archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/net/ipsec/spd/server/pammauth.c

697 lines
16 KiB
Raw Normal View History

commiting as it is
4 years ago
  3. #include "precomp.h"
  4. #ifdef TRACE_ON
  5. #include "pammauth.tmh"
  6. #endif
  9. DWORD
  10. PAAddMMAuthMethods(
  11. PIPSEC_NFA_DATA * ppIpsecNFAData,
  12. DWORD dwNumNFACount,
  13. IN DWORD dwSource
  14. )
  15. {
  16. DWORD dwError = 0;
  17. DWORD i = 0;
  18. PMMAUTHSTATE pMMAuthState = NULL;
  19. PINT_MM_AUTH_METHODS pSPDMMAuthMethods = NULL;
  20. LPWSTR pServerName = NULL;
  21. DWORD dwVersion = 0;
  24. for (i = 0; i < dwNumNFACount; i++) {
  25. TRACE(
  26. TRC_INFORMATION,
  27. (L"Pastore adding MM auth methods based on rule %!guid!",
  28. &(*(ppIpsecNFAData + i))->NFAIdentifier)
  29. );
  31. dwError = PACreateMMAuthState(
  32. *(ppIpsecNFAData + i),
  33. &pMMAuthState
  34. );
  35. if (dwError) {
  36. continue;
  37. }
  39. dwError = PACreateMMAuthMethods(
  40. *(ppIpsecNFAData + i),
  41. &pSPDMMAuthMethods
  42. );
  43. if (dwError) {
  45. pMMAuthState->bInSPD = FALSE;
  46. pMMAuthState->dwErrorCode = dwError;
  48. pMMAuthState->pNext = gpMMAuthState;
  49. gpMMAuthState = pMMAuthState;
  51. continue;
  53. }
  55. dwError = IntAddMMAuthMethods(
  56. pServerName,
  57. dwVersion,
  58. 0,
  59. dwSource,
  60. pSPDMMAuthMethods,
  61. NULL
  62. );
  63. if (dwError) {
  64. pMMAuthState->bInSPD = FALSE;
  65. pMMAuthState->dwErrorCode = dwError;
  66. }
  67. else {
  68. pMMAuthState->bInSPD = TRUE;
  69. pMMAuthState->dwErrorCode = ERROR_SUCCESS;
  70. }
  72. pMMAuthState->pNext = gpMMAuthState;
  73. gpMMAuthState = pMMAuthState;
  75. PAFreeMMAuthMethods(pSPDMMAuthMethods);
  77. }
  79. return (dwError);
  80. }
  83. DWORD
  84. PACreateMMAuthState(
  85. PIPSEC_NFA_DATA pIpsecNFAData,
  86. PMMAUTHSTATE * ppMMAuthState
  87. )
  88. {
  89. DWORD dwError = 0;
  90. PMMAUTHSTATE pMMAuthState = NULL;
  93. dwError = AllocateSPDMemory(
  94. sizeof(MMAUTHSTATE),
  95. &pMMAuthState
  96. );
  97. BAIL_ON_WIN32_ERROR(dwError);
  99. memcpy(
  100. &(pMMAuthState->gMMAuthID),
  101. &(pIpsecNFAData->NFAIdentifier),
  102. sizeof(GUID)
  103. );
  105. pMMAuthState->bInSPD = FALSE;
  106. pMMAuthState->dwErrorCode = 0;
  107. pMMAuthState->pNext = NULL;
  109. *ppMMAuthState = pMMAuthState;
  111. return (dwError);
  113. error:
  114. TRACE(
  115. TRC_ERROR,
  116. ("Pastore failed to create MM auth method state for rule %!guid!: %!winerr!",
  117. &pIpsecNFAData->NFAIdentifier,
  118. dwError)
  119. );
  121. *ppMMAuthState = NULL;
  123. return (dwError);
  124. }
  127. DWORD
  128. PACreateMMAuthMethods(
  129. PIPSEC_NFA_DATA pIpsecNFAData,
  130. PINT_MM_AUTH_METHODS * ppSPDMMAuthMethods
  131. )
  132. {
  133. DWORD dwError = 0;
  134. DWORD dwAuthMethodCount = 0;
  135. PIPSEC_AUTH_METHOD * ppAuthMethods = NULL;
  136. PINT_MM_AUTH_METHODS pSPDMMAuthMethods = NULL;
