archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/net/ipsec/ipsecshr/ikeutils.c

1003 lines
30 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1999 Microsoft Corporation
  6. Module Name:
  8. IKE utils
  10. Abstract:
  12. Contains parameter validation
  14. Author:
  16. BrianSw 10-19-200
  18. Environment:
  20. User Level: Win32
  22. Revision History:
  25. --*/
  28. #include "precomp.h"
  31. DWORD
  32. ValidateInitiateIKENegotiation(
  33. STRING_HANDLE pServerName,
  34. PQM_FILTER_CONTAINER pQMFilterContainer,
  35. DWORD dwClientProcessId,
  36. ULONG uhClientEvent,
  37. DWORD dwFlags,
  38. IPSEC_UDP_ENCAP_CONTEXT UdpEncapContext,
  39. IKENEGOTIATION_HANDLE * phIKENegotiation
  40. )
  41. {
  43. DWORD dwError=ERROR_SUCCESS;
  45. if (pQMFilterContainer == NULL ||
  46. pQMFilterContainer->pQMFilters == NULL) {
  47. dwError=ERROR_INVALID_PARAMETER;
  48. }
  50. if (pServerName && (wcscmp(pServerName,L"") != 0)) {
  51. if (uhClientEvent || phIKENegotiation || dwClientProcessId) {
  52. dwError=ERROR_NOT_SUPPORTED;
  53. BAIL_ON_WIN32_ERROR(dwError);
  54. }
  55. } else {
  56. if (phIKENegotiation || dwClientProcessId || uhClientEvent) {
  57. if (!phIKENegotiation || !dwClientProcessId || !uhClientEvent) {
  58. dwError=ERROR_INVALID_PARAMETER;
  59. BAIL_ON_WIN32_ERROR(dwError);
  60. }
  61. }
  62. }
  64. if (!(pQMFilterContainer->pQMFilters) ||
  65. !(pQMFilterContainer->dwNumFilters)) {
  66. dwError = ERROR_INVALID_PARAMETER;
  67. BAIL_ON_WIN32_ERROR(dwError);
  68. }
  71. dwError = ValidateIPSecQMFilter(
  72. pQMFilterContainer->pQMFilters
  73. );
  74. BAIL_ON_WIN32_ERROR(dwError);
  76. error:
  78. return dwError;
  79. }
  82. DWORD
  83. ValidateQueryIKENegotiationStatus(
  84. IKENEGOTIATION_HANDLE hIKENegotiation,
  85. SA_NEGOTIATION_STATUS_INFO *NegotiationStatus
  86. )
  88. {
  90. DWORD dwError=ERROR_SUCCESS;
  92. if (!hIKENegotiation || !NegotiationStatus) {
  93. dwError = ERROR_INVALID_PARAMETER;
  94. BAIL_ON_WIN32_ERROR(dwError);
  95. }
  96. error:
  97. return dwError;
  98. }
  101. DWORD
  102. ValidateCloseIKENegotiationHandle(
  103. IKENEGOTIATION_HANDLE * phIKENegotiation
  104. )
  105. {
  106. DWORD dwError=ERROR_SUCCESS;
  108. if (!phIKENegotiation) {
  109. dwError=ERROR_INVALID_PARAMETER;
  110. }
  111. BAIL_ON_WIN32_ERROR(dwError);
  113. error:
  114. return dwError;
  115. }
  118. DWORD
  119. ValidateEnumMMSAs(
  120. STRING_HANDLE pServerName,
  121. PMM_SA_CONTAINER pMMTemplate,
  122. PMM_SA_CONTAINER *ppMMSAContainer,
  123. LPDWORD pdwNumEntries,
  124. LPDWORD pdwTotalMMsAvailable,
  125. LPDWORD pdwEnumHandle,
  126. DWORD dwFlags
  127. )
  128. {
  129. DWORD dwError=ERROR_SUCCESS;
  131. if (pMMTemplate == NULL ||
  132. pMMTemplate->pMMSAs == NULL ||
  133. pMMTemplate->dwNumMMSAs == 0 ||
  134. ppMMSAContainer == NULL ||
  135. *ppMMSAContainer == NULL ||
  136. pdwNumEntries == NULL ||
  137. pdwTotalMMsAvailable == NULL ||
  138. pdwEnumHandle == NULL ) {
  139. dwError=ERROR_INVALID_PARAMETER;
  140. }
  141. BAIL_ON_WIN32_ERROR(dwError);
  143. dwError = ValidateAddr(&(pMMTemplate->pMMSAs->Me));
  144. BAIL_ON_WIN32_ERROR(dwError);
  146. dwError = ValidateAddr(&(pMMTemplate->pMMSAs->Peer));
  147. BAIL_ON_WIN32_ERROR(dwError);
  149. error:
  151. return dwError;
  152. }
  155. DWORD
  156. ValidateDeleteMMSAs(
  157. STRING_HANDLE pServerName,
  158. PMM_SA_CONTAINER pMMTemplate,
  159. DWORD dwFlags
  160. )
  162. {
  163. DWORD dwError=ERROR_SUCCESS;
  165. if (pMMTemplate == NULL ||
  166. pMMTemplate->dwNumMMSAs == 0 ||
  167. pMMTemplate->pMMSAs == NULL) {
  168. dwError=ERROR_INVALID_PARAMETER;
  169. }
  170. BAIL_ON_WIN32_ERROR(dwError);
