archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/net/ipsec/polstore/validate.c

766 lines
18 KiB
Raw Normal View History

commiting as it is
4 years ago
  3. #include "precomp.h"
  5. extern LPWSTR PolicyDNAttributes[];
  7. DWORD
  8. ValidateISAKMPData(
  9. PIPSEC_ISAKMP_DATA pIpsecISAKMPData
  10. )
  11. {
  12. DWORD dwError = 0;
  15. if (!pIpsecISAKMPData) {
  16. dwError = ERROR_INVALID_PARAMETER;
  17. BAIL_ON_WIN32_ERROR(dwError);
  18. }
  20. if (!(pIpsecISAKMPData->pSecurityMethods) ||
  21. !(pIpsecISAKMPData->dwNumISAKMPSecurityMethods)) {
  22. dwError = ERROR_INVALID_PARAMETER;
  23. BAIL_ON_WIN32_ERROR(dwError);
  24. }
  26. error:
  28. return (dwError);
  29. }
  32. DWORD
  33. ValidateNegPolData(
  34. PIPSEC_NEGPOL_DATA pIpsecNegPolData
  35. )
  36. {
  37. DWORD dwError = 0;
  40. if (!pIpsecNegPolData) {
  41. dwError = ERROR_INVALID_PARAMETER;
  42. BAIL_ON_WIN32_ERROR(dwError);
  43. }
  45. if (!IsClearOnly(pIpsecNegPolData->NegPolAction) &&
  46. !IsBlocking(pIpsecNegPolData->NegPolAction)) {
  48. if (!(pIpsecNegPolData->pIpsecSecurityMethods) ||
  49. !(pIpsecNegPolData->dwSecurityMethodCount)) {
  50. dwError = ERROR_INVALID_PARAMETER;
  51. BAIL_ON_WIN32_ERROR(dwError);
  52. }
  54. }
  56. error:
  58. return (dwError);
  59. }
  62. BOOL
  63. IsClearOnly(
  64. GUID gNegPolAction
  65. )
  66. {
  67. if (!memcmp(
  68. &gNegPolAction,
  69. &(GUID_NEGOTIATION_ACTION_NO_IPSEC),
  70. sizeof(GUID))) {
  71. return (TRUE);
  72. }
  73. else {
  74. return (FALSE);
  75. }
  76. }
  79. BOOL
  80. IsBlocking(
  81. GUID gNegPolAction
  82. )
  83. {
  84. if (!memcmp(
  85. &gNegPolAction,
  86. &(GUID_NEGOTIATION_ACTION_BLOCK),
  87. sizeof(GUID))) {
  88. return (TRUE);
  89. }
  90. else {
  91. return (FALSE);
  92. }
  93. }
  96. DWORD
  97. ValidateISAKMPDataDeletion(
  98. HANDLE hPolicyStore,
  99. GUID ISAKMPIdentifier
  100. )
  101. {
  102. DWORD dwError = 0;
  103. PIPSEC_POLICY_STORE pPolicyStore = NULL;
  104. LPWSTR pszIpsecISAKMPReference = NULL;
  105. DWORD dwRootPathLen = 0;
  106. LPWSTR pszRelativeName = NULL;
  107. LPWSTR * ppszIpsecPolicyReferences = NULL;
  108. DWORD dwNumReferences = 0;
  111. pPolicyStore = (PIPSEC_POLICY_STORE) hPolicyStore;
  113. switch (pPolicyStore->dwProvider) {
  115. case IPSEC_REGISTRY_PROVIDER:
  117. dwError = ConvertGuidToISAKMPString(
  118. ISAKMPIdentifier,
  119. pPolicyStore->pszIpsecRootContainer,
  120. &pszIpsecISAKMPReference
  121. );
  122. BAIL_ON_WIN32_ERROR(dwError);
  124. dwRootPathLen = wcslen(pPolicyStore->pszIpsecRootContainer);
  125. pszRelativeName = pszIpsecISAKMPReference + dwRootPathLen + 1;
  127. dwError = RegGetPolicyReferencesForISAKMP(
