|
|
//+--------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1996 - 1999
//
// File: csext.h
//
// Contents: Cert Server globals
//
// History: 25-Jul-96 vich created
//
//---------------------------------------------------------------------------
#ifndef __CSEXT_H__
#define __CSEXT_H__
#include "certacl.h"
#ifndef SE_AUDITID_CERTSRV_ROLESEPARATIONSTATE
// Temporary define audit events here
#define SE_AUDITID_CERTSRV_ROLESEPARATIONSTATE ((ULONG)0x00000321L)
#define SE_AUDITID_CERTSRV_PUBLISHCACERT ((ULONG)0x0000031fL)
#endif // SE_AUDITID_CERTSRV_ROLESEPARATIONSTATE
// privately used access bit to check for local administrator rights
#define CA_ACCESS_LOCALADMIN 0x00008000
// privately used access bit to trigger a denied audit event
#define CA_ACCESS_DENIED 0x00004000
// Each certificate handler must export the following functions.
#define CMS_CRLPUB_PERIOD (60*1000) // 60 seconds (in milliseconds)
//#define CMS_CRLPUB_PERIOD (60*60*1000) // 60 minutes (in milliseconds)
#define CCCF_INREQUESTGROUPSET 0x00000001
#define CCCF_INREQUESTGROUP 0x00000002
#define CCCF_KEYARCHIVEDSET 0x00000004
#define CCCF_KEYARCHIVED 0x00000008
typedef struct _CERTSRV_COM_CONTEXT{ DWORD dwFlags; HANDLE hAccessToken; DWORD RequestId; DWORD iExitModActive; WCHAR *pwszUserDN;} CERTSRV_COM_CONTEXT;
#define CRCF_SIGNATUREERROR 0x00000001
#define CRCF_KEYARCHIVALERROR 0x00000002
#define CRCF_FAILDENIEDREQUEST 0x00000004
#define CRCF_PREVIOUSLYDENIED 0x00000008
#define CRCF_RENEWAL 0x00000010
#define CRCF_ARCHIVESIGNINGKEYERROR 0x00000020
typedef struct _CERTSRV_RESULT_CONTEXT{ DWORD *pdwRequestId; DWORD dwResultFlags; // CRCF_*
DWORD dwFlagsTop; BOOL fTransactionId; DWORD dwTransactionId; BYTE *pbSenderNonce; DWORD cbSenderNonce; BOOL fRequestSavedWithoutKey; BOOL fEnrollOnBehalfOf; BYTE *pbKeyHashIn; DWORD cbKeyHashIn; BYTE *pbKeyHashOut; DWORD cbKeyHashOut; BYTE *pbArchivedKey; DWORD cbArchivedKey; WCHAR *pwszKRAHashes; BSTR strRenewalCertHash; DWORD *pdwDisposition; WCHAR *pwszExtendedErrorInfo; CERTTRANSBLOB *pctbDispositionMessage; CERTTRANSBLOB *pctbCert; CERTTRANSBLOB *pctbCertChain; CERTTRANSBLOB *pctbFullResponse;} CERTSRV_RESULT_CONTEXT;
VOID ReleaseResult(IN OUT CERTSRV_RESULT_CONTEXT *pResult);
// Certification Authority Cert Context/Chain/Key information:
#define CTXF_SKIPCRL 0x00000001
#define CTXF_CERTMISSING 0x00000002
#define CTXF_CRLZOMBIE 0x00000004
#define CTXF_EXPIRED 0x00000010
#define CTXF_REVOKED 0x00000020
typedef struct _CACTX{ DWORD Flags; DWORD iCert; DWORD iKey; DWORD NameId; // MAKECANAMEID(iCert, iKey)
HRESULT hrVerifyStatus; CERT_CONTEXT const **apCACertChain; DWORD cCACertChain; CERT_CONTEXT const *pccCA; CRYPT_OBJID_BLOB IssuerKeyId; HCRYPTPROV hProvCA; CRYPT_OBJID_BLOB KeyAuthority2Cert; CRYPT_OBJID_BLOB KeyAuthority2CRL; CRYPT_OBJID_BLOB CDPCert; CRYPT_OBJID_BLOB CDPCRLFreshest; CRYPT_OBJID_BLOB CDPCRLBase; CRYPT_OBJID_BLOB CDPCRLDelta; CRYPT_OBJID_BLOB AIACert; char *pszObjIdSignatureAlgorithm; WCHAR *pwszKeyContainerName; WCHAR **papwszCRLFiles; WCHAR **papwszDeltaCRLFiles;} CACTX;
