Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

956 lines
26 KiB

  1. #include "precomp.h"
  2. DWORD
  3. RegRestoreDefaults(
  4. HANDLE hPolicyStore,
  5. HKEY hRegistryKey,
  6. LPWSTR pszIpsecRootContainer,
  7. LPWSTR pszLocationName
  8. )
  9. {
  10. DWORD dwError = 0;
  11. LPWSTR * ppszIpsecAllFilterNFAReferences = NULL;
  12. DWORD dwNumAllFilterNFAReferences = 0;
  13. LPWSTR * ppszIpsecAllICMPFilterNFAReferences = NULL;
  14. DWORD dwNumAllICMPFilterNFAReferences = 0;
  15. LPWSTR * ppszIpsecPermitNegPolNFAReferences = NULL;
  16. DWORD dwNumPermitNegPolNFAReferences = 0;
  17. LPWSTR * ppszIpsecSecIniNegPolNFAReferences = NULL;
  18. DWORD dwNumSecIniNegPolNFAReferences = 0;
  19. LPWSTR * ppszIpsecLockdownNegPolNFAReferences = NULL;
  20. DWORD dwNumLockdownNegPolNFAReferences = 0;
  21. LPWSTR * ppszIpsecLockdownISAKMPPolicyReferences = NULL;
  22. DWORD dwNumLockdownISAKMPPolicyReferences = 0;
  23. LPWSTR * ppszIpsecSecIniISAKMPPolicyReferences = NULL;
  24. DWORD dwNumSecIniISAKMPPolicyReferences = 0;
  25. LPWSTR * ppszIpsecResponderISAKMPPolicyReferences = NULL;
  26. DWORD dwNumResponderISAKMPPolicyReferences = 0;
  27. LPWSTR * ppszIpsecDefaultISAKMPPolicyReferences = NULL;
  28. DWORD dwNumDefaultISAKMPPolicyReferences = 0;
  29. static const GUID GUID_ALL_FILTER=
  30. { 0x7238523a, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
  31. static const GUID GUID_ALL_ICMP_FILTER =
  32. { 0x72385235, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
  33. static const GUID GUID_PERMIT_NEGPOL =
  34. { 0x7238523b, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
  35. static const GUID GUID_SECURE_INITIATOR_NEGPOL =
  36. { 0x72385233, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
  37. static const GUID GUID_LOCKDOWN_NEGPOL =
  38. { 0x7238523f, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
  39. static const GUID GUID_RESPONDER_ISAKMP =
  40. { 0x72385237, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
  41. static const GUID GUID_SECURE_INITIATOR_ISAKMP =
  42. { 0x72385231, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
  43. static const GUID GUID_LOCKDOWN_ISAKMP =
  44. { 0x7238523d, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
  45. static const GUID GUID_DEFAULT_ISAKMP=
  46. { 0x72385234, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
  47. dwError = RegRemoveDefaults(
  48. hRegistryKey,
  49. pszIpsecRootContainer,
  50. pszLocationName
  51. );
  52. dwError = RegDeleteDefaultFilterData(
  53. hRegistryKey,
  54. pszIpsecRootContainer,
  55. GUID_ALL_FILTER,
  56. &ppszIpsecAllFilterNFAReferences,
  57. &dwNumAllFilterNFAReferences
  58. );
  59. dwError = RegDeleteDefaultFilterData(
  60. hRegistryKey,
  61. pszIpsecRootContainer,
  62. GUID_ALL_ICMP_FILTER,
  63. &ppszIpsecAllICMPFilterNFAReferences,
  64. &dwNumAllICMPFilterNFAReferences
