You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2461 lines
60 KiB
2461 lines
60 KiB
#include "precomp.h"
|
|
|
|
|
|
LPWSTR gpszRegLocalContainer = L"SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local";
|
|
LPWSTR gpszRegPersistentContainer = L"SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Persistent";
|
|
LPWSTR gpszIpsecFileRootContainer = L"SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Save";
|
|
LPWSTR gpszIPsecDirContainer = L"SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\GPTIPSECPolicy";
|
|
LPWSTR gpActivePolicyKey = L"ActivePolicy";
|
|
LPWSTR gpDirectoryPolicyPointerKey = L"DSIPSECPolicyPath";
|
|
|
|
DWORD
|
|
IPSecEnumPolicyData(
|
|
HANDLE hPolicyStore,
|
|
PIPSEC_POLICY_DATA ** pppIpsecPolicyData,
|
|
PDWORD pdwNumPolicyObjects
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
IWbemServices *pWbemServices = NULL;
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegEnumPolicyData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pppIpsecPolicyData,
|
|
pdwNumPolicyObjects
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirEnumPolicyData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pppIpsecPolicyData,
|
|
pdwNumPolicyObjects
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = CreateIWbemServices(
|
|
pPolicyStore->pszLocationName,
|
|
&pWbemServices
|
|
);
|
|
|
|
if(dwError == ERROR_SUCCESS) {
|
|
dwError = WMIEnumPolicyDataEx(
|
|
pWbemServices,
|
|
pppIpsecPolicyData,
|
|
pdwNumPolicyObjects
|
|
);
|
|
|
|
IWbemServices_Release(pWbemServices);
|
|
}
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
|
|
}
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecSetPolicyData(
|
|
HANDLE hPolicyStore,
|
|
PIPSEC_POLICY_DATA pIpsecPolicyData
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
dwError = ValidatePolicyData(
|
|
hPolicyStore,
|
|
pIpsecPolicyData
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegSetPolicyData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pPolicyStore->pszLocationName,
|
|
pIpsecPolicyData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirSetPolicyData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pIpsecPolicyData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
error:
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecCreatePolicyData(
|
|
HANDLE hPolicyStore,
|
|
PIPSEC_POLICY_DATA pIpsecPolicyData
|
|
)
|
|
{
|
|
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
dwError = ValidatePolicyData(
|
|
hPolicyStore,
|
|
pIpsecPolicyData
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegCreatePolicyData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pIpsecPolicyData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirCreatePolicyData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pIpsecPolicyData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
error:
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecDeletePolicyData(
|
|
HANDLE hPolicyStore,
|
|
PIPSEC_POLICY_DATA pIpsecPolicyData
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
dwError = ValidatePolicyDataDeletion(
|
|
hPolicyStore,
|
|
pIpsecPolicyData
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegDeletePolicyData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pIpsecPolicyData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirDeletePolicyData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pIpsecPolicyData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
error:
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecEnumFilterData(
|
|
HANDLE hPolicyStore,
|
|
PIPSEC_FILTER_DATA ** pppIpsecFilterData,
|
|
PDWORD pdwNumFilterObjects
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
IWbemServices *pWbemServices = NULL;
|
|
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegEnumFilterData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pppIpsecFilterData,
|
|
pdwNumFilterObjects
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirEnumFilterData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
(pPolicyStore->pszIpsecRootContainer),
|
|
pppIpsecFilterData,
|
|
pdwNumFilterObjects
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = CreateIWbemServices(
|
|
pPolicyStore->pszLocationName,
|
|
&pWbemServices
|
|
);
|
|
|
|
if(dwError == ERROR_SUCCESS) {
|
|
dwError = WMIEnumFilterDataEx(
|
|
pWbemServices,
|
|
pppIpsecFilterData,
|
|
pdwNumFilterObjects
|
|
);
|
|
IWbemServices_Release(pWbemServices);
|
|
}
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecSetFilterData(
|
|
HANDLE hPolicyStore,
|
|
PIPSEC_FILTER_DATA pIpsecFilterData
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegSetFilterData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pPolicyStore->pszLocationName,
|
|
pIpsecFilterData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirSetFilterData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
(pPolicyStore->pszIpsecRootContainer),
|
|
pIpsecFilterData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecCreateFilterData(
|
|
HANDLE hPolicyStore,
|
|
PIPSEC_FILTER_DATA pIpsecFilterData
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegCreateFilterData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pIpsecFilterData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirCreateFilterData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
(pPolicyStore->pszIpsecRootContainer),
|
|
pIpsecFilterData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
}
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecDeleteFilterData(
|
|
HANDLE hPolicyStore,
|
|
GUID FilterIdentifier
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
dwError = ValidateFilterDataDeletion(
|
|
hPolicyStore,
|
|
FilterIdentifier
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegDeleteFilterData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
