Attribute VB_Name = "KerbLsaModule"
Option Explicit
Option Base 0
' From the book "Managing Enterprise Active Directory Services"
' ISBN: 0-672-32125-4
Public Const STATUS_SUCCESS = 0&
Public Const MICROSOFT_KERBEROS_NAME_A = "Kerberos"
Public Const ANYSIZE_ARRAY = 20
Public Const ERROR_INSUFFICIENT_BUFFER = 122
Public Const TokenUser = 1
Public Const TokenGroups = 2
Public Const TokenPrivileges = 3
Public Const TokenOwner = 4
Public Const TokenPrimaryGroup = 5
Public Const TokenDefaultDacl = 6
Public Const TokenSource = 7
Public Const TokenType = 8
Public Const TokenImpersonationLevel = 9
Public Const TokenStatistics = 10
Public Const SecurityAnonymous = 0
Public Const SecurityIdentification = 1
Public Const SecurityImpersonation = 2
Public Const TOKEN_ADJUST_PRIVILEGES = &H20
Public Const TOKEN_QUERY = &H8
Public Const SE_PRIVILEGE_ENABLED = &H2
Public Const TOKEN_ASSIGN_PRIMARY = &H1
Public Const TOKEN_DUPLICATE = &H2
Public Const TOKEN_IMPERSONATE = &H4
Public Const TOKEN_QUERY_SOURCE = &H10
Public Const TOKEN_ADJUST_GROUPS = &H40
Public Const TOKEN_ADJUST_DEFAULT = &H80
Public Const SECURITY_DIALUP_RID = &H1
Public Const SECURITY_NETWORK_RID = &H2
Public Const SECURITY_BATCH_RID = &H3
Public Const SECURITY_INTERACTIVE_RID = &H4
Public Const SECURITY_SERVICE_RID = &H6
Public Const SECURITY_ANONYMOUS_LOGON_RID = &H7
Public Const SECURITY_LOGON_IDS_RID = &H5
Public Const SECURITY_LOCAL_SYSTEM_RID = &H12
Public Const SECURITY_NT_NON_UNIQUE = &H15
Public Const SECURITY_BUILTIN_DOMAIN_RID = &H20
Public Const DOMAIN_ALIAS_RID_ADMINS = &H220
Public Const DOMAIN_ALIAS_RID_USERS = &H221
Public Const DOMAIN_ALIAS_RID_GUESTS = &H222
Public Const DOMAIN_ALIAS_RID_POWER_USERS = &H223
Public Const DOMAIN_ALIAS_RID_ACCOUNT_OPS = &H224
Public Const DOMAIN_ALIAS_RID_SYSTEM_OPS = &H225
Public Const DOMAIN_ALIAS_RID_PRINT_OPS = &H226
Public Const DOMAIN_ALIAS_RID_BACKUP_OPS = &H227
Public Const DOMAIN_ALIAS_RID_REPLICATOR = &H228
Public Const SECURITY_NT_AUTHORITY = &H5
Public Const TIME_ZONE_ID_INVALID = &HFFFFFFFF
Public Const TIME_ZONE_ID_UNKNOWN = 0
Public Const TIME_ZONE_ID_STANDARD = 1
Public Const TIME_ZONE_ID_DAYLIGHT = 2
'// Encryption Types:
'// These encryption types are supported by the default MS KERBSUPP DLL as crypto
'// systems. Values over 127 are local values, and may be changed without notice.
