📄 ntsecapi.pas
字号:
function LsaLookupNames(PolicyHandle: LSA_HANDLE; Count: ULONG;
Names: PLSA_UNICODE_STRING; var ReferencedDomains: PLSA_REFERENCED_DOMAIN_LIST;
var Sids: PLSA_TRANSLATED_SID): NTSTATUS; stdcall;
{$EXTERNALSYM LsaLookupNames}
function LsaLookupSids(PolicyHandle: LSA_HANDLE; Count: ULONG; Sids: PPSID;
var ReferencedDomains: PLSA_REFERENCED_DOMAIN_LIST;
var Names: PLSA_TRANSLATED_NAME): NTSTATUS; stdcall;
{$EXTERNALSYM LsaLookupSids}
const
SE_INTERACTIVE_LOGON_NAME = 'SeInteractiveLogonRight';
{$EXTERNALSYM SE_INTERACTIVE_LOGON_NAME}
SE_NETWORK_LOGON_NAME = 'SeNetworkLogonRight';
{$EXTERNALSYM SE_NETWORK_LOGON_NAME}
SE_BATCH_LOGON_NAME = 'SeBatchLogonRight';
{$EXTERNALSYM SE_BATCH_LOGON_NAME}
SE_SERVICE_LOGON_NAME = 'SeServiceLogonRight';
{$EXTERNALSYM SE_SERVICE_LOGON_NAME}
SE_DENY_INTERACTIVE_LOGON_NAME = 'SeDenyInteractiveLogonRight';
{$EXTERNALSYM SE_DENY_INTERACTIVE_LOGON_NAME}
SE_DENY_NETWORK_LOGON_NAME = 'SeDenyNetworkLogonRight';
{$EXTERNALSYM SE_DENY_NETWORK_LOGON_NAME}
SE_DENY_BATCH_LOGON_NAME = 'SeDenyBatchLogonRight';
{$EXTERNALSYM SE_DENY_BATCH_LOGON_NAME}
SE_DENY_SERVICE_LOGON_NAME = 'SeDenyServiceLogonRight';
{$EXTERNALSYM SE_DENY_SERVICE_LOGON_NAME}
//
// This new API returns all the accounts with a certain privilege
//
function LsaEnumerateAccountsWithUserRight(PolicyHandle: LSA_HANDLE;
UserRights: PLSA_UNICODE_STRING; var EnumerationBuffer: PLSA_ENUMERATION_INFORMATION;
var CountReturned: ULONG): NTSTATUS; stdcall;
{$EXTERNALSYM LsaEnumerateAccountsWithUserRight}
//
// These new APIs differ by taking a SID instead of requiring the caller
// to open the account first and passing in an account handle
//
function LsaEnumerateAccountRights(PolicyHandle: LSA_HANDLE; AccountSid: PSID;
var UserRights: PLSA_UNICODE_STRING; var CountOfRights: ULONG): NTSTATUS; stdcall;
{$EXTERNALSYM LsaEnumerateAccountRights}
function LsaAddAccountRights(PolicyHandle: LSA_HANDLE; AccountSid: PSID;
UserRights: PLSA_UNICODE_STRING; CountOfRights: ULONG): NTSTATUS; stdcall;
{$EXTERNALSYM LsaAddAccountRights}
function LsaRemoveAccountRights(PolicyHandle: LSA_HANDLE; AccountSid: PSID;
AllRights: ByteBool; UserRights: PLSA_UNICODE_STRING; CountOfRights: ULONG): NTSTATUS; stdcall;
{$EXTERNALSYM LsaRemoveAccountRights}
///////////////////////////////////////////////////////////////////////////////
// //
// Local Security Policy - Trusted Domain Object API function prototypes //
// //