FilterIdentifier
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirDeleteFilterData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
(pPolicyStore->pszIpsecRootContainer),
|
|
FilterIdentifier
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
error:
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecEnumNegPolData(
|
|
HANDLE hPolicyStore,
|
|
PIPSEC_NEGPOL_DATA ** pppIpsecNegPolData,
|
|
PDWORD pdwNumNegPolObjects
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
IWbemServices *pWbemServices = NULL;
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegEnumNegPolData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pppIpsecNegPolData,
|
|
pdwNumNegPolObjects
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirEnumNegPolData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pppIpsecNegPolData,
|
|
pdwNumNegPolObjects
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = CreateIWbemServices(
|
|
pPolicyStore->pszLocationName,
|
|
&pWbemServices
|
|
);
|
|
|
|
if(dwError == ERROR_SUCCESS) {
|
|
dwError = WMIEnumNegPolDataEx(
|
|
pWbemServices,
|
|
pppIpsecNegPolData,
|
|
pdwNumNegPolObjects
|
|
);
|
|
IWbemServices_Release(pWbemServices);
|
|
}
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecSetNegPolData(
|
|
HANDLE hPolicyStore,
|
|
PIPSEC_NEGPOL_DATA pIpsecNegPolData
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
dwError = ValidateNegPolData(
|
|
pIpsecNegPolData
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegSetNegPolData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pPolicyStore->pszLocationName,
|
|
pIpsecNegPolData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirSetNegPolData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pIpsecNegPolData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
error:
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecCreateNegPolData(
|
|
HANDLE hPolicyStore,
|
|
PIPSEC_NEGPOL_DATA pIpsecNegPolData
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
dwError = ValidateNegPolData(
|
|
pIpsecNegPolData
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegCreateNegPolData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pIpsecNegPolData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirCreateNegPolData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pIpsecNegPolData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
error:
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecDeleteNegPolData(
|
|
HANDLE hPolicyStore,
|
|
GUID NegPolIdentifier
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
dwError = ValidateNegPolDataDeletion(
|
|
hPolicyStore,
|
|
NegPolIdentifier
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegDeleteNegPolData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
NegPolIdentifier
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirDeleteNegPolData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
NegPolIdentifier
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
error:
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecCreateNFAData(
|
|
HANDLE hPolicyStore,
|
|
GUID PolicyIdentifier,
|
|
PIPSEC_NFA_DATA pIpsecNFAData
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
dwError = ValidateNFAData(
|
|
hPolicyStore,
|
|
PolicyIdentifier,
|
|
pIpsecNFAData
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch(pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegCreateNFAData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
PolicyIdentifier,
|
|
pPolicyStore->pszLocationName,
|
|
pIpsecNFAData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirCreateNFAData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
PolicyIdentifier,
|
|
pIpsecNFAData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
error:
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecSetNFAData(
|
|
HANDLE hPolicyStore,
|
|
GUID PolicyIdentifier,
|
|
PIPSEC_NFA_DATA pIpsecNFAData
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
dwError = ValidateNFAData(
|
|
hPolicyStore,
|
|
PolicyIdentifier,
|
|
pIpsecNFAData
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegSetNFAData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
PolicyIdentifier,
|
|
pPolicyStore->pszLocationName,
|
|
pIpsecNFAData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirSetNFAData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
PolicyIdentifier,
|
|
pIpsecNFAData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
error:
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecDeleteNFAData(
|
|
HANDLE hPolicyStore,
|
|
GUID PolicyIdentifier,
|
|
PIPSEC_NFA_DATA pIpsecNFAData
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegDeleteNFAData(
|
|
(pPolicyStore->hRegistryKey),
|
|
(pPolicyStore->pszIpsecRootContainer),
|
|
PolicyIdentifier,
|
|
pPolicyStore->pszLocationName,
|
|
pIpsecNFAData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirDeleteNFAData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
PolicyIdentifier,
|
|
pIpsecNFAData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecEnumNFAData(
|
|
HANDLE hPolicyStore,
|
|
GUID PolicyIdentifier,
|
|
PIPSEC_NFA_DATA ** pppIpsecNFAData,
|
|
PDWORD pdwNumNFAObjects
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
IWbemServices *pWbemServices = NULL;
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegEnumNFAData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
PolicyIdentifier,
|
|
pppIpsecNFAData,
|
|
pdwNumNFAObjects
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirEnumNFAData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
PolicyIdentifier,
|
|
pppIpsecNFAData,
|
|
pdwNumNFAObjects
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = CreateIWbemServices(
|
|
pPolicyStore->pszLocationName,
|
|
&pWbemServices