'//
'#define KERB_ETYPE_NULL 0
'#define KERB_ETYPE_DES_CBC_CRC 1
'#define KERB_ETYPE_DES_CBC_MD4 2
'#define KERB_ETYPE_DES_CBC_MD5 3
'#define KERB_ETYPE_RC4_MD4 -128 // FFFFFF80
'#define KERB_ETYPE_RC4_PLAIN2 -129
'#define KERB_ETYPE_RC4_LM -130
'#define KERB_ETYPE_RC4_SHA -131
'#define KERB_ETYPE_DES_PLAIN -132
'#define KERB_ETYPE_RC4_HMAC_OLD -133 // FFFFFF7B
'#define KERB_ETYPE_RC4_PLAIN_OLD -134
'#define KERB_ETYPE_RC4_HMAC_OLD_EXP -135
'#define KERB_ETYPE_RC4_PLAIN_OLD_EXP -136
'#define KERB_ETYPE_RC4_PLAIN -140
'#define KERB_ETYPE_RC4_PLAIN_EXP -141
'//
'// Deprecated
'//
'#define KERB_ETYPE_DSA_SIGN 8
'#define KERB_ETYPE_RSA_PRIV 9
'#define KERB_ETYPE_RSA_PUB 10
'#define KERB_ETYPE_RSA_PUB_MD5 11
'#define KERB_ETYPE_RSA_PUB_SHA1 12
'#define KERB_ETYPE_PKCS7_PUB 13
'//
'// In use types
'//
'#define KERB_ETYPE_DES_CBC_MD5_NT 20
'#define KERB_ETYPE_RC4_HMAC_NT 23
'#define KERB_ETYPE_RC4_HMAC_NT_EXP 24
Public Const KERB_ETYPE_NULL = 0
Public Const KERB_ETYPE_DES_CBC_CRC = 1
Public Const KERB_ETYPE_DES_CBC_MD4 = 2
Public Const KERB_ETYPE_DES_CBC_MD5 = 3
Public Const KERB_ETYPE_RC4_MD4 = -128
Public Const KERB_ETYPE_RC4_PLAIN2 = -129
Public Const KERB_ETYPE_RC4_LM = -130
Public Const KERB_ETYPE_RC4_SHA = -131
Public Const KERB_ETYPE_DES_PLAIN = -132
Public Const KERB_ETYPE_RC4_HMAC_OLD = -133
Public Const KERB_ETYPE_RC4_PLAIN_OLD = -134
Public Const KERB_ETYPE_RC4_HMAC_OLD_EXP = -135
Public Const KERB_ETYPE_RC4_PLAIN_OLD_EXP = -136
Public Const KERB_ETYPE_RC4_PLAIN = -140
Public Const KERB_ETYPE_RC4_PLAIN_EXP = -141
Public Const KERB_ETYPE_DSA_SIGN = 8
Public Const KERB_ETYPE_RSA_PRIV = 9
Public Const KERB_ETYPE_RSA_PUB = 10
Public Const KERB_ETYPE_RSA_PUB_MD5 = 11
Public Const KERB_ETYPE_RSA_PUB_SHA1 = 12
Public Const KERB_ETYPE_PKCS7_PUB = 13
Public Const KERB_ETYPE_DES_CBC_MD5_NT = 20
Public Const KERB_ETYPE_RC4_HMAC_NT = 23
Public Const KERB_ETYPE_RC4_HMAC_NT_EXP = 24
' KERB_TICKET_FLAGS_renewable (0x00800000) The ticket is renewable. If this flag is set, the time limit
' for renewing the ticket is set in RenewTime. A renewable ticket can be used to obtain a replacement ticket
' that expires at a later date.
Public Const KERB_TICKET_FLAGS_renewable = &H800000
' KERB_TICKET_FLAGS_initial (0x00400000) The ticket was issued using the Authentication Service protocol
' instead of being based on a ticket-granting ticket.
Public Const KERB_TICKET_FLAGS_initial = &H400000
' KERB_TICKET_FLAGS_invalid (0x01000000) The ticket is invalid.
Public Const KERB_TICKET_FLAGS_invalid = &H1000000
' KERB_TICKET_FLAGS_reserved (0x80000000) Reserved for future use. Do not set this flag.
Public Const KERB_TICKET_FLAGS_reserved = &H80000000
' KERB_TICKET_FLAGS_forwardable (0x40000000) Indicates to the ticket-granting server that it can issue a new
' ticket- granting ticket with a different network address based on the presented ticket.
