//+--------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1996 - 1999
//
// File: csldap.h
//
// Contents: Cert Server wrapper routines
//
//---------------------------------------------------------------------------
#ifndef __CSLDAP_H__
#define __CSLDAP_H__
#define csecLDAPTIMEOUT (2 * 60) // two minute default search timeout
#define wszDSBASECRLATTRIBUTE L"certificateRevocationList"
#define wszDSDELTACRLATTRIBUTE L"deltaRevocationList"
#define wszDSUSERCERTATTRIBUTE L"userCertificate"
#define wszDSCROSSCERTPAIRATTRIBUTE L"crossCertificatePair"
#define wszDSKRACERTATTRIBUTE wszDSUSERCERTATTRIBUTE
#define wszDSCACERTATTRIBUTE L"cACertificate"
#define wszDSBASECRLATTRIBUTE L"certificateRevocationList"
#define wszDSAUTHORITYCRLATTRIBUTE L"authorityRevocationList"
#define wszDSOBJECTCLASSATTRIBUTE L"objectClass"
#define wszDSFLAGSATTRIBUTE L"flags"
#define wszDSBASESEARCH L"?base"
#define wszDSONESEARCH L"?one"
#define wszDSTOPCLASSNAME L"top"
#define wszDSPERSONCLASSNAME L"person"
#define wszDSORGPERSONCLASSNAME L"organizationalPerson"
#define wszDSUSERCLASSNAME L"user"
#define wszDSCONTAINERCLASSNAME L"container"
#define wszDSENROLLMENTSERVICECLASSNAME L"pKIEnrollmentService"
#define wszDSMACHINECLASSNAME L"machine"
#define wszDSTEMPLATELASSNAME L"pKICertificateTemplate"
#define wszDSKRACLASSNAME L"msPKI-PrivateKeyRecoveryAgent"
#define wszDSCDPCLASSNAME L"cRLDistributionPoint"
#define wszDSOIDCLASSNAME L"msPKI-Enterprise-Oid"
#define wszDSCACLASSNAME L"certificationAuthority"
#define wszDSAIACLASSNAME wszDSCACLASSNAME
#define wszDSCDPCLASS L"?" wszDSOBJECTCLASSATTRIBUTE L"=" wszDSCDPCLASSNAME
#define wszDSCACLASS L"?" wszDSOBJECTCLASSATTRIBUTE L"=" wszDSCACLASSNAME
#define wszDSUSERCLASS L"?" wszDSOBJECTCLASSATTRIBUTE L"=*"
#define wszDSKRACLASS L"?" wszDSOBJECTCLASSATTRIBUTE L"=" wszDSKRACLASSNAME
#define wszDSAIACLASS L"?" wszDSOBJECTCLASSATTRIBUTE L"=" wszDSAIACLASSNAME
#define wszDSSEARCHBASECRLATTRIBUTE \
L"?" \
wszDSBASECRLATTRIBUTE \
wszDSBASESEARCH \
wszDSCDPCLASS
#define wszDSSEARCHDELTACRLATTRIBUTE \
L"?" \
wszDSDELTACRLATTRIBUTE \
wszDSBASESEARCH \
wszDSCDPCLASS
#define wszDSSEARCHUSERCERTATTRIBUTE \
L"?" \
wszDSUSERCERTATTRIBUTE \
wszDSBASESEARCH \
wszDSUSERCLASS
#define wszDSSEARCHCACERTATTRIBUTE \
L"?" \
wszDSCACERTATTRIBUTE \
wszDSBASESEARCH \
wszDSCACLASS
#define wszDSSEARCHKRACERTATTRIBUTE \
L"?" \
wszDSUSERCERTATTRIBUTE \
wszDSONESEARCH \
wszDSKRACLASS
#define wszDSSEARCHCROSSCERTPAIRATTRIBUTE \
L"?" \
wszDSCROSSCERTPAIRATTRIBUTE \
wszDSONESEARCH \
wszDSAIACLASS
#define wszDSSEARCHAIACERTATTRIBUTE \
L"?" \
wszDSCACERTATTRIBUTE \
wszDSONESEARCH \
wszDSAIACLASS
#define wszDSKRAQUERYTEMPLATE \
L"ldap:///CN=KRA," \
L"CN=Public Key Services," \
L"CN=Services," \
wszFCSAPARM_CONFIGDN \
wszDSSEARCHKRACERTATTRIBUTE
#define wszDSAIAQUERYTEMPLATE \
L"ldap:///CN=AIA," \
L"CN=Public Key Services," \
L"CN=Services," \
wszFCSAPARM_CONFIGDN \
wszDSSEARCHAIACERTATTRIBUTE
// Default URL Template Values:
extern WCHAR const g_wszzLDAPIssuerCertURLTemplate[];
extern WCHAR const g_wszzLDAPKRACertURLTemplate[];
extern WCHAR const g_wszzLDAPRevocationURLTemplate[];
extern WCHAR const g_wszASPRevocationURLTemplate[];
extern WCHAR const g_wszLDAPNTAuthURLTemplate[];
extern WCHAR const g_wszLDAPRootTrustURLTemplate[];
extern WCHAR const g_wszCDPDNTemplate[];
extern WCHAR const g_wszAIADNTemplate[];
extern WCHAR const g_wszKRADNTemplate[];
extern WCHAR const g_wszHTTPRevocationURLTemplate[];
extern WCHAR const g_wszFILERevocationURLTemplate[];
extern WCHAR const g_wszHTTPIssuerCertURLTemplate[];
extern WCHAR const g_wszFILEIssuerCertURLTemplate[];