  65. );
  66. dwError = RegDeleteDefaultNegPolData(
  67. hRegistryKey,
  68. pszIpsecRootContainer,
  69. GUID_PERMIT_NEGPOL,
  70. &ppszIpsecPermitNegPolNFAReferences,
  71. &dwNumPermitNegPolNFAReferences
  72. );
  73. dwError = RegDeleteDefaultNegPolData(
  74. hRegistryKey,
  75. pszIpsecRootContainer,
  76. GUID_SECURE_INITIATOR_NEGPOL,
  77. &ppszIpsecSecIniNegPolNFAReferences,
  78. &dwNumSecIniNegPolNFAReferences
  79. );
  80. dwError = RegDeleteDefaultNegPolData(
  81. hRegistryKey,
  82. pszIpsecRootContainer,
  83. GUID_LOCKDOWN_NEGPOL,
  84. &ppszIpsecLockdownNegPolNFAReferences,
  85. &dwNumLockdownNegPolNFAReferences
  86. );
  87. dwError = RegDeleteDefaultISAKMPData(
  88. hRegistryKey,
  89. pszIpsecRootContainer,
  90. GUID_LOCKDOWN_ISAKMP,
  91. &ppszIpsecLockdownISAKMPPolicyReferences,
  92. &dwNumLockdownISAKMPPolicyReferences
  93. );
  94. dwError = RegDeleteDefaultISAKMPData(
  95. hRegistryKey,
  96. pszIpsecRootContainer,
  97. GUID_SECURE_INITIATOR_ISAKMP,
  98. &ppszIpsecSecIniISAKMPPolicyReferences,
  99. &dwNumSecIniISAKMPPolicyReferences
  100. );
  101. dwError = RegDeleteDefaultISAKMPData(
  102. hRegistryKey,
  103. pszIpsecRootContainer,
  104. GUID_RESPONDER_ISAKMP,
  105. &ppszIpsecResponderISAKMPPolicyReferences,
  106. &dwNumResponderISAKMPPolicyReferences
  107. );
  108. dwError = RegDeleteDefaultISAKMPData(
  109. hRegistryKey,
  110. pszIpsecRootContainer,
  111. GUID_DEFAULT_ISAKMP,
  112. &ppszIpsecDefaultISAKMPPolicyReferences,
  113. &dwNumDefaultISAKMPPolicyReferences
  114. );
  115. dwError = GenerateDefaultInformation(
  116. hPolicyStore
  117. );
  118. BAIL_ON_WIN32_ERROR(dwError);
  119. dwError = RegUpdateFilterOwnersReference(
  120. hRegistryKey,
  121. pszIpsecRootContainer,
  122. GUID_ALL_FILTER,
  123. ppszIpsecAllFilterNFAReferences,
  124. dwNumAllFilterNFAReferences
  125. );
  126. dwError = RegUpdateFilterOwnersReference(
  127. hRegistryKey,
  128. pszIpsecRootContainer,
  129. GUID_ALL_ICMP_FILTER,
  130. ppszIpsecAllICMPFilterNFAReferences,
  131. dwNumAllICMPFilterNFAReferences
  132. );
  133. dwError = RegUpdateNegPolOwnersReference(
  134. hRegistryKey,
  135. pszIpsecRootContainer,
  136. GUID_LOCKDOWN_NEGPOL,
  137. ppszIpsecLockdownNegPolNFAReferences,
  138. dwNumLockdownNegPolNFAReferences
  139. );
  140. dwError = RegUpdateNegPolOwnersReference(
  141. hRegistryKey,
  142. pszIpsecRootContainer,
  143. GUID_SECURE_INITIATOR_NEGPOL,
  144. ppszIpsecSecIniNegPolNFAReferences,
  145. dwNumSecIniNegPolNFAReferences
  146. );
  147. dwError = RegUpdateNegPolOwnersReference(
  148. hRegistryKey,
  149. pszIpsecRootContainer,
  150. GUID_PERMIT_NEGPOL,
  151. ppszIpsecPermitNegPolNFAReferences,
  152. dwNumPermitNegPolNFAReferences
  153. );
  154. dwError = RegUpdateISAKMPOwnersReference(
  155. hRegistryKey,
  156. pszIpsecRootContainer,
  157. GUID_LOCKDOWN_ISAKMP,
