📄 jwantsecapi.pas
字号:
{******************************************************************************}
{ }
{ LSA API interface Unit for Object Pascal }
{ }
{ Portions created by Microsoft are Copyright (C) 1995-2001 Microsoft }
{ Corporation. All Rights Reserved. }
{ }
{ The original file is: ntsecapi.h, released June 2000. The original Pascal }
{ code is: NtSecApi.pas, released December 2000. The initial developer of the }
{ Pascal code is Marcel van Brakel (brakelm@chello.nl). }
{ }
{ Portions created by Marcel van Brakel are Copyright (C) 1999-2001 }
{ Marcel van Brakel. All Rights Reserved. }
{ }
{ Obtained through: Joint Endeavour of Delphi Innovators (Project JEDI) }
{ }
{ You may retrieve the latest version of this file at the Project JEDI home }
{ page, located at http://delphi-jedi.org or my personal homepage located at }
{ http://members.chello.nl/m.vanbrakel2 }
{ }
{ The contents of this file are used with permission, subject to the Mozilla }
{ Public License Version 1.1 (the "License"); you may not use this file except }
{ in compliance with the License. You may obtain a copy of the License at }
{ http://www.mozilla.org/MPL/MPL-1.1.html }
{ }
{ Software distributed under the License is distributed on an "AS IS" basis, }
{ WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for }
{ the specific language governing rights and limitations under the License. }
{ }
{ Alternatively, the contents of this file may be used under the terms of the }
{ GNU Lesser General Public License (the "LGPL License"), in which case the }
{ provisions of the LGPL License are applicable instead of those above. }
{ If you wish to allow use of your version of this file only under the terms }
{ of the LGPL License and not to allow others to use your version of this file }
{ under the MPL, indicate your decision by deleting the provisions above and }
{ replace them with the notice and other provisions required by the LGPL }
{ License. If you do not delete the provisions above, a recipient may use }
{ your version of this file under either the MPL or the LGPL License. }
{ }
{ For more information about the LGPL: http://www.gnu.org/copyleft/lesser.html }
{ }
{******************************************************************************}
unit JwaNtSecApi;
{$WEAKPACKAGEUNIT}
{$HPPEMIT ''}
{$HPPEMIT '#include "ntsecapi.h"'}
{$HPPEMIT ''}
{$I WINDEFINES.INC}
interface
uses
JwaWinType, JwaNtStatus, JwaWinNT;
//
// Security operation mode of the system is held in a control
// longword.
//
type
LSA_OPERATIONAL_MODE = ULONG;
{$EXTERNALSYM LSA_OPERATIONAL_MODE}
PLSA_OPERATIONAL_MODE = ^LSA_OPERATIONAL_MODE;
{$EXTERNALSYM PLSA_OPERATIONAL_MODE}
//
// The flags in the security operational mode are defined
// as:
//
// PasswordProtected - Some level of authentication (such as
// a password) must be provided by users before they are
// allowed to use the system. Once set, this value will
// not be cleared without re-booting the system.
//
// IndividualAccounts - Each user must identify an account to
// logon to. This flag is only meaningful if the
// PasswordProtected flag is also set. If this flag is
// not set and the PasswordProtected flag is set, then all
// users may logon to the same account. Once set, this value
// will not be cleared without re-booting the system.
//
// MandatoryAccess - Indicates the system is running in a mandatory
// access control mode (e.g., B-level as defined by the U.S.A's
// Department of Defense's "Orange Book"). This is not utilized
// in the current release of NT. This flag is only meaningful
// if both the PasswordProtected and IndividualAccounts flags are
// set. Once set, this value will not be cleared without
// re-booting the system.
//
// LogFull - Indicates the system has been brought up in a mode in
// which if must perform security auditing, but its audit log
// is full. This may (should) restrict the operations that
// can occur until the audit log is made not-full again. THIS
// VALUE MAY BE CLEARED WHILE THE SYSTEM IS RUNNING (I.E., WITHOUT
// REBOOTING).
