You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1058 lines
27 KiB
1058 lines
27 KiB
//+--------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 1996 - 1999
|
|
//
|
|
// File: csext.h
|
|
//
|
|
// Contents: Cert Server globals
|
|
//
|
|
// History: 25-Jul-96 vich created
|
|
//
|
|
//---------------------------------------------------------------------------
|
|
|
|
#ifndef __CSEXT_H__
|
|
#define __CSEXT_H__
|
|
|
|
#include "certacl.h"
|
|
|
|
#ifndef SE_AUDITID_CERTSRV_ROLESEPARATIONSTATE
|
|
|
|
// Temporary define audit events here
|
|
|
|
#define SE_AUDITID_CERTSRV_ROLESEPARATIONSTATE ((ULONG)0x00000321L)
|
|
#define SE_AUDITID_CERTSRV_PUBLISHCACERT ((ULONG)0x0000031fL)
|
|
|
|
#endif // SE_AUDITID_CERTSRV_ROLESEPARATIONSTATE
|
|
|
|
// privately used access bit to check for local administrator rights
|
|
#define CA_ACCESS_LOCALADMIN 0x00008000
|
|
// privately used access bit to trigger a denied audit event
|
|
#define CA_ACCESS_DENIED 0x00004000
|
|
|
|
// Each certificate handler must export the following functions.
|
|
|
|
#define CMS_CRLPUB_PERIOD (60*1000) // 60 seconds (in milliseconds)
|
|
//#define CMS_CRLPUB_PERIOD (60*60*1000) // 60 minutes (in milliseconds)
|
|
|
|
#define CCCF_INREQUESTGROUPSET 0x00000001
|
|
#define CCCF_INREQUESTGROUP 0x00000002
|
|
#define CCCF_KEYARCHIVEDSET 0x00000004
|
|
#define CCCF_KEYARCHIVED 0x00000008
|
|
|
|
typedef struct _CERTSRV_COM_CONTEXT
|
|
{
|
|
DWORD dwFlags;
|
|
HANDLE hAccessToken;
|
|
DWORD RequestId;
|
|
DWORD iExitModActive;
|
|
WCHAR *pwszUserDN;
|
|
} CERTSRV_COM_CONTEXT;
|
|
|
|
|
|
#define CRCF_SIGNATUREERROR 0x00000001
|
|
#define CRCF_KEYARCHIVALERROR 0x00000002
|
|
#define CRCF_FAILDENIEDREQUEST 0x00000004
|
|
#define CRCF_PREVIOUSLYDENIED 0x00000008
|
|
#define CRCF_RENEWAL 0x00000010
|
|
#define CRCF_ARCHIVESIGNINGKEYERROR 0x00000020
|
|
|
|
typedef struct _CERTSRV_RESULT_CONTEXT
|
|
{
|
|
DWORD *pdwRequestId;
|
|
DWORD dwResultFlags; // CRCF_*
|
|
DWORD dwFlagsTop;
|
|
BOOL fTransactionId;
|
|
DWORD dwTransactionId;
|
|
BYTE *pbSenderNonce;
|
|
DWORD cbSenderNonce;
|
|
BOOL fRequestSavedWithoutKey;
|
|
BOOL fEnrollOnBehalfOf;
|
|
BYTE *pbKeyHashIn;
|
|
DWORD cbKeyHashIn;
|
|
BYTE *pbKeyHashOut;
|
|
DWORD cbKeyHashOut;
|
|
BYTE *pbArchivedKey;
|
|
DWORD cbArchivedKey;
|
|
WCHAR *pwszKRAHashes;
|
|
BSTR strRenewalCertHash;
|
|
DWORD *pdwDisposition;
|
|
WCHAR *pwszExtendedErrorInfo;
|
|
CERTTRANSBLOB *pctbDispositionMessage;
|
|
CERTTRANSBLOB *pctbCert;
|
|
CERTTRANSBLOB *pctbCertChain;
|
|
CERTTRANSBLOB *pctbFullResponse;
|
|
} CERTSRV_RESULT_CONTEXT;
|
|
|
|
VOID ReleaseResult(IN OUT CERTSRV_RESULT_CONTEXT *pResult);
|
|
|
|
|
|
// Certification Authority Cert Context/Chain/Key information:
|
|
|
|
#define CTXF_SKIPCRL 0x00000001
|
|
#define CTXF_CERTMISSING 0x00000002
|
|
#define CTXF_CRLZOMBIE 0x00000004
|
|
#define CTXF_EXPIRED 0x00000010
|
|
#define CTXF_REVOKED 0x00000020
|
|
|
|
typedef struct _CACTX
|
|
{
|
|
DWORD Flags;
|
|
DWORD iCert;
|
|
DWORD iKey;
|
|
DWORD NameId; // MAKECANAMEID(iCert, iKey)
|
|
HRESULT hrVerifyStatus;
|
|
CERT_CONTEXT const **apCACertChain;
|
|
DWORD cCACertChain;
|
|
CERT_CONTEXT const *pccCA;
|
|
CRYPT_OBJID_BLOB IssuerKeyId;
|
|
HCRYPTPROV hProvCA;
|
|
CRYPT_OBJID_BLOB KeyAuthority2Cert;
|
|
CRYPT_OBJID_BLOB KeyAuthority2CRL;
|
|
CRYPT_OBJID_BLOB CDPCert;
|
|
CRYPT_OBJID_BLOB CDPCRLFreshest;
|
|
CRYPT_OBJID_BLOB CDPCRLBase;
|
|
CRYPT_OBJID_BLOB CDPCRLDelta;
|
|
CRYPT_OBJID_BLOB AIACert;
|
|
char *pszObjIdSignatureAlgorithm;
|
|
WCHAR *pwszKeyContainerName;
|
|
WCHAR **papwszCRLFiles;
|
|
WCHAR **papwszDeltaCRLFiles;
|
|
} CACTX;
|
|
|
|
|
|
