📄 jwawincred.pas
字号:
{******************************************************************************}
{ }
{ Credentials Manager API interface Unit for Object Pascal }
{ }
{ Portions created by Microsoft are Copyright (C) 1995-2001 Microsoft }
{ Corporation. All Rights Reserved. }
{ }
{ The original file is: wincred.h, released November 2001. The original Pascal }
{ code is: WinCred.pas, released March 2002. The initial developer of the }
{ Pascal code is Marcel van Brakel (brakelm@chello.nl). }
{ }
{ Portions created by Marcel van Brakel are Copyright (C) 1999-2001 }
{ Marcel van Brakel. All Rights Reserved. }
{ }
{ Obtained through: Joint Endeavour of Delphi Innovators (Project JEDI) }
{ }
{ You may retrieve the latest version of this file at the Project JEDI home }
{ page, located at http://delphi-jedi.org or my personal homepage located at }
{ http://members.chello.nl/m.vanbrakel2 }
{ }
{ The contents of this file are used with permission, subject to the Mozilla }
{ Public License Version 1.1 (the "License"); you may not use this file except }
{ in compliance with the License. You may obtain a copy of the License at }
{ http://www.mozilla.org/MPL/MPL-1.1.html }
{ }
{ Software distributed under the License is distributed on an "AS IS" basis, }
{ WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for }
{ the specific language governing rights and limitations under the License. }
{ }
{ Alternatively, the contents of this file may be used under the terms of the }
{ GNU Lesser General Public License (the "LGPL License"), in which case the }
{ provisions of the LGPL License are applicable instead of those above. }
{ If you wish to allow use of your version of this file only under the terms }
{ of the LGPL License and not to allow others to use your version of this file }
{ under the MPL, indicate your decision by deleting the provisions above and }
{ replace them with the notice and other provisions required by the LGPL }
{ License. If you do not delete the provisions above, a recipient may use }
{ your version of this file under either the MPL or the LGPL License. }
{ }
{ For more information about the LGPL: http://www.gnu.org/copyleft/lesser.html }
{ }
{******************************************************************************}
unit JwaWinCred;
{$WEAKPACKAGEUNIT}
{$HPPEMIT ''}
{$HPPEMIT '#include "wincred.h"'}
{$HPPEMIT ''}
{$I WINDEFINES.INC}
interface
uses
JwaLmCons, JwaWinBase, JwaWinError, JwaWinType, JwaNtSecApi;
type
PCtxtHandle = PSecHandle;
{$EXTERNALSYM PCtxtHandle}
//-----------------------------------------------------------------------------
// Macros
//-----------------------------------------------------------------------------
//
// Macro to determine whether CredUIPromptForCredentials should be called upon a failed
// authentication attempt.
//
// Implemented as a macro so that the caller can delay load credui.dll only if this
// macro returns TRUE.
//
// Include only status codes that imply the username/password are wrong or that the
// password is expired. In the former case, asking for a another username or password
// is appropriate. In the later case, we put up a different dialog asking the
// user to change the password on the server.
//
// Don't include status codes such as ERROR_ACCOUNT_DISABLED, ERROR_ACCOUNT_RESTRICTION,
// ERROR_ACCOUNT_LOCKED_OUT, ERROR_ACCOUNT_EXPIRED, ERROR_LOGON_TYPE_NOT_GRANTED.
// For those, the user isn't going to have another account so prompting him
// won't help.
//
// STATUS_DOWNGRADE_DETECTED is included to handle the case where a corporate laptop
// is brought to another LAN. A downgrade attack will indeed be detected,
// but we want to popup UI to allow the user to connect to resources in the
// other LAN.
//
// Don't use the CREDUIP_* macros directly. Their definition is private to credui.dll.
