{ $Project$ $Workfile$ $Revision$ $DateUTC$ $Id$ This file is part of the Indy (Internet Direct) project, and is offered under the dual-licensing agreement described on the Indy website. (http://www.indyproject.org/) Copyright: (c) 1993-2005, Chad Z. Hower and the Indy Pit Crew. All rights reserved. } { $Log$ } { Rev 1.1 13.1.2004 17:26:00 DBondzhev Added Domain property Rev 1.0 11/13/2002 08:01:52 AM JPMugaas } { SSPI interface and objects Unit Copyright (c) 1999-2001, Eventree Systems Translator: Eventree Systems this unit contains translation of: Security.h, sspi.h, secext.h, rpcdce.h (some of) } unit IdSSPI; {$ALIGN ON} {$MINENUMSIZE 4} interface {$i IdCompilerDefines.inc} uses IdGlobal, Windows; type PPVOID = ^PVOID; {$NODEFINE PPVOID} PVOID = Pointer; {$NODEFINE PVOID} PUSHORT = ^USHORT; {$NODEFINE PUSHORT} USHORT = Word; {$NODEFINE USHORT} PUCHAR = ^UCHAR; {$NODEFINE PUCHAR} UCHAR = Byte; {$NODEFINE UCHAR} (*$HPPEMIT '//#define SECURITY_WIN32'*) (*$HPPEMIT '#include '*) //+----------------------------------------------------------------------- // // Microsoft Windows // // Copyright (c) Microsoft Corporation 1991-1999 // // File: Security.h // // Contents: Toplevel include file for security aware components // // // History: 06 Aug 92 RichardW Created // 23 Sep 92 PeterWi Add security object include files // //------------------------------------------------------------------------ // // These are name that can be used to refer to the builtin packages // const NTLMSP_NAME = 'NTLM'; {Do not Localize} {$EXTERNALSYM NTLMSP_NAME} MICROSOFT_KERBEROS_NAME = 'Kerberos'; {Do not Localize} {$EXTERNALSYM MICROSOFT_KERBEROS_NAME} NEGOSSP_NAME = 'Negotiate'; {Do not Localize} {$EXTERNALSYM NEGOSSP_NAME} //+--------------------------------------------------------------------------- // // Microsoft Windows // Copyright (C) Microsoft Corporation, 1992-1997. // // File: sspi.h // // Contents: Security Support Provider Interface // Prototypes and structure definitions // // Functions: Security Support Provider API // // History: 11-24-93 RichardW Created // //---------------------------------------------------------------------------- type PSEC_WCHAR = PWideChar; {$NODEFINE PSEC_WCHAR} SEC_WCHAR = WideChar; {$EXTERNALSYM SEC_WCHAR} PSEC_CHAR = PAnsiChar; {$NODEFINE PSEC_CHAR} SEC_CHAR = AnsiChar; {$EXTERNALSYM SEC_CHAR} PSECURITY_STATUS = ^SECURITY_STATUS; {$NODEFINE PSECURITY_STATUS} SECURITY_STATUS = Longint{LONG}; // LONG is not defined in Windows.pas prior to Delphi 8 {$EXTERNALSYM SECURITY_STATUS} // // Decide what a string - 32 bits only since for 16 bits it is clear. // type {$IFDEF SSPI_UNICODE} SECURITY_PSTR = ^SEC_WCHAR; {$ELSE} SECURITY_PSTR = ^SEC_CHAR; {$ENDIF} {$EXTERNALSYM SECURITY_PSTR} // // Okay, security specific types: // type PSecHandle = ^SecHandle; {$EXTERNALSYM PSecHandle} //Define ULONG_PTR as PtrUInt so we can use this unit in FreePascal. SecHandle = record dwLower: PtrUInt; // ULONG_PTR dwUpper: PtrUInt; // ULONG_PTR end; {$EXTERNALSYM SecHandle} CredHandle = SecHandle; {$EXTERNALSYM CredHandle} PCredHandle = PSecHandle; {$EXTERNALSYM PCredHandle} CtxtHandle = SecHandle; {$EXTERNALSYM CtxtHandle} PCtxtHandle = PSecHandle; {$EXTERNALSYM PCtxtHandle} PSECURITY_INTEGER = ^SECURITY_INTEGER; {$EXTERNALSYM PSECURITY_INTEGER} SECURITY_INTEGER = LARGE_INTEGER; {$EXTERNALSYM SECURITY_INTEGER} PTimeStamp = ^TimeStamp; {$EXTERNALSYM PTimeStamp} TimeStamp = SECURITY_INTEGER; {$EXTERNALSYM TimeStamp} procedure SecInvalidateHandle(var x: SecHandle); {$IFDEF USE_INLINE} inline; {$ENDIF} {$EXTERNALSYM SecInvalidateHandle} function SecIsValidHandle(x : SecHandle) : Boolean; {$IFDEF USE_INLINE} inline; {$ENDIF} {$EXTERNALSYM SecIsValidHandle} function SEC_SUCCESS(Status: SECURITY_STATUS): Boolean; {$IFDEF USE_INLINE} inline; {$ENDIF} {$EXTERNALSYM SEC_SUCCESS} type // // If we are in 32 bit mode, define the SECURITY_STRING structure, // as a clone of the base UNICODE_STRING structure. This is used // internally in security components, an as the string interface // for kernel components (e.g. FSPs) // PSECURITY_STRING = ^SECURITY_STRING; {$EXTERNALSYM PSECURITY_STRING} SECURITY_STRING = record Length: USHORT; MaximumLength: USHORT; Buffer: PUSHORT; end; {$EXTERNALSYM SECURITY_STRING} // // SecPkgInfo structure // // Provides general information about a security provider // type PPSecPkgInfoW = ^PSecPkgInfoW; {$NODEFINE PPSecPkgInfoW} PSecPkgInfoW = ^SecPkgInfoW; {$EXTERNALSYM PSecPkgInfoW} SecPkgInfoW = record fCapabilities: ULONG; // Capability bitmask wVersion: USHORT; // Version of driver wRPCID: USHORT; // ID for RPC Runtime cbMaxToken: ULONG; // Size of authentication token (max) Name: PSEC_WCHAR; // Text name Comment: PSEC_WCHAR; // Comment end; {$EXTERNALSYM SecPkgInfoW} PPSecPkgInfoA = ^PSecPkgInfoA; {$NODEFINE PPSecPkgInfoA} PSecPkgInfoA = ^SecPkgInfoA; {$EXTERNALSYM PSecPkgInfoA} SecPkgInfoA = record fCapabilities: ULONG; // Capability bitmask wVersion: USHORT; // Version of driver wRPCID: USHORT; // ID for RPC Runtime cbMaxToken: ULONG; // Size of authentication token (max) Name: PSEC_CHAR; // Text name Comment: PSEC_CHAR; // Comment end; {$EXTERNALSYM SecPkgInfoA} {$IFDEF SSPI_UNICODE} SecPkgInfo = SecPkgInfoW; PSecPkgInfo = PSecPkgInfoW; {$ELSE} SecPkgInfo = SecPkgInfoA; PSecPkgInfo = PSecPkgInfoA; {$ENDIF} {$EXTERNALSYM SecPkgInfo} {$EXTERNALSYM PSecPkgInfo} // // Security Package Capabilities // const SECPKG_FLAG_INTEGRITY = $00000001; // Supports integrity on messages {$EXTERNALSYM SECPKG_FLAG_INTEGRITY} SECPKG_FLAG_PRIVACY = $00000002; // Supports privacy (confidentiality) {$EXTERNALSYM SECPKG_FLAG_PRIVACY} SECPKG_FLAG_TOKEN_ONLY = $00000004; // Only security token needed {$EXTERNALSYM SECPKG_FLAG_TOKEN_ONLY} SECPKG_FLAG_DATAGRAM = $00000008; // Datagram RPC support {$EXTERNALSYM SECPKG_FLAG_DATAGRAM} SECPKG_FLAG_CONNECTION = $00000010; // Connection oriented RPC support {$EXTERNALSYM SECPKG_FLAG_CONNECTION} SECPKG_FLAG_MULTI_REQUIRED = $00000020; // Full 3-leg required for re-auth. {$EXTERNALSYM SECPKG_FLAG_MULTI_REQUIRED} SECPKG_FLAG_CLIENT_ONLY = $00000040; // Server side functionality not available {$EXTERNALSYM SECPKG_FLAG_CLIENT_ONLY} SECPKG_FLAG_EXTENDED_ERROR = $00000080; // Supports extended error msgs {$EXTERNALSYM SECPKG_FLAG_EXTENDED_ERROR} SECPKG_FLAG_IMPERSONATION = $00000100; // Supports impersonation {$EXTERNALSYM SECPKG_FLAG_IMPERSONATION} SECPKG_FLAG_ACCEPT_WIN32_NAME = $00000200; // Accepts Win32 names {$EXTERNALSYM SECPKG_FLAG_ACCEPT_WIN32_NAME} SECPKG_FLAG_STREAM = $00000400; // Supports stream semantics {$EXTERNALSYM SECPKG_FLAG_STREAM} SECPKG_FLAG_NEGOTIABLE = $00000800; // Can be used by the negotiate package {$EXTERNALSYM SECPKG_FLAG_NEGOTIABLE} SECPKG_FLAG_GSS_COMPATIBLE = $00001000; // GSS Compatibility Available {$EXTERNALSYM SECPKG_FLAG_GSS_COMPATIBLE} SECPKG_FLAG_LOGON = $00002000; // Supports common LsaLogonUser {$EXTERNALSYM SECPKG_FLAG_LOGON} SECPKG_FLAG_ASCII_BUFFERS = $00004000; // Token Buffers are in ASCII {$EXTERNALSYM SECPKG_FLAG_ASCII_BUFFERS} SECPKG_FLAG_FRAGMENT = $00008000; // Package can fragment to fit {$EXTERNALSYM SECPKG_FLAG_FRAGMENT} SECPKG_FLAG_MUTUAL_AUTH = $00010000; // Package can perform mutual authentication {$EXTERNALSYM SECPKG_FLAG_MUTUAL_AUTH} SECPKG_FLAG_DELEGATION = $00020000; // Package can delegate {$EXTERNALSYM SECPKG_FLAG_DELEGATION} SECPKG_FLAG_READONLY_WITH_CHECKSUM = $00040000; // Package can delegate {$EXTERNALSYM SECPKG_FLAG_READONLY_WITH_CHECKSUM} SECPKG_FLAG_RESTRICTED_TOKENS = $00080000; // Package supports restricted callers {$EXTERNALSYM SECPKG_FLAG_RESTRICTED_TOKENS} SECPKG_FLAG_NEGO_EXTENDER = $00100000; // this package extends SPNEGO, there is at most one {$EXTERNALSYM SECPKG_FLAG_NEGO_EXTENDER} SECPKG_FLAG_NEGOTIABLE2 = $00200000; // this package is negotiated under the NegoExtender {$EXTERNALSYM SECPKG_FLAG_NEGOTIABLE2} SECPKG_ID_NONE = $FFFF; {$EXTERNALSYM SECPKG_ID_NONE} // // SecBuffer // // Generic memory descriptors for buffers passed in to the security // API // type PSecBuffer = ^SecBuffer; {$EXTERNALSYM PSecBuffer} SecBuffer = record cbBuffer: ULONG; // Size of the buffer, in bytes BufferType: ULONG; // Type of the buffer (below) pvBuffer: PVOID; // Pointer to the buffer end; {$EXTERNALSYM SecBuffer} PSecBufferDesc = ^SecBufferDesc; {$EXTERNALSYM PSecBufferDesc} SecBufferDesc = record ulVersion: ULONG; // Version number cBuffers: ULONG; // Number of buffers pBuffers: PSecBuffer; // Pointer to array of buffers end; {$EXTERNALSYM SecBufferDesc} const SECBUFFER_VERSION = 0; {$EXTERNALSYM SECBUFFER_VERSION} SECBUFFER_EMPTY = 0; // Undefined, replaced by provider {$EXTERNALSYM SECBUFFER_EMPTY} SECBUFFER_DATA = 1; // Packet data {$EXTERNALSYM SECBUFFER_DATA} SECBUFFER_TOKEN = 2; // Security token {$EXTERNALSYM SECBUFFER_TOKEN} SECBUFFER_PKG_PARAMS = 3; // Package specific parameters {$EXTERNALSYM SECBUFFER_PKG_PARAMS} SECBUFFER_MISSING = 4; // Missing Data indicator {$EXTERNALSYM SECBUFFER_MISSING} SECBUFFER_EXTRA = 5; // Extra data {$EXTERNALSYM SECBUFFER_EXTRA} SECBUFFER_STREAM_TRAILER = 6; // Security Trailer {$EXTERNALSYM SECBUFFER_STREAM_TRAILER} SECBUFFER_STREAM_HEADER = 7; // Security Header {$EXTERNALSYM SECBUFFER_STREAM_HEADER} SECBUFFER_NEGOTIATION_INFO = 8; // Hints from the negotiation pkg {$EXTERNALSYM SECBUFFER_NEGOTIATION_INFO} SECBUFFER_PADDING = 9; // non-data padding {$EXTERNALSYM SECBUFFER_PADDING} SECBUFFER_STREAM = 10; // whole encrypted message {$EXTERNALSYM SECBUFFER_STREAM} SECBUFFER_MECHLIST = 11; {$EXTERNALSYM SECBUFFER_MECHLIST} SECBUFFER_MECHLIST_SIGNATURE = 12; {$EXTERNALSYM SECBUFFER_MECHLIST_SIGNATURE} SECBUFFER_TARGET = 13; // obsolete {$EXTERNALSYM SECBUFFER_TARGET} SECBUFFER_CHANNEL_BINDINGS = 14; {$EXTERNALSYM SECBUFFER_CHANNEL_BINDINGS} SECBUFFER_CHANGE_PASS_RESPONSE = 15; {$EXTERNALSYM SECBUFFER_CHANGE_PASS_RESPONSE} SECBUFFER_TARGET_HOST = 16; {$EXTERNALSYM SECBUFFER_TARGET_HOST} SECBUFFER_ALERT = 17; {$EXTERNALSYM SECBUFFER_ALERT} SECBUFFER_ATTRMASK = $F0000000; {$EXTERNALSYM SECBUFFER_ATTRMASK} SECBUFFER_READONLY = $80000000; // Buffer is read-only {$EXTERNALSYM SECBUFFER_READONLY} SECBUFFER_READONLY_WITH_CHECKSUM = $10000000; // Buffer is read-only, and checksummed; {$EXTERNALSYM SECBUFFER_READONLY_WITH_CHECKSUM} SECBUFFER_RESERVED = $40000000; {$EXTERNALSYM SECBUFFER_RESERVED} type PSEC_NEGOTIATION_INFO = ^SEC_NEGOTIATION_INFO; {$EXTERNALSYM PSEC_NEGOTIATION_INFO} SEC_NEGOTIATION_INFO = record Size: ULONG; // Size of this structure NameLength: ULONG; // Length of name hint Name: PSEC_WCHAR; // Name hint Reserved: PVOID; // Reserved end; {$EXTERNALSYM SEC_NEGOTIATION_INFO} PSEC_CHANNEL_BINDINGS = ^SEC_CHANNEL_BINDINGS; {$EXTERNALSYM PSEC_CHANNEL_BINDINGS} SEC_CHANNEL_BINDINGS = record dwInitiatorAddrType: ULONG; cbInitiatorLength: ULONG; dwInitiatorOffset: ULONG; dwAcceptorAddrType: ULONG; cbAcceptorLength: ULONG; dwAcceptorOffset: ULONG; cbApplicationDataLength: ULONG; dwApplicationDataOffset: ULONG; end; {$EXTERNALSYM SEC_CHANNEL_BINDINGS} // // Data Representation Constant: // const SECURITY_NATIVE_DREP = $00000010; {$EXTERNALSYM SECURITY_NATIVE_DREP} SECURITY_NETWORK_DREP = $00000000; {$EXTERNALSYM SECURITY_NETWORK_DREP} // // Credential Use Flags // const SECPKG_CRED_INBOUND = $00000001; {$EXTERNALSYM SECPKG_CRED_INBOUND} SECPKG_CRED_OUTBOUND = $00000002; {$EXTERNALSYM SECPKG_CRED_OUTBOUND} SECPKG_CRED_BOTH = $00000003; {$EXTERNALSYM SECPKG_CRED_BOTH} SECPKG_CRED_DEFAULT = $00000004; {$EXTERNALSYM SECPKG_CRED_DEFAULT} SECPKG_CRED_RESERVED = $F0000000; {$EXTERNALSYM SECPKG_CRED_RESERVED} // // SSP SHOULD prompt the user for credentials/consent, independent // of whether credentials to be used are the 'logged on' credentials // or retrieved from credman. // // An SSP may choose not to prompt, however, in circumstances determined // by the SSP. // SECPKG_CRED_AUTOLOGON_RESTRICTED = $00000010; {$EXTERNALSYM SECPKG_CRED_AUTOLOGON_RESTRICTED} // // auth will always fail, ISC() is called to process policy data only // SECPKG_CRED_PROCESS_POLICY_ONLY = $00000020; {$EXTERNALSYM SECPKG_CRED_PROCESS_POLICY_ONLY} const // // InitializeSecurityContext Requirement and return flags: // ISC_REQ_DELEGATE = $00000001; {$EXTERNALSYM ISC_REQ_DELEGATE} ISC_REQ_MUTUAL_AUTH = $00000002; {$EXTERNALSYM ISC_REQ_MUTUAL_AUTH} ISC_REQ_REPLAY_DETECT = $00000004; {$EXTERNALSYM ISC_REQ_REPLAY_DETECT} ISC_REQ_SEQUENCE_DETECT = $00000008; {$EXTERNALSYM ISC_REQ_SEQUENCE_DETECT} ISC_REQ_CONFIDENTIALITY = $00000010; {$EXTERNALSYM ISC_REQ_CONFIDENTIALITY} ISC_REQ_USE_SESSION_KEY = $00000020; {$EXTERNALSYM ISC_REQ_USE_SESSION_KEY} ISC_REQ_PROMPT_FOR_CREDS = $00000040; {$EXTERNALSYM ISC_REQ_PROMPT_FOR_CREDS} ISC_REQ_USE_SUPPLIED_CREDS = $00000080; {$EXTERNALSYM ISC_REQ_USE_SUPPLIED_CREDS} ISC_REQ_ALLOCATE_MEMORY = $00000100; {$EXTERNALSYM ISC_REQ_ALLOCATE_MEMORY} ISC_REQ_USE_DCE_STYLE = $00000200; {$EXTERNALSYM ISC_REQ_USE_DCE_STYLE} ISC_REQ_DATAGRAM = $00000400; {$EXTERNALSYM ISC_REQ_DATAGRAM} ISC_REQ_CONNECTION = $00000800; {$EXTERNALSYM ISC_REQ_CONNECTION} ISC_REQ_CALL_LEVEL = $00001000; {$EXTERNALSYM ISC_REQ_CALL_LEVEL} ISC_REQ_FRAGMENT_SUPPLIED = $00002000; {$EXTERNALSYM ISC_REQ_FRAGMENT_SUPPLIED} ISC_REQ_EXTENDED_ERROR = $00004000; {$EXTERNALSYM ISC_REQ_EXTENDED_ERROR} ISC_REQ_STREAM = $00008000; {$EXTERNALSYM ISC_REQ_STREAM} ISC_REQ_INTEGRITY = $00010000; {$EXTERNALSYM ISC_REQ_INTEGRITY} ISC_REQ_IDENTIFY = $00020000; {$EXTERNALSYM ISC_REQ_IDENTIFY} ISC_REQ_NULL_SESSION = $00040000; {$EXTERNALSYM ISC_REQ_NULL_SESSION} ISC_REQ_MANUAL_CRED_VALIDATION = $00080000; {$EXTERNALSYM ISC_REQ_MANUAL_CRED_VALIDATION} ISC_REQ_RESERVED1 = $00100000; {$EXTERNALSYM ISC_REQ_RESERVED1} ISC_REQ_FRAGMENT_TO_FIT = $00200000; {$EXTERNALSYM ISC_REQ_FRAGMENT_TO_FIT} // This exists only in Windows Vista and greater ISC_REQ_FORWARD_CREDENTIALS = $00400000; {$EXTERNALSYM ISC_REQ_FORWARD_CREDENTIALS} ISC_REQ_NO_INTEGRITY = $00800000; // honored only by SPNEGO {$EXTERNALSYM ISC_REQ_NO_INTEGRITY} ISC_REQ_USE_HTTP_STYLE = $01000000; {$EXTERNALSYM ISC_REQ_USE_HTTP_STYLE} ISC_RET_DELEGATE = $00000001; {$EXTERNALSYM ISC_RET_DELEGATE} ISC_RET_MUTUAL_AUTH = $00000002; {$EXTERNALSYM ISC_RET_MUTUAL_AUTH} ISC_RET_REPLAY_DETECT = $00000004; {$EXTERNALSYM ISC_RET_REPLAY_DETECT} ISC_RET_SEQUENCE_DETECT = $00000008; {$EXTERNALSYM ISC_RET_SEQUENCE_DETECT} ISC_RET_CONFIDENTIALITY = $00000010; {$EXTERNALSYM ISC_RET_CONFIDENTIALITY} ISC_RET_USE_SESSION_KEY = $00000020; {$EXTERNALSYM ISC_RET_USE_SESSION_KEY} ISC_RET_USED_COLLECTED_CREDS = $00000040; {$EXTERNALSYM ISC_RET_USED_COLLECTED_CREDS} ISC_RET_USED_SUPPLIED_CREDS = $00000080; {$EXTERNALSYM ISC_RET_USED_SUPPLIED_CREDS} ISC_RET_ALLOCATED_MEMORY = $00000100; {$EXTERNALSYM ISC_RET_ALLOCATED_MEMORY} ISC_RET_USED_DCE_STYLE = $00000200; {$EXTERNALSYM ISC_RET_USED_DCE_STYLE} ISC_RET_DATAGRAM = $00000400; {$EXTERNALSYM ISC_RET_DATAGRAM} ISC_RET_CONNECTION = $00000800; {$EXTERNALSYM ISC_RET_CONNECTION} ISC_RET_INTERMEDIATE_RETURN = $00001000; {$EXTERNALSYM ISC_RET_INTERMEDIATE_RETURN} ISC_RET_CALL_LEVEL = $00002000; {$EXTERNALSYM ISC_RET_CALL_LEVEL} ISC_RET_EXTENDED_ERROR = $00004000; {$EXTERNALSYM ISC_RET_EXTENDED_ERROR} ISC_RET_STREAM = $00008000; {$EXTERNALSYM ISC_RET_STREAM} ISC_RET_INTEGRITY = $00010000; {$EXTERNALSYM ISC_RET_INTEGRITY} ISC_RET_IDENTIFY = $00020000; {$EXTERNALSYM ISC_RET_IDENTIFY} ISC_RET_NULL_SESSION = $00040000; {$EXTERNALSYM ISC_RET_NULL_SESSION} ISC_RET_MANUAL_CRED_VALIDATION = $00080000; {$EXTERNALSYM ISC_RET_MANUAL_CRED_VALIDATION} ISC_RET_RESERVED1 = $00100000; {$EXTERNALSYM ISC_RET_RESERVED1} ISC_RET_FRAGMENT_ONLY = $00200000; {$EXTERNALSYM ISC_RET_FRAGMENT_ONLY} // This exists only in Windows Vista and greater ISC_RET_FORWARD_CREDENTIALS = $00400000; {$EXTERNALSYM ISC_RET_FORWARD_CREDENTIALS} ISC_RET_USED_HTTP_STYLE = $01000000; {$EXTERNALSYM ISC_RET_USED_HTTP_STYLE} ISC_RET_NO_ADDITIONAL_TOKEN = $02000000; // *INTERNAL* {$EXTERNALSYM ISC_RET_NO_ADDITIONAL_TOKEN} ISC_RET_REAUTHENTICATION = $08000000; // *INTERNAL* {$EXTERNALSYM ISC_RET_REAUTHENTICATION} ASC_REQ_DELEGATE = $00000001; {$EXTERNALSYM ASC_REQ_DELEGATE} ASC_REQ_MUTUAL_AUTH = $00000002; {$EXTERNALSYM ASC_REQ_MUTUAL_AUTH} ASC_REQ_REPLAY_DETECT = $00000004; {$EXTERNALSYM ASC_REQ_REPLAY_DETECT} ASC_REQ_SEQUENCE_DETECT = $00000008; {$EXTERNALSYM ASC_REQ_SEQUENCE_DETECT} ASC_REQ_CONFIDENTIALITY = $00000010; {$EXTERNALSYM ASC_REQ_CONFIDENTIALITY} ASC_REQ_USE_SESSION_KEY = $00000020; {$EXTERNALSYM ASC_REQ_USE_SESSION_KEY} ASC_REQ_ALLOCATE_MEMORY = $00000100; {$EXTERNALSYM ASC_REQ_ALLOCATE_MEMORY} ASC_REQ_USE_DCE_STYLE = $00000200; {$EXTERNALSYM ASC_REQ_USE_DCE_STYLE} ASC_REQ_DATAGRAM = $00000400; {$EXTERNALSYM ASC_REQ_DATAGRAM} ASC_REQ_CONNECTION = $00000800; {$EXTERNALSYM ASC_REQ_CONNECTION} ASC_REQ_CALL_LEVEL = $00001000; {$EXTERNALSYM ASC_REQ_CALL_LEVEL} ASC_REQ_EXTENDED_ERROR = $00008000; {$EXTERNALSYM ASC_REQ_EXTENDED_ERROR} ASC_REQ_STREAM = $00010000; {$EXTERNALSYM ASC_REQ_STREAM} ASC_REQ_INTEGRITY = $00020000; {$EXTERNALSYM ASC_REQ_INTEGRITY} ASC_REQ_LICENSING = $00040000; {$EXTERNALSYM ASC_REQ_LICENSING} ASC_REQ_IDENTIFY = $00080000; {$EXTERNALSYM ASC_REQ_IDENTIFY} ASC_REQ_ALLOW_NULL_SESSION = $00100000; {$EXTERNALSYM ASC_REQ_ALLOW_NULL_SESSION} ASC_REQ_ALLOW_NON_USER_LOGONS = $00200000; {$EXTERNALSYM ASC_REQ_ALLOW_NON_USER_LOGONS} ASC_REQ_ALLOW_CONTEXT_REPLAY = $00400000; {$EXTERNALSYM ASC_REQ_ALLOW_CONTEXT_REPLAY} ASC_REQ_FRAGMENT_TO_FIT = $00800000; {$EXTERNALSYM ASC_REQ_FRAGMENT_TO_FIT} ASC_REQ_FRAGMENT_SUPPLIED = $00002000; {$EXTERNALSYM ASC_REQ_FRAGMENT_SUPPLIED} ASC_REQ_NO_TOKEN = $01000000; {$EXTERNALSYM ASC_REQ_NO_TOKEN} ASC_REQ_PROXY_BINDINGS = $04000000; {$EXTERNALSYM ASC_REQ_PROXY_BINDINGS} // SSP_RET_REAUTHENTICATION = $08000000; // *INTERNAL* {.$EXTERNALSYM SSP_RET_REAUTHENTICATION} ASC_REQ_ALLOW_MISSING_BINDINGS = $10000000; {$EXTERNALSYM ASC_REQ_ALLOW_MISSING_BINDINGS} ASC_RET_DELEGATE = $00000001; {$EXTERNALSYM ASC_RET_DELEGATE} ASC_RET_MUTUAL_AUTH = $00000002; {$EXTERNALSYM ASC_RET_MUTUAL_AUTH} ASC_RET_REPLAY_DETECT = $00000004; {$EXTERNALSYM ASC_RET_REPLAY_DETECT} ASC_RET_SEQUENCE_DETECT = $00000008; {$EXTERNALSYM ASC_RET_SEQUENCE_DETECT} ASC_RET_CONFIDENTIALITY = $00000010; {$EXTERNALSYM ASC_RET_CONFIDENTIALITY} ASC_RET_USE_SESSION_KEY = $00000020; {$EXTERNALSYM ASC_RET_USE_SESSION_KEY} ASC_RET_ALLOCATED_MEMORY = $00000100; {$EXTERNALSYM ASC_RET_ALLOCATED_MEMORY} ASC_RET_USED_DCE_STYLE = $00000200; {$EXTERNALSYM ASC_RET_USED_DCE_STYLE} ASC_RET_DATAGRAM = $00000400; {$EXTERNALSYM ASC_RET_DATAGRAM} ASC_RET_CONNECTION = $00000800; {$EXTERNALSYM ASC_RET_CONNECTION} ASC_RET_CALL_LEVEL = $00002000; // skipped 1000 to be like ISC_ {$EXTERNALSYM ASC_RET_CALL_LEVEL} ASC_RET_THIRD_LEG_FAILED = $00004000; {$EXTERNALSYM ASC_RET_THIRD_LEG_FAILED} ASC_RET_EXTENDED_ERROR = $00008000; {$EXTERNALSYM ASC_RET_EXTENDED_ERROR} ASC_RET_STREAM = $00010000; {$EXTERNALSYM ASC_RET_STREAM} ASC_RET_INTEGRITY = $00020000; {$EXTERNALSYM ASC_RET_INTEGRITY} ASC_RET_LICENSING = $00040000; {$EXTERNALSYM ASC_RET_LICENSING} ASC_RET_IDENTIFY = $00080000; {$EXTERNALSYM ASC_RET_IDENTIFY} ASC_RET_NULL_SESSION = $00100000; {$EXTERNALSYM ASC_RET_NULL_SESSION} ASC_RET_ALLOW_NON_USER_LOGONS = $00200000; {$EXTERNALSYM ASC_RET_ALLOW_NON_USER_LOGONS} ASC_RET_ALLOW_CONTEXT_REPLAY = $00400000; {$EXTERNALSYM ASC_RET_ALLOW_CONTEXT_REPLAY} ASC_RET_FRAGMENT_ONLY = $00800000; {$EXTERNALSYM ASC_RET_FRAGMENT_ONLY} ASC_RET_NO_TOKEN = $01000000; {$EXTERNALSYM ASC_RET_NO_TOKEN} ASC_RET_NO_ADDITIONAL_TOKEN = $02000000; // *INTERNAL* {$EXTERNALSYM ASC_RET_NO_ADDITIONAL_TOKEN} ASC_RET_NO_PROXY_BINDINGS = $04000000; {$EXTERNALSYM ASC_RET_NO_PROXY_BINDINGS} // SSP_RET_REAUTHENTICATION = $08000000; // *INTERNAL* {.$EXTERNALSYM SSP_RET_REAUTHENTICATION} ASC_RET_MISSING_BINDINGS = $10000000; {$EXTERNALSYM ASC_RET_MISSING_BINDINGS} // // Security Credentials Attributes: // const SECPKG_CRED_ATTR_NAMES = 1; {$EXTERNALSYM SECPKG_CRED_ATTR_NAMES} SECPKG_CRED_ATTR_SSI_PROVIDER = 2; {$EXTERNALSYM SECPKG_CRED_ATTR_SSI_PROVIDER} type PSecPkgCredentials_NamesW = ^SecPkgCredentials_NamesW; {$EXTERNALSYM PSecPkgCredentials_NamesW} SecPkgCredentials_NamesW = record sUserName: PSEC_WCHAR; end; {$EXTERNALSYM SecPkgCredentials_NamesW} PSecPkgCredentials_NamesA = ^SecPkgCredentials_NamesA; {$EXTERNALSYM PSecPkgCredentials_NamesA} SecPkgCredentials_NamesA = record sUserName: PSEC_CHAR; end; {$EXTERNALSYM SecPkgCredentials_NamesA} {$IFDEF SSPI_UNICODE} SecPkgCredentials_Names = SecPkgCredentials_NamesW; PSecPkgCredentials_Names = PSecPkgCredentials_NamesW; {$ELSE} SecPkgCredentials_Names = SecPkgCredentials_NamesA; PSecPkgCredentials_Names = PSecPkgCredentials_NamesA; {$ENDIF} {$EXTERNALSYM SecPkgCredentials_Names} {$EXTERNALSYM PSecPkgCredentials_Names} PSecPkgCredentials_SSIProviderW = ^SecPkgCredentials_SSIProviderW; {$EXTERNALSYM PSecPkgCredentials_SSIProviderW} SecPkgCredentials_SSIProviderW = record sProviderName: PSEC_WCHAR; ProviderInfoLength: ULONG; ProviderInfo: PAnsiChar; end; {$EXTERNALSYM SecPkgCredentials_SSIProviderW} PSecPkgCredentials_SSIProviderA = ^SecPkgCredentials_SSIProviderA; {$EXTERNALSYM PSecPkgCredentials_SSIProviderA} SecPkgCredentials_SSIProviderA = record sProviderName: PSEC_CHAR; ProviderInfoLength: ULONG; ProviderInfo: PAnsiChar; end; {$EXTERNALSYM SecPkgCredentials_SSIProviderA} {$IFDEF SSPI_UNICODE} SecPkgCredentials_SSIProvider = SecPkgCredentials_SSIProviderW; PSecPkgCredentials_SSIProvider = PSecPkgCredentials_SSIProviderW; {$ELSE} SecPkgCredentials_SSIProvider = SecPkgCredentials_SSIProviderA; PSecPkgCredentials_SSIProvider = PSecPkgCredentials_SSIProviderA; {$ENDIF} {$EXTERNALSYM SecPkgCredentials_SSIProvider} {$EXTERNALSYM PSecPkgCredentials_SSIProvider} // // Security Context Attributes: // const SECPKG_ATTR_SIZES = 0; {$EXTERNALSYM SECPKG_ATTR_SIZES} SECPKG_ATTR_NAMES = 1; {$EXTERNALSYM SECPKG_ATTR_NAMES} SECPKG_ATTR_LIFESPAN = 2; {$EXTERNALSYM SECPKG_ATTR_LIFESPAN} SECPKG_ATTR_DCE_INFO = 3; {$EXTERNALSYM SECPKG_ATTR_DCE_INFO} SECPKG_ATTR_STREAM_SIZES = 4; {$EXTERNALSYM SECPKG_ATTR_STREAM_SIZES} SECPKG_ATTR_KEY_INFO = 5; {$EXTERNALSYM SECPKG_ATTR_KEY_INFO} SECPKG_ATTR_AUTHORITY = 6; {$EXTERNALSYM SECPKG_ATTR_AUTHORITY} SECPKG_ATTR_PROTO_INFO = 7; {$EXTERNALSYM SECPKG_ATTR_PROTO_INFO} SECPKG_ATTR_PASSWORD_EXPIRY = 8; {$EXTERNALSYM SECPKG_ATTR_PASSWORD_EXPIRY} SECPKG_ATTR_SESSION_KEY = 9; {$EXTERNALSYM SECPKG_ATTR_SESSION_KEY} SECPKG_ATTR_PACKAGE_INFO = 10; {$EXTERNALSYM SECPKG_ATTR_PACKAGE_INFO} SECPKG_ATTR_USER_FLAGS = 11; {$EXTERNALSYM SECPKG_ATTR_USER_FLAGS} SECPKG_ATTR_NEGOTIATION_INFO = 12; {$EXTERNALSYM SECPKG_ATTR_NEGOTIATION_INFO} SECPKG_ATTR_NATIVE_NAMES = 13; {$EXTERNALSYM SECPKG_ATTR_NATIVE_NAMES} SECPKG_ATTR_FLAGS = 14; {$EXTERNALSYM SECPKG_ATTR_FLAGS} // These attributes exist only in Win XP and greater SECPKG_ATTR_USE_VALIDATED = 15; {$EXTERNALSYM SECPKG_ATTR_USE_VALIDATED} SECPKG_ATTR_CREDENTIAL_NAME = 16; {$EXTERNALSYM SECPKG_ATTR_CREDENTIAL_NAME} SECPKG_ATTR_TARGET_INFORMATION = 17; {$EXTERNALSYM SECPKG_ATTR_TARGET_INFORMATION} SECPKG_ATTR_ACCESS_TOKEN = 18; {$EXTERNALSYM SECPKG_ATTR_ACCESS_TOKEN} // These attributes exist only in Win2K3 and greater SECPKG_ATTR_TARGET = 19; {$EXTERNALSYM SECPKG_ATTR_TARGET} SECPKG_ATTR_AUTHENTICATION_ID = 20; {$EXTERNALSYM SECPKG_ATTR_AUTHENTICATION_ID} // These attributes exist only in Win2K3SP1 and greater SECPKG_ATTR_LOGOFF_TIME = 21; {$EXTERNALSYM SECPKG_ATTR_LOGOFF_TIME} // // win7 or greater // SECPKG_ATTR_NEGO_KEYS = 22; {$EXTERNALSYM SECPKG_ATTR_NEGO_KEYS} SECPKG_ATTR_PROMPTING_NEEDED = 24; {$EXTERNALSYM SECPKG_ATTR_PROMPTING_NEEDED} SECPKG_ATTR_UNIQUE_BINDINGS = 25; {$EXTERNALSYM SECPKG_ATTR_UNIQUE_BINDINGS} SECPKG_ATTR_ENDPOINT_BINDINGS = 26; {$EXTERNALSYM SECPKG_ATTR_ENDPOINT_BINDINGS} SECPKG_ATTR_CLIENT_SPECIFIED_TARGET = 27; {$EXTERNALSYM SECPKG_ATTR_CLIENT_SPECIFIED_TARGET} SECPKG_ATTR_LAST_CLIENT_TOKEN_STATUS = 30; {$EXTERNALSYM SECPKG_ATTR_LAST_CLIENT_TOKEN_STATUS} SECPKG_ATTR_NEGO_PKG_INFO = 31; // contains nego info of packages {$EXTERNALSYM SECPKG_ATTR_NEGO_PKG_INFO} SECPKG_ATTR_NEGO_STATUS = 32; // contains the last error {$EXTERNALSYM SECPKG_ATTR_NEGO_STATUS} SECPKG_ATTR_CONTEXT_DELETED = 33; // a context has been deleted {$EXTERNALSYM SECPKG_ATTR_CONTEXT_DELETED} SECPKG_ATTR_SUBJECT_SECURITY_ATTRIBUTES = 128; {$EXTERNALSYM SECPKG_ATTR_SUBJECT_SECURITY_ATTRIBUTES} type PSecPkgContext_SubjectAttributes = ^SecPkgContext_SubjectAttributes; {$EXTERNALSYM PSecPkgContext_SubjectAttributes} SecPkgContext_SubjectAttributes = record AttributeInfo: PVOID; // contains a PAUTHZ_SECURITY_ATTRIBUTES_INFORMATION structure end; {$EXTERNALSYM SecPkgContext_SubjectAttributes} const SECPKG_ATTR_NEGO_INFO_FLAG_NO_KERBEROS = $1; {$EXTERNALSYM SECPKG_ATTR_NEGO_INFO_FLAG_NO_KERBEROS} SECPKG_ATTR_NEGO_INFO_FLAG_NO_NTLM = $2; {$EXTERNALSYM SECPKG_ATTR_NEGO_INFO_FLAG_NO_NTLM} type // // types of credentials, used by SECPKG_ATTR_PROMPTING_NEEDED // PSECPKG_CRED_CLASS = ^SECPKG_CRED_CLASS; {$EXTERNALSYM PSECPKG_CRED_CLASS} SECPKG_CRED_CLASS = ULONG; {$EXTERNALSYM SECPKG_CRED_CLASS} const SecPkgCredClass_None = 0; // no creds {$EXTERNALSYM SecPkgCredClass_None} SecPkgCredClass_Ephemeral = 10; // logon creds {$EXTERNALSYM SecPkgCredClass_Ephemeral} SecPkgCredClass_PersistedGeneric = 20; // saved creds, not target specific {$EXTERNALSYM SecPkgCredClass_PersistedGeneric} SecPkgCredClass_PersistedSpecific = 30; // saved creds, target specific {$EXTERNALSYM SecPkgCredClass_PersistedSpecific} SecPkgCredClass_Explicit = 40; // explicitly supplied creds {$EXTERNALSYM SecPkgCredClass_Explicit} type PSecPkgContext_CredInfo = ^SecPkgContext_CredInfo; {$EXTERNALSYM PSecPkgContext_CredInfo} SecPkgContext_CredInfo = record CredClass: SECPKG_CRED_CLASS; IsPromptingNeeded: ULONG; end; {$EXTERNALSYM SecPkgContext_CredInfo} PSecPkgContext_NegoPackageInfo = ^SecPkgContext_NegoPackageInfo; {$EXTERNALSYM PSecPkgContext_NegoPackageInfo} SecPkgContext_NegoPackageInfo = record PackageMask: ULONG; end; {$EXTERNALSYM SecPkgContext_NegoPackageInfo} PSecPkgContext_NegoStatus = ^SecPkgContext_NegoStatus; {$EXTERNALSYM PSecPkgContext_NegoStatus} SecPkgContext_NegoStatus = record LastStatus: ULONG; end; {$EXTERNALSYM SecPkgContext_NegoStatus} PSecPkgContext_Sizes = ^SecPkgContext_Sizes; {$EXTERNALSYM PSecPkgContext_Sizes} SecPkgContext_Sizes = record cbMaxToken: ULONG; cbMaxSignature: ULONG; cbBlockSize: ULONG; cbSecurityTrailer: ULONG; end; {$EXTERNALSYM SecPkgContext_Sizes} PSecPkgContext_StreamSizes = ^SecPkgContext_StreamSizes; {$EXTERNALSYM PSecPkgContext_StreamSizes} SecPkgContext_StreamSizes = record cbHeader: ULONG; cbTrailer: ULONG; cbMaximumMessage: ULONG; cBuffers: ULONG; cbBlockSize: ULONG; end; {$EXTERNALSYM SecPkgContext_StreamSizes} PSecPkgContext_NamesW = ^SecPkgContext_NamesW; {$EXTERNALSYM PSecPkgContext_NamesW} SecPkgContext_NamesW = record sUserName: PSEC_WCHAR; end; {$EXTERNALSYM SecPkgContext_NamesW} PSECPKG_ATTR_LCT_STATUS = ^SECPKG_ATTR_LCT_STATUS; {$EXTERNALSYM PSECPKG_ATTR_LCT_STATUS} SECPKG_ATTR_LCT_STATUS = ( SecPkgAttrLastClientTokenYes, SecPkgAttrLastClientTokenNo, SecPkgAttrLastClientTokenMaybe ); {$EXTERNALSYM SECPKG_ATTR_LCT_STATUS} PSecPkgContext_LastClientTokenStatus = ^SecPkgContext_LastClientTokenStatus; {$EXTERNALSYM PSecPkgContext_LastClientTokenStatus} SecPkgContext_LastClientTokenStatus = record LastClientTokenStatus: SECPKG_ATTR_LCT_STATUS; end; {$EXTERNALSYM SecPkgContext_LastClientTokenStatus} PSecPkgContext_NamesA = ^SecPkgContext_NamesA; {$EXTERNALSYM PSecPkgContext_NamesA} SecPkgContext_NamesA = record sUserName: PSEC_CHAR; end; {$EXTERNALSYM SecPkgContext_NamesA} {$IFDEF SSPI_UNICODE} SecPkgContext_Names = SecPkgContext_NamesW; PSecPkgContext_Names = PSecPkgContext_NamesW; {$ELSE} SecPkgContext_Names = SecPkgContext_NamesA; PSecPkgContext_Names = PSecPkgContext_NamesA; {$ENDIF} {$EXTERNALSYM SecPkgContext_Names} {$EXTERNALSYM PSecPkgContext_Names} PSecPkgContext_Lifespan = ^SecPkgContext_Lifespan; {$EXTERNALSYM PSecPkgContext_Lifespan} SecPkgContext_Lifespan = record tsStart: TimeStamp; tsExpiry: TimeStamp; end; {$EXTERNALSYM SecPkgContext_Lifespan} PSecPkgContext_DceInfo = ^SecPkgContext_DceInfo; {$EXTERNALSYM PSecPkgContext_DceInfo} SecPkgContext_DceInfo = record AuthzSvc: ULONG; pPac: PVOID; end; {$EXTERNALSYM SecPkgContext_DceInfo} PSecPkgContext_KeyInfoA = ^SecPkgContext_KeyInfoA; {$EXTERNALSYM PSecPkgContext_KeyInfoA} SecPkgContext_KeyInfoA = record sSignatureAlgorithmName: PSEC_CHAR; sEncryptAlgorithmName: PSEC_CHAR; KeySize: ULONG; SignatureAlgorithm: ULONG; EncryptAlgorithm: ULONG; end; {$EXTERNALSYM SecPkgContext_KeyInfoA} PSecPkgContext_KeyInfoW = ^SecPkgContext_KeyInfoW; {$EXTERNALSYM PSecPkgContext_KeyInfoW} SecPkgContext_KeyInfoW = record sSignatureAlgorithmName: PSEC_WCHAR; sEncryptAlgorithmName: PSEC_WCHAR; KeySize: ULONG; SignatureAlgorithm: ULONG; EncryptAlgorithm: ULONG; end; {$EXTERNALSYM SecPkgContext_KeyInfoW} {$IFDEF SSPI_UNICODE} SecPkgContext_KeyInfo = SecPkgContext_KeyInfoW; PSecPkgContext_KeyInfo = PSecPkgContext_KeyInfoW; {$ELSE} SecPkgContext_KeyInfo = SecPkgContext_KeyInfoA; PSecPkgContext_KeyInfo = PSecPkgContext_KeyInfoA; {$ENDIF} {$EXTERNALSYM SecPkgContext_KeyInfo} {$EXTERNALSYM PSecPkgContext_KeyInfo} PSecPkgContext_AuthorityA = ^SecPkgContext_AuthorityA; {$EXTERNALSYM PSecPkgContext_AuthorityA} SecPkgContext_AuthorityA = record sAuthorityName: PSEC_CHAR; end; {$EXTERNALSYM SecPkgContext_AuthorityA} PSecPkgContext_AuthorityW = ^SecPkgContext_AuthorityW; {$EXTERNALSYM PSecPkgContext_AuthorityW} SecPkgContext_AuthorityW = record sAuthorityName: PSEC_WCHAR; end; {$EXTERNALSYM SecPkgContext_AuthorityW} {$IFDEF SSPI_UNICODE} SecPkgContext_Authority = SecPkgContext_AuthorityW; PSecPkgContext_Authority = PSecPkgContext_AuthorityW; {$ELSE} SecPkgContext_Authority = SecPkgContext_AuthorityA; PSecPkgContext_Authority = PSecPkgContext_AuthorityA; {$ENDIF} {$EXTERNALSYM SecPkgContext_Authority} {$EXTERNALSYM PSecPkgContext_Authority} PSecPkgContext_ProtoInfoA = ^SecPkgContext_ProtoInfoA; {$EXTERNALSYM PSecPkgContext_ProtoInfoA} SecPkgContext_ProtoInfoA = record sProtocolName: PSEC_CHAR; majorVersion: ULONG; minorVersion: ULONG; end; {$EXTERNALSYM SecPkgContext_ProtoInfoA} PSecPkgContext_ProtoInfoW = ^SecPkgContext_ProtoInfoW; {$EXTERNALSYM PSecPkgContext_ProtoInfoW} SecPkgContext_ProtoInfoW = record sProtocolName: PSEC_WCHAR; majorVersion: ULONG; minorVersion: ULONG; end; {$EXTERNALSYM SecPkgContext_ProtoInfoW} {$IFDEF SSPI_UNICODE} SecPkgContext_ProtoInfo = SecPkgContext_ProtoInfoW; PSecPkgContext_ProtoInfo = PSecPkgContext_ProtoInfoW; {$ELSE} SecPkgContext_ProtoInfo = SecPkgContext_ProtoInfoA; PSecPkgContext_ProtoInfo = PSecPkgContext_ProtoInfoA; {$ENDIF} {$EXTERNALSYM SecPkgContext_ProtoInfo} {$EXTERNALSYM PSecPkgContext_ProtoInfo} PSecPkgContext_PasswordExpiry = ^SecPkgContext_PasswordExpiry; {$EXTERNALSYM PSecPkgContext_PasswordExpiry} SecPkgContext_PasswordExpiry = record tsPasswordExpires: TimeStamp; end; {$EXTERNALSYM SecPkgContext_PasswordExpiry} PSecPkgContext_LogoffTime = ^SecPkgContext_LogoffTime; {$EXTERNALSYM PSecPkgContext_LogoffTime} SecPkgContext_LogoffTime = record tsLogoffTime: TimeStamp; end; {$EXTERNALSYM SecPkgContext_LogoffTime} PSecPkgContext_SessionKey = ^SecPkgContext_SessionKey; {$EXTERNALSYM PSecPkgContext_SessionKey} SecPkgContext_SessionKey = record SessionKeyLength: ULONG; SessionKey: PUCHAR; end; {$EXTERNALSYM SecPkgContext_SessionKey} // used by nego2 PSecPkgContext_NegoKeys = ^SecPkgContext_NegoKeys; {$EXTERNALSYM PSecPkgContext_NegoKeys} SecPkgContext_NegoKeys = record KeyType: ULONG; KeyLength: USHORT; KeyValue: PUCHAR; VerifyKeyType: ULONG; VerifyKeyLength: USHORT; VerifyKeyValue: PUCHAR; end; {$EXTERNALSYM SecPkgContext_NegoKeys} PSecPkgContext_PackageInfoW = ^SecPkgContext_PackageInfoW; {$EXTERNALSYM PSecPkgContext_PackageInfoW} SecPkgContext_PackageInfoW = record PackageInfo: PSecPkgInfoW; end; {$EXTERNALSYM SecPkgContext_PackageInfoW} PSecPkgContext_PackageInfoA = ^SecPkgContext_PackageInfoA; {$EXTERNALSYM PSecPkgContext_PackageInfoA} SecPkgContext_PackageInfoA = record PackageInfo: PSecPkgInfoA; end; {$EXTERNALSYM SecPkgContext_PackageInfoA} PSecPkgContext_UserFlags = ^SecPkgContext_UserFlags; {$EXTERNALSYM PSecPkgContext_UserFlags} SecPkgContext_UserFlags = record UserFlags: ULONG; end; {$EXTERNALSYM SecPkgContext_UserFlags} PSecPkgContext_Flags = ^SecPkgContext_Flags; {$EXTERNALSYM