ENUMERATION_INFORMATION}
  1334.   LSA_ENUMERATION_INFORMATION = _LSA_ENUMERATION_INFORMATION;
  1335.   {$EXTERNALSYM LSA_ENUMERATION_INFORMATION}
  1336.   TLsaEnumerationInformation = LSA_ENUMERATION_INFORMATION;
  1337.   PLsaEnumerationInformation = PLSA_ENUMERATION_INFORMATION;
  1338. ////////////////////////////////////////////////////////////////////////////
  1339. //                                                                        //
  1340. // Local Security Policy - Miscellaneous API function prototypes          //
  1341. //                                                                        //
  1342. ////////////////////////////////////////////////////////////////////////////
  1343. function LsaFreeMemory(Buffer: PVOID): NTSTATUS; stdcall;
  1344. {$EXTERNALSYM LsaFreeMemory}
  1345. function LsaClose(ObjectHandle: LSA_HANDLE): NTSTATUS; stdcall;
  1346. {$EXTERNALSYM LsaClose}
  1347. type
  1348.   _SECURITY_LOGON_SESSION_DATA = record
  1349.     Size: ULONG;
  1350.     LogonId: LUID;
  1351.     UserName: LSA_UNICODE_STRING;
  1352.     LogonDomain: LSA_UNICODE_STRING;
  1353.     AuthenticationPackage: LSA_UNICODE_STRING;
  1354.     LogonType: SECURITY_LOGON_TYPE;
  1355.     Session: ULONG;
  1356.     Sid: PSID;
  1357.     LogonTime: LARGE_INTEGER;
  1358.     //
  1359.     // new for whistler:
  1360.     //
  1361.     LogonServer: LSA_UNICODE_STRING;
  1362.     DnsDomainName: LSA_UNICODE_STRING;
  1363.     Upn: LSA_UNICODE_STRING;
  1364.   end;
  1365.   {$EXTERNALSYM _SECURITY_LOGON_SESSION_DATA}
  1366.   SECURITY_LOGON_SESSION_DATA = _SECURITY_LOGON_SESSION_DATA;
  1367.   {$EXTERNALSYM SECURITY_LOGON_SESSION_DATA}
  1368.   PSECURITY_LOGON_SESSION_DATA = ^SECURITY_LOGON_SESSION_DATA;
  1369.   {$EXTERNALSYM PSECURITY_LOGON_SESSION_DATA}
  1370.   TSecurityLogonSessionData = SECURITY_LOGON_SESSION_DATA;
  1371.   PSecurityLogonSessionData = PSECURITY_LOGON_SESSION_DATA;
  1372. function LsaEnumerateLogonSessions(LogonSessionCount: PULONG; var LogonSessionList: PLUID): NTSTATUS; stdcall;
  1373. {$EXTERNALSYM LsaEnumerateLogonSessions}
  1374. function LsaGetLogonSessionData(LogonId: PLUID; var ppLogonSessionData: PSECURITY_LOGON_SESSION_DATA): NTSTATUS; stdcall;
  1375. {$EXTERNALSYM LsaGetLogonSessionData}
  1376. function LsaOpenPolicy(SystemName: PLSA_UNICODE_STRING;
  1377.   var ObjectAttributes: LSA_OBJECT_ATTRIBUTES; DesiredAccess: ACCESS_MASK;
  1378.   var PolicyHandle: LSA_HANDLE): NTSTATUS; stdcall;
  1379. {$EXTERNALSYM LsaOpenPolicy}
  1380. function LsaQueryInformationPolicy(PolicyHandle: LSA_HANDLE;
  1381.   InformationClass: POLICY_INFORMATION_CLASS; var Buffer: PVOID): NTSTATUS; stdcall;
  1382. {$EXTERNALSYM LsaQueryInformationPolicy}
  1383. function LsaSetInformationPolicy(PolicyHandle: LSA_HANDLE;
  1384.   InformationClass: POLICY_INFORMATION_CLASS; Buffer: PVOID): NTSTATUS; stdcall;
  1385. {$EXTERNALSYM LsaSetInformationPolicy}
  1386. function LsaQueryDomainInformationPolicy(PolicyHandle: LSA_HANDLE;
  1387.   InformationClass: POLICY_DOMAIN_INFORMATION_CLASS; Buffer: PPVOID): NTSTATUS; stdcall;
  1388. {$EXTERNALSYM LsaQueryDomainInformationPolicy}
  1389. function LsaSetDomainInformationPolicy(PolicyHandle: LSA_HANDLE;
  1390.   InformationClass: POLICY_DOMAIN_INFORMATION_CLASS; Buffer: PVOID): NTSTATUS; stdcall;
  1391. {$EXTERNALSYM LsaSetDomainInformationPolicy}
