jwantdsapi.pas

比较全面的win32api开发包

{$ELSE}
function DsMakeSpn(ServiceClass: LPCSTR; ServiceName: LPCSTR;
  InstanceName: LPCSTR; InstancePort: USHORT; Referrer: LPCSTR;
  var pcSpnLength: DWORD; pszSpn: LPSTR): DWORD; stdcall;
{$EXTERNALSYM DsMakeSpn}
{$ENDIF}

// ==========================================================
// DsGetSPN -- server's call to gets SPNs for a service name by which it is
// known to clients. N.B.: there may be more than one name by which clients
// know it the SPNs are then passed to DsAddAccountSpn to register them in
// the DS
//
//      IN SpnNameType eType,
//      IN LPCTSTR ServiceClass,
// kind of service -- "http", "ldap", "ftp", etc.
//      IN LPCTSTR ServiceName OPTIONAL,
// name of service -- DN or DNS; not needed for host-based
//      IN USHORT InstancePort,
// port number (0 => default) for instances
//      IN USHORT cInstanceNames,
// count of extra instance names and ports (0=>use gethostbyname)
//      IN LPCTSTR InstanceNames[] OPTIONAL,
// extra instance names (not used for host names)
//      IN USHORT InstancePorts[] OPTIONAL,
// extra instance ports (0 => default)
//      IN OUT PULONG pcSpn,    // count of SPNs
//      IN OUT LPTSTR * prpszSPN[]
// a bunch of SPNs for this service; free with DsFreeSpnArray

function DsGetSpnA(ServiceType: DS_SPN_NAME_TYPE; ServiceClass: LPCSTR;
  ServiceName: LPCSTR; InstancePort: USHORT; cInstanceNames: USHORT;
  pInstanceNames: LPCSTR; pInstancePorts: PUSHORT; var pcSpn: DWORD;
  var prpszSpn: LPSTR): DWORD; stdcall;
{$EXTERNALSYM DsGetSpnA}
function DsGetSpnW(ServiceType: DS_SPN_NAME_TYPE; ServiceClass: LPCWSTR;
  ServiceName: LPCWSTR; InstancePort: USHORT; cInstanceNames: USHORT;
  pInstanceNames: LPCWSTR; pInstancePorts: PUSHORT; var pcSpn: DWORD;
  var prpszSpn: LPWSTR): DWORD; stdcall;
{$EXTERNALSYM DsGetSpnW}

{$IFDEF UNICODE}
function DsGetSpn(ServiceType: DS_SPN_NAME_TYPE; ServiceClass: LPCWSTR;
  ServiceName: LPCWSTR; InstancePort: USHORT; cInstanceNames: USHORT;
  pInstanceNames: LPCWSTR; pInstancePorts: PUSHORT; var pcSpn: DWORD;
  var prpszSpn: LPWSTR): DWORD; stdcall;
{$EXTERNALSYM DsGetSpn}
{$ELSE}
function DsGetSpn(ServiceType: DS_SPN_NAME_TYPE; ServiceClass: LPCSTR;
  ServiceName: LPCSTR; InstancePort: USHORT; cInstanceNames: USHORT;
  pInstanceNames: LPCSTR; pInstancePorts: PUSHORT; var pcSpn: DWORD;
  var prpszSpn: LPSTR): DWORD; stdcall;
{$EXTERNALSYM DsGetSpn}
{$ENDIF}

// ==========================================================
// DsFreeSpnArray() -- Free array returned by DsGetSpn{A,W}

procedure DsFreeSpnArrayA(cSpn: DWORD; rpszSpn: LPSTR); stdcall;
{$EXTERNALSYM DsFreeSpnArrayA}
procedure DsFreeSpnArrayW(cSpn: DWORD; rpszSpn: LPWSTR); stdcall;
{$EXTERNALSYM DsFreeSpnArrayW}

