|
|
#include "precomp.h"
DWORDProcessNFAs( PIPSEC_POLICY_OBJECT pIpsecPolicyObject, DWORD dwStoreType, PDWORD pdwSlientErrorCode, PIPSEC_POLICY_DATA * ppIpsecPolicyData ){ DWORD dwError = 0; DWORD i = 0; DWORD NumberofRules = 0; PIPSEC_NFA_OBJECT * ppIpsecNFAObjects = NULL; PIPSEC_FILTER_OBJECT * ppIpsecFilterObjects = NULL; PIPSEC_NEGPOL_OBJECT * ppIpsecNegPolObjects = NULL;
DWORD dwNumFilterObjects = 0; DWORD dwNumNegPolObjects = 0;
PIPSEC_NFA_OBJECT pIpsecNFAObject = NULL;
PIPSEC_NFA_DATA * ppIpsecNFAData = NULL; PIPSEC_NFA_DATA pIpsecNFAData = NULL;
PIPSEC_POLICY_DATA pIpsecPolicyData = NULL;
DWORD dwNumNFACount = 0;
NumberofRules = pIpsecPolicyObject->NumberofRulesReturned;
ppIpsecNFAObjects = pIpsecPolicyObject->ppIpsecNFAObjects; ppIpsecFilterObjects = pIpsecPolicyObject->ppIpsecFilterObjects; ppIpsecNegPolObjects = pIpsecPolicyObject->ppIpsecNegPolObjects;
dwNumFilterObjects = pIpsecPolicyObject->NumberofFilters; dwNumNegPolObjects = pIpsecPolicyObject->NumberofNegPols;
__try { dwError = UnmarshallPolicyObject( pIpsecPolicyObject, dwStoreType, &pIpsecPolicyData ); } __except(EXCEPTION_EXECUTE_HANDLER) { dwError = ERROR_INVALID_DATA; } BAIL_ON_WIN32_ERROR(dwError);
__try { dwError = UnmarshallISAKMPObject( *(pIpsecPolicyObject->ppIpsecISAKMPObjects), &pIpsecPolicyData->pIpsecISAKMPData ); } __except(EXCEPTION_EXECUTE_HANDLER) { dwError = ERROR_INVALID_DATA; } BAIL_ON_WIN32_ERROR(dwError);
ppIpsecNFAData = (PIPSEC_NFA_DATA *)AllocPolMem( sizeof(PIPSEC_NFA_DATA)* NumberofRules ); if (!ppIpsecNFAData) {
dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError);
}
for (i = 0; i < NumberofRules; i++) {
pIpsecNFAObject = *(ppIpsecNFAObjects + i);
dwError = ProcessNFA( pIpsecNFAObject, dwStoreType, ppIpsecFilterObjects, dwNumFilterObjects, ppIpsecNegPolObjects, dwNumNegPolObjects, &pIpsecNFAData ); if (dwError == ERROR_SUCCESS) {
if (pIpsecNFAData->dwActiveFlag != 0) { *(ppIpsecNFAData + dwNumNFACount) = pIpsecNFAData; dwNumNFACount++; } else { FreeIpsecNFAData(pIpsecNFAData); } } else { *pdwSlientErrorCode = dwError; } }
pIpsecPolicyData->ppIpsecNFAData = ppIpsecNFAData; pIpsecPolicyData->dwNumNFACount = dwNumNFACount;
*ppIpsecPolicyData = pIpsecPolicyData;
return(dwError);
error:
if (pIpsecPolicyData) {
FreeIpsecPolicyData( pIpsecPolicyData ); } *ppIpsecPolicyData = NULL;
return(dwError);
}
DWORDProcessNFA( PIPSEC_NFA_OBJECT pIpsecNFAObject, DWORD dwStoreType, PIPSEC_FILTER_OBJECT * ppIpsecFilterObjects, DWORD dwNumFilterObjects, PIPSEC_NEGPOL_OBJECT * ppIpsecNegPolObjects, DWORD dwNumNegPolObjects, PIPSEC_NFA_DATA * ppIpsecNFAData ){ DWORD dwError = 0; PIPSEC_FILTER_OBJECT pIpsecFilterObject = NULL; PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject = NULL;
PIPSEC_NFA_DATA pIpsecNFAData = NULL;
__try { dwError = UnmarshallNFAObject( pIpsecNFAObject, dwStoreType, &pIpsecNFAData ); } __except(EXCEPTION_EXECUTE_HANDLER) { dwError = ERROR_INVALID_DATA; } BAIL_ON_WIN32_ERROR(dwError);
if (pIpsecNFAObject->pszIpsecFilterReference && *pIpsecNFAObject->pszIpsecFilterReference) {
dwError = FindIpsecFilterObject( pIpsecNFAObject, ppIpsecFilterObjects, dwNumFilterObjects, &pIpsecFilterObject ); BAIL_ON_WIN32_ERROR(dwError);
__try { dwError = UnmarshallFilterObject( pIpsecFilterObject, &pIpsecNFAData->pIpsecFilterData ); } __except(EXCEPTION_EXECUTE_HANDLER) { dwError = ERROR_INVALID_DATA; } BAIL_ON_WIN32_ERROR(dwError);
} else {
//
// We've received a NULL FilterReference or a NULL string FilterReference
//
//
// This is acceptable - implies there is no filter associated
//
pIpsecNFAData->pIpsecFilterData = NULL;
}
dwError = FindIpsecNegPolObject( pIpsecNFAObject, ppIpsecNegPolObjects, dwNumNegPolObjects, &pIpsecNegPolObject ); BAIL_ON_WIN32_ERROR(dwError);
__try { dwError = UnmarshallNegPolObject( pIpsecNegPolObject, &pIpsecNFAData->pIpsecNegPolData ); } __except(EXCEPTION_EXECUTE_HANDLER) { dwError = ERROR_INVALID_DATA; } BAIL_ON_WIN32_ERROR(dwError);
*ppIpsecNFAData = pIpsecNFAData;
return(dwError);
error:
if (pIpsecNFAData) {
FreeIpsecNFAData( pIpsecNFAData ); }
return(dwError);}
DWORDDeepCpyRsopInfo( PRSOP_INFO pDestRsop, PRSOP_INFO pSrcRsop ){ DWORD dwError = ERROR_SUCCESS;
if (!pDestRsop || !pSrcRsop) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_WIN32_ERROR(dwError); }
memset(pDestRsop, 0, sizeof(RSOP_INFO)); if (pSrcRsop->pszCreationtime && *pSrcRsop->pszCreationtime) { pDestRsop->pszCreationtime = AllocPolStr( pSrcRsop->pszCreationtime ); if (!pDestRsop->pszCreationtime) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } } if (pSrcRsop->pszID && *pSrcRsop->pszID) { pDestRsop->pszID = AllocPolStr( pSrcRsop->pszID ); if (!pDestRsop->pszID) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } } if (pSrcRsop->pszName && *pSrcRsop->pszName) { pDestRsop->pszName = AllocPolStr( pSrcRsop->pszName ); if (!pDestRsop->pszName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } } pDestRsop->uiPrecedence = pSrcRsop->uiPrecedence; if (pSrcRsop->pszGPOID && *pSrcRsop->pszGPOID) { pDestRsop->pszGPOID= AllocPolStr( pSrcRsop->pszGPOID ); if (!pDestRsop->pszGPOID) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } } if (pSrcRsop->pszSOMID && *pSrcRsop->pszSOMID) { pDestRsop->pszSOMID = AllocPolStr( pSrcRsop->pszSOMID ); if (!pDestRsop->pszSOMID) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } } error: return dwError;}
DWORD SetPolstoreFlag( LPBYTE pCur, LPBYTE pStart, DWORD dwLength, DWORD LastError, DWORD * pdwFlags ){ DWORD dwFlags = 0; LPBYTE pEnd;
//
// End of data is at end of buffer minus the NULL character
//
pEnd = pStart + dwLength - 1; if (LastError == ERROR_SUCCESS) { if (pCur + sizeof(GUID) >= pEnd) { dwFlags = POLSTORE_READWRITE; } else { dwFlags = POLSTORE_READONLY | POLSTORE_NEW_VER; } } else { dwFlags = POLSTORE_READONLY | POLSTORE_PARTIAL; }
*pdwFlags = dwFlags; return ERROR_SUCCESS;}
DWORDUnmarshallPolicyObject( PIPSEC_POLICY_OBJECT pIpsecPolicyObject, DWORD dwStoreType, PIPSEC_POLICY_DATA * ppIpsecPolicyData ){ LPBYTE pMem = NULL; LPWSTR pszIpsecISAKMPReference = NULL; PIPSEC_POLICY_DATA pIpsecPolicyData = NULL; DWORD dwPollingInterval = 0; DWORD dwFlags = 0; DWORD dwError = 0; DWORD dwSkipSize = 0;
// {6A1F5C6F-72B7-11d2-ACF0-0060B0ECCA17}
GUID GUID_POLSTORE_VERSION_INFO = { 0x6a1f5c6f, 0x72b7, 0x11d2, { 0xac, 0xf0, 0x0, 0x60, 0xb0, 0xec, 0xca, 0x17 } };
// {22202163-4F4C-11d1-863B-00A0248D3021}
static const GUID GUID_IPSEC_POLICY_DATA_BLOB = { 0x22202163, 0x4f4c, 0x11d1, { 0x86, 0x3b, 0x0, 0xa0, 0x24, 0x8d, 0x30, 0x21 } };
pMem = pIpsecPolicyObject->pIpsecData; //
// Check if the first blob is the version.
