windows-server-2003/net/ipsec/nshipsec/staticshowutils.cpp

///////////////////////////////////////////////////////////////////////////
//Module: Static/StaticShowUtils.cpp
//
// Purpose: 	Static Show auxillary functions Implementation.
//
// Developers Name: Surya
//
// History:
//
//   Date    	Author    	Comments
//	10-8-2001	Surya	Initial Version. SCM Base line 1.0
//
///////////////////////////////////////////////////////////////////////////

#include "nshipsec.h"

extern HINSTANCE g_hModule;
extern STORAGELOCATION g_StorageLocation;

// magic strings
#define IPSEC_SERVICE_NAME _TEXT("policyagent")
#define GPEXT_KEY	_TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions")

_TCHAR   pcszGPTIPSecKey[]    	= _TEXT("SOFTWARE\\Policies\\Microsoft\\Windows\\IPSEC\\GPTIPSECPolicy");
_TCHAR   pcszGPTIPSecName[]   	= _TEXT("DSIPSECPolicyName");
_TCHAR   pcszGPTIPSecFlags[]  	= _TEXT("DSIPSECPolicyFlags");
_TCHAR   pcszGPTIPSecPath[]   	= _TEXT("DSIPSECPolicyPath");
_TCHAR   pcszLocIPSecKey[]    	= _TEXT("SOFTWARE\\Policies\\Microsoft\\Windows\\IPSEC\\Policy\\Local");
_TCHAR   pcszLocIPSecPol[]    	= _TEXT("ActivePolicy");
_TCHAR   pcszCacheIPSecKey[]  	= _TEXT("SOFTWARE\\Policies\\Microsoft\\Windows\\IPSEC\\Policy\\Cache");
_TCHAR   pcszIPSecPolicy[]    	= _TEXT("ipsecPolicy");
_TCHAR   pcszIPSecName[]      	= _TEXT("ipsecName");
_TCHAR   pcszIPSecDesc[]      	= _TEXT("description");
_TCHAR   pcszIPSecTimestamp[] 	= _TEXT("whenChanged");
_TCHAR   pcszIpsecClsid[] 		= _TEXT("{e437bc1c-aa7d-11d2-a382-00c04f991e27}");  //mmc snapin UUID

///////////////////////////////////////////////////////////////////////////
//
//Function: GetPolicyInfo()
//
//Date of Creation: 21st Aug 2001
//
//Parameters:
//	IN LPTSTR pszMachineName,
//	OUT POLICY_INFO &m_PolicyInfo
//
//
//Return: DWORD
//
//Description:
//	This function gets the policy specified from the machine specified.
//
//Revision History:
//
//   Date    	Author    	Comments
//
///////////////////////////////////////////////////////////////////////////

DWORD
GetPolicyInfo (
	IN LPTSTR pszMachineName,
	OUT POLICY_INFO &m_PolicyInfo
	)
{
	HKEY    hRegKey=NULL, hRegHKey=NULL;
	DWORD   dwType = 0;            // for RegQueryValueEx
	DWORD   dwBufLen = 0;          // for RegQueryValueEx
	_TCHAR   pszBuf[STRING_TEXT_SIZE] = {0};
	DWORD dwError = 0;
	DWORD dwValue = 0;
	DWORD dwLength = sizeof(DWORD);

	//Initialize the m_PolicyInfo as PS_NO_POLICY assigned
	m_PolicyInfo.iPolicySource = PS_NO_POLICY;
	m_PolicyInfo.pszPolicyPath[0] = 0;
	m_PolicyInfo.pszPolicyName[0] = 0;
	m_PolicyInfo.pszPolicyDesc[0] = 0;


	dwError = RegConnectRegistry( pszMachineName,
		                          HKEY_LOCAL_MACHINE,
								  &hRegHKey);
	if(dwError != ERROR_SUCCESS)
	{
		BAIL_OUT;
	}

	dwError = RegOpenKeyEx( hRegHKey,
							pcszGPTIPSecKey,
							0,
							KEY_READ,
							&hRegKey);

	if(ERROR_SUCCESS == dwError)
	{

		// query for flags, if flags aint' there or equal to 0, we don't have domain policy
		dwError = RegQueryValueEx(hRegKey,
								  pcszGPTIPSecFlags,
								  NULL,
								  &dwType,
								  (LPBYTE)&dwValue,
								  &dwLength);

		if(dwError != ERROR_SUCCESS)
		{
			if (dwValue == 0)
			{
				dwError = ERROR_FILE_NOT_FOUND;
			}
		}

		// now get name
		if (dwError == ERROR_SUCCESS)
		{
			dwBufLen = MAXSTRLEN*sizeof(_TCHAR);
			dwError = RegQueryValueEx( hRegKey,
									   pcszGPTIPSecName,
									   NULL,
									   &dwType, // will be REG_SZ
									   (LPBYTE) pszBuf,
									   &dwBufLen);
		}
	}

	if (dwError == ERROR_SUCCESS)
	{
		m_PolicyInfo.iPolicySource = PS_DS_POLICY;
		m_PolicyInfo.pszPolicyPath[0] = 0;
		_tcsncpy(m_PolicyInfo.pszPolicyName, pszBuf,MAXSTRINGLEN-1);

		dwBufLen = MAXSTRLEN*sizeof(_TCHAR);
		dwError = RegQueryValueEx( hRegKey,
								   pcszGPTIPSecPath,
								   NULL,
								   &dwType, // will be REG_SZ
								   (LPBYTE) pszBuf,
								   &dwBufLen);
		if (dwError == ERROR_SUCCESS)
		{
			_tcsncpy(m_PolicyInfo.pszPolicyPath, pszBuf,MAXSTRLEN-1);
		}