{$IFDEF UNICODE}
procedure DsFreeSpnArray(cSpn: DWORD; rpszSpn: LPWSTR); stdcall;
{$EXTERNALSYM DsFreeSpnArray}
{$ELSE}
procedure DsFreeSpnArray(cSpn: DWORD; rpszSpn: LPSTR); stdcall;
{$EXTERNALSYM DsFreeSpnArray}
{$ENDIF}

// ==========================================================
// DsCrackSpn() -- parse an SPN into the ServiceClass,
// ServiceName, and InstanceName (and InstancePort) pieces.
// An SPN is passed in, along with a pointer to the maximum length
// for each piece and a pointer to a buffer where each piece should go.
// On exit, the maximum lengths are updated to the actual length for each piece
// and the buffer contain the appropriate piece. The InstancePort is 0 if not
// present.
//
// DWORD DsCrackSpn(
//      IN LPTSTR pszSPN,               // the SPN to parse
//      IN OUT PUSHORT pcServiceClass,  // input -- max length of ServiceClass;
//                                         output -- actual length
//      OUT LPCTSTR ServiceClass,       // the ServiceClass part of the SPN
//      IN OUT PUSHORT pcServiceName,   // input -- max length of ServiceName;
//                                         output -- actual length
//      OUT LPCTSTR ServiceName,        // the ServiceName part of the SPN
//      IN OUT PUSHORT pcInstance,      // input -- max length of ServiceClass;
//                                         output -- actual length
//      OUT LPCTSTR InstanceName,  // the InstanceName part of the SPN
//      OUT PUSHORT InstancePort          // instance port
//
// Note: lengths are in characters; all string lengths include terminators
// All arguments except pszSpn are optional.
//

function DsCrackSpnA(pszSpn: LPCSTR; pcServiceClass: LPDWORD; ServiceClass: LPSTR;
  pcServiceName: LPDWORD; ServiceName: LPSTR; pcInstanceName: LPDWORD;
  InstanceName: LPSTR; pInstancePort: PUSHORT): DWORD; stdcall;
{$EXTERNALSYM DsCrackSpnA}
function DsCrackSpnW(pszSpn: LPCWSTR; pcServiceClass: LPDWORD; ServiceClass: LPWSTR;
  pcServiceName: LPDWORD; ServiceName: LPWSTR; pcInstanceName: LPDWORD;
  InstanceName: LPWSTR; pInstancePort: PUSHORT): DWORD; stdcall;
{$EXTERNALSYM DsCrackSpnW}

{$IFDEF UNICODE}
function DsCrackSpn(pszSpn: LPCWSTR; pcServiceClass: LPDWORD; ServiceClass: LPWSTR;
  pcServiceName: LPDWORD; ServiceName: LPWSTR; pcInstanceName: LPDWORD;
  InstanceName: LPWSTR; pInstancePort: PUSHORT): DWORD; stdcall;
{$EXTERNALSYM DsCrackSpn}
{$ELSE}
function DsCrackSpn(pszSpn: LPCSTR; pcServiceClass: LPDWORD; ServiceClass: LPSTR;
  pcServiceName: LPDWORD; ServiceName: LPSTR; pcInstanceName: LPDWORD;
  InstanceName: LPSTR; pInstancePort: PUSHORT): DWORD; stdcall;
{$EXTERNALSYM DsCrackSpn}
{$ENDIF}


// ==========================================================
// DsWriteAccountSpn -- set or add SPNs for an account object
// Usually done by service itself, or perhaps by an admin.
//
// This call is RPC'd to the DC where the account object is stored, so it can
// securely enforce policy on what SPNs are allowed on the account. Direct LDAP
// writes to the SPN property are not allowed -- all writes must come through
// this RPC call. (Reads via // LDAP are OK.)
//
// The account object can be a machine accout, or a service (user) account.
//
// If called by the service to register itself, it can most easily get
// the names by calling DsGetSpn with each of the names that
// clients can use to find the service.
//
// IN SpnWriteOp eOp,                   // set, add
// IN LPCTSTR   pszAccount,             // DN of account to which to add SPN
// IN int       cSPN,                   // count of SPNs to add to account
// IN LPCTSTR   rpszSPN[]               // SPNs to add to altSecID property

