mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
396 lines
11 KiB
396 lines
11 KiB
///////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
|
//
|
|
// Module: iaspolcy.idl
|
|
//
|
|
// Project: Everest
|
|
//
|
|
// Description: IAS Policy Subsystem Interface
|
|
//
|
|
// Author: TLP 12/1/97
|
|
//
|
|
///////////////////////////////////////////////////////////////////////////
|
|
|
|
// This file will be processed by the MIDL tool to
|
|
// produce the type library (iaspolcy.tlb) and marshalling code.
|
|
|
|
import "oaidl.idl";
|
|
import "ocidl.idl";
|
|
|
|
//////////
|
|
// IAS Reason-Codes
|
|
//////////
|
|
typedef enum {
|
|
IAS_SUCCESS = 0x00,
|
|
IAS_INTERNAL_ERROR = 0x01,
|
|
IAS_ACCESS_DENIED = 0x02,
|
|
IAS_MALFORMED_REQUEST = 0x03,
|
|
IAS_GLOBAL_CATALOG_UNAVAILABLE = 0x04,
|
|
IAS_DOMAIN_UNAVAILABLE = 0x05,
|
|
IAS_SERVER_UNAVAILABLE = 0x06,
|
|
IAS_NO_SUCH_DOMAIN = 0x07,
|
|
IAS_NO_SUCH_USER = 0x08,
|
|
|
|
IAS_AUTH_FAILURE = 0x10,
|
|
IAS_CHANGE_PASSWORD_FAILURE = 0x11,
|
|
IAS_UNSUPPORTED_AUTH_TYPE = 0x12,
|
|
IAS_NO_CLEARTEXT_PASSWORD = 0x13,
|
|
IAS_LM_NOT_ALLOWED = 0x14,
|
|
|
|
IAS_LOCAL_USERS_ONLY = 0x20,
|
|
IAS_PASSWORD_MUST_CHANGE = 0x21,
|
|
IAS_ACCOUNT_DISABLED = 0x22,
|
|
IAS_ACCOUNT_EXPIRED = 0x23,
|
|
IAS_ACCOUNT_LOCKED_OUT = 0x24,
|
|
IAS_INVALID_LOGON_HOURS = 0x25,
|
|
IAS_ACCOUNT_RESTRICTION = 0x26,
|
|
|
|
IAS_NO_POLICY_MATCH = 0x30,
|
|
IAS_NO_CONNECTION_REQUEST_POLICY_MATCH = 0x31,
|
|
|
|
IAS_DIALIN_LOCKED_OUT = 0x40,
|
|
IAS_DIALIN_DISABLED = 0x41,
|
|
IAS_INVALID_AUTH_TYPE = 0x42,
|
|
IAS_INVALID_CALLING_STATION = 0x43,
|
|
IAS_INVALID_DIALIN_HOURS = 0x44,
|
|
IAS_INVALID_CALLED_STATION = 0x45,
|
|
IAS_INVALID_PORT_TYPE = 0x46,
|
|
IAS_DIALIN_RESTRICTION = 0x47,
|
|
IAS_CPW_NOT_ALLOWED = 0x48,
|
|
IAS_INVALID_CERT_EKU = 0x49,
|
|
|
|
IAS_NO_RECORD = 0x50,
|
|
|
|
IAS_SESSION_TIMEOUT = 0x60,
|
|
IAS_UNEXPECTED_REQUEST = 0x61,
|
|
|
|
IAS_PROXY_REJECT = 0x70,
|
|
IAS_PROXY_UNKNOWN_GROUP = 0x71,
|
|
IAS_PROXY_UNKNOWN_SERVER = 0x72,
|
|
IAS_PROXY_PACKET_TOO_LONG = 0x73,
|
|
IAS_PROXY_SEND_ERROR = 0x74,
|
|
IAS_PROXY_TIMEOUT = 0x75,
|
|
IAS_PROXY_MALFORMED_RESPONSE = 0x76
|
|
|
|
} IASREASON;
|
|
|
|
/////////////////////////////////////////////
|
|
// IASATTRIBUTE structure (raw IAS attribute)
|
|
/////////////////////////////////////////////
|
|
|
|
// Allowed syntaxes
|
|
typedef enum IASTYPEENUM {
|
|
IASTYPE_INVALID = 0,
|
|
IASTYPE_BOOLEAN,
|
|
IASTYPE_INTEGER,
|
|
IASTYPE_ENUM,
|
|
IASTYPE_INET_ADDR,
|
|
IASTYPE_STRING,
|
|
IASTYPE_OCTET_STRING,
|
|
IASTYPE_UTC_TIME,
|
|
IASTYPE_PROV_SPECIFIC
|
|
} IASTYPE;
|
|
|
|
// C/C++ type for each allowed syntax.