		dwError = ERROR_SUCCESS;
		BAIL_OUT;
	}
	else
	{
		if(hRegKey)
			RegCloseKey(hRegKey);
		hRegKey = NULL;
		if (dwError == ERROR_FILE_NOT_FOUND)
		{
			// DS reg key not found, check local
			dwError = RegOpenKeyEx( hRegHKey,
									pcszLocIPSecKey,
									0,
									KEY_READ,
									&hRegKey);

			if(dwError != ERROR_SUCCESS)
			{
				BAIL_OUT;
			}


			dwBufLen = MAXSTRLEN*sizeof(_TCHAR);
			dwError = RegQueryValueEx( hRegKey,
									   pcszLocIPSecPol,
									   NULL,
									   &dwType, 			// will be REG_SZ
									   (LPBYTE) pszBuf,
									   &dwBufLen);


			if (dwError == ERROR_SUCCESS)
			{
				// read it
				if(hRegKey)
					RegCloseKey(hRegKey);
				hRegKey = NULL;
				dwError = RegOpenKeyEx( hRegHKey,
										pszBuf,
										0,
										KEY_READ,
										&hRegKey);
				_tcsncpy(m_PolicyInfo.pszPolicyPath, pszBuf,MAXSTRLEN-1);
				if (dwError == ERROR_SUCCESS)
				{
					dwBufLen = MAXSTRLEN*sizeof(_TCHAR);
					dwError = RegQueryValueEx( hRegKey,
											   pcszIPSecName,
											   NULL,
											   &dwType, 	// will be REG_SZ
											   (LPBYTE) pszBuf,
											   &dwBufLen);
				}
				if (dwError == ERROR_SUCCESS)
				{	// found it
					m_PolicyInfo.iPolicySource = PS_LOC_POLICY;
					_tcsncpy(m_PolicyInfo.pszPolicyName, pszBuf,MAXSTRINGLEN-1);
				}

				dwError = ERROR_SUCCESS;
			}
		}
	}

error:
	if (hRegKey)
	{
		RegCloseKey(hRegKey);
	}
	if (hRegHKey)
	{
		RegCloseKey(hRegHKey);
	}
	return  dwError;
}

///////////////////////////////////////////////////////////////////////////
//
//Function: GetMorePolicyInfo()
//
//Date of Creation: 21st Aug 2001
//
//Parameters:
//	IN LPTSTR pszMachineName,
//	OUT POLICY_INFO &m_PolicyInfo
//
//
//Return: DWORD
//
//Description:
//	This function gets the policy specified from the machine specified.
//
//Revision History:
//
//   Date    	Author    	Comments
//
///////////////////////////////////////////////////////////////////////////

DWORD
GetMorePolicyInfo (
	IN LPTSTR pszMachineName,
	OUT POLICY_INFO &m_PolicyInfo
	)
{
	DWORD   dwError = ERROR_SUCCESS , dwStrLen = 0;
	HKEY    hRegKey = NULL, hRegHKey = NULL;

	DWORD   dwType;            // for RegQueryValueEx
	DWORD   dwBufLen = 0;      // for RegQueryValueEx
	DWORD   dwValue = 0;
	DWORD   dwLength = sizeof(DWORD);
	_TCHAR   pszBuf[STRING_TEXT_SIZE] = {0};

	PTCHAR* ppszExplodeDN = NULL;

	// set some default values
    m_PolicyInfo.pszPolicyDesc[0] = 0;
	m_PolicyInfo.timestamp  = 0;

	dwError = RegConnectRegistry( pszMachineName,
		                          HKEY_LOCAL_MACHINE,
								  &hRegHKey);

	if(dwError != ERROR_SUCCESS)
	{
		BAIL_OUT;
	}

	switch (m_PolicyInfo.iPolicySource)
	{
		case PS_LOC_POLICY:
			// open the key
			dwError = RegOpenKeyEx( hRegHKey,
									m_PolicyInfo.pszPolicyPath,
									0,
									KEY_READ,
									&hRegKey);
			if(dwError != ERROR_SUCCESS)
			{
				BAIL_OUT;
			}

			// timestamp
			dwError = RegQueryValueEx(hRegKey,
					                  pcszIPSecTimestamp,
					                  NULL,
					                  &dwType,
					                  (LPBYTE)&dwValue,
					                  &dwLength);
			if(dwError != ERROR_SUCCESS)
			{
				BAIL_OUT;
			}

			m_PolicyInfo.timestamp = dwValue;

			// description
			dwBufLen = MAXSTRLEN*sizeof(_TCHAR);
			dwError  = RegQueryValueEx( hRegKey,
						 			    pcszIPSecDesc,
										NULL,
										&dwType, // will be REG_SZ
										(LPBYTE) pszBuf,
										&dwBufLen);
			if(dwError != ERROR_SUCCESS)
			{
				BAIL_OUT;
			}

			_tcsncpy(m_PolicyInfo.pszPolicyDesc, pszBuf,MAXSTRINGLEN-1);

			break;

		case PS_DS_POLICY:
			// get the policy name from DN
	            _tcsncpy(pszBuf, pcszCacheIPSecKey,STRING_TEXT_SIZE-1);
			ppszExplodeDN = ldap_explode_dn(m_PolicyInfo.pszPolicyPath, 1);
			if (!ppszExplodeDN)
			{
				BAIL_OUT;
			}
			dwStrLen = _tcslen(pszBuf);
			_tcsncat(pszBuf, _TEXT("\\"),STRING_TEXT_SIZE-dwStrLen-1);
			dwStrLen = _tcslen(pszBuf);
			_tcsncat(pszBuf, ppszExplodeDN[0],STRING_TEXT_SIZE-dwStrLen-1);