PSecPkgContext_Flags} SecPkgContext_Flags = record Flags: ULONG; end; {$EXTERNALSYM SecPkgContext_Flags} {$IFDEF SSPI_UNICODE} SecPkgContext_PackageInfo = SecPkgContext_PackageInfoW; PSecPkgContext_PackageInfo = PSecPkgContext_PackageInfoW; {$ELSE} SecPkgContext_PackageInfo = SecPkgContext_PackageInfoA; PSecPkgContext_PackageInfo = PSecPkgContext_PackageInfoA; {$ENDIF} {$EXTERNALSYM SecPkgContext_PackageInfo} {$EXTERNALSYM PSecPkgContext_PackageInfo} PSecPkgContext_NegotiationInfoA = ^SecPkgContext_NegotiationInfoA; {$EXTERNALSYM PSecPkgContext_NegotiationInfoA} SecPkgContext_NegotiationInfoA = record PackageInfo: PSecPkgInfoA; NegotiationState: ULONG; end; {$EXTERNALSYM SecPkgContext_NegotiationInfoA} PSecPkgContext_NegotiationInfoW = ^SecPkgContext_NegotiationInfoW; {$EXTERNALSYM PSecPkgContext_NegotiationInfoW} SecPkgContext_NegotiationInfoW = record PackageInfo: PSecPkgInfoW; NegotiationState: ULONG; end; {$EXTERNALSYM SecPkgContext_NegotiationInfoW} {$IFDEF SSPI_UNICODE} SecPkgContext_NegotiationInfo = SecPkgContext_NegotiationInfoW; PSecPkgContext_NegotiationInfo = PSecPkgContext_NegotiationInfoW; {$ELSE} SecPkgContext_NegotiationInfo = SecPkgContext_NegotiationInfoA; PSecPkgContext_NegotiationInfo = PSecPkgContext_NegotiationInfoA; {$ENDIF} {$EXTERNALSYM SecPkgContext_NegotiationInfo} {$EXTERNALSYM PSecPkgContext_NegotiationInfo} const SECPKG_NEGOTIATION_COMPLETE = 0; {$EXTERNALSYM SECPKG_NEGOTIATION_COMPLETE} SECPKG_NEGOTIATION_OPTIMISTIC = 1; {$EXTERNALSYM SECPKG_NEGOTIATION_OPTIMISTIC} SECPKG_NEGOTIATION_IN_PROGRESS = 2; {$EXTERNALSYM SECPKG_NEGOTIATION_IN_PROGRESS} SECPKG_NEGOTIATION_DIRECT = 3; {$EXTERNALSYM SECPKG_NEGOTIATION_DIRECT} SECPKG_NEGOTIATION_TRY_MULTICRED = 4; {$EXTERNALSYM SECPKG_NEGOTIATION_TRY_MULTICRED} type PSecPkgContext_NativeNamesW = ^SecPkgContext_NativeNamesW; {$EXTERNALSYM PSecPkgContext_NativeNamesW} SecPkgContext_NativeNamesW = record sClientName: PSEC_WCHAR; sServerName: PSEC_WCHAR; end; {$EXTERNALSYM SecPkgContext_NativeNamesW} PSecPkgContext_NativeNamesA = ^SecPkgContext_NativeNamesA; {$EXTERNALSYM PSecPkgContext_NativeNamesA} SecPkgContext_NativeNamesA = record sClientName: PSEC_CHAR; sServerName: PSEC_CHAR; end; {$EXTERNALSYM SecPkgContext_NativeNamesA} {$IFDEF SSPI_UNICODE} SecPkgContext_NativeNames = SecPkgContext_NativeNamesW; PSecPkgContext_NativeNames = PSecPkgContext_NativeNamesW; {$ELSE} SecPkgContext_NativeNames = SecPkgContext_NativeNamesA; PSecPkgContext_NativeNames = PSecPkgContext_NativeNamesA; {$ENDIF} {$EXTERNALSYM SecPkgContext_NativeNames} {$EXTERNALSYM PSecPkgContext_NativeNames} PSecPkgContext_CredentialNameW = ^SecPkgContext_CredentialNameW; {$EXTERNALSYM PSecPkgContext_CredentialNameW} SecPkgContext_CredentialNameW = record CredentialType: ULONG; sCredentialName: PSEC_WCHAR; end; {$EXTERNALSYM SecPkgContext_CredentialNameW} PSecPkgContext_CredentialNameA = ^SecPkgContext_CredentialNameA; {$EXTERNALSYM PSecPkgContext_CredentialNameA} SecPkgContext_CredentialNameA = record CredentialType: ULONG; sCredentialName: PSEC_CHAR; end; {$EXTERNALSYM SecPkgContext_CredentialNameA} {$IFDEF SSPI_UNICODE} SecPkgContext_CredentialName = SecPkgContext_CredentialNameW; PSecPkgContext_CredentialName = PSecPkgContext_CredentialNameW; {$ELSE} SecPkgContext_CredentialName = SecPkgContext_CredentialNameA; PSecPkgContext_CredentialName = PSecPkgContext_CredentialNameA; {$ENDIF} {$EXTERNALSYM SecPkgContext_CredentialName} {$EXTERNALSYM PSecPkgContext_CredentialName} PSecPkgContext_AccessToken = ^SecPkgContext_AccessToken; {$EXTERNALSYM PSecPkgContext_AccessToken} SecPkgContext_AccessToken = record AccessToken: PVOID; end; {$EXTERNALSYM SecPkgContext_AccessToken} PSecPkgContext_TargetInformation = ^SecPkgContext_TargetInformation; {$EXTERNALSYM PSecPkgContext_TargetInformation} SecPkgContext_TargetInformation = record MarshalledTargetInfoLength: ULONG; MarshalledTargetInfo: PUCHAR; end; {$EXTERNALSYM SecPkgContext_TargetInformation} PSecPkgContext_AuthzID = ^SecPkgContext_AuthzID; {$EXTERNALSYM PSecPkgContext_AuthzID} SecPkgContext_AuthzID = record AuthzIDLength: ULONG; AuthzID: PAnsiChar; end; {$EXTERNALSYM SecPkgContext_AuthzID} PSecPkgContext_Target = ^SecPkgContext_Target; {$EXTERNALSYM PSecPkgContext_Target} SecPkgContext_Target = record TargetLength: ULONG; Target: PAnsiChar; end; {$EXTERNALSYM SecPkgContext_Target} PSecPkgContext_ClientSpecifiedTarget = ^SecPkgContext_ClientSpecifiedTarget; {$EXTERNALSYM PSecPkgContext_ClientSpecifiedTarget} SecPkgContext_ClientSpecifiedTarget = record sTargetName: PSEC_WCHAR; end; {$EXTERNALSYM SecPkgContext_ClientSpecifiedTarget} PSecPkgContext_Bindings = ^SecPkgContext_Bindings; {$EXTERNALSYM PSecPkgContext_Bindings} SecPkgContext_Bindings = record BindingsLength: ULONG; Bindings: PSEC_CHANNEL_BINDINGS; end; {$EXTERNALSYM SecPkgContext_Bindings} SEC_GET_KEY_FN = procedure( Arg: PVOID; // Argument passed in Principal: PVOID; // Principal ID KeyVer: ULONG; // Key Version Key: PPVOID; // Returned ptr to key Status: PSECURITY_STATUS // returned status ); stdcall; {$EXTERNALSYM SEC_GET_KEY_FN} // // Flags for ExportSecurityContext // const SECPKG_CONTEXT_EXPORT_RESET_NEW = $00000001; // New context is reset to initial state {$EXTERNALSYM SECPKG_CONTEXT_EXPORT_RESET_NEW} SECPKG_CONTEXT_EXPORT_DELETE_OLD = $00000002; // Old context is deleted during export {$EXTERNALSYM SECPKG_CONTEXT_EXPORT_DELETE_OLD} // This is only valid in W2K3SP1 and greater SECPKG_CONTEXT_EXPORT_TO_KERNEL = $00000004; // Context is to be transferred to the kernel {$EXTERNALSYM SECPKG_CONTEXT_EXPORT_TO_KERNEL} type ACQUIRE_CREDENTIALS_HANDLE_FN_W = function( // AcquireCredentialsHandleW pszPrincipal: PSEC_WCHAR; // Name of principal pszPackage: PSEC_WCHAR; // Name of package fCredentialUse: ULONG; // Flags indicating use pvLogonId: PVOID; // Pointer to logon ID pAuthData: PVOID; // Package specific data pGetKeyFn: SEC_GET_KEY_FN; // Pointer to GetKey() func pvGetKeyArgument: PVOID; // Value to pass to GetKey() phCredential: PCredHandle; // (out) Cred Handle ptsExpiry: PTimeStamp // (out) Lifetime (optional) ): SECURITY_STATUS; stdcall; {$EXTERNALSYM ACQUIRE_CREDENTIALS_HANDLE_FN_W} ACQUIRE_CREDENTIALS_HANDLE_FN_A = function( // AcquireCredentialsHandleW pszPrincipal: PSEC_CHAR; // Name of principal pszPackage: PSEC_CHAR; // Name of package fCredentialUse: ULONG; // Flags indicating use pvLogonId: PVOID; // Pointer to logon ID pAuthData: PVOID; // Package specific data pGetKeyFn: SEC_GET_KEY_FN; // Pointer to GetKey() func pvGetKeyArgument: PVOID; // Value to pass to GetKey() phCredential: PCredHandle; // (out) Cred Handle ptsExpiry: PTimeStamp // (out) Lifetime (optional) ): SECURITY_STATUS; stdcall; {$EXTERNALSYM ACQUIRE_CREDENTIALS_HANDLE_FN_A} {$IFDEF SSPI_UNICODE} ACQUIRE_CREDENTIALS_HANDLE_FN = ACQUIRE_CREDENTIALS_HANDLE_FN_W; {$ELSE} ACQUIRE_CREDENTIALS_HANDLE_FN = ACQUIRE_CREDENTIALS_HANDLE_FN_A; {$ENDIF} {$EXTERNALSYM ACQUIRE_CREDENTIALS_HANDLE_FN} FREE_CREDENTIALS_HANDLE_FN = function( // FreeCredentialsHandle phCredential: PCredHandle // Handle to free ): SECURITY_STATUS; stdcall; {$EXTERNALSYM FREE_CREDENTIALS_HANDLE_FN} ADD_CREDENTIALS_FN_W = function( // AddCredentialsW hCredentials: PCredHandle; pszPrincipal: PSEC_WCHAR; // Name of principal pszPackage: PSEC_WCHAR; // Name of package fCredentialUse: ULONG; // Flags indicating use pAuthData: PVOID; // Package specific data pGetKeyFn: SEC_GET_KEY_FN; // Pointer to GetKey() func pvGetKeyArgument: PVOID; // Value to pass to GetKey() ptsExpiry: PTimeStamp // (out) Lifetime (optional) ): SECURITY_STATUS; stdcall; {$EXTERNALSYM ADD_CREDENTIALS_FN_W} ADD_CREDENTIALS_FN_A = function( // AddCredentialsA hCredentials: PCredHandle; pszPrincipal: PSEC_CHAR; // Name of principal pszPackage: PSEC_CHAR; // Name of package fCredentialUse: ULONG; // Flags indicating use pAuthData: PVOID; // Package specific data pGetKeyFn: SEC_GET_KEY_FN; // Pointer to GetKey() func pvGetKeyArgument: PVOID; // Value to pass to GetKey() ptsExpiry: PTimeStamp // (out) Lifetime (optional) ): SECURITY_STATUS; stdcall; {$EXTERNALSYM ADD_CREDENTIALS_FN_A} {$IFDEF SSPI_UNICODE} ADD_CREDENTIALS_FN = ADD_CREDENTIALS_FN_W; {$ELSE} ADD_CREDENTIALS_FN = ADD_CREDENTIALS_FN_A; {$ENDIF} {$EXTERNALSYM ADD_CREDENTIALS_FN} (* #ifdef WIN32_CHICAGO SECURITY_STATUS SEC_ENTRY SspiLogonUserW( SEC_WCHAR SEC_FAR * pszPackage, // Name of package SEC_WCHAR SEC_FAR * pszUserName, // Name of package SEC_WCHAR SEC_FAR * pszDomainName, // Name of package SEC_WCHAR SEC_FAR * pszPassword // Name of package ); typedef SECURITY_STATUS (SEC_ENTRY * SSPI_LOGON_USER_FN_W)( SEC_CHAR SEC_FAR *, SEC_CHAR SEC_FAR *, SEC_CHAR SEC_FAR *, SEC_CHAR SEC_FAR * ); SECURITY_STATUS SEC_ENTRY SspiLogonUserA( SEC_CHAR SEC_FAR * pszPackage, // Name of package SEC_CHAR SEC_FAR * pszUserName, // Name of package SEC_CHAR SEC_FAR * pszDomainName, // Name of package SEC_CHAR SEC_FAR * pszPassword // Name of package ); typedef SECURITY_STATUS (SEC_ENTRY * SSPI_LOGON_USER_FN_A)( SEC_CHAR SEC_FAR *, SEC_CHAR SEC_FAR *, SEC_CHAR SEC_FAR *, SEC_CHAR SEC_FAR * ); #ifdef UNICODE #define SspiLogonUser SspiLogonUserW // ntifs #define SSPI_LOGON_USER_FN SSPI_LOGON_USER_FN_W #else #define SspiLogonUser SspiLogonUserA #define SSPI_LOGON_USER_FN SSPI_LOGON_USER_FN_A #endif // !UNICODE #endif // WIN32_CHICAGO *) //////////////////////////////////////////////////////////////////////// /// /// Password Change Functions /// //////////////////////////////////////////////////////////////////////// CHANGE_PASSWORD_FN_W = function( // ChangeAccountPasswordW pszPackageName: PSEC_WCHAR; pszDomainName: PSEC_WCHAR; pszAccountName: PSEC_WCHAR; pszOldPassword: PSEC_WCHAR; pszNewPassword: PSEC_WCHAR; bImpersonating: BOOLEAN; dwReserved: ULONG; pOutput: PSecBufferDesc ): SECURITY_STATUS; stdcall; {$EXTERNALSYM CHANGE_PASSWORD_FN_W} CHANGE_PASSWORD_FN_A = function( // ChangeAccountPasswordA pszPackageName: PSEC_CHAR; pszDomainName: PSEC_CHAR; pszAccountName: PSEC_CHAR; pszOldPassword: PSEC_CHAR; pszNewPassword: PSEC_CHAR; bImpersonating: BOOLEAN; dwReserved: ULONG; pOutput: PSecBufferDesc ): SECURITY_STATUS; stdcall; {$EXTERNALSYM CHANGE_PASSWORD_FN_A} {$IFDEF SSPI_UNICODE} CHANGE_PASSWORD_FN = CHANGE_PASSWORD_FN_W; {$ELSE} CHANGE_PASSWORD_FN = CHANGE_PASSWORD_FN_A; {$ENDIF} {$EXTERNALSYM CHANGE_PASSWORD_FN} //////////////////////////////////////////////////////////////////////// /// /// Context Management Functions /// //////////////////////////////////////////////////////////////////////// INITIALIZE_SECURITY_CONTEXT_FN_W = function( // InitializeSecurityContextW phCredential: PCredHandle; // Cred to base context phContext: PCtxtHandle; // Existing context (OPT) pszTargetName: PSEC_WCHAR; // Name of target fContextReq: ULONG; // Context Requirements Reserved1: ULONG; // Reserved, MBZ TargetDataRep: ULONG; // Data rep of target pInput: PSecBufferDesc; // Input Buffers Reserved2: ULONG; // Reserved, MBZ phNewContext: PCtxtHandle; // (out) New Context handle pOutput: PSecBufferDesc; // (inout) Output Buffers pfContextAttr: PULONG; // (out) Context attrs ptsExpiry: PTimeStamp // (out) Life span (OPT) ): SECURITY_STATUS; stdcall; {$EXTERNALSYM INITIALIZE_SECURITY_CONTEXT_FN_W} INITIALIZE_SECURITY_CONTEXT_FN_A = function( // InitializeSecurityContextA phCredential: PCredHandle; // Cred to base context phContext: PCtxtHandle; // Existing context (OPT) pszTargetName: PSEC_CHAR; // Name of target fContextReq: ULONG; // Context Requirements Reserved1: ULONG; // Reserved, MBZ TargetDataRep: ULONG; // Data rep of target pInput: PSecBufferDesc; // Input Buffers Reserved2: ULONG; // Reserved, MBZ phNewContext: PCtxtHandle; // (out) New Context handle pOutput: PSecBufferDesc; // (inout) Output Buffers pfContextAttr: PULONG; // (out) Context attrs ptsExpiry: PTimeStamp // (out) Life span (OPT) ): SECURITY_STATUS; stdcall; {$EXTERNALSYM INITIALIZE_SECURITY_CONTEXT_FN_A} {$IFDEF SSPI_UNICODE} INITIALIZE_SECURITY_CONTEXT_FN = INITIALIZE_SECURITY_CONTEXT_FN_W; {$ELSE} INITIALIZE_SECURITY_CONTEXT_FN = INITIALIZE_SECURITY_CONTEXT_FN_A; {$ENDIF} {$EXTERNALSYM INITIALIZE_SECURITY_CONTEXT_FN} ACCEPT_SECURITY_CONTEXT_FN = function( // AcceptSecurityContext phCredential: PCredHandle; // Cred to base context phContext: PCtxtHandle; // Existing context (OPT) pInput: PSecBufferDesc; // Input buffer fContextReq: ULONG; // Context Requirements TargetDataRep: ULONG; // Target Data Rep phNewContext: PCtxtHandle; // (out) New context handle pOutput: PSecBufferDesc; // (inout) Output buffers pfContextAttr: PULONG; // (out) Context attributes ptsExpiry: PTimeStamp // (out) Life span (OPT) ): SECURITY_STATUS; stdcall; {$EXTERNALSYM ACCEPT_SECURITY_CONTEXT_FN} COMPLETE_AUTH_TOKEN_FN = function( // CompleteAuthToken phContext: PCtxtHandle; // Context to complete pToken: PSecBufferDesc // Token to complete ): SECURITY_STATUS; stdcall; {$EXTERNALSYM COMPLETE_AUTH_TOKEN_FN} IMPERSONATE_SECURITY_CONTEXT_FN = function( // ImpersonateSecurityContext phContext: PCtxtHandle ): SECURITY_STATUS; stdcall; {$EXTERNALSYM IMPERSONATE_SECURITY_CONTEXT_FN} REVERT_SECURITY_CONTEXT_FN = function( // RevertSecurityContext phContext: PCtxtHandle ): SECURITY_STATUS; stdcall; {$EXTERNALSYM REVERT_SECURITY_CONTEXT_FN} QUERY_SECURITY_CONTEXT_TOKEN_FN = function( // QuerySecurityContextToken phContext: PCtxtHandle; Token: PPVOID ): SECURITY_STATUS; stdcall; {$EXTERNALSYM QUERY_SECURITY_CONTEXT_TOKEN_FN} DELETE_SECURITY_CONTEXT_FN = function( // DeleteSecurityContext phContext: PCtxtHandle ): SECURITY_STATUS; stdcall; {$EXTERNALSYM DELETE_SECURITY_CONTEXT_FN} APPLY_CONTROL_TOKEN_FN = function( // ApplyControlToken phContext: PCtxtHandle; // Context to modify pInput: PSecBufferDesc // Input token to apply ): SECURITY_STATUS; stdcall; {$EXTERNALSYM APPLY_CONTROL_TOKEN_FN} QUERY_CONTEXT_ATTRIBUTES_FN_W = function( // QueryContextAttributesW phContext: PCtxtHandle; // Context to query ulAttribute: ULONG; // Attribute to query pBuffer: PVOID // Buffer for attributes ): SECURITY_STATUS; stdcall; {$EXTERNALSYM QUERY_CONTEXT_ATTRIBUTES_FN_W} QUERY_CONTEXT_ATTRIBUTES_FN_A = function( // QueryContextAttributesA phContext: PCtxtHandle; // Context to query ulAttribute: ULONG; // Attribute to query pBuffer: PVOID // Buffer for attributes ): SECURITY_STATUS; stdcall; {$EXTERNALSYM QUERY_CONTEXT_ATTRIBUTES_FN_A} {$IFDEF SSPI_UNICODE} QUERY_CONTEXT_ATTRIBUTES_FN = QUERY_CONTEXT_ATTRIBUTES_FN_W; {$ELSE} QUERY_CONTEXT_ATTRIBUTES_FN = QUERY_CONTEXT_ATTRIBUTES_FN_A; {$ENDIF} {$EXTERNALSYM QUERY_CONTEXT_ATTRIBUTES_FN} SET_CONTEXT_ATTRIBUTES_FN_W = function( // SetContextAttributesW phContext: PCtxtHandle; // Context to Set ulAttribute: ULONG; // Attribute to Set pBuffer: PVOID; // Buffer for attributes cbBuffer: ULONG // Size (in bytes) of Buffer ): SECURITY_STATUS; stdcall; {$EXTERNALSYM SET_CONTEXT_ATTRIBUTES_FN_W} SET_CONTEXT_ATTRIBUTES_FN_A = function( // SetContextAttributesA phContext: PCtxtHandle; // Context to Set ulAttribute: ULONG; // Attribute to Set pBuffer: PVOID; // Buffer for attributes cbBuffer: ULONG // Size (in bytes) of Buffer ): SECURITY_STATUS; stdcall; {$EXTERNALSYM SET_CONTEXT_ATTRIBUTES_FN_A} QUERY_CREDENTIALS_ATTRIBUTES_FN_W = function( // QueryCredentialsAttributesW phCredential: PCredHandle; // Credential to query ulAttribute: ULONG; // Attribute to query pBuffer: PVOID // Buffer for attributes ): SECURITY_STATUS; stdcall; {$EXTERNALSYM QUERY_CREDENTIALS_ATTRIBUTES_FN_W} QUERY_CREDENTIALS_ATTRIBUTES_FN_A = function( // QueryCredentialsAttributesA phCredential: PCredHandle; // Credential to query ulAttribute: ULONG; // Attribute to query pBuffer: PVOID // Buffer for attributes ): SECURITY_STATUS; stdcall; {$EXTERNALSYM QUERY_CREDENTIALS_ATTRIBUTES_FN_A} {$IFDEF SSPI_UNICODE} QUERY_CREDENTIALS_ATTRIBUTES_FN = QUERY_CREDENTIALS_ATTRIBUTES_FN_W; {$ELSE} QUERY_CREDENTIALS_ATTRIBUTES_FN = QUERY_CREDENTIALS_ATTRIBUTES_FN_A; {$ENDIF} {$EXTERNALSYM QUERY_CREDENTIALS_ATTRIBUTES_FN} SET_CREDENTIALS_ATTRIBUTES_FN_W = function( // SetCredentialsAttributesW phCredential: PCredHandle; // Credential to Set ulAttribute: ULONG; // Attribute to Set pBuffer: PVOID; // Buffer for attributes cbBuffer: ULONG // Size (in bytes) of Buffer ): SECURITY_STATUS; stdcall; {$EXTERNALSYM SET_CREDENTIALS_ATTRIBUTES_FN_W} SET_CREDENTIALS_ATTRIBUTES_FN_A = function( // SetCredentialsAttributesA phCredential: PCredHandle; // Credential to Set ulAttribute: ULONG; // Attribute to Set pBuffer: PVOID; // Buffer for attributes cbBuffer: ULONG // Size (in bytes) of Buffer ): SECURITY_STATUS; stdcall; {$EXTERNALSYM SET_CREDENTIALS_ATTRIBUTES_FN_A} FREE_CONTEXT_BUFFER_FN = function( // FreeContextBuffer pvContextBuffer: PVOID // buffer to free ): SECURITY_STATUS; stdcall; {$EXTERNALSYM FREE_CONTEXT_BUFFER_FN} /////////////////////////////////////////////////////////////////// //// //// Message Support API //// ////////////////////////////////////////////////////////////////// type MAKE_SIGNATURE_FN = function( // MakeSignature phContext: PCtxtHandle; // Context to use fQOP: ULONG; // Quality of Protection pMessage: PSecBufferDesc; // Message to sign MessageSeqNo: ULONG // Message Sequence Num. ): SECURITY_STATUS; stdcall; {$EXTERNALSYM MAKE_SIGNATURE_FN} VERIFY_SIGNATURE_FN = function( // VerifySignature phContext: PCtxtHandle; // Context to use pMessage: PSecBufferDesc; // Message to verify MessageSeqNo: ULONG; // Sequence Num. pfQOP: PULONG // QOP used ): SECURITY_STATUS; stdcall; {$EXTERNALSYM VERIFY_SIGNATURE_FN} ENCRYPT_MESSAGE_FN = function( // EncryptMessage phContext: PCtxtHandle; fQOP: ULONG; pMessage: PSecBufferDesc; MessageSeqNo: ULONG ): SECURITY_STATUS; stdcall; {$EXTERNALSYM ENCRYPT_MESSAGE_FN} DECRYPT_MESSAGE_FN = function( // DecryptMessage phContext: PCtxtHandle; pMessage: PSecBufferDesc; MessageSeqNo: ULONG; pfQOP: PULONG ): SECURITY_STATUS; stdcall; {$EXTERNALSYM DECRYPT_MESSAGE_FN} /////////////////////////////////////////////////////////////////////////// //// //// Misc. //// /////////////////////////////////////////////////////////////////////////// type ENUMERATE_SECURITY_PACKAGES_FN_W = function( // EnumerateSecurityPackagesW pcPackages: PULONG; // Receives num. packages ppPackageInfo: PPSecPkgInfoW // Receives array of info ): SECURITY_STATUS; stdcall; {$EXTERNALSYM ENUMERATE_SECURITY_PACKAGES_FN_W} ENUMERATE_SECURITY_PACKAGES_FN_A = function( // EnumerateSecurityPackagesA pcPackages: PULONG; // Receives num. packages ppPackageInfo: PPSecPkgInfoA // Receives array of info ): SECURITY_STATUS; stdcall; {$EXTERNALSYM ENUMERATE_SECURITY_PACKAGES_FN_A} {$IFDEF SSPI_UNICODE} ENUMERATE_SECURITY_PACKAGES_FN = ENUMERATE_SECURITY_PACKAGES_FN_W; {$ELSE} ENUMERATE_SECURITY_PACKAGES_FN = ENUMERATE_SECURITY_PACKAGES_FN_A; {$ENDIF} {$EXTERNALSYM ENUMERATE_SECURITY_PACKAGES_FN} QUERY_SECURITY_PACKAGE_INFO_FN_W = function( // QuerySecurityPackageInfoW pszPackageName: PSEC_WCHAR; // Name of package ppPackageInfo: PPSecPkgInfoW // Receives package info ): SECURITY_STATUS; stdcall; {$EXTERNALSYM QUERY_SECURITY_PACKAGE_INFO_FN_W} QUERY_SECURITY_PACKAGE_INFO_FN_A = function( // QuerySecurityPackageInfoA pszPackageName: PSEC_CHAR; // Name of package ppPackageInfo: PPSecPkgInfoA // Receives package info ): SECURITY_STATUS; stdcall; {$EXTERNALSYM QUERY_SECURITY_PACKAGE_INFO_FN_A} {$IFDEF SSPI_UNICODE} QUERY_SECURITY_PACKAGE_INFO_FN = QUERY_SECURITY_PACKAGE_INFO_FN_W; {$ELSE} QUERY_SECURITY_PACKAGE_INFO_FN = QUERY_SECURITY_PACKAGE_INFO_FN_A; {$ENDIF} {$EXTERNALSYM QUERY_SECURITY_PACKAGE_INFO_FN} PSecDelegationType = ^SecDelegationType; {$EXTERNALSYM PSecDelegationType} SecDelegationType = ( SecFull, SecService, SecTree, SecDirectory, SecObject ); {$EXTERNALSYM SecDelegationType} DELEGATE_SECURITY_CONTEXT_FN = function( // DelegateSecurityContext phContext: PCtxtHandle; // IN Active context to delegate pszTarget: PSEC_CHAR; DelegationType: SecDelegationType; // IN Type of delegation pExpiry: PTimeStamp; // IN OPTIONAL time limit pPackageParameters: PSecBuffer; // IN OPTIONAL package specific pOutput: PSecBufferDesc // OUT Token for applycontroltoken. ): SECURITY_STATUS; stdcall; {$EXTERNALSYM DELEGATE_SECURITY_CONTEXT_FN} /////////////////////////////////////////////////////////////////////////// //// //// Proxies //// /////////////////////////////////////////////////////////////////////////// // // Proxies are only available on NT platforms // /////////////////////////////////////////////////////////////////////////// //// //// Context export/import //// /////////////////////////////////////////////////////////////////////////// type EXPORT_SECURITY_CONTEXT_FN = function( // ExportSecurityContext phContext: PCtxtHandle; // (in) context to export fFlags: ULONG; // (in) option flags pPackedContext: PSecBuffer; // (out) marshalled context pToken: PPVOID // (out, optional) token handle for impersonation ): SECURITY_STATUS; stdcall; {$EXTERNALSYM EXPORT_SECURITY_CONTEXT_FN} IMPORT_SECURITY_CONTEXT_FN_W = function( // ImportSecurityContextW pszPackage: PSEC_WCHAR; pPackedContext: PSecBuffer; // (in) marshalled context Token: PVOID; // (in, optional) handle to token for context phContext: PCtxtHandle // (out) new context handle ): SECURITY_STATUS; stdcall; {$EXTERNALSYM IMPORT_SECURITY_CONTEXT_FN_W} IMPORT_SECURITY_CONTEXT_FN_A = function( // ImportSecurityContextA pszPackage: PSEC_CHAR; pPackedContext: PSecBuffer; // (in) marshalled context Token: PVOID; // (in, optional) handle to token for context phContext: PCtxtHandle // (out) new context handle ): SECURITY_STATUS; stdcall; {$EXTERNALSYM IMPORT_SECURITY_CONTEXT_FN_A} {$IFDEF