Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

697 lines
16 KiB

#include "precomp.h"
#ifdef TRACE_ON
#include "pammauth.tmh"
#endif
DWORD
PAAddMMAuthMethods(
PIPSEC_NFA_DATA * ppIpsecNFAData,
DWORD dwNumNFACount,
IN DWORD dwSource
)
{
DWORD dwError = 0;
DWORD i = 0;
PMMAUTHSTATE pMMAuthState = NULL;
PINT_MM_AUTH_METHODS pSPDMMAuthMethods = NULL;
LPWSTR pServerName = NULL;
DWORD dwVersion = 0;
for (i = 0; i < dwNumNFACount; i++) {
TRACE(
TRC_INFORMATION,
(L"Pastore adding MM auth methods based on rule %!guid!",
&(*(ppIpsecNFAData + i))->NFAIdentifier)
);
dwError = PACreateMMAuthState(
*(ppIpsecNFAData + i),
&pMMAuthState
);
if (dwError) {
continue;
}
dwError = PACreateMMAuthMethods(
*(ppIpsecNFAData + i),
&pSPDMMAuthMethods
);
if (dwError) {
pMMAuthState->bInSPD = FALSE;
pMMAuthState->dwErrorCode = dwError;
pMMAuthState->pNext = gpMMAuthState;
gpMMAuthState = pMMAuthState;
continue;
}
dwError = IntAddMMAuthMethods(
pServerName,
dwVersion,
0,
dwSource,
pSPDMMAuthMethods,
NULL
);
if (dwError) {
pMMAuthState->bInSPD = FALSE;
pMMAuthState->dwErrorCode = dwError;
}
else {
pMMAuthState->bInSPD = TRUE;
pMMAuthState->dwErrorCode = ERROR_SUCCESS;
}
pMMAuthState->pNext = gpMMAuthState;
gpMMAuthState = pMMAuthState;
PAFreeMMAuthMethods(pSPDMMAuthMethods);
}
return (dwError);
}
DWORD
PACreateMMAuthState(
PIPSEC_NFA_DATA pIpsecNFAData,
PMMAUTHSTATE * ppMMAuthState
)
{
DWORD dwError = 0;
PMMAUTHSTATE pMMAuthState = NULL;
dwError = AllocateSPDMemory(
sizeof(MMAUTHSTATE),
&pMMAuthState
);
BAIL_ON_WIN32_ERROR(dwError);
memcpy(
&(pMMAuthState->gMMAuthID),
&(pIpsecNFAData->NFAIdentifier),
sizeof(GUID)
);
pMMAuthState->bInSPD = FALSE;
pMMAuthState->dwErrorCode = 0;
pMMAuthState->pNext = NULL;
*ppMMAuthState = pMMAuthState;
return (dwError);
error:
TRACE(
TRC_ERROR,
("Pastore failed to create MM auth method state for rule %!guid!: %!winerr!",
&pIpsecNFAData->NFAIdentifier,
dwError)
);
*ppMMAuthState = NULL;
return (dwError);
}
DWORD
PACreateMMAuthMethods(
PIPSEC_NFA_DATA pIpsecNFAData,
PINT_MM_AUTH_METHODS * ppSPDMMAuthMethods
)
{
DWORD dwError = 0;
DWORD dwAuthMethodCount = 0;
PIPSEC_AUTH_METHOD * ppAuthMethods = NULL;
PINT_MM_AUTH_METHODS pSPDMMAuthMethods = NULL;
PIPSEC_NEGPOL_DATA pIpsecNegPolData = NULL;
dwAuthMethodCount = pIpsecNFAData->dwAuthMethodCount;
ppAuthMethods = pIpsecNFAData->ppAuthMethods;
if (!dwAuthMethodCount || !ppAuthMethods) {
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_WIN32_ERROR(dwError);
}
dwError = AllocateSPDMemory(
sizeof(INT_MM_AUTH_METHODS),
&pSPDMMAuthMethods
);
BAIL_ON_WIN32_ERROR(dwError);
memcpy(
&(pSPDMMAuthMethods->gMMAuthID),
&(pIpsecNFAData->NFAIdentifier),
sizeof(GUID)
);
pSPDMMAuthMethods->dwFlags = 0;
pIpsecNegPolData = pIpsecNFAData->pIpsecNegPolData;