//
if (!memcmp(pMem, &(GUID_POLSTORE_VERSION_INFO), sizeof(GUID))) { pMem += sizeof(GUID);
memcpy(&dwSkipSize, pMem, sizeof(DWORD)); pMem += sizeof(DWORD); pMem += dwSkipSize; }
pMem += sizeof(GUID); pMem += sizeof(DWORD);
memcpy((LPBYTE)&dwPollingInterval, pMem, sizeof(DWORD)); pMem += sizeof(DWORD);
(VOID) SetPolstoreFlag( pMem, pIpsecPolicyObject->pIpsecData, pIpsecPolicyObject->dwIpsecDataLen, ERROR_SUCCESS, &dwFlags );
pIpsecPolicyData = (PIPSEC_POLICY_DATA)AllocPolMem( sizeof(IPSEC_POLICY_DATA) ); if (!pIpsecPolicyData) {
dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
if (pIpsecPolicyObject->pszIpsecName && *(pIpsecPolicyObject->pszIpsecName)) {
pIpsecPolicyData->pszIpsecName = AllocPolStr( pIpsecPolicyObject->pszIpsecName ); if (!pIpsecPolicyData->pszIpsecName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
if (pIpsecPolicyObject->pszDescription && *(pIpsecPolicyObject->pszDescription)){
pIpsecPolicyData->pszDescription = AllocPolStr( pIpsecPolicyObject->pszDescription ); if (!pIpsecPolicyData->pszDescription) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
wGUIDFromString(pIpsecPolicyObject->pszIpsecID, &pIpsecPolicyData->PolicyIdentifier );
switch(dwStoreType) {
case IPSEC_WMI_PROVIDER: pIpsecPolicyData->pRsopInfo = (PRSOP_INFO)AllocPolMem( sizeof(RSOP_INFO) ); if (!pIpsecPolicyData->pRsopInfo) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } dwError = DeepCpyRsopInfo( pIpsecPolicyData->pRsopInfo, pIpsecPolicyObject->pRsopInfo ); BAIL_ON_WIN32_ERROR(dwError); // no "break"; do everything we'd do for IPSEC_REGISTRY_PROVIDER as well.
case IPSEC_REGISTRY_PROVIDER: dwError = GenGUIDFromRegISAKMPReference( pIpsecPolicyObject->pszIpsecISAKMPReference, &pIpsecPolicyData->ISAKMPIdentifier ); BAIL_ON_WIN32_ERROR(dwError); break; case IPSEC_DIRECTORY_PROVIDER: dwError = CopyISAKMPDSToFQRegString( pIpsecPolicyObject->pszIpsecISAKMPReference, &pszIpsecISAKMPReference ); BAIL_ON_WIN32_ERROR(dwError); dwError = GenGUIDFromRegISAKMPReference( pszIpsecISAKMPReference, &pIpsecPolicyData->ISAKMPIdentifier ); BAIL_ON_WIN32_ERROR(dwError); break;
default: dwError = ERROR_INVALID_PARAMETER; BAIL_ON_WIN32_ERROR(dwError);
}
pIpsecPolicyData->dwWhenChanged = pIpsecPolicyObject->dwWhenChanged;
pIpsecPolicyData->dwPollingInterval = dwPollingInterval;
pIpsecPolicyData->dwFlags = dwFlags;
*ppIpsecPolicyData = pIpsecPolicyData;
if (pszIpsecISAKMPReference) { FreePolStr(pszIpsecISAKMPReference); }
return(0);
error:
if (pIpsecPolicyData) { FreeIpsecPolicyData(pIpsecPolicyData); }
if (pszIpsecISAKMPReference) { FreePolStr(pszIpsecISAKMPReference); }
*ppIpsecPolicyData = NULL; return(dwError);}
DWORDUnmarshallNFAObject( PIPSEC_NFA_OBJECT pIpsecNFAObject, DWORD dwStoreType, PIPSEC_NFA_DATA * ppIpsecNFAData ){ LPBYTE pMem = NULL; DWORD dwNumAuthMethods = 0; PIPSEC_AUTH_METHOD * ppIpsecAuthMethods = NULL; DWORD dwFlags = 0; DWORD dwError = 0; DWORD i = 0; PIPSEC_AUTH_METHOD pIpsecAuthMethod = NULL;
DWORD dwInterfaceType = 0; DWORD dwInterfaceNameLen = 0; LPWSTR pszInterfaceName = NULL;
DWORD dwTunnelIpAddr = 0; DWORD dwTunnelFlags = 0; DWORD dwActiveFlag = 0; DWORD dwEndPointNameLen = 0; LPWSTR pszEndPointName = NULL;
DWORD dwNumBytesAdvanced = 0;
PIPSEC_NFA_DATA pIpsecNFAData = NULL; LPWSTR pszIpsecFilterReference = NULL; LPWSTR pszIpsecNegPolReference = NULL;
// {11BBAC00-498D-11d1-8639-00A0248D3021}
static const GUID GUID_IPSEC_NFA_BLOB = { 0x11bbac00, 0x498d, 0x11d1, { 0x86, 0x39, 0x0, 0xa0, 0x24, 0x8d, 0x30, 0x21 } }; DWORD dwReadBytes = 0; GUID TmpGuid; DWORD dwNumAltAuthMethods = 0;
pMem = pIpsecNFAObject->pIpsecData;
pMem += sizeof(GUID); // for the GUID
pMem += sizeof(DWORD); // for the size
memcpy((LPBYTE)&dwNumAuthMethods, pMem, sizeof(DWORD));
pIpsecNFAData = (PIPSEC_NFA_DATA)AllocPolMem( sizeof(IPSEC_NFA_DATA) ); if (!pIpsecNFAData) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
if (dwNumAuthMethods) { ppIpsecAuthMethods = (PIPSEC_AUTH_METHOD *) AllocPolMem( sizeof(PIPSEC_AUTH_METHOD)*dwNumAuthMethods ); if (!ppIpsecAuthMethods) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
pMem += sizeof(DWORD);
for (i = 0; i < dwNumAuthMethods;i++){
__try { dwError = UnmarshallAuthMethods( pMem, &pIpsecAuthMethod, &dwNumBytesAdvanced ); } __except(EXCEPTION_EXECUTE_HANDLER) { dwError = ERROR_INVALID_DATA; } if (dwError) {
pIpsecNFAData->dwAuthMethodCount = i; pIpsecNFAData->ppAuthMethods = ppIpsecAuthMethods; BAIL_ON_WIN32_ERROR(dwError); }
pMem += dwNumBytesAdvanced; *(ppIpsecAuthMethods + i) = pIpsecAuthMethod;
} pIpsecNFAData->dwAuthMethodCount = dwNumAuthMethods; pIpsecNFAData->ppAuthMethods = ppIpsecAuthMethods;
memcpy((LPBYTE)&dwInterfaceType, pMem, sizeof(DWORD)); pIpsecNFAData->dwInterfaceType = dwInterfaceType; pMem += sizeof(DWORD);
memcpy((LPBYTE)&dwInterfaceNameLen, pMem, sizeof(DWORD)); pMem += sizeof(DWORD);
if (dwInterfaceNameLen) {
pszInterfaceName = AllocPolStr((LPWSTR)pMem); if (!pszInterfaceName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } } pIpsecNFAData->pszInterfaceName = pszInterfaceName; pMem += dwInterfaceNameLen;
memcpy((LPBYTE)&dwTunnelIpAddr, pMem, sizeof(DWORD)); pIpsecNFAData->dwTunnelIpAddr = dwTunnelIpAddr; pMem += sizeof(DWORD);
memcpy((LPBYTE)&dwTunnelFlags, pMem, sizeof(DWORD)); pIpsecNFAData->dwTunnelFlags = dwTunnelFlags; pMem += sizeof(DWORD);
memcpy((LPBYTE)&dwActiveFlag, pMem, sizeof(DWORD)); pIpsecNFAData->dwActiveFlag = dwActiveFlag; pMem += sizeof(DWORD);
memcpy((LPBYTE)&dwEndPointNameLen, pMem, sizeof(DWORD)); pMem += sizeof(DWORD);
if (dwEndPointNameLen) { pszEndPointName = AllocPolStr((LPWSTR)pMem); if (!pszEndPointName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } } pIpsecNFAData->pszEndPointName = pszEndPointName;
pMem += dwEndPointNameLen;
__try {
dwReadBytes = (DWORD) ((BYTE *) pMem - (BYTE *) pIpsecNFAObject->pIpsecData);
if ((dwReadBytes < pIpsecNFAObject->dwIpsecDataLen) && ((pIpsecNFAObject->dwIpsecDataLen - dwReadBytes) > sizeof(GUID))) {
memset(&TmpGuid, 1, sizeof(GUID));
if (memcmp(pMem, &TmpGuid, sizeof(GUID)) == 0) {
pMem += sizeof(GUID);
memcpy(&dwNumAltAuthMethods, pMem, sizeof(DWORD)); pMem += sizeof(DWORD);
if (dwNumAltAuthMethods == dwNumAuthMethods) { for (i = 0; i < dwNumAuthMethods; i++) { dwError = UnmarshallAltAuthMethods( pMem, ppIpsecAuthMethods[i], &dwNumBytesAdvanced ); if (dwError) { break; } pMem += dwNumBytesAdvanced; } }
}
dwReadBytes = (DWORD) ((BYTE *) pMem - (BYTE *) pIpsecNFAObject->pIpsecData);
if ((dwReadBytes < pIpsecNFAObject->dwIpsecDataLen) && ((pIpsecNFAObject->dwIpsecDataLen - dwReadBytes) > sizeof(GUID))) {
// Have V3 data
pMem += sizeof(GUID); pMem += sizeof(DWORD);
for (i=0; i < dwNumAuthMethods; i++) { memcpy(&((*ppIpsecAuthMethods[i]).dwAuthFlags), pMem, sizeof(DWORD)); pMem += sizeof(DWORD); }
}
}
} __except(EXCEPTION_EXECUTE_HANDLER) {
}
(VOID) SetPolstoreFlag( pMem, pIpsecNFAObject->pIpsecData, pIpsecNFAObject->dwIpsecDataLen, dwError, &dwFlags );
dwError = ERROR_SUCCESS;
//
// Convert the ipsecID to its GUID format
//
wGUIDFromString(pIpsecNFAObject->pszIpsecID, &pIpsecNFAData->NFAIdentifier );