			// open the regkey
			dwError = RegOpenKeyEx( hRegHKey,
									pszBuf,
									0,
									KEY_READ,
									&hRegKey);
			if(dwError != ERROR_SUCCESS)
			{
				BAIL_OUT;
			}

			// get the more correct name info
			dwBufLen = sizeof(pszBuf);
			dwError = RegQueryValueEx( hRegKey,
									   pcszIPSecName,
									   NULL,
									   &dwType, // will be REG_SZ
									   (LPBYTE) pszBuf,
									   &dwBufLen);
			if (dwError == ERROR_SUCCESS)
			{
				_tcscpy(m_PolicyInfo.pszPolicyName, pszBuf);
			}

			m_PolicyInfo.timestamp = 0;

			// description
			dwBufLen = MAXSTRLEN*sizeof(_TCHAR);
			dwError  = RegQueryValueEx( hRegKey,
						 			    pcszIPSecDesc,
										NULL,
										&dwType, // will be REG_SZ
										(LPBYTE) pszBuf,
										&dwBufLen);
			if(dwError != ERROR_SUCCESS)
			{
				BAIL_OUT;
			}

			_tcsncpy(m_PolicyInfo.pszPolicyDesc, pszBuf,MAXSTRINGLEN-1);

			break;
	}

error:
	if (hRegKey)
	{
		RegCloseKey(hRegKey);
	}
	if (hRegHKey)
	{
		RegCloseKey(hRegHKey);
	}
	if (ppszExplodeDN)
	{
		ldap_value_free(ppszExplodeDN);
	}
	return  dwError;
}

////////////////////////////////////////////////////////////////////////
//
//Function: GetActivePolicyInfo()
//
//Date of Creation: 21st Aug 2001
//
//Parameters:
//	IN LPTSTR pszMachineName,
//	OUT POLICY_INFO &m_PolicyInfo
//
//
//Return: DWORD
//
//Description:
//	This function gets the active policy specified from the machine specified.
//
//Revision History:
//
//   Date    	Author    	Comments
//
////////////////////////////////////////////////////////////////////////

DWORD
GetActivePolicyInfo(
	IN LPTSTR pszMachineName,
	OUT POLICY_INFO &m_PolicyInfo
	)
{
	DWORD dwReturn=ERROR_SUCCESS, dwStrLen = 0;

	dwReturn = GetPolicyInfo(pszMachineName,m_PolicyInfo);

	if( dwReturn == ERROR_SUCCESS )
	{
		switch (m_PolicyInfo.iPolicySource)
		{
		case PS_NO_POLICY:
			break;

		case PS_DS_POLICY:
			{
				m_PolicyInfo.dwLocation=IPSEC_DIRECTORY_PROVIDER;

				PGROUP_POLICY_OBJECT pGPO;
				pGPO = NULL;

				GetMorePolicyInfo(pszMachineName,m_PolicyInfo);

				pGPO = GetIPSecGPO(pszMachineName);

				if (pGPO)
				{
					PGROUP_POLICY_OBJECT pLastGPO = pGPO;

					while ( 1 )
					{
						if ( pLastGPO->pNext )
							pLastGPO = pLastGPO->pNext;
						else
							break;
					}
					_tcsncpy(m_PolicyInfo.pszOU,pLastGPO->lpLink,MAXSTRLEN-1);
					_tcsncpy(m_PolicyInfo.pszGPOName, pLastGPO->lpDisplayName,MAXSTRINGLEN-1);
					FreeGPOList (pGPO);
				}

			}
			break;

		case PS_LOC_POLICY:
			m_PolicyInfo.dwLocation=IPSEC_REGISTRY_PROVIDER;
			if(pszMachineName)
			{
				dwStrLen = _tcslen(pszMachineName);
				m_PolicyInfo.pszMachineName = new _TCHAR[dwStrLen+1];
				if(m_PolicyInfo.pszMachineName==NULL)
				{
					dwReturn=ERROR_OUTOFMEMORY;
					BAIL_OUT;
				}
				_tcsncpy(m_PolicyInfo.pszMachineName,pszMachineName,dwStrLen+1);
			}
			else
				m_PolicyInfo.pszMachineName=NULL;
			GetMorePolicyInfo(pszMachineName,m_PolicyInfo);
			break;
		default :
			break;
		}
	}
error:
	return dwReturn;
}

////////////////////////////////////////////////////////////////////////
//
//Function: GetIPSecGPO()
//
//Date of Creation: 21st Aug 2001
//
//Parameters:
//	IN LPTSTR pszMachineName
//
//
//Return: PGROUP_POLICY_OBJECT
//
//Description:
//	This function gets the GPO specified from the machine specified.
//
//Revision History:
//
//   Date    	Author    	Comments
//
////////////////////////////////////////////////////////////////////////

PGROUP_POLICY_OBJECT
GetIPSecGPO (
	IN LPTSTR pszMachineName
	)
{
    HKEY hKey = NULL;
	HKEY hRegHKey = NULL;
    DWORD dwStrLen = 0;
    LONG lResult;
    _TCHAR szName[MAXSTRLEN] = {0};
    GUID guid = {0};
    PGROUP_POLICY_OBJECT pGPO = NULL;
    //
    // Enumerate the extensions
    //
	lResult = RegConnectRegistry( pszMachineName,
		                          HKEY_LOCAL_MACHINE,
								  &hRegHKey);

	if(lResult != ERROR_SUCCESS)
	{
		return NULL;
	}

	_TCHAR strGPExt[MAXSTRLEN] = {0};