  128. pPolicyStore->hRegistryKey,
  129. pPolicyStore->pszIpsecRootContainer,
  130. pszRelativeName,
  131. &ppszIpsecPolicyReferences,
  132. &dwNumReferences
  133. );
  134. break;
  136. case IPSEC_DIRECTORY_PROVIDER:
  138. dwError = DirGetPolicyReferencesForISAKMP(
  139. pPolicyStore->hLdapBindHandle,
  140. pPolicyStore->pszIpsecRootContainer,
  141. ISAKMPIdentifier,
  142. &ppszIpsecPolicyReferences,
  143. &dwNumReferences
  144. );
  145. break;
  147. default:
  149. dwError = ERROR_INVALID_PARAMETER;
  150. return (dwError);
  151. break;
  153. }
  155. if (!dwNumReferences) {
  156. dwError = ERROR_SUCCESS;
  157. }
  158. else {
  159. dwError = ERROR_INVALID_DATA;
  160. }
  162. error:
  164. if (pszIpsecISAKMPReference) {
  165. FreePolStr(pszIpsecISAKMPReference);
  166. }
  168. if (ppszIpsecPolicyReferences) {
  169. FreeNFAReferences(
  170. ppszIpsecPolicyReferences,
  171. dwNumReferences
  172. );
  173. }
  175. return (dwError);
  176. }
  179. DWORD
  180. ValidateNegPolDataDeletion(
  181. HANDLE hPolicyStore,
  182. GUID NegPolIdentifier
  183. )
  184. {
  185. DWORD dwError = 0;
  186. PIPSEC_POLICY_STORE pPolicyStore = NULL;
  187. LPWSTR pszIpsecNegPolReference = NULL;
  188. DWORD dwRootPathLen = 0;
  189. LPWSTR pszRelativeName = NULL;
  190. LPWSTR * ppszIpsecNFAReferences = NULL;
  191. DWORD dwNumReferences = 0;
  194. pPolicyStore = (PIPSEC_POLICY_STORE) hPolicyStore;
  196. switch (pPolicyStore->dwProvider) {
  198. case IPSEC_REGISTRY_PROVIDER:
  200. dwError = ConvertGuidToNegPolString(
  201. NegPolIdentifier,
  202. pPolicyStore->pszIpsecRootContainer,
  203. &pszIpsecNegPolReference
  204. );
  205. BAIL_ON_WIN32_ERROR(dwError);
  207. dwRootPathLen = wcslen(pPolicyStore->pszIpsecRootContainer);
  208. pszRelativeName = pszIpsecNegPolReference + dwRootPathLen + 1;
  210. dwError = RegGetNFAReferencesForNegPol(
  211. pPolicyStore->hRegistryKey,
  212. pPolicyStore->pszIpsecRootContainer,
  213. pszRelativeName,
  214. &ppszIpsecNFAReferences,
  215. &dwNumReferences
  216. );
  217. break;
  219. case IPSEC_DIRECTORY_PROVIDER:
  221. dwError = DirGetNFAReferencesForNegPol(
  222. pPolicyStore->hLdapBindHandle,
  223. pPolicyStore->pszIpsecRootContainer,
  224. NegPolIdentifier,
  225. &ppszIpsecNFAReferences,
  226. &dwNumReferences
  227. );
  228. break;
  230. default:
  232. dwError = ERROR_INVALID_PARAMETER;
  233. return (dwError);
  234. break;
  236. }
  238. if (!dwNumReferences) {
  239. dwError = ERROR_SUCCESS;
  240. }
  241. else {
  242. dwError = ERROR_INVALID_DATA;
  243. }
  245. error:
  247. if (pszIpsecNegPolReference) {
  248. FreePolStr(pszIpsecNegPolReference);
  249. }
