windows-server-2003/ds/published/inc/autoenr.w

/////////////////////////////////////////////////////////////////////////////
//  FILE          : autoenrl.h                                             //
//  DESCRIPTION   : Auto Enrollment functions                              //
//  AUTHOR        :                                                        //
//  HISTORY       :                                                        //
//                                                                         //
//  Copyright (C) 1993-1999 Microsoft Corporation   All Rights Reserved    //
/////////////////////////////////////////////////////////////////////////////

#ifndef __AUTOENR_H__
#define __AUTOENR_H__

#if _MSC_VER > 1000
#pragma once
#endif

#ifdef __cplusplus
extern "C" {
#endif

/////////////////////////////////////////////////////////////////////////////////////////////////////
//
//  CertAutoEnrollment
//
//      Function to perform autoenrollment actions.
//     
//      Parameters:
//          IN  hwndParent:     The parent window 
//          IN  dwStatus:       The status under which the function is called.  
//                              It can be one of the following:
//                              CERT_AUTO_ENROLLMENT_START_UP
//                              CERT_AUTO_ENROLLMENT_WAKE_UP
//
//      Return Value:
//          HANDLE:             The thread to wait on what does background autoenrollment
//                              processing.  NULL when there is no work to be done.
//
/////////////////////////////////////////////////////////////////////////////////////////////////////
HANDLE 
WINAPI
CertAutoEnrollment(IN HWND     hwndParent,
                   IN DWORD    dwStatus);

//the autoenrollment is called when the machine is booted or user first logs on
#define     CERT_AUTO_ENROLLMENT_START_UP       0x01

//the autoenrollment is called when winlogon checks for policy changes
#define     CERT_AUTO_ENROLLMENT_WAKE_UP        0x02    


/////////////////////////////////////////////////////////////////////////////////////////////////////
//
//  CertAutoRemove
//
//      Function to remove enterprise specific public key trust upon domain disjoin.
//      Should be called under local admin's context.
//     
//      Parameters:
//          IN  dwFlags:        Should be one of the following flag:
//                              CERT_AUTO_REMOVE_COMMIT
//                              CERT_AUTO_REMOVE_ROLL_BACK
//
//      Return Value:
//          BOOL:               TURE is upon success
//
/////////////////////////////////////////////////////////////////////////////////////////////////////
BOOL 
WINAPI
CertAutoRemove(IN DWORD    dwFlags);

//remove enterprise specific public key trust upon domain disjoin
#define     CERT_AUTO_REMOVE_COMMIT             0x01

//roll back all the publick key trust
#define     CERT_AUTO_REMOVE_ROLL_BACK          0x02    


/////////////////////////////////////////////////////////////////////////////////////////////////////
//
//  Registry locations for userinit to check the autoenrollment requirements
//
/////////////////////////////////////////////////////////////////////////////////////////////////////

//registry key for group policy settings
#define AUTO_ENROLLMENT_KEY         TEXT("SOFTWARE\\Policies\\Microsoft\\Cryptography\\AutoEnrollment")

#define AUTO_ENROLLMENT_POLICY      TEXT("AEPolicy")


//registry key for user/machine wake up mode flags
#define AUTO_ENROLLMENT_FLAG_KEY    TEXT("SOFTWARE\\Microsoft\\Cryptography\\AutoEnrollment")

#define AUTO_ENROLLMENT_FLAG        TEXT("AEFlags")


//possible flags for AUTO_ENROLLMENT_POLICY
//the upper two bytes specify the behavior; 
//the lower two bytes enable/disable individual autoenrollment components
#define AUTO_ENROLLMENT_ENABLE_TEMPLATE_CHECK           0x00000001

#define AUTO_ENROLLMENT_ENABLE_MY_STORE_MANAGEMENT      0x00000002

#define AUTO_ENROLLMENT_ENABLE_PENDING_FETCH            0x00000004

//we will always check the user ds store.  
//#define AUTO_ENROLLMENT_ENABLE_USER_DS_STORE            0x00000008

#define AUTO_ENROLLMENT_DISABLE_ALL                     0x00008000

#define AUTO_ENROLLMENT_BLOCK_USER_DS_STORE             0x00010000


//possible flags for AUTO_ENROLLMENT_FLAG
#define AUTO_ENROLLMENT_WAKE_UP_REQUIRED                0x01


// 8 hour default autoenrollment rate
#define AE_DEFAULT_REFRESH_RATE 8 

// policy location for autoenrollment rate
#define SYSTEM_POLICIES_KEY          L"Software\\Policies\\Microsoft\\Windows\\System"

/////////////////////////////////////////////////////////////////////////////////////////////////////
//
//  Timer/Event name for autoenrollment
//
/////////////////////////////////////////////////////////////////////////////////////////////////////
#define MACHINE_AUTOENROLLMENT_TIMER_NAME L"AUTOENRL:MachineEnrollmentTimer"

#define USER_AUTOENROLLMENT_TIMER_NAME    L"AUTOENRL:UserEnrollmentTimer"


#define MACHINE_AUTOENROLLMENT_TRIGGER_EVENT TEXT("AUTOENRL:TriggerMachineEnrollment")


#define USER_AUTOENROLLMENT_TRIGGER_EVENT TEXT("AUTOENRL:TriggerUserEnrollment")


/////////////////////////////////////////////////////////////////////////////////////////////////////
//
//  W2K autoenrollment defines
//
/////////////////////////////////////////////////////////////////////////////////////////////////////


typedef struct _AUTO_ENROLL_INFO_
{
    LPSTR               pszAutoEnrollProvider;
    LPWSTR              pwszCertType;
    LPCWSTR             pwszAutoEnrollmentID;
    HCERTSTORE          hMYStore;
    BOOL                fRenewal;
    PCCERT_CONTEXT      pOldCert;
    DWORD               dwProvType;
    DWORD               dwKeySpec;
    DWORD               dwGenKeyFlags;
    CERT_EXTENSIONS     CertExtensions;
    LPWSTR              pwszCAMachine;
    LPWSTR              pwszCAAuthority;
} AUTO_ENROLL_INFO, *PAUTO_ENROLL_INFO;

DWORD
AutoEnrollWrapper(
	PVOID CallbackState
	);


BOOL ProvAutoEnrollment(
                        IN BOOL fMachineEnrollment,
                        IN PAUTO_ENROLL_INFO pInfo
                        );

typedef struct _CA_HASH_ENTRY_
{
    DWORD   cbHash;
    BYTE    rgbHash[32];
} CA_HASH_ENTRY, *PCA_HASH_ENTRY;




#ifdef __cplusplus
}       // Balance extern "C" above
#endif

#endif // __AUTOENR_H__