if (!memcmp(
&(pIpsecNegPolData->NegPolType),
&(GUID_NEGOTIATION_TYPE_DEFAULT),
sizeof(GUID))) {
pSPDMMAuthMethods->dwFlags |= IPSEC_MM_AUTH_DEFAULT_AUTH;
}
dwError = PACreateMMAuthInfos(
dwAuthMethodCount,
ppAuthMethods,
&(pSPDMMAuthMethods->dwNumAuthInfos),
&(pSPDMMAuthMethods->pAuthenticationInfo)
);
BAIL_ON_WIN32_ERROR(dwError);
*ppSPDMMAuthMethods = pSPDMMAuthMethods;
return (dwError);
error:
TRACE(
TRC_ERROR,
("Pastore failed to create MM auth methods for rule %!guid!: %!winerr!",
&pIpsecNFAData->NFAIdentifier,
dwError)
);
if (pSPDMMAuthMethods) {
PAFreeMMAuthMethods(pSPDMMAuthMethods);
}
*ppSPDMMAuthMethods = NULL;
return (dwError);
}
DWORD
PACreateMMAuthInfos(
DWORD dwAuthMethodCount,
PIPSEC_AUTH_METHOD * ppAuthMethods,
PDWORD pdwNumAuthInfos,
PINT_IPSEC_MM_AUTH_INFO * ppAuthenticationInfo
)
{
DWORD dwError = 0;
PINT_IPSEC_MM_AUTH_INFO pAuthenticationInfo = NULL;
PINT_IPSEC_MM_AUTH_INFO pTemp = NULL;
PIPSEC_AUTH_METHOD pAuthMethod = NULL;
DWORD i = 0;
//
// dwAuthMethodCount is not zero at this point.
// ppAuthMethods is not null at this point.
//
dwError = AllocateSPDMemory(
sizeof(INT_IPSEC_MM_AUTH_INFO)*dwAuthMethodCount,
&(pAuthenticationInfo)
);
BAIL_ON_WIN32_ERROR(dwError);
pTemp = pAuthenticationInfo;
for (i = 0; i < dwAuthMethodCount; i++) {
pAuthMethod = *(ppAuthMethods + i);
pTemp->AuthMethod = (MM_AUTH_ENUM) pAuthMethod->dwAuthType;
switch(pTemp->AuthMethod) {
case IKE_SSPI:
pTemp->dwAuthInfoSize = 0;
pTemp->pAuthInfo = NULL;
break;
case IKE_RSA_SIGNATURE:
if (pAuthMethod->dwAltAuthLen && pAuthMethod->pAltAuthMethod) {
dwError = AllocateSPDMemory(
pAuthMethod->dwAltAuthLen,
&(pTemp->pAuthInfo)
);
BAIL_ON_WIN32_ERROR(dwError);
pTemp->dwAuthInfoSize = pAuthMethod->dwAltAuthLen;
//
// Need to catch the exception when the size of auth info
// specified is more than the actual size.
//
//
memcpy(
pTemp->pAuthInfo,
pAuthMethod->pAltAuthMethod,
pAuthMethod->dwAltAuthLen
);
}
else {
if (!(pAuthMethod->dwAuthLen) || !(pAuthMethod->pszAuthMethod)) {
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_WIN32_ERROR(dwError);
}
dwError = EncodeName(
pAuthMethod->pszAuthMethod,
&pTemp->pAuthInfo,
&pTemp->dwAuthInfoSize
);
BAIL_ON_WIN32_ERROR(dwError);
}
pTemp->dwAuthFlags = pAuthMethod->dwAuthFlags;
break;
default:
if (!(pAuthMethod->dwAuthLen) || !(pAuthMethod->pszAuthMethod)) {
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_WIN32_ERROR(dwError);
}
dwError = AllocateSPDMemory(
(pAuthMethod->dwAuthLen)*sizeof(WCHAR),
&(pTemp->pAuthInfo)
);
BAIL_ON_WIN32_ERROR(dwError);
pTemp->dwAuthInfoSize = (pAuthMethod->dwAuthLen)*sizeof(WCHAR);
//
// Need to catch the exception when the size of auth info
// specified is more than the actual size.