  251. if (ppszIpsecNFAReferences) {
  252. FreeNFAReferences(
  253. ppszIpsecNFAReferences,
  254. dwNumReferences
  255. );
  256. }
  258. return (dwError);
  259. }
  262. DWORD
  263. ValidateFilterDataDeletion(
  264. HANDLE hPolicyStore,
  265. GUID FilterIdentifier
  266. )
  267. {
  268. DWORD dwError = 0;
  269. PIPSEC_POLICY_STORE pPolicyStore = NULL;
  270. LPWSTR pszIpsecFilterReference = NULL;
  271. DWORD dwRootPathLen = 0;
  272. LPWSTR pszRelativeName = NULL;
  273. LPWSTR * ppszIpsecNFAReferences = NULL;
  274. DWORD dwNumReferences = 0;
  277. pPolicyStore = (PIPSEC_POLICY_STORE) hPolicyStore;
  279. switch (pPolicyStore->dwProvider) {
  281. case IPSEC_REGISTRY_PROVIDER:
  283. dwError = ConvertGuidToFilterString(
  284. FilterIdentifier,
  285. pPolicyStore->pszIpsecRootContainer,
  286. &pszIpsecFilterReference
  287. );
  288. BAIL_ON_WIN32_ERROR(dwError);
  290. dwRootPathLen = wcslen(pPolicyStore->pszIpsecRootContainer);
  291. pszRelativeName = pszIpsecFilterReference + dwRootPathLen + 1;
  293. dwError = RegGetNFAReferencesForFilter(
  294. pPolicyStore->hRegistryKey,
  295. pPolicyStore->pszIpsecRootContainer,
  296. pszRelativeName,
  297. &ppszIpsecNFAReferences,
  298. &dwNumReferences
  299. );
  300. break;
  302. case IPSEC_DIRECTORY_PROVIDER:
  304. dwError = DirGetNFAReferencesForFilter(
  305. pPolicyStore->hLdapBindHandle,
  306. pPolicyStore->pszIpsecRootContainer,
  307. FilterIdentifier,
  308. &ppszIpsecNFAReferences,
  309. &dwNumReferences
  310. );
  311. break;
  313. default:
  315. dwError = ERROR_INVALID_PARAMETER;
  316. return (dwError);
  317. break;
  319. }
  321. if (!dwNumReferences) {
  322. dwError = ERROR_SUCCESS;
  323. }
  324. else {
  325. dwError = ERROR_INVALID_DATA;
  326. }
  328. error:
  330. if (pszIpsecFilterReference) {
  331. FreePolStr(pszIpsecFilterReference);
  332. }
  334. if (ppszIpsecNFAReferences) {
  335. FreeNFAReferences(
  336. ppszIpsecNFAReferences,
  337. dwNumReferences
  338. );
  339. }
  341. return (dwError);
  342. }
  345. DWORD
  346. ValidatePolicyDataDeletion(
  347. HANDLE hPolicyStore,
  348. PIPSEC_POLICY_DATA pIpsecPolicyData
  349. )
  350. {
  351. DWORD dwError = 0;
  352. PIPSEC_POLICY_STORE pPolicyStore = NULL;
  353. LPWSTR pszIpsecPolicyReference = NULL;
  354. DWORD dwRootPathLen = 0;
  355. LPWSTR pszRelativeName = NULL;
  356. LPWSTR * ppszIpsecNFAReferences = NULL;
  357. DWORD dwNumReferences = 0;
  360. pPolicyStore = (PIPSEC_POLICY_STORE) hPolicyStore;
  362. switch (pPolicyStore->dwProvider) {
  364. case IPSEC_REGISTRY_PROVIDER:
  366. dwError = ConvertGuidToPolicyString(
  367. pIpsecPolicyData->PolicyIdentifier,
  368. pPolicyStore->pszIpsecRootContainer,