  172. dwError = ValidateAddr(&(pMMTemplate->pMMSAs->Me));
  173. BAIL_ON_WIN32_ERROR(dwError);
  175. dwError = ValidateAddr(&(pMMTemplate->pMMSAs->Peer));
  176. BAIL_ON_WIN32_ERROR(dwError);
  178. error:
  180. return dwError;
  181. }
  184. DWORD
  185. ValidateQueryIKEStatistics(
  186. STRING_HANDLE pServerName,
  187. IKE_STATISTICS *pIKEStatistics
  188. )
  190. {
  192. DWORD dwError=ERROR_SUCCESS;
  194. if (pIKEStatistics == NULL) {
  195. dwError=ERROR_INVALID_PARAMETER;
  196. }
  197. BAIL_ON_WIN32_ERROR(dwError);
  199. error:
  200. return dwError;
  201. }
  204. DWORD
  205. ValidateRegisterIKENotifyClient(
  206. STRING_HANDLE pServerName,
  207. DWORD dwClientProcessId,
  208. ULONG uhClientEvent,
  209. PQM_SA_CONTAINER pQMSATemplateContainer,
  210. IKENOTIFY_HANDLE *phNotifyHandle,
  211. DWORD dwFlags
  212. )
  213. {
  214. DWORD dwError=ERROR_SUCCESS;
  216. if (pServerName && (wcscmp(pServerName,L"") != 0)) {
  217. return ERROR_NOT_SUPPORTED;
  218. }
  220. if (pQMSATemplateContainer == NULL ||
  221. pQMSATemplateContainer->pQMSAs == NULL ||
  222. pQMSATemplateContainer->dwNumQMSAs == 0 ||
  223. phNotifyHandle == NULL) {
  224. dwError=ERROR_INVALID_PARAMETER;
  225. }
  226. BAIL_ON_WIN32_ERROR(dwError);
  228. dwError = ValidateQMFilterAddresses(
  229. &pQMSATemplateContainer->pQMSAs->IpsecQMFilter
  230. );
  231. BAIL_ON_WIN32_ERROR(dwError);
  233. error:
  235. return dwError;
  236. }
  238. DWORD ValidateQueryNotifyData(
  239. IKENOTIFY_HANDLE uhNotifyHandle,
  240. PDWORD pdwNumEntries,
  241. PQM_SA_CONTAINER *ppQMSAContainer,
  242. DWORD dwFlags
  243. )
  245. {
  247. DWORD dwError=ERROR_SUCCESS;
  249. if (ppQMSAContainer == NULL ||
  250. *ppQMSAContainer == NULL ||
  251. pdwNumEntries == NULL ||
  252. *pdwNumEntries == 0) {
  253. dwError=ERROR_INVALID_PARAMETER;
  254. }
  255. BAIL_ON_WIN32_ERROR(dwError);
  257. error:
  258. return dwError;
  260. }
  262. DWORD ValidateCloseNotifyHandle(
  263. IKENOTIFY_HANDLE *phHandle
  264. )
  265. {
  266. DWORD dwError=ERROR_SUCCESS;
  268. if (phHandle == NULL) {
  269. dwError=ERROR_INVALID_PARAMETER;
  270. }
  271. BAIL_ON_WIN32_ERROR(dwError);
  273. error:
  274. return dwError;
  275. }
  277. DWORD ValidateIPSecAddSA(
  278. STRING_HANDLE pServerName,
  279. IPSEC_SA_DIRECTION SADirection,
  280. PIPSEC_QM_POLICY_CONTAINER pQMPolicyContainer,
  281. PQM_FILTER_CONTAINER pQMFilterContainer,
  282. DWORD *uhLarvalContext,
  283. DWORD dwInboundKeyMatLen,
  284. BYTE *pInboundKeyMat,
  285. DWORD dwOutboundKeyMatLen,
  286. BYTE *pOutboundKeyMat,
  287. BYTE *pContextInfo,
  288. UDP_ENCAP_INFO EncapInfo,
  289. DWORD dwFlags)
  291. {
  292. DWORD dwError=ERROR_SUCCESS;
  293. DWORD dwNumOffers=1;
  295. if (!pQMFilterContainer ||
  296. !pQMPolicyContainer ||
  297. pContextInfo == NULL) {
  298. dwError= ERROR_INVALID_PARAMETER;
  299. }
  300. BAIL_ON_WIN32_ERROR(dwError);
  302. if (uhLarvalContext == NULL){
  303. dwError= ERROR_INVALID_PARAMETER;
  304. BAIL_ON_WIN32_ERROR(dwError);
  305. }
  307. if (SADirection >= SA_DIRECTION_MAX ||
  308. SADirection < SA_DIRECTION_BOTH) {
  309. dwError= ERROR_INVALID_PARAMETER;
  310. BAIL_ON_WIN32_ERROR(dwError);
  311. }
  313. if (!(pQMFilterContainer->pQMFilters) ||
  314. !(pQMFilterContainer->dwNumFilters)) {
  315. dwError = ERROR_INVALID_PARAMETER;
  316. BAIL_ON_WIN32_ERROR(dwError);
  317. }
  319. if (!(pQMPolicyContainer->pPolicies) ||
  320. !(pQMPolicyContainer->dwNumPolicies)) {
  321. dwError = ERROR_INVALID_PARAMETER;
  322. BAIL_ON_WIN32_ERROR(dwError);
  323. }
  325. dwError = ValidateIPSecQMFilter(
  326. pQMFilterContainer->pQMFilters
  327. );
  328. BAIL_ON_WIN32_ERROR(dwError);
  330. dwError = ValidateQMOffers(