typedef struct _CACROSSCTX
|
|
{
|
|
DWORD Flags;
|
|
DWORD ReqId;
|
|
CACTX *pCAContext;
|
|
CACTX *pCAContextTarget;
|
|
HRESULT hrVerifyStatus;
|
|
CERT_CONTEXT const *pccCACross;
|
|
} CACROSSCTX;
|
|
|
|
|
|
typedef struct _CAXCHGCTX
|
|
{
|
|
DWORD Flags;
|
|
DWORD ReqId;
|
|
CERT_CONTEXT const *pccCAXchg;
|
|
HCRYPTPROV hProvCA;
|
|
WCHAR *pwszKeyContainerName;
|
|
DWORD iCertSig;
|
|
} CAXCHGCTX;
|
|
|
|
|
|
//+****************************************************
|
|
// Core Module:
|
|
|
|
HRESULT
|
|
CoreInit(
|
|
IN BOOL fAuditEnabled);
|
|
|
|
VOID
|
|
CoreTerminate(VOID);
|
|
|
|
HRESULT
|
|
CoreValidateRequestId(
|
|
IN ICertDBRow *prow,
|
|
IN DWORD ExpectedDisposition);
|
|
|
|
|
|
// Internal CoreProcessRequest Flags:
|
|
|
|
#define CR_IN_NEW 0x00000000
|
|
#define CR_IN_DENY 0x10000000
|
|
#define CR_IN_RESUBMIT 0x20000000
|
|
#define CR_IN_RETRIEVE 0x30000000
|
|
#define CR_IN_COREMASK 0x30000000
|
|
|
|
HRESULT
|
|
CoreProcessRequest(
|
|
IN DWORD dwType,
|
|
OPTIONAL IN WCHAR const *pwszUserName,
|
|
IN DWORD cbRequest,
|
|
OPTIONAL IN BYTE const *pbRequest,
|
|
OPTIONAL IN WCHAR const *pwszAttributes,
|
|
OPTIONAL IN WCHAR const *pwszSerialNumber,
|
|
IN DWORD dwComContextIndex,
|
|
IN DWORD dwRequestId,
|
|
OUT CERTSRV_RESULT_CONTEXT *pResult);
|
|
|
|
HRESULT
|
|
CoreDenyRequest(
|
|
IN ICertDBRow *prow,
|
|
IN DWORD Flags,
|
|
IN DWORD ExpectedStatus);
|
|
|
|
VOID
|
|
CoreLogRequestStatus(
|
|
IN ICertDBRow *prow,
|
|
IN DWORD LogMsg,
|
|
IN DWORD ErrCode,
|
|
IN WCHAR const *pwszDisposition);
|
|
|
|
WCHAR *
|
|
CoreBuildDispositionString(
|
|
OPTIONAL IN WCHAR const *pwszDispositionBase,
|
|
OPTIONAL IN WCHAR const *pwszUserName,
|
|
OPTIONAL IN WCHAR const *pwszDispositionDetail,
|
|
OPTIONAL IN WCHAR const *pwszDispositionDetail2,
|
|
OPTIONAL IN WCHAR const *pwszDispositionBy,
|
|
IN HRESULT hrFail,
|
|
IN BOOL fPublishError);
|
|
|
|
HRESULT
|
|
CoreSetDisposition(
|
|
IN ICertDBRow *prow,
|
|
IN DWORD Disposition);
|
|
|
|
HRESULT
|
|
CoreSetRequestDispositionFields(
|
|
IN ICertDBRow *prow,
|
|
IN DWORD ErrCode,
|
|
IN DWORD Disposition,
|
|
IN WCHAR const *pwszDisposition);
|
|
|
|
HRESULT
|
|
CoreSetComContextUserDN(
|
|
IN DWORD dwRequestId,
|
|
IN LONG Context,
|
|
IN DWORD dwComContextIndex,
|
|
OPTIONAL OUT WCHAR const **ppwszDN); // do NOT free!
|
|
|
|
HRESULT
|
|
CoreSetArchivedKey(
|
|
IN OUT CERTSRV_COM_CONTEXT *pComContext);
|
|
|
|
HRESULT
|
|
CorePublishCrossCertificate(
|
|
IN DWORD RequestId,
|
|
IN CERT_CONTEXT const *pcc,
|
|
IN BOOL fCreateDSObject,
|
|
IN BOOL fDelete);
|
|
|
|
#ifndef DBG_COMTEST
|
|
# define DBG_COMTEST DBG_CERTSRV
|
|
#endif
|
|
|
|
|
|
#if DBG_COMTEST
|
|
|
|
extern BOOL fComTest;
|
|
|
|
BOOL ComTest(LONG Context);
|
|
|
|
#endif
|
|
|
|
|
|
#ifdef DBG_CERTSRV_DEBUG_PRINT
|
|
# define CERTSRVDBGPRINTTIME(pszDesc, pftGMT) \
|
|
CertSrvDbgPrintTime((pszDesc), (pftGMT))
|
|
VOID
|
|
CertSrvDbgPrintTime(
|
|
IN char const *pszDesc,
|
|
IN FILETIME const *pftGMT);
|
|
|
|
#else // DBG_CERTSRV_DEBUG_PRINT
|
|
# define CERTSRVDBGPRINTTIME(pszDesc, pftGMT)
|
|
#endif // DBG_CERTSRV_DEBUG_PRINT
|
|
|
|
|
|
HRESULT
|
|
CertSrvBlockThreadUntilStop();
|
|
|
|
/////////////////////////////////////
|
|
// CRL Publication logic
|
|
|
|
HRESULT
|
|
CRLInit(
|
|
IN WCHAR const *pwszSanitizedName);
|
|
|
|
VOID
|
|
CRLTerminate();
|
|
|
|
HRESULT
|
|
CRLPubWakeupEvent(
|
|
OUT DWORD *pdwMSTimeOut);
|
|
|
|
VOID
|
|
CRLComputeTimeOut(
|
|
IN FILETIME const *pftFirst,
|
|
IN FILETIME const *pftLast,
|
|
OUT DWORD *pdwMSTimeOut);
|
|
|
|
HRESULT
|
|
CRLPublishCRLs(
|
|
IN BOOL fRebuildCRL,
|
|
IN BOOL fForceRepublish,