SSPI_UNICODE} IMPORT_SECURITY_CONTEXT_FN = IMPORT_SECURITY_CONTEXT_FN_W; {$ELSE} IMPORT_SECURITY_CONTEXT_FN = IMPORT_SECURITY_CONTEXT_FN_A; {$ENDIF} {$EXTERNALSYM IMPORT_SECURITY_CONTEXT_FN} /////////////////////////////////////////////////////////////////////////////// //// //// Fast access for RPC: //// /////////////////////////////////////////////////////////////////////////////// const SECURITY_ENTRYPOINT_ANSIW = 'InitSecurityInterfaceW'; {Do not Localize} {$EXTERNALSYM SECURITY_ENTRYPOINT_ANSIW} SECURITY_ENTRYPOINT_ANSIA = 'InitSecurityInterfaceA'; {Do not Localize} {$EXTERNALSYM SECURITY_ENTRYPOINT_ANSIA} SECURITY_ENTRYPOINTW = 'InitSecurityInterfaceW'; {Do not Localize} {$EXTERNALSYM SECURITY_ENTRYPOINTW} SECURITY_ENTRYPOINTA = 'InitSecurityInterfaceA'; {Do not Localize} {$EXTERNALSYM SECURITY_ENTRYPOINTA} SECURITY_ENTRYPOINT16 = 'INITSECURITYINTERFACEA'; {Do not Localize} {$EXTERNALSYM SECURITY_ENTRYPOINT16} {$IFDEF SSPI_UNICODE} SECURITY_ENTRYPOINT = SECURITY_ENTRYPOINTW; SECURITY_ENTRYPOINT_ANSI = SECURITY_ENTRYPOINTW; {$ELSE} SECURITY_ENTRYPOINT = SECURITY_ENTRYPOINTA; SECURITY_ENTRYPOINT_ANSI = SECURITY_ENTRYPOINTA; {$ENDIF} {$EXTERNALSYM SECURITY_ENTRYPOINT} {$EXTERNALSYM SECURITY_ENTRYPOINT_ANSI} type PSecurityFunctionTableW = ^SecurityFunctionTableW; {$EXTERNALSYM PSecurityFunctionTableW} SecurityFunctionTableW = record dwVersion: ULONG; EnumerateSecurityPackagesW: ENUMERATE_SECURITY_PACKAGES_FN_W; QueryCredentialsAttributesW: QUERY_CREDENTIALS_ATTRIBUTES_FN_W; AcquireCredentialsHandleW: ACQUIRE_CREDENTIALS_HANDLE_FN_W; FreeCredentialsHandle: FREE_CREDENTIALS_HANDLE_FN; Reserved2: PVOID; InitializeSecurityContextW: INITIALIZE_SECURITY_CONTEXT_FN_W; AcceptSecurityContext: ACCEPT_SECURITY_CONTEXT_FN; CompleteAuthToken: COMPLETE_AUTH_TOKEN_FN; DeleteSecurityContext: DELETE_SECURITY_CONTEXT_FN; ApplyControlToken: APPLY_CONTROL_TOKEN_FN; QueryContextAttributesW: QUERY_CONTEXT_ATTRIBUTES_FN_W; ImpersonateSecurityContext: IMPERSONATE_SECURITY_CONTEXT_FN; RevertSecurityContext: REVERT_SECURITY_CONTEXT_FN; MakeSignature: MAKE_SIGNATURE_FN; VerifySignature: VERIFY_SIGNATURE_FN; FreeContextBuffer: FREE_CONTEXT_BUFFER_FN; QuerySecurityPackageInfoW: QUERY_SECURITY_PACKAGE_INFO_FN_W; Reserved3: PVOID; Reserved4: PVOID; ExportSecurityContext: EXPORT_SECURITY_CONTEXT_FN; ImportSecurityContextW: IMPORT_SECURITY_CONTEXT_FN_W; AddCredentialsW: ADD_CREDENTIALS_FN_W; Reserved8: PVOID; QuerySecurityContextToken: QUERY_SECURITY_CONTEXT_TOKEN_FN; EncryptMessage: ENCRYPT_MESSAGE_FN; DecryptMessage: DECRYPT_MESSAGE_FN; // Fields below this are available in OSes after w2k SetContextAttributesW: SET_CONTEXT_ATTRIBUTES_FN_W; // Fields below this are available in OSes after W2k3SP1 SetCredentialsAttributesW: SET_CREDENTIALS_ATTRIBUTES_FN_W; ChangeAccountPasswordW: CHANGE_PASSWORD_FN_W; end; {$EXTERNALSYM SecurityFunctionTableW} PSecurityFunctionTableA = ^SecurityFunctionTableA; {$EXTERNALSYM PSecurityFunctionTableA} SecurityFunctionTableA = record dwVersion: ULONG; EnumerateSecurityPackagesA: ENUMERATE_SECURITY_PACKAGES_FN_A; QueryCredentialsAttributesA: QUERY_CREDENTIALS_ATTRIBUTES_FN_A; AcquireCredentialsHandleA: ACQUIRE_CREDENTIALS_HANDLE_FN_A; FreeCredentialsHandle: FREE_CREDENTIALS_HANDLE_FN; Reserved2: PVOID; InitializeSecurityContextA: INITIALIZE_SECURITY_CONTEXT_FN_A; AcceptSecurityContext: ACCEPT_SECURITY_CONTEXT_FN; CompleteAuthToken: COMPLETE_AUTH_TOKEN_FN; DeleteSecurityContext: DELETE_SECURITY_CONTEXT_FN; ApplyControlToken: APPLY_CONTROL_TOKEN_FN; QueryContextAttributesA: QUERY_CONTEXT_ATTRIBUTES_FN_A; ImpersonateSecurityContext: IMPERSONATE_SECURITY_CONTEXT_FN; RevertSecurityContext: REVERT_SECURITY_CONTEXT_FN; MakeSignature: MAKE_SIGNATURE_FN; VerifySignature: VERIFY_SIGNATURE_FN; FreeContextBuffer: FREE_CONTEXT_BUFFER_FN; QuerySecurityPackageInfoA: QUERY_SECURITY_PACKAGE_INFO_FN_A; Reserved3: PVOID; Reserved4: PVOID; ExportSecurityContext: EXPORT_SECURITY_CONTEXT_FN; ImportSecurityContextA: IMPORT_SECURITY_CONTEXT_FN_A; AddCredentialsA: ADD_CREDENTIALS_FN_A; Reserved8: PVOID; QuerySecurityContextToken: QUERY_SECURITY_CONTEXT_TOKEN_FN; EncryptMessage: ENCRYPT_MESSAGE_FN; DecryptMessage: DECRYPT_MESSAGE_FN; SetContextAttributesA: SET_CONTEXT_ATTRIBUTES_FN_A; SetCredentialsAttributesA: SET_CREDENTIALS_ATTRIBUTES_FN_A; ChangeAccountPasswordA: CHANGE_PASSWORD_FN_A; end; {$EXTERNALSYM SecurityFunctionTableA} {$IFDEF SSPI_UNICODE} SecurityFunctionTable = SecurityFunctionTableW; PSecurityFunctionTable = PSecurityFunctionTableW; {$ELSE} SecurityFunctionTable = SecurityFunctionTableA; PSecurityFunctionTable = PSecurityFunctionTableA; {$ENDIF} {$EXTERNALSYM SecurityFunctionTable} {$EXTERNALSYM PSecurityFunctionTable} const // Function table has all routines through DecryptMessage SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION = 1; {$EXTERNALSYM SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION} // Function table has all routines through SetContextAttributes SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 = 2; {$EXTERNALSYM SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2} // Function table has all routines through SetCredentialsAttributes SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_3 = 3; {$EXTERNALSYM SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_3} // Function table has all routines through ChangeAccountPassword SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_4 = 4; {$EXTERNALSYM SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_4} type INIT_SECURITY_INTERFACE_A = function // InitSecurityInterfaceA : PSecurityFunctionTableA; stdcall; {$EXTERNALSYM INIT_SECURITY_INTERFACE_A} INIT_SECURITY_INTERFACE_W = function // InitSecurityInterfaceW : PSecurityFunctionTableW; stdcall; {$EXTERNALSYM INIT_SECURITY_INTERFACE_W} {$IFDEF SSPI_UNICODE} INIT_SECURITY_INTERFACE = INIT_SECURITY_INTERFACE_W; {$ELSE} INIT_SECURITY_INTERFACE = INIT_SECURITY_INTERFACE_A; {$ENDIF} {$EXTERNALSYM INIT_SECURITY_INTERFACE} (* TODO // // SASL Profile Support // SECURITY_STATUS SEC_ENTRY SaslEnumerateProfilesA( OUT LPSTR * ProfileList, OUT ULONG * ProfileCount ); SECURITY_STATUS SEC_ENTRY SaslEnumerateProfilesW( OUT LPWSTR * ProfileList, OUT ULONG * ProfileCount ); #ifdef UNICODE #define SaslEnumerateProfiles SaslEnumerateProfilesW #else #define SaslEnumerateProfiles SaslEnumerateProfilesA #endif SECURITY_STATUS SEC_ENTRY SaslGetProfilePackageA( IN LPSTR ProfileName, OUT PSecPkgInfoA * PackageInfo ); SECURITY_STATUS SEC_ENTRY SaslGetProfilePackageW( IN LPWSTR ProfileName, OUT PSecPkgInfoW * PackageInfo ); #ifdef UNICODE #define SaslGetProfilePackage SaslGetProfilePackageW #else #define SaslGetProfilePackage SaslGetProfilePackageA #endif SECURITY_STATUS SEC_ENTRY SaslIdentifyPackageA( IN PSecBufferDesc pInput, OUT PSecPkgInfoA * PackageInfo ); SECURITY_STATUS SEC_ENTRY SaslIdentifyPackageW( IN PSecBufferDesc pInput, OUT PSecPkgInfoW * PackageInfo ); #ifdef UNICODE #define SaslIdentifyPackage SaslIdentifyPackageW #else #define SaslIdentifyPackage SaslIdentifyPackageA #endif SECURITY_STATUS SEC_ENTRY SaslInitializeSecurityContextW( PCredHandle phCredential, // Cred to base context PCtxtHandle phContext, // Existing context (OPT) LPWSTR pszTargetName, // Name of target unsigned long fContextReq, // Context Requirements unsigned long Reserved1, // Reserved, MBZ unsigned long TargetDataRep, // Data rep of target PSecBufferDesc pInput, // Input Buffers unsigned long Reserved2, // Reserved, MBZ PCtxtHandle phNewContext, // (out) New Context handle PSecBufferDesc pOutput, // (inout) Output Buffers unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs PTimeStamp ptsExpiry // (out) Life span (OPT) ); SECURITY_STATUS SEC_ENTRY SaslInitializeSecurityContextA( PCredHandle phCredential, // Cred to base context PCtxtHandle phContext, // Existing context (OPT) LPSTR pszTargetName, // Name of target unsigned long fContextReq, // Context Requirements unsigned long Reserved1, // Reserved, MBZ unsigned long TargetDataRep, // Data rep of target PSecBufferDesc pInput, // Input Buffers unsigned long Reserved2, // Reserved, MBZ PCtxtHandle phNewContext, // (out) New Context handle PSecBufferDesc pOutput, // (inout) Output Buffers unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs PTimeStamp ptsExpiry // (out) Life span (OPT) ); #ifdef UNICODE #define SaslInitializeSecurityContext SaslInitializeSecurityContextW #else #define SaslInitializeSecurityContext SaslInitializeSecurityContextA #endif SECURITY_STATUS SEC_ENTRY SaslAcceptSecurityContext( PCredHandle phCredential, // Cred to base context PCtxtHandle phContext, // Existing context (OPT) PSecBufferDesc pInput, // Input buffer unsigned long fContextReq, // Context Requirements unsigned long TargetDataRep, // Target Data Rep PCtxtHandle phNewContext, // (out) New context handle PSecBufferDesc pOutput, // (inout) Output buffers unsigned long SEC_FAR * pfContextAttr, // (out) Context attributes PTimeStamp ptsExpiry // (out) Life span (OPT) ); #define SASL_OPTION_SEND_SIZE 1 // Maximum size to send to peer #define SASL_OPTION_RECV_SIZE 2 // Maximum size willing to receive #define SASL_OPTION_AUTHZ_STRING 3 // Authorization string #define SASL_OPTION_AUTHZ_PROCESSING 4 // Authorization string processing typedef enum _SASL_AUTHZID_STATE { Sasl_AuthZIDForbidden, // allow no AuthZID strings to be specified - error out (default) Sasl_AuthZIDProcessed // AuthZID Strings processed by Application or SSP } SASL_AUTHZID_STATE ; SECURITY_STATUS SEC_ENTRY SaslSetContextOption( __in PCtxtHandle ContextHandle, __in ULONG Option, __in PVOID Value, __in ULONG Size ); SECURITY_STATUS SEC_ENTRY SaslGetContextOption( __in PCtxtHandle ContextHandle, __in ULONG Option, __out PVOID Value, __in ULONG Size, __out_opt PULONG Needed OPTIONAL ); *) // // This is the legacy credentials structure. // The EX version below is preferred. const SEC_WINNT_AUTH_IDENTITY_VERSION_2 = $201; {$EXTERNALSYM SEC_WINNT_AUTH_IDENTITY_VERSION_2} type PSEC_WINNT_AUTH_IDENTITY_EX2 = ^SEC_WINNT_AUTH_IDENTITY_EX2; {$EXTERNALSYM PSEC_WINNT_AUTH_IDENTITY_EX2} SEC_WINNT_AUTH_IDENTITY_EX2 = record Version: ULONG; // contains SEC_WINNT_AUTH_IDENTITY_VERSION_2 cbHeaderLength: USHORT; cbStructureLength: ULONG; UserOffset: ULONG; // Non-NULL terminated string, unicode only UserLength: USHORT; // # of bytes (NOT WCHARs), not including NULL. DomainOffset: ULONG; // Non-NULL terminated string, unicode only DomainLength: USHORT; // # of bytes (NOT WCHARs), not including NULL. PackedCredentialsOffset: ULONG; // Non-NULL terminated string, unicode only PackedCredentialsLength: USHORT; // # of bytes (NOT WCHARs), not including NULL. Flags: ULONG; PackageListOffset: ULONG; // Non-NULL terminated string, unicode only PackageListLength: USHORT; end; {$EXTERNALSYM SEC_WINNT_AUTH_IDENTITY_EX2} // // This