//
//
memcpy(
pTemp->pAuthInfo,
(LPBYTE) pAuthMethod->pszAuthMethod,
(pAuthMethod->dwAuthLen)*sizeof(WCHAR)
);
break;
}
pTemp++;
}
*pdwNumAuthInfos = dwAuthMethodCount;
*ppAuthenticationInfo = pAuthenticationInfo;
return (dwError);
error:
if (pAuthenticationInfo) {
PAFreeMMAuthInfos(
i,
pAuthenticationInfo
);
}
*pdwNumAuthInfos = 0;
*ppAuthenticationInfo = NULL;
return (dwError);
}
VOID
PAFreeMMAuthMethods(
PINT_MM_AUTH_METHODS pSPDMMAuthMethods
)
{
if (pSPDMMAuthMethods) {
PAFreeMMAuthInfos(
pSPDMMAuthMethods->dwNumAuthInfos,
pSPDMMAuthMethods->pAuthenticationInfo
);
FreeSPDMemory(pSPDMMAuthMethods);
}
}
VOID
PAFreeMMAuthInfos(
DWORD dwNumAuthInfos,
PINT_IPSEC_MM_AUTH_INFO pAuthenticationInfo
)
{
DWORD i = 0;
PINT_IPSEC_MM_AUTH_INFO pTemp = NULL;
if (pAuthenticationInfo) {
pTemp = pAuthenticationInfo;
for (i = 0; i < dwNumAuthInfos; i++) {
if (pTemp->pAuthInfo) {
FreeSPDMemory(pTemp->pAuthInfo);
}
pTemp++;
}
FreeSPDMemory(pAuthenticationInfo);
}
}
DWORD
PADeleteAllMMAuthMethods(
)
{
DWORD dwError = 0;
PMMAUTHSTATE pMMAuthState = NULL;
LPWSTR pServerName = NULL;
PMMAUTHSTATE pTemp = NULL;
PMMAUTHSTATE pLeftMMAuthState = NULL;
DWORD dwVersion = 0;
TRACE(TRC_INFORMATION, (L"Pastore deleting all MM auth methods."));
pMMAuthState = gpMMAuthState;
while (pMMAuthState) {
if (pMMAuthState->bInSPD) {
dwError = DeleteMMAuthMethods(
pServerName,
dwVersion,
pMMAuthState->gMMAuthID,
NULL
);
if (!dwError) {
pTemp = pMMAuthState;
pMMAuthState = pMMAuthState->pNext;
FreeSPDMemory(pTemp);
}
else {
pMMAuthState->dwErrorCode = dwError;
pTemp = pMMAuthState;
pMMAuthState = pMMAuthState->pNext;
pTemp->pNext = pLeftMMAuthState;
pLeftMMAuthState = pTemp;
}
}
else {
pTemp = pMMAuthState;
pMMAuthState = pMMAuthState->pNext;
FreeSPDMemory(pTemp);
}
}
gpMMAuthState = pLeftMMAuthState;
return (dwError);
}
VOID
PAFreeMMAuthStateList(
PMMAUTHSTATE pMMAuthState
)
{
PMMAUTHSTATE pTemp = NULL;
while (pMMAuthState) {
pTemp = pMMAuthState;
pMMAuthState = pMMAuthState->pNext;
FreeSPDMemory(pTemp);
}
}
PMMAUTHSTATE
FindMMAuthState(
GUID gMMAuthID
)
{
PMMAUTHSTATE pMMAuthState = NULL;
pMMAuthState = gpMMAuthState;
while (pMMAuthState) {
if (!memcmp(&(pMMAuthState->gMMAuthID), &gMMAuthID, sizeof(GUID))) {
return (pMMAuthState);
}
pMMAuthState = pMMAuthState->pNext;
}
return (NULL);
}
DWORD
PADeleteMMAuthMethods(
PIPSEC_NFA_DATA * ppIpsecNFAData,
DWORD dwNumNFACount
)
{
DWORD dwError = 0;
DWORD i = 0;
PIPSEC_NFA_DATA pIpsecNFAData = NULL;
for (i = 0; i < dwNumNFACount; i++) {
pIpsecNFAData = *(ppIpsecNFAData + i);
dwError = PADeleteMMAuthMethod(
pIpsecNFAData->NFAIdentifier
);
}
return (dwError);
}
DWORD
PADeleteMMAuthMethod(
GUID gMMAuthID
)
{
DWORD dwError = 0;
PMMAUTHSTATE pMMAuthState = NULL;
LPWSTR pServerName = NULL;
DWORD dwVersion = 0;
TRACE(
TRC_INFORMATION,
(L"Pastore deleting MM auth method %!guid!",
&gMMAuthID)
);
pMMAuthState = FindMMAuthState(
gMMAuthID
);
if (!pMMAuthState) {
dwError = ERROR_SUCCESS;
return (dwError);
}
if (pMMAuthState->bInSPD) {
dwError = DeleteMMAuthMethods(
pServerName,
dwVersion,
pMMAuthState->gMMAuthID,
NULL
);
if (dwError) {
pMMAuthState->dwErrorCode = dwError;
}
BAIL_ON_WIN32_ERROR(dwError);
}
PADeleteMMAuthState(pMMAuthState);
error:
return (dwError);
}
VOID
PADeleteMMAuthState(
PMMAUTHSTATE pMMAuthState
)
{
PMMAUTHSTATE * ppTemp = NULL;
ppTemp = &gpMMAuthState;
while (*ppTemp) {
if (*ppTemp == pMMAuthState) {
break;
}
ppTemp = &((*ppTemp)->pNext);
}
if (*ppTemp) {
*ppTemp = pMMAuthState->pNext;
}
FreeSPDMemory(pMMAuthState);
return;
}
DWORD
PADeleteInUseMMAuthMethods(
)
{
DWORD dwError = 0;
PMMAUTHSTATE pMMAuthState = NULL;
LPWSTR pServerName = NULL;
PMMAUTHSTATE pTemp = NULL;
PMMAUTHSTATE pLeftMMAuthState = NULL;
DWORD dwVersion = 0;
TRACE(TRC_INFORMATION, (L"Pastore deleting in-use MM auth methods."));
pMMAuthState = gpMMAuthState;
while (pMMAuthState) {
if (pMMAuthState->bInSPD &&
(pMMAuthState->dwErrorCode == ERROR_IPSEC_MM_AUTH_IN_USE)) {
dwError = DeleteMMAuthMethods(
pServerName,
dwVersion,
pMMAuthState->gMMAuthID,
NULL
);
if (!dwError) {
pTemp = pMMAuthState;
pMMAuthState = pMMAuthState->pNext;
FreeSPDMemory(pTemp);
}
else {
pTemp = pMMAuthState;
pMMAuthState = pMMAuthState->pNext;
pTemp->pNext = pLeftMMAuthState;
pLeftMMAuthState = pTemp;
}
}
else {
pTemp = pMMAuthState;
pMMAuthState = pMMAuthState->pNext;
pTemp->pNext = pLeftMMAuthState;
pLeftMMAuthState = pTemp;
}
}
gpMMAuthState = pLeftMMAuthState;
return (dwError);
}
DWORD
EncodeName(
LPWSTR pszSubjectName,
PBYTE * ppEncodedName,
PDWORD pdwEncodedLength
)
{
DWORD dwError = ERROR_SUCCESS;
*ppEncodedName = NULL;
*pdwEncodedLength = 0;
if (!CertStrToName(
X509_ASN_ENCODING,
pszSubjectName,
CERT_X500_NAME_STR,
NULL,
NULL,
pdwEncodedLength,
NULL)) {
dwError = GetLastError();
BAIL_ON_WIN32_ERROR(dwError);
}
if (!*pdwEncodedLength) {
dwError = ERROR_INVALID_DATA;
BAIL_ON_WIN32_ERROR(dwError);
}
dwError = AllocateSPDMemory(
*pdwEncodedLength,
(PVOID) ppEncodedName
);
BAIL_ON_WIN32_ERROR(dwError);
if (!CertStrToName(
X509_ASN_ENCODING,
pszSubjectName,
CERT_X500_NAME_STR,
NULL,
(*ppEncodedName),
pdwEncodedLength,
NULL)) {
dwError = GetLastError();
BAIL_ON_WIN32_ERROR(dwError);
}
return (dwError);
error:
if (*ppEncodedName) {
FreeSPDMemory(*ppEncodedName);
*ppEncodedName = NULL;
}
*pdwEncodedLength = 0;
return (dwError);
}