|
|
OPTIONAL IN WCHAR const *pwszUserName,
|
|
IN BOOL fDelta,
|
|
IN BOOL fShadowDelta,
|
|
IN FILETIME ftNextUpdate,
|
|
OUT BOOL *pfNeedRetry,
|
|
OUT HRESULT *phrPublish);
|
|
|
|
HRESULT
|
|
CRLGetCRL(
|
|
IN DWORD iCert,
|
|
IN BOOL fDelta,
|
|
OPTIONAL OUT CRL_CONTEXT const **ppCRL,
|
|
OPTIONAL OUT DWORD *pdwCRLPublishFlags);
|
|
|
|
HRESULT
|
|
CRLWriteToLockedFile(
|
|
IN BYTE const *pbEncoded,
|
|
IN DWORD cbEncoded,
|
|
IN BOOL fDelete,
|
|
IN WCHAR const *pwszFile);
|
|
|
|
DWORD
|
|
CRLIsStringInList(
|
|
IN WCHAR const *pwszSearch,
|
|
OPTIONAL IN WCHAR const *pwszzList);
|
|
|
|
/////////////////////////////////////
|
|
|
|
|
|
HRESULT
|
|
PKCSSetup(
|
|
IN WCHAR const *pwszCommonName,
|
|
IN WCHAR const *pwszSanitizedName);
|
|
|
|
VOID
|
|
PKCSTerminate();
|
|
|
|
WCHAR const *
|
|
PKCSMapAttributeName(
|
|
OPTIONAL IN WCHAR const *pwszAttributeName,
|
|
OPTIONAL IN CHAR const *pszObjId,
|
|
OUT DWORD *pdwIndex,
|
|
OUT DWORD *pcchMax);
|
|
|
|
HRESULT
|
|
PKCSGetProperty(
|
|
IN ICertDBRow *prow,
|
|
IN WCHAR const *pwszPropName,
|
|
IN DWORD Flags,
|
|
OPTIONAL OUT DWORD *pcbData,
|
|
OUT BYTE **ppbData);
|
|
|
|
HRESULT
|
|
PKCSVerifyCAState(
|
|
IN OUT CACTX *pCAContext);
|
|
|
|
HRESULT
|
|
PKCSMapCertIndex(
|
|
IN DWORD iCert,
|
|
OUT DWORD *piCert,
|
|
OUT DWORD *pState);
|
|
|
|
HRESULT
|
|
PKCSMapCRLIndex(
|
|
IN DWORD iCert,
|
|
OUT DWORD *piCert, // returns newest iCert for passed iCert
|
|
OUT DWORD *piCRL,
|
|
OUT DWORD *pState);
|
|
|
|
HRESULT
|
|
PKCSGetCACertStatusCode(
|
|
IN DWORD iCert,
|
|
OUT HRESULT *phrCAStatusCode);
|
|
|
|
HRESULT
|
|
PKCSGetCAState(
|
|
IN LONG PropId, // CR_PROP_*
|
|
OUT BYTE *pb);
|
|
|
|
HRESULT
|
|
PKCSGetCAVersion(
|
|
OUT DWORD *pb);
|
|
|
|
HRESULT
|
|
PKCSGetKRAState(
|
|
IN DWORD cKRA,
|
|
OUT BYTE *pb);
|
|
|
|
HRESULT
|
|
PKCSSetSubjectTemplate(
|
|
IN WCHAR const *pwszTemplate);
|
|
|
|
HRESULT
|
|
PKCSGetCACert(
|
|
IN LONG PropId, // CR_PROP_*
|
|
IN DWORD iCert,
|
|
OUT BYTE **ppbCACert,
|
|
OUT DWORD *pcbCACert);
|
|
|
|
HRESULT
|
|
PKCSGetCAChain(
|
|
IN DWORD iCert,
|
|
IN BOOL fIncludeCRLs,
|
|
OUT BYTE **ppbCAChain, // CoTaskMem*
|
|
OUT DWORD *pcbCAChain);
|
|
|
|
HRESULT
|
|
PKCSGetCAXchgCert(
|
|
IN DWORD iCert,
|
|
IN WCHAR const *pwszUserName,
|
|
OUT DWORD *piCertSig,
|
|
OUT BYTE **ppbCACert,
|
|
OUT DWORD *pcbCACert);
|
|
|
|
HRESULT
|
|
PKCSGetCAXchgChain(
|
|
IN DWORD iCert,
|
|
IN WCHAR const *pwszUserName,
|
|
IN BOOL fIncludeCRLs,
|
|
OUT BYTE **ppbCAChain, // CoTaskMem*
|
|
OUT DWORD *pcbCAChain);
|
|
|
|
HRESULT
|
|
PKCSArchivePrivateKey(
|
|
IN ICertDBRow *prow,
|
|
IN BOOL fV1Cert,
|
|
IN BOOL fOverwrite,
|
|
IN CRYPT_ATTR_BLOB const *pBlobEncrypted,
|
|
OPTIONAL IN OUT CERTSRV_RESULT_CONTEXT *pResult);
|
|
|
|
HRESULT
|
|
PKCSGetArchivedKey(
|
|
IN DWORD dwRequestId,
|
|
OUT BYTE **ppbArchivedKey,
|
|
OUT DWORD *pcbArchivedKey);
|
|
|
|
HRESULT
|
|
PKCSUpdateXchgValidityPeriods(
|
|
OPTIONAL IN HCERTTYPE hCertType);
|
|
|
|
HRESULT
|
|
PKCSGetCRLList(
|
|
IN BOOL fDelta,
|
|
IN DWORD iCert,
|
|
OUT WCHAR const * const **ppapwszCRLList);
|
|
|
|
HRESULT
|
|
PKCSSetServerProperties(
|
|
IN ICertDBRow *prow,
|
|
OPTIONAL IN CACTX *pCAContext, // signing CACTX
|
|
OPTIONAL IN FILETIME const *pftNotBefore,
|
|
OPTIONAL IN FILETIME const *pftNotAfter,
|
|
IN LONG lValidityPeriodCount,
|
|
IN enum ENUM_PERIOD enumValidityPeriod);
|
|
|
|
HRESULT
|
|
PKCSSetRequestFlags(
|
|
IN ICertDBRow *prow,
|
|
IN BOOL fSet,
|
|
IN DWORD dwChange);
|
|
|
|
HRESULT
|
|
PKCSCreateCertificate(
|
|
IN ICertDBRow *prow,
|
|
IN DWORD Disposition,
|
|
IN BOOL fIncludeCRLs,
|
|
IN BOOL fCrossCert,