  331. dwNumOffers,
  332. pQMPolicyContainer->pPolicies->pOffers);
  333. BAIL_ON_WIN32_ERROR(dwError);
  335. if (EncapInfo.SAEncapType < SA_UDP_ENCAP_TYPE_NONE ||
  336. EncapInfo.SAEncapType >= SA_UDP_ENCAP_TYPE_MAX) {
  337. dwError=ERROR_INVALID_PARAMETER;
  338. }
  339. BAIL_ON_WIN32_ERROR(dwError);
  341. if (EncapInfo.SAEncapType == SA_UDP_ENCAP_TYPE_OTHER) {
  342. dwError=ERROR_NOT_SUPPORTED;
  343. }
  344. BAIL_ON_WIN32_ERROR(dwError);
  346. if (EncapInfo.SAEncapType != SA_UDP_ENCAP_TYPE_NONE) {
  347. if (EncapInfo.PeerAddrVersion != IPSEC_PROTOCOL_V4) {
  348. dwError=ERROR_INVALID_PARAMETER;
  349. }
  350. BAIL_ON_WIN32_ERROR(dwError);
  352. if (EncapInfo.PeerPrivateAddr.AddrType != IP_ADDR_UNIQUE) {
  353. dwError=ERROR_INVALID_PARAMETER;
  354. }
  355. BAIL_ON_WIN32_ERROR(dwError);
  357. dwError=VerifyAddresses(&EncapInfo.PeerPrivateAddr,
  358. FALSE,
  359. TRUE);
  360. }
  361. BAIL_ON_WIN32_ERROR(dwError);
  362. error:
  363. return dwError;
  364. }
  366. DWORD ValidateSetConfigurationVariables(
  367. LPWSTR pServerName,
  368. IKE_CONFIG IKEConfig
  369. )
  370. {
  371. DWORD dwError = ERROR_SUCCESS;
  373. if (IKEConfig.dwStrongCRLCheck > 2) {
  374. dwError= ERROR_INVALID_PARAMETER;
  375. }
  376. BAIL_ON_WIN32_ERROR(dwError);
  378. if (IKEConfig.dwNLBSFlags >= FLAGS_NLBS_MAX) {
  379. dwError= ERROR_INVALID_PARAMETER;
  380. }
  381. BAIL_ON_WIN32_ERROR(dwError);
  383. if (IKEConfig.dwFlags != 0) {
  384. dwError= ERROR_INVALID_PARAMETER;
  385. }
  386. BAIL_ON_WIN32_ERROR(dwError);
  388. error:
  389. return dwError;
  390. }
  392. DWORD ValidateGetConfigurationVariables(
  393. LPWSTR pServerName,
  394. PIKE_CONFIG pIKEConfig
  395. )
  396. {
  397. DWORD dwError = ERROR_SUCCESS;
  399. if (pIKEConfig == NULL) {
  400. dwError=ERROR_INVALID_PARAMETER;
  401. }
  402. BAIL_ON_WIN32_ERROR(dwError);
  404. error:
  405. return dwError;
  406. }
  409. DWORD WINAPI ConvertExtMMAuthToInt(PMM_AUTH_METHODS pMMAuthMethods,
  410. PINT_MM_AUTH_METHODS *pIntMMAuthMethods)
  411. {
  413. PINT_MM_AUTH_METHODS pIntAuth=NULL;
  414. DWORD dwError;
  415. DWORD dwNumIntAuths=0;
  416. DWORD i,j;
  417. PIPSEC_MM_AUTH_INFO pAuthInfo;
  418. PINT_IPSEC_MM_AUTH_INFO pIntAuthInfo;
  419. DWORD dwCurIndex=0;
  420. PCERT_ROOT_CONFIG pInboundCertArray;
  422. dwError=AllocateSPDMemory(sizeof(INT_MM_AUTH_METHODS),&pIntAuth);
  423. BAIL_ON_WIN32_ERROR(dwError);
  425. memcpy(&pIntAuth->gMMAuthID,&pMMAuthMethods->gMMAuthID,sizeof(GUID));
  426. pIntAuth->dwFlags=pMMAuthMethods->dwFlags;
  428. for (i=0; i < pMMAuthMethods->dwNumAuthInfos; i++) {
  429. pAuthInfo=&pMMAuthMethods->pAuthenticationInfo[i];
  430. switch(pAuthInfo->AuthMethod) {
  431. case IKE_PRESHARED_KEY:
  432. case IKE_SSPI:
  433. dwNumIntAuths++;
  434. break;
  435. case IKE_RSA_SIGNATURE:
  436. dwNumIntAuths += pAuthInfo->CertAuthInfo.dwInboundRootArraySize;
  437. break;
  438. }
  439. }
  440. pIntAuth->dwNumAuthInfos=dwNumIntAuths;
  442. dwError=AllocateSPDMemory(sizeof(INT_IPSEC_MM_AUTH_INFO) * dwNumIntAuths,
  443. &pIntAuth->pAuthenticationInfo);
  444. BAIL_ON_WIN32_ERROR(dwError);
  446. for (i=0; i < pMMAuthMethods->dwNumAuthInfos; i++) {
  447. pAuthInfo=&pMMAuthMethods->pAuthenticationInfo[i];
  448. pIntAuthInfo=&pIntAuth->pAuthenticationInfo[dwCurIndex];
  449. pIntAuthInfo->AuthMethod=pAuthInfo->AuthMethod;
  450. switch(pAuthInfo->AuthMethod) {
  451. case IKE_PRESHARED_KEY:
  452. dwError=AllocateSPDMemory(pAuthInfo->GeneralAuthInfo.dwAuthInfoSize,
  453. &pIntAuthInfo->pAuthInfo);
  454. BAIL_ON_WIN32_ERROR(dwError);
  455. memcpy(pIntAuthInfo->pAuthInfo,
  456. pAuthInfo->GeneralAuthInfo.pAuthInfo,
  457. pAuthInfo->GeneralAuthInfo.dwAuthInfoSize);
  458. pIntAuthInfo->dwAuthInfoSize=pAuthInfo->GeneralAuthInfo.dwAuthInfoSize;
  459. dwCurIndex++;
  460. break;
  461. case IKE_SSPI:
  462. dwCurIndex++;
  463. break;
  464. case IKE_RSA_SIGNATURE:
  465. pInboundCertArray=pAuthInfo->CertAuthInfo.pInboundRootArray;
  466. for (j=0;j< pAuthInfo->CertAuthInfo.dwInboundRootArraySize;j++) {
  467. pIntAuthInfo=&pIntAuth->pAuthenticationInfo[dwCurIndex];
  468. dwError=AllocateSPDMemory(pInboundCertArray[j].dwCertDataSize,
  469. &pIntAuthInfo->pAuthInfo);
  470. BAIL_ON_WIN32_ERROR(dwError);
  471. memcpy(pIntAuthInfo->pAuthInfo,pInboundCertArray[j].pCertData,
  472. pInboundCertArray[j].dwCertDataSize);
  473. pIntAuthInfo->dwAuthInfoSize=pInboundCertArray[j].dwCertDataSize;
  474. pIntAuthInfo->AuthMethod=IKE_RSA_SIGNATURE;
  475. pIntAuthInfo->dwAuthFlags=pInboundCertArray[j].dwFlags;
  476. dwCurIndex++;
  477. }
  478. break;
  479. }
  480. }
  482. *pIntMMAuthMethods=pIntAuth;
  483. return ERROR_SUCCESS;
  485. error:
  487. FreeIntMMAuthMethods(pIntAuth);
  488. return (dwError);
  489. }
  491. #define INVALID_INDEX 0xffff
  494. DWORD WINAPI ConvertIntMMAuthToExt(PINT_MM_AUTH_METHODS pIntMMAuthMethods,
  495. PMM_AUTH_METHODS *pMMAuthMethods)
  497. {
  499. PMM_AUTH_METHODS pExtAuth=NULL;
  500. DWORD dwError;
  501. DWORD dwNumExtAuths=0;
  502. DWORD i;
  503. PINT_IPSEC_MM_AUTH_INFO pAuthInfo;
  504. PIPSEC_MM_AUTH_INFO pExtAuthInfo;
  505. PMM_CERT_INFO pCertInfo;
  506. DWORD dwCurCertIndex=0;
  507. PCERT_ROOT_CONFIG pInboundCertArray;
  509. DWORD dwNumCerts=0;
  510. DWORD dwCertIndex=INVALID_INDEX;
  511. DWORD dwPSKeyIndex=INVALID_INDEX;
  512. DWORD dwKerbIndex=INVALID_INDEX;
  514. dwError=AllocateSPDMemory(sizeof(MM_AUTH_METHODS),&pExtAuth);
  515. BAIL_ON_WIN32_ERROR(dwError);
  517. memcpy(&pExtAuth->gMMAuthID,&pIntMMAuthMethods->gMMAuthID,sizeof(GUID));
  518. pExtAuth->dwFlags=pIntMMAuthMethods->dwFlags;
  520. for (i=0; i < pIntMMAuthMethods->dwNumAuthInfos; i++) {
  521. pAuthInfo=&pIntMMAuthMethods->pAuthenticationInfo[i];
  522. switch(pAuthInfo->AuthMethod) {
  523. case IKE_PRESHARED_KEY:
  524. dwPSKeyIndex=dwNumExtAuths;
  525. dwNumExtAuths++;
  526. break;
  527. case IKE_SSPI:
  528. dwKerbIndex=dwNumExtAuths;
  529. dwNumExtAuths++;
  530. break;
  531. case IKE_RSA_SIGNATURE:
  532. if (dwCertIndex == INVALID_INDEX) {
  533. dwCertIndex=dwNumExtAuths;
  534. dwNumExtAuths++;
  535. }
  536. dwNumCerts++;
  537. break;
  538. }
  539. }
  540. pExtAuth->dwNumAuthInfos=dwNumExtAuths;
  542. dwError=AllocateSPDMemory(sizeof(IPSEC_MM_AUTH_INFO) * dwNumExtAuths,
  543. &pExtAuth->pAuthenticationInfo);
  544. BAIL_ON_WIN32_ERROR(dwError);
  546. if (dwCertIndex != INVALID_INDEX) {
  547. pCertInfo=&pExtAuth->pAuthenticationInfo[dwCertIndex].CertAuthInfo;
  548. dwError=AllocateSPDMemory(sizeof(CERT_ROOT_CONFIG) * dwNumCerts,
  549. &pCertInfo->pInboundRootArray);
  550. BAIL_ON_WIN32_ERROR(dwError);
  551. dwError=AllocateSPDMemory(sizeof(CERT_ROOT_CONFIG) * dwNumCerts,
  552. &pCertInfo->pOutboundRootArray);
  553. BAIL_ON_WIN32_ERROR(dwError);
  554. }
  556. for (i=0; i < pIntMMAuthMethods->dwNumAuthInfos; i++) {
  557. pAuthInfo=&pIntMMAuthMethods->pAuthenticationInfo[i];
  558. switch(pAuthInfo->AuthMethod) {
  559. case IKE_PRESHARED_KEY:
  560. pExtAuthInfo=&pExtAuth->pAuthenticationInfo[dwPSKeyIndex];
  561. dwError=AllocateSPDMemory(pAuthInfo->dwAuthInfoSize,
  562. &pExtAuthInfo->GeneralAuthInfo.pAuthInfo);
  563. BAIL_ON_WIN32_ERROR(dwError);
  564. memcpy(pExtAuthInfo->GeneralAuthInfo.pAuthInfo,
  565. pAuthInfo->pAuthInfo,
  566. pAuthInfo->dwAuthInfoSize);
  567. pExtAuthInfo->GeneralAuthInfo.dwAuthInfoSize=pAuthInfo->dwAuthInfoSize;
  568. pExtAuthInfo->AuthMethod=IKE_PRESHARED_KEY;
