JwaNtSecApi.pas
资源名称:win32api.zip [点击查看]
上传用户:davidchvip
上传日期:2009-07-28
资源大小:1749k
文件大小:146k
源码类别:
Windows编程
开发平台:
Delphi
- {******************************************************************************}
- { }
- { LSA API interface Unit for Object Pascal }
- { }
- { Portions created by Microsoft are Copyright (C) 1995-2001 Microsoft }
- { Corporation. All Rights Reserved. }
- { }
- { The original file is: ntsecapi.h, released June 2000. The original Pascal }
- { code is: NtSecApi.pas, released December 2000. The initial developer of the }
- { Pascal code is Marcel van Brakel (brakelm@chello.nl). }
- { }
- { Portions created by Marcel van Brakel are Copyright (C) 1999-2001 }
- { Marcel van Brakel. All Rights Reserved. }
- { }
- { Obtained through: Joint Endeavour of Delphi Innovators (Project JEDI) }
- { }
- { You may retrieve the latest version of this file at the Project JEDI home }
- { page, located at http://delphi-jedi.org or my personal homepage located at }
- { http://members.chello.nl/m.vanbrakel2 }
- { }
- { The contents of this file are used with permission, subject to the Mozilla }
- { Public License Version 1.1 (the "License"); you may not use this file except }
- { in compliance with the License. You may obtain a copy of the License at }
- { http://www.mozilla.org/MPL/MPL-1.1.html }
- { }
- { Software distributed under the License is distributed on an "AS IS" basis, }
- { WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for }
- { the specific language governing rights and limitations under the License. }
- { }
- { Alternatively, the contents of this file may be used under the terms of the }
- { GNU Lesser General Public License (the "LGPL License"), in which case the }
- { provisions of the LGPL License are applicable instead of those above. }
- { If you wish to allow use of your version of this file only under the terms }
- { of the LGPL License and not to allow others to use your version of this file }
- { under the MPL, indicate your decision by deleting the provisions above and }
- { replace them with the notice and other provisions required by the LGPL }
- { License. If you do not delete the provisions above, a recipient may use }
- { your version of this file under either the MPL or the LGPL License. }
- { }
- { For more information about the LGPL: http://www.gnu.org/copyleft/lesser.html }
- { }
- {******************************************************************************}
- unit JwaNtSecApi;
- {$WEAKPACKAGEUNIT}
- {$HPPEMIT ''}
- {$HPPEMIT '#include "ntsecapi.h"'}
- {$HPPEMIT ''}
- {$I WINDEFINES.INC}
- interface
- uses
- JwaWinType, JwaNtStatus, JwaWinNT;
- //
- // Security operation mode of the system is held in a control
- // longword.
- //
- type
- LSA_OPERATIONAL_MODE = ULONG;
- {$EXTERNALSYM LSA_OPERATIONAL_MODE}
- PLSA_OPERATIONAL_MODE = ^LSA_OPERATIONAL_MODE;
- {$EXTERNALSYM PLSA_OPERATIONAL_MODE}
- //
- // The flags in the security operational mode are defined
- // as:
- //
- // PasswordProtected - Some level of authentication (such as
- // a password) must be provided by users before they are
- // allowed to use the system. Once set, this value will
- // not be cleared without re-booting the system.
- //
- // IndividualAccounts - Each user must identify an account to
- // logon to. This flag is only meaningful if the
- // PasswordProtected flag is also set. If this flag is
- // not set and the PasswordProtected flag is set, then all
- // users may logon to the same account. Once set, this value
- // will not be cleared without re-booting the system.
- //
- // MandatoryAccess - Indicates the system is running in a mandatory
- // access control mode (e.g., B-level as defined by the U.S.A's
- // Department of Defense's "Orange Book"). This is not utilized
- // in the current release of NT. This flag is only meaningful
- // if both the PasswordProtected and IndividualAccounts flags are
- // set. Once set, this value will not be cleared without
- // re-booting the system.
- //
- // LogFull - Indicates the system has been brought up in a mode in
- // which if must perform security auditing, but its audit log
- // is full. This may (should) restrict the operations that
- // can occur until the audit log is made not-full again. THIS
- // VALUE MAY BE CLEARED WHILE THE SYSTEM IS RUNNING (I.E., WITHOUT
- // REBOOTING).
- //
- // If the PasswordProtected flag is not set, then the system is running
- // without security, and user interface should be adjusted appropriately.
- //
- const
- LSA_MODE_PASSWORD_PROTECTED = ($00000001);
- {$EXTERNALSYM LSA_MODE_PASSWORD_PROTECTED}
- LSA_MODE_INDIVIDUAL_ACCOUNTS = ($00000002);
- {$EXTERNALSYM LSA_MODE_INDIVIDUAL_ACCOUNTS}
- LSA_MODE_MANDATORY_ACCESS = ($00000004);
- {$EXTERNALSYM LSA_MODE_MANDATORY_ACCESS}
- LSA_MODE_LOG_FULL = ($00000008);
- {$EXTERNALSYM LSA_MODE_LOG_FULL}
- //
- // Used by a logon process to indicate what type of logon is being
- // requested.
- //
- type
- _SECURITY_LOGON_TYPE = (
- seltFiller0, seltFiller1,
- Interactive, // Interactively logged on (locally or remotely)
- Network, // Accessing system via network
- Batch, // Started via a batch queue
- Service, // Service started by service controller
- Proxy, // Proxy logon
- Unlock, // Unlock workstation
- NetworkCleartext, // Network logon with cleartext credentials
- NewCredentials, // Clone caller, new default credentials
- RemoteInteractive, // Remote, yet interactive. Terminal server
- CachedInteractive, // Try cached credentials without hitting the net.
- CachedRemoteInteractive); // Same as RemoteInteractive, this is used internally for auditing purpose
- {$EXTERNALSYM _SECURITY_LOGON_TYPE}
- SECURITY_LOGON_TYPE = _SECURITY_LOGON_TYPE;
- {$EXTERNALSYM SECURITY_LOGON_TYPE}
- PSECURITY_LOGON_TYPE = ^SECURITY_LOGON_TYPE;
- {$EXTERNALSYM PSECURITY_LOGON_TYPE}
- TSecurityLogonType = SECURITY_LOGON_TYPE;
- PSecurityLogonType = PSECURITY_LOGON_TYPE;
- //
- // Audit Event Categories
- //
- // The following are the built-in types or Categories of audit event.
- // WARNING! This structure is subject to expansion. The user should not
- // compute the number of elements of this type directly, but instead
- // should obtain the count of elements by calling LsaQueryInformationPolicy()
- // for the PolicyAuditEventsInformation class and extracting the count from
- // the MaximumAuditEventCount field of the returned structure.
- //
- _POLICY_AUDIT_EVENT_TYPE = (
- AuditCategorySystem,
- AuditCategoryLogon,
- AuditCategoryObjectAccess,
- AuditCategoryPrivilegeUse,
- AuditCategoryDetailedTracking,
- AuditCategoryPolicyChange,
- AuditCategoryAccountManagement,
- AuditCategoryDirectoryServiceAccess,
- AuditCategoryAccountLogon);
- {$EXTERNALSYM _POLICY_AUDIT_EVENT_TYPE}
- POLICY_AUDIT_EVENT_TYPE = _POLICY_AUDIT_EVENT_TYPE;
- {$EXTERNALSYM POLICY_AUDIT_EVENT_TYPE}
- PPOLICY_AUDIT_EVENT_TYPE = ^POLICY_AUDIT_EVENT_TYPE;
- {$EXTERNALSYM PPOLICY_AUDIT_EVENT_TYPE}
- TPolicyAuditEventType = POLICY_AUDIT_EVENT_TYPE;
- PPolicyAuditEventType = PPOLICY_AUDIT_EVENT_TYPE;
- //
- // The following defines describe the auditing options for each
- // event type
- //
- const
- // Leave options specified for this event unchanged
- POLICY_AUDIT_EVENT_UNCHANGED = ($00000000);
- {$EXTERNALSYM POLICY_AUDIT_EVENT_UNCHANGED}
- // Audit successful occurrences of events of this type
- POLICY_AUDIT_EVENT_SUCCESS = ($00000001);
- {$EXTERNALSYM POLICY_AUDIT_EVENT_SUCCESS}
- // Audit failed attempts to cause an event of this type to occur
- POLICY_AUDIT_EVENT_FAILURE = ($00000002);
- {$EXTERNALSYM POLICY_AUDIT_EVENT_FAILURE}
- POLICY_AUDIT_EVENT_NONE = ($00000004);
- {$EXTERNALSYM POLICY_AUDIT_EVENT_NONE}
- // Mask of valid event auditing options
- POLICY_AUDIT_EVENT_MASK = (POLICY_AUDIT_EVENT_SUCCESS or POLICY_AUDIT_EVENT_FAILURE or
- POLICY_AUDIT_EVENT_UNCHANGED or POLICY_AUDIT_EVENT_NONE);
- {$EXTERNALSYM POLICY_AUDIT_EVENT_MASK}
- TPolicyAuditEventMask = POLICY_AUDIT_EVENT_MASK;
- type
- PLSA_UNICODE_STRING = ^LSA_UNICODE_STRING;
- {$EXTERNALSYM PLSA_UNICODE_STRING}
- _LSA_UNICODE_STRING = record
- Length: USHORT;
- MaximumLength: USHORT;
- Buffer: PWSTR;
- end;
- {$EXTERNALSYM _LSA_UNICODE_STRING}
- LSA_UNICODE_STRING = _LSA_UNICODE_STRING;
- {$EXTERNALSYM LSA_UNICODE_STRING}
- TLsaUnicodeString = LSA_UNICODE_STRING;
- PLsaUnicodeString = PLSA_UNICODE_STRING;
- PLSA_STRING = ^LSA_STRING;
- {$EXTERNALSYM PLSA_STRING}
- _LSA_STRING = record
- Length: USHORT;
- MaximumLength: USHORT;
- Buffer: PCHAR;
- end;
- {$EXTERNALSYM _LSA_STRING}
- LSA_STRING = _LSA_STRING;
- {$EXTERNALSYM LSA_STRING}
- TLsaString = LSA_STRING;
- PLsaString = PLSA_STRING;
- PLSA_OBJECT_ATTRIBUTES = ^LSA_OBJECT_ATTRIBUTES;
- {$EXTERNALSYM PLSA_OBJECT_ATTRIBUTES}
- _LSA_OBJECT_ATTRIBUTES = record
- Length: ULONG;
- RootDirectory: HANDLE;
- ObjectName: PLSA_UNICODE_STRING;
- Attributes: ULONG;
- SecurityDescriptor: PVOID; // Points to type SECURITY_DESCRIPTOR
- SecurityQualityOfService: PVOID; // Points to type SECURITY_QUALITY_OF_SERVICE
- end;
- {$EXTERNALSYM _LSA_OBJECT_ATTRIBUTES}
- LSA_OBJECT_ATTRIBUTES = _LSA_OBJECT_ATTRIBUTES;
- {$EXTERNALSYM LSA_OBJECT_ATTRIBUTES}
- TLsaObjectAttributes = LSA_OBJECT_ATTRIBUTES;
- PLsaObjectAttributes = PLSA_OBJECT_ATTRIBUTES;
- //
- // Macro for determining whether an API succeeded.