|
|
OPTIONAL IN CACTX *pCAContext, // signing CACTX
|
|
OUT BOOL *pfErrorLogged,
|
|
OPTIONAL OUT CACTX **ppCAContext,
|
|
OPTIONAL OUT WCHAR **ppwszDispositionCreateCert,
|
|
IN OUT CERTSRV_RESULT_CONTEXT *pResult); // CoTaskMem*
|
|
|
|
HRESULT
|
|
PKCSEncodeFullResponse(
|
|
OPTIONAL IN ICertDBRow *prow,
|
|
IN CERTSRV_RESULT_CONTEXT *pResult,
|
|
IN HRESULT hrRequest,
|
|
IN WCHAR *pwszDispositionString,
|
|
OPTIONAL IN CACTX *pCAContext,
|
|
OPTIONAL IN BYTE const *pbCertLeaf,
|
|
IN DWORD cbCertLeaf,
|
|
IN BOOL fIncludeCRLs,
|
|
OUT BYTE **ppbResponse, // CoTaskMem*
|
|
OUT DWORD *pcbResponse);
|
|
|
|
HRESULT
|
|
PKCSVerifyIssuedCertificate(
|
|
IN CERT_CONTEXT const *pCert,
|
|
OUT CACTX **ppCAContext);
|
|
|
|
HRESULT
|
|
PKCSIsRevoked(
|
|
IN DWORD RequestId,
|
|
OPTIONAL IN WCHAR const *pwszSerialNumber,
|
|
OUT LONG *pRevocationReason,
|
|
OUT LONG *pDisposition);
|
|
|
|
HRESULT
|
|
PKCSParseImportedCertificate(
|
|
IN ICertDBRow *prow,
|
|
IN BOOL fCrossCert, // else random imported cert
|
|
IN DWORD Disposition,
|
|
OPTIONAL IN CACTX const *pCAContext,
|
|
IN CERT_CONTEXT const *pCert);
|
|
|
|
HRESULT
|
|
PKCSParseRequest(
|
|
IN DWORD dwFlags,
|
|
IN ICertDBRow *prow,
|
|
IN DWORD cbRequest,
|
|
IN BYTE const *pbRequest,
|
|
IN CERT_CONTEXT const *pSigningAuthority,
|
|
OUT BOOL *pfRenewal,
|
|
IN OUT CERTSRV_RESULT_CONTEXT *pResult);
|
|
|
|
HRESULT
|
|
PKCSParseAttributes(
|
|
IN ICertDBRow *prow,
|
|
IN WCHAR const *pwszAttributes,
|
|
IN BOOL fRegInfo,
|
|
IN BOOL fPending,
|
|
IN DWORD dwRDNTable,
|
|
OPTIONAL OUT BOOL *pfEnrollOnBehalfOf);
|
|
|
|
HRESULT
|
|
PKCSVerifyChallengeString(
|
|
IN ICertDBRow *prow);
|
|
|
|
HRESULT
|
|
PKCSVerifySubjectRDN(
|
|
OPTIONAL IN ICertDBRow *prow,
|
|
IN OUT WCHAR const **ppwszPropertyName,
|
|
OPTIONAL IN WCHAR const *pwszPropertyValue,
|
|
OUT BOOL *pfSubjectDot);
|
|
|
|
HRESULT
|
|
PKCSDeleteAllSubjectRDNs(
|
|
IN ICertDBRow *prow,
|
|
IN DWORD Flags);
|
|
|
|
WCHAR *
|
|
PKCSSplitToken(
|
|
IN OUT WCHAR **ppwszIn,
|
|
IN WCHAR *pwcSeparator,
|
|
OUT BOOL *pfSplit);
|
|
|
|
HRESULT
|
|
PropAddSuffix(
|
|
IN WCHAR const *pwszValue,
|
|
IN WCHAR const *pwszSuffix,
|
|
IN DWORD cwcNameMax,
|
|
OUT WCHAR **ppwszOut);
|
|
|
|
HRESULT
|
|
PropParseRequest(
|
|
IN ICertDBRow *prow,
|
|
IN DWORD dwFlags,
|
|
IN DWORD cbRequest,
|
|
IN BYTE const *pbRequest,
|
|
IN OUT CERTSRV_RESULT_CONTEXT *pResult);
|
|
|
|
HRESULT
|
|
PropSetRequestTimeProperty(
|
|
IN ICertDBRow *prow,
|
|
IN WCHAR const *pwszProp);
|
|
|
|
HRESULT
|
|
PropGetExtension(
|
|
IN ICertDBRow *prow,
|
|
IN DWORD Flags,
|
|
IN WCHAR const *pwszExtensionName,
|
|
OUT DWORD *pdwExtFlags,
|
|
OUT DWORD *pcbValue,
|
|
OUT BYTE **ppbValue);
|
|
|
|
HRESULT
|
|
PropSetExtension(
|
|
IN ICertDBRow *prow,
|
|
IN DWORD Flags,
|
|
IN WCHAR const *pwszExtensionName,
|
|
IN DWORD ExtFlags,
|
|
IN DWORD cbValue,
|
|
IN BYTE const *pbValue);
|
|
|
|
HRESULT
|
|
PropSetAttributeProperty(
|
|
IN ICertDBRow *prow,
|
|
IN BOOL fConcatenateRDNs,
|
|
IN BOOL fPrependNewValue,
|
|
IN DWORD dwTable,
|
|
IN DWORD cchNameMax,
|
|
OPTIONAL IN WCHAR const *pwszSuffix,
|
|
IN WCHAR const *wszName,
|
|
IN WCHAR const *wszValue);
|
|
|
|
HRESULT
|
|
RequestInitCAPropertyInfo(VOID);
|
|
|
|
HRESULT
|
|
RequestGetCAPropertyInfo(
|
|
OUT LONG *pcProperty,
|
|
OUT CERTTRANSBLOB *pctbPropInfo);
|
|
|
|
HRESULT
|
|
RequestGetCAProperty(
|
|
IN LONG PropId, // CR_PROP_*
|
|
IN LONG PropIndex,
|
|
IN LONG PropType, // PROPTYPE_*
|
|
OUT CERTTRANSBLOB *pctbPropertyValue);
|
|
|
|
HRESULT
|
|
RequestSetCAProperty(
|
|
IN wchar_t const *pwszAuthority,
|
|
IN LONG PropId, // CR_PROP_*
