archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/net/ipsec/spd/server/mmauth.c

1247 lines
28 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1999 Microsoft Corporation
  6. Module Name:
  8. mmauth.c
  10. Abstract:
  13. Author:
  15. abhishev 06-January-2000
  17. Environment: User Mode
  20. Revision History:
  23. --*/
  26. #include "precomp.h"
  27. #ifdef TRACE_ON
  28. #include "mmauth.tmh"
  29. #endif
  32. DWORD
  33. WINAPI
  34. IntAddMMAuthMethods(
  35. LPWSTR pServerName,
  36. DWORD dwVersion,
  37. DWORD dwFlags,
  38. DWORD dwSource,
  39. PINT_MM_AUTH_METHODS pMMAuthMethods,
  40. LPVOID pvReserved
  41. )
  42. /*++
  44. Routine Description:
  46. This function adds main mode auths to the SPD.
  48. Arguments:
  50. pServerName - Server on which the main mode auths are to be added.
  52. pMMAuthMethods - Main mode auths to be added.
  54. Return Value:
  56. ERROR_SUCCESS - Success.
  58. Win32 Error - Failure.
  60. --*/
  61. {
  62. DWORD dwError = 0;
  63. PINIMMAUTHMETHODS pIniMMAuthMethods = NULL;
  65. //
  66. // Validate the main mode auth methods.
  67. //
  69. dwError = IntValidateMMAuthMethods(
  70. pMMAuthMethods
  71. );
  72. BAIL_ON_WIN32_ERROR(dwError);
  74. ENTER_SPD_SECTION();
  76. dwError = ValidateSecurity(
  77. SPD_OBJECT_SERVER,
  78. SERVER_ACCESS_ADMINISTER,
  79. NULL,
  80. NULL
  81. );
  82. BAIL_ON_LOCK_ERROR(dwError);
  84. pIniMMAuthMethods = FindMMAuthMethods(
  85. gpIniMMAuthMethods,
  86. pMMAuthMethods->gMMAuthID
  87. );
  88. if (pIniMMAuthMethods) {
  89. dwError = ERROR_IPSEC_MM_AUTH_EXISTS;
  90. BAIL_ON_LOCK_ERROR(dwError);
  91. }
  93. dwError = CreateIniMMAuthMethods(
  94. pMMAuthMethods,
  95. &pIniMMAuthMethods
  96. );
  97. BAIL_ON_LOCK_ERROR(dwError);
  99. pIniMMAuthMethods->dwSource = dwSource;
  101. pIniMMAuthMethods->pNext = gpIniMMAuthMethods;
  102. gpIniMMAuthMethods = pIniMMAuthMethods;
  104. if ((pIniMMAuthMethods->dwFlags) & IPSEC_MM_AUTH_DEFAULT_AUTH) {
  105. gpIniDefaultMMAuthMethods = pIniMMAuthMethods;
  106. TRACE(
  107. TRC_INFORMATION,
  108. (L"Set default MM auth methods to %!guid!",
  109. &pIniMMAuthMethods->gMMAuthID)
  110. );
  111. }
  113. LEAVE_SPD_SECTION();
  115. TRACE(
  116. TRC_INFORMATION,
  117. (L"Added MM auth methods %!guid!",
  118. &pIniMMAuthMethods->gMMAuthID)
  119. );
  121. return (dwError);
  123. lock:
  125. LEAVE_SPD_SECTION();
  127. error:
  128. #ifdef TRACE_ON
  129. if (pMMAuthMethods) {
  130. TRACE(
  131. TRC_ERROR,
  132. (L"Failed to add MM auth methods %!guid!: %!winerr!",
  133. &pMMAuthMethods->gMMAuthID,
  134. dwError)
  135. );
  136. } else {
  137. TRACE(
  138. TRC_ERROR,
  139. (L"Failed to add MM auth methods. Details unvailable since pMMAuthMethods is null: %!winerr!",
  140. dwError)
  141. );
  142. }
  143. #endif
  146. return (dwError);
  147. }
  149. DWORD
  150. IntValidateMMAuthMethods(
  151. PINT_MM_AUTH_METHODS pMMAuthMethods
  152. )
  153. {
  154. DWORD dwError = 0;
  155. DWORD i = 0;
  156. PINT_IPSEC_MM_AUTH_INFO pTemp = NULL;
  157. DWORD dwNumAuthInfos = 0;
  158. PINT_IPSEC_MM_AUTH_INFO pAuthenticationInfo = NULL;
  159. BOOL bSSPI = FALSE;
  160. BOOL bPresharedKey = FALSE;
  163. if (!pMMAuthMethods) {
  164. dwError = ERROR_INVALID_PARAMETER;
  165. BAIL_ON_WIN32_ERROR(dwError);
  166. }
  168. dwNumAuthInfos = pMMAuthMethods->dwNumAuthInfos;
  169. pAuthenticationInfo = pMMAuthMethods->pAuthenticationInfo;
  171. if (!dwNumAuthInfos || !pAuthenticationInfo) {
  172. dwError = ERROR_INVALID_PARAMETER;
  173. BAIL_ON_WIN32_ERROR(dwError);
  174. }
  176. //
  177. // Need to catch the exception when the number of auth infos
  178. // specified is more than the actual number of auth infos.
