//---------------------------------------------------------------------------- // // Microsoft Windows // Copyright (C) Microsoft Corporation, 2000. // // File: isakmp-d.c // // Contents: ISAKMP Management for directory. // // // History: AbhisheV // //---------------------------------------------------------------------------- #include "precomp.h" extern LPWSTR ISAKMPDNAttributes[]; DWORD DirEnumISAKMPData( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, PIPSEC_ISAKMP_DATA ** pppIpsecISAKMPData, PDWORD pdwNumISAKMPObjects ) { DWORD dwError = 0; PIPSEC_ISAKMP_OBJECT * ppIpsecISAKMPObjects = NULL; PIPSEC_ISAKMP_DATA pIpsecISAKMPData = NULL; PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData = NULL; DWORD dwNumISAKMPObjects = 0; DWORD i = 0; DWORD j = 0; dwError = DirEnumISAKMPObjects( hLdapBindHandle, pszIpsecRootContainer, &ppIpsecISAKMPObjects, &dwNumISAKMPObjects ); BAIL_ON_WIN32_ERROR(dwError); if (dwNumISAKMPObjects) { ppIpsecISAKMPData = (PIPSEC_ISAKMP_DATA *) AllocPolMem( dwNumISAKMPObjects*sizeof(PIPSEC_ISAKMP_DATA) ); if (!ppIpsecISAKMPData) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } } for (i = 0; i < dwNumISAKMPObjects; i++) { dwError = DirUnmarshallISAKMPData( *(ppIpsecISAKMPObjects + i), &pIpsecISAKMPData ); if (!dwError) { *(ppIpsecISAKMPData + j) = pIpsecISAKMPData; j++; } } if (j == 0) { if (ppIpsecISAKMPData) { FreePolMem(ppIpsecISAKMPData); ppIpsecISAKMPData = NULL; } } *pppIpsecISAKMPData = ppIpsecISAKMPData; *pdwNumISAKMPObjects = j; dwError = ERROR_SUCCESS; cleanup: if (ppIpsecISAKMPObjects) { FreeIpsecISAKMPObjects( ppIpsecISAKMPObjects, dwNumISAKMPObjects ); } return(dwError); error: if (ppIpsecISAKMPData) { FreeMulIpsecISAKMPData( ppIpsecISAKMPData, i ); } *pppIpsecISAKMPData = NULL; *pdwNumISAKMPObjects = 0; goto cleanup; } DWORD DirEnumISAKMPObjects( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, PIPSEC_ISAKMP_OBJECT ** pppIpsecISAKMPObjects, PDWORD pdwNumISAKMPObjects ) { LDAPMessage *res = NULL; LDAPMessage *e = NULL; DWORD dwError = 0; LPWSTR pszISAKMPString = NULL; DWORD i = 0; DWORD dwCount = 0; PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject = NULL; PIPSEC_ISAKMP_OBJECT * ppIpsecISAKMPObjects = NULL; DWORD dwNumISAKMPObjectsReturned = 0; dwError = GenerateAllISAKMPsQuery( &pszISAKMPString ); BAIL_ON_WIN32_ERROR(dwError); dwError = LdapSearchST( hLdapBindHandle, pszIpsecRootContainer, LDAP_SCOPE_ONELEVEL, pszISAKMPString, ISAKMPDNAttributes, 0, NULL, &res ); BAIL_ON_WIN32_ERROR(dwError); dwCount = LdapCountEntries( hLdapBindHandle, res ); if (!dwCount) { dwError = ERROR_DS_NO_ATTRIBUTE_OR_VALUE; BAIL_ON_WIN32_ERROR(dwError); } ppIpsecISAKMPObjects = (PIPSEC_ISAKMP_OBJECT *)AllocPolMem( sizeof(PIPSEC_ISAKMP_OBJECT)*dwCount ); if (!ppIpsecISAKMPObjects) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } for (i = 0; i < dwCount; i++) { if (i == 0) { dwError = LdapFirstEntry( hLdapBindHandle, res, &e ); BAIL_ON_WIN32_ERROR(dwError); } else { dwError = LdapNextEntry( hLdapBindHandle, e, &e ); BAIL_ON_WIN32_ERROR(dwError); } dwError = UnMarshallISAKMPObject( hLdapBindHandle, e, &pIpsecISAKMPObject ); if (dwError == ERROR_SUCCESS) { *(ppIpsecISAKMPObjects + dwNumISAKMPObjectsReturned) = pIpsecISAKMPObject; dwNumISAKMPObjectsReturned++; } } *pppIpsecISAKMPObjects = ppIpsecISAKMPObjects; *pdwNumISAKMPObjects = dwNumISAKMPObjectsReturned; dwError = ERROR_SUCCESS; cleanup: if (pszISAKMPString) { FreePolMem(pszISAKMPString); } if (res) { LdapMsgFree(res); } return(dwError); error: if (ppIpsecISAKMPObjects) { FreeIpsecISAKMPObjects( ppIpsecISAKMPObjects, dwNumISAKMPObjectsReturned ); } *pppIpsecISAKMPObjects = NULL; *pdwNumISAKMPObjects = 0; goto cleanup; } DWORD DirSetISAKMPData( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, PIPSEC_ISAKMP_DATA pIpsecISAKMPData ) { DWORD dwError = 0; PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject = NULL; dwError = DirMarshallISAKMPObject( pIpsecISAKMPData, pszIpsecRootContainer, &pIpsecISAKMPObject ); BAIL_ON_WIN32_ERROR(dwError); dwError = DirSetISAKMPObject( hLdapBindHandle, pszIpsecRootContainer, pIpsecISAKMPObject ); BAIL_ON_WIN32_ERROR(dwError); dwError = DirBackPropIncChangesForISAKMPToPolicy( hLdapBindHandle, pszIpsecRootContainer, pIpsecISAKMPData->ISAKMPIdentifier ); BAIL_ON_WIN32_ERROR(dwError); error: if (pIpsecISAKMPObject) { FreeIpsecISAKMPObject(pIpsecISAKMPObject); } return(dwError); } DWORD DirSetISAKMPObject( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject ) { DWORD dwError = 0; LDAPModW ** ppLDAPModW = NULL; dwError = DirMarshallSetISAKMPObject( hLdapBindHandle, pszIpsecRootContainer, pIpsecISAKMPObject, &ppLDAPModW ); BAIL_ON_WIN32_ERROR(dwError); dwError = LdapModifyS( hLdapBindHandle, pIpsecISAKMPObject->pszDistinguishedName, ppLDAPModW ); BAIL_ON_WIN32_ERROR(dwError); error: // // Free the amods structures. // if (ppLDAPModW) { FreeLDAPModWs( ppLDAPModW ); } return(dwError); } DWORD DirCreateISAKMPData( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, PIPSEC_ISAKMP_DATA pIpsecISAKMPData ) { DWORD dwError = 0; PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject = NULL; dwError = DirMarshallISAKMPObject( pIpsecISAKMPData, pszIpsecRootContainer, &pIpsecISAKMPObject ); BAIL_ON_WIN32_ERROR(dwError); dwError = DirCreateISAKMPObject( hLdapBindHandle, pszIpsecRootContainer, pIpsecISAKMPObject ); BAIL_ON_WIN32_ERROR(dwError); error: if (pIpsecISAKMPObject) { FreeIpsecISAKMPObject( pIpsecISAKMPObject ); } return(dwError); } DWORD DirCreateISAKMPObject( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject ) { DWORD dwError = 0; LDAPModW ** ppLDAPModW = NULL; dwError = DirMarshallAddISAKMPObject( hLdapBindHandle, pszIpsecRootContainer, pIpsecISAKMPObject, &ppLDAPModW ); BAIL_ON_WIN32_ERROR(dwError); dwError = LdapAddS( hLdapBindHandle, pIpsecISAKMPObject->pszDistinguishedName, ppLDAPModW ); BAIL_ON_WIN32_ERROR(dwError); error: // // Free the amods structures. // if (ppLDAPModW) { FreeLDAPModWs( ppLDAPModW ); } return(dwError); } DWORD DirDeleteISAKMPData( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, GUID ISAKMPIdentifier ) { DWORD dwError = ERROR_SUCCESS; WCHAR szGuid[MAX_PATH]; WCHAR szDistinguishedName[MAX_PATH]; LPWSTR pszStringUuid = NULL; szGuid[0] = L'\0'; szDistinguishedName[0] = L'\0'; dwError = UuidToString( &ISAKMPIdentifier, &pszStringUuid ); BAIL_ON_WIN32_ERROR(dwError); wcscpy(szGuid, L"{"); wcscat(szGuid, pszStringUuid); wcscat(szGuid, L"}"); wcscpy(szDistinguishedName,L"CN=ipsecISAKMPPolicy"); wcscat(szDistinguishedName, szGuid); wcscat(szDistinguishedName, L","); SecStrCatW(szDistinguishedName, pszIpsecRootContainer, MAX_PATH); dwError = LdapDeleteS( hLdapBindHandle, szDistinguishedName ); BAIL_ON_WIN32_ERROR(dwError); error: if (pszStringUuid) { RpcStringFree(&pszStringUuid); } return(dwError); } DWORD DirMarshallAddISAKMPObject( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject, LDAPModW *** pppLDAPModW ) { DWORD i = 0; LDAPModW ** ppLDAPModW = NULL; LDAPModW * pLDAPModW = NULL; DWORD dwNumAttributes = 5; DWORD dwError = 0; WCHAR Buffer[64]; if (!pIpsecISAKMPObject->pszIpsecName || !