//////////////////////////////////////////////////////////////////////// // // Module : Dynamic/Dynamic.cpp // // Purpose : Dynamic Module Implementation. // // // Developers Name : Bharat/Radhika // // Description : All functions are netshell dynamic context interface and // calls appropriate functions. // // History : // // Date Author Comments // 8-10-2001 Bharat Initial Version. V1.0 // //////////////////////////////////////////////////////////////////////// #include "nshipsec.h" #include "nshcertmgmt.h" extern HINSTANCE g_hModule; extern HKEY g_hGlobalRegistryKey; extern _TCHAR* g_szDynamicMachine; extern STORAGELOCATION g_StorageLocation; /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicAddQMPolicy // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Netshell Dynamic handle for add quick mode policy. // // Revision History: // // Date Author Comments // 8-10-2001 Bharat Initial Version. V1.0 // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicAddQMPolicy( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { IPSEC_QM_POLICY QMPol; LPTSTR pszPolicyName = NULL; DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwPFSGr = 0; DWORD dwNameLen = 0; DWORD dwCount = 0, j=0; BOOL bSoft=FALSE, bDefault=FALSE, bQmpfs=FALSE; const TAG_TYPE vcmdDynamicAddQMPolicy[] = { { CMD_TOKEN_STR_NAME, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_SOFT, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_PFSGROUP, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DEFRESPONSE, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_NEGOTIATION, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicAddQMPolicy[] = { { CMD_TOKEN_STR_NAME, CMD_TOKEN_NAME }, { CMD_TOKEN_STR_SOFT, CMD_TOKEN_SOFT }, { CMD_TOKEN_STR_PFSGROUP, CMD_TOKEN_PFSGROUP }, { CMD_TOKEN_STR_DEFRESPONSE, CMD_TOKEN_DEFRESPONSE }, { CMD_TOKEN_STR_NEGOTIATION, CMD_TOKEN_NEGOTIATION } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); memset(&QMPol, 0, sizeof(IPSEC_QM_POLICY)); QMPol.pOffers = NULL; // // Bail out as user has not given sufficient arguments. // if(dwArgCount <= 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } parser.ValidTok = vtokDynamicAddQMPolicy; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicAddQMPolicy); parser.ValidCmd = vcmdDynamicAddQMPolicy; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicAddQMPolicy); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCount 3) { CleanUp(); } if(pszPolicyName) { delete [] pszPolicyName; } if(QMPol.pOffers) { if(QMPol.dwOfferCount) { delete [] (QMPol.pOffers); } else { delete QMPol.pOffers; } } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE) &&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicSetQMPolicy // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Netshell Dynamic handle for set quick mode policy // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicSetQMPolicy( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { LPTSTR pszPolicyName = NULL; DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwNameLen = 0; DWORD dwCount = 0, j=0; DWORD dwPFSGr = 0; DWORD dwOldPFSGr = 0; DWORD dwVersion = 0; BOOL bQmpfs = FALSE, bOldQmpfs = FALSE; PIPSEC_QM_POLICY pOldQMPol = NULL; PIPSEC_QM_POLICY pQMPol = NULL; const TAG_TYPE vcmdDynamicSetQMPolicy[] = { { CMD_TOKEN_STR_NAME, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_SOFT, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_PFSGROUP, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DEFRESPONSE, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_NEGOTIATION, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicSetQMPolicy[] = { { CMD_TOKEN_STR_NAME, CMD_TOKEN_NAME }, { CMD_TOKEN_STR_SOFT, CMD_TOKEN_SOFT }, { CMD_TOKEN_STR_PFSGROUP, CMD_TOKEN_PFSGROUP }, { CMD_TOKEN_STR_DEFRESPONSE, CMD_TOKEN_DEFRESPONSE }, { CMD_TOKEN_STR_NEGOTIATION, CMD_TOKEN_NEGOTIATION } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); // // Bail out as user has not given sufficient arguments. // if(dwArgCount <= 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } parser.ValidTok = vtokDynamicSetQMPolicy; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicSetQMPolicy); parser.ValidCmd = vcmdDynamicSetQMPolicy; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicSetQMPolicy); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCountpszPolicyName) + 1; pQMPol->pszPolicyName = new _TCHAR[dwNameLen]; if(pQMPol->pszPolicyName == NULL) { dwReturn = ERROR_OUTOFMEMORY; BAIL_OUT; } _tcsncpy(pQMPol->pszPolicyName, pOldQMPol->pszPolicyName, dwNameLen); // // Copy old qmoffer // pQMPol->pOffers = new IPSEC_QM_OFFER[pQMPol->dwOfferCount]; if(pQMPol->pOffers == NULL) { dwReturn = ERROR_OUTOFMEMORY; BAIL_OUT; } for(j=0; jdwOfferCount; j++) { memcpy(&(pQMPol->pOffers[j]), &(pOldQMPol->pOffers[j]), sizeof(IPSEC_QM_OFFER)); } SPDApiBufferFree(pOldQMPol); pOldQMPol = NULL; // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCountdwFlags |= IPSEC_QM_POLICY_ALLOW_SOFT; } else { pQMPol->dwFlags &= ~IPSEC_QM_POLICY_ALLOW_SOFT; } } break; case CMD_TOKEN_DEFRESPONSE : if (parser.Cmd[dwCount].dwStatus == VALID_TOKEN) { // // Set the default_rule flag. // if(*(BOOL *)parser.Cmd[dwCount].pArg) { pQMPol->dwFlags |= IPSEC_MM_POLICY_DEFAULT_POLICY; } else { pQMPol->dwFlags &= ~IPSEC_MM_POLICY_DEFAULT_POLICY; } } break; case CMD_TOKEN_PFSGROUP : if (parser.Cmd[dwCount].dwStatus == VALID_TOKEN) { // // Check if pfsgroup is given, as pfs required parameter also needs to be set. // bQmpfs = TRUE; dwPFSGr = *(DWORD *)parser.Cmd[dwCount].pArg; } break; case CMD_TOKEN_NEGOTIATION : IPSEC_QM_OFFER *SecMethod; if (parser.Cmd[dwCount].dwStatus > 0) { if((pQMPol->pOffers)&&(pQMPol->dwOfferCount)) { dwOldPFSGr = pQMPol->pOffers[0].dwPFSGroup; bOldQmpfs = pQMPol->pOffers[0].bPFSRequired; if(pQMPol->dwOfferCount) { delete [] pQMPol->pOffers; } else { delete pQMPol->pOffers; } } pQMPol->dwOfferCount = parser.Cmd[dwCount].dwStatus; pQMPol->pOffers = new IPSEC_QM_OFFER[pQMPol->dwOfferCount]; if(pQMPol->pOffers == NULL) { dwReturn = ERROR_OUTOFMEMORY; BAIL_OUT; } // // Copy user given offer. // for(j=0;jdwOfferCount;j++) { SecMethod = ((IPSEC_QM_OFFER **)parser.Cmd[dwCount].pArg)[j]; if(SecMethod->dwNumAlgos > 0) { pQMPol->pOffers[j].dwNumAlgos = SecMethod->dwNumAlgos; memcpy(&(pQMPol->pOffers[j].Algos), &(SecMethod->Algos), sizeof(IPSEC_QM_ALGO[QM_MAX_ALGOS])); } pQMPol->pOffers[j].Lifetime.uKeyExpirationKBytes = SecMethod->Lifetime.uKeyExpirationKBytes; pQMPol->pOffers[j].Lifetime.uKeyExpirationTime = SecMethod->Lifetime.uKeyExpirationTime; pQMPol->pOffers[j].bPFSRequired = bOldQmpfs; pQMPol->pOffers[j].dwPFSGroup = dwOldPFSGr; } } break; default : break; } } // // If only pfs group is given without the qm offer then copy it separately. // for(j=0;jdwOfferCount;j++) { if(bQmpfs) { pQMPol->pOffers[j].bPFSRequired = bQmpfs; switch(dwPFSGr) { case 0: pQMPol->pOffers[j].dwPFSGroup = 0; pQMPol->pOffers[j].bPFSRequired = FALSE; break; case 1: pQMPol->pOffers[j].dwPFSGroup = PFS_GROUP_1; pQMPol->pOffers[j].bPFSRequired = TRUE; break; case 2: pQMPol->pOffers[j].dwPFSGroup = PFS_GROUP_2; pQMPol->pOffers[j].bPFSRequired = TRUE; break; case 3: pQMPol->pOffers[j].dwPFSGroup = PFS_GROUP_2048; pQMPol->pOffers[j].bPFSRequired = TRUE; break; case 4: pQMPol->pOffers[j].dwPFSGroup = PFS_GROUP_MM; pQMPol->pOffers[j].bPFSRequired = TRUE; break; } } } // // Set the quick mode policy // dwReturn = SetQuickModePolicy( pszPolicyName, pQMPol); error: if(dwArgCount > 3) { CleanUp(); } if(pszPolicyName) { delete [] pszPolicyName; } // // error clean up path. // if((pQMPol) && (pQMPol->pOffers)) { if(pQMPol->dwOfferCount) { delete [] pQMPol->pOffers; } else { delete pQMPol->pOffers; } } if((pQMPol) && (pQMPol->pszPolicyName)) { delete [] pQMPol->pszPolicyName; } if(pOldQMPol) { SPDApiBufferFree(pOldQMPol); pOldQMPol = NULL; } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE) &&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicAddMMPolicy // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Netshell Dynamic handle for add main mode policy // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicAddMMPolicy( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwNameLen = 0; DWORD dwCount = 0; IPSEC_MM_POLICY MMPol; LPTSTR pszPolicyName = NULL; DWORD dwQmperMM = 0; DWORD dwKbLife = 0; DWORD dwSecLife = POTF_DEFAULT_P1REKEY_TIME, j=0; const TAG_TYPE vcmdDynamicAddMMPolicy[] = { { CMD_TOKEN_STR_NAME, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_QMPERMM, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_MMLIFETIME, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_SOFTSAEXPTIME, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DEFRESPONSE, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_MMSECMETHODS, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicAddMMPolicy[] = { { CMD_TOKEN_STR_NAME, CMD_TOKEN_NAME }, { CMD_TOKEN_STR_QMPERMM, CMD_TOKEN_QMPERMM }, { CMD_TOKEN_STR_MMLIFETIME, CMD_TOKEN_MMLIFETIME }, { CMD_TOKEN_STR_SOFTSAEXPTIME, CMD_TOKEN_SOFTSAEXPTIME }, { CMD_TOKEN_STR_DEFRESPONSE, CMD_TOKEN_DEFRESPONSE }, { CMD_TOKEN_STR_MMSECMETHODS, CMD_TOKEN_MMSECMETHODS } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); memset(&MMPol, 0, sizeof(IPSEC_MM_POLICY)); MMPol.uSoftExpirationTime = POTF_DEF_P1SOFT_TIME; // // Bail out as user has not given sufficient arguments. // if(dwArgCount <= 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } parser.ValidTok = vtokDynamicAddMMPolicy; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicAddMMPolicy); parser.ValidCmd = vcmdDynamicAddMMPolicy; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicAddMMPolicy); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCount 3) { CleanUp(); } // // Error cleanup path // if(pszPolicyName) { delete [] pszPolicyName; } if(MMPol.pOffers) { if(MMPol.dwOfferCount > 1) { delete [] (MMPol.pOffers); } else { delete MMPol.pOffers; } } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE)&&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicSetMMPolicy // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Netshell Dynamic handle for set main mode policy // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicSetMMPolicy( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwCount = 0, j=0; DWORD dwNameLen = 0; LPTSTR pszPolicyName = NULL; IPSEC_MM_POLICY MMPol; PIPSEC_MM_POLICY pMMPol = NULL; BOOL bSeclife = FALSE, bQmpermm = FALSE; DWORD dwQmperMM = 0; DWORD dwSecLife = POTF_DEFAULT_P1REKEY_TIME; DWORD dwOldQmperMM = 0; DWORD dwOldKbLife = 0; DWORD dwOldSecLife = 0; DWORD dwVersion = 0; const TAG_TYPE vcmdDynamicSetMMPolicy[] = { { CMD_TOKEN_STR_NAME, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_QMPERMM, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_MMLIFETIME, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_SOFTSAEXPTIME, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DEFRESPONSE, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_MMSECMETHODS, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicSetMMPolicy[] = { { CMD_TOKEN_STR_NAME, CMD_TOKEN_NAME }, { CMD_TOKEN_STR_QMPERMM, CMD_TOKEN_QMPERMM }, { CMD_TOKEN_STR_MMLIFETIME, CMD_TOKEN_MMLIFETIME }, { CMD_TOKEN_STR_SOFTSAEXPTIME, CMD_TOKEN_SOFTSAEXPTIME }, { CMD_TOKEN_STR_DEFRESPONSE, CMD_TOKEN_DEFRESPONSE }, { CMD_TOKEN_STR_MMSECMETHODS, CMD_TOKEN_MMSECMETHODS } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); memset(&MMPol, 0, sizeof(IPSEC_MM_POLICY)); MMPol.uSoftExpirationTime = POTF_DEF_P1SOFT_TIME; // // Bail out as user has not given sufficient arguments. // if(dwArgCount <= 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } parser.ValidTok = vtokDynamicSetMMPolicy; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicSetMMPolicy); parser.ValidCmd = vcmdDynamicSetMMPolicy; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicSetMMPolicy); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCountpszPolicyName)+1; MMPol.pszPolicyName = new _TCHAR[dwNameLen]; if(MMPol.pszPolicyName == NULL) { dwReturn = ERROR_OUTOFMEMORY; BAIL_OUT; } _tcsncpy(MMPol.pszPolicyName, pMMPol->pszPolicyName, dwNameLen); MMPol.pOffers = new IPSEC_MM_OFFER[MMPol.dwOfferCount]; if(MMPol.pOffers == NULL) { dwReturn = ERROR_OUTOFMEMORY; BAIL_OUT; } for(j=0; jpOffers[j]), sizeof(IPSEC_MM_OFFER)); } SPDApiBufferFree(pMMPol); pMMPol = NULL; // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCountdwDHGroup; MMPol.pOffers[j].EncryptionAlgorithm = SecMethod->EncryptionAlgorithm; MMPol.pOffers[j].HashingAlgorithm = SecMethod->HashingAlgorithm; MMPol.pOffers[j].dwQuickModeLimit = dwOldQmperMM; MMPol.pOffers[j].Lifetime.uKeyExpirationKBytes = dwOldKbLife; MMPol.pOffers[j].Lifetime.uKeyExpirationTime = dwOldSecLife; } } break; default : break; } } // // Copy qmpermm and lifetime separately if mm offer is not given by user. // for(j=0;j 3) { CleanUp(); } // // error cleanup path. // if(pszPolicyName) { delete [] pszPolicyName; } if(MMPol.pszPolicyName) delete [] MMPol.pszPolicyName; if(MMPol.pOffers) { if(MMPol.dwOfferCount) { delete [] (MMPol.pOffers); } else { delete (MMPol.pOffers); } } if(pMMPol) { SPDApiBufferFree(pMMPol); pMMPol = NULL; } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE)&&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicShowAll // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Netshell Dynamic handle for show all // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicShowAll( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { DWORD dwReturn = ERROR_SHOW_USAGE,dwCount; ADDR SrcAddr,DesAddr; BOOL bResolveDNS = FALSE; BOOL bSrcMask = FALSE; BOOL bDstMask = FALSE; SrcAddr.uIpAddr = 0xFFFFFFFF; DesAddr.uIpAddr = 0xFFFFFFFF; SrcAddr.AddrType = IP_ADDR_UNIQUE; DesAddr.AddrType = IP_ADDR_UNIQUE; DWORD dwProtocol = 0xFFFFFFFF; QM_FILTER_VALUE_BOOL QMBoolValue; QMBoolValue.bSrcPort = FALSE; QMBoolValue.bDstPort= FALSE; QMBoolValue.bProtocol= FALSE; QMBoolValue.bActionInbound = FALSE; QMBoolValue.bActionOutbound= FALSE; NshHashTable addressHash; // // To take care of PASS in test tool, as show is being tested only for parser output. // UpdateGetLastError(NULL); const TAG_TYPE vcmdDynamicShowAll[] = { { CMD_TOKEN_STR_RESDNS, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicShowAll[] = { { CMD_TOKEN_STR_RESDNS, CMD_TOKEN_RESDNS } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); if(dwArgCount == 3) { //if no argument specified print with default options goto PRINT; } else if(dwArgCount < 3) { // // Bail out as user has not given sufficient arguments. // PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } parser.ValidTok = vtokDynamicShowAll; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicShowAll); parser.ValidCmd = vcmdDynamicShowAll; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicShowAll); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCountpszGPODisplayName) delete [] pGPO->pszGPODisplayName; if(pGPO->pszGPODNName) delete [] pGPO->pszGPODNName; if(pGPO->pszPolicyName) delete [] pGPO->pszPolicyName; if(pGPO->pszLocalPolicyName) delete [] pGPO->pszLocalPolicyName; if(pGPO->pszPolicyDNName) delete [] pGPO->pszPolicyDNName; if(pGPO->pszDomainName) delete [] pGPO->pszDomainName; if(pGPO->pszDCName) delete [] pGPO->pszDCName; if(pGPO->pszOULink) delete [] pGPO->pszOULink; delete pGPO; pGPO = NULL; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicShowRegKeys // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Netshell Dynamic handle for show registry keys of ipsec driver. // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicShowRegKeys( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { DWORD dwReturn = ERROR_SHOW_USAGE; //No errors should be displayed in test tool, //as show commands are only tested for parser output. UpdateGetLastError(NULL); if(dwArgCount > 2) { dwReturn = ShowRegKeys(); } else { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE)&&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, ERRCODE_SHOW_REG_16); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicShowStats // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Netshell Dynamic handle for show statistics // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicShowStats( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwShow = STATS_ALL; DWORD dwCount = 0; const TAG_TYPE vcmdDynamicShowStatistics[] = { { CMD_TOKEN_STR_TYPE, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicShowStatistics[] = { { CMD_TOKEN_STR_TYPE, CMD_TOKEN_TYPE } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); if(dwArgCount == 3) { dwReturn = ShowStats(dwShow); BAIL_OUT; } // // Bail out as user has not given sufficient arguments. // else if(dwArgCount < 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } parser.ValidTok = vtokDynamicShowStatistics; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicShowStatistics); parser.ValidCmd = vcmdDynamicShowStatistics; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicShowStatistics); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCount 3) { CleanUp(); } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE)&&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicShowMMSas // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Netshell Dynamic handle for show main mode security associations // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicShowMMSas( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwCount = 0; BOOL bFormat = FALSE; BOOL bResolveDNS = FALSE; ADDR SrcAddr,DesAddr; NshHashTable addressHash; // // Default values // SrcAddr.uIpAddr = 0xFFFFFFFF; DesAddr.uIpAddr = 0xFFFFFFFF; SrcAddr.AddrType = IP_ADDR_UNIQUE; DesAddr.AddrType = IP_ADDR_UNIQUE; const TAG_TYPE vcmdDynamicShowMMSAs[] = { { CMD_TOKEN_STR_ALL, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_SRCADDR, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DSTADDR, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_FORMAT, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_RESDNS, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicShowMMSAs[] = { { CMD_TOKEN_STR_ALL, CMD_TOKEN_ALL }, { CMD_TOKEN_STR_SRCADDR, CMD_TOKEN_SRCADDR }, { CMD_TOKEN_STR_DSTADDR, CMD_TOKEN_DSTADDR }, { CMD_TOKEN_STR_FORMAT, CMD_TOKEN_FORMAT }, { CMD_TOKEN_STR_RESDNS, CMD_TOKEN_RESDNS } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); if(dwArgCount == 3) { // // all the records are to be displayed // dwReturn = ShowMMSas(SrcAddr, DesAddr, bFormat, addressHash, bResolveDNS); BAIL_OUT; } // // Bail out as user has not given sufficient arguments. // else if(dwArgCount < 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } parser.ValidTok = vtokDynamicShowMMSAs; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicShowMMSAs); parser.ValidCmd = vcmdDynamicShowMMSAs; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicShowMMSAs); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine, ppwcArguments, dwCurrentIndex, dwArgCount, &parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCount 3) { CleanUp(); } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE)&&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // //Function: HandleDynamicShowQMSas // //Date of Creation: 9-23-2001 // //Parameters: // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone //Return: DWORD // //Description: Netshell Dynamic handle for show quick mode security associations. // //Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicShowQMSas( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwCount = 0; BOOL bFormat = FALSE; BOOL bResolveDNS = FALSE; ADDR SrcAddr,DesAddr; // // Default values // SrcAddr.uIpAddr = 0xFFFFFFFF; DesAddr.uIpAddr = 0xFFFFFFFF; SrcAddr.AddrType = IP_ADDR_UNIQUE; DesAddr.AddrType = IP_ADDR_UNIQUE; SrcAddr.uSubNetMask = 0x55555555; DesAddr.uSubNetMask = 0x55555555; DWORD dwProtocol = 0xFFFFFFFF; NshHashTable addressHash; const TAG_TYPE vcmdDynamicShowQMSAs[] = { { CMD_TOKEN_STR_ALL, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_SRCADDR, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DSTADDR, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_PROTO, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_FORMAT, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_RESDNS, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicShowQMSAs[] = { { CMD_TOKEN_STR_ALL, CMD_TOKEN_ALL }, { CMD_TOKEN_STR_SRCADDR, CMD_TOKEN_SRCADDR }, { CMD_TOKEN_STR_DSTADDR, CMD_TOKEN_DSTADDR }, { CMD_TOKEN_STR_PROTO, CMD_TOKEN_PROTO }, { CMD_TOKEN_STR_FORMAT, CMD_TOKEN_FORMAT }, { CMD_TOKEN_STR_RESDNS, CMD_TOKEN_RESDNS } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); parser.ValidTok = vtokDynamicShowQMSAs; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicShowQMSAs); parser.ValidCmd = vcmdDynamicShowQMSAs; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicShowQMSAs); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCount 3) { CleanUp(); } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE)&&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicShowMMPolicy // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Netshell Dynamic handle for show main mode policy. // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicShowMMPolicy( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwCount = 0; DWORD dwNameLen = 0; LPTSTR pszPolicyName = NULL; BOOL bAll = FALSE; const TAG_TYPE vcmdDynamicShowMMPolicy[] = { { CMD_TOKEN_STR_NAME, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_ALL, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicShowMMPolicy[] = { { CMD_TOKEN_STR_NAME, CMD_TOKEN_NAME }, { CMD_TOKEN_STR_ALL, CMD_TOKEN_ALL } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); // // Bail out as user has not given sufficient arguments. // if(dwArgCount <= 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } parser.ValidTok = vtokDynamicShowMMPolicy; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicShowMMPolicy); parser.ValidCmd = vcmdDynamicShowMMPolicy; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicShowMMPolicy); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCount 3) { CleanUp(); } if(pszPolicyName) { delete [] pszPolicyName; } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE)&&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicShowQMPolicy // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Netshell Dynamic handle for show quick mode policy // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicShowQMPolicy( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwNameLen = 0; DWORD dwCount = 0; LPTSTR pszPolicyName = NULL; BOOL bAll = FALSE; const TAG_TYPE vcmdDynamicShowQMPolicy[] = { { CMD_TOKEN_STR_NAME, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_ALL, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicShowQMPolicy[] = { { CMD_TOKEN_STR_NAME, CMD_TOKEN_NAME }, { CMD_TOKEN_STR_ALL, CMD_TOKEN_ALL } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); // // Bail out as user has not given sufficient arguments. // if(dwArgCount <= 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } parser.ValidTok = vtokDynamicShowQMPolicy; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicShowQMPolicy); parser.ValidCmd = vcmdDynamicShowQMPolicy; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicShowQMPolicy); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCount 3) { CleanUp(); } if(pszPolicyName) { delete [] pszPolicyName; } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE)&&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicShowMMFilter // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Netshell Dynamic handle for show main mode filter. // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicShowMMFilter( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwCount = 0; DWORD dwNameLen = 0; LPTSTR pszFilterName = NULL; LPTSTR pszPolicyName = NULL; BOOL bAll = FALSE; BOOL bType = TRUE; DWORD dwType = FILTER_GENERIC; //default initialization to GENERIC, BOOL bResolveDNS = FALSE; ADDR DesAddr, SrcAddr; BOOL bSrcMask = FALSE; BOOL bDstMask = FALSE; NshHashTable addressHash; const TAG_TYPE vcmdDynamicShowMMFilter[] = { { CMD_TOKEN_STR_NAME, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_ALL, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_TYPE, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_SRCADDR, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DSTADDR, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_SRCMASK, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DSTMASK, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_RESDNS, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicShowMMFilter[] = { { CMD_TOKEN_STR_NAME, CMD_TOKEN_NAME }, { CMD_TOKEN_STR_ALL, CMD_TOKEN_ALL }, { CMD_TOKEN_STR_TYPE, CMD_TOKEN_TYPE }, { CMD_TOKEN_STR_SRCADDR, CMD_TOKEN_SRCADDR }, { CMD_TOKEN_STR_DSTADDR, CMD_TOKEN_DSTADDR }, { CMD_TOKEN_STR_SRCMASK, CMD_TOKEN_SRCMASK }, { CMD_TOKEN_STR_DSTMASK, CMD_TOKEN_DSTMASK }, { CMD_TOKEN_STR_RESDNS, CMD_TOKEN_RESDNS } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); // // Bail out as user has not given sufficient arguments. // if(dwArgCount <= 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } SrcAddr.uIpAddr = 0xFFFFFFFF; DesAddr.uIpAddr = 0xFFFFFFFF; SrcAddr.uSubNetMask = IP_ADDRESS_MASK_NONE; DesAddr.uSubNetMask = IP_ADDRESS_MASK_NONE; SrcAddr.AddrType = IP_ADDR_UNIQUE; DesAddr.AddrType = IP_ADDR_UNIQUE; parser.ValidTok = vtokDynamicShowMMFilter; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicShowMMFilter); parser.ValidCmd = vcmdDynamicShowMMFilter; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicShowMMFilter); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCount 3) { CleanUp(); } if(pszFilterName) { delete [] pszFilterName; } if(pszPolicyName) { delete [] pszPolicyName; } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE)&&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicShowQMFilter // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Netshell Dynamic handle for quick mode filter. // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicShowQMFilter( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwCount = 0; DWORD dwNameLen = 0; LPTSTR pszFilterName = NULL; BOOL bAll = FALSE; BOOL bType = TRUE; DWORD dwType = FILTER_GENERIC; // Default initialization to GENERIC BOOL bResolveDNS = FALSE; ADDR DesAddr, SrcAddr; BOOL bSrcMask = FALSE; BOOL bDstMask = FALSE; QM_FILTER_VALUE_BOOL QmBoolValue; NshHashTable addressHash; const TAG_TYPE vcmdDynamicShowQMFilter[] = { { CMD_TOKEN_STR_NAME, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_ALL, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_TYPE, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_SRCADDR, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DSTADDR, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_SRCMASK, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DSTMASK, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_PROTO, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_SRCPORT, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DSTPORT, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_INBOUND, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_OUTBOUND, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_RESDNS, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicShowQMFilter[] = { { CMD_TOKEN_STR_NAME, CMD_TOKEN_NAME }, { CMD_TOKEN_STR_ALL, CMD_TOKEN_ALL }, { CMD_TOKEN_STR_TYPE, CMD_TOKEN_TYPE }, { CMD_TOKEN_STR_SRCADDR, CMD_TOKEN_SRCADDR }, { CMD_TOKEN_STR_DSTADDR, CMD_TOKEN_DSTADDR }, { CMD_TOKEN_STR_SRCMASK, CMD_TOKEN_SRCMASK }, { CMD_TOKEN_STR_DSTMASK, CMD_TOKEN_DSTMASK }, { CMD_TOKEN_STR_PROTO, CMD_TOKEN_PROTO }, { CMD_TOKEN_STR_SRCPORT, CMD_TOKEN_SRCPORT }, { CMD_TOKEN_STR_DSTPORT, CMD_TOKEN_DSTPORT }, { CMD_TOKEN_STR_INBOUND, CMD_TOKEN_INBOUND }, { CMD_TOKEN_STR_OUTBOUND, CMD_TOKEN_OUTBOUND }, { CMD_TOKEN_STR_RESDNS, CMD_TOKEN_RESDNS } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); QmBoolValue.bSrcPort = FALSE; QmBoolValue.bDstPort = FALSE; QmBoolValue.bProtocol = FALSE; QmBoolValue.bActionInbound = FALSE; QmBoolValue.bActionOutbound = FALSE; // // Bail out as user has not given sufficient arguments. // if(dwArgCount <= 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } SrcAddr.uIpAddr = 0xFFFFFFFF; DesAddr.uIpAddr = 0xFFFFFFFF; SrcAddr.uSubNetMask = IP_ADDRESS_MASK_NONE; DesAddr.uSubNetMask = IP_ADDRESS_MASK_NONE; SrcAddr.AddrType = IP_ADDR_UNIQUE; DesAddr.AddrType = IP_ADDR_UNIQUE; parser.ValidTok = vtokDynamicShowQMFilter; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicShowQMFilter); parser.ValidCmd = vcmdDynamicShowQMFilter; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicShowQMFilter); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCount 3) { CleanUp(); } if(pszFilterName) { delete [] pszFilterName; } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE)&&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicShowRule // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Netshell Dynamic handle for quick mode filter. // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicShowRule( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwCount = 0; DWORD dwType = 0; // Default initialization to show both Transport and tunnel BOOL bResolveDNS = FALSE; ADDR DesAddr, SrcAddr; BOOL bSrcMask = FALSE; BOOL bDstMask = FALSE; QM_FILTER_VALUE_BOOL QmBoolValue; NshHashTable addressHash; const TAG_TYPE vcmdDynamicShowRule[] = { { CMD_TOKEN_STR_TYPE, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_SRCADDR, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DSTADDR, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_SRCMASK, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DSTMASK, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_PROTO, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_SRCPORT, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DSTPORT, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_INBOUND, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_OUTBOUND, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_RESDNS, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicShowRule[] = { { CMD_TOKEN_STR_TYPE, CMD_TOKEN_TYPE }, { CMD_TOKEN_STR_SRCADDR, CMD_TOKEN_SRCADDR }, { CMD_TOKEN_STR_DSTADDR, CMD_TOKEN_DSTADDR }, { CMD_TOKEN_STR_SRCMASK, CMD_TOKEN_SRCMASK }, { CMD_TOKEN_STR_DSTMASK, CMD_TOKEN_DSTMASK }, { CMD_TOKEN_STR_PROTO, CMD_TOKEN_PROTO }, { CMD_TOKEN_STR_SRCPORT, CMD_TOKEN_SRCPORT }, { CMD_TOKEN_STR_DSTPORT, CMD_TOKEN_DSTPORT }, { CMD_TOKEN_STR_INBOUND, CMD_TOKEN_INBOUND }, { CMD_TOKEN_STR_OUTBOUND, CMD_TOKEN_OUTBOUND }, { CMD_TOKEN_STR_RESDNS, CMD_TOKEN_RESDNS } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); QmBoolValue.bSrcPort = FALSE; QmBoolValue.bDstPort = FALSE; QmBoolValue.bProtocol = FALSE; QmBoolValue.bActionInbound = FALSE; QmBoolValue.bActionOutbound = FALSE; SrcAddr.uIpAddr = 0xFFFFFFFF; DesAddr.uIpAddr = 0xFFFFFFFF; SrcAddr.uSubNetMask = IP_ADDRESS_MASK_NONE; DesAddr.uSubNetMask = IP_ADDRESS_MASK_NONE; SrcAddr.AddrType = IP_ADDR_UNIQUE; DesAddr.AddrType = IP_ADDR_UNIQUE; // // if no arguments are given show all the rules // if(dwArgCount == 3) { dwReturn = ShowRule(dwType, SrcAddr, DesAddr, addressHash, bResolveDNS, bSrcMask, bDstMask, QmBoolValue); BAIL_OUT; } // // Bail out as user has not given sufficient arguments. // else if(dwArgCount < 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } parser.ValidTok = vtokDynamicShowRule; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicShowRule); parser.ValidCmd = vcmdDynamicShowRule; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicShowRule); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCount 3) { CleanUp(); } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE)&&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicDeleteQMPolicy // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Netshell Dynamic handle for quick mode policy. // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicDeleteQMPolicy( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwNameLen = 0; DWORD dwCount = 0; LPTSTR pPolicyName = NULL; const TAG_TYPE vcmdDynamicDeleteQMPolicy[] = { { CMD_TOKEN_STR_NAME, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_ALL, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicDeleteQMPolicy[] = { { CMD_TOKEN_STR_NAME, CMD_TOKEN_NAME }, { CMD_TOKEN_STR_ALL, CMD_TOKEN_ALL } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); // // Bail out as user has not given sufficient arguments. // if(dwArgCount <= 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } parser.ValidTok = vtokDynamicDeleteQMPolicy; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicDeleteQMPolicy); parser.ValidCmd = vcmdDynamicDeleteQMPolicy; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicDeleteQMPolicy); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCount 3) { CleanUp(); } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE)&&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicDeleteMMPolicy // // Date of Creation: 9-23-2001 // // Parameters: // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Netshell Dynamic handle for delete main mode policy // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicDeleteMMPolicy( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwNameLen = 0; DWORD dwCount = 0; LPTSTR pPolicyName = NULL; const TAG_TYPE vcmdDynamicDeleteMMPolicy[] = { { CMD_TOKEN_STR_NAME, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_ALL, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicDeleteMMPolicy[] = { { CMD_TOKEN_STR_NAME, CMD_TOKEN_NAME }, { CMD_TOKEN_STR_ALL, CMD_TOKEN_ALL } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); // // Bail out as user has not given sufficient arguments. // if(dwArgCount <= 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } parser.ValidTok = vtokDynamicDeleteMMPolicy; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicDeleteMMPolicy); parser.ValidCmd = vcmdDynamicDeleteMMPolicy; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicDeleteMMPolicy); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { // // This is to avoid multiple error messages display // dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCount 3) { CleanUp(); } if(pPolicyName) { delete [] pPolicyName; } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE)&&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicDeleteAll // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Netshell Dynamic handle for delete all. // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicDeleteAll( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { DWORD dwReturn = ERROR_SHOW_USAGE; //to take care no errors at test tool UpdateGetLastError(NULL); dwReturn = DeleteTunnelFilters(); if(dwReturn != ERROR_SUCCESS) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } dwReturn = DeleteTransportFilters(); if(dwReturn != ERROR_SUCCESS) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } dwReturn = DeleteQMPolicy(NULL); if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } dwReturn = DeleteMMFilters(); if(dwReturn != ERROR_SUCCESS) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } dwReturn = DeleteMMPolicy(NULL); if((dwReturn != ERROR_SUCCESS)&& (dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } dwReturn = DeleteAuthMethods(); if(dwReturn != ERROR_SUCCESS) { //api errors if(dwReturn == WIN32_AUTH_BEING_USED) //Win32 Error [13012] message is same as 13002. { //So, it is converted to meaningful IPSec error code PrintErrorMessage(IPSEC_ERR, dwReturn, ERRCODE_DELETE_AUTH_BEING_USED); } else { PrintErrorMessage(WIN32_ERR, dwReturn, NULL); } dwReturn = ERROR_SUCCESS; } return dwReturn; } ////////////////////////////////////////////////////////////////////////////////////////// // // WriteRegKey // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WriteRegKey( LPTSTR lpValueName, BYTE* data, size_t uiDataSize, DWORD dwDataType ) { DWORD