|
|
#include "precomp.h"
LPWSTR gpszRegLocalContainer = L"SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local"; LPWSTR gpszRegPersistentContainer = L"SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Persistent"; LPWSTR gpszIpsecFileRootContainer = L"SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Save"; LPWSTR gpszIPsecDirContainer = L"SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\GPTIPSECPolicy"; LPWSTR gpActivePolicyKey = L"ActivePolicy"; LPWSTR gpDirectoryPolicyPointerKey = L"DSIPSECPolicyPath";
DWORD IPSecEnumPolicyData( HANDLE hPolicyStore, PIPSEC_POLICY_DATA ** pppIpsecPolicyData, PDWORD pdwNumPolicyObjects ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL; IWbemServices *pWbemServices = NULL;
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) {
case IPSEC_REGISTRY_PROVIDER: dwError = RegEnumPolicyData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, pppIpsecPolicyData, pdwNumPolicyObjects ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirEnumPolicyData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, pppIpsecPolicyData, pdwNumPolicyObjects ); break;
case IPSEC_WMI_PROVIDER: dwError = CreateIWbemServices( pPolicyStore->pszLocationName, &pWbemServices ); if(dwError == ERROR_SUCCESS) { dwError = WMIEnumPolicyDataEx( pWbemServices, pppIpsecPolicyData, pdwNumPolicyObjects ); IWbemServices_Release(pWbemServices); } break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
return(dwError); }
DWORD IPSecSetPolicyData( HANDLE hPolicyStore, PIPSEC_POLICY_DATA pIpsecPolicyData ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
dwError = ValidatePolicyData( hPolicyStore, pIpsecPolicyData ); BAIL_ON_WIN32_ERROR(dwError);
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegSetPolicyData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, pPolicyStore->pszLocationName, pIpsecPolicyData ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirSetPolicyData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, pIpsecPolicyData ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
error:
return(dwError); }
DWORD IPSecCreatePolicyData( HANDLE hPolicyStore, PIPSEC_POLICY_DATA pIpsecPolicyData ) {
DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
dwError = ValidatePolicyData( hPolicyStore, pIpsecPolicyData ); BAIL_ON_WIN32_ERROR(dwError);
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegCreatePolicyData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, pIpsecPolicyData ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirCreatePolicyData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, pIpsecPolicyData ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
error:
return(dwError); }
DWORD IPSecDeletePolicyData( HANDLE hPolicyStore, PIPSEC_POLICY_DATA pIpsecPolicyData ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
dwError = ValidatePolicyDataDeletion( hPolicyStore, pIpsecPolicyData ); BAIL_ON_WIN32_ERROR(dwError);
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegDeletePolicyData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, pIpsecPolicyData ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirDeletePolicyData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, pIpsecPolicyData ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
error:
return(dwError); }
DWORD IPSecEnumFilterData( HANDLE hPolicyStore, PIPSEC_FILTER_DATA ** pppIpsecFilterData, PDWORD pdwNumFilterObjects ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL; IWbemServices *pWbemServices = NULL;
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegEnumFilterData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, pppIpsecFilterData, pdwNumFilterObjects ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirEnumFilterData( (pPolicyStore->hLdapBindHandle), (pPolicyStore->pszIpsecRootContainer), pppIpsecFilterData, pdwNumFilterObjects ); break;
case IPSEC_WMI_PROVIDER: dwError = CreateIWbemServices( pPolicyStore->pszLocationName, &pWbemServices ); if(dwError == ERROR_SUCCESS) { dwError = WMIEnumFilterDataEx( pWbemServices, pppIpsecFilterData, pdwNumFilterObjects ); IWbemServices_Release(pWbemServices); } break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
return(dwError); }
DWORD IPSecSetFilterData( HANDLE hPolicyStore, PIPSEC_FILTER_DATA pIpsecFilterData ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegSetFilterData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, pPolicyStore->pszLocationName, pIpsecFilterData ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirSetFilterData( (pPolicyStore->hLdapBindHandle), (pPolicyStore->pszIpsecRootContainer), pIpsecFilterData ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
return(dwError); }
DWORD IPSecCreateFilterData( HANDLE hPolicyStore, PIPSEC_FILTER_DATA pIpsecFilterData ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegCreateFilterData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, pIpsecFilterData ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirCreateFilterData( (pPolicyStore->hLdapBindHandle), (pPolicyStore->pszIpsecRootContainer), pIpsecFilterData ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break; }
return(dwError); }
DWORD IPSecDeleteFilterData( HANDLE hPolicyStore, GUID FilterIdentifier ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
