|
|
//////////////////////////////////////////////////////////////////////
//Module: Static/StaticSetUtils.cpp
// Purpose: Static Set auxiliary functions Implementation.
// Developers Name: Surya
// History:
// Date Author Comments
// 10-8-2001 Bharat Initial Version. SCM Base line 1.0
// <creation> <author>
// <modification> <author> <comments, references to code sections,
// in case of bug fixes>
//////////////////////////////////////////////////////////////////////
#include "nshipsec.h"
//////////////////////////////////////////////////////////////////////
//Function: IsDSAvailable()
//Date of Creation: 21st Aug 2001
//Parameters:
// OUT LPTSTR * pszPath
//Return: BOOL
//Description:
// This function checks whether DS exists
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
//////////////////////////////////////////////////////////////////////
BOOL IsDSAvailable( OUT LPTSTR * pszPath ) { HRESULT hr = S_OK; IADs * pintIADs = NULL; VARIANT var; BSTR bstrName = NULL; DWORD dwReturn = ERROR_SUCCESS , dwStrLenAlloc = 0,dwStrLenCpy = 0; BOOL bDSAvailable = FALSE ;
hr = ADsGetObject(_TEXT("LDAP://rootDSE"), IID_IADs, (void **)&pintIADs);
if ( SUCCEEDED(hr) ) { if ( pszPath ) { dwReturn = AllocBSTRMem(_TEXT("defaultNamingContext"),bstrName);
if(dwReturn == ERROR_OUTOFMEMORY) { PrintErrorMessage(WIN32_ERR,ERROR_OUTOFMEMORY,NULL); BAIL_OUT; }
pintIADs->Get(bstrName, &var); SysFreeString(bstrName);
if ( SUCCEEDED(hr) ) { dwStrLenAlloc = wcslen(var.bstrVal) + wcslen(_TEXT("LDAP://")); *pszPath = (LPTSTR) ::CoTaskMemAlloc(sizeof(OLECHAR) * (dwStrLenAlloc+1)); if (*pszPath == NULL) { PrintErrorMessage(WIN32_ERR,ERROR_OUTOFMEMORY,NULL); BAIL_OUT; } wcsncpy(*pszPath, _TEXT("LDAP://"),dwStrLenAlloc+1); dwStrLenCpy = wcslen(*pszPath); wcsncat(*pszPath, var.bstrVal,dwStrLenAlloc-dwStrLenCpy+1); } } bDSAvailable = TRUE; } if ( pintIADs ) { pintIADs->Release(); } error: return bDSAvailable; }
//////////////////////////////////////////////////////////////////////
//
// Function: FindObject
//
// Date of Creation: 21st Aug 2001
//
//
// Pre-conditions:
//
// Runs on a machine that is part of an NT5 domain
//
// Parameters:
//
// IN szName the friendly name to find
// IN cls the class of the object
// OUT szPath ADS path returned on success
// Or the ADS path to the domain on failure
//
// Return :
//
// E_FAIL if object not found
// anything from GetGC
// S_OK for success
//
// Description:
// Finds particular object in the DS. The objects supported
// right now are any in the objectClass enum type
// Revision History:
// <Version number, Change request number, Date of modification,
// Author, Nature of change>
//////////////////////////////////////////////////////////////////////
HRESULT FindObject( IN LPTSTR szName, IN objectClass cls, OUT LPTSTR & szPath ) { _TCHAR szFilter[IDS_MAX_FILTLEN] = {0}; // the search filter we'll use
_TCHAR szSearchBase[IDS_MAX_FILTLEN] = {0}; // the root to search from
LPTSTR pszAttr[] = {_TEXT("distinguishedName")}; DWORD dwAttrCount = 1 , dwStrLen = 0; HRESULT hrStatus = S_OK;
IDirectorySearch * pintSearch = NULL;
szPath = NULL;
if ( !IsDSAvailable(&szPath) ) { return E_IDS_NO_DS; } else if ( !szName ) { return E_INVALIDARG; } // determine what we're looking for
// and set up the filter
_tcsncpy(szSearchBase, _TEXT("LDAP://"),IDS_MAX_FILTLEN-1);
switch (cls) { case OBJCLS_OU: _tcsncpy(szFilter, _TEXT("(&(objectClass=organizationalUnit)(name="),IDS_MAX_FILTLEN-1); break; case OBJCLS_GPO: _tcsncpy(szFilter, _TEXT("(&(objectClass=groupPolicyContainer)(displayName="),IDS_MAX_FILTLEN-1); dwStrLen = _tcslen(szSearchBase); _tcsncat(szSearchBase, _TEXT("CN=Policies,CN=System,"),IDS_MAX_FILTLEN-dwStrLen-1); break; case OBJCLS_IPSEC_POLICY: _tcsncpy(szFilter, _TEXT("(&(objectClass=ipsecPolicy)(ipsecName="),IDS_MAX_FILTLEN-1); dwStrLen = _tcslen(szSearchBase); _tcsncat(szSearchBase, _TEXT("CN=IP Security,CN=System,"),IDS_MAX_FILTLEN-dwStrLen-1); break; case OBJCLS_CONTAINER: _tcsncpy(szFilter, _TEXT("(&(objectClass=container)(cn="),IDS_MAX_FILTLEN-1); break; case OBJCLS_COMPUTER: _tcsncpy(szFilter, _TEXT("(&(objectClass=computer)(cn="),IDS_MAX_FILTLEN-1); break; default: return CO_E_NOT_SUPPORTED; }