Public Const KERB_TICKET_FLAGS_forwardable = &H40000000
' KERB_TICKET_FLAGS_forwarded (0x20000000) The ticket has either been forwarded or was issued based on
' authentication involving a forwarded ticket-granting ticket.
Public Const KERB_TICKET_FLAGS_forwarded = &H20000000
' KERB_TICKET_FLAGS_proxiable (0x10000000) Indicates to the ticket-granting server that only
' non-ticket-granting tickets may be issued based on this ticket but with a different network addresses.
Public Const KERB_TICKET_FLAGS_proxiable = &H10000000
' KERB_TICKET_FLAGS_proxy (0x08000000) The ticket is a proxy.
Public Const KERB_TICKET_FLAGS_proxy = &H8000000
' KERB_TICKET_FLAGS_may_postdate (0x04000000) Indicates to the ticket-granting server that a postdated ticket
' may be issued based on this ticket-granting ticket.
Public Const KERB_TICKET_FLAGS_may_postdate = &H4000000
' KERB_TICKET_FLAGS_postdated (0x02000000) The ticket has been postdated. The end-service can check the
' ticket 's authtime member to see when the original authentication occurred.
Public Const KERB_TICKET_FLAGS_postdated = &H2000000
' KERB_TICKET_FLAGS_pre_authent (0x00200000) During initial authentication, the client was authenticated by
' the KDC before a ticket was issued. The strength of the preauthentication method is not indicated, but is
' acceptable to the KDC.
Public Const KERB_TICKET_FLAGS_pre_authent = &H200000
' KERB_TICKET_FLAGS_hw_authent (0x00100000) The protocol employed for initial authentication required the use
' of hardware expected to be possessed solely by the named client. The hardware authentication method is
' selected by the KDC and the strength of the method is not indicated.
Public Const KERB_TICKET_FLAGS_hw_authent = &H100000
' KERB_TICKET_FLAGS_ok_as_delegate (0x00040000) The target of the ticket is trusted by the directory service
' for delegation. Thus, clients may delegate their credentials to the server, which lets the server act as the
' client when talking to other services.
Public Const KERB_TICKET_FLAGS_ok_as_delegate = &H40000
' KERB_TICKET_FLAGS_reserved1 (0x00000001) Reserved.
Public Const KERB_TICKET_FLAGS_reserved1 = &H1
'typedef enum _SECURITY_LOGON_TYPE {
' Interactive = 2, // Interactively logged on (locally or remotely)
' Network, // Accessing system via network
' Batch, // Started via a batch queue
' Service, // Service started by service controller
' Proxy, // Proxy logon
' Unlock, // Unlock workstation
' NetworkCleartext, // Network logon with cleartext credentials
' NewCredentials, // Clone caller, new default credentials
' RemoteInteractive, // Remote, yet interactive. Terminal server
' CachedInteractive // Try cached credentials without hitting the net.
'} SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
Public Enum SECURITY_LOGON_TYPE
Interactive = 2& '// Interactively logged on (locally or remotely)
Network = 3& '// Accessing system via network
Batch = 4& '// Started via a batch queue
Service = 5& '// Service started by service controller
Proxy = 6& '// Proxy logon
lUnlock = 7& '// Unlock workstation
NetworkCleartext = 8& '// Network logon with cleartext credentials
NewCredentials = 9& '// Clone caller, new default credentials
RemoteInteractive = 10& '// Remote, yet interactive. Terminal server
CachedInteractive = 11& '// Try cached credentials without hitting the net.