	_tcsncpy(strGPExt,GPEXT_KEY,MAXSTRLEN-1);
	dwStrLen = _tcslen(strGPExt);
	_tcsncat(strGPExt , _TEXT("\\"),MAXSTRLEN- dwStrLen-1);
	dwStrLen = _tcslen(strGPExt);
	_tcsncat(strGPExt ,pcszIpsecClsid,MAXSTRLEN-dwStrLen-1);

    lResult = RegOpenKeyEx (hRegHKey, strGPExt, 0, KEY_READ, &hKey);

    if (lResult == ERROR_SUCCESS)
    {
		_tcsncpy(szName,pcszIpsecClsid,MAXSTRLEN-1);

        StringToGuid(szName, &guid);
        lResult = GetAppliedGPOList (GPO_LIST_FLAG_MACHINE, pszMachineName, NULL,
                                             &guid, &pGPO);
	}

	if( hKey )
		RegCloseKey(hKey);

	if( hRegHKey )
		RegCloseKey(hRegHKey);

	return pGPO;
}

////////////////////////////////////////////////////////////////////////
//
//Function: StringToGuid()
//
//Date of Creation: 21st Aug 2001
//
//Parameters:
//	IN LPTSTR szValue,
//  OUT GUID * pGuid
//
//Return: VOID
//
//Description:
//	This function gets the GUID from the string
//
//Revision History:
//
//   Date    	Author    	Comments
//
////////////////////////////////////////////////////////////////////////

VOID
StringToGuid(
	IN LPTSTR szValue,
	OUT GUID * pGuid
	)
{
    _TCHAR wc;
    INT i=0;

    //
    // If the first character is a '{', skip it
    //
    if ( szValue[0] == _TEXT('{') )
        szValue++;
    //
    // Since szValue may be used again, no permanent modification to
    // it is be made.
    //
    wc = szValue[8];
    szValue[8] = 0;
    pGuid->Data1 = _tcstoul( &szValue[0], 0, 16 );
    szValue[8] = wc;
    wc = szValue[13];
    szValue[13] = 0;
    pGuid->Data2 = (USHORT)_tcstoul( &szValue[9], 0, 16 );
    szValue[13] = wc;
    wc = szValue[18];
    szValue[18] = 0;
    pGuid->Data3 = (USHORT)_tcstoul( &szValue[14], 0, 16 );
    szValue[18] = wc;

    wc = szValue[21];
    szValue[21] = 0;
    pGuid->Data4[0] = (unsigned char)_tcstoul( &szValue[19], 0, 16 );
    szValue[21] = wc;
    wc = szValue[23];
    szValue[23] = 0;
    pGuid->Data4[1] = (unsigned char)_tcstoul( &szValue[21], 0, 16 );
    szValue[23] = wc;

    for ( i = 0; i < 6; i++ )
    {
        wc = szValue[26+i*2];
        szValue[26+i*2] = 0;
        pGuid->Data4[2+i] = (unsigned char)_tcstoul( &szValue[24+i*2], 0, 16 );
        szValue[26+i*2] = wc;
    }
}

////////////////////////////////////////////////////////////////////////
//
//Function: GetGpoDsPath()
//
//Date of Creation: 21st Aug 2001
//
//Parameters:
//	IN LPTSTR szGpoId,
//	OUT LPTSTR szGpoDsPath
//
//Return: HRESULT
//
//Description:
//	This function gets DS path
//
//Revision History:
//
//   Date    	Author    	Comments
//
//////////////////////////////////////////////////////////////////////////

HRESULT
GetGpoDsPath(
	IN LPTSTR szGpoId,
	OUT LPTSTR szGpoDsPath
	)
{
	LPGROUPPOLICYOBJECT pGPO = NULL;
    HRESULT hr=ERROR_SUCCESS;

    hr = CoCreateInstance(CLSID_GroupPolicyObject, NULL, CLSCTX_SERVER, IID_IGroupPolicyObject, (void **)&pGPO);

    if (FAILED(hr))
    {
		BAIL_OUT;
    }

	hr = pGPO->OpenDSGPO((LPOLESTR)szGpoId,GPO_OPEN_READ_ONLY);

	if (FAILED(hr))
    {
        BAIL_OUT;
    }

	hr = pGPO->GetDSPath( GPO_SECTION_MACHINE,
                          szGpoDsPath,
                          256
                         );

	if (FAILED(hr))
    {
		BAIL_OUT;
    }

error:
	return hr;
}

////////////////////////////////////////////////////////////////////////
//
//Function: GetIPSECPolicyDN()
//
//Date of Creation: 21st Aug 2001
//
//Parameters:
// 	  IN LPWSTR pszMachinePath,
//    OUT LPWSTR pszPolicyDN
//
//Return: HRESULT
//
//Description:
//	This function gets the IPSEC policy DN
//
//Revision History:
//
//   Date    	Author    	Comments
//
////////////////////////////////////////////////////////////////////////

HRESULT
GetIPSECPolicyDN(
    IN LPWSTR pszMachinePath,
    OUT LPWSTR pszPolicyDN
    )
{
    HRESULT hr = S_OK;
    IDirectoryObject * pIpsecObject = NULL;

    BSTR pszMicrosoftPath = NULL;
    BSTR pszIpsecPath = NULL;
    BSTR pszWindowsPath = NULL;

    LPWSTR pszOwnersReference = _TEXT("ipsecOwnersReference");

    PADS_ATTR_INFO pAttributeEntries = NULL;
    DWORD dwNumAttributesReturned = 0;

