Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

564 lines
16 KiB

//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1997 - 1999
//
// File: initcert.h
//
//--------------------------------------------------------------------------
#ifndef __INITCERT_H__
#define __INITCERT_H__
typedef enum {
CS_UPGRADE_UNKNOWN = 0,
CS_UPGRADE_NO, // install
//CS_UPGRADE_NT4SP4 =2, // upgrade from NT4 certsrv v10 or SP4 with certsrv // upg unsupported
//CS_UPGRADE_NT5BETA2 =3, // upgrade from NT5 Beta 2 // upg unsupported
//CS_UPGRADE_NT5BETA3 =4, // upgrade from NT5 Beta 3 // upg unsupported
CS_UPGRADE_WIN2000 =5, // upgrade from Win2K
CS_UPGRADE_UNSUPPORTED, // upgrade is not supported
CS_UPGRADE_WHISTLER, // upgrade from build to build
} CS_ENUM_UPGRADE;
typedef enum {
ENUM_WIZ_UNKNOWN = 0,
ENUM_WIZ_OCM,
ENUM_WIZ_CATYPE,
ENUM_WIZ_ADVANCE,
ENUM_WIZ_IDINFO,
ENUM_WIZ_KEYGEN,
ENUM_WIZ_STORE,
ENUM_WIZ_REQUEST,
} ENUM_WIZPAGE;
typedef struct csp_hash_tag
{
ALG_ID idAlg;
WCHAR *pwszName;
struct csp_hash_tag *next;
struct csp_hash_tag *last;
} CSP_HASH;
typedef struct csp_info_tag {
DWORD dwProvType;
WCHAR *pwszProvName;
BOOL fMachineKeyset;
struct csp_info_tag *next;
struct csp_info_tag *last;
CSP_HASH *pHashList;
} CSP_INFO;
typedef struct key_list_tag
{
WCHAR *pwszName;
struct key_list_tag *next;
struct key_list_tag *last;
} KEY_LIST;
// reasons why enterprise CA cannot be installed
typedef enum {
ENUM_ENTERPRISE_UNAVAIL_REASON_AVAILABLE = 0, // enterprise can be installed
ENUM_ENTERPRISE_UNAVAIL_REASON_DOMAIN_NOT_JOINED, // machine not joined to a domain
ENUM_ENTERPRISE_UNAVAIL_REASON_DS_UNAVAILABLE, // no DC available
ENUM_ENTERPRISE_UNAVAIL_REASON_NO_INSTALL_RIGHTS, // current user doesn't have the rights to install
ENUM_ENTERPRISE_UNAVAIL_REASON_OLD_DS_VERSION, // DS version is too old, needs to be upgraded
} ENUM_ENTERPRISE_UNAVAIL_REASON;
typedef struct tagCAServerSetupInfo
{
// setup attributes
// 0x0000
ENUM_CATYPES CAType;
WCHAR *pwszCACommonName;
// 0x0020
BOOL fAdvance;
CSP_INFO *pCSPInfo; // currently selected CSP
CSP_HASH *pHashInfo; // currently selected hash algorithm
DWORD dwKeyLength;
ENUM_PERIOD enumValidityPeriod;
DWORD dwValidityPeriodCount;
BOOL fUseDS;
// 0x0040
WCHAR *pwszSharedFolder;
WCHAR *pwszDBDirectory;
WCHAR *pwszLogDirectory;
BOOL fSaveRequestAsFile;
BOOL fCAsExist;
WCHAR *pwszRequestFile;
WCHAR *pwszParentCAMachine;
WCHAR *pwszParentCAName;
// 0x0060
BOOL fPreserveDB;
BOOL fInteractiveService; // allow service to interact
// with the desktop
// setup intermediate attributes
ENUM_WIZPAGE LastWiz;
WCHAR *pwszSanitizedName;
CSP_INFO *pCSPInfoList; // list of all available CSPs
CSP_INFO *pDefaultCSPInfo; // obj representing default CSP,
// not a CSP in pCSPInfoList
CSP_HASH *pDefaultHashInfo; // object representing default
// hash algorithm, not a hash
// algorighm in the currently
// selected CSP
KEY_LIST *pKeyList; // list of key containers for
// 0x0080
DWORD dwKeyLenMin; // minumum key length for the
// currently selected CSP
DWORD dwKeyLenMax; // maximum key length for the
// currently selected CSP
WCHAR *pwszValidityPeriodCount;
LONG lExistingValidity;
WCHAR *pwszCACertFile;
HCERTSTORE hMyStore;
CHAR *pszAlgId;
BOOL fCertSrvWasRunning;
// 0x00a0
FILETIME NotBefore;
FILETIME NotAfter;
DWORD dwRevocationFlags;
// setup intermediate attributes for unattended
WCHAR *pwszCAType;
WCHAR *pwszValidityPeriodString;
WCHAR *pwszHashAlgorithm;
// 0x00c0
WCHAR *pwszKeyLength;
BOOL fValidatedHashAndKey;
WCHAR *pwszUseExistingCert;
WCHAR *pwszPreserveDB;
WCHAR *pwszPFXFile;
WCHAR *pwszPFXPassword;
WCHAR *pwszInteractiveService;
// upgrade attributes
DWORD dwUpgradeEditFlags;
// 0x00e0
BOOL fSavedCAInDS;
BOOL fCreatedShare;
WCHAR *pwszCustomPolicy;
WCHAR *pwszzCustomExit;
// * The following 2 variables replace these 5 variables:
// fCreatedKey,
// pwszRevertKey,
// pwszImportKey,
// pwszExistingKey,
// fUseExistingKey
//
// * Invariant: fUseExistingKey == (NULL != pwszKeyContainerName)
//
// * pwszKeyContainerName should always contains the name of an existing
// key container, or be NULL if a new key container needs to be created.
