archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/net/ipsec/pastore/dsstore.c

2755 lines
73 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //----------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 2000.
  5. //
  6. // File: dsstore.c
  7. //
  8. // Contents: Policy management for directory.
  9. //
  10. //
  11. // History: KrishnaG.
  12. // AbhisheV.
  13. //
  14. //----------------------------------------------------------------------------
  16. #include "precomp.h"
  18. LPWSTR gpszIpSecContainer = L"CN=IP Security,CN=System,DC=ntdev,DC=microsoft,DC=com";
  19. LPWSTR PolicyDNAttributes[] = {
  20. L"ipsecID",
  21. L"description",
  22. L"ipsecDataType",
  23. L"ipsecISAKMPReference",
  24. L"ipsecData",
  25. L"ipsecNFAReference",
  26. L"ipsecName",
  27. L"distinguishedName",
  28. L"whenChanged",
  29. NULL
  30. };
  32. LPWSTR NFADNAttributes[] = {
  33. L"distinguishedName",
  34. L"description",
  35. L"ipsecName",
  36. L"ipsecID",
  37. L"ipsecDataType",
  38. L"ipsecData",
  39. L"ipsecOwnersReference",
  40. L"ipsecFilterReference",
  41. L"ipsecNegotiationPolicyReference",
  42. L"whenChanged",
  43. NULL
  44. };
  46. LPWSTR FilterDNAttributes[] = {
  47. L"distinguishedName",
  48. L"description",
  49. L"ipsecName",
  50. L"ipsecID",
  51. L"ipsecDataType",
  52. L"ipsecData",
  53. L"ipsecOwnersReference",
  54. L"whenChanged",
  55. NULL
  56. };
  58. LPWSTR NegPolDNAttributes[] = {
  59. L"distinguishedName",
  60. L"description",
  61. L"ipsecName",
  62. L"ipsecID",
  63. L"ipsecDataType",
  64. L"ipsecData",
  65. L"ipsecNegotiationPolicyAction",
  66. L"ipsecNegotiationPolicyType",
  67. L"ipsecOwnersReference",
  68. L"whenChanged",
  69. NULL
  70. };
  72. LPWSTR ISAKMPDNAttributes[] = {
  73. L"distinguishedName",
  74. L"ipsecName",
  75. L"ipsecID",
  76. L"ipsecDataType",
  77. L"ipsecData",
  78. L"ipsecOwnersReference",
  79. L"whenChanged",
  80. NULL
  81. };
  89. DWORD
  90. OpenDirectoryServerHandle(
  91. LPWSTR pszDomainName,
  92. DWORD dwPortNumber,
  93. HLDAP * phLdapBindHandle
  94. )
  95. {
  96. DWORD dwError = 0;
  99. *phLdapBindHandle = NULL;
  101. dwError = LdapOpen(
  102. pszDomainName,
  103. dwPortNumber,
  104. phLdapBindHandle
  105. );
  106. BAIL_ON_WIN32_ERROR(dwError);
  108. dwError = LdapBind(
  109. *phLdapBindHandle
  110. );
  111. BAIL_ON_WIN32_ERROR(dwError);
  113. return(dwError);
  115. error:
  117. if (*phLdapBindHandle) {
  118. CloseDirectoryServerHandle(
  119. *phLdapBindHandle
  120. );
  121. *phLdapBindHandle = NULL;
  122. }
  124. return(dwError);
  125. }
  127. DWORD
  128. CloseDirectoryServerHandle(
  129. HLDAP hLdapBindHandle
  130. )
  131. {
  133. int ldaperr = 0;
  135. if (hLdapBindHandle) {
  137. ldaperr = ldap_unbind(hLdapBindHandle);
  139. }
  141. return(0);
  142. }
  146. DWORD
  147. ShallowReadPolicyObjectFromDirectory(
  148. HLDAP hLdapBindHandle,
  149. LPWSTR pszPolicyDN,
  150. PIPSEC_POLICY_OBJECT * ppIpsecPolicyObject
  151. )
  152. {
  154. LDAPMessage *res = NULL;
  155. LDAPMessage *e = NULL;
  156. LPWSTR szFilterString = L"(objectClass=*)";
  157. DWORD dwError = 0;
  158. PIPSEC_POLICY_OBJECT pIpsecPolicyObject = NULL;
  160. dwError = LdapSearchST(
  161. hLdapBindHandle,
  162. pszPolicyDN,
  163. LDAP_SCOPE_BASE,
  164. szFilterString,
  165. PolicyDNAttributes,
  166. 0,
  167. NULL,
  168. &res
  169. );
  170. BAIL_ON_WIN32_ERROR(dwError);
  172. dwError = UnMarshallPolicyObject(
  173. hLdapBindHandle,
  174. pszPolicyDN,
  175. &pIpsecPolicyObject,
  176. res
  177. );
  178. BAIL_ON_WIN32_ERROR(dwError);
  180. pIpsecPolicyObject->ppIpsecNFAObjects = NULL;
  181. pIpsecPolicyObject->NumberofRulesReturned = 0;
  182. pIpsecPolicyObject->NumberofFilters = 0;
  183. pIpsecPolicyObject->ppIpsecFilterObjects = NULL;
  184. pIpsecPolicyObject->ppIpsecNegPolObjects = NULL;
  185. pIpsecPolicyObject->NumberofNegPols = 0;
  186. pIpsecPolicyObject->NumberofISAKMPs = 0;
  187. pIpsecPolicyObject->ppIpsecISAKMPObjects = NULL;
  189. *ppIpsecPolicyObject = pIpsecPolicyObject;
  191. cleanup:
  192. if (res) {
  193. LdapMsgFree(res);
  194. }
  196. return(dwError);
  198. error:
  200. if (pIpsecPolicyObject) {
  201. FreeIpsecPolicyObject(
  202. pIpsecPolicyObject
  203. );
  204. }
  206. *ppIpsecPolicyObject = NULL;
  208. goto cleanup;
  210. }
  212. DWORD
  213. ReadPolicyObjectFromDirectory(
  214. HLDAP hLdapBindHandle,
  215. LPWSTR pszPolicyDN,
  216. PIPSEC_POLICY_OBJECT * ppIpsecPolicyObject
  217. )
  218. {
  220. LDAPMessage *res = NULL;
  221. LDAPMessage *e = NULL;
  222. LPWSTR szFilterString = L"(objectClass=*)";
  223. DWORD dwError = 0;
  224. PIPSEC_POLICY_OBJECT pIpsecPolicyObject = NULL;
  226. DWORD dwNumNFAObjectsReturned = 0;
  227. PIPSEC_NFA_OBJECT * ppIpsecNFAObjects = NULL;
  228. LPWSTR * ppszFilterReferences = NULL;
  229. DWORD dwNumFilterReferences = 0;
  230. LPWSTR * ppszNegPolReferences = NULL;
  231. DWORD dwNumNegPolReferences = 0;
  233. PIPSEC_FILTER_OBJECT * ppIpsecFilterObjects = NULL;
  234. DWORD dwNumFilterObjects = 0;
  236. PIPSEC_NEGPOL_OBJECT * ppIpsecNegPolObjects = NULL;
  237. DWORD dwNumNegPolObjects = 0;
  239. PIPSEC_ISAKMP_OBJECT * ppIpsecISAKMPObjects = NULL;
  240. DWORD dwNumISAKMPObjects = 0;
  242. LPWSTR pszPolicyContainer = NULL;
  244. dwError = ComputePolicyContainerDN(
  245. pszPolicyDN,
  246. &pszPolicyContainer
  247. );
  249. BAIL_ON_WIN32_ERROR(dwError);
  251. dwError = LdapSearchST(
  252. hLdapBindHandle,
  253. pszPolicyDN,
  254. LDAP_SCOPE_BASE,
  255. szFilterString,
  256. PolicyDNAttributes,
  257. 0,
  258. NULL,
  259. &res
  260. );
  261. BAIL_ON_WIN32_ERROR(dwError);
  263. dwError = UnMarshallPolicyObject(
  264. hLdapBindHandle,
  265. pszPolicyDN,
  266. &pIpsecPolicyObject,
  267. res
  268. );
  269. BAIL_ON_WIN32_ERROR(dwError);
  271. dwError = ReadNFAObjectsFromDirectory(
  272. hLdapBindHandle,
  273. pszPolicyContainer,
  274. pIpsecPolicyObject->pszIpsecOwnersReference,
  275. pIpsecPolicyObject->ppszIpsecNFAReferences,
  276. pIpsecPolicyObject->NumberofRules,
  277. &ppIpsecNFAObjects,
  278. &dwNumNFAObjectsReturned,
  279. &ppszFilterReferences,
  280. &dwNumFilterReferences,
  281. &ppszNegPolReferences,
  282. &dwNumNegPolReferences
  283. );
  284. BAIL_ON_WIN32_ERROR(dwError);
  287. dwError = ReadFilterObjectsFromDirectory(
  288. hLdapBindHandle,
  289. pszPolicyContainer,
  290. ppszFilterReferences,
  291. dwNumFilterReferences,
  292. &ppIpsecFilterObjects,
  293. &dwNumFilterObjects
  294. );
  295. BAIL_ON_WIN32_ERROR(dwError);
  298. dwError = ReadNegPolObjectsFromDirectory(
  299. hLdapBindHandle,
  300. pszPolicyContainer,
  301. ppszNegPolReferences,
  302. dwNumNegPolReferences,
  303. &ppIpsecNegPolObjects,
  304. &dwNumNegPolObjects
  305. );
  306. BAIL_ON_WIN32_ERROR(dwError);
  308. dwError = ReadISAKMPObjectsFromDirectory(
  309. hLdapBindHandle,
  310. pszPolicyContainer,
