ntdsapi.pas

详细Windows API大全有关知识以及相关问题

//
//      DsBind will attempt to find to a global catalog and fail if one
//      can not be found.  
//
//      Mutual authentication will be performed using an SPN of
//      GC/DnsHostName/ForestName where DnsHostName and ForestName
//      represent the DomainControllerName and DnsForestName fields
//      respectively of the DOMAIN_CONTROLLER_INFO returned by the
//      DsGetDcName call used to find a global catalog.
//
// DomainControllerName(NULL), DnsDomainName(value)
//
//      DsBind will attempt to find a domain controller for the domain
//      identified by DnsDomainName and fail if one can not be found.
//
//      Mutual authentication will be performed using an SPN of
//      LDAP/DnsHostName/DnsDomainName where DnsDomainName is that
//      provided by the caller and DnsHostName is that returned by
//      DsGetDcName for the domain specified - provided DnsDomainName
//      is a valid DNS domain name - i.e. not a NETBIOS domain name.

function DsBindA(DomainControllerName: LPCSTR; DnsDomainName: LPCSTR;
  var phDS: HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsBindA}
function DsBindW(DomainControllerName: LPCWSTR; DnsDomainName: LPCWSTR;
  var phDS: HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsBindW}

{$IFDEF UNICODE}
function DsBind(DomainControllerName: LPCSTR; DnsDomainName: LPCSTR;
  var phDS: HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsBind}
{$ELSE}
function DsBind(DomainControllerName: LPCWSTR; DnsDomainName: LPCWSTR;
  var phDS: HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsBind}
{$ENDIF}

function DsBindWithCredA(DomainControllerName: LPCSTR; DnsDomainName: LPCSTR;
  AuthIdentity: RPC_AUTH_IDENTITY_HANDLE; var phDS: HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsBindWithCredA}
function DsBindWithCredW(DomainControllerName: LPCWSTR; DnsDomainName: LPCWSTR;
  AuthIdentity: RPC_AUTH_IDENTITY_HANDLE; var phDS: HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsBindWithCredW}

{$IFDEF UNICODE}
function DsBindWithCred(DomainControllerName: LPCWSTR; DnsDomainName: LPCWSTR;
  AuthIdentity: RPC_AUTH_IDENTITY_HANDLE; var phDS: HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsBindWithCred}
{$ELSE}
function DsBindWithCred(DomainControllerName: LPCSTR; DnsDomainName: LPCSTR;
  AuthIdentity: RPC_AUTH_IDENTITY_HANDLE; var phDS: HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsBindWithCred}
{$ENDIF}

//
// DsBindWithSpn{A|W} allows the caller to specify the service principal
// name (SPN) which will be used for mutual authentication against
// the destination server.  Do not provide an SPN if you are expecting
// DsBind to find a server for you as SPNs are machine specific and its
// unlikely the SPN you provide matches the server DsBind finds for you.
// Providing a NULL ServicePrincipalName argument results in behavior
// identical to DsBindWithCred{A|W}.
//

function DsBindWithSpnA(DomainControllerName: LPCSTR; DnsDomainName: LPCSTR;
  AuthIdentity: RPC_AUTH_IDENTITY_HANDLE; ServicePrincipalName: LPCSTR;
  var phDS: HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsBindWithSpnA}
function DsBindWithSpnW(DomainControllerName: LPCWSTR; DnsDomainName: LPCWSTR;
  AuthIdentity: RPC_AUTH_IDENTITY_HANDLE; ServicePrincipalName: LPCWSTR;
  var phDS: HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsBindWithSpnW}

{$IFDEF UNICODE}
function DsBindWithSpn(DomainControllerName: LPCWSTR; DnsDomainName: LPCWSTR;
  AuthIdentity: RPC_AUTH_IDENTITY_HANDLE; ServicePrincipalName: LPCWSTR;
  var phDS: HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsBindWithSpn}
{$ELSE}
function DsBindWithSpn(DomainControllerName: LPCSTR; DnsDomainName: LPCSTR;
  AuthIdentity: RPC_AUTH_IDENTITY_HANDLE; ServicePrincipalName: LPCSTR;
  var phDS: HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsBindWithSpn}
{$ENDIF}

