Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1024 lines
30 KiB

//++
//
// Copyright (C) Microsoft Corporation, 1987 - 2000
//
// Module Name:
//
// ipsec.c
//
// Abstract:
//
// IP Security stats for netdiag
//
// Author:
//
// DKalin - 8/3/1999
//
// Environment:
//
// User mode only.
// Contains NT-specific code.
//
// Revision History:
//
// Changed behavior for Whistler - now we report registry/OU settings only
// More specific code moved to net\ipsec\nshipsec tool
//--
#include "precomp.h"
#include "spdcheck.h"
#include <snmp.h>
#include "tcpinfo.h"
#include "ipinfo.h"
#include "llinfo.h"
#include <windows.h>
#include <winsock2.h>
#include <ipexport.h>
#include <icmpapi.h>
#include <stdlib.h>
#include <assert.h>
#include <tchar.h>
#include <wincrypt.h>
#include <stdio.h>
#include <objbase.h>
#include <dsgetdc.h>
#include <lm.h>
#include <userenv.h>
#define STRING_TEXT_SIZE 4096
#define NETDIAG_TEXT_LIMIT 3072
// magic strings
#define IPSEC_SERVICE_NAME TEXT("policyagent")
#define GPEXT_KEY TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions")
TCHAR pcszGPTIPSecKey[] = TEXT("SOFTWARE\\Policies\\Microsoft\\Windows\\IPSEC\\GPTIPSECPolicy");
TCHAR pcszGPTIPSecName[] = TEXT("DSIPSECPolicyName");
TCHAR pcszGPTIPSecFlags[] = TEXT("DSIPSECPolicyFlags");
TCHAR pcszGPTIPSecPath[] = TEXT("DSIPSECPolicyPath");
TCHAR pcszLocIPSecKey[] = TEXT("SOFTWARE\\Policies\\Microsoft\\Windows\\IPSEC\\Policy\\Local");
TCHAR pcszLocIPSecPol[] = TEXT("ActivePolicy");
TCHAR pcszCacheIPSecKey[] = TEXT("SOFTWARE\\Policies\\Microsoft\\Windows\\IPSEC\\Policy\\Cache");
TCHAR pcszIPSecPolicy[] = TEXT("ipsecPolicy");
TCHAR pcszIPSecName[] = TEXT("ipsecName");
TCHAR pcszIPSecDesc[] = TEXT("description");
TCHAR pcszIPSecTimestamp[] = TEXT("whenChanged");
TCHAR pcszIPSecID[] = TEXT("ipsecID");
typedef struct
{
SERVICE_STATUS servStat; // service status
QUERY_SERVICE_CONFIG servConfig; // service configuration
} SERVICE_INFO, *PSERVICE_INFO;
typedef struct
{
TCHAR pszComputerOU[MAXSTRLEN]; // this computer' OU name
PGROUP_POLICY_OBJECT pGPO; // GPO that is assigning IPSec Policy
TCHAR pszPolicyOU [MAXSTRLEN]; // OU that has the GPO assigned
} DS_POLICY_INFO, *PDS_POLICY_INFO;
DWORD MyFormatMessage ( DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId,
LPTSTR lpBuffer, DWORD nSize, va_list *Arguments );
//void reportError ( DWORD hr, NETDIAG_PARAMS* pParams, NETDIAG_RESULT* pResults );
void reportServiceInfo ( NETDIAG_PARAMS* pParams, NETDIAG_RESULT* pResults );
DWORD getPolicyInfo ( );
DWORD getMorePolicyInfo (NETDIAG_PARAMS* pParams, NETDIAG_RESULT* pResults );
DWORD getServiceInfo ( PSERVICE_INFO pInfo );
PGROUP_POLICY_OBJECT getIPSecGPO ( );
void StringToGuid( TCHAR * szValue, GUID * pGuid );
BOOL bTestSkipped = FALSE;
BOOL bTestPassed = FALSE;
SERVICE_INFO siIPSecStatus;
DS_POLICY_INFO dpiAssignedPolicy;
TCHAR pszBuf[STRING_TEXT_SIZE];
WCHAR StringTxt[STRING_TEXT_SIZE];
BOOL
IPSecTest(NETDIAG_PARAMS* pParams, NETDIAG_RESULT* pResults)
//++
// Description:
// This is IPSec test
//
// Arguments:
// None.
//
// Author:
// DKalin 08/03/99
//--
{
DWORD dwError = ERROR_SUCCESS;
BOOL bRet = S_OK;
PGROUP_POLICY_OBJECT pGPO = NULL;
PGROUP_POLICY_OBJECT pLastGPO = NULL;
PrintStatusMessage( pParams, 4, IDS_IPSEC_STATUS_MSG );
InitializeListHead(&pResults->IPSec.lmsgGlobalOutput);
InitializeListHead(&pResults->IPSec.lmsgAdditOutput);
/* Crippling netdiag support, as netsh should take care of everything */
// test skipped
bTestSkipped = TRUE;
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_NSHIPSEC );
return S_OK;
dwError = getServiceInfo(&siIPSecStatus);
if (dwError != ERROR_SUCCESS || siIPSecStatus.servStat.dwCurrentState != SERVICE_RUNNING)
{
// test skipped
bTestSkipped = TRUE;
if (dwError == ERROR_SERVICE_DOES_NOT_EXIST)
{
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_PA_NOT_INSTALLED );
}
else if (dwError == ERROR_SUCCESS)
{
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_PA_NOT_STARTED );
reportServiceInfo(pParams, pResults);
}
else
{
// some error
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_PA_NO_INFO );
reportError(dwError, pParams, pResults);
}
return S_OK;
}
else
{
// test passed
bTestPassed = TRUE;
reportServiceInfo(pParams, pResults);
dwError = getPolicyInfo();
if (dwError != ERROR_SUCCESS)
{
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_NO_POLICY_INFO );
reportError(dwError, pParams, pResults);
}
else
{
switch (piAssignedPolicy.iPolicySource)
{
case PS_NO_POLICY:
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_NO_POLICY );
break;
case PS_DS_POLICY:
dwError = getMorePolicyInfo(pParams,pResults);
if(dwError)
{
reportError(dwError, pParams, pResults);
return S_OK;
}
pLastGPO = pGPO = getIPSecGPO();
if (pGPO)
{
while ( 1 )
{
if ( pLastGPO->pNext )
pLastGPO = pLastGPO->pNext;
else
break;
}
}
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_DS_POLICY );
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_POLICY_NAME, piAssignedPolicy.pszPolicyName );
// description and timestamp - not available yet
/*
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_DESCRIPTION, piAssignedPolicy.pszPolicyDesc );
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_TIMESTAMP );
if (piAssignedPolicy.timestamp == 0)
{
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_GLOBAL_ADAPTER_UNKNOWN);
}
else
{
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDSSZ_GLOBAL_String, _tctime(&(piAssignedPolicy.timestamp)));
}
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_GLOBAL_EmptyLine);
*/
// GPO / OU
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_GPO);
if (pLastGPO)
{
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDSSZ_GLOBAL_String, pLastGPO->lpDisplayName);
}
else
{
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_GLOBAL_ADAPTER_UNKNOWN);
}
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_GLOBAL_EmptyLine);
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_OU);
if (pLastGPO)
{
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDSSZ_GLOBAL_String, pLastGPO->lpLink);
}
else
{
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_GLOBAL_ADAPTER_UNKNOWN);
}
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_GLOBAL_EmptyLine);
// policy path
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_POLICY_PATH);
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDSSZ_GLOBAL_StringLine, piAssignedPolicy.pszPolicyPath);
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_GLOBAL_EmptyLine, piAssignedPolicy.pszPolicyPath);
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_SPD_STATUS, piAssignedPolicy.pszPolicyPath);
// Don't do the SPDCheckTEST as per bug XP 504035.
// SPD will audit errors on policy read/process/apply now anyway.
//
// bRet = SPDCheckTEST(pParams,pResults);
// cleanup GPO
if (pGPO)
{
FreeGPOList (pGPO);
}
break;
case PS_LOC_POLICY:
dwError = getMorePolicyInfo(pParams,pResults);
if(dwError)
{
reportError(dwError, pParams, pResults);
return S_OK;
}
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_LOC_POLICY );
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_POLICY_NAME, piAssignedPolicy.pszPolicyName );
// description and timestamp
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_DESCRIPTION, piAssignedPolicy.pszPolicyDesc );
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_TIMESTAMP );
if (piAssignedPolicy.timestamp == 0)
{
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_GLOBAL_ADAPTER_UNKNOWN);
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_GLOBAL_EmptyLine);
}
else
{
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDSSZ_GLOBAL_String, _tctime(&(piAssignedPolicy.timestamp)));
}
// local policy path
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_POLICY_PATH);
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_LOCAL_PATH, piAssignedPolicy.pszPolicyPath);
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_GLOBAL_EmptyLine, piAssignedPolicy.pszPolicyPath);
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_SPD_STATUS, piAssignedPolicy.pszPolicyPath);
// Don't do the SPDCheckTEST as per bug XP 504035.
// SPD will audit errors on policy read/process/apply now anyway.
//
// bRet = SPDCheckTEST(pParams,pResults);
break;
}
}
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_NSHIPSEC );
}
return bRet;
}
void IPSecGlobalPrint(NETDIAG_PARAMS *pParams, NETDIAG_RESULT *pResults)
{
PrintMessage(pParams, IDS_GLOBAL_EmptyLine);
if (bTestSkipped)
{
PrintTestTitleResult(pParams, IDS_IPSEC_LONG, IDS_IPSEC_SHORT, FALSE, S_FALSE, 0);
}
if (bTestPassed)
{
PrintTestTitleResult(pParams, IDS_IPSEC_LONG, IDS_IPSEC_SHORT, TRUE, S_OK, 0);
}
PrintMessageList(pParams, &pResults->IPSec.lmsgGlobalOutput);
PrintMessageList(pParams, &pResults->IPSec.lmsgAdditOutput);
}
void IPSecPerInterfacePrint(NETDIAG_PARAMS *pParams, NETDIAG_RESULT *pResults, INTERFACE_RESULT *pInterfaceResults)
{
return;
}
void IPSecCleanup(IN NETDIAG_PARAMS *pParams,
IN OUT NETDIAG_RESULT *pResults)
{
MessageListCleanUp(&pResults->IPSec.lmsgGlobalOutput);
MessageListCleanUp(&pResults->IPSec.lmsgAdditOutput);
}
//#define MSG_HANDLE_INVALID TEXT("Handle is invalid. Is IPSEC Policy Agent Service running?")
// this will call SDK' FormatMessage function but will also correct some awkward messages
// will work only for FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM flag combination
DWORD MyFormatMessage(
DWORD dwFlags, // source and processing options
LPCVOID lpSource, // pointer to message source
DWORD dwMessageId, // requested message identifier
DWORD dwLanguageId, // language identifier for requested message
LPTSTR lpBuffer, // pointer to message buffer
DWORD nSize, // maximum size of message buffer
va_list *Arguments // pointer to array of message inserts
)
{
LPTSTR* tmp = (LPTSTR*) lpBuffer;
switch (dwMessageId)
{
/* case ERROR_INVALID_HANDLE: // patch for "handle is invalid" message. Suggest to check if service is started
if (dwFlags == (FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM))
{
*tmp = (LPTSTR) malloc((_tcslen(MSG_HANDLE_INVALID)+1)*sizeof(TCHAR));
_tcscpy(*tmp, MSG_HANDLE_INVALID);
return _tcslen(*tmp);
}
else
{
return FormatMessage(dwFlags,lpSource,dwMessageId,dwLanguageId,lpBuffer,nSize,Arguments);
}
*/ default: // call standard method
return FormatMessage(dwFlags,lpSource,dwMessageId,dwLanguageId,lpBuffer,nSize,Arguments);
}
}
/********************************************************************
FUNCTION: getPolicyInfo
PURPOSE: gets information about currently assigned policy
into piAssignedPolicy global structure
INPUT: none
RETURNS: DWORD. Will return ERROR_SUCCESS if everything is fine.
*********************************************************************/
DWORD getPolicyInfo ( )
{
LONG lRegistryCallResult;
HKEY hRegKey;
DWORD dwType; // for RegQueryValueEx
DWORD dwBufLen; // for RegQueryValueEx
lRegistryCallResult = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
pcszGPTIPSecKey,
0,
KEY_READ,
&hRegKey);
if (lRegistryCallResult == ERROR_SUCCESS)
{
DWORD dwType;
DWORD dwValue;
DWORD dwLength = sizeof(DWORD);
// query for flags, if flags aint' there or equal to 0, we don't have domain policy
lRegistryCallResult = RegQueryValueEx(hRegKey,
pcszGPTIPSecFlags,
NULL,
&dwType,
(LPBYTE)&dwValue,
&dwLength);
if (lRegistryCallResult == ERROR_SUCCESS)
{
if (dwValue == 0)
lRegistryCallResult = ERROR_FILE_NOT_FOUND;
}
// now get name
if (lRegistryCallResult == ERROR_SUCCESS)
{
dwBufLen = MAXSTRLEN*sizeof(TCHAR);
lRegistryCallResult = RegQueryValueEx( hRegKey,
pcszGPTIPSecName,
NULL,
&dwType, // will be REG_SZ
(LPBYTE) pszBuf,
&dwBufLen);
}
}
if (lRegistryCallResult == ERROR_SUCCESS)
{
piAssignedPolicy.iPolicySource = PS_DS_POLICY;
piAssignedPolicy.pszPolicyPath[0] = 0;
_tcscpy(piAssignedPolicy.pszPolicyName, pszBuf);
dwBufLen = MAXSTRLEN*sizeof(TCHAR);
lRegistryCallResult = RegQueryValueEx( hRegKey,
pcszGPTIPSecPath,
NULL,
&dwType, // will be REG_SZ
(LPBYTE) pszBuf,
&dwBufLen);
if (lRegistryCallResult == ERROR_SUCCESS)
{
_tcscpy(piAssignedPolicy.pszPolicyPath, pszBuf);
}
RegCloseKey(hRegKey);
return ERROR_SUCCESS;
}
else
{
RegCloseKey(hRegKey);
if (lRegistryCallResult == ERROR_FILE_NOT_FOUND)
{ // DS reg key not found, check local
lRegistryCallResult = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
pcszLocIPSecKey,
0,
KEY_READ,
&hRegKey);
if (lRegistryCallResult == ERROR_SUCCESS)
{
dwBufLen = MAXSTRLEN*sizeof(TCHAR);
lRegistryCallResult = RegQueryValueEx( hRegKey,
pcszLocIPSecPol,
NULL,
&dwType, // will be REG_SZ
(LPBYTE) pszBuf,
&dwBufLen);
}
else
{
return lRegistryCallResult; // return whatever error we got
}
RegCloseKey(hRegKey);
if (lRegistryCallResult == ERROR_FILE_NOT_FOUND)
{ // no policy assigned
piAssignedPolicy.iPolicySource = PS_NO_POLICY;
piAssignedPolicy.pszPolicyPath[0] = 0;
piAssignedPolicy.pszPolicyName[0] = 0;
return ERROR_SUCCESS;
}
else
{ // read it
lRegistryCallResult = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
pszBuf,
0,
KEY_READ,
&hRegKey);
_tcscpy(piAssignedPolicy.pszPolicyPath, pszBuf);
if (lRegistryCallResult == ERROR_SUCCESS)
{
dwBufLen = MAXSTRLEN*sizeof(TCHAR);
lRegistryCallResult = RegQueryValueEx( hRegKey,
pcszIPSecName,
NULL,
&dwType, // will be REG_SZ
(LPBYTE) pszBuf,
&dwBufLen);
}
RegCloseKey(hRegKey);
if (lRegistryCallResult == ERROR_FILE_NOT_FOUND)
{ // no policy assigned
piAssignedPolicy.iPolicySource = PS_NO_POLICY;
piAssignedPolicy.pszPolicyPath[0] = 0;
return ERROR_SUCCESS;
}
else if (lRegistryCallResult == ERROR_SUCCESS)
{ // found it
piAssignedPolicy.iPolicySource = PS_LOC_POLICY;
_tcscpy(piAssignedPolicy.pszPolicyName, pszBuf);
}
}
}
return (DWORD) lRegistryCallResult;
}
}
/********************************************************************
FUNCTION: getServiceInfo
PURPOSE: gets information about current state and configuration of IPSec Service
into *pInfo structure
INPUT: pInfo - pointer to SERVICE_INFO structure which will be updated with current information
TODO:
RETURNS: Win32 error codes. Will return ERROR_SUCCESS if everything is fine.
ERROR_SERVICE_DOES_NOT_EXIST is returned is service is not installed on the system
*********************************************************************/
DWORD getServiceInfo ( OUT PSERVICE_INFO pInfo )
{
DWORD dwError = ERROR_SUCCESS;
DWORD dwRequiredSize = 0;
PVOID pLargeConfig = 0;
SC_HANDLE schMan = NULL;
SC_HANDLE schPA = NULL;
if (!pInfo)
{
return ERROR_INVALID_PARAMETER;
}
memset(&(pInfo->servStat), 0, sizeof(SERVICE_STATUS));
memset(&(pInfo->servConfig), 0, sizeof(QUERY_SERVICE_CONFIG));
schMan = OpenSCManager(NULL, NULL, GENERIC_READ);
if (schMan == NULL)
{
dwError = GetLastError();
goto error;
}
schPA = OpenService(schMan, IPSEC_SERVICE_NAME, GENERIC_READ);
if (schMan == NULL)
{
dwError = GetLastError();
goto error;
}
if (!QueryServiceStatus(schPA, &(pInfo->servStat)))
{
dwError = GetLastError();
goto error;
}
if (!QueryServiceConfig(schPA, &(pInfo->servConfig), sizeof(QUERY_SERVICE_CONFIG), &dwRequiredSize))
{
dwError = GetLastError();
if (dwError == ERROR_INSUFFICIENT_BUFFER)
{
pLargeConfig = malloc(dwRequiredSize);
if (!pLargeConfig)
{
goto error;
}
if (!QueryServiceConfig(schPA, (LPQUERY_SERVICE_CONFIG) pLargeConfig, dwRequiredSize, &dwRequiredSize))
{
dwError = GetLastError();
goto error;
}
// else we just got the information, copy over to *pInfo
memcpy(&(pInfo->servConfig), pLargeConfig, sizeof(QUERY_SERVICE_CONFIG));
dwError = ERROR_SUCCESS;
}
goto error;
}
error:
if (schPA)
CloseServiceHandle(schPA);
if (schMan)
CloseServiceHandle(schMan);
if (pLargeConfig)
{
free(pLargeConfig);
}
return dwError;
}
/********************************************************************
FUNCTION: reportError
PURPOSE: prints out message code and message itself
INPUT: DWORD - error code
RETURNS: none
*********************************************************************/
void reportError ( DWORD dwError, NETDIAG_PARAMS* pParams, NETDIAG_RESULT* pResults )
{
LPTSTR msg = NULL;
MyFormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM,
NULL, dwError, 0, (LPTSTR) &msg, 0, NULL );
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_ERROR_MSG, dwError, msg );
}
/********************************************************************
FUNCTION: reportServiceInfo
PURPOSE: prints out service status and startup information
INPUT: none
RETURNS: none
*********************************************************************/
void reportServiceInfo ( NETDIAG_PARAMS* pParams, NETDIAG_RESULT* pResults )
{
// print status information
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_PA_STATUS );
switch (siIPSecStatus.servStat.dwCurrentState)
{
case SERVICE_RUNNING:
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_PA_STARTED );
break;
case SERVICE_STOPPED:
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_PA_STOPPED );
break;
case SERVICE_PAUSED:
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_PA_PAUSED );
break;
default:
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_GLOBAL_ADAPTER_UNKNOWN);
break;
}
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_GLOBAL_EmptyLine);
// print config information
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_PA_STARTUP );
switch (siIPSecStatus.servConfig.dwStartType)
{
case SERVICE_AUTO_START:
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_PA_AUTOMATIC );
break;
case SERVICE_DEMAND_START:
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_PA_MANUAL );
break;
case SERVICE_DISABLED:
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_IPSEC_PA_DISABLED );
break;
default:
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_GLOBAL_ADAPTER_UNKNOWN);
break;
}
AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
IDS_GLOBAL_EmptyLine);
}
/********************************************************************
FUNCTION: getIPSecGPO
PURPOSE: returns GPO that is assigning IPSec Policy
INPUT: none
RETURNS: pointer to GROUP_POLICY_OBJECT structure
NULL if policy is not assigned or if GPO information is not retrievable
NOTES: Tested only with domain GPOs
Behaves unpredictably when run for the computer
that does not have active Directory IPSec policy assigned
CALLER is responsible for freeing the memory!
*********************************************************************/
PGROUP_POLICY_OBJECT getIPSecGPO ( )
{
HKEY hKey, hSubKey;
DWORD dwType, dwSize, dwIndex, dwNameSize;
LONG lResult;
TCHAR szName[50];
GUID guid;
PGROUP_POLICY_OBJECT pGPO, pGPOTemp;
PGROUP_POLICY_OBJECT pGPOReturn = NULL;
DWORD dwResult;
//
// Enumerate the extensions
//
lResult = RegOpenKeyEx (HKEY_LOCAL_MACHINE, GPEXT_KEY, 0, KEY_READ, &hKey);
if (lResult == ERROR_SUCCESS)
{
dwIndex = 0;
dwNameSize = 50;
while ((dwResult = RegEnumKeyEx (hKey, dwIndex++, szName, &dwNameSize, NULL, NULL,
NULL, NULL)) == ERROR_SUCCESS)
{
dwNameSize = 50;
//
// Skip the registry extension since we did it above
//
if (lstrcmpi(TEXT("{35378EAC-683F-11D2-A89A-00C04FBBCFA2}"), szName))
{
//
// Get the list of GPOs this extension applied
//
StringToGuid(szName, &guid);
lResult = GetAppliedGPOList (GPO_LIST_FLAG_MACHINE, NULL, NULL,
&guid, &pGPO);
if (lResult == ERROR_SUCCESS)
{
if (pGPO)
{
//
// Get the extension's friendly display name
//
lResult = RegOpenKeyEx (hKey, szName, 0, KEY_READ, &hSubKey);
if (lResult == ERROR_SUCCESS)
{
if (!lstrcmpi(TEXT("{e437bc1c-aa7d-11d2-a382-00c04f991e27}"), szName))
{
// found IPSec
return pGPO;
}
else
{
FreeGPOList(pGPO);
}
}
}
}
}
}
}
return pGPOReturn;
}
//*************************************************************
//
// StringToGuid()
//
// Purpose: Converts a GUID in string format to a GUID structure
//
// Parameters: szValue - guid in string format
// pGuid - guid structure receiving the guid
//
//
// Return: void
//
//*************************************************************
void StringToGuid( TCHAR * szValue, GUID * pGuid )
{
TCHAR wc;
INT i;
//
// If the first character is a '{', skip it
//
if ( szValue[0] == TEXT('{') )
szValue++;
//
// Since szValue may be used again, no permanent modification to
// it is be made.
//
wc = szValue[8];
szValue[8] = 0;
pGuid->Data1 = _tcstoul( &szValue[0], 0, 16 );
szValue[8] = wc;
wc = szValue[13];
szValue[13] = 0;
pGuid->Data2 = (USHORT)_tcstoul( &szValue[9], 0, 16 );
szValue[13] = wc;
wc = szValue[18];
szValue[18] = 0;
pGuid->Data3 = (USHORT)_tcstoul( &szValue[14], 0, 16 );
szValue[18] = wc;
wc = szValue[21];
szValue[21] = 0;
pGuid->Data4[0] = (unsigned char)_tcstoul( &szValue[19], 0, 16 );
szValue[21] = wc;
wc = szValue[23];
szValue[23] = 0;
pGuid->Data4[1] = (unsigned char)_tcstoul( &szValue[21], 0, 16 );
szValue[23] = wc;
for ( i = 0; i < 6; i++ )
{
wc = szValue[26+i*2];
szValue[26+i*2] = 0;
pGuid->Data4[2+i] = (unsigned char)_tcstoul( &szValue[24+i*2], 0, 16 );
szValue[26+i*2] = wc;
}
}
/********************************************************************
FUNCTION: getMorePolicyInfo
PURPOSE: gets additional information about currently assigned policy
into piAssignedPolicy global structure
INPUT: none, uses global piAssignedPolicy structure
particularly
iPolicySource
pszPolicyName
pszPolicyPath
fields
RETURNS: DWORD. Will return ERROR_SUCCESS if everything is fine.
Currently fills pszPolicyDesc and timestamp fields of the global structure
NOTES: This is separate from getPolicyInfo routine for two reasons
a) the information obtained here is optional and error during this particular routine
is not considered fatal
b) the code structure is simpler as this routine is "built on top" of what getPolicyInfo provides
*********************************************************************/
DWORD getMorePolicyInfo ( NETDIAG_PARAMS* pParams, NETDIAG_RESULT* pResults)
{
DWORD dwError = ERROR_SUCCESS;
HKEY hRegKey = NULL;
DWORD dwType; // for RegQueryValueEx
DWORD dwBufLen; // for RegQueryValueEx
DWORD dwValue;
DWORD dwLength = sizeof(DWORD);
PTCHAR* ppszExplodeDN = NULL;
// set some default values
piAssignedPolicy.pszPolicyDesc[0] = 0;
piAssignedPolicy.timestamp = 0;
switch (piAssignedPolicy.iPolicySource)
{
case PS_LOC_POLICY:
// open the key
dwError = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
piAssignedPolicy.pszPolicyPath,
0,
KEY_READ,
&hRegKey);
BAIL_ON_WIN32_ERROR(dwError);
// timestamp
dwError = RegQueryValueEx(hRegKey,
pcszIPSecTimestamp,
NULL,
&dwType,
(LPBYTE)&dwValue,
&dwLength);
BAIL_ON_WIN32_ERROR(dwError);
piAssignedPolicy.timestamp = dwValue;
// description
dwBufLen = MAXSTRLEN*sizeof(TCHAR);
dwError = RegQueryValueEx( hRegKey,
pcszIPSecDesc,
NULL,
&dwType, // will be REG_SZ
(LPBYTE) pszBuf,
&dwBufLen);
BAIL_ON_WIN32_ERROR(dwError);
_tcscpy(piAssignedPolicy.pszPolicyDesc, pszBuf);
// policy guid
dwBufLen = MAXSTRLEN*sizeof(TCHAR);
dwError = RegQueryValueEx(hRegKey,
pcszIPSecID,
NULL,
&dwType,
(LPBYTE) pszBuf,
&dwBufLen);
BAIL_ON_WIN32_ERROR(dwError);
StringToGuid(pszBuf, &piAssignedPolicy.policyGUID);
break;
case PS_DS_POLICY:
// get the policy name from DN
_tcscpy(pszBuf, pcszCacheIPSecKey);
ppszExplodeDN = ldap_explode_dn(piAssignedPolicy.pszPolicyPath, 1);
if (!ppszExplodeDN)
{
goto error;
}
_tcscat(pszBuf, TEXT("\\"));
_tcscat(pszBuf, ppszExplodeDN[0]);
// open the regkey
dwError = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
pszBuf,
0,
KEY_READ,
&hRegKey);
BAIL_ON_WIN32_ERROR(dwError);
/* - tomestamp and description are not available yet
// timestamp
dwError = RegQueryValueEx(hRegKey,
pcszIPSecTimestamp,
NULL,
&dwType,
(LPBYTE)&dwValue,
&dwLength);
BAIL_ON_WIN32_ERROR(dwError);
piAssignedPolicy.timestamp = dwValue;
// description
dwBufLen = MAXSTRLEN*sizeof(TCHAR);
dwError = RegQueryValueEx( hRegKey,
pcszIPSecDesc,
NULL,
&dwType, // will be REG_SZ
(LPBYTE) pszBuf,
&dwBufLen);
BAIL_ON_WIN32_ERROR(dwError);
_tcscpy(piAssignedPolicy.pszPolicyDesc, pszBuf);
*/
//get policy guid
dwBufLen = MAXSTRLEN*sizeof(TCHAR);
dwError = RegQueryValueEx(hRegKey,
pcszIPSecID,
NULL,
&dwType,
(LPBYTE) pszBuf,
&dwBufLen);
BAIL_ON_WIN32_ERROR(dwError);
StringToGuid(pszBuf, &piAssignedPolicy.policyGUID);
break;
}
error:
if (hRegKey)
{
RegCloseKey(hRegKey);
}
if (ppszExplodeDN)
{
ldap_value_free(ppszExplodeDN);
}
return dwError;
}