  1392. function LsaRegisterPolicyChangeNotification(InformationClass: POLICY_NOTIFICATION_INFORMATION_CLASS;
  1393.   NotificationEventHandle: HANDLE): NTSTATUS; stdcall;
  1394. {$EXTERNALSYM LsaRegisterPolicyChangeNotification}
  1395. function LsaUnregisterPolicyChangeNotification(InformationClass: POLICY_NOTIFICATION_INFORMATION_CLASS;
  1396.   NotificationEventHandle: HANDLE): NTSTATUS; stdcall;
  1397. {$EXTERNALSYM LsaUnregisterPolicyChangeNotification}
  1398. function LsaEnumerateTrustedDomains(PolicyHandle: LSA_HANDLE;
  1399.   var EnumerationContext: LSA_ENUMERATION_HANDLE; Buffer: PPVOID;
  1400.   PreferedMaximumLength: ULONG; var CountReturned: ULONG): NTSTATUS; stdcall;
  1401. {$EXTERNALSYM LsaEnumerateTrustedDomains}
  1402. function LsaLookupNames(PolicyHandle: LSA_HANDLE; Count: ULONG;
  1403.   Names: PLSA_UNICODE_STRING; var ReferencedDomains: PLSA_REFERENCED_DOMAIN_LIST;
  1404.   var Sids: PLSA_TRANSLATED_SID): NTSTATUS; stdcall;
  1405. {$EXTERNALSYM LsaLookupNames}
  1406. function LsaLookupNames2(PolicyHandle: LSA_HANDLE; Flags, Count: ULONG; Names: PLSA_UNICODE_STRING;
  1407.   var ReferencedDomains: PLSA_REFERENCED_DOMAIN_LIST; var Sids: PLSA_TRANSLATED_SID2): NTSTATUS; stdcall;
  1408. {$EXTERNALSYM LsaLookupNames2}
  1409. function LsaLookupSids(PolicyHandle: LSA_HANDLE; Count: ULONG; Sids: PPSID;
  1410.   var ReferencedDomains: PLSA_REFERENCED_DOMAIN_LIST;
  1411.   var Names: PLSA_TRANSLATED_NAME): NTSTATUS; stdcall;
  1412. {$EXTERNALSYM LsaLookupSids}
  1413. const
  1414.   SE_INTERACTIVE_LOGON_NAME      = 'SeInteractiveLogonRight';
  1415.   {$EXTERNALSYM SE_INTERACTIVE_LOGON_NAME}
  1416.   SE_NETWORK_LOGON_NAME          = 'SeNetworkLogonRight';
  1417.   {$EXTERNALSYM SE_NETWORK_LOGON_NAME}
  1418.   SE_BATCH_LOGON_NAME            = 'SeBatchLogonRight';
  1419.   {$EXTERNALSYM SE_BATCH_LOGON_NAME}
  1420.   SE_SERVICE_LOGON_NAME          = 'SeServiceLogonRight';
  1421.   {$EXTERNALSYM SE_SERVICE_LOGON_NAME}
  1422.   SE_DENY_INTERACTIVE_LOGON_NAME = 'SeDenyInteractiveLogonRight';
  1423.   {$EXTERNALSYM SE_DENY_INTERACTIVE_LOGON_NAME}
  1424.   SE_DENY_NETWORK_LOGON_NAME     = 'SeDenyNetworkLogonRight';
  1425.   {$EXTERNALSYM SE_DENY_NETWORK_LOGON_NAME}
  1426.   SE_DENY_BATCH_LOGON_NAME       = 'SeDenyBatchLogonRight';
  1427.   {$EXTERNALSYM SE_DENY_BATCH_LOGON_NAME}
  1428.   SE_DENY_SERVICE_LOGON_NAME     = 'SeDenyServiceLogonRight';
  1429.   {$EXTERNALSYM SE_DENY_SERVICE_LOGON_NAME}
  1430.   SE_REMOTE_INTERACTIVE_LOGON_NAME  = 'SeRemoteInteractiveLogonRight';
  1431.   {$EXTERNALSYM SE_REMOTE_INTERACTIVE_LOGON_NAME}
  1432.   SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME = 'SeDenyRemoteInteractiveLogonRight';
  1433.   {$EXTERNALSYM SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME}
  1434. //
  1435. // This new API returns all the accounts with a certain privilege
  1436. //
  1437. function LsaEnumerateAccountsWithUserRight(PolicyHandle: LSA_HANDLE;
  1438.   UserRights: PLSA_UNICODE_STRING; var EnumerationBuffer: PLSA_ENUMERATION_INFORMATION;
  1439.   var CountReturned: ULONG): NTSTATUS; stdcall;
  1440. {$EXTERNALSYM LsaEnumerateAccountsWithUserRight}
  1441. //
  1442. // These new APIs differ by taking a SID instead of requiring the caller
  1443. // to open the account first and passing in an account handle
  1444. //
