archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/net/ipsec/spd/server/pamm-pol.c

647 lines
14 KiB
Raw Normal View History

commiting as it is
4 years ago
  3. #include "precomp.h"
  4. #ifdef TRACE_ON
  5. #include "pamm-pol.tmh"
  6. #endif
  9. DWORD
  10. PAAddMMPolicies(
  11. PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData,
  12. DWORD dwNumPolicies,
  13. DWORD dwSource
  14. )
  15. {
  16. DWORD dwError = 0;
  17. DWORD i = 0;
  18. PMMPOLICYSTATE pMMPolicyState = NULL;
  19. PIPSEC_MM_POLICY pSPDMMPolicy = NULL;
  20. LPWSTR pServerName = NULL;
  21. DWORD dwPersist = 0;
  22. DWORD dwVersion = 0;
  24. for (i = 0; i < dwNumPolicies; i++) {
  25. TRACE(
  26. TRC_INFORMATION,
  27. (L"Pastore adding MM policy based on ISAKMP data %!guid!",
  28. &(*(ppIpsecISAKMPData + i))->ISAKMPIdentifier)
  29. );
  31. dwError = PACreateMMPolicyState(
  32. *(ppIpsecISAKMPData + i),
  33. &pMMPolicyState
  34. );
  35. if (dwError) {
  36. continue;
  37. }
  39. dwError = PACreateMMPolicy(
  40. *(ppIpsecISAKMPData + i),
  41. pMMPolicyState,
  42. &pSPDMMPolicy
  43. );
  44. if (dwError) {
  46. pMMPolicyState->bInSPD = FALSE;
  47. pMMPolicyState->dwErrorCode = dwError;
  49. pMMPolicyState->pNext = gpMMPolicyState;
  50. gpMMPolicyState = pMMPolicyState;
  52. continue;
  54. }
  56. dwError = AddMMPolicyInternal(
  57. pServerName,
  58. dwVersion,
  59. dwPersist,
  60. dwSource,
  61. pSPDMMPolicy,
  62. NULL
  63. );
  64. if (dwError && dwError != WARNING_IPSEC_MM_POLICY_PRUNED) {
  65. pMMPolicyState->bInSPD = FALSE;
  66. pMMPolicyState->dwErrorCode = dwError;
  67. }
  68. else {
  69. pMMPolicyState->bInSPD = TRUE;
  70. pMMPolicyState->dwErrorCode = ERROR_SUCCESS;
  71. dwError = ERROR_SUCCESS;
  72. }
  74. pMMPolicyState->pNext = gpMMPolicyState;
  75. gpMMPolicyState = pMMPolicyState;
  77. PAFreeMMPolicy(pSPDMMPolicy);
  79. }
  81. return (dwError);
  82. }
  85. DWORD
  86. PACreateMMPolicyState(
  87. PIPSEC_ISAKMP_DATA pIpsecISAKMPData,
  88. PMMPOLICYSTATE * ppMMPolicyState
  89. )
  90. {
  91. DWORD dwError = 0;
  92. PMMPOLICYSTATE pMMPolicyState = NULL;
  93. WCHAR pszName[512];
  96. dwError = AllocateSPDMemory(
  97. sizeof(MMPOLICYSTATE),
  98. &pMMPolicyState
  99. );
  100. BAIL_ON_WIN32_ERROR(dwError);
  102. memcpy(
  103. &(pMMPolicyState->gPolicyID),
  104. &(pIpsecISAKMPData->ISAKMPIdentifier),
  105. sizeof(GUID)
  106. );
  108. wsprintf(pszName, L"%d", ++gdwMMPolicyCounter);
  110. dwError = AllocateSPDString(
  111. pszName,
  112. &(pMMPolicyState->pszPolicyName)
  113. );
  114. BAIL_ON_WIN32_ERROR(dwError);
  116. pMMPolicyState->bInSPD = FALSE;
  117. pMMPolicyState->dwErrorCode = 0;
