|
|
//+--------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1996 - 1999
//
// File: csldap.h
//
// Contents: Cert Server wrapper routines
//
//---------------------------------------------------------------------------
#ifndef __CSLDAP_H__
#define __CSLDAP_H__
#define csecLDAPTIMEOUT (2 * 60) // two minute default search timeout
#define wszDSUSERCERTATTRIBUTE L"userCertificate"
#define wszDSCROSSCERTPAIRATTRIBUTE L"crossCertificatePair"
#define wszDSKRACERTATTRIBUTE wszDSUSERCERTATTRIBUTE
#define wszDSCACERTATTRIBUTE L"cACertificate"
#define wszDSBASECRLATTRIBUTE L"certificateRevocationList"
#define wszDSDELTACRLATTRIBUTE L"deltaRevocationList"
#define wszDSAUTHORITYCRLATTRIBUTE L"authorityRevocationList"
#define wszDSOBJECTCLASSATTRIBUTE L"objectClass"
#define wszDSFLAGSATTRIBUTE L"flags"
#define wszDSSAMACCOUNTNAMEATTRIBUTE L"sAMAccountName"
#define wszDSMAILATTRIBUTE L"mail"
#define wszDSDNSHOSTNAMEATTRIBUTE L"dNSHostName"
#define wszDSDNATTRIBUTE L"distinguishedName"
#define wszDSNAMEATTRIBUTE L"name"
#define wszDSBASESEARCH L"?base"
#define wszDSONESEARCH L"?one"
#define wszDSSUBSEARCH L"?sub"
#define wszDSTOPCLASSNAME L"top"
#define wszDSPERSONCLASSNAME L"person"
#define wszDSORGPERSONCLASSNAME L"organizationalPerson"
#define wszDSUSERCLASSNAME L"user"
#define wszDSCONTAINERCLASSNAME L"container"
#define wszDSENROLLMENTSERVICECLASSNAME L"pKIEnrollmentService"
#define wszDSMACHINECLASSNAME L"computer"
#define wszDSTEMPLATELASSNAME L"pKICertificateTemplate"
#define wszDSKRACLASSNAME L"msPKI-PrivateKeyRecoveryAgent"
#define wszDSCDPCLASSNAME L"cRLDistributionPoint"
#define wszDSOIDCLASSNAME L"msPKI-Enterprise-Oid"
#define wszDSCACLASSNAME L"certificationAuthority"
#define wszDSAIACLASSNAME wszDSCACLASSNAME
#define wszDSCDPCLASS L"?" wszDSOBJECTCLASSATTRIBUTE L"=" wszDSCDPCLASSNAME
#define wszDSCACLASS L"?" wszDSOBJECTCLASSATTRIBUTE L"=" wszDSCACLASSNAME
#define wszDSUSERCLASS L"?" wszDSOBJECTCLASSATTRIBUTE L"=*"
#define wszDSKRACLASS L"?" wszDSOBJECTCLASSATTRIBUTE L"=" wszDSKRACLASSNAME
#define wszDSAIACLASS L"?" wszDSOBJECTCLASSATTRIBUTE L"=" wszDSAIACLASSNAME
#define wszDSSEARCHBASECRLATTRIBUTE \
L"?" \ wszDSBASECRLATTRIBUTE \ wszDSBASESEARCH \ wszDSCDPCLASS
#define wszDSSEARCHDELTACRLATTRIBUTE \
L"?" \ wszDSDELTACRLATTRIBUTE \ wszDSBASESEARCH \ wszDSCDPCLASS
#define wszDSSEARCHUSERCERTATTRIBUTE \
L"?" \ wszDSUSERCERTATTRIBUTE \ wszDSBASESEARCH \ wszDSUSERCLASS
#define wszDSSEARCHCACERTATTRIBUTE \
L"?" \ wszDSCACERTATTRIBUTE \ wszDSBASESEARCH \ wszDSCACLASS
#define wszDSSEARCHKRACERTATTRIBUTE \
L"?" \ wszDSUSERCERTATTRIBUTE \ wszDSONESEARCH \ wszDSKRACLASS
#define wszDSSEARCHCROSSCERTPAIRATTRIBUTE \