  369. &pszIpsecPolicyReference
  370. );
  371. BAIL_ON_WIN32_ERROR(dwError);
  373. dwRootPathLen = wcslen(pPolicyStore->pszIpsecRootContainer);
  374. pszRelativeName = pszIpsecPolicyReference + dwRootPathLen + 1;
  376. dwError = RegGetNFAReferencesForPolicy(
  377. pPolicyStore->hRegistryKey,
  378. pPolicyStore->pszIpsecRootContainer,
  379. pszRelativeName,
  380. &ppszIpsecNFAReferences,
  381. &dwNumReferences
  382. );
  383. break;
  385. case IPSEC_DIRECTORY_PROVIDER:
  387. dwError = GenerateSpecificPolicyQuery(
  388. pIpsecPolicyData->PolicyIdentifier,
  389. &pszIpsecPolicyReference
  390. );
  391. BAIL_ON_WIN32_ERROR(dwError);
  393. dwError = DirGetNFADNsForPolicy(
  394. pPolicyStore->hLdapBindHandle,
  395. pPolicyStore->pszIpsecRootContainer,
  396. pszIpsecPolicyReference,
  397. &ppszIpsecNFAReferences,
  398. &dwNumReferences
  399. );
  400. break;
  402. default:
  404. dwError = ERROR_INVALID_PARAMETER;
  405. return (dwError);
  406. break;
  408. }
  410. if (!dwNumReferences) {
  411. dwError = ERROR_SUCCESS;
  412. }
  413. else {
  414. dwError = ERROR_INVALID_DATA;
  415. }
  417. error:
  419. if (pszIpsecPolicyReference) {
  420. FreePolStr(pszIpsecPolicyReference);
  421. }
  423. if (ppszIpsecNFAReferences) {
  424. FreeNFAReferences(
  425. ppszIpsecNFAReferences,
  426. dwNumReferences
  427. );
  428. }
  430. return (dwError);
  431. }
  434. DWORD
  435. ValidatePolicyData(
  436. HANDLE hPolicyStore,
  437. PIPSEC_POLICY_DATA pIpsecPolicyData
  438. )
  439. {
  440. DWORD dwError = 0;
  441. PIPSEC_ISAKMP_DATA pIpsecISAKMPData = NULL;
  444. dwError = IPSecGetISAKMPData(
  445. hPolicyStore,
  446. pIpsecPolicyData->ISAKMPIdentifier,
  447. &pIpsecISAKMPData
  448. );
  449. BAIL_ON_WIN32_ERROR(dwError);
  451. error:
  453. if (pIpsecISAKMPData) {
  454. FreeIpsecISAKMPData(
  455. pIpsecISAKMPData
  456. );
  457. }
  459. return (dwError);
  460. }
  463. DWORD
  464. ValidateNFAData(
  465. HANDLE hPolicyStore,
  466. GUID PolicyIdentifier,
  467. PIPSEC_NFA_DATA pIpsecNFAData
  468. )
  469. {
  470. DWORD dwError = 0;
  471. PIPSEC_FILTER_DATA pIpsecFilterData = NULL;
  472. PIPSEC_NEGPOL_DATA pIpsecNegPolData = NULL;
  473. GUID gZeroGUID;
  476. memset(&gZeroGUID, 0, sizeof(GUID));
  478. if (memcmp(
  479. &gZeroGUID,
  480. &pIpsecNFAData->FilterIdentifier,
  481. sizeof(GUID))) {
  482. dwError = IPSecGetFilterData(
  483. hPolicyStore,
  484. pIpsecNFAData->FilterIdentifier,
  485. &pIpsecFilterData
  486. );
  487. BAIL_ON_WIN32_ERROR(dwError);
  488. }
  490. dwError = IPSecGetNegPolData(
  491. hPolicyStore,
  492. pIpsecNFAData->NegPolIdentifier,
  493. &pIpsecNegPolData
  494. );
  495. BAIL_ON_WIN32_ERROR(dwError);
  497. dwError = VerifyPolicyDataExistence(
  498. hPolicyStore,
  499. PolicyIdentifier
  500. );
  501. BAIL_ON_WIN32_ERROR(dwError);
  503. error:
  505. if (pIpsecFilterData) {
  506. FreeIpsecFilterData(
  507. pIpsecFilterData
  508. );
  509. }
  511. if (pIpsecNegPolData) {
  512. FreeIpsecNegPolData(
  513. pIpsecNegPolData
  514. );
  515. }
  517. return (dwError);
  518. }
  521. DWORD
  522. VerifyPolicyDataExistence(
  523. HANDLE hPolicyStore,
  524. GUID PolicyIdentifier
  525. )
  526. {
  527. DWORD dwError = 0;
  528. PIPSEC_POLICY_STORE pPolicyStore = NULL;
  531. pPolicyStore = (PIPSEC_POLICY_STORE) hPolicyStore;
  533. switch (pPolicyStore->dwProvider) {
  535. case IPSEC_REGISTRY_PROVIDER:
  536. dwError = RegVerifyPolicyDataExistence(
  537. pPolicyStore->hRegistryKey,
  538. pPolicyStore->pszIpsecRootContainer,
  539. PolicyIdentifier
  540. );
  541. break;
  543. case IPSEC_DIRECTORY_PROVIDER:
  544. dwError = DirVerifyPolicyDataExistence(
  545. pPolicyStore->hLdapBindHandle,
  546. pPolicyStore->pszIpsecRootContainer,
  547. PolicyIdentifier
  548. );
  549. break;
  551. default:
  552. dwError = ERROR_INVALID_PARAMETER;
  553. break;
  555. }
  557. return (dwError);
  558. }
  561. DWORD
  562. RegGetNFAReferencesForPolicy(
  563. HKEY hRegistryKey,
  564. LPWSTR pszIpsecRootContainer,
  565. LPWSTR pszIpsecRelPolicyName,
  566. LPWSTR ** pppszIpsecNFANames,
  567. PDWORD pdwNumNFANames
  568. )
  569. {
  570. DWORD dwError = 0;
  571. HKEY hRegKey = 0;
  572. LPWSTR pszIpsecNFAReference = NULL;
  573. DWORD dwSize = 0;
  574. LPWSTR pszTemp = NULL;
  575. DWORD dwCount = 0;
  576. LPWSTR * ppszIpsecNFANames = NULL;
  577. LPWSTR pszString = NULL;
  578. DWORD i = 0;
  581. dwError = RegOpenKeyExW(
  582. hRegistryKey,
  583. pszIpsecRelPolicyName,
  584. 0,
  585. KEY_ALL_ACCESS,
  586. &hRegKey
  587. );
  588. BAIL_ON_WIN32_ERROR(dwError);
  590. dwError = RegstoreQueryValue(
  591. hRegKey,
  592. L"ipsecNFAReference",
  593. REG_MULTI_SZ,
  594. (LPBYTE *)&pszIpsecNFAReference,
  595. &dwSize
  596. );
  597. BAIL_ON_WIN32_ERROR(dwError);
  599. pszTemp = pszIpsecNFAReference;
  600. while (*pszTemp != L'\0') {
  602. pszTemp += wcslen(pszTemp) + 1;
  603. dwCount++;
  605. }
  607. if (!dwCount) {
  608. dwError = ERROR_NO_DATA;
  609. BAIL_ON_WIN32_ERROR(dwError);
  610. }
  612. ppszIpsecNFANames = (LPWSTR *)AllocPolMem(
  613. sizeof(LPWSTR)*dwCount
  614. );
  615. if (!ppszIpsecNFANames) {
  616. dwError = ERROR_OUTOFMEMORY;
  617. BAIL_ON_WIN32_ERROR(dwError);
  618. }
  620. pszTemp = pszIpsecNFAReference;
  621. for (i = 0; i < dwCount; i++) {
  623. pszString = AllocPolStr(pszTemp);
  624. if (!pszString) {
