Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

878 lines
20 KiB

  1. #include "precomp.h"
  2. DWORD
  3. RegBackPropIncChangesForISAKMPToPolicy(
  4. HKEY hRegistryKey,
  5. LPWSTR pszIpsecRootContainer,
  6. LPWSTR pszLocationName,
  7. PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject
  8. )
  9. {
  10. DWORD dwError = 0;
  11. LPWSTR * ppszIpsecPolicyReferences = NULL;
  12. DWORD dwNumReferences = 0;
  13. DWORD i = 0;
  14. LPWSTR pszIpsecPolicyReference = NULL;
  15. GUID PolicyIdentifier;
  16. BOOL bIsActive = FALSE;
  17. dwError = RegGetPolicyReferencesForISAKMP(
  18. hRegistryKey,
  19. pszIpsecRootContainer,
  20. pIpsecISAKMPObject->pszDistinguishedName,
  21. &ppszIpsecPolicyReferences,
  22. &dwNumReferences
  23. );
  24. for (i = 0; i < dwNumReferences; i++) {
  25. pszIpsecPolicyReference = *(ppszIpsecPolicyReferences + i);
  26. dwError = RegUpdatePolicy(
  27. hRegistryKey,
  28. pszIpsecRootContainer,
  29. pszIpsecPolicyReference
  30. );
  31. BAIL_ON_WIN32_ERROR(dwError);
  32. dwError = RegGetGuidFromPolicyReference(
  33. pszIpsecPolicyReference,
  34. &PolicyIdentifier
  35. );
  36. BAIL_ON_WIN32_ERROR(dwError);
  37. dwError = IsRegPolicyCurrentlyActive(
  38. hRegistryKey,
  39. pszIpsecRootContainer,
  40. PolicyIdentifier,
  41. &bIsActive
  42. );
  43. BAIL_ON_WIN32_ERROR(dwError);
  44. if (bIsActive) {
  45. dwError = PingPolicyAgentSvc(pszLocationName);
  46. BAIL_ON_WIN32_ERROR(dwError);
  47. }
  48. }
  49. dwError = ERROR_SUCCESS;
  50. error:
  51. if (ppszIpsecPolicyReferences) {
  52. FreeNFAReferences(
  53. ppszIpsecPolicyReferences,
  54. dwNumReferences
  55. );
  56. }
  57. return (dwError);
  58. }
  59. DWORD
  60. RegBackPropIncChangesForFilterToNFA(
  61. HKEY hRegistryKey,
  62. LPWSTR pszIpsecRootContainer,
  63. LPWSTR pszLocationName,
  64. PIPSEC_FILTER_OBJECT pIpsecFilterObject
  65. )
  66. {
  67. DWORD dwError = 0;
  68. DWORD dwRootPathLen = 0;
  69. LPWSTR * ppszIpsecNFAReferences = NULL;
  70. DWORD dwNumReferences = 0;
  71. DWORD i = 0;
  72. LPWSTR pszIpsecNFAReference = NULL;
  73. LPWSTR pszRelativeName = NULL;
  74. dwRootPathLen = wcslen(pszIpsecRootContainer);
  75. dwError = RegGetNFAReferencesForFilter(
  76. hRegistryKey,
  77. pszIpsecRootContainer,
  78. pIpsecFilterObject->pszDistinguishedName,
  79. &ppszIpsecNFAReferences,
  80. &dwNumReferences
  81. );
  82. for (i = 0; i < dwNumReferences; i++) {
  83. pszIpsecNFAReference = *(ppszIpsecNFAReferences + i);
  84. dwError = RegUpdateNFA(
  85. hRegistryKey,
  86. pszIpsecRootContainer,
  87. pszIpsecNFAReference
  88. );
  89. if (dwError) {
  90. continue;
  91. }
  92. }
  93. for (i = 0; i < dwNumReferences; i++) {
  94. pszIpsecNFAReference = *(ppszIpsecNFAReferences + i);
  95. pszRelativeName = pszIpsecNFAReference + dwRootPathLen + 1;
  96. dwError = RegBackPropIncChangesForNFAToPolicy(
  97. hRegistryKey,
  98. pszIpsecRootContainer,
  99. pszLocationName,
  100. pszRelativeName
  101. );
  102. if (dwError) {
  103. continue;
  104. }
  105. }