//
// If the PasswordProtected flag is not set, then the system is running
// without security, and user interface should be adjusted appropriately.
//
const
LSA_MODE_PASSWORD_PROTECTED = ($00000001);
{$EXTERNALSYM LSA_MODE_PASSWORD_PROTECTED}
LSA_MODE_INDIVIDUAL_ACCOUNTS = ($00000002);
{$EXTERNALSYM LSA_MODE_INDIVIDUAL_ACCOUNTS}
LSA_MODE_MANDATORY_ACCESS = ($00000004);
{$EXTERNALSYM LSA_MODE_MANDATORY_ACCESS}
LSA_MODE_LOG_FULL = ($00000008);
{$EXTERNALSYM LSA_MODE_LOG_FULL}
//
// Used by a logon process to indicate what type of logon is being
// requested.
//
type
_SECURITY_LOGON_TYPE = (
seltFiller0, seltFiller1,
Interactive, // Interactively logged on (locally or remotely)
Network, // Accessing system via network
Batch, // Started via a batch queue
Service, // Service started by service controller
Proxy, // Proxy logon
Unlock, // Unlock workstation
NetworkCleartext, // Network logon with cleartext credentials
NewCredentials, // Clone caller, new default credentials
RemoteInteractive, // Remote, yet interactive. Terminal server
CachedInteractive, // Try cached credentials without hitting the net.
CachedRemoteInteractive); // Same as RemoteInteractive, this is used internally for auditing purpose
{$EXTERNALSYM _SECURITY_LOGON_TYPE}
SECURITY_LOGON_TYPE = _SECURITY_LOGON_TYPE;
{$EXTERNALSYM SECURITY_LOGON_TYPE}
PSECURITY_LOGON_TYPE = ^SECURITY_LOGON_TYPE;
{$EXTERNALSYM PSECURITY_LOGON_TYPE}
TSecurityLogonType = SECURITY_LOGON_TYPE;
PSecurityLogonType = PSECURITY_LOGON_TYPE;
//
// Audit Event Categories
//
// The following are the built-in types or Categories of audit event.
// WARNING! This structure is subject to expansion. The user should not
// compute the number of elements of this type directly, but instead
// should obtain the count of elements by calling LsaQueryInformationPolicy()
// for the PolicyAuditEventsInformation class and extracting the count from
// the MaximumAuditEventCount field of the returned structure.
//
_POLICY_AUDIT_EVENT_TYPE = (
AuditCategorySystem,
AuditCategoryLogon,
AuditCategoryObjectAccess,
AuditCategoryPrivilegeUse,
AuditCategoryDetailedTracking,
AuditCategoryPolicyChange,
AuditCategoryAccountManagement,
AuditCategoryDirectoryServiceAccess,
AuditCategoryAccountLogon);
{$EXTERNALSYM _POLICY_AUDIT_EVENT_TYPE}
POLICY_AUDIT_EVENT_TYPE = _POLICY_AUDIT_EVENT_TYPE;