  311. &pIpsecPolicyObject->pszIpsecISAKMPReference,
  312. 1,
  313. &ppIpsecISAKMPObjects,
  314. &dwNumISAKMPObjects
  315. );
  316. BAIL_ON_WIN32_ERROR(dwError);
  318. pIpsecPolicyObject->ppIpsecNFAObjects = ppIpsecNFAObjects;
  319. pIpsecPolicyObject->NumberofRulesReturned = dwNumNFAObjectsReturned;
  320. pIpsecPolicyObject->NumberofFilters = dwNumFilterObjects;
  321. pIpsecPolicyObject->ppIpsecFilterObjects = ppIpsecFilterObjects;
  322. pIpsecPolicyObject->ppIpsecNegPolObjects = ppIpsecNegPolObjects;
  323. pIpsecPolicyObject->NumberofNegPols = dwNumNegPolObjects;
  324. pIpsecPolicyObject->NumberofISAKMPs = dwNumISAKMPObjects;
  325. pIpsecPolicyObject->ppIpsecISAKMPObjects = ppIpsecISAKMPObjects;
  328. *ppIpsecPolicyObject = pIpsecPolicyObject;
  330. cleanup:
  332. if (pszPolicyContainer) {
  333. FreePolStr(pszPolicyContainer);
  334. }
  336. if (res) {
  337. LdapMsgFree(res);
  338. }
  340. if (ppszFilterReferences) {
  342. FreeFilterReferences(
  343. ppszFilterReferences,
  344. dwNumFilterReferences
  345. );
  346. }
  348. if (ppszNegPolReferences) {
  350. FreeNegPolReferences(
  351. ppszNegPolReferences,
  352. dwNumNegPolReferences
  353. );
  354. }
  356. return(dwError);
  358. error:
  360. if (pIpsecPolicyObject) {
  361. FreeIpsecPolicyObject(
  362. pIpsecPolicyObject
  363. );
  364. }
  366. *ppIpsecPolicyObject = NULL;
  368. goto cleanup;
  370. }
  373. DWORD
  374. ReadNFAObjectsFromDirectory(
  375. HLDAP hLdapBindHandle,
  376. LPWSTR pszIpsecRootContainer,
  377. LPWSTR pszIpsecOwnerReference,
  378. LPWSTR * ppszNFADNs,
  379. DWORD dwNumNfaObjects,
  380. PIPSEC_NFA_OBJECT ** pppIpsecNFAObjects,
  381. PDWORD pdwNumNfaObjects,
  382. LPWSTR ** pppszFilterReferences,
  383. PDWORD pdwNumFilterReferences,
  384. LPWSTR ** pppszNegPolReferences,
  385. PDWORD pdwNumNegPolReferences
  386. )
  387. {
  389. LDAPMessage *res = NULL;
  390. LDAPMessage *e = NULL;
  391. DWORD dwError = 0;
  392. LPWSTR pszFilterString = NULL;
  393. DWORD i = 0;
  394. DWORD dwCount = 0;
  395. BOOL bNewNegPolReference = TRUE;
  396. PIPSEC_NFA_OBJECT pIpsecNFAObject = NULL;
  397. PIPSEC_NFA_OBJECT * ppIpsecNFAObjects = NULL;
  398. LPWSTR * ppszFilterReferences = NULL;
  399. LPWSTR * ppszNegPolReferences = NULL;
  400. LPWSTR pszFilterReference = NULL;
  401. LPWSTR pszNegPolReference = NULL;
  402. DWORD dwNumFilterReferences = 0;
  403. DWORD dwNumNegPolReferences = 0;
  408. DWORD dwNumNFAObjectsReturned = 0;
  410. dwError = GenerateNFAQuery(
  411. ppszNFADNs,
  412. dwNumNfaObjects,
  413. &pszFilterString
  414. );
  417. dwError = LdapSearchST(
  418. hLdapBindHandle,
  419. pszIpsecRootContainer,
  420. LDAP_SCOPE_ONELEVEL,
  421. pszFilterString,
  422. NFADNAttributes,
  423. 0,
  424. NULL,
  425. &res
  426. );
  427. BAIL_ON_WIN32_ERROR(dwError);
  429. dwCount = LdapCountEntries(
  430. hLdapBindHandle,
  431. res
  432. );
  433. if (!dwCount) {
  434. dwError = ERROR_DS_NO_ATTRIBUTE_OR_VALUE;
  435. BAIL_ON_WIN32_ERROR(dwError);
  436. }
  438. ppIpsecNFAObjects = (PIPSEC_NFA_OBJECT *)AllocPolMem(
  439. sizeof(PIPSEC_NFA_OBJECT)*dwCount
  440. );
  441. if (!ppIpsecNFAObjects) {
  442. dwError = ERROR_OUTOFMEMORY;
  443. BAIL_ON_WIN32_ERROR(dwError);
  444. }
  446. ppszFilterReferences = (LPWSTR *)AllocPolMem(
  447. sizeof(LPWSTR)*dwCount
  448. );
  449. if (!ppszFilterReferences) {
  450. dwError = ERROR_OUTOFMEMORY;
  451. BAIL_ON_WIN32_ERROR(dwError);
  452. }
  455. ppszNegPolReferences = (LPWSTR *)AllocPolMem(
  456. sizeof(LPWSTR)*dwCount
  457. );
  458. if (!ppszNegPolReferences) {
  459. dwError = ERROR_OUTOFMEMORY;
  460. BAIL_ON_WIN32_ERROR(dwError);
  461. }
  464. for (i = 0; i < dwCount; i++) {
  466. if (i == 0) {
  468. dwError = LdapFirstEntry(
  469. hLdapBindHandle,
  470. res,
  471. &e
  472. );
  473. BAIL_ON_WIN32_ERROR(dwError);
  475. }else {
  477. dwError = LdapNextEntry(
  478. hLdapBindHandle,
  479. e,
  480. &e
  481. );
  483. }
  485. dwError =UnMarshallNFAObject(
  486. hLdapBindHandle,
  487. e,
  488. &pIpsecNFAObject,
  489. &pszFilterReference,
  490. &pszNegPolReference
  491. );
  492. if (dwError == ERROR_SUCCESS) {
  494. *(ppIpsecNFAObjects + dwNumNFAObjectsReturned) = pIpsecNFAObject;
  496. if (pszFilterReference) {
  498. *(ppszFilterReferences + dwNumFilterReferences) = pszFilterReference;
  499. dwNumFilterReferences++;
  501. }
  503. if (pszNegPolReference) {
  504. bNewNegPolReference = !(IsStringInArray(
  505. ppszNegPolReferences,
  506. pszNegPolReference,
  507. dwNumNegPolReferences
  508. ));
  510. if (bNewNegPolReference) {
  511. *(ppszNegPolReferences + dwNumNegPolReferences) = pszNegPolReference;
  512. dwNumNegPolReferences++;
  513. } else {
  514. FreePolStr(pszNegPolReference);
  515. pszNegPolReference = NULL;
  516. }
  517. }
  519. dwNumNFAObjectsReturned++;
  521. }
  524. }
  526. if (dwNumNFAObjectsReturned == 0) {
  527. dwError = ERROR_INVALID_DATA;
  528. BAIL_ON_WIN32_ERROR(dwError);
  529. }
  531. *pppszFilterReferences = ppszFilterReferences;
  532. *pppszNegPolReferences = ppszNegPolReferences;
  534. *pppIpsecNFAObjects = ppIpsecNFAObjects;
  535. *pdwNumNfaObjects = dwNumNFAObjectsReturned;
  536. *pdwNumNegPolReferences = dwNumNegPolReferences;
  537. *pdwNumFilterReferences = dwNumFilterReferences;
  539. dwError = ERROR_SUCCESS;
  541. cleanup:
  544. if (res) {
  545. LdapMsgFree(res);
  546. }
  549. if (pszFilterString) {
  550. FreePolStr(pszFilterString);
  551. }
  553. return(dwError);
  556. error:
  557. if (ppszNegPolReferences) {
  558. FreeNegPolReferences(
  559. ppszNegPolReferences,
  560. dwNumNFAObjectsReturned
  561. );
  562. }
  565. if (ppszFilterReferences) {
  566. FreeFilterReferences(
  567. ppszFilterReferences,
  568. dwNumNFAObjectsReturned
  569. );
  570. }
  572. if (ppIpsecNFAObjects) {
  574. FreeIpsecNFAObjects(
  575. ppIpsecNFAObjects,
  576. dwNumNFAObjectsReturned
  577. );
  579. }
  581. *pppszNegPolReferences = NULL;
  582. *pppszFilterReferences = NULL;
  583. *pdwNumNegPolReferences = 0;
  584. *pdwNumFilterReferences = 0;
  585. *pppIpsecNFAObjects = NULL;
  586. *pdwNumNfaObjects = 0;
  588. goto cleanup;
  589. }
  591. DWORD
  592. ReadFilterObjectsFromDirectory(
  593. HLDAP hLdapBindHandle,
  594. LPWSTR pszIpsecRootContainer,
  595. LPWSTR * ppszFilterDNs,
  596. DWORD dwNumFilterObjects,
  597. PIPSEC_FILTER_OBJECT ** pppIpsecFilterObjects,
  598. PDWORD pdwNumFilterObjects
  599. )
  600. {
  602. LDAPMessage *res = NULL;
  603. LDAPMessage *e = NULL;
  604. DWORD dwError = 0;
  605. LPWSTR pszFilterString = NULL;
  606. DWORD i = 0;
  607. DWORD dwCount = 0;
  608. PIPSEC_FILTER_OBJECT pIpsecFilterObject = NULL;
  609. PIPSEC_FILTER_OBJECT * ppIpsecFilterObjects = NULL;
  611. DWORD dwNumFilterObjectsReturned = 0;
  613. //
  614. // It is possible to have zero filter objects - if we have
  615. // a single rule with no filters in it, then we should return
  616. // success with zero filters.