// Once the new container is created, the variable holds the name of the
// container.
//
// * Always use SetKeyContainerName() and ClearKeyContainerName() to modify
// these variables. This makes sure that pwszDesanitizedKeyContainerName
// is always in sync.
WCHAR *pwszKeyContainerName; // exact name of the container
// used by the CSP
WCHAR *pwszDesanitizedKeyContainerName; // name displayed
// to the user
BOOL fDeletableNewKey; // TRUE iff the
// KeyContainerName points to a
// key container that we should
// delete if we don't use.
BOOL fKeyGenFailed; // TRUE if KeyGen failed
// * The following 1 variable replace these 4 variables:
// fUseExistingCert,
// fFoundMatchedCertInStore,
// fMatchedCertType,
// pSCertContextFromStore
//
// * Invariant: fUseExistingCert==(NULL!=pccExistingCert)
//
// * pccExistingCert should always be a pointer to an existing cert context,
// or be NULL if we are not using an existing cert
//
// * Always use SetExistingCertToUse() and ClearExistingCertToUse() to
// modify these variables. This makes sure that pccExistingCert is
// properly freed.
// 0x0100
CERT_CONTEXT const *pccExistingCert; // an open cert context
CERT_CONTEXT const *pccUpgradeCert; // CA Cert context for upgrade
DWORD dwCertNameId; // CA Cert NameId
BOOL fUNCPathNotFound; // flag for default shared folder
WCHAR *pwszDNSuffix; // CN=%1, DC=x, DC=y, DC=z -- dynamically generated template
// 0x0114
WCHAR *pwszFullCADN;
ENUM_ENTERPRISE_UNAVAIL_REASON EnterpriseUnavailReason; // reason why can't install enterprise CA
} CASERVERSETUPINFO;
typedef struct tagCAWebClientSetupInfo
{
WCHAR *pwszWebCAMachine;
WCHAR *pwszWebCAName;
WCHAR *pwszSanitizedWebCAName;
BOOL fUseDS;
WCHAR *pwszSharedFolder;
ENUM_CATYPES WebCAType;
} CAWEBCLIENTSETUPINFO;
typedef struct tagCASetupInfo
{
CASERVERSETUPINFO *pServer;
CAWEBCLIENTSETUPINFO *pClient;
} CASETUPINFO;
typedef struct _PER_COMPONENT_DATA
{
// component generic
WCHAR *pwszComponent; // Component name from OCM
HINF MyInfHandle; // Open inf handle to per-component inf
DWORDLONG Flags; // Operation flags from SETUP_DATA structure
OCMANAGER_ROUTINES HelperRoutines;
// setup related
HINSTANCE hInstance;
HRESULT hrContinue; // set code if fatal error
WCHAR *pwszCustomMessage;
int iErrMsg; // set msg id for fatal error pop up
BOOL fShownErr; // set to TRUE if pop up earlier so avoid double
BOOL fUnattended;
BOOL fPostBase;
WCHAR *pwszUnattendedFile;
WCHAR *pwszServerName;
WCHAR *pwszServerNameOld;
WCHAR *pwszSystem32;
HINF hinfCAPolicy;
// CA related
DWORD dwInstallStatus;
CASETUPINFO CA;
CS_ENUM_UPGRADE UpgradeFlag;
BOOL fCreatedVRoot;
DWORD dwVersion;
} PER_COMPONENT_DATA;
//+--------------------------------------------------------------------------
// Prototypes:
HRESULT
csiGetKeyList(
IN DWORD dwProvType,
IN WCHAR const *pwszProvName,
IN BOOL fMachineKeySet,
IN BOOL fSilent,
OUT KEY_LIST **ppKeyList);
VOID
