/////////////////////////////////////////////////////////////////////////// // // Copyright (c) Microsoft Corporation. All rights reserved. // // Module: iaspolcy.idl // // Project: Everest // // Description: IAS Policy Subsystem Interface // // Author: TLP 12/1/97 // /////////////////////////////////////////////////////////////////////////// // This file will be processed by the MIDL tool to // produce the type library (iaspolcy.tlb) and marshalling code. import "oaidl.idl"; import "ocidl.idl"; ////////// // IAS Reason-Codes ////////// typedef enum { IAS_SUCCESS = 0x00, IAS_INTERNAL_ERROR = 0x01, IAS_ACCESS_DENIED = 0x02, IAS_MALFORMED_REQUEST = 0x03, IAS_GLOBAL_CATALOG_UNAVAILABLE = 0x04, IAS_DOMAIN_UNAVAILABLE = 0x05, IAS_SERVER_UNAVAILABLE = 0x06, IAS_NO_SUCH_DOMAIN = 0x07, IAS_NO_SUCH_USER = 0x08, IAS_AUTH_FAILURE = 0x10, IAS_CHANGE_PASSWORD_FAILURE = 0x11, IAS_UNSUPPORTED_AUTH_TYPE = 0x12, IAS_NO_CLEARTEXT_PASSWORD = 0x13, IAS_LM_NOT_ALLOWED = 0x14, IAS_LOCAL_USERS_ONLY = 0x20, IAS_PASSWORD_MUST_CHANGE = 0x21, IAS_ACCOUNT_DISABLED = 0x22, IAS_ACCOUNT_EXPIRED = 0x23, IAS_ACCOUNT_LOCKED_OUT = 0x24, IAS_INVALID_LOGON_HOURS = 0x25, IAS_ACCOUNT_RESTRICTION = 0x26, IAS_NO_POLICY_MATCH = 0x30, IAS_NO_CONNECTION_REQUEST_POLICY_MATCH = 0x31, IAS_DIALIN_LOCKED_OUT = 0x40, IAS_DIALIN_DISABLED = 0x41, IAS_INVALID_AUTH_TYPE = 0x42, IAS_INVALID_CALLING_STATION = 0x43, IAS_INVALID_DIALIN_HOURS = 0x44, IAS_INVALID_CALLED_STATION = 0x45, IAS_INVALID_PORT_TYPE = 0x46, IAS_DIALIN_RESTRICTION = 0x47, IAS_CPW_NOT_ALLOWED = 0x48, IAS_INVALID_CERT_EKU = 0x49, IAS_NO_RECORD = 0x50, IAS_SESSION_TIMEOUT = 0x60, IAS_UNEXPECTED_REQUEST = 0x61, IAS_PROXY_REJECT = 0x70, IAS_PROXY_UNKNOWN_GROUP = 0x71, IAS_PROXY_UNKNOWN_SERVER = 0x72, IAS_PROXY_PACKET_TOO_LONG = 0x73, IAS_PROXY_SEND_ERROR = 0x74, IAS_PROXY_TIMEOUT = 0x75, IAS_PROXY_MALFORMED_RESPONSE = 0x76 } IASREASON; ///////////////////////////////////////////// // IASATTRIBUTE structure (raw IAS attribute) ///////////////////////////////////////////// // Allowed syntaxes typedef enum IASTYPEENUM { IASTYPE_INVALID = 0, IASTYPE_BOOLEAN, IASTYPE_INTEGER, IASTYPE_ENUM, IASTYPE_INET_ADDR, IASTYPE_STRING, IASTYPE_OCTET_STRING, IASTYPE_UTC_TIME, IASTYPE_PROV_SPECIFIC } IASTYPE; // C/C++ type for each allowed syntax. typedef DWORD IAS_BOOLEAN, *PIAS_BOOLEAN; typedef DWORD IAS_INTEGER, *PIAS_INTEGER; typedef DWORD IAS_ENUM, *PIAS_ENUM; typedef DWORD IAS_INET_ADDR, *PIAS_INET_ADDR; typedef FILETIME IAS_UTC_TIME, *PIAS_UTC_TIME; typedef struct _IAS_STRING { LPSTR pszAnsi; LPWSTR pszWide; } IAS_STRING, *PIAS_STRING; typedef struct _IAS_OCTET_STRING { DWORD dwLength; BYTE *lpValue; } IAS_OCTET_STRING, *PIAS_OCTET_STRING; typedef IAS_OCTET_STRING IAS_PROV_SPECIFIC, *PIAS_PROV_SPECIFIC; // Attribute value structure. typedef struct _IASVALUE { IASTYPE itType; [ switch_is((DWORD)itType) ] union { [ case(IASTYPE_BOOLEAN) ] IAS_BOOLEAN Boolean; [ case(IASTYPE_INTEGER) ] IAS_INTEGER Integer; [ case(IASTYPE_ENUM) ] IAS_ENUM Enumerator; [ case(IASTYPE_INET_ADDR) ] IAS_INET_ADDR InetAddr; [ case(IASTYPE_STRING) ] IAS_STRING String; [ case(IASTYPE_OCTET_STRING) ] IAS_OCTET_STRING OctetString; [ case(IASTYPE_UTC_TIME) ] IAS_UTC_TIME UTCTime; [ case(IASTYPE_PROV_SPECIFIC) ] IAS_PROV_SPECIFIC ProviderSpecific; }; } IASVALUE, *PIASVALUE; // // these are the bit values