Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1148 lines
27 KiB

  1. //----------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 2000.
  5. //
  6. // File: isakmp-d.c
  7. //
  8. // Contents: ISAKMP Management for directory.
  9. //
  10. //
  11. // History: AbhisheV
  12. //
  13. //----------------------------------------------------------------------------
  14. #include "precomp.h"
  15. extern LPWSTR ISAKMPDNAttributes[];
  16. DWORD
  17. DirEnumISAKMPData(
  18. HLDAP hLdapBindHandle,
  19. LPWSTR pszIpsecRootContainer,
  20. PIPSEC_ISAKMP_DATA ** pppIpsecISAKMPData,
  21. PDWORD pdwNumISAKMPObjects
  22. )
  23. {
  24. DWORD dwError = 0;
  25. PIPSEC_ISAKMP_OBJECT * ppIpsecISAKMPObjects = NULL;
  26. PIPSEC_ISAKMP_DATA pIpsecISAKMPData = NULL;
  27. PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData = NULL;
  28. DWORD dwNumISAKMPObjects = 0;
  29. DWORD i = 0;
  30. DWORD j = 0;
  31. dwError = DirEnumISAKMPObjects(
  32. hLdapBindHandle,
  33. pszIpsecRootContainer,
  34. &ppIpsecISAKMPObjects,
  35. &dwNumISAKMPObjects
  36. );
  37. BAIL_ON_WIN32_ERROR(dwError);
  38. if (dwNumISAKMPObjects) {
  39. ppIpsecISAKMPData = (PIPSEC_ISAKMP_DATA *) AllocPolMem(
  40. dwNumISAKMPObjects*sizeof(PIPSEC_ISAKMP_DATA)
  41. );
  42. if (!ppIpsecISAKMPData) {
  43. dwError = ERROR_OUTOFMEMORY;
  44. BAIL_ON_WIN32_ERROR(dwError);
  45. }
  46. }
  47. for (i = 0; i < dwNumISAKMPObjects; i++) {
  48. dwError = DirUnmarshallISAKMPData(
  49. *(ppIpsecISAKMPObjects + i),
  50. &pIpsecISAKMPData
  51. );
  52. if (!dwError) {
  53. *(ppIpsecISAKMPData + j) = pIpsecISAKMPData;
  54. j++;
  55. }
  56. }
  57. if (j == 0) {
  58. if (ppIpsecISAKMPData) {
  59. FreePolMem(ppIpsecISAKMPData);
  60. ppIpsecISAKMPData = NULL;
  61. }
  62. }
  63. *pppIpsecISAKMPData = ppIpsecISAKMPData;
  64. *pdwNumISAKMPObjects = j;
  65. dwError = ERROR_SUCCESS;
  66. cleanup:
  67. if (ppIpsecISAKMPObjects) {
  68. FreeIpsecISAKMPObjects(
  69. ppIpsecISAKMPObjects,
  70. dwNumISAKMPObjects
  71. );
  72. }
  73. return(dwError);
  74. error:
  75. if (ppIpsecISAKMPData) {
  76. FreeMulIpsecISAKMPData(
  77. ppIpsecISAKMPData,
  78. i
  79. );
  80. }
  81. *pppIpsecISAKMPData = NULL;
  82. *pdwNumISAKMPObjects = 0;
  83. goto cleanup;
  84. }
  85. DWORD
  86. DirEnumISAKMPObjects(
  87. HLDAP hLdapBindHandle,
  88. LPWSTR pszIpsecRootContainer,
  89. PIPSEC_ISAKMP_OBJECT ** pppIpsecISAKMPObjects,
  90. PDWORD pdwNumISAKMPObjects
  91. )
  92. {
  93. LDAPMessage *res = NULL;
  94. LDAPMessage *e = NULL;
  95. DWORD dwError = 0;
  96. LPWSTR pszISAKMPString = NULL;
  97. DWORD i = 0;
  98. DWORD dwCount = 0;
  99. PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject = NULL;
  100. PIPSEC_ISAKMP_OBJECT * ppIpsecISAKMPObjects = NULL;
  101. DWORD dwNumISAKMPObjectsReturned = 0;
  102. dwError = GenerateAllISAKMPsQuery(
  103. &pszISAKMPString
  104. );
  105. BAIL_ON_WIN32_ERROR(dwError);
  106. dwError = LdapSearchST(
  107. hLdapBindHandle,
  108. pszIpsecRootContainer,
  109. LDAP_SCOPE_ONELEVEL,
  110. pszISAKMPString,
  111. ISAKMPDNAttributes,
  112. 0,
  113. NULL,
  114. &res
  115. );
  116. BAIL_ON_WIN32_ERROR(dwError);
  117. dwCount = LdapCountEntries(