|
|
);
|
|
|
|
if(dwError == ERROR_SUCCESS) {
|
|
dwError = WMIEnumNFADataEx(
|
|
pWbemServices,
|
|
PolicyIdentifier,
|
|
pppIpsecNFAData,
|
|
pdwNumNFAObjects
|
|
);
|
|
IWbemServices_Release(pWbemServices);
|
|
}
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecGetFilterData(
|
|
HANDLE hPolicyStore,
|
|
GUID FilterGUID,
|
|
PIPSEC_FILTER_DATA * ppIpsecFilterData
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
IWbemServices *pWbemServices = NULL;
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegGetFilterData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
FilterGUID,
|
|
ppIpsecFilterData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirGetFilterData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
(pPolicyStore->pszIpsecRootContainer),
|
|
FilterGUID,
|
|
ppIpsecFilterData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = CreateIWbemServices(
|
|
pPolicyStore->pszLocationName,
|
|
&pWbemServices
|
|
);
|
|
|
|
if(dwError == ERROR_SUCCESS) {
|
|
dwError = WMIGetFilterDataEx(
|
|
pWbemServices,
|
|
FilterGUID,
|
|
ppIpsecFilterData
|
|
);
|
|
IWbemServices_Release(pWbemServices);
|
|
}
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecGetNegPolData(
|
|
HANDLE hPolicyStore,
|
|
GUID NegPolGUID,
|
|
PIPSEC_NEGPOL_DATA * ppIpsecNegPolData
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
IWbemServices *pWbemServices = NULL;
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegGetNegPolData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
NegPolGUID,
|
|
ppIpsecNegPolData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirGetNegPolData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
NegPolGUID,
|
|
ppIpsecNegPolData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = CreateIWbemServices(
|
|
pPolicyStore->pszLocationName,
|
|
&pWbemServices
|
|
);
|
|
|
|
if(dwError == ERROR_SUCCESS) {
|
|
dwError = WMIGetNegPolDataEx(
|
|
pWbemServices,
|
|
NegPolGUID,
|
|
ppIpsecNegPolData
|
|
);
|
|
IWbemServices_Release(pWbemServices);
|
|
}
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecEnumISAKMPData(
|
|
HANDLE hPolicyStore,
|
|
PIPSEC_ISAKMP_DATA ** pppIpsecISAKMPData,
|
|
PDWORD pdwNumISAKMPObjects
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
IWbemServices *pWbemServices = NULL;
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegEnumISAKMPData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pppIpsecISAKMPData,
|
|
pdwNumISAKMPObjects
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirEnumISAKMPData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pppIpsecISAKMPData,
|
|
pdwNumISAKMPObjects
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = CreateIWbemServices(
|
|
pPolicyStore->pszLocationName,
|
|
&pWbemServices
|
|
);
|
|
|
|
if(dwError == ERROR_SUCCESS) {
|
|
dwError = WMIEnumISAKMPDataEx(
|
|
pWbemServices,
|
|
pppIpsecISAKMPData,
|
|
pdwNumISAKMPObjects
|
|
);
|
|
IWbemServices_Release(pWbemServices);
|
|
}
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecSetISAKMPData(
|
|
HANDLE hPolicyStore,
|
|
PIPSEC_ISAKMP_DATA pIpsecISAKMPData
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
|
|
dwError = ValidateISAKMPData(
|
|
pIpsecISAKMPData
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegSetISAKMPData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pPolicyStore->pszLocationName,
|
|
pIpsecISAKMPData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirSetISAKMPData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pIpsecISAKMPData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
error:
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecCreateISAKMPData(
|
|
HANDLE hPolicyStore,
|
|
PIPSEC_ISAKMP_DATA pIpsecISAKMPData
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
|
|
dwError = ValidateISAKMPData(
|
|
pIpsecISAKMPData
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegCreateISAKMPData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pIpsecISAKMPData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirCreateISAKMPData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pIpsecISAKMPData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
error:
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecDeleteISAKMPData(
|
|
HANDLE hPolicyStore,
|
|
GUID ISAKMPIdentifier
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
dwError = ValidateISAKMPDataDeletion(
|
|
hPolicyStore,
|
|
ISAKMPIdentifier
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegDeleteISAKMPData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
ISAKMPIdentifier
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirDeleteISAKMPData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
ISAKMPIdentifier
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
error:
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecGetISAKMPData(
|
|
HANDLE hPolicyStore,
|
|
GUID ISAKMPGUID,
|
|
PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
IWbemServices *pWbemServices = NULL;
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegGetISAKMPData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
ISAKMPGUID,
|
|
ppIpsecISAKMPData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = DirGetISAKMPData(
|
|
(pPolicyStore->hLdapBindHandle),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
ISAKMPGUID,
|
|
ppIpsecISAKMPData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = CreateIWbemServices(
|
|
pPolicyStore->pszLocationName,
|
|
&pWbemServices
|
|
);
|
|
|
|
if(dwError == ERROR_SUCCESS) {
|
|
dwError = WMIGetISAKMPDataEx(
|
|
pWbemServices,
|
|
ISAKMPGUID,
|
|
ppIpsecISAKMPData
|
|
);
|
|
IWbemServices_Release(pWbemServices);
|
|
}
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecOpenPolicyStore(
|
|
LPWSTR pszMachineName,
|
|
DWORD dwTypeOfStore,
|
|
LPWSTR pszFileName,
|
|