  1445. function LsaEnumerateAccountRights(PolicyHandle: LSA_HANDLE; AccountSid: PSID;
  1446.   var UserRights: PLSA_UNICODE_STRING; var CountOfRights: ULONG): NTSTATUS; stdcall;
  1447. {$EXTERNALSYM LsaEnumerateAccountRights}
  1448. function LsaAddAccountRights(PolicyHandle: LSA_HANDLE; AccountSid: PSID;
  1449.   UserRights: PLSA_UNICODE_STRING; CountOfRights: ULONG): NTSTATUS; stdcall;
  1450. {$EXTERNALSYM LsaAddAccountRights}
  1451. function LsaRemoveAccountRights(PolicyHandle: LSA_HANDLE; AccountSid: PSID;
  1452.   AllRights: ByteBool; UserRights: PLSA_UNICODE_STRING; CountOfRights: ULONG): NTSTATUS; stdcall;
  1453. {$EXTERNALSYM LsaRemoveAccountRights}
  1454. ///////////////////////////////////////////////////////////////////////////////
  1455. //                                                                           //
  1456. // Local Security Policy - Trusted Domain Object API function prototypes     //
  1457. //                                                                           //
  1458. ///////////////////////////////////////////////////////////////////////////////
  1459. function LsaOpenTrustedDomainByName(PolicyHandle: LSA_HANDLE;
  1460.   const TrustedDomainName: LSA_UNICODE_STRING; DesiredAccess: ACCESS_MASK;
  1461.   var TrustedDomainHandle: LSA_HANDLE): NTSTATUS; stdcall;
  1462. {$EXTERNALSYM LsaOpenTrustedDomainByName}
  1463. function LsaQueryTrustedDomainInfo(PolicyHandle: LSA_HANDLE; TrustedDomainSid: PSID;
  1464.   InformationClass: TRUSTED_INFORMATION_CLASS; Buffer: PPVOID): NTSTATUS; stdcall;
  1465. {$EXTERNALSYM LsaQueryTrustedDomainInfo}
  1466. function LsaSetTrustedDomainInformation(PolicyHandle: LSA_HANDLE; TrustedDomainSid: PSID;
  1467.   InformationClass: TRUSTED_INFORMATION_CLASS; Buffer: PVOID): NTSTATUS; stdcall;
  1468. {$EXTERNALSYM LsaSetTrustedDomainInformation}
  1469. function LsaDeleteTrustedDomain(PolicyHandle: LSA_HANDLE; TrustedDomainSid: PSID): NTSTATUS; stdcall;
  1470. {$EXTERNALSYM LsaDeleteTrustedDomain}
  1471. function LsaQueryTrustedDomainInfoByName(PolicyHandle: LSA_HANDLE;
  1472.   const TrustedDomainName: LSA_UNICODE_STRING;
  1473.   InformationClass: TRUSTED_INFORMATION_CLASS; Buffer: PPVOID): NTSTATUS; stdcall;
  1474. {$EXTERNALSYM LsaQueryTrustedDomainInfoByName}
  1475. function LsaSetTrustedDomainInfoByName(PolicyHandle: LSA_HANDLE;
  1476.   const TrustedDomainName: LSA_UNICODE_STRING;
  1477.   InformationClass: TRUSTED_INFORMATION_CLASS; Buffer: PVOID): NTSTATUS; stdcall;
  1478. {$EXTERNALSYM LsaSetTrustedDomainInfoByName}
  1479. function LsaEnumerateTrustedDomainsEx(PolicyHandle: LSA_HANDLE;
  1480.   var EnumerationContext: LSA_ENUMERATION_HANDLE; Buffer: PPVOID;
  1481.   PreferedMaximumLength: ULONG; var CountReturned: ULONG): NTSTATUS; stdcall;
  1482. {$EXTERNALSYM LsaEnumerateTrustedDomainsEx}
  1483. function LsaCreateTrustedDomainEx(PolicyHandle: LSA_HANDLE;
  1484.   const TrustedDomainInformation: TRUSTED_DOMAIN_INFORMATION_EX;
  1485.   const AuthenticationInformation: TRUSTED_DOMAIN_AUTH_INFORMATION;
  1486.   DesiredAccess: ACCESS_MASK; var TrustedDomainHandle: LSA_HANDLE): NTSTATUS; stdcall;
  1487. {$EXTERNALSYM LsaCreateTrustedDomainEx}
  1488. function LsaQueryForestTrustInformation(PolicyHandle: LSA_HANDLE; TrustedDomainName: PLSA_UNICODE_STRING;
  1489.   var ForestTrustInfo: PLSA_FOREST_TRUST_INFORMATION): NTSTATUS; stdcall;