  137. PIPSEC_NEGPOL_DATA pIpsecNegPolData = NULL;
  140. dwAuthMethodCount = pIpsecNFAData->dwAuthMethodCount;
  141. ppAuthMethods = pIpsecNFAData->ppAuthMethods;
  143. if (!dwAuthMethodCount || !ppAuthMethods) {
  144. dwError = ERROR_INVALID_PARAMETER;
  145. BAIL_ON_WIN32_ERROR(dwError);
  146. }
  148. dwError = AllocateSPDMemory(
  149. sizeof(INT_MM_AUTH_METHODS),
  150. &pSPDMMAuthMethods
  151. );
  152. BAIL_ON_WIN32_ERROR(dwError);
  154. memcpy(
  155. &(pSPDMMAuthMethods->gMMAuthID),
  156. &(pIpsecNFAData->NFAIdentifier),
  157. sizeof(GUID)
  158. );
  160. pSPDMMAuthMethods->dwFlags = 0;
  162. pIpsecNegPolData = pIpsecNFAData->pIpsecNegPolData;
  164. if (!memcmp(
  165. &(pIpsecNegPolData->NegPolType),
  166. &(GUID_NEGOTIATION_TYPE_DEFAULT),
  167. sizeof(GUID))) {
  168. pSPDMMAuthMethods->dwFlags |= IPSEC_MM_AUTH_DEFAULT_AUTH;
  169. }
  171. dwError = PACreateMMAuthInfos(
  172. dwAuthMethodCount,
  173. ppAuthMethods,
  174. &(pSPDMMAuthMethods->dwNumAuthInfos),
  175. &(pSPDMMAuthMethods->pAuthenticationInfo)
  176. );
  177. BAIL_ON_WIN32_ERROR(dwError);
  179. *ppSPDMMAuthMethods = pSPDMMAuthMethods;
  180. return (dwError);
  182. error:
  183. TRACE(
  184. TRC_ERROR,
  185. ("Pastore failed to create MM auth methods for rule %!guid!: %!winerr!",
  186. &pIpsecNFAData->NFAIdentifier,
  187. dwError)
  188. );
  190. if (pSPDMMAuthMethods) {
  191. PAFreeMMAuthMethods(pSPDMMAuthMethods);
  192. }
  194. *ppSPDMMAuthMethods = NULL;
  195. return (dwError);
  196. }
  199. DWORD
  200. PACreateMMAuthInfos(
  201. DWORD dwAuthMethodCount,
  202. PIPSEC_AUTH_METHOD * ppAuthMethods,
  203. PDWORD pdwNumAuthInfos,
  204. PINT_IPSEC_MM_AUTH_INFO * ppAuthenticationInfo
  205. )
  206. {
  207. DWORD dwError = 0;
  208. PINT_IPSEC_MM_AUTH_INFO pAuthenticationInfo = NULL;
  209. PINT_IPSEC_MM_AUTH_INFO pTemp = NULL;
  210. PIPSEC_AUTH_METHOD pAuthMethod = NULL;
  211. DWORD i = 0;
  214. //
  215. // dwAuthMethodCount is not zero at this point.
  216. // ppAuthMethods is not null at this point.
  217. //
  219. dwError = AllocateSPDMemory(
  220. sizeof(INT_IPSEC_MM_AUTH_INFO)*dwAuthMethodCount,
  221. &(pAuthenticationInfo)
  222. );
  223. BAIL_ON_WIN32_ERROR(dwError);
  225. pTemp = pAuthenticationInfo;
  227. for (i = 0; i < dwAuthMethodCount; i++) {
  229. pAuthMethod = *(ppAuthMethods + i);
  231. pTemp->AuthMethod = (MM_AUTH_ENUM) pAuthMethod->dwAuthType;
  233. switch(pTemp->AuthMethod) {
  235. case IKE_SSPI:
  237. pTemp->dwAuthInfoSize = 0;
  238. pTemp->pAuthInfo = NULL;
  239. break;
  241. case IKE_RSA_SIGNATURE:
  243. if (pAuthMethod->dwAltAuthLen && pAuthMethod->pAltAuthMethod) {
  245. dwError = AllocateSPDMemory(
  246. pAuthMethod->dwAltAuthLen,
  247. &(pTemp->pAuthInfo)
  248. );
  249. BAIL_ON_WIN32_ERROR(dwError);
  250. pTemp->dwAuthInfoSize = pAuthMethod->dwAltAuthLen;
  252. //
  253. // Need to catch the exception when the size of auth info
  254. // specified is more than the actual size.
