archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/net/ipsec/spd/server/ikerpc.c

764 lines
18 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1999 Microsoft Corporation
  6. Module Name:
  8. ikerpc.c
  10. Abstract:
  12. This module contains all of the code to service the
  13. RPC calls made to the SPD that are serviced in IKE.
  15. Author:
  17. abhisheV 30-September-1999
  19. Environment
  21. User Level: Win32
  23. Revision History:
  26. --*/
  29. #include "precomp.h"
  32. VOID
  33. IKENEGOTIATION_HANDLE_rundown(
  34. IKENEGOTIATION_HANDLE hIKENegotiation
  35. )
  36. {
  37. if (!gbIsIKEUp) {
  38. return;
  39. }
  41. if (hIKENegotiation) {
  42. (VOID) IKECloseIKENegotiationHandle(
  43. hIKENegotiation
  44. );
  45. }
  46. }
  49. VOID
  50. IKENOTIFY_HANDLE_rundown(
  51. IKENOTIFY_HANDLE hIKENotifyHandle
  52. )
  53. {
  54. if (!gbIsIKEUp) {
  55. return;
  56. }
  58. if (hIKENotifyHandle) {
  59. (VOID) IKECloseIKENotifyHandle(
  60. hIKENotifyHandle
  61. );
  62. }
  63. }
  66. DWORD
  67. RpcInitiateIKENegotiation(
  68. STRING_HANDLE pServerName,
  69. DWORD dwVersion,
  70. PQM_FILTER_CONTAINER pQMFilterContainer,
  71. DWORD dwClientProcessId,
  72. ULONG uhClientEvent,
  73. DWORD dwFlags,
  74. IPSEC_UDP_ENCAP_CONTEXT UdpEncapContext,
  75. IKENEGOTIATION_HANDLE * phIKENegotiation
  76. )
  77. {
  78. DWORD dwError = 0;
  79. HANDLE hClientEvent = NULL;
  80. PIPSEC_QM_FILTER pQMFilter = NULL;
  81. BOOL bImpersonating = FALSE;
  84. dwError = SPDImpersonateClient(
  85. &bImpersonating
  86. );
  87. BAIL_ON_WIN32_ERROR(dwError);
  89. if (dwVersion) {
  90. dwError = ERROR_NOT_SUPPORTED;
  91. BAIL_ON_WIN32_ERROR(dwError);
  92. }
  94. ENTER_SPD_SECTION();
  95. dwError = ValidateSecurity(
  96. SPD_OBJECT_SERVER,
  97. SERVER_ACCESS_ADMINISTER,
  98. NULL,
  99. NULL
  100. );
  101. LEAVE_SPD_SECTION();
  102. BAIL_ON_WIN32_ERROR(dwError);
  104. dwError = ValidateInitiateIKENegotiation(pServerName,
  105. pQMFilterContainer,
  106. dwClientProcessId,
  107. uhClientEvent,
  108. dwFlags,
  109. UdpEncapContext,
  110. phIKENegotiation);
  111. BAIL_ON_WIN32_ERROR(dwError);
  113. hClientEvent = LongToHandle(uhClientEvent);
  115. pQMFilter = pQMFilterContainer->pQMFilters;
  117. if (pQMFilter && (pQMFilter->IpVersion != IPSEC_PROTOCOL_V4)) {
  118. dwError = ERROR_INVALID_LEVEL;
  119. BAIL_ON_WIN32_ERROR(dwError);
  120. }
  122. dwError = IKEInitiateIKENegotiation(
  123. pQMFilter,
  124. dwClientProcessId,
  125. hClientEvent,
  126. dwFlags,
  127. UdpEncapContext,
  128. phIKENegotiation
  129. );
  130. BAIL_ON_WIN32_ERROR(dwError);
  132. error:
  134. SPDRevertToSelf(bImpersonating);
  135. return (dwError);
  136. }
  139. DWORD