//
// DsUnBind
//

function DsUnBindA(var phDS: HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsUnBindA}
function DsUnBindW(var phDS: HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsUnBindW}

{$IFDEF UNICODE}
function DsUnBind(var phDS: HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsUnBind}
{$ELSE}
function DsUnBind(var phDS: HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsUnBind}
{$ENDIF}

//
// DsMakePasswordCredentials
//
// This function constructs a credential structure which is suitable for input
// to the DsBindWithCredentials function, or the ldap_open function (winldap.h)
// The credential must be freed using DsFreeCredential.
//
// None of the input parameters may be present indicating a null, default
// credential.  Otherwise the username must be present.  If the domain or
// password are null, they default to empty strings.  The domain name may be
// null when the username is fully qualified, for example UPN format.
//

function DsMakePasswordCredentialsA(User: LPCSTR; Domain: LPCSTR;
  Password: LPCSTR; var pAuthIdentity: RPC_AUTH_IDENTITY_HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsMakePasswordCredentialsA}
function DsMakePasswordCredentialsW(User: LPCWSTR; Domain: LPCWSTR;
  Password: LPCWSTR; var pAuthIdentity: RPC_AUTH_IDENTITY_HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsMakePasswordCredentialsW}

{$IFDEF UNICODE}
function DsMakePasswordCredentials(User: LPCWSTR; Domain: LPCWSTR;
  Password: LPCWSTR; var pAuthIdentity: RPC_AUTH_IDENTITY_HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsMakePasswordCredentials}
{$ELSE}
function DsMakePasswordCredentials(User: LPCSTR; Domain: LPCSTR;
  Password: LPCSTR; var pAuthIdentity: RPC_AUTH_IDENTITY_HANDLE): DWORD; stdcall;
{$EXTERNALSYM DsMakePasswordCredentials}
{$ENDIF}

procedure DsFreePasswordCredentials(AuthIdentity: RPC_AUTH_IDENTITY_HANDLE); stdcall;
{$EXTERNALSYM DsFreePasswordCredentials}

procedure DsFreePasswordCredentialsA(AuthIdentity: RPC_AUTH_IDENTITY_HANDLE); stdcall;
{$EXTERNALSYM DsFreePasswordCredentialsA}
procedure DsFreePasswordCredentialsW(AuthIdentity: RPC_AUTH_IDENTITY_HANDLE); stdcall;
{$EXTERNALSYM DsFreePasswordCredentialsW}

//
// DsCrackNames
//

function DsCrackNamesA(hDS: HANDLE; flags: DS_NAME_FLAGS;
  formatOffered: DS_NAME_FORMAT; formatDesired: DS_NAME_FORMAT; cNames: DWORD;
  rpNames: LPCSTR; var ppResult: PDS_NAME_RESULTA): DWORD; stdcall;
{$EXTERNALSYM DsCrackNamesA}
function DsCrackNamesW(hDS: HANDLE; flags: DS_NAME_FLAGS;
  formatOffered: DS_NAME_FORMAT; formatDesired: DS_NAME_FORMAT; cNames: DWORD;
  rpNames: LPCWSTR; var ppResult: PDS_NAME_RESULTW): DWORD; stdcall;
{$EXTERNALSYM DsCrackNamesW}

{$IFDEF UNICODE}
function DsCrackNames(hDS: HANDLE; flags: DS_NAME_FLAGS;
  formatOffered: DS_NAME_FORMAT; formatDesired: DS_NAME_FORMAT; cNames: DWORD;
  rpNames: LPCWSTR; var ppResult: PDS_NAME_RESULTW): DWORD; stdcall;
{$EXTERNALSYM DsCrackNames}
{$ELSE}
function DsCrackNames(hDS: HANDLE; flags: DS_NAME_FLAGS;
  formatOffered: DS_NAME_FORMAT; formatDesired: DS_NAME_FORMAT; cNames: DWORD;
  rpNames: LPCSTR; var ppResult: PDS_NAME_RESULTA): DWORD; stdcall;
{$EXTERNALSYM DsCrackNames}
{$ENDIF}

//
// DsFreeNameResult
//

procedure DsFreeNameResultA(pResult: PDS_NAME_RESULTA); stdcall;
{$EXTERNALSYM DsFreeNameResultA}
procedure DsFreeNameResultW(pResult: PDS_NAME_RESULTW); stdcall;
{$EXTERNALSYM DsFreeNameResultW}