dwError = ValidateFilterDataDeletion( hPolicyStore, FilterIdentifier ); BAIL_ON_WIN32_ERROR(dwError);
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegDeleteFilterData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, FilterIdentifier ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirDeleteFilterData( (pPolicyStore->hLdapBindHandle), (pPolicyStore->pszIpsecRootContainer), FilterIdentifier ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
error:
return(dwError); }
DWORD IPSecEnumNegPolData( HANDLE hPolicyStore, PIPSEC_NEGPOL_DATA ** pppIpsecNegPolData, PDWORD pdwNumNegPolObjects ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL; IWbemServices *pWbemServices = NULL;
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegEnumNegPolData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, pppIpsecNegPolData, pdwNumNegPolObjects ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirEnumNegPolData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, pppIpsecNegPolData, pdwNumNegPolObjects ); break;
case IPSEC_WMI_PROVIDER: dwError = CreateIWbemServices( pPolicyStore->pszLocationName, &pWbemServices );
if(dwError == ERROR_SUCCESS) { dwError = WMIEnumNegPolDataEx( pWbemServices, pppIpsecNegPolData, pdwNumNegPolObjects ); IWbemServices_Release(pWbemServices); } break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
return(dwError); }
DWORD IPSecSetNegPolData( HANDLE hPolicyStore, PIPSEC_NEGPOL_DATA pIpsecNegPolData ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
dwError = ValidateNegPolData( pIpsecNegPolData ); BAIL_ON_WIN32_ERROR(dwError);
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegSetNegPolData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, pPolicyStore->pszLocationName, pIpsecNegPolData ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirSetNegPolData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, pIpsecNegPolData ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
error:
return(dwError); }
DWORD IPSecCreateNegPolData( HANDLE hPolicyStore, PIPSEC_NEGPOL_DATA pIpsecNegPolData ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
dwError = ValidateNegPolData( pIpsecNegPolData ); BAIL_ON_WIN32_ERROR(dwError);
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegCreateNegPolData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, pIpsecNegPolData ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirCreateNegPolData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, pIpsecNegPolData ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
error:
return(dwError); }
DWORD IPSecDeleteNegPolData( HANDLE hPolicyStore, GUID NegPolIdentifier ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
dwError = ValidateNegPolDataDeletion( hPolicyStore, NegPolIdentifier ); BAIL_ON_WIN32_ERROR(dwError);
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegDeleteNegPolData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, NegPolIdentifier ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirDeleteNegPolData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, NegPolIdentifier ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
error:
return(dwError); }
DWORD IPSecCreateNFAData( HANDLE hPolicyStore, GUID PolicyIdentifier, PIPSEC_NFA_DATA pIpsecNFAData ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
dwError = ValidateNFAData( hPolicyStore, PolicyIdentifier, pIpsecNFAData ); BAIL_ON_WIN32_ERROR(dwError);
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch(pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegCreateNFAData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, PolicyIdentifier, pPolicyStore->pszLocationName, pIpsecNFAData ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirCreateNFAData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, PolicyIdentifier, pIpsecNFAData ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
error:
return(dwError); }
DWORD IPSecSetNFAData( HANDLE hPolicyStore, GUID PolicyIdentifier, PIPSEC_NFA_DATA pIpsecNFAData ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
dwError = ValidateNFAData( hPolicyStore, PolicyIdentifier, pIpsecNFAData ); BAIL_ON_WIN32_ERROR(dwError);
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegSetNFAData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, PolicyIdentifier, pPolicyStore->pszLocationName, pIpsecNFAData ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirSetNFAData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, PolicyIdentifier, pIpsecNFAData ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
error:
return(dwError); }
DWORD IPSecDeleteNFAData( HANDLE hPolicyStore, GUID PolicyIdentifier, PIPSEC_NFA_DATA pIpsecNFAData ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegDeleteNFAData( (pPolicyStore->hRegistryKey), (pPolicyStore->pszIpsecRootContainer), PolicyIdentifier, pPolicyStore->pszLocationName, pIpsecNFAData ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirDeleteNFAData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, PolicyIdentifier, pIpsecNFAData ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
return(dwError); }
DWORD IPSecEnumNFAData( HANDLE hPolicyStore, GUID PolicyIdentifier, PIPSEC_NFA_DATA ** pppIpsecNFAData, PDWORD pdwNumNFAObjects ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL; IWbemServices *pWbemServices = NULL;