{$EXTERNALSYM POLICY_AUDIT_EVENT_TYPE}
PPOLICY_AUDIT_EVENT_TYPE = ^POLICY_AUDIT_EVENT_TYPE;
{$EXTERNALSYM PPOLICY_AUDIT_EVENT_TYPE}
TPolicyAuditEventType = POLICY_AUDIT_EVENT_TYPE;
PPolicyAuditEventType = PPOLICY_AUDIT_EVENT_TYPE;
//
// The following defines describe the auditing options for each
// event type
//
const
// Leave options specified for this event unchanged
POLICY_AUDIT_EVENT_UNCHANGED = ($00000000);
{$EXTERNALSYM POLICY_AUDIT_EVENT_UNCHANGED}
// Audit successful occurrences of events of this type
POLICY_AUDIT_EVENT_SUCCESS = ($00000001);
{$EXTERNALSYM POLICY_AUDIT_EVENT_SUCCESS}
// Audit failed attempts to cause an event of this type to occur
POLICY_AUDIT_EVENT_FAILURE = ($00000002);
{$EXTERNALSYM POLICY_AUDIT_EVENT_FAILURE}
POLICY_AUDIT_EVENT_NONE = ($00000004);
{$EXTERNALSYM POLICY_AUDIT_EVENT_NONE}
// Mask of valid event auditing options
POLICY_AUDIT_EVENT_MASK = (POLICY_AUDIT_EVENT_SUCCESS or POLICY_AUDIT_EVENT_FAILURE or
POLICY_AUDIT_EVENT_UNCHANGED or POLICY_AUDIT_EVENT_NONE);
{$EXTERNALSYM POLICY_AUDIT_EVENT_MASK}
TPolicyAuditEventMask = POLICY_AUDIT_EVENT_MASK;
type
PLSA_UNICODE_STRING = ^LSA_UNICODE_STRING;
{$EXTERNALSYM PLSA_UNICODE_STRING}
_LSA_UNICODE_STRING = record
Length: USHORT;
MaximumLength: USHORT;
Buffer: PWSTR;
end;
{$EXTERNALSYM _LSA_UNICODE_STRING}
LSA_UNICODE_STRING = _LSA_UNICODE_STRING;
{$EXTERNALSYM LSA_UNICODE_STRING}
TLsaUnicodeString = LSA_UNICODE_STRING;
PLsaUnicodeString = PLSA_UNICODE_STRING;
PLSA_STRING = ^LSA_STRING;
{$EXTERNALSYM PLSA_STRING}
_LSA_STRING = record
Length: USHORT;
MaximumLength: USHORT;
Buffer: PCHAR;
end;
{$EXTERNALSYM _LSA_STRING}
LSA_STRING = _LSA_STRING;
{$EXTERNALSYM LSA_STRING}
TLsaString = LSA_STRING;
PLsaString = PLSA_STRING;
PLSA_OBJECT_ATTRIBUTES = ^LSA_OBJECT_ATTRIBUTES;
{$EXTERNALSYM PLSA_OBJECT_ATTRIBUTES}
_LSA_OBJECT_ATTRIBUTES = record
Length: ULONG;
RootDirectory: HANDLE;
ObjectName: PLSA_UNICODE_STRING;
Attributes: ULONG;
SecurityDescriptor: PVOID; // Points to type SECURITY_DESCRIPTOR
SecurityQualityOfService: PVOID; // Points to type SECURITY_QUALITY_OF_SERVICE
end;
{$EXTERNALSYM _LSA_OBJECT_ATTRIBUTES}
LSA_OBJECT_ATTRIBUTES = _LSA_OBJECT_ATTRIBUTES;
{$EXTERNALSYM LSA_OBJECT_ATTRIBUTES}
TLsaObjectAttributes = LSA_OBJECT_ATTRIBUTES;
PLsaObjectAttributes = PLSA_OBJECT_ATTRIBUTES;
//
// Macro for determining whether an API succeeded.