  118. hLdapBindHandle,
  119. res
  120. );
  121. if (!dwCount) {
  122. dwError = ERROR_DS_NO_ATTRIBUTE_OR_VALUE;
  123. BAIL_ON_WIN32_ERROR(dwError);
  124. }
  125. ppIpsecISAKMPObjects = (PIPSEC_ISAKMP_OBJECT *)AllocPolMem(
  126. sizeof(PIPSEC_ISAKMP_OBJECT)*dwCount
  127. );
  128. if (!ppIpsecISAKMPObjects) {
  129. dwError = ERROR_OUTOFMEMORY;
  130. BAIL_ON_WIN32_ERROR(dwError);
  131. }
  132. for (i = 0; i < dwCount; i++) {
  133. if (i == 0) {
  134. dwError = LdapFirstEntry(
  135. hLdapBindHandle,
  136. res,
  137. &e
  138. );
  139. BAIL_ON_WIN32_ERROR(dwError);
  140. } else {
  141. dwError = LdapNextEntry(
  142. hLdapBindHandle,
  143. e,
  144. &e
  145. );
  146. BAIL_ON_WIN32_ERROR(dwError);
  147. }
  148. dwError = UnMarshallISAKMPObject(
  149. hLdapBindHandle,
  150. e,
  151. &pIpsecISAKMPObject
  152. );
  153. if (dwError == ERROR_SUCCESS) {
  154. *(ppIpsecISAKMPObjects + dwNumISAKMPObjectsReturned) = pIpsecISAKMPObject;
  155. dwNumISAKMPObjectsReturned++;
  156. }
  157. }
  158. *pppIpsecISAKMPObjects = ppIpsecISAKMPObjects;
  159. *pdwNumISAKMPObjects = dwNumISAKMPObjectsReturned;
  160. dwError = ERROR_SUCCESS;
  161. cleanup:
  162. if (pszISAKMPString) {
  163. FreePolMem(pszISAKMPString);
  164. }
  165. if (res) {
  166. LdapMsgFree(res);
  167. }
  168. return(dwError);
  169. error:
  170. if (ppIpsecISAKMPObjects) {
  171. FreeIpsecISAKMPObjects(
  172. ppIpsecISAKMPObjects,
  173. dwNumISAKMPObjectsReturned
  174. );
  175. }
  176. *pppIpsecISAKMPObjects = NULL;
  177. *pdwNumISAKMPObjects = 0;
  178. goto cleanup;
  179. }
  180. DWORD
  181. DirSetISAKMPData(
  182. HLDAP hLdapBindHandle,
  183. LPWSTR pszIpsecRootContainer,
  184. PIPSEC_ISAKMP_DATA pIpsecISAKMPData
  185. )
  186. {
  187. DWORD dwError = 0;
  188. PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject = NULL;
  189. dwError = DirMarshallISAKMPObject(
  190. pIpsecISAKMPData,
  191. pszIpsecRootContainer,
  192. &pIpsecISAKMPObject
  193. );
  194. BAIL_ON_WIN32_ERROR(dwError);
  195. dwError = DirSetISAKMPObject(
  196. hLdapBindHandle,
  197. pszIpsecRootContainer,
  198. pIpsecISAKMPObject
  199. );
  200. BAIL_ON_WIN32_ERROR(dwError);
  201. dwError = DirBackPropIncChangesForISAKMPToPolicy(
  202. hLdapBindHandle,
  203. pszIpsecRootContainer,
  204. pIpsecISAKMPData->ISAKMPIdentifier
  205. );
  206. BAIL_ON_WIN32_ERROR(dwError);
  207. error:
  208. if (pIpsecISAKMPObject) {
  209. FreeIpsecISAKMPObject(pIpsecISAKMPObject);
  210. }
  211. return(dwError);
  212. }
  213. DWORD
  214. DirSetISAKMPObject(
  215. HLDAP hLdapBindHandle,
  216. LPWSTR pszIpsecRootContainer,
  217. PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject
  218. )
  219. {
  220. DWORD dwError = 0;
  221. LDAPModW ** ppLDAPModW = NULL;
  222. dwError = DirMarshallSetISAKMPObject(
  223. hLdapBindHandle,
  224. pszIpsecRootContainer,
  225. pIpsecISAKMPObject,
  226. &ppLDAPModW
  227. );
  228. BAIL_ON_WIN32_ERROR(dwError);
  229. dwError = LdapModifyS(
  230. hLdapBindHandle,
  231. pIpsecISAKMPObject->pszDistinguishedName,
  232. ppLDAPModW
  233. );
  234. BAIL_ON_WIN32_ERROR(dwError);
  235. error:
  236. //
  237. // Free the amods structures.