L"?" \ wszDSCROSSCERTPAIRATTRIBUTE \ wszDSONESEARCH \ wszDSAIACLASS
#define wszDSSEARCHAIACERTATTRIBUTE \
L"?" \ wszDSCACERTATTRIBUTE \ wszDSONESEARCH \ wszDSAIACLASS
#define wszDSKRAQUERYTEMPLATE \
L"ldap:///CN=KRA," \ L"CN=Public Key Services," \ L"CN=Services," \ wszFCSAPARM_CONFIGDN \ wszDSSEARCHKRACERTATTRIBUTE
#define wszDSAIAQUERYTEMPLATE \
L"ldap:///CN=AIA," \ L"CN=Public Key Services," \ L"CN=Services," \ wszFCSAPARM_CONFIGDN \ wszDSSEARCHAIACERTATTRIBUTE
// Default URL Template Values:
extern WCHAR const g_wszzLDAPIssuerCertURLTemplate[];extern WCHAR const g_wszzLDAPKRACertURLTemplate[];extern WCHAR const g_wszzLDAPRevocationURLTemplate[];extern WCHAR const g_wszASPRevocationURLTemplate[];
extern WCHAR const g_wszLDAPNTAuthURLTemplate[];extern WCHAR const g_wszLDAPRootTrustURLTemplate[];
extern WCHAR const g_wszCDPDNTemplate[];extern WCHAR const g_wszAIADNTemplate[];extern WCHAR const g_wszKRADNTemplate[];
extern WCHAR const g_wszHTTPRevocationURLTemplate[];extern WCHAR const g_wszFILERevocationURLTemplate[];extern WCHAR const g_wszHTTPIssuerCertURLTemplate[];extern WCHAR const g_wszFILEIssuerCertURLTemplate[];
// Default Server Controls:
extern LDAPControl *g_rgLdapControls[];
HRESULTmyGetAuthoritativeDomainDn( IN LDAP *pld, OPTIONAL OUT BSTR *pstrDomainDN, OPTIONAL OUT BSTR *pstrConfigDN);
HRESULTmyDomainFromDn( IN WCHAR const *pwszDN, OUT WCHAR **ppwszDomainDNS);
DWORDmyGetLDAPFlags();
HRESULTmyLdapOpen( OPTIONAL IN WCHAR const *pwszDomainName, IN DWORD dwFlags, // RLBF_*
OUT LDAP **ppld, OPTIONAL OUT BSTR *pstrDomainDN, OPTIONAL OUT BSTR *pstrConfigDN);
VOIDmyLdapClose( OPTIONAL IN LDAP *pld, OPTIONAL IN BSTR strDomainDN, OPTIONAL IN BSTR strConfigDN);
BOOLmyLdapRebindRequired( IN ULONG ldaperrParm, OPTIONAL IN LDAP *pld);
HRESULTmyLdapGetDSHostName( IN LDAP *pld, OUT WCHAR **ppwszHostName);
HRESULTmyLdapCreateContainer( IN LDAP *pld, IN WCHAR const *pwszDN, IN BOOL fSkipObject, // Does the DN contain a leaf object name
IN DWORD cMaxLevel, // create this many nested containers as needed
IN PSECURITY_DESCRIPTOR pContainerSD, OPTIONAL OUT WCHAR **ppwszError);
#define LPC_CAOBJECT 0x00000000
#define LPC_KRAOBJECT 0x00000001
#define LPC_USEROBJECT 0x00000002
#define LPC_MACHINEOBJECT 0x00000003
#define LPC_OBJECTMASK 0x0000000f
#define LPC_CREATECONTAINER 0x00000100
#define LPC_CREATEOBJECT 0x00000200
HRESULTmyLdapPublishCertToDS( IN LDAP *pld, IN CERT_CONTEXT const *pccPublish, IN WCHAR const *pwszURL, IN WCHAR const *pwszAttribute, IN DWORD dwObjectType, // LPC_*
IN BOOL fDelete, OUT DWORD *pdwDisposition, OPTIONAL OUT WCHAR **ppwszError);