//
// Don't require ntstatus.h
const
STATUS_LOGON_FAILURE = NTSTATUS($C000006D); // ntsubauth
{$EXTERNALSYM STATUS_LOGON_FAILURE}
STATUS_WRONG_PASSWORD = NTSTATUS($C000006A); // ntsubauth
{$EXTERNALSYM STATUS_WRONG_PASSWORD}
STATUS_PASSWORD_EXPIRED = NTSTATUS($C0000071); // ntsubauth
{$EXTERNALSYM STATUS_PASSWORD_EXPIRED}
STATUS_PASSWORD_MUST_CHANGE = NTSTATUS($C0000224); // ntsubauth
{$EXTERNALSYM STATUS_PASSWORD_MUST_CHANGE}
STATUS_ACCESS_DENIED = NTSTATUS($C0000022);
{$EXTERNALSYM STATUS_ACCESS_DENIED}
STATUS_DOWNGRADE_DETECTED = NTSTATUS($C0000388);
{$EXTERNALSYM STATUS_DOWNGRADE_DETECTED}
STATUS_AUTHENTICATION_FIREWALL_FAILED = NTSTATUS($C0000413);
{$EXTERNALSYM STATUS_AUTHENTICATION_FIREWALL_FAILED}
STATUS_ACCOUNT_DISABLED = NTSTATUS($C0000072); // ntsubauth
{$EXTERNALSYM STATUS_ACCOUNT_DISABLED}
STATUS_ACCOUNT_RESTRICTION = NTSTATUS($C000006E); // ntsubauth
{$EXTERNALSYM STATUS_ACCOUNT_RESTRICTION}
STATUS_ACCOUNT_LOCKED_OUT = NTSTATUS($C0000234); // ntsubauth
{$EXTERNALSYM STATUS_ACCOUNT_LOCKED_OUT}
STATUS_ACCOUNT_EXPIRED = NTSTATUS($C0000193); // ntsubauth
{$EXTERNALSYM STATUS_ACCOUNT_EXPIRED}
STATUS_LOGON_TYPE_NOT_GRANTED = NTSTATUS($C000015B);
{$EXTERNALSYM STATUS_LOGON_TYPE_NOT_GRANTED}
// Don't require lmerr.h
NERR_BASE = 2100;
{$EXTERNALSYM NERR_BASE}
NERR_PasswordExpired = (NERR_BASE+142); // The password of this user has expired.
{$EXTERNALSYM NERR_PasswordExpired}
function CREDUIP_IS_USER_PASSWORD_ERROR(_Status: NTSTATUS): BOOL;
{$EXTERNALSYM CREDUIP_IS_USER_PASSWORD_ERROR}
function CREDUIP_IS_DOWNGRADE_ERROR(_Status: NTSTATUS): BOOL;
{$EXTERNALSYM CREDUIP_IS_DOWNGRADE_ERROR}
function CREDUIP_IS_EXPIRED_ERROR(_Status: NTSTATUS): BOOL;
{$EXTERNALSYM CREDUIP_IS_EXPIRED_ERROR}
function CREDUI_IS_AUTHENTICATION_ERROR(_Status: NTSTATUS): BOOL;
{$EXTERNALSYM CREDUI_IS_AUTHENTICATION_ERROR}
function CREDUI_NO_PROMPT_AUTHENTICATION_ERROR(_Status: NTSTATUS): BOOL;
{$EXTERNALSYM CREDUI_NO_PROMPT_AUTHENTICATION_ERROR}
//-----------------------------------------------------------------------------
// Structures
//-----------------------------------------------------------------------------
//
// Credential Attribute
//
const
// Maximum length of the various credential string fields (in characters)
CRED_MAX_STRING_LENGTH = 256;
{$EXTERNALSYM CRED_MAX_STRING_LENGTH}
// Maximum length of the UserName field. The worst case is <User>@<DnsDomain>
CRED_MAX_USERNAME_LENGTH = (256+1+256);
{$EXTERNALSYM CRED_MAX_USERNAME_LENGTH}
// Maximum length of the TargetName field for CRED_TYPE_GENERIC (in characters)