  179. //
  182. pTemp = pAuthenticationInfo;
  184. for (i = 0; i < dwNumAuthInfos; i++) {
  186. if ((pTemp->AuthMethod != IKE_PRESHARED_KEY) &&
  187. (pTemp->AuthMethod != IKE_RSA_SIGNATURE) &&
  188. (pTemp->AuthMethod != IKE_SSPI)) {
  189. dwError = ERROR_INVALID_PARAMETER;
  190. BAIL_ON_WIN32_ERROR(dwError);
  191. }
  193. if (pTemp->AuthMethod != IKE_SSPI) {
  194. if (!(pTemp->dwAuthInfoSize) || !(pTemp->pAuthInfo)) {
  195. dwError = ERROR_INVALID_PARAMETER;
  196. BAIL_ON_WIN32_ERROR(dwError);
  197. }
  198. }
  200. if (pTemp->AuthMethod == IKE_SSPI) {
  201. if (bSSPI) {
  202. dwError = ERROR_INVALID_PARAMETER;
  203. BAIL_ON_WIN32_ERROR(dwError);
  204. }
  205. bSSPI = TRUE;
  206. }
  208. if (pTemp->AuthMethod == IKE_PRESHARED_KEY) {
  209. if (bPresharedKey) {
  210. dwError = ERROR_INVALID_PARAMETER;
  211. BAIL_ON_WIN32_ERROR(dwError);
  212. }
  213. bPresharedKey = TRUE;
  214. }
  216. pTemp++;
  218. }
  220. error:
  221. #ifdef TRACE_ON
  222. if (dwError) {
  223. if (pMMAuthMethods) {
  224. TRACE(
  225. TRC_ERROR,
  226. (L"Failed MM Auth method validation %!guid!: %!winerr!",
  227. &pMMAuthMethods->gMMAuthID,
  228. dwError)
  229. );
  230. } else {
  231. TRACE(
  232. TRC_ERROR,
  233. (L"Failed MM Auth method validation. No details available since pMMAuthMethods is null : %!winerr!",
  234. dwError)
  235. );
  236. }
  237. }
  238. #endif
  240. return (dwError);
  241. }
  244. PINIMMAUTHMETHODS
  245. FindMMAuthMethods(
  246. PINIMMAUTHMETHODS pIniMMAuthMethods,
  247. GUID gMMAuthID
  248. )
  249. {
  250. DWORD dwError = 0;
  251. PINIMMAUTHMETHODS pTemp = NULL;
  254. pTemp = pIniMMAuthMethods;
  256. while (pTemp) {
  258. if (!memcmp(&(pTemp->gMMAuthID), &gMMAuthID, sizeof(GUID))) {
  259. return (pTemp);
  260. }
  261. pTemp = pTemp->pNext;
  263. }
  265. return (NULL);
  266. }
  269. DWORD
  270. CreateIniMMAuthMethods(
  271. PINT_MM_AUTH_METHODS pMMAuthMethods,
  272. PINIMMAUTHMETHODS * ppIniMMAuthMethods
  273. )
  274. {
  275. DWORD dwError = 0;
  276. PINIMMAUTHMETHODS pIniMMAuthMethods = NULL;
  279. dwError = AllocateSPDMemory(
  280. sizeof(INIMMAUTHMETHODS),
  281. &pIniMMAuthMethods
  282. );
  283. BAIL_ON_WIN32_ERROR(dwError);
  285. memcpy(
  286. &(pIniMMAuthMethods->gMMAuthID),
  287. &(pMMAuthMethods->gMMAuthID),
  288. sizeof(GUID)
  289. );
  291. pIniMMAuthMethods->dwFlags = pMMAuthMethods->dwFlags;
  292. pIniMMAuthMethods->cRef = 0;
  293. pIniMMAuthMethods->dwSource = 0;
  294. pIniMMAuthMethods->pNext = NULL;
  296. dwError = CreateIniMMAuthInfos(
  297. pMMAuthMethods->dwNumAuthInfos,
  298. pMMAuthMethods->pAuthenticationInfo,
  299. &(pIniMMAuthMethods->dwNumAuthInfos),
  300. &(pIniMMAuthMethods->pAuthenticationInfo)
  301. );
  302. BAIL_ON_WIN32_ERROR(dwError);
  304. *ppIniMMAuthMethods = pIniMMAuthMethods;
  305. return (dwError);
  307. error:
  308. TRACE(
  309. TRC_ERROR,
  310. ("Failed to create MM auth method node %!guid!: %!winerr!",
  311. &pMMAuthMethods->gMMAuthID,
  312. dwError)
  313. );
  315. if (pIniMMAuthMethods) {
  316. FreeIniMMAuthMethods(
  317. pIniMMAuthMethods
  318. );
  319. }
  321. *ppIniMMAuthMethods = NULL;
  322. return (dwError);
  323. }
  326. DWORD
  327. CreateIniMMAuthInfos(
  328. DWORD dwInNumAuthInfos,
  329. PINT_IPSEC_MM_AUTH_INFO pInAuthenticationInfo,
  330. PDWORD pdwNumAuthInfos,
  331. PINT_IPSEC_MM_AUTH_INFO * ppAuthenticationInfo
  332. )
  333. {
  334. DWORD dwError = 0;
  335. PINT_IPSEC_MM_AUTH_INFO pAuthenticationInfo = NULL;
  336. PINT_IPSEC_MM_AUTH_INFO pTemp = NULL;
  337. PINT_IPSEC_MM_AUTH_INFO pInTemp = NULL;
  338. DWORD i = 0;
  341. //
  342. // Number of auth infos and the auth infos themselves
  343. // have already been validated.