dwReturn = 0; HKEY hRegistryKey; DWORD dwDisposition = 0; dwReturn = RegCreateKeyEx( g_hGlobalRegistryKey, REGKEY_GLOBAL, 0, NULL, 0, KEY_ALL_ACCESS, NULL, &hRegistryKey, &dwDisposition ); if(dwReturn != ERROR_SUCCESS) { BAIL_OUT; } dwReturn = RegSetValueEx( hRegistryKey, lpValueName, 0, dwDataType, data, uiDataSize ); if(dwReturn != ERROR_SUCCESS) { BAIL_OUT; } error: if(hRegistryKey) { RegCloseKey(hRegistryKey); } return dwReturn; } DWORD WriteRegKey( LPTSTR lpValueName, DWORD dwData ) { return WriteRegKey(lpValueName, (BYTE*)&dwData, sizeof(DWORD), REG_DWORD); } DWORD ParseProtocol( LPTSTR lpData, BYTE* pProtocol ) { DWORD dwReturn = ERROR_SUCCESS; BYTE value = 0; // get protocol if (_tcsicmp(lpData, IF_TYPE_UDP) == 0) { value = PROT_ID_UDP; } else if (_tcsicmp(lpData, IF_TYPE_TCP) == 0) { value = PROT_ID_TCP; } else if (_tcsicmp(lpData, IF_TYPE_ICMP) == 0) { value = PROT_ID_ICMP; } else if (_tcsicmp(lpData, IF_TYPE_RAW) == 0) { value = PROT_ID_RAW; } else // try to parse it as an integer { DWORD dwValue = 0; dwReturn = ConvertStringToDword(lpData, &dwValue); if ((dwReturn != ERROR_SUCCESS) || (dwValue < 1) || (dwValue > 255)) { dwReturn = ERRCODE_INVALID_ARGS; BAIL_OUT; } value = (BYTE)dwValue; } *pProtocol = value; error: return dwReturn; } DWORD ParsePort( LPTSTR lpData, USHORT* pPort ) { DWORD dwReturn = ERROR_SUCCESS; DWORD dwValue = 0; dwReturn = ConvertStringToDword(lpData, &dwValue); if ((dwReturn != ERROR_SUCCESS) || (dwValue > 65535)) { dwReturn = ERRCODE_INVALID_ARGS; BAIL_OUT; } *pPort = (USHORT)dwValue; error: return dwReturn; } DWORD ParseDirection( LPTSTR lpData, BYTE* pDirection ) { DWORD dwReturn = ERROR_SUCCESS; BYTE value = 0; // get direction if (_tcsicmp(lpData, TOKEN_STR_INBOUND) == 0) { value = EXEMPT_DIRECTION_INBOUND; } else if (_tcsicmp(lpData, TOKEN_STR_OUTBOUND) == 0) { value = EXEMPT_DIRECTION_OUTBOUND; } else { dwReturn = ERRCODE_INVALID_ARGS; BAIL_OUT; } *pDirection = value; error: return dwReturn; } DWORD ParseBootExemptions( IN LPTSTR lpData ) { DWORD dwReturn = ERROR_SUCCESS; // allocate 1024 tuples PIPSEC_EXEMPT_ENTRY aEntries = new IPSEC_EXEMPT_ENTRY[MAX_EXEMPTION_ENTRIES]; ZeroMemory(aEntries, sizeof(*aEntries)); size_t uiNumExemptions = 0; // check for keyword 'none', skip loop in this case if (_tcsicmp(lpData, TOKEN_STR_NONE) != 0) { LPTSTR lpDelimiter = TOKEN_FIELD_DELIMITER; LPTSTR lpCurrentToken = _tcstok(lpData, lpDelimiter); size_t i = 0; size_t state = 0; // while not at end of string... while ((lpCurrentToken != NULL) && (i < MAX_EXEMPTION_ENTRIES)) { switch (state) { case 0: // set the constant values (type and size) aEntries[i].Type = EXEMPT_ENTRY_TYPE_DEFAULT; aEntries[i].Size = EXEMPT_ENTRY_SIZE_DEFAULT; dwReturn = ParseProtocol(lpCurrentToken, &(aEntries[i].Protocol)); if (dwReturn != ERROR_SUCCESS) { BAIL_OUT; } if ((aEntries[i].Protocol != PROT_ID_TCP) && (aEntries[i].Protocol != PROT_ID_UDP)) { // unless TCP or UDP are specified, we don't support // srcport or destport, fill them in with 0 aEntries[i].SrcPort = 0; aEntries[i].DestPort = 0; state += 2; } break; case 1: dwReturn = ParsePort(lpCurrentToken, &(aEntries[i].SrcPort)); break; case 2: dwReturn = ParsePort(lpCurrentToken, &(aEntries[i].DestPort)); break; case 3: dwReturn = ParseDirection(lpCurrentToken, &(aEntries[i].Direction)); if (dwReturn == ERROR_SUCCESS) { if (((aEntries[i].Protocol != PROT_ID_TCP) && (aEntries[i].Protocol != PROT_ID_UDP)) && ((aEntries[i].SrcPort != 0) || (aEntries[i].DestPort != 0))) { dwReturn = ERRCODE_INVALID_ARGS; } } ++i; break; } if (dwReturn != ERROR_SUCCESS) { BAIL_OUT; } state = (state + 1) % 4; if (state == 3) { lpDelimiter = TOKEN_TUPLE_DELIMITER; } else { lpDelimiter = TOKEN_FIELD_DELIMITER; } lpCurrentToken = _tcstok(NULL, lpDelimiter); } // on exiting the loop, make sure we have only had complete tuples if ((state % 4) != 0) { dwReturn = ERRCODE_INVALID_ARGS; BAIL_OUT; } // were we given more than we can handle? if (i == MAX_EXEMPTION_ENTRIES) { dwReturn = ERRCODE_TOO_MANY_EXEMPTS; BAIL_OUT; } uiNumExemptions = i; } if (dwReturn == ERROR_SUCCESS) { dwReturn = WriteRegKey( BOOTEXEMPTKEY, (BYTE*)aEntries, sizeof(IPSEC_EXEMPT_ENTRY) * uiNumExemptions, REG_BINARY ); } error: delete [] aEntries; return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicSetConfig // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : This command sets the IPSec registry keys // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicSetConfig( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwKeyType = 0; DWORD dwKeyValue = 0; DWORD dwCount = 0; LPTSTR lpKeyValue = NULL; IKE_CONFIG IKEConfig; const TAG_TYPE vcmdDynamicSetConfig[] = { { CMD_TOKEN_STR_PROPERTY, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_VALUE, NS_REQ_PRESENT, FALSE } }; const TOKEN_VALUE vtokDynamicSetConfig[] = { { CMD_TOKEN_STR_PROPERTY, CMD_TOKEN_PROPERTY }, { CMD_TOKEN_STR_VALUE, CMD_TOKEN_VALUE } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); ZeroMemory( &IKEConfig, sizeof(IKE_CONFIG) ); // // Bail out as user has not given sufficient arguments. // if(dwArgCount <= 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } parser.ValidTok = vtokDynamicSetConfig; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicSetConfig); parser.ValidCmd = vcmdDynamicSetConfig; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicSetConfig); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCount 7) { PrintErrorMessage(IPSEC_ERR,0,ERRCODE_SET_CONFIG_1); dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } dwReturn = WriteRegKey(ENABLE_DIAG, dwKeyValue); if(dwReturn != ERROR_SUCCESS) { BAIL_OUT; } break; case PROPERTY_IKELOG: // // range is from 0-2 for IKE dwEnableLogging // if( dwKeyValue >2) { PrintErrorMessage(IPSEC_ERR,0,ERRCODE_SET_CONFIG_2); dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } IKEConfig.dwEnableLogging = dwKeyValue; dwReturn = SetConfigurationVariables(g_szDynamicMachine, IKEConfig); if(dwReturn != ERROR_SUCCESS) { BAIL_OUT; } break; case PROPERTY_CRLCHK: // // range is from 0-2 for dwStrongCRLCheck // if( dwKeyValue >2) { PrintErrorMessage(IPSEC_ERR,0,ERRCODE_SET_CONFIG_3); dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } IKEConfig.dwStrongCRLCheck = dwKeyValue; dwReturn = SetConfigurationVariables(g_szDynamicMachine, IKEConfig); if(dwReturn != ERROR_SUCCESS) { BAIL_OUT; } break; case PROPERTY_LOGINTER: // // range is from 60-86400 for ENABLE_LOGINT // if(dwKeyValue < 60 || dwKeyValue > 86400) { PrintErrorMessage(IPSEC_ERR,0,ERRCODE_SET_CONFIG_4); dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } dwReturn = WriteRegKey(ENABLE_LOGINT, dwKeyValue); if(dwReturn != ERROR_SUCCESS) { BAIL_OUT; } break; case PROPERTY_EXEMPT: // // range is from 0-3 for ENABLE_EXEMPT // if( dwKeyValue >3) { PrintErrorMessage(IPSEC_ERR,0,ERRCODE_SET_CONFIG_5); dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } dwReturn = WriteRegKey(ENABLE_EXEMPT, dwKeyValue); if(dwReturn != ERROR_SUCCESS) { BAIL_OUT; } break; case PROPERTY_BOOTMODE: // valid values are stateful, block, permit if( _tcsicmp(lpKeyValue, VALUE_TYPE_STATEFUL) == 0) { dwKeyValue = VALUE_STATEFUL; } else if( _tcsicmp(lpKeyValue, VALUE_TYPE_BLOCK) == 0) { dwKeyValue = VALUE_BLOCK; } else if( _tcsicmp(lpKeyValue, VALUE_TYPE_PERMIT) == 0) { dwKeyValue = VALUE_PERMIT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } dwReturn = WriteRegKey(BOOTMODEKEY, dwKeyValue); if (dwReturn != ERROR_SUCCESS) { BAIL_OUT; } break; case PROPERTY_BOOTEXEMP: dwReturn = ParseBootExemptions(lpKeyValue); if (dwReturn != ERROR_SUCCESS) { PrintErrorMessage(IPSEC_ERR, 0, dwReturn); dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } break; default : break; } error: if(dwArgCount > 3) { CleanUp(); } else if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE)&&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicAddRule // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : Function adds a rule (As good as Adding QMF+MMF) // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicAddRule( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { TRANSPORT_FILTER ParserTransportlFltr; TUNNEL_FILTER ParserTunnelFltr; MM_FILTER MMFilter; ADDR DesAddr, SrcAddr; FILTER_ACTION Inbound = NEGOTIATE_SECURITY, Outbound = NEGOTIATE_SECURITY; DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwNameLen = 0; DWORD dwCount = 0, j = 0; DWORD dwProtocol = 0; DWORD dwSrcPort = 0; DWORD dwDstPort = 0; DWORD dwSrcSplServer = NOT_SPLSERVER; DWORD dwDstSplServer = NOT_SPLSERVER; BOOL bTunnel = FALSE; BOOL bPort = FALSE; BOOL bAuth = FALSE; BOOL bFailMMIfExists = FALSE; BOOL bSrcMe = FALSE; BOOL bIsOutboundBroadcast = FALSE; LPTSTR pszMMPolicyName = NULL; LPTSTR pszFilterActionName = NULL; LPTSTR pszMMFilterName = NULL; LPTSTR pszQMFilterName = NULL; PRULEDATA pRuleData = new RULEDATA; if (pRuleData == NULL) { dwReturn = ERROR_OUTOFMEMORY; BAIL_OUT; } ZeroMemory(pRuleData, sizeof(RULEDATA)); PSTA_AUTH_METHODS pKerbAuth = NULL; PSTA_AUTH_METHODS