  118. pMMPolicyState->pNext = NULL;
  120. *ppMMPolicyState = pMMPolicyState;
  122. return (dwError);
  124. error:
  125. TRACE(
  126. TRC_ERROR,
  127. (L"Pastore failed to create MM policy state for %!guid!",
  128. &(pIpsecISAKMPData->ISAKMPIdentifier))
  129. );
  131. if (pMMPolicyState) {
  132. PAFreeMMPolicyState(pMMPolicyState);
  133. }
  135. *ppMMPolicyState = NULL;
  137. return (dwError);
  138. }
  141. VOID
  142. PAFreeMMPolicyState(
  143. PMMPOLICYSTATE pMMPolicyState
  144. )
  145. {
  146. if (pMMPolicyState) {
  147. if (pMMPolicyState->pszPolicyName) {
  148. FreeSPDString(pMMPolicyState->pszPolicyName);
  149. }
  150. FreeSPDMemory(pMMPolicyState);
  151. }
  152. }
  155. DWORD
  156. PACreateMMPolicy(
  157. PIPSEC_ISAKMP_DATA pIpsecISAKMPData,
  158. PMMPOLICYSTATE pMMPolicyState,
  159. PIPSEC_MM_POLICY * ppSPDMMPolicy
  160. )
  161. {
  162. DWORD dwError = 0;
  163. PIPSEC_MM_POLICY pSPDMMPolicy = NULL;
  166. dwError = AllocateSPDMemory(
  167. sizeof(IPSEC_MM_POLICY),
  168. &pSPDMMPolicy
  169. );
  170. BAIL_ON_WIN32_ERROR(dwError);
  172. memcpy(
  173. &(pSPDMMPolicy->gPolicyID),
  174. &(pIpsecISAKMPData->ISAKMPIdentifier),
  175. sizeof(GUID)
  176. );
  178. dwError = AllocateSPDString(
  179. pMMPolicyState->pszPolicyName,
  180. &(pSPDMMPolicy->pszPolicyName)
  181. );
  182. BAIL_ON_WIN32_ERROR(dwError);
  184. pSPDMMPolicy->dwFlags = 0;
  185. pSPDMMPolicy->dwFlags |= IPSEC_MM_POLICY_DEFAULT_POLICY;
  187. dwError = PACreateMMOffers(
  188. pIpsecISAKMPData->dwNumISAKMPSecurityMethods,
  189. pIpsecISAKMPData->pSecurityMethods,
  190. &(pSPDMMPolicy->dwOfferCount),
  191. &(pSPDMMPolicy->pOffers)
  192. );
  193. BAIL_ON_WIN32_ERROR(dwError);
  195. pSPDMMPolicy->uSoftExpirationTime =
  196. (pSPDMMPolicy->pOffers)->Lifetime.uKeyExpirationTime;
  198. pSPDMMPolicy->dwFlags |= pIpsecISAKMPData->ISAKMPPolicy.dwFlags;
  200. *ppSPDMMPolicy = pSPDMMPolicy;
  202. return (dwError);
  204. error:
  205. TRACE(
  206. TRC_ERROR,
  207. (L"Pastore failed to create MM policy for %!guid!",
  208. &(pIpsecISAKMPData->ISAKMPIdentifier))
  209. );
  212. if (pSPDMMPolicy) {
  213. PAFreeMMPolicy(
  214. pSPDMMPolicy
  215. );
  216. }
  218. *ppSPDMMPolicy = NULL;
  220. return (dwError);
  221. }
  224. DWORD
  225. PACreateMMOffers(
  226. DWORD dwNumISAKMPSecurityMethods,
  227. PCRYPTO_BUNDLE pSecurityMethods,
  228. PDWORD pdwOfferCount,
  229. PIPSEC_MM_OFFER * ppOffers
  230. )
  231. {
  232. DWORD dwError = 0;
  233. DWORD dwOfferCount = 0;
  234. PIPSEC_MM_OFFER pOffers = NULL;
  235. PIPSEC_MM_OFFER pTempOffer = NULL;
  236. PCRYPTO_BUNDLE pTempBundle = NULL;
  237. DWORD i = 0;
  240. if (!dwNumISAKMPSecurityMethods || !pSecurityMethods) {