{$IFDEF UNICODE}
procedure DsFreeNameResult(pResult: PDS_NAME_RESULTW); stdcall;
{$EXTERNALSYM DsFreeNameResult}
{$ELSE}
procedure DsFreeNameResult(pResult: PDS_NAME_RESULTA); stdcall;
{$EXTERNALSYM DsFreeNameResult}
{$ENDIF}

// ==========================================================
// DSMakeSpn -- client call to create SPN for a service to which it wants to
// authenticate.
// This name is then passed to "pszTargetName" of InitializeSecurityContext().
//
// Notes:
// If the service name is a DNS host name, or canonical DNS service name
// e.g. "www.ms.com", i.e., caller resolved with gethostbyname, then instance
// name should be NULL.
// Realm is host name minus first component, unless it is in the exception list
//
// If the service name is NetBIOS machine name, then instance name should be
// NULL
// Form must be <domain>\<machine>
// Realm will be <domain>
//
// If the service name is that of a replicated service, where each replica has
// its own account (e.g., with SRV records) then the caller must supply the
// instance name then realm name is same as ServiceName
//
// If the service name is a DN, then must also supply instance name
// (DN could be name of service object (incl RPC or Winsock), name of machine
// account, name of domain object)
// then realm name is domain part of the DN
//
// If the service name is NetBIOS domain name, then must also supply instance
// name; realm name is domain name
//
// If the service is named by an IP address -- then use referring service name
// as service name
//
//  ServiceClass - e.g. "http", "ftp", "ldap", GUID
//  ServiceName - DNS or DN; assumes we can compute domain from service name
//  InstanceName OPTIONAL- DNS name of host for instance of service
//  InstancePort - port number for instance (0 if default)
//  Referrer OPTIONAL- DNS name of host that gave this referral
//  pcSpnLength - in -- max length IN CHARACTERS of principal name;
//                out -- actual
//                Length includes terminator
//  pszSPN - server principal name
//
// If buffer is not large enough, ERROR_BUFFER_OVERFLOW is returned and the
// needed length is returned in pcSpnLength.
//
//

function DsMakeSpnA(ServiceClass: LPCSTR; ServiceName: LPCSTR;
  InstanceName: LPCSTR; InstancePort: USHORT; Referrer: LPCSTR;
  var pcSpnLength: DWORD; pszSpn: LPSTR): DWORD; stdcall;
{$EXTERNALSYM DsMakeSpnA}
function DsMakeSpnW(ServiceClass: LPCWSTR; ServiceName: LPCWSTR;
  InstanceName: LPCWSTR; InstancePort: USHORT; Referrer: LPCWSTR;
  var pcSpnLength: DWORD; pszSpn: LPWSTR): DWORD; stdcall;
{$EXTERNALSYM DsMakeSpnW}

{$IFDEF UNICODE}
function DsMakeSpn(ServiceClass: LPCWSTR; ServiceName: LPCWSTR;
  InstanceName: LPCWSTR; InstancePort: USHORT; Referrer: LPCWSTR;
  var pcSpnLength: DWORD; pszSpn: LPWSTR): DWORD; stdcall;
{$EXTERNALSYM DsMakeSpn}
{$ELSE}
function DsMakeSpn(ServiceClass: LPCSTR; ServiceName: LPCSTR;
  InstanceName: LPCSTR; InstancePort: USHORT; Referrer: LPCSTR;
  var pcSpnLength: DWORD; pszSpn: LPSTR): DWORD; stdcall;
{$EXTERNALSYM DsMakeSpn}
{$ENDIF}