  140. RpcQueryIKENegotiationStatus(
  141. IKENEGOTIATION_HANDLE hIKENegotiation,
  142. DWORD dwVersion,
  143. SA_NEGOTIATION_STATUS_INFO * pNegotiationStatus
  144. )
  145. {
  146. DWORD dwError = 0;
  147. DWORD dwFlags = 0;
  148. BOOL bImpersonating = FALSE;
  151. dwError = SPDImpersonateClient(
  152. &bImpersonating
  153. );
  154. BAIL_ON_WIN32_ERROR(dwError);
  156. if (dwVersion) {
  157. dwError = ERROR_NOT_SUPPORTED;
  158. BAIL_ON_WIN32_ERROR(dwError);
  159. }
  161. ENTER_SPD_SECTION();
  162. dwError = ValidateSecurity(
  163. SPD_OBJECT_SERVER,
  164. SERVER_ACCESS_ADMINISTER,
  165. NULL,
  166. NULL
  167. );
  168. LEAVE_SPD_SECTION();
  169. BAIL_ON_WIN32_ERROR(dwError);
  171. dwError = ValidateQueryIKENegotiationStatus(
  172. hIKENegotiation,
  173. pNegotiationStatus
  174. );
  175. BAIL_ON_WIN32_ERROR(dwError);
  177. dwError = IKEQueryIKENegotiationStatus(
  178. hIKENegotiation,
  179. pNegotiationStatus,
  180. dwFlags
  181. );
  182. BAIL_ON_WIN32_ERROR(dwError);
  184. error:
  186. SPDRevertToSelf(bImpersonating);
  187. return (dwError);
  188. }
  191. DWORD
  192. RpcCloseIKENegotiationHandle(
  193. IKENEGOTIATION_HANDLE * phIKENegotiation
  194. )
  195. {
  196. DWORD dwError = 0;
  197. BOOL bImpersonating = FALSE;
  200. dwError = SPDImpersonateClient(
  201. &bImpersonating
  202. );
  203. BAIL_ON_WIN32_ERROR(dwError);
  205. ENTER_SPD_SECTION();
  206. dwError = ValidateSecurity(
  207. SPD_OBJECT_SERVER,
  208. SERVER_ACCESS_ADMINISTER,
  209. NULL,
  210. NULL
  211. );
  212. LEAVE_SPD_SECTION();
  213. BAIL_ON_WIN32_ERROR(dwError);
  215. dwError = ValidateCloseIKENegotiationHandle(phIKENegotiation);
  216. BAIL_ON_WIN32_ERROR(dwError);
  218. dwError = IKECloseIKENegotiationHandle(
  219. *phIKENegotiation
  220. );
  221. BAIL_ON_WIN32_ERROR(dwError);
  223. *phIKENegotiation = NULL;
  225. error:
  227. SPDRevertToSelf(bImpersonating);
  228. return (dwError);
  229. }
  232. DWORD
  233. RpcEnumMMSAs(
  234. STRING_HANDLE pServerName,
  235. DWORD dwVersion,
  236. PMM_SA_CONTAINER pMMTemplate,
  237. DWORD dwFlags,
  238. DWORD dwPreferredNumEntries,
  239. PMM_SA_CONTAINER * ppMMSAContainer,
  240. LPDWORD pdwNumEntries,
  241. LPDWORD pdwTotalMMsAvailable,
  242. LPDWORD pdwEnumHandle
  243. )
  244. {
  245. DWORD dwError = 0;
  246. PIPSEC_MM_SA pMMSAs = NULL;
  247. BOOL bImpersonating = FALSE;
  250. dwError = SPDImpersonateClient(
  251. &bImpersonating
  252. );
  253. BAIL_ON_WIN32_ERROR(dwError);
  255. if (dwVersion) {
  256. dwError = ERROR_NOT_SUPPORTED;
  257. BAIL_ON_WIN32_ERROR(dwError);
  258. }
  260. ENTER_SPD_SECTION();
  261. dwError = ValidateSecurity(
  262. SPD_OBJECT_SERVER,
  263. SERVER_ACCESS_ADMINISTER,
  264. NULL,
  265. NULL
  266. );
  267. LEAVE_SPD_SECTION();
  268. BAIL_ON_WIN32_ERROR(dwError);
  270. dwError = ValidateEnumMMSAs(
  271. pServerName,
  272. pMMTemplate,
  273. ppMMSAContainer,
  274. pdwNumEntries,
  275. pdwTotalMMsAvailable,
  276. pdwEnumHandle,
  277. dwFlags
  278. );
  279. BAIL_ON_WIN32_ERROR(dwError);
  281. if (pMMTemplate->pMMSAs && (pMMTemplate->pMMSAs->IpVersion != IPSEC_PROTOCOL_V4)) {
  282. dwError = ERROR_INVALID_LEVEL;
  283. BAIL_ON_WIN32_ERROR(dwError);
  284. }
  286. dwError= IKEEnumMMs(
  287. pMMTemplate->pMMSAs,
  288. &pMMSAs,
  289. pdwNumEntries,
  290. pdwTotalMMsAvailable,
  291. pdwEnumHandle,
  292. dwFlags
  293. );
  294. BAIL_ON_WIN32_ERROR(dwError);
  296. (*ppMMSAContainer)->pMMSAs = pMMSAs;
  297. (*ppMMSAContainer)->dwNumMMSAs = *pdwNumEntries;
  299. error:
  301. if (dwError != ERROR_SUCCESS) {
  302. if (ppMMSAContainer && *ppMMSAContainer) {
  303. (*ppMMSAContainer)->pMMSAs = NULL;
  304. (*ppMMSAContainer)->dwNumMMSAs = 0;
  305. }
  306. }
  308. SPDRevertToSelf(bImpersonating);
  309. return (dwError);
  310. }
  313. DWORD
  314. RpcDeleteMMSAs(
  315. STRING_HANDLE pServerName,
  316. DWORD dwVersion,
  317. PMM_SA_CONTAINER pMMTemplate,
  318. DWORD dwFlags
  319. )
  320. {
  321. DWORD dwError = 0;
  322. BOOL bImpersonating = FALSE;
  325. dwError = SPDImpersonateClient(
  326. &bImpersonating
  327. );
  328. BAIL_ON_WIN32_ERROR(dwError);
  330. if (dwVersion) {
  331. dwError = ERROR_NOT_SUPPORTED;
  332. BAIL_ON_WIN32_ERROR(dwError);
  333. }
  335. ENTER_SPD_SECTION();
  336. dwError = ValidateSecurity(
  337. SPD_OBJECT_SERVER,
  338. SERVER_ACCESS_ADMINISTER,
  339. NULL,
  340. NULL
  341. );
  342. LEAVE_SPD_SECTION();
  343. BAIL_ON_WIN32_ERROR(dwError);
  345. dwError = ValidateDeleteMMSAs(
  346. pServerName,
  347. pMMTemplate,
  348. dwFlags
  349. );
  350. BAIL_ON_WIN32_ERROR(dwError);
  352. if (pMMTemplate->pMMSAs && (pMMTemplate->pMMSAs->IpVersion != IPSEC_PROTOCOL_V4)) {
  353. dwError = ERROR_INVALID_LEVEL;
  354. BAIL_ON_WIN32_ERROR(dwError);
  355. }
  357. dwError= IKEDeleteAssociation(
  358. pMMTemplate->pMMSAs,
  359. dwFlags
  360. );
  361. BAIL_ON_WIN32_ERROR(dwError);
  363. error:
  365. SPDRevertToSelf(bImpersonating);
  366. return (dwError);
  367. }
  370. DWORD
  371. RpcQueryIKEStatistics(
  372. STRING_HANDLE pServerName,
  373. DWORD dwVersion,
  374. IKE_STATISTICS * pIKEStatistics
  375. )
  376. {
  377. DWORD dwError = 0;
  378. BOOL bImpersonating = FALSE;
  381. dwError = SPDImpersonateClient(
  382. &bImpersonating
  383. );
  384. BAIL_ON_WIN32_ERROR(dwError);
  386. if (dwVersion) {
  387. dwError = ERROR_NOT_SUPPORTED;
  388. BAIL_ON_WIN32_ERROR(dwError);
  389. }
  391. ENTER_SPD_SECTION();
  392. dwError = ValidateSecurity(
  393. SPD_OBJECT_SERVER,
  394. SERVER_ACCESS_ADMINISTER,
  395. NULL,
  396. NULL
  397. );
  398. LEAVE_SPD_SECTION();
  399. BAIL_ON_WIN32_ERROR(dwError);
  401. dwError = ValidateQueryIKEStatistics(
  402. pServerName,
  403. pIKEStatistics
  404. );
  405. BAIL_ON_WIN32_ERROR(dwError);
  407. dwError = IKEQueryStatistics(pIKEStatistics);
  408. BAIL_ON_WIN32_ERROR(dwError);
  410. error:
  412. SPDRevertToSelf(bImpersonating);
  413. return (dwError);
  414. }
  417. DWORD
  418. RpcRegisterIKENotifyClient(
  419. STRING_HANDLE pServerName,
  420. DWORD dwVersion,
  421. DWORD dwClientProcessId,
  422. ULONG uhClientEvent,
  423. PQM_SA_CONTAINER pQMSATemplateContainer,
  424. DWORD dwFlags,
  425. IKENOTIFY_HANDLE * phNotifyHandle
  426. )
  427. {
  428. DWORD dwError = 0;
  429. HANDLE hClientEvent = LongToHandle(uhClientEvent);
  430. BOOL bImpersonating = FALSE;
  433. dwError = SPDImpersonateClient(
  434. &bImpersonating
  435. );
  436. BAIL_ON_WIN32_ERROR(dwError);
  438. if (dwVersion) {
  439. dwError = ERROR_NOT_SUPPORTED;
  440. BAIL_ON_WIN32_ERROR(dwError);
  441. }
  443. ENTER_SPD_SECTION();
  444. dwError = ValidateSecurity(
  445. SPD_OBJECT_SERVER,
  446. SERVER_ACCESS_ADMINISTER,
  447. NULL,
  448. NULL
  449. );
  450. LEAVE_SPD_SECTION();
  451. BAIL_ON_WIN32_ERROR(dwError);
  453. dwError = ValidateRegisterIKENotifyClient(
  454. pServerName,
  455. dwClientProcessId,
  456. uhClientEvent,
  457. pQMSATemplateContainer,
  458. phNotifyHandle,
  459. dwFlags
  460. );
  461. BAIL_ON_WIN32_ERROR(dwError);
  463. if (pQMSATemplateContainer->pQMSAs &&
  464. (pQMSATemplateContainer->pQMSAs->IpsecQMFilter.IpVersion != IPSEC_PROTOCOL_V4)) {
  465. dwError = ERROR_INVALID_LEVEL;
  466. BAIL_ON_WIN32_ERROR(dwError);
  467. }
  469. dwError = IKERegisterNotifyClient(
  470. dwClientProcessId,
  471. hClientEvent,
  472. *pQMSATemplateContainer->pQMSAs,
  473. phNotifyHandle
  474. );
  475. BAIL_ON_WIN32_ERROR(dwError);
  477. error:
  479. SPDRevertToSelf(bImpersonating);
  480. return (dwError);
  481. }
  484. DWORD
  485. RpcQueryIKENotifyData(
  486. IKENOTIFY_HANDLE uhNotifyHandle,
  487. DWORD dwVersion,
  488. DWORD dwFlags,
  489. PQM_SA_CONTAINER * ppQMSAContainer,
  490. PDWORD pdwNumEntries
  491. )
  492. {
  493. DWORD dwError = 0;
  494. PIPSEC_QM_SA pQMSAs = NULL;
  495. BOOL bImpersonating = FALSE;
  498. dwError = SPDImpersonateClient(
  499. &bImpersonating
  500. );
  501. BAIL_ON_WIN32_ERROR(dwError);
  503. if (dwVersion) {
  504. dwError = ERROR_NOT_SUPPORTED;
  505. BAIL_ON_WIN32_ERROR(dwError);
  506. }
  508. ENTER_SPD_SECTION();
  509. dwError = ValidateSecurity(
  510. SPD_OBJECT_SERVER,
  511. SERVER_ACCESS_ADMINISTER,
  512. NULL,
  513. NULL
  514. );