  617. //
  619. if (!dwNumFilterObjects) {
  621. *pppIpsecFilterObjects = 0;
  622. *pdwNumFilterObjects = 0;
  624. return(ERROR_SUCCESS);
  625. }
  627. dwError = GenerateFilterQuery(
  628. ppszFilterDNs,
  629. dwNumFilterObjects,
  630. &pszFilterString
  631. );
  632. BAIL_ON_WIN32_ERROR(dwError);
  634. dwError = LdapSearchST(
  635. hLdapBindHandle,
  636. pszIpsecRootContainer,
  637. LDAP_SCOPE_ONELEVEL,
  638. pszFilterString,
  639. FilterDNAttributes,
  640. 0,
  641. NULL,
  642. &res
  643. );
  644. BAIL_ON_WIN32_ERROR(dwError);
  646. dwCount = LdapCountEntries(
  647. hLdapBindHandle,
  648. res
  649. );
  650. if (!dwCount) {
  651. dwError = ERROR_DS_NO_ATTRIBUTE_OR_VALUE;
  652. BAIL_ON_WIN32_ERROR(dwError);
  653. }
  655. ppIpsecFilterObjects = (PIPSEC_FILTER_OBJECT *)AllocPolMem(
  656. sizeof(PIPSEC_FILTER_OBJECT)*dwCount
  657. );
  658. if (!ppIpsecFilterObjects) {
  659. dwError = ERROR_OUTOFMEMORY;
  660. BAIL_ON_WIN32_ERROR(dwError);
  661. }
  664. for (i = 0; i < dwCount; i++) {
  666. if (i == 0) {
  668. dwError = LdapFirstEntry(
  669. hLdapBindHandle,
  670. res,
  671. &e
  672. );
  673. BAIL_ON_WIN32_ERROR(dwError);
  675. }else {
  677. dwError = LdapNextEntry(
  678. hLdapBindHandle,
  679. e,
  680. &e
  681. );
  683. }
  685. dwError =UnMarshallFilterObject(
  686. hLdapBindHandle,
  687. e,
  688. &pIpsecFilterObject
  689. );
  690. if (dwError == ERROR_SUCCESS) {
  692. *(ppIpsecFilterObjects + dwNumFilterObjectsReturned) = pIpsecFilterObject;
  693. dwNumFilterObjectsReturned++;
  695. }
  698. }
  700. *pppIpsecFilterObjects = ppIpsecFilterObjects;
  701. *pdwNumFilterObjects = dwNumFilterObjectsReturned;
  703. dwError = ERROR_SUCCESS;
  705. cleanup:
  707. if (pszFilterString) {
  708. FreePolMem(pszFilterString);
  709. }
  711. if (res) {
  713. LdapMsgFree(res);
  714. }
  718. return(dwError);
  721. error:
  723. if (ppIpsecFilterObjects) {
  725. FreeIpsecFilterObjects(
  726. ppIpsecFilterObjects,
  727. dwNumFilterObjectsReturned
  728. );
  729. }
  731. *pppIpsecFilterObjects = NULL;
  732. *pdwNumFilterObjects = 0;
  734. goto cleanup;
  735. }
  737. DWORD
  738. ReadNegPolObjectsFromDirectory(
  739. HLDAP hLdapBindHandle,
  740. LPWSTR pszIpsecRootContainer,
  741. LPWSTR * ppszNegPolDNs,
  742. DWORD dwNumNegPolObjects,
  743. PIPSEC_NEGPOL_OBJECT ** pppIpsecNegPolObjects,
  744. PDWORD pdwNumNegPolObjects
  745. )
  746. {
  748. LDAPMessage *res = NULL;
  749. LDAPMessage *e = NULL;
  750. DWORD dwError = 0;
  751. LPWSTR pszNegPolString = NULL;
  752. DWORD i = 0;
  753. DWORD dwCount = 0;
  754. PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject = NULL;
  755. PIPSEC_NEGPOL_OBJECT * ppIpsecNegPolObjects = NULL;
  757. DWORD dwNumNegPolObjectsReturned = 0;
  759. dwError = GenerateNegPolQuery(
  760. ppszNegPolDNs,
  761. dwNumNegPolObjects,
  762. &pszNegPolString
  763. );
  764. BAIL_ON_WIN32_ERROR(dwError);
  766. dwError = LdapSearchST(
  767. hLdapBindHandle,
  768. pszIpsecRootContainer,
  769. LDAP_SCOPE_ONELEVEL,
  770. pszNegPolString,
  771. NegPolDNAttributes,
  772. 0,
  773. NULL,
  774. &res
  775. );
  776. BAIL_ON_WIN32_ERROR(dwError);
  778. dwCount = LdapCountEntries(
  779. hLdapBindHandle,
  780. res
  781. );
  782. if (!dwCount) {
  783. dwError = ERROR_DS_NO_ATTRIBUTE_OR_VALUE;
  784. BAIL_ON_WIN32_ERROR(dwError);
  785. }
  787. ppIpsecNegPolObjects = (PIPSEC_NEGPOL_OBJECT *)AllocPolMem(
  788. sizeof(PIPSEC_NEGPOL_OBJECT)*dwCount
  789. );
  791. if (!ppIpsecNegPolObjects) {
  792. dwError = ERROR_OUTOFMEMORY;
  793. BAIL_ON_WIN32_ERROR(dwError);
  794. }
  797. for (i = 0; i < dwCount; i++) {
  799. if (i == 0) {
  801. dwError = LdapFirstEntry(
  802. hLdapBindHandle,
  803. res,
  804. &e
  805. );
  806. BAIL_ON_WIN32_ERROR(dwError);
  808. }else {
  810. dwError = LdapNextEntry(
  811. hLdapBindHandle,
  812. e,
  813. &e
  814. );
  816. }
  818. dwError =UnMarshallNegPolObject(
  819. hLdapBindHandle,
  820. e,
  821. &pIpsecNegPolObject
  822. );
  823. if (dwError == ERROR_SUCCESS) {
  825. *(ppIpsecNegPolObjects + dwNumNegPolObjectsReturned) = pIpsecNegPolObject;
  826. dwNumNegPolObjectsReturned++;
  828. }
  831. }
  832. if (dwNumNegPolObjectsReturned == 0) {
  833. dwError = ERROR_INVALID_DATA;
  834. BAIL_ON_WIN32_ERROR(dwError);
  835. }
  837. *pppIpsecNegPolObjects = ppIpsecNegPolObjects;
  838. *pdwNumNegPolObjects = dwNumNegPolObjectsReturned;
  841. dwError = ERROR_SUCCESS;
  843. cleanup:
  845. if (pszNegPolString) {
  846. FreePolMem(pszNegPolString);
  847. }
  849. if (res) {
  850. LdapMsgFree(res);
  851. }
  854. return(dwError);
  857. error:
  859. if (ppIpsecNegPolObjects) {
  861. FreeIpsecNegPolObjects(
  862. ppIpsecNegPolObjects,
  863. dwNumNegPolObjectsReturned
  864. );
  865. }
  867. *pppIpsecNegPolObjects = NULL;
  868. *pdwNumNegPolObjects = 0;
  870. goto cleanup;
  871. }
  873. DWORD
  874. ReadISAKMPObjectsFromDirectory(
  875. HLDAP hLdapBindHandle,
  876. LPWSTR pszIpsecRootContainer,
  877. LPWSTR * ppszISAKMPDNs,
  878. DWORD dwNumISAKMPObjects,
  879. PIPSEC_ISAKMP_OBJECT ** pppIpsecISAKMPObjects,
  880. PDWORD pdwNumISAKMPObjects
  881. )
  882. {
  884. LDAPMessage *res = NULL;
  885. LDAPMessage *e = NULL;
  886. DWORD dwError = 0;
  887. LPWSTR pszISAKMPString = NULL;
  888. DWORD i = 0;
  889. DWORD dwCount = 0;
  890. PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject = NULL;
  891. PIPSEC_ISAKMP_OBJECT * ppIpsecISAKMPObjects = NULL;
  893. DWORD dwNumISAKMPObjectsReturned = 0;
  895. dwError = GenerateISAKMPQuery(
  896. ppszISAKMPDNs,
  897. dwNumISAKMPObjects,
  898. &pszISAKMPString
  899. );
  900. BAIL_ON_WIN32_ERROR(dwError);
  902. dwError = LdapSearchST(
  903. hLdapBindHandle,
  904. pszIpsecRootContainer,
  905. LDAP_SCOPE_ONELEVEL,
  906. pszISAKMPString,
  907. ISAKMPDNAttributes,
  908. 0,
  909. NULL,
  910. &res
  911. );
  912. BAIL_ON_WIN32_ERROR(dwError);
  914. dwCount = LdapCountEntries(
  915. hLdapBindHandle,
  916. res
  917. );
  918. if (!dwCount) {
  919. dwError = ERROR_DS_NO_ATTRIBUTE_OR_VALUE;
  920. BAIL_ON_WIN32_ERROR(dwError);
  921. }
  923. ppIpsecISAKMPObjects = (PIPSEC_ISAKMP_OBJECT *)AllocPolMem(
  924. sizeof(PIPSEC_ISAKMP_OBJECT)*dwCount
  925. );
  926. if (!ppIpsecISAKMPObjects) {
  927. dwError = ERROR_OUTOFMEMORY;
  928. BAIL_ON_WIN32_ERROR(dwError);
  929. }
  932. for (i = 0; i < dwCount; i++) {
  934. if (i == 0) {
  936. dwError = LdapFirstEntry(
  937. hLdapBindHandle,
  938. res,
  939. &e
  940. );
  941. BAIL_ON_WIN32_ERROR(dwError);
  943. }else {
  945. dwError = LdapNextEntry(
  946. hLdapBindHandle,
  947. e,
  948. &e
  949. );
  951. }
  953. dwError =UnMarshallISAKMPObject(
  954. hLdapBindHandle,
  955. e,
  956. &pIpsecISAKMPObject
  957. );
  958. if (dwError == ERROR_SUCCESS) {
  960. *(ppIpsecISAKMPObjects + dwNumISAKMPObjectsReturned) = pIpsecISAKMPObject;
  962. dwNumISAKMPObjectsReturned++;
  964. }
  967. }
  969. if (dwNumISAKMPObjectsReturned == 0) {
  970. dwError = ERROR_INVALID_DATA;
  971. BAIL_ON_WIN32_ERROR(dwError);
  972. }
  974. *pppIpsecISAKMPObjects = ppIpsecISAKMPObjects;
  975. *pdwNumISAKMPObjects = dwNumISAKMPObjectsReturned;
  977. dwError = ERROR_SUCCESS;
  979. cleanup:
  981. if (pszISAKMPString) {
  982. FreePolMem(pszISAKMPString);
  983. }
  985. if (res) {
  986. LdapMsgFree(res);
  987. }
  990. return(dwError);
  993. error:
  995. if (ppIpsecISAKMPObjects) {
  997. FreeIpsecISAKMPObjects(
  998. ppIpsecISAKMPObjects,
  999. dwNumISAKMPObjectsReturned
  1000. );
  1001. }
  1003. *pppIpsecISAKMPObjects = NULL;
  1004. *pdwNumISAKMPObjects = 0;
  1006. goto cleanup;
  1007. }
  1011. DWORD
  1012. UnMarshallPolicyObject(
  1013. HLDAP hLdapBindHandle,
  1014. LPWSTR pszPolicyDN,
  1015. PIPSEC_POLICY_OBJECT * ppIpsecPolicyObject,
  1016. LDAPMessage *res
  1017. )
  1018. {
  1019. PIPSEC_POLICY_OBJECT pIpsecPolicyObject = NULL;
  1020. DWORD dwCount = 0;
  1021. DWORD dwLen = 0;
  1022. LPBYTE pBuffer = NULL;
  1023. DWORD i = 0;