HANDLE * phPolicyStore
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
|
|
switch (dwTypeOfStore) {
|
|
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
|
|
dwError = RegOpenPolicyStore(
|
|
pszMachineName,
|
|
IPSEC_STORE_LOCAL,
|
|
phPolicyStore
|
|
);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
|
|
dwError = DirOpenPolicyStore(
|
|
pszMachineName,
|
|
phPolicyStore
|
|
);
|
|
break;
|
|
|
|
case IPSEC_FILE_PROVIDER:
|
|
|
|
dwError = FileOpenPolicyStore(
|
|
pszMachineName,
|
|
pszFileName,
|
|
phPolicyStore
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
|
|
dwError = WMIOpenPolicyStore(
|
|
pszMachineName,
|
|
phPolicyStore
|
|
);
|
|
break;
|
|
|
|
case IPSEC_PERSISTENT_PROVIDER:
|
|
|
|
dwError = RegOpenPolicyStore(
|
|
pszMachineName,
|
|
IPSEC_STORE_PERSISTENT,
|
|
phPolicyStore
|
|
);
|
|
break;
|
|
|
|
default:
|
|
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
RegOpenPolicyStore(
|
|
LPWSTR pszMachineName,
|
|
IN DWORD dwStore,
|
|
HANDLE * phPolicyStore
|
|
)
|
|
{
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
DWORD dwError = 0;
|
|
HKEY hParentRegistryKey = NULL;
|
|
HKEY hRegistryKey = NULL;
|
|
WCHAR szName[MAX_PATH];
|
|
LPWSTR pszLocationName = NULL;
|
|
LPWSTR pszIpsecRootContainer = NULL;
|
|
|
|
switch (dwStore)
|
|
{
|
|
case IPSEC_STORE_LOCAL:
|
|
pszIpsecRootContainer = AllocPolStr(gpszRegLocalContainer);
|
|
break;
|
|
|
|
case IPSEC_STORE_PERSISTENT:
|
|
pszIpsecRootContainer = AllocPolStr(gpszRegPersistentContainer);
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
}
|
|
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
if (!pszIpsecRootContainer) {
|
|
dwError = ERROR_OUTOFMEMORY;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
szName[0] = L'\0';
|
|
|
|
if (!pszMachineName || !*pszMachineName) {
|
|
dwError = RegOpenKeyExW(
|
|
HKEY_LOCAL_MACHINE,
|
|
(LPCWSTR) pszIpsecRootContainer,
|
|
0,
|
|
KEY_ALL_ACCESS,
|
|
&hRegistryKey
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pszLocationName = NULL;
|
|
}
|
|
else {
|
|
|
|
wcscpy(szName, L"\\\\");
|
|
wcscat(szName, pszMachineName);
|
|
|
|
dwError = RegConnectRegistryW(
|
|
szName,
|
|
HKEY_LOCAL_MACHINE,
|
|
&hParentRegistryKey
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = RegOpenKeyExW(
|
|
hParentRegistryKey,
|
|
(LPCWSTR) pszIpsecRootContainer,
|
|
0,
|
|
KEY_ALL_ACCESS,
|
|
&hRegistryKey
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pszLocationName = AllocPolStr(szName);
|
|
if (!pszLocationName) {
|
|
dwError = ERROR_OUTOFMEMORY;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
}
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)AllocPolMem(
|
|
sizeof(IPSEC_POLICY_STORE)
|
|
);
|
|
if (!pPolicyStore) {
|
|
dwError = ERROR_OUTOFMEMORY;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
pPolicyStore->dwProvider = IPSEC_REGISTRY_PROVIDER;
|
|
pPolicyStore->hParentRegistryKey = hParentRegistryKey;
|
|
pPolicyStore->hRegistryKey = hRegistryKey;
|
|
pPolicyStore->pszLocationName = pszLocationName;
|
|
pPolicyStore->hLdapBindHandle = NULL;
|
|
pPolicyStore->pszIpsecRootContainer = pszIpsecRootContainer;
|
|
pPolicyStore->pszFileName = NULL;
|
|
|
|
*phPolicyStore = pPolicyStore;
|
|
|
|
return(dwError);
|
|
|
|
error:
|
|
|
|
if (pszIpsecRootContainer) {
|
|
FreePolStr(pszIpsecRootContainer);
|
|
}
|
|
|
|
if (hRegistryKey) {
|
|
RegCloseKey(hRegistryKey);
|
|
}
|
|
|
|
if (hParentRegistryKey) {
|
|
RegCloseKey(hParentRegistryKey);
|
|
}
|
|
|
|
if (pszLocationName) {
|
|
FreePolStr(pszLocationName);
|
|
}
|
|
|
|
if (pPolicyStore) {
|
|
FreePolMem(pPolicyStore);
|
|
}
|
|
|
|
*phPolicyStore = NULL;
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
WMIOpenPolicyStore(
|
|
LPWSTR pszMachineName,
|
|
HANDLE * phPolicyStore
|
|
)
|
|
{
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
DWORD dwError = 0;
|
|
LPWSTR pszLocationName = NULL;
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)AllocPolMem(
|
|
sizeof(IPSEC_POLICY_STORE)
|
|
);
|
|
if (!pPolicyStore) {
|
|
dwError = ERROR_OUTOFMEMORY;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
pszLocationName = AllocPolStr(pszMachineName);
|
|
if (!pszLocationName) {
|
|
dwError = ERROR_OUTOFMEMORY;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
pPolicyStore->dwProvider = IPSEC_WMI_PROVIDER;
|
|
pPolicyStore->hParentRegistryKey = NULL;
|
|
pPolicyStore->hRegistryKey = NULL;
|
|
pPolicyStore->pszLocationName = pszLocationName;
|
|
pPolicyStore->hLdapBindHandle = NULL;
|
|
pPolicyStore->pszIpsecRootContainer = NULL;
|
|
pPolicyStore->pszFileName = NULL;
|
|
|
|
*phPolicyStore = pPolicyStore;
|
|
|
|
cleanup:
|
|
|
|
return(dwError);
|
|
|
|
error:
|
|
|
|
if (pPolicyStore) {
|
|
FreePolMem(pPolicyStore);
|
|
}
|
|
|
|
*phPolicyStore = NULL;
|
|
|
|
goto cleanup;
|
|
}
|
|
|
|
|
|
DWORD
|
|
DirOpenPolicyStore(
|
|
LPWSTR pszDomain,
|
|
HANDLE * phPolicyStore
|
|
)
|
|
{
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
DWORD dwError = 0;
|
|
LPWSTR pszIpsecRootContainer = NULL;
|
|
HLDAP hLdapBindHandle = NULL;
|
|
LPWSTR pszDefaultDirectory = NULL;
|
|
LPWSTR pszCrackedDirectory = NULL;
|
|
BOOL bCracked = FALSE;
|
|
|
|
if (!pszDomain || !*pszDomain) {
|
|
|
|
dwError = ComputeDefaultDirectory(
|
|
&pszDefaultDirectory
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = OpenDirectoryServerHandle(
|
|
pszDefaultDirectory,
|
|
389,
|
|
&hLdapBindHandle
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = ComputeDirLocationName(
|
|
pszDefaultDirectory,
|
|
&pszIpsecRootContainer
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
}
|
|
else {
|
|
|
|
// Discover the domain name in the form ldap expects.
|
|
//
|
|
// If cracking the name fails, then try to connect using the caller
|
|
// supplied domain name anyway before failing altogether.