pPskAuth = NULL; PSTA_MM_AUTH_METHODS *ppRootcaMMAuth = NULL; const TAG_TYPE vcmdDynamicAddRule[] = { { CMD_TOKEN_STR_SRCADDR, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_DSTADDR, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_MMPOLICY, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_QMPOLICY, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_PROTO, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_SRCPORT, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DSTPORT, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_MIRROR, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_CONNTYPE, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_INBOUND, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_OUTBOUND, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_SRCMASK, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DSTMASK, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_TUNNELDST, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_FAILMMIFEXISTS, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_KERB, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_PSK, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicAddRule[] = { { CMD_TOKEN_STR_SRCADDR, CMD_TOKEN_SRCADDR }, { CMD_TOKEN_STR_DSTADDR, CMD_TOKEN_DSTADDR }, { CMD_TOKEN_STR_MMPOLICY, CMD_TOKEN_MMPOLICY }, { CMD_TOKEN_STR_QMPOLICY, CMD_TOKEN_QMPOLICY }, { CMD_TOKEN_STR_PROTO, CMD_TOKEN_PROTO }, { CMD_TOKEN_STR_SRCPORT, CMD_TOKEN_SRCPORT }, { CMD_TOKEN_STR_DSTPORT, CMD_TOKEN_DSTPORT }, { CMD_TOKEN_STR_MIRROR, CMD_TOKEN_MIRROR }, { CMD_TOKEN_STR_CONNTYPE, CMD_TOKEN_CONNTYPE }, { CMD_TOKEN_STR_INBOUND, CMD_TOKEN_INBOUND }, { CMD_TOKEN_STR_OUTBOUND, CMD_TOKEN_OUTBOUND }, { CMD_TOKEN_STR_SRCMASK, CMD_TOKEN_SRCMASK }, { CMD_TOKEN_STR_DSTMASK, CMD_TOKEN_DSTMASK }, { CMD_TOKEN_STR_TUNNELDST, CMD_TOKEN_TUNNELDST }, { CMD_TOKEN_STR_FAILMMIFEXISTS, CMD_TOKEN_FAILMMIFEXISTS}, { CMD_TOKEN_STR_KERB, CMD_TOKEN_KERB }, { CMD_TOKEN_STR_PSK, CMD_TOKEN_PSK } }; const TOKEN_VALUE vlistDynamicAddRule[] = { { CMD_TOKEN_STR_ROOTCA, CMD_TOKEN_ROOTCA } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); memset(&MMFilter, 0, sizeof(MM_FILTER)); memset(&ParserTunnelFltr, 0, sizeof(TUNNEL_FILTER)); memset(&ParserTransportlFltr, 0, sizeof(TRANSPORT_FILTER)); SrcAddr.uIpAddr = 0x0; SrcAddr.AddrType = IP_ADDR_UNIQUE; SrcAddr.uSubNetMask = IP_ADDRESS_MASK_NONE; DesAddr.uIpAddr = 0x0; DesAddr.AddrType = IP_ADDR_UNIQUE; DesAddr.uSubNetMask = IP_ADDRESS_MASK_NONE; ParserTunnelFltr.SrcTunnelAddr.AddrType = IP_ADDR_UNIQUE; ParserTunnelFltr.SrcTunnelAddr.uIpAddr = SUBNET_ADDRESS_ANY; ParserTunnelFltr.SrcTunnelAddr.uSubNetMask = IP_ADDRESS_MASK_NONE; ParserTunnelFltr.DesTunnelAddr.AddrType = IP_ADDR_UNIQUE; ParserTunnelFltr.DesTunnelAddr.uIpAddr = SUBNET_ADDRESS_ANY; ParserTunnelFltr.DesTunnelAddr.uSubNetMask = IP_ADDRESS_MASK_NONE; // // Bail out as user has not given sufficient arguments. // if(dwArgCount <= 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } dwReturn = LoadMMFilterDefaults(MMFilter); parser.ValidTok = vtokDynamicAddRule; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicAddRule); parser.ValidCmd = vcmdDynamicAddRule; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicAddRule); parser.ValidList = vlistDynamicAddRule; parser.MaxList = SIZEOF_TOKEN_VALUE(vlistDynamicAddRule); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } //Check for user given tokens from the parser and copy into local variables for(dwCount=0;dwCountbAuthMethodSpecified = TRUE; ++pRuleData->AuthInfos.dwNumAuthInfos; pKerbAuth = (PSTA_AUTH_METHODS)parser.Cmd[dwCount].pArg; } break; case CMD_TOKEN_PSK : if (parser.Cmd[dwCount].dwStatus == VALID_TOKEN) { pRuleData->bAuthMethodSpecified = TRUE; ++pRuleData->AuthInfos.dwNumAuthInfos; pPskAuth = (PSTA_AUTH_METHODS)parser.Cmd[dwCount].pArg; } break; case CMD_TOKEN_ROOTCA : // this case is special, handled below... break; default : break; } } size_t uiRootcaIndex = parser.MaxTok; if (parser.Cmd[uiRootcaIndex].dwStatus > 0) { pRuleData->bAuthMethodSpecified = TRUE; pRuleData->AuthInfos.dwNumAuthInfos += parser.Cmd[uiRootcaIndex].dwStatus; ppRootcaMMAuth = (PSTA_MM_AUTH_METHODS *)(parser.Cmd[uiRootcaIndex].pArg); } dwReturn = AddAllAuthMethods(pRuleData, pKerbAuth, pPskAuth, ppRootcaMMAuth, TRUE); if (dwReturn != ERROR_SUCCESS) { BAIL_OUT; } // // Checking Invalid conditions. // if((dwSrcSplServer != NOT_SPLSERVER) && (dwDstSplServer != NOT_SPLSERVER) && (dwSrcSplServer != IP_ME) && (dwSrcSplServer != IP_ANY) && (dwDstSplServer != IP_ME) && (dwDstSplServer != IP_ANY) ) { PrintErrorMessage(IPSEC_ERR,0,ERRCODE_PARSER_ADDRTYPE); dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } // // If qmpolicy name is not given and inbound and outbound are negotiate security, then bail out // if((Inbound == NEGOTIATE_SECURITY || Outbound == NEGOTIATE_SECURITY) && !pszFilterActionName) { PrintErrorMessage(IPSEC_ERR,0,ERRCODE_ADD_RULE_WARNING_3); dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } // // If tunnel rule is added with mirror = yes, bail out // if(bTunnel && MMFilter.bCreateMirror) { PrintErrorMessage(IPSEC_ERR,0,ERRCODE_ADD_RULE_WARNING_4); dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } if(dwReturn != ERROR_SUCCESS) { BAIL_OUT; } ADDR srcAddr; ADDR dstAddr; srcAddr.uIpAddr = ntohl(SrcAddr.uIpAddr); srcAddr.uSubNetMask = ntohl(SrcAddr.uSubNetMask); dstAddr.uIpAddr = ntohl(DesAddr.uIpAddr); dstAddr.uSubNetMask = ntohl(DesAddr.uSubNetMask); if (IsBroadcastAddress(&dstAddr) || IsMulticastAddress(&dstAddr)) { if (MMFilter.bCreateMirror || !bSrcMe || ((Inbound == NEGOTIATE_SECURITY) || (Outbound == NEGOTIATE_SECURITY)) ) { dwReturn = ERROR_INVALID_PARAMETER; BAIL_OUT; } if (IsBroadcastAddress(&dstAddr)) { bIsOutboundBroadcast = TRUE; } } // don't accept subnetX <-> subnetX (same subnet) if mirrored=no // reject subnetx-subnetx if (!MMFilter.bCreateMirror) { if (IsValidSubnet(&srcAddr) && IsValidSubnet(&dstAddr) && (srcAddr.uIpAddr == dstAddr.uIpAddr)) { dwReturn = ERROR_INVALID_PARAMETER; BAIL_OUT; } } //Src Dst addr's of MM filter should be tunnel end points if present // if(bTunnel) { AddSplAddr(MMFilter.SrcAddr, IP_ME); MMFilter.DesAddr.uIpAddr = ParserTunnelFltr.DesTunnelAddr.uIpAddr; MMFilter.DesAddr.AddrType = IP_ADDR_UNIQUE; MMFilter.DesAddr.uSubNetMask = IP_ADDRESS_MASK_NONE; MMFilter.bCreateMirror = TRUE; } else { if(dwSrcSplServer == NOT_SPLSERVER) { MMFilter.SrcAddr.AddrType = (MMFilter.SrcAddr.uSubNetMask == IP_ADDRESS_MASK_NONE) ? IP_ADDR_UNIQUE : IP_ADDR_SUBNET; } else { AddSplAddr(MMFilter.SrcAddr, dwSrcSplServer); } if(dwDstSplServer == NOT_SPLSERVER) { MMFilter.DesAddr.AddrType = (MMFilter.DesAddr.uSubNetMask == IP_ADDRESS_MASK_NONE) ? IP_ADDR_UNIQUE : IP_ADDR_SUBNET; } else { AddSplAddr(MMFilter.DesAddr, dwDstSplServer); } } dwReturn = CreateName(&pszMMFilterName); if(dwReturn != ERROR_SUCCESS) { BAIL_OUT; } // we create a MM filter for any tunnel rule and for any non-tunnel rule that is not to broadcast if (!bIsOutboundBroadcast || bTunnel) { dwReturn = AddMainModeFilter( pszMMFilterName, pszMMPolicyName, MMFilter, pRuleData->AuthInfos); if (!bFailMMIfExists && (dwReturn == ERROR_IPSEC_MM_AUTH_EXISTS || dwReturn == ERROR_IPSEC_MM_FILTER_EXISTS)) { dwReturn = ERROR_SUCCESS; // it's not actually an error, functionality requires. // Even if MMFilter already exists, continue for QMFilter creation. } else if(dwReturn != ERROR_SUCCESS) { BAIL_OUT; } } if(dwSrcSplServer == NOT_SPLSERVER) { SrcAddr.AddrType = (SrcAddr.uSubNetMask == IP_ADDRESS_MASK_NONE) ? IP_ADDR_UNIQUE : IP_ADDR_SUBNET; } else { AddSplAddr(SrcAddr, dwSrcSplServer); } // // Destination address setting up // if(dwDstSplServer == NOT_SPLSERVER) { DesAddr.AddrType = (DesAddr.uSubNetMask == IP_ADDRESS_MASK_NONE) ? IP_ADDR_UNIQUE : IP_ADDR_SUBNET; } else { AddSplAddr(DesAddr, dwDstSplServer); } // // Transport Filter data setup // if(!bTunnel) { ParserTransportlFltr.Protocol.ProtocolType = PROTOCOL_UNIQUE; ParserTransportlFltr.Protocol.dwProtocol = dwProtocol; ParserTransportlFltr.SrcPort.PortType = PORT_UNIQUE; ParserTransportlFltr.SrcPort.wPort = (WORD)dwSrcPort; ParserTransportlFltr.DesPort.PortType = PORT_UNIQUE; ParserTransportlFltr.DesPort.wPort = (WORD)dwDstPort; ParserTransportlFltr.SrcAddr.AddrType = SrcAddr.AddrType; ParserTransportlFltr.SrcAddr.uIpAddr = SrcAddr.uIpAddr; ParserTransportlFltr.SrcAddr.uSubNetMask = SrcAddr.uSubNetMask; ParserTransportlFltr.DesAddr.AddrType = DesAddr.AddrType; ParserTransportlFltr.DesAddr.uIpAddr = DesAddr.uIpAddr; ParserTransportlFltr.DesAddr.uSubNetMask = DesAddr.uSubNetMask; ParserTransportlFltr.InterfaceType = MMFilter.InterfaceType; ParserTransportlFltr.bCreateMirror = MMFilter.bCreateMirror; ParserTransportlFltr.InboundFilterAction = Inbound; ParserTransportlFltr.OutboundFilterAction = Outbound; if(!