  158. ppszIpsecLockdownISAKMPPolicyReferences,
  159. dwNumLockdownISAKMPPolicyReferences
  160. );
  161. dwError = RegUpdateISAKMPOwnersReference(
  162. hRegistryKey,
  163. pszIpsecRootContainer,
  164. GUID_SECURE_INITIATOR_ISAKMP,
  165. ppszIpsecSecIniISAKMPPolicyReferences,
  166. dwNumSecIniISAKMPPolicyReferences
  167. );
  168. dwError = RegUpdateISAKMPOwnersReference(
  169. hRegistryKey,
  170. pszIpsecRootContainer,
  171. GUID_RESPONDER_ISAKMP,
  172. ppszIpsecResponderISAKMPPolicyReferences,
  173. dwNumResponderISAKMPPolicyReferences
  174. );
  175. dwError = RegUpdateISAKMPOwnersReference(
  176. hRegistryKey,
  177. pszIpsecRootContainer,
  178. GUID_DEFAULT_ISAKMP,
  179. ppszIpsecDefaultISAKMPPolicyReferences,
  180. dwNumDefaultISAKMPPolicyReferences
  181. );
  182. (VOID) RegPingPASvcForActivePolicy(
  183. hRegistryKey,
  184. pszIpsecRootContainer,
  185. pszLocationName
  186. );
  187. error:
  188. if (ppszIpsecAllFilterNFAReferences) {
  189. FreeNFAReferences(
  190. ppszIpsecAllFilterNFAReferences,
  191. dwNumAllFilterNFAReferences
  192. );
  193. }
  194. if (ppszIpsecAllICMPFilterNFAReferences) {
  195. FreeNFAReferences(
  196. ppszIpsecAllICMPFilterNFAReferences,
  197. dwNumAllICMPFilterNFAReferences
  198. );
  199. }
  200. if (ppszIpsecPermitNegPolNFAReferences) {
  201. FreeNFAReferences(
  202. ppszIpsecPermitNegPolNFAReferences,
  203. dwNumPermitNegPolNFAReferences
  204. );
  205. }
  206. if (ppszIpsecSecIniNegPolNFAReferences) {
  207. FreeNFAReferences(
  208. ppszIpsecSecIniNegPolNFAReferences,
  209. dwNumSecIniNegPolNFAReferences
  210. );
  211. }
  212. if (ppszIpsecLockdownNegPolNFAReferences) {
  213. FreeNFAReferences(
  214. ppszIpsecLockdownNegPolNFAReferences,
  215. dwNumLockdownNegPolNFAReferences
  216. );
  217. }
  218. if (ppszIpsecResponderISAKMPPolicyReferences) {
  219. FreeNFAReferences(
  220. ppszIpsecResponderISAKMPPolicyReferences,
  221. dwNumResponderISAKMPPolicyReferences
  222. );
  223. }
  224. if (ppszIpsecSecIniISAKMPPolicyReferences) {
  225. FreeNFAReferences(
  226. ppszIpsecSecIniISAKMPPolicyReferences,
  227. dwNumSecIniISAKMPPolicyReferences
  228. );
  229. }
  230. if (ppszIpsecLockdownISAKMPPolicyReferences) {
  231. FreeNFAReferences(
  232. ppszIpsecLockdownISAKMPPolicyReferences,
  233. dwNumLockdownISAKMPPolicyReferences
  234. );
  235. }
  236. if (ppszIpsecDefaultISAKMPPolicyReferences) {
  237. FreeNFAReferences(
  238. ppszIpsecDefaultISAKMPPolicyReferences,
  239. dwNumDefaultISAKMPPolicyReferences
  240. );
  241. }
  242. return (dwError);
  243. }
  244. DWORD
  245. RegRemoveDefaults(
  246. HKEY hRegistryKey,
  247. LPWSTR pszIpsecRootContainer,
  248. LPWSTR pszLocationName
  249. )
  250. {
  251. DWORD dwError = 0;
  252. static const GUID GUID_RESPONDER_POLICY =
  253. { 0x72385236, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