  344. //
  346. dwError = AllocateSPDMemory(
  347. sizeof(INT_IPSEC_MM_AUTH_INFO) * dwInNumAuthInfos,
  348. &(pAuthenticationInfo)
  349. );
  350. BAIL_ON_WIN32_ERROR(dwError);
  352. pTemp = pAuthenticationInfo;
  353. pInTemp = pInAuthenticationInfo;
  355. for (i = 0; i < dwInNumAuthInfos; i++) {
  357. pTemp->AuthMethod = pInTemp->AuthMethod;
  358. pTemp->dwAuthFlags = pInTemp->dwAuthFlags;
  360. if (pInTemp->AuthMethod == IKE_SSPI) {
  362. pTemp->dwAuthInfoSize = 0;
  363. pTemp->pAuthInfo = NULL;
  365. }
  366. else {
  368. if (!(pInTemp->dwAuthInfoSize) || !(pInTemp->pAuthInfo)) {
  369. dwError = ERROR_INVALID_PARAMETER;
  370. BAIL_ON_WIN32_ERROR(dwError);
  371. }
  373. dwError = AllocateSPDMemory(
  374. pInTemp->dwAuthInfoSize,
  375. &(pTemp->pAuthInfo)
  376. );
  377. BAIL_ON_WIN32_ERROR(dwError);
  379. pTemp->dwAuthInfoSize = pInTemp->dwAuthInfoSize;
  381. //
  382. // Need to catch the exception when the size of auth info
  383. // specified is more than the actual size. This can
  384. // not be checked earlier in the validation routine.
  385. //
  386. //
  388. memcpy(
  389. pTemp->pAuthInfo,
  390. pInTemp->pAuthInfo,
  391. pInTemp->dwAuthInfoSize
  392. );
  394. }
  396. pInTemp++;
  397. pTemp++;
  399. }
  401. *pdwNumAuthInfos = dwInNumAuthInfos;
  402. *ppAuthenticationInfo = pAuthenticationInfo;
  403. return (dwError);
  405. error:
  406. TRACE(TRC_ERROR, ("Failed to create MM auth infos node: %!winerr!", dwError));
  408. if (pAuthenticationInfo) {
  409. FreeIniMMAuthInfos(
  410. i,
  411. pAuthenticationInfo
  412. );
  413. }
  415. *pdwNumAuthInfos = 0;
  416. *ppAuthenticationInfo = NULL;
  417. return (dwError);
  418. }
  421. VOID
  422. FreeIniMMAuthMethods(
  423. PINIMMAUTHMETHODS pIniMMAuthMethods
  424. )
  425. {
  426. if (pIniMMAuthMethods) {
  428. FreeIniMMAuthInfos(
  429. pIniMMAuthMethods->dwNumAuthInfos,
  430. pIniMMAuthMethods->pAuthenticationInfo
  431. );
  433. FreeSPDMemory(pIniMMAuthMethods);
  435. }
  436. }
  439. VOID
  440. FreeIniMMAuthInfos(
  441. DWORD dwNumAuthInfos,
  442. PINT_IPSEC_MM_AUTH_INFO pAuthenticationInfo
  443. )
  444. {
  445. DWORD i = 0;
  446. PINT_IPSEC_MM_AUTH_INFO pTemp = NULL;
  449. if (pAuthenticationInfo) {
  451. pTemp = pAuthenticationInfo;
  453. for (i = 0; i < dwNumAuthInfos; i++) {
  454. if (pTemp->pAuthInfo) {
  455. FreeSPDMemory(pTemp->pAuthInfo);
  456. }
  457. pTemp++;
  458. }
  460. FreeSPDMemory(pAuthenticationInfo);
  462. }
  463. }
  466. DWORD
  467. WINAPI
  468. DeleteMMAuthMethods(
  469. LPWSTR pServerName,
  470. DWORD dwVersion,
  471. GUID gMMAuthID,
  472. LPVOID pvReserved
  473. )
  474. /*++
  476. Routine Description:
  478. This function deletes main mode auth methods from the SPD.
  480. Arguments:
  482. pServerName - Server on which the main mode auth methods
  483. are to be deleted.