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegEnumNFAData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, PolicyIdentifier, pppIpsecNFAData, pdwNumNFAObjects ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirEnumNFAData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, PolicyIdentifier, pppIpsecNFAData, pdwNumNFAObjects ); break;
case IPSEC_WMI_PROVIDER: dwError = CreateIWbemServices( pPolicyStore->pszLocationName, &pWbemServices ); if(dwError == ERROR_SUCCESS) { dwError = WMIEnumNFADataEx( pWbemServices, PolicyIdentifier, pppIpsecNFAData, pdwNumNFAObjects ); IWbemServices_Release(pWbemServices); } break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
return(dwError); }
DWORD IPSecGetFilterData( HANDLE hPolicyStore, GUID FilterGUID, PIPSEC_FILTER_DATA * ppIpsecFilterData ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL; IWbemServices *pWbemServices = NULL;
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegGetFilterData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, FilterGUID, ppIpsecFilterData ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirGetFilterData( (pPolicyStore->hLdapBindHandle), (pPolicyStore->pszIpsecRootContainer), FilterGUID, ppIpsecFilterData ); break;
case IPSEC_WMI_PROVIDER: dwError = CreateIWbemServices( pPolicyStore->pszLocationName, &pWbemServices );
if(dwError == ERROR_SUCCESS) { dwError = WMIGetFilterDataEx( pWbemServices, FilterGUID, ppIpsecFilterData ); IWbemServices_Release(pWbemServices); } break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
return(dwError); }
DWORD IPSecGetNegPolData( HANDLE hPolicyStore, GUID NegPolGUID, PIPSEC_NEGPOL_DATA * ppIpsecNegPolData ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL; IWbemServices *pWbemServices = NULL;
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegGetNegPolData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, NegPolGUID, ppIpsecNegPolData ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirGetNegPolData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, NegPolGUID, ppIpsecNegPolData ); break;
case IPSEC_WMI_PROVIDER: dwError = CreateIWbemServices( pPolicyStore->pszLocationName, &pWbemServices );
if(dwError == ERROR_SUCCESS) { dwError = WMIGetNegPolDataEx( pWbemServices, NegPolGUID, ppIpsecNegPolData ); IWbemServices_Release(pWbemServices); } break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
return(dwError); }
DWORD IPSecEnumISAKMPData( HANDLE hPolicyStore, PIPSEC_ISAKMP_DATA ** pppIpsecISAKMPData, PDWORD pdwNumISAKMPObjects ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL; IWbemServices *pWbemServices = NULL;
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegEnumISAKMPData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, pppIpsecISAKMPData, pdwNumISAKMPObjects ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirEnumISAKMPData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, pppIpsecISAKMPData, pdwNumISAKMPObjects ); break;
case IPSEC_WMI_PROVIDER: dwError = CreateIWbemServices( pPolicyStore->pszLocationName, &pWbemServices ); if(dwError == ERROR_SUCCESS) { dwError = WMIEnumISAKMPDataEx( pWbemServices, pppIpsecISAKMPData, pdwNumISAKMPObjects ); IWbemServices_Release(pWbemServices); } break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
return(dwError); }
DWORD IPSecSetISAKMPData( HANDLE hPolicyStore, PIPSEC_ISAKMP_DATA pIpsecISAKMPData ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
dwError = ValidateISAKMPData( pIpsecISAKMPData ); BAIL_ON_WIN32_ERROR(dwError);
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegSetISAKMPData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, pPolicyStore->pszLocationName, pIpsecISAKMPData ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirSetISAKMPData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, pIpsecISAKMPData ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
error:
return(dwError); }
DWORD IPSecCreateISAKMPData( HANDLE hPolicyStore, PIPSEC_ISAKMP_DATA pIpsecISAKMPData ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
dwError = ValidateISAKMPData( pIpsecISAKMPData ); BAIL_ON_WIN32_ERROR(dwError);
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegCreateISAKMPData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, pIpsecISAKMPData ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirCreateISAKMPData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, pIpsecISAKMPData ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
error:
return(dwError); }
DWORD IPSecDeleteISAKMPData( HANDLE hPolicyStore, GUID ISAKMPIdentifier ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
dwError = ValidateISAKMPDataDeletion( hPolicyStore, ISAKMPIdentifier ); BAIL_ON_WIN32_ERROR(dwError);
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegDeleteISAKMPData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, ISAKMPIdentifier ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirDeleteISAKMPData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, ISAKMPIdentifier ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
error:
return(dwError); }
DWORD IPSecGetISAKMPData( HANDLE hPolicyStore, GUID ISAKMPGUID, PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL; IWbemServices *pWbemServices = NULL;
