///////////////////////////////////////////////////////////////////////////// // FILE : autoenrl.h // // DESCRIPTION : Auto Enrollment functions // // AUTHOR : // // HISTORY : // // // // Copyright (C) 1993-1999 Microsoft Corporation All Rights Reserved // ///////////////////////////////////////////////////////////////////////////// #ifndef __AUTOENR_H__ #define __AUTOENR_H__ #if _MSC_VER > 1000 #pragma once #endif #ifdef __cplusplus extern "C" { #endif ///////////////////////////////////////////////////////////////////////////////////////////////////// // // CertAutoEnrollment // // Function to perform autoenrollment actions. // // Parameters: // IN hwndParent: The parent window // IN dwStatus: The status under which the function is called. // It can be one of the following: // CERT_AUTO_ENROLLMENT_START_UP // CERT_AUTO_ENROLLMENT_WAKE_UP // // Return Value: // HANDLE: The thread to wait on what does background autoenrollment // processing. NULL when there is no work to be done. // ///////////////////////////////////////////////////////////////////////////////////////////////////// HANDLE WINAPI CertAutoEnrollment(IN HWND hwndParent, IN DWORD dwStatus); //the autoenrollment is called when the machine is booted or user first logs on #define CERT_AUTO_ENROLLMENT_START_UP 0x01 //the autoenrollment is called when winlogon checks for policy changes #define CERT_AUTO_ENROLLMENT_WAKE_UP 0x02 ///////////////////////////////////////////////////////////////////////////////////////////////////// // // CertAutoRemove // // Function to remove enterprise specific public key trust upon domain disjoin. // Should be called under local admin's context. // // Parameters: // IN dwFlags: Should be one of the following flag: // CERT_AUTO_REMOVE_COMMIT // CERT_AUTO_REMOVE_ROLL_BACK // // Return Value: // BOOL: TURE is upon success // ///////////////////////////////////////////////////////////////////////////////////////////////////// BOOL WINAPI CertAutoRemove(IN DWORD dwFlags); //remove enterprise specific public key trust upon domain disjoin #define CERT_AUTO_REMOVE_COMMIT 0x01 //roll back all the publick key trust #define CERT_AUTO_REMOVE_ROLL_BACK 0x02 ///////////////////////////////////////////////////////////////////////////////////////////////////// // // Registry locations for userinit to check the autoenrollment requirements // ///////////////////////////////////////////////////////////////////////////////////////////////////// //registry key for group policy settings #define AUTO_ENROLLMENT_KEY TEXT("SOFTWARE\\Policies\\Microsoft\\Cryptography\\AutoEnrollment") #define AUTO_ENROLLMENT_POLICY TEXT("AEPolicy") //registry key for user/machine wake up mode flags #define AUTO_ENROLLMENT_FLAG_KEY TEXT("SOFTWARE\\Microsoft\\Cryptography\\AutoEnrollment") #define AUTO_ENROLLMENT_FLAG TEXT("AEFlags") //possible flags for AUTO_ENROLLMENT_POLICY //the upper two bytes specify the behavior; //the lower two bytes enable/disable individual autoenrollment components #define AUTO_ENROLLMENT_ENABLE_TEMPLATE_CHECK 0x00000001 #define AUTO_ENROLLMENT_ENABLE_MY_STORE_MANAGEMENT 0x00000002 #define AUTO_ENROLLMENT_ENABLE_PENDING_FETCH 0x00000004 //we will always check the user ds store. //#define AUTO_ENROLLMENT_ENABLE_USER_DS_STORE 0x00000008 #define AUTO_ENROLLMENT_DISABLE_ALL 0x00008000 #define AUTO_ENROLLMENT_BLOCK_USER_DS_STORE 0x00010000 //possible flags for AUTO_ENROLLMENT_FLAG #define AUTO_ENROLLMENT_WAKE_UP_REQUIRED 0x01 // 8 hour default autoenrollment rate #define AE_DEFAULT_REFRESH_RATE 8 // policy location for autoenrollment rate #define SYSTEM_POLICIES_KEY L"Software\\Policies\\Microsoft\\Windows\\System" ///////////////////////////////////////////////////////////////////////////////////////////////////// // // Timer/Event name for autoenrollment // ///////////////////////////////////////////////////////////////////////////////////////////////////// #define MACHINE_AUTOENROLLMENT_TIMER_NAME L"AUTOENRL:MachineEnrollmentTimer" #define USER_AUTOENROLLMENT_TIMER_NAME L"AUTOENRL:UserEnrollmentTimer" #define MACHINE_AUTOENROLLMENT_TRIGGER_EVENT TEXT("AUTOENRL:TriggerMachineEnrollment") #define USER_AUTOENROLLMENT_TRIGGER_EVENT TEXT("AUTOENRL:TriggerUserEnrollment") ///////////////////////////////////////////////////////////////////////////////////////////////////// // // W2K autoenrollment defines // ///////////////////////////////////////////////////////////////////////////////////////////////////// typedef struct _AUTO_ENROLL_INFO_ { LPSTR pszAutoEnrollProvider; LPWSTR pwszCertType; LPCWSTR pwszAutoEnrollmentID; HCERTSTORE hMYStore; BOOL fRenewal; PCCERT_CONTEXT pOldCert; DWORD dwProvType; DWORD dwKeySpec; DWORD dwGenKeyFlags; CERT_EXTENSIONS CertExtensions; LPWSTR pwszCAMachine; LPWSTR pwszCAAuthority; } AUTO_ENROLL_INFO, *PAUTO_ENROLL_INFO; DWORD AutoEnrollWrapper( PVOID CallbackState ); BOOL ProvAutoEnrollment( IN BOOL fMachineEnrollment, IN PAUTO_ENROLL_INFO pInfo ); typedef struct _CA_HASH_ENTRY_ { DWORD cbHash; BYTE rgbHash[32]; } CA_HASH_ENTRY, *PCA_HASH_ENTRY; #ifdef __cplusplus } // Balance extern "C" above #endif #endif // __AUTOENR_H__