((ParserTransportlFltr.Protocol.dwProtocol == PROT_ID_TCP) || (ParserTransportlFltr.Protocol.dwProtocol == PROT_ID_UDP))) { ParserTransportlFltr.SrcPort.wPort = 0; ParserTransportlFltr.DesPort.wPort = 0; if(bPort) { PrintMessageFromModule(g_hModule, ERR_DYN_INVALID_PORT); } } dwReturn = CreateName(&pszQMFilterName); if(dwReturn != ERROR_SUCCESS) { BAIL_OUT; } dwReturn = AddQuickModeFilter( pszQMFilterName, pszFilterActionName, ParserTransportlFltr); } // // Tunnel filter data setup // else { ParserTunnelFltr.Protocol.ProtocolType = PROTOCOL_UNIQUE; ParserTunnelFltr.Protocol.dwProtocol = dwProtocol; ParserTunnelFltr.SrcPort.PortType = PORT_UNIQUE; ParserTunnelFltr.SrcPort.wPort = (WORD)dwSrcPort; ParserTunnelFltr.DesPort.PortType = PORT_UNIQUE; ParserTunnelFltr.DesPort.wPort = (WORD)dwDstPort; ParserTunnelFltr.InterfaceType = MMFilter.InterfaceType; ParserTunnelFltr.bCreateMirror = FALSE; ParserTunnelFltr.InboundFilterAction = Inbound; ParserTunnelFltr.OutboundFilterAction = Outbound; ParserTunnelFltr.SrcAddr.AddrType = SrcAddr.AddrType; ParserTunnelFltr.SrcAddr.uIpAddr = SrcAddr.uIpAddr; ParserTunnelFltr.SrcAddr.uSubNetMask = SrcAddr.uSubNetMask; ParserTunnelFltr.DesAddr.AddrType = DesAddr.AddrType; ParserTunnelFltr.DesAddr.uIpAddr = DesAddr.uIpAddr; ParserTunnelFltr.DesAddr.uSubNetMask = DesAddr.uSubNetMask; // // Fill addr type, mask and uIpaddr for special server for tunnel source // AddSplAddr(ParserTunnelFltr.SrcTunnelAddr, IP_ANY); ParserTunnelFltr.SrcTunnelAddr.pgInterfaceID = NULL; // // Fill addr type, mask and uIpaddr for special server for tunnel destination // ParserTunnelFltr.DesTunnelAddr.AddrType = (ParserTunnelFltr.DesTunnelAddr.uSubNetMask == IP_ADDRESS_MASK_NONE) ? IP_ADDR_UNIQUE : IP_ADDR_SUBNET; ParserTunnelFltr.DesTunnelAddr.pgInterfaceID = NULL; if(!((ParserTunnelFltr.Protocol.dwProtocol == PROT_ID_TCP) || (ParserTunnelFltr.Protocol.dwProtocol == PROT_ID_UDP))) { ParserTunnelFltr.SrcPort.wPort = 0; ParserTunnelFltr.DesPort.wPort = 0; if(bPort) { PrintMessageFromModule(g_hModule, ERR_DYN_INVALID_PORT); } } dwReturn = CreateName(&pszQMFilterName); if(dwReturn == ERROR_SUCCESS) { dwReturn = AddQuickModeFilter( pszQMFilterName, pszFilterActionName, ParserTunnelFltr); } } error: CleanupAuthData(&pKerbAuth, &pPskAuth, ppRootcaMMAuth); CleanUpLocalRuleDataStructure(pRuleData); pRuleData = NULL; if(ParserTransportlFltr.pszFilterName) { delete [] ParserTransportlFltr.pszFilterName; } if(ParserTunnelFltr.pszFilterName) { delete[] ParserTunnelFltr.pszFilterName; } if(MMFilter.pszFilterName) { delete [] MMFilter.pszFilterName; } if(pszMMPolicyName) { delete [] pszMMPolicyName; } if(pszFilterActionName) { delete [] pszFilterActionName; } if(pszMMFilterName) { delete [] pszMMFilterName; } if(pszQMFilterName) { delete [] pszQMFilterName; } if(dwArgCount > 3) { CleanUp(); } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE) && (dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicSetRule // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicSetRule( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { PTRANSPORT_FILTER pTransportFltr = NULL; PTUNNEL_FILTER pTunnelFltr = NULL; PMM_FILTER pMMFltr = NULL; ADDR DesAddr, SrcAddr, SrcTunnel, DstTunnel; FILTER_ACTION Inbound = FILTER_ACTION_MAX, Outbound = FILTER_ACTION_MAX; IF_TYPE InterfaceType = INTERFACE_TYPE_ALL; DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwNameLen = 0; DWORD dwCount = 0, j = 0; DWORD dwProtocol = 0; DWORD dwSrcPort = 0; DWORD dwDstPort = 0; DWORD dwSrcSplServer = NOT_SPLSERVER; DWORD dwDstSplServer = NOT_SPLSERVER; BOOL bTunnel = FALSE; BOOL bSrcMask = FALSE; BOOL bDstMask = FALSE; BOOL bInbound = FALSE; BOOL bOutbound = FALSE; BOOL bAuth = FALSE; BOOL bMirror = TRUE; BOOL bSrcMe = FALSE; BOOL bIsOutboundBroadcast = FALSE; LPTSTR pszMMPolicyName = NULL; LPTSTR pszFilterActionName = NULL; PRULEDATA pRuleData = new RULEDATA; if (pRuleData == NULL) { dwReturn = ERROR_OUTOFMEMORY; BAIL_OUT; } ZeroMemory(pRuleData, sizeof(RULEDATA)); PSTA_AUTH_METHODS pKerbAuth = NULL; PSTA_AUTH_METHODS pPskAuth = NULL; PSTA_MM_AUTH_METHODS *ppRootcaMMAuth = NULL; const TAG_TYPE vcmdDynamicSetRule[] = { { CMD_TOKEN_STR_SRCADDR, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_DSTADDR, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_PROTO, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_SRCPORT, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_DSTPORT, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_MIRROR, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_CONNTYPE, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_SRCMASK, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DSTMASK, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_TUNNELDST, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_MMPOLICY, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_QMPOLICY, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_INBOUND, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_OUTBOUND, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_KERB, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_PSK, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicSetRule[] = { { CMD_TOKEN_STR_SRCADDR, CMD_TOKEN_SRCADDR }, { CMD_TOKEN_STR_DSTADDR, CMD_TOKEN_DSTADDR }, { CMD_TOKEN_STR_PROTO, CMD_TOKEN_PROTO }, { CMD_TOKEN_STR_SRCPORT, CMD_TOKEN_SRCPORT }, { CMD_TOKEN_STR_DSTPORT, CMD_TOKEN_DSTPORT }, { CMD_TOKEN_STR_MIRROR, CMD_TOKEN_MIRROR }, { CMD_TOKEN_STR_CONNTYPE, CMD_TOKEN_CONNTYPE }, { CMD_TOKEN_STR_SRCMASK, CMD_TOKEN_SRCMASK }, { CMD_TOKEN_STR_DSTMASK, CMD_TOKEN_DSTMASK }, { CMD_TOKEN_STR_TUNNELDST, CMD_TOKEN_TUNNELDST }, { CMD_TOKEN_STR_MMPOLICY, CMD_TOKEN_MMPOLICY }, { CMD_TOKEN_STR_QMPOLICY, CMD_TOKEN_QMPOLICY }, { CMD_TOKEN_STR_INBOUND, CMD_TOKEN_INBOUND }, { CMD_TOKEN_STR_OUTBOUND, CMD_TOKEN_OUTBOUND }, { CMD_TOKEN_STR_KERB, CMD_TOKEN_KERB }, { CMD_TOKEN_STR_PSK, CMD_TOKEN_PSK } }; const TOKEN_VALUE vlistDynamicSetRule[] = { { CMD_TOKEN_STR_ROOTCA, CMD_TOKEN_ROOTCA }, }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); SrcAddr.uIpAddr = 0x0; SrcAddr.AddrType = IP_ADDR_UNIQUE; SrcAddr.uSubNetMask = IP_ADDRESS_MASK_NONE; DesAddr.uIpAddr = 0x0; DesAddr.AddrType = IP_ADDR_UNIQUE; DesAddr.uSubNetMask = IP_ADDRESS_MASK_NONE; SrcTunnel.uIpAddr = 0x0; SrcTunnel.AddrType = IP_ADDR_UNIQUE; SrcTunnel.uSubNetMask = IP_ADDRESS_MASK_NONE; DstTunnel.uIpAddr = 0x0; DstTunnel.AddrType = IP_ADDR_UNIQUE; DstTunnel.uSubNetMask = IP_ADDRESS_MASK_NONE; // Bail out as user has not given sufficient arguments. if(dwArgCount <= 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } parser.ValidTok = vtokDynamicSetRule; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicSetRule); parser.ValidCmd = vcmdDynamicSetRule; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicSetRule); parser.ValidList = vlistDynamicSetRule; parser.MaxList = SIZEOF_TOKEN_VALUE(vlistDynamicSetRule); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCountbAuthMethodSpecified = TRUE; ++pRuleData->AuthInfos.dwNumAuthInfos; pKerbAuth = (PSTA_AUTH_METHODS)parser.Cmd[dwCount].pArg; } break; case CMD_TOKEN_PSK : if (parser.Cmd[dwCount].dwStatus == VALID_TOKEN) { pRuleData->bAuthMethodSpecified = TRUE; ++pRuleData->AuthInfos.dwNumAuthInfos; pPskAuth = (PSTA_AUTH_METHODS)parser.Cmd[dwCount].pArg; } break; case CMD_TOKEN_ROOTCA : // this case is special, handled below... break; default : break; } } size_t uiRootcaIndex = parser.MaxTok; if (parser.Cmd[uiRootcaIndex].dwStatus > 0) { pRuleData->bAuthMethodSpecified = TRUE; pRuleData->AuthInfos.dwNumAuthInfos += parser.Cmd[uiRootcaIndex].dwStatus; ppRootcaMMAuth = (PSTA_MM_AUTH_METHODS *)(parser.Cmd[uiRootcaIndex].pArg); } dwReturn = AddAllAuthMethods(pRuleData, pKerbAuth, pPskAuth, ppRootcaMMAuth, FALSE); if (dwReturn != ERROR_SUCCESS) { BAIL_OUT; } // // Invalid conditions // if((dwSrcSplServer != NOT_SPLSERVER) && (dwDstSplServer != NOT_SPLSERVER) && (dwSrcSplServer != IP_ME) && (dwSrcSplServer != IP_ANY) && (dwDstSplServer != IP_ME) && (dwDstSplServer != IP_ANY)) { PrintErrorMessage(IPSEC_ERR,0,ERRCODE_PARSER_ADDRTYPE); dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } // // Source address setting up // if(dwSrcSplServer == NOT_SPLSERVER) { SrcAddr.AddrType = (SrcAddr.uSubNetMask == IP_ADDRESS_MASK_NONE) ? IP_ADDR_UNIQUE : IP_ADDR_SUBNET; } else { AddSplAddr(SrcAddr, dwSrcSplServer); } // // Destination address setting up // if(dwDstSplServer == NOT_SPLSERVER) { DesAddr.AddrType = (DesAddr.uSubNetMask == IP_ADDRESS_MASK_NONE) ? IP_ADDR_UNIQUE : IP_ADDR_SUBNET; } else { AddSplAddr(DesAddr, dwDstSplServer); } ADDR tmpAddr; tmpAddr.uIpAddr = ntohl(DesAddr.uIpAddr); tmpAddr.uSubNetMask = ntohl(DesAddr.uSubNetMask); if (IsBroadcastAddress(&tmpAddr) || IsMulticastAddress(&tmpAddr)) { if (bMirror || !bSrcMe || ((Inbound == NEGOTIATE_SECURITY) || (Outbound == NEGOTIATE_SECURITY)) ) { dwReturn = ERROR_INVALID_PARAMETER; BAIL_OUT; } if (IsBroadcastAddress(&tmpAddr)) { bIsOutboundBroadcast = TRUE; } } // // Check if the given MMFilter spec exists if (bTunnel) { AddSplAddr(SrcTunnel, IP_ME); if(FindAndGetMMFilterRule(SrcTunnel, DstTunnel, TRUE, InterfaceType, bSrcMask, bDstMask, &pMMFltr, dwReturn)) { dwReturn = SetDynamicMMFilterRule( pszMMPolicyName, *(pMMFltr), pRuleData->AuthInfos); } else { PrintErrorMessage(IPSEC_ERR,0,ERRCODE_DELETE_RULE_NO_MMFILTER); dwReturn = ERROR_SUCCESS; BAIL_OUT; } } else { // no MM filter if outbound is broadcast and not a tunnel rule if (!bIsOutboundBroadcast) { if(FindAndGetMMFilterRule(SrcAddr, DesAddr, bMirror, InterfaceType, bSrcMask, bDstMask, &pMMFltr, dwReturn)) { dwReturn = SetDynamicMMFilterRule( pszMMPolicyName, *(pMMFltr), pRuleData->AuthInfos); } else { PrintErrorMessage(IPSEC_ERR,0,ERRCODE_DELETE_RULE_NO_MMFILTER); dwReturn = ERROR_SUCCESS; BAIL_OUT; } } } // // Check if the given Transport spec exists // if(!bTunnel) { if(FindAndGetTransportRule(SrcAddr, DesAddr, bMirror, InterfaceType, dwProtocol, dwSrcPort, dwDstPort, bSrcMask, bDstMask, &pTransportFltr, dwReturn)) { dwReturn = SetTransportRule(*(pTransportFltr), pszFilterActionName, Inbound, Outbound); } else { PrintErrorMessage(IPSEC_ERR,0,ERRCODE_DELETE_RULE_NO_TRANSPORT); dwReturn = ERROR_SUCCESS; BAIL_OUT; } } // // Check if the given Tunnel spec exists // else { AddSplAddr(SrcTunnel, IP_ANY); if(FindAndGetTunnelRule(SrcAddr, DesAddr, bMirror, InterfaceType, dwProtocol, dwSrcPort, dwDstPort, bSrcMask, bDstMask, SrcTunnel, DstTunnel, &pTunnelFltr, dwReturn)) { dwReturn = SetTunnelRule(*(pTunnelFltr), pszFilterActionName, Inbound, Outbound); } else { PrintErrorMessage(IPSEC_ERR,0,ERRCODE_DELETE_RULE_NO_TUNNEL); dwReturn = ERROR_SUCCESS; } } error: CleanupAuthData(&pKerbAuth, &pPskAuth, ppRootcaMMAuth); CleanUpLocalRuleDataStructure(pRuleData); pRuleData = NULL; if(pszMMPolicyName) { delete [] pszMMPolicyName; } if(pszFilterActionName) { delete [] pszFilterActionName; } if(pMMFltr) { if(pMMFltr->pszFilterName) { delete [] pMMFltr->pszFilterName; } delete pMMFltr; } if(pTransportFltr) { if(pTransportFltr->pszFilterName) { delete [] pTransportFltr->pszFilterName; } delete pTransportFltr; } if(pTunnelFltr) { if(pTunnelFltr->pszFilterName) { delete [] pTunnelFltr->pszFilterName; } delete pTunnelFltr; } if(dwArgCount > 3) { CleanUp(); } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE)&&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : DeleteIfLastRuleOfMMFilter // // Date of Creation: 05-19-02 // // Parameters : IN ADDR SrcAddr, // IN ADDR DstAddr, // IN BOOL bMirror, // IN IF_TYPE ConType, // IN BOOL bSrcMask, // IN BOOL bDstMask, // IN OUT DWORD& dwStatus // //Return : BOOL // //Description : Deterimines if there exists any transport or tunnel filters // may require a MM filter. If not, then it deletes the // respective MM filter. // //Revision History : // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD DeleteIfLastRuleOfMMFilter( IN ADDR SrcAddr, IN ADDR DesAddr, IN BOOL bMirror, IN IF_TYPE InterfaceType, IN BOOL bSrcMask, IN BOOL bDstMask, IN OUT DWORD& dwStatus ) { BOOL bLastRuleOfMMFilter = FALSE; DWORD dwReturn = ERROR_SUCCESS; PMM_FILTER pMMFltr = NULL; bLastRuleOfMMFilter = IsLastRuleOfMMFilter( SrcAddr, DesAddr, bMirror, InterfaceType, bSrcMask, bDstMask, dwReturn ); if (!dwReturn && bLastRuleOfMMFilter) { // // Check if the given MMFilter spec exists // if(FindAndGetMMFilterRule(SrcAddr, DesAddr, bMirror, InterfaceType, bSrcMask, bDstMask, &pMMFltr, dwReturn)) { dwReturn = DeleteMMFilterRule(*(pMMFltr)); } else { PrintErrorMessage(IPSEC_ERR,0,ERRCODE_DELETE_RULE_NO_MMFILTER); dwReturn = ERROR_SUCCESS; //This is to support multiple QMFilters will have BAIL_OUT; //single MMFilter } } error: dwStatus = dwReturn; if(pMMFltr) { if(pMMFltr->pszFilterName) delete [] pMMFltr->pszFilterName; delete pMMFltr; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : HandleDynamicDeleteRule // // Date of Creation: 9-23-2001 // // Parameters : // IN LPCWSTR pwszMachine, // IN OUT LPWSTR *ppwcArguments, // IN DWORD dwCurrentIndex, // IN DWORD dwArgCount, // IN DWORD dwFlags, // IN LPCVOID pvData, // OUT BOOL *pbDone // Return : DWORD // // Description : // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// DWORD WINAPI HandleDynamicDeleteRule( IN LPCWSTR pwszMachine, IN OUT LPWSTR *ppwcArguments, IN DWORD dwCurrentIndex, IN DWORD dwArgCount, IN DWORD dwFlags, IN LPCVOID pvData, OUT BOOL *pbDone ) { PTRANSPORT_FILTER pTransportFltr = NULL; PTUNNEL_FILTER pTunnelFltr = NULL; ADDR DesAddr, SrcAddr, SrcTunnel, DstTunnel; IF_TYPE InterfaceType = INTERFACE_TYPE_ALL; DWORD dwReturn = ERROR_SHOW_USAGE; DWORD dwCount = 0; DWORD dwProtocol = 0; DWORD dwSrcPort = 0; DWORD dwDstPort = 0; DWORD dwSrcSplServer = NOT_SPLSERVER; DWORD dwDstSplServer = NOT_SPLSERVER; BOOL bTunnel = FALSE; BOOL bSrcMask = FALSE; BOOL bDstMask = FALSE; BOOL bMirror = TRUE; const TAG_TYPE vcmdDynamicDeleteRule[] = { { CMD_TOKEN_STR_SRCADDR, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_DSTADDR, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_PROTO, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_SRCPORT, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_DSTPORT, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_MIRROR, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_CONNTYPE, NS_REQ_PRESENT, FALSE }, { CMD_TOKEN_STR_SRCMASK, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_DSTMASK, NS_REQ_ZERO, FALSE }, { CMD_TOKEN_STR_TUNNELDST, NS_REQ_ZERO, FALSE } }; const TOKEN_VALUE vtokDynamicDeleteRule[] = { { CMD_TOKEN_STR_SRCADDR, CMD_TOKEN_SRCADDR }, { CMD_TOKEN_STR_DSTADDR, CMD_TOKEN_DSTADDR }, { CMD_TOKEN_STR_PROTO, CMD_TOKEN_PROTO }, { CMD_TOKEN_STR_SRCPORT, CMD_TOKEN_SRCPORT }, { CMD_TOKEN_STR_DSTPORT, CMD_TOKEN_DSTPORT }, { CMD_TOKEN_STR_MIRROR, CMD_TOKEN_MIRROR }, { CMD_TOKEN_STR_CONNTYPE, CMD_TOKEN_CONNTYPE }, { CMD_TOKEN_STR_SRCMASK, CMD_TOKEN_SRCMASK }, { CMD_TOKEN_STR_DSTMASK, CMD_TOKEN_DSTMASK }, { CMD_TOKEN_STR_TUNNELDST, CMD_TOKEN_TUNNELDST } }; PARSER_PKT parser; ZeroMemory(&parser, sizeof(parser)); SrcAddr.uIpAddr = 0x0; SrcAddr.AddrType = IP_ADDR_UNIQUE; SrcAddr.uSubNetMask = IP_ADDRESS_MASK_NONE; DesAddr.uIpAddr = 0x0; DesAddr.AddrType = IP_ADDR_UNIQUE; DesAddr.uSubNetMask = IP_ADDRESS_MASK_NONE; SrcTunnel.uIpAddr = 0x0; SrcTunnel.AddrType = IP_ADDR_UNIQUE; SrcTunnel.uSubNetMask = IP_ADDRESS_MASK_NONE; DstTunnel.uIpAddr = 0x0; DstTunnel.AddrType = IP_ADDR_UNIQUE; DstTunnel.uSubNetMask = IP_ADDRESS_MASK_NONE; // // Bail out as user has not given sufficient arguments. // if(dwArgCount <= 3) { PrintMessageFromModule(g_hModule, ERR_INVALID_NUM_ARGS, 3); BAIL_OUT; } parser.ValidTok = vtokDynamicDeleteRule; parser.MaxTok = SIZEOF_TOKEN_VALUE(vtokDynamicDeleteRule); parser.ValidCmd = vcmdDynamicDeleteRule; parser.MaxCmd = SIZEOF_TAG_TYPE(vcmdDynamicDeleteRule); // // Get the user input after parsing the data // dwReturn = Parser(pwszMachine,ppwcArguments,dwCurrentIndex,dwArgCount,&parser); if(dwReturn != ERROR_SUCCESS) { if(dwReturn == RETURN_NO_ERROR) { dwReturn = ERROR_NO_DISPLAY; BAIL_OUT; } else { dwReturn = ERROR_SHOW_USAGE; BAIL_OUT; } } // // Check for user given tokens from the parser and copy into local variables // for(dwCount=0;dwCount 3) { CleanUp(); } if(pTransportFltr) { if(pTransportFltr->pszFilterName) delete [] pTransportFltr->pszFilterName; delete pTransportFltr; } if(pTunnelFltr) { if(pTunnelFltr->pszFilterName) delete [] pTunnelFltr->pszFilterName; delete pTunnelFltr; } if((dwReturn != ERROR_SUCCESS) && (dwReturn != ERROR_SHOW_USAGE)&&(dwReturn != ERROR_NO_DISPLAY)) { //api errors PrintErrorMessage(WIN32_ERR, dwReturn, NULL); dwReturn = ERROR_SUCCESS; } //already one error displayed. if(dwReturn == ERROR_NO_DISPLAY) { dwReturn = ERROR_SUCCESS; } return dwReturn; } /////////////////////////////////////////////////////////////////////////////////////////// // // Function : AddSplAddr // // Date of Creation: 11-23-2001 // // Parameters : // IN OUT ADDR& Addr, // IN DWORD dwSplServer // Return : VOID // // Description : Adds a special server addr. // // Revision History: // // Date Author Comments // ////////////////////////////////////////////////////////////////////////////////////////// VOID AddSplAddr( IN OUT ADDR& Addr, IN DWORD dwSplServer ) { // // Fill up addr type, mask and uIpaddr for special servers // switch(dwSplServer) { case SERVER_WINS: Addr.AddrType = IP_ADDR_WINS_SERVER; Addr.uIpAddr = IP_ADDRESS_ME; Addr.uSubNetMask = IP_ADDRESS_MASK_NONE; break; case SERVER_DHCP: Addr.AddrType = IP_ADDR_DHCP_SERVER; Addr.uIpAddr = IP_ADDRESS_ME; Addr.uSubNetMask = IP_ADDRESS_MASK_NONE; break; case SERVER_DNS: Addr.AddrType = IP_ADDR_DNS_SERVER; Addr.uIpAddr = IP_ADDRESS_ME; Addr.uSubNetMask = IP_ADDRESS_MASK_NONE; break; case SERVER_GATEWAY: Addr.AddrType = IP_ADDR_DEFAULT_GATEWAY; Addr.uIpAddr = IP_ADDRESS_ME; Addr.uSubNetMask = IP_ADDRESS_MASK_NONE; break; case IP_ME: Addr.AddrType = IP_ADDR_UNIQUE; Addr.uIpAddr = IP_ADDRESS_ME; Addr.uSubNetMask = IP_ADDRESS_MASK_NONE; break; case IP_ANY: Addr.AddrType = IP_ADDR_SUBNET; Addr.uIpAddr = SUBNET_ADDRESS_ANY; Addr.uSubNetMask = SUBNET_MASK_ANY; break; default: break; } }