archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/net/ipsec/spd/server/mm-policy.c

1414 lines
30 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1999 Microsoft Corporation
  6. Module Name:
  8. mm-policy.c
  10. Abstract:
  13. Author:
  16. Environment: User Mode
  19. Revision History:
  22. --*/
  25. #include "precomp.h"
  26. #ifdef TRACE_ON
  27. #include "mm-policy.tmh"
  28. #endif
  31. DWORD
  32. AddMMPolicyInternal(
  33. LPWSTR pServerName,
  34. DWORD dwVersion,
  35. DWORD dwFlags,
  36. DWORD dwSource,
  37. PIPSEC_MM_POLICY pMMPolicy,
  38. LPVOID pvReserved
  39. )
  40. /*++
  42. Routine Description:
  44. This function adds a main mode policy to the SPD.
  46. Arguments:
  48. pServerName - Server on which the main mode policy is to be added.
  50. pMMPolicy - Main mode policy to be added.
  52. Return Value:
  54. ERROR_SUCCESS - Success.
  56. Win32 Error - Failure.
  58. --*/
  59. {
  60. DWORD dwError = 0;
  61. PINIMMPOLICY pIniMMPolicy = NULL;
  63. //
  64. // Validate the main mode policy.
  65. //
  67. dwError = ValidateMMPolicy(
  68. pMMPolicy
  69. );
  70. BAIL_ON_WIN32_ERROR(dwError);
  72. ENTER_SPD_SECTION();
  74. dwError = ValidateSecurity(
  75. SPD_OBJECT_SERVER,
  76. SERVER_ACCESS_ADMINISTER,
  77. NULL,
  78. NULL
  79. );
  80. BAIL_ON_LOCK_ERROR(dwError);
  82. pIniMMPolicy = FindMMPolicy(
  83. gpIniMMPolicy,
  84. pMMPolicy->pszPolicyName
  85. );
  86. if (pIniMMPolicy) {
  87. dwError = ERROR_IPSEC_MM_POLICY_EXISTS;
  88. BAIL_ON_LOCK_ERROR(dwError);
  89. }
  91. pIniMMPolicy = FindMMPolicyByGuid(
  92. gpIniMMPolicy,
  93. pMMPolicy->gPolicyID
  94. );
  95. if (pIniMMPolicy) {
  96. dwError = ERROR_IPSEC_MM_POLICY_EXISTS;
  97. BAIL_ON_LOCK_ERROR(dwError);
  98. }
  100. dwError = CreateIniMMPolicy(
  101. pMMPolicy,
  102. &pIniMMPolicy
  103. );
  104. if (dwError != WARNING_IPSEC_MM_POLICY_PRUNED) {
  105. BAIL_ON_LOCK_ERROR(dwError);
  106. }
  108. pIniMMPolicy->dwSource = dwSource;
  110. pIniMMPolicy->pNext = gpIniMMPolicy;
  111. gpIniMMPolicy = pIniMMPolicy;
  113. if ((pIniMMPolicy->dwFlags) & IPSEC_MM_POLICY_DEFAULT_POLICY) {
  114. gpIniDefaultMMPolicy = pIniMMPolicy;
  115. TRACE(
  116. TRC_INFORMATION,
  117. (L"Set default MM policy to \"%ls\" (%!guid!)",
  118. pMMPolicy->pszPolicyName,
  119. &pMMPolicy->gPolicyID)
  120. );
  121. }
  123. LEAVE_SPD_SECTION();
  125. TRACE(
  126. TRC_INFORMATION,
  127. (L"Added MM policy \"%ls\"(%!guid!)",
  128. pMMPolicy->pszPolicyName,
  129. &pMMPolicy->gPolicyID)
  130. );
  132. return (dwError);
  134. lock:
  136. LEAVE_SPD_SECTION();
  138. error:
  139. #ifdef TRACE_ON
  140. if (pMMPolicy) {
  141. TRACE(
  142. TRC_ERROR,
  143. (L"Failed to add MM policy \"%ls\"(%!guid!): %!winerr!",
  144. pMMPolicy->pszPolicyName,
  145. &pMMPolicy->gPolicyID,
  146. dwError)
  147. );
  148. } else {
  149. TRACE(
  150. TRC_ERROR,
  151. (L"Failed to add MM policy. Policy details unavailable since pMMPolicy is null: %!winerr!",
  152. dwError)
  153. );
  154. }
  155. #endif
  156. return (dwError);
  157. }
  159. DWORD
  160. AddMMPolicy(
  161. LPWSTR pServerName,
  162. DWORD dwVersion,
  163. DWORD dwFlags,
  164. PIPSEC_MM_POLICY pMMPolicy,
  165. LPVOID pvReserved
  166. )
  167. {
  168. return AddMMPolicyInternal(
  169. pServerName,
  170. dwVersion,
  171. dwFlags,
  172. IPSEC_SOURCE_WINIPSEC,
  173. pMMPolicy,
  174. pvReserved);
  175. }
  177. DWORD
  178. ValidateMMPolicy(
  179. PIPSEC_MM_POLICY pMMPolicy
  180. )
  181. {
  182. DWORD dwError = 0;
  185. if (!pMMPolicy) {