HRESULTmyLdapPublishCRLToDS( IN LDAP *pld, IN CRL_CONTEXT const *pCRLPublish, IN WCHAR const *pwszURL, IN WCHAR const *pwszAttribute, OUT DWORD *pdwDisposition, OPTIONAL OUT WCHAR **ppwszError);
HRESULTmyLdapCreateCAObject( IN LDAP *pld, IN WCHAR const *pwszDN, OPTIONAL IN BYTE const *pbCert, IN DWORD cbCert, IN PSECURITY_DESCRIPTOR pSD, OUT DWORD *pdwDisposition, OPTIONAL OUT WCHAR **ppwszError);
HRESULTmyLdapCreateCDPObject( IN LDAP *pld, IN WCHAR const *pwszDN, IN PSECURITY_DESCRIPTOR pSD, OUT DWORD *pdwDisposition, OPTIONAL OUT WCHAR **ppwszError);
HRESULTmyLdapCreateUserObject( IN LDAP *pld, IN WCHAR const *pwszDN, OPTIONAL IN BYTE const *pbCert, IN DWORD cbCert, IN PSECURITY_DESCRIPTOR pSD, IN DWORD dwObjectType, // LPC_* (but LPC_CREATE* is ignored)
OUT DWORD *pdwDisposition, OPTIONAL OUT WCHAR **ppwszError);
HRESULTmyLdapCreateOIDObject( IN LDAP *pld, IN WCHAR const *pwszDN, IN DWORD dwType, IN WCHAR const *pwszObjId, OUT DWORD *pdwDisposition, OPTIONAL OUT WCHAR **ppwszError);
HRESULTmyLdapOIDIsMatchingLangId( IN WCHAR const *pwszDisplayName, IN DWORD dwLanguageId, OUT BOOL *pfLangIdExists);
HRESULTmyLdapAddOrDeleteOIDDisplayNameToAttribute( IN LDAP *pld, OPTIONAL IN WCHAR **ppwszDisplayNames, IN DWORD dwLanguageId, OPTIONAL IN WCHAR const *pwszDisplayName, IN WCHAR const *pwszDN, IN WCHAR const *pwszAttribute, OUT DWORD *pdwDisposition, OPTIONAL OUT WCHAR **ppwszError);
HRESULTmyHLdapError( OPTIONAL IN LDAP *pld, IN ULONG ldaperrParm, OPTIONAL OUT WCHAR **ppwszError);
HRESULTmyHLdapError2( OPTIONAL IN LDAP *pld, IN ULONG ldaperrParm, IN ULONG ldaperrParmQuiet, OPTIONAL OUT WCHAR **ppwszError);
HRESULTmyHLdapError3( OPTIONAL IN LDAP *pld, IN ULONG ldaperrParm, IN ULONG ldaperrParmQuiet, IN ULONG ldaperrParmQuiet2, OPTIONAL OUT WCHAR **ppwszError);
HRESULTmyHLdapLastError( OPTIONAL IN LDAP *pld, OPTIONAL OUT WCHAR **ppwszError);
HRESULTAddCertToAttribute( IN LDAP *pld, IN CERT_CONTEXT const *pccPublish, IN WCHAR const *pwszDN, IN WCHAR const *pwszAttribute, IN BOOL fDelete, OUT DWORD *pdwDisposition, OPTIONAL OUT WCHAR **ppwszError);
HRESULTmyLDAPSetStringAttribute( IN LDAP *pld, IN WCHAR const *pwszDN, IN WCHAR const *pwszAttribute, IN WCHAR const *pwszValue, OUT DWORD *pdwDisposition, OPTIONAL OUT WCHAR **ppwszError);
HRESULTCurrentUserCanInstallCA( bool& fCanInstall);
HRESULTmyLdapFindObjectInForest( IN LDAP *pld, IN LPCWSTR pwszFilter, OUT LPWSTR *ppwszURL);
HRESULTmyLdapFindComputerInForest( IN LDAP *pld, IN LPCWSTR pwszMachineDNS, OUT LPWSTR *ppwszURL);
HRESULTmyLdapFilterCertificates( IN LDAP *pld, IN LPCWSTR pcwszDN, IN LPCWSTR pcwszAttribute, OUT DWORD *pdwDisposition, OPTIONAL OUT WCHAR **ppwszError);
#endif // __CSLDAP_H__
|
