Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

2864 lines
75 KiB

#include "precomp.h"
DWORD
ProcessNFAs(
PIPSEC_POLICY_OBJECT pIpsecPolicyObject,
DWORD dwStoreType,
PDWORD pdwSlientErrorCode,
PIPSEC_POLICY_DATA * ppIpsecPolicyData
)
{
DWORD dwError = 0;
DWORD i = 0;
DWORD NumberofRules = 0;
PIPSEC_NFA_OBJECT * ppIpsecNFAObjects = NULL;
PIPSEC_FILTER_OBJECT * ppIpsecFilterObjects = NULL;
PIPSEC_NEGPOL_OBJECT * ppIpsecNegPolObjects = NULL;
DWORD dwNumFilterObjects = 0;
DWORD dwNumNegPolObjects = 0;
PIPSEC_NFA_OBJECT pIpsecNFAObject = NULL;
PIPSEC_NFA_DATA * ppIpsecNFAData = NULL;
PIPSEC_NFA_DATA pIpsecNFAData = NULL;
PIPSEC_POLICY_DATA pIpsecPolicyData = NULL;
DWORD dwNumNFACount = 0;
NumberofRules = pIpsecPolicyObject->NumberofRulesReturned;
ppIpsecNFAObjects = pIpsecPolicyObject->ppIpsecNFAObjects;
ppIpsecFilterObjects = pIpsecPolicyObject->ppIpsecFilterObjects;
ppIpsecNegPolObjects = pIpsecPolicyObject->ppIpsecNegPolObjects;
dwNumFilterObjects = pIpsecPolicyObject->NumberofFilters;
dwNumNegPolObjects = pIpsecPolicyObject->NumberofNegPols;
__try {
dwError = UnmarshallPolicyObject(
pIpsecPolicyObject,
dwStoreType,
&pIpsecPolicyData
);
} __except(EXCEPTION_EXECUTE_HANDLER) {
dwError = ERROR_INVALID_DATA;
}
BAIL_ON_WIN32_ERROR(dwError);
__try {
dwError = UnmarshallISAKMPObject(
*(pIpsecPolicyObject->ppIpsecISAKMPObjects),
&pIpsecPolicyData->pIpsecISAKMPData
);
} __except(EXCEPTION_EXECUTE_HANDLER) {
dwError = ERROR_INVALID_DATA;
}
BAIL_ON_WIN32_ERROR(dwError);
ppIpsecNFAData = (PIPSEC_NFA_DATA *)AllocPolMem(
sizeof(PIPSEC_NFA_DATA)* NumberofRules
);
if (!ppIpsecNFAData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
for (i = 0; i < NumberofRules; i++) {
pIpsecNFAObject = *(ppIpsecNFAObjects + i);
dwError = ProcessNFA(
pIpsecNFAObject,
dwStoreType,
ppIpsecFilterObjects,
dwNumFilterObjects,
ppIpsecNegPolObjects,
dwNumNegPolObjects,
&pIpsecNFAData
);
if (dwError == ERROR_SUCCESS) {
if (pIpsecNFAData->dwActiveFlag != 0) {
*(ppIpsecNFAData + dwNumNFACount) = pIpsecNFAData;
dwNumNFACount++;
}
else {
FreeIpsecNFAData(pIpsecNFAData);
}
}
else {
*pdwSlientErrorCode = dwError;
}
}
pIpsecPolicyData->ppIpsecNFAData = ppIpsecNFAData;
pIpsecPolicyData->dwNumNFACount = dwNumNFACount;
*ppIpsecPolicyData = pIpsecPolicyData;
return(dwError);
error:
if (pIpsecPolicyData) {
FreeIpsecPolicyData(
pIpsecPolicyData
);
}
*ppIpsecPolicyData = NULL;
return(dwError);
}
DWORD
ProcessNFA(
PIPSEC_NFA_OBJECT pIpsecNFAObject,
DWORD dwStoreType,
PIPSEC_FILTER_OBJECT * ppIpsecFilterObjects,
DWORD dwNumFilterObjects,
PIPSEC_NEGPOL_OBJECT * ppIpsecNegPolObjects,
DWORD dwNumNegPolObjects,
PIPSEC_NFA_DATA * ppIpsecNFAData
)
{
DWORD dwError = 0;
PIPSEC_FILTER_OBJECT pIpsecFilterObject = NULL;
PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject = NULL;
PIPSEC_NFA_DATA pIpsecNFAData = NULL;
__try {
dwError = UnmarshallNFAObject(
pIpsecNFAObject,
dwStoreType,
&pIpsecNFAData
);
} __except(EXCEPTION_EXECUTE_HANDLER) {
dwError = ERROR_INVALID_DATA;
}
BAIL_ON_WIN32_ERROR(dwError);
if (pIpsecNFAObject->pszIpsecFilterReference &&
*pIpsecNFAObject->pszIpsecFilterReference) {
dwError = FindIpsecFilterObject(
pIpsecNFAObject,
ppIpsecFilterObjects,
dwNumFilterObjects,
&pIpsecFilterObject
);
BAIL_ON_WIN32_ERROR(dwError);
__try {
dwError = UnmarshallFilterObject(
pIpsecFilterObject,
&pIpsecNFAData->pIpsecFilterData
);
} __except(EXCEPTION_EXECUTE_HANDLER) {
dwError = ERROR_INVALID_DATA;
}
BAIL_ON_WIN32_ERROR(dwError);
} else {
//
// We've received a NULL FilterReference or a NULL string FilterReference
//
//
// This is acceptable - implies there is no filter associated
//
pIpsecNFAData->pIpsecFilterData = NULL;
}
dwError = FindIpsecNegPolObject(
pIpsecNFAObject,
ppIpsecNegPolObjects,
dwNumNegPolObjects,
&pIpsecNegPolObject
);
BAIL_ON_WIN32_ERROR(dwError);
__try {
dwError = UnmarshallNegPolObject(
pIpsecNegPolObject,
&pIpsecNFAData->pIpsecNegPolData
);
} __except(EXCEPTION_EXECUTE_HANDLER) {
dwError = ERROR_INVALID_DATA;
}
BAIL_ON_WIN32_ERROR(dwError);
*ppIpsecNFAData = pIpsecNFAData;
return(dwError);
error:
if (pIpsecNFAData) {
FreeIpsecNFAData(
pIpsecNFAData
);
}
return(dwError);
}
DWORD
DeepCpyRsopInfo(
PRSOP_INFO pDestRsop,
PRSOP_INFO pSrcRsop
)
{
DWORD dwError = ERROR_SUCCESS;
if (!pDestRsop || !pSrcRsop) {
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_WIN32_ERROR(dwError);
}
memset(pDestRsop, 0, sizeof(RSOP_INFO));
if (pSrcRsop->pszCreationtime && *pSrcRsop->pszCreationtime) {
pDestRsop->pszCreationtime = AllocPolStr(
pSrcRsop->pszCreationtime
);
if (!pDestRsop->pszCreationtime) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
if (pSrcRsop->pszID && *pSrcRsop->pszID) {
pDestRsop->pszID = AllocPolStr(
pSrcRsop->pszID
);
if (!pDestRsop->pszID) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
if (pSrcRsop->pszName && *pSrcRsop->pszName) {
pDestRsop->pszName = AllocPolStr(
pSrcRsop->pszName
);
if (!pDestRsop->pszName) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
pDestRsop->uiPrecedence = pSrcRsop->uiPrecedence;
if (pSrcRsop->pszGPOID && *pSrcRsop->pszGPOID) {
pDestRsop->pszGPOID= AllocPolStr(
pSrcRsop->pszGPOID
);
if (!pDestRsop->pszGPOID) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
if (pSrcRsop->pszSOMID && *pSrcRsop->pszSOMID) {
pDestRsop->pszSOMID = AllocPolStr(
pSrcRsop->pszSOMID
);
if (!pDestRsop->pszSOMID) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
error:
return dwError;
}
DWORD SetPolstoreFlag(
LPBYTE pCur,
LPBYTE pStart,
DWORD dwLength,
DWORD LastError,
DWORD * pdwFlags
)
{
DWORD dwFlags = 0;
LPBYTE pEnd;
//
// End of data is at end of buffer minus the NULL character
//
pEnd = pStart + dwLength - 1;
if (LastError == ERROR_SUCCESS) {
if (pCur + sizeof(GUID) >= pEnd) {
dwFlags = POLSTORE_READWRITE;
}
else {
dwFlags = POLSTORE_READONLY | POLSTORE_NEW_VER;
}
} else {
dwFlags = POLSTORE_READONLY | POLSTORE_PARTIAL;
}
*pdwFlags = dwFlags;
return ERROR_SUCCESS;
}
DWORD
UnmarshallPolicyObject(
PIPSEC_POLICY_OBJECT pIpsecPolicyObject,
DWORD dwStoreType,
PIPSEC_POLICY_DATA * ppIpsecPolicyData
)
{
LPBYTE pMem = NULL;
LPWSTR pszIpsecISAKMPReference = NULL;
PIPSEC_POLICY_DATA pIpsecPolicyData = NULL;
DWORD dwPollingInterval = 0;
DWORD dwFlags = 0;
DWORD dwError = 0;
DWORD dwSkipSize = 0;
// {6A1F5C6F-72B7-11d2-ACF0-0060B0ECCA17}
GUID GUID_POLSTORE_VERSION_INFO =
{ 0x6a1f5c6f, 0x72b7, 0x11d2, { 0xac, 0xf0, 0x0, 0x60, 0xb0, 0xec, 0xca, 0x17 } };
// {22202163-4F4C-11d1-863B-00A0248D3021}
static const GUID GUID_IPSEC_POLICY_DATA_BLOB =
{ 0x22202163, 0x4f4c, 0x11d1, { 0x86, 0x3b, 0x0, 0xa0, 0x24, 0x8d, 0x30, 0x21 } };
pMem = pIpsecPolicyObject->pIpsecData;
//
// Check if the first blob is the version.