  1490. {$EXTERNALSYM LsaQueryForestTrustInformation}
  1491. function LsaSetForestTrustInformation(PolicyHandle: LSA_HANDLE; TrustedDomainName: PLSA_UNICODE_STRING;
  1492.   ForestTrustInfo: PLSA_FOREST_TRUST_INFORMATION; CheckOnly: BOOLEAN; var CollisionInfo: PLSA_FOREST_TRUST_COLLISION_INFORMATION): NTSTATUS; stdcall;
  1493. {$EXTERNALSYM LsaSetForestTrustInformation}
  1494. //{$DEFINE TESTING_MATCHING_ROUTINE}
  1495. {$IFDEF TESTING_MATCHING_ROUTINE}
  1496. function LsaForestTrustFindMatch(PolicyHandle: LSA_HANDLE; Type_: ULONG; Name: PLSA_UNICODE_STRING; var Match: PLSA_UNICODE_STRING): NTSTATUS; stdcall;
  1497. {$EXTERNALSYM LsaForestTrustFindMatch}
  1498. {$ENDIF}
  1499. //
  1500. // This API sets the workstation password (equivalent of setting/getting
  1501. // the SSI_SECRET_NAME secret)
  1502. //
  1503. function LsaStorePrivateData(PolicyHandle: LSA_HANDLE;
  1504.   const KeyName: LSA_UNICODE_STRING; PrivateData: PLSA_UNICODE_STRING): NTSTATUS; stdcall;
  1505. {$EXTERNALSYM LsaStorePrivateData}
  1506. function LsaRetrievePrivateData(PolicyHandle: LSA_HANDLE;
  1507.   const KeyName: LSA_UNICODE_STRING; var PrivateData: PLSA_UNICODE_STRING): NTSTATUS; stdcall;
  1508. {$EXTERNALSYM LsaRetrievePrivateData}
  1509. function LsaNtStatusToWinError(Status: NTSTATUS): ULONG; stdcall;
  1510. {$EXTERNALSYM LsaNtStatusToWinError}
  1511. (*#if 0
  1512. NTSTATUS
  1513. NTAPI
  1514. LsaLookupNamesEx(
  1515.     IN LSA_HANDLE PolicyHandle,
  1516.     IN ULONG Count,
  1517.     IN PLSA_NAME_LOOKUP_EX Names,
  1518.     OUT PLSA_TRANSLATED_SID_EX *TranslatedSids,
  1519.     IN ULONG LookupOptions,
  1520.     IN OUT PULONG MappedCount
  1521.     );
  1522. NTSTATUS
  1523. NTAPI
  1524. LsaLookupSidsEx(
  1525.     IN LSA_HANDLE PolicyHandle,
  1526.     IN ULONG Count,
  1527.     IN PLSA_SID_LOOKUP_EX Sids,
  1528.     OUT PLSA_TRANSLATED_NAME_EX *TranslatedNames,
  1529.     IN ULONG LookupOptions,
  1530.     IN OUT PULONG MappedCount
  1531.     );
  1532. #endif*)
  1533. //
  1534. // SPNEGO package stuff
  1535. //
  1536. type
  1537.   NEGOTIATE_MESSAGES = (NegEnumPackagePrefixes, NegGetCallerName, NegCallPackageMax);
  1538.   {$EXTERNALSYM NEGOTIATE_MESSAGES}
  1539. const
  1540.   NEGOTIATE_MAX_PREFIX = 32;
  1541.   {$EXTERNALSYM NEGOTIATE_MAX_PREFIX}
  1542. type
  1543.   PNEGOTIATE_PACKAGE_PREFIX = ^NEGOTIATE_PACKAGE_PREFIX;
  1544.   {$EXTERNALSYM PNEGOTIATE_PACKAGE_PREFIX}
  1545.   _NEGOTIATE_PACKAGE_PREFIX = record
  1546.     PackageId: ULONG_PTR;
  1547.     PackageDataA: PVOID;
  1548.     PackageDataW: PVOID;
  1549.     PrefixLen: ULONG_PTR;
  1550.     Prefix: array [0..NEGOTIATE_MAX_PREFIX - 1] of UCHAR;
  1551.   end;
  1552.   {$EXTERNALSYM _NEGOTIATE_PACKAGE_PREFIX}
  1553.   NEGOTIATE_PACKAGE_PREFIX = _NEGOTIATE_PACKAGE_PREFIX;
  1554.   {$EXTERNALSYM NEGOTIATE_PACKAGE_PREFIX}
  1555.   TNegotiatePackagePrefix = NEGOTIATE_PACKAGE_PREFIX;
  1556.   PNegotiatePackagePrefix = PNEGOTIATE_PACKAGE_PREFIX;
  1557.   PNEGOTIATE_PACKAGE_PREFIXES = ^NEGOTIATE_PACKAGE_PREFIXES;
  1558.   {$EXTERNALSYM PNEGOTIATE_PACKAGE_PREFIXES}
  1559.   _NEGOTIATE_PACKAGE_PREFIXES = record
  1560.     MessageType: ULONG;
  1561.     PrefixCount: ULONG;
  1562.     Offset: ULONG; // Offset to array of _PREFIX above
  1563.     Pad: ULONG;    // Align structure for 64-bit    
  1564.   end;
