jwantsecapi.pas

比较全面的win32api开发包

                               POLICY_VIEW_AUDIT_INFORMATION or
                               POLICY_GET_PRIVATE_INFORMATION);
  {$EXTERNALSYM POLICY_READ}

  POLICY_WRITE =              (STANDARD_RIGHTS_WRITE            or
                               POLICY_TRUST_ADMIN               or
                               POLICY_CREATE_ACCOUNT            or
                               POLICY_CREATE_SECRET             or
                               POLICY_CREATE_PRIVILEGE          or
                               POLICY_SET_DEFAULT_QUOTA_LIMITS  or
                               POLICY_SET_AUDIT_REQUIREMENTS    or
                               POLICY_AUDIT_LOG_ADMIN           or
                               POLICY_SERVER_ADMIN);
  {$EXTERNALSYM POLICY_WRITE}

  POLICY_EXECUTE =            (STANDARD_RIGHTS_EXECUTE          or
                               POLICY_VIEW_LOCAL_INFORMATION    or
                               POLICY_LOOKUP_NAMES);
  {$EXTERNALSYM POLICY_EXECUTE}

//
// Policy object specific data types.
//

//
// The following data type is used to identify a domain
//

type
  PLSA_TRUST_INFORMATION = ^LSA_TRUST_INFORMATION;
  {$EXTERNALSYM PLSA_TRUST_INFORMATION}
  _LSA_TRUST_INFORMATION = record
    Name: LSA_UNICODE_STRING;
    Sid: PSID;
  end;
  {$EXTERNALSYM _LSA_TRUST_INFORMATION}
  LSA_TRUST_INFORMATION = _LSA_TRUST_INFORMATION;
  {$EXTERNALSYM LSA_TRUST_INFORMATION}
  TLsaTrustInformation = LSA_TRUST_INFORMATION;
  PLsaTrustInformation = PLSA_TRUST_INFORMATION;

// where members have the following usage:
//
//     Name - The name of the domain.
//
//     Sid - A pointer to the Sid of the Domain
//

//
// The following data type is used in name and SID lookup services to
// describe the domains referenced in the lookup operation.
//

  PLSA_REFERENCED_DOMAIN_LIST = ^LSA_REFERENCED_DOMAIN_LIST;
  {$EXTERNALSYM PLSA_REFERENCED_DOMAIN_LIST}
  _LSA_REFERENCED_DOMAIN_LIST = record
    Entries: ULONG;
    Domains: PLSA_TRUST_INFORMATION;
  end;
  {$EXTERNALSYM _LSA_REFERENCED_DOMAIN_LIST}
  LSA_REFERENCED_DOMAIN_LIST = _LSA_REFERENCED_DOMAIN_LIST;
  {$EXTERNALSYM LSA_REFERENCED_DOMAIN_LIST}
  TLsaReferencedDomainList = LSA_REFERENCED_DOMAIN_LIST;
  PLsaReferencedDomainList = PLSA_REFERENCED_DOMAIN_LIST;

// where members have the following usage:
//
//     Entries - Is a count of the number of domains described in the
//         Domains array.
//
//     Domains - Is a pointer to an array of Entries LSA_TRUST_INFORMATION data
//         structures.
//


//
// The following data type is used in name to SID lookup services to describe
// the domains referenced in the lookup operation.
//

  PLSA_TRANSLATED_SID = ^LSA_TRANSLATED_SID;
  {$EXTERNALSYM PLSA_TRANSLATED_SID}
  _LSA_TRANSLATED_SID = record
    Use: SID_NAME_USE;
    RelativeId: ULONG;
    DomainIndex: LONG;
  end;
  {$EXTERNALSYM _LSA_TRANSLATED_SID}
  LSA_TRANSLATED_SID = _LSA_TRANSLATED_SID;
  {$EXTERNALSYM LSA_TRANSLATED_SID}
  TLsaTranslatedSid = LSA_TRANSLATED_SID;
  PLsaTranslatedSid = PLSA_TRANSLATED_SID;

// where members have the following usage:
//
//     Use - identifies the use of the SID.  If this value is SidUnknown or
//         SidInvalid, then the remainder of the record is not set and
//         should be ignored.
//
//     RelativeId - Contains the relative ID of the translated SID.  The
//         remainder of the SID (the prefix) is obtained using the
//         DomainIndex field.
//
//     DomainIndex - Is the index of an entry in a related
//         LSA_REFERENCED_DOMAIN_LIST data structure describing the
//         domain in which the account was found.
//
//         If there is no corresponding reference domain for an entry, then
//         this field will contain a negative value.
//