CRED_MAX_GENERIC_TARGET_NAME_LENGTH = 32767;
{$EXTERNALSYM CRED_MAX_GENERIC_TARGET_NAME_LENGTH}
// Maximum length of the TargetName field for CRED_TYPE_DOMAIN_* (in characters)
// Largest one is <DfsRoot>\<DfsShare>
CRED_MAX_DOMAIN_TARGET_NAME_LENGTH = (256+1+80);
{$EXTERNALSYM CRED_MAX_DOMAIN_TARGET_NAME_LENGTH}
// Maximum size of the Credential Attribute Value field (in bytes)
CRED_MAX_VALUE_SIZE = 256;
{$EXTERNALSYM CRED_MAX_VALUE_SIZE}
// Maximum number of attributes per credential
CRED_MAX_ATTRIBUTES = 64;
{$EXTERNALSYM CRED_MAX_ATTRIBUTES}
type
PCREDENTIAL_ATTRIBUTEA = ^CREDENTIAL_ATTRIBUTEA;
{$EXTERNALSYM PCREDENTIAL_ATTRIBUTEA}
_CREDENTIAL_ATTRIBUTEA = record
Keyword: LPSTR;
Flags: DWORD;
ValueSize: DWORD;
Value: LPBYTE;
end;
{$EXTERNALSYM _CREDENTIAL_ATTRIBUTEA}
CREDENTIAL_ATTRIBUTEA = _CREDENTIAL_ATTRIBUTEA;
{$EXTERNALSYM CREDENTIAL_ATTRIBUTEA}
TCredentialAttributeA = CREDENTIAL_ATTRIBUTEA;
PCredentialAttributeA = PCREDENTIAL_ATTRIBUTEA;
PCREDENTIAL_ATTRIBUTEW = ^CREDENTIAL_ATTRIBUTEW;
{$EXTERNALSYM PCREDENTIAL_ATTRIBUTEW}
_CREDENTIAL_ATTRIBUTEW = record
Keyword: LPWSTR;
Flags: DWORD;
ValueSize: DWORD;
Value: LPBYTE;
end;
{$EXTERNALSYM _CREDENTIAL_ATTRIBUTEW}
CREDENTIAL_ATTRIBUTEW = _CREDENTIAL_ATTRIBUTEW;
{$EXTERNALSYM CREDENTIAL_ATTRIBUTEW}
TCredentialAttributeW = CREDENTIAL_ATTRIBUTEW;
PCredentialAttributeW = PCREDENTIAL_ATTRIBUTEW;
{$IFDEF UNICODE}
CREDENTIAL_ATTRIBUTE = CREDENTIAL_ATTRIBUTEW;
{$EXTERNALSYM CREDENTIAL_ATTRIBUTE}
PCREDENTIAL_ATTRIBUTE = PCREDENTIAL_ATTRIBUTEW;
{$EXTERNALSYM PCREDENTIAL_ATTRIBUTE}
TCredentialAttribute = TCredentialAttributeW;
PCredentialAttribute = PCredentialAttributeW;
{$ELSE}
CREDENTIAL_ATTRIBUTE = CREDENTIAL_ATTRIBUTEA;
{$EXTERNALSYM CREDENTIAL_ATTRIBUTE}
PCREDENTIAL_ATTRIBUTE = PCREDENTIAL_ATTRIBUTEA;
{$EXTERNALSYM PCREDENTIAL_ATTRIBUTE}
TCredentialAttribute = TCredentialAttributeA;
PCredentialAttribute = PCredentialAttributeA;
{$ENDIF}
//
// Special values of the TargetName field
//
const
CRED_SESSION_WILDCARD_NAME_W = WideString('*Session');
{$EXTERNALSYM CRED_SESSION_WILDCARD_NAME_W}
CRED_SESSION_WILDCARD_NAME_A = '*Session';
{$EXTERNALSYM CRED_SESSION_WILDCARD_NAME_A}
CRED_SESSION_WILDCARD_NAME_LENGTH = SizeOf(CRED_SESSION_WILDCARD_NAME_A) - 1;
{$EXTERNALSYM CRED_SESSION_WILDCARD_NAME_LENGTH}
{$IFDEF UNICODE}
CRED_SESSION_WILDCARD_NAME = CRED_SESSION_WILDCARD_NAME_W;
{$EXTERNALSYM CRED_SESSION_WILDCARD_NAME}
{$ELSE}
CRED_SESSION_WILDCARD_NAME = CRED_SESSION_WILDCARD_NAME_A;
{$EXTERNALSYM CRED_SESSION_WILDCARD_NAME}
{$ENDIF}
//
// Values of the Credential Flags field.