  1565.   {$EXTERNALSYM _NEGOTIATE_PACKAGE_PREFIXES}
  1566.   NEGOTIATE_PACKAGE_PREFIXES = _NEGOTIATE_PACKAGE_PREFIXES;
  1567.   {$EXTERNALSYM NEGOTIATE_PACKAGE_PREFIXES}
  1568.   TNegotiatePackagePrefixes = NEGOTIATE_PACKAGE_PREFIXES;
  1569.   PNegotiatePackagePrefixes = PNEGOTIATE_PACKAGE_PREFIXES;
  1570.   PNEGOTIATE_CALLER_NAME_REQUEST = ^NEGOTIATE_CALLER_NAME_REQUEST;
  1571.   {$EXTERNALSYM PNEGOTIATE_CALLER_NAME_REQUEST}
  1572.   _NEGOTIATE_CALLER_NAME_REQUEST = record
  1573.     MessageType: ULONG;
  1574.     LogonId: LUID;
  1575.   end;
  1576.   {$EXTERNALSYM _NEGOTIATE_CALLER_NAME_REQUEST}
  1577.   NEGOTIATE_CALLER_NAME_REQUEST = _NEGOTIATE_CALLER_NAME_REQUEST;
  1578.   {$EXTERNALSYM NEGOTIATE_CALLER_NAME_REQUEST}
  1579.   TNegotiateCallerNameRequest = NEGOTIATE_CALLER_NAME_REQUEST;
  1580.   PNegotiateCallerNameRequest = PNEGOTIATE_CALLER_NAME_REQUEST;
  1581.   PNEGOTIATE_CALLER_NAME_RESPONSE = ^NEGOTIATE_CALLER_NAME_RESPONSE;
  1582.   {$EXTERNALSYM PNEGOTIATE_CALLER_NAME_RESPONSE}
  1583.   _NEGOTIATE_CALLER_NAME_RESPONSE = record
  1584.     MessageType: ULONG;
  1585.     CallerName: PWSTR;
  1586.   end;
  1587.   {$EXTERNALSYM _NEGOTIATE_CALLER_NAME_RESPONSE}
  1588.   NEGOTIATE_CALLER_NAME_RESPONSE = _NEGOTIATE_CALLER_NAME_RESPONSE;
  1589.   {$EXTERNALSYM NEGOTIATE_CALLER_NAME_RESPONSE}
  1590.   TNegotiateCallerNameResponse = NEGOTIATE_CALLER_NAME_RESPONSE;
  1591.   PNegotiateCallerNameResponse = PNEGOTIATE_CALLER_NAME_RESPONSE;
  1592. const
  1593.   NEGOTIATE_ALLOW_NTLM = $10000000;
  1594.   {$EXTERNALSYM NEGOTIATE_ALLOW_NTLM}
  1595.   NEGOTIATE_NEG_NTLM   = $20000000;
  1596.   {$EXTERNALSYM NEGOTIATE_NEG_NTLM}
  1597. type
  1598.   PDOMAIN_PASSWORD_INFORMATION = ^DOMAIN_PASSWORD_INFORMATION;
  1599.   {$EXTERNALSYM PDOMAIN_PASSWORD_INFORMATION}
  1600.   _DOMAIN_PASSWORD_INFORMATION = record
  1601.     MinPasswordLength: USHORT;
  1602.     PasswordHistoryLength: USHORT;
  1603.     PasswordProperties: ULONG;
  1604.     MaxPasswordAge: LARGE_INTEGER;
  1605.     MinPasswordAge: LARGE_INTEGER;
  1606.   end;
  1607.   {$EXTERNALSYM _DOMAIN_PASSWORD_INFORMATION}
  1608.   DOMAIN_PASSWORD_INFORMATION = _DOMAIN_PASSWORD_INFORMATION;
  1609.   {$EXTERNALSYM DOMAIN_PASSWORD_INFORMATION}
  1610.   TDomainPasswordInformation = DOMAIN_PASSWORD_INFORMATION;
  1611.   PDomainPasswordInformation = PDOMAIN_PASSWORD_INFORMATION;
  1612. //
  1613. // PasswordProperties flags
  1614. //
  1615. const
  1616.   DOMAIN_PASSWORD_COMPLEX         = $00000001;
  1617.   {$EXTERNALSYM DOMAIN_PASSWORD_COMPLEX}
  1618.   DOMAIN_PASSWORD_NO_ANON_CHANGE  = $00000002;
  1619.   {$EXTERNALSYM DOMAIN_PASSWORD_NO_ANON_CHANGE}
  1620.   DOMAIN_PASSWORD_NO_CLEAR_CHANGE = $00000004;
  1621.   {$EXTERNALSYM DOMAIN_PASSWORD_NO_CLEAR_CHANGE}
  1622.   DOMAIN_LOCKOUT_ADMINS           = $00000008;
  1623.   {$EXTERNALSYM DOMAIN_LOCKOUT_ADMINS}
  1624.   DOMAIN_PASSWORD_STORE_CLEARTEXT = $00000010;
  1625.   {$EXTERNALSYM DOMAIN_PASSWORD_STORE_CLEARTEXT}
  1626.   DOMAIN_REFUSE_PASSWORD_CHANGE   = $00000020;
  1627.   {$EXTERNALSYM DOMAIN_REFUSE_PASSWORD_CHANGE}
  1628. type
  1629.   PSAM_PASSWORD_NOTIFICATION_ROUTINE = function (UserName: PUNICODE_STRING;
  1630.     RelativeId: ULONG; NewPassword: PUNICODE_STRING): NTSTATUS; stdcall;
  1631.   {$EXTERNALSYM PSAM_PASSWORD_NOTIFICATION_ROUTINE}
