(*----------------------------------------------------------------------*
| SSPLogonUser                                                        |
|                                                                      |
| Validate password for user/domain.  Returns true if the password is  |
| valid.                                                              |
*----------------------------------------------------------------------*)

function SSPLogonUser(const DomainName, UserName, Password: string): boolean;
var
  done : boolean;
  cbOut, cbIn : DWORD;
  AuthIdentity : TSecWINNTAuthIdentity;
  session0OK, session1OK : boolean;
  packageHandle : THandle;
  pClientBuf : PByte;
  pServerBuf : PByte;
  cbMaxMessage : DWORD;
  funcs : PSecurityFunctionTable;
// Widechar
  TheDomain : Array[0..255] Of WideChar;
  TheUser : Array[0..255] Of WideChar;
  ThePassWD : Array[0..255] Of WideChar;
begin
  result := False;
  try
    done := False;
    session1OK := False;
    packageHandle := 0;
    pClientBuf := nil;
    pServerBuf := nil;
    cbMaxMessage := 0;
    session0OK := InitSession(0);
    try
      session1OK := InitSession(1);
      packageHandle := InitPackage(cbMaxMessage, funcs);
      if session0OK and session1OK and (packageHandle <> 0) then
      begin
        GetMem(pClientBuf, cbMaxMessage);
        GetMem(pServerBuf, cbMaxMessage);
        FillChar(AuthIdentity, sizeof(AuthIdentity), 0);
        if DomainName <> '' then
        begin
// Widechar
          StringToWideChar(DomainName,@TheDomain,255);
          AuthIdentity.Domain :=@TheDomain;
          AuthIdentity.DomainLength := Length(DomainName)
        end;
        if UserName <> '' then
        begin
// Widechar
          StringToWideChar(UserName,@TheUser,255);
          AuthIdentity.User := @TheUser ;
          AuthIdentity.UserLength := Length(UserName);
        end;
        if Password <> '' then
        begin
// Widechar
          StringToWideChar(Password,@ThePassWD,255);
          AuthIdentity.Password := @ThePassWD;
          AuthIdentity.PasswordLength := Length(Password)
        end;
// Widechar
        AuthIdentity.Flags := SEC_WINNT_AUTH_IDENTITY_UNICODE;
        //
        // Prepare client message (negotiate).
        //
        cbOut := cbMaxMessage;
        if not GenClientContext(funcs,
          0,
          @AuthIdentity,
          pServerBuf,
          0,
          pClientBuf,
          cbOut,
          done) then
          //raise Exception.Create('GenClientContext Failed');
          exit;
        cbIn := cbOut;
        cbOut := cbMaxMessage;
        if not GenServerContext(funcs,
          1,
          pClientBuf,
          cbIn,
          pServerBuf,
          cbOut,
          done) then
          //raise Exception.Create('GenServerContext Failed');
          exit;
        cbIn := cbOut;
        //
        // Prepare client message (authenticate).
        //
        cbOut := cbMaxMessage;
        if not GenClientContext(funcs,
          0,
          @AuthIdentity,
          pServerBuf,
          cbIn,
          pClientBuf,
          cbOut,
          done) then
          //raise Exception.Create('GenClientContext failed');
          exit;
        cbIn := cbOut;
        //
        // Prepare server message (authentication).
        //
        cbOut := cbMaxMessage;
        if not GenServerContext(funcs,
          1,
          pClientBuf,
          cbIn,
          pServerBuf,
          cbOut,
          done) then
          //raise Exception.Create('GenServerContext failed');
          exit;
        result := True
      end
    finally
      if Session0OK then
        TermSession(funcs, 0);
      if Session1OK then
        TermSession(funcs, 1);
      if packageHandle <> 0 then
        FreeLibrary(PackageHandle);
      ReallocMem(pClientBuf, 0);
      ReallocMem(pServerBuf, 0);
    end
  except
  end
end;