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: dwError = RegGetISAKMPData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, ISAKMPGUID, ppIpsecISAKMPData ); break;
case IPSEC_DIRECTORY_PROVIDER: dwError = DirGetISAKMPData( (pPolicyStore->hLdapBindHandle), pPolicyStore->pszIpsecRootContainer, ISAKMPGUID, ppIpsecISAKMPData ); break;
case IPSEC_WMI_PROVIDER: dwError = CreateIWbemServices( pPolicyStore->pszLocationName, &pWbemServices );
if(dwError == ERROR_SUCCESS) { dwError = WMIGetISAKMPDataEx( pWbemServices, ISAKMPGUID, ppIpsecISAKMPData ); IWbemServices_Release(pWbemServices); } break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
return(dwError); }
DWORD IPSecOpenPolicyStore( LPWSTR pszMachineName, DWORD dwTypeOfStore, LPWSTR pszFileName, HANDLE * phPolicyStore ) { DWORD dwError = 0;
switch (dwTypeOfStore) {
case IPSEC_REGISTRY_PROVIDER:
dwError = RegOpenPolicyStore( pszMachineName, IPSEC_STORE_LOCAL, phPolicyStore ); break;
case IPSEC_DIRECTORY_PROVIDER:
dwError = DirOpenPolicyStore( pszMachineName, phPolicyStore ); break;
case IPSEC_FILE_PROVIDER:
dwError = FileOpenPolicyStore( pszMachineName, pszFileName, phPolicyStore ); break;
case IPSEC_WMI_PROVIDER:
dwError = WMIOpenPolicyStore( pszMachineName, phPolicyStore ); break;
case IPSEC_PERSISTENT_PROVIDER:
dwError = RegOpenPolicyStore( pszMachineName, IPSEC_STORE_PERSISTENT, phPolicyStore ); break;
default:
dwError = ERROR_INVALID_PARAMETER; break;
}
return (dwError); }
DWORD RegOpenPolicyStore( LPWSTR pszMachineName, IN DWORD dwStore, HANDLE * phPolicyStore ) { PIPSEC_POLICY_STORE pPolicyStore = NULL; DWORD dwError = 0; HKEY hParentRegistryKey = NULL; HKEY hRegistryKey = NULL; WCHAR szName[MAX_PATH]; LPWSTR pszLocationName = NULL; LPWSTR pszIpsecRootContainer = NULL;
switch (dwStore) { case IPSEC_STORE_LOCAL: pszIpsecRootContainer = AllocPolStr(gpszRegLocalContainer); break;
case IPSEC_STORE_PERSISTENT: pszIpsecRootContainer = AllocPolStr(gpszRegPersistentContainer); break; default: dwError = ERROR_INVALID_PARAMETER; break; }
BAIL_ON_WIN32_ERROR(dwError); if (!pszIpsecRootContainer) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
szName[0] = L'\0';
if (!pszMachineName || !*pszMachineName) { dwError = RegOpenKeyExW( HKEY_LOCAL_MACHINE, (LPCWSTR) pszIpsecRootContainer, 0, KEY_ALL_ACCESS, &hRegistryKey ); BAIL_ON_WIN32_ERROR(dwError);
pszLocationName = NULL; } else {
wcscpy(szName, L"\\\\"); wcscat(szName, pszMachineName);
dwError = RegConnectRegistryW( szName, HKEY_LOCAL_MACHINE, &hParentRegistryKey ); BAIL_ON_WIN32_ERROR(dwError);
dwError = RegOpenKeyExW( hParentRegistryKey, (LPCWSTR) pszIpsecRootContainer, 0, KEY_ALL_ACCESS, &hRegistryKey ); BAIL_ON_WIN32_ERROR(dwError);
pszLocationName = AllocPolStr(szName); if (!pszLocationName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
}
pPolicyStore = (PIPSEC_POLICY_STORE)AllocPolMem( sizeof(IPSEC_POLICY_STORE) ); if (!pPolicyStore) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
pPolicyStore->dwProvider = IPSEC_REGISTRY_PROVIDER; pPolicyStore->hParentRegistryKey = hParentRegistryKey; pPolicyStore->hRegistryKey = hRegistryKey; pPolicyStore->pszLocationName = pszLocationName; pPolicyStore->hLdapBindHandle = NULL; pPolicyStore->pszIpsecRootContainer = pszIpsecRootContainer; pPolicyStore->pszFileName = NULL;
*phPolicyStore = pPolicyStore;
return(dwError);
error:
if (pszIpsecRootContainer) { FreePolStr(pszIpsecRootContainer); }
if (hRegistryKey) { RegCloseKey(hRegistryKey); }
if (hParentRegistryKey) { RegCloseKey(hParentRegistryKey); }
if (pszLocationName) { FreePolStr(pszLocationName); }
if (pPolicyStore) { FreePolMem(pPolicyStore); }
*phPolicyStore = NULL;
return(dwError); }
DWORD WMIOpenPolicyStore( LPWSTR pszMachineName, HANDLE * phPolicyStore ) { PIPSEC_POLICY_STORE pPolicyStore = NULL; DWORD dwError = 0; LPWSTR pszLocationName = NULL; pPolicyStore = (PIPSEC_POLICY_STORE)AllocPolMem( sizeof(IPSEC_POLICY_STORE) ); if (!pPolicyStore) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
pszLocationName = AllocPolStr(pszMachineName); if (!pszLocationName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } pPolicyStore->dwProvider = IPSEC_WMI_PROVIDER; pPolicyStore->hParentRegistryKey = NULL; pPolicyStore->hRegistryKey = NULL; pPolicyStore->pszLocationName = pszLocationName; pPolicyStore->hLdapBindHandle = NULL; pPolicyStore->pszIpsecRootContainer = NULL; pPolicyStore->pszFileName = NULL; *phPolicyStore = pPolicyStore;
cleanup: return(dwError); error: if (pPolicyStore) { FreePolMem(pPolicyStore); } *phPolicyStore = NULL; goto cleanup; }
DWORD DirOpenPolicyStore( LPWSTR pszDomain, HANDLE * phPolicyStore ) { PIPSEC_POLICY_STORE pPolicyStore = NULL; DWORD dwError = 0; LPWSTR pszIpsecRootContainer = NULL; HLDAP hLdapBindHandle = NULL; LPWSTR pszDefaultDirectory = NULL; LPWSTR pszCrackedDirectory = NULL; BOOL bCracked = FALSE;
if (!pszDomain || !*pszDomain) {
dwError = ComputeDefaultDirectory( &pszDefaultDirectory ); BAIL_ON_WIN32_ERROR(dwError);
dwError = OpenDirectoryServerHandle( pszDefaultDirectory, 389, &hLdapBindHandle ); BAIL_ON_WIN32_ERROR(dwError);
dwError = ComputeDirLocationName( pszDefaultDirectory, &pszIpsecRootContainer ); BAIL_ON_WIN32_ERROR(dwError);
} else {
// Discover the domain name in the form ldap expects.
//
// If cracking the name fails, then try to connect using the caller
// supplied domain name anyway before failing altogether.