was not defined in NTIFS.h for windows 2000 however // this struct has always been there and are safe to use // in windows 2000 and above. // const SEC_WINNT_AUTH_IDENTITY_ANSI = $1; {$EXTERNALSYM SEC_WINNT_AUTH_IDENTITY_ANSI} SEC_WINNT_AUTH_IDENTITY_UNICODE = $2; {$EXTERNALSYM SEC_WINNT_AUTH_IDENTITY_UNICODE} type PSEC_WINNT_AUTH_IDENTITY_W = ^SEC_WINNT_AUTH_IDENTITY_W; {$EXTERNALSYM PSEC_WINNT_AUTH_IDENTITY_W} SEC_WINNT_AUTH_IDENTITY_W = record User: PUSHORT; // Non-NULL terminated string. UserLength: ULONG; // # of characters (NOT bytes), not including NULL. Domain: PUSHORT; // Non-NULL terminated string. DomainLength: ULONG; // # of characters (NOT bytes), not including NULL. Password: PUSHORT; // Non-NULL terminated string. PasswordLength: ULONG; // # of characters (NOT bytes), not including NULL. Flags: ULONG; end; {$EXTERNALSYM SEC_WINNT_AUTH_IDENTITY_W} PSEC_WINNT_AUTH_IDENTITY_A = ^SEC_WINNT_AUTH_IDENTITY_A; {$EXTERNALSYM PSEC_WINNT_AUTH_IDENTITY_A} SEC_WINNT_AUTH_IDENTITY_A = record User: PUCHAR; // Non-NULL terminated string. UserLength: ULONG; // # of characters (NOT bytes), not including NULL. Domain: PUCHAR; // Non-NULL terminated string. DomainLength: ULONG; // # of characters (NOT bytes), not including NULL. Password: PUCHAR; // Non-NULL terminated string. PasswordLength: ULONG; // # of characters (NOT bytes), not including NULL. Flags: ULONG; end; {$EXTERNALSYM SEC_WINNT_AUTH_IDENTITY_A} {$IFDEF SSPI_UNICODE} SEC_WINNT_AUTH_IDENTITY = SEC_WINNT_AUTH_IDENTITY_W; PSEC_WINNT_AUTH_IDENTITY = PSEC_WINNT_AUTH_IDENTITY_W; {$ELSE} SEC_WINNT_AUTH_IDENTITY = SEC_WINNT_AUTH_IDENTITY_A; PSEC_WINNT_AUTH_IDENTITY = PSEC_WINNT_AUTH_IDENTITY_A; {$ENDIF} {$EXTERNALSYM SEC_WINNT_AUTH_IDENTITY} {$EXTERNALSYM PSEC_WINNT_AUTH_IDENTITY} // // This is the combined authentication identity structure that may be // used with the negotiate package, NTLM, Kerberos, or SCHANNEL // const SEC_WINNT_AUTH_IDENTITY_VERSION = $200; {$EXTERNALSYM SEC_WINNT_AUTH_IDENTITY_VERSION} type PSEC_WINNT_AUTH_IDENTITY_EXW = ^SEC_WINNT_AUTH_IDENTITY_EXW; {$EXTERNALSYM PSEC_WINNT_AUTH_IDENTITY_EXW} SEC_WINNT_AUTH_IDENTITY_EXW = record Version: ULONG; Length: ULONG; User: PUSHORT; UserLength: ULONG; Domain: PUSHORT; DomainLength: ULONG; Password: PUSHORT; PasswordLength: ULONG; Flags: ULONG; PackageList: PUSHORT; PackageListLength: ULONG; end; {$EXTERNALSYM SEC_WINNT_AUTH_IDENTITY_EXW} PSEC_WINNT_AUTH_IDENTITY_EXA = ^SEC_WINNT_AUTH_IDENTITY_EXA; {$EXTERNALSYM PSEC_WINNT_AUTH_IDENTITY_EXA} SEC_WINNT_AUTH_IDENTITY_EXA = record Version: ULONG; Length: ULONG; User: PUCHAR; UserLength: ULONG; Domain: PUCHAR; DomainLength: ULONG; Password: PUCHAR; PasswordLength: ULONG; Flags: ULONG; PackageList: PUCHAR; PackageListLength: ULONG; end; {$EXTERNALSYM SEC_WINNT_AUTH_IDENTITY_EXA} {$IFDEF SSPI_UNICODE} SEC_WINNT_AUTH_IDENTITY_EX = SEC_WINNT_AUTH_IDENTITY_EXW; {$ELSE} SEC_WINNT_AUTH_IDENTITY_EX = SEC_WINNT_AUTH_IDENTITY_EXA; {$ENDIF} {$EXTERNALSYM SEC_WINNT_AUTH_IDENTITY_EX} (* TODO // // the procedure for how to parse a SEC_WINNT_AUTH_IDENTITY_INFO structure: // // 1) First check the first DWORD of SEC_WINNT_AUTH_IDENTITY_INFO, if the first // DWORD is 0x200, it is either an AuthIdExw or AuthIdExA, otherwise if the first // DWORD is 0x201, the structure is an AuthIdEx2 structure. Otherwise the structure // is either an AuthId_a or an AuthId_w. // // 2) Secondly check the flags for SEC_WINNT_AUTH_IDENTITY_ANSI or // SEC_WINNT_AUTH_IDENTITY_UNICODE, the presence of the former means the structure // is an ANSI structure. Otherwise, the structure is the wide version. Note that // AuthIdEx2 does not have an ANSI version so this check does not apply to it. // typedef union _SEC_WINNT_AUTH_IDENTITY_INFO { SEC_WINNT_AUTH_IDENTITY_EXW AuthIdExw; SEC_WINNT_AUTH_IDENTITY_EXA AuthIdExa; SEC_WINNT_AUTH_IDENTITY_A AuthId_a; SEC_WINNT_AUTH_IDENTITY_W AuthId_w; SEC_WINNT_AUTH_IDENTITY_EX2 AuthIdEx2; } SEC_WINNT_AUTH_IDENTITY_INFO, *PSEC_WINNT_AUTH_IDENTITY_INFO; // the credential structure is encrypted via // RtlEncryptMemory(OptionFlags = 0) #define SEC_WINNT_AUTH_IDENTITY_FLAGS_PROCESS_ENCRYPTED 0x10 // the credential structure is protected by local system via // RtlEncryptMemory(OptionFlags = // IOCTL_KSEC_ENCRYPT_MEMORY_SAME_LOGON) #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SYSTEM_PROTECTED 0x20 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_RESERVED 0x10000 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_NULL_USER 0x20000 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_NULL_DOMAIN 0x40000 // // These bits are for communication between SspiPromptForCredentials() // and the credential providers. Do not use these bits for any other // purpose. // #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_USE_MASK 0xFF000000 // // Instructs the credential provider to not save credentials itself // when caller selects the "Remember my credential" checkbox. // #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_SAVE_CRED_BY_CALLER 0x80000000 // // State of the "Remember my credentials" checkbox. // When set, indicates checked; when cleared, indicates unchecked. // #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_SAVE_CRED_CHECKED 0x40000000 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_VALID_SSPIPFC_FLAGS \ (SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_SAVE_CRED_BY_CALLER | \ SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_SAVE_CRED_CHECKED) #endif // _AUTH_IDENTITY_INFO_DEFINED #ifndef _SSPIPFC_NONE_ // the public view // begin_ntifs typedef PVOID PSEC_WINNT_AUTH_IDENTITY_OPAQUE; // the credential structure is opaque // end_ntifs #else // the internal view typedef PSEC_WINNT_AUTH_IDENTITY_INFO PSEC_WINNT_AUTH_IDENTITY_OPAQUE; #endif // _SSPIPFC_NONE_ // // dwFlags parameter of SspiPromptForCredentials(): // // // Indicates that the credentials should not be saved if // the user selects the 'save' (or 'remember my password') // checkbox in the credential dialog box. The location pointed // to by the pfSave parameter indicates whether or not the user // selected the checkbox. // // Note that some credential providers won't honour this flag and // may save the credentials in a persistent manner anyway if the // user selects the 'save' checbox. // #define SSPIPFC_SAVE_CRED_BY_CALLER 0x00000001 #define SSPIPFC_VALID_FLAGS (SSPIPFC_SAVE_CRED_BY_CALLER) #ifndef _SSPIPFC_NONE_ // the public view // Use SspiFreeAuthIdentity() to free the buffer returned // in ppAuthIdentity. unsigned long SEC_ENTRY SspiPromptForCredentialsW( __in PCWSTR pszTargetName, #ifdef _CREDUI_INFO_DEFINED __in_opt PCREDUI_INFOW pUiInfo, #else __in_opt PVOID pUiInfo, #endif // _CREDUI_INFO_DEFINED __in unsigned long dwAuthError, __in PCWSTR pszPackage, __in_opt PSEC_WINNT_AUTH_IDENTITY_OPAQUE pInputAuthIdentity, __deref_out PSEC_WINNT_AUTH_IDENTITY_OPAQUE* ppAuthIdentity, __inout_opt int* pfSave, __in unsigned long dwFlags ); // Use SspiFreeAuthIdentity() to free the buffer returned // in ppAuthIdentity. unsigned long SEC_ENTRY SspiPromptForCredentialsA( __in PCSTR pszTargetName, #ifdef _CREDUI_INFO_DEFINED __in_opt PCREDUI_INFOA pUiInfo, #else __in_opt PVOID pUiInfo, #endif // _CREDUI_INFO_DEFINED __in unsigned long dwAuthError, __in PCSTR pszPackage, __in_opt PSEC_WINNT_AUTH_IDENTITY_OPAQUE pInputAuthIdentity, __deref_out PSEC_WINNT_AUTH_IDENTITY_OPAQUE* ppAuthIdentity, __inout_opt int* pfSave, __in unsigned long dwFlags ); #endif // _SSPIPFC_NONE_ #ifdef UNICODE #define SspiPromptForCredentials SspiPromptForCredentialsW #else #define SspiPromptForCredentials SspiPromptForCredentialsA #endif #ifdef _SEC_WINNT_AUTH_TYPES typedef struct _SEC_WINNT_AUTH_BYTE_VECTOR { unsigned long ByteArrayOffset; // each element is a byte unsigned short ByteArrayLength; // } SEC_WINNT_AUTH_BYTE_VECTOR, *PSEC_WINNT_AUTH_BYTE_VECTOR; typedef struct _SEC_WINNT_AUTH_DATA { GUID CredType; SEC_WINNT_AUTH_BYTE_VECTOR CredData; } SEC_WINNT_AUTH_DATA, *PSEC_WINNT_AUTH_DATA; typedef struct _SEC_WINNT_AUTH_PACKED_CREDENTIALS { unsigned short cbHeaderLength; // the length of the header unsigned short cbStructureLength; // pay load length including the header SEC_WINNT_AUTH_DATA AuthData; } SEC_WINNT_AUTH_PACKED_CREDENTIALS, *PSEC_WINNT_AUTH_PACKED_CREDENTIALS; // {28BFC32F-10F6-4738-98D1-1AC061DF716A} static const GUID SEC_WINNT_AUTH_DATA_TYPE_PASSWORD = { 0x28bfc32f, 0x10f6, 0x4738, { 0x98, 0xd1, 0x1a, 0xc0, 0x61, 0xdf, 0x71, 0x6a } }; // {235F69AD-73FB-4dbc-8203-0629E739339B} static const GUID SEC_WINNT_AUTH_DATA_TYPE_CERT = { 0x235f69ad, 0x73fb, 0x4dbc, { 0x82, 0x3, 0x6, 0x29, 0xe7, 0x39, 0x33, 0x9b } }; typedef struct _SEC_WINNT_AUTH_DATA_PASSWORD { SEC_WINNT_AUTH_BYTE_VECTOR UnicodePassword; } SEC_WINNT_AUTH_DATA_PASSWORD, PSEC_WINNT_AUTH_DATA_PASSWORD; // // smartcard cred data // // {68FD9879-079C-4dfe-8281-578AADC1C100} static const GUID SEC_WINNT_AUTH_DATA_TYPE_CSP_DATA = { 0x68fd9879, 0x79c, 0x4dfe, { 0x82, 0x81, 0x57, 0x8a, 0xad, 0xc1, 0xc1, 0x0 } }; typedef struct _SEC_WINNT_AUTH_CERTIFICATE_DATA { unsigned short cbHeaderLength; unsigned short cbStructureLength; SEC_WINNT_AUTH_BYTE_VECTOR Certificate; } SEC_WINNT_AUTH_CERTIFICATE_DATA, *PSEC_WINNT_AUTH_CERTIFICATE_DATA; typedef struct _SEC_WINNT_CREDUI_CONTEXT_VECTOR { ULONG CredUIContextArrayOffset; // offset starts at the beginning of // this structure, and each element is a SEC_WINNT_AUTH_BYTE_VECTOR that // describes the flat CredUI context returned by SpGetCredUIContext() USHORT CredUIContextCount; } SEC_WINNT_CREDUI_CONTEXT_VECTOR, *PSEC_WINNT_CREDUI_CONTEXT_VECTOR; typedef struct _SEC_WINNT_AUTH_SHORT_VECTOR { ULONG ShortArrayOffset; // each element is a short USHORT ShortArrayCount; // number of characters } SEC_WINNT_AUTH_SHORT_VECTOR, *PSEC_WINNT_AUTH_SHORT_VECTOR; // free the returned memory using SspiLocalFree SECURITY_STATUS SEC_ENTRY SspiGetCredUIContext( __in HANDLE ContextHandle, __in GUID* CredType, __in_opt LUID* LogonId, // use this LogonId, the caller must be localsystem to supply a logon id __deref_out PSEC_WINNT_CREDUI_CONTEXT_VECTOR* CredUIContexts, __out_opt HANDLE* TokenHandle ); SECURITY_STATUS SEC_ENTRY SspiUpdateCredentials( __in HANDLE ContextHandle, __in GUID* CredType, __in ULONG FlatCredUIContextLength, __in_bcount(FlatCredUIContextLength) PUCHAR FlatCredUIContext ); typedef struct _CREDUIWIN_MARSHALED_CONTEXT { GUID StructureType; USHORT cbHeaderLength; LUID LogonId; // user's logon id GUID MarshaledDataType; ULONG MarshaledDataOffset; USHORT MarshaledDataLength; } CREDUIWIN_MARSHALED_CONTEXT, *PCREDUIWIN_MARSHALED_CONTEXT; typedef struct _SEC_WINNT_CREDUI_CONTEXT { USHORT cbHeaderLength; HANDLE CredUIContextHandle; // the handle to call SspiGetCredUIContext() #ifdef _CREDUI_INFO_DEFINED PCREDUI_INFOW UIInfo; // input