typedef struct _CACROSSCTX{ DWORD Flags; DWORD ReqId; CACTX *pCAContext; CACTX *pCAContextTarget; HRESULT hrVerifyStatus; CERT_CONTEXT const *pccCACross;} CACROSSCTX;
typedef struct _CAXCHGCTX{ DWORD Flags; DWORD ReqId; CERT_CONTEXT const *pccCAXchg; HCRYPTPROV hProvCA; WCHAR *pwszKeyContainerName; DWORD iCertSig;} CAXCHGCTX;
//+****************************************************
// Core Module:
HRESULTCoreInit( IN BOOL fAuditEnabled);
VOIDCoreTerminate(VOID);
HRESULTCoreValidateRequestId( IN ICertDBRow *prow, IN DWORD ExpectedDisposition);
// Internal CoreProcessRequest Flags:
#define CR_IN_NEW 0x00000000
#define CR_IN_DENY 0x10000000
#define CR_IN_RESUBMIT 0x20000000
#define CR_IN_RETRIEVE 0x30000000
#define CR_IN_COREMASK 0x30000000
HRESULTCoreProcessRequest( IN DWORD dwType, OPTIONAL IN WCHAR const *pwszUserName, IN DWORD cbRequest, OPTIONAL IN BYTE const *pbRequest, OPTIONAL IN WCHAR const *pwszAttributes, OPTIONAL IN WCHAR const *pwszSerialNumber, IN DWORD dwComContextIndex, IN DWORD dwRequestId, OUT CERTSRV_RESULT_CONTEXT *pResult);
HRESULTCoreDenyRequest( IN ICertDBRow *prow, IN DWORD Flags, IN DWORD ExpectedStatus);
VOIDCoreLogRequestStatus( IN ICertDBRow *prow, IN DWORD LogMsg, IN DWORD ErrCode, IN WCHAR const *pwszDisposition);
WCHAR *CoreBuildDispositionString( OPTIONAL IN WCHAR const *pwszDispositionBase, OPTIONAL IN WCHAR const *pwszUserName, OPTIONAL IN WCHAR const *pwszDispositionDetail, OPTIONAL IN WCHAR const *pwszDispositionDetail2, OPTIONAL IN WCHAR const *pwszDispositionBy, IN HRESULT hrFail, IN BOOL fPublishError);
HRESULTCoreSetDisposition( IN ICertDBRow *prow, IN DWORD Disposition);
HRESULTCoreSetRequestDispositionFields( IN ICertDBRow *prow, IN DWORD ErrCode, IN DWORD Disposition, IN WCHAR const *pwszDisposition);
HRESULTCoreSetComContextUserDN( IN DWORD dwRequestId, IN LONG Context, IN DWORD dwComContextIndex, OPTIONAL OUT WCHAR const **ppwszDN); // do NOT free!
HRESULTCoreSetArchivedKey( IN OUT CERTSRV_COM_CONTEXT *pComContext);
HRESULTCorePublishCrossCertificate( IN DWORD RequestId, IN CERT_CONTEXT const *pcc, IN BOOL fCreateDSObject, IN BOOL fDelete);
#ifndef DBG_COMTEST
# define DBG_COMTEST DBG_CERTSRV
#endif
#if DBG_COMTEST
extern BOOL fComTest;
BOOL ComTest(LONG Context);
#endif
#ifdef DBG_CERTSRV_DEBUG_PRINT
# define CERTSRVDBGPRINTTIME(pszDesc, pftGMT) \
CertSrvDbgPrintTime((pszDesc), (pftGMT))VOIDCertSrvDbgPrintTime( IN char const *pszDesc, IN FILETIME const *pftGMT);
#else // DBG_CERTSRV_DEBUG_PRINT
# define CERTSRVDBGPRINTTIME(pszDesc, pftGMT)
#endif // DBG_CERTSRV_DEBUG_PRINT
HRESULTCertSrvBlockThreadUntilStop();
/////////////////////////////////////
// CRL Publication logic
HRESULTCRLInit( IN WCHAR const *pwszSanitizedName);
VOIDCRLTerminate();
HRESULTCRLPubWakeupEvent( OUT DWORD *pdwMSTimeOut);
VOIDCRLComputeTimeOut( IN FILETIME const *pftFirst, IN FILETIME const *pftLast, OUT DWORD *pdwMSTimeOut);
HRESULTCRLPublishCRLs( IN BOOL fRebuildCRL, IN BOOL fForceRepublish, OPTIONAL IN WCHAR const *pwszUserName, IN BOOL fDelta, IN BOOL fShadowDelta, IN FILETIME ftNextUpdate, OUT BOOL *pfNeedRetry, OUT HRESULT *phrPublish);