//
dwError = CrackDomainName(pszDomain, &bCracked, &pszCrackedDirectory); if (dwError == ERROR_SUCCESS) { if (bCracked) { pszDomain = pszCrackedDirectory; } } dwError = ERROR_SUCCESS;
dwError = OpenDirectoryServerHandle( pszDomain, 389, &hLdapBindHandle ); BAIL_ON_WIN32_ERROR(dwError);
dwError = ComputeDirLocationName( pszDomain, &pszIpsecRootContainer ); BAIL_ON_WIN32_ERROR(dwError);
}
pPolicyStore = (PIPSEC_POLICY_STORE)AllocPolMem( sizeof(IPSEC_POLICY_STORE) ); if (!pPolicyStore) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
pPolicyStore->dwProvider = IPSEC_DIRECTORY_PROVIDER; pPolicyStore->hParentRegistryKey = NULL; pPolicyStore->hRegistryKey = NULL; pPolicyStore->pszLocationName = NULL; pPolicyStore->hLdapBindHandle = hLdapBindHandle; pPolicyStore->pszIpsecRootContainer = pszIpsecRootContainer; pPolicyStore->pszFileName = NULL;
*phPolicyStore = pPolicyStore;
cleanup:
if (pszDefaultDirectory) { FreePolStr(pszDefaultDirectory); } if (pszCrackedDirectory) { NsuFree(&pszCrackedDirectory); }
return(dwError);
error:
if (hLdapBindHandle) { CloseDirectoryServerHandle(hLdapBindHandle); }
if (pszIpsecRootContainer) { FreePolStr(pszIpsecRootContainer); }
if (pPolicyStore) { FreePolMem(pPolicyStore); }
*phPolicyStore = NULL;
goto cleanup; }
DWORD FileOpenPolicyStore( LPWSTR pszMachineName, LPWSTR pszFileName, HANDLE * phPolicyStore ) { DWORD dwError = 0; LPWSTR pszIpsecRootContainer = NULL; HKEY hRegistryKey = NULL; LPWSTR pszTempFileName = NULL; PIPSEC_POLICY_STORE pPolicyStore = NULL; DWORD dwDisposition = 0;
pszIpsecRootContainer = AllocPolStr(gpszIpsecFileRootContainer);
if (!pszIpsecRootContainer) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
if (!pszMachineName || !*pszMachineName) { dwError = RegCreateKeyExW( HKEY_LOCAL_MACHINE, (LPCWSTR) gpszIpsecFileRootContainer, 0, NULL, 0, KEY_ALL_ACCESS, NULL, &hRegistryKey, &dwDisposition ); BAIL_ON_WIN32_ERROR(dwError); } else { dwError = ERROR_INVALID_DATA; BAIL_ON_WIN32_ERROR(dwError); }
if (!pszFileName || !*pszFileName) { dwError = ERROR_INVALID_DATA; BAIL_ON_WIN32_ERROR(dwError); }
pszTempFileName = AllocPolStr(pszFileName); if (!pszTempFileName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } pPolicyStore = (PIPSEC_POLICY_STORE)AllocPolMem( sizeof(IPSEC_POLICY_STORE) ); if (!pPolicyStore) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
pPolicyStore->dwProvider = IPSEC_FILE_PROVIDER; pPolicyStore->hParentRegistryKey = NULL; pPolicyStore->hRegistryKey = hRegistryKey; pPolicyStore->pszLocationName = NULL; pPolicyStore->hLdapBindHandle = NULL; pPolicyStore->pszIpsecRootContainer = pszIpsecRootContainer; pPolicyStore->pszFileName = pszTempFileName;
*phPolicyStore = pPolicyStore;
return(dwError);
error:
if (pszIpsecRootContainer) { FreePolStr(pszIpsecRootContainer); }
if (hRegistryKey) { RegCloseKey(hRegistryKey); }
if (pszTempFileName) { FreePolStr(pszTempFileName); }
*phPolicyStore = NULL;
return(dwError); }
DWORD IPSecClosePolicyStore( HANDLE hPolicyStore ) { DWORD dwError = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) {
case IPSEC_REGISTRY_PROVIDER:
if (pPolicyStore->hRegistryKey) { dwError = RegCloseKey( pPolicyStore->hRegistryKey ); BAIL_ON_WIN32_ERROR(dwError); }
if (pPolicyStore->hParentRegistryKey) { dwError = RegCloseKey( pPolicyStore->hParentRegistryKey ); BAIL_ON_WIN32_ERROR(dwError); } if (pPolicyStore->pszLocationName) { FreePolStr(pPolicyStore->pszLocationName); }
if (pPolicyStore->pszIpsecRootContainer) { FreePolStr(pPolicyStore->pszIpsecRootContainer); }
break;
case IPSEC_DIRECTORY_PROVIDER:
if (pPolicyStore->hLdapBindHandle) { CloseDirectoryServerHandle( pPolicyStore->hLdapBindHandle ); }