csiFreeKeyList(
IN OUT KEY_LIST *pKeyList);
HRESULT
csiBuildRequest(
OPTIONAL IN HINF hInf,
OPTIONAL IN CERT_CONTEXT const *pccPrevious,
IN BYTE const *pbSubjectEncoded,
IN DWORD cbSubjectEncoded,
IN char const *pszAlgId,
IN BOOL fNewKey,
IN DWORD iCert,
IN DWORD iKey,
IN HCRYPTPROV hProv,
IN HWND hwnd,
IN HINSTANCE hInstance,
IN BOOL fUnattended,
OUT BYTE **ppbEncode,
OUT DWORD *pcbEncode);
HRESULT
csiBuildFileName(
IN WCHAR const *pwszDirPath,
IN WCHAR const *pwszSanitizedName,
IN WCHAR const *pwszExt,
IN DWORD iCert,
OUT WCHAR **ppszOut,
HINSTANCE hInstance,
BOOL fUnattended,
IN HWND hwnd);
HRESULT
csiBuildCACertFileName(
IN HINSTANCE hInstance,
IN HWND hwnd,
IN BOOL fUnattended,
OPTIONAL IN WCHAR const *pwszSharedFolder,
IN WCHAR const *pwszSanitizedName,
IN WCHAR const *pwszExt,
IN DWORD iCert,
OUT WCHAR **ppwszCACertFile);
HRESULT
csiGetCARequestFileName(
IN HINSTANCE hInstance,
IN HWND hwnd,
IN WCHAR const *pwszSanitizedCAName,
IN DWORD iCertNew,
IN DWORD iKey,
OUT WCHAR **ppwszRequestFile);
BOOL
csiWriteDERToFile(
IN WCHAR const *pwszFileName,
IN BYTE const *pbDER,
IN DWORD cbDER,
IN HINSTANCE hInstance,
IN BOOL fUnattended,
IN HWND hwnd);
HRESULT
csiBuildAndWriteCert(
IN HCRYPTPROV hCryptProv,
IN CASERVERSETUPINFO const *pServer,
OPTIONAL IN WCHAR const *pwszFile,
IN WCHAR const *pwszEnrollFile,
OPTIONAL IN CERT_CONTEXT const *pCertContextFromStore,
OPTIONAL OUT CERT_CONTEXT const **ppCertContextOut,
IN WCHAR const *pwszCAType,
IN HINSTANCE hInstance,
IN BOOL fUnattended,
IN HWND hwnd);
VOID
csiFreeCertNameInfo(
IN OUT CERT_NAME_INFO *pNameInfo);
HRESULT
csiGetCRLPublicationURLTemplates(
IN BOOL fUseDS,
IN WCHAR const *pwszSystem32,
OUT WCHAR **ppwszz);
HRESULT
csiGetCACertPublicationURLTemplates(
IN BOOL fUseDS,
IN WCHAR const *pwszSystem32,
OUT WCHAR **ppwszz);
HRESULT
csiSetupCAInDS(
IN WCHAR const *pwszCAServer,
IN WCHAR const *pwszSanitizedCAName,
IN WCHAR const *pwszCADisplayName,
IN BOOL fLoadDefaultTemplates,
IN ENUM_CATYPES caType,
IN DWORD iCert,
IN DWORD iCRL,
IN BOOL fRenew,
IN CERT_CONTEXT const *pCert);
HRESULT
csiFillKeyProvInfo(
IN WCHAR const *pwszContainerName,
IN WCHAR const *pwszProvName,
IN DWORD dwProvType,
IN BOOL const fMachineKeyset,
OUT CRYPT_KEY_PROV_INFO *pKeyProvInfo);
VOID
csiFreeKeyProvInfo(
IN OUT CRYPT_KEY_PROV_INFO *pKeyProvInfo);
BOOL
csiIsAnyDSCAAvailable(VOID);
HRESULT
csiSubmitCARequest(
IN HINSTANCE hInstance,
IN BOOL fUnattended,
IN HWND hwnd,
IN BOOL fRenew,
IN DWORD iCert,
IN BOOL fRetrievePending,
IN WCHAR const *pwszSanitizedCAName,
IN WCHAR const *pwszParentCAMachine,
IN WCHAR const *pwszParentCAName,
IN BYTE const *pbRequest,
IN DWORD cbRequest,
OUT BSTR *pbStrChain);
HRESULT
csiFinishInstallationFromPKCS7(
IN HINSTANCE hInstance,
IN BOOL fUnattended,
IN HWND hwnd,
IN WCHAR const *pwszSanitizedCAName,
IN WCHAR const *pwszCACommonName,
IN CRYPT_KEY_PROV_INFO const *pKeyProvInfo,
IN ENUM_CATYPES CAType,