  1024. DWORD dwError = 0;
  1025. LDAPMessage *e = NULL;
  1026. WCHAR **strvalues = NULL;
  1027. struct berval ** bvalues = NULL;
  1028. LPWSTR * ppszIpsecNFANames = NULL;
  1029. LPWSTR pszIpsecNFAName = NULL;
  1030. LPWSTR * ppszTemp = NULL;
  1031. time_t t_WhenChanged = 0;
  1033. pIpsecPolicyObject = (PIPSEC_POLICY_OBJECT)AllocPolMem(
  1034. sizeof(IPSEC_POLICY_OBJECT)
  1035. );
  1036. if (!pIpsecPolicyObject) {
  1037. dwError = ERROR_OUTOFMEMORY;
  1038. BAIL_ON_WIN32_ERROR(dwError);
  1039. }
  1042. dwError = LdapFirstEntry(
  1043. hLdapBindHandle,
  1044. res,
  1045. &e
  1046. );
  1047. BAIL_ON_WIN32_ERROR(dwError);
  1049. /*
  1050. strvalues = NULL;
  1051. dwError = LdapGetValues(
  1052. hLdapBindHandle,
  1053. e,
  1054. L"distinguishedName",
  1055. (WCHAR ***)&strvalues,
  1056. (int *)&dwCount
  1057. );
  1058. BAIL_ON_WIN32_ERROR(dwError);
  1059. */
  1061. pIpsecPolicyObject->pszIpsecOwnersReference = AllocPolStr(
  1062. pszPolicyDN
  1063. );
  1064. if (!pIpsecPolicyObject->pszIpsecOwnersReference) {
  1065. dwError = ERROR_OUTOFMEMORY;
  1066. BAIL_ON_WIN32_ERROR(dwError);
  1067. }
  1069. strvalues = NULL;
  1070. dwError = LdapGetValues(
  1071. hLdapBindHandle,
  1072. e,
  1073. L"ipsecName",
  1074. (WCHAR ***)&strvalues,
  1075. (int *)&dwCount
  1076. );
  1077. BAIL_ON_WIN32_ERROR(dwError);
  1079. pIpsecPolicyObject->pszIpsecName = AllocPolStr(
  1080. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1081. );
  1082. if (!pIpsecPolicyObject->pszIpsecName) {
  1083. dwError = ERROR_OUTOFMEMORY;
  1084. BAIL_ON_WIN32_ERROR(dwError);
  1085. }
  1086. LdapValueFree(strvalues);
  1089. strvalues = NULL;
  1090. dwError = LdapGetValues(
  1091. hLdapBindHandle,
  1092. e,
  1093. L"description",
  1094. (WCHAR ***)&strvalues,
  1095. (int *)&dwCount
  1096. );
  1097. // BAIL_ON_WIN32_ERROR(dwError);
  1099. if (strvalues && LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)) {
  1101. pIpsecPolicyObject->pszDescription = AllocPolStr(
  1102. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1103. );
  1104. if (!pIpsecPolicyObject->pszDescription) {
  1105. dwError = ERROR_OUTOFMEMORY;
  1106. BAIL_ON_WIN32_ERROR(dwError);
  1107. }
  1108. LdapValueFree(strvalues);
  1110. } else {
  1111. pIpsecPolicyObject->pszDescription = NULL;
  1112. }
  1115. strvalues = NULL;
  1116. dwError = LdapGetValues(
  1117. hLdapBindHandle,
  1118. e,
  1119. L"ipsecID",
  1120. (WCHAR ***)&strvalues,
  1121. (int *)&dwCount
  1122. );
  1123. BAIL_ON_WIN32_ERROR(dwError);
  1126. pIpsecPolicyObject->pszIpsecID = AllocPolStr(
  1127. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1128. );
  1129. if (!pIpsecPolicyObject->pszIpsecID) {
  1130. dwError = ERROR_OUTOFMEMORY;
  1131. BAIL_ON_WIN32_ERROR(dwError);
  1132. }
  1133. LdapValueFree(strvalues);
  1136. strvalues = NULL;
  1137. dwError = LdapGetValues(
  1138. hLdapBindHandle,
  1139. e,
  1140. L"ipsecDataType",
  1141. (WCHAR ***)&strvalues,
  1142. (int *)&dwCount
  1143. );
  1144. BAIL_ON_WIN32_ERROR(dwError);
  1146. pIpsecPolicyObject->dwIpsecDataType = _wtol(LDAPOBJECT_STRING((PLDAPOBJECT)strvalues));
  1147. LdapValueFree(strvalues);
  1149. strvalues = NULL;
  1150. dwError = LdapGetValues(
  1151. hLdapBindHandle,
  1152. e,
  1153. L"whenChanged",
  1154. (WCHAR ***)&strvalues,
  1155. (int *)&dwCount
  1156. );
  1157. BAIL_ON_WIN32_ERROR(dwError);
  1159. dwError = GeneralizedTimeToTime(
  1160. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues),
  1161. &t_WhenChanged
  1162. );
  1163. pIpsecPolicyObject->dwWhenChanged = TIME_T_TO_DWORD(t_WhenChanged);
  1164. LdapValueFree(strvalues);
  1165. BAIL_ON_WIN32_ERROR(dwError);
  1167. strvalues = NULL;
  1168. dwError = LdapGetValues(
  1169. hLdapBindHandle,
  1170. e,
  1171. L"ipsecISAKMPReference",
  1172. (WCHAR ***)&strvalues,
  1173. (int *)&dwCount
  1174. );
  1175. BAIL_ON_WIN32_ERROR(dwError);
  1177. pIpsecPolicyObject->pszIpsecISAKMPReference = AllocPolStr(
  1178. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1179. );
  1180. if (!pIpsecPolicyObject->pszIpsecISAKMPReference) {
  1181. dwError = ERROR_OUTOFMEMORY;
  1182. BAIL_ON_WIN32_ERROR(dwError);
  1183. }
  1184. LdapValueFree(strvalues);
  1187. //
  1188. // unmarshall the ipsecData blob
  1189. //
  1191. dwError = LdapGetValuesLen(
  1192. hLdapBindHandle,
  1193. e,
  1194. L"ipsecData",
  1195. (struct berval ***)&bvalues,
  1196. (int *)&dwCount
  1197. );
  1198. BAIL_ON_WIN32_ERROR(dwError);
  1200. dwLen = LDAPOBJECT_BERVAL_LEN((PLDAPOBJECT)bvalues);
  1201. pBuffer = (LPBYTE)AllocPolMem(dwLen);
  1202. if (!pBuffer) {
  1203. dwError = ERROR_OUTOFMEMORY;
  1204. BAIL_ON_WIN32_ERROR(dwError);
  1205. }
  1206. memcpy( pBuffer, LDAPOBJECT_BERVAL_VAL((PLDAPOBJECT)bvalues), dwLen );
  1207. pIpsecPolicyObject->pIpsecData = pBuffer;
  1208. pIpsecPolicyObject->dwIpsecDataLen = dwLen;
  1209. LdapValueFreeLen(bvalues);
  1211. strvalues = NULL;
  1212. dwError = LdapGetValues(
  1213. hLdapBindHandle,
  1214. e,
  1215. L"ipsecNFAReference",
  1216. (WCHAR ***)&strvalues,
  1217. (int *)&dwCount
  1218. );
  1219. BAIL_ON_WIN32_ERROR(dwError);
  1222. ppszIpsecNFANames = (LPWSTR *)AllocPolMem(
  1223. sizeof(LPWSTR)*dwCount
  1224. );
  1225. if (!ppszIpsecNFANames) {
  1226. dwError = ERROR_OUTOFMEMORY;
  1227. BAIL_ON_WIN32_ERROR(dwError);
  1228. }
  1230. for (i = 0; i < dwCount; i++) {
  1232. ppszTemp = (strvalues + i);
  1233. //
  1234. // Unmarshall all the values you can possibly have
  1235. //
  1236. pszIpsecNFAName = AllocPolStr(*ppszTemp);
  1237. if (!pszIpsecNFAName) {
  1238. dwError = ERROR_OUTOFMEMORY;
  1240. pIpsecPolicyObject->ppszIpsecNFAReferences = ppszIpsecNFANames;
  1241. pIpsecPolicyObject->NumberofRules = i;
  1243. BAIL_ON_WIN32_ERROR(dwError);
  1244. }
  1246. *(ppszIpsecNFANames + i) = pszIpsecNFAName;
  1248. }
  1251. pIpsecPolicyObject->ppszIpsecNFAReferences = ppszIpsecNFANames;
  1252. pIpsecPolicyObject->NumberofRules = dwCount;
  1253. LdapValueFree(strvalues);
  1255. *ppIpsecPolicyObject = pIpsecPolicyObject;
  1257. return(dwError);
  1259. error:
  1261. if (pIpsecPolicyObject) {
  1262. FreeIpsecPolicyObject(pIpsecPolicyObject);
  1263. }
  1265. *ppIpsecPolicyObject = NULL;
  1267. return(dwError);
  1268. }
  1272. DWORD
  1273. UnMarshallNFAObject(
  1274. HLDAP hLdapBindHandle,
  1275. LDAPMessage *e,
  1276. PIPSEC_NFA_OBJECT * ppIpsecNFAObject,
  1277. LPWSTR * ppszFilterReference,
  1278. LPWSTR * ppszNegPolReference
  1279. )
  1280. {
  1281. PIPSEC_NFA_OBJECT pIpsecNFAObject = NULL;
  1282. DWORD dwCount = 0;
  1283. DWORD dwLen = 0;
  1284. LPBYTE pBuffer = NULL;
  1285. DWORD i = 0;
  1286. DWORD dwError = 0;
  1287. WCHAR **strvalues = NULL;
  1288. struct berval ** bvalues = NULL;
  1289. LPWSTR * ppszIpsecNFANames = NULL;
  1290. LPWSTR pszIpsecNFAName = NULL;
  1291. LPWSTR * ppszTemp = NULL;
  1293. LPWSTR pszTempFilterReference = NULL;
  1294. LPWSTR pszTempNegPolReference = NULL;
  1295. time_t t_WhenChanged = 0;
  1297. pIpsecNFAObject = (PIPSEC_NFA_OBJECT)AllocPolMem(
  1298. sizeof(IPSEC_NFA_OBJECT)
  1299. );
  1300. if (!pIpsecNFAObject) {
  1301. dwError = ERROR_OUTOFMEMORY;
  1302. BAIL_ON_WIN32_ERROR(dwError);
  1303. }
  1305. strvalues = NULL;
  1306. dwError = LdapGetValues(
  1307. hLdapBindHandle,
  1308. e,
  1309. L"distinguishedName",
  1310. (WCHAR ***)&strvalues,
  1311. (int *)&dwCount
  1312. );
  1313. BAIL_ON_WIN32_ERROR(dwError);
  1316. pIpsecNFAObject->pszDistinguishedName = AllocPolStr(
  1317. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1318. );
  1319. if (!pIpsecNFAObject->pszDistinguishedName) {
  1320. dwError = ERROR_OUTOFMEMORY;
  1321. BAIL_ON_WIN32_ERROR(dwError);
  1322. }
  1323. LdapValueFree(strvalues);
  1326. strvalues = NULL;
  1327. dwError = LdapGetValues(
  1328. hLdapBindHandle,
  1329. e,
  1330. L"ipsecName",
  1331. (WCHAR ***)&strvalues,
  1332. (int *)&dwCount
  1333. );
  1334. //
  1335. // Client does not always write the Name for an NFA.