|
|
IN LONG PropIndex,
|
|
IN LONG PropType, // PROPTYPE_*
|
|
OUT CERTTRANSBLOB *pctbPropertyValue);
|
|
|
|
DWORD
|
|
CertSrvStartServerThread(
|
|
IN VOID *pvArg);
|
|
|
|
HRESULT
|
|
CertSrvEnterServer(
|
|
OUT DWORD *pState);
|
|
|
|
HRESULT
|
|
CertSrvTestServerState();
|
|
|
|
HRESULT
|
|
CertSrvLockServer(
|
|
IN OUT DWORD *pState);
|
|
|
|
VOID
|
|
CertSrvExitServer(
|
|
IN DWORD State,
|
|
IN HRESULT hrExit);
|
|
|
|
struct IEnumCERTDBRESULTROW;
|
|
typedef struct _CAVIEW
|
|
{
|
|
struct _CAVIEW *pCAViewNext;
|
|
IEnumCERTDBRESULTROW *pView;
|
|
VOID *pvSearch;
|
|
FILETIME ftCreate;
|
|
FILETIME ftLastAccess;
|
|
} CAVIEW;
|
|
|
|
|
|
HRESULT
|
|
CertSrvDelinkCAView(
|
|
IN VOID *pvSearch,
|
|
OPTIONAL OUT CAVIEW **ppCAViewOut);
|
|
|
|
HRESULT
|
|
CertSrvLinkCAView(
|
|
IN BOOL fNew,
|
|
IN VOID *pvSearch,
|
|
IN CAVIEW *pCAViewIn);
|
|
|
|
HRESULT RPCInit(VOID);
|
|
|
|
HRESULT RPCTeardown(VOID);
|
|
|
|
VOID
|
|
ServiceMain(
|
|
IN DWORD dwArgc,
|
|
IN LPWSTR *lpszArgv);
|
|
|
|
HRESULT
|
|
ServiceQueryInteractiveFlag(
|
|
OUT BOOL *pfSilent);
|
|
|
|
BOOL
|
|
ServiceReportStatusToSCMgr(
|
|
IN DWORD dwCurrentState,
|
|
IN DWORD dwWin32ExitCode,
|
|
IN DWORD dwCheckPoint,
|
|
IN DWORD dwWaitHint);
|
|
|
|
#define INCREMENT_EXTENSIONS 16
|
|
|
|
HRESULT
|
|
DBOpen( // initialize database
|
|
WCHAR const *pwszSanitizedName);
|
|
|
|
HRESULT
|
|
DBShutDown( // terminate database access
|
|
IN BOOL fPendingNotify);
|
|
|
|
STDMETHODIMP
|
|
CheckCertSrvAccess(
|
|
IN LPCWSTR wszCA,
|
|
IN handle_t hRpc,
|
|
IN ACCESS_MASK Mask,
|
|
OUT BOOL *pfAccessAllowed,
|
|
OPTIONAL OUT HANDLE *phToken);
|
|
|
|
HRESULT
|
|
CertSrvSetRegistryFileTimeValue(
|
|
IN BOOL fConfigLevel,
|
|
IN WCHAR const *pwszRegValueName,
|
|
IN DWORD cpwszDelete,
|
|
OPTIONAL IN WCHAR const * const *papwszRegValueNameDelete);
|
|
|
|
HRESULT
|
|
GetClientUserName(
|
|
OPTIONAL IN RPC_BINDING_HANDLE hRpc,
|
|
OPTIONAL OUT WCHAR **ppwszUserSamName,
|
|
OPTIONAL OUT WCHAR **ppwszUserDN);
|
|
|
|
HRESULT CertStartClassFactories(VOID);
|
|
VOID CertStopClassFactories(VOID);
|
|
|
|
HRESULT
|
|
SetCAObjectFlags(DWORD dwFlags);
|
|
|
|
namespace CertSrv
|
|
{
|
|
HRESULT
|
|
GetMembership(
|
|
IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzRM,
|
|
IN PSID pSid,
|
|
PTOKEN_GROUPS *ppGroups);
|
|
|
|
HRESULT
|
|
CheckOfficerRights(
|
|
DWORD dwRequestID,
|
|
CertSrv::CAuditEvent &event);
|
|
|
|
HRESULT
|
|
CheckOfficerRights(
|
|
LPCWSTR pwszRequesterName,
|
|
CertSrv::CAuditEvent &event);
|
|
|
|
HRESULT
|
|
CheckOfficerRightsFromAuthzCC(
|
|
IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzCCOfficer,
|
|
IN WCHAR const *pwszRequesterName);
|
|
|
|
HRESULT
|
|
CheckOfficerRightsFromOfficerName(
|
|
IN WCHAR const *pwszOfficerName,
|
|
IN WCHAR const *pwszRequesterName);
|
|
|
|
HRESULT
|
|
GetCallerAuthzContext(
|
|
OUT AUTHZ_CLIENT_CONTEXT_HANDLE *phAuthzCC);
|
|
|
|
BOOL
|
|
CallbackAccessCheck(
|
|
IN AUTHZ_CLIENT_CONTEXT_HANDLE pAuthzClientContext,
|
|
IN PACE_HEADER pAce,
|
|
IN PVOID pArgs OPTIONAL,
|
|
IN OUT PBOOL pbAceApplicable);
|
|
}
|
|
|
|
|
|
HRESULT
|
|
PKCSGetKRACert(
|
|
IN DWORD iCert,
|
|
OUT BYTE **ppbCert,
|
|
OUT DWORD *pcbCert);
|
|
|
|
|
|
#define CSST_STARTSERVICECONTROLLER 0x00000001
|
|
#define CSST_CONSOLE 0x00000002
|
|
|
|
extern enum ENUM_PERIOD g_enumValidityPeriod;
|
|
extern LONG g_lValidityPeriodCount;
|
|
|
|
extern enum ENUM_PERIOD g_enumCAXchgValidityPeriod;
|
|
extern LONG g_lCAXchgValidityPeriodCount;
|
|
|
|
extern enum ENUM_PERIOD g_enumCAXchgOverlapPeriod;
|
|
extern LONG g_lCAXchgOverlapPeriodCount;
|
|
|
|
extern DWORD g_dwDelay2;