if (pIpsecNFAObject->pszIpsecName && *(pIpsecNFAObject->pszIpsecName)) {
pIpsecNFAData->pszIpsecName = AllocPolStr( pIpsecNFAObject->pszIpsecName ); if (!pIpsecNFAData->pszIpsecName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
if (pIpsecNFAObject->pszDescription && *(pIpsecNFAObject->pszDescription)) {
pIpsecNFAData->pszDescription = AllocPolStr( pIpsecNFAObject->pszDescription ); if (!pIpsecNFAData->pszDescription) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
switch(dwStoreType) {
case IPSEC_WMI_PROVIDER: case IPSEC_REGISTRY_PROVIDER:
dwError = GenGUIDFromRegFilterReference( pIpsecNFAObject->pszIpsecFilterReference, &pIpsecNFAData->FilterIdentifier ); BAIL_ON_WIN32_ERROR(dwError);
dwError = GenGUIDFromRegNegPolReference( pIpsecNFAObject->pszIpsecNegPolReference, &pIpsecNFAData->NegPolIdentifier ); BAIL_ON_WIN32_ERROR(dwError);
break;
case IPSEC_DIRECTORY_PROVIDER:
if (pIpsecNFAObject->pszIpsecFilterReference && *pIpsecNFAObject->pszIpsecFilterReference) { dwError = CopyFilterDSToFQRegString( pIpsecNFAObject->pszIpsecFilterReference, &pszIpsecFilterReference ); BAIL_ON_WIN32_ERROR(dwError); dwError = GenGUIDFromRegFilterReference( pszIpsecFilterReference, &pIpsecNFAData->FilterIdentifier ); BAIL_ON_WIN32_ERROR(dwError); }
dwError = CopyNegPolDSToFQRegString( pIpsecNFAObject->pszIpsecNegPolReference, &pszIpsecNegPolReference ); BAIL_ON_WIN32_ERROR(dwError); dwError = GenGUIDFromRegNegPolReference( pszIpsecNegPolReference, &pIpsecNFAData->NegPolIdentifier ); BAIL_ON_WIN32_ERROR(dwError);
break;
default: dwError = ERROR_INVALID_PARAMETER; BAIL_ON_WIN32_ERROR(dwError);
}
pIpsecNFAData->dwWhenChanged = pIpsecNFAObject->dwWhenChanged; pIpsecNFAData->dwFlags = dwFlags;
*ppIpsecNFAData = pIpsecNFAData;
if (pszIpsecFilterReference) { FreePolStr(pszIpsecFilterReference); }
if (pszIpsecNegPolReference) { FreePolStr(pszIpsecNegPolReference); }
return(0);
error:
if (pIpsecNFAData) { FreeIpsecNFAData(pIpsecNFAData); }
if (pszIpsecFilterReference) { FreePolStr(pszIpsecFilterReference); }
if (pszIpsecNegPolReference) { FreePolStr(pszIpsecNegPolReference); }
*ppIpsecNFAData = NULL;
return(dwError);}
DWORDUnmarshallFilterObject( PIPSEC_FILTER_OBJECT pIpsecFilterObject, PIPSEC_FILTER_DATA * ppIpsecFilterData ){
LPBYTE pMem = NULL; DWORD dwNumFilterSpecs = 0; PIPSEC_FILTER_SPEC * ppIpsecFilterSpecs = NULL; PIPSEC_FILTER_SPEC pIpsecFilterSpec = NULL; DWORD i = 0; DWORD dwNumBytesAdvanced = 0; DWORD dwFlags = 0; PIPSEC_FILTER_DATA pIpsecFilterData = NULL; DWORD dwError = 0;
// {80DC20B5-2EC8-11d1-A89E-00A0248D3021}
static const GUID GUID_IPSEC_FILTER_BLOB = { 0x80dc20b5, 0x2ec8, 0x11d1, { 0xa8, 0x9e, 0x0, 0xa0, 0x24, 0x8d, 0x30, 0x21 } };
pIpsecFilterData = (PIPSEC_FILTER_DATA)AllocPolMem( sizeof(IPSEC_FILTER_DATA) ); if (!pIpsecFilterData) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
pMem = pIpsecFilterObject->pIpsecData;
pMem += sizeof(GUID); pMem += sizeof(DWORD);
memcpy((LPBYTE)&dwNumFilterSpecs, pMem, sizeof(DWORD));
if (dwNumFilterSpecs) { ppIpsecFilterSpecs = (PIPSEC_FILTER_SPEC *)AllocPolMem( sizeof(PIPSEC_FILTER_SPEC)*dwNumFilterSpecs ); if (!ppIpsecFilterSpecs) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
pMem += sizeof(DWORD);
for (i = 0; i < dwNumFilterSpecs;i++){
__try { dwError = UnmarshallFilterSpec( pMem, &pIpsecFilterSpec, &dwNumBytesAdvanced ); } __except(EXCEPTION_EXECUTE_HANDLER) { dwError = ERROR_INVALID_DATA; } if (dwError) {
pIpsecFilterData->dwNumFilterSpecs = i; pIpsecFilterData->ppFilterSpecs = ppIpsecFilterSpecs; BAIL_ON_WIN32_ERROR(dwError); }
pMem += dwNumBytesAdvanced; *(ppIpsecFilterSpecs + i) = pIpsecFilterSpec;
} pIpsecFilterData->dwNumFilterSpecs = dwNumFilterSpecs; pIpsecFilterData->ppFilterSpecs = ppIpsecFilterSpecs; (VOID) SetPolstoreFlag( pMem, pIpsecFilterObject->pIpsecData, pIpsecFilterObject->dwIpsecDataLen, ERROR_SUCCESS, &dwFlags );
//
// Convert the ipsecID to its GUID format
//
if (pIpsecFilterObject->pszIpsecName && *(pIpsecFilterObject->pszIpsecName)) {
pIpsecFilterData->pszIpsecName = AllocPolStr( pIpsecFilterObject->pszIpsecName ); if (!pIpsecFilterData->pszIpsecName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
if (pIpsecFilterObject->pszDescription && *(pIpsecFilterObject->pszDescription)) {
pIpsecFilterData->pszDescription = AllocPolStr( pIpsecFilterObject->pszDescription ); if (!pIpsecFilterData->pszDescription) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
wGUIDFromString(pIpsecFilterObject->pszIpsecID, &pIpsecFilterData->FilterIdentifier ); pIpsecFilterData->dwWhenChanged = pIpsecFilterObject->dwWhenChanged; pIpsecFilterData->dwFlags = dwFlags;
*ppIpsecFilterData = pIpsecFilterData;
return(dwError);
error:
if (pIpsecFilterData) {
FreeIpsecFilterData(pIpsecFilterData); }
*ppIpsecFilterData = NULL;
return(dwError);}
DWORDUnmarshallNegPolObject( PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject, PIPSEC_NEGPOL_DATA * ppIpsecNegPolData ){
LPBYTE pMem = NULL; DWORD dwNumSecurityOffers = 0; PIPSEC_SECURITY_METHOD pIpsecOffer = NULL;
PIPSEC_NEGPOL_DATA pIpsecNegPolData = NULL; DWORD dwFlags = 0; DWORD dwError = 0;
// {80DC20B9-2EC8-11d1-A89E-00A0248D3021}
static const GUID GUID_IPSEC_NEGPOLICY_BLOB = { 0x80dc20b9, 0x2ec8, 0x11d1, { 0xa8, 0x9e, 0x0, 0xa0, 0x24, 0x8d, 0x30, 0x21 } };
pMem = pIpsecNegPolObject->pIpsecData;
pIpsecNegPolData = (PIPSEC_NEGPOL_DATA)AllocPolMem( sizeof(IPSEC_NEGPOL_DATA) ); if (!pIpsecNegPolData) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
pMem += sizeof(GUID); pMem += sizeof(DWORD);
memcpy((LPBYTE)&dwNumSecurityOffers, pMem, sizeof(DWORD)); pMem += sizeof(DWORD);
if (dwNumSecurityOffers) {
pIpsecOffer = (PIPSEC_SECURITY_METHOD)AllocPolMem( sizeof(IPSEC_SECURITY_METHOD)*dwNumSecurityOffers ); if (!pIpsecOffer) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
memcpy((LPBYTE)pIpsecOffer, pMem, sizeof(IPSEC_SECURITY_METHOD)*dwNumSecurityOffers); pMem += sizeof(IPSEC_SECURITY_METHOD)*dwNumSecurityOffers; }
(VOID) SetPolstoreFlag( pMem, pIpsecNegPolObject->pIpsecData, pIpsecNegPolObject->dwIpsecDataLen, ERROR_SUCCESS, &dwFlags );
//
// Convert the ipsecID to its GUID format
//
if (pIpsecNegPolObject->pszIpsecName && *(pIpsecNegPolObject->pszIpsecName)) {
pIpsecNegPolData->pszIpsecName = AllocPolStr( pIpsecNegPolObject->pszIpsecName ); if (!pIpsecNegPolData->pszIpsecName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
if (pIpsecNegPolObject->pszDescription && *(pIpsecNegPolObject->pszDescription)){
pIpsecNegPolData->pszDescription = AllocPolStr( pIpsecNegPolObject->pszDescription ); if (!pIpsecNegPolData->pszDescription) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
wGUIDFromString(pIpsecNegPolObject->pszIpsecID, &pIpsecNegPolData->NegPolIdentifier );
wGUIDFromString(pIpsecNegPolObject->pszIpsecNegPolAction, &pIpsecNegPolData->NegPolAction );
wGUIDFromString(pIpsecNegPolObject->pszIpsecNegPolType, &pIpsecNegPolData->NegPolType );
pIpsecNegPolData->dwSecurityMethodCount = dwNumSecurityOffers; pIpsecNegPolData->pIpsecSecurityMethods = pIpsecOffer;