  106. dwError = ERROR_SUCCESS;
  107. if (ppszIpsecNFAReferences) {
  108. FreeNFAReferences(
  109. ppszIpsecNFAReferences,
  110. dwNumReferences
  111. );
  112. }
  113. return (dwError);
  114. }
  115. DWORD
  116. RegBackPropIncChangesForNegPolToNFA(
  117. HKEY hRegistryKey,
  118. LPWSTR pszIpsecRootContainer,
  119. LPWSTR pszLocationName,
  120. PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject
  121. )
  122. {
  123. DWORD dwError = 0;
  124. DWORD dwRootPathLen = 0;
  125. LPWSTR * ppszIpsecNFAReferences = NULL;
  126. DWORD dwNumReferences = 0;
  127. DWORD i = 0;
  128. LPWSTR pszIpsecNFAReference = NULL;
  129. LPWSTR pszRelativeName = NULL;
  130. dwRootPathLen = wcslen(pszIpsecRootContainer);
  131. dwError = RegGetNFAReferencesForNegPol(
  132. hRegistryKey,
  133. pszIpsecRootContainer,
  134. pIpsecNegPolObject->pszDistinguishedName,
  135. &ppszIpsecNFAReferences,
  136. &dwNumReferences
  137. );
  138. for (i = 0; i < dwNumReferences; i++) {
  139. pszIpsecNFAReference = *(ppszIpsecNFAReferences + i);
  140. dwError = RegUpdateNFA(
  141. hRegistryKey,
  142. pszIpsecRootContainer,
  143. pszIpsecNFAReference
  144. );
  145. if (dwError) {
  146. continue;
  147. }
  148. }
  149. for (i = 0; i < dwNumReferences; i++) {
  150. pszIpsecNFAReference = *(ppszIpsecNFAReferences + i);
  151. pszRelativeName = pszIpsecNFAReference + dwRootPathLen + 1;
  152. dwError = RegBackPropIncChangesForNFAToPolicy(
  153. hRegistryKey,
  154. pszIpsecRootContainer,
  155. pszLocationName,
  156. pszRelativeName
  157. );
  158. if (dwError) {
  159. continue;
  160. }
  161. }
  162. dwError = ERROR_SUCCESS;
  163. if (ppszIpsecNFAReferences) {
  164. FreeNFAReferences(
  165. ppszIpsecNFAReferences,
  166. dwNumReferences
  167. );
  168. }
  169. return (dwError);
  170. }
  171. DWORD
  172. RegBackPropIncChangesForNFAToPolicy(
  173. HKEY hRegistryKey,
  174. LPWSTR pszIpsecRootContainer,
  175. LPWSTR pszLocationName,
  176. LPWSTR pszNFADistinguishedName
  177. )
  178. {
  179. DWORD dwError = 0;
  180. LPWSTR * ppszIpsecPolicyReferences = NULL;
  181. DWORD dwNumReferences = 0;
  182. DWORD i = 0;
  183. LPWSTR pszIpsecPolicyReference = NULL;
  184. GUID PolicyIdentifier;
  185. BOOL bIsActive = FALSE;
  186. dwError = RegGetPolicyReferencesForNFA(
  187. hRegistryKey,
  188. pszIpsecRootContainer,
  189. pszNFADistinguishedName,
  190. &ppszIpsecPolicyReferences,
  191. &dwNumReferences
  192. );
  193. for (i = 0; i < dwNumReferences; i++) {
  194. pszIpsecPolicyReference = *(ppszIpsecPolicyReferences + i);
  195. dwError = RegUpdatePolicy(
  196. hRegistryKey,
  197. pszIpsecRootContainer,
  198. pszIpsecPolicyReference
  199. );
  200. BAIL_ON_WIN32_ERROR(dwError);
  201. dwError = RegGetGuidFromPolicyReference(
  202. pszIpsecPolicyReference,
  203. &PolicyIdentifier
  204. );
  205. BAIL_ON_WIN32_ERROR(dwError);
  206. dwError = IsRegPolicyCurrentlyActive(
  207. hRegistryKey,
  208. pszIpsecRootContainer,
  209. PolicyIdentifier,
  210. &bIsActive
  211. );
  212. BAIL_ON_WIN32_ERROR(dwError);