///////////////////////////////////////////////////////////////////////////////
function LsaOpenTrustedDomainByName(PolicyHandle: LSA_HANDLE;
const TrustedDomainName: LSA_UNICODE_STRING; DesiredAccess: ACCESS_MASK;
var TrustedDomainHandle: LSA_HANDLE): NTSTATUS; stdcall;
{$EXTERNALSYM LsaOpenTrustedDomainByName}
function LsaQueryTrustedDomainInfo(PolicyHandle: LSA_HANDLE; TrustedDomainSid: PSID;
InformationClass: TRUSTED_INFORMATION_CLASS; Buffer: PPVOID): NTSTATUS; stdcall;
{$EXTERNALSYM LsaQueryTrustedDomainInfo}
function LsaSetTrustedDomainInformation(PolicyHandle: LSA_HANDLE; TrustedDomainSid: PSID;
InformationClass: TRUSTED_INFORMATION_CLASS; Buffer: PVOID): NTSTATUS; stdcall;
{$EXTERNALSYM LsaSetTrustedDomainInformation}
function LsaDeleteTrustedDomain(PolicyHandle: LSA_HANDLE; TrustedDomainSid: PSID): NTSTATUS; stdcall;
{$EXTERNALSYM LsaDeleteTrustedDomain}
function LsaQueryTrustedDomainInfoByName(PolicyHandle: LSA_HANDLE;
const TrustedDomainName: LSA_UNICODE_STRING;
InformationClass: TRUSTED_INFORMATION_CLASS; Buffer: PPVOID): NTSTATUS; stdcall;
{$EXTERNALSYM LsaQueryTrustedDomainInfoByName}
function LsaSetTrustedDomainInfoByName(PolicyHandle: LSA_HANDLE;
const TrustedDomainName: LSA_UNICODE_STRING;
InformationClass: TRUSTED_INFORMATION_CLASS; Buffer: PVOID): NTSTATUS; stdcall;
{$EXTERNALSYM LsaSetTrustedDomainInfoByName}
function LsaEnumerateTrustedDomainsEx(PolicyHandle: LSA_HANDLE;
var EnumerationContext: LSA_ENUMERATION_HANDLE; Buffer: PPVOID;
PreferedMaximumLength: ULONG; var CountReturned: ULONG): NTSTATUS; stdcall;
{$EXTERNALSYM LsaEnumerateTrustedDomainsEx}
function LsaCreateTrustedDomainEx(PolicyHandle: LSA_HANDLE;
const TrustedDomainInformation: TRUSTED_DOMAIN_INFORMATION_EX;
const AuthenticationInformation: TRUSTED_DOMAIN_AUTH_INFORMATION;
DesiredAccess: ACCESS_MASK; var TrustedDomainHandle: LSA_HANDLE): NTSTATUS; stdcall;
{$EXTERNALSYM LsaCreateTrustedDomainEx}
//
// This API sets the workstation password (equivalent of setting/getting
// the SSI_SECRET_NAME secret)
//
function LsaStorePrivateData(PolicyHandle: LSA_HANDLE;
const KeyName: LSA_UNICODE_STRING; PrivateData: PLSA_UNICODE_STRING): NTSTATUS; stdcall;
{$EXTERNALSYM LsaStorePrivateData}
function LsaRetrievePrivateData(PolicyHandle: LSA_HANDLE;
const KeyName: LSA_UNICODE_STRING; var PrivateData: PLSA_UNICODE_STRING): NTSTATUS; stdcall;
{$EXTERNALSYM LsaRetrievePrivateData}
function LsaNtStatusToWinError(Status: NTSTATUS): ULONG; stdcall;
{$EXTERNALSYM LsaNtStatusToWinError}