//
if (!memcmp(pMem, &(GUID_POLSTORE_VERSION_INFO), sizeof(GUID))) {
pMem += sizeof(GUID);
memcpy(&dwSkipSize, pMem, sizeof(DWORD));
pMem += sizeof(DWORD);
pMem += dwSkipSize;
}
pMem += sizeof(GUID);
pMem += sizeof(DWORD);
memcpy((LPBYTE)&dwPollingInterval, pMem, sizeof(DWORD));
pMem += sizeof(DWORD);
(VOID) SetPolstoreFlag(
pMem,
pIpsecPolicyObject->pIpsecData,
pIpsecPolicyObject->dwIpsecDataLen,
ERROR_SUCCESS,
&dwFlags
);
pIpsecPolicyData = (PIPSEC_POLICY_DATA)AllocPolMem(
sizeof(IPSEC_POLICY_DATA)
);
if (!pIpsecPolicyData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
if (pIpsecPolicyObject->pszIpsecName && *(pIpsecPolicyObject->pszIpsecName)) {
pIpsecPolicyData->pszIpsecName = AllocPolStr(
pIpsecPolicyObject->pszIpsecName
);
if (!pIpsecPolicyData->pszIpsecName) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
if (pIpsecPolicyObject->pszDescription && *(pIpsecPolicyObject->pszDescription)){
pIpsecPolicyData->pszDescription = AllocPolStr(
pIpsecPolicyObject->pszDescription
);
if (!pIpsecPolicyData->pszDescription) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
wGUIDFromString(pIpsecPolicyObject->pszIpsecID,
&pIpsecPolicyData->PolicyIdentifier
);
switch(dwStoreType) {
case IPSEC_WMI_PROVIDER:
pIpsecPolicyData->pRsopInfo = (PRSOP_INFO)AllocPolMem(
sizeof(RSOP_INFO)
);
if (!pIpsecPolicyData->pRsopInfo) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
dwError = DeepCpyRsopInfo(
pIpsecPolicyData->pRsopInfo,
pIpsecPolicyObject->pRsopInfo
);
BAIL_ON_WIN32_ERROR(dwError);
// no "break"; do everything we'd do for IPSEC_REGISTRY_PROVIDER as well.
case IPSEC_REGISTRY_PROVIDER:
dwError = GenGUIDFromRegISAKMPReference(
pIpsecPolicyObject->pszIpsecISAKMPReference,
&pIpsecPolicyData->ISAKMPIdentifier
);
BAIL_ON_WIN32_ERROR(dwError);
break;
case IPSEC_DIRECTORY_PROVIDER:
dwError = CopyISAKMPDSToFQRegString(
pIpsecPolicyObject->pszIpsecISAKMPReference,
&pszIpsecISAKMPReference
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = GenGUIDFromRegISAKMPReference(
pszIpsecISAKMPReference,
&pIpsecPolicyData->ISAKMPIdentifier
);
BAIL_ON_WIN32_ERROR(dwError);
break;
default:
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_WIN32_ERROR(dwError);
}
pIpsecPolicyData->dwWhenChanged = pIpsecPolicyObject->dwWhenChanged;
pIpsecPolicyData->dwPollingInterval = dwPollingInterval;
pIpsecPolicyData->dwFlags = dwFlags;
*ppIpsecPolicyData = pIpsecPolicyData;
if (pszIpsecISAKMPReference) {
FreePolStr(pszIpsecISAKMPReference);
}
return(0);
error:
if (pIpsecPolicyData) {
FreeIpsecPolicyData(pIpsecPolicyData);
}
if (pszIpsecISAKMPReference) {
FreePolStr(pszIpsecISAKMPReference);
}
*ppIpsecPolicyData = NULL;
return(dwError);
}
DWORD
UnmarshallNFAObject(
PIPSEC_NFA_OBJECT pIpsecNFAObject,
DWORD dwStoreType,
PIPSEC_NFA_DATA * ppIpsecNFAData
)
{
LPBYTE pMem = NULL;
DWORD dwNumAuthMethods = 0;
PIPSEC_AUTH_METHOD * ppIpsecAuthMethods = NULL;
DWORD dwFlags = 0;
DWORD dwError = 0;
DWORD i = 0;
PIPSEC_AUTH_METHOD pIpsecAuthMethod = NULL;
DWORD dwInterfaceType = 0;
DWORD dwInterfaceNameLen = 0;
LPWSTR pszInterfaceName = NULL;
DWORD dwTunnelIpAddr = 0;
DWORD dwTunnelFlags = 0;
DWORD dwActiveFlag = 0;
DWORD dwEndPointNameLen = 0;
LPWSTR pszEndPointName = NULL;
DWORD dwNumBytesAdvanced = 0;
PIPSEC_NFA_DATA pIpsecNFAData = NULL;
LPWSTR pszIpsecFilterReference = NULL;
LPWSTR pszIpsecNegPolReference = NULL;
// {11BBAC00-498D-11d1-8639-00A0248D3021}
static const GUID GUID_IPSEC_NFA_BLOB =
{ 0x11bbac00, 0x498d, 0x11d1, { 0x86, 0x39, 0x0, 0xa0, 0x24, 0x8d, 0x30, 0x21 } };
DWORD dwReadBytes = 0;
GUID TmpGuid;
DWORD dwNumAltAuthMethods = 0;
pMem = pIpsecNFAObject->pIpsecData;
pMem += sizeof(GUID); // for the GUID
pMem += sizeof(DWORD); // for the size
memcpy((LPBYTE)&dwNumAuthMethods, pMem, sizeof(DWORD));
pIpsecNFAData = (PIPSEC_NFA_DATA)AllocPolMem(
sizeof(IPSEC_NFA_DATA)
);
if (!pIpsecNFAData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
if (dwNumAuthMethods) {
ppIpsecAuthMethods = (PIPSEC_AUTH_METHOD *) AllocPolMem(
sizeof(PIPSEC_AUTH_METHOD)*dwNumAuthMethods
);
if (!ppIpsecAuthMethods) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
pMem += sizeof(DWORD);
for (i = 0; i < dwNumAuthMethods;i++){
__try {
dwError = UnmarshallAuthMethods(
pMem,
&pIpsecAuthMethod,
&dwNumBytesAdvanced
);
} __except(EXCEPTION_EXECUTE_HANDLER) {
dwError = ERROR_INVALID_DATA;
}
if (dwError) {
pIpsecNFAData->dwAuthMethodCount = i;
pIpsecNFAData->ppAuthMethods = ppIpsecAuthMethods;
BAIL_ON_WIN32_ERROR(dwError);
}
pMem += dwNumBytesAdvanced;
*(ppIpsecAuthMethods + i) = pIpsecAuthMethod;
}
pIpsecNFAData->dwAuthMethodCount = dwNumAuthMethods;
pIpsecNFAData->ppAuthMethods = ppIpsecAuthMethods;
memcpy((LPBYTE)&dwInterfaceType, pMem, sizeof(DWORD));
pIpsecNFAData->dwInterfaceType = dwInterfaceType;
pMem += sizeof(DWORD);
memcpy((LPBYTE)&dwInterfaceNameLen, pMem, sizeof(DWORD));
pMem += sizeof(DWORD);
if (dwInterfaceNameLen) {
pszInterfaceName = AllocPolStr((LPWSTR)pMem);
if (!pszInterfaceName) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
pIpsecNFAData->pszInterfaceName = pszInterfaceName;
pMem += dwInterfaceNameLen;
memcpy((LPBYTE)&dwTunnelIpAddr, pMem, sizeof(DWORD));
pIpsecNFAData->dwTunnelIpAddr = dwTunnelIpAddr;
pMem += sizeof(DWORD);
memcpy((LPBYTE)&dwTunnelFlags, pMem, sizeof(DWORD));
pIpsecNFAData->dwTunnelFlags = dwTunnelFlags;
pMem += sizeof(DWORD);
memcpy((LPBYTE)&dwActiveFlag, pMem, sizeof(DWORD));
pIpsecNFAData->dwActiveFlag = dwActiveFlag;
pMem += sizeof(DWORD);
memcpy((LPBYTE)&dwEndPointNameLen, pMem, sizeof(DWORD));
pMem += sizeof(DWORD);
if (dwEndPointNameLen) {
pszEndPointName = AllocPolStr((LPWSTR)pMem);
if (!pszEndPointName) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
pIpsecNFAData->pszEndPointName = pszEndPointName;
pMem += dwEndPointNameLen;
__try {
dwReadBytes = (DWORD) ((BYTE *) pMem - (BYTE *) pIpsecNFAObject->pIpsecData);
if ((dwReadBytes < pIpsecNFAObject->dwIpsecDataLen) &&
((pIpsecNFAObject->dwIpsecDataLen - dwReadBytes) > sizeof(GUID))) {
memset(&TmpGuid, 1, sizeof(GUID));
if (memcmp(pMem, &TmpGuid, sizeof(GUID)) == 0) {
pMem += sizeof(GUID);
memcpy(&dwNumAltAuthMethods, pMem, sizeof(DWORD));
pMem += sizeof(DWORD);
if (dwNumAltAuthMethods == dwNumAuthMethods) {
for (i = 0; i < dwNumAuthMethods; i++) {
dwError = UnmarshallAltAuthMethods(
pMem,
ppIpsecAuthMethods[i],
&dwNumBytesAdvanced
);
if (dwError) {
break;
}
pMem += dwNumBytesAdvanced;
}
}
}
dwReadBytes = (DWORD) ((BYTE *) pMem - (BYTE *) pIpsecNFAObject->pIpsecData);
if ((dwReadBytes < pIpsecNFAObject->dwIpsecDataLen) &&
((pIpsecNFAObject->dwIpsecDataLen - dwReadBytes) > sizeof(GUID))) {
// Have V3 data
pMem += sizeof(GUID);
pMem += sizeof(DWORD);
for (i=0; i < dwNumAuthMethods; i++) {
memcpy(&((*ppIpsecAuthMethods[i]).dwAuthFlags),
pMem,
sizeof(DWORD));
pMem += sizeof(DWORD);
}
}
}
} __except(EXCEPTION_EXECUTE_HANDLER) {
}
(VOID) SetPolstoreFlag(
pMem,
pIpsecNFAObject->pIpsecData,
pIpsecNFAObject->dwIpsecDataLen,
dwError,
&dwFlags
);
dwError = ERROR_SUCCESS;
//
// Convert the ipsecID to its GUID format
//
wGUIDFromString(pIpsecNFAObject->pszIpsecID,