dwStrLen = _tcslen(szFilter); _tcsncat(szFilter, szName,IDS_MAX_FILTLEN-dwStrLen-1);
dwStrLen = _tcslen(szFilter); _tcsncat(szFilter, TEXT("))"),IDS_MAX_FILTLEN-dwStrLen-1);
dwStrLen = _tcslen(szSearchBase); _tcsncat(szSearchBase, szPath + 7,IDS_MAX_FILTLEN-dwStrLen-1); // get's past the LDAP://
// the filter and search base are set up now
// we need to get the IDirectorySearch interface
// from the root of the domain
hrStatus = ADsGetObject(szSearchBase, IID_IDirectorySearch, (void **)&pintSearch); if ( SUCCEEDED(hrStatus) ) { ADS_SEARCH_HANDLE hSearch = NULL;
hrStatus = pintSearch->ExecuteSearch(szFilter, pszAttr, dwAttrCount, &hSearch);
if ( SUCCEEDED(hrStatus) ) { hrStatus = pintSearch->GetFirstRow(hSearch); // at this point, if we have a row, we have found the
// object.
if ( S_ADS_NOMORE_ROWS == hrStatus ) { hrStatus = E_FAIL; } else if ( SUCCEEDED(hrStatus) ) { ADS_SEARCH_COLUMN adsCol = {0};
hrStatus = pintSearch->GetColumn(hSearch, pszAttr[0], &adsCol);
if ( SUCCEEDED(hrStatus) && adsCol.pADsValues->dwType == ADSTYPE_DN_STRING ) {
if ( szPath ) CoTaskMemFree(szPath);
dwStrLen = _tcslen(adsCol.pADsValues->DNString) + _tcslen(TEXT("LDAP://")); szPath = (LPTSTR)::CoTaskMemAlloc((dwStrLen +1) * sizeof(_TCHAR)); if (szPath == NULL) { hrStatus=HRESULT_FROM_WIN32(ERROR_OUTOFMEMORY); BAIL_OUT; } memset(szPath ,0 ,(dwStrLen+1)*sizeof(TCHAR)); _tcsncpy(szPath, _TEXT("LDAP://"),dwStrLen+1);
_tcsncat(szPath, adsCol.pADsValues->DNString,dwStrLen- (_tcslen(szPath))+1);
} else { hrStatus = E_IDS_NODNSTRING; }
pintSearch->FreeColumn( &adsCol ); }
pintSearch->CloseSearchHandle(hSearch); } } if ( pintSearch ) { pintSearch->Release(); } error: return hrStatus; }
//////////////////////////////////////////////////////////////////////////////
// Function: AssignIPSecPolicyToGPO
//
// Purpose:
//
// Assigns (or unassigns) IPSec pol to GPO
//
// Pre-conditions: None
//
// Parameters:
//
// IN szPolicyName ADsPath or name of ipsec pol
// IN szGPO ADsPath or name of GPO
// IN BOOL bAssign
//
// Returns:
//
// ADSI errors
// S_OK on success
//
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
//////////////////////////////////////////////////////////////////////////////
HRESULT AssignIPSecPolicyToGPO( IN LPTSTR szPolicyName, IN LPTSTR szGPO, IN BOOL bAssign ) { HRESULT hr = S_OK; LPTSTR szIPSecPolPath = NULL, szGPOPath = NULL;
_TCHAR szMachinePath[IDS_MAX_PATHLEN] = {0};
IGroupPolicyObject * pintGPO = NULL; GUID guidClientExt = CLSID_IPSECClientEx; GUID guidSnapin = CLSID_Snapin;
hr = CoInitialize(NULL);
if (FAILED(hr)) { BAIL_OUT; }
if ( !szGPO ) { return E_INVALIDARG; } //
// First, get the ipsec policy object
// and get the GPO objects
//
if ( szPolicyName && !IsADsPath(szPolicyName) ) { hr = FindObject(szPolicyName, OBJCLS_IPSEC_POLICY, szIPSecPolPath); } else { szIPSecPolPath = szPolicyName; } // now get the GPO
if ( SUCCEEDED(hr) ) { if ( !IsADsPath(szGPO) ) { hr = FindObject(szGPO, OBJCLS_GPO, szGPOPath); } else { szGPOPath = szGPO; }
hr = CoCreateInstance(CLSID_GroupPolicyObject, NULL, CLSCTX_ALL, IID_IGroupPolicyObject, (void **)&pintGPO);
if ( SUCCEEDED(hr) ) { //
// we need to hand off the domain path name
// FindObject returned it in szPath
//
hr = pintGPO->OpenDSGPO(szGPOPath, FALSE); if ( SUCCEEDED(hr) ) { //
// We want to get the path to the GPO's machine container
//
hr = pintGPO->GetDSPath(GPO_SECTION_MACHINE, szMachinePath, IDS_MAX_PATHLEN); } } } if ( SUCCEEDED(hr) ) { LPTSTR szName = NULL, szDescription = NULL;
if ( szIPSecPolPath ) { if(bAssign) { //