  485. gMMAuthID - Main mode methods to be deleted.
  487. Return Value:
  489. ERROR_SUCCESS - Success.
  491. Win32 Error - Failure.
  493. --*/
  494. {
  495. DWORD dwError = 0;
  496. PINIMMAUTHMETHODS pIniMMAuthMethods = NULL;
  499. ENTER_SPD_SECTION();
  501. dwError = ValidateSecurity(
  502. SPD_OBJECT_SERVER,
  503. SERVER_ACCESS_ADMINISTER,
  504. NULL,
  505. NULL
  506. );
  507. BAIL_ON_LOCK_ERROR(dwError);
  509. pIniMMAuthMethods = FindMMAuthMethods(
  510. gpIniMMAuthMethods,
  511. gMMAuthID
  512. );
  513. if (!pIniMMAuthMethods) {
  514. dwError = ERROR_IPSEC_MM_AUTH_NOT_FOUND;
  515. BAIL_ON_LOCK_ERROR(dwError);
  516. }
  518. if (pIniMMAuthMethods->cRef) {
  519. dwError = ERROR_IPSEC_MM_AUTH_IN_USE;
  520. BAIL_ON_LOCK_ERROR(dwError);
  521. }
  523. dwError = DeleteIniMMAuthMethods(
  524. pIniMMAuthMethods
  525. );
  526. BAIL_ON_LOCK_ERROR(dwError);
  528. LEAVE_SPD_SECTION();
  530. if (gbIKENotify) {
  531. (VOID) IKENotifyPolicyChange(
  532. &(gMMAuthID),
  533. POLICY_GUID_AUTH
  534. );
  535. }
  537. TRACE(
  538. TRC_INFORMATION,
  539. (L"Deleted MM auth methods %!guid!",
  540. &gMMAuthID)
  541. );
  543. return (dwError);
  545. lock:
  546. TRACE(
  547. TRC_ERROR,
  548. (L"Failed to delete MM auth methods %!guid!: %!winerr!",
  549. &gMMAuthID,
  550. dwError)
  551. );
  553. LEAVE_SPD_SECTION();
  555. return (dwError);
  556. }
  559. DWORD
  560. DeleteIniMMAuthMethods(
  561. PINIMMAUTHMETHODS pIniMMAuthMethods
  562. )
  563. {
  564. DWORD dwError = 0;
  565. PINIMMAUTHMETHODS * ppTemp = NULL;
  568. ppTemp = &gpIniMMAuthMethods;
  570. while (*ppTemp) {
  572. if (*ppTemp == pIniMMAuthMethods) {
  573. break;
  574. }
  575. ppTemp = &((*ppTemp)->pNext);
  577. }
  579. if (*ppTemp) {
  580. *ppTemp = pIniMMAuthMethods->pNext;
  581. }
  583. if ((pIniMMAuthMethods->dwFlags) & IPSEC_MM_AUTH_DEFAULT_AUTH) {
  584. gpIniDefaultMMAuthMethods = NULL;
  585. TRACE(
  586. TRC_INFORMATION,
  587. (L"Cleared default MM auth methods")
  588. );
  589. }
  591. FreeIniMMAuthMethods(pIniMMAuthMethods);
  593. return (dwError);
  594. }
  597. DWORD
  598. WINAPI
  599. IntEnumMMAuthMethods(
  600. LPWSTR pServerName,
  601. DWORD dwVersion,
  602. PINT_MM_AUTH_METHODS pMMTemplateAuthMethods,
  603. DWORD dwFlags,
  604. DWORD dwPreferredNumEntries,
  605. PINT_MM_AUTH_METHODS * ppMMAuthMethods,
  606. LPDWORD pdwNumAuthMethods,
  607. LPDWORD pdwResumeHandle,
  608. LPVOID pvReserved
  609. )
  610. /*++
  612. Routine Description:
  614. This function enumerates main mode auth methods from the SPD.
  616. Arguments:
  618. pServerName - Server on which the main mode auth methods are to
  619. be enumerated.
  621. ppMMAuthMethods - Enumerated main mode auth methods returned to
  622. the caller.
  624. dwPreferredNumEntries - Preferred number of enumeration entries.
  626. pdwNumAuthMethods - Number of main mode auth methods actually
  627. enumerated.
  629. pdwResumeHandle - Handle to the location in the main mode auth
  630. methods list from which to resume enumeration.