  238. //
  239. if (ppLDAPModW) {
  240. FreeLDAPModWs(
  241. ppLDAPModW
  242. );
  243. }
  244. return(dwError);
  245. }
  246. DWORD
  247. DirCreateISAKMPData(
  248. HLDAP hLdapBindHandle,
  249. LPWSTR pszIpsecRootContainer,
  250. PIPSEC_ISAKMP_DATA pIpsecISAKMPData
  251. )
  252. {
  253. DWORD dwError = 0;
  254. PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject = NULL;
  255. dwError = DirMarshallISAKMPObject(
  256. pIpsecISAKMPData,
  257. pszIpsecRootContainer,
  258. &pIpsecISAKMPObject
  259. );
  260. BAIL_ON_WIN32_ERROR(dwError);
  261. dwError = DirCreateISAKMPObject(
  262. hLdapBindHandle,
  263. pszIpsecRootContainer,
  264. pIpsecISAKMPObject
  265. );
  266. BAIL_ON_WIN32_ERROR(dwError);
  267. error:
  268. if (pIpsecISAKMPObject) {
  269. FreeIpsecISAKMPObject(
  270. pIpsecISAKMPObject
  271. );
  272. }
  273. return(dwError);
  274. }
  275. DWORD
  276. DirCreateISAKMPObject(
  277. HLDAP hLdapBindHandle,
  278. LPWSTR pszIpsecRootContainer,
  279. PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject
  280. )
  281. {
  282. DWORD dwError = 0;
  283. LDAPModW ** ppLDAPModW = NULL;
  284. dwError = DirMarshallAddISAKMPObject(
  285. hLdapBindHandle,
  286. pszIpsecRootContainer,
  287. pIpsecISAKMPObject,
  288. &ppLDAPModW
  289. );
  290. BAIL_ON_WIN32_ERROR(dwError);
  291. dwError = LdapAddS(
  292. hLdapBindHandle,
  293. pIpsecISAKMPObject->pszDistinguishedName,
  294. ppLDAPModW
  295. );
  296. BAIL_ON_WIN32_ERROR(dwError);
  297. error:
  298. //
  299. // Free the amods structures.
  300. //
  301. if (ppLDAPModW) {
  302. FreeLDAPModWs(
  303. ppLDAPModW
  304. );
  305. }
  306. return(dwError);
  307. }
  308. DWORD
  309. DirDeleteISAKMPData(
  310. HLDAP hLdapBindHandle,
  311. LPWSTR pszIpsecRootContainer,
  312. GUID ISAKMPIdentifier
  313. )
  314. {
  315. DWORD dwError = ERROR_SUCCESS;
  316. WCHAR szGuid[MAX_PATH];
  317. WCHAR szDistinguishedName[MAX_PATH];
  318. LPWSTR pszStringUuid = NULL;
  319. szGuid[0] = L'\0';
  320. szDistinguishedName[0] = L'\0';
  321. dwError = UuidToString(
  322. &ISAKMPIdentifier,
  323. &pszStringUuid
  324. );
  325. BAIL_ON_WIN32_ERROR(dwError);
  326. wcscpy(szGuid, L"{");
  327. wcscat(szGuid, pszStringUuid);
  328. wcscat(szGuid, L"}");
  329. wcscpy(szDistinguishedName,L"CN=ipsecISAKMPPolicy");
  330. wcscat(szDistinguishedName, szGuid);
  331. wcscat(szDistinguishedName, L",");
  332. SecStrCatW(szDistinguishedName, pszIpsecRootContainer, MAX_PATH);
  333. dwError = LdapDeleteS(
  334. hLdapBindHandle,
  335. szDistinguishedName
  336. );
  337. BAIL_ON_WIN32_ERROR(dwError);
  338. error:
  339. if (pszStringUuid) {
  340. RpcStringFree(&pszStringUuid);
  341. }
  342. return(dwError);
  343. }
  344. DWORD
  345. DirMarshallAddISAKMPObject(
  346. HLDAP hLdapBindHandle,
  347. LPWSTR pszIpsecRootContainer,
  348. PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject,
  349. LDAPModW *** pppLDAPModW
  350. )
  351. {
  352. DWORD i = 0;
  353. LDAPModW ** ppLDAPModW = NULL;
  354. LDAPModW * pLDAPModW = NULL;
  355. DWORD dwNumAttributes = 5;
  356. DWORD dwError = 0;
  357. WCHAR Buffer[64];