  1336. //
  1338. // BAIL_ON_WIN32_ERROR(dwError);
  1340. if (strvalues && LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)) {
  1342. pIpsecNFAObject->pszIpsecName = AllocPolStr(
  1343. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1344. );
  1345. if (!pIpsecNFAObject->pszIpsecName) {
  1346. dwError = ERROR_OUTOFMEMORY;
  1347. BAIL_ON_WIN32_ERROR(dwError);
  1348. }
  1349. LdapValueFree(strvalues);
  1351. } else {
  1352. pIpsecNFAObject->pszIpsecName = NULL;
  1353. }
  1355. strvalues = NULL;
  1356. dwError = LdapGetValues(
  1357. hLdapBindHandle,
  1358. e,
  1359. L"description",
  1360. (WCHAR ***)&strvalues,
  1361. (int *)&dwCount
  1362. );
  1363. // BAIL_ON_WIN32_ERROR(dwError);
  1365. if (strvalues && LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)) {
  1367. pIpsecNFAObject->pszDescription = AllocPolStr(
  1368. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1369. );
  1370. if (!pIpsecNFAObject->pszDescription) {
  1371. dwError = ERROR_OUTOFMEMORY;
  1372. BAIL_ON_WIN32_ERROR(dwError);
  1373. }
  1374. LdapValueFree(strvalues);
  1376. } else {
  1377. pIpsecNFAObject->pszDescription = NULL;
  1378. }
  1380. strvalues = NULL;
  1381. dwError = LdapGetValues(
  1382. hLdapBindHandle,
  1383. e,
  1384. L"ipsecID",
  1385. (WCHAR ***)&strvalues,
  1386. (int *)&dwCount
  1387. );
  1388. BAIL_ON_WIN32_ERROR(dwError);
  1390. pIpsecNFAObject->pszIpsecID = AllocPolStr(
  1391. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1392. );
  1393. if (!pIpsecNFAObject->pszIpsecID) {
  1394. dwError = ERROR_OUTOFMEMORY;
  1395. BAIL_ON_WIN32_ERROR(dwError);
  1396. }
  1397. LdapValueFree(strvalues);
  1400. strvalues = NULL;
  1401. dwError = LdapGetValues(
  1402. hLdapBindHandle,
  1403. e,
  1404. L"ipsecDataType",
  1405. (WCHAR ***)&strvalues,
  1406. (int *)&dwCount
  1407. );
  1408. BAIL_ON_WIN32_ERROR(dwError);
  1410. pIpsecNFAObject->dwIpsecDataType = _wtol(LDAPOBJECT_STRING((PLDAPOBJECT)strvalues));
  1411. LdapValueFree(strvalues);
  1414. strvalues = NULL;
  1415. dwError = LdapGetValues(
  1416. hLdapBindHandle,
  1417. e,
  1418. L"whenChanged",
  1419. (WCHAR ***)&strvalues,
  1420. (int *)&dwCount
  1421. );
  1422. BAIL_ON_WIN32_ERROR(dwError);
  1424. dwError = GeneralizedTimeToTime(
  1425. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues),
  1426. &t_WhenChanged
  1427. );
  1428. pIpsecNFAObject->dwWhenChanged = TIME_T_TO_DWORD(t_WhenChanged);
  1429. LdapValueFree(strvalues);
  1430. BAIL_ON_WIN32_ERROR(dwError);
  1433. //
  1434. // unmarshall the ipsecData blob
  1435. //
  1437. dwError = LdapGetValuesLen(
  1438. hLdapBindHandle,
  1439. e,
  1440. L"ipsecData",
  1441. (struct berval ***)&bvalues,
  1442. (int *)&dwCount
  1443. );
  1444. BAIL_ON_WIN32_ERROR(dwError);
  1446. dwLen = LDAPOBJECT_BERVAL_LEN((PLDAPOBJECT)bvalues);
  1447. pBuffer = (LPBYTE)AllocPolMem(dwLen);
  1448. if (!pBuffer) {
  1449. dwError = ERROR_OUTOFMEMORY;
  1450. BAIL_ON_WIN32_ERROR(dwError);
  1451. }
  1452. memcpy( pBuffer, LDAPOBJECT_BERVAL_VAL((PLDAPOBJECT)bvalues), dwLen );
  1453. pIpsecNFAObject->pIpsecData = pBuffer;
  1454. pIpsecNFAObject->dwIpsecDataLen = dwLen;
  1455. LdapValueFreeLen(bvalues);
  1457. strvalues = NULL;
  1458. dwError = LdapGetValues(
  1459. hLdapBindHandle,
  1460. e,
  1461. L"ipsecOwnersReference",
  1462. (WCHAR ***)&strvalues,
  1463. (int *)&dwCount
  1464. );
  1465. //BAIL_ON_WIN32_ERROR(dwError);
  1467. if (!dwError && strvalues) {
  1469. pIpsecNFAObject->pszIpsecOwnersReference = AllocPolStr(
  1470. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1471. );
  1472. if (!pIpsecNFAObject->pszIpsecOwnersReference) {
  1473. dwError = ERROR_OUTOFMEMORY;
  1474. BAIL_ON_WIN32_ERROR(dwError);
  1475. }
  1476. LdapValueFree(strvalues);
  1477. }
  1479. strvalues = NULL;
  1480. dwError = LdapGetValues(
  1481. hLdapBindHandle,
  1482. e,
  1483. L"ipsecNegotiationPolicyReference",
  1484. (WCHAR ***)&strvalues,
  1485. (int *)&dwCount
  1486. );
  1487. BAIL_ON_WIN32_ERROR(dwError);
  1489. pIpsecNFAObject->pszIpsecNegPolReference = AllocPolStr(
  1490. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1491. );
  1492. if (!pIpsecNFAObject->pszIpsecNegPolReference) {
  1493. dwError = ERROR_OUTOFMEMORY;
  1494. BAIL_ON_WIN32_ERROR(dwError);
  1495. }
  1496. LdapValueFree(strvalues);
  1499. strvalues = NULL;
  1500. dwError = LdapGetValues(
  1501. hLdapBindHandle,
  1502. e,
  1503. L"ipsecFilterReference",
  1504. (WCHAR ***)&strvalues,
  1505. (int *)&dwCount
  1506. );
  1507. // BAIL_ON_WIN32_ERROR(dwError);
  1509. if (strvalues) {
  1511. pIpsecNFAObject->pszIpsecFilterReference = AllocPolStr(
  1512. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1513. );
  1514. if (!pIpsecNFAObject->pszIpsecFilterReference) {
  1515. dwError = ERROR_OUTOFMEMORY;
  1516. BAIL_ON_WIN32_ERROR(dwError);
  1517. }
  1520. pszTempFilterReference = AllocPolStr(
  1521. pIpsecNFAObject->pszIpsecFilterReference
  1522. );
  1523. if (!pszTempFilterReference) {
  1524. dwError = ERROR_OUTOFMEMORY;
  1525. BAIL_ON_WIN32_ERROR(dwError);
  1526. }
  1527. }
  1528. else {
  1529. pIpsecNFAObject->pszIpsecFilterReference = NULL;
  1530. }
  1531. pszTempNegPolReference = AllocPolStr(
  1532. pIpsecNFAObject->pszIpsecNegPolReference
  1533. );
  1534. if (!pszTempNegPolReference) {
  1535. dwError = ERROR_OUTOFMEMORY;
  1536. BAIL_ON_WIN32_ERROR(dwError);
  1537. }
  1538. LdapValueFree(strvalues);
  1541. *ppszFilterReference = pszTempFilterReference;
  1542. *ppszNegPolReference = pszTempNegPolReference;
  1544. *ppIpsecNFAObject = pIpsecNFAObject;
  1547. return(0);
  1549. error:
  1551. if (pIpsecNFAObject) {
  1552. FreeIpsecNFAObject(pIpsecNFAObject);
  1553. }
  1555. if (pszTempFilterReference) {
  1556. FreePolStr(pszTempFilterReference);
  1557. }
  1559. if (pszTempNegPolReference) {
  1560. FreePolStr(pszTempNegPolReference);
  1561. }
  1563. *ppIpsecNFAObject = NULL;
  1564. *ppszFilterReference = NULL;
  1565. *ppszNegPolReference = NULL;
  1567. return(dwError);
  1568. }
  1571. DWORD
  1572. UnMarshallFilterObject(
  1573. HLDAP hLdapBindHandle,
  1574. LDAPMessage *e,
  1575. PIPSEC_FILTER_OBJECT * ppIpsecFilterObject
  1576. )
  1577. {
  1578. PIPSEC_FILTER_OBJECT pIpsecFilterObject = NULL;
  1579. DWORD dwCount = 0;
  1580. DWORD dwLen = 0;
  1581. LPBYTE pBuffer = NULL;
  1582. DWORD i = 0;
  1583. DWORD dwError = 0;
  1584. WCHAR **strvalues = NULL;
  1585. struct berval ** bvalues = NULL;
  1586. LPWSTR * ppszIpsecFilterNames = NULL;
  1587. LPWSTR pszIpsecFilterName = NULL;
  1588. LPWSTR * ppszTemp = NULL;
  1589. LPWSTR * ppszIpsecNFANames = NULL;
  1590. LPWSTR pszIpsecNFAName = NULL;
  1591. time_t t_WhenChanged = 0;
  1593. pIpsecFilterObject = (PIPSEC_FILTER_OBJECT)AllocPolMem(
  1594. sizeof(IPSEC_FILTER_OBJECT)
  1595. );
  1596. if (!pIpsecFilterObject) {
  1597. dwError = ERROR_OUTOFMEMORY;
  1598. BAIL_ON_WIN32_ERROR(dwError);
  1599. }
  1602. strvalues = NULL;
  1603. dwError = LdapGetValues(
  1604. hLdapBindHandle,
  1605. e,
  1606. L"distinguishedName",
  1607. (WCHAR ***)&strvalues,
  1608. (int *)&dwCount
  1609. );
  1610. BAIL_ON_WIN32_ERROR(dwError);
  1612. pIpsecFilterObject->pszDistinguishedName = AllocPolStr(
  1613. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1614. );
  1615. if (!pIpsecFilterObject->pszDistinguishedName) {
  1616. dwError = ERROR_OUTOFMEMORY;
  1617. BAIL_ON_WIN32_ERROR(dwError);
  1618. }
  1619. LdapValueFree(strvalues);
  1621. strvalues = NULL;
  1622. dwError = LdapGetValues(
  1623. hLdapBindHandle,
  1624. e,
  1625. L"description",
  1626. (WCHAR ***)&strvalues,
  1627. (int *)&dwCount
  1628. );
  1629. // BAIL_ON_WIN32_ERROR(dwError);
  1631. if (!dwError && strvalues) {
  1633. pIpsecFilterObject->pszDescription = AllocPolStr(
  1634. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1635. );
  1636. if (!pIpsecFilterObject->pszDescription) {
  1637. dwError = ERROR_OUTOFMEMORY;