  254. static const GUID GUID_SECURE_INITIATOR_POLICY =
  255. { 0x72385230, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
  256. static const GUID GUID_LOCKDOWN_POLICY =
  257. { 0x7238523c, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
  258. dwError = RegDeleteDefaultPolicyData(
  259. hRegistryKey,
  260. pszIpsecRootContainer,
  261. pszLocationName,
  262. GUID_LOCKDOWN_POLICY
  263. );
  264. dwError = RegDeleteDefaultPolicyData(
  265. hRegistryKey,
  266. pszIpsecRootContainer,
  267. pszLocationName,
  268. GUID_SECURE_INITIATOR_POLICY
  269. );
  270. dwError = RegDeleteDefaultPolicyData(
  271. hRegistryKey,
  272. pszIpsecRootContainer,
  273. pszLocationName,
  274. GUID_RESPONDER_POLICY
  275. );
  276. dwError = ERROR_SUCCESS;
  277. return (dwError);
  278. }
  279. DWORD
  280. RegDeleteDefaultPolicyData(
  281. HKEY hRegistryKey,
  282. LPWSTR pszIpsecRootContainer,
  283. LPWSTR pszLocationName,
  284. GUID PolicyGUID
  285. )
  286. {
  287. DWORD dwError = 0;
  288. PIPSEC_POLICY_DATA pIpsecPolicyData = NULL;
  289. PIPSEC_NFA_DATA * ppIpsecNFAData = NULL;
  290. DWORD dwNumNFAObjects = 0;
  291. DWORD i = 0;
  292. PIPSEC_NFA_DATA pIpsecNFAData = NULL;
  293. dwError = RegGetPolicyData(
  294. hRegistryKey,
  295. pszIpsecRootContainer,
  296. PolicyGUID,
  297. &pIpsecPolicyData
  298. );
  299. BAIL_ON_WIN32_ERROR(dwError);
  300. dwError = RegEnumNFAData(
  301. hRegistryKey,
  302. pszIpsecRootContainer,
  303. PolicyGUID,
  304. &ppIpsecNFAData,
  305. &dwNumNFAObjects
  306. );
  307. for (i = 0; i < dwNumNFAObjects; i++) {
  308. pIpsecNFAData = *(ppIpsecNFAData + i);
  309. dwError = RegDeleteNFAData(
  310. hRegistryKey,
  311. pszIpsecRootContainer,
  312. PolicyGUID,
  313. pszLocationName,
  314. pIpsecNFAData
  315. );
  316. dwError = RegDeleteDynamicDefaultNegPolData(
  317. hRegistryKey,
  318. pszIpsecRootContainer,
  319. pszLocationName,
  320. pIpsecNFAData->NegPolIdentifier
  321. );
  322. }
  323. dwError = RegDeletePolicyData(
  324. hRegistryKey,
  325. pszIpsecRootContainer,
  326. pIpsecPolicyData
  327. );
  328. BAIL_ON_WIN32_ERROR(dwError);
  329. error:
  330. if (ppIpsecNFAData) {
  331. FreeMulIpsecNFAData(
  332. ppIpsecNFAData,
  333. dwNumNFAObjects
  334. );
  335. }
  336. if (pIpsecPolicyData) {
  337. FreeIpsecPolicyData(
  338. pIpsecPolicyData
  339. );
  340. }
  341. return(dwError);
  342. }
  343. DWORD
  344. RegDeleteDynamicDefaultNegPolData(
  345. HKEY hRegistryKey,
  346. LPWSTR pszIpsecRootContainer,
  347. LPWSTR pszLocationName,
  348. GUID NegPolGUID
  349. )
  350. {
  351. DWORD dwError = 0;
  352. PIPSEC_NEGPOL_DATA pIpsecNegPolData = NULL;
  353. dwError = RegGetNegPolData(
  354. hRegistryKey,
  355. pszIpsecRootContainer,
  356. NegPolGUID,
  357. &pIpsecNegPolData
  358. );
  359. BAIL_ON_WIN32_ERROR(dwError);
  360. if (!memcmp(