    // Build the fully qualified ADsPath for my object
    hr = CreateChildPath(
                pszMachinePath,
                _TEXT("cn=Microsoft"),
                &pszMicrosoftPath
                );
    BAIL_ON_FAILURE(hr);

    hr = CreateChildPath(
                pszMicrosoftPath,
                _TEXT("cn=Windows"),
                &pszWindowsPath
                );
    BAIL_ON_FAILURE(hr);

    hr = CreateChildPath(
                pszWindowsPath,
                _TEXT("cn=ipsec"),
                &pszIpsecPath
                );
    BAIL_ON_FAILURE(hr);

    hr = ADsGetObject(
            pszIpsecPath,
            IID_IDirectoryObject,
            (void **)&pIpsecObject
            );
    BAIL_ON_FAILURE(hr);

    //
    // Now populate our object with our data.
    //
    hr = pIpsecObject->GetObjectAttributes(
                        &pszOwnersReference,
                        1,
                        &pAttributeEntries,
                        &dwNumAttributesReturned
                        );
    BAIL_ON_FAILURE(hr);

    if (dwNumAttributesReturned != 1) {
        hr = E_FAIL;
        BAIL_ON_FAILURE(hr);

    }

    wcsncpy(pszPolicyDN, pAttributeEntries->pADsValues->DNString,STR_TEXT_SIZE-1);

error:

    if (pIpsecObject) {
        pIpsecObject->Release();
    }

    if (pszMicrosoftPath) {
        SysFreeString(pszMicrosoftPath);
    }

    if (pszWindowsPath) {
        SysFreeString(pszWindowsPath);
    }

    if (pszIpsecPath) {
        SysFreeString(pszIpsecPath);
    }

    return(hr);
}

////////////////////////////////////////////////////////////////////////
//
//Function: ComputePolicyDN()
//
//Date of Creation: 21st Aug 2001
//
//Parameters:
// 		IN LPWSTR pszDirDomainName,
//		IN LPWSTR pszPolicyIdentifier,
//    	OUT LPWSTR pszPolicyDN
//
//Return: DWORD
//
//Description:
//	This function computes the IPSEC policy DN
//
//Revision History:
//
//   Date    	Author    	Comments
//
////////////////////////////////////////////////////////////////////////

DWORD
ComputePolicyDN(
    IN LPWSTR pszDirDomainName,
	IN LPWSTR pszPolicyIdentifier,
    OUT LPWSTR pszPolicyDN
    )
{
    DWORD dwError = ERROR_SUCCESS , dwStrLen = 0;

    if (!pszDirDomainName)
    {
        dwError = ERROR_INVALID_PARAMETER;
        BAIL_OUT;
    }

    wcsncpy(pszPolicyDN,_TEXT("cn=ipsecPolicy"),MAX_PATH-1);

    dwStrLen = wcslen(pszPolicyDN);
    wcsncat(pszPolicyDN,pszPolicyIdentifier,MAX_PATH-dwStrLen-1);

    dwStrLen = wcslen(pszPolicyDN);
    wcsncat(pszPolicyDN,_TEXT(",cn=IP Security,cn=System,"),MAX_PATH-dwStrLen-1);

    dwStrLen = wcslen(pszPolicyDN);
    wcsncat(pszPolicyDN, pszDirDomainName,MAX_PATH-dwStrLen-1);

error:
    return(dwError);
}

////////////////////////////////////////////////////////////////////////
//
//Function: ShowAssignedGpoPolicy()
//
//Date of Creation: 21st Aug 2001
//
//Parameters:
// 		IN LPTSTR szGpoName,
//		IN PGPO pGPO,
//		IN BOOL bVerbose
//
//Return: DWORD
//
//Description:
//	This function prints the assigned policy to the GPO
//
//Revision History:
//
//   Date    	Author    	Comments
//
////////////////////////////////////////////////////////////////////////

DWORD
ShowAssignedGpoPolicy(
	IN LPTSTR szGpoName,
	IN PGPO pGPO
	)
{

	DWORD dwError=ERROR_SUCCESS,dwStrLen = 0;
	LPTSTR szRsopNameSpace = _TEXT("root\\rsop\\computer");
	IWbemServices *pWbemServices = NULL;
	IEnumWbemClassObject * pEnum = 0;
	IWbemClassObject *pObject = 0;
	BSTR bstrLanguage,bstrQuery;
	_TCHAR szQuery[STR_TEXT_SIZE] = {0},szGpoDsPath[STR_TEXT_SIZE] = {0},szGpoId[STR_TEXT_SIZE]={0}, szPolicyDN[STR_TEXT_SIZE]={0};
	HRESULT hr=ERROR_SUCCESS;
	ULONG ulRet;
	BOOL bPolicyFound=FALSE;

	dwStrLen = _tcslen(szGpoName);
	pGPO->pszGPODisplayName=new _TCHAR[dwStrLen+1];
	if(pGPO->pszGPODisplayName == NULL)
	{
		dwError=ERROR_OUTOFMEMORY;
		BAIL_OUT;
	}
	_tcsncpy(pGPO->pszGPODisplayName,szGpoName,dwStrLen+1);

	dwError = 	CreateIWbemServices(szRsopNameSpace,&pWbemServices);

	BAIL_ON_WIN32_ERROR(dwError);

	dwError = AllocBSTRMem(_TEXT("WQL"),bstrLanguage);
	hr = HRESULT_FROM_WIN32(dwError);
	BAIL_ON_WIN32_ERROR(dwError);