// Default Server Controls:
extern LDAPControl *g_rgLdapControls[];
HRESULT
myGetAuthoritativeDomainDn(
IN LDAP *pld,
OPTIONAL OUT BSTR *pstrDomainDN,
OPTIONAL OUT BSTR *pstrConfigDN);
HRESULT
myDomainFromDn(
IN WCHAR const *pwszDN,
OUT WCHAR **ppwszDomainDNS);
HRESULT
myLdapOpen(
OUT LDAP **ppld,
OPTIONAL OUT BSTR *pstrDomainDN,
OPTIONAL OUT BSTR *pstrConfigDN);
VOID
myLdapClose(
OPTIONAL IN LDAP *pld,
OPTIONAL IN BSTR strDomainDN,
OPTIONAL IN BSTR strConfigDN);
BOOL
myLdapRebindRequired(
IN ULONG ldaperrParm,
OPTIONAL IN LDAP *pld);
HRESULT
myLdapGetDSHostName(
IN LDAP *pld,
OUT WCHAR **ppwszHostName);
HRESULT
myLdapCreateContainer(
IN LDAP *pld,
IN WCHAR const *pwszDN,
IN BOOL fSkipObject, // Does the DN contain a leaf object name
IN DWORD cMaxLevel, // create this many nested containers as needed
IN PSECURITY_DESCRIPTOR pContainerSD,
OPTIONAL OUT WCHAR **ppwszError);
#define LPC_CAOBJECT 0x00000000
#define LPC_KRAOBJECT 0x00000001
#define LPC_USEROBJECT 0x00000002
#define LPC_MACHINEOBJECT 0x00000003
#define LPC_OBJECTMASK 0x0000000f
#define LPC_CREATECONTAINER 0x00000100
#define LPC_CREATEOBJECT 0x00000200
HRESULT
myLdapPublishCertToDS(
IN LDAP *pld,
IN CERT_CONTEXT const *pccPublish,
IN WCHAR const *pwszURL,
IN WCHAR const *pwszAttribute,
IN DWORD dwObjectType, // LPC_*
OUT DWORD *pdwDisposition,
OPTIONAL OUT WCHAR **ppwszError);
HRESULT
myLdapPublishCRLToDS(
IN LDAP *pld,
IN CRL_CONTEXT const *pCRLPublish,
IN WCHAR const *pwszURL,
IN WCHAR const *pwszAttribute,
OUT DWORD *pdwDisposition,
OPTIONAL OUT WCHAR **ppwszError);
HRESULT
myLdapCreateCAObject(
IN LDAP *pld,
IN WCHAR const *pwszDN,
OPTIONAL IN BYTE const *pbCert,
IN DWORD cbCert,
IN PSECURITY_DESCRIPTOR pSD,
OUT DWORD *pdwDisposition,
OPTIONAL OUT WCHAR **ppwszError);
HRESULT
myLdapCreateCDPObject(
IN LDAP *pld,
IN WCHAR const *pwszDN,
IN PSECURITY_DESCRIPTOR pSD,
OUT DWORD *pdwDisposition,
OPTIONAL OUT WCHAR **ppwszError);
HRESULT
myLdapCreateUserObject(
IN LDAP *pld,
IN WCHAR const *pwszDN,
OPTIONAL IN BYTE const *pbCert,
IN DWORD cbCert,
IN PSECURITY_DESCRIPTOR pSD,
IN DWORD dwObjectType, // LPC_* (but LPC_CREATE* is ignored)
OUT DWORD *pdwDisposition,
OPTIONAL OUT WCHAR **ppwszError);
HRESULT
myLdapCreateOIDObject(
IN LDAP *pld,
IN WCHAR const *pwszDN,
IN DWORD dwType,
IN WCHAR const *pwszObjId,
OUT DWORD *pdwDisposition,
OPTIONAL OUT WCHAR **ppwszError);
HRESULT
myLdapOIDIsMatchingLangId(
IN WCHAR const *pwszDisplayName,
IN DWORD dwLanguageId,
OUT BOOL *pfLangIdExists);
HRESULT
myLdapAddOIDDisplayNameToAttribute(
IN LDAP *pld,
OPTIONAL IN WCHAR **ppwszDisplayNames,
IN DWORD dwLanguageId,
IN WCHAR const *pwszDisplayName,
IN WCHAR const *pwszDN,
IN WCHAR const *pwszAttribute,
OUT DWORD *pdwDisposition,
OPTIONAL OUT WCHAR **ppwszError);
HRESULT
myHLdapError(
OPTIONAL IN LDAP *pld,
IN ULONG ldaperrParm,
OPTIONAL OUT WCHAR **ppwszError);
HRESULT
myHLdapError2(
OPTIONAL IN LDAP *pld,
IN ULONG ldaperrParm,
IN ULONG ldaperrParmQuiet,
OPTIONAL OUT WCHAR **ppwszError);
HRESULT
myHLdapError3(
OPTIONAL IN LDAP *pld,
IN ULONG ldaperrParm,
IN ULONG ldaperrParmQuiet,
IN ULONG ldaperrParmQuiet2,
OPTIONAL OUT WCHAR **ppwszError);
HRESULT
myHLdapLastError(
OPTIONAL IN LDAP *pld,
OPTIONAL OUT WCHAR **ppwszError);
HRESULT
AddCertToAttribute(
IN LDAP *pld,
IN CERT_CONTEXT const *pccPublish,
IN WCHAR const *pwszDN,
IN WCHAR const *pwszAttribute,
OUT DWORD *pdwDisposition,
OPTIONAL OUT WCHAR **ppwszError);
HRESULT myLDAPSetStringAttribute(
IN LDAP *pld,
IN WCHAR const *pwszDN,
IN WCHAR const *pwszAttribute,
IN WCHAR const *pwszValue,
OUT DWORD *pdwDisposition,
OPTIONAL OUT WCHAR **ppwszError);
#endif // __CSLDAP_H__