archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/net/ipsec/nshipsec/staticsetutils.cpp

1634 lines
39 KiB
Raw Blame History

//////////////////////////////////////////////////////////////////////
//Module: Static/StaticSetUtils.cpp
// Purpose: Static Set auxiliary functions Implementation.
// Developers Name: Surya
// History:
// Date Author Comments
// 10-8-2001 Bharat Initial Version. SCM Base line 1.0
// <creation> <author>
// <modification> <author> <comments, references to code sections,
// in case of bug fixes>
//////////////////////////////////////////////////////////////////////
#include "nshipsec.h"
//////////////////////////////////////////////////////////////////////
//Function: IsDSAvailable()
//Date of Creation: 21st Aug 2001
//Parameters:
// OUT LPTSTR * pszPath
//Return: BOOL
//Description:
// This function checks whether DS exists
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
//////////////////////////////////////////////////////////////////////
BOOL
IsDSAvailable(
OUT LPTSTR * pszPath
)
{
HRESULT hr = S_OK;
IADs * pintIADs = NULL;
VARIANT var;
BSTR bstrName = NULL;
DWORD dwReturn = ERROR_SUCCESS , dwStrLenAlloc = 0,dwStrLenCpy = 0;
BOOL bDSAvailable = FALSE ;
hr = ADsGetObject(_TEXT("LDAP://rootDSE"), IID_IADs, (void **)&pintIADs);
if ( SUCCEEDED(hr) )
{
if ( pszPath )
{
dwReturn = AllocBSTRMem(_TEXT("defaultNamingContext"),bstrName);
if(dwReturn == ERROR_OUTOFMEMORY)
{
PrintErrorMessage(WIN32_ERR,ERROR_OUTOFMEMORY,NULL);
BAIL_OUT;
}
pintIADs->Get(bstrName, &var);
SysFreeString(bstrName);
if ( SUCCEEDED(hr) )
{
dwStrLenAlloc = wcslen(var.bstrVal) + wcslen(_TEXT("LDAP://"));
*pszPath = (LPTSTR)
::CoTaskMemAlloc(sizeof(OLECHAR) *
(dwStrLenAlloc+1));
if (*pszPath == NULL)
{
PrintErrorMessage(WIN32_ERR,ERROR_OUTOFMEMORY,NULL);
BAIL_OUT;
}
wcsncpy(*pszPath, _TEXT("LDAP://"),dwStrLenAlloc+1);
dwStrLenCpy = wcslen(*pszPath);
wcsncat(*pszPath, var.bstrVal,dwStrLenAlloc-dwStrLenCpy+1);
}
}
bDSAvailable = TRUE;
}
if ( pintIADs )
{
pintIADs->Release();
}
error:
return bDSAvailable;
}
//////////////////////////////////////////////////////////////////////
//
// Function: FindObject
//
// Date of Creation: 21st Aug 2001
//
//
// Pre-conditions:
//
// Runs on a machine that is part of an NT5 domain
//
// Parameters:
//
// IN szName the friendly name to find
// IN cls the class of the object
// OUT szPath ADS path returned on success
// Or the ADS path to the domain on failure
//
// Return :
//
// E_FAIL if object not found
// anything from GetGC
// S_OK for success
//
// Description:
// Finds particular object in the DS. The objects supported
// right now are any in the objectClass enum type
// Revision History:
// <Version number, Change request number, Date of modification,
// Author, Nature of change>
//////////////////////////////////////////////////////////////////////
HRESULT
FindObject(
IN LPTSTR szName,
IN objectClass cls,
OUT LPTSTR & szPath
)
{
_TCHAR szFilter[IDS_MAX_FILTLEN] = {0}; // the search filter we'll use
_TCHAR szSearchBase[IDS_MAX_FILTLEN] = {0}; // the root to search from
LPTSTR pszAttr[] = {_TEXT("distinguishedName")};
DWORD dwAttrCount = 1 , dwStrLen = 0;
HRESULT hrStatus = S_OK;
IDirectorySearch * pintSearch = NULL;
szPath = NULL;
if ( !IsDSAvailable(&szPath) )
{
return E_IDS_NO_DS;
}
else if ( !szName )
{
return E_INVALIDARG;
}
// determine what we're looking for
// and set up the filter
_tcsncpy(szSearchBase, _TEXT("LDAP://"),IDS_MAX_FILTLEN-1);
switch (cls)
{
case OBJCLS_OU:
_tcsncpy(szFilter, _TEXT("(&(objectClass=organizationalUnit)(name="),IDS_MAX_FILTLEN-1);
break;
case OBJCLS_GPO:
_tcsncpy(szFilter, _TEXT("(&(objectClass=groupPolicyContainer)(displayName="),IDS_MAX_FILTLEN-1);
dwStrLen = _tcslen(szSearchBase);
_tcsncat(szSearchBase, _TEXT("CN=Policies,CN=System,"),IDS_MAX_FILTLEN-dwStrLen-1);
break;
case OBJCLS_IPSEC_POLICY:
_tcsncpy(szFilter, _TEXT("(&(objectClass=ipsecPolicy)(ipsecName="),IDS_MAX_FILTLEN-1);
dwStrLen = _tcslen(szSearchBase);
_tcsncat(szSearchBase, _TEXT("CN=IP Security,CN=System,"),IDS_MAX_FILTLEN-dwStrLen-1);
break;
case OBJCLS_CONTAINER:
_tcsncpy(szFilter, _TEXT("(&(objectClass=container)(cn="),IDS_MAX_FILTLEN-1);
break;
case OBJCLS_COMPUTER:
_tcsncpy(szFilter, _TEXT("(&(objectClass=computer)(cn="),IDS_MAX_FILTLEN-1);
break;
default:
return CO_E_NOT_SUPPORTED;
}
dwStrLen = _tcslen(szFilter);
_tcsncat(szFilter, szName,IDS_MAX_FILTLEN-dwStrLen-1);
dwStrLen = _tcslen(szFilter);
_tcsncat(szFilter, TEXT("))"),IDS_MAX_FILTLEN-dwStrLen-1);
dwStrLen = _tcslen(szSearchBase);
_tcsncat(szSearchBase, szPath + 7,IDS_MAX_FILTLEN-dwStrLen-1); // get's past the LDAP://
// the filter and search base are set up now
// we need to get the IDirectorySearch interface
// from the root of the domain
hrStatus = ADsGetObject(szSearchBase, IID_IDirectorySearch,
(void **)&pintSearch);
if ( SUCCEEDED(hrStatus) )
{
ADS_SEARCH_HANDLE hSearch = NULL;
hrStatus = pintSearch->ExecuteSearch(szFilter, pszAttr,
dwAttrCount, &hSearch);
if ( SUCCEEDED(hrStatus) )
{
hrStatus = pintSearch->GetFirstRow(hSearch);
// at this point, if we have a row, we have found the
// object.
if ( S_ADS_NOMORE_ROWS == hrStatus )
{
hrStatus = E_FAIL;
}
else if ( SUCCEEDED(hrStatus) )
{
ADS_SEARCH_COLUMN adsCol = {0};
hrStatus = pintSearch->GetColumn(hSearch, pszAttr[0], &adsCol);
if ( SUCCEEDED(hrStatus) &&
adsCol.pADsValues->dwType == ADSTYPE_DN_STRING )
{
if ( szPath )
CoTaskMemFree(szPath);
dwStrLen = _tcslen(adsCol.pADsValues->DNString) + _tcslen(TEXT("LDAP://"));
szPath = (LPTSTR)::CoTaskMemAlloc((dwStrLen +1) * sizeof(_TCHAR));
if (szPath == NULL)
{
hrStatus=HRESULT_FROM_WIN32(ERROR_OUTOFMEMORY);
BAIL_OUT;
}
memset(szPath ,0 ,(dwStrLen+1)*sizeof(TCHAR));
_tcsncpy(szPath, _TEXT("LDAP://"),dwStrLen+1);
_tcsncat(szPath, adsCol.pADsValues->DNString,dwStrLen- (_tcslen(szPath))+1);
}
else
{
hrStatus = E_IDS_NODNSTRING;
}
pintSearch->FreeColumn( &adsCol );
}
pintSearch->CloseSearchHandle(hSearch);
}
}
if ( pintSearch )
{
pintSearch->Release();
}
error:
return hrStatus;
}
//////////////////////////////////////////////////////////////////////////////
// Function: AssignIPSecPolicyToGPO
//
// Purpose:
//
// Assigns (or unassigns) IPSec pol to GPO
//
// Pre-conditions: None
//
// Parameters:
//
// IN szPolicyName ADsPath or name of ipsec pol
// IN szGPO ADsPath or name of GPO
// IN BOOL bAssign
//
// Returns:
//
// ADSI errors
// S_OK on success
//
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
//////////////////////////////////////////////////////////////////////////////
HRESULT
AssignIPSecPolicyToGPO(
IN LPTSTR szPolicyName,
IN LPTSTR szGPO,
IN BOOL bAssign
)
{
HRESULT hr = S_OK;
LPTSTR szIPSecPolPath = NULL,
szGPOPath = NULL;
_TCHAR szMachinePath[IDS_MAX_PATHLEN] = {0};
IGroupPolicyObject * pintGPO = NULL;
GUID guidClientExt = CLSID_IPSECClientEx;
GUID guidSnapin = CLSID_Snapin;
hr = CoInitialize(NULL);
if (FAILED(hr))
{
BAIL_OUT;
}
if ( !szGPO )
{
return E_INVALIDARG;
}
//
// First, get the ipsec policy object
// and get the GPO objects
//
if ( szPolicyName && !IsADsPath(szPolicyName) )
{
hr = FindObject(szPolicyName, OBJCLS_IPSEC_POLICY, szIPSecPolPath);
}
else
{
szIPSecPolPath = szPolicyName;
}
// now get the GPO
if ( SUCCEEDED(hr) )
{
if ( !IsADsPath(szGPO) )
{
hr = FindObject(szGPO, OBJCLS_GPO, szGPOPath);
}
else
{
szGPOPath = szGPO;
}
hr = CoCreateInstance(CLSID_GroupPolicyObject, NULL, CLSCTX_ALL,
IID_IGroupPolicyObject, (void **)&pintGPO);
if ( SUCCEEDED(hr) )
{
//
// we need to hand off the domain path name
// FindObject returned it in szPath
//
hr = pintGPO->OpenDSGPO(szGPOPath, FALSE);
if ( SUCCEEDED(hr) )
{
//
// We want to get the path to the GPO's machine container
//
hr = pintGPO->GetDSPath(GPO_SECTION_MACHINE, szMachinePath,
IDS_MAX_PATHLEN);
}
}
}
if ( SUCCEEDED(hr) )
{
LPTSTR szName = NULL,
szDescription = NULL;
if ( szIPSecPolPath )
{
if(bAssign)
{
//
// Assignment
hr = GetIPSecPolicyInfo(szIPSecPolPath, szName, szDescription);
if ( SUCCEEDED(hr) )
{
// if description is NULL, pass blank str to make ADSI happy
//
hr = AddPolicyInformationToGPO(szMachinePath,
szName,
(szDescription) ? szDescription : TEXT(" "),
szIPSecPolPath);
// Need to write the changes to the GPO
if ( SUCCEEDED(hr) )
{
hr = pintGPO->Save(TRUE, TRUE, &guidClientExt,
&guidSnapin);
}
}
if ( szName )
CoTaskMemFree(szName);
if ( szDescription )
CoTaskMemFree(szDescription);
}
else
{
// Unassignment
hr = DeletePolicyInformationFromGPO(szMachinePath);
// Need to write the changes to the GPO
if ( SUCCEEDED(hr) )
{
pintGPO->Save(TRUE, FALSE, &guidClientExt,
&guidSnapin);
}
}
}
}
if ( pintGPO )
pintGPO->Release();
error:
return hr;
}
//////////////////////////////////////////////////////////////////////////////
//
// Function: GetIPSecPolicyInfo
//
// Purpose:
//
// Gets the name and description of an ipsec policy
// given an ADs path to the policy
//
// Pre-conditions: None
//
// Parameters:
// IN szPath ADsPath to policy
// OUT szName, szDescription
// NOTE: caller MUST free with CoTaskMemFree
//
// Returns:
// anything from ADsGetObject
// E_FAIL if Name not found
//
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
//////////////////////////////////////////////////////////////////////////////
HRESULT
GetIPSecPolicyInfo(
IN LPTSTR szPath,
OUT LPTSTR & szName,
OUT LPTSTR & szDescription
)
{
HRESULT hr = S_OK;
DWORD dwNumAttr = 2,
dwNumRecvd = 0,
dwStrLen = 0;
LPTSTR pszAttr[] = {TEXT("ipsecName"), TEXT("description")};
ADS_ATTR_INFO * pattrInfo = NULL;
IDirectoryObject * pintDirObj = NULL;
//
// init these to NULL, if the attr's not found, they will stay NULL
//
szName = szDescription = NULL;
hr = ADsGetObject(szPath, IID_IDirectoryObject, (void **)&pintDirObj);
BAIL_ON_FAILURE(hr);
hr = pintDirObj->GetObjectAttributes(pszAttr, dwNumAttr, &pattrInfo, &dwNumRecvd);
BAIL_ON_FAILURE(hr);
for ( DWORD i = 0; i < dwNumRecvd; ++i )
{
if ( !_tcscmp(pattrInfo[i].pszAttrName, TEXT("ipsecName")) )
{
dwStrLen = _tcslen(pattrInfo[i].pADsValues->DNString);
szName = (LPTSTR)CoTaskMemAlloc((dwStrLen + 1)
* sizeof (_TCHAR));
if (szName == NULL)
{
hr=HRESULT_FROM_WIN32(ERROR_OUTOFMEMORY);
BAIL_OUT;
}
_tcsncpy(szName, pattrInfo[i].pADsValues->DNString,dwStrLen + 1);
}
else if ( !_tcscmp(pattrInfo[i].pszAttrName, TEXT("description")) )
{
dwStrLen = _tcslen(pattrInfo[i].pADsValues->DNString);
szDescription = (LPTSTR)CoTaskMemAlloc((dwStrLen + 1)
* sizeof (_TCHAR));
if (szDescription == NULL)
{
hr=HRESULT_FROM_WIN32(ERROR_OUTOFMEMORY);
BAIL_OUT;
}
_tcsncpy(szDescription, pattrInfo[i].pADsValues->DNString,dwStrLen + 1);
}
}
pintDirObj->Release();
FreeADsMem(pattrInfo);
//
// if szName is NULL, it wasn't found and it is an error
// description CAN be NULL
//
if ( !szName )
{
hr = E_FAIL;
}
error:
return hr;
}
///////////////////////////////////////////////////////////////////////////
//Function: CreateDirectoryAndBindToObject()
//Date of Creation: 21st Aug 2001
//Parameters:
// IDirectoryObject * pParentContainer,
// LPWSTR pszCommonName,
// LPWSTR pszObjectClass,
// IDirectoryObject ** ppDirectoryObject
//Return: HRESULT
//Description:
// This function created a AD object
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////////
HRESULT
CreateDirectoryAndBindToObject(
IDirectoryObject * pParentContainer,
LPWSTR pszCommonName,
LPWSTR pszObjectClass,
IDirectoryObject ** ppDirectoryObject
)
{
ADS_ATTR_INFO AttrInfo[2];
ADSVALUE classValue;
HRESULT hr = S_OK;
IADsContainer * pADsContainer = NULL;
IDispatch * pDispatch = NULL;
BSTR bstrObjectClass = NULL, bstrCommonName = NULL;
DWORD dwReturn = ERROR_SUCCESS;
//
// Populate ADS_ATTR_INFO structure for new object
//
classValue.dwType = ADSTYPE_CASE_IGNORE_STRING;
classValue.CaseIgnoreString = pszObjectClass;
AttrInfo[0].pszAttrName = _TEXT("objectClass");
AttrInfo[0].dwControlCode = ADS_ATTR_UPDATE;
AttrInfo[0].dwADsType = ADSTYPE_CASE_IGNORE_STRING;
AttrInfo[0].pADsValues = &classValue;
AttrInfo[0].dwNumValues = 1;
hr = pParentContainer->CreateDSObject(
pszCommonName,
AttrInfo,
1,
&pDispatch
);
if ((FAILED(hr) && (hr == E_ADS_OBJECT_EXISTS)) ||
(FAILED(hr) && (hr == HRESULT_FROM_WIN32(ERROR_OBJECT_ALREADY_EXISTS)))){
hr = pParentContainer->QueryInterface(
IID_IADsContainer,
(void **)&pADsContainer
);
BAIL_ON_FAILURE(hr);
dwReturn = AllocBSTRMem(pszObjectClass,bstrObjectClass);
hr = HRESULT_FROM_WIN32(dwReturn);
BAIL_ON_WIN32_ERROR(dwReturn);
dwReturn = AllocBSTRMem(pszCommonName,bstrCommonName);
hr = HRESULT_FROM_WIN32(dwReturn);
BAIL_ON_WIN32_ERROR(dwReturn);
hr = pADsContainer->GetObject(
bstrObjectClass,
bstrCommonName,
&pDispatch
);
SysFreeString(bstrObjectClass);
SysFreeString(bstrCommonName);
BAIL_ON_FAILURE(hr);
}
hr = pDispatch->QueryInterface(
IID_IDirectoryObject,
(void **)ppDirectoryObject
);
error:
if (pADsContainer) {
pADsContainer->Release();
}
if (pDispatch) {
pDispatch->Release();
}
return(hr);
}
///////////////////////////////////////////////////////////////////////////
//Function: CreateChildPath()
//Date of Creation: 21st Aug 2001
//Parameters:
// IN LPWSTR pszParentPath,
// IN LPWSTR pszChildComponent,
// OUT BSTR * ppszChildPath
//Return: HRESULT
//Description:
// This function creates the required path in the AD
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////////
HRESULT
CreateChildPath(
IN LPWSTR pszParentPath,
IN LPWSTR pszChildComponent,
OUT BSTR * ppszChildPath
)
{
HRESULT hr = S_OK;
IADsPathname *pPathname = NULL;
BSTR bstrParentPath = NULL,bstrChildComponent=NULL;
DWORD dwReturn = ERROR_SUCCESS;
hr = CoCreateInstance(
CLSID_Pathname,
NULL,
CLSCTX_ALL,
IID_IADsPathname,
(void**)&pPathname
);
if (FAILED(hr))
{
BAIL_OUT;
}
dwReturn = AllocBSTRMem(pszParentPath,bstrParentPath);
hr = HRESULT_FROM_WIN32(dwReturn);
BAIL_ON_WIN32_ERROR(dwReturn);
hr = pPathname->Set(bstrParentPath, ADS_SETTYPE_FULL);
SysFreeString(bstrParentPath);
BAIL_ON_FAILURE(hr);
dwReturn = AllocBSTRMem(pszChildComponent,bstrChildComponent);
hr = HRESULT_FROM_WIN32(dwReturn);
BAIL_ON_WIN32_ERROR(dwReturn);
hr = pPathname->AddLeafElement(bstrChildComponent);
SysFreeString(bstrChildComponent);
BAIL_ON_FAILURE(hr);
hr = pPathname->Retrieve(ADS_FORMAT_X500, ppszChildPath);
BAIL_ON_FAILURE(hr);
error:
if (pPathname) {
pPathname->Release();
}
return(hr);
}
///////////////////////////////////////////////////////////////////////////
//Function: ConvertADsPathToDN()
//Date of Creation: 21st Aug 2001
//Parameters:
// IN LPWSTR pszPathName,
// OUT BSTR * ppszPolicyDN
//Return: HRESULT
//Description:
// This function converts ADs path to DN path
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////////
HRESULT
ConvertADsPathToDN(
IN LPWSTR pszPathName,
OUT BSTR * ppszPolicyDN
)
{
HRESULT hr = S_OK;
IADsPathname *pPathname = NULL;
BSTR bstrPathName =NULL;
DWORD dwReturn = ERROR_SUCCESS;
hr = CoCreateInstance(
CLSID_Pathname,
NULL,
CLSCTX_ALL,
IID_IADsPathname,
(void**)&pPathname
);
if (FAILED(hr))
{
BAIL_OUT;
}
dwReturn = AllocBSTRMem(pszPathName,bstrPathName);
hr = HRESULT_FROM_WIN32(dwReturn);
BAIL_ON_WIN32_ERROR(dwReturn);
hr = pPathname->Set(bstrPathName, ADS_SETTYPE_FULL);
SysFreeString(bstrPathName);
BAIL_ON_FAILURE(hr);
hr = pPathname->Retrieve(ADS_FORMAT_X500_DN, ppszPolicyDN);
BAIL_ON_FAILURE(hr);
error:
if (pPathname) {
pPathname->Release();
}
return(hr);
}
///////////////////////////////////////////////////////////////////////////
//Function: AddPolicyInformationToGPO()
//Date of Creation: 21st Aug 2001
//Parameters:
// IN LPWSTR pszMachinePath,
// IN LPWSTR pszName,
// IN LPWSTR pszDescription,
// IN LPWSTR pszPathName
//Return: HRESULT
//Description:
// This function assigns the policy info to the specified GPO.
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////////
HRESULT
AddPolicyInformationToGPO(
IN LPWSTR pszMachinePath,
IN LPWSTR pszName,
IN LPWSTR pszDescription,
IN LPWSTR pszPathName
)
{
HRESULT hr = S_OK;
IDirectoryObject * pMachineContainer = NULL;
IDirectoryObject * pIpsecObject = NULL;
IDirectoryObject * pWindowsContainer = NULL;
IDirectoryObject * pMicrosoftContainer = NULL;
BSTR pszMicrosoftPath = NULL;
BSTR pszIpsecPath = NULL;
BSTR pszWindowsPath = NULL;
BSTR pszPolicyDN = NULL;
ADS_ATTR_INFO AttrInfo[4];
ADSVALUE PolicyPathValue;
ADSVALUE PolicyNameValue;
ADSVALUE PolicyDescriptionValue;
memset((LPBYTE)AttrInfo, 0, sizeof(ADS_ATTR_INFO)*4);
memset((LPBYTE)&PolicyPathValue, 0, sizeof(ADSVALUE));
memset((LPBYTE)&PolicyNameValue, 0, sizeof(ADSVALUE));
memset((LPBYTE)&PolicyDescriptionValue, 0, sizeof(ADSVALUE));
DWORD dwNumModified = 0;
hr = ADsGetObject(
pszMachinePath,
IID_IDirectoryObject,
(void **)&pMachineContainer
);
BAIL_ON_FAILURE(hr);
// Build the fully qualified ADsPath for my object
hr = CreateChildPath(
pszMachinePath,
_TEXT("cn=Microsoft"),
&pszMicrosoftPath
);
BAIL_ON_FAILURE(hr);
hr = CreateChildPath(
pszMicrosoftPath,
_TEXT("cn=Windows"),
&pszWindowsPath
);
BAIL_ON_FAILURE(hr);
hr = CreateChildPath(
pszWindowsPath,
_TEXT("cn=ipsec"),
&pszIpsecPath
);
BAIL_ON_FAILURE(hr);
hr = ADsGetObject(
pszIpsecPath,
IID_IDirectoryObject,
(void **)&pIpsecObject
);
if (FAILED(hr)) {
//
// Bind to the Machine Container
//
hr = CreateDirectoryAndBindToObject(
pMachineContainer,
_TEXT("cn=Microsoft"),
_TEXT("container"),
&pMicrosoftContainer
);
BAIL_ON_FAILURE(hr);
hr = CreateDirectoryAndBindToObject(
pMicrosoftContainer,
_TEXT("cn=Windows"),
_TEXT("container"),
&pWindowsContainer
);
BAIL_ON_FAILURE(hr);
hr = CreateDirectoryAndBindToObject(
pWindowsContainer,
_TEXT("cn=IPSEC"),
_TEXT("ipsecPolicy"),
&pIpsecObject
);
BAIL_ON_FAILURE(hr);
}
//
// Input pszPathName is an ADsPathName
// We need to reduce it to a DN and store it
// in the ipsecOwnersReference (a multi-valued DN attribute)
//
hr = ConvertADsPathToDN(
pszPathName,
&pszPolicyDN
);
BAIL_ON_FAILURE(hr);
//
// Populate ADS_ATTR_INFO structure for new object
//
PolicyPathValue.dwType = ADSTYPE_CASE_IGNORE_STRING;
PolicyPathValue.CaseIgnoreString = pszPolicyDN;
AttrInfo[0].pszAttrName = _TEXT("ipsecOwnersReference");
AttrInfo[0].dwControlCode = ADS_ATTR_UPDATE;
AttrInfo[0].dwADsType = ADSTYPE_CASE_IGNORE_STRING;
AttrInfo[0].pADsValues = &PolicyPathValue;
AttrInfo[0].dwNumValues = 1;
//
// Populate ADS_ATTR_INFO structure for new object
//
PolicyNameValue.dwType = ADSTYPE_CASE_IGNORE_STRING;
PolicyNameValue.CaseIgnoreString = pszName;
AttrInfo[1].pszAttrName = _TEXT("ipsecName");
AttrInfo[1].dwControlCode = ADS_ATTR_UPDATE;
AttrInfo[1].dwADsType = ADSTYPE_CASE_IGNORE_STRING;
AttrInfo[1].pADsValues = &PolicyNameValue;
AttrInfo[1].dwNumValues = 1;
//
// Populate ADS_ATTR_INFO structure for new object
//
PolicyDescriptionValue.dwType = ADSTYPE_CASE_IGNORE_STRING;
PolicyDescriptionValue.CaseIgnoreString = pszDescription;
AttrInfo[2].pszAttrName = _TEXT("description");
AttrInfo[2].dwControlCode = ADS_ATTR_UPDATE;
AttrInfo[2].dwADsType = ADSTYPE_CASE_IGNORE_STRING;
AttrInfo[2].pADsValues = &PolicyDescriptionValue;
AttrInfo[2].dwNumValues = 1;
//
// Now populate our object with our data.
//
hr = pIpsecObject->SetObjectAttributes(
AttrInfo,
3,
&dwNumModified
);
error:
if (pIpsecObject) {
pIpsecObject->Release();
}
if (pMicrosoftContainer) {
pMicrosoftContainer->Release();
}
if (pWindowsContainer) {
pWindowsContainer->Release();
}
if (pMachineContainer) {
pMachineContainer->Release();
}
if (pszMicrosoftPath) {
SysFreeString(pszMicrosoftPath);
}
if (pszPolicyDN) {
SysFreeString(pszPolicyDN);
}
if (pszWindowsPath) {
SysFreeString(pszWindowsPath);
}
if (pszIpsecPath) {
SysFreeString(pszIpsecPath);
}
return(hr);
}
///////////////////////////////////////////////////////////////////////////
//Function: DeletePolicyInformationFromGPO()
//Date of Creation: 21st Aug 2001
//Parameters:
// IN LPWSTR pszMachinePath,
//Return: HRESULT
//Description:
// This function unassigns the policy info to the specified GPO.
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////////
HRESULT
DeletePolicyInformationFromGPO(
IN LPWSTR pszMachinePath
)
{
HRESULT hr = S_OK;
IDirectoryObject * pIpsecObject = NULL;
IDirectoryObject * pWindowsContainer = NULL;
BSTR pszMicrosoftPath = NULL;
BSTR pszIpsecPath = NULL;
BSTR pszWindowsPath = NULL;
// Build the fully qualified ADsPath for my object
hr = CreateChildPath(
pszMachinePath,
_TEXT("cn=Microsoft"),
&pszMicrosoftPath
);
BAIL_ON_FAILURE(hr);
hr = CreateChildPath(
pszMicrosoftPath,
_TEXT("cn=Windows"),
&pszWindowsPath
);
BAIL_ON_FAILURE(hr);
hr = CreateChildPath(
pszWindowsPath,
_TEXT("cn=ipsec"),
&pszIpsecPath
);
BAIL_ON_FAILURE(hr);
hr = ADsGetObject(
pszIpsecPath,
IID_IDirectoryObject,
(void **)&pIpsecObject
);
if (FAILED(hr)) {
//
// This means there is no object, need to
// test that it is because the object does
// not exist.
//
hr = S_OK;
goto error;
}
if (SUCCEEDED(hr)) {
pIpsecObject->Release();
pIpsecObject = NULL;
hr = ADsGetObject(
pszWindowsPath,
IID_IDirectoryObject,
(void **)&pWindowsContainer
);
BAIL_ON_FAILURE(hr);
hr = pWindowsContainer->DeleteDSObject(
_TEXT("cn=ipsec")
);
}
error:
if (pIpsecObject) {
pIpsecObject->Release();
}
if (pWindowsContainer) {
pWindowsContainer->Release();
}
if (pszMicrosoftPath) {
SysFreeString(pszMicrosoftPath);
}
if (pszWindowsPath) {
SysFreeString(pszWindowsPath);
}
if (pszIpsecPath) {
SysFreeString(pszIpsecPath);
}
return(hr);
}
///////////////////////////////////////////////////////////////////////////
//Function: IsADsPath()
//Date of Creation: 21st Aug 2001
//Parameters:
// IN LPTSTR szPath
//Return: BOOL
//Description:
// This function checks whether the specified string is valid ADs path
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////////
BOOL
IsADsPath(
IN LPTSTR szPath
)
{
return !_tcsncmp(szPath, _TEXT("LDAP://"), 7);
}
///////////////////////////////////////////////////////////////////////
//Function: StripGUIDBraces()
//Date of Creation: 21st Aug 2001
//Parameters:
// IN OUT LPTSTR & pszStr
//Return: VOID
//Description:
// This function strips the end braces from the GUID string
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID
StripGUIDBraces(
IN OUT LPTSTR & pszGUIDStr
)
{
LPTSTR pszLocalStr=NULL;
if(!pszGUIDStr)
{
BAIL_OUT;
}
pszLocalStr = _tcschr(pszGUIDStr,CLOSE_GUID_BRACE);
if(pszLocalStr)
*pszLocalStr = _T('\0');
pszLocalStr = _tcschr(pszGUIDStr,OPEN_GUID_BRACE);
if(pszLocalStr)
{
pszLocalStr++;
memmove(pszGUIDStr,(const void *)pszLocalStr,sizeof(TCHAR)*(_tcslen(pszLocalStr)+1));
}
error:
return;
}
///////////////////////////////////////////////////////////////////////
//Function: AllocBSTRMem()
//Date of Creation: 21st Aug 2001
//Parameters:
// IN LPTSTR pszStr,
// IN OUT BSTR & pbsStr
//Return: DWORD
//Description:
// This function strips the end braces from the GUID string
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
DWORD
AllocBSTRMem(
IN LPTSTR pszStr,
IN OUT BSTR & pbsStr
)
{
DWORD dwReturnCode=ERROR_SUCCESS;
if(!pszStr)
{
dwReturnCode=ERROR_INVALID_DATA;
BAIL_OUT;
}
pbsStr = SysAllocString(pszStr);
if(!pbsStr)
{
if (*pszStr)
{
dwReturnCode=ERROR_OUTOFMEMORY;
}
else
{
dwReturnCode=ERROR_INVALID_DATA;
}
}
error:
return dwReturnCode;
}
///////////////////////////////////////////////////////////////////////
//Function: CleanUpAuthInfo()
//Date of Creation: 21st Aug 2001
//Parameters:
// PIPSEC_NFA_DATA &pRule
//Return: VOID
//Description:
// This function cleans up the auth info memory of rule
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID
CleanUpAuthInfo(
PIPSEC_NFA_DATA &pRule
)
{
DWORD i=0;
if(pRule->ppAuthMethods)
{
for (i = 0; i < pRule->dwAuthMethodCount; i++)
{
if(pRule->ppAuthMethods[i])
{
if(pRule->ppAuthMethods[i]->pAltAuthMethod!=NULL)
{
IPSecFreePolMem(pRule->ppAuthMethods[i]->pAltAuthMethod);
}
IPSecFreePolMem(pRule->ppAuthMethods[i]);
}
}
IPSecFreePolMem(pRule->ppAuthMethods);
}
}
///////////////////////////////////////////////////////////////////////
//Function: CleanUpPolicy()
//Date of Creation: 21st Aug 2001
//Parameters:
// PIPSEC_POLICY_DATA &pPolicy
//Return: VOID
//Description:
// This function cleans up the policy info
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID
CleanUpPolicy(
PIPSEC_POLICY_DATA &pPolicy
)
{
if(pPolicy)
{
if(pPolicy->pIpsecISAKMPData)
{
if(pPolicy->pIpsecISAKMPData->pSecurityMethods)
{
IPSecFreePolMem(pPolicy->pIpsecISAKMPData->pSecurityMethods);
}
IPSecFreePolMem(pPolicy->pIpsecISAKMPData);
}
IPSecFreePolMem(pPolicy);
pPolicy=NULL;
}
}
///////////////////////////////////////////////////////////////////////
//Function: CleanUpLocalRuleDataStructure()
//Date of Creation: 21st Aug 2001
//Parameters:
// PRULEDATA &pRuleData
//Return: VOID
//Description:
// This function cleans up the local Rule Structure
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID
CleanUpLocalRuleDataStructure(
PRULEDATA &pRuleData
)
{
DWORD j=0;
if (pRuleData)
{
if (pRuleData->pszRuleName)
{
delete [] pRuleData->pszRuleName;
}
if (pRuleData->pszNewRuleName)
{
delete [] pRuleData->pszNewRuleName;
}
if (pRuleData->pszRuleDescription)
{
delete [] pRuleData->pszRuleDescription;
}
if (pRuleData->pszPolicyName)
{
delete [] pRuleData->pszPolicyName;
}
if (pRuleData->pszFLName)
{
delete [] pRuleData->pszFLName;
}
if (pRuleData->pszFAName)
{
delete [] pRuleData->pszFAName;
}
for (j=0;j<pRuleData->AuthInfos.dwNumAuthInfos;j++)
{
if (pRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo)
{
if (pRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo->AuthMethod == IKE_RSA_SIGNATURE &&
pRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo->pAuthInfo
)
{
delete [] pRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo->pAuthInfo;
}
delete pRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo;
}
}
if (pRuleData->AuthInfos.pAuthMethodInfo)
{
delete [] pRuleData->AuthInfos.pAuthMethodInfo;
}
delete pRuleData;
pRuleData = NULL;
}
}
///////////////////////////////////////////////////////////////////////
//Function: CleanUpLocalPolicyDataStructure()
//Date of Creation: 21st Aug 2001
//Parameters:
// PPOLICYDATA &pPolicyData
//Return: VOID
//Description:
// This function cleans up the local policy Structure
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID
CleanUpLocalPolicyDataStructure(
PPOLICYDATA &pPolicyData
)
{
if(pPolicyData)
{
if (pPolicyData->pszPolicyName)
{
delete [] pPolicyData->pszPolicyName;
}
if (pPolicyData->pszNewPolicyName)
{
delete [] pPolicyData->pszNewPolicyName;
}
if (pPolicyData->pszDescription)
{
delete [] pPolicyData->pszDescription;
}
if (pPolicyData->pszGPOName)
{
delete [] pPolicyData->pszGPOName;
}
if (pPolicyData->pIpSecMMOffer)
{
delete [] pPolicyData->pIpSecMMOffer;
}
delete pPolicyData;
pPolicyData = NULL;
}
}
///////////////////////////////////////////////////////////////////////
//Function: CleanUpLocalFilterActionDataStructure()
//Date of Creation: 21st Aug 2001
//Parameters:
// PFILTERACTION &pFilterAction
//Return: VOID
//Description:
// This function cleans up the local filteraction Structure
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID
CleanUpLocalFilterActionDataStructure(
PFILTERACTION &pFilterAction
)
{
if(pFilterAction)
{
if(pFilterAction->pszFAName)
{
delete [] pFilterAction->pszFAName;
}
if(pFilterAction->pszNewFAName)
{
delete [] pFilterAction->pszNewFAName;
}
if(pFilterAction->pszFADescription)
{
delete [] pFilterAction->pszFADescription;
}
if(pFilterAction->pszGUIDStr)
{
delete [] pFilterAction->pszGUIDStr;
}
if(pFilterAction->pIpsecSecMethods)
{
delete [] pFilterAction->pIpsecSecMethods;
}
delete pFilterAction;
pFilterAction=NULL;
}
}
///////////////////////////////////////////////////////////////////////
//Function: CleanUpLocalFilterDataStructure()
//Date of Creation: 21st Aug 2001
//Parameters:
// PFILTERDATA &pFilter
//Return: VOID
//Description:
// This function cleans up the local filter Structure
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID
CleanUpLocalFilterDataStructure(
PFILTERDATA &pFilter
)
{
if(pFilter)
{
if(pFilter->pszFLName)
{
delete [] pFilter->pszFLName;
}
if(pFilter->pszDescription)
{
delete [] pFilter->pszDescription;
}
if(pFilter->SourceAddr.pszDomainName)
{
delete [] pFilter->SourceAddr.pszDomainName;
}
if(pFilter->DestnAddr.pszDomainName)
{
delete [] pFilter->DestnAddr.pszDomainName;
}
if(pFilter->SourceAddr.puIpAddr)
{
delete [] pFilter->SourceAddr.puIpAddr;
}
if(pFilter->DestnAddr.puIpAddr)
{
delete [] pFilter->DestnAddr.puIpAddr;
}
delete pFilter;
pFilter = NULL;
}
}
///////////////////////////////////////////////////////////////////////
//Function: CleanUpLocalDelFilterDataStructure()
//Date of Creation: 21st Aug 2001
//Parameters:
// PFILTERDATA &pFilter
//Return: VOID
//Description:
// This function cleans up the local filter Structure
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID
CleanUpLocalDelFilterDataStructure(
PDELFILTERDATA &pFilter
)
{
if(pFilter)
{
if(pFilter->pszFLName)
{
delete [] pFilter->pszFLName;
}
if(pFilter->SourceAddr.pszDomainName)
{
delete [] pFilter->SourceAddr.pszDomainName;
}
if(pFilter->DestnAddr.pszDomainName)
{
delete [] pFilter->DestnAddr.pszDomainName;
}
if(pFilter->SourceAddr.puIpAddr)
{
delete [] pFilter->SourceAddr.puIpAddr;
}
if(pFilter->DestnAddr.puIpAddr)
{
delete [] pFilter->DestnAddr.puIpAddr;
}
delete pFilter;
pFilter = NULL;
}
}
///////////////////////////////////////////////////////////////////////
//Function: CleanUpLocalDefRuleDataStructure()
//Date of Creation: 21st Aug 2001
//Parameters:
// PDEFAULTRULE &pRuleData
//Return: VOID
//Description:
// This function cleans up the local default rule Structure
//Revision History:
//<Version number, Change request number, Date of modification,
// Author, Nature of change>
///////////////////////////////////////////////////////////////////////
VOID
CleanUpLocalDefRuleDataStructure(
PDEFAULTRULE &pDefRuleData
)
{
if(pDefRuleData)
{
if(pDefRuleData->pszPolicyName) delete [] pDefRuleData->pszPolicyName;
for(DWORD j=0;j<pDefRuleData->AuthInfos.dwNumAuthInfos;j++)
{
if(&(pDefRuleData->AuthInfos.pAuthMethodInfo[j]) &&
pDefRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo)
{
if(pDefRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo->pAuthInfo)
{
delete pDefRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo->pAuthInfo;
pDefRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo->pAuthInfo = NULL;
}
delete pDefRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo;
pDefRuleData->AuthInfos.pAuthMethodInfo[j].pAuthenticationInfo = NULL;
}
}
if(pDefRuleData->AuthInfos.pAuthMethodInfo)
{
delete [] pDefRuleData->AuthInfos.pAuthMethodInfo;
}
if(pDefRuleData->pIpsecSecMethods)
{
delete [] pDefRuleData->pIpsecSecMethods;
}
delete pDefRuleData;
pDefRuleData = NULL;
}
}