You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
394 lines
14 KiB
394 lines
14 KiB
//+--------------------------------------------------------------------------
|
|
// FILE : autoenro.h
|
|
// DESCRIPTION : Private Auto Enrollment functions
|
|
//
|
|
//
|
|
// Copyright (C) 1993-2000 Microsoft Corporation All Rights Reserved
|
|
//+--------------------------------------------------------------------------
|
|
|
|
#ifndef __AUTOENRO_H__
|
|
#define __AUTOENRO_H__
|
|
|
|
#if _MSC_VER > 1000
|
|
#pragma once
|
|
#endif
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
//--------------------------------------------------------------------------
|
|
// Globals
|
|
//--------------------------------------------------------------------------
|
|
extern HINSTANCE g_hmodThisDll;
|
|
|
|
|
|
//--------------------------------------------------------------------------
|
|
// contant defines
|
|
//--------------------------------------------------------------------------
|
|
#define AE_PENDING_REQUEST_ACTIVE_PERIOD 60 //60 days
|
|
|
|
#define AE_RETRY_LIMIT 3 //retry 3 times for machine DNS error
|
|
|
|
#define SHA1_HASH_LENGTH 20
|
|
|
|
#define ENCODING_TYPE X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
|
|
|
|
#define MY_STORE L"MY"
|
|
|
|
#define REQUEST_STORE L"REQUEST"
|
|
|
|
#define ACRS_STORE L"ACRS"
|
|
|
|
//possible status for the request tree
|
|
#define CERT_REQUEST_STATUS_ACTIVE 0x01
|
|
|
|
#define CERT_REQUEST_STATUS_OBTAINED 0x02
|
|
|
|
#define CERT_REQUEST_STATUS_PENDING 0x03
|
|
|
|
#define CERT_REQUEST_STATUS_SUPERSEDE_ACTIVE 0x04
|
|
|
|
|
|
// Time skew margin for fast CA's
|
|
#define FILETIME_TICKS_PER_SECOND 10000000
|
|
|
|
#define AE_DEFAULT_SKEW 60*60*1 // 1 hour
|
|
|
|
#define MAX_DN_SIZE 256
|
|
|
|
#define AE_SUMMARY_COLUMN_SIZE 100
|
|
|
|
#define PENDING_ALLOC_SIZE 20
|
|
|
|
#define USER_AUTOENROLL_DELAY_FOR_MACHINE 70 //70 seconds to wait
|
|
|
|
|
|
//defines for autoenrollment event log
|
|
#define EVENT_AUTO_NAME L"AutoEnrollment"
|
|
#define AUTO_ENROLLMENT_EVENT_LEVEL_KEY TEXT("SOFTWARE\\Microsoft\\Cryptography\\AutoEnrollment")
|
|
#define AUTO_ENROLLMENT_EVENT_LEVEL TEXT("AEEventLogLevel")
|
|
|
|
//defines for autoenrollment disable key
|
|
#define AUTO_ENROLLMENT_DISABLE_KEY L"SOFTWARE\\Microsoft\\Cryptography\\AutoEnrollment\\AEDisable"
|
|
|
|
//defines for autoenrollment user no wait for 60 seconds key
|
|
#define AUTO_ENROLLMENT_EXPRESS_KEY L"SOFTWARE\\Microsoft\\Cryptography\\AutoEnrollment\\AEExpress"
|
|
|
|
//defines for autoenrollment directory cache information
|
|
#define AUTO_ENROLLMENT_DS_KEY L"SOFTWARE\\Microsoft\\Cryptography\\AutoEnrollment\\AEDirectoryCache"
|
|
#define AUTO_ENROLLMENT_DS_USN L"AEMaxUSN"
|
|
#define AUTO_ENROLLMENT_DS_OBJECT L"AEObjectCount"
|
|
|
|
#define AUTO_ENROLLMENT_TEMPLATE_KEY L"SOFTWARE\\Microsoft\\Cryptography\\CertificateTemplateCache"
|
|
|
|
#define AUTO_ENROLLMENT_USN_ATTR L"uSNChanged"
|
|
|
|
//defines for the UI component
|
|
#define AUTO_ENROLLMENT_SHOW_TIME 15 //show the balloon for 15 seconds
|
|