(*#if 0
NTSTATUS
NTAPI
LsaLookupNamesEx(
IN LSA_HANDLE PolicyHandle,
IN ULONG Count,
IN PLSA_NAME_LOOKUP_EX Names,
OUT PLSA_TRANSLATED_SID_EX *TranslatedSids,
IN ULONG LookupOptions,
IN OUT PULONG MappedCount
);
NTSTATUS
NTAPI
LsaLookupSidsEx(
IN LSA_HANDLE PolicyHandle,
IN ULONG Count,
IN PLSA_SID_LOOKUP_EX Sids,
OUT PLSA_TRANSLATED_NAME_EX *TranslatedNames,
IN ULONG LookupOptions,
IN OUT PULONG MappedCount
);
#endif*)
//
// SPNEGO package stuff
//
type
NEGOTIATE_MESSAGES = (NegEnumPackagePrefixes, NegGetCallerName, NegCallPackageMax);
{$EXTERNALSYM NEGOTIATE_MESSAGES}
const
NEGOTIATE_MAX_PREFIX = 32;
{$EXTERNALSYM NEGOTIATE_MAX_PREFIX}
type
PNEGOTIATE_PACKAGE_PREFIX = ^NEGOTIATE_PACKAGE_PREFIX;
{$EXTERNALSYM PNEGOTIATE_PACKAGE_PREFIX}
_NEGOTIATE_PACKAGE_PREFIX = record
PackageId: ULONG_PTR;
PackageDataA: PVOID;
PackageDataW: PVOID;
PrefixLen: ULONG_PTR;
Prefix: array [0..NEGOTIATE_MAX_PREFIX - 1] of UCHAR;
end;
{$EXTERNALSYM _NEGOTIATE_PACKAGE_PREFIX}
NEGOTIATE_PACKAGE_PREFIX = _NEGOTIATE_PACKAGE_PREFIX;
{$EXTERNALSYM NEGOTIATE_PACKAGE_PREFIX}
TNegotiatePackagePrefix = NEGOTIATE_PACKAGE_PREFIX;
PNegotiatePackagePrefix = PNEGOTIATE_PACKAGE_PREFIX;
PNEGOTIATE_PACKAGE_PREFIXES = ^NEGOTIATE_PACKAGE_PREFIXES;
{$EXTERNALSYM PNEGOTIATE_PACKAGE_PREFIXES}
_NEGOTIATE_PACKAGE_PREFIXES = record
MessageType: ULONG;
PrefixCount: ULONG;
Offset: ULONG; // Offset to array of _PREFIX above
end;
{$EXTERNALSYM _NEGOTIATE_PACKAGE_PREFIXES}
NEGOTIATE_PACKAGE_PREFIXES = _NEGOTIATE_PACKAGE_PREFIXES;
{$EXTERNALSYM NEGOTIATE_PACKAGE_PREFIXES}
TNegotiatePackagePrefixes = NEGOTIATE_PACKAGE_PREFIXES;
PNegotiatePackagePrefixes = PNEGOTIATE_PACKAGE_PREFIXES;
PNEGOTIATE_CALLER_NAME_REQUEST = ^NEGOTIATE_CALLER_NAME_REQUEST;
{$EXTERNALSYM PNEGOTIATE_CALLER_NAME_REQUEST}
_NEGOTIATE_CALLER_NAME_REQUEST = record
MessageType: ULONG;
LogonId: LUID;
end;
{$EXTERNALSYM _NEGOTIATE_CALLER_NAME_REQUEST}
NEGOTIATE_CALLER_NAME_REQUEST = _NEGOTIATE_CALLER_NAME_REQUEST;
{$EXTERNALSYM NEGOTIATE_CALLER_NAME_REQUEST}
TNegotiateCallerNameRequest = NEGOTIATE_CALLER_NAME_REQUEST;
PNegotiateCallerNameRequest = PNEGOTIATE_CALLER_NAME_REQUEST;
PNEGOTIATE_CALLER_NAME_RESPONSE = ^NEGOTIATE_CALLER_NAME_RESPONSE;
{$EXTERNALSYM PNEGOTIATE_CALLER_NAME_RESPONSE}
_NEGOTIATE_CALLER_NAME_RESPONSE = record
MessageType: ULONG;
CallerName: PWSTR;
end;
{$EXTERNALSYM _NEGOTIATE_CALLER_NAME_RESPONSE}
NEGOTIATE_CALLER_NAME_RESPONSE = _NEGOTIATE_CALLER_NAME_RESPONSE;