  186. dwError = ERROR_INVALID_PARAMETER;
  187. BAIL_ON_WIN32_ERROR(dwError);
  188. }
  190. if (!(pMMPolicy->pszPolicyName) || !(*(pMMPolicy->pszPolicyName))) {
  191. dwError = ERROR_INVALID_PARAMETER;
  192. BAIL_ON_WIN32_ERROR(dwError);
  193. }
  195. dwError = ValidateMMOffers(
  196. pMMPolicy->dwOfferCount,
  197. pMMPolicy->pOffers
  198. );
  199. BAIL_ON_WIN32_ERROR(dwError);
  201. error:
  202. #ifdef TRACE_ON
  203. if (dwError) {
  204. TRACE(TRC_ERROR, ("Failed MM policy validation: %!winerr!", dwError));
  205. }
  206. #endif
  208. return (dwError);
  209. }
  211. DWORD
  212. ValidateMMOffers(
  213. DWORD dwOfferCount,
  214. PIPSEC_MM_OFFER pOffers
  215. )
  216. {
  217. DWORD dwError = 0;
  219. if (!dwOfferCount || !pOffers || dwOfferCount > IPSEC_MAX_MM_OFFERS) {
  220. dwError = ERROR_INVALID_PARAMETER;
  221. BAIL_ON_WIN32_ERROR(dwError);
  222. }
  224. error:
  225. #ifdef TRACE_ON
  226. if (dwError) {
  227. TRACE(TRC_ERROR, ("Failed MM offers validation: %!winerr!", dwError));
  228. }
  229. #endif
  232. return (dwError);
  233. }
  235. DWORD
  236. ValidateMMOffer(
  237. PIPSEC_MM_OFFER pOffer
  238. )
  239. {
  240. DWORD dwError = 0;
  242. if ((pOffer->dwDHGroup != DH_GROUP_1) &&
  243. (pOffer->dwDHGroup != DH_GROUP_2) &&
  244. (pOffer->dwDHGroup != DH_GROUP_2048)) {
  245. dwError = ERROR_INVALID_PARAMETER;
  246. BAIL_ON_WIN32_ERROR(dwError);
  247. }
  249. if (pOffer->EncryptionAlgorithm.uAlgoIdentifier >= CONF_ALGO_MAX ||
  250. pOffer->EncryptionAlgorithm.uAlgoIdentifier == CONF_ALGO_NONE) {
  251. dwError = ERROR_INVALID_PARAMETER;
  252. BAIL_ON_WIN32_ERROR(dwError);
  253. }
  255. if (pOffer->HashingAlgorithm.uAlgoIdentifier >= AUTH_ALGO_MAX ||
  256. pOffer->HashingAlgorithm.uAlgoIdentifier == AUTH_ALGO_NONE) {
  257. dwError = ERROR_INVALID_PARAMETER;
  258. BAIL_ON_WIN32_ERROR(dwError);
  259. }
  261. error:
  262. #ifdef TRACE_ON
  263. if (dwError) {
  264. TRACE(TRC_ERROR, ("Failed a MM offer validation: %!winerr!", dwError));
  265. }
  266. #endif
  268. return (dwError);
  269. }
  271. DWORD
  272. CreateIniMMPolicy(
  273. PIPSEC_MM_POLICY pMMPolicy,
  274. PINIMMPOLICY * ppIniMMPolicy
  275. )
  276. {
  277. DWORD dwError = 0;
  278. PINIMMPOLICY pIniMMPolicy = NULL;
  281. dwError = AllocateSPDMemory(
  282. sizeof(INIMMPOLICY),
  283. &pIniMMPolicy
  284. );
  285. BAIL_ON_WIN32_ERROR(dwError);
  287. memcpy(
  288. &(pIniMMPolicy->gPolicyID),
  289. &(pMMPolicy->gPolicyID),
  290. sizeof(GUID)
  291. );
  293. dwError = AllocateSPDString(
  294. pMMPolicy->pszPolicyName,
  295. &(pIniMMPolicy->pszPolicyName)
  296. );
  297. BAIL_ON_WIN32_ERROR(dwError);
  299. pIniMMPolicy->cRef = 0;
  300. pIniMMPolicy->dwSource = 0;
  302. pIniMMPolicy->dwFlags = pMMPolicy->dwFlags;
  303. pIniMMPolicy->uSoftExpirationTime = pMMPolicy->uSoftExpirationTime;
  304. pIniMMPolicy->pNext = NULL;
  306. dwError = CreateIniMMOffers(
  307. pMMPolicy->dwOfferCount,
  308. pMMPolicy->pOffers,
  309. &(pIniMMPolicy->dwOfferCount),
  310. &(pIniMMPolicy->pOffers)
  311. );
  312. if (dwError != WARNING_IPSEC_MM_POLICY_PRUNED) {
  313. BAIL_ON_WIN32_ERROR(dwError);
  314. }
  316. *ppIniMMPolicy = pIniMMPolicy;
  317. return (dwError);
  319. error:
  320. TRACE(TRC_ERROR, ("Failed to create MM Policy link node: %!winerr!", dwError));
  322. if (pIniMMPolicy) {
  323. FreeIniMMPolicy(
  324. pIniMMPolicy
  325. );
  326. }
  328. *ppIniMMPolicy = NULL;
  329. return (dwError);
  330. }
  333. DWORD
  334. CreateIniMMOffers(
  335. DWORD dwInOfferCount,