  625. dwError = ERROR_OUTOFMEMORY;
  626. BAIL_ON_WIN32_ERROR(dwError);
  627. }
  629. *(ppszIpsecNFANames + i) = pszString;
  631. pszTemp += wcslen(pszTemp) + 1; //for the null terminator;
  633. }
  635. *pppszIpsecNFANames = ppszIpsecNFANames;
  636. *pdwNumNFANames = dwCount;
  638. dwError = ERROR_SUCCESS;
  640. cleanup:
  642. if (hRegKey) {
  643. RegCloseKey(hRegKey);
  644. }
  646. if (pszIpsecNFAReference) {
  647. FreePolStr(pszIpsecNFAReference);
  648. }
  650. return(dwError);
  652. error:
  654. if (ppszIpsecNFANames) {
  655. FreeNFAReferences(
  656. ppszIpsecNFANames,
  657. dwCount
  658. );
  659. }
  661. *pppszIpsecNFANames = NULL;
  662. *pdwNumNFANames = 0;
  664. goto cleanup;
  665. }
  668. DWORD
  669. RegVerifyPolicyDataExistence(
  670. HKEY hRegistryKey,
  671. LPWSTR pszIpsecRootContainer,
  672. GUID PolicyGUID
  673. )
  674. {
  675. DWORD dwError = 0;
  676. WCHAR szIpsecPolicyName[MAX_PATH];
  677. LPWSTR pszPolicyName = NULL;
  678. HKEY hRegKey = NULL;
  681. szIpsecPolicyName[0] = L'\0';
  682. wcscpy(szIpsecPolicyName, L"ipsecPolicy");
  684. dwError = UuidToString(&PolicyGUID, &pszPolicyName);
  685. BAIL_ON_WIN32_ERROR(dwError);
  687. wcscat(szIpsecPolicyName, L"{");
  688. wcscat(szIpsecPolicyName, pszPolicyName);
  689. wcscat(szIpsecPolicyName, L"}");
  691. dwError = RegOpenKeyExW(
  692. hRegistryKey,
  693. szIpsecPolicyName,
  694. 0,
  695. KEY_ALL_ACCESS,
  696. &hRegKey
  697. );
  698. BAIL_ON_WIN32_ERROR(dwError);
  700. error:
  702. if (pszPolicyName) {
  703. RpcStringFree(&pszPolicyName);
  704. }
  706. if (hRegKey) {
  707. RegCloseKey(hRegKey);
  708. }
  710. return (dwError);
  711. }
  714. DWORD
  715. DirVerifyPolicyDataExistence(
  716. HLDAP hLdapBindHandle,
  717. LPWSTR pszIpsecRootContainer,
  718. GUID PolicyGUID
  719. )
  720. {
  721. DWORD dwError = 0;
  722. LPWSTR pszPolicyString = NULL;
  723. LDAPMessage * res = NULL;
  724. DWORD dwCount = 0;
  727. dwError = GenerateSpecificPolicyQuery(
  728. PolicyGUID,
  729. &pszPolicyString
  730. );
  731. BAIL_ON_WIN32_ERROR(dwError);
  733. dwError = LdapSearchST(
  734. hLdapBindHandle,
  735. pszIpsecRootContainer,
  736. LDAP_SCOPE_ONELEVEL,
  737. pszPolicyString,
  738. PolicyDNAttributes,
  739. 0,
  740. NULL,
  741. &res
  742. );
  743. BAIL_ON_WIN32_ERROR(dwError);
  745. dwCount = LdapCountEntries(
  746. hLdapBindHandle,
  747. res
  748. );
  749. if (!dwCount) {
  750. dwError = ERROR_DS_NO_ATTRIBUTE_OR_VALUE;
  751. BAIL_ON_WIN32_ERROR(dwError);
  752. }
  754. error:
  756. if (pszPolicyString) {
  757. FreePolStr(pszPolicyString);
  758. }
  760. if (res) {
  761. LdapMsgFree(res);
  762. }
  764. return (dwError);
  765. }