|
|
//
|
|
dwError = CrackDomainName(pszDomain, &bCracked, &pszCrackedDirectory);
|
|
if (dwError == ERROR_SUCCESS) {
|
|
if (bCracked) {
|
|
pszDomain = pszCrackedDirectory;
|
|
}
|
|
}
|
|
dwError = ERROR_SUCCESS;
|
|
|
|
dwError = OpenDirectoryServerHandle(
|
|
pszDomain,
|
|
389,
|
|
&hLdapBindHandle
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = ComputeDirLocationName(
|
|
pszDomain,
|
|
&pszIpsecRootContainer
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
}
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)AllocPolMem(
|
|
sizeof(IPSEC_POLICY_STORE)
|
|
);
|
|
if (!pPolicyStore) {
|
|
dwError = ERROR_OUTOFMEMORY;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
pPolicyStore->dwProvider = IPSEC_DIRECTORY_PROVIDER;
|
|
pPolicyStore->hParentRegistryKey = NULL;
|
|
pPolicyStore->hRegistryKey = NULL;
|
|
pPolicyStore->pszLocationName = NULL;
|
|
pPolicyStore->hLdapBindHandle = hLdapBindHandle;
|
|
pPolicyStore->pszIpsecRootContainer = pszIpsecRootContainer;
|
|
pPolicyStore->pszFileName = NULL;
|
|
|
|
*phPolicyStore = pPolicyStore;
|
|
|
|
cleanup:
|
|
|
|
if (pszDefaultDirectory) {
|
|
FreePolStr(pszDefaultDirectory);
|
|
}
|
|
if (pszCrackedDirectory) {
|
|
NsuFree(&pszCrackedDirectory);
|
|
}
|
|
|
|
return(dwError);
|
|
|
|
error:
|
|
|
|
if (hLdapBindHandle) {
|
|
CloseDirectoryServerHandle(hLdapBindHandle);
|
|
}
|
|
|
|
if (pszIpsecRootContainer) {
|
|
FreePolStr(pszIpsecRootContainer);
|
|
}
|
|
|
|
if (pPolicyStore) {
|
|
FreePolMem(pPolicyStore);
|
|
}
|
|
|
|
*phPolicyStore = NULL;
|
|
|
|
goto cleanup;
|
|
}
|
|
|
|
|
|
DWORD
|
|
FileOpenPolicyStore(
|
|
LPWSTR pszMachineName,
|
|
LPWSTR pszFileName,
|
|
HANDLE * phPolicyStore
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
LPWSTR pszIpsecRootContainer = NULL;
|
|
HKEY hRegistryKey = NULL;
|
|
LPWSTR pszTempFileName = NULL;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
DWORD dwDisposition = 0;
|
|
|
|
|
|
pszIpsecRootContainer = AllocPolStr(gpszIpsecFileRootContainer);
|
|
|
|
if (!pszIpsecRootContainer) {
|
|
dwError = ERROR_OUTOFMEMORY;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
if (!pszMachineName || !*pszMachineName) {
|
|
dwError = RegCreateKeyExW(
|
|
HKEY_LOCAL_MACHINE,
|
|
(LPCWSTR) gpszIpsecFileRootContainer,
|
|
0,
|
|
NULL,
|
|
0,
|
|
KEY_ALL_ACCESS,
|
|
NULL,
|
|
&hRegistryKey,
|
|
&dwDisposition
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
else {
|
|
dwError = ERROR_INVALID_DATA;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
if (!pszFileName || !*pszFileName) {
|
|
dwError = ERROR_INVALID_DATA;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
pszTempFileName = AllocPolStr(pszFileName);
|
|
if (!pszTempFileName) {
|
|
dwError = ERROR_OUTOFMEMORY;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)AllocPolMem(
|
|
sizeof(IPSEC_POLICY_STORE)
|
|
);
|
|
if (!pPolicyStore) {
|
|
dwError = ERROR_OUTOFMEMORY;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
pPolicyStore->dwProvider = IPSEC_FILE_PROVIDER;
|
|
pPolicyStore->hParentRegistryKey = NULL;
|
|
pPolicyStore->hRegistryKey = hRegistryKey;
|
|
pPolicyStore->pszLocationName = NULL;
|
|
pPolicyStore->hLdapBindHandle = NULL;
|
|
pPolicyStore->pszIpsecRootContainer = pszIpsecRootContainer;
|
|
pPolicyStore->pszFileName = pszTempFileName;
|
|
|
|
*phPolicyStore = pPolicyStore;
|
|
|
|
return(dwError);
|
|
|
|
error:
|
|
|
|
if (pszIpsecRootContainer) {
|
|
FreePolStr(pszIpsecRootContainer);
|
|
}
|
|
|
|
if (hRegistryKey) {
|
|
RegCloseKey(hRegistryKey);
|
|
}
|
|
|
|
if (pszTempFileName) {
|
|
FreePolStr(pszTempFileName);
|
|
}
|
|
|
|
*phPolicyStore = NULL;
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecClosePolicyStore(
|
|
HANDLE hPolicyStore
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
|
|
if (pPolicyStore->hRegistryKey) {
|
|
dwError = RegCloseKey(
|
|
pPolicyStore->hRegistryKey
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
if (pPolicyStore->hParentRegistryKey) {
|
|
dwError = RegCloseKey(
|
|
pPolicyStore->hParentRegistryKey
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
if (pPolicyStore->pszLocationName) {
|
|
FreePolStr(pPolicyStore->pszLocationName);
|
|
}
|
|
|
|
if (pPolicyStore->pszIpsecRootContainer) {
|
|
FreePolStr(pPolicyStore->pszIpsecRootContainer);
|
|
}
|
|
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
|
|
if (pPolicyStore->hLdapBindHandle) {
|
|
CloseDirectoryServerHandle(
|
|
pPolicyStore->hLdapBindHandle