  336. PIPSEC_MM_OFFER pInOffers,
  337. PDWORD pdwOfferCount,
  338. PIPSEC_MM_OFFER * ppOffers
  339. )
  340. {
  341. DWORD dwError = 0;
  342. PIPSEC_MM_OFFER pOffers = NULL;
  343. PIPSEC_MM_OFFER pTemp = NULL;
  344. PIPSEC_MM_OFFER pInTempOffer = NULL;
  345. DWORD i = 0;
  346. DWORD dwOfferCount = 0;
  347. DWORD dwCurIndex = 0;
  349. for (i = 0; i < dwInOfferCount; i++) {
  350. dwError = ValidateMMOffer(&pInOffers[i]);
  351. if (dwError == ERROR_SUCCESS) {
  352. dwOfferCount++;
  353. }
  354. }
  356. if (dwOfferCount == 0) {
  357. dwError = ERROR_INVALID_PARAMETER;
  358. BAIL_ON_WIN32_ERROR(dwError);
  359. }
  361. dwError = AllocateSPDMemory(
  362. sizeof(IPSEC_MM_OFFER) * dwOfferCount,
  363. &(pOffers)
  364. );
  365. BAIL_ON_WIN32_ERROR(dwError);
  367. for (i = 0; i < dwInOfferCount; i++) {
  369. pTemp = &pOffers[dwCurIndex];
  370. pInTempOffer = &pInOffers[i];
  372. dwError = ValidateMMOffer(pInTempOffer);
  373. if (dwError) {
  374. continue;
  375. }
  377. memcpy(
  378. &(pTemp->Lifetime),
  379. &(pInTempOffer->Lifetime),
  380. sizeof(KEY_LIFETIME)
  381. );
  382. if (!(pTemp->Lifetime.uKeyExpirationTime)) {
  383. pTemp->Lifetime.uKeyExpirationTime = DEFAULT_MM_KEY_EXPIRATION_TIME;
  384. }
  386. pTemp->dwFlags = pInTempOffer->dwFlags;
  387. pTemp->dwQuickModeLimit = pInTempOffer->dwQuickModeLimit;
  388. pTemp->dwDHGroup = pInTempOffer->dwDHGroup;
  390. memcpy(
  391. &(pTemp->EncryptionAlgorithm),
  392. &(pInTempOffer->EncryptionAlgorithm),
  393. sizeof(IPSEC_MM_ALGO)
  394. );
  395. memcpy(
  396. &(pTemp->HashingAlgorithm),
  397. &(pInTempOffer->HashingAlgorithm),
  398. sizeof(IPSEC_MM_ALGO)
  399. );
  401. dwCurIndex++;
  403. }
  405. *pdwOfferCount = dwOfferCount;
  406. *ppOffers = pOffers;
  408. if (dwOfferCount != dwInOfferCount) {
  409. TRACE(TRC_WARNING, ("Pruned MM offers node."));
  410. return WARNING_IPSEC_MM_POLICY_PRUNED;
  411. }
  412. return (ERROR_SUCCESS);
  414. error:
  415. TRACE(TRC_ERROR, ("Failed to create MM offers node: %!winerr!", dwError));
  417. if (pOffers) {
  418. FreeIniMMOffers(
  419. i,
  420. pOffers
  421. );
  422. }
  424. *pdwOfferCount = 0;
  425. *ppOffers = NULL;
  426. return (dwError);
  427. }
  430. VOID
  431. FreeIniMMPolicy(
  432. PINIMMPOLICY pIniMMPolicy
  433. )
  434. {
  435. if (pIniMMPolicy) {
  437. if (pIniMMPolicy->pszPolicyName) {
  438. FreeSPDString(pIniMMPolicy->pszPolicyName);
  439. }
  441. FreeIniMMOffers(
  442. pIniMMPolicy->dwOfferCount,
  443. pIniMMPolicy->pOffers
  444. );
  446. FreeSPDMemory(pIniMMPolicy);
  448. }
  449. }
  452. VOID
  453. FreeIniMMOffers(
  454. DWORD dwOfferCount,
  455. PIPSEC_MM_OFFER pOffers
  456. )
  457. {
  458. if (pOffers) {
  459. FreeSPDMemory(pOffers);
  460. }
  461. }
  464. PINIMMPOLICY
  465. FindMMPolicy(
  466. PINIMMPOLICY pIniMMPolicyList,
  467. LPWSTR pszPolicyName
  468. )
  469. {
  470. DWORD dwError = 0;
  471. PINIMMPOLICY pTemp = NULL;
  474. pTemp = pIniMMPolicyList;
  476. while (pTemp) {
  478. if (!_wcsicmp(pTemp->pszPolicyName, pszPolicyName)) {
  479. return (pTemp);
  480. }
  481. pTemp = pTemp->pNext;
  483. }
  485. return (NULL);
  486. }
  489. DWORD
  490. DeleteMMPolicy(
  491. LPWSTR pServerName,
  492. DWORD dwVersion,
  493. LPWSTR pszPolicyName,
  494. LPVOID pvReserved
  495. )
  496. /*++
  498. Routine Description:
  500. This function deletes a main mode policy from the SPD.
  502. Arguments:
  504. pServerName - Server on which the main mode policy is to be deleted.
  506. pszPolicyName - Main mode policy to be deleted.