  _LSA_TRANSLATED_SID2 = record
    Use: SID_NAME_USE;
    Sid: PSID;
    DomainIndex: LONG;
    Flags: ULONG;
  end;
  {$EXTERNALSYM _LSA_TRANSLATED_SID2}
  LSA_TRANSLATED_SID2 = _LSA_TRANSLATED_SID2;
  {$EXTERNALSYM LSA_TRANSLATED_SID2}
  PLSA_TRANSLATED_SID2 = ^LSA_TRANSLATED_SID2;
  {$EXTERNALSYM PLSA_TRANSLATED_SID2}
  TLsaTranslatedSid2 = LSA_TRANSLATED_SID2;
  PLsaTranslatedSid2 = PLSA_TRANSLATED_SID2;  

// where members have the following usage:
//
//     Use - identifies the use of the SID.  If this value is SidUnknown or
//         SidInvalid, then the remainder of the record is not set and
//         should be ignored.
//
//     Sid - Contains the complete Sid of the tranlated SID
//
//     DomainIndex - Is the index of an entry in a related
//         LSA_REFERENCED_DOMAIN_LIST data structure describing the
//         domain in which the account was found.
//
//         If there is no corresponding reference domain for an entry, then
//         this field will contain a negative value.
//

//
// The following data type is used in SID to name lookup services to
// describe the domains referenced in the lookup operation.
//

  PLSA_TRANSLATED_NAME = ^LSA_TRANSLATED_NAME;
  {$EXTERNALSYM PLSA_TRANSLATED_NAME}
  _LSA_TRANSLATED_NAME = record
    Use: SID_NAME_USE;
    Name: LSA_UNICODE_STRING;
    DomainIndex: LONG;
  end;
  {$EXTERNALSYM _LSA_TRANSLATED_NAME}
  LSA_TRANSLATED_NAME = _LSA_TRANSLATED_NAME;
  {$EXTERNALSYM LSA_TRANSLATED_NAME}
  TLsaTranslatedName = LSA_TRANSLATED_NAME;
  PLsaTranslatedName = PLSA_TRANSLATED_NAME;

// where the members have the following usage:
//
//     Use - Identifies the use of the name.  If this value is SidUnknown
//         or SidInvalid, then the remainder of the record is not set and
//         should be ignored.  If this value is SidWellKnownGroup then the
//         Name field is invalid, but the DomainIndex field is not.
//
//     Name - Contains the isolated name of the translated SID.
//
//     DomainIndex - Is the index of an entry in a related
//         LSA_REFERENCED_DOMAIN_LIST data structure describing the domain
//         in which the account was found.
//
//         If there is no corresponding reference domain for an entry, then
//         this field will contain a negative value.
//


//
// The following data type is used to represent the role of the LSA
// server (primary or backup).
//

  _POLICY_LSA_SERVER_ROLE = (plsrFiller0, plsrFiller1, PolicyServerRoleBackup,
    PolicyServerRolePrimary);
  {$EXTERNALSYM _POLICY_LSA_SERVER_ROLE}
  POLICY_LSA_SERVER_ROLE = _POLICY_LSA_SERVER_ROLE;
  {$EXTERNALSYM POLICY_LSA_SERVER_ROLE}
  PPOLICY_LSA_SERVER_ROLE = ^POLICY_LSA_SERVER_ROLE;
  {$EXTERNALSYM PPOLICY_LSA_SERVER_ROLE}
  TPolicyLsaServerRole = POLICY_LSA_SERVER_ROLE;
  PPolicyLsaServerRole = PPOLICY_LSA_SERVER_ROLE;

//
// The following data type is used to specify the auditing options for
// an Audit Event Type.
//

  POLICY_AUDIT_EVENT_OPTIONS = ULONG;
  {$EXTERNALSYM POLICY_AUDIT_EVENT_OPTIONS}
  PPOLICY_AUDIT_EVENT_OPTIONS = POLICY_AUDIT_EVENT_OPTIONS;
  {$EXTERNALSYM PPOLICY_AUDIT_EVENT_OPTIONS}

// where the following flags can be set:
//
//     POLICY_AUDIT_EVENT_UNCHANGED - Leave existing auditing options
//         unchanged for events of this type.  This flag is only used for
//         set operations.  If this flag is set, then all other flags
//         are ignored.
//
//     POLICY_AUDIT_EVENT_NONE - Cancel all auditing options for events
//         of this type.  If this flag is set, the success/failure flags
//         are ignored.
//
//     POLICY_AUDIT_EVENT_SUCCESS - When auditing is enabled, audit all
//         successful occurrences of events of the given type.
//
//     POLICY_AUDIT_EVENT_FAILURE - When auditing is enabled, audit all
//         unsuccessful occurrences of events of the given type.
//