|
|
typedef DWORD IAS_BOOLEAN, *PIAS_BOOLEAN;
|
|
|
|
typedef DWORD IAS_INTEGER, *PIAS_INTEGER;
|
|
|
|
typedef DWORD IAS_ENUM, *PIAS_ENUM;
|
|
|
|
typedef DWORD IAS_INET_ADDR, *PIAS_INET_ADDR;
|
|
|
|
typedef FILETIME IAS_UTC_TIME, *PIAS_UTC_TIME;
|
|
|
|
typedef struct _IAS_STRING {
|
|
LPSTR pszAnsi;
|
|
LPWSTR pszWide;
|
|
} IAS_STRING, *PIAS_STRING;
|
|
|
|
typedef struct _IAS_OCTET_STRING {
|
|
DWORD dwLength;
|
|
BYTE *lpValue;
|
|
} IAS_OCTET_STRING, *PIAS_OCTET_STRING;
|
|
|
|
typedef IAS_OCTET_STRING IAS_PROV_SPECIFIC, *PIAS_PROV_SPECIFIC;
|
|
|
|
// Attribute value structure.
|
|
typedef struct _IASVALUE
|
|
{
|
|
IASTYPE itType;
|
|
[ switch_is((DWORD)itType) ] union
|
|
{
|
|
[ case(IASTYPE_BOOLEAN) ]
|
|
IAS_BOOLEAN Boolean;
|
|
[ case(IASTYPE_INTEGER) ]
|
|
IAS_INTEGER Integer;
|
|
[ case(IASTYPE_ENUM) ]
|
|
IAS_ENUM Enumerator;
|
|
[ case(IASTYPE_INET_ADDR) ]
|
|
IAS_INET_ADDR InetAddr;
|
|
[ case(IASTYPE_STRING) ]
|
|
IAS_STRING String;
|
|
[ case(IASTYPE_OCTET_STRING) ]
|
|
IAS_OCTET_STRING OctetString;
|
|
[ case(IASTYPE_UTC_TIME) ]
|
|
IAS_UTC_TIME UTCTime;
|
|
[ case(IASTYPE_PROV_SPECIFIC) ]
|
|
IAS_PROV_SPECIFIC ProviderSpecific;
|
|
};
|
|
} IASVALUE, *PIASVALUE;
|
|
|
|
//
|
|
// these are the bit values
|
|
cpp_quote ("#define IAS_INCLUDE_IN_ACCEPT 0x00000001")
|
|
cpp_quote ("#define IAS_INCLUDE_IN_REJECT 0x00000002")
|
|
cpp_quote ("#define IAS_INCLUDE_IN_CHALLENGE 0x00000004")
|
|
cpp_quote ("#define IAS_INCLUDE_IN_RESPONSE (IAS_INCLUDE_IN_ACCEPT | IAS_INCLUDE_IN_REJECT | IAS_INCLUDE_IN_CHALLENGE)")
|
|
cpp_quote ("#define IAS_RECVD_FROM_CLIENT 0x00000008")
|
|
cpp_quote ("#define IAS_RECVD_FROM_PROTOCOL 0x00000010")
|
|
|
|
// Attribute structure.
|
|
typedef struct _IASATTRIBUTE {
|
|
|
|
/////////////////////////////////////////////////////////////////
|
|
// (1) dwReserved should be hidden from users
|
|
// (2) dwFlags is temporary... plan is to have an in attribute
|
|
// collection and an out attribute collection on the request.
|
|
//
|
|
// Make these changes after NT 5 beta.
|
|
/////////////////////////////////////////////////////////////////
|
|
|
|
DWORD dwReserved; // Reserved (reference count)
|
|
DWORD dwFlags; // Reserved (protocol state)
|
|
DWORD dwId; // Unique attribute ID - from IAS Dictionary
|
|
IASVALUE Value; // Attribute value
|
|
|
|
} IASATTRIBUTE, *PIASATTRIBUTE;
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
// IAS request object interface
|
|
////////////////////////////////////////////////////////////
|
|
|
|
// Request Identifiers
|
|
typedef enum _IASREQUEST
|
|
{
|
|
IAS_REQUEST_ACCESS_REQUEST,
|
|
IAS_REQUEST_ACCOUNTING,
|
|
IAS_REQUEST_CHALLENGE_RESPONSE,
|
|
IAS_REQUEST_NAS_STATE,
|
|
|
|
// Obsolete.