if (pPolicyStore->pszIpsecRootContainer) { FreePolStr(pPolicyStore->pszIpsecRootContainer); }
break;
case IPSEC_FILE_PROVIDER:
if (pPolicyStore->hRegistryKey) { dwError = RegCloseKey( pPolicyStore->hRegistryKey ); BAIL_ON_WIN32_ERROR(dwError); }
if (pPolicyStore->pszIpsecRootContainer) { FreePolStr(pPolicyStore->pszIpsecRootContainer); }
if (pPolicyStore->pszFileName) { FreePolStr(pPolicyStore->pszFileName); }
break;
case IPSEC_WMI_PROVIDER:
if(pPolicyStore->pszLocationName) { FreePolStr(pPolicyStore->pszLocationName); }
break;
default:
dwError = ERROR_INVALID_PARAMETER; BAIL_ON_WIN32_ERROR(dwError); break;
}
if (pPolicyStore) { FreePolMem(pPolicyStore); }
error:
return(dwError); }
DWORD IPSecAssignPolicy( HANDLE hPolicyStore, GUID PolicyGUID ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL; HKEY hHKLMKey = 0;
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: if (pPolicyStore->hParentRegistryKey) { hHKLMKey = pPolicyStore->hParentRegistryKey; } else { hHKLMKey = HKEY_LOCAL_MACHINE; } dwError = RegAssignPolicy( hHKLMKey, (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, PolicyGUID, pPolicyStore->pszLocationName ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
return(dwError); }
DWORD IPSecUnassignPolicy( HANDLE hPolicyStore, GUID PolicyGUID ) { DWORD dwError = 0; DWORD dwProvider = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL; HKEY hHKLMKey = 0;
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) { case IPSEC_REGISTRY_PROVIDER: if (pPolicyStore->hParentRegistryKey) { hHKLMKey = pPolicyStore->hParentRegistryKey; } else { hHKLMKey = HKEY_LOCAL_MACHINE; } dwError = RegUnassignPolicy( hHKLMKey, (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, PolicyGUID, pPolicyStore->pszLocationName ); break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
return(dwError); }
DWORD ComputeDirLocationName( LPWSTR pszDirDomainName, LPWSTR * ppszDirFQPathName ) { DWORD dwError = 0; WCHAR szName[MAX_PATH]; LPWSTR pszDotBegin = NULL; LPWSTR pszDotEnd = NULL; LPWSTR pszDirFQPathName = NULL; LPWSTR pszDirName = NULL;
szName[0] = L'\0'; wcscpy(szName, L"CN=IP Security,CN=System");
pszDirName = AllocPolStr(pszDirDomainName);
if (!pszDirName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } pszDotBegin = pszDirName; pszDotEnd = wcschr(pszDirName, L'.');
while (pszDotEnd) {
*pszDotEnd = L'\0';
wcscat(szName, L",DC="); wcscat(szName, pszDotBegin);
*pszDotEnd = L'.';
pszDotEnd += 1; pszDotBegin = pszDotEnd;
pszDotEnd = wcschr(pszDotEnd, L'.');
}
wcscat(szName, L",DC="); wcscat(szName, pszDotBegin);
pszDirFQPathName = AllocPolStr(szName); if (!pszDirFQPathName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
*ppszDirFQPathName = pszDirFQPathName;
cleanup:
if (pszDirName) { FreePolStr(pszDirName); }
return (dwError);
error:
*ppszDirFQPathName = NULL; goto cleanup; }
DWORD IPSecGetAssignedPolicyData( HANDLE hPolicyStore, PIPSEC_POLICY_DATA * ppIpsecPolicyData ) { DWORD dwError = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
switch (pPolicyStore->dwProvider) {
case IPSEC_REGISTRY_PROVIDER: dwError = RegGetAssignedPolicyData( (pPolicyStore->hRegistryKey), pPolicyStore->pszIpsecRootContainer, ppIpsecPolicyData ); break;
case IPSEC_WMI_PROVIDER: ////*ppIpsecPolicyData = NULL;
////dwError = ERROR_NOT_SUPPORTED;
dwError = ERROR_INVALID_PARAMETER; break;
default: dwError = ERROR_INVALID_PARAMETER; break;
}
return(dwError); }
DWORD IPSecExportPolicies( HANDLE hSrcPolicyStore, HANDLE hDesPolicyStore ) { DWORD dwError = 0; PIPSEC_POLICY_STORE pSrcPolicyStore = NULL; PIPSEC_POLICY_STORE pDesPolicyStore = NULL;
pSrcPolicyStore = (PIPSEC_POLICY_STORE) hSrcPolicyStore;