  632. Return Value:
  634. ERROR_SUCCESS - Success.
  636. Win32 Error - Failure.
  638. --*/
  639. {
  640. DWORD dwError = 0;
  641. DWORD dwResumeHandle = 0;
  642. DWORD dwNumToEnum = 0;
  643. PINIMMAUTHMETHODS pIniMMAuthMethods = NULL;
  644. DWORD i = 0;
  645. PINIMMAUTHMETHODS pTemp = NULL;
  646. DWORD dwNumAuthMethods = 0;
  647. PINT_MM_AUTH_METHODS pMMAuthMethods = NULL;
  648. PINT_MM_AUTH_METHODS pTempMMAuthMethods = NULL;
  651. dwResumeHandle = *pdwResumeHandle;
  653. if (!dwPreferredNumEntries || (dwPreferredNumEntries > MAX_MMAUTH_ENUM_COUNT)) {
  654. dwNumToEnum = MAX_MMAUTH_ENUM_COUNT;
  655. }
  656. else {
  657. dwNumToEnum = dwPreferredNumEntries;
  658. }
  660. ENTER_SPD_SECTION();
  662. dwError = ValidateSecurity(
  663. SPD_OBJECT_SERVER,
  664. SERVER_ACCESS_ADMINISTER,
  665. NULL,
  666. NULL
  667. );
  668. BAIL_ON_LOCK_ERROR(dwError);
  670. pIniMMAuthMethods = gpIniMMAuthMethods;
  672. for (i = 0; (i < dwResumeHandle) && (pIniMMAuthMethods != NULL); i++) {
  673. pIniMMAuthMethods = pIniMMAuthMethods->pNext;
  674. }
  676. if (!pIniMMAuthMethods) {
  677. dwError = ERROR_NO_DATA;
  678. BAIL_ON_LOCK_ERROR(dwError);
  679. }
  681. pTemp = pIniMMAuthMethods;
  683. while (pTemp && (dwNumAuthMethods < dwNumToEnum)) {
  684. dwNumAuthMethods++;
  685. pTemp = pTemp->pNext;
  686. }
  688. dwError = SPDApiBufferAllocate(
  689. sizeof(INT_MM_AUTH_METHODS)*dwNumAuthMethods,
  690. &pMMAuthMethods
  691. );
  692. BAIL_ON_LOCK_ERROR(dwError);
  694. pTemp = pIniMMAuthMethods;
  695. pTempMMAuthMethods = pMMAuthMethods;
  697. for (i = 0; i < dwNumAuthMethods; i++) {
  699. dwError = CopyMMAuthMethods(
  700. pTemp,
  701. pTempMMAuthMethods
  702. );
  703. BAIL_ON_LOCK_ERROR(dwError);
  705. pTemp = pTemp->pNext;
  706. pTempMMAuthMethods++;
  708. }
  710. *ppMMAuthMethods = pMMAuthMethods;
  711. *pdwResumeHandle = dwResumeHandle + dwNumAuthMethods;
  712. *pdwNumAuthMethods = dwNumAuthMethods;
  714. LEAVE_SPD_SECTION();
  716. TRACE(TRC_INFORMATION, (L"Enumerated MM auth methods"));
  717. return (dwError);
  719. lock:
  720. TRACE(TRC_ERROR, (L"Failed to enumerate MM auth methods: %!winerr!", dwError));
  722. LEAVE_SPD_SECTION();
  724. if (pMMAuthMethods) {
  725. FreeMMAuthMethods(
  726. i,
  727. pMMAuthMethods
  728. );
  729. }
  731. *ppMMAuthMethods = NULL;
  732. *pdwResumeHandle = dwResumeHandle;
  733. *pdwNumAuthMethods = 0;
  735. return (dwError);
  736. }
  739. DWORD
  740. WINAPI
  741. IntSetMMAuthMethods(
  742. LPWSTR pServerName,
  743. DWORD dwVersion,
  744. GUID gMMAuthID,
  745. PINT_MM_AUTH_METHODS pMMAuthMethods,
  746. LPVOID pvReserved
  747. )
  748. /*++
  750. Routine Description:
  752. This function updates main mode auth methods in the SPD.
  754. Arguments:
  756. pServerName - Server on which the main mode auth methods are to
  757. be updated.
  759. gMMAuthID - Guid of the main mode auth methods to be updated.
  761. pMMAuthMethods - New main mode auth methods which will replace
  762. the existing methods.
  764. Return Value:
  766. ERROR_SUCCESS - Success.
  768. Win32 Error - Failure.
  770. --*/
  771. {
  772. DWORD dwError = 0;
  773. PINIMMAUTHMETHODS pIniMMAuthMethods = NULL;
  776. //
  777. // Validate main mode auth methods.