  358. if (!pIpsecISAKMPObject->pszIpsecName ||
  359. !*pIpsecISAKMPObject->pszIpsecName) {
  360. dwNumAttributes--;
  361. }
  362. ppLDAPModW = (LDAPModW **) AllocPolMem(
  363. (dwNumAttributes+1) * sizeof(LDAPModW*)
  364. );
  365. if (!ppLDAPModW) {
  366. dwError = ERROR_OUTOFMEMORY;
  367. BAIL_ON_WIN32_ERROR(dwError);
  368. }
  369. pLDAPModW = (LDAPModW *) AllocPolMem(
  370. dwNumAttributes * sizeof(LDAPModW)
  371. );
  372. if (!pLDAPModW) {
  373. dwError = ERROR_OUTOFMEMORY;
  374. BAIL_ON_WIN32_ERROR(dwError);
  375. }
  376. //
  377. // 0. objectClass
  378. //
  379. ppLDAPModW[i] = pLDAPModW + i;
  380. dwError = AllocatePolString(
  381. L"objectClass",
  382. &(pLDAPModW +i)->mod_type
  383. );
  384. BAIL_ON_WIN32_ERROR(dwError);
  385. dwError = AllocateLDAPStringValue(
  386. L"ipsecISAKMPPolicy",
  387. (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values
  388. );
  389. BAIL_ON_WIN32_ERROR(dwError);
  390. (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE;
  391. i++;
  392. //
  393. // 1. ipsecName
  394. //
  395. if (pIpsecISAKMPObject->pszIpsecName &&
  396. *pIpsecISAKMPObject->pszIpsecName) {
  397. ppLDAPModW[i] = pLDAPModW + i;
  398. dwError = AllocatePolString(
  399. L"ipsecName",
  400. &(pLDAPModW +i)->mod_type
  401. );
  402. BAIL_ON_WIN32_ERROR(dwError);
  403. dwError = AllocateLDAPStringValue(
  404. pIpsecISAKMPObject->pszIpsecName,
  405. (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values
  406. );
  407. BAIL_ON_WIN32_ERROR(dwError);
  408. (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE;
  409. i++;
  410. }
  411. //
  412. // 2. ipsecID
  413. //
  414. ppLDAPModW[i] = pLDAPModW + i;
  415. dwError = AllocatePolString(
  416. L"ipsecID",
  417. &(pLDAPModW +i)->mod_type
  418. );
  419. BAIL_ON_WIN32_ERROR(dwError);
  420. dwError = AllocateLDAPStringValue(
  421. pIpsecISAKMPObject->pszIpsecID,
  422. (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values
  423. );
  424. BAIL_ON_WIN32_ERROR(dwError);
  425. (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE;
  426. i++;
  427. //
  428. // 3. ipsecDataType
  429. //
  430. ppLDAPModW[i] = pLDAPModW + i;
  431. dwError = AllocatePolString(
  432. L"ipsecDataType",
  433. &(pLDAPModW +i)->mod_type
  434. );
  435. BAIL_ON_WIN32_ERROR(dwError);
  436. _itow( pIpsecISAKMPObject->dwIpsecDataType, Buffer, 10 );
  437. dwError = AllocateLDAPStringValue(
  438. Buffer,
  439. (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values
  440. );
  441. BAIL_ON_WIN32_ERROR(dwError);
  442. (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE;
  443. i++;
  444. //
  445. // 4. ipsecData
  446. //
  447. ppLDAPModW[i] = pLDAPModW + i;
  448. dwError = AllocatePolString(
  449. L"ipsecData",
  450. &(pLDAPModW +i)->mod_type
  451. );
  452. BAIL_ON_WIN32_ERROR(dwError);
  453. dwError = AllocateLDAPBinaryValue(
  454. pIpsecISAKMPObject->pIpsecData,
  455. pIpsecISAKMPObject->dwIpsecDataLen,
  456. (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values
  457. );
  458. BAIL_ON_WIN32_ERROR(dwError);
  459. (pLDAPModW+i)->mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
