archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/net/ipsec/spd/server/address.c

622 lines
13 KiB
Raw Normal View History

commiting as it is
4 years ago
  4. #include"precomp.h"
  7. DWORD
  8. VerifyAddresses(
  9. PADDR pAddr,
  10. BOOL bAcceptMe,
  11. BOOL bIsDesAddr
  12. )
  13. {
  14. DWORD dwError = 0;
  15. BOOL bIsValid = FALSE;
  17. switch (pAddr->AddrType) {
  19. case IP_ADDR_UNIQUE:
  20. bIsValid = bIsValidIPAddress(
  21. ntohl(pAddr->uIpAddr),
  22. bAcceptMe,
  23. bIsDesAddr
  24. );
  25. if (!bIsValid) {
  26. dwError = ERROR_INVALID_PARAMETER;
  27. BAIL_ON_WIN32_ERROR(dwError);
  28. }
  29. if (pAddr->pgInterfaceID) {
  30. dwError = ERROR_INVALID_PARAMETER;
  31. BAIL_ON_WIN32_ERROR(dwError);
  32. }
  33. break;
  35. case IP_ADDR_SUBNET:
  36. dwError = VerifySubNetAddress(
  37. ntohl(pAddr->uIpAddr),
  38. ntohl(pAddr->uSubNetMask),
  39. bIsDesAddr
  40. );
  41. BAIL_ON_WIN32_ERROR(dwError);
  42. if (pAddr->pgInterfaceID) {
  43. dwError = ERROR_INVALID_PARAMETER;
  44. BAIL_ON_WIN32_ERROR(dwError);
  45. }
  46. break;
  48. case IP_ADDR_INTERFACE:
  49. if (pAddr->uIpAddr) {
  50. dwError = ERROR_INVALID_PARAMETER;
  51. BAIL_ON_WIN32_ERROR(dwError);
  52. }
  53. if (!(pAddr->pgInterfaceID)) {
  54. dwError = ERROR_INVALID_PARAMETER;
  55. BAIL_ON_WIN32_ERROR(dwError);
  56. }
  57. break;
  58. default:
  59. if (!IsSpecialServ(pAddr->AddrType)) {
  60. dwError = ERROR_INVALID_PARAMETER;
  61. BAIL_ON_WIN32_ERROR(dwError);
  62. }
  63. break;
  64. }
  66. error:
  68. return (dwError);
  69. }
  72. BOOL
  73. EqualAddresses(
  74. IN ADDR_V4 OldAddr,
  75. IN ADDR_V4 NewAddr
  76. )
  77. {
  78. BOOL bMatches = FALSE;
  80. if (OldAddr.AddrType == NewAddr.AddrType) {
  81. switch(OldAddr.AddrType) {
  82. case IP_ADDR_UNIQUE:
  83. if (OldAddr.uIpAddr == NewAddr.uIpAddr) {
  84. bMatches = TRUE;
  85. }
  86. break;
  87. case IP_ADDR_SUBNET:
  88. if ((OldAddr.uIpAddr == NewAddr.uIpAddr) &&
  89. (OldAddr.uSubNetMask == NewAddr.uSubNetMask)) {
  90. bMatches = TRUE;
  91. }
  92. break;
  93. case IP_ADDR_INTERFACE:
  94. if (!memcmp(
  95. &OldAddr.gInterfaceID,
  96. &NewAddr.gInterfaceID,
  97. sizeof(GUID)) &&
  98. (OldAddr.uIpAddr == NewAddr.uIpAddr)) {
  99. bMatches = TRUE;
  100. }
  101. break;
  102. }
  103. }
  105. return (bMatches);
  106. }
  109. VOID
  110. CopyAddresses(
  111. IN ADDR_V4 InAddr,
  112. OUT PADDR_V4 pOutAddr
  113. )
  114. {
  115. pOutAddr->AddrType = InAddr.AddrType;
  116. switch (InAddr.AddrType) {
  117. case IP_ADDR_UNIQUE:
  118. pOutAddr->uIpAddr = InAddr.uIpAddr;
  119. pOutAddr->uSubNetMask = IP_ADDRESS_MASK_NONE;
  120. memset(&pOutAddr->gInterfaceID, 0, sizeof(GUID));
  121. break;
  122. case IP_ADDR_SUBNET:
  123. pOutAddr->uIpAddr = InAddr.uIpAddr;
  124. pOutAddr->uSubNetMask = InAddr.uSubNetMask;
  125. memset(&pOutAddr->gInterfaceID, 0, sizeof(GUID));
  126. break;
  127. case IP_ADDR_INTERFACE:
  128. pOutAddr->uIpAddr = InAddr.uIpAddr;
  129. pOutAddr->uSubNetMask = IP_ADDRESS_MASK_NONE;
  130. memcpy(
  131. &pOutAddr->gInterfaceID,
  132. &InAddr.gInterfaceID,
  133. sizeof(GUID)
  134. );
  135. break;
  136. default:
  137. if (IsSpecialServ(InAddr.AddrType)) {
  138. pOutAddr->uIpAddr = InAddr.uIpAddr;
  139. pOutAddr->uSubNetMask = IP_ADDRESS_MASK_NONE;
  140. memset(&pOutAddr->gInterfaceID, 0, sizeof(GUID));
  141. }
  142. break;
  143. }
  144. }
  147. BOOL
  148. AddressesConflict(
  149. ADDR SrcAddr,
  150. ADDR DesAddr
  151. )
  152. {
  153. if ((SrcAddr.AddrType == IP_ADDR_UNIQUE) &&
  154. (DesAddr.AddrType == IP_ADDR_UNIQUE)) {
  156. if (SrcAddr.uIpAddr == DesAddr.uIpAddr) {
  157. return (TRUE);
  158. }
  160. }
  162. if ((SrcAddr.AddrType == IP_ADDR_INTERFACE) &&
  163. (DesAddr.AddrType == IP_ADDR_INTERFACE)) {
  164. return (TRUE);
  165. }
  167. if (IsSpecialServ(SrcAddr.AddrType) &&
  168. (SrcAddr.AddrType == DesAddr.AddrType)) {
  169. return (TRUE);
  170. }
  172. return (FALSE);
  173. }
  176. VOID
  177. FreeAddresses(
  178. ADDR Addr
  179. )
  180. {
  181. switch (Addr.AddrType) {
  183. case (IP_ADDR_UNIQUE):
  184. case (IP_ADDR_SUBNET):
  185. case (IP_ADDR_INTERFACE):
  186. break;
  188. }
  189. }
  192. DWORD
  193. VerifySubNetAddress(
  194. ULONG uSubNetAddr,
  195. ULONG uSubNetMask,
  196. BOOL bIsDesAddr
  197. )
  198. {
  199. DWORD dwError = 0;
  200. BOOL bIsValid = FALSE;
  202. if (uSubNetAddr == SUBNET_ADDRESS_ANY) {
  203. if (uSubNetMask != SUBNET_MASK_ANY) {
  204. dwError = ERROR_INVALID_PARAMETER;
  205. BAIL_ON_WIN32_ERROR(dwError);
  206. }
  207. }
  208. else {
  209. bIsValid = bIsValidSubnet(
  210. uSubNetAddr,
  211. uSubNetMask,
  212. bIsDesAddr
  213. );
  214. if (!bIsValid) {
  215. dwError = ERROR_INVALID_PARAMETER;
  216. BAIL_ON_WIN32_ERROR(dwError);
  217. }
  218. }
  220. error:
  222. return (dwError);
  223. }
  226. BOOL
  227. bIsValidIPMask(
  228. ULONG uMask
  229. )
  230. {
  231. BOOL bValidMask = FALSE;
  232. ULONG uTestMask = 0;
  234. //
  235. // Mask must be contiguous bits.