switch (pSrcPolicyStore->dwProvider) {
case IPSEC_REGISTRY_PROVIDER: case IPSEC_DIRECTORY_PROVIDER: break; case IPSEC_WMI_PROVIDER: ////dwError = ERROR_NOT_SUPPORTED;
////BAIL_ON_WIN32_ERROR(dwError);
break; default: dwError = ERROR_INVALID_PARAMETER; BAIL_ON_WIN32_ERROR(dwError); break; }
pDesPolicyStore = (PIPSEC_POLICY_STORE) hDesPolicyStore;
switch (pDesPolicyStore->dwProvider) {
case IPSEC_FILE_PROVIDER: dwError = ExportPoliciesToFile( hSrcPolicyStore, hDesPolicyStore ); BAIL_ON_WIN32_ERROR(dwError); break;
default: dwError = ERROR_INVALID_PARAMETER; BAIL_ON_WIN32_ERROR(dwError); break;
}
error:
return(dwError); }
DWORD IPSecImportPolicies( HANDLE hSrcPolicyStore, HANDLE hDesPolicyStore ) { DWORD dwError = 0; PIPSEC_POLICY_STORE pSrcPolicyStore = NULL; PIPSEC_POLICY_STORE pDesPolicyStore = NULL;
pSrcPolicyStore = (PIPSEC_POLICY_STORE) hSrcPolicyStore;
switch (pSrcPolicyStore->dwProvider) {
case IPSEC_FILE_PROVIDER: break;
default: dwError = ERROR_INVALID_PARAMETER; BAIL_ON_WIN32_ERROR(dwError); break;
}
pDesPolicyStore = (PIPSEC_POLICY_STORE) hDesPolicyStore;
switch (pDesPolicyStore->dwProvider) {
case IPSEC_REGISTRY_PROVIDER: case IPSEC_DIRECTORY_PROVIDER: dwError = ImportPoliciesFromFile( hSrcPolicyStore, hDesPolicyStore ); BAIL_ON_WIN32_ERROR(dwError); break; case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break; default: dwError = ERROR_INVALID_PARAMETER; BAIL_ON_WIN32_ERROR(dwError); break; } error: return(dwError); }
DWORD IPSecRestoreDefaultPolicies( HANDLE hPolicyStore ) { DWORD dwError = 0; PIPSEC_POLICY_STORE pPolicyStore = NULL;
pPolicyStore = (PIPSEC_POLICY_STORE) hPolicyStore;
switch (pPolicyStore->dwProvider) {
case IPSEC_REGISTRY_PROVIDER:
dwError = RegRestoreDefaults( hPolicyStore, pPolicyStore->hRegistryKey, pPolicyStore->pszIpsecRootContainer, pPolicyStore->pszLocationName ); BAIL_ON_WIN32_ERROR(dwError); break;
case IPSEC_DIRECTORY_PROVIDER:
dwError = ERROR_INVALID_PARAMETER; break;
case IPSEC_WMI_PROVIDER: dwError = ERROR_NOT_SUPPORTED; break;
default:
dwError = ERROR_INVALID_PARAMETER; break;
}
error:
return(dwError); }
HRESULT WriteDirectoryPolicyToWMI( LPWSTR pszMachineName, LPWSTR pszPolicyDN, PGPO_INFO pGPOInfo, IWbemServices *pWbemServices ) { DWORD dwError = 0; HRESULT hr = S_OK; PIPSEC_POLICY_OBJECT pIpsecPolicyObject = NULL; BOOL bDeepRead; if (!pGPOInfo || !pWbemServices) { hr = E_INVALIDARG; BAIL_ON_HRESULT_ERROR(hr); } bDeepRead = (pGPOInfo->uiPrecedence == 1); hr = ReadPolicyObjectFromDirectoryEx( pszMachineName, pszPolicyDN, bDeepRead, &pIpsecPolicyObject ); BAIL_ON_HRESULT_ERROR(hr);
hr = WritePolicyObjectDirectoryToWMI( pWbemServices, pIpsecPolicyObject, pGPOInfo ); BAIL_ON_HRESULT_ERROR(hr);
error: if (pIpsecPolicyObject) { FreeIpsecPolicyObject(pIpsecPolicyObject); }
return(hr); }
HRESULT IPSecClearWMIStore( IWbemServices *pWbemServices ) { HRESULT hr = S_OK; if (!pWbemServices) { hr = E_INVALIDARG; BAIL_ON_HRESULT_ERROR(hr); }
hr = DeleteWMIClassObject( pWbemServices, IPSEC_RSOP_CLASSNAME ); BAIL_ON_HRESULT_ERROR(hr);
error: return(hr); }
DWORD IPSecChooseDriverBootMode( HKEY hHKLMKey, DWORD dwStore, DWORD dwAction ) {
BOOL bRegPolicyAssigned = FALSE; BOOL bPersistentPolicyAssigned = FALSE; BOOL bDirectoryPolicyAssigned = FALSE; BOOL bComplementaryPolicyAssigned = FALSE; BOOL bBootmodeValueExists = FALSE; DWORD dwError = ERROR_SUCCESS;