// Assignment
hr = GetIPSecPolicyInfo(szIPSecPolPath, szName, szDescription); if ( SUCCEEDED(hr) ) { // if description is NULL, pass blank str to make ADSI happy
//
hr = AddPolicyInformationToGPO(szMachinePath, szName, (szDescription) ? szDescription : TEXT(" "), szIPSecPolPath);
// Need to write the changes to the GPO
if ( SUCCEEDED(hr) ) { hr = pintGPO->Save(TRUE, TRUE, &guidClientExt, &guidSnapin); } } if ( szName ) CoTaskMemFree(szName); if ( szDescription ) CoTaskMemFree(szDescription); } else { // Unassignment
hr = DeletePolicyInformationFromGPO(szMachinePath); // Need to write the changes to the GPO
if ( SUCCEEDED(hr) ) { pintGPO->Save(TRUE, FALSE, &guidClientExt, &guidSnapin); } } } } if ( pintGPO ) pintGPO->Release(); error: return hr; }
//////////////////////////////////////////////////////////////////////////////
//
// Function: GetIPSecPolicyInfo
//
// Purpose:
//
// Gets the name and description of an ipsec policy
// given an ADs path to the policy
//
// Pre-conditions: None
//
// Parameters:
// IN szPath ADsPath to policy
// OUT szName, szDescription
// NOTE: caller MUST free with CoTaskMemFree
//
// Returns:
// anything from ADsGetObject
// E_FAIL if Name not found
//
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
//////////////////////////////////////////////////////////////////////////////
HRESULT GetIPSecPolicyInfo( IN LPTSTR szPath, OUT LPTSTR & szName, OUT LPTSTR & szDescription ) { HRESULT hr = S_OK; DWORD dwNumAttr = 2, dwNumRecvd = 0, dwStrLen = 0;
LPTSTR pszAttr[] = {TEXT("ipsecName"), TEXT("description")}; ADS_ATTR_INFO * pattrInfo = NULL; IDirectoryObject * pintDirObj = NULL; //
// init these to NULL, if the attr's not found, they will stay NULL
//
szName = szDescription = NULL;
hr = ADsGetObject(szPath, IID_IDirectoryObject, (void **)&pintDirObj); BAIL_ON_FAILURE(hr);
hr = pintDirObj->GetObjectAttributes(pszAttr, dwNumAttr, &pattrInfo, &dwNumRecvd); BAIL_ON_FAILURE(hr); for ( DWORD i = 0; i < dwNumRecvd; ++i ) { if ( !_tcscmp(pattrInfo[i].pszAttrName, TEXT("ipsecName")) ) { dwStrLen = _tcslen(pattrInfo[i].pADsValues->DNString); szName = (LPTSTR)CoTaskMemAlloc((dwStrLen + 1) * sizeof (_TCHAR)); if (szName == NULL) { hr=HRESULT_FROM_WIN32(ERROR_OUTOFMEMORY); BAIL_OUT; } _tcsncpy(szName, pattrInfo[i].pADsValues->DNString,dwStrLen + 1); } else if ( !_tcscmp(pattrInfo[i].pszAttrName, TEXT("description")) ) { dwStrLen = _tcslen(pattrInfo[i].pADsValues->DNString); szDescription = (LPTSTR)CoTaskMemAlloc((dwStrLen + 1) * sizeof (_TCHAR)); if (szDescription == NULL) { hr=HRESULT_FROM_WIN32(ERROR_OUTOFMEMORY); BAIL_OUT; } _tcsncpy(szDescription, pattrInfo[i].pADsValues->DNString,dwStrLen + 1); } } pintDirObj->Release(); FreeADsMem(pattrInfo); //
// if szName is NULL, it wasn't found and it is an error
// description CAN be NULL
//
if ( !szName ) { hr = E_FAIL; } error: return hr; }
///////////////////////////////////////////////////////////////////////////
//Function: CreateDirectoryAndBindToObject()
//Date of Creation: 21st Aug 2001
//Parameters:
// IDirectoryObject * pParentContainer,
// LPWSTR pszCommonName,
// LPWSTR pszObjectClass,
// IDirectoryObject ** ppDirectoryObject
//Return: HRESULT
//Description:
// This function created a AD object
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////////
HRESULT CreateDirectoryAndBindToObject( IDirectoryObject * pParentContainer, LPWSTR pszCommonName, LPWSTR pszObjectClass, IDirectoryObject ** ppDirectoryObject ) { ADS_ATTR_INFO AttrInfo[2]; ADSVALUE classValue; HRESULT hr = S_OK; IADsContainer * pADsContainer = NULL; IDispatch * pDispatch = NULL; BSTR bstrObjectClass = NULL, bstrCommonName = NULL; DWORD dwReturn = ERROR_SUCCESS; //
// Populate ADS_ATTR_INFO structure for new object
//
classValue.dwType = ADSTYPE_CASE_IGNORE_STRING; classValue.CaseIgnoreString = pszObjectClass;