  569. break;
  570. case IKE_SSPI:
  571. pExtAuthInfo=&pExtAuth->pAuthenticationInfo[dwKerbIndex];
  572. pExtAuthInfo->AuthMethod=IKE_SSPI;
  573. break;
  574. case IKE_RSA_SIGNATURE:
  575. pExtAuthInfo=&pExtAuth->pAuthenticationInfo[dwCertIndex];
  576. pExtAuthInfo->AuthMethod=IKE_RSA_SIGNATURE;
  577. pCertInfo=&pExtAuthInfo->CertAuthInfo;
  578. dwError=AllocateSPDMemory(pAuthInfo->dwAuthInfoSize,
  579. &pCertInfo->pInboundRootArray[dwCurCertIndex].pCertData);
  580. BAIL_ON_WIN32_ERROR(dwError);
  581. memcpy(pCertInfo->pInboundRootArray[dwCurCertIndex].pCertData,
  582. pAuthInfo->pAuthInfo,
  583. pAuthInfo->dwAuthInfoSize);
  584. pCertInfo->pInboundRootArray[dwCurCertIndex].dwCertDataSize=pAuthInfo->dwAuthInfoSize;
  585. pCertInfo->pInboundRootArray[dwCurCertIndex].dwFlags = pAuthInfo->dwAuthFlags;
  587. // Copy same info into *pOutboundRootArray as well.
  588. dwError=AllocateSPDMemory(pAuthInfo->dwAuthInfoSize,
  589. &pCertInfo->pOutboundRootArray[dwCurCertIndex].pCertData);
  590. BAIL_ON_WIN32_ERROR(dwError);
  591. memcpy(pCertInfo->pOutboundRootArray[dwCurCertIndex].pCertData,
  592. pAuthInfo->pAuthInfo,
  593. pAuthInfo->dwAuthInfoSize);
  594. pCertInfo->pOutboundRootArray[dwCurCertIndex].dwCertDataSize=pAuthInfo->dwAuthInfoSize;
  595. pCertInfo->pOutboundRootArray[dwCurCertIndex].dwFlags = pAuthInfo->dwAuthFlags;
  597. dwCurCertIndex++;
  598. break;
  599. }
  600. }
  602. if (dwCertIndex != INVALID_INDEX) {
  603. pExtAuth->pAuthenticationInfo[dwCertIndex].CertAuthInfo.dwInboundRootArraySize = dwCurCertIndex;
  604. pExtAuth->pAuthenticationInfo[dwCertIndex].CertAuthInfo.dwOutboundRootArraySize = dwCurCertIndex;
  605. }
  607. *pMMAuthMethods=pExtAuth;
  608. return ERROR_SUCCESS;
  610. error:
  612. FreeExtMMAuthMethods(pExtAuth);
  613. return (dwError);
  614. }
  616. DWORD WINAPI SPDConvertIntMMAuthToExt(PINT_MM_AUTH_METHODS pIntMMAuthMethods,
  617. PMM_AUTH_METHODS *pMMAuthMethods)
  619. {
  621. PMM_AUTH_METHODS pExtAuth=NULL;
  622. DWORD dwError;
  623. DWORD dwNumExtAuths=0;
  624. DWORD i;
  625. PINT_IPSEC_MM_AUTH_INFO pAuthInfo;
  626. PIPSEC_MM_AUTH_INFO pExtAuthInfo;
  627. PMM_CERT_INFO pCertInfo;
  628. DWORD dwCurCertIndex=0;
  629. PCERT_ROOT_CONFIG pInboundCertArray;
  631. DWORD dwNumCerts=0;
  632. DWORD dwCertIndex=INVALID_INDEX;
  633. DWORD dwPSKeyIndex=INVALID_INDEX;
  634. DWORD dwKerbIndex=INVALID_INDEX;
  636. dwError=SPDApiBufferAllocate(sizeof(MM_AUTH_METHODS),&pExtAuth);
  637. BAIL_ON_WIN32_ERROR(dwError);
  639. memcpy(&pExtAuth->gMMAuthID,&pIntMMAuthMethods->gMMAuthID,sizeof(GUID));
  640. pExtAuth->dwFlags=pIntMMAuthMethods->dwFlags;
  642. for (i=0; i < pIntMMAuthMethods->dwNumAuthInfos; i++) {
  643. pAuthInfo=&pIntMMAuthMethods->pAuthenticationInfo[i];
  644. switch(pAuthInfo->AuthMethod) {
  645. case IKE_PRESHARED_KEY:
  646. dwPSKeyIndex=dwNumExtAuths;
  647. dwNumExtAuths++;
  648. break;
  649. case IKE_SSPI:
  650. dwKerbIndex=dwNumExtAuths;
  651. dwNumExtAuths++;
  652. break;
  653. case IKE_RSA_SIGNATURE:
  654. if (dwCertIndex == INVALID_INDEX) {
  655. dwCertIndex=dwNumExtAuths;
  656. dwNumExtAuths++;
  657. }
  658. dwNumCerts++;
  659. break;
  660. }
  661. }
  662. pExtAuth->dwNumAuthInfos=dwNumExtAuths;
  663. dwError=SPDApiBufferAllocate(sizeof(IPSEC_MM_AUTH_INFO) * dwNumExtAuths,
  664. &pExtAuth->pAuthenticationInfo);
  665. BAIL_ON_WIN32_ERROR(dwError);
  666. if (dwCertIndex != INVALID_INDEX) {
  667. pCertInfo=&pExtAuth->pAuthenticationInfo[dwCertIndex].CertAuthInfo;
  668. dwError=SPDApiBufferAllocate(sizeof(CERT_ROOT_CONFIG) * dwNumCerts,
  669. &pCertInfo->pInboundRootArray);
  670. BAIL_ON_WIN32_ERROR(dwError);
  671. dwError=SPDApiBufferAllocate(sizeof(CERT_ROOT_CONFIG) * dwNumCerts,