function DsWriteAccountSpnA(hDS: HANDLE; Operation: DS_SPN_WRITE_OP;
  pszAccount: LPCSTR; cSpn: DWORD; rpszSpn: LPCSTR): DWORD; stdcall;
{$EXTERNALSYM DsWriteAccountSpnA}
function DsWriteAccountSpnW(hDS: HANDLE; Operation: DS_SPN_WRITE_OP;
  pszAccount: LPCWSTR; cSpn: DWORD; rpszSpn: LPCWSTR): DWORD; stdcall;
{$EXTERNALSYM DsWriteAccountSpnW}

{$IFDEF UNICODE}
function DsWriteAccountSpn(hDS: HANDLE; Operation: DS_SPN_WRITE_OP;
  pszAccount: LPCWSTR; cSpn: DWORD; rpszSpn: LPCWSTR): DWORD; stdcall;
{$EXTERNALSYM DsWriteAccountSpn}
{$ELSE}
function DsWriteAccountSpn(hDS: HANDLE; Operation: DS_SPN_WRITE_OP;
  pszAccount: LPCSTR; cSpn: DWORD; rpszSpn: LPCSTR): DWORD; stdcall;
{$EXTERNALSYM DsWriteAccountSpn}
{$ENDIF}

{++

Routine Description:

Constructs a Service Principal Name suitable to identify the desired server.
The service class and part of a dns hostname must be supplied.

This routine is a simplified wrapper to DsMakeSpn.
The ServiceName is made canonical by resolving through DNS.
Guid-based dns names are not supported.

The simplified SPN constructed looks like this:

ServiceClass / ServiceName / ServiceName

The instance name portion (2nd position) is always defaulted.  The port and
referrer fields are not used.

Arguments:

    ServiceClass - Class of service, defined by the service, can be any
        string unique to the service

    ServiceName - dns hostname, fully qualified or not
       Stringized IP address is also resolved if necessary

    pcSpnLength - IN, maximum length of buffer, in chars
                  OUT, space utilized, in chars, including terminator

    pszSpn - Buffer, atleast of length *pcSpnLength

Return Value:

    WINAPI - Win32 error code

--}

function DsClientMakeSpnForTargetServerA(ServiceClass: LPCSTR; ServiceName: LPCSTR;
  var pcSpnLength: DWORD; pszSpn: LPSTR): DWORD; stdcall;
{$EXTERNALSYM DsClientMakeSpnForTargetServerA}
function DsClientMakeSpnForTargetServerW(ServiceClass: LPCWSTR; ServiceName: LPCWSTR;
  var pcSpnLength: DWORD; pszSpn: LPWSTR): DWORD; stdcall;
{$EXTERNALSYM DsClientMakeSpnForTargetServerW}

{$IFDEF UNICODE}
function DsClientMakeSpnForTargetServer(ServiceClass: LPCWSTR; ServiceName: LPCWSTR;
  var pcSpnLength: DWORD; pszSpn: LPWSTR): DWORD; stdcall;
{$EXTERNALSYM DsClientMakeSpnForTargetServer}
{$ELSE}
function DsClientMakeSpnForTargetServer(ServiceClass: LPCSTR; ServiceName: LPCSTR;
  var pcSpnLength: DWORD; pszSpn: LPSTR): DWORD; stdcall;
{$EXTERNALSYM DsClientMakeSpnForTargetServer}
{$ENDIF}

{++
outine Description:

Register Service Principal Names for a server application.

This routine does the following:
1. Enumerates a list of server SPNs using DsGetSpn and the provided class
2. Determines the domain of the current user context
3. Determines the DN of the current user context if not supplied
4. Locates a domain controller
5. Binds to the domain controller
6. Uses DsWriteAccountSpn to write the SPNs on the named object DN
7. Unbinds

Construct server SPNs for this service, and write them to the right object.

If the userObjectDn is specified, the SPN is written to that object.