End Enum
Public Type LUID
Low32BitPart As Long
High32BitPart As Long
End Type
Public Type TOKEN_PRIVILEGES
PrivilegeCount As Long
TheLuid As LUID
Attributes As Long
End Type
Public Type SID_AND_ATTRIBUTES
pSid As Long
Attributes As Long
End Type
Public Type TOKEN_USER
User As SID_AND_ATTRIBUTES
End Type
Public Type TOKEN_GROUPS
GroupCount As Long
Groups(ANYSIZE_ARRAY) As SID_AND_ATTRIBUTES
End Type
Public Type SID_IDENTIFIER_AUTHORITY
Value(0 To 5) As Byte
End Type
Public Enum KERB_PROTOCOL_MESSAGE_TYPE
KerbDebugRequestMessage = 0&
KerbQueryTicketCacheMessage = 1&
KerbChangeMachinePasswordMessage = 2&
KerbVerifyPacMessage = 3&
KerbRetrieveTicketMessage = 4&
KerbUpdateAddressesMessage = 5&
KerbPurgeTicketCacheMessage = 6&
KerbChangePasswordMessage = 7&
KerbRetrieveEncodedTicketMessage = 8&
KerbDecryptDataMessage = 9&
KerbAddBindingCacheEntryMessage = 10&
KerbSetPasswordMessage = 11&
End Enum
Public Type LSA_STRING
Length As Integer
MaximumLength As Integer
buffer As String
End Type
Public Type LSA_UNICODE_STRING
Length As Integer
MaximumLength As Integer
buffer As Long
End Type
Public Type UNICODE_STRING
Length As Integer
MaximumLength As Integer
buffer As Long
End Type
Public Type LARGE_INTEGER
lowpart As Long
highpart As Long
End Type
Public Type FILETIME
dwLowDateTime As Long
dwHighDateTime As Long
End Type
Public Type SYSTEMTIME
wYear As Integer
wMonth As Integer
wDayOfWeek As Integer
wDay As Integer
wHour As Integer
wMinute As Integer
wSecond As Integer
wMilliseconds As Integer
End Type
Public Type TIME_ZONE_INFORMATION
Bias As Long
StandardName(0 To 63) As Byte
StandardDate As SYSTEMTIME
StandardBias As Long
DaylightName(0 To 63) As Byte
DaylightDate As SYSTEMTIME
DaylightBias As Long
End Type
'typedef struct _SECURITY_LOGON_SESSION_DATA {
' ULONG Size;
' LUID LogonId;
' LSA_UNICODE_STRING UserName;
' LSA_UNICODE_STRING LogonDomain;
' LSA_UNICODE_STRING AuthenticationPackage;
' ULONG LogonType;
' ULONG Session;
' PSID Sid;
' LARGE_INTEGER LogonTime;
'} SECURITY_LOGON_SESSION_DATA, *PSECURITY_LOGON_SESSION_DATA;
Public Type SECURITY_LOGON_SESSION_DATA
Size As Long
LogonId As LUID
UserName As UNICODE_STRING
LogonDomain As UNICODE_STRING
AuthenticationPackage As UNICODE_STRING
LogonType As Long
SessionId As Long
Sid As Long
LogonTime As FILETIME
End Type
'typedef struct _KERB_QUERY_TKT_CACHE_REQUEST {
' KERB_PROTOCOL_MESSAGE_TYPE MessageType;
' LUID LogonId;
'} KERB_QUERY_TKT_CACHE_REQUEST, *PKERB_QUERY_TKT_CACHE_REQUEST;
Public Type KERB_QUERY_TKT_CACHE_REQUEST
messageType As Long
LogonId As LUID
End Type
'typedef struct _KERB_TICKET_CACHE_INFO {
' UNICODE_STRING ServerName;
' UNICODE_STRING RealmName;
' LARGE_INTEGER StartTime;
' LARGE_INTEGER EndTime;
' LARGE_INTEGER RenewTime;
' LONG EncryptionType;
' ULONG TicketFlags;