  236. //
  238. for (uTestMask = 0xFFFFFFFF; uTestMask; uTestMask <<= 1) {
  240. if (uTestMask == uMask) {
  241. bValidMask = TRUE;
  242. break;
  243. }
  245. }
  247. return (bValidMask);
  248. }
  251. BOOL
  252. bIsValidIPAddress(
  253. ULONG uIpAddr,
  254. BOOL bAcceptMe,
  255. BOOL bIsDesAddr
  256. )
  257. {
  258. ULONG uHostMask = IN_CLASSA_HOST; // Default host mask.
  261. //
  262. // Accept the address if its "me".
  263. //
  265. if (bAcceptMe) {
  266. if (uIpAddr == IP_ADDRESS_ME) {
  267. return TRUE;
  268. }
  269. }
  271. //
  272. // Reject if its a multicast address and is not the
  273. // destination address.
  274. //
  276. if (IN_CLASSD(uIpAddr)) {
  277. if (bIsDesAddr) {
  278. return TRUE;
  279. }
  280. else {
  281. return FALSE;
  282. }
  283. }
  285. //
  286. // Reject if its a Class E address.
  287. //
  289. if (IN_CLASSE(uIpAddr)) {
  290. return FALSE;
  291. }
  293. //
  294. // Reject if the first octet is zero.
  295. //
  297. if (!(IN_CLASSA_NET & uIpAddr)) {
  298. return FALSE;
  299. }
  301. return TRUE;
  302. }
  305. BOOL
  306. bIsValidSubnet(
  307. ULONG uIpAddr,
  308. ULONG uMask,
  309. BOOL bIsDesAddr
  310. )
  311. {
  312. ULONG uHostMask = 0;
  315. //
  316. // Reject if its a multicast address and is not the
  317. // destination address.
  318. //
  320. if (IN_CLASSD(uIpAddr)) {
  321. if (!bIsDesAddr) {
  322. return FALSE;
  323. }
  324. }
  326. //
  327. // Reject if its a Class E address.
  328. //
  330. if (IN_CLASSE(uIpAddr)) {
  331. return FALSE;
  332. }
  334. //
  335. // Reject if the first octet is zero.
  336. //
  338. if (!(IN_CLASSA_NET & uIpAddr)) {
  339. return FALSE;
  340. }
  342. //
  343. // If the mask is invalid then return.
  344. //
  346. if (!bIsValidIPMask(uMask)) {
  347. return FALSE;
  348. }
  350. //
  351. // Use the provided subnet mask to generate the host mask.
  352. //
  354. uHostMask = 0xFFFFFFFF ^ uMask;
  356. //
  357. // Accept address only when the host portion is zero, network
  358. // portion is non-zero and first octet is non-zero.
  359. //
  361. if (!(uHostMask & uIpAddr) &&
  362. (uMask & uIpAddr) &&
  363. (IN_CLASSA_NET & uIpAddr)) {
  364. return TRUE;
  365. }
  367. return FALSE;
  368. }
  371. BOOL
  372. MatchAddresses(
  373. ADDR_V4 AddrToMatch,
  374. ADDR AddrTemplate
  375. )
  376. {
  378. switch (AddrTemplate.AddrType) {
  380. case IP_ADDR_UNIQUE:
  381. if ((AddrToMatch.uIpAddr & AddrToMatch.uSubNetMask) !=
  382. (AddrTemplate.uIpAddr & AddrToMatch.uSubNetMask)) {
  383. return (FALSE);
  384. }
  385. break;
  387. case IP_ADDR_SUBNET:
  388. if ((AddrToMatch.uIpAddr & AddrToMatch.uSubNetMask) !=
  389. ((AddrTemplate.uIpAddr & AddrTemplate.uSubNetMask)
  390. & AddrToMatch.uSubNetMask)) {
  391. return (FALSE);
  392. }
  393. break;
  395. case IP_ADDR_INTERFACE:
  396. if (memcmp(
  397. &AddrToMatch.gInterfaceID,
  398. AddrTemplate.pgInterfaceID,
  399. sizeof(GUID))) {
  400. return (FALSE);
  401. }
  402. break;
  403. default:
  404. if (IsSpecialServ(AddrTemplate.AddrType)
  405. && IsSpecialServ(AddrToMatch.AddrType)) {
  406. return (AddrTemplate.AddrType == AddrToMatch.AddrType);
  407. }
  408. break;
  409. }
  411. return (TRUE);
  412. }
  415. DWORD
  416. ApplyMulticastFilterValidation(
  417. ADDR Addr,
  418. BOOL bCreateMirror
  419. )
  420. {
  421. DWORD dwError = 0;
  424. if (((Addr.AddrType == IP_ADDR_UNIQUE) ||
  425. (Addr.AddrType == IP_ADDR_SUBNET)) &&
  426. (IN_CLASSD(ntohl(Addr.uIpAddr))) &&
  427. bCreateMirror) {
  428. dwError = ERROR_INVALID_PARAMETER;
  429. BAIL_ON_WIN32_ERROR(dwError);
  430. }
  432. error:
  434. return (dwError);
  435. }
  438. BOOL
  439. EqualExtIntAddresses(
  440. IN ADDR_V4 OldAddr,
  441. IN ADDR NewAddr
  442. )
  443. {
  444. BOOL bMatches = FALSE;
  446. if (OldAddr.AddrType == NewAddr.AddrType) {
  447. switch(OldAddr.AddrType) {
  448. case IP_ADDR_UNIQUE:
  449. if (OldAddr.uIpAddr == NewAddr.uIpAddr) {
  450. bMatches = TRUE;
  451. }
  452. break;
  453. case IP_ADDR_SUBNET:
  454. if ((OldAddr.uIpAddr == NewAddr.uIpAddr) &&
  455. (OldAddr.uSubNetMask == NewAddr.uSubNetMask)) {
  456. bMatches = TRUE;
  457. }
  458. break;
  459. case IP_ADDR_INTERFACE:
  460. if (!memcmp(
  461. &OldAddr.gInterfaceID,
  462. NewAddr.pgInterfaceID,
  463. sizeof(GUID)) &&
  464. (OldAddr.uIpAddr == NewAddr.uIpAddr)) {
  465. bMatches = TRUE;
  466. }
  467. break;
  468. default:
  469. if (IsSpecialServ(OldAddr.AddrType)) {
  470. bMatches = TRUE;
  471. }
  472. break;
  473. }
  474. }
  476. return (bMatches);
  477. }
  480. VOID
  481. CopyExtToIntAddresses(
  482. IN ADDR InAddr,
  483. OUT PADDR_V4 pOutAddr
  484. )
  485. {
  486. pOutAddr->AddrType = InAddr.AddrType;
  487. switch (InAddr.AddrType) {
  488. case IP_ADDR_UNIQUE:
  489. pOutAddr->uIpAddr = InAddr.uIpAddr;
  490. pOutAddr->uSubNetMask = IP_ADDRESS_MASK_NONE;
  491. memset(&pOutAddr->gInterfaceID, 0, sizeof(GUID));
  492. break;
  493. case IP_ADDR_SUBNET:
  494. pOutAddr->uIpAddr = InAddr.uIpAddr;
  495. pOutAddr->uSubNetMask = InAddr.uSubNetMask;
  496. memset(&pOutAddr->gInterfaceID, 0, sizeof(GUID));
  497. break;
  498. case IP_ADDR_INTERFACE:
  499. pOutAddr->uIpAddr = InAddr.uIpAddr;
  500. pOutAddr->uSubNetMask = IP_ADDRESS_MASK_NONE;
  501. memcpy(
  502. &pOutAddr->gInterfaceID,
  503. InAddr.pgInterfaceID,