  241. dwError = ERROR_INVALID_PARAMETER;
  242. BAIL_ON_WIN32_ERROR(dwError);
  243. }
  245. if (dwNumISAKMPSecurityMethods > IPSEC_MAX_MM_OFFERS) {
  246. dwOfferCount = IPSEC_MAX_MM_OFFERS;
  247. }
  248. else {
  249. dwOfferCount = dwNumISAKMPSecurityMethods;
  250. }
  252. dwError = AllocateSPDMemory(
  253. sizeof(IPSEC_MM_OFFER)*dwOfferCount,
  254. &(pOffers)
  255. );
  256. BAIL_ON_WIN32_ERROR(dwError);
  258. pTempOffer = pOffers;
  259. pTempBundle = pSecurityMethods;
  261. for (i = 0; i < dwOfferCount; i++) {
  263. PACopyMMOffer(
  264. pTempBundle,
  265. pTempOffer
  266. );
  268. pTempOffer++;
  269. pTempBundle++;
  271. }
  273. *pdwOfferCount = dwOfferCount;
  274. *ppOffers = pOffers;
  275. return (dwError);
  277. error:
  279. if (pOffers) {
  280. PAFreeMMOffers(
  281. i,
  282. pOffers
  283. );
  284. }
  286. *pdwOfferCount = 0;
  287. *ppOffers = NULL;
  288. return (dwError);
  289. }
  292. VOID
  293. PACopyMMOffer(
  294. PCRYPTO_BUNDLE pBundle,
  295. PIPSEC_MM_OFFER pOffer
  296. )
  297. {
  298. pOffer->Lifetime.uKeyExpirationKBytes = pBundle->Lifetime.KBytes;
  299. pOffer->Lifetime.uKeyExpirationTime = pBundle->Lifetime.Seconds;
  301. pOffer->dwFlags = 0;
  303. pOffer->dwQuickModeLimit = pBundle->QuickModeLimit;
  305. pOffer->dwDHGroup = pBundle->OakleyGroup;
  307. switch (pBundle->EncryptionAlgorithm.AlgorithmIdentifier) {
  309. case IPSEC_ESP_DES:
  310. pOffer->EncryptionAlgorithm.uAlgoIdentifier = CONF_ALGO_DES;
  311. break;
  313. case IPSEC_ESP_DES_40:
  314. pOffer->EncryptionAlgorithm.uAlgoIdentifier = CONF_ALGO_DES;
  315. break;
  317. case IPSEC_ESP_3_DES:
  318. pOffer->EncryptionAlgorithm.uAlgoIdentifier = CONF_ALGO_3_DES;
  319. break;
  321. default:
  322. pOffer->EncryptionAlgorithm.uAlgoIdentifier= CONF_ALGO_NONE;
  323. break;
  325. }
  327. pOffer->EncryptionAlgorithm.uAlgoKeyLen =
  328. pBundle->EncryptionAlgorithm.KeySize;
  330. pOffer->EncryptionAlgorithm.uAlgoRounds =
  331. pBundle->EncryptionAlgorithm.Rounds;
  333. switch(pBundle->HashAlgorithm.AlgorithmIdentifier) {
  335. case IPSEC_AH_MD5:
  336. pOffer->HashingAlgorithm.uAlgoIdentifier = AUTH_ALGO_MD5;
  337. break;
  339. case IPSEC_AH_SHA:
  340. pOffer->HashingAlgorithm.uAlgoIdentifier = AUTH_ALGO_SHA1;
  341. break;
  343. default:
  344. pOffer->HashingAlgorithm.uAlgoIdentifier = AUTH_ALGO_NONE;
  345. break;
  347. }
  349. pOffer->HashingAlgorithm.uAlgoKeyLen =
  350. pBundle->HashAlgorithm.KeySize;
  352. pOffer->HashingAlgorithm.uAlgoRounds =
  353. pBundle->HashAlgorithm.Rounds;
  354. }
  357. VOID
  358. PAFreeMMPolicy(
  359. PIPSEC_MM_POLICY pSPDMMPolicy
  360. )
  361. {
  362. if (pSPDMMPolicy) {