pIpsecNegPolData->dwWhenChanged = pIpsecNegPolObject->dwWhenChanged; pIpsecNegPolData->dwFlags = dwFlags;
*ppIpsecNegPolData = pIpsecNegPolData; return(0);
error:
if (pIpsecOffer) { FreePolMem(pIpsecOffer); }
if (pIpsecNegPolData) { FreeIpsecNegPolData(pIpsecNegPolData); }
*ppIpsecNegPolData = NULL; return(dwError);}
DWORDConvertBundleFlagToBundle(BYTE bBundleFlag, PISAKMP_POLICY pIsakmpPolicy, CRYPTO_BUNDLE *pBundle){
if (bBundleFlag == BYTE_DES_MD5_2048) { pBundle->EncryptionAlgorithm.AlgorithmIdentifier = IPSEC_ESP_DES; pBundle->HashAlgorithm.AlgorithmIdentifier = IPSEC_AH_MD5; pBundle->OakleyGroup=DH_GROUP_2048; } if (bBundleFlag == BYTE_DES_SHA_2048) { pBundle->EncryptionAlgorithm.AlgorithmIdentifier = IPSEC_ESP_DES; pBundle->HashAlgorithm.AlgorithmIdentifier = IPSEC_AH_SHA; pBundle->OakleyGroup=DH_GROUP_2048; } if (bBundleFlag == BYTE_3DES_MD5_2048) { pBundle->EncryptionAlgorithm.AlgorithmIdentifier = IPSEC_ESP_3_DES; pBundle->HashAlgorithm.AlgorithmIdentifier = IPSEC_AH_MD5; pBundle->OakleyGroup=DH_GROUP_2048; } if (bBundleFlag == BYTE_3DES_SHA_2048) { pBundle->EncryptionAlgorithm.AlgorithmIdentifier = IPSEC_ESP_3_DES; pBundle->HashAlgorithm.AlgorithmIdentifier = IPSEC_AH_SHA; pBundle->OakleyGroup=DH_GROUP_2048; }
pBundle->QuickModeLimit = pIsakmpPolicy->dwQMLimit; if (pBundle->QuickModeLimit == 1) { pBundle->PfsIdentityRequired = TRUE; } pBundle->Lifetime.Seconds = pIsakmpPolicy->dwLifetimeSec;
return ERROR_SUCCESS;
}
DWORDUnmarshallISAKMPObject( PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject, PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData ){
LPBYTE pMem = NULL; PIPSEC_ISAKMP_DATA pIpsecISAKMPData = NULL;
DWORD dwNumISAKMPSecurityMethods = 0; PCRYPTO_BUNDLE pSecurityMethods = NULL; PCRYPTO_BUNDLE pSecurityMethod = NULL; DWORD dwFlags = 0; DWORD i = 0;
DWORD dwError = 0;
DWORD dwNumLeadingBundles = 0; BYTE *pbLeadingBundleFlags = NULL;
// {80DC20B8-2EC8-11d1-A89E-00A0248D3021}
static const GUID GUID_IPSEC_ISAKMP_POLICY_BLOB = { 0x80dc20b8, 0x2ec8, 0x11d1, { 0xa8, 0x9e, 0x0, 0xa0, 0x24, 0x8d, 0x30, 0x21 } };
// CHECK THIS PART
pMem = pIpsecISAKMPObject->pIpsecData;
pIpsecISAKMPData = (PIPSEC_ISAKMP_DATA) AllocPolMem( sizeof(IPSEC_ISAKMP_DATA) ); if (!pIpsecISAKMPData) {
dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
pMem += sizeof(GUID); pMem += sizeof(DWORD);
memcpy((LPBYTE)&pIpsecISAKMPData->ISAKMPPolicy, pMem, sizeof(ISAKMP_POLICY)); pMem += sizeof(ISAKMP_POLICY);
memcpy((LPBYTE)&dwNumISAKMPSecurityMethods, pMem, sizeof(DWORD)); pMem += sizeof(DWORD);
pbLeadingBundleFlags = pIpsecISAKMPData->ISAKMPPolicy.bLeadingBundleFlags; for (i=0; i < 4; i++) { if (pbLeadingBundleFlags[i] != 0) { dwNumLeadingBundles++; } } if (!dwNumISAKMPSecurityMethods && !dwNumLeadingBundles) { dwError = ERROR_INVALID_DATA; BAIL_ON_WIN32_ERROR(dwError); }
pSecurityMethods = (PCRYPTO_BUNDLE) AllocPolMem( sizeof(CRYPTO_BUNDLE)*(dwNumISAKMPSecurityMethods+dwNumLeadingBundles) ); if (!pSecurityMethods) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
for (i = 0; i < dwNumLeadingBundles; i++) { pSecurityMethod = pSecurityMethods + i; ConvertBundleFlagToBundle(pbLeadingBundleFlags[i], &pIpsecISAKMPData->ISAKMPPolicy, pSecurityMethod); }
for (i = 0; i < dwNumISAKMPSecurityMethods; i++) {
pSecurityMethod = pSecurityMethods + (i + dwNumLeadingBundles); memcpy(pSecurityMethod, pMem, sizeof(CRYPTO_BUNDLE)); if (pSecurityMethod->PseudoRandomFunction.Rounds) { ConvertBundleFlagToBundle((BYTE)pSecurityMethod->PseudoRandomFunction.Rounds, &pIpsecISAKMPData->ISAKMPPolicy, pSecurityMethod); pSecurityMethod->PseudoRandomFunction.Rounds = 0; } pMem += sizeof(CRYPTO_BUNDLE);
} pIpsecISAKMPData->dwNumISAKMPSecurityMethods = dwNumISAKMPSecurityMethods + dwNumLeadingBundles; pIpsecISAKMPData->pSecurityMethods = pSecurityMethods; (VOID) SetPolstoreFlag( pMem, pIpsecISAKMPObject->pIpsecData, pIpsecISAKMPObject->dwIpsecDataLen, ERROR_SUCCESS, &dwFlags );
//
// Convert the ipsecID to its GUID format
//
wGUIDFromString(pIpsecISAKMPObject->pszIpsecID, &pIpsecISAKMPData->ISAKMPIdentifier );
pIpsecISAKMPData->dwWhenChanged = pIpsecISAKMPObject->dwWhenChanged; pIpsecISAKMPData->dwFlags = dwFlags;
*ppIpsecISAKMPData = pIpsecISAKMPData; return(0);
error:
if (pIpsecISAKMPData) {
FreeIpsecISAKMPData(pIpsecISAKMPData); }
*ppIpsecISAKMPData = NULL; return(dwError);
}
DWORDFindIpsecFilterObject( PIPSEC_NFA_OBJECT pIpsecNFAObject, PIPSEC_FILTER_OBJECT * ppIpsecFilterObjects, DWORD dwNumFilterObjects, PIPSEC_FILTER_OBJECT * ppIpsecFilterObject ){ DWORD i = 0; PIPSEC_FILTER_OBJECT pIpsecFilterObject = NULL;
for (i = 0; i < dwNumFilterObjects; i++) {
pIpsecFilterObject = *(ppIpsecFilterObjects + i);
if (!_wcsicmp(pIpsecFilterObject->pszDistinguishedName, pIpsecNFAObject->pszIpsecFilterReference)) { *ppIpsecFilterObject = pIpsecFilterObject; return(0); }
}
*ppIpsecFilterObject = NULL; return(ERROR_NOT_FOUND);}
DWORDFindIpsecNegPolObject( PIPSEC_NFA_OBJECT pIpsecNFAObject, PIPSEC_NEGPOL_OBJECT * ppIpsecNegPolObjects, DWORD dwNumNegPolObjects, PIPSEC_NEGPOL_OBJECT * ppIpsecNegPolObject ){ DWORD i = 0; PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject = NULL;
for (i = 0; i < dwNumNegPolObjects; i++) {
pIpsecNegPolObject = *(ppIpsecNegPolObjects + i);
if (!_wcsicmp(pIpsecNegPolObject->pszDistinguishedName, pIpsecNFAObject->pszIpsecNegPolReference)) { *ppIpsecNegPolObject = pIpsecNegPolObject; return(0); }
}
*ppIpsecNegPolObject = NULL; return(ERROR_NOT_FOUND);}
voidFreeIpsecFilterData( PIPSEC_FILTER_DATA pIpsecFilterData ){
DWORD dwNumFilterSpecs = 0; PIPSEC_FILTER_SPEC * ppIpsecFilterSpecs = NULL; DWORD i = 0; PIPSEC_FILTER_SPEC pIpsecFilterSpec = NULL;
dwNumFilterSpecs = pIpsecFilterData->dwNumFilterSpecs; ppIpsecFilterSpecs = pIpsecFilterData->ppFilterSpecs;
for (i = 0; i < dwNumFilterSpecs; i++) {
pIpsecFilterSpec = *(ppIpsecFilterSpecs + i);
if (pIpsecFilterSpec) {
if (pIpsecFilterSpec->pszSrcDNSName){
FreePolStr(pIpsecFilterSpec->pszSrcDNSName); }
if (pIpsecFilterSpec->pszDestDNSName){
FreePolStr(pIpsecFilterSpec->pszDestDNSName); }
if (pIpsecFilterSpec->pszDescription){
FreePolStr(pIpsecFilterSpec->pszDescription); }
FreePolMem(pIpsecFilterSpec);
}
}
FreePolMem(ppIpsecFilterSpecs);
if (pIpsecFilterData->pszIpsecName) { FreePolStr(pIpsecFilterData->pszIpsecName); }
if (pIpsecFilterData->pszDescription) { FreePolStr(pIpsecFilterData->pszDescription); }
FreePolMem(pIpsecFilterData);
return;}
voidFreeIpsecISAKMPData( PIPSEC_ISAKMP_DATA pIpsecISAKMPData ){ if (pIpsecISAKMPData->pSecurityMethods) { FreePolMem(pIpsecISAKMPData->pSecurityMethods);
}
FreePolMem(pIpsecISAKMPData); return;}
voidFreeIpsecNegPolData( PIPSEC_NEGPOL_DATA pIpsecNegPolData ){ if (pIpsecNegPolData->pIpsecSecurityMethods){
FreePolMem(pIpsecNegPolData->pIpsecSecurityMethods); }
if (pIpsecNegPolData->pszIpsecName) { FreePolStr(pIpsecNegPolData->pszIpsecName); }
if (pIpsecNegPolData->pszDescription) { FreePolStr(pIpsecNegPolData->pszDescription); }
FreePolMem(pIpsecNegPolData);
return;}