  515. LEAVE_SPD_SECTION();
  516. BAIL_ON_WIN32_ERROR(dwError);
  518. dwError = ValidateQueryNotifyData(
  519. uhNotifyHandle,
  520. pdwNumEntries,
  521. ppQMSAContainer,
  522. dwFlags
  523. );
  524. BAIL_ON_WIN32_ERROR(dwError);
  526. dwError = IKEQuerySpiChange(
  527. uhNotifyHandle,
  528. pdwNumEntries,
  529. &pQMSAs
  530. );
  532. if ((dwError == ERROR_SUCCESS) ||
  533. (dwError == ERROR_MORE_DATA)) {
  535. (*ppQMSAContainer)->pQMSAs = pQMSAs;
  536. (*ppQMSAContainer)->dwNumQMSAs = *pdwNumEntries;
  537. SPDRevertToSelf(bImpersonating);
  538. return (dwError);
  540. }
  542. error:
  544. if (ppQMSAContainer && *ppQMSAContainer) {
  545. (*ppQMSAContainer)->pQMSAs = NULL;
  546. (*ppQMSAContainer)->dwNumQMSAs = 0;
  547. }
  549. if (pdwNumEntries) {
  550. *pdwNumEntries = 0;
  551. }
  553. SPDRevertToSelf(bImpersonating);
  554. return (dwError);
  555. }
  558. DWORD
  559. RpcCloseIKENotifyHandle(
  560. IKENOTIFY_HANDLE * phHandle
  561. )
  562. {
  563. DWORD dwError = 0;
  564. BOOL bImpersonating = FALSE;
  567. dwError = SPDImpersonateClient(
  568. &bImpersonating
  569. );
  570. BAIL_ON_WIN32_ERROR(dwError);
  572. ENTER_SPD_SECTION();
  573. dwError = ValidateSecurity(
  574. SPD_OBJECT_SERVER,
  575. SERVER_ACCESS_ADMINISTER,
  576. NULL,
  577. NULL
  578. );
  579. LEAVE_SPD_SECTION();
  580. BAIL_ON_WIN32_ERROR(dwError);
  582. dwError = ValidateCloseNotifyHandle(phHandle);
  583. BAIL_ON_WIN32_ERROR(dwError);
  585. dwError = IKECloseIKENotifyHandle(*phHandle);
  586. BAIL_ON_WIN32_ERROR(dwError);
  588. *phHandle = NULL;
  590. error:
  592. SPDRevertToSelf(bImpersonating);
  593. return (dwError);
  594. }
  597. DWORD
  598. RpcAddSAs(
  599. STRING_HANDLE pServerName,
  600. DWORD dwVersion,
  601. IPSEC_SA_DIRECTION SADirection,
  602. PIPSEC_QM_POLICY_CONTAINER pQMPolicyContainer,
  603. PQM_FILTER_CONTAINER pQMFilterContainer,
  604. ULONG * puhLarvalContext,
  605. DWORD dwInboundKeyMatLen,
  606. BYTE * pInboundKeyMat,
  607. DWORD dwOutboundKeyMatLen,
  608. BYTE *pOutboundKeyMat,
  609. BYTE *pContextInfo,
  610. UDP_ENCAP_INFO EncapInfo,
  611. DWORD dwFlags)
  613. {
  614. DWORD dwError = 0;
  615. HANDLE hLarvalContext = NULL;
  616. PIPSEC_QM_FILTER pQMFilter = NULL;
  617. PIPSEC_QM_OFFER pQMOffer = NULL;
  618. BOOL bImpersonating = FALSE;
  621. dwError = SPDImpersonateClient(
  622. &bImpersonating
  623. );
  624. BAIL_ON_WIN32_ERROR(dwError);
  626. if (dwVersion) {
  627. dwError = ERROR_NOT_SUPPORTED;
  628. BAIL_ON_WIN32_ERROR(dwError);
  629. }
  631. ENTER_SPD_SECTION();
  632. dwError = ValidateSecurity(
  633. SPD_OBJECT_SERVER,
  634. SERVER_ACCESS_ADMINISTER,
  635. NULL,
  636. NULL
  637. );
  638. LEAVE_SPD_SECTION();
  639. BAIL_ON_WIN32_ERROR(dwError);