*pIpsecISAKMPObject->pszIpsecName) { dwNumAttributes--; } ppLDAPModW = (LDAPModW **) AllocPolMem( (dwNumAttributes+1) * sizeof(LDAPModW*) ); if (!ppLDAPModW) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } pLDAPModW = (LDAPModW *) AllocPolMem( dwNumAttributes * sizeof(LDAPModW) ); if (!pLDAPModW) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } // // 0. objectClass // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"objectClass", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPStringValue( L"ipsecISAKMPPolicy", (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; // // 1. ipsecName // if (pIpsecISAKMPObject->pszIpsecName && *pIpsecISAKMPObject->pszIpsecName) { ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecName", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPStringValue( pIpsecISAKMPObject->pszIpsecName, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; } // // 2. ipsecID // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecID", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPStringValue( pIpsecISAKMPObject->pszIpsecID, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; // // 3. ipsecDataType // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecDataType", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); _itow( pIpsecISAKMPObject->dwIpsecDataType, Buffer, 10 ); dwError = AllocateLDAPStringValue( Buffer, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; // // 4. ipsecData // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecData", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPBinaryValue( pIpsecISAKMPObject->pIpsecData, pIpsecISAKMPObject->dwIpsecDataLen, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW+i)->mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES; i++; *pppLDAPModW = ppLDAPModW; return(dwError); error: if (ppLDAPModW) { FreeLDAPModWs( ppLDAPModW ); } *pppLDAPModW = NULL; return(dwError); } DWORD DirMarshallSetISAKMPObject( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject, LDAPModW *** pppLDAPModW ) { DWORD i = 0; LDAPModW ** ppLDAPModW = NULL; LDAPModW * pLDAPModW = NULL; DWORD dwNumAttributes = 4; DWORD dwError = 0; WCHAR Buffer[64]; if (!pIpsecISAKMPObject->pszIpsecName || !*pIpsecISAKMPObject->pszIpsecName) { dwNumAttributes--; } ppLDAPModW = (LDAPModW **) AllocPolMem( (dwNumAttributes+1) * sizeof(LDAPModW*) ); if (!ppLDAPModW) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } pLDAPModW = (LDAPModW *) AllocPolMem( dwNumAttributes * sizeof(LDAPModW) ); if (!pLDAPModW) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } // // 1. ipsecName // if (pIpsecISAKMPObject->pszIpsecName && *pIpsecISAKMPObject->pszIpsecName) { ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecName", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPStringValue( pIpsecISAKMPObject->pszIpsecName, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; } // // 2. ipsecID // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecID", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPStringValue( pIpsecISAKMPObject->pszIpsecID, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; // // 3. ipsecDataType // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecDataType", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); _itow( pIpsecISAKMPObject->dwIpsecDataType, Buffer, 10 ); dwError = AllocateLDAPStringValue( Buffer, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; // // 4. ipsecData // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecData", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPBinaryValue( pIpsecISAKMPObject->pIpsecData, pIpsecISAKMPObject->dwIpsecDataLen, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW+i)->mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES; i++; *pppLDAPModW = ppLDAPModW; return(dwError); error: if (ppLDAPModW) { FreeLDAPModWs( ppLDAPModW ); } *pppLDAPModW = NULL; return(dwError); } DWORD GenerateAllISAKMPsQuery( LPWSTR * ppszISAKMPString ) { DWORD dwError = 0; DWORD dwLength = 0; LPWSTR pszISAKMPString = NULL; // // Compute Length of Buffer to be allocated // dwLength = wcslen(L"(objectclass=ipsecISAKMPPolicy)"); pszISAKMPString = (LPWSTR) AllocPolMem((dwLength + 1)*sizeof(WCHAR)); if (!pszISAKMPString) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } // // Now fill in the buffer // wcscpy(pszISAKMPString, L"(objectclass=ipsecISAKMPPolicy)"); *ppszISAKMPString = pszISAKMPString; return(0); error: if (pszISAKMPString) { FreePolMem(pszISAKMPString); } *ppszISAKMPString = NULL; return(dwError); } DWORD DirUnmarshallISAKMPData( PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject, PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData ) { DWORD dwError = 0; dwError = UnmarshallISAKMPObject( pIpsecISAKMPObject, ppIpsecISAKMPData ); return(dwError); } DWORD DirMarshallISAKMPObject( PIPSEC_ISAKMP_DATA pIpsecISAKMPData, LPWSTR pszIpsecRootContainer, PIPSEC_ISAKMP_OBJECT * ppIpsecISAKMPObject ) { DWORD dwError = 0; PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject = NULL; WCHAR szGuid[MAX_PATH]; WCHAR szDistinguishedName[MAX_PATH]; LPBYTE pBuffer = NULL; DWORD dwBufferLen = 0; LPWSTR pszStringUuid = NULL; szGuid[0] = L'\0'; szDistinguishedName[0] = L'\0'; pIpsecISAKMPObject = (PIPSEC_ISAKMP_OBJECT)AllocPolMem( sizeof(IPSEC_ISAKMP_OBJECT) ); if (!pIpsecISAKMPObject) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } dwError = UuidToString( &pIpsecISAKMPData->ISAKMPIdentifier, &pszStringUuid ); BAIL_ON_WIN32_ERROR(dwError); wcscpy(szGuid, L"{"); wcscat(szGuid, pszStringUuid); wcscat(szGuid, L"}"); // // Fill in the distinguishedName // wcscpy(szDistinguishedName,L"CN=ipsecISAKMPPolicy"); wcscat(szDistinguishedName, szGuid); wcscat(szDistinguishedName, L","); SecStrCatW(szDistinguishedName, pszIpsecRootContainer, MAX_PATH); pIpsecISAKMPObject->pszDistinguishedName = AllocPolStr( szDistinguishedName ); if (!pIpsecISAKMPObject->pszDistinguishedName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } // // Fill in the ipsecName. // ISAKMPData doesn't have a name. // pIpsecISAKMPObject->pszIpsecName = NULL; /* if (pIpsecISAKMPData->pszIpsecName && *pIpsecISAKMPData->pszIpsecName) { pIpsecISAKMPObject->pszIpsecName = AllocPolStr( pIpsecISAKMPData->pszIpsecName ); if (!pIpsecISAKMPObject->pszIpsecName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } } */ // // Fill in the ipsecID // pIpsecISAKMPObject->pszIpsecID = AllocPolStr( szGuid ); if (!pIpsecISAKMPObject->pszIpsecID) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } // // Fill in the ipsecDataType // pIpsecISAKMPObject->dwIpsecDataType = 0x100; // // Marshall the pIpsecDataBuffer and the Length // dwError = MarshallISAKMPBuffer( pIpsecISAKMPData, &pBuffer, &dwBufferLen ); BAIL_ON_WIN32_ERROR(dwError); pIpsecISAKMPObject->pIpsecData = pBuffer; pIpsecISAKMPObject->dwIpsecDataLen = dwBufferLen; pIpsecISAKMPObject->dwWhenChanged = 0; *ppIpsecISAKMPObject = pIpsecISAKMPObject; cleanup: if (pszStringUuid) { RpcStringFree( &pszStringUuid ); } return(dwError); error: if (pIpsecISAKMPObject) { FreeIpsecISAKMPObject( pIpsecISAKMPObject ); } *ppIpsecISAKMPObject = NULL; goto cleanup; } DWORD DirGetISAKMPData( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, GUID ISAKMPGUID, PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData ) { DWORD dwError = 0; PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject = NULL; PIPSEC_ISAKMP_DATA pIpsecISAKMPData = NULL; dwError = DirGetISAKMPObject( hLdapBindHandle, pszIpsecRootContainer, ISAKMPGUID, &pIpsecISAKMPObject ); BAIL_ON_WIN32_ERROR(dwError); dwError = DirUnmarshallISAKMPData( pIpsecISAKMPObject, &pIpsecISAKMPData ); BAIL_ON_WIN32_ERROR(dwError); *ppIpsecISAKMPData = pIpsecISAKMPData; cleanup: if (pIpsecISAKMPObject) { FreeIpsecISAKMPObject( pIpsecISAKMPObject ); } return(dwError); error: *ppIpsecISAKMPData = NULL; goto cleanup; } DWORD DirGetISAKMPObject( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, GUID ISAKMPGUID, PIPSEC_ISAKMP_OBJECT * ppIpsecISAKMPObject ) { DWORD dwError = 0; LPWSTR pszISAKMPString = NULL; LDAPMessage * res = NULL; DWORD dwCount = 0; LDAPMessage * e = NULL; PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject = NULL; dwError = GenerateSpecificISAKMPQuery( ISAKMPGUID, &pszISAKMPString ); BAIL_ON_WIN32_ERROR(dwError); dwError = LdapSearchST( hLdapBindHandle, pszIpsecRootContainer, LDAP_SCOPE_ONELEVEL, pszISAKMPString, ISAKMPDNAttributes, 0, NULL, &res ); BAIL_ON_WIN32_ERROR(dwError); dwCount = LdapCountEntries( hLdapBindHandle, res ); if (!dwCount) { dwError = ERROR_DS_NO_ATTRIBUTE_OR_VALUE; BAIL_ON_WIN32_ERROR(dwError); } dwError = LdapFirstEntry( hLdapBindHandle, res, &e ); BAIL_ON_WIN32_ERROR(dwError); dwError = UnMarshallISAKMPObject( hLdapBindHandle, e, &pIpsecISAKMPObject ); BAIL_ON_WIN32_ERROR(dwError); *ppIpsecISAKMPObject = pIpsecISAKMPObject; dwError = ERROR_SUCCESS; cleanup: if (pszISAKMPString) { FreePolMem(pszISAKMPString); } if (res) { LdapMsgFree(res); } return(dwError); error: if (pIpsecISAKMPObject) { FreeIpsecISAKMPObject( pIpsecISAKMPObject ); } *ppIpsecISAKMPObject = NULL; goto cleanup; } DWORD GenerateSpecificISAKMPQuery( GUID ISAKMPIdentifier, LPWSTR * ppszISAKMPString ) { DWORD dwError = ERROR_SUCCESS; WCHAR szGuid[MAX_PATH]; WCHAR szCommonName[MAX_PATH]; LPWSTR pszStringUuid = NULL; DWORD dwLength = 0; LPWSTR pszISAKMPString = NULL; szGuid[0] = L'\0'; szCommonName[0] = L'\0'; dwError = UuidToString( &ISAKMPIdentifier, &pszStringUuid ); BAIL_ON_WIN32_ERROR(dwError); wcscpy(szGuid, L"{"); wcscat(szGuid, pszStringUuid); wcscat(szGuid, L"}"); wcscpy(szCommonName, L"cn=ipsecISAKMPPolicy"); wcscat(szCommonName, szGuid); // // Compute Length of Buffer to be allocated // dwLength = wcslen(L"(&(objectclass=ipsecISAKMPPolicy)"); dwLength += wcslen(L"("); dwLength += wcslen(szCommonName); dwLength += wcslen(L"))"); pszISAKMPString = (LPWSTR) AllocPolMem((dwLength + 1)*sizeof(WCHAR)); if (!pszISAKMPString) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } wcscpy(pszISAKMPString, L"(&(objectclass=ipsecISAKMPPolicy)"); wcscat(pszISAKMPString, L"("); wcscat(pszISAKMPString, szCommonName); wcscat(pszISAKMPString, L"))"); *ppszISAKMPString = pszISAKMPString; cleanup: if (pszStringUuid) { RpcStringFree(&pszStringUuid); } return(dwError); error: if (pszISAKMPString) { FreePolMem(pszISAKMPString); } *ppszISAKMPString = NULL; goto cleanup; }