Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

397 lines
9.6 KiB

#include "precomp.h"
DWORD
ImportPoliciesFromFile(
HANDLE hSrcPolicyStore,
HANDLE hDesPolicyStore
)
{
DWORD dwError = 0;
PIPSEC_POLICY_STORE pSrcPolicyStore = NULL;
PIPSEC_POLICY_DATA * ppIpsecPolicyData = NULL;
DWORD dwNumPolicyObjects = 0;
PIPSEC_POLICY_STORE pDesPolicyStore = NULL;
pSrcPolicyStore = (PIPSEC_POLICY_STORE) hSrcPolicyStore;
dwError = EnablePrivilege(
SE_RESTORE_NAME
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = RegRestoreKeyW(
pSrcPolicyStore->hRegistryKey,
pSrcPolicyStore->pszFileName,
0
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = DeleteDuplicatePolicyDataBeforeImport(
pSrcPolicyStore,
hDesPolicyStore
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = ImportFilterDataFromFile(
pSrcPolicyStore,
hDesPolicyStore
);
dwError = ImportNegPolDataFromFile(
pSrcPolicyStore,
hDesPolicyStore
);
dwError = ImportISAKMPDataFromFile(
pSrcPolicyStore,
hDesPolicyStore
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = ImportPolicyDataFromFile(
pSrcPolicyStore,
hDesPolicyStore,
&ppIpsecPolicyData,
&dwNumPolicyObjects
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = ImportNFADataFromFile(
pSrcPolicyStore,
hDesPolicyStore,
ppIpsecPolicyData,
dwNumPolicyObjects
);
BAIL_ON_WIN32_ERROR(dwError);
pDesPolicyStore = (PIPSEC_POLICY_STORE) hDesPolicyStore;
if (pDesPolicyStore->dwProvider == IPSEC_REGISTRY_PROVIDER) {
(VOID) RegPingPASvcForActivePolicy(
pDesPolicyStore->hRegistryKey,
pDesPolicyStore->pszIpsecRootContainer,
pDesPolicyStore->pszLocationName
);
}
error:
if (ppIpsecPolicyData) {
FreeMulIpsecPolicyData(
ppIpsecPolicyData,
dwNumPolicyObjects
);
}
FlushRegSaveKey(
pSrcPolicyStore->hRegistryKey
);
return (dwError);
}
DWORD
DeleteDuplicatePolicyDataBeforeImport(
PIPSEC_POLICY_STORE pSrcPolicyStore,
HANDLE hDesPolicyStore
)
{
DWORD dwError = 0;
PIPSEC_POLICY_DATA * ppIpsecPolicyData = NULL;
PIPSEC_POLICY_DATA pIpsecPolicyData = NULL;
DWORD dwNumPolicyObjects = 0;
DWORD i = 0;
dwError = RegEnumPolicyData(
pSrcPolicyStore->hRegistryKey,
pSrcPolicyStore->pszIpsecRootContainer,
&ppIpsecPolicyData,
&dwNumPolicyObjects
);
for (i = 0; i < dwNumPolicyObjects; i++) {
pIpsecPolicyData = * (ppIpsecPolicyData + i);
dwError = VerifyPolicyDataExistence(
hDesPolicyStore,
pIpsecPolicyData->PolicyIdentifier
);
if (!dwError) {
dwError = IPSecDeletePolicy(
hDesPolicyStore,
pIpsecPolicyData
);
}
}
if (ppIpsecPolicyData) {
FreeMulIpsecPolicyData(
ppIpsecPolicyData,
dwNumPolicyObjects
);
}
dwError = ERROR_SUCCESS;
return (dwError);
}
DWORD
IPSecDeletePolicy(
HANDLE hPolicyStore,
PIPSEC_POLICY_DATA pIpsecPolicyData
)
{
DWORD dwError = 0;
PIPSEC_POLICY_STORE pPolicyStore = NULL;
pPolicyStore = (PIPSEC_POLICY_STORE) hPolicyStore;
switch (pPolicyStore->dwProvider) {
case IPSEC_REGISTRY_PROVIDER:
dwError = RegDeletePolicy(
pPolicyStore->hRegistryKey,
pPolicyStore->pszIpsecRootContainer,
pPolicyStore->pszLocationName,
pIpsecPolicyData->PolicyIdentifier
);
BAIL_ON_WIN32_ERROR (dwError);
break;
case IPSEC_DIRECTORY_PROVIDER:
dwError = DirDeletePolicyBeforeImport(
pPolicyStore->hLdapBindHandle,
pPolicyStore->pszIpsecRootContainer,
pIpsecPolicyData->PolicyIdentifier