- //
- function LSA_SUCCESS(Error: NTSTATUS): BOOL;
- {$EXTERNALSYM LSA_SUCCESS}
- function LsaRegisterLogonProcess(const LogonProcessName: LSA_STRING;
- var LsaHandle: HANDLE; SecurityMode: PLSA_OPERATIONAL_MODE): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaRegisterLogonProcess}
- function LsaLogonUser(LsaHandle: HANDLE; const OriginName: LSA_STRING;
- LogonType: SECURITY_LOGON_TYPE; AuthenticationPackage: ULONG;
- AuthenticationInformation: PVOID; AuthenticationInformationLength: ULONG;
- LocalGroups: PTOKEN_GROUPS; SourceContext: PTOKEN_SOURCE;
- var ProfileBuffer: PVOID; var ProfileBufferLength: ULONG; var LogonId: LUID;
- var Token: HANDLE; var Quotas: QUOTA_LIMITS; var SubStatus: NTSTATUS): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaLogonUser}
- function LsaLookupAuthenticationPackage(LsaHandle: HANDLE;
- const PackageName: LSA_STRING; var AuthenticationPackage: ULONG): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaLookupAuthenticationPackage}
- function LsaFreeReturnBuffer(Buffer: PVOID): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaFreeReturnBuffer}
- function LsaCallAuthenticationPackage(LsaHandle: HANDLE;
- AuthenticationPackage: ULONG; ProtocolSubmitBuffer: PVOID;
- SubmitBufferLength: ULONG; var ProtocolReturnBuffer: PVOID;
- var ReturnBufferLength: ULONG; var ProtocolStatus: NTSTATUS): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaCallAuthenticationPackage}
- function LsaDeregisterLogonProcess(LsaHandle: HANDLE): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaDeregisterLogonProcess}
- function LsaConnectUntrusted(var LsaHandle: HANDLE): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaConnectUntrusted}
- ////////////////////////////////////////////////////////////////////////////
- // //
- // Local Security Policy Administration API datatypes and defines //
- // //
- ////////////////////////////////////////////////////////////////////////////
- //
- // Access types for the Policy object
- //
- const
- POLICY_VIEW_LOCAL_INFORMATION = $00000001;
- {$EXTERNALSYM POLICY_VIEW_LOCAL_INFORMATION}
- POLICY_VIEW_AUDIT_INFORMATION = $00000002;
- {$EXTERNALSYM POLICY_VIEW_AUDIT_INFORMATION}
- POLICY_GET_PRIVATE_INFORMATION = $00000004;
- {$EXTERNALSYM POLICY_GET_PRIVATE_INFORMATION}
- POLICY_TRUST_ADMIN = $00000008;
- {$EXTERNALSYM POLICY_TRUST_ADMIN}
- POLICY_CREATE_ACCOUNT = $00000010;
- {$EXTERNALSYM POLICY_CREATE_ACCOUNT}
- POLICY_CREATE_SECRET = $00000020;
- {$EXTERNALSYM POLICY_CREATE_SECRET}
- POLICY_CREATE_PRIVILEGE = $00000040;
- {$EXTERNALSYM POLICY_CREATE_PRIVILEGE}
- POLICY_SET_DEFAULT_QUOTA_LIMITS = $00000080;
- {$EXTERNALSYM POLICY_SET_DEFAULT_QUOTA_LIMITS}
- POLICY_SET_AUDIT_REQUIREMENTS = $00000100;
- {$EXTERNALSYM POLICY_SET_AUDIT_REQUIREMENTS}
- POLICY_AUDIT_LOG_ADMIN = $00000200;
- {$EXTERNALSYM POLICY_AUDIT_LOG_ADMIN}
- POLICY_SERVER_ADMIN = $00000400;
- {$EXTERNALSYM POLICY_SERVER_ADMIN}
- POLICY_LOOKUP_NAMES = $00000800;
- {$EXTERNALSYM POLICY_LOOKUP_NAMES}
- POLICY_NOTIFICATION = $00001000;
- {$EXTERNALSYM POLICY_NOTIFICATION}
- POLICY_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED or
- POLICY_VIEW_LOCAL_INFORMATION or
- POLICY_VIEW_AUDIT_INFORMATION or
- POLICY_GET_PRIVATE_INFORMATION or
- POLICY_TRUST_ADMIN or
- POLICY_CREATE_ACCOUNT or
- POLICY_CREATE_SECRET or
- POLICY_CREATE_PRIVILEGE or
- POLICY_SET_DEFAULT_QUOTA_LIMITS or
- POLICY_SET_AUDIT_REQUIREMENTS or
- POLICY_AUDIT_LOG_ADMIN or
- POLICY_SERVER_ADMIN or
- POLICY_LOOKUP_NAMES);
- {$EXTERNALSYM POLICY_ALL_ACCESS}
- POLICY_READ = (STANDARD_RIGHTS_READ or
- POLICY_VIEW_AUDIT_INFORMATION or
- POLICY_GET_PRIVATE_INFORMATION);
- {$EXTERNALSYM POLICY_READ}
- POLICY_WRITE = (STANDARD_RIGHTS_WRITE or
- POLICY_TRUST_ADMIN or
- POLICY_CREATE_ACCOUNT or
- POLICY_CREATE_SECRET or
- POLICY_CREATE_PRIVILEGE or
- POLICY_SET_DEFAULT_QUOTA_LIMITS or
- POLICY_SET_AUDIT_REQUIREMENTS or
- POLICY_AUDIT_LOG_ADMIN or
- POLICY_SERVER_ADMIN);
- {$EXTERNALSYM POLICY_WRITE}
- POLICY_EXECUTE = (STANDARD_RIGHTS_EXECUTE or
- POLICY_VIEW_LOCAL_INFORMATION or
- POLICY_LOOKUP_NAMES);
- {$EXTERNALSYM POLICY_EXECUTE}
- //
- // Policy object specific data types.
- //
- //
- // The following data type is used to identify a domain
- //
- type
- PLSA_TRUST_INFORMATION = ^LSA_TRUST_INFORMATION;
- {$EXTERNALSYM PLSA_TRUST_INFORMATION}
- _LSA_TRUST_INFORMATION = record
- Name: LSA_UNICODE_STRING;
- Sid: PSID;
- end;
- {$EXTERNALSYM _LSA_TRUST_INFORMATION}
- LSA_TRUST_INFORMATION = _LSA_TRUST_INFORMATION;
- {$EXTERNALSYM LSA_TRUST_INFORMATION}
- TLsaTrustInformation = LSA_TRUST_INFORMATION;
- PLsaTrustInformation = PLSA_TRUST_INFORMATION;
- // where members have the following usage:
- //
- // Name - The name of the domain.
- //
- // Sid - A pointer to the Sid of the Domain
- //
- //
- // The following data type is used in name and SID lookup services to
- // describe the domains referenced in the lookup operation.
- //
- PLSA_REFERENCED_DOMAIN_LIST = ^LSA_REFERENCED_DOMAIN_LIST;
- {$EXTERNALSYM PLSA_REFERENCED_DOMAIN_LIST}
- _LSA_REFERENCED_DOMAIN_LIST = record
- Entries: ULONG;
- Domains: PLSA_TRUST_INFORMATION;
- end;
- {$EXTERNALSYM _LSA_REFERENCED_DOMAIN_LIST}
- LSA_REFERENCED_DOMAIN_LIST = _LSA_REFERENCED_DOMAIN_LIST;
- {$EXTERNALSYM LSA_REFERENCED_DOMAIN_LIST}
- TLsaReferencedDomainList = LSA_REFERENCED_DOMAIN_LIST;
- PLsaReferencedDomainList = PLSA_REFERENCED_DOMAIN_LIST;
- // where members have the following usage:
- //
- // Entries - Is a count of the number of domains described in the
- // Domains array.
- //
- // Domains - Is a pointer to an array of Entries LSA_TRUST_INFORMATION data
- // structures.
- //
- //
- // The following data type is used in name to SID lookup services to describe
- // the domains referenced in the lookup operation.
- //
- PLSA_TRANSLATED_SID = ^LSA_TRANSLATED_SID;
- {$EXTERNALSYM PLSA_TRANSLATED_SID}
- _LSA_TRANSLATED_SID = record
- Use: SID_NAME_USE;
- RelativeId: ULONG;
- DomainIndex: LONG;
- end;
- {$EXTERNALSYM _LSA_TRANSLATED_SID}
- LSA_TRANSLATED_SID = _LSA_TRANSLATED_SID;
- {$EXTERNALSYM LSA_TRANSLATED_SID}
- TLsaTranslatedSid = LSA_TRANSLATED_SID;
- PLsaTranslatedSid = PLSA_TRANSLATED_SID;
- // where members have the following usage:
- //
- // Use - identifies the use of the SID. If this value is SidUnknown or
- // SidInvalid, then the remainder of the record is not set and
- // should be ignored.
- //
- // RelativeId - Contains the relative ID of the translated SID. The
- // remainder of the SID (the prefix) is obtained using the
- // DomainIndex field.
- //
- // DomainIndex - Is the index of an entry in a related
- // LSA_REFERENCED_DOMAIN_LIST data structure describing the
- // domain in which the account was found.
- //
- // If there is no corresponding reference domain for an entry, then
- // this field will contain a negative value.
- //
- _LSA_TRANSLATED_SID2 = record
- Use: SID_NAME_USE;
- Sid: PSID;
- DomainIndex: LONG;
- Flags: ULONG;
- end;
- {$EXTERNALSYM _LSA_TRANSLATED_SID2}
- LSA_TRANSLATED_SID2 = _LSA_TRANSLATED_SID2;
- {$EXTERNALSYM LSA_TRANSLATED_SID2}
- PLSA_TRANSLATED_SID2 = ^LSA_TRANSLATED_SID2;
- {$EXTERNALSYM PLSA_TRANSLATED_SID2}
- TLsaTranslatedSid2 = LSA_TRANSLATED_SID2;
- PLsaTranslatedSid2 = PLSA_TRANSLATED_SID2;
- // where members have the following usage:
- //
- // Use - identifies the use of the SID. If this value is SidUnknown or
- // SidInvalid, then the remainder of the record is not set and
- // should be ignored.
- //
- // Sid - Contains the complete Sid of the tranlated SID
- //
- // DomainIndex - Is the index of an entry in a related
- // LSA_REFERENCED_DOMAIN_LIST data structure describing the
- // domain in which the account was found.
- //
- // If there is no corresponding reference domain for an entry, then
- // this field will contain a negative value.
- //
- //
- // The following data type is used in SID to name lookup services to
- // describe the domains referenced in the lookup operation.
- //
- PLSA_TRANSLATED_NAME = ^LSA_TRANSLATED_NAME;
- {$EXTERNALSYM PLSA_TRANSLATED_NAME}
- _LSA_TRANSLATED_NAME = record
- Use: SID_NAME_USE;
- Name: LSA_UNICODE_STRING;
- DomainIndex: LONG;
- end;
- {$EXTERNALSYM _LSA_TRANSLATED_NAME}
- LSA_TRANSLATED_NAME = _LSA_TRANSLATED_NAME;
- {$EXTERNALSYM LSA_TRANSLATED_NAME}
- TLsaTranslatedName = LSA_TRANSLATED_NAME;
- PLsaTranslatedName = PLSA_TRANSLATED_NAME;
- // where the members have the following usage:
- //
- // Use - Identifies the use of the name. If this value is SidUnknown
- // or SidInvalid, then the remainder of the record is not set and
- // should be ignored. If this value is SidWellKnownGroup then the
- // Name field is invalid, but the DomainIndex field is not.
- //
- // Name - Contains the isolated name of the translated SID.
- //
- // DomainIndex - Is the index of an entry in a related
- // LSA_REFERENCED_DOMAIN_LIST data structure describing the domain
- // in which the account was found.
- //
- // If there is no corresponding reference domain for an entry, then
- // this field will contain a negative value.
- //
- //
- // The following data type is used to represent the role of the LSA
- // server (primary or backup).
- //
- _POLICY_LSA_SERVER_ROLE = (plsrFiller0, plsrFiller1, PolicyServerRoleBackup,
- PolicyServerRolePrimary);
- {$EXTERNALSYM _POLICY_LSA_SERVER_ROLE}
- POLICY_LSA_SERVER_ROLE = _POLICY_LSA_SERVER_ROLE;
- {$EXTERNALSYM POLICY_LSA_SERVER_ROLE}
- PPOLICY_LSA_SERVER_ROLE = ^POLICY_LSA_SERVER_ROLE;
- {$EXTERNALSYM PPOLICY_LSA_SERVER_ROLE}
- TPolicyLsaServerRole = POLICY_LSA_SERVER_ROLE;
- PPolicyLsaServerRole = PPOLICY_LSA_SERVER_ROLE;
- //
- // The following data type is used to specify the auditing options for
- // an Audit Event Type.
- //
- POLICY_AUDIT_EVENT_OPTIONS = ULONG;
- {$EXTERNALSYM POLICY_AUDIT_EVENT_OPTIONS}
- PPOLICY_AUDIT_EVENT_OPTIONS = POLICY_AUDIT_EVENT_OPTIONS;
- {$EXTERNALSYM PPOLICY_AUDIT_EVENT_OPTIONS}
- // where the following flags can be set:
- //
- // POLICY_AUDIT_EVENT_UNCHANGED - Leave existing auditing options
- // unchanged for events of this type. This flag is only used for
- // set operations. If this flag is set, then all other flags
- // are ignored.
- //
- // POLICY_AUDIT_EVENT_NONE - Cancel all auditing options for events
- // of this type. If this flag is set, the success/failure flags
- // are ignored.
- //
- // POLICY_AUDIT_EVENT_SUCCESS - When auditing is enabled, audit all
- // successful occurrences of events of the given type.
- //
- // POLICY_AUDIT_EVENT_FAILURE - When auditing is enabled, audit all
- // unsuccessful occurrences of events of the given type.
- //
- //
- // The following data type defines the classes of Policy Information
- // that may be queried/set.
- //
- type
- _POLICY_INFORMATION_CLASS = (
- picFiller0,
- PolicyAuditLogInformation,
- PolicyAuditEventsInformation,
- PolicyPrimaryDomainInformation,
- PolicyPdAccountInformation,
- PolicyAccountDomainInformation,
- PolicyLsaServerRoleInformation,
- PolicyReplicaSourceInformation,
- PolicyDefaultQuotaInformation,
- PolicyModificationInformation,
- PolicyAuditFullSetInformation,
- PolicyAuditFullQueryInformation,
- PolicyDnsDomainInformation,
- PolicyDnsDomainInformationInt);
- {$EXTERNALSYM _POLICY_INFORMATION_CLASS}
- POLICY_INFORMATION_CLASS = _POLICY_INFORMATION_CLASS;
- {$EXTERNALSYM POLICY_INFORMATION_CLASS}
- PPOLICY_INFORMATION_CLASS = ^POLICY_INFORMATION_CLASS;
- {$EXTERNALSYM PPOLICY_INFORMATION_CLASS}
- TPolicyInformationClass = POLICY_INFORMATION_CLASS;
- PPolicyInformationClass = PPOLICY_INFORMATION_CLASS;
- //
- // The following data type corresponds to the PolicyAuditLogInformation
- // information class. It is used to represent information relating to
- // the Audit Log.