&pIpsecNFAData->NFAIdentifier
);
if (pIpsecNFAObject->pszIpsecName && *(pIpsecNFAObject->pszIpsecName)) {
pIpsecNFAData->pszIpsecName = AllocPolStr(
pIpsecNFAObject->pszIpsecName
);
if (!pIpsecNFAData->pszIpsecName) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
if (pIpsecNFAObject->pszDescription && *(pIpsecNFAObject->pszDescription)) {
pIpsecNFAData->pszDescription = AllocPolStr(
pIpsecNFAObject->pszDescription
);
if (!pIpsecNFAData->pszDescription) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
switch(dwStoreType) {
case IPSEC_WMI_PROVIDER:
case IPSEC_REGISTRY_PROVIDER:
dwError = GenGUIDFromRegFilterReference(
pIpsecNFAObject->pszIpsecFilterReference,
&pIpsecNFAData->FilterIdentifier
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = GenGUIDFromRegNegPolReference(
pIpsecNFAObject->pszIpsecNegPolReference,
&pIpsecNFAData->NegPolIdentifier
);
BAIL_ON_WIN32_ERROR(dwError);
break;
case IPSEC_DIRECTORY_PROVIDER:
if (pIpsecNFAObject->pszIpsecFilterReference &&
*pIpsecNFAObject->pszIpsecFilterReference) {
dwError = CopyFilterDSToFQRegString(
pIpsecNFAObject->pszIpsecFilterReference,
&pszIpsecFilterReference
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = GenGUIDFromRegFilterReference(
pszIpsecFilterReference,
&pIpsecNFAData->FilterIdentifier
);
BAIL_ON_WIN32_ERROR(dwError);
}
dwError = CopyNegPolDSToFQRegString(
pIpsecNFAObject->pszIpsecNegPolReference,
&pszIpsecNegPolReference
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = GenGUIDFromRegNegPolReference(
pszIpsecNegPolReference,
&pIpsecNFAData->NegPolIdentifier
);
BAIL_ON_WIN32_ERROR(dwError);
break;
default:
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_WIN32_ERROR(dwError);
}
pIpsecNFAData->dwWhenChanged = pIpsecNFAObject->dwWhenChanged;
pIpsecNFAData->dwFlags = dwFlags;
*ppIpsecNFAData = pIpsecNFAData;
if (pszIpsecFilterReference) {
FreePolStr(pszIpsecFilterReference);
}
if (pszIpsecNegPolReference) {
FreePolStr(pszIpsecNegPolReference);
}
return(0);
error:
if (pIpsecNFAData) {
FreeIpsecNFAData(pIpsecNFAData);
}
if (pszIpsecFilterReference) {
FreePolStr(pszIpsecFilterReference);
}
if (pszIpsecNegPolReference) {
FreePolStr(pszIpsecNegPolReference);
}
*ppIpsecNFAData = NULL;
return(dwError);
}
DWORD
UnmarshallFilterObject(
PIPSEC_FILTER_OBJECT pIpsecFilterObject,
PIPSEC_FILTER_DATA * ppIpsecFilterData
)
{
LPBYTE pMem = NULL;
DWORD dwNumFilterSpecs = 0;
PIPSEC_FILTER_SPEC * ppIpsecFilterSpecs = NULL;
PIPSEC_FILTER_SPEC pIpsecFilterSpec = NULL;
DWORD i = 0;
DWORD dwNumBytesAdvanced = 0;
DWORD dwFlags = 0;
PIPSEC_FILTER_DATA pIpsecFilterData = NULL;
DWORD dwError = 0;
// {80DC20B5-2EC8-11d1-A89E-00A0248D3021}
static const GUID GUID_IPSEC_FILTER_BLOB =
{ 0x80dc20b5, 0x2ec8, 0x11d1, { 0xa8, 0x9e, 0x0, 0xa0, 0x24, 0x8d, 0x30, 0x21 } };
pIpsecFilterData = (PIPSEC_FILTER_DATA)AllocPolMem(
sizeof(IPSEC_FILTER_DATA)
);
if (!pIpsecFilterData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
pMem = pIpsecFilterObject->pIpsecData;
pMem += sizeof(GUID);
pMem += sizeof(DWORD);
memcpy((LPBYTE)&dwNumFilterSpecs, pMem, sizeof(DWORD));
if (dwNumFilterSpecs) {
ppIpsecFilterSpecs = (PIPSEC_FILTER_SPEC *)AllocPolMem(
sizeof(PIPSEC_FILTER_SPEC)*dwNumFilterSpecs
);
if (!ppIpsecFilterSpecs) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
pMem += sizeof(DWORD);
for (i = 0; i < dwNumFilterSpecs;i++){
__try {
dwError = UnmarshallFilterSpec(
pMem,
&pIpsecFilterSpec,
&dwNumBytesAdvanced
);
} __except(EXCEPTION_EXECUTE_HANDLER) {
dwError = ERROR_INVALID_DATA;
}
if (dwError) {
pIpsecFilterData->dwNumFilterSpecs = i;
pIpsecFilterData->ppFilterSpecs = ppIpsecFilterSpecs;
BAIL_ON_WIN32_ERROR(dwError);
}
pMem += dwNumBytesAdvanced;
*(ppIpsecFilterSpecs + i) = pIpsecFilterSpec;
}
pIpsecFilterData->dwNumFilterSpecs = dwNumFilterSpecs;
pIpsecFilterData->ppFilterSpecs = ppIpsecFilterSpecs;
(VOID) SetPolstoreFlag(
pMem,
pIpsecFilterObject->pIpsecData,
pIpsecFilterObject->dwIpsecDataLen,
ERROR_SUCCESS,
&dwFlags
);
//
// Convert the ipsecID to its GUID format
//
if (pIpsecFilterObject->pszIpsecName && *(pIpsecFilterObject->pszIpsecName)) {
pIpsecFilterData->pszIpsecName = AllocPolStr(
pIpsecFilterObject->pszIpsecName
);
if (!pIpsecFilterData->pszIpsecName) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
if (pIpsecFilterObject->pszDescription && *(pIpsecFilterObject->pszDescription)) {
pIpsecFilterData->pszDescription = AllocPolStr(
pIpsecFilterObject->pszDescription
);
if (!pIpsecFilterData->pszDescription) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
wGUIDFromString(pIpsecFilterObject->pszIpsecID,
&pIpsecFilterData->FilterIdentifier
);
pIpsecFilterData->dwWhenChanged = pIpsecFilterObject->dwWhenChanged;
pIpsecFilterData->dwFlags = dwFlags;
*ppIpsecFilterData = pIpsecFilterData;
return(dwError);
error:
if (pIpsecFilterData) {
FreeIpsecFilterData(pIpsecFilterData);
}
*ppIpsecFilterData = NULL;
return(dwError);
}
DWORD
UnmarshallNegPolObject(
PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject,
PIPSEC_NEGPOL_DATA * ppIpsecNegPolData
)
{
LPBYTE pMem = NULL;
DWORD dwNumSecurityOffers = 0;
PIPSEC_SECURITY_METHOD pIpsecOffer = NULL;
PIPSEC_NEGPOL_DATA pIpsecNegPolData = NULL;
DWORD dwFlags = 0;
DWORD dwError = 0;
// {80DC20B9-2EC8-11d1-A89E-00A0248D3021}
static const GUID GUID_IPSEC_NEGPOLICY_BLOB =
{ 0x80dc20b9, 0x2ec8, 0x11d1, { 0xa8, 0x9e, 0x0, 0xa0, 0x24, 0x8d, 0x30, 0x21 } };
pMem = pIpsecNegPolObject->pIpsecData;
pIpsecNegPolData = (PIPSEC_NEGPOL_DATA)AllocPolMem(
sizeof(IPSEC_NEGPOL_DATA)
);
if (!pIpsecNegPolData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
pMem += sizeof(GUID);
pMem += sizeof(DWORD);
memcpy((LPBYTE)&dwNumSecurityOffers, pMem, sizeof(DWORD));
pMem += sizeof(DWORD);
if (dwNumSecurityOffers) {
pIpsecOffer = (PIPSEC_SECURITY_METHOD)AllocPolMem(
sizeof(IPSEC_SECURITY_METHOD)*dwNumSecurityOffers
);
if (!pIpsecOffer) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
memcpy((LPBYTE)pIpsecOffer, pMem,
sizeof(IPSEC_SECURITY_METHOD)*dwNumSecurityOffers);
pMem += sizeof(IPSEC_SECURITY_METHOD)*dwNumSecurityOffers;
}
(VOID) SetPolstoreFlag(
pMem,
pIpsecNegPolObject->pIpsecData,
pIpsecNegPolObject->dwIpsecDataLen,
ERROR_SUCCESS,
&dwFlags
);
//
// Convert the ipsecID to its GUID format
//
if (pIpsecNegPolObject->pszIpsecName && *(pIpsecNegPolObject->pszIpsecName)) {
pIpsecNegPolData->pszIpsecName = AllocPolStr(
pIpsecNegPolObject->pszIpsecName
);
if (!pIpsecNegPolData->pszIpsecName) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
if (pIpsecNegPolObject->pszDescription && *(pIpsecNegPolObject->pszDescription)){
pIpsecNegPolData->pszDescription = AllocPolStr(
pIpsecNegPolObject->pszDescription
);
if (!pIpsecNegPolData->pszDescription) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
wGUIDFromString(pIpsecNegPolObject->pszIpsecID,
&pIpsecNegPolData->NegPolIdentifier
);
wGUIDFromString(pIpsecNegPolObject->pszIpsecNegPolAction,
&pIpsecNegPolData->NegPolAction
);
wGUIDFromString(pIpsecNegPolObject->pszIpsecNegPolType,
&pIpsecNegPolData->NegPolType
);
pIpsecNegPolData->dwSecurityMethodCount = dwNumSecurityOffers;