AttrInfo[0].pszAttrName = _TEXT("objectClass"); AttrInfo[0].dwControlCode = ADS_ATTR_UPDATE; AttrInfo[0].dwADsType = ADSTYPE_CASE_IGNORE_STRING; AttrInfo[0].pADsValues = &classValue; AttrInfo[0].dwNumValues = 1;
hr = pParentContainer->CreateDSObject( pszCommonName, AttrInfo, 1, &pDispatch ); if ((FAILED(hr) && (hr == E_ADS_OBJECT_EXISTS)) || (FAILED(hr) && (hr == HRESULT_FROM_WIN32(ERROR_OBJECT_ALREADY_EXISTS)))){
hr = pParentContainer->QueryInterface( IID_IADsContainer, (void **)&pADsContainer ); BAIL_ON_FAILURE(hr);
dwReturn = AllocBSTRMem(pszObjectClass,bstrObjectClass); hr = HRESULT_FROM_WIN32(dwReturn); BAIL_ON_WIN32_ERROR(dwReturn);
dwReturn = AllocBSTRMem(pszCommonName,bstrCommonName); hr = HRESULT_FROM_WIN32(dwReturn); BAIL_ON_WIN32_ERROR(dwReturn);
hr = pADsContainer->GetObject( bstrObjectClass, bstrCommonName, &pDispatch );
SysFreeString(bstrObjectClass); SysFreeString(bstrCommonName);
BAIL_ON_FAILURE(hr); }
hr = pDispatch->QueryInterface( IID_IDirectoryObject, (void **)ppDirectoryObject );
error:
if (pADsContainer) {
pADsContainer->Release(); }
if (pDispatch) {
pDispatch->Release(); } return(hr); } ///////////////////////////////////////////////////////////////////////////
//Function: CreateChildPath()
//Date of Creation: 21st Aug 2001
//Parameters:
// IN LPWSTR pszParentPath,
// IN LPWSTR pszChildComponent,
// OUT BSTR * ppszChildPath
//Return: HRESULT
//Description:
// This function creates the required path in the AD
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////////
HRESULT CreateChildPath( IN LPWSTR pszParentPath, IN LPWSTR pszChildComponent, OUT BSTR * ppszChildPath ) { HRESULT hr = S_OK; IADsPathname *pPathname = NULL; BSTR bstrParentPath = NULL,bstrChildComponent=NULL; DWORD dwReturn = ERROR_SUCCESS;
hr = CoCreateInstance( CLSID_Pathname, NULL, CLSCTX_ALL, IID_IADsPathname, (void**)&pPathname );
if (FAILED(hr)) { BAIL_OUT; }
dwReturn = AllocBSTRMem(pszParentPath,bstrParentPath); hr = HRESULT_FROM_WIN32(dwReturn); BAIL_ON_WIN32_ERROR(dwReturn);
hr = pPathname->Set(bstrParentPath, ADS_SETTYPE_FULL); SysFreeString(bstrParentPath); BAIL_ON_FAILURE(hr);
dwReturn = AllocBSTRMem(pszChildComponent,bstrChildComponent); hr = HRESULT_FROM_WIN32(dwReturn); BAIL_ON_WIN32_ERROR(dwReturn);
hr = pPathname->AddLeafElement(bstrChildComponent); SysFreeString(bstrChildComponent); BAIL_ON_FAILURE(hr);
hr = pPathname->Retrieve(ADS_FORMAT_X500, ppszChildPath); BAIL_ON_FAILURE(hr);
error: if (pPathname) { pPathname->Release(); }
return(hr); }
///////////////////////////////////////////////////////////////////////////
//Function: ConvertADsPathToDN()
//Date of Creation: 21st Aug 2001
//Parameters:
// IN LPWSTR pszPathName,
// OUT BSTR * ppszPolicyDN
//Return: HRESULT
//Description:
// This function converts ADs path to DN path
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////////
HRESULT ConvertADsPathToDN( IN LPWSTR pszPathName, OUT BSTR * ppszPolicyDN ) { HRESULT hr = S_OK; IADsPathname *pPathname = NULL; BSTR bstrPathName =NULL; DWORD dwReturn = ERROR_SUCCESS;
hr = CoCreateInstance( CLSID_Pathname, NULL, CLSCTX_ALL, IID_IADsPathname, (void**)&pPathname );
if (FAILED(hr)) { BAIL_OUT; }
dwReturn = AllocBSTRMem(pszPathName,bstrPathName); hr = HRESULT_FROM_WIN32(dwReturn); BAIL_ON_WIN32_ERROR(dwReturn);
hr = pPathname->Set(bstrPathName, ADS_SETTYPE_FULL); SysFreeString(bstrPathName); BAIL_ON_FAILURE(hr);
hr = pPathname->Retrieve(ADS_FORMAT_X500_DN, ppszPolicyDN); BAIL_ON_FAILURE(hr);
error:
if (pPathname) { pPathname->Release(); } return(hr); } ///////////////////////////////////////////////////////////////////////////
//Function: AddPolicyInformationToGPO()
//Date of Creation: 21st Aug 2001
//Parameters:
// IN LPWSTR pszMachinePath,
// IN LPWSTR pszName,
// IN LPWSTR pszDescription,
// IN LPWSTR pszPathName
//Return: HRESULT
//Description:
// This function assigns the policy info to the specified GPO.