  672. &pCertInfo->pOutboundRootArray);
  674. BAIL_ON_WIN32_ERROR(dwError);
  675. }
  677. for (i=0; i < pIntMMAuthMethods->dwNumAuthInfos; i++) {
  678. pAuthInfo=&pIntMMAuthMethods->pAuthenticationInfo[i];
  679. switch(pAuthInfo->AuthMethod) {
  680. case IKE_PRESHARED_KEY:
  681. pExtAuthInfo=&pExtAuth->pAuthenticationInfo[dwPSKeyIndex];
  682. dwError=SPDApiBufferAllocate(pAuthInfo->dwAuthInfoSize,
  683. &pExtAuthInfo->GeneralAuthInfo.pAuthInfo);
  684. BAIL_ON_WIN32_ERROR(dwError);
  685. memcpy(pExtAuthInfo->GeneralAuthInfo.pAuthInfo,
  686. pAuthInfo->pAuthInfo,
  687. pAuthInfo->dwAuthInfoSize);
  688. pExtAuthInfo->GeneralAuthInfo.dwAuthInfoSize=pAuthInfo->dwAuthInfoSize;
  689. pExtAuthInfo->AuthMethod=IKE_PRESHARED_KEY;
  690. break;
  691. case IKE_SSPI:
  692. pExtAuthInfo=&pExtAuth->pAuthenticationInfo[dwKerbIndex];
  693. pExtAuthInfo->AuthMethod=IKE_SSPI;
  694. break;
  695. case IKE_RSA_SIGNATURE:
  696. pExtAuthInfo=&pExtAuth->pAuthenticationInfo[dwCertIndex];
  697. pExtAuthInfo->AuthMethod=IKE_RSA_SIGNATURE;
  698. pCertInfo=&pExtAuthInfo->CertAuthInfo;
  699. dwError=SPDApiBufferAllocate(pAuthInfo->dwAuthInfoSize,
  700. &pCertInfo->pInboundRootArray[dwCurCertIndex].pCertData);
  701. BAIL_ON_WIN32_ERROR(dwError);
  702. memcpy(pCertInfo->pInboundRootArray[dwCurCertIndex].pCertData,
  703. pAuthInfo->pAuthInfo,
  704. pAuthInfo->dwAuthInfoSize);
  705. pCertInfo->pInboundRootArray[dwCurCertIndex].dwCertDataSize=pAuthInfo->dwAuthInfoSize;
  706. pCertInfo->pInboundRootArray[dwCurCertIndex].dwFlags = pAuthInfo->dwAuthFlags;
  708. // Copy same info into *pOutboundRootArray as well.
  709. dwError=SPDApiBufferAllocate(pAuthInfo->dwAuthInfoSize,
  710. &pCertInfo->pOutboundRootArray[dwCurCertIndex].pCertData);
  711. BAIL_ON_WIN32_ERROR(dwError);
  712. memcpy(pCertInfo->pOutboundRootArray[dwCurCertIndex].pCertData,
  713. pAuthInfo->pAuthInfo,
  714. pAuthInfo->dwAuthInfoSize);
  715. pCertInfo->pOutboundRootArray[dwCurCertIndex].dwCertDataSize=pAuthInfo->dwAuthInfoSize;
  716. pCertInfo->pOutboundRootArray[dwCurCertIndex].dwFlags = pAuthInfo->dwAuthFlags;
  718. dwCurCertIndex++;
  719. break;
  720. }
  721. }
  723. if (dwCertIndex != INVALID_INDEX) {
  724. pExtAuth->pAuthenticationInfo[dwCertIndex].CertAuthInfo.dwInboundRootArraySize = dwCurCertIndex;
  725. pExtAuth->pAuthenticationInfo[dwCertIndex].CertAuthInfo.dwOutboundRootArraySize = dwCurCertIndex;
  726. }
  728. *pMMAuthMethods=pExtAuth;
  729. return ERROR_SUCCESS;
  731. error:
  733. SPDFreeExtMMAuthMethods(pExtAuth);
  734. return (dwError);
  735. }
  737. DWORD
  738. WINAPI
  739. SPDConvertArrayIntMMAuthToExt(
  740. PINT_MM_AUTH_METHODS pIntMMAuthMethods,
  741. PMM_AUTH_METHODS *ppMMAuthMethods,
  742. DWORD dwNumAuthMeths)
  743. {
  744. DWORD dwError = ERROR_SUCCESS;
  745. DWORD dwConvertIdx = 0;
  746. PMM_AUTH_METHODS *ppTempAuthMethods = NULL;
  747. PMM_AUTH_METHODS pExtAuthMethods = NULL;
  749. dwError = SPDApiBufferAllocate(
  750. dwNumAuthMeths * sizeof(MM_AUTH_METHODS),
  751. &pExtAuthMethods
  752. );
  753. BAIL_ON_WIN32_ERROR(dwError);
  755. dwError = SPDApiBufferAllocate(
  756. dwNumAuthMeths * sizeof(PMM_AUTH_METHODS),
  757. (LPVOID *) &ppTempAuthMethods
  758. );
  759. BAIL_ON_WIN32_ERROR(dwError);
  761. for (dwConvertIdx = 0; dwConvertIdx < dwNumAuthMeths; dwConvertIdx++) {
  762. dwError = SPDConvertIntMMAuthToExt(&pIntMMAuthMethods[dwConvertIdx],
  763. &ppTempAuthMethods[dwConvertIdx]);
  765. BAIL_ON_WIN32_ERROR(dwError);
  766. memcpy(
  767. &pExtAuthMethods[dwConvertIdx],
  768. ppTempAuthMethods[dwConvertIdx],
  769. sizeof(MM_AUTH_METHODS)
  770. );
  771. }
  773. // Shallow free ppTempAuthMethods[i] (pExtAuthMethods has copies.)