  1632.   TSamPasswordNotificationRoutine = PSAM_PASSWORD_NOTIFICATION_ROUTINE;
  1633. const
  1634.   SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE = 'PasswordChangeNotify';
  1635.   {$EXTERNALSYM SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE}
  1636. type
  1637.   PSAM_INIT_NOTIFICATION_ROUTINE = function : ByteBool; stdcall;
  1638.   {$EXTERNALSYM PSAM_INIT_NOTIFICATION_ROUTINE}
  1639.   TSamInitNotificationRoutine = PSAM_INIT_NOTIFICATION_ROUTINE;
  1640. const
  1641.   SAM_INIT_NOTIFICATION_ROUTINE = 'InitializeChangeNotify';
  1642.   {$EXTERNALSYM SAM_INIT_NOTIFICATION_ROUTINE}
  1643.   SAM_PASSWORD_FILTER_ROUTINE = 'PasswordFilter';
  1644.   {$EXTERNALSYM SAM_PASSWORD_FILTER_ROUTINE}
  1645. type
  1646.   PSAM_PASSWORD_FILTER_ROUTINE = function (AccountName, FullName,
  1647.     Password: PUNICODE_STRING; SetOperation: ByteBool): ByteBool; stdcall;
  1648.   {$EXTERNALSYM PSAM_PASSWORD_FILTER_ROUTINE}
  1649.   TSamPasswordFilterRoutine = PSAM_PASSWORD_FILTER_ROUTINE;
  1650. /////////////////////////////////////////////////////////////////////////
  1651. //                                                                     //
  1652. // Name of the MSV1_0 authentication package                           //
  1653. //                                                                     //
  1654. /////////////////////////////////////////////////////////////////////////
  1655. const
  1656.   MSV1_0_PACKAGE_NAME         = 'MICROSOFT_AUTHENTICATION_PACKAGE_V1_0';
  1657.   {$EXTERNALSYM MSV1_0_PACKAGE_NAME}
  1658.   MSV1_0_PACKAGE_NAMEW        = WideString('MICROSOFT_AUTHENTICATION_PACKAGE_V1_0');
  1659.   {$EXTERNALSYM MSV1_0_PACKAGE_NAMEW}
  1660.   MSV1_0_PACKAGE_NAMEW_LENGTH = SizeOf(MSV1_0_PACKAGE_NAMEW) - SizeOf(WCHAR);
  1661.   {$EXTERNALSYM MSV1_0_PACKAGE_NAMEW_LENGTH}
  1662. //
  1663. // Location of MSV authentication package data
  1664. //
  1665.   MSV1_0_SUBAUTHENTICATION_KEY   = 'SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0';
  1666.   {$EXTERNALSYM MSV1_0_SUBAUTHENTICATION_KEY}
  1667.   MSV1_0_SUBAUTHENTICATION_VALUE = 'Auth';
  1668.   {$EXTERNALSYM MSV1_0_SUBAUTHENTICATION_VALUE}
  1669. /////////////////////////////////////////////////////////////////////////
  1670. //                                                                     //
  1671. // Widely used MSV1_0 data types                                       //
  1672. //                                                                     //
  1673. /////////////////////////////////////////////////////////////////////////
  1674. ///////////////////////////////////////////////////////////////////////////////
  1675. //                                                                           //
  1676. //       LOGON      Related Data Structures
  1677. //
  1678. //                                                                           //
  1679. ///////////////////////////////////////////////////////////////////////////////
  1680. //
  1681. // When a LsaLogonUser() call is dispatched to the MsV1_0 authentication
  1682. // package, the beginning of the AuthenticationInformation buffer is
  1683. // cast to a MSV1_0_LOGON_SUBMIT_TYPE to determine the type of logon
  1684. // being requested.  Similarly, upon return, the type of profile buffer
  1685. // can be determined by typecasting it to a MSV_1_0_PROFILE_BUFFER_TYPE.