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////////
HRESULT AddPolicyInformationToGPO( IN LPWSTR pszMachinePath, IN LPWSTR pszName, IN LPWSTR pszDescription, IN LPWSTR pszPathName ) {
HRESULT hr = S_OK; IDirectoryObject * pMachineContainer = NULL; IDirectoryObject * pIpsecObject = NULL; IDirectoryObject * pWindowsContainer = NULL; IDirectoryObject * pMicrosoftContainer = NULL;
BSTR pszMicrosoftPath = NULL; BSTR pszIpsecPath = NULL; BSTR pszWindowsPath = NULL; BSTR pszPolicyDN = NULL;
ADS_ATTR_INFO AttrInfo[4]; ADSVALUE PolicyPathValue; ADSVALUE PolicyNameValue; ADSVALUE PolicyDescriptionValue;
memset((LPBYTE)AttrInfo, 0, sizeof(ADS_ATTR_INFO)*4); memset((LPBYTE)&PolicyPathValue, 0, sizeof(ADSVALUE)); memset((LPBYTE)&PolicyNameValue, 0, sizeof(ADSVALUE)); memset((LPBYTE)&PolicyDescriptionValue, 0, sizeof(ADSVALUE));
DWORD dwNumModified = 0;
hr = ADsGetObject( pszMachinePath, IID_IDirectoryObject, (void **)&pMachineContainer ); BAIL_ON_FAILURE(hr);
// Build the fully qualified ADsPath for my object
hr = CreateChildPath( pszMachinePath, _TEXT("cn=Microsoft"), &pszMicrosoftPath ); BAIL_ON_FAILURE(hr);
hr = CreateChildPath( pszMicrosoftPath, _TEXT("cn=Windows"), &pszWindowsPath ); BAIL_ON_FAILURE(hr);
hr = CreateChildPath( pszWindowsPath, _TEXT("cn=ipsec"), &pszIpsecPath ); BAIL_ON_FAILURE(hr);
hr = ADsGetObject( pszIpsecPath, IID_IDirectoryObject, (void **)&pIpsecObject );
if (FAILED(hr)) {
//
// Bind to the Machine Container
//
hr = CreateDirectoryAndBindToObject( pMachineContainer, _TEXT("cn=Microsoft"), _TEXT("container"), &pMicrosoftContainer ); BAIL_ON_FAILURE(hr);
hr = CreateDirectoryAndBindToObject( pMicrosoftContainer, _TEXT("cn=Windows"), _TEXT("container"), &pWindowsContainer ); BAIL_ON_FAILURE(hr);
hr = CreateDirectoryAndBindToObject( pWindowsContainer, _TEXT("cn=IPSEC"), _TEXT("ipsecPolicy"), &pIpsecObject ); BAIL_ON_FAILURE(hr); }
//
// Input pszPathName is an ADsPathName
// We need to reduce it to a DN and store it
// in the ipsecOwnersReference (a multi-valued DN attribute)
//
hr = ConvertADsPathToDN( pszPathName, &pszPolicyDN ); BAIL_ON_FAILURE(hr); //
// Populate ADS_ATTR_INFO structure for new object
//
PolicyPathValue.dwType = ADSTYPE_CASE_IGNORE_STRING; PolicyPathValue.CaseIgnoreString = pszPolicyDN;
AttrInfo[0].pszAttrName = _TEXT("ipsecOwnersReference"); AttrInfo[0].dwControlCode = ADS_ATTR_UPDATE; AttrInfo[0].dwADsType = ADSTYPE_CASE_IGNORE_STRING; AttrInfo[0].pADsValues = &PolicyPathValue; AttrInfo[0].dwNumValues = 1; //
// Populate ADS_ATTR_INFO structure for new object
//
PolicyNameValue.dwType = ADSTYPE_CASE_IGNORE_STRING; PolicyNameValue.CaseIgnoreString = pszName;
AttrInfo[1].pszAttrName = _TEXT("ipsecName"); AttrInfo[1].dwControlCode = ADS_ATTR_UPDATE; AttrInfo[1].dwADsType = ADSTYPE_CASE_IGNORE_STRING; AttrInfo[1].pADsValues = &PolicyNameValue; AttrInfo[1].dwNumValues = 1; //
// Populate ADS_ATTR_INFO structure for new object
//
PolicyDescriptionValue.dwType = ADSTYPE_CASE_IGNORE_STRING; PolicyDescriptionValue.CaseIgnoreString = pszDescription;
AttrInfo[2].pszAttrName = _TEXT("description"); AttrInfo[2].dwControlCode = ADS_ATTR_UPDATE; AttrInfo[2].dwADsType = ADSTYPE_CASE_IGNORE_STRING; AttrInfo[2].pADsValues = &PolicyDescriptionValue; AttrInfo[2].dwNumValues = 1; //
// Now populate our object with our data.