  774. for (dwConvertIdx = 0; dwConvertIdx < dwNumAuthMeths; dwConvertIdx++) {
  775. SPDApiBufferFree(ppTempAuthMethods[dwConvertIdx]);
  776. }
  777. SPDApiBufferFree(ppTempAuthMethods);
  779. *ppMMAuthMethods = pExtAuthMethods;
  781. return dwError;
  783. error:
  784. // ASSERT: dwConvertIdx == number of internal auth methods successfully
  785. // converted.
  786. for (; dwConvertIdx ; dwConvertIdx--) {
  787. SPDFreeExtMMAuthMethods(ppTempAuthMethods[dwConvertIdx-1]);
  788. }
  789. SPDApiBufferFree(ppTempAuthMethods);
  791. SPDApiBufferFree(pExtAuthMethods);
  793. *ppMMAuthMethods = NULL;
  795. return dwError;
  796. }
  799. DWORD WINAPI FreeIntMMAuthMethods(PINT_MM_AUTH_METHODS pIntMMAuthMethods)
  800. {
  801. DWORD i;
  802. PINT_IPSEC_MM_AUTH_INFO pIntAuthInfo;
  804. if (pIntMMAuthMethods) {
  805. if (pIntMMAuthMethods->pAuthenticationInfo) {
  806. for (i=0; i < pIntMMAuthMethods->dwNumAuthInfos; i++) {
  807. pIntAuthInfo=&pIntMMAuthMethods->pAuthenticationInfo[i];
  808. FreeSPDMemory(pIntAuthInfo->pAuthInfo);
  809. }
  810. FreeSPDMemory(pIntMMAuthMethods->pAuthenticationInfo);
  811. }
  812. FreeSPDMemory(pIntMMAuthMethods);
  813. }
  814. return ERROR_SUCCESS;
  815. }
  818. DWORD
  819. WINAPI
  820. SPDFreeIntMMAuthMethods(
  821. PINT_MM_AUTH_METHODS pIntMMAuthMethods,
  822. BOOLEAN FreeTop)
  823. {
  824. DWORD i;
  825. PINT_IPSEC_MM_AUTH_INFO pIntAuthInfo;
  827. if (pIntMMAuthMethods) {
  828. if (pIntMMAuthMethods->pAuthenticationInfo) {
  829. for (i=0; i < pIntMMAuthMethods->dwNumAuthInfos; i++) {
  830. pIntAuthInfo=&pIntMMAuthMethods->pAuthenticationInfo[i];
  831. SPDApiBufferFree(pIntAuthInfo->pAuthInfo);
  832. }
  833. SPDApiBufferFree(pIntMMAuthMethods->pAuthenticationInfo);
  834. }
  835. if (FreeTop)
  836. SPDApiBufferFree(pIntMMAuthMethods);
  837. }
  838. return ERROR_SUCCESS;
  839. }
  841. DWORD
  842. WINAPI
  843. SPDFreeIntMMAuthMethodsArray(
  844. PINT_MM_AUTH_METHODS pIntMMAuthMethods,
  845. DWORD dwNumAuthMeths)
  846. {
  847. DWORD Idx;
  849. for (Idx = 0; Idx < dwNumAuthMeths; Idx++) {
  850. SPDFreeIntMMAuthMethods(&pIntMMAuthMethods[Idx], FALSE);
  851. }
  852. SPDApiBufferFree(pIntMMAuthMethods);
  854. return ERROR_SUCCESS;
  855. }
  860. VOID FreeMMAuthInfo(PIPSEC_MM_AUTH_INFO pAuthInfo)
  861. {
  862. PMM_CERT_INFO pCertInfo;
  863. DWORD i;
  865. if (pAuthInfo->AuthMethod == IKE_PRESHARED_KEY) {
  866. FreeSPDMemory(pAuthInfo->GeneralAuthInfo.pAuthInfo);
  867. }
  868. if (pAuthInfo->AuthMethod == IKE_RSA_SIGNATURE) {
  869. pCertInfo=&pAuthInfo->CertAuthInfo;
  871. if (pCertInfo->pInboundRootArray) {
  872. for (i=0; i < pCertInfo->dwInboundRootArraySize; i++) {
  873. FreeSPDMemory(pCertInfo->pInboundRootArray[i].pCertData);
  874. // The following is unused, but included for completeness
  875. FreeSPDMemory(pCertInfo->pInboundRootArray[i].pAuthorizationData);
  876. }
  877. FreeSPDMemory(pCertInfo->pInboundRootArray);
  878. }
  880. if (pCertInfo->pOutboundRootArray) {
  881. for (i=0; i < pCertInfo->dwOutboundRootArraySize; i++) {
  882. FreeSPDMemory(pCertInfo->pOutboundRootArray[i].pCertData);
  883. // The following is unused, but included for completeness
  884. FreeSPDMemory(pCertInfo->pOutboundRootArray[i].pAuthorizationData);
  885. }
  886. FreeSPDMemory(pCertInfo->pOutboundRootArray);
  887. }
  889. // The following is unused.