//
const
CRED_FLAGS_PASSWORD_FOR_CERT = $0001;
{$EXTERNALSYM CRED_FLAGS_PASSWORD_FOR_CERT}
CRED_FLAGS_PROMPT_NOW = $0002;
{$EXTERNALSYM CRED_FLAGS_PROMPT_NOW}
CRED_FLAGS_USERNAME_TARGET = $0004;
{$EXTERNALSYM CRED_FLAGS_USERNAME_TARGET}
CRED_FLAGS_OWF_CRED_BLOB = $0008;
{$EXTERNALSYM CRED_FLAGS_OWF_CRED_BLOB}
CRED_FLAGS_VALID_FLAGS = $000F; // Mask of all valid flags
{$EXTERNALSYM CRED_FLAGS_VALID_FLAGS}
//
// Values of the Credential Type field.
//
CRED_TYPE_GENERIC = 1;
{$EXTERNALSYM CRED_TYPE_GENERIC}
CRED_TYPE_DOMAIN_PASSWORD = 2;
{$EXTERNALSYM CRED_TYPE_DOMAIN_PASSWORD}
CRED_TYPE_DOMAIN_CERTIFICATE = 3;
{$EXTERNALSYM CRED_TYPE_DOMAIN_CERTIFICATE}
CRED_TYPE_DOMAIN_VISIBLE_PASSWORD = 4;
{$EXTERNALSYM CRED_TYPE_DOMAIN_VISIBLE_PASSWORD}
CRED_TYPE_MAXIMUM = 5; // Maximum supported cred type
{$EXTERNALSYM CRED_TYPE_MAXIMUM}
CRED_TYPE_MAXIMUM_EX = (CRED_TYPE_MAXIMUM+1000); // Allow new applications to run on old OSes
{$EXTERNALSYM CRED_TYPE_MAXIMUM_EX}
//
// Maximum size of the CredBlob field (in bytes)
//
CRED_MAX_CREDENTIAL_BLOB_SIZE = 512;
{$EXTERNALSYM CRED_MAX_CREDENTIAL_BLOB_SIZE}
//
// Values of the Credential Persist field
//
CRED_PERSIST_NONE = 0;
{$EXTERNALSYM CRED_PERSIST_NONE}
CRED_PERSIST_SESSION = 1;
{$EXTERNALSYM CRED_PERSIST_SESSION}
CRED_PERSIST_LOCAL_MACHINE = 2;
{$EXTERNALSYM CRED_PERSIST_LOCAL_MACHINE}
CRED_PERSIST_ENTERPRISE = 3;
{$EXTERNALSYM CRED_PERSIST_ENTERPRISE}
//
// A credential
//
type
PCREDENTIALA = ^CREDENTIALA;
{$EXTERNALSYM PCREDENTIALA}
_CREDENTIALA = record
Flags: DWORD;
Type_: DWORD;
TargetName: LPSTR;
Comment: LPSTR;
LastWritten: FILETIME;
CredentialBlobSize: DWORD;
CredentialBlob: LPBYTE;
Persist: DWORD;
AttributeCount: DWORD;
Attributes: PCREDENTIAL_ATTRIBUTEA;
TargetAlias: LPSTR;
UserName: LPSTR;
end;
{$EXTERNALSYM _CREDENTIALA}
CREDENTIALA = _CREDENTIALA;
{$EXTERNALSYM CREDENTIALA}
TCredentialA = CREDENTIALA;
PCREDENTIALW = ^CREDENTIALW;
{$EXTERNALSYM PCREDENTIALW}
_CREDENTIALW = record
Flags: DWORD;
Type_: DWORD;
TargetName: LPWSTR;
Comment: LPWSTR;
LastWritten: FILETIME;
CredentialBlobSize: DWORD;
CredentialBlob: LPBYTE;
Persist: DWORD;
AttributeCount: DWORD;
Attributes: PCREDENTIAL_ATTRIBUTEW;
TargetAlias: LPWSTR;
UserName: LPWSTR;
end;
{$EXTERNALSYM _CREDENTIALW}
CREDENTIALW = _CREDENTIALW;
{$EXTERNALSYM CREDENTIALW}