  361. &(pIpsecNegPolData->NegPolType),
  362. &(GUID_NEGOTIATION_TYPE_DEFAULT),
  363. sizeof(GUID))) {
  364. dwError = RegDeleteNegPolData(
  365. hRegistryKey,
  366. pszIpsecRootContainer,
  367. NegPolGUID
  368. );
  369. BAIL_ON_WIN32_ERROR(dwError);
  370. }
  371. error:
  372. if (pIpsecNegPolData) {
  373. FreeIpsecNegPolData(
  374. pIpsecNegPolData
  375. );
  376. }
  377. return(dwError);
  378. }
  379. DWORD
  380. RegDeleteDefaultFilterData(
  381. HKEY hRegistryKey,
  382. LPWSTR pszIpsecRootContainer,
  383. GUID FilterIdentifier,
  384. LPWSTR ** pppszIpsecNFAReferences,
  385. PDWORD pdwNumReferences
  386. )
  387. {
  388. DWORD dwError = 0;
  389. *pppszIpsecNFAReferences = NULL;
  390. *pdwNumReferences = 0;
  391. dwError = RegRemoveOwnersReferenceInFilter(
  392. hRegistryKey,
  393. pszIpsecRootContainer,
  394. FilterIdentifier,
  395. pppszIpsecNFAReferences,
  396. pdwNumReferences
  397. );
  398. BAIL_ON_WIN32_ERROR(dwError);
  399. dwError = RegDeleteFilterData(
  400. hRegistryKey,
  401. pszIpsecRootContainer,
  402. FilterIdentifier
  403. );
  404. error:
  405. return (dwError);
  406. }
  407. DWORD
  408. RegDeleteDefaultNegPolData(
  409. HKEY hRegistryKey,
  410. LPWSTR pszIpsecRootContainer,
  411. GUID NegPolIdentifier,
  412. LPWSTR ** pppszIpsecNFAReferences,
  413. PDWORD pdwNumReferences
  414. )
  415. {
  416. DWORD dwError = 0;
  417. *pppszIpsecNFAReferences = NULL;
  418. *pdwNumReferences = 0;
  419. dwError = RegRemoveOwnersReferenceInNegPol(
  420. hRegistryKey,
  421. pszIpsecRootContainer,
  422. NegPolIdentifier,
  423. pppszIpsecNFAReferences,
  424. pdwNumReferences
  425. );
  426. BAIL_ON_WIN32_ERROR(dwError);
  427. dwError = RegDeleteNegPolData(
  428. hRegistryKey,
  429. pszIpsecRootContainer,
  430. NegPolIdentifier
  431. );
  432. error:
  433. return (dwError);
  434. }
  435. DWORD
  436. RegDeleteDefaultISAKMPData(
  437. HKEY hRegistryKey,
  438. LPWSTR pszIpsecRootContainer,
  439. GUID ISAKMPIdentifier,
  440. LPWSTR ** pppszIpsecPolicyReferences,
  441. PDWORD pdwNumReferences
  442. )
  443. {
  444. DWORD dwError = 0;
  445. *pppszIpsecPolicyReferences = NULL;
  446. *pdwNumReferences = 0;
  447. dwError = RegRemoveOwnersReferenceInISAKMP(
  448. hRegistryKey,
  449. pszIpsecRootContainer,
  450. ISAKMPIdentifier,
  451. pppszIpsecPolicyReferences,
  452. pdwNumReferences
  453. );
  454. BAIL_ON_WIN32_ERROR(dwError);
  455. dwError = RegDeleteISAKMPData(
  456. hRegistryKey,
  457. pszIpsecRootContainer,
  458. ISAKMPIdentifier
  459. );
  460. error:
  461. return (dwError);
  462. }
  463. DWORD
  464. RegRemoveOwnersReferenceInFilter(
  465. HKEY hRegistryKey,
  466. LPWSTR pszIpsecRootContainer,
  467. GUID FilterIdentifier,
  468. LPWSTR ** pppszIpsecNFAReferences,
  469. PDWORD pdwNumReferences
  470. )
  471. {
  472. DWORD dwError = 0;