  364. if (pSPDMMPolicy->pszPolicyName) {
  365. FreeSPDString(pSPDMMPolicy->pszPolicyName);
  366. }
  368. PAFreeMMOffers(
  369. pSPDMMPolicy->dwOfferCount,
  370. pSPDMMPolicy->pOffers
  371. );
  373. FreeSPDMemory(pSPDMMPolicy);
  375. }
  376. }
  379. VOID
  380. PAFreeMMOffers(
  381. DWORD dwOfferCount,
  382. PIPSEC_MM_OFFER pOffers
  383. )
  384. {
  385. if (pOffers) {
  386. FreeSPDMemory(pOffers);
  387. }
  388. }
  391. DWORD
  392. PADeleteAllMMPolicies(
  393. )
  394. {
  395. DWORD dwError = 0;
  396. PMMPOLICYSTATE pMMPolicyState = NULL;
  397. LPWSTR pServerName = NULL;
  398. PMMPOLICYSTATE pTemp = NULL;
  399. PMMPOLICYSTATE pLeftMMPolicyState = NULL;
  400. DWORD dwVersion = 0;
  402. TRACE(TRC_INFORMATION, (L"Pastore deleting all MM polcies."));
  404. pMMPolicyState = gpMMPolicyState;
  406. while (pMMPolicyState) {
  408. if (pMMPolicyState->bInSPD) {
  410. dwError = DeleteMMPolicy(
  411. pServerName,
  412. dwVersion,
  413. pMMPolicyState->pszPolicyName,
  414. NULL
  415. );
  416. if (!dwError) {
  417. pTemp = pMMPolicyState;
  418. pMMPolicyState = pMMPolicyState->pNext;
  419. PAFreeMMPolicyState(pTemp);
  420. }
  421. else {
  422. pMMPolicyState->dwErrorCode = dwError;
  424. pTemp = pMMPolicyState;
  425. pMMPolicyState = pMMPolicyState->pNext;
  427. pTemp->pNext = pLeftMMPolicyState;
  428. pLeftMMPolicyState = pTemp;
  429. }
  431. }
  432. else {
  434. pTemp = pMMPolicyState;
  435. pMMPolicyState = pMMPolicyState->pNext;
  436. PAFreeMMPolicyState(pTemp);
  438. }
  440. }
  442. gpMMPolicyState = pLeftMMPolicyState;
  444. return (dwError);
  445. }
  448. VOID
  449. PAFreeMMPolicyStateList(
  450. PMMPOLICYSTATE pMMPolicyState
  451. )
  452. {
  453. PMMPOLICYSTATE pTemp = NULL;
  456. while (pMMPolicyState) {
  458. pTemp = pMMPolicyState;
  459. pMMPolicyState = pMMPolicyState->pNext;
  460. PAFreeMMPolicyState(pTemp);
  462. }
  463. }
  466. PMMPOLICYSTATE
  467. FindMMPolicyState(
  468. GUID gPolicyID
  469. )
  470. {
  471. PMMPOLICYSTATE pMMPolicyState = NULL;
  474. pMMPolicyState = gpMMPolicyState;
  476. while (pMMPolicyState) {
  478. if (!memcmp(&(pMMPolicyState->gPolicyID), &gPolicyID, sizeof(GUID))) {
  479. return (pMMPolicyState);
  480. }
  482. pMMPolicyState = pMMPolicyState->pNext;
  484. }
  486. return (NULL);
  487. }
  490. DWORD
  491. PADeleteMMPolicies(
  492. PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData,
  493. DWORD dwNumPolicies
  494. )
  495. {
  496. DWORD dwError = 0;
  497. DWORD i = 0;
  498. PIPSEC_ISAKMP_DATA pIpsecISAKMPData = NULL;
  501. for (i = 0; i < dwNumPolicies; i++) {
  503. pIpsecISAKMPData = *(ppIpsecISAKMPData + i);