  508. Return Value:
  510. ERROR_SUCCESS - Success.
  512. Win32 Error - Failure.
  514. --*/
  515. {
  516. DWORD dwError = 0;
  517. PINIMMPOLICY pIniMMPolicy = NULL;
  518. GUID gPolicyID;
  521. if (!pszPolicyName || !*pszPolicyName) {
  522. return (ERROR_INVALID_PARAMETER);
  523. }
  525. ENTER_SPD_SECTION();
  527. dwError = ValidateSecurity(
  528. SPD_OBJECT_SERVER,
  529. SERVER_ACCESS_ADMINISTER,
  530. NULL,
  531. NULL
  532. );
  533. BAIL_ON_LOCK_ERROR(dwError);
  535. pIniMMPolicy = FindMMPolicy(
  536. gpIniMMPolicy,
  537. pszPolicyName
  538. );
  539. if (!pIniMMPolicy) {
  540. dwError = ERROR_IPSEC_MM_POLICY_NOT_FOUND;
  541. BAIL_ON_LOCK_ERROR(dwError);
  542. }
  544. if (pIniMMPolicy->cRef) {
  545. dwError = ERROR_IPSEC_MM_POLICY_IN_USE;
  546. memcpy(&gPolicyID, &pIniMMPolicy->gPolicyID, sizeof(GUID));
  547. BAIL_ON_LOCK_ERROR(dwError);
  548. }
  550. memcpy(&gPolicyID, &pIniMMPolicy->gPolicyID, sizeof(GUID));
  552. dwError = DeleteIniMMPolicy(
  553. pIniMMPolicy
  554. );
  555. BAIL_ON_LOCK_ERROR(dwError);
  557. LEAVE_SPD_SECTION();
  559. if (gbIKENotify) {
  560. (VOID) IKENotifyPolicyChange(
  561. &(gPolicyID),
  562. POLICY_GUID_MM
  563. );
  564. }
  566. TRACE(
  567. TRC_INFORMATION,
  568. ("Deleted MM Policy \"%ls\"(%!guid!)",
  569. pszPolicyName,
  570. &gPolicyID)
  571. );
  573. return (dwError);
  575. lock:
  577. LEAVE_SPD_SECTION();
  579. #ifdef TRACE_ON
  580. if (pIniMMPolicy) {
  581. TRACE(
  582. TRC_ERROR,
  583. (L"Failed to delete MM policy \"%ls\"(%!guid!): %!winerr!",
  584. pIniMMPolicy->pszPolicyName,
  585. &pIniMMPolicy->gPolicyID,
  586. dwError)
  587. );
  588. } else {
  589. TRACE(
  590. TRC_ERROR,
  591. (L"Failed to delete MM policy \"%ls\": %!winerr!",
  592. pszPolicyName,
  593. dwError)
  594. );
  595. }
  596. #endif
  598. return (dwError);
  599. }
  602. DWORD
  603. EnumMMPolicies(
  604. LPWSTR pServerName,
  605. DWORD dwVersion,
  606. PIPSEC_MM_POLICY pMMTemplatePolicy,
  607. DWORD dwFlags,
  608. DWORD dwPreferredNumEntries,
  609. PIPSEC_MM_POLICY * ppMMPolicies,
  610. LPDWORD pdwNumPolicies,
  611. LPDWORD pdwResumeHandle,
  612. LPVOID pvReserved
  613. )
  614. /*++
  616. Routine Description:
  618. This function enumerates main mode policies from the SPD.
  620. Arguments:
  622. pServerName - Server on which the main mode policies are to
  623. be enumerated.
  625. ppMMPolicies - Enumerated main mode policies returned to the
  626. caller.
  628. dwPreferredNumEntries - Preferred number of enumeration entries.
  630. pdwNumPolicies - Number of main mode policies actually enumerated.
  632. pdwResumeHandle - Handle to the location in the main mode policy
  633. list from which to resume enumeration.
  635. Return Value:
  637. ERROR_SUCCESS - Success.
  639. Win32 Error - Failure.
  641. --*/
  642. {
  643. DWORD dwError = 0;
  644. DWORD dwResumeHandle = 0;
  645. DWORD dwNumToEnum = 0;
  646. PINIMMPOLICY pIniMMPolicy = NULL;
  647. DWORD i = 0;
  648. PINIMMPOLICY pTemp = NULL;
  649. DWORD dwNumPolicies = 0;
  650. PIPSEC_MM_POLICY pMMPolicies = NULL;
  651. PIPSEC_MM_POLICY pMMPolicy = NULL;
  654. dwResumeHandle = *pdwResumeHandle;
  656. if (!dwPreferredNumEntries || (dwPreferredNumEntries > MAX_MMPOLICY_ENUM_COUNT)) {
  657. dwNumToEnum = MAX_MMPOLICY_ENUM_COUNT;
  658. }
  659. else {
  660. dwNumToEnum = dwPreferredNumEntries;
  661. }
  663. ENTER_SPD_SECTION();
  665. dwError = ValidateSecurity(
  666. SPD_OBJECT_SERVER,
  667. SERVER_ACCESS_ADMINISTER,
  668. NULL,
  669. NULL
  670. );
  671. BAIL_ON_LOCK_ERROR(dwError);
  673. pIniMMPolicy = gpIniMMPolicy;
  675. for (i = 0; (i < dwResumeHandle) && (pIniMMPolicy != NULL); i++) {
  676. pIniMMPolicy = pIniMMPolicy->pNext;
  677. }
  679. if (!pIniMMPolicy) {
  680. dwError = ERROR_NO_DATA;
  681. BAIL_ON_LOCK_ERROR(dwError);
  682. }
  684. pTemp = pIniMMPolicy;
  686. while (pTemp && (dwNumPolicies < dwNumToEnum)) {
  687. dwNumPolicies++;
  688. pTemp = pTemp->pNext;
  689. }