  504. sizeof(GUID)
  505. );
  506. break;
  507. default:
  508. if (IsSpecialServ(InAddr.AddrType)) {
  509. pOutAddr->uIpAddr = InAddr.uIpAddr;
  510. pOutAddr->uSubNetMask = IP_ADDRESS_MASK_NONE;
  511. memset(&pOutAddr->gInterfaceID, 0, sizeof(GUID));
  512. }
  513. break;
  514. }
  515. }
  518. DWORD
  519. CopyIntToExtAddresses(
  520. IN ADDR_V4 InAddr,
  521. OUT PADDR pOutAddr
  522. )
  523. {
  524. DWORD dwError = 0;
  527. pOutAddr->AddrType = InAddr.AddrType;
  528. switch (InAddr.AddrType) {
  529. case IP_ADDR_UNIQUE:
  530. pOutAddr->uIpAddr = InAddr.uIpAddr;
  531. pOutAddr->uSubNetMask = IP_ADDRESS_MASK_NONE;
  532. pOutAddr->pgInterfaceID = NULL;
  533. break;
  534. case IP_ADDR_SUBNET:
  535. pOutAddr->uIpAddr = InAddr.uIpAddr;
  536. pOutAddr->uSubNetMask = InAddr.uSubNetMask;
  537. pOutAddr->pgInterfaceID = NULL;
  538. break;
  539. case IP_ADDR_INTERFACE:
  540. pOutAddr->uIpAddr = InAddr.uIpAddr;
  541. pOutAddr->uSubNetMask = IP_ADDRESS_MASK_NONE;
  542. dwError = SPDApiBufferAllocate(
  543. sizeof(GUID),
  544. &(pOutAddr->pgInterfaceID)
  545. );
  546. BAIL_ON_WIN32_ERROR(dwError);
  547. memcpy(
  548. pOutAddr->pgInterfaceID,
  549. &InAddr.gInterfaceID,
  550. sizeof(GUID)
  551. );
  552. break;
  553. default:
  554. if (IsSpecialServ(InAddr.AddrType)) {
  555. pOutAddr->uIpAddr = InAddr.uIpAddr;
  556. pOutAddr->uSubNetMask = IP_ADDRESS_MASK_NONE;
  557. pOutAddr->pgInterfaceID = NULL;
  558. }
  559. break;
  561. }
  563. error:
  565. return (dwError);
  566. }
  568. DWORD
  569. ValidateAddr(
  570. PADDR pAddr
  571. )
  572. {
  573. DWORD dwError = 0;
  575. __try {
  576. if (pAddr->AddrType == IP_ADDR_INTERFACE) {
  577. if (!(pAddr->pgInterfaceID)) {
  578. dwError = ERROR_INVALID_PARAMETER;
  579. BAIL_ON_WIN32_ERROR(dwError);
  580. }
  581. }
  582. else {
  583. if (pAddr->pgInterfaceID) {
  584. dwError = ERROR_INVALID_PARAMETER;
  585. BAIL_ON_WIN32_ERROR(dwError);
  586. }
  587. }
  588. } __except(EXCEPTION_EXECUTE_HANDLER) {
  589. dwError = ERROR_INVALID_PARAMETER;
  590. }
  592. error:
  594. return (dwError);
  595. }
  598. DWORD
  599. ValidateQMFilterAddresses(
  600. PIPSEC_QM_FILTER pIpsecQMFilter
  601. )
  602. {
  603. DWORD dwError = 0;
  606. dwError = ValidateAddr(&(pIpsecQMFilter->SrcAddr));
  607. BAIL_ON_WIN32_ERROR(dwError);
  609. dwError = ValidateAddr(&(pIpsecQMFilter->DesAddr));
  610. BAIL_ON_WIN32_ERROR(dwError);
  612. dwError = ValidateAddr(&(pIpsecQMFilter->MyTunnelEndpt));
  613. BAIL_ON_WIN32_ERROR(dwError);
  615. dwError = ValidateAddr(&(pIpsecQMFilter->PeerTunnelEndpt));
  616. BAIL_ON_WIN32_ERROR(dwError);
  618. error:
  620. return (dwError);
  621. }