  473. LPWSTR pszIpsecFilterReference = NULL;
  474. DWORD dwRootPathLen = 0;
  475. LPWSTR pszRelativeName = NULL;
  476. LPWSTR * ppszIpsecNFAReferences = NULL;
  477. DWORD dwNumReferences = 0;
  478. DWORD i = 0;
  479. LPWSTR pszIpsecNFAReference = NULL;
  480. dwError = ConvertGuidToFilterString(
  481. FilterIdentifier,
  482. pszIpsecRootContainer,
  483. &pszIpsecFilterReference
  484. );
  485. BAIL_ON_WIN32_ERROR(dwError);
  486. dwRootPathLen = wcslen(pszIpsecRootContainer);
  487. pszRelativeName = pszIpsecFilterReference + dwRootPathLen + 1;
  488. dwError = RegGetNFAReferencesForFilter(
  489. hRegistryKey,
  490. pszIpsecRootContainer,
  491. pszRelativeName,
  492. &ppszIpsecNFAReferences,
  493. &dwNumReferences
  494. );
  495. for (i = 0; i < dwNumReferences; i++) {
  496. pszIpsecNFAReference = *(ppszIpsecNFAReferences + i);
  497. dwError = RegDeleteNFAReferenceInFilterObject(
  498. hRegistryKey,
  499. pszRelativeName,
  500. pszIpsecNFAReference
  501. );
  502. }
  503. *pppszIpsecNFAReferences = ppszIpsecNFAReferences;
  504. *pdwNumReferences = dwNumReferences;
  505. cleanup:
  506. if (pszIpsecFilterReference) {
  507. FreePolStr(
  508. pszIpsecFilterReference
  509. );
  510. }
  511. return(dwError);
  512. error:
  513. if (ppszIpsecNFAReferences) {
  514. FreeNFAReferences(
  515. ppszIpsecNFAReferences,
  516. dwNumReferences
  517. );
  518. }
  519. *pppszIpsecNFAReferences = NULL;
  520. *pdwNumReferences = 0;
  521. goto cleanup;
  522. }
  523. DWORD
  524. RegRemoveOwnersReferenceInNegPol(
  525. HKEY hRegistryKey,
  526. LPWSTR pszIpsecRootContainer,
  527. GUID NegPolIdentifier,
  528. LPWSTR ** pppszIpsecNFAReferences,
  529. PDWORD pdwNumReferences
  530. )
  531. {
  532. DWORD dwError = 0;
  533. LPWSTR pszIpsecNegPolReference = NULL;
  534. DWORD dwRootPathLen = 0;
  535. LPWSTR pszRelativeName = NULL;
  536. LPWSTR * ppszIpsecNFAReferences = NULL;
  537. DWORD dwNumReferences = 0;
  538. DWORD i = 0;
  539. LPWSTR pszIpsecNFAReference = NULL;
  540. dwError = ConvertGuidToNegPolString(
  541. NegPolIdentifier,
  542. pszIpsecRootContainer,
  543. &pszIpsecNegPolReference
  544. );
  545. BAIL_ON_WIN32_ERROR(dwError);
  546. dwRootPathLen = wcslen(pszIpsecRootContainer);
  547. pszRelativeName = pszIpsecNegPolReference + dwRootPathLen + 1;
  548. dwError = RegGetNFAReferencesForNegPol(
  549. hRegistryKey,
  550. pszIpsecRootContainer,
  551. pszRelativeName,
  552. &ppszIpsecNFAReferences,
  553. &dwNumReferences
  554. );
  555. for (i = 0; i < dwNumReferences; i++) {
  556. pszIpsecNFAReference = *(ppszIpsecNFAReferences + i);
  557. dwError = RegDeleteNFAReferenceInNegPolObject(
  558. hRegistryKey,
  559. pszRelativeName,
  560. pszIpsecNFAReference
  561. );
  562. }
  563. *pppszIpsecNFAReferences = ppszIpsecNFAReferences;
  564. *pdwNumReferences = dwNumReferences;
  565. cleanup:
  566. if (pszIpsecNegPolReference) {
  567. FreePolStr(
  568. pszIpsecNegPolReference
  569. );
  570. }
  571. return(dwError);
  572. error:
  573. if (ppszIpsecNFAReferences) {
  574. FreeNFAReferences(
  575. ppszIpsecNFAReferences,
  576. dwNumReferences
  577. );
  578. }
  579. *pppszIpsecNFAReferences = NULL;
  580. *pdwNumReferences = 0;
  581. goto cleanup;
  582. }
  583. DWORD
  584. RegRemoveOwnersReferenceInISAKMP(
  585. HKEY hRegistryKey,
  586. LPWSTR pszIpsecRootContainer,
  587. GUID ISAKMPIdentifier,
  588. LPWSTR ** pppszIpsecPolicyReferences,
  589. PDWORD pdwNumReferences
  590. )
  591. {
  592. DWORD dwError = 0;
  593. LPWSTR pszIpsecISAKMPReference = NULL;
  594. DWORD dwRootPathLen = 0;
  595. LPWSTR pszRelativeName = NULL;
  596. LPWSTR * ppszIpsecPolicyReferences = NULL;
  597. DWORD dwNumReferences = 0;
  598. DWORD i = 0;
  599. LPWSTR pszIpsecPolicyReference = NULL;
  600. dwError = ConvertGuidToISAKMPString(
  601. ISAKMPIdentifier,
  602. pszIpsecRootContainer,
  603. &pszIpsecISAKMPReference
  604. );
  605. BAIL_ON_WIN32_ERROR(dwError);
  606. dwRootPathLen = wcslen(pszIpsecRootContainer);
  607. pszRelativeName = pszIpsecISAKMPReference + dwRootPathLen + 1;
  608. dwError = RegGetPolicyReferencesForISAKMP(
  609. hRegistryKey,
  610. pszIpsecRootContainer,
  611. pszRelativeName,
  612. &ppszIpsecPolicyReferences,
  613. &dwNumReferences
  614. );
  615. for (i = 0; i < dwNumReferences; i++) {
  616. pszIpsecPolicyReference = *(ppszIpsecPolicyReferences + i);
  617. dwError = RegRemovePolicyReferenceFromISAKMPObject(
  618. hRegistryKey,
  619. pszRelativeName,
  620. pszIpsecPolicyReference
  621. );
  622. }
  623. *pppszIpsecPolicyReferences = ppszIpsecPolicyReferences;
  624. *pdwNumReferences = dwNumReferences;
  625. cleanup:
  626. if (pszIpsecISAKMPReference) {
  627. FreePolStr(
  628. pszIpsecISAKMPReference
  629. );
  630. }
  631. return(dwError);
  632. error:
  633. if (ppszIpsecPolicyReferences) {
  634. FreeNFAReferences(
  635. ppszIpsecPolicyReferences,
  636. dwNumReferences
  637. );
  638. }
  639. *pppszIpsecPolicyReferences = NULL;
  640. *pdwNumReferences = 0;
  641. goto cleanup;
  642. }
  643. DWORD
  644. RegUpdateFilterOwnersReference(
  645. HKEY hRegistryKey,
  646. LPWSTR pszIpsecRootContainer,
  647. GUID FilterIdentifier,
  648. LPWSTR * ppszIpsecNFAReferences,
  649. DWORD dwNumNFAReferences
  650. )
  651. {
  652. DWORD dwError = 0;
  653. LPWSTR pszIpsecFilterReference = NULL;
  654. DWORD dwRootPathLen = 0;
  655. LPWSTR pszRelativeName = NULL;
  656. DWORD i = 0;
  657. LPWSTR pszIpsecNFAReference = NULL;
  658. dwError = ConvertGuidToFilterString(
  659. FilterIdentifier,
  660. pszIpsecRootContainer,
  661. &pszIpsecFilterReference
  662. );
  663. BAIL_ON_WIN32_ERROR(dwError);
  664. dwRootPathLen = wcslen(pszIpsecRootContainer);