//
hr = pIpsecObject->SetObjectAttributes( AttrInfo, 3, &dwNumModified ); error:
if (pIpsecObject) { pIpsecObject->Release(); }
if (pMicrosoftContainer) { pMicrosoftContainer->Release(); }
if (pWindowsContainer) { pWindowsContainer->Release(); }
if (pMachineContainer) { pMachineContainer->Release(); }
if (pszMicrosoftPath) { SysFreeString(pszMicrosoftPath); }
if (pszPolicyDN) { SysFreeString(pszPolicyDN); }
if (pszWindowsPath) { SysFreeString(pszWindowsPath);
}
if (pszIpsecPath) { SysFreeString(pszIpsecPath); } return(hr); } ///////////////////////////////////////////////////////////////////////////
//Function: DeletePolicyInformationFromGPO()
//Date of Creation: 21st Aug 2001
//Parameters:
// IN LPWSTR pszMachinePath,
//Return: HRESULT
//Description:
// This function unassigns the policy info to the specified GPO.
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////////
HRESULT DeletePolicyInformationFromGPO( IN LPWSTR pszMachinePath ) { HRESULT hr = S_OK; IDirectoryObject * pIpsecObject = NULL; IDirectoryObject * pWindowsContainer = NULL;
BSTR pszMicrosoftPath = NULL; BSTR pszIpsecPath = NULL; BSTR pszWindowsPath = NULL;
// Build the fully qualified ADsPath for my object
hr = CreateChildPath( pszMachinePath, _TEXT("cn=Microsoft"), &pszMicrosoftPath ); BAIL_ON_FAILURE(hr);
hr = CreateChildPath( pszMicrosoftPath, _TEXT("cn=Windows"), &pszWindowsPath ); BAIL_ON_FAILURE(hr);
hr = CreateChildPath( pszWindowsPath, _TEXT("cn=ipsec"), &pszIpsecPath ); BAIL_ON_FAILURE(hr);
hr = ADsGetObject( pszIpsecPath, IID_IDirectoryObject, (void **)&pIpsecObject ); if (FAILED(hr)) {
//
// This means there is no object, need to
// test that it is because the object does
// not exist.
//
hr = S_OK; goto error; }
if (SUCCEEDED(hr)) {
pIpsecObject->Release(); pIpsecObject = NULL;
hr = ADsGetObject( pszWindowsPath, IID_IDirectoryObject, (void **)&pWindowsContainer ); BAIL_ON_FAILURE(hr);
hr = pWindowsContainer->DeleteDSObject( _TEXT("cn=ipsec") );
} error:
if (pIpsecObject) { pIpsecObject->Release(); }
if (pWindowsContainer) { pWindowsContainer->Release(); }
if (pszMicrosoftPath) { SysFreeString(pszMicrosoftPath); }
if (pszWindowsPath) { SysFreeString(pszWindowsPath); }
if (pszIpsecPath) { SysFreeString(pszIpsecPath); } return(hr); }
///////////////////////////////////////////////////////////////////////////
//Function: IsADsPath()
//Date of Creation: 21st Aug 2001
//Parameters:
// IN LPTSTR szPath
//Return: BOOL
//Description:
// This function checks whether the specified string is valid ADs path
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////////
BOOL IsADsPath( IN LPTSTR szPath ) { return !_tcsncmp(szPath, _TEXT("LDAP://"), 7); }
///////////////////////////////////////////////////////////////////////
//Function: StripGUIDBraces()
//Date of Creation: 21st Aug 2001
//Parameters:
// IN OUT LPTSTR & pszStr
//Return: VOID
//Description:
// This function strips the end braces from the GUID string
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID StripGUIDBraces( IN OUT LPTSTR & pszGUIDStr ) { LPTSTR pszLocalStr=NULL; if(!pszGUIDStr) { BAIL_OUT; } pszLocalStr = _tcschr(pszGUIDStr,CLOSE_GUID_BRACE); if(pszLocalStr) *pszLocalStr = _T('\0');
pszLocalStr = _tcschr(pszGUIDStr,OPEN_GUID_BRACE); if(pszLocalStr) { pszLocalStr++; memmove(pszGUIDStr,(const void *)pszLocalStr,sizeof(TCHAR)*(_tcslen(pszLocalStr)+1)); } error: return; }
///////////////////////////////////////////////////////////////////////
//Function: AllocBSTRMem()
//Date of Creation: 21st Aug 2001
//Parameters:
// IN LPTSTR pszStr,
// IN OUT BSTR & pbsStr
//Return: DWORD
//Description:
// This function strips the end braces from the GUID string
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
DWORD AllocBSTRMem( IN LPTSTR pszStr, IN OUT BSTR & pbsStr ) { DWORD dwReturnCode=ERROR_SUCCESS;