  691. dwError = SPDApiBufferAllocate(
  692. sizeof(IPSEC_MM_POLICY)*dwNumPolicies,
  693. &pMMPolicies
  694. );
  695. BAIL_ON_LOCK_ERROR(dwError);
  697. pTemp = pIniMMPolicy;
  698. pMMPolicy = pMMPolicies;
  700. for (i = 0; i < dwNumPolicies; i++) {
  702. dwError = CopyMMPolicy(
  703. pTemp,
  704. pMMPolicy
  705. );
  706. BAIL_ON_LOCK_ERROR(dwError);
  708. pTemp = pTemp->pNext;
  709. pMMPolicy++;
  711. }
  713. *ppMMPolicies = pMMPolicies;
  714. *pdwResumeHandle = dwResumeHandle + dwNumPolicies;
  715. *pdwNumPolicies = dwNumPolicies;
  717. LEAVE_SPD_SECTION();
  719. TRACE(TRC_INFORMATION, (L"Enumerated policies."));
  721. return (dwError);
  723. lock:
  725. LEAVE_SPD_SECTION();
  727. if (pMMPolicies) {
  728. FreeMMPolicies(
  729. i,
  730. pMMPolicies
  731. );
  732. }
  734. *ppMMPolicies = NULL;
  735. *pdwResumeHandle = dwResumeHandle;
  736. *pdwNumPolicies = 0;
  738. TRACE(TRC_ERROR, ("Failed to enumerate policies: %!winerr!", dwError));
  740. return (dwError);
  741. }
  744. DWORD
  745. SetMMPolicy(
  746. LPWSTR pServerName,
  747. DWORD dwVersion,
  748. LPWSTR pszPolicyName,
  749. PIPSEC_MM_POLICY pMMPolicy,
  750. LPVOID pvReserved
  751. )
  752. /*++
  754. Routine Description:
  756. This function updates a main mode policy in the SPD.
  758. Arguments:
  760. pServerName - Server on which the main mode policy is to be
  761. updated.
  763. pszPolicyName - Name of the main mode policy to be updated.
  765. pMMPolicy - New main mode policy which will replace the
  766. existing policy.
  768. Return Value:
  770. ERROR_SUCCESS - Success.
  772. Win32 Error - Failure.
  774. --*/
  775. {
  776. DWORD dwError = 0;
  777. PINIMMPOLICY pIniMMPolicy = NULL;
  778. DWORD dwStatus = 0;
  780. if (!pszPolicyName || !*pszPolicyName) {
  781. return (ERROR_INVALID_PARAMETER);
  782. }
  784. //
  785. // Validate main mode policy.
  786. //
  788. dwError = ValidateMMPolicy(
  789. pMMPolicy
  790. );
  791. BAIL_ON_WIN32_ERROR(dwError);
  793. ENTER_SPD_SECTION();
  795. dwError = ValidateSecurity(
  796. SPD_OBJECT_SERVER,
  797. SERVER_ACCESS_ADMINISTER,
  798. NULL,
  799. NULL
  800. );
  801. BAIL_ON_LOCK_ERROR(dwError);
  803. pIniMMPolicy = FindMMPolicy(
  804. gpIniMMPolicy,
  805. pszPolicyName
  806. );
  807. if (!pIniMMPolicy) {
  808. dwError = ERROR_IPSEC_MM_POLICY_NOT_FOUND;
  809. BAIL_ON_LOCK_ERROR(dwError);
  810. }
  812. if (memcmp(
  813. &(pIniMMPolicy->gPolicyID),
  814. &(pMMPolicy->gPolicyID),
  815. sizeof(GUID))) {
  816. dwError = ERROR_INVALID_PARAMETER;
  817. BAIL_ON_LOCK_ERROR(dwError);
  818. }
  820. dwError = SetIniMMPolicy(
  821. pIniMMPolicy,
  822. pMMPolicy
  823. );
  824. if (dwError != WARNING_IPSEC_MM_POLICY_PRUNED) {
  825. BAIL_ON_LOCK_ERROR(dwError);
  826. } else {
  827. dwStatus = dwError;
  828. }
  830. LEAVE_SPD_SECTION();
  832. (VOID) IKENotifyPolicyChange(
  833. &(pMMPolicy->gPolicyID),
  834. POLICY_GUID_MM
  835. );
  837. TRACE(
  838. TRC_INFORMATION,
  839. (L"Changed MM Policy \"%ls\" (%!guid!)",
  840. pMMPolicy->pszPolicyName,
  841. &pMMPolicy->gPolicyID)
  842. );
  843. return (dwStatus);
  845. lock:
  847. LEAVE_SPD_SECTION();
  849. error:
  850. #ifdef TRACE_ON
  851. if (pIniMMPolicy) {
  852. TRACE(
  853. TRC_ERROR,
  854. (L"Failed to change MM policy \"%ls\"(%!guid!): %!winerr!",
  855. pIniMMPolicy->pszPolicyName,
  856. &pIniMMPolicy->gPolicyID,
  857. dwError)
  858. );
  859. } else {
  860. TRACE(
  861. TRC_ERROR,
  862. (L"Failed to change MM policy \"%ls\": %!winerr!",
  863. pszPolicyName,
  864. dwError)
  865. );
  866. }
  867. #endif
  870. return (dwError);
  871. }
  874. DWORD
  875. GetMMPolicy(
  876. LPWSTR pServerName,
  877. DWORD dwVersion,
  878. LPWSTR pszPolicyName,
  879. PIPSEC_MM_POLICY * ppMMPolicy,
  880. LPVOID pvReserved
  881. )
  882. /*++
  884. Routine Description:
  886. This function gets a main mode policy from the SPD.
  888. Arguments:
  890. pServerName - Server from which to get the main mode policy.
  892. pszPolicyName - Name of the main mode policy to get.
  894. ppMMPolicy - Main mode policy found returned to the caller.
  896. Return Value:
  898. ERROR_SUCCESS - Success.
  900. Win32 Error - Failure.
  902. --*/
  903. {
  904. DWORD dwError = 0;
  905. PINIMMPOLICY pIniMMPolicy = NULL;
  906. PIPSEC_MM_POLICY pMMPolicy = NULL;
  909. if (!pszPolicyName || !*pszPolicyName) {
  910. dwError = ERROR_INVALID_PARAMETER;
  911. BAIL_ON_WIN32_ERROR(dwError);
  912. }
  914. ENTER_SPD_SECTION();
  916. dwError = ValidateSecurity(
  917. SPD_OBJECT_SERVER,
  918. SERVER_ACCESS_ADMINISTER,
  919. NULL,
  920. NULL
  921. );
  922. BAIL_ON_LOCK_ERROR(dwError);
  924. pIniMMPolicy = FindMMPolicy(
  925. gpIniMMPolicy,
  926. pszPolicyName
  927. );
  928. if (!pIniMMPolicy) {
  929. dwError = ERROR_IPSEC_MM_POLICY_NOT_FOUND;
  930. BAIL_ON_LOCK_ERROR(dwError);
  931. }
  933. dwError = GetIniMMPolicy(
  934. pIniMMPolicy,
  935. &pMMPolicy
  936. );
  937. BAIL_ON_LOCK_ERROR(dwError);
  939. *ppMMPolicy = pMMPolicy;
  941. LEAVE_SPD_SECTION();
  942. return (dwError);
  944. lock:
  946. LEAVE_SPD_SECTION();
  948. error:
  950. *ppMMPolicy = NULL;
  951. return (dwError);
  952. }
  955. DWORD
  956. SetIniMMPolicy(
  957. PINIMMPOLICY pIniMMPolicy,
  958. PIPSEC_MM_POLICY pMMPolicy
  959. )
  960. {
  961. DWORD dwError = 0;
  962. DWORD dwOfferCount = 0;
  963. PIPSEC_MM_OFFER pOffers = NULL;
  965. dwError = CreateIniMMOffers(
  966. pMMPolicy->dwOfferCount,
  967. pMMPolicy->pOffers,
  968. &dwOfferCount,
  969. &pOffers
  970. );
  971. if (dwError != WARNING_IPSEC_MM_POLICY_PRUNED) {
  972. BAIL_ON_WIN32_ERROR(dwError);
  973. }
  975. FreeIniMMOffers(
  976. pIniMMPolicy->dwOfferCount,
  977. pIniMMPolicy->pOffers
  978. );
  980. if ((pIniMMPolicy->dwFlags) & IPSEC_MM_POLICY_DEFAULT_POLICY) {
  981. gpIniDefaultMMPolicy = NULL;
  982. TRACE(
  983. TRC_INFORMATION,
  984. (L"Cleared default MM policy \"%ls\" (%!guid!)",
  985. pIniMMPolicy->pszPolicyName,
  986. &pIniMMPolicy->gPolicyID)
  987. );
  988. }
  990. pIniMMPolicy->dwFlags = pMMPolicy->dwFlags;
  991. pIniMMPolicy->uSoftExpirationTime = pMMPolicy->uSoftExpirationTime;
  992. pIniMMPolicy->dwOfferCount = dwOfferCount;
  993. pIniMMPolicy->pOffers = pOffers;
  995. if ((pIniMMPolicy->dwFlags) & IPSEC_MM_POLICY_DEFAULT_POLICY) {
  996. gpIniDefaultMMPolicy = pIniMMPolicy;
  997. TRACE(
  998. TRC_INFORMATION,
  999. (L"Set default MM policy to \"%ls\" (%!guid!)",
  1000. pIniMMPolicy->pszPolicyName,
  1001. &pIniMMPolicy->gPolicyID)
  1002. );
  1004. }
  1006. error:
  1008. return (dwError);
  1009. }
  1012. DWORD
  1013. GetIniMMPolicy(
  1014. PINIMMPOLICY pIniMMPolicy,
  1015. PIPSEC_MM_POLICY * ppMMPolicy
  1016. )
  1017. {
  1018. DWORD dwError = 0;
  1019. PIPSEC_MM_POLICY pMMPolicy = NULL;
  1022. dwError = SPDApiBufferAllocate(
  1023. sizeof(IPSEC_MM_POLICY),
  1024. &pMMPolicy
  1025. );
  1026. BAIL_ON_WIN32_ERROR(dwError);
  1028. dwError = CopyMMPolicy(
  1029. pIniMMPolicy,
  1030. pMMPolicy
  1031. );
  1032. BAIL_ON_WIN32_ERROR(dwError);
  1034. *ppMMPolicy = pMMPolicy;
  1035. return (dwError);
  1037. error:
  1039. if (pMMPolicy) {
  1040. SPDApiBufferFree(pMMPolicy);
  1041. }
  1043. *ppMMPolicy = NULL;
  1044. return (dwError);
  1045. }
  1048. DWORD
  1049. CopyMMPolicy(
  1050. PINIMMPOLICY pIniMMPolicy,
  1051. PIPSEC_MM_POLICY pMMPolicy
  1052. )
  1053. {
  1054. DWORD dwError = 0;
  1057. memcpy(
  1058. &(pMMPolicy->gPolicyID),
  1059. &(pIniMMPolicy->gPolicyID),
  1060. sizeof(GUID)
  1061. );
  1063. dwError = SPDApiBufferAllocate(
  1064. wcslen(pIniMMPolicy->pszPolicyName)*sizeof(WCHAR)
  1065. + sizeof(WCHAR),
  1066. &(pMMPolicy->pszPolicyName)
  1067. );
  1068. BAIL_ON_WIN32_ERROR(dwError);
  1070. wcscpy(pMMPolicy->pszPolicyName, pIniMMPolicy->pszPolicyName);
  1072. pMMPolicy->dwFlags = pIniMMPolicy->dwFlags;
  1073. pMMPolicy->uSoftExpirationTime = pIniMMPolicy->uSoftExpirationTime;
  1075. dwError = CreateMMOffers(
  1076. pIniMMPolicy->dwOfferCount,
  1077. pIniMMPolicy->pOffers,
  1078. &(pMMPolicy->dwOfferCount),
  1079. &(pMMPolicy->pOffers)
  1080. );
  1081. BAIL_ON_WIN32_ERROR(dwError);
  1083. return (dwError);
  1085. error:
  1087. if (pMMPolicy->pszPolicyName) {
  1088. SPDApiBufferFree(pMMPolicy->pszPolicyName);
  1089. }
  1091. return (dwError);
  1092. }
  1095. DWORD
  1096. CreateMMOffers(
  1097. DWORD dwInOfferCount,
  1098. PIPSEC_MM_OFFER pInOffers,
  1099. PDWORD pdwOfferCount,
  1100. PIPSEC_MM_OFFER * ppOffers
  1101. )
  1102. {
  1103. DWORD dwError = 0;
  1104. PIPSEC_MM_OFFER pOffers = NULL;
  1105. PIPSEC_MM_OFFER pTemp = NULL;
  1106. PIPSEC_MM_OFFER pInTempOffer = NULL;
  1107. DWORD i = 0;
  1110. //
  1111. // Offer count and the offers themselves have already been validated.
  1112. //
  1114. dwError = SPDApiBufferAllocate(
  1115. sizeof(IPSEC_MM_OFFER) * dwInOfferCount,
  1116. &(pOffers)
  1117. );
  1118. BAIL_ON_WIN32_ERROR(dwError);
  1120. pTemp = pOffers;
  1121. pInTempOffer = pInOffers;
  1123. for (i = 0; i < dwInOfferCount; i++) {
  1125. memcpy(
  1126. &(pTemp->Lifetime),
  1127. &(pInTempOffer->Lifetime),
  1128. sizeof(KEY_LIFETIME)
  1129. );
  1131. pTemp->dwFlags = pInTempOffer->dwFlags;
  1132. pTemp->dwQuickModeLimit = pInTempOffer->dwQuickModeLimit;
  1133. pTemp->dwDHGroup = pInTempOffer->dwDHGroup;
  1135. memcpy(
  1136. &(pTemp->EncryptionAlgorithm),
  1137. &(pInTempOffer->EncryptionAlgorithm),
  1138. sizeof(IPSEC_MM_ALGO)
  1139. );
  1140. memcpy(
  1141. &(pTemp->HashingAlgorithm),
  1142. &(pInTempOffer->HashingAlgorithm),
  1143. sizeof(IPSEC_MM_ALGO)
  1144. );
  1146. pInTempOffer++;
  1147. pTemp++;
  1149. }
  1151. *pdwOfferCount = dwInOfferCount;
  1152. *ppOffers = pOffers;
  1153. return (dwError);
  1155. error:
  1156. TRACE(TRC_ERROR, ("Failed to create MM offers"));
  1158. if (pOffers) {
  1159. FreeMMOffers(
  1160. i,
  1161. pOffers
  1162. );
  1163. }
  1165. *pdwOfferCount = 0;
  1166. *ppOffers = NULL;
  1167. return (dwError);
  1168. }
  1171. DWORD
  1172. DeleteIniMMPolicy(
  1173. PINIMMPOLICY pIniMMPolicy
  1174. )
  1175. {
  1176. DWORD dwError = 0;
  1177. PINIMMPOLICY * ppTemp = NULL;
  1180. ppTemp = &gpIniMMPolicy;
  1182. while (*ppTemp) {
  1184. if (*ppTemp == pIniMMPolicy) {
  1185. break;
  1186. }
  1187. ppTemp = &((*ppTemp)->pNext);
  1189. }
  1191. if (*ppTemp) {
  1192. *ppTemp = pIniMMPolicy->pNext;
  1193. }
  1195. if ((pIniMMPolicy->dwFlags) & IPSEC_MM_POLICY_DEFAULT_POLICY) {
  1196. gpIniDefaultMMPolicy = NULL;
  1197. TRACE(
  1198. TRC_INFORMATION,
  1199. (L"Cleared default MM policy \"%ls\" (%!guid!)",
  1200. pIniMMPolicy->pszPolicyName,
  1201. &pIniMMPolicy->gPolicyID)
  1202. );
  1203. }
  1205. FreeIniMMPolicy(pIniMMPolicy);
  1207. return (dwError);
  1208. }
  1211. VOID
  1212. FreeMMOffers(
  1213. DWORD dwOfferCount,
  1214. PIPSEC_MM_OFFER pOffers
  1215. )
  1216. {
  1217. if (pOffers) {
  1218. SPDApiBufferFree(pOffers);
  1219. }
  1220. }
  1223. VOID
  1224. FreeIniMMPolicyList(
  1225. PINIMMPOLICY pIniMMPolicyList