pIpsecNegPolData->pIpsecSecurityMethods = pIpsecOffer;
pIpsecNegPolData->dwWhenChanged = pIpsecNegPolObject->dwWhenChanged;
pIpsecNegPolData->dwFlags = dwFlags;
*ppIpsecNegPolData = pIpsecNegPolData;
return(0);
error:
if (pIpsecOffer) {
FreePolMem(pIpsecOffer);
}
if (pIpsecNegPolData) {
FreeIpsecNegPolData(pIpsecNegPolData);
}
*ppIpsecNegPolData = NULL;
return(dwError);
}
DWORD
ConvertBundleFlagToBundle(BYTE bBundleFlag,
PISAKMP_POLICY pIsakmpPolicy,
CRYPTO_BUNDLE *pBundle)
{
if (bBundleFlag == BYTE_DES_MD5_2048) {
pBundle->EncryptionAlgorithm.AlgorithmIdentifier = IPSEC_ESP_DES;
pBundle->HashAlgorithm.AlgorithmIdentifier = IPSEC_AH_MD5;
pBundle->OakleyGroup=DH_GROUP_2048;
}
if (bBundleFlag == BYTE_DES_SHA_2048) {
pBundle->EncryptionAlgorithm.AlgorithmIdentifier = IPSEC_ESP_DES;
pBundle->HashAlgorithm.AlgorithmIdentifier = IPSEC_AH_SHA;
pBundle->OakleyGroup=DH_GROUP_2048;
}
if (bBundleFlag == BYTE_3DES_MD5_2048) {
pBundle->EncryptionAlgorithm.AlgorithmIdentifier = IPSEC_ESP_3_DES;
pBundle->HashAlgorithm.AlgorithmIdentifier = IPSEC_AH_MD5;
pBundle->OakleyGroup=DH_GROUP_2048;
}
if (bBundleFlag == BYTE_3DES_SHA_2048) {
pBundle->EncryptionAlgorithm.AlgorithmIdentifier = IPSEC_ESP_3_DES;
pBundle->HashAlgorithm.AlgorithmIdentifier = IPSEC_AH_SHA;
pBundle->OakleyGroup=DH_GROUP_2048;
}
pBundle->QuickModeLimit = pIsakmpPolicy->dwQMLimit;
if (pBundle->QuickModeLimit == 1) {
pBundle->PfsIdentityRequired = TRUE;
}
pBundle->Lifetime.Seconds = pIsakmpPolicy->dwLifetimeSec;
return ERROR_SUCCESS;
}
DWORD
UnmarshallISAKMPObject(
PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject,
PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData
)
{
LPBYTE pMem = NULL;
PIPSEC_ISAKMP_DATA pIpsecISAKMPData = NULL;
DWORD dwNumISAKMPSecurityMethods = 0;
PCRYPTO_BUNDLE pSecurityMethods = NULL;
PCRYPTO_BUNDLE pSecurityMethod = NULL;
DWORD dwFlags = 0;
DWORD i = 0;
DWORD dwError = 0;
DWORD dwNumLeadingBundles = 0;
BYTE *pbLeadingBundleFlags = NULL;
// {80DC20B8-2EC8-11d1-A89E-00A0248D3021}
static const GUID GUID_IPSEC_ISAKMP_POLICY_BLOB =
{ 0x80dc20b8, 0x2ec8, 0x11d1, { 0xa8, 0x9e, 0x0, 0xa0, 0x24, 0x8d, 0x30, 0x21 } };
// CHECK THIS PART
pMem = pIpsecISAKMPObject->pIpsecData;
pIpsecISAKMPData = (PIPSEC_ISAKMP_DATA) AllocPolMem(
sizeof(IPSEC_ISAKMP_DATA)
);
if (!pIpsecISAKMPData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
pMem += sizeof(GUID);
pMem += sizeof(DWORD);
memcpy((LPBYTE)&pIpsecISAKMPData->ISAKMPPolicy, pMem, sizeof(ISAKMP_POLICY));
pMem += sizeof(ISAKMP_POLICY);
memcpy((LPBYTE)&dwNumISAKMPSecurityMethods, pMem, sizeof(DWORD));
pMem += sizeof(DWORD);
pbLeadingBundleFlags = pIpsecISAKMPData->ISAKMPPolicy.bLeadingBundleFlags;
for (i=0; i < 4; i++) {
if (pbLeadingBundleFlags[i] != 0) {
dwNumLeadingBundles++;
}
}
if (!dwNumISAKMPSecurityMethods && !dwNumLeadingBundles) {
dwError = ERROR_INVALID_DATA;
BAIL_ON_WIN32_ERROR(dwError);
}
pSecurityMethods = (PCRYPTO_BUNDLE) AllocPolMem(
sizeof(CRYPTO_BUNDLE)*(dwNumISAKMPSecurityMethods+dwNumLeadingBundles)
);
if (!pSecurityMethods) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
for (i = 0; i < dwNumLeadingBundles; i++) {
pSecurityMethod = pSecurityMethods + i;
ConvertBundleFlagToBundle(pbLeadingBundleFlags[i],
&pIpsecISAKMPData->ISAKMPPolicy,
pSecurityMethod);
}
for (i = 0; i < dwNumISAKMPSecurityMethods; i++) {
pSecurityMethod = pSecurityMethods + (i + dwNumLeadingBundles);
memcpy(pSecurityMethod, pMem, sizeof(CRYPTO_BUNDLE));
if (pSecurityMethod->PseudoRandomFunction.Rounds) {
ConvertBundleFlagToBundle((BYTE)pSecurityMethod->PseudoRandomFunction.Rounds,
&pIpsecISAKMPData->ISAKMPPolicy,
pSecurityMethod);
pSecurityMethod->PseudoRandomFunction.Rounds = 0;
}
pMem += sizeof(CRYPTO_BUNDLE);
}
pIpsecISAKMPData->dwNumISAKMPSecurityMethods = dwNumISAKMPSecurityMethods + dwNumLeadingBundles;
pIpsecISAKMPData->pSecurityMethods = pSecurityMethods;
(VOID) SetPolstoreFlag(
pMem,
pIpsecISAKMPObject->pIpsecData,
pIpsecISAKMPObject->dwIpsecDataLen,
ERROR_SUCCESS,
&dwFlags
);
//
// Convert the ipsecID to its GUID format
//
wGUIDFromString(pIpsecISAKMPObject->pszIpsecID,
&pIpsecISAKMPData->ISAKMPIdentifier
);
pIpsecISAKMPData->dwWhenChanged = pIpsecISAKMPObject->dwWhenChanged;
pIpsecISAKMPData->dwFlags = dwFlags;
*ppIpsecISAKMPData = pIpsecISAKMPData;
return(0);
error:
if (pIpsecISAKMPData) {
FreeIpsecISAKMPData(pIpsecISAKMPData);
}
*ppIpsecISAKMPData = NULL;
return(dwError);
}
DWORD
FindIpsecFilterObject(
PIPSEC_NFA_OBJECT pIpsecNFAObject,
PIPSEC_FILTER_OBJECT * ppIpsecFilterObjects,
DWORD dwNumFilterObjects,
PIPSEC_FILTER_OBJECT * ppIpsecFilterObject
)
{
DWORD i = 0;
PIPSEC_FILTER_OBJECT pIpsecFilterObject = NULL;
for (i = 0; i < dwNumFilterObjects; i++) {
pIpsecFilterObject = *(ppIpsecFilterObjects + i);
if (!_wcsicmp(pIpsecFilterObject->pszDistinguishedName,
pIpsecNFAObject->pszIpsecFilterReference)) {
*ppIpsecFilterObject = pIpsecFilterObject;
return(0);
}
}
*ppIpsecFilterObject = NULL;
return(ERROR_NOT_FOUND);
}
DWORD
FindIpsecNegPolObject(
PIPSEC_NFA_OBJECT pIpsecNFAObject,
PIPSEC_NEGPOL_OBJECT * ppIpsecNegPolObjects,
DWORD dwNumNegPolObjects,
PIPSEC_NEGPOL_OBJECT * ppIpsecNegPolObject
)
{
DWORD i = 0;
PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject = NULL;
for (i = 0; i < dwNumNegPolObjects; i++) {
pIpsecNegPolObject = *(ppIpsecNegPolObjects + i);
if (!_wcsicmp(pIpsecNegPolObject->pszDistinguishedName,
pIpsecNFAObject->pszIpsecNegPolReference)) {
*ppIpsecNegPolObject = pIpsecNegPolObject;
return(0);
}
}
*ppIpsecNegPolObject = NULL;
return(ERROR_NOT_FOUND);
}
void
FreeIpsecFilterData(
PIPSEC_FILTER_DATA pIpsecFilterData
)
{
DWORD dwNumFilterSpecs = 0;
PIPSEC_FILTER_SPEC * ppIpsecFilterSpecs = NULL;
DWORD i = 0;
PIPSEC_FILTER_SPEC pIpsecFilterSpec = NULL;
dwNumFilterSpecs = pIpsecFilterData->dwNumFilterSpecs;
ppIpsecFilterSpecs = pIpsecFilterData->ppFilterSpecs;
for (i = 0; i < dwNumFilterSpecs; i++) {
pIpsecFilterSpec = *(ppIpsecFilterSpecs + i);
if (pIpsecFilterSpec) {
if (pIpsecFilterSpec->pszSrcDNSName){
FreePolStr(pIpsecFilterSpec->pszSrcDNSName);
}
if (pIpsecFilterSpec->pszDestDNSName){
FreePolStr(pIpsecFilterSpec->pszDestDNSName);
}
if (pIpsecFilterSpec->pszDescription){
FreePolStr(pIpsecFilterSpec->pszDescription);
}
FreePolMem(pIpsecFilterSpec);
}
}
FreePolMem(ppIpsecFilterSpecs);
if (pIpsecFilterData->pszIpsecName) {
FreePolStr(pIpsecFilterData->pszIpsecName);
}
if (pIpsecFilterData->pszDescription) {
FreePolStr(pIpsecFilterData->pszDescription);
}
FreePolMem(pIpsecFilterData);
return;
}
void
FreeIpsecISAKMPData(
PIPSEC_ISAKMP_DATA pIpsecISAKMPData
)
{
if (pIpsecISAKMPData->pSecurityMethods) {
FreePolMem(pIpsecISAKMPData->pSecurityMethods);
}
FreePolMem(pIpsecISAKMPData);
return;
}
void
FreeIpsecNegPolData(
PIPSEC_NEGPOL_DATA pIpsecNegPolData
)
{
if (pIpsecNegPolData->pIpsecSecurityMethods){
FreePolMem(pIpsecNegPolData->pIpsecSecurityMethods);
}
if (pIpsecNegPolData->pszIpsecName) {
FreePolStr(pIpsecNegPolData->pszIpsecName);
}
if (pIpsecNegPolData->pszDescription) {
FreePolStr(pIpsecNegPolData->pszDescription);
}
FreePolMem(pIpsecNegPolData);
return;
}
void