if(!pszStr) { dwReturnCode=ERROR_INVALID_DATA; BAIL_OUT; } pbsStr = SysAllocString(pszStr);
if(!pbsStr) { if (*pszStr) { dwReturnCode=ERROR_OUTOFMEMORY; } else { dwReturnCode=ERROR_INVALID_DATA; } } error: return dwReturnCode; }
///////////////////////////////////////////////////////////////////////
//Function: CleanUpAuthInfo()
//Date of Creation: 21st Aug 2001
//Parameters:
// PIPSEC_NFA_DATA &pRule
//Return: VOID
//Description:
// This function cleans up the auth info memory of rule
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID CleanUpAuthInfo( PIPSEC_NFA_DATA &pRule ) { DWORD i=0;
if(pRule->ppAuthMethods) { for (i = 0; i < pRule->dwAuthMethodCount; i++) { if(pRule->ppAuthMethods[i]) { if(pRule->ppAuthMethods[i]->pAltAuthMethod!=NULL) { IPSecFreePolMem(pRule->ppAuthMethods[i]->pAltAuthMethod); } IPSecFreePolMem(pRule->ppAuthMethods[i]); } } IPSecFreePolMem(pRule->ppAuthMethods); } }
///////////////////////////////////////////////////////////////////////
//Function: CleanUpPolicy()
//Date of Creation: 21st Aug 2001
//Parameters:
// PIPSEC_POLICY_DATA &pPolicy
//Return: VOID
//Description:
// This function cleans up the policy info
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID CleanUpPolicy( PIPSEC_POLICY_DATA &pPolicy ) { if(pPolicy) { if(pPolicy->pIpsecISAKMPData) { if(pPolicy->pIpsecISAKMPData->pSecurityMethods) { IPSecFreePolMem(pPolicy->pIpsecISAKMPData->pSecurityMethods); } IPSecFreePolMem(pPolicy->pIpsecISAKMPData); } IPSecFreePolMem(pPolicy); pPolicy=NULL; } }
///////////////////////////////////////////////////////////////////////
//Function: CleanUpLocalRuleDataStructure()
//Date of Creation: 21st Aug 2001
//Parameters:
// PRULEDATA &pRuleData
//Return: VOID
//Description:
// This function cleans up the local Rule Structure
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID CleanUpLocalRuleDataStructure( PRULEDATA &pRuleData ) { DWORD j=0;
if (pRuleData) { if (pRuleData->pszRuleName) { delete [] pRuleData->pszRuleName; } if (pRuleData->pszNewRuleName) { delete [] pRuleData->pszNewRuleName; } if (pRuleData->pszRuleDescription) { delete [] pRuleData->pszRuleDescription; } if (pRuleData->pszPolicyName) { delete [] pRuleData->pszPolicyName; } if (pRuleData->pszFLName) { delete [] pRuleData->pszFLName; } if (pRuleData->pszFAName) { delete [] pRuleData->pszFAName; }
for (j=0;j<pRuleData->AuthInfos.dwNumAuthInfos;j++) { if (pRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo) { if (pRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo->AuthMethod == IKE_RSA_SIGNATURE && pRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo->pAuthInfo ) { delete [] pRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo->pAuthInfo; } delete pRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo; } }
if (pRuleData->AuthInfos.pAuthMethodInfo) { delete [] pRuleData->AuthInfos.pAuthMethodInfo; } delete pRuleData; pRuleData = NULL; } }
///////////////////////////////////////////////////////////////////////
//Function: CleanUpLocalPolicyDataStructure()
//Date of Creation: 21st Aug 2001
//Parameters:
// PPOLICYDATA &pPolicyData
//Return: VOID
//Description:
// This function cleans up the local policy Structure
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID CleanUpLocalPolicyDataStructure( PPOLICYDATA &pPolicyData ) { if(pPolicyData) { if (pPolicyData->pszPolicyName) { delete [] pPolicyData->pszPolicyName; } if (pPolicyData->pszNewPolicyName) { delete [] pPolicyData->pszNewPolicyName; } if (pPolicyData->pszDescription) { delete [] pPolicyData->pszDescription; } if (pPolicyData->pszGPOName) { delete [] pPolicyData->pszGPOName; } if (pPolicyData->pIpSecMMOffer) { delete [] pPolicyData->pIpSecMMOffer; } delete pPolicyData; pPolicyData = NULL; } }
///////////////////////////////////////////////////////////////////////