  1638. BAIL_ON_WIN32_ERROR(dwError);
  1639. }
  1640. LdapValueFree(strvalues);
  1641. }
  1643. strvalues = NULL;
  1644. dwError = LdapGetValues(
  1645. hLdapBindHandle,
  1646. e,
  1647. L"ipsecName",
  1648. (WCHAR ***)&strvalues,
  1649. (int *)&dwCount
  1650. );
  1651. // BAIL_ON_WIN32_ERROR(dwError);
  1653. if (!dwError && strvalues) {
  1655. pIpsecFilterObject->pszIpsecName = AllocPolStr(
  1656. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1657. );
  1658. if (!pIpsecFilterObject->pszIpsecName) {
  1659. dwError = ERROR_OUTOFMEMORY;
  1660. BAIL_ON_WIN32_ERROR(dwError);
  1661. }
  1662. LdapValueFree(strvalues);
  1663. }
  1665. strvalues = NULL;
  1666. dwError = LdapGetValues(
  1667. hLdapBindHandle,
  1668. e,
  1669. L"ipsecID",
  1670. (WCHAR ***)&strvalues,
  1671. (int *)&dwCount
  1672. );
  1673. BAIL_ON_WIN32_ERROR(dwError);
  1675. pIpsecFilterObject->pszIpsecID = AllocPolStr(
  1676. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1677. );
  1678. if (!pIpsecFilterObject->pszIpsecID) {
  1679. dwError = ERROR_OUTOFMEMORY;
  1680. BAIL_ON_WIN32_ERROR(dwError);
  1681. }
  1682. LdapValueFree(strvalues);
  1685. strvalues = NULL;
  1686. dwError = LdapGetValues(
  1687. hLdapBindHandle,
  1688. e,
  1689. L"ipsecDataType",
  1690. (WCHAR ***)&strvalues,
  1691. (int *)&dwCount
  1692. );
  1693. BAIL_ON_WIN32_ERROR(dwError);
  1695. pIpsecFilterObject->dwIpsecDataType = _wtol(LDAPOBJECT_STRING((PLDAPOBJECT)strvalues));
  1696. LdapValueFree(strvalues);
  1699. strvalues = NULL;
  1700. dwError = LdapGetValues(
  1701. hLdapBindHandle,
  1702. e,
  1703. L"whenChanged",
  1704. (WCHAR ***)&strvalues,
  1705. (int *)&dwCount
  1706. );
  1707. BAIL_ON_WIN32_ERROR(dwError);
  1709. dwError = GeneralizedTimeToTime(
  1710. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues),
  1711. &t_WhenChanged
  1712. );
  1713. pIpsecFilterObject->dwWhenChanged = TIME_T_TO_DWORD(t_WhenChanged);
  1714. LdapValueFree(strvalues);
  1715. BAIL_ON_WIN32_ERROR(dwError);
  1717. //
  1718. // unmarshall the ipsecData blob
  1719. //
  1721. dwError = LdapGetValuesLen(
  1722. hLdapBindHandle,
  1723. e,
  1724. L"ipsecData",
  1725. (struct berval ***)&bvalues,
  1726. (int *)&dwCount
  1727. );
  1728. BAIL_ON_WIN32_ERROR(dwError);
  1730. dwLen = LDAPOBJECT_BERVAL_LEN((PLDAPOBJECT)bvalues);
  1731. pBuffer = (LPBYTE)AllocPolMem(dwLen);
  1732. if (!pBuffer) {
  1733. dwError = ERROR_OUTOFMEMORY;
  1734. BAIL_ON_WIN32_ERROR(dwError);
  1735. }
  1736. memcpy( pBuffer, LDAPOBJECT_BERVAL_VAL((PLDAPOBJECT)bvalues), dwLen );
  1737. pIpsecFilterObject->pIpsecData = pBuffer;
  1738. pIpsecFilterObject->dwIpsecDataLen = dwLen;
  1739. LdapValueFreeLen(bvalues);
  1741. strvalues = NULL;
  1742. dwError = LdapGetValues(
  1743. hLdapBindHandle,
  1744. e,
  1745. L"ipsecOwnersReference",
  1746. (WCHAR ***)&strvalues,
  1747. (int *)&dwCount
  1748. );
  1749. if (!dwError && strvalues) {
  1751. ppszIpsecNFANames = (LPWSTR *)AllocPolMem(
  1752. sizeof(LPWSTR)*dwCount
  1753. );
  1754. if (!ppszIpsecNFANames) {
  1755. dwError = ERROR_OUTOFMEMORY;
  1756. BAIL_ON_WIN32_ERROR(dwError);
  1757. }
  1759. for (i = 0; i < dwCount; i++) {
  1761. ppszTemp = (strvalues + i);
  1762. //
  1763. // Unmarshall all the values you can possibly have
  1764. //
  1765. pszIpsecNFAName = AllocPolStr(*ppszTemp);
  1766. if (!pszIpsecNFAName) {
  1767. dwError = ERROR_OUTOFMEMORY;
  1769. pIpsecFilterObject->ppszIpsecNFAReferences = ppszIpsecNFANames;
  1770. pIpsecFilterObject->dwNFACount = i;
  1772. BAIL_ON_WIN32_ERROR(dwError);
  1773. }
  1774. *(ppszIpsecNFANames + i) = pszIpsecNFAName;
  1776. }
  1778. pIpsecFilterObject->ppszIpsecNFAReferences = ppszIpsecNFANames;
  1779. pIpsecFilterObject->dwNFACount = dwCount;
  1780. LdapValueFree(strvalues);
  1782. }
  1784. *ppIpsecFilterObject = pIpsecFilterObject;
  1786. return(0);
  1788. error:
  1790. if (pIpsecFilterObject) {
  1791. FreeIpsecFilterObject(pIpsecFilterObject);
  1792. }
  1794. *ppIpsecFilterObject = NULL;
  1796. return(dwError);
  1797. }
  1800. DWORD
  1801. UnMarshallNegPolObject(
  1802. HLDAP hLdapBindHandle,
  1803. LDAPMessage *e,
  1804. PIPSEC_NEGPOL_OBJECT * ppIpsecPolicyObject
  1805. )
  1806. {
  1808. PIPSEC_NEGPOL_OBJECT pIpsecPolicyObject = NULL;
  1809. DWORD dwCount = 0;
  1810. DWORD dwLen = 0;
  1811. LPBYTE pBuffer = NULL;
  1812. DWORD i = 0;
  1813. DWORD dwError = 0;
  1814. WCHAR **strvalues = NULL;
  1815. struct berval ** bvalues = NULL;
  1816. LPWSTR * ppszIpsecNFANames = NULL;
  1817. LPWSTR pszIpsecNFAName = NULL;
  1818. LPWSTR * ppszTemp = NULL;
  1819. time_t t_WhenChanged = 0;
  1822. pIpsecPolicyObject = (PIPSEC_NEGPOL_OBJECT)AllocPolMem(
  1823. sizeof(IPSEC_NEGPOL_OBJECT)
  1824. );
  1825. if (!pIpsecPolicyObject) {
  1826. dwError = ERROR_OUTOFMEMORY;
  1827. BAIL_ON_WIN32_ERROR(dwError);
  1828. }
  1831. strvalues = NULL;
  1832. dwError = LdapGetValues(
  1833. hLdapBindHandle,
  1834. e,
  1835. L"distinguishedName",
  1836. (WCHAR ***)&strvalues,
  1837. (int *)&dwCount
  1838. );
  1839. BAIL_ON_WIN32_ERROR(dwError);
  1841. pIpsecPolicyObject->pszDistinguishedName = AllocPolStr(
  1842. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1843. );
  1844. if (!pIpsecPolicyObject->pszDistinguishedName) {
  1845. dwError = ERROR_OUTOFMEMORY;
  1846. BAIL_ON_WIN32_ERROR(dwError);
  1847. }
  1848. LdapValueFree(strvalues);
  1851. strvalues = NULL;
  1852. dwError = LdapGetValues(
  1853. hLdapBindHandle,
  1854. e,
  1855. L"ipsecName",
  1856. (WCHAR ***)&strvalues,
  1857. (int *)&dwCount
  1858. );
  1859. // BAIL_ON_WIN32_ERROR(dwError);
  1861. //
  1862. // Names do not get written on an NegPol Object.
  1863. //
  1865. if (strvalues && LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)) {
  1867. pIpsecPolicyObject->pszIpsecName = AllocPolStr(
  1868. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1869. );
  1870. if (!pIpsecPolicyObject->pszIpsecName) {
  1871. dwError = ERROR_OUTOFMEMORY;
  1872. BAIL_ON_WIN32_ERROR(dwError);
  1873. }
  1874. LdapValueFree(strvalues);
  1876. } else {
  1877. pIpsecPolicyObject->pszIpsecName = NULL;
  1878. }
  1881. strvalues = NULL;
  1882. dwError = LdapGetValues(
  1883. hLdapBindHandle,
  1884. e,
  1885. L"description",
  1886. (WCHAR ***)&strvalues,
  1887. (int *)&dwCount
  1888. );
  1889. // BAIL_ON_WIN32_ERROR(dwError);
  1891. if (strvalues && LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)) {
  1893. pIpsecPolicyObject->pszDescription = AllocPolStr(
  1894. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1895. );
  1896. if (!pIpsecPolicyObject->pszDescription) {
  1897. dwError = ERROR_OUTOFMEMORY;
  1898. BAIL_ON_WIN32_ERROR(dwError);
  1899. }
  1900. LdapValueFree(strvalues);
  1902. } else {
  1903. pIpsecPolicyObject->pszDescription = NULL;
  1904. }
  1907. strvalues = NULL;
  1908. dwError = LdapGetValues(
  1909. hLdapBindHandle,
  1910. e,
  1911. L"ipsecID",
  1912. (WCHAR ***)&strvalues,
  1913. (int *)&dwCount
  1914. );
  1915. BAIL_ON_WIN32_ERROR(dwError);
  1917. pIpsecPolicyObject->pszIpsecID = AllocPolStr(
  1918. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1919. );
  1920. if (!pIpsecPolicyObject->pszIpsecID) {
  1921. dwError = ERROR_OUTOFMEMORY;
  1922. BAIL_ON_WIN32_ERROR(dwError);
  1923. }
  1924. LdapValueFree(strvalues);
  1927. strvalues = NULL;
  1928. dwError = LdapGetValues(
  1929. hLdapBindHandle,
  1930. e,
  1931. L"ipsecNegotiationPolicyAction",
  1932. (WCHAR ***)&strvalues,
  1933. (int *)&dwCount
  1934. );
  1935. BAIL_ON_WIN32_ERROR(dwError);
  1937. pIpsecPolicyObject->pszIpsecNegPolAction = AllocPolStr(
  1938. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1939. );
  1940. if (!pIpsecPolicyObject->pszIpsecNegPolAction) {
  1941. dwError = ERROR_OUTOFMEMORY;
  1942. BAIL_ON_WIN32_ERROR(dwError);
  1943. }
  1944. LdapValueFree(strvalues);
  1947. strvalues = NULL;
  1948. dwError = LdapGetValues(