HRESULTCRLGetCRL( IN DWORD iCert, IN BOOL fDelta, OPTIONAL OUT CRL_CONTEXT const **ppCRL, OPTIONAL OUT DWORD *pdwCRLPublishFlags);
HRESULTCRLWriteToLockedFile( IN BYTE const *pbEncoded, IN DWORD cbEncoded, IN BOOL fDelete, IN WCHAR const *pwszFile);
DWORDCRLIsStringInList( IN WCHAR const *pwszSearch, OPTIONAL IN WCHAR const *pwszzList);
/////////////////////////////////////
HRESULTPKCSSetup( IN WCHAR const *pwszCommonName, IN WCHAR const *pwszSanitizedName);
VOIDPKCSTerminate();
WCHAR const *PKCSMapAttributeName( OPTIONAL IN WCHAR const *pwszAttributeName, OPTIONAL IN CHAR const *pszObjId, OUT DWORD *pdwIndex, OUT DWORD *pcchMax);
HRESULTPKCSGetProperty( IN ICertDBRow *prow, IN WCHAR const *pwszPropName, IN DWORD Flags, OPTIONAL OUT DWORD *pcbData, OUT BYTE **ppbData);
HRESULTPKCSVerifyCAState( IN OUT CACTX *pCAContext);
HRESULTPKCSMapCertIndex( IN DWORD iCert, OUT DWORD *piCert, OUT DWORD *pState);
HRESULTPKCSMapCRLIndex( IN DWORD iCert, OUT DWORD *piCert, // returns newest iCert for passed iCert
OUT DWORD *piCRL, OUT DWORD *pState);
HRESULTPKCSGetCACertStatusCode( IN DWORD iCert, OUT HRESULT *phrCAStatusCode);
HRESULTPKCSGetCAState( IN LONG PropId, // CR_PROP_*
OUT BYTE *pb);
HRESULTPKCSGetCAVersion( OUT DWORD *pb);
HRESULTPKCSGetKRAState( IN DWORD cKRA, OUT BYTE *pb);
HRESULTPKCSSetSubjectTemplate( IN WCHAR const *pwszTemplate);
HRESULTPKCSGetCACert( IN LONG PropId, // CR_PROP_*
IN DWORD iCert, OUT BYTE **ppbCACert, OUT DWORD *pcbCACert);
HRESULTPKCSGetCAChain( IN DWORD iCert, IN BOOL fIncludeCRLs, OUT BYTE **ppbCAChain, // CoTaskMem*
OUT DWORD *pcbCAChain);
HRESULTPKCSGetCAXchgCert( IN DWORD iCert, IN WCHAR const *pwszUserName, OUT DWORD *piCertSig, OUT BYTE **ppbCACert, OUT DWORD *pcbCACert);
HRESULTPKCSGetCAXchgChain( IN DWORD iCert, IN WCHAR const *pwszUserName, IN BOOL fIncludeCRLs, OUT BYTE **ppbCAChain, // CoTaskMem*
OUT DWORD *pcbCAChain);
HRESULTPKCSArchivePrivateKey( IN ICertDBRow *prow, IN BOOL fV1Cert, IN BOOL fOverwrite, IN CRYPT_ATTR_BLOB const *pBlobEncrypted, OPTIONAL IN OUT CERTSRV_RESULT_CONTEXT *pResult);
HRESULTPKCSGetArchivedKey( IN DWORD dwRequestId, OUT BYTE **ppbArchivedKey, OUT DWORD *pcbArchivedKey);
HRESULTPKCSUpdateXchgValidityPeriods( OPTIONAL IN HCERTTYPE hCertType);
HRESULTPKCSGetCRLList( IN BOOL fDelta, IN DWORD iCert, OUT WCHAR const * const **ppapwszCRLList);
HRESULTPKCSSetServerProperties( IN ICertDBRow *prow, OPTIONAL IN CACTX *pCAContext, // signing CACTX
OPTIONAL IN FILETIME const *pftNotBefore, OPTIONAL IN FILETIME const *pftNotAfter, IN LONG lValidityPeriodCount, IN enum ENUM_PERIOD enumValidityPeriod);
HRESULTPKCSSetRequestFlags( IN ICertDBRow *prow, IN BOOL fSet, IN DWORD dwChange);
HRESULTPKCSCreateCertificate( IN ICertDBRow *prow, IN DWORD Disposition, IN BOOL fIncludeCRLs, IN BOOL fCrossCert, OPTIONAL IN CACTX *pCAContext, // signing CACTX
OUT BOOL *pfErrorLogged, OPTIONAL OUT CACTX **ppCAContext, OPTIONAL OUT WCHAR **ppwszDispositionCreateCert, IN OUT CERTSRV_RESULT_CONTEXT *pResult); // CoTaskMem*
