219 lines
7.4 KiB
C
219 lines
7.4 KiB
C
//+-------------------------------------------------------------------------
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright (C) Microsoft Corporation, 1997 - 1999
|
|
//
|
|
// File: certprot.h
|
|
//
|
|
// Contents: Certificate Protection APIs
|
|
//
|
|
// APIs: I_CertProtectFunction
|
|
// I_CertCltProtectFunction
|
|
// I_CertSrvProtectFunction
|
|
//
|
|
// History: 27-Nov-97 philh created
|
|
//--------------------------------------------------------------------------
|
|
|
|
#ifndef __CERTPROT_H__
|
|
#define __CERTPROT_H__
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Calls the services process to do a protected certificate function,
|
|
// such as, add or delete a protected root certificate.
|
|
//
|
|
// CryptMemFree must be called to free the returned *ppbOut.
|
|
//--------------------------------------------------------------------------
|
|
BOOL
|
|
WINAPI
|
|
I_CertProtectFunction(
|
|
IN DWORD dwFuncId,
|
|
IN DWORD dwFlags,
|
|
IN OPTIONAL LPCWSTR pwszIn,
|
|
IN OPTIONAL BYTE *pbIn,
|
|
IN DWORD cbIn,
|
|
OUT OPTIONAL BYTE **ppbOut,
|
|
OUT OPTIONAL DWORD *pcbOut
|
|
);
|
|
|
|
#define CERT_PROT_INIT_ROOTS_FUNC_ID 1
|
|
#define CERT_PROT_PURGE_LM_ROOTS_FUNC_ID 2
|
|
#define CERT_PROT_ADD_ROOT_FUNC_ID 3
|
|
#define CERT_PROT_DELETE_ROOT_FUNC_ID 4
|
|
#define CERT_PROT_DELETE_UNKNOWN_ROOTS_FUNC_ID 5
|
|
#define CERT_PROT_ROOT_LIST_FUNC_ID 6
|
|
#define CERT_PROT_ADD_ROOT_IN_CTL_FUNC_ID 7
|
|
#define CERT_PROT_LOG_EVENT_FUNC_ID 8
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// CERT_PROT_INIT_ROOTS_FUNC_ID
|
|
//
|
|
// Initialize the protected list of CurrentUser roots. Note, no UI.
|
|
//
|
|
// No IN/OUT parameters.
|
|
//--------------------------------------------------------------------------
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// CERT_PROT_PURGE_LM_ROOTS_FUNC_ID
|
|
//
|
|
// Purge all CurrentUser roots from the protected list that also exist
|
|
// in the LocalMachine SystemRegistry "Root" store. Also removes duplicated
|
|
// certificates from the CurrentUser SystemRegistry "Root" store.
|
|
//
|
|
// Note, no UI. Purging can be disabled by setting the
|
|
// CERT_PROT_ROOT_INHIBIT_PURGE_LM_FLAG in the registry's ProtectedRootFlags
|
|
// value.
|
|
//
|
|
// No IN/OUT parameters.
|
|
//
|
|
// Even if purging is disabled, the protected list of roots is still
|
|
// initialized.
|
|
//--------------------------------------------------------------------------
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// CERT_PROT_ADD_ROOT_FUNC_ID
|
|
//
|
|
// Add the specified certificate to the CurrentUser SystemRegistry "Root"
|
|
// store and the protected list of roots. The user is prompted before doing
|
|
// the add.
|
|
//
|
|
// pbIn and cbIn must be updated with the pointer to and length of the
|
|
// serialized certificate context to be added. No other IN/OUT parameters.
|
|
//--------------------------------------------------------------------------
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// CERT_PROT_DELETE_ROOT_FUNC_ID
|
|
//
|
|
// Delete the specified certificate from the CurrentUser SystemRegistry "Root"
|
|
// store and the protected list of roots. The user is prompted before doing
|
|
// the delete.
|
|
//
|
|
// pbIn and cbIn must be updated with the pointer to and length of the
|
|
// certificate's SHA1 hash property. No other IN/OUT parameters.
|
|
//--------------------------------------------------------------------------
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// CERT_PROT_DELETE_UNKNOWN_ROOTS_FUNC_ID
|
|
//
|
|
// Delete all CurrentUser roots from the protected list that don't also
|
|
// exist in the CurrentUser SystemRegistry "Root" store. The user is
|
|
// prompted before doing the delete.
|
|
//
|
|
// No IN/OUT parameters.
|
|
//--------------------------------------------------------------------------
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// CERT_PROT_ROOT_LIST_FUNC_ID
|
|
//
|
|
// Add or remove the signed list of certificates to/from the CurrentUser
|
|
// SystemRegistry "Root" store and the protected list of roots. The user
|
|
// isn't prompted before doing the add or remove.