  505. dwError = PADeleteMMPolicy(
  506. pIpsecISAKMPData->ISAKMPIdentifier
  507. );
  509. }
  511. return (dwError);
  512. }
  515. DWORD
  516. PADeleteMMPolicy(
  517. GUID gPolicyID
  518. )
  519. {
  520. DWORD dwError = 0;
  521. PMMPOLICYSTATE pMMPolicyState = NULL;
  522. LPWSTR pServerName = NULL;
  523. DWORD dwVersion = 0;
  525. TRACE(
  526. TRC_INFORMATION,
  527. (L"Pastore deleting MM policy %!guid!",
  528. &gPolicyID)
  529. );
  531. pMMPolicyState = FindMMPolicyState(
  532. gPolicyID
  533. );
  534. if (!pMMPolicyState) {
  535. dwError = ERROR_SUCCESS;
  536. return (dwError);
  537. }
  539. if (pMMPolicyState->bInSPD) {
  541. dwError = DeleteMMPolicy(
  542. pServerName,
  543. dwVersion,
  544. pMMPolicyState->pszPolicyName,
  545. NULL
  546. );
  547. if (dwError) {
  548. pMMPolicyState->dwErrorCode = dwError;
  549. }
  550. BAIL_ON_WIN32_ERROR(dwError);
  552. }
  554. PADeleteMMPolicyState(pMMPolicyState);
  556. error:
  558. return (dwError);
  559. }
  562. VOID
  563. PADeleteMMPolicyState(
  564. PMMPOLICYSTATE pMMPolicyState
  565. )
  566. {
  567. PMMPOLICYSTATE * ppTemp = NULL;
  570. ppTemp = &gpMMPolicyState;
  572. while (*ppTemp) {
  574. if (*ppTemp == pMMPolicyState) {
  575. break;
  576. }
  577. ppTemp = &((*ppTemp)->pNext);
  579. }
  581. if (*ppTemp) {
  582. *ppTemp = pMMPolicyState->pNext;
  583. }
  585. PAFreeMMPolicyState(pMMPolicyState);
  587. return;
  588. }
  591. DWORD
  592. PADeleteInUseMMPolicies(
  593. )
  594. {
  595. DWORD dwError = 0;
  596. PMMPOLICYSTATE pMMPolicyState = NULL;
  597. LPWSTR pServerName = NULL;
  598. PMMPOLICYSTATE pTemp = NULL;
  599. PMMPOLICYSTATE pLeftMMPolicyState = NULL;
  600. DWORD dwVersion = 0;
  602. TRACE(TRC_INFORMATION, (L"Pastore deleting in-use MM polcies."));
  604. pMMPolicyState = gpMMPolicyState;
  606. while (pMMPolicyState) {
  608. if (pMMPolicyState->bInSPD &&
  609. (pMMPolicyState->dwErrorCode == ERROR_IPSEC_MM_POLICY_IN_USE)) {
  611. dwError = DeleteMMPolicy(
  612. pServerName,
  613. dwVersion,
  614. pMMPolicyState->pszPolicyName,
  615. NULL
  616. );
  617. if (!dwError) {
  618. pTemp = pMMPolicyState;
  619. pMMPolicyState = pMMPolicyState->pNext;
  620. PAFreeMMPolicyState(pTemp);
  621. }
  622. else {
  623. pTemp = pMMPolicyState;
  624. pMMPolicyState = pMMPolicyState->pNext;
  626. pTemp->pNext = pLeftMMPolicyState;
  627. pLeftMMPolicyState = pTemp;
  628. }
  630. }
  631. else {
  633. pTemp = pMMPolicyState;
  634. pMMPolicyState = pMMPolicyState->pNext;
  636. pTemp->pNext = pLeftMMPolicyState;
  637. pLeftMMPolicyState = pTemp;
  639. }
  641. }
  643. gpMMPolicyState = pLeftMMPolicyState;
  645. return (dwError);
  646. }