voidFreeIpsecNFAData( PIPSEC_NFA_DATA pIpsecNFAData ){ DWORD dwNumAuthMethods = 0; PIPSEC_AUTH_METHOD * ppIpsecAuthMethods = NULL; DWORD i = 0; PIPSEC_AUTH_METHOD pIpsecAuthMethod = NULL;
ppIpsecAuthMethods = pIpsecNFAData->ppAuthMethods;
dwNumAuthMethods = pIpsecNFAData->dwAuthMethodCount;
for (i = 0; i < dwNumAuthMethods; i++) {
pIpsecAuthMethod = *(ppIpsecAuthMethods + i);
if (pIpsecAuthMethod) {
if (pIpsecAuthMethod->pszAuthMethod) { FreePolStr(pIpsecAuthMethod->pszAuthMethod); } if (pIpsecAuthMethod->pAltAuthMethod) { FreePolMem(pIpsecAuthMethod->pAltAuthMethod); }
FreePolMem(pIpsecAuthMethod);
}
}
if (pIpsecNFAData->ppAuthMethods) { FreePolMem(pIpsecNFAData->ppAuthMethods); }
if (pIpsecNFAData->pszInterfaceName) {
FreePolStr(pIpsecNFAData->pszInterfaceName); }
if (pIpsecNFAData->pszEndPointName) { FreePolStr(pIpsecNFAData->pszEndPointName); }
if (pIpsecNFAData->pIpsecFilterData) { FreeIpsecFilterData(pIpsecNFAData->pIpsecFilterData); }
if (pIpsecNFAData->pIpsecNegPolData) { FreeIpsecNegPolData(pIpsecNFAData->pIpsecNegPolData); }
if (pIpsecNFAData->pszIpsecName) { FreePolStr(pIpsecNFAData->pszIpsecName); }
if (pIpsecNFAData->pszDescription) { FreePolStr(pIpsecNFAData->pszDescription); }
FreePolMem(pIpsecNFAData);}
voidFreeIpsecPolicyData( PIPSEC_POLICY_DATA pIpsecPolicyData ){ DWORD i = 0; DWORD dwNumNFACount = 0; PIPSEC_NFA_DATA * ppIpsecNFAData = NULL; PIPSEC_NFA_DATA pIpsecNFAData = NULL; PIPSEC_ISAKMP_DATA pIpsecISAKMPData = NULL;
dwNumNFACount = pIpsecPolicyData->dwNumNFACount; ppIpsecNFAData = pIpsecPolicyData->ppIpsecNFAData; pIpsecISAKMPData = pIpsecPolicyData->pIpsecISAKMPData;
if (pIpsecISAKMPData) { FreeIpsecISAKMPData( pIpsecISAKMPData ); }
for (i = 0; i < dwNumNFACount; i++) {
pIpsecNFAData = *(ppIpsecNFAData + i);
if (pIpsecNFAData) {
FreeIpsecNFAData( pIpsecNFAData ); }
}
if (pIpsecPolicyData->ppIpsecNFAData) { FreePolMem(pIpsecPolicyData->ppIpsecNFAData); }
if (pIpsecPolicyData->pszIpsecName) { FreePolStr(pIpsecPolicyData->pszIpsecName); }
if (pIpsecPolicyData->pszDescription) { FreePolStr(pIpsecPolicyData->pszDescription); }
if (pIpsecPolicyData->pRsopInfo) { FreeRsopInfo( pIpsecPolicyData->pRsopInfo ); }
if (pIpsecPolicyData) { FreePolMem(pIpsecPolicyData); }}
DWORDCopyIpsecPolicyData( PIPSEC_POLICY_DATA pIpsecPolicyData, PIPSEC_POLICY_DATA * ppIpsecPolicyData ){ DWORD dwError = 0; PIPSEC_POLICY_DATA pNewIpsecPolicyData = NULL;
DWORD dwNumberofRules = 0; PIPSEC_NFA_DATA * ppIpsecNFAData = NULL;
PIPSEC_NFA_DATA pIpsecNFAData = NULL; PIPSEC_NFA_DATA pNewIpsecNFAData = NULL;
PIPSEC_NFA_DATA * ppNewIpsecNFAData = NULL;
DWORD i = 0;
*ppIpsecPolicyData = NULL;
pNewIpsecPolicyData = (PIPSEC_POLICY_DATA) AllocPolMem( sizeof(IPSEC_POLICY_DATA) ); if (!pNewIpsecPolicyData) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
dwNumberofRules = pIpsecPolicyData->dwNumNFACount; ppIpsecNFAData = pIpsecPolicyData->ppIpsecNFAData;
if (dwNumberofRules) { ppNewIpsecNFAData = (PIPSEC_NFA_DATA *) AllocPolMem( sizeof(PIPSEC_NFA_DATA)* dwNumberofRules );
if (!ppNewIpsecNFAData) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
}
for (i = 0; i < dwNumberofRules; i++) {
pIpsecNFAData = *(ppIpsecNFAData + i);
dwError = CopyIpsecNFAData( pIpsecNFAData, &pNewIpsecNFAData );
if (dwError) { pNewIpsecPolicyData->ppIpsecNFAData = ppNewIpsecNFAData; pNewIpsecPolicyData->dwNumNFACount = i; BAIL_ON_WIN32_ERROR(dwError); }
*(ppNewIpsecNFAData + i) = pNewIpsecNFAData; }
pNewIpsecPolicyData->ppIpsecNFAData = ppNewIpsecNFAData; pNewIpsecPolicyData->dwNumNFACount = dwNumberofRules;
if (pIpsecPolicyData->pIpsecISAKMPData) {
dwError = CopyIpsecISAKMPData( pIpsecPolicyData->pIpsecISAKMPData, &pNewIpsecPolicyData->pIpsecISAKMPData );
BAIL_ON_WIN32_ERROR(dwError); }
pNewIpsecPolicyData->dwPollingInterval = pIpsecPolicyData->dwPollingInterval; pNewIpsecPolicyData->dwWhenChanged = pIpsecPolicyData->dwWhenChanged; pNewIpsecPolicyData->dwFlags = pIpsecPolicyData->dwFlags; memcpy( &(pNewIpsecPolicyData->PolicyIdentifier), &(pIpsecPolicyData->PolicyIdentifier), sizeof(GUID) ); memcpy( &(pNewIpsecPolicyData->ISAKMPIdentifier), &(pIpsecPolicyData->ISAKMPIdentifier), sizeof(GUID) );
if (pIpsecPolicyData->pszIpsecName && *pIpsecPolicyData->pszIpsecName) { pNewIpsecPolicyData->pszIpsecName = AllocPolStr( pIpsecPolicyData->pszIpsecName ); if (!pNewIpsecPolicyData->pszIpsecName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
if (pIpsecPolicyData->pszDescription && *pIpsecPolicyData->pszDescription) { pNewIpsecPolicyData->pszDescription = AllocPolStr( pIpsecPolicyData->pszDescription ); if (!pNewIpsecPolicyData->pszDescription) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
if (pIpsecPolicyData->pRsopInfo) { pNewIpsecPolicyData->pRsopInfo = (PRSOP_INFO)AllocPolMem( sizeof(RSOP_INFO) ); if (!pNewIpsecPolicyData->pRsopInfo) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } dwError = DeepCpyRsopInfo( pNewIpsecPolicyData->pRsopInfo, pIpsecPolicyData->pRsopInfo ); BAIL_ON_WIN32_ERROR(dwError); } *ppIpsecPolicyData = pNewIpsecPolicyData;
return (dwError);
error:
if (pNewIpsecPolicyData) { FreeIpsecPolicyData(pNewIpsecPolicyData); }
*ppIpsecPolicyData = NULL;
return (dwError);
}
DWORDCopyIpsecNFAData( PIPSEC_NFA_DATA pIpsecNFAData, PIPSEC_NFA_DATA * ppIpsecNFAData ){
PIPSEC_NFA_DATA pNewIpsecNFAData = NULL; DWORD dwError = 0; DWORD i = 0;
DWORD dwAuthMethodCount = 0;
PIPSEC_AUTH_METHOD * ppAuthMethods = NULL; PIPSEC_AUTH_METHOD * ppNewAuthMethods = NULL;
PIPSEC_AUTH_METHOD pAuthMethod = NULL; PIPSEC_AUTH_METHOD pNewAuthMethod = NULL;
pNewIpsecNFAData = (PIPSEC_NFA_DATA) AllocPolMem( sizeof(IPSEC_NFA_DATA) ); if (!pNewIpsecNFAData) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError);
}
dwAuthMethodCount = pIpsecNFAData->dwAuthMethodCount; ppAuthMethods = pIpsecNFAData->ppAuthMethods;
if (dwAuthMethodCount) { ppNewAuthMethods = (PIPSEC_AUTH_METHOD *) AllocPolMem( sizeof(PIPSEC_AUTH_METHOD)* dwAuthMethodCount );
if (!ppNewAuthMethods) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
}
for (i = 0; i < dwAuthMethodCount; i++) {
pAuthMethod = *(ppAuthMethods + i);
dwError = CopyIpsecAuthMethod( pAuthMethod, &pNewAuthMethod );
if (dwError) { pNewIpsecNFAData->ppAuthMethods = ppNewAuthMethods; pNewIpsecNFAData->dwAuthMethodCount = i; BAIL_ON_WIN32_ERROR(dwError); }
*(ppNewAuthMethods + i) = pNewAuthMethod; }
pNewIpsecNFAData->ppAuthMethods = ppNewAuthMethods; pNewIpsecNFAData->dwAuthMethodCount = dwAuthMethodCount;
if (pIpsecNFAData->pszIpsecName && *pIpsecNFAData->pszIpsecName) { pNewIpsecNFAData->pszIpsecName = AllocPolStr( pIpsecNFAData->pszIpsecName );
if (!(pNewIpsecNFAData->pszIpsecName)) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
if (pIpsecNFAData->pszDescription && *pIpsecNFAData->pszDescription) { pNewIpsecNFAData->pszDescription = AllocPolStr( pIpsecNFAData->pszDescription );
if (!(pNewIpsecNFAData->pszDescription)) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
memcpy( &(pNewIpsecNFAData->NFAIdentifier), &(pIpsecNFAData->NFAIdentifier), sizeof(GUID) ); memcpy( &(pNewIpsecNFAData->FilterIdentifier), &(pIpsecNFAData->FilterIdentifier), sizeof(GUID) ); memcpy( &(pNewIpsecNFAData->NegPolIdentifier), &(pIpsecNFAData->NegPolIdentifier), sizeof(GUID) );
pNewIpsecNFAData->dwInterfaceType = pIpsecNFAData->dwInterfaceType;
if (pIpsecNFAData->pszInterfaceName && *pIpsecNFAData->pszInterfaceName) { pNewIpsecNFAData->pszInterfaceName = AllocPolStr( pIpsecNFAData->pszInterfaceName );
if (!(pNewIpsecNFAData->pszInterfaceName)) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
pNewIpsecNFAData->dwTunnelIpAddr = pIpsecNFAData->dwTunnelIpAddr; pNewIpsecNFAData->dwTunnelFlags = pIpsecNFAData->dwTunnelFlags; pNewIpsecNFAData->dwActiveFlag = pIpsecNFAData->dwActiveFlag;
if (pIpsecNFAData->pszEndPointName && *pIpsecNFAData->pszEndPointName) { pNewIpsecNFAData->pszEndPointName = AllocPolStr( pIpsecNFAData->pszEndPointName );
if (!(pNewIpsecNFAData->pszEndPointName)) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
if (pIpsecNFAData->pIpsecFilterData) {
dwError = CopyIpsecFilterData( pIpsecNFAData->pIpsecFilterData, &pNewIpsecNFAData->pIpsecFilterData );
BAIL_ON_WIN32_ERROR(dwError); }
if (pIpsecNFAData->pIpsecNegPolData) {
dwError = CopyIpsecNegPolData( pIpsecNFAData->pIpsecNegPolData, &pNewIpsecNFAData->pIpsecNegPolData );
BAIL_ON_WIN32_ERROR(dwError); }
pNewIpsecNFAData->dwWhenChanged = pIpsecNFAData->dwWhenChanged;
pNewIpsecNFAData->dwFlags = pIpsecNFAData->dwFlags;
*ppIpsecNFAData = pNewIpsecNFAData;
return(ERROR_SUCCESS);
error:
if (pNewIpsecNFAData) { FreeIpsecNFAData(pNewIpsecNFAData); }
*ppIpsecNFAData = NULL;
return (dwError);
}
DWORDCopyIpsecAuthMethod( PIPSEC_AUTH_METHOD pAuthMethod, PIPSEC_AUTH_METHOD * ppAuthMethod ){ DWORD dwError = 0; PIPSEC_AUTH_METHOD pNewAuthMethod = NULL;
pNewAuthMethod = (PIPSEC_AUTH_METHOD) AllocPolMem( sizeof(IPSEC_AUTH_METHOD) );
if (!pNewAuthMethod) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
pNewAuthMethod->dwAuthType = pAuthMethod->dwAuthType; pNewAuthMethod->dwAuthLen = pAuthMethod->dwAuthLen;
if (pAuthMethod->pszAuthMethod) { pNewAuthMethod->pszAuthMethod = AllocPolStr( pAuthMethod->pszAuthMethod );
if (!(pNewAuthMethod->pszAuthMethod)) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
pNewAuthMethod->dwAltAuthLen = 0; pNewAuthMethod->pAltAuthMethod = NULL;
if (pAuthMethod->dwAltAuthLen && pAuthMethod->pAltAuthMethod) { pNewAuthMethod->pAltAuthMethod = AllocPolMem( pAuthMethod->dwAltAuthLen ); if (!(pNewAuthMethod->pAltAuthMethod)) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } memcpy( pNewAuthMethod->pAltAuthMethod, pAuthMethod->pAltAuthMethod, pAuthMethod->dwAltAuthLen ); pNewAuthMethod->dwAltAuthLen = pAuthMethod->dwAltAuthLen; } pNewAuthMethod->dwAuthFlags = pAuthMethod->dwAuthFlags;
*ppAuthMethod = pNewAuthMethod;
return (ERROR_SUCCESS);
error:
if (pNewAuthMethod) { if (pNewAuthMethod->pszAuthMethod) { FreePolStr(pNewAuthMethod->pszAuthMethod); } if (pNewAuthMethod->pAltAuthMethod) { FreePolMem(pNewAuthMethod->pAltAuthMethod); } FreePolMem(pNewAuthMethod); }
*ppAuthMethod = NULL;
return (dwError);
}
DWORDCopyIpsecISAKMPData( PIPSEC_ISAKMP_DATA pIpsecISAKMPData, PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData ){ DWORD dwError = 0; PIPSEC_ISAKMP_DATA pNewIpsecISAKMPData = NULL; DWORD dwNumISAKMPSecurityMethods = 0;
pNewIpsecISAKMPData = (PIPSEC_ISAKMP_DATA) AllocPolMem( sizeof(IPSEC_ISAKMP_DATA) );
if (!pNewIpsecISAKMPData) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
memcpy( &(pNewIpsecISAKMPData->ISAKMPIdentifier), &(pIpsecISAKMPData->ISAKMPIdentifier), sizeof(GUID) );
memcpy( &(pNewIpsecISAKMPData->ISAKMPPolicy), &(pIpsecISAKMPData->ISAKMPPolicy), sizeof(ISAKMP_POLICY) );
dwNumISAKMPSecurityMethods = pIpsecISAKMPData->dwNumISAKMPSecurityMethods;
pNewIpsecISAKMPData->dwWhenChanged = pIpsecISAKMPData->dwWhenChanged;
pNewIpsecISAKMPData->dwFlags = pIpsecISAKMPData->dwFlags;
if (pIpsecISAKMPData->pSecurityMethods) {
pNewIpsecISAKMPData->pSecurityMethods = (PCRYPTO_BUNDLE) AllocPolMem( sizeof(CRYPTO_BUNDLE) * dwNumISAKMPSecurityMethods );
if (!(pNewIpsecISAKMPData->pSecurityMethods)) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
memcpy( pNewIpsecISAKMPData->pSecurityMethods, pIpsecISAKMPData->pSecurityMethods, sizeof(CRYPTO_BUNDLE)*dwNumISAKMPSecurityMethods ); pNewIpsecISAKMPData->dwNumISAKMPSecurityMethods = pIpsecISAKMPData->dwNumISAKMPSecurityMethods; } else { pNewIpsecISAKMPData->pSecurityMethods = NULL; pNewIpsecISAKMPData->dwNumISAKMPSecurityMethods = 0; }
*ppIpsecISAKMPData = pNewIpsecISAKMPData;
return(ERROR_SUCCESS);
error:
*ppIpsecISAKMPData = NULL;
return (dwError);
}
DWORDCopyIpsecFilterData( PIPSEC_FILTER_DATA pIpsecFilterData, PIPSEC_FILTER_DATA * ppIpsecFilterData ){ DWORD dwError = 0; DWORD i = 0; PIPSEC_FILTER_DATA pNewIpsecFilterData = NULL; DWORD dwNumFilterSpecs = 0; PIPSEC_FILTER_SPEC * ppFilterSpecs = NULL; PIPSEC_FILTER_SPEC * ppNewFilterSpecs = NULL;
PIPSEC_FILTER_SPEC pFilterSpecs = NULL; PIPSEC_FILTER_SPEC pNewFilterSpecs = NULL;
pNewIpsecFilterData = (PIPSEC_FILTER_DATA) AllocPolMem( sizeof(IPSEC_FILTER_DATA) );
if (!pNewIpsecFilterData) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
dwNumFilterSpecs = pIpsecFilterData->dwNumFilterSpecs; ppFilterSpecs = pIpsecFilterData->ppFilterSpecs;
if (dwNumFilterSpecs) {
ppNewFilterSpecs = (PIPSEC_FILTER_SPEC *) AllocPolMem( sizeof(PIPSEC_FILTER_SPEC)* dwNumFilterSpecs ); if (!ppNewFilterSpecs) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
for (i = 0; i < dwNumFilterSpecs; i++) {
pFilterSpecs = *(ppFilterSpecs + i);
dwError = CopyIpsecFilterSpec( pFilterSpecs, &pNewFilterSpecs );
if (dwError) { pNewIpsecFilterData->ppFilterSpecs = ppNewFilterSpecs; pNewIpsecFilterData->dwNumFilterSpecs = i; BAIL_ON_WIN32_ERROR(dwError); }
*(ppNewFilterSpecs + i) = pNewFilterSpecs; }
pNewIpsecFilterData->ppFilterSpecs = ppNewFilterSpecs; pNewIpsecFilterData->dwNumFilterSpecs = dwNumFilterSpecs;
if (pIpsecFilterData->pszIpsecName && *pIpsecFilterData->pszIpsecName) { pNewIpsecFilterData->pszIpsecName = AllocPolStr( pIpsecFilterData->pszIpsecName );
if (!(pNewIpsecFilterData->pszIpsecName)) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
if (pIpsecFilterData->pszDescription && *pIpsecFilterData->pszDescription) { pNewIpsecFilterData->pszDescription = AllocPolStr( pIpsecFilterData->pszDescription );
if (!(pNewIpsecFilterData->pszDescription)) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
memcpy( &(pNewIpsecFilterData->FilterIdentifier), &(pIpsecFilterData->FilterIdentifier), sizeof(GUID) );
pNewIpsecFilterData->dwWhenChanged = pIpsecFilterData->dwWhenChanged; pNewIpsecFilterData->dwFlags = pIpsecFilterData->dwFlags;
*ppIpsecFilterData = pNewIpsecFilterData;
return(ERROR_SUCCESS);
error:
if (pNewIpsecFilterData) { FreeIpsecFilterData(pNewIpsecFilterData); } *ppIpsecFilterData = NULL; return (dwError);
}
DWORDCopyIpsecFilterSpec( PIPSEC_FILTER_SPEC pFilterSpecs, PIPSEC_FILTER_SPEC * ppFilterSpecs ){
DWORD dwError = 0; PIPSEC_FILTER_SPEC pNewFilterSpecs = NULL;
pNewFilterSpecs = (PIPSEC_FILTER_SPEC) AllocPolMem( sizeof(IPSEC_FILTER_SPEC) );
if (!pNewFilterSpecs) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
if (pFilterSpecs->pszSrcDNSName) { pNewFilterSpecs->pszSrcDNSName = AllocPolStr( pFilterSpecs->pszSrcDNSName );
if (!(pNewFilterSpecs->pszSrcDNSName)) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
if (pFilterSpecs->pszDestDNSName) { pNewFilterSpecs->pszDestDNSName = AllocPolStr( pFilterSpecs->pszDestDNSName );
if (!(pNewFilterSpecs->pszDestDNSName)) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
if (pFilterSpecs->pszDescription) { pNewFilterSpecs->pszDescription = AllocPolStr( pFilterSpecs->pszDescription );
if (!(pNewFilterSpecs->pszDescription)) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
memcpy( &(pNewFilterSpecs->FilterSpecGUID), &(pFilterSpecs->FilterSpecGUID), sizeof(GUID) );
pNewFilterSpecs->dwMirrorFlag = pFilterSpecs->dwMirrorFlag;
memcpy( &(pNewFilterSpecs->Filter), &(pFilterSpecs->Filter), sizeof(IPSEC_FILTER) );
*ppFilterSpecs = pNewFilterSpecs;
return(ERROR_SUCCESS);
error:
if (pNewFilterSpecs) { if (pNewFilterSpecs->pszSrcDNSName){ FreePolStr(pNewFilterSpecs->pszSrcDNSName); } if (pNewFilterSpecs->pszDestDNSName){ FreePolStr(pNewFilterSpecs->pszDestDNSName); } if (pNewFilterSpecs->pszDescription){ FreePolStr(pNewFilterSpecs->pszDescription); } FreePolMem(pNewFilterSpecs); }
*ppFilterSpecs = NULL;
return (dwError);
}
DWORDCopyIpsecNegPolData( PIPSEC_NEGPOL_DATA pIpsecNegPolData, PIPSEC_NEGPOL_DATA * ppIpsecNegPolData ){
DWORD dwNumSecurityOffers = 0;
PIPSEC_NEGPOL_DATA pNewIpsecNegPolData = NULL; DWORD dwError = 0;
pNewIpsecNegPolData = (PIPSEC_NEGPOL_DATA) AllocPolMem( sizeof(IPSEC_NEGPOL_DATA) ); if (!pNewIpsecNegPolData) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
dwNumSecurityOffers = pIpsecNegPolData->dwSecurityMethodCount;
if (dwNumSecurityOffers) {
pNewIpsecNegPolData->pIpsecSecurityMethods = (PIPSEC_SECURITY_METHOD) AllocPolMem( sizeof(IPSEC_SECURITY_METHOD)*dwNumSecurityOffers );
if (!(pNewIpsecNegPolData->pIpsecSecurityMethods)) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
memcpy( (pNewIpsecNegPolData->pIpsecSecurityMethods), (pIpsecNegPolData->pIpsecSecurityMethods), sizeof(IPSEC_SECURITY_METHOD)*dwNumSecurityOffers );
pNewIpsecNegPolData->dwSecurityMethodCount = dwNumSecurityOffers;
} else {
pNewIpsecNegPolData->dwSecurityMethodCount = 0; pNewIpsecNegPolData->pIpsecSecurityMethods = NULL;
}
if (pIpsecNegPolData->pszIpsecName && *pIpsecNegPolData->pszIpsecName) { pNewIpsecNegPolData->pszIpsecName = AllocPolStr( pIpsecNegPolData->pszIpsecName );
if (!(pNewIpsecNegPolData->pszIpsecName)) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
if (pIpsecNegPolData->pszDescription && *pIpsecNegPolData->pszDescription) { pNewIpsecNegPolData->pszDescription = AllocPolStr( pIpsecNegPolData->pszDescription );
if (!(pNewIpsecNegPolData->pszDescription)) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } }
//
// Convert the ipsecID to its GUID format
//
memcpy( &(pNewIpsecNegPolData->NegPolIdentifier), &(pIpsecNegPolData->NegPolIdentifier), sizeof(GUID) );
memcpy( &(pNewIpsecNegPolData->NegPolAction), &(pIpsecNegPolData->NegPolAction), sizeof(GUID) );
memcpy( &(pNewIpsecNegPolData->NegPolType), &(pIpsecNegPolData->NegPolType), sizeof(GUID) );
pNewIpsecNegPolData->dwWhenChanged = pIpsecNegPolData->dwWhenChanged;
pNewIpsecNegPolData->dwFlags = pIpsecNegPolData->dwFlags;
*ppIpsecNegPolData = pNewIpsecNegPolData;
return (0);
error:
if (pNewIpsecNegPolData) { FreeIpsecNegPolData(pNewIpsecNegPolData); }
*ppIpsecNegPolData = NULL;
return(dwError);
}
DWORDUnmarshallFilterSpec( LPBYTE pMem, PIPSEC_FILTER_SPEC * ppIpsecFilterSpec, PDWORD pdwNumBytesAdvanced ){ DWORD dwSrcDNSNameLen = 0; LPWSTR pszSrcDNSName = NULL; DWORD dwDestDNSNameLen = 0; LPWSTR pszDestDNSName = NULL; DWORD dwDescriptionLen = 0; LPWSTR pszDescription = NULL; GUID FilterSpecGUID; DWORD dwMirrorFlag = 0; IPSEC_FILTER ipsecFilter; PIPSEC_FILTER_SPEC pIpsecFilterSpec = NULL; DWORD dwNumBytesAdvanced = 0;
DWORD dwError = 0;
*ppIpsecFilterSpec = NULL; *pdwNumBytesAdvanced = 0;
memcpy((LPBYTE)&dwSrcDNSNameLen, pMem, sizeof(DWORD)); pMem += sizeof(DWORD); dwNumBytesAdvanced += sizeof(DWORD);
if (dwSrcDNSNameLen) { pszSrcDNSName = AllocPolStr((LPWSTR)pMem); if (!pszSrcDNSName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } } pMem += dwSrcDNSNameLen; dwNumBytesAdvanced += dwSrcDNSNameLen;
memcpy((LPBYTE)&dwDestDNSNameLen, pMem, sizeof(DWORD)); pMem += sizeof(DWORD); dwNumBytesAdvanced += sizeof(DWORD);
if (dwDestDNSNameLen) { pszDestDNSName = AllocPolStr((LPWSTR)pMem); if (!pszDestDNSName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } } pMem += dwDestDNSNameLen; dwNumBytesAdvanced += dwDestDNSNameLen;
memcpy((LPBYTE)&dwDescriptionLen, pMem, sizeof(DWORD)); pMem += sizeof(DWORD); dwNumBytesAdvanced += sizeof(DWORD);
if (dwDescriptionLen) { pszDescription = AllocPolStr((LPWSTR)pMem); if (!pszDescription) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } } pMem += dwDescriptionLen; dwNumBytesAdvanced += dwDescriptionLen;
memcpy((LPBYTE)&FilterSpecGUID, pMem, sizeof(GUID)); pMem += sizeof(GUID); dwNumBytesAdvanced += sizeof(GUID);
memcpy((LPBYTE)&dwMirrorFlag, pMem, sizeof(DWORD)); pMem += sizeof(DWORD); dwNumBytesAdvanced += sizeof(DWORD);
memcpy((LPBYTE)&ipsecFilter, pMem, sizeof(IPSEC_FILTER));
pIpsecFilterSpec = (PIPSEC_FILTER_SPEC)AllocPolMem( sizeof(IPSEC_FILTER_SPEC)
); if (!pIpsecFilterSpec) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } pMem += sizeof(IPSEC_FILTER); dwNumBytesAdvanced += sizeof(IPSEC_FILTER);
pIpsecFilterSpec->pszSrcDNSName = pszSrcDNSName; pIpsecFilterSpec->pszDestDNSName = pszDestDNSName; pIpsecFilterSpec->pszDescription = pszDescription; pIpsecFilterSpec->dwMirrorFlag = dwMirrorFlag;
memcpy((LPBYTE)&pIpsecFilterSpec->FilterSpecGUID, &FilterSpecGUID, sizeof(GUID)); memcpy((LPBYTE)&pIpsecFilterSpec->Filter, &ipsecFilter, sizeof(IPSEC_FILTER));
*ppIpsecFilterSpec = pIpsecFilterSpec; *pdwNumBytesAdvanced = dwNumBytesAdvanced;
return(dwError);
error:
if (pszSrcDNSName) { FreePolStr(pszSrcDNSName); }
if (pszDestDNSName) { FreePolStr(pszDestDNSName); }
if (pszDescription) { FreePolStr(pszDescription); }
*ppIpsecFilterSpec = NULL; *pdwNumBytesAdvanced = 0;
return(dwError);}
DWORDUnmarshallAuthMethods( LPBYTE pMem, PIPSEC_AUTH_METHOD * ppIpsecAuthMethod, PDWORD pdwNumBytesAdvanced ){ DWORD dwError = 0; DWORD dwAuthType = 0; DWORD dwAuthLen = 0; LPWSTR pszAuthMethod = NULL; PIPSEC_AUTH_METHOD pIpsecAuthMethod = NULL; DWORD dwNumBytesAdvanced = 0;
pIpsecAuthMethod = (PIPSEC_AUTH_METHOD)AllocPolMem( sizeof(IPSEC_AUTH_METHOD) ); if (!pIpsecAuthMethod) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); }
memcpy((LPBYTE)&dwAuthType, pMem, sizeof(DWORD)); pMem += sizeof(DWORD); dwNumBytesAdvanced += sizeof(DWORD);
memcpy((LPBYTE)&dwAuthLen, pMem, sizeof(DWORD)); pMem += sizeof(DWORD); dwNumBytesAdvanced += sizeof(DWORD);
if (dwAuthLen) {
pszAuthMethod = AllocPolStr((LPWSTR)pMem); if (!pszAuthMethod) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } } pMem += dwAuthLen; dwNumBytesAdvanced += dwAuthLen;
//
// Unmarshall parameters.
//
pIpsecAuthMethod->dwAuthType = dwAuthType; pIpsecAuthMethod->dwAuthLen = (dwAuthLen - 2)/2; pIpsecAuthMethod->pszAuthMethod = pszAuthMethod; pIpsecAuthMethod->dwAltAuthLen = 0; pIpsecAuthMethod->pAltAuthMethod = NULL;
*ppIpsecAuthMethod = pIpsecAuthMethod; *pdwNumBytesAdvanced = dwNumBytesAdvanced;
return (dwError);
error:
if (pszAuthMethod) { FreePolStr(pszAuthMethod); }
if (pIpsecAuthMethod) { FreePolMem(pIpsecAuthMethod); }
*ppIpsecAuthMethod = NULL; *pdwNumBytesAdvanced = 0; return (dwError);}
DWORDUnmarshallAltAuthMethods( LPBYTE pMem, PIPSEC_AUTH_METHOD pIpsecAuthMethod, PDWORD pdwNumBytesAdvanced ){ DWORD dwError = 0; DWORD dwAuthType = 0; DWORD dwAuthLen = 0; PBYTE pAltAuthMethod = NULL; DWORD dwNumBytesAdvanced = 0;
memcpy((LPBYTE)&dwAuthType, pMem, sizeof(DWORD)); pMem += sizeof(DWORD); dwNumBytesAdvanced += sizeof(DWORD);
memcpy((LPBYTE)&dwAuthLen, pMem, sizeof(DWORD)); pMem += sizeof(DWORD); dwNumBytesAdvanced += sizeof(DWORD);
if (dwAuthLen) { pAltAuthMethod = (PBYTE) AllocPolMem(dwAuthLen); if (!pAltAuthMethod) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } memcpy(pAltAuthMethod, pMem, dwAuthLen); } pMem += dwAuthLen; dwNumBytesAdvanced += dwAuthLen;
pIpsecAuthMethod->dwAltAuthLen = dwAuthLen; pIpsecAuthMethod->pAltAuthMethod = pAltAuthMethod;
*pdwNumBytesAdvanced = dwNumBytesAdvanced;
return (dwError);
error:
if (pAltAuthMethod) { FreePolMem(pAltAuthMethod); }
pIpsecAuthMethod->dwAltAuthLen = 0; pIpsecAuthMethod->pAltAuthMethod = NULL;
*pdwNumBytesAdvanced = 0; return (dwError);}
voidFreeRsopInfo( PRSOP_INFO pRsopInfo ){ if (pRsopInfo) { FreePolStr(pRsopInfo->pszCreationtime); FreePolStr(pRsopInfo->pszID); FreePolStr(pRsopInfo->pszName); FreePolStr(pRsopInfo->pszGPOID); FreePolStr(pRsopInfo->pszSOMID); }}
voidFreeMulIpsecFilterData( PIPSEC_FILTER_DATA * ppIpsecFilterData, DWORD dwNumFilterObjects ){ DWORD i = 0; PIPSEC_FILTER_DATA pIpsecFilterData = NULL;
if (!ppIpsecFilterData) { return; }
for (i = 0; i < dwNumFilterObjects; i++) {
pIpsecFilterData = *(ppIpsecFilterData + i);
if (pIpsecFilterData) { FreeIpsecFilterData(pIpsecFilterData); } }
FreePolMem(ppIpsecFilterData);
return;}
voidFreeMulIpsecNegPolData( PIPSEC_NEGPOL_DATA * ppIpsecNegPolData, DWORD dwNumNegPolObjects ){ DWORD i = 0; PIPSEC_NEGPOL_DATA pIpsecNegPolData = NULL;
if (!ppIpsecNegPolData) { return; }
for (i = 0; i < dwNumNegPolObjects; i++) {
pIpsecNegPolData = *(ppIpsecNegPolData + i);
if (pIpsecNegPolData) { FreeIpsecNegPolData(pIpsecNegPolData); } }
FreePolMem(ppIpsecNegPolData);
return;}
voidFreeMulIpsecPolicyData( PIPSEC_POLICY_DATA * ppIpsecPolicyData, DWORD dwNumPolicyObjects ){ DWORD i = 0; PIPSEC_POLICY_DATA pIpsecPolicyData = NULL;
if (!ppIpsecPolicyData) { return; }
for (i = 0; i < dwNumPolicyObjects; i++) {
pIpsecPolicyData = *(ppIpsecPolicyData + i);
if (pIpsecPolicyData) { FreeIpsecPolicyData(pIpsecPolicyData); } }
FreePolMem(ppIpsecPolicyData);
return;}
voidFreeMulIpsecNFAData( PIPSEC_NFA_DATA * ppIpsecNFAData, DWORD dwNumNFAObjects ){ DWORD i = 0; PIPSEC_NFA_DATA pIpsecNFAData = NULL;
if (!ppIpsecNFAData) { return; }
for (i = 0; i < dwNumNFAObjects; i++) {
pIpsecNFAData = *(ppIpsecNFAData + i);
if (pIpsecNFAData) { FreeIpsecNFAData(pIpsecNFAData); } }
FreePolMem(ppIpsecNFAData);
return;}
DWORDGenGUIDFromRegFilterReference( LPWSTR pszIpsecFilterReference, GUID * FilterIdentifier ){ DWORD dwError = 0; LPWSTR pszGuid = NULL;
if (pszIpsecFilterReference) {
pszGuid = wcschr(pszIpsecFilterReference, L'{');
if (!pszGuid) { dwError = ERROR_INVALID_DATA; return (dwError); }
wGUIDFromString(pszGuid, FilterIdentifier);
}else { memset(FilterIdentifier, 0, sizeof(GUID)); }
return(dwError);}
DWORDGenGUIDFromRegNegPolReference( LPWSTR pszIpsecNegPolReference, GUID * NegPolIdentifier ){ DWORD dwError = 0; LPWSTR pszGuid = NULL;
if (pszIpsecNegPolReference) {
pszGuid = wcschr(pszIpsecNegPolReference, L'{');
if (!pszGuid) { dwError = ERROR_INVALID_DATA; return (dwError); }
wGUIDFromString(pszGuid, NegPolIdentifier);
}else { memset(NegPolIdentifier, 0, sizeof(GUID)); }
return(dwError);}
DWORDGenGUIDFromRegISAKMPReference( LPWSTR pszIpsecISAKMPReference, GUID * ISAKMPIdentifier ){ DWORD dwError = 0; LPWSTR pszGuid = NULL;
if (pszIpsecISAKMPReference) {
pszGuid = wcschr(pszIpsecISAKMPReference, L'{');
if (!pszGuid) { dwError = ERROR_INVALID_DATA; return (dwError); }
wGUIDFromString(pszGuid, ISAKMPIdentifier);
}else { memset(ISAKMPIdentifier, 0, sizeof(GUID)); }
return(dwError);}
voidFreeIpsecFilterSpecs( PIPSEC_FILTER_SPEC * ppIpsecFilterSpecs, DWORD dwNumFilterSpecs ){
DWORD i = 0; PIPSEC_FILTER_SPEC pIpsecFilterSpec = NULL;
for (i = 0; i < dwNumFilterSpecs; i++) {
pIpsecFilterSpec = *(ppIpsecFilterSpecs + i);
if (pIpsecFilterSpec) {
FreeIpsecFilterSpec(pIpsecFilterSpec);
}
}
FreePolMem(ppIpsecFilterSpecs);}
voidFreeIpsecFilterSpec( PIPSEC_FILTER_SPEC pIpsecFilterSpec ){ if (pIpsecFilterSpec->pszSrcDNSName){
FreePolStr(pIpsecFilterSpec->pszSrcDNSName); }
if (pIpsecFilterSpec->pszDestDNSName){
FreePolStr(pIpsecFilterSpec->pszDestDNSName); }
if (pIpsecFilterSpec->pszDescription){
FreePolStr(pIpsecFilterSpec->pszDescription); }
FreePolMem(pIpsecFilterSpec);
return;}
voidFreeMulIpsecISAKMPData( PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData, DWORD dwNumISAKMPObjects ){ DWORD i = 0; PIPSEC_ISAKMP_DATA pIpsecISAKMPData = NULL;
if (!ppIpsecISAKMPData) { return; }
for (i = 0; i < dwNumISAKMPObjects; i++) {
pIpsecISAKMPData = *(ppIpsecISAKMPData + i);
if (pIpsecISAKMPData) { FreeIpsecISAKMPData(pIpsecISAKMPData); } }
FreePolMem(ppIpsecISAKMPData);
return;}
|