|
|
);
|
|
}
|
|
|
|
if (pPolicyStore->pszIpsecRootContainer) {
|
|
FreePolStr(pPolicyStore->pszIpsecRootContainer);
|
|
}
|
|
|
|
break;
|
|
|
|
case IPSEC_FILE_PROVIDER:
|
|
|
|
if (pPolicyStore->hRegistryKey) {
|
|
dwError = RegCloseKey(
|
|
pPolicyStore->hRegistryKey
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
if (pPolicyStore->pszIpsecRootContainer) {
|
|
FreePolStr(pPolicyStore->pszIpsecRootContainer);
|
|
}
|
|
|
|
if (pPolicyStore->pszFileName) {
|
|
FreePolStr(pPolicyStore->pszFileName);
|
|
}
|
|
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
|
|
if(pPolicyStore->pszLocationName) {
|
|
FreePolStr(pPolicyStore->pszLocationName);
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
break;
|
|
|
|
}
|
|
|
|
if (pPolicyStore) {
|
|
FreePolMem(pPolicyStore);
|
|
}
|
|
|
|
error:
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecAssignPolicy(
|
|
HANDLE hPolicyStore,
|
|
GUID PolicyGUID
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
HKEY hHKLMKey = 0;
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
if (pPolicyStore->hParentRegistryKey) {
|
|
hHKLMKey = pPolicyStore->hParentRegistryKey;
|
|
} else {
|
|
hHKLMKey = HKEY_LOCAL_MACHINE;
|
|
}
|
|
dwError = RegAssignPolicy(
|
|
hHKLMKey,
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
PolicyGUID,
|
|
pPolicyStore->pszLocationName
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecUnassignPolicy(
|
|
HANDLE hPolicyStore,
|
|
GUID PolicyGUID
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwProvider = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
HKEY hHKLMKey = 0;
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
if (pPolicyStore->hParentRegistryKey) {
|
|
hHKLMKey = pPolicyStore->hParentRegistryKey;
|
|
} else {
|
|
hHKLMKey = HKEY_LOCAL_MACHINE;
|
|
}
|
|
dwError = RegUnassignPolicy(
|
|
hHKLMKey,
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
PolicyGUID,
|
|
pPolicyStore->pszLocationName
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
ComputeDirLocationName(
|
|
LPWSTR pszDirDomainName,
|
|
LPWSTR * ppszDirFQPathName
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
WCHAR szName[MAX_PATH];
|
|
LPWSTR pszDotBegin = NULL;
|
|
LPWSTR pszDotEnd = NULL;
|
|
LPWSTR pszDirFQPathName = NULL;
|
|
LPWSTR pszDirName = NULL;
|
|
|
|
szName[0] = L'\0';
|
|
wcscpy(szName, L"CN=IP Security,CN=System");
|
|
|
|
pszDirName = AllocPolStr(pszDirDomainName);
|
|
|
|
if (!pszDirName) {
|
|
dwError = ERROR_OUTOFMEMORY;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
pszDotBegin = pszDirName;
|
|
pszDotEnd = wcschr(pszDirName, L'.');
|
|
|
|
while (pszDotEnd) {
|
|
|
|
*pszDotEnd = L'\0';
|
|
|
|
wcscat(szName, L",DC=");
|
|
wcscat(szName, pszDotBegin);
|
|
|
|
*pszDotEnd = L'.';
|
|
|
|
pszDotEnd += 1;
|
|
pszDotBegin = pszDotEnd;
|
|
|
|
pszDotEnd = wcschr(pszDotEnd, L'.');
|
|
|
|
}
|
|
|
|
wcscat(szName, L",DC=");
|
|
wcscat(szName, pszDotBegin);
|
|
|
|
pszDirFQPathName = AllocPolStr(szName);
|
|
if (!pszDirFQPathName) {
|
|
dwError = ERROR_OUTOFMEMORY;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
*ppszDirFQPathName = pszDirFQPathName;
|
|
|
|
cleanup:
|
|
|
|
if (pszDirName) {
|
|
FreePolStr(pszDirName);
|
|
}
|
|
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
*ppszDirFQPathName = NULL;
|
|
goto cleanup;
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecGetAssignedPolicyData(
|
|
HANDLE hPolicyStore,
|
|
PIPSEC_POLICY_DATA * ppIpsecPolicyData
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE)hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
dwError = RegGetAssignedPolicyData(
|
|
(pPolicyStore->hRegistryKey),
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
ppIpsecPolicyData
|
|
);
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
////*ppIpsecPolicyData = NULL;
|
|
////dwError = ERROR_NOT_SUPPORTED;
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecExportPolicies(
|
|
HANDLE hSrcPolicyStore,
|
|
HANDLE hDesPolicyStore
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
PIPSEC_POLICY_STORE pSrcPolicyStore = NULL;
|
|
PIPSEC_POLICY_STORE pDesPolicyStore = NULL;
|
|
|
|
|
|
pSrcPolicyStore = (PIPSEC_POLICY_STORE) hSrcPolicyStore;
|
|
|
|
switch (pSrcPolicyStore->dwProvider) {
|
|
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
break;
|
|
case IPSEC_WMI_PROVIDER:
|
|
////dwError = ERROR_NOT_SUPPORTED;
|
|
////BAIL_ON_WIN32_ERROR(dwError);
|
|
break;