  1949. hLdapBindHandle,
  1950. e,
  1951. L"ipsecNegotiationPolicyType",
  1952. (WCHAR ***)&strvalues,
  1953. (int *)&dwCount
  1954. );
  1955. BAIL_ON_WIN32_ERROR(dwError);
  1957. pIpsecPolicyObject->pszIpsecNegPolType = AllocPolStr(
  1958. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  1959. );
  1960. if (!pIpsecPolicyObject->pszIpsecNegPolType) {
  1961. dwError = ERROR_OUTOFMEMORY;
  1962. BAIL_ON_WIN32_ERROR(dwError);
  1963. }
  1964. LdapValueFree(strvalues);
  1967. strvalues = NULL;
  1968. dwError = LdapGetValues(
  1969. hLdapBindHandle,
  1970. e,
  1971. L"ipsecOwnersReference",
  1972. (WCHAR ***)&strvalues,
  1973. (int *)&dwCount
  1974. );
  1976. if (!dwError && strvalues) {
  1978. ppszIpsecNFANames = (LPWSTR *)AllocPolMem(
  1979. sizeof(LPWSTR)*dwCount
  1980. );
  1981. if (!ppszIpsecNFANames) {
  1982. dwError = ERROR_OUTOFMEMORY;
  1983. BAIL_ON_WIN32_ERROR(dwError);
  1984. }
  1986. for (i = 0; i < dwCount; i++) {
  1988. ppszTemp = (strvalues + i);
  1989. //
  1990. // Unmarshall all the values you can possibly have
  1991. //
  1992. pszIpsecNFAName = AllocPolStr(*ppszTemp);
  1993. if (!pszIpsecNFAName) {
  1994. dwError = ERROR_OUTOFMEMORY;
  1996. pIpsecPolicyObject->ppszIpsecNFAReferences = ppszIpsecNFANames;
  1997. pIpsecPolicyObject->dwNFACount = i;
  2000. BAIL_ON_WIN32_ERROR(dwError);
  2001. }
  2003. *(ppszIpsecNFANames + i) = pszIpsecNFAName;
  2004. }
  2006. pIpsecPolicyObject->ppszIpsecNFAReferences = ppszIpsecNFANames;
  2007. pIpsecPolicyObject->dwNFACount = dwCount;
  2008. LdapValueFree(strvalues);
  2009. }
  2012. strvalues = NULL;
  2013. dwError = LdapGetValues(
  2014. hLdapBindHandle,
  2015. e,
  2016. L"ipsecDataType",
  2017. (WCHAR ***)&strvalues,
  2018. (int *)&dwCount
  2019. );
  2020. BAIL_ON_WIN32_ERROR(dwError);
  2022. pIpsecPolicyObject->dwIpsecDataType = _wtol(LDAPOBJECT_STRING((PLDAPOBJECT)strvalues));
  2023. LdapValueFree(strvalues);
  2026. strvalues = NULL;
  2027. dwError = LdapGetValues(
  2028. hLdapBindHandle,
  2029. e,
  2030. L"whenChanged",
  2031. (WCHAR ***)&strvalues,
  2032. (int *)&dwCount
  2033. );
  2034. BAIL_ON_WIN32_ERROR(dwError);
  2036. dwError = GeneralizedTimeToTime(
  2037. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues),
  2038. &t_WhenChanged
  2039. );
  2040. pIpsecPolicyObject->dwWhenChanged = TIME_T_TO_DWORD(t_WhenChanged);
  2041. LdapValueFree(strvalues);
  2042. BAIL_ON_WIN32_ERROR(dwError);
  2044. //
  2045. // unmarshall the ipsecData blob
  2046. //
  2048. dwError = LdapGetValuesLen(
  2049. hLdapBindHandle,
  2050. e,
  2051. L"ipsecData",
  2052. (struct berval ***)&bvalues,
  2053. (int *)&dwCount
  2054. );
  2055. BAIL_ON_WIN32_ERROR(dwError);
  2057. dwLen = LDAPOBJECT_BERVAL_LEN((PLDAPOBJECT)bvalues);
  2058. pBuffer = (LPBYTE)AllocPolMem(dwLen);
  2059. if (!pBuffer) {
  2060. dwError = ERROR_OUTOFMEMORY;
  2061. BAIL_ON_WIN32_ERROR(dwError);
  2062. }
  2063. memcpy( pBuffer, LDAPOBJECT_BERVAL_VAL((PLDAPOBJECT)bvalues), dwLen );
  2064. pIpsecPolicyObject->pIpsecData = pBuffer;
  2065. pIpsecPolicyObject->dwIpsecDataLen = dwLen;
  2066. LdapValueFreeLen(bvalues);
  2068. *ppIpsecPolicyObject = pIpsecPolicyObject;
  2070. return(0);
  2072. error:
  2074. if (pIpsecPolicyObject) {
  2075. FreeIpsecNegPolObject(pIpsecPolicyObject);
  2076. }
  2078. *ppIpsecPolicyObject = NULL;
  2080. return(dwError);
  2081. }
  2084. DWORD
  2085. UnMarshallISAKMPObject(
  2086. HLDAP hLdapBindHandle,
  2087. LDAPMessage *e,
  2088. PIPSEC_ISAKMP_OBJECT * ppIpsecISAKMPObject
  2089. )
  2090. {
  2092. PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject = NULL;
  2093. DWORD dwCount = 0;
  2094. DWORD dwLen = 0;
  2095. LPBYTE pBuffer = NULL;
  2096. DWORD i = 0;
  2097. DWORD dwError = 0;
  2098. WCHAR **strvalues = NULL;
  2099. struct berval ** bvalues = NULL;
  2100. LPWSTR * ppszIpsecISAKMPNames = NULL;
  2101. LPWSTR pszIpsecISAKMPName = NULL;
  2102. LPWSTR * ppszTemp = NULL;
  2103. LPWSTR * ppszIpsecNFANames = NULL;
  2104. LPWSTR pszIpsecNFAName = NULL;
  2105. time_t t_WhenChanged = 0;
  2107. pIpsecISAKMPObject = (PIPSEC_ISAKMP_OBJECT)AllocPolMem(
  2108. sizeof(IPSEC_ISAKMP_OBJECT)
  2109. );
  2110. if (!pIpsecISAKMPObject) {
  2111. dwError = ERROR_OUTOFMEMORY;
  2112. BAIL_ON_WIN32_ERROR(dwError);
  2113. }
  2116. strvalues = NULL;
  2117. dwError = LdapGetValues(
  2118. hLdapBindHandle,
  2119. e,
  2120. L"distinguishedName",
  2121. (WCHAR ***)&strvalues,
  2122. (int *)&dwCount
  2123. );
  2124. BAIL_ON_WIN32_ERROR(dwError);
  2127. pIpsecISAKMPObject->pszDistinguishedName = AllocPolStr(
  2128. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  2129. );
  2131. if (!pIpsecISAKMPObject->pszDistinguishedName) {
  2132. dwError = ERROR_OUTOFMEMORY;
  2133. BAIL_ON_WIN32_ERROR(dwError);
  2134. }
  2135. LdapValueFree(strvalues);
  2138. strvalues = NULL;
  2139. dwError = LdapGetValues(
  2140. hLdapBindHandle,
  2141. e,
  2142. L"ipsecName",
  2143. (WCHAR ***)&strvalues,
  2144. (int *)&dwCount
  2145. );
  2146. // BAIL_ON_WIN32_ERROR(dwError);
  2147. //
  2148. // Names are not set for ISAKMP objects.
  2149. //
  2151. if (strvalues && LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)) {
  2153. pIpsecISAKMPObject->pszIpsecName = AllocPolStr(
  2154. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  2155. );
  2156. if (!pIpsecISAKMPObject->pszIpsecName) {
  2157. dwError = ERROR_OUTOFMEMORY;
  2158. BAIL_ON_WIN32_ERROR(dwError);
  2159. }
  2160. LdapValueFree(strvalues);
  2161. } else {
  2162. pIpsecISAKMPObject->pszIpsecName = NULL;
  2163. }
  2166. strvalues = NULL;
  2167. dwError = LdapGetValues(
  2168. hLdapBindHandle,
  2169. e,
  2170. L"ipsecID",
  2171. (WCHAR ***)&strvalues,
  2172. (int *)&dwCount
  2173. );
  2174. BAIL_ON_WIN32_ERROR(dwError);
  2176. pIpsecISAKMPObject->pszIpsecID = AllocPolStr(
  2177. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues)
  2178. );
  2179. if (!pIpsecISAKMPObject->pszIpsecID) {
  2180. dwError = ERROR_OUTOFMEMORY;
  2181. BAIL_ON_WIN32_ERROR(dwError);
  2182. }
  2183. LdapValueFree(strvalues);
  2185. strvalues = NULL;
  2186. dwError = LdapGetValues(
  2187. hLdapBindHandle,
  2188. e,
  2189. L"ipsecDataType",
  2190. (WCHAR ***)&strvalues,
  2191. (int *)&dwCount
  2192. );
  2193. BAIL_ON_WIN32_ERROR(dwError);
  2195. pIpsecISAKMPObject->dwIpsecDataType = _wtol(LDAPOBJECT_STRING((PLDAPOBJECT)strvalues));
  2196. LdapValueFree(strvalues);
  2199. strvalues = NULL;
  2200. dwError = LdapGetValues(
  2201. hLdapBindHandle,
  2202. e,
  2203. L"whenChanged",
  2204. (WCHAR ***)&strvalues,
  2205. (int *)&dwCount
  2206. );
  2207. BAIL_ON_WIN32_ERROR(dwError);
  2209. dwError = GeneralizedTimeToTime(
  2210. LDAPOBJECT_STRING((PLDAPOBJECT)strvalues),
  2211. &t_WhenChanged
  2212. );
  2213. pIpsecISAKMPObject->dwWhenChanged = TIME_T_TO_DWORD(t_WhenChanged);
  2214. LdapValueFree(strvalues);
  2215. BAIL_ON_WIN32_ERROR(dwError);
  2217. //
  2218. // unmarshall the ipsecData blob
  2219. //
  2221. dwError = LdapGetValuesLen(
  2222. hLdapBindHandle,
  2223. e,
  2224. L"ipsecData",
  2225. (struct berval ***)&bvalues,
  2226. (int *)&dwCount
  2227. );
  2228. BAIL_ON_WIN32_ERROR(dwError);
  2230. dwLen = LDAPOBJECT_BERVAL_LEN((PLDAPOBJECT)bvalues);
  2231. pBuffer = (LPBYTE)AllocPolMem(dwLen);
  2232. if (!pBuffer) {
  2233. dwError = ERROR_OUTOFMEMORY;
  2234. BAIL_ON_WIN32_ERROR(dwError);
  2235. }
  2236. memcpy( pBuffer, LDAPOBJECT_BERVAL_VAL((PLDAPOBJECT)bvalues), dwLen );
  2237. pIpsecISAKMPObject->pIpsecData = pBuffer;
  2238. pIpsecISAKMPObject->dwIpsecDataLen = dwLen;
  2239. LdapValueFreeLen(bvalues);
  2241. strvalues = NULL;
  2242. dwError = LdapGetValues(
  2243. hLdapBindHandle,
  2244. e,
  2245. L"ipsecOwnersReference",
  2246. (WCHAR ***)&strvalues,
  2247. (int *)&dwCount
  2248. );
  2249. // BAIL_ON_WIN32_ERROR(dwError);
  2251. //
  2252. // ipsecOwnersReference not written.
  2253. //
  2255. if (!dwError && strvalues) {
  2257. ppszIpsecNFANames = (LPWSTR *)AllocPolMem(
  2258. sizeof(LPWSTR)*dwCount
  2259. );
  2260. if (!ppszIpsecNFANames) {
  2261. dwError = ERROR_OUTOFMEMORY;
  2262. BAIL_ON_WIN32_ERROR(dwError);
  2263. }
  2265. for (i = 0; i < dwCount; i++) {
  2267. ppszTemp = (strvalues + i);
  2269. //
  2270. // Unmarshall all the values you can possibly have
  2271. //
  2272. pszIpsecNFAName = AllocPolStr(*ppszTemp);
  2273. if (!pszIpsecNFAName) {
  2274. dwError = ERROR_OUTOFMEMORY;
  2276. pIpsecISAKMPObject->ppszIpsecNFAReferences = ppszIpsecNFANames;
  2277. pIpsecISAKMPObject->dwNFACount = i;
  2279. BAIL_ON_WIN32_ERROR(dwError);
  2280. }
  2282. *(ppszIpsecNFANames + i) = pszIpsecNFAName;
  2284. }
  2286. pIpsecISAKMPObject->ppszIpsecNFAReferences = ppszIpsecNFANames;
  2287. pIpsecISAKMPObject->dwNFACount = dwCount;
  2288. LdapValueFree(strvalues);
  2289. }
  2291. *ppIpsecISAKMPObject = pIpsecISAKMPObject;
  2293. return(0);
  2295. error:
  2297. if (pIpsecISAKMPObject) {
  2298. FreeIpsecISAKMPObject(pIpsecISAKMPObject);
  2299. }
  2301. *ppIpsecISAKMPObject = NULL;
  2303. return(dwError);
  2304. }
  2307. DWORD
  2308. GenerateFilterQuery(
  2309. LPWSTR * ppszFilterDNs,
  2310. DWORD dwNumFilterObjects,
  2311. LPWSTR * ppszQueryBuffer
  2312. )
  2313. {
  2314. DWORD i = 0;
  2315. WCHAR szCommonName[512];
  2316. DWORD dwError = 0;
  2317. DWORD dwLength = 0;
  2318. LPWSTR pszQueryBuffer = NULL;
  2320. //
  2321. // Compute Length of Buffer to be allocated
  2322. //
  2324. dwLength = wcslen(L"(&(objectclass=ipsecFilter)");
  2326. dwLength += wcslen(L"(|");
  2328. for (i = 0; i < dwNumFilterObjects; i++) {
  2331. dwError = ComputePrelimCN(
  2332. *(ppszFilterDNs + i),
  2333. szCommonName
  2334. );
  2336. dwLength += wcslen(L"(");
  2337. dwLength += wcslen(szCommonName);
  2338. dwLength += wcslen( L")");
  2340. }
  2341. dwLength += wcslen(L")");
  2342. dwLength += wcslen(L")");
  2344. pszQueryBuffer = (LPWSTR)AllocPolMem((dwLength + 1)*sizeof(WCHAR));
  2345. if (!pszQueryBuffer) {
  2346. dwError = ERROR_OUTOFMEMORY;
  2347. BAIL_ON_WIN32_ERROR(dwError);
  2348. }
  2351. //
  2352. // Now fill in the buffer
  2353. //
  2357. wcscpy(pszQueryBuffer,L"(&(objectclass=ipsecFilter)");
  2359. wcscat(pszQueryBuffer, L"(|");
  2361. for (i = 0; i < dwNumFilterObjects; i++) {
  2364. dwError = ComputePrelimCN(
  2365. *(ppszFilterDNs + i),
  2366. szCommonName
  2367. );
  2369. wcscat(pszQueryBuffer, L"(");
  2370. wcscat(pszQueryBuffer, szCommonName);
  2371. wcscat(pszQueryBuffer, L")");
  2373. }
  2374. wcscat(pszQueryBuffer, L")");
  2376. wcscat(pszQueryBuffer, L")");
  2378. *ppszQueryBuffer = pszQueryBuffer;
  2380. return(0);
  2383. error:
  2385. if (pszQueryBuffer) {
  2387. FreePolMem(pszQueryBuffer);
  2388. }
  2390. *ppszQueryBuffer = NULL;
  2391. return(dwError);
  2392. }
  2394. DWORD
  2395. GenerateNegPolQuery(
  2396. LPWSTR * ppszNegPolDNs,
  2397. DWORD dwNumNegPolObjects,
  2398. LPWSTR * ppszQueryBuffer
  2399. )
  2400. {
  2401. DWORD i = 0;
  2402. WCHAR szCommonName[512];
  2403. DWORD dwError = 0;
  2404. DWORD dwLength = 0;
  2405. LPWSTR pszQueryBuffer = NULL;
  2407. //
  2408. // Compute Length of Buffer to be allocated
  2409. //
  2411. dwLength = wcslen(L"(&(objectclass=ipsecNegotiationPolicy)");
  2413. dwLength += wcslen(L"(|");
  2415. for (i = 0; i < dwNumNegPolObjects; i++) {
  2418. dwError = ComputePrelimCN(
  2419. *(ppszNegPolDNs + i),
  2420. szCommonName
  2421. );
  2423. dwLength += wcslen(L"(");
  2424. dwLength += wcslen(szCommonName);
  2425. dwLength += wcslen( L")");
  2427. }
  2428. dwLength += wcslen(L")");
  2429. dwLength += wcslen(L")");
  2431. pszQueryBuffer = (LPWSTR)AllocPolMem((dwLength + 1)*sizeof(WCHAR));
  2432. if (!pszQueryBuffer) {
  2433. dwError = ERROR_OUTOFMEMORY;
  2434. BAIL_ON_WIN32_ERROR(dwError);
  2435. }
  2438. //
  2439. // Now fill in the buffer
  2440. //
  2444. wcscpy(pszQueryBuffer,L"(&(objectclass=ipsecNegotiationPolicy)");
  2446. wcscat(pszQueryBuffer, L"(|");
  2448. for (i = 0; i < dwNumNegPolObjects; i++) {
  2451. dwError = ComputePrelimCN(
  2452. *(ppszNegPolDNs + i),
  2453. szCommonName
  2454. );
  2456. wcscat(pszQueryBuffer, L"(");
  2457. wcscat(pszQueryBuffer, szCommonName);
  2458. wcscat(pszQueryBuffer, L")");
  2460. }
  2461. wcscat(pszQueryBuffer, L")");
  2463. wcscat(pszQueryBuffer, L")");
  2465. *ppszQueryBuffer = pszQueryBuffer;
  2467. return(0);
  2470. error:
  2472. if (pszQueryBuffer) {
  2474. FreePolMem(pszQueryBuffer);
  2475. }
  2477. *ppszQueryBuffer = NULL;
  2478. return(dwError);
  2479. }
  2481. DWORD
  2482. GenerateNFAQuery(
  2483. LPWSTR * ppszNFADNs,
  2484. DWORD dwNumNFAObjects,
  2485. LPWSTR * ppszQueryBuffer
  2486. )
  2487. {
  2488. DWORD i = 0;
  2489. WCHAR szCommonName[512];
  2490. DWORD dwError = 0;
  2491. DWORD dwLength = 0;
  2492. LPWSTR pszQueryBuffer = NULL;
  2494. //
  2495. // Compute Length of Buffer to be allocated
  2496. //
  2498. dwLength = wcslen(L"(&(objectclass=ipsecNFA)");
  2500. dwLength += wcslen(L"(|");
  2502. for (i = 0; i < dwNumNFAObjects; i++) {
  2505. dwError = ComputePrelimCN(
  2506. *(ppszNFADNs + i),
  2507. szCommonName
  2508. );
  2510. dwLength += wcslen(L"(");
  2511. dwLength += wcslen(szCommonName);
  2512. dwLength += wcslen( L")");
  2514. }
  2515. dwLength += wcslen(L")");
  2516. dwLength += wcslen(L")");
  2518. pszQueryBuffer = (LPWSTR)AllocPolMem((dwLength + 1)*sizeof(WCHAR));
  2519. if (!pszQueryBuffer) {
  2520. dwError = ERROR_OUTOFMEMORY;
  2521. BAIL_ON_WIN32_ERROR(dwError);
  2522. }
  2525. //
  2526. // Now fill in the buffer
  2527. //
  2531. wcscpy(pszQueryBuffer,L"(&(objectclass=ipsecNFA)");
  2533. wcscat(pszQueryBuffer, L"(|");
  2535. for (i = 0; i < dwNumNFAObjects; i++) {
  2538. dwError = ComputePrelimCN(
  2539. *(ppszNFADNs + i),
  2540. szCommonName
  2541. );
  2543. wcscat(pszQueryBuffer, L"(");
  2544. wcscat(pszQueryBuffer, szCommonName);
  2545. wcscat(pszQueryBuffer, L")");
  2547. }
  2548. wcscat(pszQueryBuffer, L")");
  2550. wcscat(pszQueryBuffer, L")");
  2552. *ppszQueryBuffer = pszQueryBuffer;
  2554. return(0);
  2557. error:
  2559. if (pszQueryBuffer) {
  2561. FreePolMem(pszQueryBuffer);
  2562. }
  2564. *ppszQueryBuffer = NULL;
  2565. return(dwError);
  2566. }
  2568. DWORD
  2569. GenerateISAKMPQuery(
  2570. LPWSTR * ppszISAKMPDNs,
  2571. DWORD dwNumISAKMPObjects,
  2572. LPWSTR * ppszQueryBuffer
  2573. )
  2574. {
  2575. DWORD i = 0;
  2576. WCHAR szCommonName[512];
  2577. DWORD dwError = 0;
  2578. DWORD dwLength = 0;
  2579. LPWSTR pszQueryBuffer = NULL;
  2581. //
  2582. // Compute Length of Buffer to be allocated
  2583. //
  2585. dwLength = wcslen(L"(&(objectclass=ipsecISAKMPPolicy)");
  2587. dwLength += wcslen(L"(|");
  2589. for (i = 0; i < dwNumISAKMPObjects; i++) {
  2592. dwError = ComputePrelimCN(
  2593. *(ppszISAKMPDNs + i),
  2594. szCommonName
  2595. );
  2597. dwLength += wcslen(L"(");
  2598. dwLength += wcslen(szCommonName);
  2599. dwLength += wcslen( L")");
  2601. }
  2602. dwLength += wcslen(L")");
  2603. dwLength += wcslen(L")");
  2605. pszQueryBuffer = (LPWSTR)AllocPolMem((dwLength + 1)*sizeof(WCHAR));
  2606. if (!pszQueryBuffer) {
  2607. dwError = ERROR_OUTOFMEMORY;
  2608. BAIL_ON_WIN32_ERROR(dwError);
  2609. }
  2612. //
  2613. // Now fill in the buffer
  2614. //
  2618. wcscpy(pszQueryBuffer,L"(&(objectclass=ipsecISAKMPPolicy)");
  2620. wcscat(pszQueryBuffer, L"(|");
  2622. for (i = 0; i < dwNumISAKMPObjects; i++) {
  2625. dwError = ComputePrelimCN(
  2626. *(ppszISAKMPDNs + i),
  2627. szCommonName
  2628. );
  2630. wcscat(pszQueryBuffer, L"(");
  2631. wcscat(pszQueryBuffer, szCommonName);
  2632. wcscat(pszQueryBuffer, L")");
  2634. }
  2635. wcscat(pszQueryBuffer, L")");
  2637. wcscat(pszQueryBuffer, L")");
  2639. *ppszQueryBuffer = pszQueryBuffer;
  2641. return(0);
  2644. error:
  2646. if (pszQueryBuffer) {
  2648. FreePolMem(pszQueryBuffer);
  2649. }
  2651. *ppszQueryBuffer = NULL;
  2652. return(dwError);
  2653. }
  2657. DWORD
  2658. ComputePrelimCN(
  2659. LPWSTR szNFADN,
  2660. LPWSTR szCommonName
  2661. )
  2662. {
  2663. LPWSTR pszComma = NULL;
  2665. pszComma = wcschr(szNFADN, L',');
  2667. if (!pszComma) {
  2668. return (ERROR_INVALID_DATA);
  2669. }
  2671. *pszComma = L'\0';
  2673. wcscpy(szCommonName, szNFADN);
  2675. *pszComma = L',';
  2677. return(0);
  2678. }
  2680. DWORD
  2681. ComputePolicyContainerDN(
  2682. LPWSTR pszPolicyDN,
  2683. LPWSTR * ppszPolicyContainerDN
  2684. )
  2685. {
  2686. LPWSTR pszComma = NULL;
  2687. LPWSTR pszPolicyContainer = NULL;
  2688. DWORD dwError = 0;
  2690. *ppszPolicyContainerDN = NULL;
  2691. pszComma = wcschr(pszPolicyDN, L',');
  2693. pszPolicyContainer = AllocPolStr(
  2694. pszComma + 1
  2695. );
  2696. if (!pszPolicyContainer) {
  2697. dwError = ERROR_OUTOFMEMORY;
  2698. BAIL_ON_WIN32_ERROR(dwError);
  2699. }
  2701. *ppszPolicyContainerDN = pszPolicyContainer;
  2703. error:
  2705. return(dwError);
  2706. }
  2709. DWORD
  2710. ComputeDefaultDirectory(
  2711. LPWSTR * ppszDefaultDirectory
  2712. )
  2713. {
  2715. PDOMAIN_CONTROLLER_INFOW pDomainControllerInfo = NULL;
  2716. DWORD dwError = 0;
  2717. DWORD Flags = DS_DIRECTORY_SERVICE_REQUIRED | DS_RETURN_DNS_NAME;
  2718. LPWSTR pszDefaultDirectory = NULL;
  2721. *ppszDefaultDirectory = NULL;
  2723. dwError = DsGetDcNameW(
  2724. NULL,
  2725. NULL,
  2726. NULL,
  2727. NULL,
  2728. Flags,
  2729. &pDomainControllerInfo
  2730. ) ;
  2731. BAIL_ON_WIN32_ERROR(dwError);
  2734. pszDefaultDirectory = AllocPolStr(
  2735. pDomainControllerInfo->DomainName
  2736. );
  2737. if (!pszDefaultDirectory) {
  2738. dwError = ERROR_OUTOFMEMORY;
  2739. BAIL_ON_WIN32_ERROR(dwError);
  2740. }
  2742. *ppszDefaultDirectory = pszDefaultDirectory;
  2744. error:
  2746. if (pDomainControllerInfo) {
  2748. (void) NetApiBufferFree(pDomainControllerInfo) ;
  2749. }
  2752. return(dwError);
  2753. }