|
|
|
|
extern DWORD g_dwClockSkewMinutes;
|
|
extern DWORD g_dwViewAgeMinutes;
|
|
extern DWORD g_dwViewIdleMinutes;
|
|
extern DWORD g_dwLogLevel;
|
|
extern DWORD g_dwSessionCount;
|
|
extern DWORD g_dwCRLFlags;
|
|
extern DWORD g_dwHighSerial;
|
|
extern BYTE *g_pbHighSerial;
|
|
extern DWORD g_cbHighSerial;
|
|
extern DWORD g_cbMaxIncomingAllocSize;
|
|
|
|
extern ICertDB *g_pCertDB;
|
|
extern BOOL g_fDBRecovered;
|
|
|
|
extern HCERTSTORE g_hStoreCA;
|
|
extern HCRYPTPROV g_hProvCA;
|
|
|
|
extern BSTR g_strPolicyDescription;
|
|
extern BSTR g_strExitDescription;
|
|
|
|
extern BOOL g_fCertEnrollCompatible;
|
|
extern BOOL g_fEnforceRDNNameLengths;
|
|
extern BOOL g_fCreateDB;
|
|
extern BOOL g_fStartAsService;
|
|
extern DWORD g_CRLEditFlags;
|
|
extern DWORD g_KRAFlags;
|
|
extern DWORD g_cKRACertsRoundRobin;
|
|
extern DWORD g_cKRACerts;
|
|
extern ENUM_FORCETELETEX g_fForceTeletex;
|
|
extern ENUM_CATYPES g_CAType;
|
|
extern BOOL g_fUseDS;
|
|
extern BOOL g_fServerUpgraded;
|
|
extern long g_cTemplateUpdateSequenceNum;
|
|
extern DWORD g_InterfaceFlags;
|
|
extern HRESULT g_hrJetVersionStoreOutOfMemory;
|
|
extern DWORD g_CryptSilent;
|
|
extern DWORD g_dwVerifyCertFlags;
|
|
|
|
extern WCHAR g_wszCAStore[];
|
|
extern WCHAR const g_wszCertSrvServiceName[];
|
|
extern WCHAR const g_wszRegKeyConfigPath[];
|
|
|
|
extern WCHAR const g_wszRegDBA[];
|
|
|
|
extern WCHAR g_wszSanitizedName[];
|
|
extern WCHAR *g_pwszSanitizedDSName;
|
|
extern WCHAR g_wszCommonName[];
|
|
extern WCHAR g_wszPolicyDCName[];
|
|
extern DWORD g_cwcPolicyDCName;
|
|
extern WCHAR g_wszParentConfig[];
|
|
|
|
extern WCHAR g_wszDatabase[];
|
|
extern WCHAR g_wszLogDir[];
|
|
extern WCHAR g_wszSystemDir[];
|
|
|
|
extern WCHAR *g_pwszServerName;
|
|
extern BSTR g_strDomainDN;
|
|
extern BSTR g_strConfigDN;
|
|
extern WCHAR *g_pwszKRAPublishURL;
|
|
extern WCHAR *g_pwszAIACrossCertPublishURL;
|
|
extern WCHAR *g_pwszRootTrustCrossCertPublishURL;
|
|
|
|
extern WCHAR const g_wszRegValidityPeriodString[];
|
|
extern WCHAR const g_wszRegValidityPeriodCount[];
|
|
extern WCHAR const g_wszRegCAXchgValidityPeriodString[];
|
|
extern WCHAR const g_wszRegCAXchgValidityPeriodCount[];
|
|
extern WCHAR const g_wszRegCAXchgOverlapPeriodString[];
|
|
extern WCHAR const g_wszRegCAXchgOverlapPeriodCount[];
|
|
extern WCHAR const g_wszRegCAXchgCertHash[];
|
|
extern WCHAR const g_wszRegHighSerial[];
|
|
|
|
// renewal-friendly properties
|
|
|
|
extern DWORD g_cCAKeys; // Total number of CA keys managed by this CA
|
|
extern DWORD g_cCACerts; // Total number of CA certs managed by this CA
|
|
|
|
extern DWORD g_cExitMod; // Total number of exit modules loaded by this CA
|
|
|
|
extern CertSrv::CCertificateAuthoritySD g_CASD;
|
|
extern AUTHZ_RESOURCE_MANAGER_HANDLE g_AuthzCertSrvRM;
|
|
extern DWORD g_dwAuditFilter;
|
|
extern CertSrv::COfficerRightsSD g_OfficerRightsSD;
|
|
extern CertSrv::CConfigStorage g_ConfigStorage;
|
|
extern CertSrv::CAutoLPWSTR g_pwszDBFileHash;
|
|
|
|
//+--------------------------------------------------------------------------
|
|
// Name properties:
|
|
|
|
extern WCHAR const g_wszPropDistinguishedName[];
|
|
extern WCHAR const g_wszPropRawName[];
|
|
extern WCHAR const g_wszPropCountry[];
|
|
extern WCHAR const g_wszPropOrganization[];
|
|
extern WCHAR const g_wszPropOrgUnit[];
|
|
extern WCHAR const g_wszPropCommonName[];
|
|
extern WCHAR const g_wszPropLocality[];
|
|
extern WCHAR const g_wszPropState[];
|
|
extern WCHAR const g_wszPropTitle[];
|
|
extern WCHAR const g_wszPropGivenName[];
|
|
extern WCHAR const g_wszPropInitials[];
|
|
extern WCHAR const g_wszPropSurName[];
