UMSKT
/
xpmgr
mirror of https://github.com/UMSKT/xpmgr.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xpmgr/BuildTools/Include/naptypes.idl

385 lines
11 KiB
Plaintext
Raw Blame History

////////////////////////////////////////////////////////////
//
// Copyright (c) Microsoft Corporation.
//
// SYNOPSIS
//
// IDL source for NAP data types
//
////////////////////////////////////////////////////////////
#ifndef NAPTYPES_IDL
#define NAPTYPES_IDL
import "oaidl.idl";
import "ocidl.idl";
// Range attribute does not work on pointers to types before
// Win2kSp3 and XPSP1. Revisit if we port to older OS's.
midl_pragma warning(disable : 2467)
midl_pragma warning(disable : 2466)
[pointer_default(unique)]
interface INapTypes
{
const UINT16 maxSoHAttributeCount = 100;
const UINT16 maxSoHAttributeSize = 4000;
// The SoH must be atleast 12 bytes to accomodate the
// EAP-TLV header.
const UINT16 minNetworkSoHSize = 12;
const UINT16 maxNetworkSoHSize = 4000;
const UINT16 maxDwordCountPerSoHAttribute =
maxSoHAttributeSize / sizeof(DWORD);
const UINT16 maxIpv4CountPerSoHAttribute =
maxSoHAttributeSize / 4;
const UINT16 maxIpv6CountPerSoHAttribute =
maxSoHAttributeSize / 16;
const UINT16 maxStringLength = 1024;
const UINT16 maxStringLengthInBytes =
(maxStringLength + 1) * sizeof(WCHAR);
const UINT16 maxSystemHealthEntityCount = 20;
const UINT16 maxEnforcerCount = 20;
const UINT16 maxPrivateDataSize = 200;
const UINT16 maxConnectionCountPerEnforcer = 20;
const UINT16 maxCachedSoHCount =
maxSystemHealthEntityCount *
maxEnforcerCount *
maxConnectionCountPerEnforcer;
// Flags used by NapAgent on the Enforcement
// Client Connection object.
const UINT8 freshSoHRequest = 0x1;
// Flags used while returning the SoHResponse
// to the SHAs
const UINT8 shaFixup = 0x1;
// Describes the isolation state of a machine, i.e.
// whether connectivity is affected.
typedef enum tagIsolationState
{
isolationStateNotRestricted = 1,
isolationStateInProbation = 2,
isolationStateRestrictedAccess = 3
} IsolationState;
// Describes the extended isolation states needed for ACS
typedef enum tagExtendedIsolationState
{
extendedIsolationStateNoData = 0x00,
extendedIsolationStateTransition = 0x01,
extendedIsolationStateInfected = 0x02,
extendedIsolationStateUnknown = 0x03
} ExtendedIsolationState;
// Indicates the tracing level for Nap Components
typedef enum tagNapTracingLevel
{
tracingLevelUndefined = 0,
tracingLevelBasic = 1,
tracingLevelAdvanced = 2,
tracingLevelDebug = 3
} NapTracingLevel;
// Indicates the probation time.
typedef FILETIME ProbationTime;
// Defines a counted null-terminated string. The 'len'
// field does not include the null-terminator.
//
#ifndef NAP_XP_IDL
typedef struct tagCountedString
{
UINT16 length;
[range(1, maxStringLength + 1)] [size_is(length + 1), string] WCHAR* string;
} CountedString;
#else
typedef struct tagCountedString
{
[range(0, maxStringLength)] UINT16 length;
[size_is(length + 1), string] WCHAR* string;
} CountedString;
#endif
// Defines the isolation status of the machine or of
// the connection.
//
typedef struct tagIsolationInfo
{
IsolationState isolationState;
ProbationTime probEndTime;
CountedString failureUrl;
} IsolationInfo;
// Defines the isolation status of the machine or of
// the connection.
//
typedef struct tagIsolationInfoEx
{
IsolationState isolationState;
ExtendedIsolationState extendedIsolationState;
ProbationTime probEndTime;
CountedString failureUrl;
} IsolationInfoEx;
const UINT16 failureCategoryCount = 5;
typedef enum tagFailureCategory
{
failureCategoryNone = 0,
failureCategoryOther = 1,
failureCategoryClientComponent = 2,
failureCategoryClientCommunication = 3,
failureCategoryServerComponent = 4,
failureCategoryServerCommunication = 5
} FailureCategory;
// If failures occur in the system (eg. component or
// communication failures), then the SHV may return
// a Failure-Category TLV in its SoH-Response; instead
// of making a compliance decision.
// The NAP system then maps the failure category to
// compliant or non-compliant; based on the following
// mappings, which are configurable.
// By default, all categories map to non-compliant
// (false).
//
// For ex:
// mappingCompliance[0] = mapping for OTHER
// mappingCompliance[1] = mapping for CLIENT COMPONENT
// etc.
//
// In general:
// mappingCompliance[failureCategory - 1] =
// mapping for failureCategory
//
typedef struct tagFailureCategoryMapping
{
BOOL mappingCompliance[failureCategoryCount];
} FailureCategoryMapping;
// SHAs, SHVs and enforcers identify themselves
// using 4-byte identifiers. The first 3 bytes are
// the IETF-assigned SMI code of the vendor, and the
// last byte identifies the component itself.
typedef UINT32 NapComponentId;
// Defines the IDs of the system health agents and
// validators.
typedef NapComponentId SystemHealthEntityId;
// Defines the IDs of the enforcement clients.
typedef NapComponentId EnforcementEntityId;
// Component Type
// Currently only defined for enforcement clients
//
const UINT32 ComponentTypeEnforcementClientSoH = 0x1;
const UINT32 ComponentTypeEnforcementClientRp = 0x2;
typedef [range(0, maxSystemHealthEntityCount)]
UINT16 SystemHealthEntityCount;
typedef [range(0, maxEnforcerCount)]
UINT16 EnforcementEntityCount;
// Used to correlate SoHs with SoH-Responses. The
// string version is used primarily for logging,
// whereas the byte-version is used by SHA/SHVs to
// correlate SoHs and SoH-Responses.
