//+-------------------------------------------------------------------------- // FILE : autoenro.h // DESCRIPTION : Private Auto Enrollment functions // // // Copyright (C) 1993-2000 Microsoft Corporation All Rights Reserved //+-------------------------------------------------------------------------- #ifndef __AUTOENRO_H__ #define __AUTOENRO_H__ #if _MSC_VER > 1000 #pragma once #endif #ifdef __cplusplus extern "C" { #endif //-------------------------------------------------------------------------- // Globals //-------------------------------------------------------------------------- extern HINSTANCE g_hmodThisDll; //-------------------------------------------------------------------------- // contant defines //-------------------------------------------------------------------------- #define AE_PENDING_REQUEST_ACTIVE_PERIOD 60 //60 days #define AE_RETRY_LIMIT 3 //retry 3 times for machine DNS error #define SHA1_HASH_LENGTH 20 #define ENCODING_TYPE X509_ASN_ENCODING | PKCS_7_ASN_ENCODING #define MY_STORE L"MY" #define REQUEST_STORE L"REQUEST" #define ACRS_STORE L"ACRS" //possible status for the request tree #define CERT_REQUEST_STATUS_ACTIVE 0x01 #define CERT_REQUEST_STATUS_OBTAINED 0x02 #define CERT_REQUEST_STATUS_PENDING 0x03 #define CERT_REQUEST_STATUS_SUPERSEDE_ACTIVE 0x04 // Time skew margin for fast CA's #define FILETIME_TICKS_PER_SECOND 10000000 #define AE_DEFAULT_SKEW 60*60*1 // 1 hour #define MAX_DN_SIZE 256 #define AE_SUMMARY_COLUMN_SIZE 100 #define PENDING_ALLOC_SIZE 20 #define USER_AUTOENROLL_DELAY_FOR_MACHINE 70 //70 seconds to wait //defines for autoenrollment event log #define EVENT_AUTO_NAME L"AutoEnrollment" #define AUTO_ENROLLMENT_EVENT_LEVEL_KEY TEXT("SOFTWARE\\Microsoft\\Cryptography\\AutoEnrollment") #define AUTO_ENROLLMENT_EVENT_LEVEL TEXT("AEEventLogLevel") //defines for autoenrollment disable key #define AUTO_ENROLLMENT_DISABLE_KEY L"SOFTWARE\\Microsoft\\Cryptography\\AutoEnrollment\\AEDisable" //defines for autoenrollment user no wait for 60 seconds key #define AUTO_ENROLLMENT_EXPRESS_KEY L"SOFTWARE\\Microsoft\\Cryptography\\AutoEnrollment\\AEExpress" //defines for autoenrollment directory cache information #define AUTO_ENROLLMENT_DS_KEY L"SOFTWARE\\Microsoft\\Cryptography\\AutoEnrollment\\AEDirectoryCache" #define AUTO_ENROLLMENT_DS_USN L"AEMaxUSN" #define AUTO_ENROLLMENT_DS_OBJECT L"AEObjectCount" #define AUTO_ENROLLMENT_TEMPLATE_KEY L"SOFTWARE\\Microsoft\\Cryptography\\CertificateTemplateCache" #define AUTO_ENROLLMENT_USN_ATTR L"uSNChanged" //defines for the UI component #define AUTO_ENROLLMENT_SHOW_TIME 15 //show the balloon for 15 seconds #define AUTO_ENROLLMENT_INTERVAL 7 * 60 * 30 //show the icon for 7 hours 7* 3600 #define AUTO_ENROLLMENT_RETRIAL 2 #define AUTO_ENROLLMENT_QUERY_INTERVAL 30 //query continue every 30 seconds #define AUTO_ENROLLMENT_BALLOON_LENGTH 7 * 60 * 60 //keep the balloon for 7 hours #define AE_DEFAULT_POSTPONE 1 //we relaunch autoenrollment for 1 hour //define used for sorting of columns in the list view #define AE_SUMMARY_COLUMN_TYPE 1 #define AE_SUMMARY_COLUMN_REASON 2 #define SORT_COLUMN_ASCEND 0x00010000 #define SORT_COLUMN_DESCEND 0x00020000 //-------------------------------------------------------------------------- // struct defines //-------------------------------------------------------------------------- //struct for retry property on the certificate due to DNS error typedef struct _AE_RETRY_INFO_ { DWORD cbSize; DWORD dwRetry; ULARGE_INTEGER dueTime; } AE_RETRY_INFO; //struct for autoenrollment main thread typedef struct _AE_MAIN_THREAD_INFO_ { HWND hwndParent; DWORD