  213. if (bIsActive) {
  214. dwError = PingPolicyAgentSvc(pszLocationName);
  215. BAIL_ON_WIN32_ERROR(dwError);
  216. }
  217. }
  218. dwError = ERROR_SUCCESS;
  219. error:
  220. if (ppszIpsecPolicyReferences) {
  221. FreeNFAReferences(
  222. ppszIpsecPolicyReferences,
  223. dwNumReferences
  224. );
  225. }
  226. return (dwError);
  227. }
  228. DWORD
  229. RegGetPolicyReferencesForISAKMP(
  230. HKEY hRegistryKey,
  231. LPWSTR pszIpsecRootContainer,
  232. LPWSTR pszISAKMPDistinguishedName,
  233. LPWSTR ** pppszIpsecPolicyReferences,
  234. PDWORD pdwNumReferences
  235. )
  236. {
  237. DWORD dwError = 0;
  238. HKEY hRegKey = NULL;
  239. LPWSTR pszIpsecPolicyReference = NULL;
  240. DWORD dwSize = 0;
  241. LPWSTR pszTemp = NULL;
  242. DWORD dwCount = 0;
  243. LPWSTR * ppszIpsecPolicyReferences = NULL;
  244. DWORD i = 0;
  245. LPWSTR pszString = NULL;
  246. dwError = RegOpenKeyExW(
  247. hRegistryKey,
  248. pszISAKMPDistinguishedName,
  249. 0,
  250. KEY_ALL_ACCESS,
  251. &hRegKey
  252. );
  253. BAIL_ON_WIN32_ERROR(dwError);
  254. dwError = RegstoreQueryValue(
  255. hRegKey,
  256. L"ipsecOwnersReference",
  257. REG_MULTI_SZ,
  258. (LPBYTE *)&pszIpsecPolicyReference,
  259. &dwSize
  260. );
  261. if (!dwError) {
  262. pszTemp = pszIpsecPolicyReference;
  263. while (*pszTemp != L'\0') {
  264. pszTemp += wcslen(pszTemp) + 1;
  265. dwCount++;
  266. }
  267. ppszIpsecPolicyReferences = (LPWSTR *) AllocPolMem(
  268. sizeof(LPWSTR)*dwCount
  269. );
  270. if (!ppszIpsecPolicyReferences) {
  271. dwError = ERROR_OUTOFMEMORY;
  272. BAIL_ON_WIN32_ERROR(dwError);
  273. }
  274. pszTemp = pszIpsecPolicyReference;
  275. for (i = 0; i < dwCount; i++) {
  276. pszString = AllocPolStr(pszTemp);
  277. if (!pszString) {
  278. dwError = ERROR_OUTOFMEMORY;
  279. BAIL_ON_WIN32_ERROR(dwError);
  280. }
  281. *(ppszIpsecPolicyReferences + i) = pszString;
  282. pszTemp += wcslen(pszTemp) + 1;
  283. }
  284. }
  285. dwError = ERROR_SUCCESS;
  286. *pppszIpsecPolicyReferences = ppszIpsecPolicyReferences;
  287. *pdwNumReferences = dwCount;
  288. cleanup:
  289. if (hRegKey) {
  290. RegCloseKey(hRegKey);
  291. }
  292. if (pszIpsecPolicyReference) {
  293. FreePolStr(pszIpsecPolicyReference);
  294. }
  295. return (dwError);
  296. error:
  297. *pppszIpsecPolicyReferences = NULL;
  298. *pdwNumReferences = 0;
  299. if (ppszIpsecPolicyReferences) {
  300. FreeNFAReferences(
  301. ppszIpsecPolicyReferences,
  302. i
  303. );
  304. }
  305. goto cleanup;
  306. }
  307. DWORD
  308. RegUpdatePolicy(
  309. HKEY hRegistryKey,
  310. LPWSTR pszIpsecRootContainer,
  311. LPWSTR pszIpsecPolicyReference
  312. )
  313. {
  314. DWORD dwError = 0;
  315. DWORD dwRootPathLen = 0;
  316. LPWSTR pszRelativeName = NULL;
  317. HKEY hRegKey = NULL;
  318. DWORD dwType = 0;
  319. DWORD dwSize = 0;
  320. time_t PresentTime;
  321. DWORD dwWhenChanged = 0;
  322. dwRootPathLen = wcslen(pszIpsecRootContainer);
  323. pszRelativeName = pszIpsecPolicyReference + dwRootPathLen + 1;