  778. //
  780. dwError = IntValidateMMAuthMethods(
  781. pMMAuthMethods
  782. );
  783. BAIL_ON_WIN32_ERROR(dwError);
  785. ENTER_SPD_SECTION();
  787. dwError = ValidateSecurity(
  788. SPD_OBJECT_SERVER,
  789. SERVER_ACCESS_ADMINISTER,
  790. NULL,
  791. NULL
  792. );
  793. BAIL_ON_LOCK_ERROR(dwError);
  795. pIniMMAuthMethods = FindMMAuthMethods(
  796. gpIniMMAuthMethods,
  797. gMMAuthID
  798. );
  799. if (!pIniMMAuthMethods) {
  800. dwError = ERROR_IPSEC_MM_AUTH_NOT_FOUND;
  801. BAIL_ON_LOCK_ERROR(dwError);
  802. }
  804. if (memcmp(
  805. &(pIniMMAuthMethods->gMMAuthID),
  806. &(pMMAuthMethods->gMMAuthID),
  807. sizeof(GUID))) {
  808. dwError = ERROR_INVALID_PARAMETER;
  809. BAIL_ON_LOCK_ERROR(dwError);
  810. }
  812. dwError = SetIniMMAuthMethods(
  813. pIniMMAuthMethods,
  814. pMMAuthMethods
  815. );
  816. BAIL_ON_LOCK_ERROR(dwError);
  818. LEAVE_SPD_SECTION();
  820. (VOID) IKENotifyPolicyChange(
  821. &(pMMAuthMethods->gMMAuthID),
  822. POLICY_GUID_AUTH
  823. );
  825. TRACE(
  826. TRC_INFORMATION,
  827. (L"Changed MM auth methods %!guid!",
  828. &pMMAuthMethods->gMMAuthID)
  829. );
  831. return (dwError);
  833. lock:
  835. LEAVE_SPD_SECTION();
  837. error:
  838. TRACE(
  839. TRC_ERROR,
  840. (L"Failed to change MM auth method %!guid!: %!winerr!",
  841. &gMMAuthID,
  842. dwError)
  843. );
  845. return (dwError);
  846. }
  849. DWORD
  850. SetIniMMAuthMethods(
  851. PINIMMAUTHMETHODS pIniMMAuthMethods,
  852. PINT_MM_AUTH_METHODS pMMAuthMethods
  853. )
  854. {
  855. DWORD dwError = 0;
  856. DWORD dwNumAuthInfos = 0;
  857. PINT_IPSEC_MM_AUTH_INFO pAuthenticationInfo = NULL;
  860. dwError = CreateIniMMAuthInfos(
  861. pMMAuthMethods->dwNumAuthInfos,
  862. pMMAuthMethods->pAuthenticationInfo,
  863. &dwNumAuthInfos,
  864. &pAuthenticationInfo
  865. );
  866. BAIL_ON_WIN32_ERROR(dwError);
  868. FreeIniMMAuthInfos(
  869. pIniMMAuthMethods->dwNumAuthInfos,
  870. pIniMMAuthMethods->pAuthenticationInfo
  871. );
  873. if ((pIniMMAuthMethods->dwFlags) & IPSEC_MM_AUTH_DEFAULT_AUTH) {
  874. gpIniDefaultMMAuthMethods = NULL;
  875. TRACE(TRC_INFORMATION, (L"Cleared default MM auth methods"));
  876. }
  878. pIniMMAuthMethods->dwFlags = pMMAuthMethods->dwFlags;
  879. pIniMMAuthMethods->dwNumAuthInfos = dwNumAuthInfos;
  880. pIniMMAuthMethods->pAuthenticationInfo = pAuthenticationInfo;
  882. if ((pIniMMAuthMethods->dwFlags) & IPSEC_MM_AUTH_DEFAULT_AUTH) {
  883. gpIniDefaultMMAuthMethods = pIniMMAuthMethods;
  884. TRACE(
  885. TRC_INFORMATION,
  886. (L"Set default MM auth methods to %!guid!",
  887. &pIniMMAuthMethods->gMMAuthID)
  888. );
  889. }
  891. error:
  893. return (dwError);
  894. }
  897. DWORD
  898. WINAPI
  899. IntGetMMAuthMethods(
  900. LPWSTR pServerName,
  901. DWORD dwVersion,
  902. GUID gMMAuthID,
  903. PINT_MM_AUTH_METHODS * ppMMAuthMethods,
  904. LPVOID pvReserved
  905. )
  906. /*++
  908. Routine Description:
  910. This function gets main mode auth methods from the SPD.
  912. Arguments:
  914. pServerName - Server from which to get the main mode auth methods.
  916. gMMAuthID - Guid of the main mode auth methods to get.
  918. ppMMAuthMethods - Main mode auth methods found returned to the
  919. caller.