  1226. )
  1227. {
  1228. PINIMMPOLICY pTemp = NULL;
  1229. PINIMMPOLICY pIniMMPolicy = NULL;
  1232. pTemp = pIniMMPolicyList;
  1234. while (pTemp) {
  1236. pIniMMPolicy = pTemp;
  1237. pTemp = pTemp->pNext;
  1239. FreeIniMMPolicy(pIniMMPolicy);
  1241. }
  1242. }
  1245. PINIMMPOLICY
  1246. FindMMPolicyByGuid(
  1247. PINIMMPOLICY pIniMMPolicyList,
  1248. GUID gPolicyID
  1249. )
  1250. {
  1251. DWORD dwError = 0;
  1252. PINIMMPOLICY pTemp = NULL;
  1255. pTemp = pIniMMPolicyList;
  1257. while (pTemp) {
  1259. if (!memcmp(&(pTemp->gPolicyID), &gPolicyID, sizeof(GUID))) {
  1260. return (pTemp);
  1261. }
  1262. pTemp = pTemp->pNext;
  1264. }
  1266. return (NULL);
  1267. }
  1270. VOID
  1271. FreeMMPolicies(
  1272. DWORD dwNumMMPolicies,
  1273. PIPSEC_MM_POLICY pMMPolicies
  1274. )
  1275. {
  1276. DWORD i = 0;
  1278. if (pMMPolicies) {
  1280. for (i = 0; i < dwNumMMPolicies; i++) {
  1282. if (pMMPolicies[i].pszPolicyName) {
  1283. SPDApiBufferFree(pMMPolicies[i].pszPolicyName);
  1284. }
  1286. FreeMMOffers(
  1287. pMMPolicies[i].dwOfferCount,
  1288. pMMPolicies[i].pOffers
  1289. );
  1291. }
  1293. SPDApiBufferFree(pMMPolicies);
  1295. }
  1297. }
  1300. DWORD
  1301. GetMMPolicyByID(
  1302. LPWSTR pServerName,
  1303. DWORD dwVersion,
  1304. GUID gMMPolicyID,
  1305. PIPSEC_MM_POLICY * ppMMPolicy,
  1306. LPVOID pvReserved
  1307. )
  1308. /*++
  1310. Routine Description:
  1312. This function gets a main mode policy from the SPD.
  1314. Arguments:
  1316. pServerName - Server from which to get the main mode policy.
  1318. gMMPolicyID - Guid of the main mode policy to get.
  1320. ppMMPolicy - Main mode policy found returned to the caller.
  1322. Return Value:
  1324. ERROR_SUCCESS - Success.
  1326. Win32 Error - Failure.
  1328. --*/
  1329. {
  1330. DWORD dwError = 0;
  1331. PINIMMPOLICY pIniMMPolicy = NULL;
  1332. PIPSEC_MM_POLICY pMMPolicy = NULL;
  1335. ENTER_SPD_SECTION();
  1337. dwError = ValidateSecurity(
  1338. SPD_OBJECT_SERVER,
  1339. SERVER_ACCESS_ADMINISTER,
  1340. NULL,
  1341. NULL
  1342. );
  1343. BAIL_ON_LOCK_ERROR(dwError);
  1345. pIniMMPolicy = FindMMPolicyByGuid(
  1346. gpIniMMPolicy,
  1347. gMMPolicyID
  1348. );
  1349. if (!pIniMMPolicy) {
  1350. dwError = ERROR_IPSEC_MM_POLICY_NOT_FOUND;
  1351. BAIL_ON_LOCK_ERROR(dwError);
  1352. }
  1354. dwError = GetIniMMPolicy(
  1355. pIniMMPolicy,
  1356. &pMMPolicy
  1357. );
  1358. BAIL_ON_LOCK_ERROR(dwError);
  1360. *ppMMPolicy = pMMPolicy;
  1362. LEAVE_SPD_SECTION();
  1363. return (dwError);
  1365. lock:
  1367. LEAVE_SPD_SECTION();
  1369. *ppMMPolicy = NULL;
  1370. return (dwError);
  1371. }
  1374. DWORD
  1375. LocateMMPolicy(
  1376. PMM_FILTER pMMFilter,
  1377. PINIMMPOLICY * ppIniMMPolicy
  1378. )
  1379. {
  1380. DWORD dwError = 0;
  1381. PINIMMPOLICY pIniMMPolicy = NULL;
  1384. if ((pMMFilter->dwFlags) & IPSEC_MM_POLICY_DEFAULT_POLICY) {
  1386. if (!gpIniDefaultMMPolicy) {
  1387. dwError = ERROR_IPSEC_DEFAULT_MM_POLICY_NOT_FOUND;
  1388. BAIL_ON_WIN32_ERROR(dwError);
  1389. }
  1390. pIniMMPolicy = gpIniDefaultMMPolicy;
  1392. }
  1393. else {
  1395. pIniMMPolicy = FindMMPolicyByGuid(
  1396. gpIniMMPolicy,
  1397. pMMFilter->gPolicyID
  1398. );
  1399. if (!pIniMMPolicy) {
  1400. dwError = ERROR_IPSEC_MM_POLICY_NOT_FOUND;
  1401. BAIL_ON_WIN32_ERROR(dwError);
  1402. }
  1404. }
  1406. *ppIniMMPolicy = pIniMMPolicy;
  1407. return (dwError);
  1409. error:
  1411. *ppIniMMPolicy = NULL;
  1412. return (dwError);
  1413. }