|
|
//
|
|
// pbIn and cbIn must be updated with the pointer to and length of the
|
|
// serialized CTL containing the signed list of roots to be added or
|
|
// removed. No other IN/OUT parameters.
|
|
//
|
|
// CURRENTLY NOT SUPPORTED!!!
|
|
//--------------------------------------------------------------------------
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// CERT_PROT_ADD_ROOT_IN_CTL_FUNC_ID
|
|
//
|
|
// Add the certificate in the Auto Update CTL to the HKLM AuthRoot store.
|
|
//
|
|
// pbIn and cbIn must be updated with the pointer to and length of the
|
|
// serialized X.509 certificate immediately followed by the
|
|
// serialized CTL. No other IN/OUT parameters.
|
|
//--------------------------------------------------------------------------
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// CERT_PROT_LOG_EVENT_FUNC_ID
|
|
//
|
|
// Logs a crypt32 event.
|
|
//
|
|
// pbIn and cbIn must be updated to point to the following
|
|
// CERT_PROT_EVENT_LOG_PARA data structure. It contains the parameters
|
|
// passed to advapi32!ReportEventW.
|
|
//
|
|
// wNumString NULL terminated unicode strings immediately follow. Followed by
|
|
// dwDataSize binary data bytes.
|
|
//
|
|
// wCategory, wNumStrings and dwDataSize are optional.
|
|
//--------------------------------------------------------------------------
|
|
typedef struct _CERT_PROT_EVENT_LOG_PARA {
|
|
WORD wType;
|
|
WORD wCategory; // OPTIONAL, may be 0
|
|
DWORD dwEventID;
|
|
WORD wNumStrings; // OPTIONAL, may be 0
|
|
WORD wPad1;
|
|
DWORD dwDataSize; // OPTIONAL, may be 0
|
|
} CERT_PROT_EVENT_LOG_PARA, *PCERT_PROT_EVENT_LOG_PARA;
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Called from the client process to do the RPC to the server process.
|
|
//--------------------------------------------------------------------------
|
|
BOOL
|
|
WINAPI
|
|
I_CertCltProtectFunction(
|
|
IN DWORD dwFuncId,
|
|
IN DWORD dwFlags,
|
|
IN OPTIONAL LPCWSTR pwszIn,
|
|
IN OPTIONAL BYTE *pbIn,
|
|
IN DWORD cbIn,
|
|
OUT OPTIONAL BYTE **ppbOut,
|
|
OUT OPTIONAL DWORD *pcbOut
|
|
);
|
|
|
|
|
|
|
|
typedef void __RPC_FAR * (__RPC_USER *PFN_CERT_PROT_MIDL_USER_ALLOC)(
|
|
IN size_t cb
|
|
);
|
|
typedef void (__RPC_USER *PFN_CERT_PROT_MIDL_USER_FREE)(
|
|
IN void __RPC_FAR *pv
|
|
);
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Called from the services process to process a protected certificate
|
|
// function.
|
|
//
|
|
// Returns the error status, ie, not returned in LastError.
|
|
//--------------------------------------------------------------------------
|
|
DWORD
|
|
WINAPI
|
|
I_CertSrvProtectFunction(
|
|
IN handle_t hRpc,
|
|
IN DWORD dwFuncId,
|
|
IN DWORD dwFlags,
|
|
IN LPCWSTR pwszIn,
|
|
IN BYTE *pbIn,
|
|
IN DWORD cbIn,
|
|
OUT BYTE **ppbOut,
|
|
OUT DWORD *pcbOut,
|
|
IN PFN_CERT_PROT_MIDL_USER_ALLOC pfnAlloc,
|
|
IN PFN_CERT_PROT_MIDL_USER_FREE pfnFree
|
|
);
|
|
|
|
typedef DWORD (WINAPI *PFN_CERT_SRV_PROTECT_FUNCTION)(
|
|
IN handle_t hRpc,
|
|
IN DWORD dwFuncId,
|
|
IN DWORD dwFlags,
|
|
IN LPCWSTR pwszIn,
|
|
IN BYTE *pbIn,
|
|
IN DWORD cbIn,
|
|
OUT BYTE **ppbOut,
|
|
OUT DWORD *pcbOut,
|
|
IN PFN_CERT_PROT_MIDL_USER_ALLOC pfnAlloc,
|
|
IN PFN_CERT_PROT_MIDL_USER_FREE pfnFree
|
|
);
|
|
|
|
#ifdef __cplusplus
|
|
} // Balance extern "C" above
|
|
#endif
|
|
|
|
#endif
|