  324. dwError = RegOpenKeyExW(
  325. hRegistryKey,
  326. pszRelativeName,
  327. 0,
  328. KEY_ALL_ACCESS,
  329. &hRegKey
  330. );
  331. BAIL_ON_WIN32_ERROR(dwError);
  332. dwType = REG_DWORD;
  333. dwSize = sizeof(DWORD);
  334. dwError = RegQueryValueExW(
  335. hRegKey,
  336. L"whenChanged",
  337. NULL,
  338. &dwType,
  339. (LPBYTE)&dwWhenChanged,
  340. &dwSize
  341. );
  342. if (dwError) {
  343. time(&PresentTime);
  344. dwWhenChanged = (DWORD) PresentTime;
  345. }
  346. else {
  347. dwWhenChanged++;
  348. }
  349. dwError = RegSetValueExW(
  350. hRegKey,
  351. L"whenChanged",
  352. 0,
  353. REG_DWORD,
  354. (LPBYTE)&dwWhenChanged,
  355. sizeof(DWORD)
  356. );
  357. BAIL_ON_WIN32_ERROR(dwError);
  358. error:
  359. if (hRegKey) {
  360. RegCloseKey(hRegKey);
  361. }
  362. return (dwError);
  363. }
  364. DWORD
  365. RegGetGuidFromPolicyReference(
  366. LPWSTR pszIpsecPolicyReference,
  367. GUID * pPolicyIdentifier
  368. )
  369. {
  370. DWORD dwError = 0;
  371. LPWSTR pszGuid = NULL;
  372. memset(pPolicyIdentifier, 0, sizeof(GUID));
  373. if (pszIpsecPolicyReference) {
  374. pszGuid = wcschr(pszIpsecPolicyReference, L'{');
  375. if (!pszGuid) {
  376. dwError = ERROR_INVALID_DATA;
  377. BAIL_ON_WIN32_ERROR(dwError);
  378. }
  379. wGUIDFromString(pszGuid, pPolicyIdentifier);
  380. }
  381. error:
  382. return(dwError);
  383. }
  384. DWORD
  385. RegGetPolicyReferencesForNFA(
  386. HKEY hRegistryKey,
  387. LPWSTR pszIpsecRootContainer,
  388. LPWSTR pszNFADistinguishedName,
  389. LPWSTR ** pppszIpsecPolicyReferences,
  390. PDWORD pdwNumReferences
  391. )
  392. {
  393. DWORD dwError = 0;
  394. HKEY hRegKey = NULL;
  395. LPWSTR pszIpsecPolicyReference = NULL;
  396. DWORD dwSize = 0;
  397. LPWSTR pszTemp = NULL;
  398. DWORD dwCount = 0;
  399. LPWSTR * ppszIpsecPolicyReferences = NULL;
  400. DWORD i = 0;
  401. LPWSTR pszString = NULL;
  402. dwError = RegOpenKeyExW(
  403. hRegistryKey,
  404. pszNFADistinguishedName,
  405. 0,
  406. KEY_ALL_ACCESS,
  407. &hRegKey
  408. );
  409. BAIL_ON_WIN32_ERROR(dwError);
  410. dwError = RegstoreQueryValue(
  411. hRegKey,
  412. L"ipsecOwnersReference",
  413. REG_MULTI_SZ,
  414. (LPBYTE *)&pszIpsecPolicyReference,
  415. &dwSize
  416. );
  417. if (!dwError) {
  418. pszTemp = pszIpsecPolicyReference;
  419. while (*pszTemp != L'\0') {
  420. pszTemp += wcslen(pszTemp) + 1;
  421. dwCount++;
  422. }
  423. ppszIpsecPolicyReferences = (LPWSTR *) AllocPolMem(
  424. sizeof(LPWSTR)*dwCount
  425. );
  426. if (!ppszIpsecPolicyReferences) {
  427. dwError = ERROR_OUTOFMEMORY;
  428. BAIL_ON_WIN32_ERROR(dwError);
  429. }
  430. pszTemp = pszIpsecPolicyReference;
  431. for (i = 0; i < dwCount; i++) {
  432. pszString = AllocPolStr(pszTemp);
  433. if (!pszString) {
  434. dwError = ERROR_OUTOFMEMORY;
  435. BAIL_ON_WIN32_ERROR(dwError);
  436. }
  437. *(ppszIpsecPolicyReferences + i) = pszString;
  438. pszTemp += wcslen(pszTemp) + 1;
  439. }
  440. }
  441. dwError = ERROR_SUCCESS;