- //
- // This structure may be used in both query and set operations. However,
- // when used in set operations, some fields are ignored.
- //
- PPOLICY_AUDIT_LOG_INFO = ^POLICY_AUDIT_LOG_INFO;
- {$EXTERNALSYM PPOLICY_AUDIT_LOG_INFO}
- _POLICY_AUDIT_LOG_INFO = record
- AuditLogPercentFull: ULONG;
- MaximumLogSize: ULONG;
- AuditRetentionPeriod: LARGE_INTEGER;
- AuditLogFullShutdownInProgress: ByteBool;
- TimeToShutdown: LARGE_INTEGER;
- NextAuditRecordId: ULONG;
- end;
- {$EXTERNALSYM _POLICY_AUDIT_LOG_INFO}
- POLICY_AUDIT_LOG_INFO = _POLICY_AUDIT_LOG_INFO;
- {$EXTERNALSYM POLICY_AUDIT_LOG_INFO}
- TPolicyAuditLogInfo = POLICY_AUDIT_LOG_INFO;
- PPolicyAuditLogInfo = PPOLICY_AUDIT_LOG_INFO;
- // where the members have the following usage:
- //
- // AuditLogPercentFull - Indicates the percentage of the Audit Log
- // currently being used.
- //
- // MaximumLogSize - Specifies the maximum size of the Audit Log in
- // kilobytes.
- //
- // AuditRetentionPeriod - Indicates the length of time that Audit
- // Records are to be retained. Audit Records are discardable
- // if their timestamp predates the current time minus the
- // retention period.
- //
- // AuditLogFullShutdownInProgress - Indicates whether or not a system
- // shutdown is being initiated due to the security Audit Log becoming
- // full. This condition will only occur if the system is configured
- // to shutdown when the log becomes full.
- //
- // TRUE indicates that a shutdown is in progress
- // FALSE indicates that a shutdown is not in progress.
- //
- // Once a shutdown has been initiated, this flag will be set to
- // TRUE. If an administrator is able to currect the situation
- // before the shutdown becomes irreversible, then this flag will
- // be reset to false.
- //
- // This field is ignored for set operations.
- //
- // TimeToShutdown - If the AuditLogFullShutdownInProgress flag is set,
- // then this field contains the time left before the shutdown
- // becomes irreversible.
- //
- // This field is ignored for set operations.
- //
- //
- // The following data type corresponds to the PolicyAuditEventsInformation
- // information class. It is used to represent information relating to
- // the audit requirements.
- //
- PPOLICY_AUDIT_EVENTS_INFO = ^POLICY_AUDIT_EVENTS_INFO;
- {$EXTERNALSYM PPOLICY_AUDIT_EVENTS_INFO}
- _POLICY_AUDIT_EVENTS_INFO = record
- AuditingMode: ByteBool;
- EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS;
- MaximumAuditEventCount: ULONG;
- end;
- {$EXTERNALSYM _POLICY_AUDIT_EVENTS_INFO}
- POLICY_AUDIT_EVENTS_INFO = _POLICY_AUDIT_EVENTS_INFO;
- {$EXTERNALSYM POLICY_AUDIT_EVENTS_INFO}
- TPolicyAuditEventsInfo = POLICY_AUDIT_EVENTS_INFO;
- PPolicyAuditEventsInfo = PPOLICY_AUDIT_EVENTS_INFO;
- // where the members have the following usage:
- //
- // AuditingMode - A Boolean variable specifying the Auditing Mode value.
- // This value is interpreted as follows:
- //
- // TRUE - Auditing is to be enabled (set operations) or is enabled
- // (query operations). Audit Records will be generated according
- // to the Event Auditing Options in effect (see the
- // EventAuditingOptions field.
- //
- // FALSE - Auditing is to be disabled (set operations) or is
- // disabled (query operations). No Audit Records will be
- // generated. Note that for set operations the Event Auditing
- // Options in effect will still be updated as specified by the
- // EventAuditingOptions field whether Auditing is enabled or
- // disabled.
- //
- // EventAuditingOptions - Pointer to an array of Auditing Options
- // indexed by Audit Event Type.
- //
- // MaximumAuditEventCount - Specifiesa count of the number of Audit
- // Event Types specified by the EventAuditingOptions parameter. If
- // this count is less than the number of Audit Event Types supported
- // by the system, the Auditing Options for Event Types with IDs
- // higher than (MaximumAuditEventCount + 1) are left unchanged.
- //
- //
- // The following structure corresponds to the PolicyAccountDomainInformation
- // information class.
- //
- PPOLICY_ACCOUNT_DOMAIN_INFO = ^POLICY_ACCOUNT_DOMAIN_INFO;
- {$EXTERNALSYM PPOLICY_ACCOUNT_DOMAIN_INFO}
- _POLICY_ACCOUNT_DOMAIN_INFO = record
- DomainName: LSA_UNICODE_STRING;
- DomainSid: PSID;
- end;
- {$EXTERNALSYM _POLICY_ACCOUNT_DOMAIN_INFO}
- POLICY_ACCOUNT_DOMAIN_INFO = _POLICY_ACCOUNT_DOMAIN_INFO;
- {$EXTERNALSYM POLICY_ACCOUNT_DOMAIN_INFO}
- TPolicyAccountDomainInfo = POLICY_ACCOUNT_DOMAIN_INFO;
- PPolicyAccountDomainInfo = PPOLICY_ACCOUNT_DOMAIN_INFO;
- // where the members have the following usage:
- //
- // DomainName - Is the name of the domain
- //
- // DomainSid - Is the Sid of the domain
- //
- //
- // The following structure corresponds to the PolicyPrimaryDomainInformation
- // information class.
- //
- PPOLICY_PRIMARY_DOMAIN_INFO = ^POLICY_PRIMARY_DOMAIN_INFO;
- {$EXTERNALSYM PPOLICY_PRIMARY_DOMAIN_INFO}
- _POLICY_PRIMARY_DOMAIN_INFO = record
- Name: LSA_UNICODE_STRING;
- Sid: PSID;
- end;
- {$EXTERNALSYM _POLICY_PRIMARY_DOMAIN_INFO}
- POLICY_PRIMARY_DOMAIN_INFO = _POLICY_PRIMARY_DOMAIN_INFO;
- {$EXTERNALSYM POLICY_PRIMARY_DOMAIN_INFO}
- TPolicyPrimaryDomainInfo = POLICY_PRIMARY_DOMAIN_INFO;
- PPolicyPrimaryDomainInfo = PPOLICY_PRIMARY_DOMAIN_INFO;
- // where the members have the following usage:
- //
- // Name - Is the name of the domain
- //
- // Sid - Is the Sid of the domain
- //
- //
- // The following structure corresponds to the PolicyDnsDomainInformation
- // information class
- //
- PPOLICY_DNS_DOMAIN_INFO = ^POLICY_DNS_DOMAIN_INFO;
- {$EXTERNALSYM PPOLICY_DNS_DOMAIN_INFO}
- _POLICY_DNS_DOMAIN_INFO = record
- Name: LSA_UNICODE_STRING;
- DnsDomainName: LSA_UNICODE_STRING;
- DnsForestName: LSA_UNICODE_STRING;
- DomainGuid: GUID;
- Sid: PSID;
- end;
- {$EXTERNALSYM _POLICY_DNS_DOMAIN_INFO}
- POLICY_DNS_DOMAIN_INFO = _POLICY_DNS_DOMAIN_INFO;
- {$EXTERNALSYM POLICY_DNS_DOMAIN_INFO}
- TPolicyDnsDomainInfo = POLICY_DNS_DOMAIN_INFO;
- PPolicyDnsDomainInfo = PPOLICY_DNS_DOMAIN_INFO;
- // where the members have the following usage:
- //
- // Name - Is the name of the Domain
- //
- // DnsDomainName - Is the DNS name of the domain
- //
- // DnsForestName - Is the DNS forest name of the domain
- //
- // DomainGuid - Is the GUID of the domain
- //
- // Sid - Is the Sid of the domain
- //
- // The following structure corresponds to the PolicyPdAccountInformation
- // information class. This structure may be used in Query operations
- // only.
- //
- PPOLICY_PD_ACCOUNT_INFO = ^POLICY_PD_ACCOUNT_INFO;
- {$EXTERNALSYM PPOLICY_PD_ACCOUNT_INFO}
- _POLICY_PD_ACCOUNT_INFO = record
- Name: LSA_UNICODE_STRING;
- end;
- {$EXTERNALSYM _POLICY_PD_ACCOUNT_INFO}
- POLICY_PD_ACCOUNT_INFO = _POLICY_PD_ACCOUNT_INFO;
- {$EXTERNALSYM POLICY_PD_ACCOUNT_INFO}
- TPolicyPdAccountInfo = POLICY_PD_ACCOUNT_INFO;
- PPolicyPdAccountInfo = PPOLICY_PD_ACCOUNT_INFO;
- // where the members have the following usage:
- //
- // Name - Is the name of an account in the domain that should be used
- // for authentication and name/ID lookup requests.
- //
- //
- // The following structure corresponds to the PolicyLsaServerRoleInformation
- // information class.
- //
- PPOLICY_LSA_SERVER_ROLE_INFO = ^POLICY_LSA_SERVER_ROLE_INFO;
- {$EXTERNALSYM PPOLICY_LSA_SERVER_ROLE_INFO}
- _POLICY_LSA_SERVER_ROLE_INFO = record
- LsaServerRole: POLICY_LSA_SERVER_ROLE;
- end;
- {$EXTERNALSYM _POLICY_LSA_SERVER_ROLE_INFO}
- POLICY_LSA_SERVER_ROLE_INFO = _POLICY_LSA_SERVER_ROLE_INFO;
- {$EXTERNALSYM POLICY_LSA_SERVER_ROLE_INFO}
- TPolicyLsaServerRoleInfo = POLICY_LSA_SERVER_ROLE_INFO;
- PPolicyLsaServerRoleInfo = PPOLICY_LSA_SERVER_ROLE_INFO;
- // where the fields have the following usage:
- //
- // TBS
- //
- //
- // The following structure corresponds to the PolicyReplicaSourceInformation
- // information class.
- //
- PPOLICY_REPLICA_SOURCE_INFO = ^POLICY_REPLICA_SOURCE_INFO;
- {$EXTERNALSYM PPOLICY_REPLICA_SOURCE_INFO}
- _POLICY_REPLICA_SOURCE_INFO = record
- ReplicaSource: LSA_UNICODE_STRING;
- ReplicaAccountName: LSA_UNICODE_STRING;
- end;
- {$EXTERNALSYM _POLICY_REPLICA_SOURCE_INFO}
- POLICY_REPLICA_SOURCE_INFO = _POLICY_REPLICA_SOURCE_INFO;
- {$EXTERNALSYM POLICY_REPLICA_SOURCE_INFO}
- TPolicyReplicaSourceInfo = POLICY_REPLICA_SOURCE_INFO;
- PPolicyReplicaSourceInfo = PPOLICY_REPLICA_SOURCE_INFO;
- //
- // The following structure corresponds to the PolicyDefaultQuotaInformation
- // information class.
- //
- PPOLICY_DEFAULT_QUOTA_INFO = ^POLICY_DEFAULT_QUOTA_INFO;
- {$EXTERNALSYM PPOLICY_DEFAULT_QUOTA_INFO}
- _POLICY_DEFAULT_QUOTA_INFO = record
- QuotaLimits: QUOTA_LIMITS;
- end;
- {$EXTERNALSYM _POLICY_DEFAULT_QUOTA_INFO}
- POLICY_DEFAULT_QUOTA_INFO = _POLICY_DEFAULT_QUOTA_INFO;
- {$EXTERNALSYM POLICY_DEFAULT_QUOTA_INFO}
- TPolicyDefaultQuotaInfo = POLICY_DEFAULT_QUOTA_INFO;
- PPolicyDefaultQuotaInfo = PPOLICY_DEFAULT_QUOTA_INFO;
- //
- // The following structure corresponds to the PolicyModificationInformation
- // information class.
- //
- PPOLICY_MODIFICATION_INFO = ^POLICY_MODIFICATION_INFO;
- {$EXTERNALSYM PPOLICY_MODIFICATION_INFO}
- _POLICY_MODIFICATION_INFO = record
- ModifiedId: LARGE_INTEGER;
- DatabaseCreationTime: LARGE_INTEGER;
- end;
- {$EXTERNALSYM _POLICY_MODIFICATION_INFO}
- POLICY_MODIFICATION_INFO = _POLICY_MODIFICATION_INFO;
- {$EXTERNALSYM POLICY_MODIFICATION_INFO}
- TPolicyModificationInfo = POLICY_MODIFICATION_INFO;
- PPolicyModificationInfo = PPOLICY_MODIFICATION_INFO;
- // where the members have the following usage:
- //
- // ModifiedId - Is a 64-bit unsigned integer that is incremented each
- // time anything in the LSA database is modified. This value is
- // only modified on Primary Domain Controllers.
- //
- // DatabaseCreationTime - Is the date/time that the LSA Database was
- // created. On Backup Domain Controllers, this value is replicated
- // from the Primary Domain Controller.