from SspiPromptForCredentials() #else PVOID UIInfo; #endif // _CREDUI_INFO_DEFINED ULONG dwAuthError; // the authentication error PSEC_WINNT_AUTH_IDENTITY_OPAQUE pInputAuthIdentity; PUNICODE_STRING TargetName; } SEC_WINNT_CREDUI_CONTEXT, *PSEC_WINNT_CREDUI_CONTEXT; // {3C3E93D9-D96B-49b5-94A7-458592088337} static const GUID CREDUIWIN_STRUCTURE_TYPE_SSPIPFC = { 0x3c3e93d9, 0xd96b, 0x49b5, { 0x94, 0xa7, 0x45, 0x85, 0x92, 0x8, 0x83, 0x37 } }; // {C2FFFE6F-503D-4c3d-A95E-BCE821213D44} static const GUID SSPIPFC_STRUCTURE_TYPE_CREDUI_CONTEXT = { 0xc2fffe6f, 0x503d, 0x4c3d, { 0xa9, 0x5e, 0xbc, 0xe8, 0x21, 0x21, 0x3d, 0x44 } }; typedef struct _SEC_WINNT_AUTH_PACKED_CREDENTIALS_EX { unsigned short cbHeaderLength; unsigned long Flags; // contains the Flags field in // SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_BYTE_VECTOR PackedCredentials; SEC_WINNT_AUTH_SHORT_VECTOR PackageList; } SEC_WINNT_AUTH_PACKED_CREDENTIALS_EX, *PSEC_WINNT_AUTH_PACKED_CREDENTIALS_EX; // // free the returned memory using SspiLocalFree // SECURITY_STATUS SEC_ENTRY SspiUnmarshalCredUIContext( __in_bcount(MarshaledCredUIContextLength) PUCHAR MarshaledCredUIContext, __in ULONG MarshaledCredUIContextLength, __deref_out PSEC_WINNT_CREDUI_CONTEXT* CredUIContext ); #endif // _SEC_WINNT_AUTH_TYPES SECURITY_STATUS SEC_ENTRY SspiPrepareForCredRead( __in PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity, __in PCWSTR pszTargetName, __out PULONG pCredmanCredentialType, __deref_out PCWSTR* ppszCredmanTargetName ); SECURITY_STATUS SEC_ENTRY SspiPrepareForCredWrite( __in PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity, __in_opt PCWSTR pszTargetName, // supply NULL for username-target credentials __out PULONG pCredmanCredentialType, __deref_out PCWSTR* ppszCredmanTargetName, __deref_out PCWSTR* ppszCredmanUserName, __deref_out_bcount(*pCredentialBlobSize) PUCHAR *ppCredentialBlob, __out PULONG pCredentialBlobSize ); SECURITY_STATUS SEC_ENTRY SspiEncryptAuthIdentity( __inout PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData ); SECURITY_STATUS SEC_ENTRY SspiDecryptAuthIdentity( __inout PSEC_WINNT_AUTH_IDENTITY_OPAQUE EncryptedAuthData ); BOOLEAN SEC_ENTRY SspiIsAuthIdentityEncrypted( __in PSEC_WINNT_AUTH_IDENTITY_OPAQUE EncryptedAuthData ); // begin_ntifs #if (NTDDI_VERSION >= NTDDI_WIN7) // // Convert the _OPAQUE structure passed in to the // 3 tuple . // // Note: The 'strings' returned need not necessarily be // in user recognisable form. The purpose of this API // is to 'flatten' the _OPAQUE structure into the 3 tuple. // User recognisable can always be // obtained by passing NULL to the pszPackedCredentialsString // parameter. // // zero out the pszPackedCredentialsString then // free the returned memory using SspiLocalFree() // SECURITY_STATUS SEC_ENTRY SspiEncodeAuthIdentityAsStrings( __in PSEC_WINNT_AUTH_IDENTITY_OPAQUE pAuthIdentity, __deref_out_opt PCWSTR* ppszUserName, __deref_out_opt PCWSTR* ppszDomainName, __deref_opt_out_opt PCWSTR* ppszPackedCredentialsString ); SECURITY_STATUS SEC_ENTRY SspiValidateAuthIdentity( __in PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData ); // // free the returned memory using SspiFreeAuthIdentity() // SECURITY_STATUS SEC_ENTRY SspiCopyAuthIdentity( __in PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData, __deref_out PSEC_WINNT_AUTH_IDENTITY_OPAQUE* AuthDataCopy ); // // use only for the memory returned by SspiCopyAuthIdentity(). // Internally calls SspiZeroAuthIdentity(). // VOID SEC_ENTRY SspiFreeAuthIdentity( __in_opt PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData ); VOID SEC_ENTRY SspiZeroAuthIdentity( __in_opt PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData ); VOID SEC_ENTRY SspiLocalFree( __in_opt PVOID DataBuffer ); // // call SspiFreeAuthIdentity to free the returned AuthIdentity // which zeroes out the credentials blob before freeing it // SECURITY_STATUS SEC_ENTRY SspiEncodeStringsAsAuthIdentity( __in_opt PCWSTR pszUserName, __in_opt PCWSTR pszDomainName, __in_opt PCWSTR pszPackedCredentialsString, __deref_out PSEC_WINNT_AUTH_IDENTITY_OPAQUE* ppAuthIdentity ); SECURITY_STATUS SEC_ENTRY SspiCompareAuthIdentities( __in_opt PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity1, __in_opt PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity2, __out_opt PBOOLEAN SameSuppliedUser, __out_opt PBOOLEAN SameSuppliedIdentity ); // // zero out the returned AuthIdentityByteArray then // free the returned memory using SspiLocalFree() // SECURITY_STATUS SEC_ENTRY SspiMarshalAuthIdentity( __in PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity, __out unsigned long* AuthIdentityLength, __deref_out_bcount(*AuthIdentityLength) char** AuthIdentityByteArray ); // // free the returned auth identity using SspiFreeAuthIdentity() // SECURITY_STATUS SEC_ENTRY SspiUnmarshalAuthIdentity( __in unsigned long AuthIdentityLength, __in_bcount(AuthIdentityLength) char* AuthIdentityByteArray, __deref_out PSEC_WINNT_AUTH_IDENTITY_OPAQUE* ppAuthIdentity ); BOOLEAN SEC_ENTRY SspiIsPromptingNeeded( __in unsigned long ErrorOrNtStatus ); SECURITY_STATUS SEC_ENTRY SspiGetTargetHostName( __in PCWSTR pszTargetName, __deref_out PWSTR* pszHostName ); SECURITY_STATUS SEC_ENTRY SspiExcludePackage( __in_opt PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity, __in PCWSTR pszPackageName, __deref_out PSEC_WINNT_AUTH_IDENTITY_OPAQUE* ppNewAuthIdentity ); *) // // Common types used by negotiable security packages // const SEC_WINNT_AUTH_IDENTITY_MARSHALLED = $4; // all data is in one buffer {$EXTERNALSYM SEC_WINNT_AUTH_IDENTITY_MARSHALLED} SEC_WINNT_AUTH_IDENTITY_ONLY = $8; // these credentials are for identity only - no PAC needed {$EXTERNALSYM SEC_WINNT_AUTH_IDENTITY_ONLY} (* TODO // // Routines for manipulating packages // typedef struct _SECURITY_PACKAGE_OPTIONS { unsigned long Size; unsigned long Type; unsigned long Flags; unsigned long SignatureSize; void SEC_FAR * Signature; } SECURITY_PACKAGE_OPTIONS, SEC_FAR * PSECURITY_PACKAGE_OPTIONS; #define SECPKG_OPTIONS_TYPE_UNKNOWN 0 #define SECPKG_OPTIONS_TYPE_LSA 1 #define SECPKG_OPTIONS_TYPE_SSPI 2 #define SECPKG_OPTIONS_PERMANENT 0x00000001 SECURITY_STATUS SEC_ENTRY AddSecurityPackageA( SEC_CHAR SEC_FAR * pszPackageName, SECURITY_PACKAGE_OPTIONS SEC_FAR * Options ); SECURITY_STATUS SEC_ENTRY AddSecurityPackageW( SEC_WCHAR SEC_FAR * pszPackageName, SECURITY_PACKAGE_OPTIONS SEC_FAR * Options ); #ifdef UNICODE #define AddSecurityPackage AddSecurityPackageW #else #define AddSecurityPackage AddSecurityPackageA #endif SECURITY_STATUS SEC_ENTRY DeleteSecurityPackageA( SEC_CHAR SEC_FAR * pszPackageName ); SECURITY_STATUS SEC_ENTRY DeleteSecurityPackageW( SEC_WCHAR SEC_FAR * pszPackageName ); #ifdef UNICODE #define DeleteSecurityPackage DeleteSecurityPackageW #else #define DeleteSecurityPackage DeleteSecurityPackageA #endif //+----------------------------------------------------------------------- // // Microsoft Windows // // Copyright (c) Microsoft Corporation 1991-1999 // // File: secext.h // // Contents: Security function prototypes for functions not part of // the SSPI interface. This file should not be directly // included - include security.h instead. // // // History: 22 Dec 92 RichardW Created // //------------------------------------------------------------------------ // // Extended Name APIs for ADS // typedef enum { // Examples for the following formats assume a fictitous company // which hooks into the global X.500 and DNS name spaces as follows. // // Enterprise root domain in DNS is // // widget.com // // Enterprise root domain in X.500 (RFC 1779 format) is // // O=Widget, C=US // // There exists the child domain // // engineering.widget.com // // equivalent to // // OU=Engineering, O=Widget, C=US // // There exists a container within the Engineering domain // // OU=Software, OU=Engineering, O=Widget, C=US // // There exists the user // // CN=John Doe, OU=Software, OU=Engineering, O=Widget, C=US // // And this user's downlevel (pre-ADS) user name is {Do not Localize} // // Engineering\JohnDoe // unknown name type NameUnknown = 0, // CN=John Doe, OU=Software, OU=Engineering, O=Widget, C=US NameFullyQualifiedDN = 1, // Engineering\JohnDoe NameSamCompatible = 2, // Probably "John Doe" but could be something else. I.e. The // display name is not necessarily the defining RDN. NameDisplay = 3, // String-ized GUID as returned by IIDFromString(). // eg: {4fa050f0-f561-11cf-bdd9-00aa003a77b6} NameUniqueId = 6, // engineering.widget.com/software/John Doe NameCanonical = 7, // johndoe@engineering.com NameUserPrincipal = 8, // Same as NameCanonical except that rightmost '/' is {Do not Localize} // replaced with '\n' - even in domain-only case. {Do not Localize} // eg: engineering.widget.com/software\nJohn Doe NameCanonicalEx = 9, // www/srv.engineering.com/engineering.com NameServicePrincipal = 10 } EXTENDED_NAME_FORMAT, * PEXTENDED_NAME_FORMAT ; BOOLEAN SEC_ENTRY GetUserNameExA( EXTENDED_NAME_FORMAT NameFormat, LPSTR lpNameBuffer, PULONG nSize ); BOOLEAN SEC_ENTRY GetUserNameExW( EXTENDED_NAME_FORMAT NameFormat, LPWSTR lpNameBuffer, PULONG nSize ); #ifdef UNICODE #define GetUserNameEx GetUserNameExW #else #define GetUserNameEx GetUserNameExA #endif BOOLEAN SEC_ENTRY GetComputerObjectNameA( EXTENDED_NAME_FORMAT NameFormat, LPSTR lpNameBuffer, PULONG nSize ); BOOLEAN SEC_ENTRY GetComputerObjectNameW( EXTENDED_NAME_FORMAT NameFormat, LPWSTR lpNameBuffer, PULONG nSize ); #ifdef UNICODE #define GetComputerObjectName GetComputerObjectNameW #else #define GetComputerObjectName GetComputerObjectNameA #endif BOOLEAN SEC_ENTRY TranslateNameA( LPCSTR lpAccountName, EXTENDED_NAME_FORMAT AccountNameFormat, EXTENDED_NAME_FORMAT DesiredNameFormat, LPSTR lpTranslatedName, PULONG nSize ); BOOLEAN SEC_ENTRY TranslateNameW( LPCWSTR lpAccountName, EXTENDED_NAME_FORMAT AccountNameFormat, EXTENDED_NAME_FORMAT DesiredNameFormat, LPWSTR lpTranslatedName, PULONG nSize ); #ifdef UNICODE #define TranslateName TranslateNameW #else #define TranslateName TranslateNameA #endif *) implementation procedure SecInvalidateHandle(var x: SecHandle); begin x.dwLower := PtrUInt(-1); x.dwUpper := PtrUInt(-1); end; function SecIsValidHandle(x : SecHandle) : Boolean; begin // RLebeau: workaround for a bug in D2009. Comparing PtrUInt values does not always work correctly. // Sometimes it causes "W1023 Comparing signed and unsigned types" warnings, other times it causes // "F2084 Internal Error: C12079" errors {$IFDEF VCL_2009} Result := (Integer(x.dwLower) <> Integer(PtrUInt(-1))) and (Integer(x.dwUpper) <> Integer(PtrUInt(-1))); {$ELSE} Result := (x.dwLower <> PtrUInt(-1)) and (x.dwUpper <> PtrUInt(-1)); {$ENDIF} end; function SEC_SUCCESS(Status: SECURITY_STATUS): Boolean; begin Result := Status >= 0; end; end.