dwStatus; } AE_MAIN_THREAD_INFO; //struct for updating certificate store from AD typedef struct _AE_STORE_INFO_ { LPWSTR pwszStoreName; LPWSTR pwszLdapPath; } AE_STORE_INFO; //struct for the information we compute from DS typedef struct _AE_DS_INFO_ { BOOL fValidData; DWORD dwObjects; ULARGE_INTEGER maxUSN; } AE_DS_INFO; //struct for param of view RA certificate dialogue typedef struct _AE_VIEW_RA_INFO_ { PCERT_CONTEXT pRAContext; LPWSTR pwszRATemplate; } AE_VIEW_RA_INFO; //struct for individual certifcate information typedef struct _AE_CERT_INFO_ { BOOL fValid; BOOL fRenewal; } AE_CERT_INFO; //strcut for certificate's template information typedef struct _AE_TEMPLATE_INFO_ { LPWSTR pwszName; LPWSTR pwszOid; DWORD dwVersion; } AE_TEMPLATE_INFO; //struct for certificate authority information typedef struct _AE_CA_INFO_ { HCAINFO hCAInfo; LPWSTR *awszCertificateTemplate; LPWSTR *awszCAName; LPWSTR *awszCADNS; LPWSTR *awszCADisplay; } AE_CA_INFO; //struct for keeping the issued pending certificates typedef struct _AE_PEND_INFO_ { CRYPT_DATA_BLOB blobPKCS7; //the issued pending certificate for UI installation CRYPT_DATA_BLOB blobHash; //the hash of the certificate request to be removed from the request store }AE_PEND_INFO; //struct for certificate template information typedef struct _AE_CERTTYPE_INFO_ { HCERTTYPE hCertType; DWORD dwSchemaVersion; DWORD dwVersion; LPWSTR *awszName; LPWSTR *awszDisplay; LPWSTR *awszOID; LPWSTR *awszSupersede; DWORD dwEnrollmentFlag; DWORD dwPrivateKeyFlag; LARGE_INTEGER ftExpirationOffset; DWORD dwStatus; BOOL fCheckMyStore; BOOL fRenewal; BOOL fNeedRA; //the request needs to be signed by itself or another certificate BOOL fCrossRA; //the request is cross RAed. BOOL fSupersedeVisited; //the flag to prevent infinite loop in superseding relationship BOOL fUIActive; DWORD dwActive; DWORD *prgActive; DWORD dwRandomCAIndex; PCERT_CONTEXT pOldCert; //for renewal case managing MY store HCERTSTORE hArchiveStore; //contains the certificates to be archived HCERTSTORE hObtainedStore; //for supersede relation ships HCERTSTORE hIssuedStore; //keep issued certificates for re-publishing DWORD dwPendCount; //the count of pending issued certs AE_PEND_INFO *rgPendInfo; //the point to the struct array DWORD idsSummary; //the summary string ID } AE_CERTTYPE_INFO; //struct for the autoenrollment process typedef struct _AE_GENERAL_INFO_ { HWND hwndParent; LDAP * pld; HANDLE hToken; BOOL fMachine; DWORD dwPolicy; DWORD dwLogLevel; WCHAR wszMachineName[MAX_COMPUTERNAME_LENGTH + 2]; HCERTSTORE hMyStore; HCERTSTORE hRequestStore; DWORD dwCertType; AE_CERTTYPE_INFO *rgCertTypeInfo; DWORD dwCA; AE_CA_INFO *rgCAInfo; HMODULE hXenroll; BOOL fUIProcess; //whether we are doing interactive enrollment HANDLE hCancelEvent; HANDLE hCompleteEvent; HANDLE hThread; HWND hwndDlg; //the dialogue window handle of the UI window DWORD dwUIPendCount; //the count of UI required pending requests DWORD dwUIEnrollCount; //the count of UI requires new requests DWORD dwUIProgressCount; //the count of active working items BOOL fSmartcardSystem; //whether a smart card reader is installed LPWSTR pwszDns; //the DNS name of the local computer LPWSTR pwszNetBIOS; //the NetBios name of the local computer } AE_GENERAL_INFO; //-------------------------------------------------------------------------- // Class definition //-------------------------------------------------------------------------- class CQueryContinue : IQueryContinue { public: CQueryContinue(); ~CQueryContinue(); // IUnknown STDMETHODIMP QueryInterface(REFIID riid, void **ppv); STDMETHODIMP_(ULONG) AddRef(); STDMETHODIMP_(ULONG) Release(); // IQueryContinue