#define AUTO_ENROLLMENT_INTERVAL 7 * 60 * 30 //show the icon for 7 hours 7* 3600
|
|
#define AUTO_ENROLLMENT_RETRIAL 2
|
|
|
|
#define AUTO_ENROLLMENT_QUERY_INTERVAL 30 //query continue every 30 seconds
|
|
|
|
#define AUTO_ENROLLMENT_BALLOON_LENGTH 7 * 60 * 60 //keep the balloon for 7 hours
|
|
|
|
#define AE_DEFAULT_POSTPONE 1 //we relaunch autoenrollment for 1 hour
|
|
|
|
//define used for sorting of columns in the list view
|
|
#define AE_SUMMARY_COLUMN_TYPE 1
|
|
#define AE_SUMMARY_COLUMN_REASON 2
|
|
#define SORT_COLUMN_ASCEND 0x00010000
|
|
#define SORT_COLUMN_DESCEND 0x00020000
|
|
|
|
|
|
//--------------------------------------------------------------------------
|
|
// struct defines
|
|
//--------------------------------------------------------------------------
|
|
//struct for retry property on the certificate due to DNS error
|
|
typedef struct _AE_RETRY_INFO_
|
|
{
|
|
DWORD cbSize;
|
|
DWORD dwRetry;
|
|
ULARGE_INTEGER dueTime;
|
|
} AE_RETRY_INFO;
|
|
|
|
|
|
//struct for autoenrollment main thread
|
|
typedef struct _AE_MAIN_THREAD_INFO_
|
|
{
|
|
HWND hwndParent;
|
|
DWORD dwStatus;
|
|
} AE_MAIN_THREAD_INFO;
|
|
|
|
|
|
//struct for updating certificate store from AD
|
|
typedef struct _AE_STORE_INFO_
|
|
{
|
|
LPWSTR pwszStoreName;
|
|
LPWSTR pwszLdapPath;
|
|
} AE_STORE_INFO;
|
|
|
|
//struct for the information we compute from DS
|
|
typedef struct _AE_DS_INFO_
|
|
{
|
|
BOOL fValidData;
|
|
DWORD dwObjects;
|
|
ULARGE_INTEGER maxUSN;
|
|
} AE_DS_INFO;
|
|
|
|
//struct for param of view RA certificate dialogue
|
|
typedef struct _AE_VIEW_RA_INFO_
|
|
{
|
|
PCERT_CONTEXT pRAContext;
|
|
LPWSTR pwszRATemplate;
|
|
} AE_VIEW_RA_INFO;
|
|
|
|
|
|
//struct for individual certifcate information
|
|
typedef struct _AE_CERT_INFO_
|
|
{
|
|
BOOL fValid;
|
|
BOOL fRenewal;
|
|
} AE_CERT_INFO;
|
|
|
|
//strcut for certificate's template information
|
|
typedef struct _AE_TEMPLATE_INFO_
|
|
{
|
|
LPWSTR pwszName;
|
|
LPWSTR pwszOid;
|
|
DWORD dwVersion;
|
|
} AE_TEMPLATE_INFO;
|
|
|
|
//struct for certificate authority information
|
|
typedef struct _AE_CA_INFO_
|
|
{
|
|
HCAINFO hCAInfo;
|
|
LPWSTR *awszCertificateTemplate;
|
|
LPWSTR *awszCAName;
|
|
LPWSTR *awszCADNS;
|
|
LPWSTR *awszCADisplay;
|
|
} AE_CA_INFO;
|
|
|
|
|
|
//struct for keeping the issued pending certificates
|
|
typedef struct _AE_PEND_INFO_
|
|
{
|
|
CRYPT_DATA_BLOB blobPKCS7; //the issued pending certificate for UI installation
|
|
CRYPT_DATA_BLOB blobHash; //the hash of the certificate request to be removed from the request store
|
|
}AE_PEND_INFO;
|
|
|
|
//struct for certificate template information
|
|
typedef struct _AE_CERTTYPE_INFO_
|
|
{
|
|
HCERTTYPE hCertType;
|
|
DWORD dwSchemaVersion;
|
|
DWORD dwVersion;
|
|
LPWSTR *awszName;
|
|
LPWSTR *awszDisplay;
|
|
LPWSTR *awszOID;
|
|
LPWSTR *awszSupersede;
|
|
DWORD dwEnrollmentFlag;
|
|
DWORD dwPrivateKeyFlag;
|
|
LARGE_INTEGER ftExpirationOffset;
|
|
DWORD dwStatus;
|
|
BOOL fCheckMyStore;
|
|
BOOL fRenewal;
|
|
BOOL fNeedRA; //the request needs to be signed by itself or another certificate
|
|
BOOL fCrossRA; //the request is cross RAed.
|
|
BOOL fSupersedeVisited; //the flag to prevent infinite loop in superseding relationship
|
|
BOOL fUIActive;
|
|
DWORD dwActive;
|
|
DWORD *prgActive;
|
|
DWORD dwRandomCAIndex;
|
|
PCERT_CONTEXT pOldCert; //for renewal case managing MY store
|
|
HCERTSTORE hArchiveStore; //contains the certificates to be archived
|
|
HCERTSTORE hObtainedStore; //for supersede relation ships
|
|
HCERTSTORE hIssuedStore; //keep issued certificates for re-publishing
|
|
DWORD dwPendCount; //the count of pending issued certs
|
|
AE_PEND_INFO *rgPendInfo; //the point to the struct array
|
|
DWORD idsSummary; //the summary string ID
|
|
} AE_CERTTYPE_INFO;
|
|
|
|
//struct for the autoenrollment process
|
|
typedef struct _AE_GENERAL_INFO_
|
|
{
|
|
HWND hwndParent;
|
|
LDAP * pld;
|
|
HANDLE hToken;
|
|
BOOL fMachine;
|
|
DWORD dwPolicy;
|
|
DWORD dwLogLevel;
|
|
WCHAR wszMachineName[MAX_COMPUTERNAME_LENGTH + 2];
|
|
HCERTSTORE hMyStore;
|
|
HCERTSTORE hRequestStore;
|
|
DWORD dwCertType;
|
|
AE_CERTTYPE_INFO *rgCertTypeInfo;
|
|
DWORD dwCA;
|
|
AE_CA_INFO *rgCAInfo;
|
|
HMODULE hXenroll;
|
|
BOOL fUIProcess; //whether we are doing interactive enrollment
|
|
HANDLE hCancelEvent;
|
|
HANDLE hCompleteEvent;
|
|
HANDLE hThread;
|
|
HWND hwndDlg; //the dialogue window handle of the UI window
|
|
DWORD dwUIPendCount; //the count of UI required pending requests
|
|
DWORD dwUIEnrollCount; //the count of UI requires new requests
|
|
DWORD dwUIProgressCount; //the count of active working items
|
|
BOOL fSmartcardSystem; //whether a smart card reader is installed
|
|
LPWSTR pwszDns; //the DNS name of the local computer
|
|
LPWSTR pwszNetBIOS; //the NetBios name of the local computer
|
|
} AE_GENERAL_INFO;
|
|
|
|
//--------------------------------------------------------------------------
|
|
// Class definition
|
|
//--------------------------------------------------------------------------
|
|
class CQueryContinue : IQueryContinue
|
|
{
|
|
public:
|
|
CQueryContinue();
|
|
~CQueryContinue();
|
|
|
|
// IUnknown
|
|
STDMETHODIMP QueryInterface(REFIID riid, void **ppv);
|
|
STDMETHODIMP_(ULONG) AddRef();
|
|
STDMETHODIMP_(ULONG) Release();
|
|
|
|
// IQueryContinue
|
|
STDMETHODIMP QueryContinue(); // S_OK -> Continue, other
|
|
|
|
// DoBalloon
|
|
HRESULT DoBalloon();
|
|
|
|
private:
|
|
LONG m_cRef;
|
|
IUserNotification *m_pIUserNotification;
|
|
HANDLE m_hTimer;
|
|
};
|
|
|
|
|
|
//--------------------------------------------------------------------------
|
|
// function prototype
|
|
//--------------------------------------------------------------------------
|
|
HRESULT
|
|
AEGetConfigDN(
|
|
IN LDAP *pld,
|
|
OUT LPWSTR *pwszConfigDn
|
|
);
|
|
|
|
HRESULT
|
|
AERobustLdapBind(
|
|
OUT LDAP ** ppldap);
|
|
|
|
BOOL AERetrieveGeneralInfo(AE_GENERAL_INFO *pAE_General_Info);
|
|
|
|
BOOL AEFreeGeneralInfo(AE_GENERAL_INFO *pAE_General_Info);
|
|
|
|
BOOL AERetrieveCAInfo(LDAP *pld, BOOL fMachine, HANDLE hToken, DWORD *pdwCA, AE_CA_INFO **prgCAInfo);
|
|
|
|
BOOL AEFreeCAInfo(DWORD dwCA, AE_CA_INFO *rgCAInfo);
|
|
|
|
BOOL AEFreeCAStruct(AE_CA_INFO *pCAInfo);
|
|
|
|
BOOL AERetrieveCertTypeInfo(LDAP *pld, BOOL fMachine, DWORD *pdwCertType, AE_CERTTYPE_INFO **prgCertType);
|
|
|
|
BOOL AEFreeCertTypeInfo(DWORD dwCertType, AE_CERTTYPE_INFO *rgCertTypeInfo);
|
|
|
|
BOOL AEFreeCertTypeStruct(AE_CERTTYPE_INFO *pCertTypeInfo);
|
|
|
|
BOOL AEAllocAndCopy(LPWSTR pwszSrc, LPWSTR *ppwszDest);
|
|
|
|
BOOL AEIfSupersede(LPWSTR pwsz, LPWSTR *awsz, AE_GENERAL_INFO *pAE_General_Info);
|
|
|
|
BOOL AEClearVistedFlag(AE_GENERAL_INFO *pAE_General_Info);
|
|
|
|
BOOL AECopyCertStore(HCERTSTORE hSrcStore, HCERTSTORE hDesStore);
|
|
|
|
BOOL AEIsAnElement(LPWSTR pwsz, LPWSTR *awsz);
|
|
|
|
BOOL AECancelled(HANDLE hCancelEvent);
|
|
|
|
BOOL AERetrieveTemplateInfo(PCCERT_CONTEXT pCertCurrent,
|
|
AE_TEMPLATE_INFO *pTemplateInfo);
|
|
|
|
BOOL AEFreeTemplateInfo(AE_TEMPLATE_INFO *pAETemplateInfo);
|
|
|
|
AE_CERTTYPE_INFO *AEFindTemplateInRequestTree(AE_TEMPLATE_INFO *pTemplateInfo,
|
|
AE_GENERAL_INFO *pAE_General_Info);
|
|
|
|
|
|
BOOL AEUIProgressAdvance(AE_GENERAL_INFO *pAE_General_Info);
|
|
|
|
BOOL AEUIProgressReport(BOOL fPending, AE_CERTTYPE_INFO *pCertType, HWND hwndDlg, HANDLE hCancelEvent);
|
|
|
|
BOOL FormatMessageUnicode(LPWSTR * ppwszFormat, UINT ids, ...);
|
|
|
|
void AELogAutoEnrollmentEvent(IN DWORD dwLogLevel,
|
|
IN BOOL fError,
|
|
IN HRESULT hr,
|
|
IN DWORD dwEventId,
|
|
IN BOOL fMachine,
|
|
IN HANDLE hToken,
|
|
IN DWORD dwParamCount,
|
|
...
|
|
);
|
|
|
|
BOOL AENetLogonUser(
|
|
LPTSTR UserName,
|
|
LPTSTR DomainName,
|
|
LPTSTR Password,
|
|
PHANDLE phToken
|
|
);
|
|
|
|
BOOL AEIsEmptyStore(HCERTSTORE hCertStore);
|
|
|
|
BOOL AEIsSameDNS(PCCERT_CONTEXT pFirstCert, PCCERT_CONTEXT pSecondCert);
|
|
|
|
BOOL AEGetDNSNameFromCertificate(PCCERT_CONTEXT pCertContext,
|
|
LPWSTR *ppwszDnsName);
|
|
|
|
BOOL AEGetRetryProperty(PCCERT_CONTEXT pCertContext,
|
|
AE_RETRY_INFO **ppAE_Retry_Info);
|
|
|
|
BOOL AEUpdateRetryProperty(AE_GENERAL_INFO *pAE_General_Info,
|
|
LPWSTR pwszTemplateDisplay,
|
|
PCCERT_CONTEXT pNewContext,
|
|
PCCERT_CONTEXT pOldContext);
|
|
|
|
BOOL AEFasterRetrialSchedule(PCCERT_CONTEXT pFirstContext,
|
|
PCCERT_CONTEXT pSecondContext);
|
|
|
|
//--------------------------------------------------------------------------
|
|
// Debug prints
|
|
//--------------------------------------------------------------------------
|
|
#if DBG
|
|
#define AE_ERROR 0x0001
|
|
#define AE_WARNING 0x0002
|
|
#define AE_INFO 0x0004
|
|
#define AE_TRACE 0x0008
|
|
#define AE_ALLOC 0x0010
|
|
#define AE_RES 0x0020
|
|
|
|
#define AE_DEBUG(x) AEDebugLog x
|
|
#define AE_BEGIN(x) AEDebugLog(AE_TRACE, L"BEGIN:" x L"\n");
|
|
#define AE_RETURN(x) { AEDebugLog(AE_TRACE, L"RETURN (%lx) Line %d\n",(x), __LINE__); return (x); }
|
|
#define AE_END() { AEDebugLog(AE_TRACE, L"END:Line %d\n", __LINE__); }
|
|
#define AE_BREAK() { AEDebugLog(AE_TRACE, L"BREAK Line %d\n", __LINE__); }
|
|
void AEDebugLog(long Mask, LPCWSTR Format, ...);
|
|
|
|
#define MAX_DEBUG_BUFFER 256
|
|
|
|
#else
|
|
#define AE_DEBUG(x)
|
|
#define AE_BEGIN(x)
|
|
#define AE_RETURN(x) return (x)
|
|
#define AE_END()
|
|
#define AE_BREAK()
|
|
|
|
#endif
|
|
|
|
#ifdef __cplusplus
|
|
} // Balance extern "C" above
|
|
#endif
|
|
|
|
#endif // __AUTOENRO_H__
|