//Function: CleanUpLocalFilterActionDataStructure()
//Date of Creation: 21st Aug 2001
//Parameters:
// PFILTERACTION &pFilterAction
//Return: VOID
//Description:
// This function cleans up the local filteraction Structure
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID CleanUpLocalFilterActionDataStructure( PFILTERACTION &pFilterAction ) { if(pFilterAction) { if(pFilterAction->pszFAName) { delete [] pFilterAction->pszFAName; } if(pFilterAction->pszNewFAName) { delete [] pFilterAction->pszNewFAName; } if(pFilterAction->pszFADescription) { delete [] pFilterAction->pszFADescription; } if(pFilterAction->pszGUIDStr) { delete [] pFilterAction->pszGUIDStr; } if(pFilterAction->pIpsecSecMethods) { delete [] pFilterAction->pIpsecSecMethods; } delete pFilterAction; pFilterAction=NULL;
} }
///////////////////////////////////////////////////////////////////////
//Function: CleanUpLocalFilterDataStructure()
//Date of Creation: 21st Aug 2001
//Parameters:
// PFILTERDATA &pFilter
//Return: VOID
//Description:
// This function cleans up the local filter Structure
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID CleanUpLocalFilterDataStructure( PFILTERDATA &pFilter ) { if(pFilter) { if(pFilter->pszFLName) { delete [] pFilter->pszFLName; } if(pFilter->pszDescription) { delete [] pFilter->pszDescription; } if(pFilter->SourceAddr.pszDomainName) { delete [] pFilter->SourceAddr.pszDomainName; } if(pFilter->DestnAddr.pszDomainName) { delete [] pFilter->DestnAddr.pszDomainName; } if(pFilter->SourceAddr.puIpAddr) { delete [] pFilter->SourceAddr.puIpAddr; } if(pFilter->DestnAddr.puIpAddr) { delete [] pFilter->DestnAddr.puIpAddr; } delete pFilter; pFilter = NULL; } }
///////////////////////////////////////////////////////////////////////
//Function: CleanUpLocalDelFilterDataStructure()
//Date of Creation: 21st Aug 2001
//Parameters:
// PFILTERDATA &pFilter
//Return: VOID
//Description:
// This function cleans up the local filter Structure
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID CleanUpLocalDelFilterDataStructure( PDELFILTERDATA &pFilter ) { if(pFilter) { if(pFilter->pszFLName) { delete [] pFilter->pszFLName; } if(pFilter->SourceAddr.pszDomainName) { delete [] pFilter->SourceAddr.pszDomainName; } if(pFilter->DestnAddr.pszDomainName) { delete [] pFilter->DestnAddr.pszDomainName; } if(pFilter->SourceAddr.puIpAddr) { delete [] pFilter->SourceAddr.puIpAddr; } if(pFilter->DestnAddr.puIpAddr) { delete [] pFilter->DestnAddr.puIpAddr; } delete pFilter; pFilter = NULL; } }
///////////////////////////////////////////////////////////////////////
//Function: CleanUpLocalDefRuleDataStructure()
//Date of Creation: 21st Aug 2001
//Parameters:
// PDEFAULTRULE &pRuleData
//Return: VOID
//Description:
// This function cleans up the local default rule Structure
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID CleanUpLocalDefRuleDataStructure( PDEFAULTRULE &pDefRuleData ) {
if(pDefRuleData) { if(pDefRuleData->pszPolicyName) delete [] pDefRuleData->pszPolicyName;
for(DWORD j=0;j<pDefRuleData->AuthInfos.dwNumAuthInfos;j++) { if(&(pDefRuleData->AuthInfos.pAuthMethodInfo[j]) && pDefRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo) { if(pDefRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo->pAuthInfo) { delete pDefRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo->pAuthInfo; pDefRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo->pAuthInfo = NULL; } delete pDefRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo; pDefRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo = NULL; } }
if(pDefRuleData->AuthInfos.pAuthMethodInfo) { delete [] pDefRuleData->AuthInfos.pAuthMethodInfo; } if(pDefRuleData->pIpsecSecMethods) { delete [] pDefRuleData->pIpsecSecMethods; } delete pDefRuleData; pDefRuleData = NULL; } }
|