Otherwise the Dn is defaulted, to the user object, then computer.

Now, bind to the DS, and register the name on the object for the
user this service is running as.  So, if we're running as local
system, we'll register it on the computer object itself.  If we're
running as a domain user, we'll add the SPN to the user's object.

Arguments:

    Operation - What should be done with the values: add, replace or delete
    ServiceClass - Unique string identifying service
    UserObjectDN - Optional, dn of object to write SPN to

Return Value:

    WINAPI - Win32 error code

--}

function DsServerRegisterSpnA(Operation: DS_SPN_WRITE_OP; ServiceClass: LPCSTR;
  UserObjectDN: LPCSTR): DWORD; stdcall;
{$EXTERNALSYM DsServerRegisterSpnA}
function DsServerRegisterSpnW(Operation: DS_SPN_WRITE_OP; ServiceClass: LPCWSTR;
  UserObjectDN: LPCWSTR): DWORD; stdcall;
{$EXTERNALSYM DsServerRegisterSpnW}

{$IFDEF UNICODE}
function DsServerRegisterSpn(Operation: DS_SPN_WRITE_OP; ServiceClass: LPCWSTR;
  UserObjectDN: LPCWSTR): DWORD; stdcall;
{$EXTERNALSYM DsServerRegisterSpn}
{$ELSE}
function DsServerRegisterSpn(Operation: DS_SPN_WRITE_OP; ServiceClass: LPCSTR;
  UserObjectDN: LPCSTR): DWORD; stdcall;
{$EXTERNALSYM DsServerRegisterSpn}
{$ENDIF}

// DsReplicaSync.  The server that this call is executing on is called the
// destination.  The destination's naming context will be brought up to date
// with respect to a source system.  The source system is identified by the
// uuid.  The uuid is that of the source system's "NTDS Settings" object.
// The destination system must already be configured such that the source
// system is one of the systems from which it recieves replication data
// ("replication from"). This is usually done automatically by the KCC.
//
//  PARAMETERS:
//      pNC (DSNAME *)
//          Name of the NC to synchronize.
//      puuidSourceDRA (SZ)
//          objectGuid of DSA with which to synchronize the replica.
//      ulOptions (ULONG)
//          Bitwise OR of zero or more flags
//   RETURNS: WIN32 STATUS

function DsReplicaSyncA(hDS: HANDLE; NameContext: LPCSTR; pUuidDsaSrc: LPUUID;
  Options: ULONG): DWORD; stdcall;
{$EXTERNALSYM DsReplicaSyncA}
function DsReplicaSyncW(hDS: HANDLE; NameContext: LPCWSTR; pUuidDsaSrc: LPUUID;
  Options: ULONG): DWORD; stdcall;
{$EXTERNALSYM DsReplicaSyncW}

{$IFDEF UNICODE}
function DsReplicaSync(hDS: HANDLE; NameContext: LPCWSTR; pUuidDsaSrc: LPUUID;
  Options: ULONG): DWORD; stdcall;
{$EXTERNALSYM DsReplicaSync}
{$ELSE}
function DsReplicaSync(hDS: HANDLE; NameContext: LPCSTR; pUuidDsaSrc: LPUUID;
  Options: ULONG): DWORD; stdcall;
{$EXTERNALSYM DsReplicaSync}
{$ENDIF}

// DsReplicaAdd
//
{
Description:
   This call is executed on the destination.  It causes the destination to
   add a "replication from" reference to the indicated source system.

The source server is identified by string name, not uuid as with Sync.
The DsaSrcAddress parameter is the transport specific address of the source
DSA, usually its guid-based dns name.  The guid in the guid-based dns name is
the object-guid of that server's ntds-dsa (settings) object.

Arguments:

    pNC (IN) - NC for which to add the replica.

    pSourceDsaDN (IN) - DN of the source DSA's ntdsDsa object.  Required if
        ulOptions includes DS_REPADD_ASYNCHRONOUS_REPLICA; ignored otherwise.

    pTranspor