  255. //
  256. //
  258. memcpy(
  259. pTemp->pAuthInfo,
  260. pAuthMethod->pAltAuthMethod,
  261. pAuthMethod->dwAltAuthLen
  262. );
  263. }
  264. else {
  266. if (!(pAuthMethod->dwAuthLen) || !(pAuthMethod->pszAuthMethod)) {
  267. dwError = ERROR_INVALID_PARAMETER;
  268. BAIL_ON_WIN32_ERROR(dwError);
  269. }
  270. dwError = EncodeName(
  271. pAuthMethod->pszAuthMethod,
  272. &pTemp->pAuthInfo,
  273. &pTemp->dwAuthInfoSize
  274. );
  275. BAIL_ON_WIN32_ERROR(dwError);
  277. }
  278. pTemp->dwAuthFlags = pAuthMethod->dwAuthFlags;
  280. break;
  282. default:
  284. if (!(pAuthMethod->dwAuthLen) || !(pAuthMethod->pszAuthMethod)) {
  285. dwError = ERROR_INVALID_PARAMETER;
  286. BAIL_ON_WIN32_ERROR(dwError);
  287. }
  288. dwError = AllocateSPDMemory(
  289. (pAuthMethod->dwAuthLen)*sizeof(WCHAR),
  290. &(pTemp->pAuthInfo)
  291. );
  292. BAIL_ON_WIN32_ERROR(dwError);
  293. pTemp->dwAuthInfoSize = (pAuthMethod->dwAuthLen)*sizeof(WCHAR);
  295. //
  296. // Need to catch the exception when the size of auth info
  297. // specified is more than the actual size.
  298. //
  299. //
  301. memcpy(
  302. pTemp->pAuthInfo,
  303. (LPBYTE) pAuthMethod->pszAuthMethod,
  304. (pAuthMethod->dwAuthLen)*sizeof(WCHAR)
  305. );
  306. break;
  308. }
  310. pTemp++;
  312. }
  314. *pdwNumAuthInfos = dwAuthMethodCount;
  315. *ppAuthenticationInfo = pAuthenticationInfo;
  316. return (dwError);
  318. error:
  320. if (pAuthenticationInfo) {
  321. PAFreeMMAuthInfos(
  322. i,
  323. pAuthenticationInfo
  324. );
  325. }
  327. *pdwNumAuthInfos = 0;
  328. *ppAuthenticationInfo = NULL;
  329. return (dwError);
  330. }
  333. VOID
  334. PAFreeMMAuthMethods(
  335. PINT_MM_AUTH_METHODS pSPDMMAuthMethods
  336. )
  337. {
  338. if (pSPDMMAuthMethods) {
  340. PAFreeMMAuthInfos(
  341. pSPDMMAuthMethods->dwNumAuthInfos,
  342. pSPDMMAuthMethods->pAuthenticationInfo
  343. );
  345. FreeSPDMemory(pSPDMMAuthMethods);
  347. }
  348. }
  351. VOID
  352. PAFreeMMAuthInfos(
  353. DWORD dwNumAuthInfos,
  354. PINT_IPSEC_MM_AUTH_INFO pAuthenticationInfo
  355. )
  356. {
  357. DWORD i = 0;
  358. PINT_IPSEC_MM_AUTH_INFO pTemp = NULL;
  361. if (pAuthenticationInfo) {
  363. pTemp = pAuthenticationInfo;
  365. for (i = 0; i < dwNumAuthInfos; i++) {
  366. if (pTemp->pAuthInfo) {
  367. FreeSPDMemory(pTemp->pAuthInfo);
  368. }
  369. pTemp++;
  370. }
  372. FreeSPDMemory(pAuthenticationInfo);
  374. }
  375. }
  378. DWORD
  379. PADeleteAllMMAuthMethods(
  380. )
  381. {
  382. DWORD dwError = 0;
  383. PMMAUTHSTATE pMMAuthState = NULL;
  384. LPWSTR pServerName = NULL;
  385. PMMAUTHSTATE pTemp = NULL;
  386. PMMAUTHSTATE pLeftMMAuthState = NULL;
  387. DWORD dwVersion = 0;
  389. TRACE(TRC_INFORMATION, (L"Pastore deleting all MM auth methods."));