'} KERB_TICKET_CACHE_INFO, *PKERB_TICKET_CACHE_INFO;
Public Type KERB_TICKET_CACHE_INFO
ServerName As UNICODE_STRING
RealmName As UNICODE_STRING
StartTime As FILETIME
EndTime As FILETIME
RenewTime As FILETIME
EncryptType As Long
TicketFlags As Long
End Type
'typedef struct _KERB_QUERY_TKT_CACHE_RESPONSE {
' KERB_PROTOCOL_MESSAGE_TYPE MessageType;
' ULONG CountOfTickets;
' KERB_TICKET_CACHE_INFO Tickets[ANYSIZE_ARRAY];
'} KERB_QUERY_TKT_CACHE_RESPONSE, *PKERB_QUERY_TKT_CACHE_RESPONSE;
Public Type KERB_QUERY_TKT_CACHE_RESPONSE
messageType As Long
CountOfTkts As Long
Tickets(0 To 100) As KERB_TICKET_CACHE_INFO
End Type
Public Type KERB_PURGE_TKT_CACHE_REQUEST
messageType As Long
LogonId As Long
ServerName As UNICODE_STRING
RealmName As UNICODE_STRING
End Type
Public Declare Function lstrlenW Lib "Kernel32.dll" _
(ByVal lpString As Long) As Long
Public Declare Function GetTimeZoneInformation Lib "kernel32" _
(lpTimeZoneInformation As TIME_ZONE_INFORMATION) As Long
Public Declare Function FileTimeToLocalFileTime Lib "Kernel32.dll" _
(lpFileTime As FILETIME, _
lpLocalFileTime As FILETIME) As Long
Public Declare Function FileTimeToSystemTime Lib "Kernel32.dll" _
(lpFileTime As FILETIME, _
lpSystemTime As SYSTEMTIME) As Long
'BOOL SystemTimeToTzSpecificLocalTime(
' LPTIME_ZONE_INFORMATION lpTimeZone, // time zone
' LPSYSTEMTIME lpUniversalTime, // universal time
' LPSYSTEMTIME lpLocalTime // local time
');
Public Declare Function SystemTimeToTzSpecificLocalTime Lib "Kernel32.dll" _
(lpTimeZone As TIME_ZONE_INFORMATION, _
lpUniversalTime As SYSTEMTIME, _
lpLocalTime As SYSTEMTIME) As Long
Public Declare Function GetLengthSid Lib "advapi32.dll" _
(pSid As Any) As Long
Public Declare Function IsValidSid Lib "advapi32.dll" _
(pSid As Any) As Long
Public Declare Function ConvertSidToStringSid Lib "advapi32.dll" _
Alias "ConvertSidToStringSidA" _
(ByVal pSid As Long, _
lpstrSID As Long) As Long
'NTSTATUS NTAPI LsaEnumerateLogonSessions(
' PULONG LogonSessionCount,
' PLUID* LogonSessionList
');
Public Declare Function LsaEnumerateLogonSessions Lib "Secur32.dll" _
(LogonSessionCount As Long, _
LogonSessionList As Long) As Long
'NTSTATUS NTAPI LsaGetLogonSessionData(
' PLUID LogonId,
' PSECURITY_LOGON_SESSION_DATA* ppLogonSessionData
');
Public Declare Function LsaGetLogonSessionData Lib "Secur32.dll" _
(ByVal LogonId As Long, _
ppLogonSessionData As Long) As Long
Public Declare Function LsaLookupAuthenticationPackage Lib "Secur32.dll" _
(ByVal LsaHandle As Long, _
PackageName As LSA_STRING, _
AuthenticationPackage As Long) As Long
Public Declare Function LsaCallAuthenticationPackage Lib "Secur32.dll" _
(ByVal LsaHandle As Long, _
ByVal AuthenticationPackage As Long, _
ProtocolSubmitBuffer As KERB_QUERY_TKT_CACHE_REQUEST, _
ByVal SubmitBufferLength As Long, _