// ==========================================================
// DsGetSPN -- server's call to gets SPNs for a service name by which it is
// known to clients. N.B.: there may be more than one name by which clients
// know it the SPNs are then passed to DsAddAccountSpn to register them in
// the DS
//
//      IN SpnNameType eType,
//      IN LPCTSTR ServiceClass,
// kind of service -- "http", "ldap", "ftp", etc.
//      IN LPCTSTR ServiceName OPTIONAL,
// name of service -- DN or DNS; not needed for host-based
//      IN USHORT InstancePort,
// port number (0 => default) for instances
//      IN USHORT cInstanceNames,
// count of extra instance names and ports (0=>use gethostbyname)
//      IN LPCTSTR InstanceNames[] OPTIONAL,
// extra instance names (not used for host names)
//      IN USHORT InstancePorts[] OPTIONAL,
// extra instance ports (0 => default)
//      IN OUT PULONG pcSpn,    // count of SPNs
//      IN OUT LPTSTR * prpszSPN[]
// a bunch of SPNs for this service; free with DsFreeSpnArray

function DsGetSpnA(ServiceType: DS_SPN_NAME_TYPE; ServiceClass: LPCSTR;
  ServiceName: LPCSTR; InstancePort: USHORT; cInstanceNames: USHORT;
  pInstanceNames: LPCSTR; pInstancePorts: PUSHORT; var pcSpn: DWORD;
  var prpszSpn: LPSTR): DWORD; stdcall;
{$EXTERNALSYM DsGetSpnA}
function DsGetSpnW(ServiceType: DS_SPN_NAME_TYPE; ServiceClass: LPCWSTR;
  ServiceName: LPCWSTR; InstancePort: USHORT; cInstanceNames: USHORT;
  pInstanceNames: LPCWSTR; pInstancePorts: PUSHORT; var pcSpn: DWORD;
  var prpszSpn: LPWSTR): DWORD; stdcall;
{$EXTERNALSYM DsGetSpnW}

{$IFDEF UNICODE}
function DsGetSpn(ServiceType: DS_SPN_NAME_TYPE; ServiceClass: LPCWSTR;
  ServiceName: LPCWSTR; InstancePort: USHORT; cInstanceNames: USHORT;
  pInstanceNames: LPCWSTR; pInstancePorts: PUSHORT; var pcSpn: DWORD;
  var prpszSpn: LPWSTR): DWORD; stdcall;
{$EXTERNALSYM DsGetSpn}
{$ELSE}
function DsGetSpn(ServiceType: DS_SPN_NAME_TYPE; ServiceClass: LPCSTR;
  ServiceName: LPCSTR; InstancePort: USHORT; cInstanceNames: USHORT;
  pInstanceNames: LPCSTR; pInstancePorts: PUSHORT; var pcSpn: DWORD;
  var prpszSpn: LPSTR): DWORD; stdcall;
{$EXTERNALSYM DsGetSpn}
{$ENDIF}

// ==========================================================
// DsFreeSpnArray() -- Free array returned by DsGetSpn{A,W}

procedure DsFreeSpnArrayA(cSpn: DWORD; rpszSpn: LPSTR); stdcall;
{$EXTERNALSYM DsFreeSpnArrayA}
procedure DsFreeSpnArrayW(cSpn: DWORD; rpszSpn: LPWSTR); stdcall;
{$EXTERNALSYM DsFreeSpnArrayW}

{$IFDEF UNICODE}
procedure DsFreeSpnArray(cSpn: DWORD; rpszSpn: LPWSTR); stdcall;
{$EXTERNALSYM DsFreeSpnArray}
{$ELSE}
procedure DsFreeSpnArray(cSpn: DWORD; rpszSpn: LPSTR); stdcall;
{$EXTERNALSYM DsFreeSpnArray}
{$ENDIF}

// ==========================================================
// DsCrackSpn() -- parse an SPN into the ServiceClass,
// ServiceName, and InstanceName (and InstancePort) pieces.
// An SPN is passed in, along with a pointer to the maximum length
// for each piece and a pointer to a buffer where each piece should go.
// On exit, the maximum lengths are updated to the actual length for each piece
// and the buffer contain the appropriate piece. The InstancePort is 0 if not
// present.
//
// DWORD DsCrackSpn(
//      IN LPTSTR pszSPN,               // the SPN to parse
//      IN OUT PUSHORT pcServiceClass,  // input -- max length of ServiceClass;
//                                         output -- actual length
//      OUT LPCTSTR ServiceClass,       // the ServiceClass part of the SPN
//      IN OUT PUSHORT pcServiceName,   // input -- max length of ServiceName;
//                                         output -- actual length
//      OUT LPCTSTR ServiceName,        // the ServiceName part of the SPN
//      IN OUT PUSHORT pcInstance,      // input -- max length of ServiceClass;
//                                         output -- actual length