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
break;
|
|
}
|
|
|
|
pDesPolicyStore = (PIPSEC_POLICY_STORE) hDesPolicyStore;
|
|
|
|
switch (pDesPolicyStore->dwProvider) {
|
|
|
|
case IPSEC_FILE_PROVIDER:
|
|
dwError = ExportPoliciesToFile(
|
|
hSrcPolicyStore,
|
|
hDesPolicyStore
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
break;
|
|
|
|
}
|
|
|
|
error:
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecImportPolicies(
|
|
HANDLE hSrcPolicyStore,
|
|
HANDLE hDesPolicyStore
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
PIPSEC_POLICY_STORE pSrcPolicyStore = NULL;
|
|
PIPSEC_POLICY_STORE pDesPolicyStore = NULL;
|
|
|
|
|
|
pSrcPolicyStore = (PIPSEC_POLICY_STORE) hSrcPolicyStore;
|
|
|
|
switch (pSrcPolicyStore->dwProvider) {
|
|
|
|
case IPSEC_FILE_PROVIDER:
|
|
break;
|
|
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
break;
|
|
|
|
}
|
|
|
|
pDesPolicyStore = (PIPSEC_POLICY_STORE) hDesPolicyStore;
|
|
|
|
switch (pDesPolicyStore->dwProvider) {
|
|
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
dwError = ImportPoliciesFromFile(
|
|
hSrcPolicyStore,
|
|
hDesPolicyStore
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
break;
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
default:
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
break;
|
|
|
|
}
|
|
|
|
error:
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecRestoreDefaultPolicies(
|
|
HANDLE hPolicyStore
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
PIPSEC_POLICY_STORE pPolicyStore = NULL;
|
|
|
|
|
|
pPolicyStore = (PIPSEC_POLICY_STORE) hPolicyStore;
|
|
|
|
switch (pPolicyStore->dwProvider) {
|
|
|
|
case IPSEC_REGISTRY_PROVIDER:
|
|
|
|
dwError = RegRestoreDefaults(
|
|
hPolicyStore,
|
|
pPolicyStore->hRegistryKey,
|
|
pPolicyStore->pszIpsecRootContainer,
|
|
pPolicyStore->pszLocationName
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
break;
|
|
|
|
case IPSEC_DIRECTORY_PROVIDER:
|
|
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
case IPSEC_WMI_PROVIDER:
|
|
dwError = ERROR_NOT_SUPPORTED;
|
|
break;
|
|
|
|
default:
|
|
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
break;
|
|
|
|
}
|
|
|
|
error:
|
|
|
|
return(dwError);
|
|
}
|
|
|
|
|
|
HRESULT
|
|
WriteDirectoryPolicyToWMI(
|
|
LPWSTR pszMachineName,
|
|
LPWSTR pszPolicyDN,
|
|
PGPO_INFO pGPOInfo,
|
|
IWbemServices *pWbemServices
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
HRESULT hr = S_OK;
|
|
PIPSEC_POLICY_OBJECT pIpsecPolicyObject = NULL;
|
|
BOOL bDeepRead;
|
|
|
|
if (!pGPOInfo || !pWbemServices) {
|
|
hr = E_INVALIDARG;
|
|
BAIL_ON_HRESULT_ERROR(hr);
|
|
}
|
|
|
|
bDeepRead = (pGPOInfo->uiPrecedence == 1);
|
|
|
|
hr = ReadPolicyObjectFromDirectoryEx(
|
|
pszMachineName,
|
|
pszPolicyDN,
|
|
bDeepRead,
|
|
&pIpsecPolicyObject
|
|
);
|
|
BAIL_ON_HRESULT_ERROR(hr);
|
|
|
|
hr = WritePolicyObjectDirectoryToWMI(
|
|
pWbemServices,
|
|
pIpsecPolicyObject,
|
|
pGPOInfo
|
|
);
|
|
BAIL_ON_HRESULT_ERROR(hr);
|
|
|
|
error:
|
|
if (pIpsecPolicyObject) {
|
|
FreeIpsecPolicyObject(pIpsecPolicyObject);
|
|
}
|
|
|
|
return(hr);
|
|
}
|
|
|
|
HRESULT
|
|
IPSecClearWMIStore(
|
|
IWbemServices *pWbemServices
|
|
)
|
|
{
|
|
HRESULT hr = S_OK;
|
|
|
|
if (!pWbemServices) {
|
|
hr = E_INVALIDARG;
|
|
BAIL_ON_HRESULT_ERROR(hr);
|
|
}
|
|
|
|
hr = DeleteWMIClassObject(
|
|
pWbemServices,
|
|
IPSEC_RSOP_CLASSNAME
|
|
);
|
|
BAIL_ON_HRESULT_ERROR(hr);
|
|
|
|
error:
|
|
return(hr);
|
|
}
|
|
|
|
DWORD
|
|
IPSecChooseDriverBootMode(
|
|
HKEY hHKLMKey,
|
|
DWORD dwStore,
|
|
DWORD dwAction
|
|
)
|
|
{
|
|
|
|
BOOL bRegPolicyAssigned = FALSE;
|
|
BOOL bPersistentPolicyAssigned = FALSE;
|
|
BOOL bDirectoryPolicyAssigned = FALSE;
|
|
BOOL bComplementaryPolicyAssigned = FALSE;
|
|
BOOL bBootmodeValueExists = FALSE;
|
|
DWORD dwError = ERROR_SUCCESS;
|
|
|
|
|
|
dwError = IsRegvalueExist(
|
|
hHKLMKey,
|
|
gpszRegLocalContainer,
|
|
gpActivePolicyKey,
|
|
&bRegPolicyAssigned
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = IsRegvalueExist(
|
|
hHKLMKey,
|
|
gpszRegPersistentContainer,
|
|
gpActivePolicyKey,
|
|
&bPersistentPolicyAssigned
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = IsRegvalueExist(
|
|
hHKLMKey,
|
|
gpszIPsecDirContainer,
|
|
gpDirectoryPolicyPointerKey,
|
|
&bDirectoryPolicyAssigned
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
bComplementaryPolicyAssigned =
|
|
(dwStore == IPSEC_REGISTRY_PROVIDER && (bPersistentPolicyAssigned || bDirectoryPolicyAssigned))