  391. pMMAuthState = gpMMAuthState;
  393. while (pMMAuthState) {
  395. if (pMMAuthState->bInSPD) {
  397. dwError = DeleteMMAuthMethods(
  398. pServerName,
  399. dwVersion,
  400. pMMAuthState->gMMAuthID,
  401. NULL
  402. );
  403. if (!dwError) {
  404. pTemp = pMMAuthState;
  405. pMMAuthState = pMMAuthState->pNext;
  406. FreeSPDMemory(pTemp);
  407. }
  408. else {
  409. pMMAuthState->dwErrorCode = dwError;
  411. pTemp = pMMAuthState;
  412. pMMAuthState = pMMAuthState->pNext;
  414. pTemp->pNext = pLeftMMAuthState;
  415. pLeftMMAuthState = pTemp;
  416. }
  418. }
  419. else {
  421. pTemp = pMMAuthState;
  422. pMMAuthState = pMMAuthState->pNext;
  423. FreeSPDMemory(pTemp);
  425. }
  427. }
  429. gpMMAuthState = pLeftMMAuthState;
  431. return (dwError);
  432. }
  435. VOID
  436. PAFreeMMAuthStateList(
  437. PMMAUTHSTATE pMMAuthState
  438. )
  439. {
  440. PMMAUTHSTATE pTemp = NULL;
  443. while (pMMAuthState) {
  445. pTemp = pMMAuthState;
  446. pMMAuthState = pMMAuthState->pNext;
  447. FreeSPDMemory(pTemp);
  449. }
  450. }
  453. PMMAUTHSTATE
  454. FindMMAuthState(
  455. GUID gMMAuthID
  456. )
  457. {
  458. PMMAUTHSTATE pMMAuthState = NULL;
  461. pMMAuthState = gpMMAuthState;
  463. while (pMMAuthState) {
  465. if (!memcmp(&(pMMAuthState->gMMAuthID), &gMMAuthID, sizeof(GUID))) {
  466. return (pMMAuthState);
  467. }
  469. pMMAuthState = pMMAuthState->pNext;
  471. }
  473. return (NULL);
  474. }
  477. DWORD
  478. PADeleteMMAuthMethods(
  479. PIPSEC_NFA_DATA * ppIpsecNFAData,
  480. DWORD dwNumNFACount
  481. )
  482. {
  483. DWORD dwError = 0;
  484. DWORD i = 0;
  485. PIPSEC_NFA_DATA pIpsecNFAData = NULL;
  488. for (i = 0; i < dwNumNFACount; i++) {
  490. pIpsecNFAData = *(ppIpsecNFAData + i);
  492. dwError = PADeleteMMAuthMethod(
  493. pIpsecNFAData->NFAIdentifier
  494. );
  496. }
  498. return (dwError);
  499. }
  502. DWORD
  503. PADeleteMMAuthMethod(
  504. GUID gMMAuthID
  505. )
  506. {
  507. DWORD dwError = 0;
  508. PMMAUTHSTATE pMMAuthState = NULL;
  509. LPWSTR pServerName = NULL;
  510. DWORD dwVersion = 0;
  512. TRACE(
  513. TRC_INFORMATION,
  514. (L"Pastore deleting MM auth method %!guid!",
  515. &gMMAuthID)
  516. );
  518. pMMAuthState = FindMMAuthState(
  519. gMMAuthID
  520. );
  521. if (!pMMAuthState) {
  522. dwError = ERROR_SUCCESS;
  523. return (dwError);
  524. }
  526. if (pMMAuthState->bInSPD) {
  528. dwError = DeleteMMAuthMethods(
  529. pServerName,
  530. dwVersion,
  531. pMMAuthState->gMMAuthID,
  532. NULL
  533. );
  534. if (dwError) {
  535. pMMAuthState->dwErrorCode = dwError;
  536. }
  537. BAIL_ON_WIN32_ERROR(dwError);
  539. }
  541. PADeleteMMAuthState(pMMAuthState);
  543. error:
  545. return (dwError);
  546. }
  549. VOID
  550. PADeleteMMAuthState(