  921. Return Value:
  923. ERROR_SUCCESS - Success.
  925. Win32 Error - Failure.
  927. --*/
  928. {
  929. DWORD dwError = 0;
  930. PINIMMAUTHMETHODS pIniMMAuthMethods = NULL;
  931. PINT_MM_AUTH_METHODS pMMAuthMethods = NULL;
  934. ENTER_SPD_SECTION();
  936. dwError = ValidateSecurity(
  937. SPD_OBJECT_SERVER,
  938. SERVER_ACCESS_ADMINISTER,
  939. NULL,
  940. NULL
  941. );
  942. BAIL_ON_LOCK_ERROR(dwError);
  944. pIniMMAuthMethods = FindMMAuthMethods(
  945. gpIniMMAuthMethods,
  946. gMMAuthID
  947. );
  948. if (!pIniMMAuthMethods) {
  949. dwError = ERROR_IPSEC_MM_AUTH_NOT_FOUND;
  950. BAIL_ON_LOCK_ERROR(dwError);
  951. }
  953. dwError = GetIniMMAuthMethods(
  954. pIniMMAuthMethods,
  955. &pMMAuthMethods
  956. );
  957. BAIL_ON_LOCK_ERROR(dwError);
  959. *ppMMAuthMethods = pMMAuthMethods;
  961. LEAVE_SPD_SECTION();
  962. return (dwError);
  964. lock:
  966. LEAVE_SPD_SECTION();
  968. *ppMMAuthMethods = NULL;
  969. return (dwError);
  970. }
  973. DWORD
  974. GetIniMMAuthMethods(
  975. PINIMMAUTHMETHODS pIniMMAuthMethods,
  976. PINT_MM_AUTH_METHODS * ppMMAuthMethods
  977. )
  978. {
  979. DWORD dwError = 0;
  980. PINT_MM_AUTH_METHODS pMMAuthMethods = NULL;
  983. dwError = SPDApiBufferAllocate(
  984. sizeof(INT_MM_AUTH_METHODS),
  985. &pMMAuthMethods
  986. );
  987. BAIL_ON_WIN32_ERROR(dwError);
  989. dwError = CopyMMAuthMethods(
  990. pIniMMAuthMethods,
  991. pMMAuthMethods
  992. );
  993. BAIL_ON_WIN32_ERROR(dwError);
  995. *ppMMAuthMethods = pMMAuthMethods;
  996. return (dwError);
  998. error:
  1000. if (pMMAuthMethods) {
  1001. SPDApiBufferFree(pMMAuthMethods);
  1002. }
  1004. *ppMMAuthMethods = NULL;
  1005. return (dwError);
  1006. }
  1009. DWORD
  1010. CopyMMAuthMethods(
  1011. PINIMMAUTHMETHODS pIniMMAuthMethods,
  1012. PINT_MM_AUTH_METHODS pMMAuthMethods
  1013. )
  1014. {
  1015. DWORD dwError = 0;
  1017. memcpy(
  1018. &(pMMAuthMethods->gMMAuthID),
  1019. &(pIniMMAuthMethods->gMMAuthID),
  1020. sizeof(GUID)
  1021. );
  1023. pMMAuthMethods->dwFlags = pIniMMAuthMethods->dwFlags;
  1025. dwError = CreateMMAuthInfos(
  1026. pIniMMAuthMethods->dwNumAuthInfos,
  1027. pIniMMAuthMethods->pAuthenticationInfo,
  1028. &(pMMAuthMethods->dwNumAuthInfos),
  1029. &(pMMAuthMethods->pAuthenticationInfo)
  1030. );
  1031. BAIL_ON_WIN32_ERROR(dwError);
  1033. error:
  1035. return (dwError);
  1036. }
  1039. DWORD
  1040. CreateMMAuthInfos(
  1041. DWORD dwInNumAuthInfos,
  1042. PINT_IPSEC_MM_AUTH_INFO pInAuthenticationInfo,
  1043. PDWORD pdwNumAuthInfos,
  1044. PINT_IPSEC_MM_AUTH_INFO * ppAuthenticationInfo
  1045. )
  1046. {
  1047. DWORD dwError = 0;
  1048. PINT_IPSEC_MM_AUTH_INFO pAuthenticationInfo = NULL;
  1049. PINT_IPSEC_MM_AUTH_INFO pTemp = NULL;
  1050. PINT_IPSEC_MM_AUTH_INFO pInTemp = NULL;
  1051. DWORD i = 0;
  1054. //
  1055. // Number of auth infos and the auth infos themselves
  1056. // have already been validated.
  1057. //
  1059. dwError = SPDApiBufferAllocate(
  1060. sizeof(INT_IPSEC_MM_AUTH_INFO) * dwInNumAuthInfos,
  1061. &(pAuthenticationInfo)
  1062. );
  1063. BAIL_ON_WIN32_ERROR(dwError);
  1065. pTemp = pAuthenticationInfo;
  1066. pInTemp = pInAuthenticationInfo;
  1068. for (i = 0; i < dwInNumAuthInfos; i++) {
  1070. pTemp->AuthMethod = pInTemp->AuthMethod;
  1071. pTemp->dwAuthFlags = pInTemp->dwAuthFlags;
  1073. //
  1074. // Auth info size and the auth info have already
  1075. // been validated.