STDMETHODIMP QueryContinue(); // S_OK -> Continue, other // DoBalloon HRESULT DoBalloon(); private: LONG m_cRef; IUserNotification *m_pIUserNotification; HANDLE m_hTimer; }; //-------------------------------------------------------------------------- // function prototype //-------------------------------------------------------------------------- HRESULT AEGetConfigDN( IN LDAP *pld, OUT LPWSTR *pwszConfigDn ); HRESULT AERobustLdapBind( OUT LDAP ** ppldap); BOOL AERetrieveGeneralInfo(AE_GENERAL_INFO *pAE_General_Info); BOOL AEFreeGeneralInfo(AE_GENERAL_INFO *pAE_General_Info); BOOL AERetrieveCAInfo(LDAP *pld, BOOL fMachine, HANDLE hToken, DWORD *pdwCA, AE_CA_INFO **prgCAInfo); BOOL AEFreeCAInfo(DWORD dwCA, AE_CA_INFO *rgCAInfo); BOOL AEFreeCAStruct(AE_CA_INFO *pCAInfo); BOOL AERetrieveCertTypeInfo(LDAP *pld, BOOL fMachine, DWORD *pdwCertType, AE_CERTTYPE_INFO **prgCertType); BOOL AEFreeCertTypeInfo(DWORD dwCertType, AE_CERTTYPE_INFO *rgCertTypeInfo); BOOL AEFreeCertTypeStruct(AE_CERTTYPE_INFO *pCertTypeInfo); BOOL AEAllocAndCopy(LPWSTR pwszSrc, LPWSTR *ppwszDest); BOOL AEIfSupersede(LPWSTR pwsz, LPWSTR *awsz, AE_GENERAL_INFO *pAE_General_Info); BOOL AEClearVistedFlag(AE_GENERAL_INFO *pAE_General_Info); BOOL AECopyCertStore(HCERTSTORE hSrcStore, HCERTSTORE hDesStore); BOOL AEIsAnElement(LPWSTR pwsz, LPWSTR *awsz); BOOL AECancelled(HANDLE hCancelEvent); BOOL AERetrieveTemplateInfo(PCCERT_CONTEXT pCertCurrent, AE_TEMPLATE_INFO *pTemplateInfo); BOOL AEFreeTemplateInfo(AE_TEMPLATE_INFO *pAETemplateInfo); AE_CERTTYPE_INFO *AEFindTemplateInRequestTree(AE_TEMPLATE_INFO *pTemplateInfo, AE_GENERAL_INFO *pAE_General_Info); BOOL AEUIProgressAdvance(AE_GENERAL_INFO *pAE_General_Info); BOOL AEUIProgressReport(BOOL fPending, AE_CERTTYPE_INFO *pCertType, HWND hwndDlg, HANDLE hCancelEvent); BOOL FormatMessageUnicode(LPWSTR * ppwszFormat, UINT ids, ...); void AELogAutoEnrollmentEvent(IN DWORD dwLogLevel, IN BOOL fError, IN HRESULT hr, IN DWORD dwEventId, IN BOOL fMachine, IN HANDLE hToken, IN DWORD dwParamCount, ... ); BOOL AENetLogonUser( LPTSTR UserName, LPTSTR DomainName, LPTSTR Password, PHANDLE phToken ); BOOL AEIsEmptyStore(HCERTSTORE hCertStore); BOOL AEIsSameDNS(PCCERT_CONTEXT pFirstCert, PCCERT_CONTEXT pSecondCert); BOOL AEGetDNSNameFromCertificate(PCCERT_CONTEXT pCertContext, LPWSTR *ppwszDnsName); BOOL AEGetRetryProperty(PCCERT_CONTEXT pCertContext, AE_RETRY_INFO **ppAE_Retry_Info); BOOL AEUpdateRetryProperty(AE_GENERAL_INFO *pAE_General_Info, LPWSTR pwszTemplateDisplay, PCCERT_CONTEXT pNewContext, PCCERT_CONTEXT pOldContext); BOOL AEFasterRetrialSchedule(PCCERT_CONTEXT pFirstContext, PCCERT_CONTEXT pSecondContext); //-------------------------------------------------------------------------- // Debug prints //-------------------------------------------------------------------------- #if DBG #define AE_ERROR 0x0001 #define AE_WARNING 0x0002 #define AE_INFO 0x0004 #define AE_TRACE 0x0008 #define AE_ALLOC 0x0010 #define AE_RES 0x0020 #define AE_DEBUG(x) AEDebugLog x #define AE_BEGIN(x) AEDebugLog(AE_TRACE, L"BEGIN:" x L"\n"); #define AE_RETURN(x) { AEDebugLog(AE_TRACE, L"RETURN (%lx) Line %d\n",(x), __LINE__); return (x); } #define AE_END() { AEDebugLog(AE_TRACE, L"END:Line %d\n", __LINE__); } #define AE_BREAK() { AEDebugLog(AE_TRACE, L"BREAK Line %d\n", __LINE__); } void AEDebugLog(long Mask, LPCWSTR Format, ...); #define MAX_DEBUG_BUFFER 256 #else #define AE_DEBUG(x) #define AE_BEGIN(x) #define AE_RETURN(x) return (x) #define AE_END() #define AE_BREAK() #endif #ifdef __cplusplus } // Balance extern "C" above #endif #endif // __AUTOENRO_H__