  460. i++;
  461. *pppLDAPModW = ppLDAPModW;
  462. return(dwError);
  463. error:
  464. if (ppLDAPModW) {
  465. FreeLDAPModWs(
  466. ppLDAPModW
  467. );
  468. }
  469. *pppLDAPModW = NULL;
  470. return(dwError);
  471. }
  472. DWORD
  473. DirMarshallSetISAKMPObject(
  474. HLDAP hLdapBindHandle,
  475. LPWSTR pszIpsecRootContainer,
  476. PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject,
  477. LDAPModW *** pppLDAPModW
  478. )
  479. {
  480. DWORD i = 0;
  481. LDAPModW ** ppLDAPModW = NULL;
  482. LDAPModW * pLDAPModW = NULL;
  483. DWORD dwNumAttributes = 4;
  484. DWORD dwError = 0;
  485. WCHAR Buffer[64];
  486. if (!pIpsecISAKMPObject->pszIpsecName ||
  487. !*pIpsecISAKMPObject->pszIpsecName) {
  488. dwNumAttributes--;
  489. }
  490. ppLDAPModW = (LDAPModW **) AllocPolMem(
  491. (dwNumAttributes+1) * sizeof(LDAPModW*)
  492. );
  493. if (!ppLDAPModW) {
  494. dwError = ERROR_OUTOFMEMORY;
  495. BAIL_ON_WIN32_ERROR(dwError);
  496. }
  497. pLDAPModW = (LDAPModW *) AllocPolMem(
  498. dwNumAttributes * sizeof(LDAPModW)
  499. );
  500. if (!pLDAPModW) {
  501. dwError = ERROR_OUTOFMEMORY;
  502. BAIL_ON_WIN32_ERROR(dwError);
  503. }
  504. //
  505. // 1. ipsecName
  506. //
  507. if (pIpsecISAKMPObject->pszIpsecName &&
  508. *pIpsecISAKMPObject->pszIpsecName) {
  509. ppLDAPModW[i] = pLDAPModW + i;
  510. dwError = AllocatePolString(
  511. L"ipsecName",
  512. &(pLDAPModW +i)->mod_type
  513. );
  514. BAIL_ON_WIN32_ERROR(dwError);
  515. dwError = AllocateLDAPStringValue(
  516. pIpsecISAKMPObject->pszIpsecName,
  517. (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values
  518. );
  519. BAIL_ON_WIN32_ERROR(dwError);
  520. (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE;
  521. i++;
  522. }
  523. //
  524. // 2. ipsecID
  525. //
  526. ppLDAPModW[i] = pLDAPModW + i;
  527. dwError = AllocatePolString(
  528. L"ipsecID",
  529. &(pLDAPModW +i)->mod_type
  530. );
  531. BAIL_ON_WIN32_ERROR(dwError);
  532. dwError = AllocateLDAPStringValue(
  533. pIpsecISAKMPObject->pszIpsecID,
  534. (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values
  535. );
  536. BAIL_ON_WIN32_ERROR(dwError);
  537. (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE;
  538. i++;
  539. //
  540. // 3. ipsecDataType
  541. //
  542. ppLDAPModW[i] = pLDAPModW + i;
  543. dwError = AllocatePolString(
  544. L"ipsecDataType",
  545. &(pLDAPModW +i)->mod_type
  546. );
  547. BAIL_ON_WIN32_ERROR(dwError);
  548. _itow( pIpsecISAKMPObject->dwIpsecDataType, Buffer, 10 );
  549. dwError = AllocateLDAPStringValue(
  550. Buffer,
  551. (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values
  552. );
  553. BAIL_ON_WIN32_ERROR(dwError);
  554. (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE;
  555. i++;
  556. //
  557. // 4. ipsecData
  558. //
  559. ppLDAPModW[i] = pLDAPModW + i;
  560. dwError = AllocatePolString(
  561. L"ipsecData",
  562. &(pLDAPModW +i)->mod_type
  563. );
  564. BAIL_ON_WIN32_ERROR(dwError);
  565. dwError = AllocateLDAPBinaryValue(
  566. pIpsecISAKMPObject->pIpsecData,
  567. pIpsecISAKMPObject->dwIpsecDataLen,
  568. (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values
  569. );
  570. BAIL_ON_WIN32_ERROR(dwError);
  571. (pLDAPModW+i)->mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
  572. i++;
  573. *pppLDAPModW = ppLDAPModW;
  574. return(dwError);
  575. error:
  576. if (ppLDAPModW) {
  577. FreeLDAPModWs(
  578. ppLDAPModW
  579. );
  580. }
  581. *pppLDAPModW = NULL;
  582. return(dwError);
  583. }
  584. DWORD
  585. GenerateAllISAKMPsQuery(
  586. LPWSTR * ppszISAKMPString
  587. )
  588. {
  589. DWORD dwError = 0;
  590. DWORD dwLength = 0;
  591. LPWSTR pszISAKMPString = NULL;
  592. //
  593. // Compute Length of Buffer to be allocated
  594. //
  595. dwLength = wcslen(L"(objectclass=ipsecISAKMPPolicy)");
  596. pszISAKMPString = (LPWSTR) AllocPolMem((dwLength + 1)*sizeof(WCHAR));
  597. if (!pszISAKMPString) {
  598. dwError = ERROR_OUTOFMEMORY;
  599. BAIL_ON_WIN32_ERROR(dwError);
  600. }
  601. //
  602. // Now fill in the buffer
  603. //
  604. wcscpy(pszISAKMPString, L"(objectclass=ipsecISAKMPPolicy)");
  605. *ppszISAKMPString = pszISAKMPString;
  606. return(0);
  607. error:
  608. if (pszISAKMPString) {
  609. FreePolMem(pszISAKMPString);
  610. }
  611. *ppszISAKMPString = NULL;
  612. return(dwError);
  613. }
  614. DWORD
  615. DirUnmarshallISAKMPData(
  616. PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject,
  617. PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData
  618. )
  619. {
  620. DWORD dwError = 0;
  621. dwError = UnmarshallISAKMPObject(
  622. pIpsecISAKMPObject,
  623. ppIpsecISAKMPData
  624. );
  625. return(dwError);
  626. }
  627. DWORD
  628. DirMarshallISAKMPObject(
  629. PIPSEC_ISAKMP_DATA pIpsecISAKMPData,
  630. LPWSTR pszIpsecRootContainer,
  631. PIPSEC_ISAKMP_OBJECT * ppIpsecISAKMPObject
  632. )
  633. {
  634. DWORD dwError = 0;
  635. PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject = NULL;
  636. WCHAR szGuid[MAX_PATH];
  637. WCHAR szDistinguishedName[MAX_PATH];
  638. LPBYTE pBuffer = NULL;
  639. DWORD dwBufferLen = 0;
  640. LPWSTR pszStringUuid = NULL;
  641. szGuid[0] = L'\0';
  642. szDistinguishedName[0] = L'\0';
  643. pIpsecISAKMPObject = (PIPSEC_ISAKMP_OBJECT)AllocPolMem(
  644. sizeof(IPSEC_ISAKMP_OBJECT)
  645. );
  646. if (!pIpsecISAKMPObject) {
  647. dwError = ERROR_OUTOFMEMORY;
  648. BAIL_ON_WIN32_ERROR(dwError);
  649. }
  650. dwError = UuidToString(
  651. &pIpsecISAKMPData->ISAKMPIdentifier,
  652. &pszStringUuid
  653. );
  654. BAIL_ON_WIN32_ERROR(dwError);
  655. wcscpy(szGuid, L"{");
  656. wcscat(szGuid, pszStringUuid);
  657. wcscat(szGuid, L"}");
  658. //
  659. // Fill in the distinguishedName
  660. //
  661. wcscpy(szDistinguishedName,L"CN=ipsecISAKMPPolicy");
  662. wcscat(szDistinguishedName, szGuid);
  663. wcscat(szDistinguishedName, L",");
  664. SecStrCatW(szDistinguishedName, pszIpsecRootContainer, MAX_PATH);
  665. pIpsecISAKMPObject->pszDistinguishedName = AllocPolStr(
  666. szDistinguishedName
  667. );
  668. if (!pIpsecISAKMPObject->pszDistinguishedName) {
  669. dwError = ERROR_OUTOFMEMORY;
  670. BAIL_ON_WIN32_ERROR(dwError);
  671. }
  672. //
  673. // Fill in the ipsecName.
  674. // ISAKMPData doesn't have a name.
  675. //
  676. pIpsecISAKMPObject->pszIpsecName = NULL;
  677. /*
  678. if (pIpsecISAKMPData->pszIpsecName &&
  679. *pIpsecISAKMPData->pszIpsecName) {
  680. pIpsecISAKMPObject->pszIpsecName = AllocPolStr(
  681. pIpsecISAKMPData->pszIpsecName
  682. );
  683. if (!pIpsecISAKMPObject->pszIpsecName) {
  684. dwError = ERROR_OUTOFMEMORY;
  685. BAIL_ON_WIN32_ERROR(dwError);
  686. }
  687. }
  688. */
  689. //
  690. // Fill in the ipsecID
  691. //
  692. pIpsecISAKMPObject->pszIpsecID = AllocPolStr(
  693. szGuid
  694. );
  695. if (!pIpsecISAKMPObject->pszIpsecID) {
  696. dwError = ERROR_OUTOFMEMORY;
  697. BAIL_ON_WIN32_ERROR(dwError);
  698. }
  699. //
  700. // Fill in the ipsecDataType
  701. //
  702. pIpsecISAKMPObject->dwIpsecDataType = 0x100;
  703. //
  704. // Marshall the pIpsecDataBuffer and the Length
  705. //
  706. dwError = MarshallISAKMPBuffer(
  707. pIpsecISAKMPData,
  708. &pBuffer,
  709. &dwBufferLen
  710. );
  711. BAIL_ON_WIN32_ERROR(dwError);
  712. pIpsecISAKMPObject->pIpsecData = pBuffer;
  713. pIpsecISAKMPObject->dwIpsecDataLen = dwBufferLen;
  714. pIpsecISAKMPObject->dwWhenChanged = 0;
  715. *ppIpsecISAKMPObject = pIpsecISAKMPObject;
  716. cleanup:
  717. if (pszStringUuid) {
  718. RpcStringFree(
  719. &pszStringUuid
  720. );
  721. }
  722. return(dwError);
  723. error:
  724. if (pIpsecISAKMPObject) {
  725. FreeIpsecISAKMPObject(
  726. pIpsecISAKMPObject
  727. );
  728. }
  729. *ppIpsecISAKMPObject = NULL;
  730. goto cleanup;
  731. }
  732. DWORD
  733. DirGetISAKMPData(
  734. HLDAP hLdapBindHandle,
  735. LPWSTR pszIpsecRootContainer,
  736. GUID ISAKMPGUID,
  737. PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData
  738. )
  739. {
  740. DWORD dwError = 0;
  741. PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject = NULL;
  742. PIPSEC_ISAKMP_DATA pIpsecISAKMPData = NULL;
  743. dwError = DirGetISAKMPObject(
  744. hLdapBindHandle,
  745. pszIpsecRootContainer,
  746. ISAKMPGUID,
  747. &pIpsecISAKMPObject
  748. );
  749. BAIL_ON_WIN32_ERROR(dwError);
  750. dwError = DirUnmarshallISAKMPData(
  751. pIpsecISAKMPObject,
  752. &pIpsecISAKMPData
  753. );
  754. BAIL_ON_WIN32_ERROR(dwError);
  755. *ppIpsecISAKMPData = pIpsecISAKMPData;
  756. cleanup:
  757. if (pIpsecISAKMPObject) {
  758. FreeIpsecISAKMPObject(
  759. pIpsecISAKMPObject
  760. );
  761. }
  762. return(dwError);
  763. error:
  764. *ppIpsecISAKMPData = NULL;
  765. goto cleanup;
  766. }
  767. DWORD
  768. DirGetISAKMPObject(
  769. HLDAP hLdapBindHandle,
  770. LPWSTR pszIpsecRootContainer,
  771. GUID ISAKMPGUID,
  772. PIPSEC_ISAKMP_OBJECT * ppIpsecISAKMPObject
  773. )
  774. {
  775. DWORD dwError = 0;
  776. LPWSTR pszISAKMPString = NULL;
  777. LDAPMessage * res = NULL;
  778. DWORD dwCount = 0;
  779. LDAPMessage * e = NULL;
  780. PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject = NULL;
  781. dwError = GenerateSpecificISAKMPQuery(
  782. ISAKMPGUID,
  783. &pszISAKMPString
  784. );
  785. BAIL_ON_WIN32_ERROR(dwError);
  786. dwError = LdapSearchST(
  787. hLdapBindHandle,
  788. pszIpsecRootContainer,
  789. LDAP_SCOPE_ONELEVEL,
  790. pszISAKMPString,
  791. ISAKMPDNAttributes,
  792. 0,
  793. NULL,
  794. &res
  795. );
  796. BAIL_ON_WIN32_ERROR(dwError);
  797. dwCount = LdapCountEntries(
  798. hLdapBindHandle,
  799. res
  800. );
  801. if (!dwCount) {
  802. dwError = ERROR_DS_NO_ATTRIBUTE_OR_VALUE;
  803. BAIL_ON_WIN32_ERROR(dwError);
  804. }
  805. dwError = LdapFirstEntry(
  806. hLdapBindHandle,
  807. res,
  808. &e
  809. );
  810. BAIL_ON_WIN32_ERROR(dwError);
  811. dwError = UnMarshallISAKMPObject(
  812. hLdapBindHandle,
  813. e,
  814. &pIpsecISAKMPObject
  815. );
  816. BAIL_ON_WIN32_ERROR(dwError);
  817. *ppIpsecISAKMPObject = pIpsecISAKMPObject;
  818. dwError = ERROR_SUCCESS;
  819. cleanup:
  820. if (pszISAKMPString) {
  821. FreePolMem(pszISAKMPString);
  822. }
  823. if (res) {
  824. LdapMsgFree(res);
  825. }
  826. return(dwError);
  827. error:
  828. if (pIpsecISAKMPObject) {
  829. FreeIpsecISAKMPObject(
  830. pIpsecISAKMPObject
  831. );
  832. }
  833. *ppIpsecISAKMPObject = NULL;
  834. goto cleanup;
  835. }
  836. DWORD
  837. GenerateSpecificISAKMPQuery(
  838. GUID ISAKMPIdentifier,
  839. LPWSTR * ppszISAKMPString
  840. )
  841. {
  842. DWORD dwError = ERROR_SUCCESS;
  843. WCHAR szGuid[MAX_PATH];
  844. WCHAR szCommonName[MAX_PATH];
  845. LPWSTR pszStringUuid = NULL;
  846. DWORD dwLength = 0;
  847. LPWSTR pszISAKMPString = NULL;
  848. szGuid[0] = L'\0';
  849. szCommonName[0] = L'\0';
  850. dwError = UuidToString(
  851. &ISAKMPIdentifier,
  852. &pszStringUuid
  853. );
  854. BAIL_ON_WIN32_ERROR(dwError);
  855. wcscpy(szGuid, L"{");
  856. wcscat(szGuid, pszStringUuid);
  857. wcscat(szGuid, L"}");
  858. wcscpy(szCommonName, L"cn=ipsecISAKMPPolicy");
  859. wcscat(szCommonName, szGuid);
  860. //
  861. // Compute Length of Buffer to be allocated
  862. //
  863. dwLength = wcslen(L"(&(objectclass=ipsecISAKMPPolicy)");
  864. dwLength += wcslen(L"(");
  865. dwLength += wcslen(szCommonName);
  866. dwLength += wcslen(L"))");
  867. pszISAKMPString = (LPWSTR) AllocPolMem((dwLength + 1)*sizeof(WCHAR));
  868. if (!pszISAKMPString) {
  869. dwError = ERROR_OUTOFMEMORY;
  870. BAIL_ON_WIN32_ERROR(dwError);
  871. }
  872. wcscpy(pszISAKMPString, L"(&(objectclass=ipsecISAKMPPolicy)");
  873. wcscat(pszISAKMPString, L"(");
  874. wcscat(pszISAKMPString, szCommonName);
  875. wcscat(pszISAKMPString, L"))");
  876. *ppszISAKMPString = pszISAKMPString;
  877. cleanup:
  878. if (pszStringUuid) {
  879. RpcStringFree(&pszStringUuid);
  880. }
  881. return(dwError);
  882. error:
  883. if (pszISAKMPString) {
  884. FreePolMem(pszISAKMPString);
  885. }
  886. *ppszISAKMPString = NULL;
  887. goto cleanup;
  888. }