  551. PMMAUTHSTATE pMMAuthState
  552. )
  553. {
  554. PMMAUTHSTATE * ppTemp = NULL;
  557. ppTemp = &gpMMAuthState;
  559. while (*ppTemp) {
  561. if (*ppTemp == pMMAuthState) {
  562. break;
  563. }
  564. ppTemp = &((*ppTemp)->pNext);
  566. }
  568. if (*ppTemp) {
  569. *ppTemp = pMMAuthState->pNext;
  570. }
  572. FreeSPDMemory(pMMAuthState);
  574. return;
  575. }
  578. DWORD
  579. PADeleteInUseMMAuthMethods(
  580. )
  581. {
  582. DWORD dwError = 0;
  583. PMMAUTHSTATE pMMAuthState = NULL;
  584. LPWSTR pServerName = NULL;
  585. PMMAUTHSTATE pTemp = NULL;
  586. PMMAUTHSTATE pLeftMMAuthState = NULL;
  587. DWORD dwVersion = 0;
  589. TRACE(TRC_INFORMATION, (L"Pastore deleting in-use MM auth methods."));
  591. pMMAuthState = gpMMAuthState;
  593. while (pMMAuthState) {
  595. if (pMMAuthState->bInSPD &&
  596. (pMMAuthState->dwErrorCode == ERROR_IPSEC_MM_AUTH_IN_USE)) {
  598. dwError = DeleteMMAuthMethods(
  599. pServerName,
  600. dwVersion,
  601. pMMAuthState->gMMAuthID,
  602. NULL
  603. );
  604. if (!dwError) {
  605. pTemp = pMMAuthState;
  606. pMMAuthState = pMMAuthState->pNext;
  607. FreeSPDMemory(pTemp);
  608. }
  609. else {
  610. pTemp = pMMAuthState;
  611. pMMAuthState = pMMAuthState->pNext;
  613. pTemp->pNext = pLeftMMAuthState;
  614. pLeftMMAuthState = pTemp;
  615. }
  617. }
  618. else {
  620. pTemp = pMMAuthState;
  621. pMMAuthState = pMMAuthState->pNext;
  623. pTemp->pNext = pLeftMMAuthState;
  624. pLeftMMAuthState = pTemp;
  626. }
  628. }
  630. gpMMAuthState = pLeftMMAuthState;
  632. return (dwError);
  633. }
  636. DWORD
  637. EncodeName(
  638. LPWSTR pszSubjectName,
  639. PBYTE * ppEncodedName,
  640. PDWORD pdwEncodedLength
  641. )
  642. {
  643. DWORD dwError = ERROR_SUCCESS;
  646. *ppEncodedName = NULL;
  647. *pdwEncodedLength = 0;
  650. if (!CertStrToName(
  651. X509_ASN_ENCODING,
  652. pszSubjectName,
  653. CERT_X500_NAME_STR,
  654. NULL,
  655. NULL,
  656. pdwEncodedLength,
  657. NULL)) {
  658. dwError = GetLastError();
  659. BAIL_ON_WIN32_ERROR(dwError);
  660. }
  662. if (!*pdwEncodedLength) {
  663. dwError = ERROR_INVALID_DATA;
  664. BAIL_ON_WIN32_ERROR(dwError);
  665. }
  667. dwError = AllocateSPDMemory(
  668. *pdwEncodedLength,
  669. (PVOID) ppEncodedName
  670. );
  671. BAIL_ON_WIN32_ERROR(dwError);
  673. if (!CertStrToName(
  674. X509_ASN_ENCODING,
  675. pszSubjectName,
  676. CERT_X500_NAME_STR,
  677. NULL,
  678. (*ppEncodedName),
  679. pdwEncodedLength,
  680. NULL)) {
  681. dwError = GetLastError();
  682. BAIL_ON_WIN32_ERROR(dwError);
  683. }
  685. return (dwError);
  687. error:
  689. if (*ppEncodedName) {
  690. FreeSPDMemory(*ppEncodedName);
  691. *ppEncodedName = NULL;
  692. }
  693. *pdwEncodedLength = 0;
  695. return (dwError);
  696. }