//
// The following data type defines the classes of Policy Information
// that may be queried/set.
//

type
  _POLICY_INFORMATION_CLASS = (
    picFiller0,
    PolicyAuditLogInformation,
    PolicyAuditEventsInformation,
    PolicyPrimaryDomainInformation,
    PolicyPdAccountInformation,
    PolicyAccountDomainInformation,
    PolicyLsaServerRoleInformation,
    PolicyReplicaSourceInformation,
    PolicyDefaultQuotaInformation,
    PolicyModificationInformation,
    PolicyAuditFullSetInformation,
    PolicyAuditFullQueryInformation,
    PolicyDnsDomainInformation,
    PolicyDnsDomainInformationInt);
  {$EXTERNALSYM _POLICY_INFORMATION_CLASS}
  POLICY_INFORMATION_CLASS = _POLICY_INFORMATION_CLASS;
  {$EXTERNALSYM POLICY_INFORMATION_CLASS}
  PPOLICY_INFORMATION_CLASS = ^POLICY_INFORMATION_CLASS;
  {$EXTERNALSYM PPOLICY_INFORMATION_CLASS}
  TPolicyInformationClass = POLICY_INFORMATION_CLASS;
  PPolicyInformationClass = PPOLICY_INFORMATION_CLASS;

//
// The following data type corresponds to the PolicyAuditLogInformation
// information class.  It is used to represent information relating to
// the Audit Log.
//
// This structure may be used in both query and set operations.  However,
// when used in set operations, some fields are ignored.
//

  PPOLICY_AUDIT_LOG_INFO = ^POLICY_AUDIT_LOG_INFO;
  {$EXTERNALSYM PPOLICY_AUDIT_LOG_INFO}
  _POLICY_AUDIT_LOG_INFO = record
    AuditLogPercentFull: ULONG;
    MaximumLogSize: ULONG;
    AuditRetentionPeriod: LARGE_INTEGER;
    AuditLogFullShutdownInProgress: ByteBool;
    TimeToShutdown: LARGE_INTEGER;
    NextAuditRecordId: ULONG;
  end;
  {$EXTERNALSYM _POLICY_AUDIT_LOG_INFO}
  POLICY_AUDIT_LOG_INFO = _POLICY_AUDIT_LOG_INFO;
  {$EXTERNALSYM POLICY_AUDIT_LOG_INFO}
  TPolicyAuditLogInfo = POLICY_AUDIT_LOG_INFO;
  PPolicyAuditLogInfo = PPOLICY_AUDIT_LOG_INFO;

// where the members have the following usage:
//
//     AuditLogPercentFull - Indicates the percentage of the Audit Log
//         currently being used.
//
//     MaximumLogSize - Specifies the maximum size of the Audit Log in
//         kilobytes.
//
//     AuditRetentionPeriod - Indicates the length of time that Audit
//         Records are to be retained.  Audit Records are discardable
//         if their timestamp predates the current time minus the
//         retention period.
//
//     AuditLogFullShutdownInProgress - Indicates whether or not a system
//         shutdown is being initiated due to the security Audit Log becoming
//         full.  This condition will only occur if the system is configured
//         to shutdown when the log becomes full.
//
//         TRUE indicates that a shutdown is in progress
//         FALSE indicates that a shutdown is not in progress.
//
//         Once a shutdown has been initiated, this flag will be set to
//         TRUE.  If an administrator is able to currect the situation
//         before the shutdown becomes irreversible, then this flag will
//         be reset to false.
//
//         This field is ignored for set operations.
//
//     TimeToShutdown - If the AuditLogFullShutdownInProgress flag is set,
//         then this field contains the time left before the shutdown
//         becomes irreversible.
//
//         This field is ignored for set operations.
//

//
// The following data type corresponds to the PolicyAuditEventsInformation
// information class.  It is used to represent information relating to
// the audit requirements.
//

  PPOLICY_AUDIT_EVENTS_INFO = ^POLICY_AUDIT_EVENTS_INFO;
  {$EXTERNALSYM PPOLICY_AUDIT_EVENTS_INFO}
  _POLICY_AUDIT_EVENTS_INFO = record
    AuditingMode: ByteBool;
    EventAuditingOptions: PPOLICY_AUDIT_EVENT_OPTIONS;
    MaximumAuditEventCount: ULONG;
  end;
  {$EXTERNALSYM _POLICY_AUDIT_EVENTS_INFO}
  POLICY_AUDIT_EVENTS_INFO = _POLICY_AUDIT_EVENTS_INFO;
  {$EXTERNALSYM POLICY_AUDIT_EVENTS_INFO}
  TPolicyAuditEventsInfo = POLICY_AUDIT_EVENTS_INFO;
  PPolicyAuditEventsInfo = PPOLICY_AUDIT_EVENTS_INFO;

// where the members have the following usage:
//
//     AuditingMode - A Boolean variable specifying the Auditing Mode value.
//         This value is interpreted as follows:
//
//         TRUE - Auditing is to be enabled (set operations) or is enabled
//             (query operations).  Audit Records will be generated according
//             to the Event Auditing Options in effect (see the
//             EventAuditingOptions field.