  665. pszRelativeName = pszIpsecFilterReference + dwRootPathLen + 1;
  666. for (i = 0; i < dwNumNFAReferences; i++) {
  667. pszIpsecNFAReference = *(ppszIpsecNFAReferences + i);
  668. dwError = RegAddNFAReferenceToFilterObject(
  669. hRegistryKey,
  670. pszRelativeName,
  671. pszIpsecNFAReference
  672. );
  673. BAIL_ON_WIN32_ERROR(dwError);
  674. }
  675. error:
  676. if (pszIpsecFilterReference) {
  677. FreePolStr(
  678. pszIpsecFilterReference
  679. );
  680. }
  681. return(dwError);
  682. }
  683. DWORD
  684. RegUpdateNegPolOwnersReference(
  685. HKEY hRegistryKey,
  686. LPWSTR pszIpsecRootContainer,
  687. GUID NegPolIdentifier,
  688. LPWSTR * ppszIpsecNFAReferences,
  689. DWORD dwNumNFAReferences
  690. )
  691. {
  692. DWORD dwError = 0;
  693. LPWSTR pszIpsecNegPolReference = NULL;
  694. DWORD dwRootPathLen = 0;
  695. LPWSTR pszRelativeName = NULL;
  696. DWORD i = 0;
  697. LPWSTR pszIpsecNFAReference = NULL;
  698. dwError = ConvertGuidToNegPolString(
  699. NegPolIdentifier,
  700. pszIpsecRootContainer,
  701. &pszIpsecNegPolReference
  702. );
  703. BAIL_ON_WIN32_ERROR(dwError);
  704. dwRootPathLen = wcslen(pszIpsecRootContainer);
  705. pszRelativeName = pszIpsecNegPolReference + dwRootPathLen + 1;
  706. for (i = 0; i < dwNumNFAReferences; i++) {
  707. pszIpsecNFAReference = *(ppszIpsecNFAReferences + i);
  708. dwError = RegAddNFAReferenceToNegPolObject(
  709. hRegistryKey,
  710. pszRelativeName,
  711. pszIpsecNFAReference
  712. );
  713. BAIL_ON_WIN32_ERROR(dwError);
  714. }
  715. error:
  716. if (pszIpsecNegPolReference) {
  717. FreePolStr(
  718. pszIpsecNegPolReference
  719. );
  720. }
  721. return(dwError);
  722. }
  723. DWORD
  724. RegUpdateISAKMPOwnersReference(
  725. HKEY hRegistryKey,
  726. LPWSTR pszIpsecRootContainer,
  727. GUID ISAKMPIdentifier,
  728. LPWSTR * ppszIpsecPolicyReferences,
  729. DWORD dwNumPolicyReferences
  730. )
  731. {
  732. DWORD dwError = 0;
  733. LPWSTR pszIpsecISAKMPReference = NULL;
  734. DWORD dwRootPathLen = 0;
  735. LPWSTR pszRelativeName = NULL;
  736. DWORD i = 0;
  737. LPWSTR pszIpsecPolicyReference = NULL;
  738. dwError = ConvertGuidToISAKMPString(
  739. ISAKMPIdentifier,
  740. pszIpsecRootContainer,
  741. &pszIpsecISAKMPReference
  742. );
  743. BAIL_ON_WIN32_ERROR(dwError);
  744. dwRootPathLen = wcslen(pszIpsecRootContainer);
  745. pszRelativeName = pszIpsecISAKMPReference + dwRootPathLen + 1;
  746. for (i = 0; i < dwNumPolicyReferences; i++) {
  747. pszIpsecPolicyReference = *(ppszIpsecPolicyReferences + i);
  748. dwError = RegAddPolicyReferenceToISAKMPObject(
  749. hRegistryKey,
  750. pszRelativeName,
  751. pszIpsecPolicyReference
  752. );
  753. BAIL_ON_WIN32_ERROR(dwError);
  754. }
  755. error:
  756. if (pszIpsecISAKMPReference) {
  757. FreePolStr(
  758. pszIpsecISAKMPReference
  759. );
  760. }
  761. return(dwError);
  762. }