dwError = IsRegvalueExist( hHKLMKey, gpszRegLocalContainer, gpActivePolicyKey, &bRegPolicyAssigned ); BAIL_ON_WIN32_ERROR(dwError); dwError = IsRegvalueExist( hHKLMKey, gpszRegPersistentContainer, gpActivePolicyKey, &bPersistentPolicyAssigned ); BAIL_ON_WIN32_ERROR(dwError); dwError = IsRegvalueExist( hHKLMKey, gpszIPsecDirContainer, gpDirectoryPolicyPointerKey, &bDirectoryPolicyAssigned ); BAIL_ON_WIN32_ERROR(dwError); bComplementaryPolicyAssigned = (dwStore == IPSEC_REGISTRY_PROVIDER && (bPersistentPolicyAssigned || bDirectoryPolicyAssigned)) || (dwStore == IPSEC_DIRECTORY_PROVIDER && (bPersistentPolicyAssigned || bRegPolicyAssigned)) || (dwStore == IPSEC_PERSISTENT_PROVIDER && (bDirectoryPolicyAssigned || bRegPolicyAssigned));
if (dwAction == POL_ACTION_ASSIGN && !bComplementaryPolicyAssigned) { dwError = IsRegvalueExist( hHKLMKey, REG_KEY_IPSEC_DRIVER_SERVICE, REG_VAL_IPSEC_OPERATIONMODE, &bBootmodeValueExists ); BAIL_ON_WIN32_ERROR(dwError); if (!bBootmodeValueExists) { dwError = IPSecSetDriverOperationMode( hHKLMKey, REG_IPSEC_DRIVER_STATEFULMODE ); BAIL_ON_WIN32_ERROR(dwError); } } else if (dwAction == POL_ACTION_UNASSIGN && !bComplementaryPolicyAssigned) { dwError = IPSecRegDeleteValue( hHKLMKey, REG_KEY_IPSEC_DRIVER_SERVICE, REG_VAL_IPSEC_OPERATIONMODE ); BAIL_ON_WIN32_ERROR(dwError); } return dwError; error: return dwError; }
DWORD IPSecSetDriverOperationMode( HKEY hHKLMKey, DWORD dwNewOperationMode ) { DWORD dwError = 0; HKEY hKey = NULL; dwError = RegOpenKeyExW( hHKLMKey, (LPCWSTR) REG_KEY_IPSEC_DRIVER_SERVICE, 0, KEY_ALL_ACCESS, &hKey ); BAIL_ON_WIN32_ERROR(dwError);
dwError = RegSetValueExW( hKey, REG_VAL_IPSEC_OPERATIONMODE, 0, REG_DWORD, (LPBYTE) &dwNewOperationMode, sizeof(DWORD) ); BAIL_ON_WIN32_ERROR(dwError); error: if (hKey) { RegCloseKey(hKey); }
return (dwError); }
DWORD IsRegvalueExist( HKEY hHKLMKey, LPWSTR pszKey, LPWSTR pszValue, BOOL * pbValueExists ) { DWORD dwError = 0; HKEY hKey = NULL; DWORD dwtype = 0; BOOL bValueExists = FALSE;
dwError = RegOpenKeyExW( hHKLMKey, (LPCWSTR) pszKey, 0, KEY_ALL_ACCESS, &hKey ); if (dwError == ERROR_FILE_NOT_FOUND) { // Container key doesn't exist so value doesn't exist anyway...
//
dwError = ERROR_SUCCESS; bValueExists = FALSE; } else { BAIL_ON_WIN32_ERROR(dwError); dwError = RegQueryValueExW( hKey, pszValue, 0, &dwtype, NULL, NULL ); if (dwError == ERROR_FILE_NOT_FOUND) { dwError = ERROR_SUCCESS; bValueExists = FALSE; } else { BAIL_ON_WIN32_ERROR(dwError);
// ERROR_SUCCESS means registry key found
//
bValueExists = TRUE; } } *pbValueExists = bValueExists; error: if (hKey) { RegCloseKey(hKey); }
return dwError; }
DWORD IPSecRegDeleteValue( HKEY hHKLMKey, LPWSTR pszKey, LPWSTR pszValue ) { HKEY hKey = NULL; DWORD dwtype = 0; DWORD dwError = 0; dwError = RegOpenKeyExW( hHKLMKey, (LPCWSTR) pszKey, 0, KEY_ALL_ACCESS, &hKey ); BAIL_ON_WIN32_ERROR(dwError); dwError = RegDeleteValueW( hKey, pszValue ); if (dwError == ERROR_FILE_NOT_FOUND) { dwError = ERROR_SUCCESS; }
BAIL_ON_WIN32_ERROR(dwError); error: if (hKey) { RegCloseKey(hKey); }
return (dwError); }
DWORD IsAnyPolicyAssigned ( HKEY hHKLMKey, BOOL * pbAnyPolicyAssigned ) { BOOL bAnyPolicyAssigned = FALSE; BOOL bRegPolicyAssigned = FALSE; BOOL bPersistentPolicyAssigned = FALSE; BOOL bDirectoryPolicyAssigned = FALSE; DWORD dwError = ERROR_SUCCESS;
dwError = IsRegvalueExist( hHKLMKey, gpszRegLocalContainer, gpActivePolicyKey, &bRegPolicyAssigned ); BAIL_ON_WIN32_ERROR(dwError);
if (!bRegPolicyAssigned) { dwError = IsRegvalueExist( hHKLMKey, gpszRegPersistentContainer, gpActivePolicyKey, &bPersistentPolicyAssigned ); BAIL_ON_WIN32_ERROR(dwError);
if (!bPersistentPolicyAssigned) { dwError = IsRegvalueExist( hHKLMKey, gpszIPsecDirContainer, gpDirectoryPolicyPointerKey, &bDirectoryPolicyAssigned ); BAIL_ON_WIN32_ERROR(dwError); } }
bAnyPolicyAssigned = bRegPolicyAssigned || bPersistentPolicyAssigned || bDirectoryPolicyAssigned;
*pbAnyPolicyAssigned = bAnyPolicyAssigned; error: return dwError; }
|