|
|
|| (dwStore == IPSEC_DIRECTORY_PROVIDER && (bPersistentPolicyAssigned || bRegPolicyAssigned))
|
|
|| (dwStore == IPSEC_PERSISTENT_PROVIDER && (bDirectoryPolicyAssigned || bRegPolicyAssigned));
|
|
|
|
if (dwAction == POL_ACTION_ASSIGN &&
|
|
!bComplementaryPolicyAssigned)
|
|
{
|
|
dwError = IsRegvalueExist(
|
|
hHKLMKey,
|
|
REG_KEY_IPSEC_DRIVER_SERVICE,
|
|
REG_VAL_IPSEC_OPERATIONMODE,
|
|
&bBootmodeValueExists
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
if (!bBootmodeValueExists) {
|
|
dwError = IPSecSetDriverOperationMode(
|
|
hHKLMKey,
|
|
REG_IPSEC_DRIVER_STATEFULMODE
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
}
|
|
else if (dwAction == POL_ACTION_UNASSIGN &&
|
|
!bComplementaryPolicyAssigned)
|
|
{
|
|
dwError = IPSecRegDeleteValue(
|
|
hHKLMKey,
|
|
REG_KEY_IPSEC_DRIVER_SERVICE,
|
|
REG_VAL_IPSEC_OPERATIONMODE
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
return dwError;
|
|
error:
|
|
return dwError;
|
|
}
|
|
|
|
|
|
DWORD
|
|
IPSecSetDriverOperationMode(
|
|
HKEY hHKLMKey,
|
|
DWORD dwNewOperationMode
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
HKEY hKey = NULL;
|
|
|
|
dwError = RegOpenKeyExW(
|
|
hHKLMKey,
|
|
(LPCWSTR) REG_KEY_IPSEC_DRIVER_SERVICE,
|
|
0,
|
|
KEY_ALL_ACCESS,
|
|
&hKey
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = RegSetValueExW(
|
|
hKey,
|
|
REG_VAL_IPSEC_OPERATIONMODE,
|
|
0,
|
|
REG_DWORD,
|
|
(LPBYTE) &dwNewOperationMode,
|
|
sizeof(DWORD)
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
error:
|
|
if (hKey) {
|
|
RegCloseKey(hKey);
|
|
}
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
DWORD
|
|
IsRegvalueExist(
|
|
HKEY hHKLMKey,
|
|
LPWSTR pszKey,
|
|
LPWSTR pszValue,
|
|
BOOL * pbValueExists
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
HKEY hKey = NULL;
|
|
DWORD dwtype = 0;
|
|
BOOL bValueExists = FALSE;
|
|
|
|
dwError = RegOpenKeyExW(
|
|
hHKLMKey,
|
|
(LPCWSTR) pszKey,
|
|
0,
|
|
KEY_ALL_ACCESS,
|
|
&hKey
|
|
);
|
|
if (dwError == ERROR_FILE_NOT_FOUND) {
|
|
// Container key doesn't exist so value doesn't exist anyway...
|
|
//
|
|
|
|
dwError = ERROR_SUCCESS;
|
|
bValueExists = FALSE;
|
|
} else {
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = RegQueryValueExW(
|
|
hKey,
|
|
pszValue,
|
|
0,
|
|
&dwtype,
|
|
NULL,
|
|
NULL
|
|
);
|
|
if (dwError == ERROR_FILE_NOT_FOUND) {
|
|
dwError = ERROR_SUCCESS;
|
|
bValueExists = FALSE;
|
|
} else {
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
// ERROR_SUCCESS means registry key found
|
|
//
|
|
bValueExists = TRUE;
|
|
}
|
|
}
|
|
|
|
*pbValueExists = bValueExists;
|
|
error:
|
|
if (hKey) {
|
|
RegCloseKey(hKey);
|
|
}
|
|
|
|
return dwError;
|
|
}
|
|
|
|
DWORD
|
|
IPSecRegDeleteValue(
|
|
HKEY hHKLMKey,
|
|
LPWSTR pszKey,
|
|
LPWSTR pszValue
|
|
)
|
|
{
|
|
HKEY hKey = NULL;
|
|
DWORD dwtype = 0;
|
|
DWORD dwError = 0;
|
|
dwError = RegOpenKeyExW(
|
|
hHKLMKey,
|
|
(LPCWSTR) pszKey,
|
|
0,
|
|
KEY_ALL_ACCESS,
|
|
&hKey
|
|
);
|
|
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
dwError = RegDeleteValueW(
|
|
hKey,
|
|
pszValue
|
|
);
|
|
if (dwError == ERROR_FILE_NOT_FOUND) {
|
|
dwError = ERROR_SUCCESS;
|
|
}
|
|
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
error:
|
|
if (hKey) {
|
|
RegCloseKey(hKey);
|
|
}
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IsAnyPolicyAssigned (
|
|
HKEY hHKLMKey,
|
|
BOOL * pbAnyPolicyAssigned
|
|
)
|
|
{
|
|
BOOL bAnyPolicyAssigned = FALSE;
|
|
BOOL bRegPolicyAssigned = FALSE;
|
|
BOOL bPersistentPolicyAssigned = FALSE;
|
|
BOOL bDirectoryPolicyAssigned = FALSE;
|
|
DWORD dwError = ERROR_SUCCESS;
|
|
|
|
|
|
dwError = IsRegvalueExist(
|
|
hHKLMKey,
|
|
gpszRegLocalContainer,
|
|
gpActivePolicyKey,
|
|
&bRegPolicyAssigned
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
if (!bRegPolicyAssigned) {
|
|
dwError = IsRegvalueExist(
|
|
hHKLMKey,
|
|
gpszRegPersistentContainer,
|
|
gpActivePolicyKey,
|
|
&bPersistentPolicyAssigned
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
if (!bPersistentPolicyAssigned) {
|
|
dwError = IsRegvalueExist(
|
|
hHKLMKey,
|
|
gpszIPsecDirContainer,
|
|
gpDirectoryPolicyPointerKey,
|
|
&bDirectoryPolicyAssigned
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
}
|
|
|
|
bAnyPolicyAssigned = bRegPolicyAssigned ||
|
|
bPersistentPolicyAssigned ||
|
|
bDirectoryPolicyAssigned;
|
|
|
|
*pbAnyPolicyAssigned = bAnyPolicyAssigned;
|
|
error:
|
|
return dwError;
|
|
}
|