//
// Implementation detail: This id is a concatenation
// of the connection id (guid) followed by the
// system DCE time at which the SoH-Request was
// generated (uint64).
//
typedef struct tagCorrelationId
{
GUID connId;
FILETIME timeStamp;
} CorrelationId;
typedef CountedString StringCorrelationId;
// Connection-id is used to track connections at an
// enforcement level.
typedef GUID ConnectionId;
// Between 0 and 100, 101 if percentage is not supported.
const UINT8 percentageNotSupported = 101;
typedef [range(0, percentageNotSupported)]
UINT8 Percentage;
// Defines the resource id of a message string.
typedef UINT32 MessageId;
// Defines a list of result codes.
typedef struct tagResultCodes
{
[range(0, maxDwordCountPerSoHAttribute)] UINT16 count;
[size_is(count)] HRESULT* results;
} ResultCodes;
// Define an IPv4 Address
typedef struct tagIpv4Address
{
BYTE addr[4];
} Ipv4Address;
// Define an IPv6 Address
typedef struct tagIpv6Address
{
BYTE addr[16];
} Ipv6Address;
// Defines the fixup state of the SHA.
typedef enum tagFixupState
{
fixupStateSuccess = 0,
fixupStateInProgress = 1,
fixupStateCouldNotUpdate = 2
} FixupState;
typedef struct tagFixupInfo
{
FixupState state;
Percentage percentage;
ResultCodes resultCodes;
MessageId fixupMsgId;
} FixupInfo;
typedef enum tagNapNotifyType
{
napNotifyTypeUnknown = 0,
napNotifyTypeServiceState = 1,
napNotifyTypeQuarState = 2
} NapNotifyType;
// Dynamic state of the SHA is captured in the struct
// below.
//
// The machineHealthResultCodes and
// failureCategory fields are the Compliance-Result-Codes
// and Failure-Category category fields, respectively;
// returned in the most recent SoH-Response received
// destined for the particular SHA.
//
//
typedef struct tagSystemHealthAgentState
{
SystemHealthEntityId id;
ResultCodes shaResultCodes;
FailureCategory failureCategory;
FixupInfo fixupInfo;
} SystemHealthAgentState;
// Defines the SoH protocol between SHA/SHV and the
// NAP system.
//
typedef struct tagSoHAttribute
{
UINT16 type;
[range(0, maxSoHAttributeSize)] UINT16 size;
[size_is(size)] BYTE* value;
} SoHAttribute;
typedef struct tagSoH
{
[range(0, maxSoHAttributeCount)] UINT16 count;
[size_is(count)] SoHAttribute* attributes;
} SoH, SoHRequest, SoHResponse;
// Defines the wire SoH protocol.
//
typedef struct tagNetworkSoH
{
[range(minNetworkSoHSize, maxNetworkSoHSize)]
UINT16 size;
[size_is(size)] BYTE* data;
} NetworkSoH, NetworkSoHRequest, NetworkSoHResponse;
typedef struct tagPrivateData
{
[range(0, maxPrivateDataSize)] UINT16 size;
[size_is(size)] BYTE* data;
} PrivateData;
// Defines a registered NAP components --
// SHA, SHV or enforcer.
//
// This registration information is not localized, it is
// provided in US-English only.
//
// Some fields:-
// infoClsid: CLSID of the COM object that implements
// the INapComponentInfo interface. This interface
// is used to retrieve more detailed and localized
// information about the NAP component.
// Currently, enforcement clients do not need to
// provide a valid infoClsid.
// configClsid: CLSID of the COM object that implements
// the INapComponentConfig interface. This
// interface is used to invoke UI, and serialize/
// deserialize configuration of the NAP component.
// Currently, SHAs and enforcement clients
// do not need to provide a valid configClsid.
// componentType: specifies the type of component.
// For enforcement clients this value should be either
// ComponentTypeEnforcementClientSoH or
// ComponentTypeEnforcementClientRp,
// and it defaults to ComponentTypeEnforcementClientSoH
// if the the value is specified to 0x0.
// Currently, the Type is ignored for other
// components (SHA, SHV) and set to 0x0.
//
// While registering nap components through the
// registration APIs, the registrationDate and isBound
// fields are ignored.
//
// While retrieving information about registered nap
// components, if there is no valid infoClsid, configClsid
// or registrationDate, they are set to 0.
//
typedef struct tagNapComponentRegistrationInfo
{
NapComponentId id;
CountedString friendlyName;
CountedString description;
CountedString version;
CountedString vendorName;
CLSID infoClsid;
CLSID configClsid;
FILETIME registrationDate;
UINT32 componentType;
} NapComponentRegistrationInfo;
// Defines the type of remote configuration possible for a
// component
//
typedef enum tagRemoteConfigurationType
{
remoteConfigTypeMachine = 1,
remoteConfigTypeConfigBlob
} RemoteConfigurationType;
};
#endif // NAPTYPES_IDL
Reference in New Issue View Git Blame Copy Permalink