|
|
extern WCHAR const g_wszPropDomainComponent[];
|
|
extern WCHAR const g_wszPropEMail[];
|
|
extern WCHAR const g_wszPropStreetAddress[];
|
|
extern WCHAR const g_wszPropUnstructuredAddress[];
|
|
extern WCHAR const g_wszPropUnstructuredName[];
|
|
extern WCHAR const g_wszPropDeviceSerialNumber[];
|
|
extern WCHAR const g_wszPropCertificateIssuerNameID[];
|
|
|
|
|
|
//+--------------------------------------------------------------------------
|
|
// Subject Name properties:
|
|
|
|
extern WCHAR const g_wszPropSubjectDot[];
|
|
extern WCHAR const g_wszPropSubjectDistinguishedName[];
|
|
extern WCHAR const g_wszPropSubjectRawName[];
|
|
extern WCHAR const g_wszPropSubjectCountry[];
|
|
extern WCHAR const g_wszPropSubjectOrganization[];
|
|
extern WCHAR const g_wszPropSubjectOrgUnit[];
|
|
extern WCHAR const g_wszPropSubjectCommonName[];
|
|
extern WCHAR const g_wszPropSubjectLocality[];
|
|
extern WCHAR const g_wszPropSubjectState[];
|
|
extern WCHAR const g_wszPropSubjectTitle[];
|
|
extern WCHAR const g_wszPropSubjectGivenName[];
|
|
extern WCHAR const g_wszPropSubjectInitials[];
|
|
extern WCHAR const g_wszPropSubjectSurName[];
|
|
extern WCHAR const g_wszPropSubjectDomainComponent[];
|
|
extern WCHAR const g_wszPropSubjectEMail[];
|
|
extern WCHAR const g_wszPropSubjectStreetAddress[];
|
|
extern WCHAR const g_wszPropSubjectUnstructuredAddress[];
|
|
extern WCHAR const g_wszPropSubjectUnstructuredName[];
|
|
extern WCHAR const g_wszPropSubjectDeviceSerialNumber[];
|
|
|
|
|
|
//+--------------------------------------------------------------------------
|
|
// Issuer Name properties:
|
|
|
|
extern WCHAR const g_wszPropIssuerDot[];
|
|
extern WCHAR const g_wszPropIssuerDistinguishedName[];
|
|
extern WCHAR const g_wszPropIssuerRawName[];
|
|
extern WCHAR const g_wszPropIssuerCountry[];
|
|
extern WCHAR const g_wszPropIssuerOrganization[];
|
|
extern WCHAR const g_wszPropIssuerOrgUnit[];
|
|
extern WCHAR const g_wszPropIssuerCommonName[];
|
|
extern WCHAR const g_wszPropIssuerLocality[];
|
|
extern WCHAR const g_wszPropIssuerState[];
|
|
extern WCHAR const g_wszPropIssuerTitle[];
|
|
extern WCHAR const g_wszPropIssuerGivenName[];
|
|
extern WCHAR const g_wszPropIssuerInitials[];
|
|
extern WCHAR const g_wszPropIssuerSurName[];
|
|
extern WCHAR const g_wszPropIssuerDomainComponent[];
|
|
extern WCHAR const g_wszPropIssuerEMail[];
|
|
extern WCHAR const g_wszPropIssuerStreetAddress[];
|
|
extern WCHAR const g_wszPropIssuerUnstructuredAddress[];
|
|
extern WCHAR const g_wszPropIssuerUnstructuredName[];
|
|
extern WCHAR const g_wszPropIssuerDeviceSerialNumber[];
|
|
|
|
|
|
//+--------------------------------------------------------------------------
|
|
// Request properties:
|
|
|
|
extern WCHAR const g_wszPropRequestRequestID[];
|
|
extern WCHAR const g_wszPropRequestRawRequest[];
|
|
extern WCHAR const g_wszPropRequestRawArchivedKey[];
|
|
extern WCHAR const g_wszPropRequestKeyRecoveryHashes[];
|
|
extern WCHAR const g_wszPropRequestRawOldCertificate[];
|
|
extern WCHAR const g_wszPropRequestAttributes[];
|
|
extern WCHAR const g_wszPropRequestType[];
|
|
extern WCHAR const g_wszPropRequestFlags[];
|
|
extern WCHAR const g_wszPropRequestStatusCode[];
|
|
extern WCHAR const g_wszPropRequestDisposition[];
|
|
extern WCHAR const g_wszPropRequestDispositionMessage[];
|
|
extern WCHAR const g_wszPropRequestSubmittedWhen[];
|
|
extern WCHAR const g_wszPropRequestResolvedWhen[];
|
|
extern WCHAR const g_wszPropRequestRevokedWhen[];
|
|
extern WCHAR const g_wszPropRequestRevokedEffectiveWhen[];
|
|
extern WCHAR const g_wszPropRequestRevokedReason[];
|
|
extern WCHAR const g_wszPropRequesterName[];
|
|
extern WCHAR const g_wszPropCallerName[];
|
|
extern WCHAR const g_wszPropRequestOSVersion[];
|
|
extern WCHAR const g_wszPropRequestCSPProvider[];
|
|
|
|
//+--------------------------------------------------------------------------
|
|
// Request attribute properties:
|
|
|
|
extern WCHAR const g_wszPropChallenge[];
|
|
extern WCHAR const g_wszPropExpectedChallenge[];
|
|
|
|
|
|
//+--------------------------------------------------------------------------
|
|
// Certificate properties:
|
|
|
|
extern WCHAR const g_wszPropCertificateRequestID[];
|
|
extern WCHAR const g_wszPropRawCertificate[];
|
|
extern WCHAR const g_wszPropCertificateHash[];
|
|
extern WCHAR const g_wszPropCertificateSerialNumber[];
|
|
extern WCHAR const g_wszPropCertificateNotBeforeDate[];
|
|
extern WCHAR const g_wszPropCertificateNotAfterDate[];
|
|
extern WCHAR const g_wszPropCertificateSubjectKeyIdentifier[];
|
|
extern WCHAR const g_wszPropCertificateRawPublicKey[];
|
|
extern WCHAR const g_wszPropCertificatePublicKeyLength[];
|
|
extern WCHAR const g_wszPropCertificatePublicKeyAlgorithm[];
|
|
extern WCHAR const g_wszPropCertificateRawPublicKeyAlgorithmParameters[];
|
|
|
|
|
|
//+--------------------------------------------------------------------------
|
|
// Disposition messages:
|
|
|
|
extern WCHAR const *g_pwszRequestedBy;
|
|
extern WCHAR const *g_pwszRevokedBy;
|
|
extern WCHAR const *g_pwszUnrevokedBy;
|
|
extern WCHAR const *g_pwszPublishedBy;
|
|
extern WCHAR const *g_pwszUnknownSubject;
|
|
extern WCHAR const *g_pwszInvalidIssuancePolicies;
|
|
extern WCHAR const *g_pwszInvalidApplicationPolicies;
|
|
|
|
extern WCHAR const *g_pwszIntermediateCAStore;
|
|
|
|
//+--------------------------------------------------------------------------
|
|
// Localizable audit strings
|
|
extern WCHAR const *g_pwszYes;
|
|
extern WCHAR const *g_pwszNo;
|
|
extern LPCWSTR g_pwszAuditResources[];
|
|
|
|
//+--------------------------------------------------------------------------
|
|
// Secured attributes:
|
|
extern LPWSTR g_wszzSecuredAttributes;
|
|
|
|
extern HANDLE g_hServiceStoppingEvent;
|
|
extern HANDLE g_hServiceStoppedEvent;
|
|
|
|
extern HANDLE g_hCRLManualPublishEvent;
|
|
extern BOOL g_fCRLPublishDisabled;
|
|
extern BOOL g_fDeltaCRLPublishDisabled;
|
|
|
|
extern HKEY g_hkeyCABase;
|
|
extern HWND g_hwndMain;
|
|
|
|
extern BOOL g_fAdvancedServer;
|
|
|
|
__inline DWORD GetCertsrvComThreadingModel() { return(COINIT_MULTITHREADED); }
|
|
|
|
extern CACTX *g_aCAContext;
|
|
extern CACTX *g_pCAContextCurrent;
|
|
|
|
|
|
inline HRESULT CheckAuthorityName(PCWSTR pwszAuthority, bool fAllowEmptyName = false)
|
|
{
|
|
HRESULT hr;
|
|
if (NULL != pwszAuthority && L'\0' != *pwszAuthority)
|
|
{
|
|
if (0 != mylstrcmpiL(pwszAuthority, g_wszCommonName))
|
|
{
|
|
if (0 != mylstrcmpiL(pwszAuthority, g_wszSanitizedName) &&
|
|
0 != mylstrcmpiL(pwszAuthority, g_pwszSanitizedDSName))
|
|
{
|
|
hr = E_INVALIDARG;
|
|
goto error;
|
|
}
|
|
#ifdef DBG_CERTSRV_DEBUG_PRINT
|
|
if (0 == mylstrcmpiL(pwszAuthority, g_wszSanitizedName))
|
|
{
|
|
DBGPRINT((
|
|
DBG_SS_CERTSRV,
|
|
"'%ws' called with Sanitized Name: '%ws'\n",
|
|
g_wszCommonName,
|
|
pwszAuthority));
|
|
}
|
|
else if (0 == mylstrcmpiL(pwszAuthority, g_pwszSanitizedDSName))
|
|
{
|
|
DBGPRINT((
|
|
DBG_SS_CERTSRV,
|
|
"'%ws' called with Sanitized DS Name: '%ws'\n",
|
|
g_wszCommonName,
|
|
pwszAuthority));
|
|
}
|
|
#endif
|
|
}
|
|
}
|
|
else if(!fAllowEmptyName)
|
|
{
|
|
return hr = E_INVALIDARG;
|
|
}
|
|
|
|
hr = S_OK;
|
|
|
|
error:
|
|
return hr;
|
|
}
|
|
|
|
#endif // __CSEXT_H__
|