	_snwprintf(szQuery,STR_TEXT_SIZE-1, _TEXT("SELECT * FROM RSOP_Gpo where name=\"%s\""), szGpoName);

	dwError = AllocBSTRMem(szQuery,bstrQuery);
	hr = HRESULT_FROM_WIN32(dwError);
	BAIL_ON_WIN32_ERROR(dwError);


	hr = pWbemServices->ExecQuery (bstrLanguage, bstrQuery,
			 WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
			 NULL, &pEnum);

	BAIL_ON_FAILURE(hr);
	//
	// Loop through the results
	//
	while ( (hr = pEnum->Next(WBEM_INFINITE, 1, &pObject, &ulRet)) == WBEM_S_NO_ERROR )
	{
		VARIANT varValue;
		BSTR bstrProp = NULL;

		dwError = AllocBSTRMem(_TEXT("id"),bstrProp);
		hr = HRESULT_FROM_WIN32(dwError);
		BAIL_ON_WIN32_ERROR(dwError);

		hr = pObject->Get (bstrProp, 0, &varValue, NULL, NULL);

		// check the HRESULT to see if the action succeeded.
		if (SUCCEEDED(hr))
		{
			LPTSTR pszDirectoryName = NULL;

			dwStrLen = _tcslen(V_BSTR(&varValue));
			pGPO->pszGPODNName=new _TCHAR[dwStrLen+1];
			if(pGPO->pszGPODNName == NULL)
			{
				dwError=ERROR_OUTOFMEMORY;
				BAIL_OUT;
			}

			_tcsncpy(pGPO->pszGPODNName,V_BSTR(&varValue),dwStrLen+1);

			_snwprintf(szGpoId,STR_TEXT_SIZE-1,_TEXT("LDAP://%s"),V_BSTR(&varValue));

			if ( ERROR_SUCCESS == GetGpoDsPath(szGpoId, szGpoDsPath))
			{
				hr = VariantClear( &varValue );

				if (FAILED(hr))
				{
				   BAIL_OUT;
				}

				if (ERROR_SUCCESS == GetIPSECPolicyDN(
					szGpoDsPath,
					szPolicyDN
					))
				{
					pszDirectoryName = wcsstr(szGpoDsPath, _TEXT("DC"));
					if(pszDirectoryName == NULL)
					{
						BAIL_OUT;
					}
					dwError=GetPolicyInfoFromDomain(pszDirectoryName,szPolicyDN,pGPO);
					if(dwError == ERROR_OUTOFMEMORY)
					{
						BAIL_OUT;
					}

					PrintGPOList(pGPO);

					bPolicyFound=TRUE;
				}
			}
		}
		pObject->Release ();
		if(bPolicyFound) break;
	}
	if(!bPolicyFound)
	{
		PrintErrorMessage(IPSEC_ERR,0,ERRCODE_SHW_STATIC_ASSIGNEDGPO_SRCMACHINE3);
	}

	pEnum->Release();

error:
	if(dwError == ERROR_OUTOFMEMORY)
	{
		PrintErrorMessage(WIN32_ERR,ERROR_OUTOFMEMORY,NULL);
		dwError=ERROR_SUCCESS;
	}
	return dwError;
}


DWORD
ShowLocalGpoPolicy(
	POLICY_INFO &policyInfo,
	PGPO pGPO
	)
{
	DWORD dwReturn;
	DWORD dwLocation;
	DWORD dwStrLength = 0;
	DWORD MaxStringLen = 0;

	LPTSTR pszMachineName = NULL;

	dwReturn = CopyStorageInfo(&pszMachineName,dwLocation);
	if(dwReturn == ERROR_OUTOFMEMORY)
	{
		PrintErrorMessage(WIN32_ERR,ERROR_OUTOFMEMORY,NULL);
		dwReturn=ERROR_SUCCESS;
		BAIL_OUT;
	}

	// get the active policy info from the machine's registry

	dwReturn=GetActivePolicyInfo (pszMachineName,policyInfo);

	if((dwReturn==ERROR_SUCCESS)||(dwReturn==ERROR_FILE_NOT_FOUND))
	{
		if (policyInfo.iPolicySource != PS_NO_POLICY)
		{
			if(policyInfo.iPolicySource==PS_DS_POLICY)
			{
				pGPO->bDNPolicyOverrides=TRUE;
				dwReturn = GetLocalPolicyName(pGPO);

				if(dwReturn == ERROR_OUTOFMEMORY)
				{
					PrintErrorMessage(WIN32_ERR,ERROR_OUTOFMEMORY,NULL);
					dwReturn = ERROR_SUCCESS;
					BAIL_OUT;
				}
			}
			if (_tcscmp(policyInfo.pszGPOName , _TEXT(""))!=0 && policyInfo.iPolicySource==PS_DS_POLICY)
			{
				//copy gpo DN

				dwStrLength = _tcslen(policyInfo.pszGPOName);

				pGPO->pszGPODNName= new _TCHAR[dwStrLength+1];

				if(pGPO->pszGPODNName==NULL)
				{
					PrintErrorMessage(WIN32_ERR,ERROR_OUTOFMEMORY,NULL);
					dwReturn = ERROR_SUCCESS;
					BAIL_OUT;
				}
				_tcsncpy(pGPO->pszGPODNName,policyInfo.pszGPOName,dwStrLength);
			}

			dwStrLength = _tcslen(LocalGPOName);
			pGPO->pszGPODisplayName=new _TCHAR[dwStrLength+1];

			if(pGPO->pszGPODisplayName==NULL)
			{
				PrintErrorMessage(WIN32_ERR,ERROR_OUTOFMEMORY,NULL);
				dwReturn = ERROR_SUCCESS;
				BAIL_OUT;
			}
			//copy gpo display name