cpp_quote ("#define IAS_INCLUDE_IN_ACCEPT 0x00000001") cpp_quote ("#define IAS_INCLUDE_IN_REJECT 0x00000002") cpp_quote ("#define IAS_INCLUDE_IN_CHALLENGE 0x00000004") cpp_quote ("#define IAS_INCLUDE_IN_RESPONSE (IAS_INCLUDE_IN_ACCEPT | IAS_INCLUDE_IN_REJECT | IAS_INCLUDE_IN_CHALLENGE)") cpp_quote ("#define IAS_RECVD_FROM_CLIENT 0x00000008") cpp_quote ("#define IAS_RECVD_FROM_PROTOCOL 0x00000010") // Attribute structure. typedef struct _IASATTRIBUTE { ///////////////////////////////////////////////////////////////// // (1) dwReserved should be hidden from users // (2) dwFlags is temporary... plan is to have an in attribute // collection and an out attribute collection on the request. // // Make these changes after NT 5 beta. ///////////////////////////////////////////////////////////////// DWORD dwReserved; // Reserved (reference count) DWORD dwFlags; // Reserved (protocol state) DWORD dwId; // Unique attribute ID - from IAS Dictionary IASVALUE Value; // Attribute value } IASATTRIBUTE, *PIASATTRIBUTE; //////////////////////////////////////////////////////////// // IAS request object interface //////////////////////////////////////////////////////////// // Request Identifiers typedef enum _IASREQUEST { IAS_REQUEST_ACCESS_REQUEST, IAS_REQUEST_ACCOUNTING, IAS_REQUEST_CHALLENGE_RESPONSE, IAS_REQUEST_NAS_STATE, // Obsolete. IAS_REQUEST_PROXY_PACKET = 999 } IASREQUEST; // Response Identifiers typedef enum _IASRESPONSE { IAS_RESPONSE_INVALID, IAS_RESPONSE_ACCESS_ACCEPT, IAS_RESPONSE_ACCESS_REJECT, IAS_RESPONSE_ACCESS_CHALLENGE, IAS_RESPONSE_ACCOUNTING, IAS_RESPONSE_DISCARD_PACKET, // Obsolete. IAS_RESPONSE_FORWARD_PACKET = 999, IAS_RESPONSE_RAS, // New Response Identifiers Here... IAS_RESPONSE_MAX = 2048 } IASRESPONSE; // Protocol Identifiers typedef enum _IASPROTOCOL { IAS_PROTOCOL_INVALID=0, IAS_PROTOCOL_NONE, IAS_PROTOCOL_RADIUS, IAS_PROTOCOL_TACACSPLUS, IAS_PROTOCOL_LDAP, IAS_PROTOCOL_RAS // New Protocol Identifiers Here... } IASPROTOCOL; // Providers typedef enum _IASPROVIDER { IAS_PROVIDER_NONE, IAS_PROVIDER_WINDOWS, IAS_PROVIDER_RADIUS_PROXY } IASPROVIDER; interface IRequestSource; // Forward reference // Request status typedef [public] enum _IASREQUESTSTATUS { IAS_REQUEST_STATUS_ABORT, // Request cannot be handled IAS_REQUEST_STATUS_CONTINUE, // Pass request to next handler IAS_REQUEST_STATUS_HANDLED, // Request has been handled // New Status Types Here... IAS_REQUEST_STATUS_INVALID } IASREQUESTSTATUS; [ object, uuid(6BC096A7-0CE6-11D1-BAAE-00C04FC2E20D), pointer_default(unique) ] interface IRequest : IUnknown { [propget, id(1)] HRESULT Request([out, retval] LONG *pVal); [propput, id(1)] HRESULT Request([in] LONG newVal); [propget, id(2)] HRESULT Response([out, retval] LONG *pVal); [propget, id(3)] HRESULT Reason([out, retval] LONG *pVal); [propget, id(4)] HRESULT Protocol([out, retval] IASPROTOCOL *pVal); [propput, id(4)] HRESULT Protocol([in] IASPROTOCOL newVal); [propget, id(5)] HRESULT Source([out, retval] IRequestSource** pVal); [propput, id(5)] HRESULT Source([in] IRequestSource* newVal); [id(7)] HRESULT SetResponse([in] IASRESPONSE eResponse, [in] LONG lReason); [id(8)] HRESULT ReturnToSource([in] IASREQUESTSTATUS eStatus); }; //////////////////////////////////////////////////////////// // Raw interface to an IAS request object's attributes //////////////////////////////////////////////////////////// typedef struct _ATTRIBUTEPOSITION { DWORD dwReserved; // For use by request object PIASATTRIBUTE pAttribute; } ATTRIBUTEPOSITION, *PATTRIBUTEPOSITION; [ object, hidden, restricted, uuid(6BC096A8-0CE6-11D1-BAAE-00C04FC2E20D), pointer_default(unique) ] interface IAttributesRaw : IUnknown { HRESULT AddAttributes([in] DWORD dwPosCount, [in, out] PATTRIBUTEPOSITION pPositions); HRESULT RemoveAttributes([in] DWORD dwPosCount, [in] PATTRIBUTEPOSITION pPositions); HRESULT RemoveAttributesByType([in] DWORD dwAttrIDCount, [in] LPDWORD lpdwAttrIDs); HRESULT GetAttributeCount([in]LPDWORD lpdwCount); HRESULT GetAttributes([in, out] LPDWORD lpdwPosCount, [out] PATTRIBUTEPOSITION pPositions, [in] DWORD dwAttrIDCount, [in] LPDWORD lpdwAttrIDs); }; //////////////////////////////////////////////////////////// // Raw interface to an IAS request object's state //////////////////////////////////////////////////////////// [ object, hidden, restricted, uuid(6BC096BA-0CE6-11D1-BAAE-00C04FC2E20D), pointer_default(unique) ] interface IRequestState : IUnknown { HRESULT Push([in] unsigned hyper State); HRESULT Pop([out] unsigned hyper* pState); HRESULT Top([out] unsigned hyper* pState); } //////////////////////////////////////////////////////////// // Interface exported by request comsumer components //////////////////////////////////////////////////////////// [ object, uuid(6BC096AA-0CE6-11D1-BAAE-00C04FC2E20D), dual, pointer_default(unique) ] interface IRequestHandler : IDispatch { [id(1)] HRESULT OnRequest(IRequest* pRequest); }; //////////////////////////////////////////////////////////// // Interface exported by request producer components //////////////////////////////////////////////////////////// [ object, oleautomation, uuid(6BC096A9-0CE6-11D1-BAAE-00C04FC2E20D), pointer_default(unique) ] interface IRequestSource : IUnknown { HRESULT OnRequestComplete(IRequest* pRequest, IASREQUESTSTATUS eStatus); }; ////////////////////////////////////////////////////////////////////////// // Request Handler Quality Control Interface ////////////////////////////////////////////////////////////////////////// // INOPERABLE - Request handler cannot process requests. Note that this // is not necessarily a permanent condition. // // FLOODED - Request handler is too busy to accept any more requests. // // READY - Request handler is operational and can process requests. // // UNKNOWN - Initial state before the handle reports its state typedef enum _QUALITYSTATUS { QUALITY_STATUS_INOPERABLE = 0x0001, QUALITY_STATUS_FLOODED, QUALITY_STATUS_READY, QUALITY_STATUS_UNKNOWN } QUALITYSTATUS; [ object, uuid(6BC096AB-0CE6-11D1-BAAE-00C04FC2E20D), dual, pointer_default(unique) ] interface IQualityControl : IDispatch { HRESULT OnQualityNotify(QUALITYSTATUS eQualityStatus, LONG lObjectID); HRESULT SetQualityNotify(IQualityControl* pQualityControl); }; /////////////// // Type Library /////////////// [ uuid(6BC096A5-0CE6-11D1-BAAE-00C04FC2E20D), version(1.0), helpstring("IAS Policy 1.0 Type Library") ] library IASPolicyLib { importlib("stdole2.tlb"); ////////// // Classes ////////// ////////////////////////////////////////////////////////////////////////// [ uuid(6BC096B1-0CE6-11D1-BAAE-00C04FC2E20D), helpstring("Request Class") ] coclass Request { [default] interface IRequest; }; };