|
|
IAS_REQUEST_PROXY_PACKET = 999
|
|
|
|
} IASREQUEST;
|
|
|
|
// Response Identifiers
|
|
typedef enum _IASRESPONSE
|
|
{
|
|
IAS_RESPONSE_INVALID,
|
|
IAS_RESPONSE_ACCESS_ACCEPT,
|
|
IAS_RESPONSE_ACCESS_REJECT,
|
|
IAS_RESPONSE_ACCESS_CHALLENGE,
|
|
IAS_RESPONSE_ACCOUNTING,
|
|
IAS_RESPONSE_DISCARD_PACKET,
|
|
|
|
// Obsolete.
|
|
IAS_RESPONSE_FORWARD_PACKET = 999,
|
|
IAS_RESPONSE_RAS,
|
|
// New Response Identifiers Here...
|
|
|
|
IAS_RESPONSE_MAX = 2048
|
|
|
|
} IASRESPONSE;
|
|
|
|
// Protocol Identifiers
|
|
typedef enum _IASPROTOCOL
|
|
{
|
|
IAS_PROTOCOL_INVALID=0,
|
|
IAS_PROTOCOL_NONE,
|
|
IAS_PROTOCOL_RADIUS,
|
|
IAS_PROTOCOL_TACACSPLUS,
|
|
IAS_PROTOCOL_LDAP,
|
|
IAS_PROTOCOL_RAS
|
|
// New Protocol Identifiers Here...
|
|
|
|
} IASPROTOCOL;
|
|
|
|
// Providers
|
|
typedef enum _IASPROVIDER
|
|
{
|
|
IAS_PROVIDER_NONE,
|
|
IAS_PROVIDER_WINDOWS,
|
|
IAS_PROVIDER_RADIUS_PROXY
|
|
|
|
} IASPROVIDER;
|
|
|
|
interface IRequestSource; // Forward reference
|
|
|
|
// Request status
|
|
typedef [public] enum _IASREQUESTSTATUS
|
|
{
|
|
IAS_REQUEST_STATUS_ABORT, // Request cannot be handled
|
|
IAS_REQUEST_STATUS_CONTINUE, // Pass request to next handler
|
|
IAS_REQUEST_STATUS_HANDLED, // Request has been handled
|
|
// New Status Types Here...
|
|
IAS_REQUEST_STATUS_INVALID
|
|
|
|
} IASREQUESTSTATUS;
|
|
|
|
[
|
|
object,
|
|
uuid(6BC096A7-0CE6-11D1-BAAE-00C04FC2E20D),
|
|
pointer_default(unique)
|
|
]
|
|
interface IRequest : IUnknown
|
|
{
|
|
[propget, id(1)] HRESULT Request([out, retval] LONG *pVal);
|
|
[propput, id(1)] HRESULT Request([in] LONG newVal);
|
|
[propget, id(2)] HRESULT Response([out, retval] LONG *pVal);
|
|
[propget, id(3)] HRESULT Reason([out, retval] LONG *pVal);
|
|
[propget, id(4)] HRESULT Protocol([out, retval] IASPROTOCOL *pVal);
|
|
[propput, id(4)] HRESULT Protocol([in] IASPROTOCOL newVal);
|
|
[propget, id(5)] HRESULT Source([out, retval] IRequestSource** pVal);
|
|
[propput, id(5)] HRESULT Source([in] IRequestSource* newVal);
|
|
[id(7)] HRESULT SetResponse([in] IASRESPONSE eResponse,
|
|
[in] LONG lReason);
|
|
[id(8)] HRESULT ReturnToSource([in] IASREQUESTSTATUS eStatus);
|
|
};
|
|
|
|
////////////////////////////////////////////////////////////
|
|
// Raw interface to an IAS request object's attributes
|
|
////////////////////////////////////////////////////////////
|
|
|
|
typedef struct _ATTRIBUTEPOSITION
|
|
{
|
|
DWORD dwReserved; // For use by request object
|
|
PIASATTRIBUTE pAttribute;
|
|
|
|
} ATTRIBUTEPOSITION, *PATTRIBUTEPOSITION;
|
|
|
|
[
|
|
object,
|
|
hidden,
|
|
restricted,
|
|
uuid(6BC096A8-0CE6-11D1-BAAE-00C04FC2E20D),
|
|
pointer_default(unique)
|
|
]
|
|
interface IAttributesRaw : IUnknown
|
|
{
|
|
HRESULT AddAttributes([in] DWORD dwPosCount, [in, out] PATTRIBUTEPOSITION pPositions);
|
|
HRESULT RemoveAttributes([in] DWORD dwPosCount, [in] PATTRIBUTEPOSITION pPositions);
|
|
HRESULT RemoveAttributesByType([in] DWORD dwAttrIDCount, [in] LPDWORD lpdwAttrIDs);
|
|
HRESULT GetAttributeCount([in]LPDWORD lpdwCount);
|
|