ProtocolReturnBuffer As Long, _
ReturnBufferLength As Long, _
ProtocolStatus As Long) As Long
'NTSTATUS LsaFreeReturnBuffer(
' PVOID buffer
');
Public Declare Function LsaFreeReturnBuffer Lib "Secur32.dll" _
(lbuffer As Long) As Long
'NTSTATUS LsaRegisterLogonProcess(
' PLSA_STRING LogonProcessName,
' PHANDLE LsaHandle,
' PLSA_OPERATIONAL_MODE SecurityMode
');
Public Declare Function LsaRegisterLogonProcess Lib "Secur32.dll" _
(LogonProcessName As LSA_STRING, _
LsaHandle As Long, _
SecurityMode As Long) As Long
Public Declare Function LsaConnectUntrusted Lib "Secur32.dll" _
(LsaHandle As Long) As Long
Public Declare Function LsaDeregisterLogonProcess Lib "Secur32.dll" _
(ByVal LsaHandle As Long) As Long
Public Declare Function StrLenA Lib "kernel32" _
Alias "lstrlenA" _
(ByVal lpString As String) As Long
Public Declare Function strLen Lib "kernel32" _
Alias "lstrlenW" _
(ByVal Ptr As Long) As Long
Public Declare Function LsaNtStatusToWinError Lib "advapi32.dll" _
(ByVal Status As Long) As Long
Public Declare Sub MoveMemory Lib "kernel32" _
Alias "RtlMoveMemory" _
(pDest As Any, _
pSource As Any, _
ByVal dwLength As Long)
Public Declare Function GetCurrentProcess Lib "Kernel32.dll" _
() As Long
Public Declare Function OpenProcessToken Lib "advapi32.dll" _
(ByVal ProcessHandle As Long, _
ByVal DesiredAccess As Long, _
TokenHandle As Long) As Long
Public Declare Function LookupPrivilegeValue Lib "advapi32.dll" _
Alias "LookupPrivilegeValueA" _
(ByVal lpSystemName As String, _
ByVal lpName As String, _
lpLuid As LUID) As Long
Public Declare Function AdjustTokenPrivileges Lib "advapi32.dll" _
(ByVal TokenHandle As Long, _
ByVal DisableAllPrivileges As Long, _
NewState As TOKEN_PRIVILEGES, _
ByVal BufferLength As Long, _
PreviousState As TOKEN_PRIVILEGES, _
ReturnLength As Long) As Long
Public Declare Function lstrlenptr Lib "kernel32" _
Alias "lstrlenA" _
(ByVal lpString As Long) As Long
Public Declare Function lstrcpyfromptr Lib "kernel32" _
Alias "lstrcpyA" _
(ByVal lpString1 As String, _
ByVal lpString2 As Long) As Long
Public Function GetCrypto(lCryptFlag As Long) As String
Select Case lCryptFlag
Case KERB_ETYPE_NULL
GetCrypto = "KERB_ETYPE_NULL"
Case KERB_ETYPE_DES_CBC_CRC
GetCrypto = "KERB_ETYPE_DES_CBC_CRC"
Case KERB_ETYPE_DES_CBC_MD4
GetCrypto = "KERB_ETYPE_DES_CBC_MD4"
Case KERB_ETYPE_DES_CBC_MD5
GetCrypto = "KERB_ETYPE_DES_CBC_MD5"
Case KERB_ETYPE_RC4_MD4
GetCrypto = "KERB_ETYPE_RC4_MD4"
Case KERB_ETYPE_RC4_PLAIN2
GetCrypto = "KERB_ETYPE_RC4_PLAIN2"
Case KERB_ETYPE_RC4_LM
GetCrypto = "KERB_ETYPE_RC4_LM"
Case KERB_ETYPE_RC4_SHA
GetCrypto = "KERB_ETYPE_RC4_SHA"
Case KERB_ETYPE_DES_PLAIN
GetCrypto = "KERB_ETYPE_DES_PLAIN"
Case KERB_ETYPE_RC4_HMAC_OLD
GetCrypto = "KERB_ETYPE_RC4_HMAC_OLD"
Case KERB_ETYPE_RC4_PLAIN_OLD