FreeIpsecNFAData(
PIPSEC_NFA_DATA pIpsecNFAData
)
{
DWORD dwNumAuthMethods = 0;
PIPSEC_AUTH_METHOD * ppIpsecAuthMethods = NULL;
DWORD i = 0;
PIPSEC_AUTH_METHOD pIpsecAuthMethod = NULL;
ppIpsecAuthMethods = pIpsecNFAData->ppAuthMethods;
dwNumAuthMethods = pIpsecNFAData->dwAuthMethodCount;
for (i = 0; i < dwNumAuthMethods; i++) {
pIpsecAuthMethod = *(ppIpsecAuthMethods + i);
if (pIpsecAuthMethod) {
if (pIpsecAuthMethod->pszAuthMethod) {
FreePolStr(pIpsecAuthMethod->pszAuthMethod);
}
if (pIpsecAuthMethod->pAltAuthMethod) {
FreePolMem(pIpsecAuthMethod->pAltAuthMethod);
}
FreePolMem(pIpsecAuthMethod);
}
}
if (pIpsecNFAData->ppAuthMethods) {
FreePolMem(pIpsecNFAData->ppAuthMethods);
}
if (pIpsecNFAData->pszInterfaceName) {
FreePolStr(pIpsecNFAData->pszInterfaceName);
}
if (pIpsecNFAData->pszEndPointName) {
FreePolStr(pIpsecNFAData->pszEndPointName);
}
if (pIpsecNFAData->pIpsecFilterData) {
FreeIpsecFilterData(pIpsecNFAData->pIpsecFilterData);
}
if (pIpsecNFAData->pIpsecNegPolData) {
FreeIpsecNegPolData(pIpsecNFAData->pIpsecNegPolData);
}
if (pIpsecNFAData->pszIpsecName) {
FreePolStr(pIpsecNFAData->pszIpsecName);
}
if (pIpsecNFAData->pszDescription) {
FreePolStr(pIpsecNFAData->pszDescription);
}
FreePolMem(pIpsecNFAData);
}
void
FreeIpsecPolicyData(
PIPSEC_POLICY_DATA pIpsecPolicyData
)
{
DWORD i = 0;
DWORD dwNumNFACount = 0;
PIPSEC_NFA_DATA * ppIpsecNFAData = NULL;
PIPSEC_NFA_DATA pIpsecNFAData = NULL;
PIPSEC_ISAKMP_DATA pIpsecISAKMPData = NULL;
dwNumNFACount = pIpsecPolicyData->dwNumNFACount;
ppIpsecNFAData = pIpsecPolicyData->ppIpsecNFAData;
pIpsecISAKMPData = pIpsecPolicyData->pIpsecISAKMPData;
if (pIpsecISAKMPData) {
FreeIpsecISAKMPData(
pIpsecISAKMPData
);
}
for (i = 0; i < dwNumNFACount; i++) {
pIpsecNFAData = *(ppIpsecNFAData + i);
if (pIpsecNFAData) {
FreeIpsecNFAData(
pIpsecNFAData
);
}
}
if (pIpsecPolicyData->ppIpsecNFAData) {
FreePolMem(pIpsecPolicyData->ppIpsecNFAData);
}
if (pIpsecPolicyData->pszIpsecName) {
FreePolStr(pIpsecPolicyData->pszIpsecName);
}
if (pIpsecPolicyData->pszDescription) {
FreePolStr(pIpsecPolicyData->pszDescription);
}
if (pIpsecPolicyData->pRsopInfo) {
FreeRsopInfo(
pIpsecPolicyData->pRsopInfo
);
}
if (pIpsecPolicyData) {
FreePolMem(pIpsecPolicyData);
}
}
DWORD
CopyIpsecPolicyData(
PIPSEC_POLICY_DATA pIpsecPolicyData,
PIPSEC_POLICY_DATA * ppIpsecPolicyData
)
{
DWORD dwError = 0;
PIPSEC_POLICY_DATA pNewIpsecPolicyData = NULL;
DWORD dwNumberofRules = 0;
PIPSEC_NFA_DATA * ppIpsecNFAData = NULL;
PIPSEC_NFA_DATA pIpsecNFAData = NULL;
PIPSEC_NFA_DATA pNewIpsecNFAData = NULL;
PIPSEC_NFA_DATA * ppNewIpsecNFAData = NULL;
DWORD i = 0;
*ppIpsecPolicyData = NULL;
pNewIpsecPolicyData = (PIPSEC_POLICY_DATA) AllocPolMem(
sizeof(IPSEC_POLICY_DATA)
);
if (!pNewIpsecPolicyData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
dwNumberofRules = pIpsecPolicyData->dwNumNFACount;
ppIpsecNFAData = pIpsecPolicyData->ppIpsecNFAData;
if (dwNumberofRules) {
ppNewIpsecNFAData = (PIPSEC_NFA_DATA *) AllocPolMem(
sizeof(PIPSEC_NFA_DATA)*
dwNumberofRules
);
if (!ppNewIpsecNFAData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
for (i = 0; i < dwNumberofRules; i++) {
pIpsecNFAData = *(ppIpsecNFAData + i);
dwError = CopyIpsecNFAData(
pIpsecNFAData,
&pNewIpsecNFAData
);
if (dwError) {
pNewIpsecPolicyData->ppIpsecNFAData = ppNewIpsecNFAData;
pNewIpsecPolicyData->dwNumNFACount = i;
BAIL_ON_WIN32_ERROR(dwError);
}
*(ppNewIpsecNFAData + i) = pNewIpsecNFAData;
}
pNewIpsecPolicyData->ppIpsecNFAData = ppNewIpsecNFAData;
pNewIpsecPolicyData->dwNumNFACount = dwNumberofRules;
if (pIpsecPolicyData->pIpsecISAKMPData) {
dwError = CopyIpsecISAKMPData(
pIpsecPolicyData->pIpsecISAKMPData,
&pNewIpsecPolicyData->pIpsecISAKMPData
);
BAIL_ON_WIN32_ERROR(dwError);
}
pNewIpsecPolicyData->dwPollingInterval = pIpsecPolicyData->dwPollingInterval;
pNewIpsecPolicyData->dwWhenChanged = pIpsecPolicyData->dwWhenChanged;
pNewIpsecPolicyData->dwFlags = pIpsecPolicyData->dwFlags;
memcpy(
&(pNewIpsecPolicyData->PolicyIdentifier),
&(pIpsecPolicyData->PolicyIdentifier),
sizeof(GUID)
);
memcpy(
&(pNewIpsecPolicyData->ISAKMPIdentifier),
&(pIpsecPolicyData->ISAKMPIdentifier),
sizeof(GUID)
);
if (pIpsecPolicyData->pszIpsecName &&
*pIpsecPolicyData->pszIpsecName) {
pNewIpsecPolicyData->pszIpsecName = AllocPolStr(
pIpsecPolicyData->pszIpsecName
);
if (!pNewIpsecPolicyData->pszIpsecName) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
if (pIpsecPolicyData->pszDescription &&
*pIpsecPolicyData->pszDescription) {
pNewIpsecPolicyData->pszDescription = AllocPolStr(
pIpsecPolicyData->pszDescription
);
if (!pNewIpsecPolicyData->pszDescription) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
if (pIpsecPolicyData->pRsopInfo) {
pNewIpsecPolicyData->pRsopInfo = (PRSOP_INFO)AllocPolMem(
sizeof(RSOP_INFO)
);
if (!pNewIpsecPolicyData->pRsopInfo) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
dwError = DeepCpyRsopInfo(
pNewIpsecPolicyData->pRsopInfo,
pIpsecPolicyData->pRsopInfo
);
BAIL_ON_WIN32_ERROR(dwError);
}
*ppIpsecPolicyData = pNewIpsecPolicyData;
return (dwError);
error:
if (pNewIpsecPolicyData) {
FreeIpsecPolicyData(pNewIpsecPolicyData);
}
*ppIpsecPolicyData = NULL;
return (dwError);
}
DWORD
CopyIpsecNFAData(
PIPSEC_NFA_DATA pIpsecNFAData,
PIPSEC_NFA_DATA * ppIpsecNFAData
)
{
PIPSEC_NFA_DATA pNewIpsecNFAData = NULL;
DWORD dwError = 0;
DWORD i = 0;
DWORD dwAuthMethodCount = 0;
PIPSEC_AUTH_METHOD * ppAuthMethods = NULL;
PIPSEC_AUTH_METHOD * ppNewAuthMethods = NULL;
PIPSEC_AUTH_METHOD pAuthMethod = NULL;
PIPSEC_AUTH_METHOD pNewAuthMethod = NULL;
pNewIpsecNFAData = (PIPSEC_NFA_DATA) AllocPolMem(
sizeof(IPSEC_NFA_DATA)
);
if (!pNewIpsecNFAData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
dwAuthMethodCount = pIpsecNFAData->dwAuthMethodCount;
ppAuthMethods = pIpsecNFAData->ppAuthMethods;
if (dwAuthMethodCount) {
ppNewAuthMethods = (PIPSEC_AUTH_METHOD *) AllocPolMem(
sizeof(PIPSEC_AUTH_METHOD)*
dwAuthMethodCount
);
if (!ppNewAuthMethods) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
for (i = 0; i < dwAuthMethodCount; i++) {
pAuthMethod = *(ppAuthMethods + i);
dwError = CopyIpsecAuthMethod(
pAuthMethod,
&pNewAuthMethod
);
if (dwError) {
pNewIpsecNFAData->ppAuthMethods = ppNewAuthMethods;
pNewIpsecNFAData->dwAuthMethodCount = i;
BAIL_ON_WIN32_ERROR(dwError);
}
*(ppNewAuthMethods + i) = pNewAuthMethod;
}
pNewIpsecNFAData->ppAuthMethods = ppNewAuthMethods;
pNewIpsecNFAData->dwAuthMethodCount = dwAuthMethodCount;
if (pIpsecNFAData->pszIpsecName && *pIpsecNFAData->pszIpsecName) {
pNewIpsecNFAData->pszIpsecName = AllocPolStr(
pIpsecNFAData->pszIpsecName
);
if (!(pNewIpsecNFAData->pszIpsecName)) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
if (pIpsecNFAData->pszDescription && *pIpsecNFAData->pszDescription) {
pNewIpsecNFAData->pszDescription = AllocPolStr(
pIpsecNFAData->pszDescription
);
if (!(pNewIpsecNFAData->pszDescription)) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
memcpy(
&(pNewIpsecNFAData->NFAIdentifier),
&(pIpsecNFAData->NFAIdentifier),
sizeof(GUID)
);
memcpy(
&(pNewIpsecNFAData->FilterIdentifier),
&(pIpsecNFAData->FilterIdentifier),