HRESULT GetAttributes([in, out] LPDWORD lpdwPosCount, [out] PATTRIBUTEPOSITION pPositions, [in] DWORD dwAttrIDCount, [in] LPDWORD lpdwAttrIDs);
|
|
};
|
|
|
|
////////////////////////////////////////////////////////////
|
|
// Raw interface to an IAS request object's state
|
|
////////////////////////////////////////////////////////////
|
|
[
|
|
object,
|
|
hidden,
|
|
restricted,
|
|
uuid(6BC096BA-0CE6-11D1-BAAE-00C04FC2E20D),
|
|
pointer_default(unique)
|
|
]
|
|
interface IRequestState : IUnknown
|
|
{
|
|
HRESULT Push([in] unsigned hyper State);
|
|
HRESULT Pop([out] unsigned hyper* pState);
|
|
HRESULT Top([out] unsigned hyper* pState);
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
// Interface exported by request comsumer components
|
|
////////////////////////////////////////////////////////////
|
|
[
|
|
object,
|
|
uuid(6BC096AA-0CE6-11D1-BAAE-00C04FC2E20D),
|
|
dual,
|
|
pointer_default(unique)
|
|
]
|
|
interface IRequestHandler : IDispatch
|
|
{
|
|
[id(1)] HRESULT OnRequest(IRequest* pRequest);
|
|
};
|
|
|
|
////////////////////////////////////////////////////////////
|
|
// Interface exported by request producer components
|
|
////////////////////////////////////////////////////////////
|
|
[
|
|
object,
|
|
oleautomation,
|
|
uuid(6BC096A9-0CE6-11D1-BAAE-00C04FC2E20D),
|
|
pointer_default(unique)
|
|
]
|
|
interface IRequestSource : IUnknown
|
|
{
|
|
HRESULT OnRequestComplete(IRequest* pRequest, IASREQUESTSTATUS eStatus);
|
|
};
|
|
|
|
//////////////////////////////////////////////////////////////////////////
|
|
// Request Handler Quality Control Interface
|
|
//////////////////////////////////////////////////////////////////////////
|
|
|
|
// INOPERABLE - Request handler cannot process requests. Note that this
|
|
// is not necessarily a permanent condition.
|
|
//
|
|
// FLOODED - Request handler is too busy to accept any more requests.
|
|
//
|
|
// READY - Request handler is operational and can process requests.
|
|
//
|
|
// UNKNOWN - Initial state before the handle reports its state
|
|
|
|
typedef enum _QUALITYSTATUS
|
|
{
|
|
QUALITY_STATUS_INOPERABLE = 0x0001,
|
|
QUALITY_STATUS_FLOODED,
|
|
QUALITY_STATUS_READY,
|
|
QUALITY_STATUS_UNKNOWN
|
|
|
|
} QUALITYSTATUS;
|
|
|
|
[
|
|
object,
|
|
uuid(6BC096AB-0CE6-11D1-BAAE-00C04FC2E20D),
|
|
dual,
|
|
pointer_default(unique)
|
|
]
|
|
interface IQualityControl : IDispatch
|
|
{
|
|
HRESULT OnQualityNotify(QUALITYSTATUS eQualityStatus, LONG lObjectID);
|
|
HRESULT SetQualityNotify(IQualityControl* pQualityControl);
|
|
};
|
|
|
|
|
|
///////////////
|
|
// Type Library
|
|
///////////////
|
|
|
|
[
|
|
uuid(6BC096A5-0CE6-11D1-BAAE-00C04FC2E20D),
|
|
version(1.0),
|
|
helpstring("IAS Policy 1.0 Type Library")
|
|
]
|
|
|
|
library IASPolicyLib
|
|
{
|
|
importlib("stdole2.tlb");
|
|
|
|
//////////
|
|
// Classes
|
|
//////////
|
|
|
|
//////////////////////////////////////////////////////////////////////////
|
|
[
|
|
uuid(6BC096B1-0CE6-11D1-BAAE-00C04FC2E20D),
|
|
helpstring("Request Class")
|
|
]
|
|
coclass Request
|
|
{
|
|
[default] interface IRequest;
|
|
};
|
|
};
|