HRESULTPKCSEncodeFullResponse( OPTIONAL IN ICertDBRow *prow, IN CERTSRV_RESULT_CONTEXT *pResult, IN HRESULT hrRequest, IN WCHAR *pwszDispositionString, OPTIONAL IN CACTX *pCAContext, OPTIONAL IN BYTE const *pbCertLeaf, IN DWORD cbCertLeaf, IN BOOL fIncludeCRLs, OUT BYTE **ppbResponse, // CoTaskMem*
OUT DWORD *pcbResponse);
HRESULTPKCSVerifyIssuedCertificate( IN CERT_CONTEXT const *pCert, OUT CACTX **ppCAContext);
HRESULTPKCSIsRevoked( IN DWORD RequestId, OPTIONAL IN WCHAR const *pwszSerialNumber, OUT LONG *pRevocationReason, OUT LONG *pDisposition);
HRESULTPKCSParseImportedCertificate( IN ICertDBRow *prow, IN BOOL fCrossCert, // else random imported cert
IN DWORD Disposition, OPTIONAL IN CACTX const *pCAContext, IN CERT_CONTEXT const *pCert);
HRESULTPKCSParseRequest( IN DWORD dwFlags, IN ICertDBRow *prow, IN DWORD cbRequest, IN BYTE const *pbRequest, IN CERT_CONTEXT const *pSigningAuthority, OUT BOOL *pfRenewal, IN OUT CERTSRV_RESULT_CONTEXT *pResult);
HRESULTPKCSParseAttributes( IN ICertDBRow *prow, IN WCHAR const *pwszAttributes, IN BOOL fRegInfo, IN BOOL fPending, IN DWORD dwRDNTable, OPTIONAL OUT BOOL *pfEnrollOnBehalfOf);
HRESULTPKCSVerifyChallengeString( IN ICertDBRow *prow);
HRESULTPKCSVerifySubjectRDN( OPTIONAL IN ICertDBRow *prow, IN OUT WCHAR const **ppwszPropertyName, OPTIONAL IN WCHAR const *pwszPropertyValue, OUT BOOL *pfSubjectDot);
HRESULTPKCSDeleteAllSubjectRDNs( IN ICertDBRow *prow, IN DWORD Flags);
WCHAR *PKCSSplitToken( IN OUT WCHAR **ppwszIn, IN WCHAR *pwcSeparator, OUT BOOL *pfSplit);
HRESULTPropAddSuffix( IN WCHAR const *pwszValue, IN WCHAR const *pwszSuffix, IN DWORD cwcNameMax, OUT WCHAR **ppwszOut);
HRESULTPropParseRequest( IN ICertDBRow *prow, IN DWORD dwFlags, IN DWORD cbRequest, IN BYTE const *pbRequest, IN OUT CERTSRV_RESULT_CONTEXT *pResult);
HRESULTPropSetRequestTimeProperty( IN ICertDBRow *prow, IN WCHAR const *pwszProp);
HRESULTPropGetExtension( IN ICertDBRow *prow, IN DWORD Flags, IN WCHAR const *pwszExtensionName, OUT DWORD *pdwExtFlags, OUT DWORD *pcbValue, OUT BYTE **ppbValue);
HRESULTPropSetExtension( IN ICertDBRow *prow, IN DWORD Flags, IN WCHAR const *pwszExtensionName, IN DWORD ExtFlags, IN DWORD cbValue, IN BYTE const *pbValue);
HRESULTPropSetAttributeProperty( IN ICertDBRow *prow, IN BOOL fConcatenateRDNs, IN BOOL fPrependNewValue, IN DWORD dwTable, IN DWORD cchNameMax, OPTIONAL IN WCHAR const *pwszSuffix, IN WCHAR const *wszName, IN WCHAR const *wszValue);
HRESULTRequestInitCAPropertyInfo(VOID);
HRESULTRequestGetCAPropertyInfo( OUT LONG *pcProperty, OUT CERTTRANSBLOB *pctbPropInfo);
HRESULTRequestGetCAProperty( IN LONG PropId, // CR_PROP_*
IN LONG PropIndex, IN LONG PropType, // PROPTYPE_*
OUT CERTTRANSBLOB *pctbPropertyValue);
HRESULTRequestSetCAProperty( IN wchar_t const *pwszAuthority, IN LONG PropId, // CR_PROP_*
IN LONG PropIndex, IN LONG PropType, // PROPTYPE_*
OUT CERTTRANSBLOB *pctbPropertyValue);
DWORDCertSrvStartServerThread( IN VOID *pvArg);
HRESULTCertSrvEnterServer( OUT DWORD *pState);
HRESULTCertSrvTestServerState();
HRESULTCertSrvLockServer( IN OUT DWORD *pState);
VOIDCertSrvExitServer( IN DWORD State, IN HRESULT hrExit);
struct IEnumCERTDBRESULTROW;typedef struct _CAVIEW{ struct _CAVIEW *pCAViewNext; IEnumCERTDBRESULTROW *pView; VOID *pvSearch; FILETIME ftCreate; FILETIME ftLastAccess;} CAVIEW;
HRESULTCertSrvDelinkCAView( IN VOID *pvSearch, OPTIONAL OUT CAVIEW **ppCAViewOut);
HRESULTCertSrvLinkCAView( IN BOOL fNew, IN VOID *pvSearch, IN CAVIEW *pCAViewIn);
HRESULT RPCInit(VOID);
HRESULT RPCTeardown(VOID);
VOIDServiceMain( IN DWORD dwArgc, IN LPWSTR *lpszArgv);
HRESULTServiceQueryInteractiveFlag( OUT BOOL *pfSilent);
BOOLServiceReportStatusToSCMgr( IN DWORD dwCurrentState, IN DWORD dwWin32ExitCode, IN DWORD dwCheckPoint, IN DWORD dwWaitHint);
#define INCREMENT_EXTENSIONS 16
HRESULTDBOpen( // initialize database
WCHAR const *pwszSanitizedName);
HRESULTDBShutDown( // terminate database access
IN BOOL fPendingNotify);
STDMETHODIMPCheckCertSrvAccess( IN LPCWSTR wszCA, IN handle_t hRpc, IN ACCESS_MASK Mask, OUT BOOL *pfAccessAllowed, OPTIONAL OUT HANDLE *phToken);
HRESULTCertSrvSetRegistryFileTimeValue( IN BOOL fConfigLevel, IN WCHAR const *pwszRegValueName, IN DWORD cpwszDelete, OPTIONAL IN WCHAR const * const *papwszRegValueNameDelete);
HRESULTGetClientUserName( OPTIONAL IN RPC_BINDING_HANDLE hRpc, OPTIONAL OUT WCHAR **ppwszUserSamName, OPTIONAL OUT WCHAR **ppwszUserDN);
HRESULT CertStartClassFactories(VOID);VOID CertStopClassFactories(VOID);
HRESULTSetCAObjectFlags(DWORD dwFlags);
namespace CertSrv{HRESULT GetMembership( IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzRM, IN PSID pSid, PTOKEN_GROUPS *ppGroups);
HRESULT CheckOfficerRights( DWORD dwRequestID, CertSrv::CAuditEvent &event);
HRESULT CheckOfficerRights( LPCWSTR pwszRequesterName, CertSrv::CAuditEvent &event);
HRESULTCheckOfficerRightsFromAuthzCC( IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzCCOfficer, IN WCHAR const *pwszRequesterName);
HRESULTCheckOfficerRightsFromOfficerName( IN WCHAR const *pwszOfficerName, IN WCHAR const *pwszRequesterName);
HRESULTGetCallerAuthzContext( OUT AUTHZ_CLIENT_CONTEXT_HANDLE *phAuthzCC);
BOOLCallbackAccessCheck( IN AUTHZ_CLIENT_CONTEXT_HANDLE pAuthzClientContext, IN PACE_HEADER pAce, IN PVOID pArgs OPTIONAL, IN OUT PBOOL pbAceApplicable);}
HRESULTPKCSGetKRACert( IN DWORD iCert, OUT BYTE **ppbCert, OUT DWORD *pcbCert);
#define CSST_STARTSERVICECONTROLLER 0x00000001
#define CSST_CONSOLE 0x00000002
extern enum ENUM_PERIOD g_enumValidityPeriod;extern LONG g_lValidityPeriodCount;
extern enum ENUM_PERIOD g_enumCAXchgValidityPeriod;extern LONG g_lCAXchgValidityPeriodCount;
extern enum ENUM_PERIOD g_enumCAXchgOverlapPeriod;extern LONG g_lCAXchgOverlapPeriodCount;
extern DWORD g_dwDelay2;
extern DWORD g_dwClockSkewMinutes;extern DWORD g_dwViewAgeMinutes;extern DWORD g_dwViewIdleMinutes;extern DWORD g_dwLogLevel;extern DWORD g_dwSessionCount;extern DWORD g_dwCRLFlags;extern DWORD g_dwHighSerial;extern BYTE *g_pbHighSerial;extern DWORD g_cbHighSerial;extern DWORD g_cbMaxIncomingAllocSize;
extern ICertDB *g_pCertDB;extern BOOL g_fDBRecovered;
extern HCERTSTORE g_hStoreCA;extern HCRYPTPROV g_hProvCA;
extern BSTR g_strPolicyDescription;extern BSTR g_strExitDescription;
extern BOOL g_fCertEnrollCompatible;extern BOOL g_fEnforceRDNNameLengths;extern BOOL g_fCreateDB;extern BOOL g_fStartAsService;extern DWORD g_CRLEditFlags;extern DWORD g_KRAFlags;extern DWORD g_cKRACertsRoundRobin;extern DWORD g_cKRACerts;extern ENUM_FORCETELETEX g_fForceTeletex;extern ENUM_CATYPES g_CAType;extern BOOL g_fUseDS;extern BOOL g_fServerUpgraded;extern long g_cTemplateUpdateSequenceNum;extern DWORD g_InterfaceFlags;extern HRESULT g_hrJetVersionStoreOutOfMemory;extern DWORD g_CryptSilent;extern DWORD g_dwVerifyCertFlags;
extern WCHAR g_wszCAStore[];extern WCHAR const g_wszCertSrvServiceName[];extern WCHAR const g_wszRegKeyConfigPath[];
extern WCHAR const g_wszRegDBA[];
extern WCHAR g_wszSanitizedName[];extern WCHAR *g_pwszSanitizedDSName;extern WCHAR g_wszCommonName[];extern WCHAR g_wszPolicyDCName[];extern DWORD g_cwcPolicyDCName;extern WCHAR g_wszParentConfig[];
extern WCHAR g_wszDatabase[];extern WCHAR g_wszLogDir[];extern WCHAR g_wszSystemDir[];
extern WCHAR *g_pwszServerName;extern BSTR g_strDomainDN;extern BSTR g_strConfigDN;extern WCHAR *g_pwszKRAPublishURL;extern WCHAR *g_pwszAIACrossCertPublishURL;extern WCHAR *g_pwszRootTrustCrossCertPublishURL;
extern WCHAR const g_wszRegValidityPeriodString[];extern WCHAR const g_wszRegValidityPeriodCount[];extern WCHAR const g_wszRegCAXchgValidityPeriodString[];extern WCHAR const g_wszRegCAXchgValidityPeriodCount[];extern WCHAR const g_wszRegCAXchgOverlapPeriodString[];extern WCHAR const g_wszRegCAXchgOverlapPeriodCount[];extern WCHAR const g_wszRegCAXchgCertHash[];extern WCHAR const g_wszRegHighSerial[];
// renewal-friendly properties
extern DWORD g_cCAKeys; // Total number of CA keys managed by this CA
extern DWORD g_cCACerts; // Total number of CA certs managed by this CA
extern DWORD g_cExitMod; // Total number of exit modules loaded by this CA
extern CertSrv::CCertificateAuthoritySD g_CASD;extern AUTHZ_RESOURCE_MANAGER_HANDLE g_AuthzCertSrvRM;extern DWORD g_dwAuditFilter;extern CertSrv::COfficerRightsSD g_OfficerRightsSD;extern CertSrv::CConfigStorage g_ConfigStorage;extern CertSrv::CAutoLPWSTR g_pwszDBFileHash;
//+--------------------------------------------------------------------------
// Name properties:
extern WCHAR const g_wszPropDistinguishedName[];extern WCHAR const g_wszPropRawName[];extern WCHAR const g_wszPropCountry[];extern WCHAR const g_wszPropOrganization[];extern WCHAR const g_wszPropOrgUnit[];extern WCHAR const g_wszPropCommonName[];extern WCHAR const g_wszPropLocality[];extern WCHAR const g_wszPropState[];extern WCHAR const g_wszPropTitle[];extern WCHAR const g_wszPropGivenName[];extern WCHAR const g_wszPropInitials[];extern WCHAR const g_wszPropSurName[];extern WCHAR const g_wszPropDomainComponent[];extern WCHAR const g_wszPropEMail[];extern WCHAR const g_wszPropStreetAddress[];extern WCHAR const g_wszPropUnstructuredAddress[];extern WCHAR const g_wszPropUnstructuredName[];extern WCHAR const g_wszPropDeviceSerialNumber[];extern WCHAR const g_wszPropCertificateIssuerNameID[];
//+--------------------------------------------------------------------------
// Subject Name properties:
extern WCHAR const g_wszPropSubjectDot[];extern WCHAR const g_wszPropSubjectDistinguishedName[];extern WCHAR const g_wszPropSubjectRawName[];extern WCHAR const g_wszPropSubjectCountry[];extern WCHAR const g_wszPropSubjectOrganization[];extern WCHAR const g_wszPropSubjectOrgUnit[];extern WCHAR const g_wszPropSubjectCommonName[];extern WCHAR const g_wszPropSubjectLocality[];extern WCHAR const g_wszPropSubjectState[];extern WCHAR const g_wszPropSubjectTitle[];extern WCHAR const g_wszPropSubjectGivenName[];extern WCHAR const g_wszPropSubjectInitials[];extern WCHAR const g_wszPropSubjectSurName[];extern WCHAR const g_wszPropSubjectDomainComponent[];extern WCHAR const g_wszPropSubjectEMail[];extern WCHAR const g_wszPropSubjectStreetAddress[];extern WCHAR const g_wszPropSubjectUnstructuredAddress[];extern WCHAR const g_wszPropSubjectUnstructuredName[];extern WCHAR const g_wszPropSubjectDeviceSerialNumber[];
//+--------------------------------------------------------------------------
// Issuer Name properties:
extern WCHAR const g_wszPropIssuerDot[];extern WCHAR const g_wszPropIssuerDistinguishedName[];extern WCHAR const g_wszPropIssuerRawName[];extern WCHAR const g_wszPropIssuerCountry[];extern WCHAR const g_wszPropIssuerOrganization[];extern WCHAR const g_wszPropIssuerOrgUnit[];extern WCHAR const g_wszPropIssuerCommonName[];extern WCHAR const g_wszPropIssuerLocality[];extern WCHAR const g_wszPropIssuerState[];extern WCHAR const g_wszPropIssuerTitle[];extern WCHAR const g_wszPropIssuerGivenName[];extern WCHAR const g_wszPropIssuerInitials[];extern WCHAR const g_wszPropIssuerSurName[];extern WCHAR const g_wszPropIssuerDomainComponent[];extern WCHAR const g_wszPropIssuerEMail[];extern WCHAR const g_wszPropIssuerStreetAddress[];extern WCHAR const g_wszPropIssuerUnstructuredAddress[];extern WCHAR const g_wszPropIssuerUnstructuredName[];extern WCHAR const g_wszPropIssuerDeviceSerialNumber[];
//+--------------------------------------------------------------------------
// Request properties:
extern WCHAR const g_wszPropRequestRequestID[];extern WCHAR const g_wszPropRequestRawRequest[];extern WCHAR const g_wszPropRequestRawArchivedKey[];extern WCHAR const g_wszPropRequestKeyRecoveryHashes[];extern WCHAR const g_wszPropRequestRawOldCertificate[];extern WCHAR const g_wszPropRequestAttributes[];extern WCHAR const g_wszPropRequestType[];extern WCHAR const g_wszPropRequestFlags[];extern WCHAR const g_wszPropRequestStatusCode[];extern WCHAR const g_wszPropRequestDisposition[];extern WCHAR const g_wszPropRequestDispositionMessage[];extern WCHAR const g_wszPropRequestSubmittedWhen[];extern WCHAR const g_wszPropRequestResolvedWhen[];extern WCHAR const g_wszPropRequestRevokedWhen[];extern WCHAR const g_wszPropRequestRevokedEffectiveWhen[];extern WCHAR const g_wszPropRequestRevokedReason[];extern WCHAR const g_wszPropRequesterName[];extern WCHAR const g_wszPropCallerName[];extern WCHAR const g_wszPropRequestOSVersion[];extern WCHAR const g_wszPropRequestCSPProvider[];