  442. *pppszIpsecPolicyReferences = ppszIpsecPolicyReferences;
  443. *pdwNumReferences = dwCount;
  444. cleanup:
  445. if (hRegKey) {
  446. RegCloseKey(hRegKey);
  447. }
  448. if (pszIpsecPolicyReference) {
  449. FreePolStr(pszIpsecPolicyReference);
  450. }
  451. return (dwError);
  452. error:
  453. *pppszIpsecPolicyReferences = NULL;
  454. *pdwNumReferences = 0;
  455. if (ppszIpsecPolicyReferences) {
  456. FreeNFAReferences(
  457. ppszIpsecPolicyReferences,
  458. i
  459. );
  460. }
  461. goto cleanup;
  462. }
  463. DWORD
  464. RegGetNFAReferencesForFilter(
  465. HKEY hRegistryKey,
  466. LPWSTR pszIpsecRootContainer,
  467. LPWSTR pszFilterDistinguishedName,
  468. LPWSTR ** pppszIpsecNFAReferences,
  469. PDWORD pdwNumReferences
  470. )
  471. {
  472. DWORD dwError = 0;
  473. HKEY hRegKey = NULL;
  474. LPWSTR pszIpsecNFAReference = NULL;
  475. DWORD dwSize = 0;
  476. LPWSTR pszTemp = NULL;
  477. DWORD dwCount = 0;
  478. LPWSTR * ppszIpsecNFAReferences = NULL;
  479. DWORD i = 0;
  480. LPWSTR pszString = NULL;
  481. dwError = RegOpenKeyExW(
  482. hRegistryKey,
  483. pszFilterDistinguishedName,
  484. 0,
  485. KEY_ALL_ACCESS,
  486. &hRegKey
  487. );
  488. BAIL_ON_WIN32_ERROR(dwError);
  489. dwError = RegstoreQueryValue(
  490. hRegKey,
  491. L"ipsecOwnersReference",
  492. REG_MULTI_SZ,
  493. (LPBYTE *)&pszIpsecNFAReference,
  494. &dwSize
  495. );
  496. if (!dwError) {
  497. pszTemp = pszIpsecNFAReference;
  498. while (*pszTemp != L'\0') {
  499. pszTemp += wcslen(pszTemp) + 1;
  500. dwCount++;
  501. }
  502. ppszIpsecNFAReferences = (LPWSTR *) AllocPolMem(
  503. sizeof(LPWSTR)*dwCount
  504. );
  505. if (!ppszIpsecNFAReferences) {
  506. dwError = ERROR_OUTOFMEMORY;
  507. BAIL_ON_WIN32_ERROR(dwError);
  508. }
  509. pszTemp = pszIpsecNFAReference;
  510. for (i = 0; i < dwCount; i++) {
  511. pszString = AllocPolStr(pszTemp);
  512. if (!pszString) {
  513. dwError = ERROR_OUTOFMEMORY;
  514. BAIL_ON_WIN32_ERROR(dwError);
  515. }
  516. *(ppszIpsecNFAReferences + i) = pszString;
  517. pszTemp += wcslen(pszTemp) + 1;
  518. }
  519. }
  520. dwError = ERROR_SUCCESS;
  521. *pppszIpsecNFAReferences = ppszIpsecNFAReferences;
  522. *pdwNumReferences = dwCount;
  523. cleanup:
  524. if (hRegKey) {
  525. RegCloseKey(hRegKey);
  526. }
  527. if (pszIpsecNFAReference) {
  528. FreePolStr(pszIpsecNFAReference);
  529. }
  530. return (dwError);
  531. error:
  532. *pppszIpsecNFAReferences = NULL;
  533. *pdwNumReferences = 0;
  534. if (ppszIpsecNFAReferences) {
  535. FreeNFAReferences(
  536. ppszIpsecNFAReferences,
  537. i
  538. );
  539. }
  540. goto cleanup;
  541. }
  542. DWORD
  543. RegUpdateNFA(
  544. HKEY hRegistryKey,
  545. LPWSTR pszIpsecRootContainer,
  546. LPWSTR pszIpsecNFAReference
  547. )
  548. {
  549. DWORD dwError = 0;
  550. DWORD dwRootPathLen = 0;
  551. LPWSTR pszRelativeName = NULL;
  552. HKEY hRegKey = NULL;
  553. DWORD dwType = 0;
  554. DWORD dwSize = 0;
  555. time_t PresentTime;
  556. DWORD dwWhenChanged = 0;
  557. dwRootPathLen = wcslen(pszIpsecRootContainer);