- //
- //
- // The following structure type corresponds to the PolicyAuditFullSetInformation
- // Information Class.
- //
- PPOLICY_AUDIT_FULL_SET_INFO = ^POLICY_AUDIT_FULL_SET_INFO;
- {$EXTERNALSYM PPOLICY_AUDIT_FULL_SET_INFO}
- _POLICY_AUDIT_FULL_SET_INFO = record
- ShutDownOnFull: ByteBool;
- end;
- {$EXTERNALSYM _POLICY_AUDIT_FULL_SET_INFO}
- POLICY_AUDIT_FULL_SET_INFO = _POLICY_AUDIT_FULL_SET_INFO;
- {$EXTERNALSYM POLICY_AUDIT_FULL_SET_INFO}
- TPolicyAuditFullSetInfo = POLICY_AUDIT_FULL_SET_INFO;
- PPolicyAuditFullSetInfo = PPOLICY_AUDIT_FULL_SET_INFO;
- //
- // The following structure type corresponds to the PolicyAuditFullQueryInformation
- // Information Class.
- //
- PPOLICY_AUDIT_FULL_QUERY_INFO = ^POLICY_AUDIT_FULL_QUERY_INFO;
- {$EXTERNALSYM PPOLICY_AUDIT_FULL_QUERY_INFO}
- _POLICY_AUDIT_FULL_QUERY_INFO = record
- ShutDownOnFull: ByteBool;
- LogIsFull: ByteBool;
- end;
- {$EXTERNALSYM _POLICY_AUDIT_FULL_QUERY_INFO}
- POLICY_AUDIT_FULL_QUERY_INFO = _POLICY_AUDIT_FULL_QUERY_INFO;
- {$EXTERNALSYM POLICY_AUDIT_FULL_QUERY_INFO}
- TPolicyAuditFullQueryInfo = POLICY_AUDIT_FULL_QUERY_INFO;
- PPolicyAuditFullQueryInfo = PPOLICY_AUDIT_FULL_QUERY_INFO;
- //
- // The following data type defines the classes of Policy Information
- // that may be queried/set that has domain wide effect.
- //
- _POLICY_DOMAIN_INFORMATION_CLASS = (
- pdicFiller0,
- PolicyDomainQualityOfServiceInformation, // value was used in W2K; no longer supported
- PolicyDomainEfsInformation,
- PolicyDomainKerberosTicketInformation);
- {$EXTERNALSYM _POLICY_DOMAIN_INFORMATION_CLASS}
- POLICY_DOMAIN_INFORMATION_CLASS = _POLICY_DOMAIN_INFORMATION_CLASS;
- {$EXTERNALSYM POLICY_DOMAIN_INFORMATION_CLASS}
- PPOLICY_DOMAIN_INFORMATION_CLASS = ^POLICY_DOMAIN_INFORMATION_CLASS;
- {$EXTERNALSYM PPOLICY_DOMAIN_INFORMATION_CLASS}
- TPolicyDomainInformationClass = POLICY_DOMAIN_INFORMATION_CLASS;
- PPolicyDomainInformationClass = PPOLICY_DOMAIN_INFORMATION_CLASS;
- type
- // mvb has dissapeared in november 2002 release!
- PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO = ^POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
- {$EXTERNALSYM PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO}
- _POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO = record
- QualityOfService: ULONG;
- end;
- {$EXTERNALSYM _POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO}
- POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO = _POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
- {$EXTERNALSYM POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO}
- TPolicyDomainQualityOfServiceInfo = POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
- PPolicyDomainQualityOfServiceInfo = PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
- //
- // where the members have the following usage:
- //
- // QualityOfService - Determines what specific QOS actions a machine should take
- //
- //
- // The following structure corresponds to the PolicyEfsInformation
- // information class
- //
- PPOLICY_DOMAIN_EFS_INFO = ^POLICY_DOMAIN_EFS_INFO;
- {$EXTERNALSYM PPOLICY_DOMAIN_EFS_INFO}
- _POLICY_DOMAIN_EFS_INFO = record
- InfoLength: ULONG;
- EfsBlob: PUCHAR;
- end;
- {$EXTERNALSYM _POLICY_DOMAIN_EFS_INFO}
- POLICY_DOMAIN_EFS_INFO = _POLICY_DOMAIN_EFS_INFO;
- {$EXTERNALSYM POLICY_DOMAIN_EFS_INFO}
- TPolicyDomainEfsInfo = POLICY_DOMAIN_EFS_INFO;
- PPolicyDomainEfsInfo = PPOLICY_DOMAIN_EFS_INFO;
- // where the members have the following usage:
- //
- // InfoLength - Length of the EFS Information blob
- //
- // EfsBlob - Efs blob data
- //
- //
- // The following structure corresponds to the PolicyDomainKerberosTicketInformation
- // information class
- const
- POLICY_KERBEROS_VALIDATE_CLIENT = $00000080;
- {$EXTERNALSYM POLICY_KERBEROS_VALIDATE_CLIENT}
- type
- PPOLICY_DOMAIN_KERBEROS_TICKET_INFO = ^POLICY_DOMAIN_KERBEROS_TICKET_INFO;
- {$EXTERNALSYM PPOLICY_DOMAIN_KERBEROS_TICKET_INFO}
- _POLICY_DOMAIN_KERBEROS_TICKET_INFO = record
- AuthenticationOptions: ULONG;
- MaxServiceTicketAge: LARGE_INTEGER;
- MaxTicketAge: LARGE_INTEGER;
- MaxRenewAge: LARGE_INTEGER;
- MaxClockSkew: LARGE_INTEGER;
- Reserved: LARGE_INTEGER;
- end;
- {$EXTERNALSYM _POLICY_DOMAIN_KERBEROS_TICKET_INFO}
- POLICY_DOMAIN_KERBEROS_TICKET_INFO = _POLICY_DOMAIN_KERBEROS_TICKET_INFO;
- {$EXTERNALSYM POLICY_DOMAIN_KERBEROS_TICKET_INFO}
- TPolicyDomainKerberosTicketInfo = POLICY_DOMAIN_KERBEROS_TICKET_INFO;
- PPolicyDomainKerberosTicketInfo = PPOLICY_DOMAIN_KERBEROS_TICKET_INFO;
- //
- // where the members have the following usage
- //
- // AuthenticationOptions -- allowed ticket options (POLICY_KERBEROS_* flags )
- //
- // MaxServiceTicketAge -- Maximum lifetime for a service ticket
- //
- // MaxTicketAge -- Maximum lifetime for the initial ticket
- //
- // MaxRenewAge -- Maximum cumulative age a renewable ticket can be with
- // requring authentication
- //
- // MaxClockSkew -- Maximum tolerance for synchronization of computer clocks
- //
- // Reserved -- Reserved
- //
- // The following data type defines the classes of Policy Information / Policy Domain Information
- // that may be used to request notification
- //
- _POLICY_NOTIFICATION_INFORMATION_CLASS = (
- pnicFiller0,
- PolicyNotifyAuditEventsInformation,
- PolicyNotifyAccountDomainInformation,
- PolicyNotifyServerRoleInformation,
- PolicyNotifyDnsDomainInformation,
- PolicyNotifyDomainEfsInformation,
- PolicyNotifyDomainKerberosTicketInformation,
- PolicyNotifyMachineAccountPasswordInformation);
- {$EXTERNALSYM _POLICY_NOTIFICATION_INFORMATION_CLASS}
- POLICY_NOTIFICATION_INFORMATION_CLASS = _POLICY_NOTIFICATION_INFORMATION_CLASS;
- {$EXTERNALSYM POLICY_NOTIFICATION_INFORMATION_CLASS}
- PPOLICY_NOTIFICATION_INFORMATION_CLASS = ^POLICY_NOTIFICATION_INFORMATION_CLASS;
- {$EXTERNALSYM PPOLICY_NOTIFICATION_INFORMATION_CLASS}
- TPolicyNotificationInformationClass = POLICY_NOTIFICATION_INFORMATION_CLASS;
- PPolicyNotificationInformationClass = PPOLICY_NOTIFICATION_INFORMATION_CLASS;
- //
- // LSA RPC Context Handle (Opaque form). Note that a Context Handle is
- // always a pointer type unlike regular handles.
- //
- LSA_HANDLE = PVOID;
- {$EXTERNALSYM LSA_HANDLE}
- PLSA_HANDLE = ^LSA_HANDLE;
- {$EXTERNALSYM PLSA_HANDLE}
- TLsaHandle = LSA_HANDLE;
- //
- // Trusted Domain Object specific data types
- //
- //
- // This data type defines the following information classes that may be
- // queried or set.
- //
- _TRUSTED_INFORMATION_CLASS = (
- ticFiller0,
- TrustedDomainNameInformation,
- TrustedControllersInformation,
- TrustedPosixOffsetInformation,
- TrustedPasswordInformation,
- TrustedDomainInformationBasic,
- TrustedDomainInformationEx,
- TrustedDomainAuthInformation,
- TrustedDomainFullInformation,
- TrustedDomainAuthInformationInternal,
- TrustedDomainFullInformationInternal,
- TrustedDomainInformationEx2Internal,
- TrustedDomainFullInformation2Internal);
- {$EXTERNALSYM _TRUSTED_INFORMATION_CLASS}
- TRUSTED_INFORMATION_CLASS = _TRUSTED_INFORMATION_CLASS;
- {$EXTERNALSYM TRUSTED_INFORMATION_CLASS}
- PTRUSTED_INFORMATION_CLASS = ^TRUSTED_INFORMATION_CLASS;
- {$EXTERNALSYM PTRUSTED_INFORMATION_CLASS}
- TTrustedInfomationClass = TRUSTED_INFORMATION_CLASS;
- PTrustedInfomationClass = PTRUSTED_INFORMATION_CLASS;
- //
- // The following data type corresponds to the TrustedDomainNameInformation
- // information class.
- //
- PTRUSTED_DOMAIN_NAME_INFO = ^TRUSTED_DOMAIN_NAME_INFO;
- {$EXTERNALSYM PTRUSTED_DOMAIN_NAME_INFO}
- _TRUSTED_DOMAIN_NAME_INFO = record
- Name: LSA_UNICODE_STRING;
- end;
- {$EXTERNALSYM _TRUSTED_DOMAIN_NAME_INFO}
- TRUSTED_DOMAIN_NAME_INFO = _TRUSTED_DOMAIN_NAME_INFO;
- {$EXTERNALSYM TRUSTED_DOMAIN_NAME_INFO}
- TTrustedDomainNameInfo = TRUSTED_DOMAIN_NAME_INFO;
- PTrustedDomainNameInfo = PTRUSTED_DOMAIN_NAME_INFO;
- // where members have the following meaning:
- //
- // Name - The name of the Trusted Domain.
- //
- //
- // The following data type corresponds to the TrustedControllersInformation
- // information class.
- //
- PTRUSTED_CONTROLLERS_INFO = ^TRUSTED_CONTROLLERS_INFO;
- {$EXTERNALSYM PTRUSTED_CONTROLLERS_INFO}
- _TRUSTED_CONTROLLERS_INFO = record
- Entries: ULONG;
- Names: PLSA_UNICODE_STRING;
- end;
- {$EXTERNALSYM _TRUSTED_CONTROLLERS_INFO}
- TRUSTED_CONTROLLERS_INFO = _TRUSTED_CONTROLLERS_INFO;
- {$EXTERNALSYM TRUSTED_CONTROLLERS_INFO}
- TTrustedControllersInfo = TRUSTED_CONTROLLERS_INFO;
- PTrustedControllersInfo = PTRUSTED_CONTROLLERS_INFO;
- // where members have the following meaning:
- //
- // Entries - Indicate how mamy entries there are in the Names array.
- //
- // Names - Pointer to an array of LSA_UNICODE_STRING structures containing the
- // names of domain controllers of the domain. This information may not
- // be accurate and should be used only as a hint. The order of this
- // list is considered significant and will be maintained.
- //
- // By convention, the first name in this list is assumed to be the
- // Primary Domain Controller of the domain. If the Primary Domain
- // Controller is not known, the first name should be set to the NULL
- // string.
- //
- //
- // The following data type corresponds to the TrustedPosixOffsetInformation
- // information class.
- //
- PTRUSTED_POSIX_OFFSET_INFO = ^TRUSTED_POSIX_OFFSET_INFO;
- {$EXTERNALSYM PTRUSTED_POSIX_OFFSET_INFO}
- _TRUSTED_POSIX_OFFSET_INFO = record
- Offset: ULONG;
- end;
- {$EXTERNALSYM _TRUSTED_POSIX_OFFSET_INFO}
- TRUSTED_POSIX_OFFSET_INFO = _TRUSTED_POSIX_OFFSET_INFO;
- {$EXTERNALSYM TRUSTED_POSIX_OFFSET_INFO}
- TTrustedPosixOffsetInfo = TRUSTED_POSIX_OFFSET_INFO;
- PTrustedPosixOffsetInfo = PTRUSTED_POSIX_OFFSET_INFO;
- // where members have the following meaning:
- //
- // Offset - Is an offset to use for the generation of Posix user and group
- // IDs from SIDs. The Posix ID corresponding to any particular SID is
- // generated by adding the RID of that SID to the Offset of the SID's
- // corresponding TrustedDomain object.
- //
- //
- // The following data type corresponds to the TrustedPasswordInformation
- // information class.
- //
- PTRUSTED_PASSWORD_INFO = ^TRUSTED_PASSWORD_INFO;
- {$EXTERNALSYM PTRUSTED_PASSWORD_INFO}
- _TRUSTED_PASSWORD_INFO = record
- Password: LSA_UNICODE_STRING;
- OldPassword: LSA_UNICODE_STRING;
- end;
- {$EXTERNALSYM _TRUSTED_PASSWORD_INFO}
- TRUSTED_PASSWORD_INFO = _TRUSTED_PASSWORD_INFO;
- {$EXTERNALSYM TRUSTED_PASSWORD_INFO}
- TTrustedPasswordInfo = TRUSTED_PASSWORD_INFO;
- PTrustedPasswordInfo = PTRUSTED_PASSWORD_INFO;
- TRUSTED_DOMAIN_INFORMATION_BASIC = LSA_TRUST_INFORMATION;
- {$EXTERNALSYM TRUSTED_DOMAIN_INFORMATION_BASIC}
- PTRUSTED_DOMAIN_INFORMATION_BASIC = PLSA_TRUST_INFORMATION;
- {$EXTERNALSYM PTRUSTED_DOMAIN_INFORMATION_BASIC}
- TTrustedDomainInformationBasic = TRUSTED_DOMAIN_INFORMATION_BASIC;
- PTrustedDomainInformationBasic = PTRUSTED_DOMAIN_INFORMATION_BASIC;
- //
- // Direction of the trust
- //
- const
- TRUST_DIRECTION_DISABLED = $00000000;
- {$EXTERNALSYM TRUST_DIRECTION_DISABLED}
- TRUST_DIRECTION_INBOUND = $00000001;
- {$EXTERNALSYM TRUST_DIRECTION_INBOUND}
- TRUST_DIRECTION_OUTBOUND = $00000002;
- {$EXTERNALSYM TRUST_DIRECTION_OUTBOUND}
- TRUST_DIRECTION_BIDIRECTIONAL = (TRUST_DIRECTION_INBOUND or TRUST_DIRECTION_OUTBOUND);
- {$EXTERNALSYM TRUST_DIRECTION_BIDIRECTIONAL}
- TRUST_TYPE_DOWNLEVEL = $00000001; // NT4 and before
- {$EXTERNALSYM TRUST_TYPE_DOWNLEVEL}
- TRUST_TYPE_UPLEVEL = $00000002; // NT5
- {$EXTERNALSYM TRUST_TYPE_UPLEVEL}
- TRUST_TYPE_MIT = $00000003; // Trust with a MIT Kerberos realm
- {$EXTERNALSYM TRUST_TYPE_MIT}
- // TRUST_TYPE_DCE = $00000004; // Trust with a DCE realm
- // {$EXTERNALSYM TRUST_TYPE_DCE}
- // Levels 0x5 - 0x000FFFFF reserved for future use
- // Provider specific trust levels are from 0x00100000 to 0xFFF00000
- TRUST_ATTRIBUTE_NON_TRANSITIVE = $00000001; // Disallow transitivity
- {$EXTERNALSYM TRUST_ATTRIBUTE_NON_TRANSITIVE}
- TRUST_ATTRIBUTE_UPLEVEL_ONLY = $00000002; // Trust link only valid for uplevel client
- {$EXTERNALSYM TRUST_ATTRIBUTE_UPLEVEL_ONLY}
- TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = $00000004; // Used to quarantine domains
- {$EXTERNALSYM TRUST_ATTRIBUTE_QUARANTINED_DOMAIN}
- TRUST_ATTRIBUTE_FOREST_TRANSITIVE = $00000008; // This link may contain forest trust information
- {$EXTERNALSYM TRUST_ATTRIBUTE_FOREST_TRANSITIVE}
- TRUST_ATTRIBUTE_CROSS_ORGANIZATION = $00000010; // This trust is to a domain/forest which is not part of this enterprise
- {$EXTERNALSYM TRUST_ATTRIBUTE_CROSS_ORGANIZATION}
- TRUST_ATTRIBUTE_WITHIN_FOREST = $00000020; // Trust is internal to this forest
- {$EXTERNALSYM TRUST_ATTRIBUTE_WITHIN_FOREST}
- // Trust attributes 0x00000040 through 0x00200000 are reserved for future use
- // Trust attributes 0x00400000 through 0x00800000 were used previously (up to W2K) and should not be re-used
- // Trust attributes 0x01000000 through 0x80000000 are reserved for user
- TRUST_ATTRIBUTES_VALID = DWORD($FF03FFFF);
- {$EXTERNALSYM TRUST_ATTRIBUTES_VALID}
- TRUST_ATTRIBUTES_USER = DWORD($FF000000);
- {$EXTERNALSYM TRUST_ATTRIBUTES_USER}
- type
- PTRUSTED_DOMAIN_INFORMATION_EX = ^TRUSTED_DOMAIN_INFORMATION_EX;
- {$EXTERNALSYM PTRUSTED_DOMAIN_INFORMATION_EX}
- _TRUSTED_DOMAIN_INFORMATION_EX = record
- Name: LSA_UNICODE_STRING;
- FlatName: LSA_UNICODE_STRING;
- Sid: PSID;
- TrustDirection: ULONG;
- TrustType: ULONG;
- TrustAttributes: ULONG;
- end;
- {$EXTERNALSYM _TRUSTED_DOMAIN_INFORMATION_EX}
- TRUSTED_DOMAIN_INFORMATION_EX = _TRUSTED_DOMAIN_INFORMATION_EX;
- {$EXTERNALSYM TRUSTED_DOMAIN_INFORMATION_EX}
- TTrustedDomainInformationEx = TRUSTED_DOMAIN_INFORMATION_EX;
- PTrustedDomainInformationEx = PTRUSTED_DOMAIN_INFORMATION_EX;
- _TRUSTED_DOMAIN_INFORMATION_EX2 = record
- Name: LSA_UNICODE_STRING;
- FlatName: LSA_UNICODE_STRING;
- Sid: PSID;
- TrustDirection: ULONG;
- TrustType: ULONG;
- TrustAttributes: ULONG;
- ForestTrustLength: ULONG;
- ForestTrustInfo: PUCHAR;
- end;
- {$EXTERNALSYM _TRUSTED_DOMAIN_INFORMATION_EX2}
- TRUSTED_DOMAIN_INFORMATION_EX2 = _TRUSTED_DOMAIN_INFORMATION_EX2;
- {$EXTERNALSYM TRUSTED_DOMAIN_INFORMATION_EX2}
- PTRUSTED_DOMAIN_INFORMATION_EX2 = ^TRUSTED_DOMAIN_INFORMATION_EX2;
- {$EXTERNALSYM PTRUSTED_DOMAIN_INFORMATION_EX2}
- TTrustedDomainInformationEx2 = TRUSTED_DOMAIN_INFORMATION_EX2;
- PTrustedDomainInformationEx2 = PTRUSTED_DOMAIN_INFORMATION_EX2;
- //
- // Type of authentication information
- //
- const
- TRUST_AUTH_TYPE_NONE = 0; // Ignore this entry
- {$EXTERNALSYM TRUST_AUTH_TYPE_NONE}
- TRUST_AUTH_TYPE_NT4OWF = 1; // NT4 OWF password
- {$EXTERNALSYM TRUST_AUTH_TYPE_NT4OWF}
- TRUST_AUTH_TYPE_CLEAR = 2; // Cleartext password
- {$EXTERNALSYM TRUST_AUTH_TYPE_CLEAR}
- TRUST_AUTH_TYPE_VERSION = 3; // Cleartext password version number
- {$EXTERNALSYM TRUST_AUTH_TYPE_VERSION}
- type
- PLSA_AUTH_INFORMATION = ^LSA_AUTH_INFORMATION;
- {$EXTERNALSYM PLSA_AUTH_INFORMATION}
- _LSA_AUTH_INFORMATION = record
- LastUpdateTime: LARGE_INTEGER;
- AuthType: ULONG;
- AuthInfoLength: ULONG;
- AuthInfo: PUCHAR;
- end;
- {$EXTERNALSYM _LSA_AUTH_INFORMATION}
- LSA_AUTH_INFORMATION = _LSA_AUTH_INFORMATION;
- {$EXTERNALSYM LSA_AUTH_INFORMATION}
- TLsaAuthInformation = LSA_AUTH_INFORMATION;
- PLsaAuthInformation = PLSA_AUTH_INFORMATION;
- PTRUSTED_DOMAIN_AUTH_INFORMATION = ^TRUSTED_DOMAIN_AUTH_INFORMATION;
- {$EXTERNALSYM PTRUSTED_DOMAIN_AUTH_INFORMATION}
- _TRUSTED_DOMAIN_AUTH_INFORMATION = record
- IncomingAuthInfos: ULONG;
- IncomingAuthenticationInformation: PLSA_AUTH_INFORMATION;
- IncomingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION;
- OutgoingAuthInfos: ULONG;
- OutgoingAuthenticationInformation: PLSA_AUTH_INFORMATION;
- OutgoingPreviousAuthenticationInformation: PLSA_AUTH_INFORMATION;
- end;
- {$EXTERNALSYM _TRUSTED_DOMAIN_AUTH_INFORMATION}
- TRUSTED_DOMAIN_AUTH_INFORMATION = _TRUSTED_DOMAIN_AUTH_INFORMATION;
- {$EXTERNALSYM TRUSTED_DOMAIN_AUTH_INFORMATION}
- TTrustedDomainAuthInformation = TRUSTED_DOMAIN_AUTH_INFORMATION;
- PTrustedDomainAuthInformation = PTRUSTED_DOMAIN_AUTH_INFORMATION;
- PTRUSTED_DOMAIN_FULL_INFORMATION = ^TRUSTED_DOMAIN_FULL_INFORMATION;
- {$EXTERNALSYM PTRUSTED_DOMAIN_FULL_INFORMATION}
- _TRUSTED_DOMAIN_FULL_INFORMATION = record
- Information: TRUSTED_DOMAIN_INFORMATION_EX;
- PosixOffset: TRUSTED_POSIX_OFFSET_INFO;
- AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION;
- end;
- {$EXTERNALSYM _TRUSTED_DOMAIN_FULL_INFORMATION}
- TRUSTED_DOMAIN_FULL_INFORMATION = _TRUSTED_DOMAIN_FULL_INFORMATION;
- {$EXTERNALSYM TRUSTED_DOMAIN_FULL_INFORMATION}
- TTrustedDomainFullInformation = TRUSTED_DOMAIN_FULL_INFORMATION;
- PTrustedDomainFullInformation = PTRUSTED_DOMAIN_FULL_INFORMATION;
- PTRUSTED_DOMAIN_FULL_INFORMATION2 = ^TRUSTED_DOMAIN_FULL_INFORMATION2;
- {$EXTERNALSYM PTRUSTED_DOMAIN_FULL_INFORMATION2}
- _TRUSTED_DOMAIN_FULL_INFORMATION2 = record
- Information: TRUSTED_DOMAIN_INFORMATION_EX2;
- PosixOffset: TRUSTED_POSIX_OFFSET_INFO;
- AuthInformation: TRUSTED_DOMAIN_AUTH_INFORMATION;
- end;
- {$EXTERNALSYM _TRUSTED_DOMAIN_FULL_INFORMATION2}
- TRUSTED_DOMAIN_FULL_INFORMATION2 = _TRUSTED_DOMAIN_FULL_INFORMATION2;
- {$EXTERNALSYM TRUSTED_DOMAIN_FULL_INFORMATION2}
- TTrustedDomainFullInformation2 = TRUSTED_DOMAIN_FULL_INFORMATION2;
- PTrustedDomainFullInformation2 = PTRUSTED_DOMAIN_FULL_INFORMATION2;
- LSA_FOREST_TRUST_RECORD_TYPE = (
- ForestTrustTopLevelName,
- ForestTrustTopLevelNameEx,
- ForestTrustDomainInfo);
- {$EXTERNALSYM LSA_FOREST_TRUST_RECORD_TYPE}
- TLsaForestTrustRecordType = LSA_FOREST_TRUST_RECORD_TYPE;
- const
- ForestTrustRecordTypeLast = ForestTrustDomainInfo;
- {$EXTERNALSYM ForestTrustRecordTypeLast}
- //
- // Bottom 16 bits of the flags are reserved for disablement reasons
- //
- LSA_FTRECORD_DISABLED_REASONS = $0000FFFF;
- {$EXTERNALSYM LSA_FTRECORD_DISABLED_REASONS}
- //
- // Reasons for a top-level name forest trust record to be disabled
- //
- LSA_TLN_DISABLED_NEW = $00000001;
- {$EXTERNALSYM LSA_TLN_DISABLED_NEW}
- LSA_TLN_DISABLED_ADMIN = $00000002;
- {$EXTERNALSYM LSA_TLN_DISABLED_ADMIN}
- LSA_TLN_DISABLED_CONFLICT = $00000004;
- {$EXTERNALSYM LSA_TLN_DISABLED_CONFLICT}
- //
- // Reasons for a domain information forest trust record to be disabled
- //
- LSA_SID_DISABLED_ADMIN = $00000001;
- {$EXTERNALSYM LSA_SID_DISABLED_ADMIN}
- LSA_SID_DISABLED_CONFLICT = $00000002;
- {$EXTERNALSYM LSA_SID_DISABLED_CONFLICT}
- LSA_NB_DISABLED_ADMIN = $00000004;
- {$EXTERNALSYM LSA_NB_DISABLED_ADMIN}
- LSA_NB_DISABLED_CONFLICT = $00000008;
- {$EXTERNALSYM LSA_NB_DISABLED_CONFLICT}
- type
- PLSA_FOREST_TRUST_DOMAIN_INFO = ^LSA_FOREST_TRUST_DOMAIN_INFO;
- {$EXTERNALSYM PLSA_FOREST_TRUST_DOMAIN_INFO}
- _LSA_FOREST_TRUST_DOMAIN_INFO = record
- Sid: PSID;
- DnsName: LSA_UNICODE_STRING;
- NetbiosName: LSA_UNICODE_STRING;
- end;
- {$EXTERNALSYM _LSA_FOREST_TRUST_DOMAIN_INFO}
- LSA_FOREST_TRUST_DOMAIN_INFO = _LSA_FOREST_TRUST_DOMAIN_INFO;
- {$EXTERNALSYM LSA_FOREST_TRUST_DOMAIN_INFO}
- TLsaForestTrustDomainInfo = LSA_FOREST_TRUST_DOMAIN_INFO;
- PLsaForestTrustDomainInfo = PLSA_FOREST_TRUST_DOMAIN_INFO;
- //
- // To prevent huge data to be passed in, we should put a limit on LSA_FOREST_TRUST_BINARY_DATA.