  641. dwError=ValidateIPSecAddSA(pServerName,
  642. SADirection,
  643. pQMPolicyContainer,
  644. pQMFilterContainer,
  645. puhLarvalContext,
  646. dwInboundKeyMatLen,
  647. pInboundKeyMat,
  648. dwOutboundKeyMatLen,
  649. pOutboundKeyMat,
  650. pContextInfo,
  651. EncapInfo,
  652. dwFlags);
  654. BAIL_ON_WIN32_ERROR(dwError);
  656. hLarvalContext = LongToHandle(*puhLarvalContext);
  658. pQMFilter = pQMFilterContainer->pQMFilters;
  659. pQMOffer = pQMPolicyContainer->pPolicies->pOffers;
  661. if (pQMFilter && (pQMFilter->IpVersion != IPSEC_PROTOCOL_V4)) {
  662. dwError = ERROR_INVALID_LEVEL;
  663. BAIL_ON_WIN32_ERROR(dwError);
  664. }
  666. dwError=IKEAddSAs(
  667. SADirection,
  668. pQMOffer,
  669. pQMFilter,
  670. &hLarvalContext,
  671. dwInboundKeyMatLen,
  672. pInboundKeyMat,
  673. dwOutboundKeyMatLen,
  674. pOutboundKeyMat,
  675. pContextInfo,
  676. EncapInfo,
  677. dwFlags);
  679. BAIL_ON_WIN32_ERROR(dwError);
  681. *puhLarvalContext = HandleToLong(hLarvalContext);
  683. error:
  685. SPDRevertToSelf(bImpersonating);
  686. return (dwError);
  687. }
  689. DWORD
  690. RpcGetConfigurationVariables(
  691. STRING_HANDLE pServerName,
  692. IKE_CONFIG *pIKEConfig
  693. )
  694. {
  695. DWORD dwError = 0;
  696. BOOL bImpersonating = FALSE;
  698. dwError = SPDImpersonateClient(
  699. &bImpersonating
  700. );
  701. BAIL_ON_WIN32_ERROR(dwError);
  703. ENTER_SPD_SECTION();
  704. dwError = ValidateSecurity(
  705. SPD_OBJECT_SERVER,
  706. SERVER_ACCESS_ADMINISTER,
  707. NULL,
  708. NULL
  709. );
  710. LEAVE_SPD_SECTION();
  711. BAIL_ON_WIN32_ERROR(dwError);
  713. dwError=ValidateGetConfigurationVariables(pServerName,
  714. pIKEConfig);
  715. BAIL_ON_WIN32_ERROR(dwError);
  717. dwError = IKEGetConfigurationVariables(pIKEConfig);
  718. BAIL_ON_WIN32_ERROR(dwError);
  720. error:
  722. SPDRevertToSelf(bImpersonating);
  723. return dwError;
  724. }
  726. DWORD
  727. RpcSetConfigurationVariables(
  728. STRING_HANDLE pServerName,
  729. IKE_CONFIG IKEConfig
  730. )
  732. {
  733. DWORD dwError = 0;
  734. BOOL bImpersonating = FALSE;
  736. dwError = SPDImpersonateClient(
  737. &bImpersonating
  738. );
  739. BAIL_ON_WIN32_ERROR(dwError);
  741. ENTER_SPD_SECTION();
  742. dwError = ValidateSecurity(
  743. SPD_OBJECT_SERVER,
  744. SERVER_ACCESS_ADMINISTER,
  745. NULL,
  746. NULL
  747. );
  748. LEAVE_SPD_SECTION();
  749. BAIL_ON_WIN32_ERROR(dwError);
  751. dwError=ValidateSetConfigurationVariables(pServerName,
  752. IKEConfig);
  753. BAIL_ON_WIN32_ERROR(dwError);
  755. dwError = IKESetConfigurationVariables(IKEConfig);
  756. BAIL_ON_WIN32_ERROR(dwError);
  758. error:
  760. SPDRevertToSelf(bImpersonating);
  761. return dwError;
  763. }