sizeof(GUID)
);
memcpy(
&(pNewIpsecNFAData->NegPolIdentifier),
&(pIpsecNFAData->NegPolIdentifier),
sizeof(GUID)
);
pNewIpsecNFAData->dwInterfaceType = pIpsecNFAData->dwInterfaceType;
if (pIpsecNFAData->pszInterfaceName && *pIpsecNFAData->pszInterfaceName) {
pNewIpsecNFAData->pszInterfaceName = AllocPolStr(
pIpsecNFAData->pszInterfaceName
);
if (!(pNewIpsecNFAData->pszInterfaceName)) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
pNewIpsecNFAData->dwTunnelIpAddr = pIpsecNFAData->dwTunnelIpAddr;
pNewIpsecNFAData->dwTunnelFlags = pIpsecNFAData->dwTunnelFlags;
pNewIpsecNFAData->dwActiveFlag = pIpsecNFAData->dwActiveFlag;
if (pIpsecNFAData->pszEndPointName && *pIpsecNFAData->pszEndPointName) {
pNewIpsecNFAData->pszEndPointName = AllocPolStr(
pIpsecNFAData->pszEndPointName
);
if (!(pNewIpsecNFAData->pszEndPointName)) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
if (pIpsecNFAData->pIpsecFilterData) {
dwError = CopyIpsecFilterData(
pIpsecNFAData->pIpsecFilterData,
&pNewIpsecNFAData->pIpsecFilterData
);
BAIL_ON_WIN32_ERROR(dwError);
}
if (pIpsecNFAData->pIpsecNegPolData) {
dwError = CopyIpsecNegPolData(
pIpsecNFAData->pIpsecNegPolData,
&pNewIpsecNFAData->pIpsecNegPolData
);
BAIL_ON_WIN32_ERROR(dwError);
}
pNewIpsecNFAData->dwWhenChanged = pIpsecNFAData->dwWhenChanged;
pNewIpsecNFAData->dwFlags = pIpsecNFAData->dwFlags;
*ppIpsecNFAData = pNewIpsecNFAData;
return(ERROR_SUCCESS);
error:
if (pNewIpsecNFAData) {
FreeIpsecNFAData(pNewIpsecNFAData);
}
*ppIpsecNFAData = NULL;
return (dwError);
}
DWORD
CopyIpsecAuthMethod(
PIPSEC_AUTH_METHOD pAuthMethod,
PIPSEC_AUTH_METHOD * ppAuthMethod
)
{
DWORD dwError = 0;
PIPSEC_AUTH_METHOD pNewAuthMethod = NULL;
pNewAuthMethod = (PIPSEC_AUTH_METHOD) AllocPolMem(
sizeof(IPSEC_AUTH_METHOD)
);
if (!pNewAuthMethod) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
pNewAuthMethod->dwAuthType = pAuthMethod->dwAuthType;
pNewAuthMethod->dwAuthLen = pAuthMethod->dwAuthLen;
if (pAuthMethod->pszAuthMethod) {
pNewAuthMethod->pszAuthMethod = AllocPolStr(
pAuthMethod->pszAuthMethod
);
if (!(pNewAuthMethod->pszAuthMethod)) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
pNewAuthMethod->dwAltAuthLen = 0;
pNewAuthMethod->pAltAuthMethod = NULL;
if (pAuthMethod->dwAltAuthLen && pAuthMethod->pAltAuthMethod) {
pNewAuthMethod->pAltAuthMethod = AllocPolMem(
pAuthMethod->dwAltAuthLen
);
if (!(pNewAuthMethod->pAltAuthMethod)) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
memcpy(
pNewAuthMethod->pAltAuthMethod,
pAuthMethod->pAltAuthMethod,
pAuthMethod->dwAltAuthLen
);
pNewAuthMethod->dwAltAuthLen = pAuthMethod->dwAltAuthLen;
}
pNewAuthMethod->dwAuthFlags = pAuthMethod->dwAuthFlags;
*ppAuthMethod = pNewAuthMethod;
return (ERROR_SUCCESS);
error:
if (pNewAuthMethod) {
if (pNewAuthMethod->pszAuthMethod) {
FreePolStr(pNewAuthMethod->pszAuthMethod);
}
if (pNewAuthMethod->pAltAuthMethod) {
FreePolMem(pNewAuthMethod->pAltAuthMethod);
}
FreePolMem(pNewAuthMethod);
}
*ppAuthMethod = NULL;
return (dwError);
}
DWORD
CopyIpsecISAKMPData(
PIPSEC_ISAKMP_DATA pIpsecISAKMPData,
PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData
)
{
DWORD dwError = 0;
PIPSEC_ISAKMP_DATA pNewIpsecISAKMPData = NULL;
DWORD dwNumISAKMPSecurityMethods = 0;
pNewIpsecISAKMPData = (PIPSEC_ISAKMP_DATA) AllocPolMem(
sizeof(IPSEC_ISAKMP_DATA)
);
if (!pNewIpsecISAKMPData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
memcpy(
&(pNewIpsecISAKMPData->ISAKMPIdentifier),
&(pIpsecISAKMPData->ISAKMPIdentifier),
sizeof(GUID)
);
memcpy(
&(pNewIpsecISAKMPData->ISAKMPPolicy),
&(pIpsecISAKMPData->ISAKMPPolicy),
sizeof(ISAKMP_POLICY)
);
dwNumISAKMPSecurityMethods =
pIpsecISAKMPData->dwNumISAKMPSecurityMethods;
pNewIpsecISAKMPData->dwWhenChanged =
pIpsecISAKMPData->dwWhenChanged;
pNewIpsecISAKMPData->dwFlags =
pIpsecISAKMPData->dwFlags;
if (pIpsecISAKMPData->pSecurityMethods) {
pNewIpsecISAKMPData->pSecurityMethods = (PCRYPTO_BUNDLE) AllocPolMem(
sizeof(CRYPTO_BUNDLE) *
dwNumISAKMPSecurityMethods
);
if (!(pNewIpsecISAKMPData->pSecurityMethods)) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
memcpy(
pNewIpsecISAKMPData->pSecurityMethods,
pIpsecISAKMPData->pSecurityMethods,
sizeof(CRYPTO_BUNDLE)*dwNumISAKMPSecurityMethods
);
pNewIpsecISAKMPData->dwNumISAKMPSecurityMethods =
pIpsecISAKMPData->dwNumISAKMPSecurityMethods;
}
else {
pNewIpsecISAKMPData->pSecurityMethods = NULL;
pNewIpsecISAKMPData->dwNumISAKMPSecurityMethods = 0;
}
*ppIpsecISAKMPData = pNewIpsecISAKMPData;
return(ERROR_SUCCESS);
error:
*ppIpsecISAKMPData = NULL;
return (dwError);
}
DWORD
CopyIpsecFilterData(
PIPSEC_FILTER_DATA pIpsecFilterData,
PIPSEC_FILTER_DATA * ppIpsecFilterData
)
{
DWORD dwError = 0;
DWORD i = 0;
PIPSEC_FILTER_DATA pNewIpsecFilterData = NULL;
DWORD dwNumFilterSpecs = 0;
PIPSEC_FILTER_SPEC * ppFilterSpecs = NULL;
PIPSEC_FILTER_SPEC * ppNewFilterSpecs = NULL;
PIPSEC_FILTER_SPEC pFilterSpecs = NULL;
PIPSEC_FILTER_SPEC pNewFilterSpecs = NULL;
pNewIpsecFilterData = (PIPSEC_FILTER_DATA) AllocPolMem(
sizeof(IPSEC_FILTER_DATA)
);
if (!pNewIpsecFilterData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
dwNumFilterSpecs = pIpsecFilterData->dwNumFilterSpecs;
ppFilterSpecs = pIpsecFilterData->ppFilterSpecs;
if (dwNumFilterSpecs) {
ppNewFilterSpecs = (PIPSEC_FILTER_SPEC *) AllocPolMem(
sizeof(PIPSEC_FILTER_SPEC)*
dwNumFilterSpecs
);
if (!ppNewFilterSpecs) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
for (i = 0; i < dwNumFilterSpecs; i++) {
pFilterSpecs = *(ppFilterSpecs + i);
dwError = CopyIpsecFilterSpec(
pFilterSpecs,
&pNewFilterSpecs
);
if (dwError) {
pNewIpsecFilterData->ppFilterSpecs = ppNewFilterSpecs;
pNewIpsecFilterData->dwNumFilterSpecs = i;
BAIL_ON_WIN32_ERROR(dwError);
}
*(ppNewFilterSpecs + i) = pNewFilterSpecs;
}
pNewIpsecFilterData->ppFilterSpecs = ppNewFilterSpecs;
pNewIpsecFilterData->dwNumFilterSpecs = dwNumFilterSpecs;
if (pIpsecFilterData->pszIpsecName && *pIpsecFilterData->pszIpsecName) {
pNewIpsecFilterData->pszIpsecName = AllocPolStr(
pIpsecFilterData->pszIpsecName
);
if (!(pNewIpsecFilterData->pszIpsecName)) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
if (pIpsecFilterData->pszDescription && *pIpsecFilterData->pszDescription) {
pNewIpsecFilterData->pszDescription = AllocPolStr(
pIpsecFilterData->pszDescription
);
if (!(pNewIpsecFilterData->pszDescription)) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
memcpy(
&(pNewIpsecFilterData->FilterIdentifier),
&(pIpsecFilterData->FilterIdentifier),
sizeof(GUID)
);
pNewIpsecFilterData->dwWhenChanged = pIpsecFilterData->dwWhenChanged;
pNewIpsecFilterData->dwFlags = pIpsecFilterData->dwFlags;
*ppIpsecFilterData = pNewIpsecFilterData;
return(ERROR_SUCCESS);
error:
if (pNewIpsecFilterData) {
FreeIpsecFilterData(pNewIpsecFilterData);
}
*ppIpsecFilterData = NULL;
return (dwError);
}
DWORD
CopyIpsecFilterSpec(
PIPSEC_FILTER_SPEC pFilterSpecs,
PIPSEC_FILTER_SPEC * ppFilterSpecs
)
{
DWORD dwError = 0;
PIPSEC_FILTER_SPEC pNewFilterSpecs = NULL;
pNewFilterSpecs = (PIPSEC_FILTER_SPEC) AllocPolMem(
sizeof(IPSEC_FILTER_SPEC)
);
if (!pNewFilterSpecs) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
if (pFilterSpecs->pszSrcDNSName) {
pNewFilterSpecs->pszSrcDNSName = AllocPolStr(
pFilterSpecs->pszSrcDNSName
);
if (!(pNewFilterSpecs->pszSrcDNSName)) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
if (pFilterSpecs->pszDestDNSName) {
pNewFilterSpecs->pszDestDNSName = AllocPolStr(
pFilterSpecs->pszDestDNSName
);
if (!(pNewFilterSpecs->pszDestDNSName)) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
if (pFilterSpecs->pszDescription) {
pNewFilterSpecs->pszDescription = AllocPolStr(
pFilterSpecs->pszDescription
);
if (!(pNewFilterSpecs->pszDescription)) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
memcpy(
&(pNewFilterSpecs->FilterSpecGUID),
&(pFilterSpecs->FilterSpecGUID),
sizeof(GUID)
);
pNewFilterSpecs->dwMirrorFlag = pFilterSpecs->dwMirrorFlag;
memcpy(
&(pNewFilterSpecs->Filter),
&(pFilterSpecs->Filter),
sizeof(IPSEC_FILTER)
);
*ppFilterSpecs = pNewFilterSpecs;
return(ERROR_SUCCESS);
error:
if (pNewFilterSpecs) {
if (pNewFilterSpecs->pszSrcDNSName){
FreePolStr(pNewFilterSpecs->pszSrcDNSName);
}
if (pNewFilterSpecs->pszDestDNSName){
FreePolStr(pNewFilterSpecs->pszDestDNSName);
}
if (pNewFilterSpecs->pszDescription){
FreePolStr(pNewFilterSpecs->pszDescription);
}
FreePolMem(pNewFilterSpecs);
}
*ppFilterSpecs = NULL;
return (dwError);
}
DWORD
CopyIpsecNegPolData(
PIPSEC_NEGPOL_DATA pIpsecNegPolData,
PIPSEC_NEGPOL_DATA * ppIpsecNegPolData
)
{
DWORD dwNumSecurityOffers = 0;
PIPSEC_NEGPOL_DATA pNewIpsecNegPolData = NULL;
DWORD dwError = 0;
pNewIpsecNegPolData = (PIPSEC_NEGPOL_DATA) AllocPolMem(
sizeof(IPSEC_NEGPOL_DATA)
);
if (!pNewIpsecNegPolData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
dwNumSecurityOffers = pIpsecNegPolData->dwSecurityMethodCount;
if (dwNumSecurityOffers) {
pNewIpsecNegPolData->pIpsecSecurityMethods = (PIPSEC_SECURITY_METHOD) AllocPolMem(
sizeof(IPSEC_SECURITY_METHOD)*dwNumSecurityOffers
);
if (!(pNewIpsecNegPolData->pIpsecSecurityMethods)) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
memcpy(
(pNewIpsecNegPolData->pIpsecSecurityMethods),
(pIpsecNegPolData->pIpsecSecurityMethods),
sizeof(IPSEC_SECURITY_METHOD)*dwNumSecurityOffers
);
pNewIpsecNegPolData->dwSecurityMethodCount = dwNumSecurityOffers;
}
else {
pNewIpsecNegPolData->dwSecurityMethodCount = 0;
pNewIpsecNegPolData->pIpsecSecurityMethods = NULL;
}
if (pIpsecNegPolData->pszIpsecName && *pIpsecNegPolData->pszIpsecName) {
pNewIpsecNegPolData->pszIpsecName = AllocPolStr(
pIpsecNegPolData->pszIpsecName
);
if (!(pNewIpsecNegPolData->pszIpsecName)) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
if (pIpsecNegPolData->pszDescription && *pIpsecNegPolData->pszDescription) {
pNewIpsecNegPolData->pszDescription = AllocPolStr(
pIpsecNegPolData->pszDescription
);
if (!(pNewIpsecNegPolData->pszDescription)) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
//
// Convert the ipsecID to its GUID format
//
memcpy(
&(pNewIpsecNegPolData->NegPolIdentifier),
&(pIpsecNegPolData->NegPolIdentifier),
sizeof(GUID)
);
memcpy(
&(pNewIpsecNegPolData->NegPolAction),
&(pIpsecNegPolData->NegPolAction),
sizeof(GUID)
);
memcpy(
&(pNewIpsecNegPolData->NegPolType),
&(pIpsecNegPolData->NegPolType),
sizeof(GUID)
);
pNewIpsecNegPolData->dwWhenChanged = pIpsecNegPolData->dwWhenChanged;
pNewIpsecNegPolData->dwFlags = pIpsecNegPolData->dwFlags;
*ppIpsecNegPolData = pNewIpsecNegPolData;
return (0);
error:
if (pNewIpsecNegPolData) {
FreeIpsecNegPolData(pNewIpsecNegPolData);
}
*ppIpsecNegPolData = NULL;
return(dwError);
}
DWORD
UnmarshallFilterSpec(
LPBYTE pMem,
PIPSEC_FILTER_SPEC * ppIpsecFilterSpec,
PDWORD pdwNumBytesAdvanced
)
{
DWORD dwSrcDNSNameLen = 0;
LPWSTR pszSrcDNSName = NULL;
DWORD dwDestDNSNameLen = 0;
LPWSTR pszDestDNSName = NULL;
DWORD dwDescriptionLen = 0;
LPWSTR pszDescription = NULL;
GUID FilterSpecGUID;
DWORD dwMirrorFlag = 0;
IPSEC_FILTER ipsecFilter;
PIPSEC_FILTER_SPEC pIpsecFilterSpec = NULL;
DWORD dwNumBytesAdvanced = 0;
DWORD dwError = 0;
*ppIpsecFilterSpec = NULL;
*pdwNumBytesAdvanced = 0;
memcpy((LPBYTE)&dwSrcDNSNameLen, pMem, sizeof(DWORD));
pMem += sizeof(DWORD);
dwNumBytesAdvanced += sizeof(DWORD);
if (dwSrcDNSNameLen) {
pszSrcDNSName = AllocPolStr((LPWSTR)pMem);
if (!pszSrcDNSName) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
pMem += dwSrcDNSNameLen;
dwNumBytesAdvanced += dwSrcDNSNameLen;
memcpy((LPBYTE)&dwDestDNSNameLen, pMem, sizeof(DWORD));
pMem += sizeof(DWORD);
dwNumBytesAdvanced += sizeof(DWORD);
if (dwDestDNSNameLen) {
pszDestDNSName = AllocPolStr((LPWSTR)pMem);
if (!pszDestDNSName) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
pMem += dwDestDNSNameLen;
dwNumBytesAdvanced += dwDestDNSNameLen;
memcpy((LPBYTE)&dwDescriptionLen, pMem, sizeof(DWORD));
pMem += sizeof(DWORD);
dwNumBytesAdvanced += sizeof(DWORD);
if (dwDescriptionLen) {
pszDescription = AllocPolStr((LPWSTR)pMem);
if (!pszDescription) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
pMem += dwDescriptionLen;
dwNumBytesAdvanced += dwDescriptionLen;
memcpy((LPBYTE)&FilterSpecGUID, pMem, sizeof(GUID));
pMem += sizeof(GUID);
dwNumBytesAdvanced += sizeof(GUID);
memcpy((LPBYTE)&dwMirrorFlag, pMem, sizeof(DWORD));
pMem += sizeof(DWORD);
dwNumBytesAdvanced += sizeof(DWORD);
memcpy((LPBYTE)&ipsecFilter, pMem, sizeof(IPSEC_FILTER));
pIpsecFilterSpec = (PIPSEC_FILTER_SPEC)AllocPolMem(
sizeof(IPSEC_FILTER_SPEC)
);
if (!pIpsecFilterSpec) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
pMem += sizeof(IPSEC_FILTER);
dwNumBytesAdvanced += sizeof(IPSEC_FILTER);
pIpsecFilterSpec->pszSrcDNSName = pszSrcDNSName;
pIpsecFilterSpec->pszDestDNSName = pszDestDNSName;
pIpsecFilterSpec->pszDescription = pszDescription;
pIpsecFilterSpec->dwMirrorFlag = dwMirrorFlag;
memcpy((LPBYTE)&pIpsecFilterSpec->FilterSpecGUID, &FilterSpecGUID, sizeof(GUID));
memcpy((LPBYTE)&pIpsecFilterSpec->Filter, &ipsecFilter, sizeof(IPSEC_FILTER));
*ppIpsecFilterSpec = pIpsecFilterSpec;
*pdwNumBytesAdvanced = dwNumBytesAdvanced;
return(dwError);
error:
if (pszSrcDNSName) {
FreePolStr(pszSrcDNSName);
}
if (pszDestDNSName) {
FreePolStr(pszDestDNSName);
}
if (pszDescription) {
FreePolStr(pszDescription);
}
*ppIpsecFilterSpec = NULL;
*pdwNumBytesAdvanced = 0;
return(dwError);
}
DWORD
UnmarshallAuthMethods(
LPBYTE pMem,
PIPSEC_AUTH_METHOD * ppIpsecAuthMethod,
PDWORD pdwNumBytesAdvanced
)
{
DWORD dwError = 0;
DWORD dwAuthType = 0;
DWORD dwAuthLen = 0;
LPWSTR pszAuthMethod = NULL;
PIPSEC_AUTH_METHOD pIpsecAuthMethod = NULL;
DWORD dwNumBytesAdvanced = 0;
pIpsecAuthMethod = (PIPSEC_AUTH_METHOD)AllocPolMem(
sizeof(IPSEC_AUTH_METHOD)
);
if (!pIpsecAuthMethod) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
memcpy((LPBYTE)&dwAuthType, pMem, sizeof(DWORD));
pMem += sizeof(DWORD);
dwNumBytesAdvanced += sizeof(DWORD);
memcpy((LPBYTE)&dwAuthLen, pMem, sizeof(DWORD));
pMem += sizeof(DWORD);
dwNumBytesAdvanced += sizeof(DWORD);
if (dwAuthLen) {
pszAuthMethod = AllocPolStr((LPWSTR)pMem);
if (!pszAuthMethod) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
pMem += dwAuthLen;
dwNumBytesAdvanced += dwAuthLen;
//
// Unmarshall parameters.
//
pIpsecAuthMethod->dwAuthType = dwAuthType;
pIpsecAuthMethod->dwAuthLen = (dwAuthLen - 2)/2;
pIpsecAuthMethod->pszAuthMethod = pszAuthMethod;
pIpsecAuthMethod->dwAltAuthLen = 0;
pIpsecAuthMethod->pAltAuthMethod = NULL;
*ppIpsecAuthMethod = pIpsecAuthMethod;
*pdwNumBytesAdvanced = dwNumBytesAdvanced;
return (dwError);
error:
if (pszAuthMethod) {
FreePolStr(pszAuthMethod);
}
if (pIpsecAuthMethod) {
FreePolMem(pIpsecAuthMethod);
}
*ppIpsecAuthMethod = NULL;
*pdwNumBytesAdvanced = 0;
return (dwError);
}
DWORD
UnmarshallAltAuthMethods(
LPBYTE pMem,
PIPSEC_AUTH_METHOD pIpsecAuthMethod,
PDWORD pdwNumBytesAdvanced
)
{
DWORD dwError = 0;
DWORD dwAuthType = 0;
DWORD dwAuthLen = 0;
PBYTE pAltAuthMethod = NULL;
DWORD dwNumBytesAdvanced = 0;
memcpy((LPBYTE)&dwAuthType, pMem, sizeof(DWORD));
pMem += sizeof(DWORD);
dwNumBytesAdvanced += sizeof(DWORD);
memcpy((LPBYTE)&dwAuthLen, pMem, sizeof(DWORD));
pMem += sizeof(DWORD);
dwNumBytesAdvanced += sizeof(DWORD);
if (dwAuthLen) {
pAltAuthMethod = (PBYTE) AllocPolMem(dwAuthLen);
if (!pAltAuthMethod) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
memcpy(pAltAuthMethod, pMem, dwAuthLen);
}
pMem += dwAuthLen;
dwNumBytesAdvanced += dwAuthLen;
pIpsecAuthMethod->dwAltAuthLen = dwAuthLen;
pIpsecAuthMethod->pAltAuthMethod = pAltAuthMethod;
*pdwNumBytesAdvanced = dwNumBytesAdvanced;
return (dwError);
error:
if (pAltAuthMethod) {
FreePolMem(pAltAuthMethod);
}
pIpsecAuthMethod->dwAltAuthLen = 0;
pIpsecAuthMethod->pAltAuthMethod = NULL;
*pdwNumBytesAdvanced = 0;
return (dwError);
}
void
FreeRsopInfo(
PRSOP_INFO pRsopInfo
)
{
if (pRsopInfo) {
FreePolStr(pRsopInfo->pszCreationtime);
FreePolStr(pRsopInfo->pszID);
FreePolStr(pRsopInfo->pszName);
FreePolStr(pRsopInfo->pszGPOID);
FreePolStr(pRsopInfo->pszSOMID);
}
}
void
FreeMulIpsecFilterData(
PIPSEC_FILTER_DATA * ppIpsecFilterData,
DWORD dwNumFilterObjects
)
{
DWORD i = 0;
PIPSEC_FILTER_DATA pIpsecFilterData = NULL;
if (!ppIpsecFilterData) {
return;
}
for (i = 0; i < dwNumFilterObjects; i++) {
pIpsecFilterData = *(ppIpsecFilterData + i);
if (pIpsecFilterData) {
FreeIpsecFilterData(pIpsecFilterData);
}
}
FreePolMem(ppIpsecFilterData);
return;
}
void
FreeMulIpsecNegPolData(
PIPSEC_NEGPOL_DATA * ppIpsecNegPolData,
DWORD dwNumNegPolObjects
)
{
DWORD i = 0;
PIPSEC_NEGPOL_DATA pIpsecNegPolData = NULL;
if (!ppIpsecNegPolData) {
return;
}
for (i = 0; i < dwNumNegPolObjects; i++) {
pIpsecNegPolData = *(ppIpsecNegPolData + i);
if (pIpsecNegPolData) {
FreeIpsecNegPolData(pIpsecNegPolData);
}
}
FreePolMem(ppIpsecNegPolData);
return;
}
void
FreeMulIpsecPolicyData(
PIPSEC_POLICY_DATA * ppIpsecPolicyData,
DWORD dwNumPolicyObjects
)
{
DWORD i = 0;
PIPSEC_POLICY_DATA pIpsecPolicyData = NULL;
if (!ppIpsecPolicyData) {
return;
}
for (i = 0; i < dwNumPolicyObjects; i++) {
pIpsecPolicyData = *(ppIpsecPolicyData + i);
if (pIpsecPolicyData) {
FreeIpsecPolicyData(pIpsecPolicyData);
}
}
FreePolMem(ppIpsecPolicyData);
return;
}
void
FreeMulIpsecNFAData(
PIPSEC_NFA_DATA * ppIpsecNFAData,
DWORD dwNumNFAObjects
)
{
DWORD i = 0;
PIPSEC_NFA_DATA pIpsecNFAData = NULL;
if (!ppIpsecNFAData) {
return;
}
for (i = 0; i < dwNumNFAObjects; i++) {
pIpsecNFAData = *(ppIpsecNFAData + i);
if (pIpsecNFAData) {
FreeIpsecNFAData(pIpsecNFAData);
}
}
FreePolMem(ppIpsecNFAData);
return;
}
DWORD
GenGUIDFromRegFilterReference(
LPWSTR pszIpsecFilterReference,
GUID * FilterIdentifier
)
{
DWORD dwError = 0;
LPWSTR pszGuid = NULL;
if (pszIpsecFilterReference) {
pszGuid = wcschr(pszIpsecFilterReference, L'{');
if (!pszGuid) {
dwError = ERROR_INVALID_DATA;
return (dwError);
}
wGUIDFromString(pszGuid, FilterIdentifier);
}else {
memset(FilterIdentifier, 0, sizeof(GUID));
}
return(dwError);
}
DWORD
GenGUIDFromRegNegPolReference(
LPWSTR pszIpsecNegPolReference,
GUID * NegPolIdentifier
)
{
DWORD dwError = 0;
LPWSTR pszGuid = NULL;
if (pszIpsecNegPolReference) {
pszGuid = wcschr(pszIpsecNegPolReference, L'{');
if (!pszGuid) {
dwError = ERROR_INVALID_DATA;
return (dwError);
}
wGUIDFromString(pszGuid, NegPolIdentifier);
}else {
memset(NegPolIdentifier, 0, sizeof(GUID));
}
return(dwError);
}
DWORD
GenGUIDFromRegISAKMPReference(
LPWSTR pszIpsecISAKMPReference,
GUID * ISAKMPIdentifier
)
{
DWORD dwError = 0;
LPWSTR pszGuid = NULL;
if (pszIpsecISAKMPReference) {
pszGuid = wcschr(pszIpsecISAKMPReference, L'{');
if (!pszGuid) {
dwError = ERROR_INVALID_DATA;
return (dwError);
}
wGUIDFromString(pszGuid, ISAKMPIdentifier);
}else {
memset(ISAKMPIdentifier, 0, sizeof(GUID));
}
return(dwError);
}
void
FreeIpsecFilterSpecs(
PIPSEC_FILTER_SPEC * ppIpsecFilterSpecs,
DWORD dwNumFilterSpecs
)
{
DWORD i = 0;
PIPSEC_FILTER_SPEC pIpsecFilterSpec = NULL;
for (i = 0; i < dwNumFilterSpecs; i++) {
pIpsecFilterSpec = *(ppIpsecFilterSpecs + i);
if (pIpsecFilterSpec) {
FreeIpsecFilterSpec(pIpsecFilterSpec);
}
}
FreePolMem(ppIpsecFilterSpecs);
}
void
FreeIpsecFilterSpec(
PIPSEC_FILTER_SPEC pIpsecFilterSpec
)
{
if (pIpsecFilterSpec->pszSrcDNSName){
FreePolStr(pIpsecFilterSpec->pszSrcDNSName);
}
if (pIpsecFilterSpec->pszDestDNSName){
FreePolStr(pIpsecFilterSpec->pszDestDNSName);
}
if (pIpsecFilterSpec->pszDescription){
FreePolStr(pIpsecFilterSpec->pszDescription);
}
FreePolMem(pIpsecFilterSpec);
return;
}
void
FreeMulIpsecISAKMPData(
PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData,
DWORD dwNumISAKMPObjects
)
{
DWORD i = 0;
PIPSEC_ISAKMP_DATA pIpsecISAKMPData = NULL;
if (!ppIpsecISAKMPData) {
return;
}
for (i = 0; i < dwNumISAKMPObjects; i++) {
pIpsecISAKMPData = *(ppIpsecISAKMPData + i);
if (pIpsecISAKMPData) {
FreeIpsecISAKMPData(pIpsecISAKMPData);
}
}
FreePolMem(ppIpsecISAKMPData);
return;
}