  1686. //
  1687. //
  1688. //  MSV1.0 LsaLogonUser() submission message types.
  1689. //
  1690. type
  1691.   _MSV1_0_LOGON_SUBMIT_TYPE = (
  1692.     mlstFiller0, mlstFiller1,
  1693.     MsV1_0InteractiveLogon,
  1694.     MsV1_0Lm20Logon,
  1695.     MsV1_0NetworkLogon,
  1696.     MsV1_0SubAuthLogon,
  1697.     mlstFiller6,
  1698.     MsV1_0WorkstationUnlockLogon);
  1699.   {$EXTERNALSYM _MSV1_0_LOGON_SUBMIT_TYPE}
  1700.   MSV1_0_LOGON_SUBMIT_TYPE = _MSV1_0_LOGON_SUBMIT_TYPE;
  1701.   {$EXTERNALSYM MSV1_0_LOGON_SUBMIT_TYPE}
  1702.   PMSV1_0_LOGON_SUBMIT_TYPE = ^MSV1_0_LOGON_SUBMIT_TYPE;
  1703.   {$EXTERNALSYM PMSV1_0_LOGON_SUBMIT_TYPE}
  1704.   TMsv1_0LogonSubmitType = MSV1_0_LOGON_SUBMIT_TYPE;
  1705.   PMsv1_0LogonSubmitType = PMSV1_0_LOGON_SUBMIT_TYPE;
  1706. //
  1707. //  MSV1.0 LsaLogonUser() profile buffer types.
  1708. //
  1709.   _MSV1_0_PROFILE_BUFFER_TYPE = (
  1710.     mpbtFiller0, mpbtFiller1,
  1711.     MsV1_0InteractiveProfile,
  1712.     MsV1_0Lm20LogonProfile,
  1713.     MsV1_0SmartCardProfile);
  1714.   {$EXTERNALSYM _MSV1_0_PROFILE_BUFFER_TYPE}
  1715.   MSV1_0_PROFILE_BUFFER_TYPE = _MSV1_0_PROFILE_BUFFER_TYPE;
  1716.   {$EXTERNALSYM MSV1_0_PROFILE_BUFFER_TYPE}
  1717.   PMSV1_0_PROFILE_BUFFER_TYPE = ^MSV1_0_PROFILE_BUFFER_TYPE;
  1718.   {$EXTERNALSYM PMSV1_0_PROFILE_BUFFER_TYPE}
  1719.   TMsv1_0ProfileBufferType = MSV1_0_PROFILE_BUFFER_TYPE;
  1720.   PMsv1_0ProfileBufferType = PMSV1_0_PROFILE_BUFFER_TYPE;  
  1721. //
  1722. // MsV1_0InteractiveLogon
  1723. //
  1724. // The AuthenticationInformation buffer of an LsaLogonUser() call to
  1725. // perform an interactive logon contains the following data structure:
  1726. //
  1727.   PMSV1_0_INTERACTIVE_LOGON = ^MSV1_0_INTERACTIVE_LOGON;
  1728.   {$EXTERNALSYM PMSV1_0_INTERACTIVE_LOGON}
  1729.   _MSV1_0_INTERACTIVE_LOGON = record
  1730.     MessageType: MSV1_0_LOGON_SUBMIT_TYPE;
  1731.     LogonDomainName: UNICODE_STRING;
  1732.     UserName: UNICODE_STRING;
  1733.     Password: UNICODE_STRING;
  1734.   end;
  1735.   {$EXTERNALSYM _MSV1_0_INTERACTIVE_LOGON}
  1736.   MSV1_0_INTERACTIVE_LOGON = _MSV1_0_INTERACTIVE_LOGON;
  1737.   {$EXTERNALSYM MSV1_0_INTERACTIVE_LOGON}
  1738.   TMsv10InteractiveLogon = MSV1_0_INTERACTIVE_LOGON;
  1739.   PMsv10InteractiveLogon = PMSV1_0_INTERACTIVE_LOGON;
  1740. //
  1741. // Where:
  1742. //
  1743. //     MessageType - Contains the type of logon being requested.  This
  1744. //         field must be set to MsV1_0InteractiveLogon.
  1745. //
  1746. //     UserName - Is a string representing the user's account name.  The
  1747. //         name may be up to 255 characters long.  The name is treated case
  1748. //         insensitive.
  1749. //
  1750. //     Password - Is a string containing the user's cleartext password.
  1751. //         The password may be up to 255 characters long and contain any
  1752. //         UNICODE value.