IN DWORD iCert,
IN DWORD iCRL,
IN BOOL fUseDS,
IN BOOL fRenew,
IN WCHAR const *pwszServerName,
IN BYTE const *pbChainOrCert,
IN DWORD cbChainOrCert,
OPTIONAL IN WCHAR const *pwszCACertFile);
HRESULT
csiSaveCertAndKeys(
IN CERT_CONTEXT const *pCert,
IN HCERTSTORE hAdditionalStore,
IN CRYPT_KEY_PROV_INFO const *pkpi,
IN ENUM_CATYPES CAType);
HRESULT
csiInitializeCertSrvSecurity(
IN WCHAR const *pwszSanitizedCAName,
IN BOOL fUseEnterpriseACL, // which ACL to use
IN BOOL fSetDsSecurity); // whether to set DS security
HRESULT
csiGenerateCAKeys(
IN WCHAR const *pwszContainer,
IN WCHAR const *pwszProvName,
IN DWORD dwProvType,
IN BOOL fMachineKeyset,
IN DWORD dwKeyLength,
IN HINSTANCE hInstance,
IN BOOL fUnattended,
IN BOOL fEnableKeyCounting,
IN HWND hwnd,
OUT BOOL *pfKeyGenFailed);
HRESULT
csiGenerateKeysOnly(
IN WCHAR const *pwszContainer,
IN WCHAR const *pwszProvName,
IN DWORD dwProvType,
IN BOOL fMachineKeyset,
IN DWORD dwKeyLength,
IN BOOL fUnattended,
IN BOOL fEnableKeyCounting,
OUT HCRYPTPROV *phProv,
OUT int *piMsg);
HRESULT
csiSetKeyContainerSecurity(
IN HCRYPTPROV hProv);
HRESULT
csiSetAdminOnlyFolderSecurity(
IN LPCWSTR szFolderPath,
IN BOOL fAllowEveryoneRead,
IN BOOL fUseDS);
VOID
csiLogOpen(
IN char const *pszFile);
VOID
csiLogClose();
VOID
csiLog(
IN DWORD dwFile,
IN DWORD dwLine,
IN HRESULT hrMsg,
IN UINT idMsg,
OPTIONAL IN WCHAR const *pwsz1,
OPTIONAL IN WCHAR const *pwsz2,
OPTIONAL IN DWORD const *pdw);
VOID
csiLogFileVersion(
IN DWORD dwFile,
IN DWORD dwLine,
IN UINT idMsg,
IN WCHAR const *pwszFile,
IN char const *pszVersion);
VOID
csiLogTime(
IN DWORD dwFile,
IN DWORD dwLine,
IN UINT idMsg);
VOID
csiLogDWord(
IN DWORD dwFile,
IN DWORD dwLine,
IN UINT idMsg,
IN DWORD dwVal);
VOID
csiLogInfError(
IN HINF hInf,
IN HRESULT hr);
HRESULT
csiGetProviderTypeFromProviderName(
IN WCHAR const *pwszName,
OUT DWORD *pdwType);
HRESULT
csiUpgradeCertSrvSecurity(
IN WCHAR const *pwszSanitizedCAName,
BOOL fUseEnterpriseACL, // which ACL to use
BOOL fSetDsSecurity, // whether to set security on DS object
CS_ENUM_UPGRADE UpgradeType);
HRESULT
csiGetCRLPublicationParams(
BOOL fBaseCRL,
WCHAR **ppwszCRLPeriodString,
DWORD *pdwCRLPeriodCount);
HRESULT AddCNAndEncode(
LPCWSTR pcwszName,
LPCWSTR pcwszDNSuffix,
BYTE** ppbEncodedDN,
DWORD *pcbEncodedDN);
HRESULT
AddCAMachineToCertPublishers(VOID);
HRESULT
RemoveCAMachineFromCertPublishers(VOID);
HRESULT
AddCAMachineToPreWin2kGroup(VOID);
HRESULT
RemoveCAMachineFromPreWin2kGroup(VOID);
#define CSILOG(hr, idMsg, pwsz1, pwsz2, pdw) \
csiLog(__dwFILE__, __LINE__, (hr), (idMsg), (pwsz1), (pwsz2), (pdw))
#define CSILOGFILEVERSION(idMsg, pwszFile, pszVersion) \
csiLogFileVersion(__dwFILE__, __LINE__, (idMsg), (pwszFile), (pszVersion))
#define CSILOGTIME(idMsg) \
csiLogTime(__dwFILE__, __LINE__, (idMsg))
#define CSILOGDWORD(idMsg, dw) \
csiLogDWord(__dwFILE__, __LINE__, (idMsg), (dw))
#endif //__INITCERT_H__