TCredentialW = CREDENTIALW;
{$IFDEF UNICODE}
CREDENTIAL = CREDENTIALW;
{$EXTERNALSYM CREDENTIAL}
PCREDENTIAL = PCREDENTIALW;
{$EXTERNALSYM PCREDENTIAL}
TCredential = TCredentialW;
{$ELSE}
CREDENTIAL = CREDENTIALA;
{$EXTERNALSYM CREDENTIAL}
PCREDENTIAL = PCREDENTIALA;
{$EXTERNALSYM PCREDENTIAL}
TCredential = TCredentialA;
{$ENDIF}
//
// Value of the Flags field in CREDENTIAL_TARGET_INFORMATION
//
const
CRED_TI_SERVER_FORMAT_UNKNOWN = $0001; // Don't know if server name is DNS or netbios format
{$EXTERNALSYM CRED_TI_SERVER_FORMAT_UNKNOWN}
CRED_TI_DOMAIN_FORMAT_UNKNOWN = $0002; // Don't know if domain name is DNS or netbios format
{$EXTERNALSYM CRED_TI_DOMAIN_FORMAT_UNKNOWN}
CRED_TI_ONLY_PASSWORD_REQUIRED = $0004; // Server only requires a password and not a username
{$EXTERNALSYM CRED_TI_ONLY_PASSWORD_REQUIRED}
CRED_TI_USERNAME_TARGET = $0008; // TargetName is username
{$EXTERNALSYM CRED_TI_USERNAME_TARGET}
CRED_TI_CREATE_EXPLICIT_CRED = $0010; // When creating a cred, create one named TargetInfo->TargetName
{$EXTERNALSYM CRED_TI_CREATE_EXPLICIT_CRED}
CRED_TI_WORKGROUP_MEMBER = $0020; // Indicates the machine is a member of a workgroup
{$EXTERNALSYM CRED_TI_WORKGROUP_MEMBER}
CRED_TI_VALID_FLAGS = $003F;
{$EXTERNALSYM CRED_TI_VALID_FLAGS}
//
// A credential target
//
type
PCREDENTIAL_TARGET_INFORMATIONA = ^CREDENTIAL_TARGET_INFORMATIONA;
{$EXTERNALSYM PCREDENTIAL_TARGET_INFORMATIONA}
_CREDENTIAL_TARGET_INFORMATIONA = record
TargetName: LPSTR;
NetbiosServerName: LPSTR;
DnsServerName: LPSTR;
NetbiosDomainName: LPSTR;
DnsDomainName: LPSTR;
DnsTreeName: LPSTR;
PackageName: LPSTR;
Flags: ULONG;
CredTypeCount: DWORD;
CredTypes: LPDWORD;
end;
{$EXTERNALSYM _CREDENTIAL_TARGET_INFORMATIONA}
CREDENTIAL_TARGET_INFORMATIONA = _CREDENTIAL_TARGET_INFORMATIONA;
{$EXTERNALSYM CREDENTIAL_TARGET_INFORMATIONA}
TCredentialTargetInformationA = CREDENTIAL_TARGET_INFORMATIONA;
PCredentialTargetInformationA = PCREDENTIAL_TARGET_INFORMATIONA;
PCREDENTIAL_TARGET_INFORMATIONW = ^CREDENTIAL_TARGET_INFORMATIONW;
{$EXTERNALSYM PCREDENTIAL_TARGET_INFORMATIONW}
_CREDENTIAL_TARGET_INFORMATIONW = record
TargetName: LPWSTR;
NetbiosServerName: LPWSTR;
DnsServerName: LPWSTR;
NetbiosDomainName: LPWSTR;
DnsDomainName: LPWSTR;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -