You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
469 lines
16 KiB
469 lines
16 KiB
///////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
|
//
|
|
// Module: iaspolcy.idl
|
|
//
|
|
// Project: Everest
|
|
//
|
|
// Description: IAS Policy Subsystem Interface
|
|
//
|
|
// Author: TLP 12/1/97
|
|
//
|
|
///////////////////////////////////////////////////////////////////////////
|
|
|
|
// This file will be processed by the MIDL tool to
|
|
// produce the type library (iaspolcy.tlb) and marshalling code.
|
|
|
|
import "oaidl.idl";
|
|
import "ocidl.idl";
|
|
|
|
//////////
|
|
// IAS Reason-Codes
|
|
//////////
|
|
typedef enum {
|
|
IAS_SUCCESS = 0x000,
|
|
IAS_INTERNAL_ERROR = 0x001,
|
|
IAS_ACCESS_DENIED = 0x002,
|
|
IAS_MALFORMED_REQUEST = 0x003,
|
|
IAS_GLOBAL_CATALOG_UNAVAILABLE = 0x004,
|
|
IAS_DOMAIN_UNAVAILABLE = 0x005,
|
|
IAS_SERVER_UNAVAILABLE = 0x006,
|
|
IAS_NO_SUCH_DOMAIN = 0x007,
|
|
IAS_NO_SUCH_USER = 0x008,
|
|
IAS_EXTENSION_DISCARD = 0x009,
|
|
|
|
IAS_AUTH_FAILURE = 0x010,
|
|
IAS_CHANGE_PASSWORD_FAILURE = 0x011,
|
|
IAS_UNSUPPORTED_AUTH_TYPE = 0x012,
|
|
IAS_NO_CLEARTEXT_PASSWORD = 0x013,
|
|
IAS_LM_NOT_ALLOWED = 0x014,
|
|
IAS_EXTENSION_REJECT = 0x015,
|
|
IAS_EAP_NEGOTIATION_FAILED = 0x016,
|
|
IAS_UNEXPECTED_EAP_ERROR = 0x017,
|
|
|
|
IAS_LOCAL_USERS_ONLY = 0x020,
|
|
IAS_PASSWORD_MUST_CHANGE = 0x021,
|
|
IAS_ACCOUNT_DISABLED = 0x022,
|
|
IAS_ACCOUNT_EXPIRED = 0x023,
|
|
IAS_ACCOUNT_LOCKED_OUT = 0x024,
|
|
IAS_INVALID_LOGON_HOURS = 0x025,
|
|
IAS_ACCOUNT_RESTRICTION = 0x026,
|
|
|
|
IAS_NO_POLICY_MATCH = 0x030,
|
|
IAS_NO_CXN_REQ_POLICY_MATCH = 0x031,
|
|
|
|
IAS_DIALIN_LOCKED_OUT = 0x040,
|
|
IAS_DIALIN_DISABLED = 0x041,
|
|
IAS_INVALID_AUTH_TYPE = 0x042,
|
|
IAS_INVALID_CALLING_STATION = 0x043,
|
|
IAS_INVALID_DIALIN_HOURS = 0x044,
|
|
IAS_INVALID_CALLED_STATION = 0x045,
|
|
IAS_INVALID_PORT_TYPE = 0x046,
|
|
IAS_DIALIN_RESTRICTION = 0x047,
|
|
IAS_CPW_NOT_ALLOWED = 0x048,
|
|
IAS_INVALID_CERT_EKU = 0x049,
|
|
|
|
IAS_NO_RECORD = 0x050,
|
|
|
|
IAS_SESSION_TIMEOUT = 0x060,
|
|
IAS_UNEXPECTED_REQUEST = 0x061,
|
|
|
|
IAS_PROXY_REJECT = 0x070,
|
|
IAS_PROXY_UNKNOWN_GROUP = 0x071,
|
|
IAS_PROXY_UNKNOWN_SERVER = 0x072,
|
|
IAS_PROXY_PACKET_TOO_LONG = 0x073,
|
|
IAS_PROXY_SEND_ERROR = 0x074,
|
|
IAS_PROXY_TIMEOUT = 0x075,
|
|
IAS_PROXY_MALFORMED_RESPONSE = 0x076,
|
|
|
|
IAS_CRYPT_E_REVOKED = 0x100,
|
|
IAS_CRYPT_E_NO_REVOCATION_DLL = 0x101,
|
|
IAS_CRYPT_E_NO_REVOCATION_CHECK = 0x102,
|
|
IAS_CRYPT_E_REVOCATION_OFFLINE = 0x103,
|
|
IAS_SEC_E_MESSAGE_ALTERED = 0x104,
|
|
IAS_SEC_E_NO_AUTHENTICATING_AUTHORITY = 0x105,
|
|
IAS_SEC_E_INCOMPLETE_MESSAGE = 0x106,
|
|
IAS_SEC_E_INCOMPLETE_CREDENTIALS = 0x107,
|
|
IAS_SEC_E_TIME_SKEW = 0x108,
|
|
IAS_SEC_E_UNTRUSTED_ROOT = 0x109,
|
|
IAS_SEC_E_ILLEGAL_MESSAGE = 0x10A,
|
|
IAS_SEC_E_CERT_WRONG_USAGE = 0x10B,
|
|
IAS_SEC_E_CERT_EXPIRED = 0x10C,
|
|
IAS_SEC_E_ALGORITHM_MISMATCH = 0x10D,
|
|
IAS_SEC_E_SMARTCARD_LOGON_REQUIRED = 0x10E,
|
|
IAS_SEC_E_SHUTDOWN_IN_PROGRESS = 0x10F,
|
|
IAS_SEC_E_MULTIPLE_ACCOUNTS = 0x110,
|
|
IAS_TRUST_E_PROVIDER_UNKNOWN = 0x111,
|
|
IAS_TRUST_E_ACTION_UNKNOWN = 0x112,
|
|
IAS_TRUST_E_SUBJECT_FORM_UNKNOWN = 0x113,
|
|
IAS_TRUST_E_SUBJECT_NOT_TRUSTED = 0x114,
|
|
IAS_TRUST_E_NOSIGNATURE = 0x115,
|
|
IAS_CERT_E_EXPIRED = 0x116,
|
|
IAS_CERT_E_VALIDITYPERIODNESTING = 0x117,
|
|
IAS_CERT_E_ROLE = 0x118,
|
|
IAS_CERT_E_PATHLENCONST = 0x119,
|
|
IAS_CERT_E_CRITICAL = 0x11A,
|
|
IAS_CERT_E_PURPOSE = 0x11B,
|
|
IAS_CERT_E_ISSUERCHAINING = 0x11C,
|
|
IAS_CERT_E_MALFORMED = 0x11D,
|
|
IAS_CERT_E_UNTRUSTEDROOT = 0x11E,
|
|
IAS_CERT_E_CHAINING = 0x11F,
|
|
IAS_TRUST_E_FAIL = 0x120,
|
|
IAS_CERT_E_REVOKED = 0x121,
|
|
IAS_CERT_E_UNTRUSTEDTESTROOT = 0x122,
|
|
IAS_CERT_E_REVOCATION_FAILURE = 0x123,
|
|
IAS_CERT_E_CN_NO_MATCH = 0x124,
|
|
IAS_CERT_E_WRONG_USAGE = 0x125,
|
|
IAS_TRUST_E_EXPLICIT_DISTRUST = 0x126,
|
|
IAS_CERT_E_UNTRUSTEDCA = 0x127,
|
|
IAS_CERT_E_INVALID_POLICY = 0x128,
|
|
IAS_CERT_E_INVALID_NAME = 0x129,
|
|
IAS_SEC_E_PKINIT_NAME_MISMATCH = 0x12A,
|
|
IAS_SEC_E_OUT_OF_SEQUENCE = 0x12B,
|
|
IAS_SEC_E_NO_CREDENTIALS = 0x12C,
|
|
|
|
IAS_MAX_REASON_CODE
|
|
|
|
} IASREASON;
|
|
|
|
/////////////////////////////////////////////
|
|
// IASATTRIBUTE structure (raw IAS attribute)
|
|
/////////////////////////////////////////////
|
|
|
|
// Allowed syntaxes
|
|
typedef enum IASTYPEENUM {
|
|
IASTYPE_INVALID = 0,
|
|
IASTYPE_BOOLEAN,
|
|
IASTYPE_INTEGER,
|
|
IASTYPE_ENUM,
|
|
IASTYPE_INET_ADDR,
|
|
IASTYPE_STRING,
|
|
IASTYPE_OCTET_STRING,
|
|
IASTYPE_UTC_TIME,
|
|
IASTYPE_PROV_SPECIFIC
|
|
} IASTYPE;
|
|
|
|
// C/C++ type for each allowed syntax.
|
|
typedef DWORD IAS_BOOLEAN, *PIAS_BOOLEAN;
|
|
|
|
typedef DWORD IAS_INTEGER, *PIAS_INTEGER;
|
|
|
|
typedef DWORD IAS_ENUM, *PIAS_ENUM;
|
|
|
|
typedef DWORD IAS_INET_ADDR, *PIAS_INET_ADDR;
|
|
|
|
typedef FILETIME IAS_UTC_TIME, *PIAS_UTC_TIME;
|
|
|
|
typedef struct _IAS_STRING {
|
|
LPSTR pszAnsi;
|
|
LPWSTR pszWide;
|
|
} IAS_STRING, *PIAS_STRING;
|
|
|
|
typedef struct _IAS_OCTET_STRING {
|
|
DWORD dwLength;
|
|
BYTE *lpValue;
|
|
} IAS_OCTET_STRING, *PIAS_OCTET_STRING;
|
|
|
|
typedef IAS_OCTET_STRING IAS_PROV_SPECIFIC, *PIAS_PROV_SPECIFIC;
|
|
|
|
// Attribute value structure.
|
|
typedef struct _IASVALUE
|
|
{
|
|
IASTYPE itType;
|
|
[ switch_is((DWORD)itType) ] union
|
|
{
|
|
[ case(IASTYPE_BOOLEAN) ]
|
|
IAS_BOOLEAN Boolean;
|
|
[ case(IASTYPE_INTEGER) ]
|
|
IAS_INTEGER Integer;
|
|
[ case(IASTYPE_ENUM) ]
|
|
IAS_ENUM Enumerator;
|
|
[ case(IASTYPE_INET_ADDR) ]
|
|
IAS_INET_ADDR InetAddr;
|
|
[ case(IASTYPE_STRING) ]
|
|
IAS_STRING String;
|
|
[ case(IASTYPE_OCTET_STRING) ]
|
|
IAS_OCTET_STRING OctetString;
|
|
[ case(IASTYPE_UTC_TIME) ]
|
|
IAS_UTC_TIME UTCTime;
|
|
[ case(IASTYPE_PROV_SPECIFIC) ]
|
|
IAS_PROV_SPECIFIC ProviderSpecific;
|
|
};
|
|
} IASVALUE, *PIASVALUE;
|
|
|
|
//
|
|
// these are the bit values
|
|
cpp_quote ("#define IAS_INCLUDE_IN_ACCEPT 0x00000001")
|
|
cpp_quote ("#define IAS_INCLUDE_IN_REJECT 0x00000002")
|
|
cpp_quote ("#define IAS_INCLUDE_IN_CHALLENGE 0x00000004")
|
|
cpp_quote ("#define IAS_INCLUDE_IN_RESPONSE (IAS_INCLUDE_IN_ACCEPT | IAS_INCLUDE_IN_REJECT | IAS_INCLUDE_IN_CHALLENGE)")
|
|
cpp_quote ("#define IAS_RECVD_FROM_CLIENT 0x00000008")
|
|
cpp_quote ("#define IAS_RECVD_FROM_PROTOCOL 0x00000010")
|
|
|
|
// Attribute structure.
|
|
typedef struct _IASATTRIBUTE {
|
|
|
|
/////////////////////////////////////////////////////////////////
|
|
// (1) dwReserved should be hidden from users
|
|
// (2) dwFlags is temporary... plan is to have an in attribute
|
|
// collection and an out attribute collection on the request.
|
|
//
|
|
// Make these changes after NT 5 beta.
|
|
/////////////////////////////////////////////////////////////////
|
|
|
|
DWORD dwReserved; // Reserved (reference count)
|
|
DWORD dwFlags; // Reserved (protocol state)
|
|
DWORD dwId; // Unique attribute ID - from IAS Dictionary
|
|
IASVALUE Value; // Attribute value
|
|
|
|
} IASATTRIBUTE, *PIASATTRIBUTE;
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
// IAS request object interface
|
|
////////////////////////////////////////////////////////////
|
|
|
|
// Request Identifiers
|
|
typedef enum _IASREQUEST
|
|
{
|
|
IAS_REQUEST_ACCESS_REQUEST,
|
|
IAS_REQUEST_ACCOUNTING,
|
|
IAS_REQUEST_CHALLENGE_RESPONSE,
|
|
IAS_REQUEST_NAS_STATE,
|
|
|
|
// Obsolete.
|
|
IAS_REQUEST_PROXY_PACKET = 999
|
|
|
|
} IASREQUEST;
|
|
|
|
// Response Identifiers
|
|
typedef enum _IASRESPONSE
|
|
{
|
|
IAS_RESPONSE_INVALID,
|
|
IAS_RESPONSE_ACCESS_ACCEPT,
|
|
IAS_RESPONSE_ACCESS_REJECT,
|
|
IAS_RESPONSE_ACCESS_CHALLENGE,
|
|
IAS_RESPONSE_ACCOUNTING,
|
|
IAS_RESPONSE_DISCARD_PACKET,
|
|
|
|
// Obsolete.
|
|
IAS_RESPONSE_FORWARD_PACKET = 999,
|
|
IAS_RESPONSE_RAS,
|
|
// New Response Identifiers Here...
|
|
|
|
IAS_RESPONSE_MAX = 2048
|
|
|
|
} IASRESPONSE;
|
|
|
|
// Protocol Identifiers
|
|
typedef enum _IASPROTOCOL
|
|
{
|
|
IAS_PROTOCOL_INVALID=0,
|
|
IAS_PROTOCOL_NONE,
|
|
IAS_PROTOCOL_RADIUS,
|
|
IAS_PROTOCOL_TACACSPLUS,
|
|
IAS_PROTOCOL_LDAP,
|
|
IAS_PROTOCOL_RAS
|
|
// New Protocol Identifiers Here...
|
|
|
|
} IASPROTOCOL;
|
|
|
|
// Providers
|
|
typedef enum _IASPROVIDER
|
|
{
|
|
IAS_PROVIDER_NONE,
|
|
IAS_PROVIDER_WINDOWS,
|
|
IAS_PROVIDER_RADIUS_PROXY,
|
|
IAS_PROVIDER_EXTERNAL_AUTH
|
|
|
|
} IASPROVIDER;
|
|
|
|
interface IRequestSource; // Forward reference
|
|
|
|
// Request status
|
|
typedef [public] enum _IASREQUESTSTATUS
|
|
{
|
|
IAS_REQUEST_STATUS_ABORT, // Request cannot be handled
|
|
IAS_REQUEST_STATUS_CONTINUE, // Pass request to next handler
|
|
IAS_REQUEST_STATUS_HANDLED, // Request has been handled
|
|
// New Status Types Here...
|
|
IAS_REQUEST_STATUS_INVALID
|
|
|
|
} IASREQUESTSTATUS;
|
|
|
|
[
|
|
object,
|
|
uuid(6BC096A7-0CE6-11D1-BAAE-00C04FC2E20D),
|
|
pointer_default(unique)
|
|
]
|
|
interface IRequest : IUnknown
|
|
{
|
|
[propget, id(1)] HRESULT Request([out, retval] LONG *pVal);
|
|
[propput, id(1)] HRESULT Request([in] LONG newVal);
|
|
[propget, id(2)] HRESULT Response([out, retval] LONG *pVal);
|
|
[propget, id(3)] HRESULT Reason([out, retval] LONG *pVal);
|
|
[propget, id(4)] HRESULT Protocol([out, retval] IASPROTOCOL *pVal);
|
|
[propput, id(4)] HRESULT Protocol([in] IASPROTOCOL newVal);
|
|
[propget, id(5)] HRESULT Source([out, retval] IRequestSource** pVal);
|
|
[propput, id(5)] HRESULT Source([in] IRequestSource* newVal);
|
|
[id(7)] HRESULT SetResponse([in] IASRESPONSE eResponse,
|
|
[in] LONG lReason);
|
|
[id(8)] HRESULT ReturnToSource([in] IASREQUESTSTATUS eStatus);
|
|
};
|
|
|
|
////////////////////////////////////////////////////////////
|
|
// Raw interface to an IAS request object's attributes
|
|
////////////////////////////////////////////////////////////
|
|
|
|
typedef struct _ATTRIBUTEPOSITION
|
|
{
|
|
DWORD dwReserved; // For use by request object
|
|
PIASATTRIBUTE pAttribute;
|
|
|
|
} ATTRIBUTEPOSITION, *PATTRIBUTEPOSITION;
|
|
|
|
[
|
|
object,
|
|
hidden,
|
|
restricted,
|
|
uuid(6BC096A8-0CE6-11D1-BAAE-00C04FC2E20D),
|
|
pointer_default(unique)
|
|
]
|
|
interface IAttributesRaw : IUnknown
|
|
{
|
|
HRESULT AddAttributes(
|
|
[in] DWORD dwPosCount,
|
|
[in, out] PATTRIBUTEPOSITION pPositions
|
|
);
|
|
HRESULT RemoveAttributes(
|
|
[in] DWORD dwPosCount,
|
|
[in] PATTRIBUTEPOSITION pPositions
|
|
);
|
|
HRESULT RemoveAttributesByType(
|
|
[in] DWORD dwAttrIDCount,
|
|
[in] LPDWORD lpdwAttrIDs
|
|
);
|
|
HRESULT GetAttributeCount(
|
|
[in]LPDWORD lpdwCount
|
|
);
|
|
HRESULT GetAttributes(
|
|
[in, out] LPDWORD lpdwPosCount,
|
|
[out] PATTRIBUTEPOSITION pPositions,
|
|
[in] DWORD dwAttrIDCount,
|
|
[in] LPDWORD lpdwAttrIDs
|
|
);
|
|
HRESULT InsertBefore(
|
|
[in, out] PATTRIBUTEPOSITION newAttr,
|
|
[in] PATTRIBUTEPOSITION refAttr
|
|
);
|
|
};
|
|
|
|
////////////////////////////////////////////////////////////
|
|
// Raw interface to an IAS request object's state
|
|
////////////////////////////////////////////////////////////
|
|
[
|
|
object,
|
|
hidden,
|
|
restricted,
|
|
uuid(6BC096BA-0CE6-11D1-BAAE-00C04FC2E20D),
|
|
pointer_default(unique)
|
|
]
|
|
interface IRequestState : IUnknown
|
|
{
|
|
HRESULT Push([in] unsigned hyper State);
|
|
HRESULT Pop([out] unsigned hyper* pState);
|
|
HRESULT Top([out] unsigned hyper* pState);
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
// Interface exported by request comsumer components
|
|
////////////////////////////////////////////////////////////
|
|
[
|
|
object,
|
|
uuid(6BC096AA-0CE6-11D1-BAAE-00C04FC2E20D),
|
|
dual,
|
|
pointer_default(unique)
|
|
]
|
|
interface IRequestHandler : IDispatch
|
|
{
|
|
[id(1)] HRESULT OnRequest(IRequest* pRequest);
|
|
};
|
|
|
|
////////////////////////////////////////////////////////////
|
|
// Interface exported by request producer components
|
|
////////////////////////////////////////////////////////////
|
|
[
|
|
object,
|
|
oleautomation,
|
|
uuid(6BC096A9-0CE6-11D1-BAAE-00C04FC2E20D),
|
|
pointer_default(unique)
|
|
]
|
|
interface IRequestSource : IUnknown
|
|
{
|
|
HRESULT OnRequestComplete(IRequest* pRequest, IASREQUESTSTATUS eStatus);
|
|
};
|
|
|
|
//////////////////////////////////////////////////////////////////////////
|
|
// Request Handler Quality Control Interface
|
|
//////////////////////////////////////////////////////////////////////////
|
|
|
|
// INOPERABLE - Request handler cannot process requests. Note that this
|
|
// is not necessarily a permanent condition.
|
|
//
|
|
// FLOODED - Request handler is too busy to accept any more requests.
|
|
//
|
|
// READY - Request handler is operational and can process requests.
|
|
//
|
|
// UNKNOWN - Initial state before the handle reports its state
|
|
|
|
typedef enum _QUALITYSTATUS
|
|
{
|
|
QUALITY_STATUS_INOPERABLE = 0x0001,
|
|
QUALITY_STATUS_FLOODED,
|
|
QUALITY_STATUS_READY,
|
|
QUALITY_STATUS_UNKNOWN
|
|
|
|
} QUALITYSTATUS;
|
|
|
|
[
|
|
object,
|
|
uuid(6BC096AB-0CE6-11D1-BAAE-00C04FC2E20D),
|
|
dual,
|
|
pointer_default(unique)
|
|
]
|
|
interface IQualityControl : IDispatch
|
|
{
|
|
HRESULT OnQualityNotify(QUALITYSTATUS eQualityStatus, LONG lObjectID);
|
|
HRESULT SetQualityNotify(IQualityControl* pQualityControl);
|
|
};
|
|
|
|
|
|
///////////////
|
|
// Type Library
|
|
///////////////
|
|
|
|
[
|
|
uuid(6BC096A5-0CE6-11D1-BAAE-00C04FC2E20D),
|
|
version(1.0),
|
|
helpstring("IAS Policy 1.0 Type Library")
|
|
]
|
|
|
|
library IASPolicyLib
|
|
{
|
|
importlib("stdole2.tlb");
|
|
|
|
//////////
|
|
// Classes
|
|
//////////
|
|
|
|
//////////////////////////////////////////////////////////////////////////
|
|
[
|
|
uuid(6BC096B1-0CE6-11D1-BAAE-00C04FC2E20D),
|
|
helpstring("Request Class")
|
|
]
|
|
coclass Request
|
|
{
|
|
[default] interface IRequest;
|
|
};
|
|
};
|