			_tcsncpy(pGPO->pszGPODisplayName,LocalGPOName,dwStrLength+1);

			if (_tcscmp(policyInfo.pszPolicyName , _TEXT(""))!=0)
			{
				dwStrLength = _tcslen(policyInfo.pszPolicyName);
				pGPO->pszPolicyName=new _TCHAR[dwStrLength+1];
				if(pGPO->pszPolicyName==NULL)
				{
					PrintErrorMessage(WIN32_ERR,ERROR_OUTOFMEMORY,NULL);
					dwReturn = ERROR_SUCCESS;
					BAIL_OUT;
				}
				_tcsncpy(pGPO->pszPolicyName ,policyInfo.pszPolicyName,dwStrLength+1);
			}

			if (_tcscmp(policyInfo.pszPolicyPath , _TEXT(""))!=0)
			{
				//copy gpo policy DN

				dwStrLength = _tcslen(policyInfo.pszPolicyPath);
				pGPO->pszPolicyDNName=new _TCHAR[dwStrLength+1];
				if(pGPO->pszPolicyDNName==NULL)
				{
					PrintErrorMessage(WIN32_ERR,ERROR_OUTOFMEMORY,NULL);
					dwReturn = ERROR_SUCCESS;
					BAIL_OUT;
				}
				_tcsncpy(pGPO->pszPolicyDNName,policyInfo.pszPolicyPath,dwStrLength+1);
			}

			pGPO->bActive=TRUE;
			MaxStringLen = (sizeof(pGPO->pszLocalMachineName) / sizeof(pGPO->pszLocalMachineName[0]));

			if(!pszMachineName)
			{
				GetComputerName(pGPO->pszLocalMachineName,&MaxStringLen);
			}
			else
			{
				_tcsncpy(pGPO->pszLocalMachineName,pszMachineName,MaxStringLen-1);
			}

			//get Domain Name & DC name

			PDOMAIN_CONTROLLER_INFO pDomainControllerInfo = NULL;
			DWORD Flags = DS_DIRECTORY_SERVICE_REQUIRED | DS_RETURN_DNS_NAME | DS_FORCE_REDISCOVERY;

			dwReturn = DsGetDcName(NULL, //machine name
						   NULL,
						   NULL,
						   NULL,
						   Flags,
						   &pDomainControllerInfo
						   ) ;

			if(dwReturn==NO_ERROR && pDomainControllerInfo)
			{
				if(pDomainControllerInfo->DomainName)
				{
					dwStrLength = _tcslen(pDomainControllerInfo->DomainName);

					pGPO->pszDomainName= new _TCHAR[dwStrLength+1];
					if(pGPO->pszDomainName==NULL)
					{
						PrintErrorMessage(WIN32_ERR,ERROR_OUTOFMEMORY,NULL);
						dwReturn = ERROR_SUCCESS;
						BAIL_OUT;
					}
					_tcsncpy(pGPO->pszDomainName,pDomainControllerInfo->DomainName,dwStrLength+1);
				}

				if(pDomainControllerInfo->DomainControllerName)
				{
					dwStrLength = _tcslen(pDomainControllerInfo->DomainControllerName);

					pGPO->pszDCName= new _TCHAR[dwStrLength+1];
					if(pGPO->pszDCName==NULL)
					{
						PrintErrorMessage(WIN32_ERR,ERROR_OUTOFMEMORY,NULL);
						dwReturn = ERROR_SUCCESS;
						BAIL_OUT;
					}
					_tcsncpy(pGPO->pszDCName,pDomainControllerInfo->DomainControllerName,dwStrLength+1);
				}

				//free pDomainControllerInfo

				NetApiBufferFree(pDomainControllerInfo);

			}
			PrintGPOList(pGPO);
			dwReturn = ERROR_SUCCESS;
		}
		else
		{
			PrintErrorMessage(IPSEC_ERR,0,ERRCODE_SHW_STATIC_TAB_ASSIGNPOL_2);
		}

	}
	else if(dwReturn==ERROR_OUTOFMEMORY)
	{
		PrintErrorMessage(WIN32_ERR,ERROR_OUTOFMEMORY,NULL);
		dwReturn = ERROR_SUCCESS;
	}
	if(dwReturn==ERROR_FILE_NOT_FOUND)
		dwReturn=ERROR_SUCCESS;

	if(policyInfo.pszMachineName)
	{
		delete [] policyInfo.pszMachineName;
		policyInfo.pszMachineName = NULL;
	}
	if(pszMachineName)
		delete [] pszMachineName;

error:
	return dwReturn;
}

/////////////////////////////////////////////////////////////////////////
//
//Function: CreateIWbemServices()
//
//Date of Creation: 21st Aug 2001
//
//Parameters:
// 		IN LPTSTR pszIpsecWMINamespace,
//    	OUT IWbemServices **ppWbemServices
//
//Return: DWORD
//
//Description:
//
//
//Revision History:
//
//   Date    	Author    	Comments
//
/////////////////////////////////////////////////////////////////////////

DWORD
CreateIWbemServices(
    IN LPTSTR pszIpsecWMINamespace,
    OUT IWbemServices **ppWbemServices
    )
{
    DWORD dwError = ERROR_SUCCESS;
    IWbemLocator *pWbemLocator = NULL;
    HRESULT hr = S_OK;