//+--------------------------------------------------------------------------
// Request attribute properties:
extern WCHAR const g_wszPropChallenge[];extern WCHAR const g_wszPropExpectedChallenge[];
//+--------------------------------------------------------------------------
// Certificate properties:
extern WCHAR const g_wszPropCertificateRequestID[];extern WCHAR const g_wszPropRawCertificate[];extern WCHAR const g_wszPropCertificateHash[];extern WCHAR const g_wszPropCertificateSerialNumber[];extern WCHAR const g_wszPropCertificateNotBeforeDate[];extern WCHAR const g_wszPropCertificateNotAfterDate[];extern WCHAR const g_wszPropCertificateSubjectKeyIdentifier[];extern WCHAR const g_wszPropCertificateRawPublicKey[];extern WCHAR const g_wszPropCertificatePublicKeyLength[];extern WCHAR const g_wszPropCertificatePublicKeyAlgorithm[];extern WCHAR const g_wszPropCertificateRawPublicKeyAlgorithmParameters[];
//+--------------------------------------------------------------------------
// Disposition messages:
extern WCHAR const *g_pwszRequestedBy;extern WCHAR const *g_pwszRevokedBy;extern WCHAR const *g_pwszUnrevokedBy;extern WCHAR const *g_pwszPublishedBy;extern WCHAR const *g_pwszUnknownSubject;extern WCHAR const *g_pwszInvalidIssuancePolicies;extern WCHAR const *g_pwszInvalidApplicationPolicies;
extern WCHAR const *g_pwszIntermediateCAStore;
//+--------------------------------------------------------------------------
// Localizable audit strings
extern WCHAR const *g_pwszYes;extern WCHAR const *g_pwszNo;extern LPCWSTR g_pwszAuditResources[];
//+--------------------------------------------------------------------------
// Secured attributes:
extern LPWSTR g_wszzSecuredAttributes;
extern HANDLE g_hServiceStoppingEvent;extern HANDLE g_hServiceStoppedEvent;
extern HANDLE g_hCRLManualPublishEvent;extern BOOL g_fCRLPublishDisabled;extern BOOL g_fDeltaCRLPublishDisabled;
extern HKEY g_hkeyCABase;extern HWND g_hwndMain;
extern BOOL g_fAdvancedServer;
__inline DWORD GetCertsrvComThreadingModel() { return(COINIT_MULTITHREADED); }
extern CACTX *g_aCAContext;extern CACTX *g_pCAContextCurrent;
inline HRESULT CheckAuthorityName(PCWSTR pwszAuthority, bool fAllowEmptyName = false){ HRESULT hr; if (NULL != pwszAuthority && L'\0' != *pwszAuthority) { if (0 != mylstrcmpiL(pwszAuthority, g_wszCommonName)) { if (0 != mylstrcmpiL(pwszAuthority, g_wszSanitizedName) && 0 != mylstrcmpiL(pwszAuthority, g_pwszSanitizedDSName)) { hr = E_INVALIDARG; goto error; }#ifdef DBG_CERTSRV_DEBUG_PRINT
if (0 == mylstrcmpiL(pwszAuthority, g_wszSanitizedName)) { DBGPRINT(( DBG_SS_CERTSRV, "'%ws' called with Sanitized Name: '%ws'\n", g_wszCommonName, pwszAuthority)); } else if (0 == mylstrcmpiL(pwszAuthority, g_pwszSanitizedDSName)) { DBGPRINT(( DBG_SS_CERTSRV, "'%ws' called with Sanitized DS Name: '%ws'\n", g_wszCommonName, pwszAuthority)); }#endif
} } else if(!fAllowEmptyName) { return hr = E_INVALIDARG; }
hr = S_OK;
error: return hr;}
#endif // __CSEXT_H__
|