);
BAIL_ON_WIN32_ERROR (dwError);
break;
}
error:
return (dwError);
}
DWORD
RegDeletePolicy(
HKEY hRegistryKey,
LPWSTR pszIpsecRootContainer,
LPWSTR pszLocationName,
GUID PolicyGUID
)
{
DWORD dwError = 0;
PIPSEC_POLICY_DATA pIpsecPolicyData = NULL;
PIPSEC_NFA_DATA * ppIpsecNFAData = NULL;
DWORD dwNumNFAObjects = 0;
DWORD i = 0;
PIPSEC_NFA_DATA pIpsecNFAData = NULL;
dwError = RegGetPolicyData(
hRegistryKey,
pszIpsecRootContainer,
PolicyGUID,
&pIpsecPolicyData
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = RegEnumNFAData(
hRegistryKey,
pszIpsecRootContainer,
PolicyGUID,
&ppIpsecNFAData,
&dwNumNFAObjects
);
for (i = 0; i < dwNumNFAObjects; i++) {
pIpsecNFAData = *(ppIpsecNFAData + i);
dwError = RegDeleteNFAData(
hRegistryKey,
pszIpsecRootContainer,
PolicyGUID,
pszLocationName,
pIpsecNFAData
);
dwError = RegDeleteDynamicDefaultNegPolData(
hRegistryKey,
pszIpsecRootContainer,
pszLocationName,
pIpsecNFAData->NegPolIdentifier
);
}
dwError = RegDeletePolicyData(
hRegistryKey,
pszIpsecRootContainer,
pIpsecPolicyData
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = RegDeleteISAKMPData(
hRegistryKey,
pszIpsecRootContainer,
pIpsecPolicyData->ISAKMPIdentifier
);
BAIL_ON_WIN32_ERROR(dwError);
error:
if (ppIpsecNFAData) {
FreeMulIpsecNFAData(
ppIpsecNFAData,
dwNumNFAObjects
);
}
if (pIpsecPolicyData) {
FreeIpsecPolicyData(
pIpsecPolicyData
);
}
return (dwError);
}
DWORD
DirDeletePolicyBeforeImport(
HLDAP hLdapBindHandle,
LPWSTR pszIpsecRootContainer,
GUID PolicyIdentifier
)
{
DWORD dwError = 0;
PIPSEC_NFA_DATA * ppIpsecNFAData = NULL;
PIPSEC_NFA_DATA pIpsecNFAData = NULL;
PIPSEC_POLICY_DATA pIpsecPolicyData = NULL;
DWORD dwNumNFAObjects = 0;
DWORD i = 0;
dwError = DirGetPolicyData(
hLdapBindHandle,
pszIpsecRootContainer,
PolicyIdentifier,
&pIpsecPolicyData
);
BAIL_ON_WIN32_ERROR (dwError);
dwError = DirEnumNFAData(
hLdapBindHandle,
pszIpsecRootContainer,
PolicyIdentifier,
&ppIpsecNFAData,
&dwNumNFAObjects
);
for (i = 0; i < dwNumNFAObjects; i++) {
pIpsecNFAData = *(ppIpsecNFAData + i);
dwError = DirDeleteNFAData(
hLdapBindHandle,
pszIpsecRootContainer,
PolicyIdentifier,
pIpsecNFAData
);
dwError = DirDeleteDynamicDefaultNegPolData(
hLdapBindHandle,
pszIpsecRootContainer,
pIpsecNFAData->NegPolIdentifier
);
}
dwError = DirDeleteISAKMPData(
hLdapBindHandle,
pszIpsecRootContainer,
pIpsecPolicyData->ISAKMPIdentifier
);
BAIL_ON_WIN32_ERROR (dwError);
error:
if (ppIpsecNFAData) {
FreeMulIpsecNFAData(
ppIpsecNFAData,
dwNumNFAObjects
);
}
if (pIpsecPolicyData) {
FreeIpsecPolicyData(
pIpsecPolicyData
);
}
return (dwError);
}
DWORD
DirDeleteDynamicDefaultNegPolData(
HLDAP hLdapBindHandle,
LPWSTR pszIpsecRootContainer,
GUID NegPolGUID
)
{
DWORD dwError = 0;
PIPSEC_NEGPOL_DATA pIpsecNegPolData = NULL;
dwError = DirGetNegPolData(
hLdapBindHandle,
pszIpsecRootContainer,
NegPolGUID,
&pIpsecNegPolData
);
BAIL_ON_WIN32_ERROR(dwError);
if (!memcmp(
&(pIpsecNegPolData->NegPolType),
&(GUID_NEGOTIATION_TYPE_DEFAULT),
sizeof(GUID))) {
dwError = DirDeleteNegPolData(
hLdapBindHandle,
pszIpsecRootContainer,
NegPolGUID
);
BAIL_ON_WIN32_ERROR(dwError);
}
error:
if (pIpsecNegPolData) {
FreeIpsecNegPolData(
pIpsecNegPolData
);
}
return (dwError);
}