  890. FreeSPDMemory(pCertInfo->pMyCertHash);
  891. }
  893. }
  895. VOID SPDFreeMMAuthInfo(PIPSEC_MM_AUTH_INFO pAuthInfo)
  896. {
  897. PMM_CERT_INFO pCertInfo;
  898. DWORD i;
  900. if (pAuthInfo->AuthMethod == IKE_PRESHARED_KEY) {
  901. SPDApiBufferFree(pAuthInfo->GeneralAuthInfo.pAuthInfo);
  902. }
  903. if (pAuthInfo->AuthMethod == IKE_RSA_SIGNATURE) {
  904. pCertInfo=&pAuthInfo->CertAuthInfo;
  906. if (pCertInfo->pInboundRootArray) {
  907. for (i=0; i < pCertInfo->dwInboundRootArraySize; i++) {
  908. SPDApiBufferFree(pCertInfo->pInboundRootArray[i].pCertData);
  909. // The following is unused, but included for completeness
  910. SPDApiBufferFree(pCertInfo->pInboundRootArray[i].pAuthorizationData);
  911. }
  912. SPDApiBufferFree(pCertInfo->pInboundRootArray);
  913. }
  915. if (pCertInfo->pOutboundRootArray) {
  916. for (i=0; i < pCertInfo->dwOutboundRootArraySize; i++) {
  917. SPDApiBufferFree(pCertInfo->pOutboundRootArray[i].pCertData);
  918. // The following is unused, but included for completeness
  919. SPDApiBufferFree(pCertInfo->pOutboundRootArray[i].pAuthorizationData);
  920. }
  921. SPDApiBufferFree(pCertInfo->pOutboundRootArray);
  922. }
  924. // The following is unused.
  925. SPDApiBufferFree(pCertInfo->pMyCertHash);
  926. }
  928. }
  931. DWORD WINAPI FreeExtMMAuthMethods(PMM_AUTH_METHODS pMMAuthMethods)
  932. {
  933. DWORD i;
  934. PIPSEC_MM_AUTH_INFO pAuthInfo;
  936. if (pMMAuthMethods) {
  937. if (pMMAuthMethods->pAuthenticationInfo) {
  938. for (i=0; i < pMMAuthMethods->dwNumAuthInfos; i++) {
  939. pAuthInfo=&pMMAuthMethods->pAuthenticationInfo[i];
  940. FreeMMAuthInfo(pAuthInfo);
  941. }
  942. FreeSPDMemory(pMMAuthMethods->pAuthenticationInfo);
  943. }
  944. FreeSPDMemory(pMMAuthMethods);
  945. }
  946. return ERROR_SUCCESS;
  947. }
  949. DWORD WINAPI SPDFreeExtMMAuthMethods(PMM_AUTH_METHODS pMMAuthMethods)
  950. {
  951. DWORD i;
  952. PIPSEC_MM_AUTH_INFO pAuthInfo;
  954. if (pMMAuthMethods) {
  955. if (pMMAuthMethods->pAuthenticationInfo) {
  956. for (i=0; i < pMMAuthMethods->dwNumAuthInfos; i++) {
  957. pAuthInfo=&pMMAuthMethods->pAuthenticationInfo[i];
  958. SPDFreeMMAuthInfo(pAuthInfo);
  959. }
  960. SPDApiBufferFree(pMMAuthMethods->pAuthenticationInfo);
  961. }
  962. SPDApiBufferFree(pMMAuthMethods);
  963. }
  964. return ERROR_SUCCESS;
  965. }
  967. BOOLEAN
  968. IsSpecialServ(
  969. ADDR_TYPE AddrType
  970. )
  971. {
  972. switch (AddrType) {
  973. case IP_ADDR_DNS_SERVER:
  974. case IP_ADDR_WINS_SERVER:
  975. case IP_ADDR_DHCP_SERVER:
  976. case IP_ADDR_DEFAULT_GATEWAY:
  977. return TRUE;
  978. default:
  979. return FALSE;
  980. }
  981. }
  983. ADDR_TYPE
  984. ExTypeToAddrType(
  985. UCHAR ExType
  986. )
  987. {
  988. ExType &= ~EXT_DEST;
  989. switch (ExType) {
  990. case EXT_DNS_SERVER:
  991. return IP_ADDR_DNS_SERVER;
  992. case EXT_WINS_SERVER:
  993. return IP_ADDR_WINS_SERVER;
  994. case EXT_DHCP_SERVER:
  995. return IP_ADDR_DHCP_SERVER;
  996. case EXT_DEFAULT_GATEWAY:
  997. return IP_ADDR_DEFAULT_GATEWAY;
  998. }
  999. return IP_ADDR_UNIQUE;
  1000. }