GetCrypto = "KERB_ETYPE_RC4_PLAIN_OLD"
Case KERB_ETYPE_RC4_HMAC_OLD_EXP
GetCrypto = "KERB_ETYPE_RC4_HMAC_OLD_EXP"
Case KERB_ETYPE_RC4_PLAIN_OLD_EXP
GetCrypto = "KERB_ETYPE_RC4_PLAIN_OLD_EXP"
Case KERB_ETYPE_RC4_PLAIN
GetCrypto = "KERB_ETYPE_RC4_PLAIN"
Case KERB_ETYPE_RC4_PLAIN_EXP
GetCrypto = "KERB_ETYPE_RC4_PLAIN_EXP"
Case KERB_ETYPE_DSA_SIGN
GetCrypto = "KERB_ETYPE_DSA_SIGN"
Case KERB_ETYPE_RSA_PRIV
GetCrypto = "KERB_ETYPE_RSA_PRIV"
Case KERB_ETYPE_RSA_PUB
GetCrypto = "KERB_ETYPE_RSA_PUB"
Case KERB_ETYPE_RSA_PUB_MD5
GetCrypto = "KERB_ETYPE_RSA_PUB_MD5"
Case KERB_ETYPE_RSA_PUB_SHA1
GetCrypto = "KERB_ETYPE_RSA_PUB_SHA1"
Case KERB_ETYPE_PKCS7_PUB
GetCrypto = "KERB_ETYPE_PKCS7_PUB"
Case KERB_ETYPE_DES_CBC_MD5_NT
GetCrypto = "KERB_ETYPE_DES_CBC_MD5_NT"
Case KERB_ETYPE_RC4_HMAC_NT
GetCrypto = "KERB_ETYPE_RC4_HMAC_NT"
Case KERB_ETYPE_RC4_HMAC_NT_EXP
GetCrypto = "KERB_ETYPE_RC4_HMAC_NT_EXP"
Case Else
GetCrypto = "ENCRYPT_UNKOWN"
End Select
End Function
Public Function GetLogonType(lLogonFlag As Long) As String
Select Case lLogonFlag
Case Interactive
GetLogonType = "Interactively logged on (locally or remotely)"
Case Network
GetLogonType = "Accessing system via network"
Case Batch
GetLogonType = "Started via a batch queue"
Case Service
GetLogonType = "Service started by service controller"
Case Proxy
GetLogonType = "Proxy logon"
Case lUnlock
GetLogonType = "Unlock workstation"
Case NetworkCleartext
GetLogonType = "Network logon with cleartext credentials"
Case NewCredentials
GetLogonType = "Clone caller, new default credentials"
Case RemoteInteractive
GetLogonType = "Remote, yet interactive(Terminal Server)"
Case CachedInteractive
GetLogonType = "Try cached credentials without hitting the net"
Case Else
GetLogonType = "Unknown (" & lLogonFlag & ")"
End Select
End Function
Public Sub GetTktFlags(lFlagVal As Long, iFlags As Integer, strFlags() As String)
iFlags = 0
Erase strFlags
If (lFlagVal And KERB_TICKET_FLAGS_renewable) Then
strFlags(iFlags) = "Renewable"
iFlags = iFlags + 1
End If
If (lFlagVal And KERB_TICKET_FLAGS_initial) Then
strFlags(iFlags) = "Initial"
iFlags = iFlags + 1
End If
If (lFlagVal And KERB_TICKET_FLAGS_invalid) Then
strFlags(iFlags) = "Invalid"
iFlags = iFlags + 1
End If
If (lFlagVal And KERB_TICKET_FLAGS_reserved) Then
strFlags(iFlags) = "Reserved"
iFlags = iFlags + 1
End If
If (lFlagVal And KERB_TICKET_FLAGS_forwardable) Then
strFlags(iFlags) = "Forwardable"
iFlags = iFlags + 1
End If
If (lFlagVal And KERB_TICKET_FLAGS_forwarded) Then
strFlags(iFlags) = "Forwarded"
iFlags = iFlags + 1
End If
If (lFlagVal And KERB_TICKET_FLAGS_proxiable) Then
strFlags(iFlags) = "Proxiable"
iFlags = iFlags + 1
End If
If (lFlagVal And KERB_TICKET_FLAGS_proxy) Then
strFlags(iFlags) = "Proxy"
iFlags = iFlags + 1
End If