  1753. //
  1754. //
  1755. //
  1756. // The ProfileBuffer returned upon a successful logon of this type
  1757. // contains the following data structure:
  1758. //
  1759.   PMSV1_0_INTERACTIVE_PROFILE = ^MSV1_0_INTERACTIVE_PROFILE;
  1760.   {$EXTERNALSYM PMSV1_0_INTERACTIVE_PROFILE}
  1761.   _MSV1_0_INTERACTIVE_PROFILE = record
  1762.     MessageType: MSV1_0_PROFILE_BUFFER_TYPE;
  1763.     LogonCount: USHORT;
  1764.     BadPasswordCount: USHORT;
  1765.     LogonTime: LARGE_INTEGER;
  1766.     LogoffTime: LARGE_INTEGER;
  1767.     KickOffTime: LARGE_INTEGER;
  1768.     PasswordLastSet: LARGE_INTEGER;
  1769.     PasswordCanChange: LARGE_INTEGER;
  1770.     PasswordMustChange: LARGE_INTEGER;
  1771.     LogonScript: UNICODE_STRING;
  1772.     HomeDirectory: UNICODE_STRING;
  1773.     FullName: UNICODE_STRING;
  1774.     ProfilePath: UNICODE_STRING;
  1775.     HomeDirectoryDrive: UNICODE_STRING;
  1776.     LogonServer: UNICODE_STRING;
  1777.     UserFlags: ULONG;
  1778.   end;
  1779.   {$EXTERNALSYM _MSV1_0_INTERACTIVE_PROFILE}
  1780.   MSV1_0_INTERACTIVE_PROFILE = _MSV1_0_INTERACTIVE_PROFILE;
  1781.   {$EXTERNALSYM MSV1_0_INTERACTIVE_PROFILE}
  1782.   TMsv10InteractiveProfile = MSV1_0_INTERACTIVE_PROFILE;
  1783.   PMsv10InteractiveProfile = PMSV1_0_INTERACTIVE_PROFILE;
  1784. //
  1785. // where:
  1786. //
  1787. //     MessageType - Identifies the type of profile data being returned.
  1788. //         Contains the type of logon being requested.  This field must
  1789. //         be set to MsV1_0InteractiveProfile.
  1790. //
  1791. //     LogonCount - Number of times the user is currently logged on.
  1792. //
  1793. //     BadPasswordCount - Number of times a bad password was applied to
  1794. //         the account since last successful logon.
  1795. //
  1796. //     LogonTime - Time when user last logged on.  This is an absolute
  1797. //         format NT standard time value.
  1798. //
  1799. //     LogoffTime - Time when user should log off.  This is an absolute
  1800. //         format NT standard time value.
  1801. //
  1802. //     KickOffTime - Time when system should force user logoff.  This is
  1803. //         an absolute format NT standard time value.
  1804. //
  1805. //     PasswordLastChanged - Time and date the password was last
  1806. //         changed.  This is an absolute format NT standard time
  1807. //         value.
  1808. //
  1809. //     PasswordCanChange - Time and date when the user can change the
  1810. //         password.  This is an absolute format NT time value.  To
  1811. //         prevent a password from ever changing, set this field to a
  1812. //         date very far into the future.
  1813. //
  1814. //     PasswordMustChange - Time and date when the user must change the
  1815. //         password.  If the user can never change the password, this
  1816. //         field is undefined.  This is an absolute format NT time
  1817. //         value.
  1818. //
  1819. //     LogonScript - The (relative) path to the account's logon
  1820. //         script.
  1821. //
  1822. //     HomeDirectory - The home directory for the user.
  1823. //
  1824. //
  1825. // MsV1_0Lm20Logon and MsV1_0NetworkLogon
  1826. //
  1827. // The AuthenticationInformation buffer of an LsaLogonUser() call to
  1828. // perform an network logon contains the following data structure:
  1829. //
  1830. // MsV1_0NetworkLogon logon differs from MsV1_0Lm20Logon in that the
  1831. // ParameterControl field exists.
  1832. //
  1833. const
  1834.   MSV1_0_CHALLENGE_LENGTH          = 8;
  1835.   {$EXTERNALSYM MSV1_0_CHALLENGE_LENGTH}
  1836.   MSV1_0_USER_SESSION_KEY_LENGTH   = 16;
  1837.   {$EXTERNALSYM MSV1_0_USER_SESSION_KEY_LENGTH}
  1838.   MSV1_0_LANMAN_SESSION_KEY_LENGTH = 8;
  1839.   {$EXTERNALSYM MSV1_0_LANMAN_SESSION_KEY_LENGTH}
  1840. //
  1841. // Values for ParameterControl.
  1842. //
  1843.   MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = $02;
  1844.   {$EXTERNALSYM MSV1_0_CLEARTEXT_PASSWORD_ALLOWED}
  1845.   MSV1_0_UPDATE_LOGON_STATISTICS    = $04;
  1846.   {$EXTERNALSYM MSV1_0_UPDATE_LOGON_STATISTICS}
  1847.   MSV1_0_RETURN_USER_PARAMETERS     = $08;
  1848.   {$EXTERNALSYM MSV1_0_RETURN_USER_PARAMETERS}