    BSTR bstrIpsecWMIPath = NULL;

	hr = CoCreateInstance(
		CLSID_WbemLocator,
		NULL,
		CLSCTX_INPROC_SERVER,
		IID_IWbemLocator,
		(LPVOID*)&pWbemLocator
		);

    if (FAILED(hr))
    {
		dwError = ERROR_INTERNAL_ERROR;
		BAIL_OUT;
    }

    dwError = AllocBSTRMem(pszIpsecWMINamespace,bstrIpsecWMIPath);
	BAIL_ON_WIN32_ERROR(dwError);

	hr = pWbemLocator->ConnectServer(
								bstrIpsecWMIPath,
								NULL,
								NULL,
								NULL,
								0,
								NULL, NULL,
								ppWbemServices );


    if (FAILED(hr))
    {
		dwError = ERROR_INTERNAL_ERROR;
		BAIL_OUT;
    }

    SysFreeString(bstrIpsecWMIPath);

    if(pWbemLocator)
        pWbemLocator->Release();
error:
    return (dwError);
}

/////////////////////////////////////////////////////////////////////////
//
//Function: FormatTime()
//
//Date of Creation: 21st Aug 2001
//
//Parameters:
// 		IN time_t t,
//   	OUT LPTSTR pszTimeStr
//
//Return: HRESULT
//
//Description:
//		Computes the last modified time
//
//Revision History:
//
//   Date    	Author    	Comments
//
///////////////////////////////////////////////////////////////////////////

HRESULT
FormatTime(
	IN time_t t,
	OUT LPTSTR pszTimeStr
	)

{
    time_t timeCurrent = time(NULL);
    LONGLONG llTimeDiff = 0;
    FILETIME ftCurrent = {0};
    FILETIME ftLocal = {0};
    SYSTEMTIME SysTime;
    _TCHAR szBuff[STR_TEXT_SIZE] = {0};
    DWORD dwStrLen = 0 ;

	//Here tcsncpy not required

    _tcscpy(pszTimeStr, _TEXT(""));
    GetSystemTimeAsFileTime(&ftCurrent);
    llTimeDiff = (LONGLONG)t - (LONGLONG)timeCurrent;
    llTimeDiff *= 10000000;

    *((LONGLONG UNALIGNED64 *)&ftCurrent) += llTimeDiff;
    if (!FileTimeToLocalFileTime(&ftCurrent, &ftLocal ))
    {
        return HRESULT_FROM_WIN32(GetLastError());
    }
    if (!FileTimeToSystemTime( &ftLocal, &SysTime ))
    {
        return HRESULT_FROM_WIN32(GetLastError());
    }
    if (0 == GetDateFormat(LOCALE_USER_DEFAULT,
                        0,
                        &SysTime,
                        NULL,
                        szBuff,
                        sizeof(szBuff)/sizeof(szBuff[0]) ))  //number of characters
    {
        return HRESULT_FROM_WIN32(GetLastError());
    }
    dwStrLen = _tcslen(pszTimeStr);
    _tcsncat(pszTimeStr,szBuff,BUFFER_SIZE-dwStrLen-1);
    dwStrLen = _tcslen(pszTimeStr);
    _tcsncat(pszTimeStr, _TEXT(" "),BUFFER_SIZE-dwStrLen-1);

    ZeroMemory(szBuff, sizeof(szBuff));
    if (0 == GetTimeFormat(LOCALE_USER_DEFAULT,
                        0,
                        &SysTime,
                        NULL,
                        szBuff,
                        sizeof(szBuff)/sizeof(szBuff[0])))  //number of characters
    {
        return HRESULT_FROM_WIN32(GetLastError());
    }
    dwStrLen = _tcslen(pszTimeStr);
    _tcsncat(pszTimeStr,szBuff,BUFFER_SIZE-dwStrLen-1);
    return S_OK;
}

INT 
WcsCmp0(
    IN PWSTR pszString1,
    IN PWSTR pszString2)
{
    if ((pszString1 == NULL) || (pszString2 == NULL))
    {
        if (pszString1 == NULL)
        {
            if ((pszString2 == NULL) || (*pszString2 == L'\0'))
            {
                return 0;
            }
            return -1;
        }
        else
        {
            if (*pszString1 == L'\0')
            {
                return 0;
            }
            return 1;
        }
    }

    return _tcscmp(pszString1, pszString2);
}

VOID
DisplayCertInfo(
	LPTSTR pszCertName,
	DWORD dwFlags
	)
{
	ASSERT(pszCertName != NULL);
	PrintMessageFromModule(g_hModule, DYNAMIC_SHOW_MMSAS_FILTER_ROOTCA, pszCertName);
	PrintMessageFromModule(g_hModule, DYNAMIC_SHOW_NEWLINE);
	if((g_StorageLocation.dwLocation != IPSEC_DIRECTORY_PROVIDER && IsDomainMember(g_StorageLocation.pszMachineName))||(g_StorageLocation.dwLocation == IPSEC_DIRECTORY_PROVIDER))
	{
		if(dwFlags & IPSEC_MM_CERT_AUTH_ENABLE_ACCOUNT_MAP )
		{
			PrintMessageFromModule(g_hModule,SHW_AUTH_CERTMAP_ENABLED_YES_STR);
		}
		else
		{
			PrintMessageFromModule(g_hModule,SHW_AUTH_CERTMAP_ENABLED_NO_STR);
		}
	}
	if (dwFlags & IPSEC_MM_CERT_AUTH_DISABLE_CERT_REQUEST)
	{
		PrintMessageFromModule(g_hModule, SHW_AUTH_EXCLUDE_CA_NAME_YES_STR);
	}
	else
	{
		PrintMessageFromModule(g_hModule, SHW_AUTH_EXCLUDE_CA_NAME_NO_STR);
	}
}