//
function LSA_SUCCESS(Error: NTSTATUS): BOOL;
{$EXTERNALSYM LSA_SUCCESS}
function LsaRegisterLogonProcess(const LogonProcessName: LSA_STRING;
var LsaHandle: HANDLE; SecurityMode: PLSA_OPERATIONAL_MODE): NTSTATUS; stdcall;
{$EXTERNALSYM LsaRegisterLogonProcess}
function LsaLogonUser(LsaHandle: HANDLE; const OriginName: LSA_STRING;
LogonType: SECURITY_LOGON_TYPE; AuthenticationPackage: ULONG;
AuthenticationInformation: PVOID; AuthenticationInformationLength: ULONG;
LocalGroups: PTOKEN_GROUPS; SourceContext: PTOKEN_SOURCE;
var ProfileBuffer: PVOID; var ProfileBufferLength: ULONG; var LogonId: LUID;
var Token: HANDLE; var Quotas: QUOTA_LIMITS; var SubStatus: NTSTATUS): NTSTATUS; stdcall;
{$EXTERNALSYM LsaLogonUser}
function LsaLookupAuthenticationPackage(LsaHandle: HANDLE;
const PackageName: LSA_STRING; var AuthenticationPackage: ULONG): NTSTATUS; stdcall;
{$EXTERNALSYM LsaLookupAuthenticationPackage}
function LsaFreeReturnBuffer(Buffer: PVOID): NTSTATUS; stdcall;
{$EXTERNALSYM LsaFreeReturnBuffer}
function LsaCallAuthenticationPackage(LsaHandle: HANDLE;
AuthenticationPackage: ULONG; ProtocolSubmitBuffer: PVOID;
SubmitBufferLength: ULONG; var ProtocolReturnBuffer: PVOID;
var ReturnBufferLength: ULONG; var ProtocolStatus: NTSTATUS): NTSTATUS; stdcall;
{$EXTERNALSYM LsaCallAuthenticationPackage}
function LsaDeregisterLogonProcess(LsaHandle: HANDLE): NTSTATUS; stdcall;
{$EXTERNALSYM LsaDeregisterLogonProcess}
function LsaConnectUntrusted(var LsaHandle: HANDLE): NTSTATUS; stdcall;
{$EXTERNALSYM LsaConnectUntrusted}
////////////////////////////////////////////////////////////////////////////
// //
// Local Security Policy Administration API datatypes and defines //
// //
////////////////////////////////////////////////////////////////////////////
//
// Access types for the Policy object
//
const
POLICY_VIEW_LOCAL_INFORMATION = $00000001;
{$EXTERNALSYM POLICY_VIEW_LOCAL_INFORMATION}
POLICY_VIEW_AUDIT_INFORMATION = $00000002;
{$EXTERNALSYM POLICY_VIEW_AUDIT_INFORMATION}
POLICY_GET_PRIVATE_INFORMATION = $00000004;
{$EXTERNALSYM POLICY_GET_PRIVATE_INFORMATION}
POLICY_TRUST_ADMIN = $00000008;
{$EXTERNALSYM POLICY_TRUST_ADMIN}
POLICY_CREATE_ACCOUNT = $00000010;
{$EXTERNALSYM POLICY_CREATE_ACCOUNT}
POLICY_CREATE_SECRET = $00000020;
{$EXTERNALSYM POLICY_CREATE_SECRET}
POLICY_CREATE_PRIVILEGE = $00000040;
{$EXTERNALSYM POLICY_CREATE_PRIVILEGE}
POLICY_SET_DEFAULT_QUOTA_LIMITS = $00000080;
{$EXTERNALSYM POLICY_SET_DEFAULT_QUOTA_LIMITS}
POLICY_SET_AUDIT_REQUIREMENTS = $00000100;
{$EXTERNALSYM POLICY_SET_AUDIT_REQUIREMENTS}
POLICY_AUDIT_LOG_ADMIN = $00000200;
{$EXTERNALSYM POLICY_AUDIT_LOG_ADMIN}
POLICY_SERVER_ADMIN = $00000400;
{$EXTERNALSYM POLICY_SERVER_ADMIN}
POLICY_LOOKUP_NAMES = $00000800;
{$EXTERNALSYM POLICY_LOOKUP_NAMES}
POLICY_NOTIFICATION = $00001000;
{$EXTERNALSYM POLICY_NOTIFICATION}
POLICY_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED or
POLICY_VIEW_LOCAL_INFORMATION or
POLICY_VIEW_AUDIT_INFORMATION or
POLICY_GET_PRIVATE_INFORMATION or
POLICY_TRUST_ADMIN or
POLICY_CREATE_ACCOUNT or
POLICY_CREATE_SECRET or
POLICY_CREATE_PRIVILEGE or
POLICY_SET_DEFAULT_QUOTA_LIMITS or
POLICY_SET_AUDIT_REQUIREMENTS or
POLICY_AUDIT_LOG_ADMIN or
POLICY_SERVER_ADMIN or
POLICY_LOOKUP_NAMES);
{$EXTERNALSYM POLICY_ALL_ACCESS}
POLICY_READ = (STANDARD_RIGHTS_READ or
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -