开通博客赚积分
发布资源赚积分
分类

源码开发语言/平台
当前位置:首页 > 源码/资料 > Windows编程 > 查看源码
JwaNtSecApi.pas
资源名称:win32api.zip [点击查看]
上传用户:davidchvip
上传日期:2009-07-28
资源大小:1749k
文件大小:146k
源码类别:

Windows编程

开发平台:

Delphi

JwaNtSecApi.pas:源码内容
  1.   MSV1_0_DONT_TRY_GUEST_ACCOUNT     = $10;
  2.   {$EXTERNALSYM MSV1_0_DONT_TRY_GUEST_ACCOUNT}
  3.   MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = $20;
  4.   {$EXTERNALSYM MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT}
  5.   MSV1_0_RETURN_PASSWORD_EXPIRY     = $40;
  6.   {$EXTERNALSYM MSV1_0_RETURN_PASSWORD_EXPIRY}
  8. // this next flag says that CaseInsensitiveChallengeResponse
  9. //  (aka LmResponse) contains a client challenge in the first 8 bytes
  11.   MSV1_0_USE_CLIENT_CHALLENGE            = $80;
  12.   {$EXTERNALSYM MSV1_0_USE_CLIENT_CHALLENGE}
  13.   MSV1_0_TRY_GUEST_ACCOUNT_ONLY          = $100;
  14.   {$EXTERNALSYM MSV1_0_TRY_GUEST_ACCOUNT_ONLY}
  15.   MSV1_0_RETURN_PROFILE_PATH             = $200;
  16.   {$EXTERNALSYM MSV1_0_RETURN_PROFILE_PATH}
  17.   MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY       = $400;
  18.   {$EXTERNALSYM MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY}
  19.   MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = $800;
  20.   {$EXTERNALSYM MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT}
  21.   MSV1_0_DISABLE_PERSONAL_FALLBACK       = $00001000;
  22.   {$EXTERNALSYM MSV1_0_DISABLE_PERSONAL_FALLBACK}
  23.   MSV1_0_ALLOW_FORCE_GUEST          = $00002000;
  24.   {$EXTERNALSYM MSV1_0_ALLOW_FORCE_GUEST}
  25.   MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED     = $00004000;
  26.   {$EXTERNALSYM MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED}
  27.   MSV1_0_SUBAUTHENTICATION_DLL_EX        = $00100000;
  28.   {$EXTERNALSYM MSV1_0_SUBAUTHENTICATION_DLL_EX}
  30. //
  31. // The high order byte is a value indicating the SubAuthentication DLL.
  32. //  Zero indicates no SubAuthentication DLL.
  33. //
  35.   MSV1_0_SUBAUTHENTICATION_DLL       = DWORD($FF000000);
  36.   {$EXTERNALSYM MSV1_0_SUBAUTHENTICATION_DLL}
  37.   MSV1_0_SUBAUTHENTICATION_DLL_SHIFT = 24;
  38.   {$EXTERNALSYM MSV1_0_SUBAUTHENTICATION_DLL_SHIFT}
  39.   MSV1_0_MNS_LOGON                   = $01000000;
  40.   {$EXTERNALSYM MSV1_0_MNS_LOGON}
  42. //
  43. // This is the list of subauthentication dlls used in MS
  44. //
  46.   MSV1_0_SUBAUTHENTICATION_DLL_RAS = 2;
  47.   {$EXTERNALSYM MSV1_0_SUBAUTHENTICATION_DLL_RAS}
  48.   MSV1_0_SUBAUTHENTICATION_DLL_IIS = 132;
  49.   {$EXTERNALSYM MSV1_0_SUBAUTHENTICATION_DLL_IIS}
  51. type
  52.   PMSV1_0_LM20_LOGON = ^MSV1_0_LM20_LOGON;
  53.   {$EXTERNALSYM PMSV1_0_LM20_LOGON}
  54.   _MSV1_0_LM20_LOGON = record
  55.     MessageType: MSV1_0_LOGON_SUBMIT_TYPE;
  56.     LogonDomainName: UNICODE_STRING;
  57.     UserName: UNICODE_STRING;
  58.     Workstation: UNICODE_STRING;
  59.     ChallengeToClient: array [0..MSV1_0_CHALLENGE_LENGTH - 1] of UCHAR;
  60.     CaseSensitiveChallengeResponse: STRING;
  61.     CaseInsensitiveChallengeResponse: STRING;
  62.     ParameterControl: ULONG;
  63.   end;
  64.   {$EXTERNALSYM _MSV1_0_LM20_LOGON}
  65.   MSV1_0_LM20_LOGON = _MSV1_0_LM20_LOGON;
  66.   {$EXTERNALSYM MSV1_0_LM20_LOGON}
  67.   TMsv10Lm20Logon = MSV1_0_LM20_LOGON;
  68.   PMsv10Lm20Logon = PMSV1_0_LM20_LOGON;
  70. //
  71. // NT 5.0 SubAuth dlls can use this struct
  72. //
  74.   PMSV1_0_SUBAUTH_LOGON = ^MSV1_0_SUBAUTH_LOGON;
  75.   {$EXTERNALSYM PMSV1_0_SUBAUTH_LOGON}
  76.   _MSV1_0_SUBAUTH_LOGON = record
  77.     MessageType: MSV1_0_LOGON_SUBMIT_TYPE;
  78.     LogonDomainName: UNICODE_STRING;
  79.     UserName: UNICODE_STRING;
  80.     Workstation: UNICODE_STRING;
  81.     ChallengeToClient: array [0..MSV1_0_CHALLENGE_LENGTH - 1] of UCHAR;
  82.     AuthenticationInfo1: STRING;
  83.     AuthenticationInfo2: STRING;
  84.     ParameterControl: ULONG;
  85.     SubAuthPackageId: ULONG;
  86.   end;
  87.   {$EXTERNALSYM _MSV1_0_SUBAUTH_LOGON}
  88.   MSV1_0_SUBAUTH_LOGON = _MSV1_0_SUBAUTH_LOGON;
  89.   {$EXTERNALSYM MSV1_0_SUBAUTH_LOGON}
  90.   TMsv10SubauthLogon = MSV1_0_SUBAUTH_LOGON;
  91.   PMsv10SubauthLogon = PMSV1_0_SUBAUTH_LOGON;
  93. //
  94. // Values for UserFlags.
  95. //
  97. const
  98.   LOGON_GUEST                 = $01;
  99.   {$EXTERNALSYM LOGON_GUEST}
  100.   LOGON_NOENCRYPTION          = $02;
  101.   {$EXTERNALSYM LOGON_NOENCRYPTION}
  102.   LOGON_CACHED_ACCOUNT        = $04;
  103.   {$EXTERNALSYM LOGON_CACHED_ACCOUNT}
  104.   LOGON_USED_LM_PASSWORD      = $08;
  105.   {$EXTERNALSYM LOGON_USED_LM_PASSWORD}
  106.   LOGON_EXTRA_SIDS            = $20;
  107.   {$EXTERNALSYM LOGON_EXTRA_SIDS}
  108.   LOGON_SUBAUTH_SESSION_KEY   = $40;
  109.   {$EXTERNALSYM LOGON_SUBAUTH_SESSION_KEY}
  110.   LOGON_SERVER_TRUST_ACCOUNT  = $80;
  111.   {$EXTERNALSYM LOGON_SERVER_TRUST_ACCOUNT}
  112.   LOGON_NTLMV2_ENABLED        = $100; // says DC understands NTLMv2
  113.   {$EXTERNALSYM LOGON_NTLMV2_ENABLED}
  114.   LOGON_RESOURCE_GROUPS       = $200;
  115.   {$EXTERNALSYM LOGON_RESOURCE_GROUPS}
  116.   LOGON_PROFILE_PATH_RETURNED = $400;
  117.   {$EXTERNALSYM LOGON_PROFILE_PATH_RETURNED}
  119. //
  120. // The high order byte is reserved for return by SubAuthentication DLLs.
  121. //
  123.   MSV1_0_SUBAUTHENTICATION_FLAGS = DWORD($FF000000);
  124.   {$EXTERNALSYM MSV1_0_SUBAUTHENTICATION_FLAGS}
  126. // Values returned by the MSV1_0_MNS_LOGON SubAuthentication DLL
  128.   LOGON_GRACE_LOGON = $01000000;
  129.   {$EXTERNALSYM LOGON_GRACE_LOGON}
  131. type
  132.   PMSV1_0_LM20_LOGON_PROFILE = ^MSV1_0_LM20_LOGON_PROFILE;
  133.   {$EXTERNALSYM PMSV1_0_LM20_LOGON_PROFILE}
  134.   _MSV1_0_LM20_LOGON_PROFILE = record
  135.     MessageType: MSV1_0_PROFILE_BUFFER_TYPE;
  136.     KickOffTime: LARGE_INTEGER;
  137.     LogoffTime: LARGE_INTEGER;
  138.     UserFlags: ULONG;
  139.     UserSessionKey: array [0..MSV1_0_USER_SESSION_KEY_LENGTH - 1] of UCHAR;
  140.     LogonDomainName: UNICODE_STRING;
  141.     LanmanSessionKey: array [0..MSV1_0_LANMAN_SESSION_KEY_LENGTH - 1] of UCHAR;
  142.     LogonServer: UNICODE_STRING;
  143.     UserParameters: UNICODE_STRING;
  144.   end;
  145.   {$EXTERNALSYM _MSV1_0_LM20_LOGON_PROFILE}
  146.   MSV1_0_LM20_LOGON_PROFILE = _MSV1_0_LM20_LOGON_PROFILE;
  147.   {$EXTERNALSYM MSV1_0_LM20_LOGON_PROFILE}
  148.   TMsv10Lm20LogonProfile = MSV1_0_LM20_LOGON_PROFILE;
  149.   PMsv10Lm20LogonProfile = PMSV1_0_LM20_LOGON_PROFILE;
  151. //
  152. // Supplemental credentials structure used for passing credentials into
  153. // MSV1_0 from other packages
  154. //
  156. const
  157.   MSV1_0_OWF_PASSWORD_LENGTH = 16;
  158.   {$EXTERNALSYM MSV1_0_OWF_PASSWORD_LENGTH}
  159.   MSV1_0_CRED_LM_PRESENT     = $1;
  160.   {$EXTERNALSYM MSV1_0_CRED_LM_PRESENT}
  161.   MSV1_0_CRED_NT_PRESENT     = $2;
  162.   {$EXTERNALSYM MSV1_0_CRED_NT_PRESENT}
  163.   MSV1_0_CRED_VERSION        = 0;
  164.   {$EXTERNALSYM MSV1_0_CRED_VERSION}
  166. type
  167.   PMSV1_0_SUPPLEMENTAL_CREDENTIAL = ^MSV1_0_SUPPLEMENTAL_CREDENTIAL;
  168.   {$EXTERNALSYM PMSV1_0_SUPPLEMENTAL_CREDENTIAL}
  169.   _MSV1_0_SUPPLEMENTAL_CREDENTIAL = record
  170.     Version: ULONG;
  171.     Flags: ULONG;
  172.     LmPassword: array [0..MSV1_0_OWF_PASSWORD_LENGTH - 1] of UCHAR;
  173.     NtPassword: array [0..MSV1_0_OWF_PASSWORD_LENGTH - 1] of UCHAR;
  174.   end;
  175.   {$EXTERNALSYM _MSV1_0_SUPPLEMENTAL_CREDENTIAL}
  176.   MSV1_0_SUPPLEMENTAL_CREDENTIAL = _MSV1_0_SUPPLEMENTAL_CREDENTIAL;
  177.   {$EXTERNALSYM MSV1_0_SUPPLEMENTAL_CREDENTIAL}
  178.   TMsv10SupplementalCredential = MSV1_0_SUPPLEMENTAL_CREDENTIAL;
  179.   PMsv10SupplementalCredential = PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
  181. //
  182. // NTLM3 definitions.
  183. //
  185. const
  186.   MSV1_0_NTLM3_RESPONSE_LENGTH = 16;
  187.   {$EXTERNALSYM MSV1_0_NTLM3_RESPONSE_LENGTH}
  188.   MSV1_0_NTLM3_OWF_LENGTH      = 16;
  189.   {$EXTERNALSYM MSV1_0_NTLM3_OWF_LENGTH}
  191. //
  192. // this is the longest amount of time we'll allow challenge response
  193. // pairs to be used. Note that this also has to allow for worst case clock skew
  194. //
  196.   MSV1_0_MAX_NTLM3_LIFE = 129600;     // 36 hours (in seconds)
  197.   {$EXTERNALSYM MSV1_0_MAX_NTLM3_LIFE}
  198.   MSV1_0_MAX_AVL_SIZE   = 64000;
  199.   {$EXTERNALSYM MSV1_0_MAX_AVL_SIZE}
  201. //
  202. // MsvAvFlags bit values
  203. //
  205.   MSV1_0_AV_FLAG_FORCE_GUEST = $00000001;
  206.   {$EXTERNALSYM MSV1_0_AV_FLAG_FORCE_GUEST}
  208. // this is an MSV1_0 private data structure, defining the layout of an NTLM3 response, as sent by a
  209. //  client in the NtChallengeResponse field of the NETLOGON_NETWORK_INFO structure. If can be differentiated
  210. //  from an old style NT response by its length. This is crude, but it needs to pass through servers and
  211. //  the servers' DCs that do not understand NTLM3 but that are willing to pass longer responses.
  213. type
  214.   PMSV1_0_NTLM3_RESPONSE = ^MSV1_0_NTLM3_RESPONSE;
  215.   {$EXTERNALSYM PMSV1_0_NTLM3_RESPONSE}
  216.   _MSV1_0_NTLM3_RESPONSE = record
  217.     Response: array [0..MSV1_0_NTLM3_RESPONSE_LENGTH - 1] of UCHAR; // hash of OWF of password with all the following fields
  218.     RespType: UCHAR; // id number of response; current is 1
  219.     HiRespType: UCHAR; // highest id number understood by client
  220.     Flags: USHORT; // reserved; must be sent as zero at this version
  221.     MsgWord: ULONG; // 32 bit message from client to server (for use by auth protocol)
  222.     TimeStamp: ULONGLONG; // time stamp when client generated response -- NT system time, quad part
  223.     ChallengeFromClient: array [0..MSV1_0_CHALLENGE_LENGTH - 1] of UCHAR;
  224.     AvPairsOff: ULONG; // offset to start of AvPairs (to allow future expansion)
  225.     Buffer: array [0..0] of UCHAR; // start of buffer with AV pairs (or future stuff -- so use the offset)
  226.   end;
  227.   {$EXTERNALSYM _MSV1_0_NTLM3_RESPONSE}
  228.   MSV1_0_NTLM3_RESPONSE = _MSV1_0_NTLM3_RESPONSE;
  229.   {$EXTERNALSYM MSV1_0_NTLM3_RESPONSE}
  230.   TMsv10Ntlm3Response = MSV1_0_NTLM3_RESPONSE;
  231.   PMsv10Ntlm3Response = PMSV1_0_NTLM3_RESPONSE;
  233. const
  234.   MSV1_0_NTLM3_INPUT_LENGTH = (SizeOf(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH);
  235.   {$EXTERNALSYM MSV1_0_NTLM3_INPUT_LENGTH}
  237. type
  238.   MSV1_0_AVID = (
  239.     MsvAvEOL,                 // end of list
  240.     MsvAvNbComputerName,      // server's computer name -- NetBIOS
  241.     MsvAvNbDomainName,        // server's domain name -- NetBIOS
  242.     MsvAvDnsComputerName,     // server's computer name -- DNS
  243.     MsvAvDnsDomainName,       // server's domain name -- DNS
  244.     MsvAvDnsTreeName,         // server's tree name -- DNS
  245.     MsvAvFlags);              // server's extended flags -- DWORD mask
  246.   {$EXTERNALSYM MSV1_0_AVID}
  248.   PMSV1_0_AV_PAIR = ^MSV1_0_AV_PAIR;
  249.   {$EXTERNALSYM PMSV1_0_AV_PAIR}
  250.   _MSV1_0_AV_PAIR = record
  251.     AvId: USHORT;
  252.     AvLen: USHORT;
  253.     // Data is treated as byte array following structure
  254.   end;
  255.   {$EXTERNALSYM _MSV1_0_AV_PAIR}
  256.   MSV1_0_AV_PAIR = _MSV1_0_AV_PAIR;
  257.   {$EXTERNALSYM MSV1_0_AV_PAIR}
  258.   TMsv10AvPair = MSV1_0_AV_PAIR;
  259.   PMsv10AvPair = PMSV1_0_AV_PAIR;
  261. ///////////////////////////////////////////////////////////////////////////////
  262. //                                                                           //
  263. //       CALL PACKAGE Related Data Structures                                //
  264. //                                                                           //
  265. ///////////////////////////////////////////////////////////////////////////////
  268. //
  269. //  MSV1.0 LsaCallAuthenticationPackage() submission and response
  270. //  message types.
  271. //
  273.   _MSV1_0_PROTOCOL_MESSAGE_TYPE = (
  274.     MsV1_0Lm20ChallengeRequest,              // Both submission and response
  275.     MsV1_0Lm20GetChallengeResponse,          // Both submission and response
  276.     MsV1_0EnumerateUsers,                    // Both submission and response
  277.     MsV1_0GetUserInfo,                       // Both submission and response
  278.     MsV1_0ReLogonUsers,                      // Submission only
  279.     MsV1_0ChangePassword,                    // Both submission and response
  280.     MsV1_0ChangeCachedPassword,              // Both submission and response
  281.     MsV1_0GenericPassthrough,                // Both submission and response
  282.     MsV1_0CacheLogon,                        // Submission only, no response
  283.     MsV1_0SubAuth,                           // Both submission and response
  284.     MsV1_0DeriveCredential,                  // Both submission and response
  285.     MsV1_0CacheLookup,                       // Both submission and response
  286.     MsV1_0SetProcessOption);                 // Submission only, no response
  287.   {$EXTERNALSYM _MSV1_0_PROTOCOL_MESSAGE_TYPE}
  288.   MSV1_0_PROTOCOL_MESSAGE_TYPE = _MSV1_0_PROTOCOL_MESSAGE_TYPE;
  289.   {$EXTERNALSYM MSV1_0_PROTOCOL_MESSAGE_TYPE}
  290.   PMSV1_0_PROTOCOL_MESSAGE_TYPE = ^MSV1_0_PROTOCOL_MESSAGE_TYPE;
  291.   {$EXTERNALSYM PMSV1_0_PROTOCOL_MESSAGE_TYPE}
  292.   TMsv1_0ProtocolMessageType = MSV1_0_PROTOCOL_MESSAGE_TYPE;
  293.   PMsv1_0ProtocolMessageType = PMSV1_0_PROTOCOL_MESSAGE_TYPE;
  295.   PMSV1_0_CHANGEPASSWORD_REQUEST = ^MSV1_0_CHANGEPASSWORD_REQUEST;
  296.   {$EXTERNALSYM PMSV1_0_CHANGEPASSWORD_REQUEST}
  297.   _MSV1_0_CHANGEPASSWORD_REQUEST = record
  298.     MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE;
  299.     DomainName: UNICODE_STRING;
  300.     AccountName: UNICODE_STRING;
  301.     OldPassword: UNICODE_STRING;
  302.     NewPassword: UNICODE_STRING;
  303.     Impersonating: ByteBool;
  304.   end;
  305.   {$EXTERNALSYM _MSV1_0_CHANGEPASSWORD_REQUEST}
  306.   MSV1_0_CHANGEPASSWORD_REQUEST = _MSV1_0_CHANGEPASSWORD_REQUEST;
  307.   {$EXTERNALSYM MSV1_0_CHANGEPASSWORD_REQUEST}
  308.   TMsv10ChangepasswordRequest = MSV1_0_CHANGEPASSWORD_REQUEST;
  309.   PMsv10ChangepasswordRequest = PMSV1_0_CHANGEPASSWORD_REQUEST;
  311.   PMSV1_0_CHANGEPASSWORD_RESPONSE = ^MSV1_0_CHANGEPASSWORD_RESPONSE;
  312.   {$EXTERNALSYM PMSV1_0_CHANGEPASSWORD_RESPONSE}
  313.   _MSV1_0_CHANGEPASSWORD_RESPONSE = record
  314.     MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE;
  315.     PasswordInfoValid: ByteBool;
  316.     DomainPasswordInfo: DOMAIN_PASSWORD_INFORMATION;
  317.   end;
  318.   {$EXTERNALSYM _MSV1_0_CHANGEPASSWORD_RESPONSE}
  319.   MSV1_0_CHANGEPASSWORD_RESPONSE = _MSV1_0_CHANGEPASSWORD_RESPONSE;
  320.   {$EXTERNALSYM MSV1_0_CHANGEPASSWORD_RESPONSE}
  321.   TMsv10ChangepasswordResponse = MSV1_0_CHANGEPASSWORD_RESPONSE;
  322.   PMsv10ChangepasswordResponse = PMSV1_0_CHANGEPASSWORD_RESPONSE;
  324. //
  325. // MsV1_0GenericPassthrough - for remoting a CallPackage to
  326. // a domain controller on the specified domain
  327. //
  329.   _MSV1_0_PASSTHROUGH_REQUEST = record
  330.     MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE;
  331.     DomainName: UNICODE_STRING;
  332.     PackageName: UNICODE_STRING;
  333.     DataLength: ULONG;
  334.     LogonData: PUCHAR;
  335.     Pad: ULONG;
  336.   end;
  337.   {$EXTERNALSYM _MSV1_0_PASSTHROUGH_REQUEST}
  338.   MSV1_0_PASSTHROUGH_REQUEST = _MSV1_0_PASSTHROUGH_REQUEST;
  339.   {$EXTERNALSYM MSV1_0_PASSTHROUGH_REQUEST}
  340.   PMSV1_0_PASSTHROUGH_REQUEST = ^MSV1_0_PASSTHROUGH_REQUEST;
  341.   {$EXTERNALSYM PMSV1_0_PASSTHROUGH_REQUEST}
  342.   TMsv10PassThroughRequest = MSV1_0_PASSTHROUGH_REQUEST;
  343.   PMsv10PassThroughRequest = PMSV1_0_PASSTHROUGH_REQUEST;  
  345.   _MSV1_0_PASSTHROUGH_RESPONSE = record
  346.     MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE;
  347.     Pad: ULONG;
  348.     DataLength: ULONG;
  349.     ValidationData: PUCHAR;
  350.   end;
  351.   {$EXTERNALSYM _MSV1_0_PASSTHROUGH_RESPONSE}
  352.   MSV1_0_PASSTHROUGH_RESPONSE = _MSV1_0_PASSTHROUGH_RESPONSE;
  353.   {$EXTERNALSYM MSV1_0_PASSTHROUGH_RESPONSE}
  354.   PMSV1_0_PASSTHROUGH_RESPONSE = ^MSV1_0_PASSTHROUGH_RESPONSE;
  355.   {$EXTERNALSYM PMSV1_0_PASSTHROUGH_RESPONSE}
  356.   TMsv10PassThroughResponse = MSV1_0_PASSTHROUGH_RESPONSE;
  357.   PMsv10PassThroughResponse = PMSV1_0_PASSTHROUGH_RESPONSE;
  359. //
  360. // MsV1_0SubAuthInfo submit buffer and response - for submitting a buffer to a
  361. // specified Subauthentication Package during an LsaCallAuthenticationPackage().
  362. // If this Subauthentication is to be done locally, then package this message
  363. // in LsaCallAuthenticationPackage(). If this SubAuthentication needs to be done
  364. // on the domain controller, then call LsaCallauthenticationPackage with the
  365. // message type being MsV1_0GenericPassThrough and the LogonData in this struct
  366. // should be a PMSV1_0_SUBAUTH_REQUEST
  367. //
  369.   PMSV1_0_SUBAUTH_REQUEST = ^MSV1_0_SUBAUTH_REQUEST;
  370.   {$EXTERNALSYM PMSV1_0_SUBAUTH_REQUEST}
  371.   _MSV1_0_SUBAUTH_REQUEST = record
  372.     MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE;
  373.     SubAuthPackageId: ULONG;
  374.     SubAuthInfoLength: ULONG;
  375.     SubAuthSubmitBuffer: PUCHAR;
  376.   end;
  377.   {$EXTERNALSYM _MSV1_0_SUBAUTH_REQUEST}
  378.   MSV1_0_SUBAUTH_REQUEST = _MSV1_0_SUBAUTH_REQUEST;
  379.   {$EXTERNALSYM MSV1_0_SUBAUTH_REQUEST}
  380.   TMsv10SubauthRequest = MSV1_0_SUBAUTH_REQUEST;
  381.   PMsv10SubauthRequest = PMSV1_0_SUBAUTH_REQUEST;
  383.   PMSV1_0_SUBAUTH_RESPONSE = ^MSV1_0_SUBAUTH_RESPONSE;
  384.   {$EXTERNALSYM PMSV1_0_SUBAUTH_RESPONSE}
  385.   _MSV1_0_SUBAUTH_RESPONSE = record
  386.     MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE;
  387.     SubAuthInfoLength: ULONG;
  388.     SubAuthReturnBuffer: PUCHAR;
  389.   end;
  390.   {$EXTERNALSYM _MSV1_0_SUBAUTH_RESPONSE}
  391.   MSV1_0_SUBAUTH_RESPONSE = _MSV1_0_SUBAUTH_RESPONSE;
  392.   {$EXTERNALSYM MSV1_0_SUBAUTH_RESPONSE}
  393.   TMsv10SubauthResponse = MSV1_0_SUBAUTH_RESPONSE;
  394.   PMsv10SubauthResponse = PMSV1_0_SUBAUTH_RESPONSE;
  396. //
  397. // Credential Derivation types for MsV1_0DeriveCredential Submit DeriveCredType
  398. //
  400. //
  401. // Derive Credential using SHA-1 and Request buffer DeriveCredSubmitBuffer of
  402. // length DeriveCredInfoLength mixing bytes.
  403. // Response buffer DeriveCredReturnBuffer will contain SHA-1 hash of size
  404. // A_SHA_DIGEST_LEN (20)
  405. //
  407. const
  408.   MSV1_0_DERIVECRED_TYPE_SHA1 = 0;
  409.   {$EXTERNALSYM MSV1_0_DERIVECRED_TYPE_SHA1}
  411. //
  412. // MsV1_0DeriveCredential submit buffer and response - for submitting a buffer
  413. // an call to LsaCallAuthenticationPackage().
  414. //
  416. type
  417.   PMSV1_0_DERIVECRED_REQUEST = ^MSV1_0_DERIVECRED_REQUEST;
  418.   {$EXTERNALSYM PMSV1_0_DERIVECRED_REQUEST}
  419.   _MSV1_0_DERIVECRED_REQUEST = record
  420.     MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE;
  421.     LogonId: LUID;
  422.     DeriveCredType: ULONG;
  423.     DeriveCredInfoLength: ULONG;
  424.     DeriveCredSubmitBuffer: array [0..0] of UCHAR; // in-place array of length DeriveCredInfoLength
  425.   end;
  426.   {$EXTERNALSYM _MSV1_0_DERIVECRED_REQUEST}
  427.   MSV1_0_DERIVECRED_REQUEST = _MSV1_0_DERIVECRED_REQUEST;
  428.   {$EXTERNALSYM MSV1_0_DERIVECRED_REQUEST}
  429.   TMsv10DeriveCredRequest = MSV1_0_DERIVECRED_REQUEST;
  430.   PMsv10DeriveCredRequest = PMSV1_0_DERIVECRED_REQUEST;
  432.   PMSV1_0_DERIVECRED_RESPONSE = ^MSV1_0_DERIVECRED_RESPONSE;
  433.   {$EXTERNALSYM PMSV1_0_DERIVECRED_RESPONSE}
  434.   _MSV1_0_DERIVECRED_RESPONSE = record
  435.     MessageType: MSV1_0_PROTOCOL_MESSAGE_TYPE;
  436.     DeriveCredInfoLength: ULONG;
  437.     DeriveCredReturnBuffer: array [0..0] of UCHAR; // in-place array of length DeriveCredInfoLength
  438.   end;
  439.   {$EXTERNALSYM _MSV1_0_DERIVECRED_RESPONSE}
  440.   MSV1_0_DERIVECRED_RESPONSE = _MSV1_0_DERIVECRED_RESPONSE;
  441.   {$EXTERNALSYM MSV1_0_DERIVECRED_RESPONSE}
  442.   TMsv10DeriveCredResponse = MSV1_0_DERIVECRED_RESPONSE;
  443.   PMsv10DeriveCredResponse = PMSV1_0_DERIVECRED_RESPONSE;
  445. // Revision of the Kerberos Protocol.  MS uses Version 5, Revision 6
  447. const
  448.   KERBEROS_VERSION  = 5;
  449.   {$EXTERNALSYM KERBEROS_VERSION}
  450.   KERBEROS_REVISION = 6;
  451.   {$EXTERNALSYM KERBEROS_REVISION}
  453. // Encryption Types:
  454. // These encryption types are supported by the default MS KERBSUPP DLL
  455. // as crypto systems.  Values over 127 are local values, and may be changed
  456. // without notice.
  458.   KERB_ETYPE_NULL        = 0;
  459.   {$EXTERNALSYM KERB_ETYPE_NULL}
  460.   KERB_ETYPE_DES_CBC_CRC = 1;
  461.   {$EXTERNALSYM KERB_ETYPE_DES_CBC_CRC}
  462.   KERB_ETYPE_DES_CBC_MD4 = 2;
  463.   {$EXTERNALSYM KERB_ETYPE_DES_CBC_MD4}
  464.   KERB_ETYPE_DES_CBC_MD5 = 3;
  465.   {$EXTERNALSYM KERB_ETYPE_DES_CBC_MD5}
  467.   KERB_ETYPE_RC4_MD4           = -128;
  468.   {$EXTERNALSYM KERB_ETYPE_RC4_MD4}
  469.   KERB_ETYPE_RC4_PLAIN2        = -129;
  470.   {$EXTERNALSYM KERB_ETYPE_RC4_PLAIN2}
  471.   KERB_ETYPE_RC4_LM            = -130;
  472.   {$EXTERNALSYM KERB_ETYPE_RC4_LM}
  473.   KERB_ETYPE_RC4_SHA           = -131;
  474.   {$EXTERNALSYM KERB_ETYPE_RC4_SHA}
  475.   KERB_ETYPE_DES_PLAIN         = -132;
  476.   {$EXTERNALSYM KERB_ETYPE_DES_PLAIN}
  477.   KERB_ETYPE_RC4_HMAC_OLD      = -133;
  478.   {$EXTERNALSYM KERB_ETYPE_RC4_HMAC_OLD}
  479.   KERB_ETYPE_RC4_PLAIN_OLD     = -134;
  480.   {$EXTERNALSYM KERB_ETYPE_RC4_PLAIN_OLD}
  481.   KERB_ETYPE_RC4_HMAC_OLD_EXP  = -135;
  482.   {$EXTERNALSYM KERB_ETYPE_RC4_HMAC_OLD_EXP}
  483.   KERB_ETYPE_RC4_PLAIN_OLD_EXP = -136;
  484.   {$EXTERNALSYM KERB_ETYPE_RC4_PLAIN_OLD_EXP}
  485.   KERB_ETYPE_RC4_PLAIN         = -140;
  486.   {$EXTERNALSYM KERB_ETYPE_RC4_PLAIN}
  487.   KERB_ETYPE_RC4_PLAIN_EXP     = -141;
  488.   {$EXTERNALSYM KERB_ETYPE_RC4_PLAIN_EXP}
  490. //
  491. // Pkinit encryption types
  492. //
  494.   KERB_ETYPE_DSA_SHA1_CMS     = 9;
  495.   {$EXTERNALSYM KERB_ETYPE_DSA_SHA1_CMS}
  496.   KERB_ETYPE_RSA_MD5_CMS      = 10;
  497.   {$EXTERNALSYM KERB_ETYPE_RSA_MD5_CMS}
  498.   KERB_ETYPE_RSA_SHA1_CMS     = 11;
  499.   {$EXTERNALSYM KERB_ETYPE_RSA_SHA1_CMS}
  500.   KERB_ETYPE_RC2_CBC_ENV      = 12;
  501.   {$EXTERNALSYM KERB_ETYPE_RC2_CBC_ENV}
  502.   KERB_ETYPE_RSA_ENV          = 13;
  503.   {$EXTERNALSYM KERB_ETYPE_RSA_ENV}
  504.   KERB_ETYPE_RSA_ES_OEAP_ENV  = 14;
  505.   {$EXTERNALSYM KERB_ETYPE_RSA_ES_OEAP_ENV}
  506.   KERB_ETYPE_DES_EDE3_CBC_ENV = 15;
  507.   {$EXTERNALSYM KERB_ETYPE_DES_EDE3_CBC_ENV}
  509. //
  510. // Deprecated
  511. //
  513.   KERB_ETYPE_DSA_SIGN     = 8;
  514.   {$EXTERNALSYM KERB_ETYPE_DSA_SIGN}
  515.   KERB_ETYPE_RSA_PRIV     = 9;
  516.   {$EXTERNALSYM KERB_ETYPE_RSA_PRIV}
  517.   KERB_ETYPE_RSA_PUB      = 10;
  518.   {$EXTERNALSYM KERB_ETYPE_RSA_PUB}
  519.   KERB_ETYPE_RSA_PUB_MD5  = 11;
  520.   {$EXTERNALSYM KERB_ETYPE_RSA_PUB_MD5}
  521.   KERB_ETYPE_RSA_PUB_SHA1 = 12;
  522.   {$EXTERNALSYM KERB_ETYPE_RSA_PUB_SHA1}
  523.   KERB_ETYPE_PKCS7_PUB    = 13;
  524.   {$EXTERNALSYM KERB_ETYPE_PKCS7_PUB}
  526. //
  527. // In use types
  528. //
  530.   KERB_ETYPE_DES_CBC_MD5_NT  = 20;
  531.   {$EXTERNALSYM KERB_ETYPE_DES_CBC_MD5_NT}
  532.   KERB_ETYPE_RC4_HMAC_NT     = 23;
  533.   {$EXTERNALSYM KERB_ETYPE_RC4_HMAC_NT}
  534.   KERB_ETYPE_RC4_HMAC_NT_EXP = 24;
  535.   {$EXTERNALSYM KERB_ETYPE_RC4_HMAC_NT_EXP}
  537. // Checksum algorithms.
  538. // These algorithms are keyed internally for our use.
  540.   KERB_CHECKSUM_NONE        = 0;
  541.   {$EXTERNALSYM KERB_CHECKSUM_NONE}
  542.   KERB_CHECKSUM_CRC32       = 1;
  543.   {$EXTERNALSYM KERB_CHECKSUM_CRC32}
  544.   KERB_CHECKSUM_MD4         = 2;
  545.   {$EXTERNALSYM KERB_CHECKSUM_MD4}
  546.   KERB_CHECKSUM_KRB_DES_MAC = 4;
  547.   {$EXTERNALSYM KERB_CHECKSUM_KRB_DES_MAC}
  548.   KERB_CHECKSUM_KRB_DES_MAC_K = 5;
  549.   {$EXTERNALSYM KERB_CHECKSUM_KRB_DES_MAC_K}  
  550.   KERB_CHECKSUM_MD5         = 7;
  551.   {$EXTERNALSYM KERB_CHECKSUM_MD5}
  552.   KERB_CHECKSUM_MD5_DES     = 8;
  553.   {$EXTERNALSYM KERB_CHECKSUM_MD5_DES}
  555.   KERB_CHECKSUM_LM          = -130;
  556.   {$EXTERNALSYM KERB_CHECKSUM_LM}
  557.   KERB_CHECKSUM_SHA1        = -131;
  558.   {$EXTERNALSYM KERB_CHECKSUM_SHA1}
  559.   KERB_CHECKSUM_REAL_CRC32  = -132;
  560.   {$EXTERNALSYM KERB_CHECKSUM_REAL_CRC32}
  561.   KERB_CHECKSUM_DES_MAC     = -133;
  562.   {$EXTERNALSYM KERB_CHECKSUM_DES_MAC}
  563.   KERB_CHECKSUM_DES_MAC_MD5 = -134;
  564.   {$EXTERNALSYM KERB_CHECKSUM_DES_MAC_MD5}
  565.   KERB_CHECKSUM_MD25        = -135;
  566.   {$EXTERNALSYM KERB_CHECKSUM_MD25}
  567.   KERB_CHECKSUM_RC4_MD5     = -136;
  568.   {$EXTERNALSYM KERB_CHECKSUM_RC4_MD5}
  569.   KERB_CHECKSUM_MD5_HMAC    = -137; // used by netlogon
  570.   {$EXTERNALSYM KERB_CHECKSUM_MD5_HMAC}
  571.   KERB_CHECKSUM_HMAC_MD5    = -138; // used by Kerberos
  572.   {$EXTERNALSYM KERB_CHECKSUM_HMAC_MD5}
  574.   AUTH_REQ_ALLOW_FORWARDABLE     = $00000001;
  575.   {$EXTERNALSYM AUTH_REQ_ALLOW_FORWARDABLE}
  576.   AUTH_REQ_ALLOW_PROXIABLE       = $00000002;
  577.   {$EXTERNALSYM AUTH_REQ_ALLOW_PROXIABLE}
  578.   AUTH_REQ_ALLOW_POSTDATE        = $00000004;
  579.   {$EXTERNALSYM AUTH_REQ_ALLOW_POSTDATE}
  580.   AUTH_REQ_ALLOW_RENEWABLE       = $00000008;
  581.   {$EXTERNALSYM AUTH_REQ_ALLOW_RENEWABLE}
  582.   AUTH_REQ_ALLOW_NOADDRESS       = $00000010;
  583.   {$EXTERNALSYM AUTH_REQ_ALLOW_NOADDRESS}
  584.   AUTH_REQ_ALLOW_ENC_TKT_IN_SKEY = $00000020;
  585.   {$EXTERNALSYM AUTH_REQ_ALLOW_ENC_TKT_IN_SKEY}
  586.   AUTH_REQ_ALLOW_VALIDATE        = $00000040;
  587.   {$EXTERNALSYM AUTH_REQ_ALLOW_VALIDATE}
  588.   AUTH_REQ_VALIDATE_CLIENT       = $00000080;
  589.   {$EXTERNALSYM AUTH_REQ_VALIDATE_CLIENT}
  590.   AUTH_REQ_OK_AS_DELEGATE        = $00000100;
  591.   {$EXTERNALSYM AUTH_REQ_OK_AS_DELEGATE}
  592.   AUTH_REQ_PREAUTH_REQUIRED      = $00000200;
  593.   {$EXTERNALSYM AUTH_REQ_PREAUTH_REQUIRED}
  594.   AUTH_REQ_TRANSITIVE_TRUST      = $00000400;
  595.   {$EXTERNALSYM AUTH_REQ_TRANSITIVE_TRUST}
  596.   AUTH_REQ_ALLOW_S4U_DELEGATE    = $00000800;
  597.   {$EXTERNALSYM AUTH_REQ_ALLOW_S4U_DELEGATE}
  599.   AUTH_REQ_PER_USER_FLAGS        = (AUTH_REQ_ALLOW_FORWARDABLE or
  600.                                     AUTH_REQ_ALLOW_PROXIABLE or
  601.                                     AUTH_REQ_ALLOW_POSTDATE or
  602.                                     AUTH_REQ_ALLOW_RENEWABLE or
  603.                                     AUTH_REQ_ALLOW_VALIDATE);
  604.   {$EXTERNALSYM AUTH_REQ_PER_USER_FLAGS}
  606. //
  607. // Ticket Flags:
  608. //
  610.   KERB_TICKET_FLAGS_reserved          = DWORD($80000000);
  611.   {$EXTERNALSYM KERB_TICKET_FLAGS_reserved}
  612.   KERB_TICKET_FLAGS_forwardable       = $40000000;
  613.   {$EXTERNALSYM KERB_TICKET_FLAGS_forwardable}
  614.   KERB_TICKET_FLAGS_forwarded         = $20000000;
  615.   {$EXTERNALSYM KERB_TICKET_FLAGS_forwarded}
  616.   KERB_TICKET_FLAGS_proxiable         = $10000000;
  617.   {$EXTERNALSYM KERB_TICKET_FLAGS_proxiable}
  618.   KERB_TICKET_FLAGS_proxy             = $08000000;
  619.   {$EXTERNALSYM KERB_TICKET_FLAGS_proxy}
  620.   KERB_TICKET_FLAGS_may_postdate      = $04000000;
  621.   {$EXTERNALSYM KERB_TICKET_FLAGS_may_postdate}
  622.   KERB_TICKET_FLAGS_postdated         = $02000000;
  623.   {$EXTERNALSYM KERB_TICKET_FLAGS_postdated}
  624.   KERB_TICKET_FLAGS_invalid           = $01000000;
  625.   {$EXTERNALSYM KERB_TICKET_FLAGS_invalid}
  626.   KERB_TICKET_FLAGS_renewable         = $00800000;
  627.   {$EXTERNALSYM KERB_TICKET_FLAGS_renewable}
  628.   KERB_TICKET_FLAGS_initial           = $00400000;
  629.   {$EXTERNALSYM KERB_TICKET_FLAGS_initial}
  630.   KERB_TICKET_FLAGS_pre_authent       = $00200000;
  631.   {$EXTERNALSYM KERB_TICKET_FLAGS_pre_authent}
  632.   KERB_TICKET_FLAGS_hw_authent        = $00100000;
  633.   {$EXTERNALSYM KERB_TICKET_FLAGS_hw_authent}
  634.   KERB_TICKET_FLAGS_ok_as_delegate    = $00040000;
  635.   {$EXTERNALSYM KERB_TICKET_FLAGS_ok_as_delegate}
  636.   KERB_TICKET_FLAGS_name_canonicalize = $00010000;
  637.   {$EXTERNALSYM KERB_TICKET_FLAGS_name_canonicalize}
  638.   KERB_TICKET_FLAGS_reserved1         = $00000001;
  639.   {$EXTERNALSYM KERB_TICKET_FLAGS_reserved1}
  641. //
  642. // Name types
  643. //
  645.   KRB_NT_UNKNOWN              = 0; // Name type not known
  646.   {$EXTERNALSYM KRB_NT_UNKNOWN}
  647.   KRB_NT_PRINCIPAL            = 1; // Just the name of the principal as in DCE, or for users
  648.   {$EXTERNALSYM KRB_NT_PRINCIPAL}
  649.   KRB_NT_PRINCIPAL_AND_ID     = -131; // Name of the principal and its SID.
  650.   {$EXTERNALSYM KRB_NT_PRINCIPAL_AND_ID}
  651.   KRB_NT_SRV_INST             = 2; // Service and other unique instance (krbtgt)
  652.   {$EXTERNALSYM KRB_NT_SRV_INST}
  653.   KRB_NT_SRV_INST_AND_ID      = -132; // SPN and SID
  654.   {$EXTERNALSYM KRB_NT_SRV_INST_AND_ID}
  655.   KRB_NT_SRV_HST              = 3; // Service with host name as instance (telnet, rcommands)
  656.   {$EXTERNALSYM KRB_NT_SRV_HST}
  657.   KRB_NT_SRV_XHST             = 4; // Service with host as remaining components
  658.   {$EXTERNALSYM KRB_NT_SRV_XHST}
  659.   KRB_NT_UID                  = 5; // Unique ID
  660.   {$EXTERNALSYM KRB_NT_UID}
  661.   KRB_NT_ENTERPRISE_PRINCIPAL = 10; // UPN or SPN
  662.   {$EXTERNALSYM KRB_NT_ENTERPRISE_PRINCIPAL}
  663.   KRB_NT_ENT_PRINCIPAL_AND_ID = -130; // UPN and SID
  664.   {$EXTERNALSYM KRB_NT_ENT_PRINCIPAL_AND_ID}
  666. //
  667. // MS extensions, negative according to the RFC
  668. //
  670.   KRB_NT_MS_PRINCIPAL = -128; // NT4 style name
  671.   {$EXTERNALSYM KRB_NT_MS_PRINCIPAL}
  673.   KRB_NT_MS_PRINCIPAL_AND_ID = -129; // nt4 style name with sid
  674.   {$EXTERNALSYM KRB_NT_MS_PRINCIPAL_AND_ID}
  676. // todo #define KERB_IS_MS_PRINCIPAL(_x_) (((_x_) <= KRB_NT_MS_PRINCIPAL) || ((_x_) >= KRB_NT_ENTERPRISE_PRINCIPAL))
  678.   MICROSOFT_KERBEROS_NAME_A = 'Kerberos';
  679.   {$EXTERNALSYM MICROSOFT_KERBEROS_NAME_A}
  680.   MICROSOFT_KERBEROS_NAME_W = WideString('Kerberos');
  681.   {$EXTERNALSYM MICROSOFT_KERBEROS_NAME_W}
  683. {$IFDEF UNICODE}
  684.   MICROSOFT_KERBEROS_NAME = MICROSOFT_KERBEROS_NAME_W;
  685.   {$EXTERNALSYM MICROSOFT_KERBEROS_NAME}
  686. {$ELSE}
  687.   MICROSOFT_KERBEROS_NAME = MICROSOFT_KERBEROS_NAME_A;
  688.   {$EXTERNALSYM MICROSOFT_KERBEROS_NAME}
  689. {$ENDIF}
  692. /////////////////////////////////////////////////////////////////////////
  693. //
  694. // Quality of protection parameters for MakeSignature / EncryptMessage
  695. //
  696. /////////////////////////////////////////////////////////////////////////
  698. //
  699. // This flag indicates to EncryptMessage that the message is not to actually
  700. // be encrypted, but a header/trailer are to be produced.
  701. //
  703.   KERB_WRAP_NO_ENCRYPT = DWORD($80000001);
  704.   {$EXTERNALSYM KERB_WRAP_NO_ENCRYPT}
  706. /////////////////////////////////////////////////////////////////////////
  707. //
  708. // LsaLogonUser parameters
  709. //
  710. /////////////////////////////////////////////////////////////////////////
  712. const
  713.   KerbInteractiveLogon = 2;
  714.   KerbSmartCardLogon = 6;
  715.   KerbWorkstationUnlockLogon = 7;
  716.   KerbSmartCardUnlockLogon = 8;
  717.   KerbProxyLogon = 9;
  718.   KerbTicketLogon = 10;
  719.   KerbTicketUnlockLogon = 11;
  720.   KerbS4ULogon = 12; 
  722. type
  723.   KERB_LOGON_SUBMIT_TYPE = DWORD;
  724.   {$EXTERNALSYM KERB_LOGON_SUBMIT_TYPE}
  725.   PKERB_LOGON_SUBMIT_TYPE = ^KERB_LOGON_SUBMIT_TYPE;
  726.   {$EXTERNALSYM PKERB_LOGON_SUBMIT_TYPE}
  728.   PKERB_INTERACTIVE_LOGON = ^KERB_INTERACTIVE_LOGON;
  729.   {$EXTERNALSYM PKERB_INTERACTIVE_LOGON}
  730.   _KERB_INTERACTIVE_LOGON = record
  731.     MessageType: KERB_LOGON_SUBMIT_TYPE;
  732.     LogonDomainName: UNICODE_STRING;
  733.     UserName: UNICODE_STRING;
  734.     Password: UNICODE_STRING;
  735.   end;
  736.   {$EXTERNALSYM _KERB_INTERACTIVE_LOGON}
  737.   KERB_INTERACTIVE_LOGON = _KERB_INTERACTIVE_LOGON;
  738.   {$EXTERNALSYM KERB_INTERACTIVE_LOGON}
  739.   TKerbInteractiveLogon = KERB_INTERACTIVE_LOGON;
  740.   PKerbInteractiveLogon = PKERB_INTERACTIVE_LOGON;
  742.   PKERB_INTERACTIVE_UNLOCK_LOGON = ^KERB_INTERACTIVE_UNLOCK_LOGON;
  743.   {$EXTERNALSYM PKERB_INTERACTIVE_UNLOCK_LOGON}
  744.   _KERB_INTERACTIVE_UNLOCK_LOGON = record
  745.     Logon: KERB_INTERACTIVE_LOGON;
  746.     LogonId: LUID;
  747.   end;
  748.   {$EXTERNALSYM _KERB_INTERACTIVE_UNLOCK_LOGON}
  749.   KERB_INTERACTIVE_UNLOCK_LOGON = _KERB_INTERACTIVE_UNLOCK_LOGON;
  750.   {$EXTERNALSYM KERB_INTERACTIVE_UNLOCK_LOGON}
  751.   TKerbInteractiveUnlockLogon = KERB_INTERACTIVE_UNLOCK_LOGON;
  752.   PKerbInteractiveUnlockLogon = PKERB_INTERACTIVE_UNLOCK_LOGON;
  754.   PKERB_SMART_CARD_LOGON = ^KERB_SMART_CARD_LOGON;
  755.   {$EXTERNALSYM PKERB_SMART_CARD_LOGON}
  756.   _KERB_SMART_CARD_LOGON = record
  757.     MessageType: KERB_LOGON_SUBMIT_TYPE;
  758.     Pin: UNICODE_STRING;
  759.     CspDataLength: ULONG;
  760.     CspData: PUCHAR;
  761.   end;
  762.   {$EXTERNALSYM _KERB_SMART_CARD_LOGON}
  763.   KERB_SMART_CARD_LOGON = _KERB_SMART_CARD_LOGON;
  764.   {$EXTERNALSYM KERB_SMART_CARD_LOGON}
  765.   TKerbSmartCardLogon = KERB_SMART_CARD_LOGON;
  766.   PKerbSmartCardLogon = PKERB_SMART_CARD_LOGON;
  768.   PKERB_SMART_CARD_UNLOCK_LOGON = ^KERB_SMART_CARD_UNLOCK_LOGON;
  769.   {$EXTERNALSYM PKERB_SMART_CARD_UNLOCK_LOGON}
  770.   _KERB_SMART_CARD_UNLOCK_LOGON = record
  771.     Logon: KERB_SMART_CARD_LOGON;
  772.     LogonId: LUID;
  773.   end;
  774.   {$EXTERNALSYM _KERB_SMART_CARD_UNLOCK_LOGON}
  775.   KERB_SMART_CARD_UNLOCK_LOGON = _KERB_SMART_CARD_UNLOCK_LOGON;
  776.   {$EXTERNALSYM KERB_SMART_CARD_UNLOCK_LOGON}
  777.   TKerbSmartCardUnlockLogon = KERB_SMART_CARD_UNLOCK_LOGON;
  778.   PKerbSmartCardUnlockLogon = PKERB_SMART_CARD_UNLOCK_LOGON;
  780. //
  781. // Structure used for a ticket-only logon
  782. //
  784.   PKERB_TICKET_LOGON = ^KERB_TICKET_LOGON;
  785.   {$EXTERNALSYM PKERB_TICKET_LOGON}
  786.   _KERB_TICKET_LOGON = record
  787.     MessageType: KERB_LOGON_SUBMIT_TYPE;
  788.     Flags: ULONG;
  789.     ServiceTicketLength: ULONG;
  790.     TicketGrantingTicketLength: ULONG;
  791.     ServiceTicket: PUCHAR; // REQUIRED: Service ticket "host"
  792.     TicketGrantingTicket: PUCHAR; // OPTIONAL: User's encdoded in a KERB_CRED message, encrypted with session key from service ticket
  793.   end;
  794.   {$EXTERNALSYM _KERB_TICKET_LOGON}
  795.   KERB_TICKET_LOGON = _KERB_TICKET_LOGON;
  796.   {$EXTERNALSYM KERB_TICKET_LOGON}
  797.   TKerbTicketLogon = KERB_TICKET_LOGON;
  798.   PKerbTicketLogon = PKERB_TICKET_LOGON;
  800. //
  801. // Flags for the ticket logon flags field
  802. //
  804. const
  805.   KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET = $1;
  806.   {$EXTERNALSYM KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET}
  808. type
  809.   PKERB_TICKET_UNLOCK_LOGON = ^KERB_TICKET_UNLOCK_LOGON;
  810.   {$EXTERNALSYM PKERB_TICKET_UNLOCK_LOGON}
  811.   _KERB_TICKET_UNLOCK_LOGON = record
  812.     Logon: KERB_TICKET_LOGON;
  813.     LogonId: LUID;
  814.   end;
  815.   {$EXTERNALSYM _KERB_TICKET_UNLOCK_LOGON}
  816.   KERB_TICKET_UNLOCK_LOGON = _KERB_TICKET_UNLOCK_LOGON;
  817.   {$EXTERNALSYM KERB_TICKET_UNLOCK_LOGON}
  818.   TKerbTicketUnlockLogon = KERB_TICKET_UNLOCK_LOGON;
  819.   PKerbTicketUnlockLogon = PKERB_TICKET_UNLOCK_LOGON;
  821. //
  822. //  Used for S4U Client requests
  823. //
  824. //
  826.   _KERB_S4U_LOGON = record
  827.     MessageType: KERB_LOGON_SUBMIT_TYPE;
  828.     Flags: ULONG;
  829.     ClientUpn: UNICODE_STRING;   // REQUIRED: UPN for client
  830.     ClientRealm: UNICODE_STRING; // Optional: Client Realm, if known
  831.   end;
  832.   {$EXTERNALSYM _KERB_S4U_LOGON}
  833.   KERB_S4U_LOGON = _KERB_S4U_LOGON;
  834.   {$EXTERNALSYM KERB_S4U_LOGON}
  835.   PKERB_S4U_LOGON = ^KERB_S4U_LOGON;
  836.   {$EXTERNALSYM PKERB_S4U_LOGON}
  837.   TKerbS4ULogon = KERB_S4U_LOGON;
  838.   PKerbS4ULogon = PKERB_S4U_LOGON;  
  840. //
  841. // Use the same profile structure as MSV1_0
  842. //
  844. type
  845.   _KERB_PROFILE_BUFFER_TYPE = (
  846.     kpbtFiller0, kpbtFiller1,
  847.     KerbInteractiveProfile,
  848.     kpbtFiller3,
  849.     KerbSmartCardProfile,
  850.     kpbtFiller5,
  851.     KerbTicketProfile);
  852.   {$EXTERNALSYM _KERB_PROFILE_BUFFER_TYPE}
  853.   KERB_PROFILE_BUFFER_TYPE = _KERB_PROFILE_BUFFER_TYPE;
  854.   {$EXTERNALSYM KERB_PROFILE_BUFFER_TYPE}
  855.   PKERB_PROFILE_BUFFER_TYPE = ^KERB_PROFILE_BUFFER_TYPE;
  856.   {$EXTERNALSYM PKERB_PROFILE_BUFFER_TYPE}
  857.   TKerbProfileBufferType = KERB_PROFILE_BUFFER_TYPE;
  858.   PKerbProfileBufferType = PKERB_PROFILE_BUFFER_TYPE;
  860.   PKERB_INTERACTIVE_PROFILE = ^KERB_INTERACTIVE_PROFILE;
  861.   {$EXTERNALSYM PKERB_INTERACTIVE_PROFILE}
  862.   _KERB_INTERACTIVE_PROFILE = record
  863.     MessageType: KERB_PROFILE_BUFFER_TYPE;
  864.     LogonCount: USHORT;
  865.     BadPasswordCount: USHORT;
  866.     LogonTime: LARGE_INTEGER;
  867.     LogoffTime: LARGE_INTEGER;
  868.     KickOffTime: LARGE_INTEGER;
  869.     PasswordLastSet: LARGE_INTEGER;
  870.     PasswordCanChange: LARGE_INTEGER;
  871.     PasswordMustChange: LARGE_INTEGER;
  872.     LogonScript: UNICODE_STRING;
  873.     HomeDirectory: UNICODE_STRING;
  874.     FullName: UNICODE_STRING;
  875.     ProfilePath: UNICODE_STRING;
  876.     HomeDirectoryDrive: UNICODE_STRING;
  877.     LogonServer: UNICODE_STRING;
  878.     UserFlags: ULONG;
  879.   end;
  880.   {$EXTERNALSYM _KERB_INTERACTIVE_PROFILE}
  881.   KERB_INTERACTIVE_PROFILE = _KERB_INTERACTIVE_PROFILE;
  882.   {$EXTERNALSYM KERB_INTERACTIVE_PROFILE}
  883.   TKerbInteractiveProfile = KERB_INTERACTIVE_PROFILE;
  884.   PKerbInteractiveProfile = PKERB_INTERACTIVE_PROFILE;
  886. //
  887. // For smart card, we return a smart card profile, which is an interactive
  888. // profile plus a certificate
  889. //
  891.   PKERB_SMART_CARD_PROFILE = ^KERB_SMART_CARD_PROFILE;
  892.   {$EXTERNALSYM PKERB_SMART_CARD_PROFILE}
  893.   _KERB_SMART_CARD_PROFILE = record
  894.     Profile: KERB_INTERACTIVE_PROFILE;
  895.     CertificateSize: ULONG;
  896.     CertificateData: PUCHAR;
  897.   end;
  898.   {$EXTERNALSYM _KERB_SMART_CARD_PROFILE}
  899.   KERB_SMART_CARD_PROFILE = _KERB_SMART_CARD_PROFILE;
  900.   {$EXTERNALSYM KERB_SMART_CARD_PROFILE}
  901.   TKerbSmartCardProfile = KERB_SMART_CARD_PROFILE;
  902.   PKerbSmartCardProfile = PKERB_SMART_CARD_PROFILE;
  904. //
  905. // For a ticket logon profile, we return the session key from the ticket
  906. //
  908.   PKERB_CRYPTO_KEY = ^KERB_CRYPTO_KEY;
  909.   {$EXTERNALSYM PKERB_CRYPTO_KEY}
  910.   KERB_CRYPTO_KEY = record
  911.     KeyType: LONG;
  912.     Length: ULONG;
  913.     Value: PUCHAR;
  914.   end;
  915.   {$EXTERNALSYM KERB_CRYPTO_KEY}
  916.   TKerbCryptoKey = KERB_CRYPTO_KEY;
  917.   PKerbCryptoKey = PKERB_CRYPTO_KEY;
  919.   PKERB_TICKET_PROFILE = ^KERB_TICKET_PROFILE;
  920.   {$EXTERNALSYM PKERB_TICKET_PROFILE}
  921.   _KERB_TICKET_PROFILE = record
  922.     Profile: KERB_INTERACTIVE_PROFILE;
  923.     SessionKey: KERB_CRYPTO_KEY;
  924.   end;
  925.   {$EXTERNALSYM _KERB_TICKET_PROFILE}
  926.   KERB_TICKET_PROFILE = _KERB_TICKET_PROFILE;
  927.   {$EXTERNALSYM KERB_TICKET_PROFILE}
  928.   TKerbTicketProfile = KERB_TICKET_PROFILE;
  929.   PKerbTicketProfile = PKERB_TICKET_PROFILE;
  931.   _KERB_PROTOCOL_MESSAGE_TYPE = (
  932.     KerbDebugRequestMessage,
  933.     KerbQueryTicketCacheMessage,
  934.     KerbChangeMachinePasswordMessage,
  935.     KerbVerifyPacMessage,
  936.     KerbRetrieveTicketMessage,
  937.     KerbUpdateAddressesMessage,
  938.     KerbPurgeTicketCacheMessage,
  939.     KerbChangePasswordMessage,
  940.     KerbRetrieveEncodedTicketMessage,
  941.     KerbDecryptDataMessage,
  942.     KerbAddBindingCacheEntryMessage,
  943.     KerbSetPasswordMessage,
  944.     KerbSetPasswordExMessage,
  945.     KerbVerifyCredentialsMessage,
  946.     KerbQueryTicketCacheExMessage,
  947.     KerbPurgeTicketCacheExMessage,
  948.     KerbRefreshSmartcardCredentialsMessage,
  949.     KerbAddExtraCredentialsMessage,
  950.     KerbQuerySupplementalCredentialsMessage);
  951.   {$EXTERNALSYM _KERB_PROTOCOL_MESSAGE_TYPE}
  952.   KERB_PROTOCOL_MESSAGE_TYPE = _KERB_PROTOCOL_MESSAGE_TYPE;
  953.   {$EXTERNALSYM KERB_PROTOCOL_MESSAGE_TYPE}
  954.   PKERB_PROTOCOL_MESSAGE_TYPE = ^KERB_PROTOCOL_MESSAGE_TYPE;
  955.   {$EXTERNALSYM PKERB_PROTOCOL_MESSAGE_TYPE}
  956.   TKerbProtocolMessageType = KERB_PROTOCOL_MESSAGE_TYPE;
  957.   PKerbProtocolMessageType = PKERB_PROTOCOL_MESSAGE_TYPE;  
  959. //
  960. // Used both for retrieving tickets and for querying ticket cache
  961. //
  963.   PKERB_QUERY_TKT_CACHE_REQUEST = ^KERB_QUERY_TKT_CACHE_REQUEST;
  964.   {$EXTERNALSYM PKERB_QUERY_TKT_CACHE_REQUEST}
  965.   _KERB_QUERY_TKT_CACHE_REQUEST = record
  966.     MessageType: KERB_PROTOCOL_MESSAGE_TYPE;
  967.     LogonId: LUID;
  968.   end;
  969.   {$EXTERNALSYM _KERB_QUERY_TKT_CACHE_REQUEST}
  970.   KERB_QUERY_TKT_CACHE_REQUEST = _KERB_QUERY_TKT_CACHE_REQUEST;
  971.   {$EXTERNALSYM KERB_QUERY_TKT_CACHE_REQUEST}
  972.   TKerbQueryTktCacheRequest = KERB_QUERY_TKT_CACHE_REQUEST;
  973.   PKerbQueryTktCacheRequest = PKERB_QUERY_TKT_CACHE_REQUEST;
  975.   PKERB_TICKET_CACHE_INFO = ^KERB_TICKET_CACHE_INFO;
  976.   {$EXTERNALSYM PKERB_TICKET_CACHE_INFO}
  977.   _KERB_TICKET_CACHE_INFO = record
  978.     ServerName: UNICODE_STRING;
  979.     RealmName: UNICODE_STRING;
  980.     StartTime: LARGE_INTEGER;
  981.     EndTime: LARGE_INTEGER;
  982.     RenewTime: LARGE_INTEGER;
  983.     EncryptionType: LONG;
  984.     TicketFlags: ULONG;
  985.   end;
  986.   {$EXTERNALSYM _KERB_TICKET_CACHE_INFO}
  987.   KERB_TICKET_CACHE_INFO = _KERB_TICKET_CACHE_INFO;
  988.   {$EXTERNALSYM KERB_TICKET_CACHE_INFO}
  989.   TKerbTicketCacheInfo = KERB_TICKET_CACHE_INFO;
  990.   PKerbTicketCacheInfo = PKERB_TICKET_CACHE_INFO;
  992.   _KERB_TICKET_CACHE_INFO_EX = record
  993.     ClientName: UNICODE_STRING;
  994.     ClientRealm: UNICODE_STRING;
  995.     ServerName: UNICODE_STRING;
  996.     ServerRealm: UNICODE_STRING;
  997.     StartTime: LARGE_INTEGER;
  998.     EndTime: LARGE_INTEGER;
  999.     RenewTime: LARGE_INTEGER;
  1000.     EncryptionType: LONG;
  1001.     TicketFlags: ULONG;
  1002.   end;
  1003.   {$EXTERNALSYM _KERB_TICKET_CACHE_INFO_EX}
  1004.   KERB_TICKET_CACHE_INFO_EX = _KERB_TICKET_CACHE_INFO_EX;
  1005.   {$EXTERNALSYM KERB_TICKET_CACHE_INFO_EX}
  1006.   PKERB_TICKET_CACHE_INFO_EX = ^KERB_TICKET_CACHE_INFO_EX;
  1007.   {$EXTERNALSYM PKERB_TICKET_CACHE_INFO_EX}
  1008.   TKerbTicketCacheInfoEx = KERB_TICKET_CACHE_INFO_EX;
  1009.   PKerbTicketCacheInfoEx = PKERB_TICKET_CACHE_INFO_EX;  
  1011.   PKERB_QUERY_TKT_CACHE_RESPONSE = ^KERB_QUERY_TKT_CACHE_RESPONSE;
  1012.   {$EXTERNALSYM PKERB_QUERY_TKT_CACHE_RESPONSE}
  1013.   _KERB_QUERY_TKT_CACHE_RESPONSE = record
  1014.     MessageType: KERB_PROTOCOL_MESSAGE_TYPE;
  1015.     CountOfTickets: ULONG;
  1016.     Tickets: array [0..ANYSIZE_ARRAY - 1] of KERB_TICKET_CACHE_INFO;
  1017.   end;
  1018.   {$EXTERNALSYM _KERB_QUERY_TKT_CACHE_RESPONSE}
  1019.   KERB_QUERY_TKT_CACHE_RESPONSE = _KERB_QUERY_TKT_CACHE_RESPONSE;
  1020.   {$EXTERNALSYM KERB_QUERY_TKT_CACHE_RESPONSE}
  1021.   TKerbQueryTktCacheResponse = KERB_QUERY_TKT_CACHE_RESPONSE;
  1022.   PKerbQueryTktCacheResponse = PKERB_QUERY_TKT_CACHE_RESPONSE;
  1024.   _KERB_QUERY_TKT_CACHE_EX_RESPONSE = record
  1025.     MessageType: KERB_PROTOCOL_MESSAGE_TYPE;
  1026.     CountOfTickets: ULONG;
  1027.     Tickets: array [0..ANYSIZE_ARRAY - 1] of KERB_TICKET_CACHE_INFO_EX;
  1028.   end;
  1029.   {$EXTERNALSYM _KERB_QUERY_TKT_CACHE_EX_RESPONSE}
  1030.   KERB_QUERY_TKT_CACHE_EX_RESPONSE = _KERB_QUERY_TKT_CACHE_EX_RESPONSE;
  1031.   {$EXTERNALSYM KERB_QUERY_TKT_CACHE_EX_RESPONSE}
  1032.   PKERB_QUERY_TKT_CACHE_EX_RESPONSE = ^KERB_QUERY_TKT_CACHE_EX_RESPONSE;
  1033.   {$EXTERNALSYM PKERB_QUERY_TKT_CACHE_EX_RESPONSE}
  1034.   TKerbQueryTktCacheExResponse = KERB_QUERY_TKT_CACHE_EX_RESPONSE;
  1035.   PKerbQueryTktCacheExResponse = PKERB_QUERY_TKT_CACHE_EX_RESPONSE;  
  1037. //
  1038. // Types for retrieving encoded ticket from the cache
  1039. //
  1041.   _SecHandle = record
  1042.     dwLower: ULONG_PTR;
  1043.     dwUpper: ULONG_PTR;
  1044.   end;
  1045.   {$EXTERNALSYM _SecHandle}
  1046.   SecHandle = _SecHandle;
  1047.   {$EXTERNALSYM SecHandle}
  1048.   PSecHandle = ^SecHandle;
  1049.   {$EXTERNALSYM PSecHandle}
  1051. // Ticket Flags
  1053. const
  1054.   KERB_USE_DEFAULT_TICKET_FLAGS = $0;
  1055.   {$EXTERNALSYM KERB_USE_DEFAULT_TICKET_FLAGS}
  1057. // CacheOptions
  1059.   KERB_RETRIEVE_TICKET_DEFAULT  = $0;
  1060.   {$EXTERNALSYM KERB_RETRIEVE_TICKET_DEFAULT}
  1061.   KERB_RETRIEVE_TICKET_DONT_USE_CACHE = $1;
  1062.   {$EXTERNALSYM KERB_RETRIEVE_TICKET_DONT_USE_CACHE}
  1063.   KERB_RETRIEVE_TICKET_USE_CACHE_ONLY = $2;
  1064.   {$EXTERNALSYM KERB_RETRIEVE_TICKET_USE_CACHE_ONLY}
  1065.   KERB_RETRIEVE_TICKET_USE_CREDHANDLE = $4;
  1066.   {$EXTERNALSYM KERB_RETRIEVE_TICKET_USE_CREDHANDLE}
  1067.   KERB_RETRIEVE_TICKET_AS_KERB_CRED   = $8;
  1068.   {$EXTERNALSYM KERB_RETRIEVE_TICKET_AS_KERB_CRED}
  1069.   KERB_RETRIEVE_TICKET_WITH_SEC_CRED  = $10;
  1070.   {$EXTERNALSYM KERB_RETRIEVE_TICKET_WITH_SEC_CRED}
  1072. // Encryption Type options
  1074.   KERB_ETYPE_DEFAULT = $0; // don't specify etype in tkt req.
  1075.   {$EXTERNALSYM KERB_ETYPE_DEFAULT}
  1077. type
  1078.   _KERB_AUTH_DATA = record
  1079.     Type_: ULONG;
  1080.     Length: ULONG;
  1081.     Data: PUCHAR;
  1082.   end;
  1083.   {$EXTERNALSYM _KERB_AUTH_DATA}
  1084.   KERB_AUTH_DATA = _KERB_AUTH_DATA;
  1085.   {$EXTERNALSYM KERB_AUTH_DATA}
  1086.   PKERB_AUTH_DATA = ^KERB_AUTH_DATA;
  1087.   {$EXTERNALSYM PKERB_AUTH_DATA}
  1088.   TKerbAuthData = KERB_AUTH_DATA;
  1089.   PKerbAuthData = PKERB_AUTH_DATA;
  1091.   _KERB_NET_ADDRESS = record
  1092.     Family: ULONG;
  1093.     Length: ULONG;
  1094.     Address: PCHAR;
  1095.   end;
  1096.   {$EXTERNALSYM _KERB_NET_ADDRESS}
  1097.   KERB_NET_ADDRESS = _KERB_NET_ADDRESS;
  1098.   {$EXTERNALSYM KERB_NET_ADDRESS}
  1099.   PKERB_NET_ADDRESS = ^KERB_NET_ADDRESS;
  1100.   {$EXTERNALSYM PKERB_NET_ADDRESS}
  1101.   TKerbNetAddress = KERB_NET_ADDRESS;
  1102.   PKerbNetAddress = PKERB_NET_ADDRESS;
  1104.   _KERB_NET_ADDRESSES = record
  1105.     Number: ULONG;
  1106.     Addresses: array [0..ANYSIZE_ARRAY - 1] of KERB_NET_ADDRESS;
  1107.   end;
  1108.   {$EXTERNALSYM _KERB_NET_ADDRESSES}
  1109.   KERB_NET_ADDRESSES = _KERB_NET_ADDRESSES;
  1110.   {$EXTERNALSYM KERB_NET_ADDRESSES}
  1111.   PKERB_NET_ADDRESSES = ^KERB_NET_ADDRESSES;
  1112.   {$EXTERNALSYM PKERB_NET_ADDRESSES}
  1113.   TKerbNetAddresses = KERB_NET_ADDRESSES;
  1114.   PKerbNetAddresses = PKERB_NET_ADDRESSES;  
  1116. //
  1117. // Types for the information about a ticket
  1118. //
  1120. type
  1121.   PKERB_EXTERNAL_NAME = ^KERB_EXTERNAL_NAME;
  1122.   {$EXTERNALSYM PKERB_EXTERNAL_NAME}
  1123.   _KERB_EXTERNAL_NAME = record
  1124.     NameType: SHORT;
  1125.     NameCount: USHORT;
  1126.     Names: array [0..ANYSIZE_ARRAY - 1] of UNICODE_STRING;
  1127.   end;
  1128.   {$EXTERNALSYM _KERB_EXTERNAL_NAME}
  1129.   KERB_EXTERNAL_NAME = _KERB_EXTERNAL_NAME;
  1130.   {$EXTERNALSYM KERB_EXTERNAL_NAME}
  1131.   TKerbExternalName = KERB_EXTERNAL_NAME;
  1132.   PKerbExternalName = PKERB_EXTERNAL_NAME;
  1134.   PKERB_EXTERNAL_TICKET = ^KERB_EXTERNAL_TICKET;
  1135.   {$EXTERNALSYM PKERB_EXTERNAL_TICKET}
  1136.   _KERB_EXTERNAL_TICKET = record
  1137.     ServiceName: PKERB_EXTERNAL_NAME;
  1138.     TargetName: PKERB_EXTERNAL_NAME;
  1139.     ClientName: PKERB_EXTERNAL_NAME;
  1140.     DomainName: UNICODE_STRING;
  1141.     TargetDomainName: UNICODE_STRING;  // contains ClientDomainName
  1142.     AltTargetDomainName: UNICODE_STRING;
  1143.     SessionKey: KERB_CRYPTO_KEY;
  1144.     TicketFlags: ULONG;
  1145.     Flags: ULONG;
  1146.     KeyExpirationTime: LARGE_INTEGER;
  1147.     StartTime: LARGE_INTEGER;
  1148.     EndTime: LARGE_INTEGER;
  1149.     RenewUntil: LARGE_INTEGER;
  1150.     TimeSkew: LARGE_INTEGER;
  1151.     EncodedTicketSize: ULONG;
  1152.     EncodedTicket: PUCHAR;
  1153.   end;
  1154.   {$EXTERNALSYM _KERB_EXTERNAL_TICKET}
  1155.   KERB_EXTERNAL_TICKET = _KERB_EXTERNAL_TICKET;
  1156.   {$EXTERNALSYM KERB_EXTERNAL_TICKET}
  1157.   TKerbExternalTicket = KERB_EXTERNAL_TICKET;
  1158.   PKerbExternalTicket = PKERB_EXTERNAL_TICKET;
  1160.   _KERB_RETRIEVE_TKT_REQUEST = record
  1161.     MessageType: KERB_PROTOCOL_MESSAGE_TYPE;
  1162.     LogonId: LUID;
  1163.     TargetName: UNICODE_STRING;
  1164.     TicketFlags: ULONG;
  1165.     CacheOptions: ULONG;
  1166.     EncryptionType: LONG;
  1167.     CredentialsHandle: SecHandle;
  1168.   end;
  1169.   {$EXTERNALSYM _KERB_RETRIEVE_TKT_REQUEST}
  1170.   KERB_RETRIEVE_TKT_REQUEST = _KERB_RETRIEVE_TKT_REQUEST;
  1171.   {$EXTERNALSYM KERB_RETRIEVE_TKT_REQUEST}
  1172.   PKERB_RETRIEVE_TKT_REQUEST = ^KERB_RETRIEVE_TKT_REQUEST;
  1173.   {$EXTERNALSYM PKERB_RETRIEVE_TKT_REQUEST}
  1174.   TKerbRetrieveTktRequest = KERB_RETRIEVE_TKT_REQUEST;
  1175.   PKerbRetrieveTktRequest = PKERB_RETRIEVE_TKT_REQUEST;
  1177.   PKERB_RETRIEVE_TKT_RESPONSE = ^KERB_RETRIEVE_TKT_RESPONSE;
  1178.   {$EXTERNALSYM PKERB_RETRIEVE_TKT_RESPONSE}
  1179.   _KERB_RETRIEVE_TKT_RESPONSE = record
  1180.     Ticket: KERB_EXTERNAL_TICKET;
  1181.   end;
  1182.   {$EXTERNALSYM _KERB_RETRIEVE_TKT_RESPONSE}
  1183.   KERB_RETRIEVE_TKT_RESPONSE = _KERB_RETRIEVE_TKT_RESPONSE;
  1184.   {$EXTERNALSYM KERB_RETRIEVE_TKT_RESPONSE}
  1185.   TKerbRetrieveTktResponse = KERB_RETRIEVE_TKT_RESPONSE;
  1186.   PKerbRetrieveTktResponse = PKERB_RETRIEVE_TKT_RESPONSE;
  1188. //
  1189. // Used to purge entries from the ticket cache
  1190. //
  1192.   PKERB_PURGE_TKT_CACHE_REQUEST = ^KERB_PURGE_TKT_CACHE_REQUEST;
  1193.   {$EXTERNALSYM PKERB_PURGE_TKT_CACHE_REQUEST}
  1194.   _KERB_PURGE_TKT_CACHE_REQUEST = record
  1195.     MessageType: KERB_PROTOCOL_MESSAGE_TYPE;
  1196.     LogonId: LUID;
  1197.     ServerName: UNICODE_STRING;
  1198.     RealmName: UNICODE_STRING;
  1199.   end;
  1200.   {$EXTERNALSYM _KERB_PURGE_TKT_CACHE_REQUEST}
  1201.   KERB_PURGE_TKT_CACHE_REQUEST = _KERB_PURGE_TKT_CACHE_REQUEST;
  1202.   {$EXTERNALSYM KERB_PURGE_TKT_CACHE_REQUEST}
  1203.   TKerbPurgeTktCacheRequest = KERB_PURGE_TKT_CACHE_REQUEST;
  1204.   PKerbPurgeTktCacheRequest = PKERB_PURGE_TKT_CACHE_REQUEST;
  1206. //
  1207. // Flags for purge requests
  1208. //
  1210. const
  1211.   KERB_PURGE_ALL_TICKETS = 1;
  1212.   {$EXTERNALSYM KERB_PURGE_ALL_TICKETS}
  1214. type
  1215.   _KERB_PURGE_TKT_CACHE_EX_REQUEST = record
  1216.     MessageType: KERB_PROTOCOL_MESSAGE_TYPE;
  1217.     LogonId: LUID;
  1218.     Flags: ULONG;
  1219.     TicketTemplate: KERB_TICKET_CACHE_INFO_EX;
  1220.   end;
  1221.   {$EXTERNALSYM _KERB_PURGE_TKT_CACHE_EX_REQUEST}
  1222.   KERB_PURGE_TKT_CACHE_EX_REQUEST = _KERB_PURGE_TKT_CACHE_EX_REQUEST;
  1223.   {$EXTERNALSYM KERB_PURGE_TKT_CACHE_EX_REQUEST}
  1224.   PKERB_PURGE_TKT_CACHE_EX_REQUEST = ^KERB_PURGE_TKT_CACHE_EX_REQUEST;
  1225.   {$EXTERNALSYM PKERB_PURGE_TKT_CACHE_EX_REQUEST}
  1226.   TKerbPurgeTktCacheExRequest = KERB_PURGE_TKT_CACHE_EX_REQUEST;
  1227.   PKerbPurgeTktCacheExRequest = PKERB_PURGE_TKT_CACHE_EX_REQUEST;
  1229. //
  1230. // KerbChangePassword
  1231. //
  1232. // KerbChangePassword changes the password on the KDC account plus
  1233. //  the password cache and logon credentials if applicable.
  1234. //
  1235. //
  1237.   PKERB_CHANGEPASSWORD_REQUEST = ^KERB_CHANGEPASSWORD_REQUEST;
  1238.   {$EXTERNALSYM PKERB_CHANGEPASSWORD_REQUEST}
  1239.   _KERB_CHANGEPASSWORD_REQUEST = record
  1240.     MessageType: KERB_PROTOCOL_MESSAGE_TYPE;
  1241.     DomainName: UNICODE_STRING;
  1242.     AccountName: UNICODE_STRING;
  1243.     OldPassword: UNICODE_STRING;
  1244.     NewPassword: UNICODE_STRING;
  1245.     Impersonating: ByteBool;
  1246.   end;
  1247.   {$EXTERNALSYM _KERB_CHANGEPASSWORD_REQUEST}
  1248.   KERB_CHANGEPASSWORD_REQUEST = _KERB_CHANGEPASSWORD_REQUEST;
  1249.   {$EXTERNALSYM KERB_CHANGEPASSWORD_REQUEST}
  1250.   TKerbChangepasswordRequest = KERB_CHANGEPASSWORD_REQUEST;
  1251.   PKerbChangepasswordRequest = PKERB_CHANGEPASSWORD_REQUEST;
  1253. //
  1254. // KerbSetPassword
  1255. //
  1256. // KerbSetPassword changes the password on the KDC account plus
  1257. //  the password cache and logon credentials if applicable.
  1258. //
  1259. //
  1261.   PKERB_SETPASSWORD_REQUEST = ^KERB_SETPASSWORD_REQUEST;
  1262.   {$EXTERNALSYM PKERB_SETPASSWORD_REQUEST}
  1263.   _KERB_SETPASSWORD_REQUEST = record
  1264.     MessageType: KERB_PROTOCOL_MESSAGE_TYPE;
  1265.     LogonId: LUID;
  1266.     CredentialsHandle: SecHandle;
  1267.     Flags: ULONG;
  1268.     DomainName: UNICODE_STRING;
  1269.     AccountName: UNICODE_STRING;
  1270.     Password: UNICODE_STRING;
  1271.   end;
  1272.   {$EXTERNALSYM _KERB_SETPASSWORD_REQUEST}
  1273.   KERB_SETPASSWORD_REQUEST = _KERB_SETPASSWORD_REQUEST;
  1274.   {$EXTERNALSYM KERB_SETPASSWORD_REQUEST}
  1275.   TKerbSetpasswordRequest = KERB_SETPASSWORD_REQUEST;
  1276.   PKerbSetpasswordRequest = PKERB_SETPASSWORD_REQUEST;
  1278.   _KERB_SETPASSWORD_EX_REQUEST = record
  1279.     MessageType: KERB_PROTOCOL_MESSAGE_TYPE;
  1280.     LogonId: LUID;
  1281.     CredentialsHandle: SecHandle;
  1282.     Flags: ULONG;
  1283.     AccountRealm: UNICODE_STRING;
  1284.     AccountName: UNICODE_STRING;
  1285.     Password: UNICODE_STRING;
  1286.     ClientRealm: UNICODE_STRING;
  1287.     ClientName: UNICODE_STRING;
  1288.     Impersonating: BOOLEAN;
  1289.     KdcAddress: UNICODE_STRING;
  1290.     KdcAddressType: ULONG;
  1291.   end;
  1292.   {$EXTERNALSYM _KERB_SETPASSWORD_EX_REQUEST}
  1293.   KERB_SETPASSWORD_EX_REQUEST = _KERB_SETPASSWORD_EX_REQUEST;
  1294.   {$EXTERNALSYM KERB_SETPASSWORD_EX_REQUEST}
  1295.   PKERB_SETPASSWORD_EX_REQUEST = ^KERB_SETPASSWORD_EX_REQUEST;
  1296.   {$EXTERNALSYM PKERB_SETPASSWORD_EX_REQUEST}
  1297.   TKerbSetPasswordExRequest = KERB_SETPASSWORD_EX_REQUEST;
  1298.   PKerbSetPasswordExRequest = PKERB_SETPASSWORD_EX_REQUEST;  
  1300. const
  1301.   DS_UNKNOWN_ADDRESS_TYPE     = 0; // anything *but* IP
  1302.   {$EXTERNALSYM DS_UNKNOWN_ADDRESS_TYPE}
  1303.   KERB_SETPASS_USE_LOGONID    = 1;
  1304.   {$EXTERNALSYM KERB_SETPASS_USE_LOGONID}
  1305.   KERB_SETPASS_USE_CREDHANDLE = 2;
  1306.   {$EXTERNALSYM KERB_SETPASS_USE_CREDHANDLE}
  1308. type
  1309.   PKERB_DECRYPT_REQUEST = ^KERB_DECRYPT_REQUEST;
  1310.   {$EXTERNALSYM PKERB_DECRYPT_REQUEST}
  1311.   _KERB_DECRYPT_REQUEST = record
  1312.     MessageType: KERB_PROTOCOL_MESSAGE_TYPE;
  1313.     LogonId: LUID;
  1314.     Flags: ULONG;
  1315.     CryptoType: LONG;
  1316.     KeyUsage: LONG;
  1317.     Key: KERB_CRYPTO_KEY; // optional
  1318.     EncryptedDataSize: ULONG;
  1319.     InitialVectorSize: ULONG;
  1320.     InitialVector: PUCHAR;
  1321.     EncryptedData: PUCHAR;
  1322.   end;
  1323.   {$EXTERNALSYM _KERB_DECRYPT_REQUEST}
  1324.   KERB_DECRYPT_REQUEST = _KERB_DECRYPT_REQUEST;
  1325.   {$EXTERNALSYM KERB_DECRYPT_REQUEST}
  1326.   TKerbDecryptRequest = KERB_DECRYPT_REQUEST;
  1327.   PKerbDecryptRequest = PKERB_DECRYPT_REQUEST;
  1329. //
  1330. // If set, use the primary key from the current logon session of the one provided in the LogonId field.
  1331. // Otherwise, use the Key in the KERB_DECRYPT_MESSAGE.
  1333. const
  1334.   KERB_DECRYPT_FLAG_DEFAULT_KEY = $00000001;
  1335.   {$EXTERNALSYM KERB_DECRYPT_FLAG_DEFAULT_KEY}
  1337. type
  1338.   PKERB_DECRYPT_RESPONSE = ^KERB_DECRYPT_RESPONSE;
  1339.   {$EXTERNALSYM PKERB_DECRYPT_RESPONSE}
  1340.   _KERB_DECRYPT_RESPONSE = record
  1341.     DecryptedData: array [0..ANYSIZE_ARRAY - 1] of UCHAR;
  1342.   end;
  1343.   {$EXTERNALSYM _KERB_DECRYPT_RESPONSE}
  1344.   KERB_DECRYPT_RESPONSE = _KERB_DECRYPT_RESPONSE;
  1345.   {$EXTERNALSYM KERB_DECRYPT_RESPONSE}
  1346.   TKerbDecryptResponse = KERB_DECRYPT_RESPONSE;
  1347.   PKerbDecryptResponse = PKERB_DECRYPT_RESPONSE;
  1349. //
  1350. // Request structure for adding a binding cache entry. TCB privilege
  1351. // is required for this operation.
  1352. //
  1354.   PKERB_ADD_BINDING_CACHE_ENTRY_REQUEST = ^KERB_ADD_BINDING_CACHE_ENTRY_REQUEST;
  1355.   {$EXTERNALSYM PKERB_ADD_BINDING_CACHE_ENTRY_REQUEST}
  1356.   _KERB_ADD_BINDING_CACHE_ENTRY_REQUEST = record
  1357.     MessageType: KERB_PROTOCOL_MESSAGE_TYPE;
  1358.     RealmName: UNICODE_STRING;
  1359.     KdcAddress: UNICODE_STRING;
  1360.     AddressType: ULONG; //dsgetdc.h DS_NETBIOS_ADDRESS||DS_INET_ADDRESS
  1361.   end;
  1362.   {$EXTERNALSYM _KERB_ADD_BINDING_CACHE_ENTRY_REQUEST}
  1363.   KERB_ADD_BINDING_CACHE_ENTRY_REQUEST = _KERB_ADD_BINDING_CACHE_ENTRY_REQUEST;
  1364.   {$EXTERNALSYM KERB_ADD_BINDING_CACHE_ENTRY_REQUEST}
  1365.   TKerbAddBindingCacheEntryRequest = KERB_ADD_BINDING_CACHE_ENTRY_REQUEST;
  1366.   PKerbAddBindingCacheEntryRequest = PKERB_ADD_BINDING_CACHE_ENTRY_REQUEST;
  1368. //
  1369. // Request structure for reacquiring smartcard credentials for a 
  1370. // given LUID.
  1371. // Requires TCB.
  1372. //
  1374.   _KERB_REFRESH_SCCRED_REQUEST = record
  1375.     MessageType: KERB_PROTOCOL_MESSAGE_TYPE;
  1376.     CredentialBlob: UNICODE_STRING;  // optional
  1377.     LogonId: LUID;
  1378.     Flags: ULONG;
  1379.   end;
  1380.   {$EXTERNALSYM _KERB_REFRESH_SCCRED_REQUEST}
  1381.   KERB_REFRESH_SCCRED_REQUEST = _KERB_REFRESH_SCCRED_REQUEST;
  1382.   {$EXTERNALSYM KERB_REFRESH_SCCRED_REQUEST}
  1383.   PKERB_REFRESH_SCCRED_REQUEST = ^KERB_REFRESH_SCCRED_REQUEST;
  1384.   {$EXTERNALSYM PKERB_REFRESH_SCCRED_REQUEST}
  1385.   TKerbRefreshScCredRequest = KERB_REFRESH_SCCRED_REQUEST;
  1386.   PKerbRefreshScCredRequest = PKERB_REFRESH_SCCRED_REQUEST;  
  1388. //
  1389. // Flags for KERB_REFRESH_SCCRED_REQUEST
  1390. //
  1391. // KERB_REFRESH_SCCRED_RELEASE
  1392. //  Release the smartcard handle for LUID
  1393. //
  1394. //      KERB_REFRESH_SCCRED_GETTGT
  1395. // Use the certificate hash in the blob to get a TGT for the logon 
  1396. // session.
  1397. //
  1399. const
  1400.   KERB_REFRESH_SCCRED_RELEASE = $0;
  1401.   {$EXTERNALSYM KERB_REFRESH_SCCRED_RELEASE}
  1402.   KERB_REFRESH_SCCRED_GETTGT  = $1;
  1403.   {$EXTERNALSYM KERB_REFRESH_SCCRED_GETTGT}
  1405. //
  1406. // Request structure for adding extra Server credentials to a given
  1407. // logon session.  Only applicable during AcceptSecurityContext, and
  1408. // requires TCB to alter "other" creds
  1409. //
  1411. type
  1412.   _KERB_ADD_CREDENTIALS_REQUEST = record
  1413.     MessageType: KERB_PROTOCOL_MESSAGE_TYPE;
  1414.     UserName: UNICODE_STRING;
  1415.     DomainName: UNICODE_STRING;
  1416.     Password: UNICODE_STRING;
  1417.     LogonId: LUID; // optional
  1418.     Flags: ULONG;
  1419.   end;
  1420.   {$EXTERNALSYM _KERB_ADD_CREDENTIALS_REQUEST}
  1421.   KERB_ADD_CREDENTIALS_REQUEST = _KERB_ADD_CREDENTIALS_REQUEST;
  1422.   {$EXTERNALSYM KERB_ADD_CREDENTIALS_REQUEST}
  1423.   PKERB_ADD_CREDENTIALS_REQUEST = ^KERB_ADD_CREDENTIALS_REQUEST;
  1424.   {$EXTERNALSYM PKERB_ADD_CREDENTIALS_REQUEST}
  1425.   TKerbAddCredentialsRequest = KERB_ADD_CREDENTIALS_REQUEST;
  1426.   PKerbAddCredentialsRequest = PKERB_ADD_CREDENTIALS_REQUEST;
  1428. const
  1429.   KERB_REQUEST_ADD_CREDENTIAL     = 1;
  1430.   {$EXTERNALSYM KERB_REQUEST_ADD_CREDENTIAL}
  1431.   KERB_REQUEST_REPLACE_CREDENTIAL = 2;
  1432.   {$EXTERNALSYM KERB_REQUEST_REPLACE_CREDENTIAL}
  1433.   KERB_REQUEST_REMOVE_CREDENTIAL  = 4;
  1434.   {$EXTERNALSYM KERB_REQUEST_REMOVE_CREDENTIAL}
  1436. implementation
  1438. function LSA_SUCCESS(Error: NTSTATUS): BOOL;
  1439. begin
  1440.  Result := LONG(Error) > 0;
  1441. end;
  1443. const
  1444.   secur32 = 'secur32.dll';
  1445.   advapi32 = 'advapi32.dll';
  1448. {$IFDEF DYNAMIC_LINK}
  1449. var
  1450.   _LsaRegisterLogonProcess: Pointer;
  1452. function LsaRegisterLogonProcess;
  1453. begin
  1454.   GetProcedureAddress(_LsaRegisterLogonProcess, secur32, 'LsaRegisterLogonProcess');
  1455.   asm
  1456.     mov esp, ebp
  1457.     pop ebp
  1458.     jmp [_LsaRegisterLogonProcess]
  1459.   end;
  1460. end;
  1461. {$ELSE}
  1462. function LsaRegisterLogonProcess; external secur32 name 'LsaRegisterLogonProcess';
  1463. {$ENDIF DYNAMIC_LINK}
  1465. {$IFDEF DYNAMIC_LINK}
  1466. var
  1467.   _LsaLogonUser: Pointer;
  1469. function LsaLogonUser;
  1470. begin
  1471.   GetProcedureAddress(_LsaLogonUser, secur32, 'LsaLogonUser');
  1472.   asm
  1473.     mov esp, ebp
  1474.     pop ebp
  1475.     jmp [_LsaLogonUser]
  1476.   end;
  1477. end;
  1478. {$ELSE}
  1479. function LsaLogonUser; external secur32 name 'LsaLogonUser';
  1480. {$ENDIF DYNAMIC_LINK}
  1482. {$IFDEF DYNAMIC_LINK}
  1483. var
  1484.   _LsaLookupAuthenticationPackage: Pointer;
  1486. function LsaLookupAuthenticationPackage;
  1487. begin
  1488.   GetProcedureAddress(_LsaLookupAuthenticationPackage, secur32, 'LsaLookupAuthenticationPackage');
  1489.   asm
  1490.     mov esp, ebp
  1491.     pop ebp
  1492.     jmp [_LsaLookupAuthenticationPackage]
  1493.   end;
  1494. end;
  1495. {$ELSE}
  1496. function LsaLookupAuthenticationPackage; external secur32 name 'LsaLookupAuthenticationPackage';
  1497. {$ENDIF DYNAMIC_LINK}
  1499. {$IFDEF DYNAMIC_LINK}
  1500. var
  1501.   _LsaFreeReturnBuffer: Pointer;
  1503. function LsaFreeReturnBuffer;
  1504. begin
  1505.   GetProcedureAddress(_LsaFreeReturnBuffer, secur32, 'LsaFreeReturnBuffer');
  1506.   asm
  1507.     mov esp, ebp
  1508.     pop ebp
  1509.     jmp [_LsaFreeReturnBuffer]
  1510.   end;
  1511. end;
  1512. {$ELSE}
  1513. function LsaFreeReturnBuffer; external secur32 name 'LsaFreeReturnBuffer';
  1514. {$ENDIF DYNAMIC_LINK}
  1516. {$IFDEF DYNAMIC_LINK}
  1517. var
  1518.   _LsaCallAuthenticationPackage: Pointer;
  1520. function LsaCallAuthenticationPackage;
  1521. begin
  1522.   GetProcedureAddress(_LsaCallAuthenticationPackage, secur32, 'LsaCallAuthenticationPackage');
  1523.   asm
  1524.     mov esp, ebp
  1525.     pop ebp
  1526.     jmp [_LsaCallAuthenticationPackage]
  1527.   end;
  1528. end;
  1529. {$ELSE}
  1530. function LsaCallAuthenticationPackage; external secur32 name 'LsaCallAuthenticationPackage';
  1531. {$ENDIF DYNAMIC_LINK}
  1533. {$IFDEF DYNAMIC_LINK}
  1534. var
  1535.   _LsaDeregisterLogonProcess: Pointer;
  1537. function LsaDeregisterLogonProcess;
  1538. begin
  1539.   GetProcedureAddress(_LsaDeregisterLogonProcess, secur32, 'LsaDeregisterLogonProcess');
  1540.   asm
  1541.     mov esp, ebp
  1542.     pop ebp
  1543.     jmp [_LsaDeregisterLogonProcess]
  1544.   end;
  1545. end;
  1546. {$ELSE}
  1547. function LsaDeregisterLogonProcess; external secur32 name 'LsaDeregisterLogonProcess';
  1548. {$ENDIF DYNAMIC_LINK}
  1550. {$IFDEF DYNAMIC_LINK}
  1551. var
  1552.   _LsaConnectUntrusted: Pointer;
  1554. function LsaConnectUntrusted;
  1555. begin
  1556.   GetProcedureAddress(_LsaConnectUntrusted, secur32, 'LsaConnectUntrusted');
  1557.   asm
  1558.     mov esp, ebp
  1559.     pop ebp
  1560.     jmp [_LsaConnectUntrusted]
  1561.   end;
  1562. end;
  1563. {$ELSE}
  1564. function LsaConnectUntrusted; external secur32 name 'LsaConnectUntrusted';
  1565. {$ENDIF DYNAMIC_LINK}
  1568. {$IFDEF DYNAMIC_LINK}
  1569. var
  1570.   _LsaFreeMemory: Pointer;
  1572. function LsaFreeMemory;
  1573. begin
  1574.   GetProcedureAddress(_LsaFreeMemory, advapi32, 'LsaFreeMemory');
  1575.   asm
  1576.     mov esp, ebp
  1577.     pop ebp
  1578.     jmp [_LsaFreeMemory]
  1579.   end;
  1580. end;
  1581. {$ELSE}
  1582. function LsaFreeMemory; external advapi32 name 'LsaFreeMemory';
  1583. {$ENDIF DYNAMIC_LINK}
  1585. {$IFDEF DYNAMIC_LINK}
  1586. var
  1587.   _LsaClose: Pointer;
  1589. function LsaClose;
  1590. begin
  1591.   GetProcedureAddress(_LsaClose, advapi32, 'LsaClose');
  1592.   asm
  1593.     mov esp, ebp
  1594.     pop ebp
  1595.     jmp [_LsaClose]
  1596.   end;
  1597. end;
  1598. {$ELSE}
  1599. function LsaClose; external advapi32 name 'LsaClose';
  1600. {$ENDIF DYNAMIC_LINK}
  1602. {$IFDEF DYNAMIC_LINK}
  1603. var
  1604.   _LsaOpenPolicy: Pointer;
  1606. function LsaOpenPolicy;
  1607. begin
  1608.   GetProcedureAddress(_LsaOpenPolicy, advapi32, 'LsaOpenPolicy');
  1609.   asm
  1610.     mov esp, ebp
  1611.     pop ebp
  1612.     jmp [_LsaOpenPolicy]
  1613.   end;
  1614. end;
  1615. {$ELSE}
  1616. function LsaOpenPolicy; external advapi32 name 'LsaOpenPolicy';
  1617. {$ENDIF DYNAMIC_LINK}
  1619. {$IFDEF DYNAMIC_LINK}
  1620. var
  1621.   _LsaEnumerateLogonSessions: Pointer;
  1623. function LsaEnumerateLogonSessions;
  1624. begin
  1625.   GetProcedureAddress(_LsaEnumerateLogonSessions, secur32, 'LsaEnumerateLogonSessions');
  1626.   asm
  1627.     mov esp, ebp
  1628.     pop ebp
  1629.     jmp [_LsaEnumerateLogonSessions]
  1630.   end;
  1631. end;
  1632. {$ELSE}
  1633. function LsaEnumerateLogonSessions; external secur32 name 'LsaEnumerateLogonSessions';
  1634. {$ENDIF DYNAMIC_LINK}
  1636. {$IFDEF DYNAMIC_LINK}
  1637. var
  1638.   _LsaGetLogonSessionData: Pointer;
  1640. function LsaGetLogonSessionData;
  1641. begin
  1642.   GetProcedureAddress(_LsaGetLogonSessionData, secur32, 'LsaGetLogonSessionData');
  1643.   asm
  1644.     mov esp, ebp
  1645.     pop ebp
  1646.     jmp [_LsaGetLogonSessionData]
  1647.   end;
  1648. end;
  1649. {$ELSE}
  1650. function LsaGetLogonSessionData; external secur32 name 'LsaGetLogonSessionData';
  1651. {$ENDIF DYNAMIC_LINK}
  1654. {$IFDEF DYNAMIC_LINK}
  1655. var
  1656.   _LsaQueryInformationPolicy: Pointer;
  1658. function LsaQueryInformationPolicy;
  1659. begin
  1660.   GetProcedureAddress(_LsaQueryInformationPolicy, advapi32, 'LsaQueryInformationPolicy');
  1661.   asm
  1662.     mov esp, ebp
  1663.     pop ebp
  1664.     jmp [_LsaQueryInformationPolicy]
  1665.   end;
  1666. end;
  1667. {$ELSE}
  1668. function LsaQueryInformationPolicy; external advapi32 name 'LsaQueryInformationPolicy';
  1669. {$ENDIF DYNAMIC_LINK}
  1671. {$IFDEF DYNAMIC_LINK}
  1672. var
  1673.   _LsaSetInformationPolicy: Pointer;
  1675. function LsaSetInformationPolicy;
  1676. begin
  1677.   GetProcedureAddress(_LsaSetInformationPolicy, advapi32, 'LsaSetInformationPolicy');
  1678.   asm
  1679.     mov esp, ebp
  1680.     pop ebp
  1681.     jmp [_LsaSetInformationPolicy]
  1682.   end;
  1683. end;
  1684. {$ELSE}
  1685. function LsaSetInformationPolicy; external advapi32 name 'LsaSetInformationPolicy';
  1686. {$ENDIF DYNAMIC_LINK}
  1688. {$IFDEF DYNAMIC_LINK}
  1689. var
  1690.   _LsaQueryDomainInformationPolicy: Pointer;
  1692. function LsaQueryDomainInformationPolicy;
  1693. begin
  1694.   GetProcedureAddress(_LsaQueryDomainInformationPolicy, advapi32, 'LsaQueryDomainInformationPolicy');
  1695.   asm
  1696.     mov esp, ebp
  1697.     pop ebp
  1698.     jmp [_LsaQueryDomainInformationPolicy]
  1699.   end;
  1700. end;
  1701. {$ELSE}
  1702. function LsaQueryDomainInformationPolicy; external advapi32 name 'LsaQueryDomainInformationPolicy';
  1703. {$ENDIF DYNAMIC_LINK}
  1705. {$IFDEF DYNAMIC_LINK}
  1706. var
  1707.   _LsaSetDomainInformationPolicy: Pointer;
  1709. function LsaSetDomainInformationPolicy;
  1710. begin
  1711.   GetProcedureAddress(_LsaSetDomainInformationPolicy, advapi32, 'LsaSetDomainInformationPolicy');
  1712.   asm
  1713.     mov esp, ebp
  1714.     pop ebp
  1715.     jmp [_LsaSetDomainInformationPolicy]
  1716.   end;
  1717. end;
  1718. {$ELSE}
  1719. function LsaSetDomainInformationPolicy; external advapi32 name 'LsaSetDomainInformationPolicy';
  1720. {$ENDIF DYNAMIC_LINK}
  1722. {$IFDEF DYNAMIC_LINK}
  1723. var
  1724.   _LsaRegisterPolicyChangeNot: Pointer;
  1726. function LsaRegisterPolicyChangeNotification;
  1727. begin
  1728.   GetProcedureAddress(_LsaRegisterPolicyChangeNot, secur32, 'LsaRegisterPolicyChangeNotification');
  1729.   asm
  1730.     mov esp, ebp
  1731.     pop ebp
  1732.     jmp [_LsaRegisterPolicyChangeNot]
  1733.   end;
  1734. end;
  1735. {$ELSE}
  1736. function LsaRegisterPolicyChangeNotification; external secur32 name 'LsaRegisterPolicyChangeNotification';
  1737. {$ENDIF DYNAMIC_LINK}
  1739. {$IFDEF DYNAMIC_LINK}
  1740. var
  1741.   _LsaUnregisterPolicyChangeNot: Pointer;
  1743. function LsaUnregisterPolicyChangeNotification;
  1744. begin
  1745.   GetProcedureAddress(_LsaUnregisterPolicyChangeNot, secur32, 'LsaUnregisterPolicyChangeNotification');
  1746.   asm
  1747.     mov esp, ebp
  1748.     pop ebp
  1749.     jmp [_LsaUnregisterPolicyChangeNot]
  1750.   end;
  1751. end;
  1752. {$ELSE}
  1753. function LsaUnregisterPolicyChangeNotification; external secur32 name 'LsaUnregisterPolicyChangeNotification';
  1754. {$ENDIF DYNAMIC_LINK}
  1756. {$IFDEF DYNAMIC_LINK}
  1757. var
  1758.   _LsaEnumerateTrustedDomains: Pointer;
  1760. function LsaEnumerateTrustedDomains;
  1761. begin
  1762.   GetProcedureAddress(_LsaEnumerateTrustedDomains, advapi32, 'LsaEnumerateTrustedDomains');
  1763.   asm
  1764.     mov esp, ebp
  1765.     pop ebp
  1766.     jmp [_LsaEnumerateTrustedDomains]
  1767.   end;
  1768. end;
  1769. {$ELSE}
  1770. function LsaEnumerateTrustedDomains; external advapi32 name 'LsaEnumerateTrustedDomains';
  1771. {$ENDIF DYNAMIC_LINK}
  1773. {$IFDEF DYNAMIC_LINK}
  1774. var
  1775.   _LsaLookupNames: Pointer;
  1777. function LsaLookupNames;
  1778. begin
  1779.   GetProcedureAddress(_LsaLookupNames, advapi32, 'LsaLookupNames');
  1780.   asm
  1781.     mov esp, ebp
  1782.     pop ebp
  1783.     jmp [_LsaLookupNames]
  1784.   end;
  1785. end;
  1786. {$ELSE}
  1787. function LsaLookupNames; external advapi32 name 'LsaLookupNames';
  1788. {$ENDIF DYNAMIC_LINK}
  1790. {$IFDEF DYNAMIC_LINK}
  1791. var
  1792.   _LsaLookupNames2: Pointer;
  1794. function LsaLookupNames2;
  1795. begin
  1796.   GetProcedureAddress(_LsaLookupNames2, advapi32, 'LsaLookupNames2');
  1797.   asm
  1798.     mov esp, ebp
  1799.     pop ebp
  1800.     jmp [_LsaLookupNames2]
  1801.   end;
  1802. end;
  1803. {$ELSE}
  1804. function LsaLookupNames2; external advapi32 name 'LsaLookupNames2';
  1805. {$ENDIF DYNAMIC_LINK}
  1807. {$IFDEF DYNAMIC_LINK}
  1808. var
  1809.   _LsaLookupSids: Pointer;
  1811. function LsaLookupSids;
  1812. begin
  1813.   GetProcedureAddress(_LsaLookupSids, advapi32, 'LsaLookupSids');
  1814.   asm
  1815.     mov esp, ebp
  1816.     pop ebp
  1817.     jmp [_LsaLookupSids]
  1818.   end;
  1819. end;
  1820. {$ELSE}
  1821. function LsaLookupSids; external advapi32 name 'LsaLookupSids';
  1822. {$ENDIF DYNAMIC_LINK}
  1825. {$IFDEF DYNAMIC_LINK}
  1826. var
  1827.   _LsaEnumAccountsWithUserRight: Pointer;
  1829. function LsaEnumerateAccountsWithUserRight;
  1830. begin
  1831.   GetProcedureAddress(_LsaEnumAccountsWithUserRight, advapi32, 'LsaEnumerateAccountsWithUserRight');
  1832.   asm
  1833.     mov esp, ebp
  1834.     pop ebp
  1835.     jmp [_LsaEnumAccountsWithUserRight]
  1836.   end;
  1837. end;
  1838. {$ELSE}
  1839. function LsaEnumerateAccountsWithUserRight; external advapi32 name 'LsaEnumerateAccountsWithUserRight';
  1840. {$ENDIF DYNAMIC_LINK}
  1842. {$IFDEF DYNAMIC_LINK}
  1843. var
  1844.   _LsaEnumerateAccountRights: Pointer;
  1846. function LsaEnumerateAccountRights;
  1847. begin
  1848.   GetProcedureAddress(_LsaEnumerateAccountRights, advapi32, 'LsaEnumerateAccountRights');
  1849.   asm
  1850.     mov esp, ebp
  1851.     pop ebp
  1852.     jmp [_LsaEnumerateAccountRights]
  1853.   end;
  1854. end;
  1855. {$ELSE}
  1856. function LsaEnumerateAccountRights; external advapi32 name 'LsaEnumerateAccountRights';
  1857. {$ENDIF DYNAMIC_LINK}
  1859. {$IFDEF DYNAMIC_LINK}
  1860. var
  1861.   _LsaAddAccountRights: Pointer;
  1863. function LsaAddAccountRights;
  1864. begin
  1865.   GetProcedureAddress(_LsaAddAccountRights, advapi32, 'LsaAddAccountRights');
  1866.   asm
  1867.     mov esp, ebp
  1868.     pop ebp
  1869.     jmp [_LsaAddAccountRights]
  1870.   end;
  1871. end;
  1872. {$ELSE}
  1873. function LsaAddAccountRights; external advapi32 name 'LsaAddAccountRights';
  1874. {$ENDIF DYNAMIC_LINK}
  1876. {$IFDEF DYNAMIC_LINK}
  1877. var
  1878.   _LsaRemoveAccountRights: Pointer;
  1880. function LsaRemoveAccountRights;
  1881. begin
  1882.   GetProcedureAddress(_LsaRemoveAccountRights, advapi32, 'LsaRemoveAccountRights');
  1883.   asm
  1884.     mov esp, ebp
  1885.     pop ebp
  1886.     jmp [_LsaRemoveAccountRights]
  1887.   end;
  1888. end;
  1889. {$ELSE}
  1890. function LsaRemoveAccountRights; external advapi32 name 'LsaRemoveAccountRights';
  1891. {$ENDIF DYNAMIC_LINK}
  1893. {$IFDEF DYNAMIC_LINK}
  1894. var
  1895.   _LsaOpenTrustedDomainByName: Pointer;
  1897. function LsaOpenTrustedDomainByName;
  1898. begin
  1899.   GetProcedureAddress(_LsaOpenTrustedDomainByName, advapi32, 'LsaOpenTrustedDomainByName');
  1900.   asm
  1901.     mov esp, ebp
  1902.     pop ebp
  1903.     jmp [_LsaOpenTrustedDomainByName]
  1904.   end;
  1905. end;
  1906. {$ELSE}
  1907. function LsaOpenTrustedDomainByName; external advapi32 name 'LsaOpenTrustedDomainByName';
  1908. {$ENDIF DYNAMIC_LINK}
  1910. {$IFDEF DYNAMIC_LINK}
  1911. var
  1912.   _LsaQueryTrustedDomainInfo: Pointer;
  1914. function LsaQueryTrustedDomainInfo;
  1915. begin
  1916.   GetProcedureAddress(_LsaQueryTrustedDomainInfo, advapi32, 'LsaQueryTrustedDomainInfo');
  1917.   asm
  1918.     mov esp, ebp
  1919.     pop ebp
  1920.     jmp [_LsaQueryTrustedDomainInfo]
  1921.   end;
  1922. end;
  1923. {$ELSE}
  1924. function LsaQueryTrustedDomainInfo; external advapi32 name 'LsaQueryTrustedDomainInfo';
  1925. {$ENDIF DYNAMIC_LINK}
  1927. {$IFDEF DYNAMIC_LINK}
  1928. var
  1929.   _LsaSetTrustedDomainInformation: Pointer;
  1931. function LsaSetTrustedDomainInformation;
  1932. begin
  1933.   GetProcedureAddress(_LsaSetTrustedDomainInformation, advapi32, 'LsaSetTrustedDomainInformation');
  1934.   asm
  1935.     mov esp, ebp
  1936.     pop ebp
  1937.     jmp [_LsaSetTrustedDomainInformation]
  1938.   end;
  1939. end;
  1940. {$ELSE}
  1941. function LsaSetTrustedDomainInformation; external advapi32 name 'LsaSetTrustedDomainInformation';
  1942. {$ENDIF DYNAMIC_LINK}
  1944. {$IFDEF DYNAMIC_LINK}
  1945. var
  1946.   _LsaDeleteTrustedDomain: Pointer;
  1948. function LsaDeleteTrustedDomain;
  1949. begin
  1950.   GetProcedureAddress(_LsaDeleteTrustedDomain, advapi32, 'LsaDeleteTrustedDomain');
  1951.   asm
  1952.     mov esp, ebp
  1953.     pop ebp
  1954.     jmp [_LsaDeleteTrustedDomain]
  1955.   end;
  1956. end;
  1957. {$ELSE}
  1958. function LsaDeleteTrustedDomain; external advapi32 name 'LsaDeleteTrustedDomain';
  1959. {$ENDIF DYNAMIC_LINK}
  1961. {$IFDEF DYNAMIC_LINK}
  1962. var
  1963.   _LsaQueryTrustedDomainInfoByName: Pointer;
  1965. function LsaQueryTrustedDomainInfoByName;
  1966. begin
  1967.   GetProcedureAddress(_LsaQueryTrustedDomainInfoByName, advapi32, 'LsaQueryTrustedDomainInfoByName');
  1968.   asm
  1969.     mov esp, ebp
  1970.     pop ebp
  1971.     jmp [_LsaQueryTrustedDomainInfoByName]
  1972.   end;
  1973. end;
  1974. {$ELSE}
  1975. function LsaQueryTrustedDomainInfoByName; external advapi32 name 'LsaQueryTrustedDomainInfoByName';
  1976. {$ENDIF DYNAMIC_LINK}
  1978. {$IFDEF DYNAMIC_LINK}
  1979. var
  1980.   _LsaSetTrustedDomainInfoByName: Pointer;
  1982. function LsaSetTrustedDomainInfoByName;
  1983. begin
  1984.   GetProcedureAddress(_LsaSetTrustedDomainInfoByName, advapi32, 'LsaSetTrustedDomainInfoByName');
  1985.   asm
  1986.     mov esp, ebp
  1987.     pop ebp
  1988.     jmp [_LsaSetTrustedDomainInfoByName]
  1989.   end;
  1990. end;
  1991. {$ELSE}
  1992. function LsaSetTrustedDomainInfoByName; external advapi32 name 'LsaSetTrustedDomainInfoByName';
  1993. {$ENDIF DYNAMIC_LINK}
  1995. {$IFDEF DYNAMIC_LINK}
  1996. var
  1997.   _LsaEnumerateTrustedDomainsEx: Pointer;
  1999. function LsaEnumerateTrustedDomainsEx;
  2000. begin
  2001.   GetProcedureAddress(_LsaEnumerateTrustedDomainsEx, advapi32, 'LsaEnumerateTrustedDomainsEx');
  2002.   asm
  2003.     mov esp, ebp
  2004.     pop ebp
  2005.     jmp [_LsaEnumerateTrustedDomainsEx]
  2006.   end;
  2007. end;
  2008. {$ELSE}
  2009. function LsaEnumerateTrustedDomainsEx; external advapi32 name 'LsaEnumerateTrustedDomainsEx';
  2010. {$ENDIF DYNAMIC_LINK}
  2012. {$IFDEF DYNAMIC_LINK}
  2013. var
  2014.   _LsaCreateTrustedDomainEx: Pointer;
  2016. function LsaCreateTrustedDomainEx;
  2017. begin
  2018.   GetProcedureAddress(_LsaCreateTrustedDomainEx, advapi32, 'LsaCreateTrustedDomainEx');
  2019.   asm
  2020.     mov esp, ebp
  2021.     pop ebp
  2022.     jmp [_LsaCreateTrustedDomainEx]
  2023.   end;
  2024. end;
  2025. {$ELSE}
  2026. function LsaCreateTrustedDomainEx; external advapi32 name 'LsaCreateTrustedDomainEx';
  2027. {$ENDIF DYNAMIC_LINK}
  2029. {$IFDEF DYNAMIC_LINK}
  2030. var
  2031.   _LsaQueryForestTrustInformation: Pointer;
  2033. function LsaQueryForestTrustInformation;
  2034. begin
  2035.   GetProcedureAddress(_LsaQueryForestTrustInformation, advapi32, 'LsaQueryForestTrustInformation');
  2036.   asm
  2037.     mov esp, ebp
  2038.     pop ebp
  2039.     jmp [_LsaQueryForestTrustInformation]
  2040.   end;
  2041. end;
  2042. {$ELSE}
  2043. function LsaQueryForestTrustInformation; external advapi32 name 'LsaQueryForestTrustInformation';
  2044. {$ENDIF DYNAMIC_LINK}
  2046. {$IFDEF DYNAMIC_LINK}
  2047. var
  2048.   _LsaSetForestTrustInformation: Pointer;
  2050. function LsaSetForestTrustInformation;
  2051. begin
  2052.   GetProcedureAddress(_LsaSetForestTrustInformation, advapi32, 'LsaSetForestTrustInformation');
  2053.   asm
  2054.     mov esp, ebp
  2055.     pop ebp
  2056.     jmp [_LsaSetForestTrustInformation]
  2057.   end;
  2058. end;
  2059. {$ELSE}
  2060. function LsaSetForestTrustInformation; external advapi32 name 'LsaSetForestTrustInformation';
  2061. {$ENDIF DYNAMIC_LINK}
  2063. {$IFDEF DYNAMIC_LINK}
  2064. var
  2065.   _LsaStorePrivateData: Pointer;
  2067. function LsaStorePrivateData;
  2068. begin
  2069.   GetProcedureAddress(_LsaStorePrivateData, advapi32, 'LsaStorePrivateData');
  2070.   asm
  2071.     mov esp, ebp
  2072.     pop ebp
  2073.     jmp [_LsaStorePrivateData]
  2074.   end;
  2075. end;
  2076. {$ELSE}
  2077. function LsaStorePrivateData; external advapi32 name 'LsaStorePrivateData';
  2078. {$ENDIF DYNAMIC_LINK}
  2080. {$IFDEF DYNAMIC_LINK}
  2081. var
  2082.   _LsaRetrievePrivateData: Pointer;
  2084. function LsaRetrievePrivateData;
  2085. begin
  2086.   GetProcedureAddress(_LsaRetrievePrivateData, advapi32, 'LsaRetrievePrivateData');
  2087.   asm
  2088.     mov esp, ebp
  2089.     pop ebp
  2090.     jmp [_LsaRetrievePrivateData]
  2091.   end;
  2092. end;
  2093. {$ELSE}
  2094. function LsaRetrievePrivateData; external advapi32 name 'LsaRetrievePrivateData';
  2095. {$ENDIF DYNAMIC_LINK}
  2097. {$IFDEF DYNAMIC_LINK}
  2098. var
  2099.   _LsaNtStatusToWinError: Pointer;
  2101. function LsaNtStatusToWinError;
  2102. begin
  2103.   GetProcedureAddress(_LsaNtStatusToWinError, advapi32, 'LsaNtStatusToWinError');
  2104.   asm
  2105.     mov esp, ebp
  2106.     pop ebp
  2107.     jmp [_LsaNtStatusToWinError]
  2108.   end;
  2109. end;
  2110. {$ELSE}
  2111. function LsaNtStatusToWinError; external advapi32 name 'LsaNtStatusToWinError';
  2112. {$ENDIF DYNAMIC_LINK}
  2114. end.