If (lFlagVal And KERB_TICKET_FLAGS_may_postdate) Then
strFlags(iFlags) = "May Postdate"
iFlags = iFlags + 1
End If
If (lFlagVal And KERB_TICKET_FLAGS_postdated) Then
strFlags(iFlags) = "Postdated"
iFlags = iFlags + 1
End If
If (lFlagVal And KERB_TICKET_FLAGS_pre_authent) Then
strFlags(iFlags) = "Pre-authenticated"
iFlags = iFlags + 1
End If
If (lFlagVal And KERB_TICKET_FLAGS_hw_authent) Then
strFlags(iFlags) = "Hardware Authenticated"
iFlags = iFlags + 1
End If
If (lFlagVal And KERB_TICKET_FLAGS_ok_as_delegate) Then
strFlags(iFlags) = "Ok As Delegate"
iFlags = iFlags + 1
End If
If (lFlagVal And KERB_TICKET_FLAGS_reserved1) Then
strFlags(iFlags) = "Reserved 1"
iFlags = iFlags + 1
End If
End Sub
Public Function GetSid(lSidPtr As Long) As String
Dim lSid As Long
Dim lPtrSid As Long
lSid = ConvertSidToStringSid(lSidPtr, lPtrSid)
If lSid <> 0 Then
GetSid = StrFromPtr(lPtrSid)
Else
GetSid = "0"
End If
End Function
Public Function GetTime(InTime As FILETIME) As String
Dim sTime As SYSTEMTIME
Dim fTime As FILETIME
Dim strDate As String
Call FileTimeToLocalFileTime(InTime, fTime)
Call FileTimeToSystemTime(fTime, sTime)
strDate = sTime.wMonth & "/" & _
sTime.wDay & "/" & _
sTime.wYear & " " & _
sTime.wHour & ":" & _
sTime.wMinute & ":" & _
sTime.wSecond
GetTime = Format(strDate, "mm/dd/yyyy hh:nn:ss")
End Function
Public Function InitLsaStringA(LsaString As LSA_STRING, strString As String)
With LsaString
If strString = "" Then
.Length = 0
.MaximumLength = 0
.buffer = ""
Else
.Length = StrLenA(strString)
.MaximumLength = StrLenA(strString) + 1
.buffer = strString
End If
End With
End Function
Public Function InitUnicodeString(LsaString As UNICODE_STRING, strString As String)
With LsaString
If strString = "" Then
.buffer = ""
.Length = 0
.MaximumLength = 0
Else
.buffer = StrPtr(strString)
.Length = strLen(StrPtr(strString)) * 2
.MaximumLength = (strLen(StrPtr(strString)) + 1) * 2
End If
End With
End Function
Public Function GetLsaString(LsaStringLong As UNICODE_STRING) As String
Dim byteBuffer() As Byte
With LsaStringLong
If .Length = 0 Then Exit Function
ReDim byteBuffer(.Length - 1)
MoveMemory byteBuffer(0), ByVal .buffer, .Length
GetLsaString = byteBuffer
End With
End Function
Public Function PtrToStrW(lpStringW As Long) As String
Dim buffer() As Byte
Dim nLen As Long
If lpStringW <> 0 Then
nLen = lstrlenW(lpStringW) * 2
If nLen Then
ReDim buffer(0 To (nLen - 1)) As Byte
Call MoveMemory(buffer(0), ByVal lpStringW, nLen)
PtrToStrW = Trim(UCase(buffer))
End If
End If
End Function
Public Function StrFromPtr(ByVal ptrVal As Long) As String
Dim strLen As Long
Dim ReString As String
If ptrVal = 0 Then Exit Function
strLen = lstrlenptr(ptrVal)
ReString = String$(strLen + 1, 0)
Call lstrcpyfromptr(ReString, ptrVal)
StrFromPtr = Left$(ReString, strLen)
End Function
|