{$EXTERNALSYM NEGOTIATE_CALLER_NAME_RESPONSE}
TNegotiateCallerNameResponse = NEGOTIATE_CALLER_NAME_RESPONSE;
PNegotiateCallerNameResponse = PNEGOTIATE_CALLER_NAME_RESPONSE;
const
NEGOTIATE_ALLOW_NTLM = $10000000;
{$EXTERNALSYM NEGOTIATE_ALLOW_NTLM}
NEGOTIATE_NEG_NTLM = $20000000;
{$EXTERNALSYM NEGOTIATE_NEG_NTLM}
type
PDOMAIN_PASSWORD_INFORMATION = ^DOMAIN_PASSWORD_INFORMATION;
{$EXTERNALSYM PDOMAIN_PASSWORD_INFORMATION}
_DOMAIN_PASSWORD_INFORMATION = record
MinPasswordLength: USHORT;
PasswordHistoryLength: USHORT;
PasswordProperties: ULONG;
MaxPasswordAge: LARGE_INTEGER;
MinPasswordAge: LARGE_INTEGER;
end;
{$EXTERNALSYM _DOMAIN_PASSWORD_INFORMATION}
DOMAIN_PASSWORD_INFORMATION = _DOMAIN_PASSWORD_INFORMATION;
{$EXTERNALSYM DOMAIN_PASSWORD_INFORMATION}
TDomainPasswordInformation = DOMAIN_PASSWORD_INFORMATION;
PDomainPasswordInformation = PDOMAIN_PASSWORD_INFORMATION;
PSAM_PASSWORD_NOTIFICATION_ROUTINE = function (UserName: PUNICODE_STRING;
RelativeId: ULONG; NewPassword: PUNICODE_STRING): NTSTATUS; stdcall;
{$EXTERNALSYM PSAM_PASSWORD_NOTIFICATION_ROUTINE}
TSamPasswordNotificationRoutine = PSAM_PASSWORD_NOTIFICATION_ROUTINE;
const
SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE = 'PasswordChangeNotify';
{$EXTERNALSYM SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE}
type
PSAM_INIT_NOTIFICATION_ROUTINE = function (): ByteBool; stdcall;
{$EXTERNALSYM PSAM_INIT_NOTIFICATION_ROUTINE}
TSamInitNotificationRoutine = PSAM_INIT_NOTIFICATION_ROUTINE;
const
SAM_INIT_NOTIFICATION_ROUTINE = 'InitializeChangeNotify';
{$EXTERNALSYM SAM_INIT_NOTIFICATION_ROUTINE}
SAM_PASSWORD_FILTER_ROUTINE = 'PasswordFilter';
{$EXTERNALSYM SAM_PASSWORD_FILTER_ROUTINE}
type
PSAM_PASSWORD_FILTER_ROUTINE = function (AccountName, FullName,
Password: PUNICODE_STRING; SetOperation: ByteBool): ByteBool; stdcall;
{$EXTERNALSYM PSAM_PASSWORD_FILTER_ROUTINE}
TSamPasswordFilterRoutine = PSAM_PASSWORD_FILTER_ROUTINE;
/////////////////////////////////////////////////////////////////////////
// //
// Name of the MSV1_0 authentication package //
// //
/////////////////////////////////////////////////////////////////////////
const
MSV1_0_PACKAGE_NAME = 'MICROSOFT_AUTHENTICATION_PACKAGE_V1_0';
{$EXTERNALSYM MSV1_0_PACKAGE_NAME}
MSV1_0_PACKAGE_NAMEW = WideString('MICROSOFT_AUTHENTICATION_PACKAGE_V1_0');
{$EXTERNALSYM MSV1_0_PACKAGE_NAMEW}
MSV1_0_PACKAGE_NAMEW_LENGTH = SizeOf(MSV1_0_PACKAGE_NAMEW) - SizeOf(WCHAR);
{$EXTERNALSYM MSV1_0_PACKAGE_NAMEW_LENGTH}