  1076. //
  1078. if (pInTemp->AuthMethod == IKE_SSPI) {
  1080. pTemp->dwAuthInfoSize = 0;
  1081. pTemp->pAuthInfo = NULL;
  1083. }
  1084. else {
  1086. dwError = SPDApiBufferAllocate(
  1087. pInTemp->dwAuthInfoSize,
  1088. &(pTemp->pAuthInfo)
  1089. );
  1090. BAIL_ON_WIN32_ERROR(dwError);
  1092. pTemp->dwAuthInfoSize = pInTemp->dwAuthInfoSize;
  1094. //
  1095. // Need to catch the exception when the size of auth info
  1096. // specified is more than the actual size. This can
  1097. // not be checked earlier in the validation routine.
  1098. //
  1099. //
  1101. memcpy(
  1102. pTemp->pAuthInfo,
  1103. pInTemp->pAuthInfo,
  1104. pInTemp->dwAuthInfoSize
  1105. );
  1107. }
  1109. pInTemp++;
  1110. pTemp++;
  1112. }
  1114. *pdwNumAuthInfos = dwInNumAuthInfos;
  1115. *ppAuthenticationInfo = pAuthenticationInfo;
  1116. return (dwError);
  1118. error:
  1120. if (pAuthenticationInfo) {
  1121. FreeMMAuthInfos(
  1122. i,
  1123. pAuthenticationInfo
  1124. );
  1125. }
  1127. *pdwNumAuthInfos = 0;
  1128. *ppAuthenticationInfo = NULL;
  1129. return (dwError);
  1130. }
  1133. VOID
  1134. FreeMMAuthInfos(
  1135. DWORD dwNumAuthInfos,
  1136. PINT_IPSEC_MM_AUTH_INFO pAuthenticationInfo
  1137. )
  1138. {
  1139. DWORD i = 0;
  1140. PINT_IPSEC_MM_AUTH_INFO pTemp = NULL;
  1143. if (pAuthenticationInfo) {
  1145. pTemp = pAuthenticationInfo;
  1147. for (i = 0; i < dwNumAuthInfos; i++) {
  1148. if (pTemp->pAuthInfo) {
  1149. SPDApiBufferFree(pTemp->pAuthInfo);
  1150. }
  1151. pTemp++;
  1152. }
  1154. SPDApiBufferFree(pAuthenticationInfo);
  1156. }
  1157. }
  1160. VOID
  1161. FreeIniMMAuthMethodsList(
  1162. PINIMMAUTHMETHODS pIniMMAuthMethodsList
  1163. )
  1164. {
  1165. PINIMMAUTHMETHODS pTemp = NULL;
  1166. PINIMMAUTHMETHODS pIniMMAuthMethods = NULL;
  1169. pTemp = pIniMMAuthMethodsList;
  1171. while (pTemp) {
  1173. pIniMMAuthMethods = pTemp;
  1174. pTemp = pTemp->pNext;
  1176. FreeIniMMAuthMethods(pIniMMAuthMethods);
  1178. }
  1179. }
  1182. VOID
  1183. FreeMMAuthMethods(
  1184. DWORD dwNumAuthMethods,
  1185. PINT_MM_AUTH_METHODS pMMAuthMethods
  1186. )
  1187. {
  1188. DWORD i = 0;
  1190. if (pMMAuthMethods) {
  1192. for (i = 0; i < dwNumAuthMethods; i++) {
  1194. FreeMMAuthInfos(
  1195. pMMAuthMethods[i].dwNumAuthInfos,
  1196. pMMAuthMethods[i].pAuthenticationInfo
  1197. );
  1199. }
  1201. SPDApiBufferFree(pMMAuthMethods);
  1203. }
  1204. }
  1207. DWORD
  1208. LocateMMAuthMethods(
  1209. PMM_FILTER pMMFilter,
  1210. PINIMMAUTHMETHODS * ppIniMMAuthMethods
  1211. )
  1212. {
  1213. DWORD dwError = 0;
  1214. PINIMMAUTHMETHODS pIniMMAuthMethods = NULL;
  1217. if ((pMMFilter->dwFlags) & IPSEC_MM_AUTH_DEFAULT_AUTH) {
  1219. if (!gpIniDefaultMMAuthMethods) {
  1220. dwError = ERROR_IPSEC_DEFAULT_MM_AUTH_NOT_FOUND;
  1221. BAIL_ON_WIN32_ERROR(dwError);
  1222. }
  1223. pIniMMAuthMethods = gpIniDefaultMMAuthMethods;
  1225. }
  1226. else {
  1228. pIniMMAuthMethods = FindMMAuthMethods(
  1229. gpIniMMAuthMethods,
  1230. pMMFilter->gMMAuthID
  1231. );
  1232. if (!pIniMMAuthMethods) {
  1233. dwError = ERROR_IPSEC_MM_AUTH_NOT_FOUND;
  1234. BAIL_ON_WIN32_ERROR(dwError);
  1235. }
  1237. }
  1239. *ppIniMMAuthMethods = pIniMMAuthMethods;
  1240. return (dwError);
  1242. error:
  1244. *ppIniMMAuthMethods = NULL;
  1245. return (dwError);
  1246. }