- // 128K is large enough that can't be reached in the near future, and small enough not to
- // cause memory problems.
- const
- MAX_FOREST_TRUST_BINARY_DATA_SIZE = (128 * 1024);
- {$EXTERNALSYM MAX_FOREST_TRUST_BINARY_DATA_SIZE}
- type
- PLSA_FOREST_TRUST_BINARY_DATA = ^LSA_FOREST_TRUST_BINARY_DATA;
- {$EXTERNALSYM PLSA_FOREST_TRUST_BINARY_DATA}
- _LSA_FOREST_TRUST_BINARY_DATA = record
- Length: ULONG;
- Buffer: PUCHAR;
- end;
- {$EXTERNALSYM _LSA_FOREST_TRUST_BINARY_DATA}
- LSA_FOREST_TRUST_BINARY_DATA = _LSA_FOREST_TRUST_BINARY_DATA;
- {$EXTERNALSYM LSA_FOREST_TRUST_BINARY_DATA}
- TLsaForestTrustBinaryData = LSA_FOREST_TRUST_BINARY_DATA;
- PLsaForestTrustBinaryData = PLSA_FOREST_TRUST_BINARY_DATA;
- PLSA_FOREST_TRUST_RECORD = ^LSA_FOREST_TRUST_RECORD;
- {$EXTERNALSYM PLSA_FOREST_TRUST_RECORD}
- _LSA_FOREST_TRUST_RECORD = record
- Flags: ULONG;
- ForestTrustType: LSA_FOREST_TRUST_RECORD_TYPE; // type of record
- Time: LARGE_INTEGER;
- case Integer of // actual data
- 0: (TopLevelName: LSA_UNICODE_STRING);
- 1: (DomainInfo: LSA_FOREST_TRUST_DOMAIN_INFO);
- 2: (Data: LSA_FOREST_TRUST_BINARY_DATA); // used for unrecognized types
- // } ForestTrustData;
- end;
- {$EXTERNALSYM _LSA_FOREST_TRUST_RECORD}
- LSA_FOREST_TRUST_RECORD = _LSA_FOREST_TRUST_RECORD;
- {$EXTERNALSYM LSA_FOREST_TRUST_RECORD}
- TLsaForestTrustRecord = LSA_FOREST_TRUST_RECORD;
- PLsaForestTrustRecord = PLSA_FOREST_TRUST_RECORD;
- //
- // To prevent forest trust blobs of large size, number of records must be
- // smaller than MAX_RECORDS_IN_FOREST_TRUST_INFO
- //
- const
- MAX_RECORDS_IN_FOREST_TRUST_INFO = 4000;
- {$EXTERNALSYM MAX_RECORDS_IN_FOREST_TRUST_INFO}
- type
- PLSA_FOREST_TRUST_INFORMATION = ^LSA_FOREST_TRUST_INFORMATION;
- {$EXTERNALSYM PLSA_FOREST_TRUST_INFORMATION}
- _LSA_FOREST_TRUST_INFORMATION = record
- RecordCount: ULONG;
- Entries: ^PLSA_FOREST_TRUST_RECORD;
- end;
- {$EXTERNALSYM _LSA_FOREST_TRUST_INFORMATION}
- LSA_FOREST_TRUST_INFORMATION = _LSA_FOREST_TRUST_INFORMATION;
- {$EXTERNALSYM LSA_FOREST_TRUST_INFORMATION}
- TLsaForestTrustInformation = LSA_FOREST_TRUST_INFORMATION;
- PLsaForestTrustInformation = PLSA_FOREST_TRUST_INFORMATION;
- LSA_FOREST_TRUST_COLLISION_RECORD_TYPE = (
- CollisionTdo,
- CollisionXref,
- CollisionOther);
- {$EXTERNALSYM LSA_FOREST_TRUST_COLLISION_RECORD_TYPE}
- TLsaForestTrustCollisionRecordType = LSA_FOREST_TRUST_COLLISION_RECORD_TYPE;
- PLSA_FOREST_TRUST_COLLISION_RECORD = ^LSA_FOREST_TRUST_COLLISION_RECORD;
- {$EXTERNALSYM PLSA_FOREST_TRUST_COLLISION_RECORD}
- _LSA_FOREST_TRUST_COLLISION_RECORD = record
- Index: ULONG;
- Type_: LSA_FOREST_TRUST_COLLISION_RECORD_TYPE;
- Flags: ULONG;
- Name: LSA_UNICODE_STRING;
- end;
- {$EXTERNALSYM _LSA_FOREST_TRUST_COLLISION_RECORD}
- LSA_FOREST_TRUST_COLLISION_RECORD = _LSA_FOREST_TRUST_COLLISION_RECORD;
- {$EXTERNALSYM LSA_FOREST_TRUST_COLLISION_RECORD}
- TLsaForestTrustCollisionRecord = LSA_FOREST_TRUST_COLLISION_RECORD;
- PLsaForestTrustCollisionRecord = PLSA_FOREST_TRUST_COLLISION_RECORD;
- PLSA_FOREST_TRUST_COLLISION_INFORMATION = ^LSA_FOREST_TRUST_COLLISION_INFORMATION;
- {$EXTERNALSYM PLSA_FOREST_TRUST_COLLISION_INFORMATION}
- _LSA_FOREST_TRUST_COLLISION_INFORMATION = record
- RecordCount: ULONG;
- Entries: ^PLSA_FOREST_TRUST_COLLISION_RECORD;
- end;
- {$EXTERNALSYM _LSA_FOREST_TRUST_COLLISION_INFORMATION}
- LSA_FOREST_TRUST_COLLISION_INFORMATION = _LSA_FOREST_TRUST_COLLISION_INFORMATION;
- {$EXTERNALSYM LSA_FOREST_TRUST_COLLISION_INFORMATION}
- TLsaForestTrustCollisionInformation = LSA_FOREST_TRUST_COLLISION_INFORMATION;
- PLsaForestTrustCollisionInformation = PLSA_FOREST_TRUST_COLLISION_INFORMATION;
- //
- // LSA Enumeration Context
- //
- LSA_ENUMERATION_HANDLE = ULONG;
- {$EXTERNALSYM LSA_ENUMERATION_HANDLE}
- PLSA_ENUMERATION_HANDLE = LSA_ENUMERATION_HANDLE;
- {$EXTERNALSYM PLSA_ENUMERATION_HANDLE}
- //
- // LSA Enumeration Information
- //
- PLSA_ENUMERATION_INFORMATION = ^LSA_ENUMERATION_INFORMATION;
- {$EXTERNALSYM PLSA_ENUMERATION_INFORMATION}
- _LSA_ENUMERATION_INFORMATION = record
- Sid: PSID;
- end;
- {$EXTERNALSYM _LSA_ENUMERATION_INFORMATION}
- LSA_ENUMERATION_INFORMATION = _LSA_ENUMERATION_INFORMATION;
- {$EXTERNALSYM LSA_ENUMERATION_INFORMATION}
- TLsaEnumerationInformation = LSA_ENUMERATION_INFORMATION;
- PLsaEnumerationInformation = PLSA_ENUMERATION_INFORMATION;
- ////////////////////////////////////////////////////////////////////////////
- // //
- // Local Security Policy - Miscellaneous API function prototypes //
- // //
- ////////////////////////////////////////////////////////////////////////////
- function LsaFreeMemory(Buffer: PVOID): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaFreeMemory}
- function LsaClose(ObjectHandle: LSA_HANDLE): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaClose}
- type
- _SECURITY_LOGON_SESSION_DATA = record
- Size: ULONG;
- LogonId: LUID;
- UserName: LSA_UNICODE_STRING;
- LogonDomain: LSA_UNICODE_STRING;
- AuthenticationPackage: LSA_UNICODE_STRING;
- LogonType: SECURITY_LOGON_TYPE;
- Session: ULONG;
- Sid: PSID;
- LogonTime: LARGE_INTEGER;
- //
- // new for whistler:
- //
- LogonServer: LSA_UNICODE_STRING;
- DnsDomainName: LSA_UNICODE_STRING;
- Upn: LSA_UNICODE_STRING;
- end;
- {$EXTERNALSYM _SECURITY_LOGON_SESSION_DATA}
- SECURITY_LOGON_SESSION_DATA = _SECURITY_LOGON_SESSION_DATA;
- {$EXTERNALSYM SECURITY_LOGON_SESSION_DATA}
- PSECURITY_LOGON_SESSION_DATA = ^SECURITY_LOGON_SESSION_DATA;
- {$EXTERNALSYM PSECURITY_LOGON_SESSION_DATA}
- TSecurityLogonSessionData = SECURITY_LOGON_SESSION_DATA;
- PSecurityLogonSessionData = PSECURITY_LOGON_SESSION_DATA;
- function LsaEnumerateLogonSessions(LogonSessionCount: PULONG; var LogonSessionList: PLUID): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaEnumerateLogonSessions}
- function LsaGetLogonSessionData(LogonId: PLUID; var ppLogonSessionData: PSECURITY_LOGON_SESSION_DATA): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaGetLogonSessionData}
- function LsaOpenPolicy(SystemName: PLSA_UNICODE_STRING;
- var ObjectAttributes: LSA_OBJECT_ATTRIBUTES; DesiredAccess: ACCESS_MASK;
- var PolicyHandle: LSA_HANDLE): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaOpenPolicy}
- function LsaQueryInformationPolicy(PolicyHandle: LSA_HANDLE;
- InformationClass: POLICY_INFORMATION_CLASS; var Buffer: PVOID): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaQueryInformationPolicy}
- function LsaSetInformationPolicy(PolicyHandle: LSA_HANDLE;
- InformationClass: POLICY_INFORMATION_CLASS; Buffer: PVOID): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaSetInformationPolicy}
- function LsaQueryDomainInformationPolicy(PolicyHandle: LSA_HANDLE;
- InformationClass: POLICY_DOMAIN_INFORMATION_CLASS; Buffer: PPVOID): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaQueryDomainInformationPolicy}
- function LsaSetDomainInformationPolicy(PolicyHandle: LSA_HANDLE;
- InformationClass: POLICY_DOMAIN_INFORMATION_CLASS; Buffer: PVOID): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaSetDomainInformationPolicy}
- function LsaRegisterPolicyChangeNotification(InformationClass: POLICY_NOTIFICATION_INFORMATION_CLASS;
- NotificationEventHandle: HANDLE): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaRegisterPolicyChangeNotification}
- function LsaUnregisterPolicyChangeNotification(InformationClass: POLICY_NOTIFICATION_INFORMATION_CLASS;
- NotificationEventHandle: HANDLE): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaUnregisterPolicyChangeNotification}
- function LsaEnumerateTrustedDomains(PolicyHandle: LSA_HANDLE;
- var EnumerationContext: LSA_ENUMERATION_HANDLE; Buffer: PPVOID;
- PreferedMaximumLength: ULONG; var CountReturned: ULONG): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaEnumerateTrustedDomains}
- function LsaLookupNames(PolicyHandle: LSA_HANDLE; Count: ULONG;
- Names: PLSA_UNICODE_STRING; var ReferencedDomains: PLSA_REFERENCED_DOMAIN_LIST;
- var Sids: PLSA_TRANSLATED_SID): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaLookupNames}
- function LsaLookupNames2(PolicyHandle: LSA_HANDLE; Flags, Count: ULONG; Names: PLSA_UNICODE_STRING;
- var ReferencedDomains: PLSA_REFERENCED_DOMAIN_LIST; var Sids: PLSA_TRANSLATED_SID2): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaLookupNames2}
- function LsaLookupSids(PolicyHandle: LSA_HANDLE; Count: ULONG; Sids: PPSID;
- var ReferencedDomains: PLSA_REFERENCED_DOMAIN_LIST;
- var Names: PLSA_TRANSLATED_NAME): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaLookupSids}
- const
- SE_INTERACTIVE_LOGON_NAME = 'SeInteractiveLogonRight';
- {$EXTERNALSYM SE_INTERACTIVE_LOGON_NAME}
- SE_NETWORK_LOGON_NAME = 'SeNetworkLogonRight';
- {$EXTERNALSYM SE_NETWORK_LOGON_NAME}
- SE_BATCH_LOGON_NAME = 'SeBatchLogonRight';
- {$EXTERNALSYM SE_BATCH_LOGON_NAME}
- SE_SERVICE_LOGON_NAME = 'SeServiceLogonRight';
- {$EXTERNALSYM SE_SERVICE_LOGON_NAME}
- SE_DENY_INTERACTIVE_LOGON_NAME = 'SeDenyInteractiveLogonRight';
- {$EXTERNALSYM SE_DENY_INTERACTIVE_LOGON_NAME}
- SE_DENY_NETWORK_LOGON_NAME = 'SeDenyNetworkLogonRight';
- {$EXTERNALSYM SE_DENY_NETWORK_LOGON_NAME}
- SE_DENY_BATCH_LOGON_NAME = 'SeDenyBatchLogonRight';
- {$EXTERNALSYM SE_DENY_BATCH_LOGON_NAME}
- SE_DENY_SERVICE_LOGON_NAME = 'SeDenyServiceLogonRight';
- {$EXTERNALSYM SE_DENY_SERVICE_LOGON_NAME}
- SE_REMOTE_INTERACTIVE_LOGON_NAME = 'SeRemoteInteractiveLogonRight';
- {$EXTERNALSYM SE_REMOTE_INTERACTIVE_LOGON_NAME}
- SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME = 'SeDenyRemoteInteractiveLogonRight';
- {$EXTERNALSYM SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME}
- //
- // This new API returns all the accounts with a certain privilege
- //
- function LsaEnumerateAccountsWithUserRight(PolicyHandle: LSA_HANDLE;
- UserRights: PLSA_UNICODE_STRING; var EnumerationBuffer: PLSA_ENUMERATION_INFORMATION;
- var CountReturned: ULONG): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaEnumerateAccountsWithUserRight}
- //
- // These new APIs differ by taking a SID instead of requiring the caller
- // to open the account first and passing in an account handle
- //
- function LsaEnumerateAccountRights(PolicyHandle: LSA_HANDLE; AccountSid: PSID;
- var UserRights: PLSA_UNICODE_STRING; var CountOfRights: ULONG): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaEnumerateAccountRights}
- function LsaAddAccountRights(PolicyHandle: LSA_HANDLE; AccountSid: PSID;
- UserRights: PLSA_UNICODE_STRING; CountOfRights: ULONG): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaAddAccountRights}
- function LsaRemoveAccountRights(PolicyHandle: LSA_HANDLE; AccountSid: PSID;
- AllRights: ByteBool; UserRights: PLSA_UNICODE_STRING; CountOfRights: ULONG): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaRemoveAccountRights}
- ///////////////////////////////////////////////////////////////////////////////
- // //
- // Local Security Policy - Trusted Domain Object API function prototypes //
- // //
- ///////////////////////////////////////////////////////////////////////////////
- function LsaOpenTrustedDomainByName(PolicyHandle: LSA_HANDLE;
- const TrustedDomainName: LSA_UNICODE_STRING; DesiredAccess: ACCESS_MASK;
- var TrustedDomainHandle: LSA_HANDLE): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaOpenTrustedDomainByName}
- function LsaQueryTrustedDomainInfo(PolicyHandle: LSA_HANDLE; TrustedDomainSid: PSID;
- InformationClass: TRUSTED_INFORMATION_CLASS; Buffer: PPVOID): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaQueryTrustedDomainInfo}
- function LsaSetTrustedDomainInformation(PolicyHandle: LSA_HANDLE; TrustedDomainSid: PSID;
- InformationClass: TRUSTED_INFORMATION_CLASS; Buffer: PVOID): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaSetTrustedDomainInformation}
- function LsaDeleteTrustedDomain(PolicyHandle: LSA_HANDLE; TrustedDomainSid: PSID): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaDeleteTrustedDomain}
- function LsaQueryTrustedDomainInfoByName(PolicyHandle: LSA_HANDLE;
- const TrustedDomainName: LSA_UNICODE_STRING;
- InformationClass: TRUSTED_INFORMATION_CLASS; Buffer: PPVOID): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaQueryTrustedDomainInfoByName}
- function LsaSetTrustedDomainInfoByName(PolicyHandle: LSA_HANDLE;
- const TrustedDomainName: LSA_UNICODE_STRING;
- InformationClass: TRUSTED_INFORMATION_CLASS; Buffer: PVOID): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaSetTrustedDomainInfoByName}
- function LsaEnumerateTrustedDomainsEx(PolicyHandle: LSA_HANDLE;
- var EnumerationContext: LSA_ENUMERATION_HANDLE; Buffer: PPVOID;
- PreferedMaximumLength: ULONG; var CountReturned: ULONG): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaEnumerateTrustedDomainsEx}
- function LsaCreateTrustedDomainEx(PolicyHandle: LSA_HANDLE;
- const TrustedDomainInformation: TRUSTED_DOMAIN_INFORMATION_EX;
- const AuthenticationInformation: TRUSTED_DOMAIN_AUTH_INFORMATION;
- DesiredAccess: ACCESS_MASK; var TrustedDomainHandle: LSA_HANDLE): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaCreateTrustedDomainEx}
- function LsaQueryForestTrustInformation(PolicyHandle: LSA_HANDLE; TrustedDomainName: PLSA_UNICODE_STRING;
- var ForestTrustInfo: PLSA_FOREST_TRUST_INFORMATION): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaQueryForestTrustInformation}
- function LsaSetForestTrustInformation(PolicyHandle: LSA_HANDLE; TrustedDomainName: PLSA_UNICODE_STRING;
- ForestTrustInfo: PLSA_FOREST_TRUST_INFORMATION; CheckOnly: BOOLEAN; var CollisionInfo: PLSA_FOREST_TRUST_COLLISION_INFORMATION): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaSetForestTrustInformation}
- //{$DEFINE TESTING_MATCHING_ROUTINE}
- {$IFDEF TESTING_MATCHING_ROUTINE}
- function LsaForestTrustFindMatch(PolicyHandle: LSA_HANDLE; Type_: ULONG; Name: PLSA_UNICODE_STRING; var Match: PLSA_UNICODE_STRING): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaForestTrustFindMatch}
- {$ENDIF}
- //
- // This API sets the workstation password (equivalent of setting/getting
- // the SSI_SECRET_NAME secret)
- //
- function LsaStorePrivateData(PolicyHandle: LSA_HANDLE;
- const KeyName: LSA_UNICODE_STRING; PrivateData: PLSA_UNICODE_STRING): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaStorePrivateData}
- function LsaRetrievePrivateData(PolicyHandle: LSA_HANDLE;
- const KeyName: LSA_UNICODE_STRING; var PrivateData: PLSA_UNICODE_STRING): NTSTATUS; stdcall;
- {$EXTERNALSYM LsaRetrievePrivateData}
- function LsaNtStatusToWinError(Status: NTSTATUS): ULONG; stdcall;
- {$EXTERNALSYM LsaNtStatusToWinError}
- (*#if 0
- NTSTATUS
- NTAPI
- LsaLookupNamesEx(
- IN LSA_HANDLE PolicyHandle,
- IN ULONG Count,
- IN PLSA_NAME_LOOKUP_EX Names,
- OUT PLSA_TRANSLATED_SID_EX *TranslatedSids,
- IN ULONG LookupOptions,
- IN OUT PULONG MappedCount
- );
- NTSTATUS
- NTAPI
- LsaLookupSidsEx(
- IN LSA_HANDLE PolicyHandle,
- IN ULONG Count,
- IN PLSA_SID_LOOKUP_EX Sids,
- OUT PLSA_TRANSLATED_NAME_EX *TranslatedNames,
- IN ULONG LookupOptions,
- IN OUT PULONG MappedCount
- );
- #endif*)
- //
- // SPNEGO package stuff
- //
- type
- NEGOTIATE_MESSAGES = (NegEnumPackagePrefixes, NegGetCallerName, NegCallPackageMax);
- {$EXTERNALSYM NEGOTIATE_MESSAGES}
- const
- NEGOTIATE_MAX_PREFIX = 32;
- {$EXTERNALSYM NEGOTIATE_MAX_PREFIX}
- type
- PNEGOTIATE_PACKAGE_PREFIX = ^NEGOTIATE_PACKAGE_PREFIX;
- {$EXTERNALSYM PNEGOTIATE_PACKAGE_PREFIX}
- _NEGOTIATE_PACKAGE_PREFIX = record
- PackageId: ULONG_PTR;
- PackageDataA: PVOID;
- PackageDataW: PVOID;
- PrefixLen: ULONG_PTR;
- Prefix: array [0..NEGOTIATE_MAX_PREFIX - 1] of UCHAR;
- end;
- {$EXTERNALSYM _NEGOTIATE_PACKAGE_PREFIX}
- NEGOTIATE_PACKAGE_PREFIX = _NEGOTIATE_PACKAGE_PREFIX;
- {$EXTERNALSYM NEGOTIATE_PACKAGE_PREFIX}
- TNegotiatePackagePrefix = NEGOTIATE_PACKAGE_PREFIX;
- PNegotiatePackagePrefix = PNEGOTIATE_PACKAGE_PREFIX;
- PNEGOTIATE_PACKAGE_PREFIXES = ^NEGOTIATE_PACKAGE_PREFIXES;
- {$EXTERNALSYM PNEGOTIATE_PACKAGE_PREFIXES}
- _NEGOTIATE_PACKAGE_PREFIXES = record
- MessageType: ULONG;
- PrefixCount: ULONG;
- Offset: ULONG; // Offset to array of _PREFIX above
- Pad: ULONG; // Align structure for 64-bit
- end;
- {$EXTERNALSYM _NEGOTIATE_PACKAGE_PREFIXES}
- NEGOTIATE_PACKAGE_PREFIXES = _NEGOTIATE_PACKAGE_PREFIXES;
- {$EXTERNALSYM NEGOTIATE_PACKAGE_PREFIXES}
- TNegotiatePackagePrefixes = NEGOTIATE_PACKAGE_PREFIXES;
- PNegotiatePackagePrefixes = PNEGOTIATE_PACKAGE_PREFIXES;
- PNEGOTIATE_CALLER_NAME_REQUEST = ^NEGOTIATE_CALLER_NAME_REQUEST;
- {$EXTERNALSYM PNEGOTIATE_CALLER_NAME_REQUEST}
- _NEGOTIATE_CALLER_NAME_REQUEST = record
- MessageType: ULONG;
- LogonId: LUID;
- end;
- {$EXTERNALSYM _NEGOTIATE_CALLER_NAME_REQUEST}
- NEGOTIATE_CALLER_NAME_REQUEST = _NEGOTIATE_CALLER_NAME_REQUEST;
- {$EXTERNALSYM NEGOTIATE_CALLER_NAME_REQUEST}
- TNegotiateCallerNameRequest = NEGOTIATE_CALLER_NAME_REQUEST;
- PNegotiateCallerNameRequest = PNEGOTIATE_CALLER_NAME_REQUEST;
- PNEGOTIATE_CALLER_NAME_RESPONSE = ^NEGOTIATE_CALLER_NAME_RESPONSE;
- {$EXTERNALSYM PNEGOTIATE_CALLER_NAME_RESPONSE}
- _NEGOTIATE_CALLER_NAME_RESPONSE = record
- MessageType: ULONG;
- CallerName: PWSTR;
- end;
- {$EXTERNALSYM _NEGOTIATE_CALLER_NAME_RESPONSE}
- NEGOTIATE_CALLER_NAME_RESPONSE = _NEGOTIATE_CALLER_NAME_RESPONSE;
- {$EXTERNALSYM NEGOTIATE_CALLER_NAME_RESPONSE}
- TNegotiateCallerNameResponse = NEGOTIATE_CALLER_NAME_RESPONSE;
- PNegotiateCallerNameResponse = PNEGOTIATE_CALLER_NAME_RESPONSE;
- const
- NEGOTIATE_ALLOW_NTLM = $10000000;
- {$EXTERNALSYM NEGOTIATE_ALLOW_NTLM}
- NEGOTIATE_NEG_NTLM = $20000000;
- {$EXTERNALSYM NEGOTIATE_NEG_NTLM}
- type
- PDOMAIN_PASSWORD_INFORMATION = ^DOMAIN_PASSWORD_INFORMATION;
- {$EXTERNALSYM PDOMAIN_PASSWORD_INFORMATION}
- _DOMAIN_PASSWORD_INFORMATION = record
- MinPasswordLength: USHORT;
- PasswordHistoryLength: USHORT;
- PasswordProperties: ULONG;
- MaxPasswordAge: LARGE_INTEGER;
- MinPasswordAge: LARGE_INTEGER;
- end;
- {$EXTERNALSYM _DOMAIN_PASSWORD_INFORMATION}
- DOMAIN_PASSWORD_INFORMATION = _DOMAIN_PASSWORD_INFORMATION;
- {$EXTERNALSYM DOMAIN_PASSWORD_INFORMATION}
- TDomainPasswordInformation = DOMAIN_PASSWORD_INFORMATION;
- PDomainPasswordInformation = PDOMAIN_PASSWORD_INFORMATION;
- //
- // PasswordProperties flags
- //
- const
- DOMAIN_PASSWORD_COMPLEX = $00000001;
- {$EXTERNALSYM DOMAIN_PASSWORD_COMPLEX}
- DOMAIN_PASSWORD_NO_ANON_CHANGE = $00000002;
- {$EXTERNALSYM DOMAIN_PASSWORD_NO_ANON_CHANGE}
- DOMAIN_PASSWORD_NO_CLEAR_CHANGE = $00000004;
- {$EXTERNALSYM DOMAIN_PASSWORD_NO_CLEAR_CHANGE}
- DOMAIN_LOCKOUT_ADMINS = $00000008;
- {$EXTERNALSYM DOMAIN_LOCKOUT_ADMINS}
- DOMAIN_PASSWORD_STORE_CLEARTEXT = $00000010;
- {$EXTERNALSYM DOMAIN_PASSWORD_STORE_CLEARTEXT}
- DOMAIN_REFUSE_PASSWORD_CHANGE = $00000020;
- {$EXTERNALSYM DOMAIN_REFUSE_PASSWORD_CHANGE}
- type
- PSAM_PASSWORD_NOTIFICATION_ROUTINE = function (UserName: PUNICODE_STRING;
- RelativeId: ULONG; NewPassword: PUNICODE_STRING): NTSTATUS; stdcall;
- {$EXTERNALSYM PSAM_PASSWORD_NOTIFICATION_ROUTINE}
- TSamPasswordNotificationRoutine = PSAM_PASSWORD_NOTIFICATION_ROUTINE;
- const
- SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE = 'PasswordChangeNotify';
- {$EXTERNALSYM SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE}
- type
- PSAM_INIT_NOTIFICATION_ROUTINE = function : ByteBool; stdcall;
- {$EXTERNALSYM PSAM_INIT_NOTIFICATION_ROUTINE}
- TSamInitNotificationRoutine = PSAM_INIT_NOTIFICATION_ROUTINE;
- const
- SAM_INIT_NOTIFICATION_ROUTINE = 'InitializeChangeNotify';
- {$EXTERNALSYM SAM_INIT_NOTIFICATION_ROUTINE}
- SAM_PASSWORD_FILTER_ROUTINE = 'PasswordFilter';
- {$EXTERNALSYM SAM_PASSWORD_FILTER_ROUTINE}
- type
- PSAM_PASSWORD_FILTER_ROUTINE = function (AccountName, FullName,
- Password: PUNICODE_STRING; SetOperation: ByteBool): ByteBool; stdcall;
- {$EXTERNALSYM PSAM_PASSWORD_FILTER_ROUTINE}
- TSamPasswordFilterRoutine = PSAM_PASSWORD_FILTER_ROUTINE;
- /////////////////////////////////////////////////////////////////////////
- // //
- // Name of the MSV1_0 authentication package //
- // //
- /////////////////////////////////////////////////////////////////////////
- const
- MSV1_0_PACKAGE_NAME = 'MICROSOFT_AUTHENTICATION_PACKAGE_V1_0';
- {$EXTERNALSYM MSV1_0_PACKAGE_NAME}
- MSV1_0_PACKAGE_NAMEW = WideString('MICROSOFT_AUTHENTICATION_PACKAGE_V1_0');
- {$EXTERNALSYM MSV1_0_PACKAGE_NAMEW}
- MSV1_0_PACKAGE_NAMEW_LENGTH = SizeOf(MSV1_0_PACKAGE_NAMEW) - SizeOf(WCHAR);
- {$EXTERNALSYM MSV1_0_PACKAGE_NAMEW_LENGTH}
- //
- // Location of MSV authentication package data
- //
- MSV1_0_SUBAUTHENTICATION_KEY = 'SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0';
- {$EXTERNALSYM MSV1_0_SUBAUTHENTICATION_KEY}
- MSV1_0_SUBAUTHENTICATION_VALUE = 'Auth';
- {$EXTERNALSYM MSV1_0_SUBAUTHENTICATION_VALUE}
- /////////////////////////////////////////////////////////////////////////
- // //
- // Widely used MSV1_0 data types //
- // //
- /////////////////////////////////////////////////////////////////////////
- ///////////////////////////////////////////////////////////////////////////////
- // //
- // LOGON Related Data Structures
- //
- // //
- ///////////////////////////////////////////////////////////////////////////////
- //
- // When a LsaLogonUser() call is dispatched to the MsV1_0 authentication
- // package, the beginning of the AuthenticationInformation buffer is
- // cast to a MSV1_0_LOGON_SUBMIT_TYPE to determine the type of logon
- // being requested. Similarly, upon return, the type of profile buffer
- // can be determined by typecasting it to a MSV_1_0_PROFILE_BUFFER_TYPE.
- //
- //
- // MSV1.0 LsaLogonUser() submission message types.
- //
- type
- _MSV1_0_LOGON_SUBMIT_TYPE = (
- mlstFiller0, mlstFiller1,
- MsV1_0InteractiveLogon,
- MsV1_0Lm20Logon,
- MsV1_0NetworkLogon,
- MsV1_0SubAuthLogon,
- mlstFiller6,
- MsV1_0WorkstationUnlockLogon);
- {$EXTERNALSYM _MSV1_0_LOGON_SUBMIT_TYPE}
- MSV1_0_LOGON_SUBMIT_TYPE = _MSV1_0_LOGON_SUBMIT_TYPE;
- {$EXTERNALSYM MSV1_0_LOGON_SUBMIT_TYPE}
- PMSV1_0_LOGON_SUBMIT_TYPE = ^MSV1_0_LOGON_SUBMIT_TYPE;
- {$EXTERNALSYM PMSV1_0_LOGON_SUBMIT_TYPE}
- TMsv1_0LogonSubmitType = MSV1_0_LOGON_SUBMIT_TYPE;
- PMsv1_0LogonSubmitType = PMSV1_0_LOGON_SUBMIT_TYPE;
- //
- // MSV1.0 LsaLogonUser() profile buffer types.
- //
- _MSV1_0_PROFILE_BUFFER_TYPE = (
- mpbtFiller0, mpbtFiller1,
- MsV1_0InteractiveProfile,
- MsV1_0Lm20LogonProfile,
- MsV1_0SmartCardProfile);
- {$EXTERNALSYM _MSV1_0_PROFILE_BUFFER_TYPE}
- MSV1_0_PROFILE_BUFFER_TYPE = _MSV1_0_PROFILE_BUFFER_TYPE;
- {$EXTERNALSYM MSV1_0_PROFILE_BUFFER_TYPE}
- PMSV1_0_PROFILE_BUFFER_TYPE = ^MSV1_0_PROFILE_BUFFER_TYPE;
- {$EXTERNALSYM PMSV1_0_PROFILE_BUFFER_TYPE}
- TMsv1_0ProfileBufferType = MSV1_0_PROFILE_BUFFER_TYPE;
- PMsv1_0ProfileBufferType = PMSV1_0_PROFILE_BUFFER_TYPE;
- //
- // MsV1_0InteractiveLogon
- //
- // The AuthenticationInformation buffer of an LsaLogonUser() call to
- // perform an interactive logon contains the following data structure:
- //
- PMSV1_0_INTERACTIVE_LOGON = ^MSV1_0_INTERACTIVE_LOGON;
- {$EXTERNALSYM PMSV1_0_INTERACTIVE_LOGON}
- _MSV1_0_INTERACTIVE_LOGON = record
- MessageType: MSV1_0_LOGON_SUBMIT_TYPE;
- LogonDomainName: UNICODE_STRING;
- UserName: UNICODE_STRING;
- Password: UNICODE_STRING;
- end;
- {$EXTERNALSYM _MSV1_0_INTERACTIVE_LOGON}
- MSV1_0_INTERACTIVE_LOGON = _MSV1_0_INTERACTIVE_LOGON;
- {$EXTERNALSYM MSV1_0_INTERACTIVE_LOGON}
- TMsv10InteractiveLogon = MSV1_0_INTERACTIVE_LOGON;
- PMsv10InteractiveLogon = PMSV1_0_INTERACTIVE_LOGON;
- //
- // Where:
- //
- // MessageType - Contains the type of logon being requested. This
- // field must be set to MsV1_0InteractiveLogon.
- //
- // UserName - Is a string representing the user's account name. The
- // name may be up to 255 characters long. The name is treated case
- // insensitive.
- //
- // Password - Is a string containing the user's cleartext password.
- // The password may be up to 255 characters long and contain any
- // UNICODE value.
- //
- //
- //
- // The ProfileBuffer returned upon a successful logon of this type
- // contains the following data structure:
- //
- PMSV1_0_INTERACTIVE_PROFILE = ^MSV1_0_INTERACTIVE_PROFILE;
- {$EXTERNALSYM PMSV1_0_INTERACTIVE_PROFILE}
- _MSV1_0_INTERACTIVE_PROFILE = record
- MessageType: MSV1_0_PROFILE_BUFFER_TYPE;
- LogonCount: USHORT;
- BadPasswordCount: USHORT;
- LogonTime: LARGE_INTEGER;
- LogoffTime: LARGE_INTEGER;
- KickOffTime: LARGE_INTEGER;
- PasswordLastSet: LARGE_INTEGER;
- PasswordCanChange: LARGE_INTEGER;
- PasswordMustChange: LARGE_INTEGER;
- LogonScript: UNICODE_STRING;
- HomeDirectory: UNICODE_STRING;
- FullName: UNICODE_STRING;
- ProfilePath: UNICODE_STRING;
- HomeDirectoryDrive: UNICODE_STRING;
- LogonServer: UNICODE_STRING;
- UserFlags: ULONG;
- end;
- {$EXTERNALSYM _MSV1_0_INTERACTIVE_PROFILE}
- MSV1_0_INTERACTIVE_PROFILE = _MSV1_0_INTERACTIVE_PROFILE;
- {$EXTERNALSYM MSV1_0_INTERACTIVE_PROFILE}
- TMsv10InteractiveProfile = MSV1_0_INTERACTIVE_PROFILE;
- PMsv10InteractiveProfile = PMSV1_0_INTERACTIVE_PROFILE;
- //
- // where:
- //
- // MessageType - Identifies the type of profile data being returned.
- // Contains the type of logon being requested. This field must
- // be set to MsV1_0InteractiveProfile.
- //
- // LogonCount - Number of times the user is currently logged on.
- //
- // BadPasswordCount - Number of times a bad password was applied to
- // the account since last successful logon.
- //
- // LogonTime - Time when user last logged on. This is an absolute
- // format NT standard time value.
- //
- // LogoffTime - Time when user should log off. This is an absolute
- // format NT standard time value.
- //
- // KickOffTime - Time when system should force user logoff. This is
- // an absolute format NT standard time value.
- //
- // PasswordLastChanged - Time and date the password was last
- // changed. This is an absolute format NT standard time
- // value.
- //
- // PasswordCanChange - Time and date when the user can change the
- // password. This is an absolute format NT time value. To
- // prevent a password from ever changing, set this field to a
- // date very far into the future.
- //
- // PasswordMustChange - Time and date when the user must change the
- // password. If the user can never change the password, this
- // field is undefined. This is an absolute format NT time
- // value.
- //
- // LogonScript - The (relative) path to the account's logon
- // script.
- //
- // HomeDirectory - The home directory for the user.
- //
- //
- // MsV1_0Lm20Logon and MsV1_0NetworkLogon
- //
- // The AuthenticationInformation buffer of an LsaLogonUser() call to
- // perform an network logon contains the following data structure:
- //
- // MsV1_0NetworkLogon logon differs from MsV1_0Lm20Logon in that the
- // ParameterControl field exists.
- //
- const
- MSV1_0_CHALLENGE_LENGTH = 8;
- {$EXTERNALSYM MSV1_0_CHALLENGE_LENGTH}
- MSV1_0_USER_SESSION_KEY_LENGTH = 16;
- {$EXTERNALSYM MSV1_0_USER_SESSION_KEY_LENGTH}
- MSV1_0_LANMAN_SESSION_KEY_LENGTH = 8;
- {$EXTERNALSYM MSV1_0_LANMAN_SESSION_KEY_LENGTH}
- //
- // Values for ParameterControl.
- //
- MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = $02;
- {$EXTERNALSYM MSV1_0_CLEARTEXT_PASSWORD_ALLOWED}
- MSV1_0_UPDATE_LOGON_STATISTICS = $04;
- {$EXTERNALSYM MSV1_0_UPDATE_LOGON_STATISTICS}
- MSV1_0_RETURN_USER_PARAMETERS = $08;
- {$EXTERNALSYM MSV1_0_RETURN_USER_PARAMETERS}