  558. pszRelativeName = pszIpsecNFAReference + dwRootPathLen + 1;
  559. dwError = RegOpenKeyExW(
  560. hRegistryKey,
  561. pszRelativeName,
  562. 0,
  563. KEY_ALL_ACCESS,
  564. &hRegKey
  565. );
  566. BAIL_ON_WIN32_ERROR(dwError);
  567. dwType = REG_DWORD;
  568. dwSize = sizeof(DWORD);
  569. dwError = RegQueryValueExW(
  570. hRegKey,
  571. L"whenChanged",
  572. NULL,
  573. &dwType,
  574. (LPBYTE)&dwWhenChanged,
  575. &dwSize
  576. );
  577. if (dwError) {
  578. time(&PresentTime);
  579. dwWhenChanged = (DWORD) PresentTime;
  580. }
  581. else {
  582. dwWhenChanged++;
  583. }
  584. dwError = RegSetValueExW(
  585. hRegKey,
  586. L"whenChanged",
  587. 0,
  588. REG_DWORD,
  589. (LPBYTE)&dwWhenChanged,
  590. sizeof(DWORD)
  591. );
  592. BAIL_ON_WIN32_ERROR(dwError);
  593. error:
  594. if (hRegKey) {
  595. RegCloseKey(hRegKey);
  596. }
  597. return (dwError);
  598. }
  599. DWORD
  600. RegGetNFAReferencesForNegPol(
  601. HKEY hRegistryKey,
  602. LPWSTR pszIpsecRootContainer,
  603. LPWSTR pszNegPolDistinguishedName,
  604. LPWSTR ** pppszIpsecNFAReferences,
  605. PDWORD pdwNumReferences
  606. )
  607. {
  608. DWORD dwError = 0;
  609. HKEY hRegKey = NULL;
  610. LPWSTR pszIpsecNFAReference = NULL;
  611. DWORD dwSize = 0;
  612. LPWSTR pszTemp = NULL;
  613. DWORD dwCount = 0;
  614. LPWSTR * ppszIpsecNFAReferences = NULL;
  615. DWORD i = 0;
  616. LPWSTR pszString = NULL;
  617. dwError = RegOpenKeyExW(
  618. hRegistryKey,
  619. pszNegPolDistinguishedName,
  620. 0,
  621. KEY_ALL_ACCESS,
  622. &hRegKey
  623. );
  624. BAIL_ON_WIN32_ERROR(dwError);
  625. dwError = RegstoreQueryValue(
  626. hRegKey,
  627. L"ipsecOwnersReference",
  628. REG_MULTI_SZ,
  629. (LPBYTE *)&pszIpsecNFAReference,
  630. &dwSize
  631. );
  632. if (!dwError) {
  633. pszTemp = pszIpsecNFAReference;
  634. while (*pszTemp != L'\0') {
  635. pszTemp += wcslen(pszTemp) + 1;
  636. dwCount++;
  637. }
  638. ppszIpsecNFAReferences = (LPWSTR *) AllocPolMem(
  639. sizeof(LPWSTR)*dwCount
  640. );
  641. if (!ppszIpsecNFAReferences) {
  642. dwError = ERROR_OUTOFMEMORY;
  643. BAIL_ON_WIN32_ERROR(dwError);
  644. }
  645. pszTemp = pszIpsecNFAReference;
  646. for (i = 0; i < dwCount; i++) {
  647. pszString = AllocPolStr(pszTemp);
  648. if (!pszString) {
  649. dwError = ERROR_OUTOFMEMORY;
  650. BAIL_ON_WIN32_ERROR(dwError);
  651. }
  652. *(ppszIpsecNFAReferences + i) = pszString;
  653. pszTemp += wcslen(pszTemp) + 1;
  654. }
  655. }
  656. dwError = ERROR_SUCCESS;
  657. *pppszIpsecNFAReferences = ppszIpsecNFAReferences;
  658. *pdwNumReferences = dwCount;
  659. cleanup:
  660. if (hRegKey) {
  661. RegCloseKey(hRegKey);
  662. }
  663. if (pszIpsecNFAReference) {
  664. FreePolStr(pszIpsecNFAReference);
  665. }
  666. return (dwError);
  667. error:
  668. *pppszIpsecNFAReferences = NULL;
  669. *pdwNumReferences = 0;
  670. if (ppszIpsecNFAReferences) {
  671. FreeNFAReferences(
  672. ppszIpsecNFAReferences,
  673. i
  674. );
  675. }
  676. goto cleanup;
  677. }