//
// Location of MSV authentication package data
//
MSV1_0_SUBAUTHENTICATION_KEY = 'SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0';
{$EXTERNALSYM MSV1_0_SUBAUTHENTICATION_KEY}
MSV1_0_SUBAUTHENTICATION_VALUE = 'Auth';
{$EXTERNALSYM MSV1_0_SUBAUTHENTICATION_VALUE}
/////////////////////////////////////////////////////////////////////////
// //
// Widely used MSV1_0 data types //
// //
/////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////
// //
// LOGON Related Data Structures
//
// //
///////////////////////////////////////////////////////////////////////////////
//
// When a LsaLogonUser() call is dispatched to the MsV1_0 authentication
// package, the beginning of the AuthenticationInformation buffer is
// cast to a MSV1_0_LOGON_SUBMIT_TYPE to determine the type of logon
// being requested. Similarly, upon return, the type of profile buffer
// can be determined by typecasting it to a MSV_1_0_PROFILE_BUFFER_TYPE.
//
//
// MSV1.0 LsaLogonUser() submission message types.
//
type
_MSV1_0_LOGON_SUBMIT_TYPE = (
mlstFiller0, mlstFiller1,
MsV1_0InteractiveLogon,
MsV1_0Lm20Logon,
MsV1_0NetworkLogon,
MsV1_0SubAuthLogon,
mlstFiller6,
MsV1_0WorkstationUnlockLogon);
{$EXTERNALSYM _MSV1_0_LOGON_SUBMIT_TYPE}
MSV1_0_LOGON_SUBMIT_TYPE = _MSV1_0_LOGON_SUBMIT_TYPE;
{$EXTERNALSYM MSV1_0_LOGON_SUBMIT_TYPE}
PMSV1_0_LOGON_SUBMIT_TYPE = ^MSV1_0_LOGON_SUBMIT_TYPE;
{$EXTERNALSYM PMSV1_0_LOGON_SUBMIT_TYPE}
TMsv1_0LogonSubmitType = MSV1_0_LOGON_SUBMIT_TYPE;
PMsv1_0LogonSubmitType = PMSV1_0_LOGON_SUBMIT_TYPE;
//
// MSV1.0 LsaLogonUser() profile buffer types.
//
_MSV1_0_PROFILE_BUFFER_TYPE = (
mpbtFiller0, mpbtFiller1,
MsV1_0InteractiveProfile,
MsV1_0Lm20LogonProfile,
MsV1_0SmartCardProfile);
{$EXTERNALSYM _MSV1_0_PROFILE_BUFFER_TYPE}
MSV1_0_PROFILE_BUFFER_TYPE = _MSV1_0_PROFILE_BUFFER_TYPE;
{$EXTERNALSYM MSV1_0_PROFILE_BUFFER_TYPE}
PMSV1_0_PROFILE_BUFFER_TYPE = ^MSV1_0_PROFILE_BUFFER_TYPE;
{$EXTERNALSYM PMSV1_0_PROFILE_BUFFER_TYPE}
TMsv1_0ProfileBufferType = MSV1_0_PROFILE_BUFFER_TYPE;
PMsv1_0ProfileBufferType = PMSV1_0_PROFILE_BUFFER_TYPE;
//
// MsV1_0InteractiveLogon
//
// The AuthenticationInformation buffer of an LsaLogonUser() call to
// perform an interactive logon contains the following data structure:
//
PMSV1_0_INTERACTIVE_LOGON = ^MSV1_0_INTERACTIVE_LOGON;
{$EXTERNALSYM PMSV1_0_INTERACTIVE_LOGON}
_MSV1_0_INTERACTIVE_LOGON = record
MessageType: MSV1_0_LOGON_SU⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -