You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1003 lines
30 KiB
1003 lines
30 KiB
/*++
|
|
|
|
Copyright (c) 1999 Microsoft Corporation
|
|
|
|
|
|
Module Name:
|
|
|
|
IKE utils
|
|
|
|
Abstract:
|
|
|
|
Contains parameter validation
|
|
|
|
Author:
|
|
|
|
BrianSw 10-19-200
|
|
|
|
Environment:
|
|
|
|
User Level: Win32
|
|
|
|
Revision History:
|
|
|
|
|
|
--*/
|
|
|
|
|
|
#include "precomp.h"
|
|
|
|
|
|
DWORD
|
|
ValidateInitiateIKENegotiation(
|
|
STRING_HANDLE pServerName,
|
|
PQM_FILTER_CONTAINER pQMFilterContainer,
|
|
DWORD dwClientProcessId,
|
|
ULONG uhClientEvent,
|
|
DWORD dwFlags,
|
|
IPSEC_UDP_ENCAP_CONTEXT UdpEncapContext,
|
|
IKENEGOTIATION_HANDLE * phIKENegotiation
|
|
)
|
|
{
|
|
|
|
DWORD dwError=ERROR_SUCCESS;
|
|
|
|
if (pQMFilterContainer == NULL ||
|
|
pQMFilterContainer->pQMFilters == NULL) {
|
|
dwError=ERROR_INVALID_PARAMETER;
|
|
}
|
|
|
|
if (pServerName && (wcscmp(pServerName,L"") != 0)) {
|
|
if (uhClientEvent || phIKENegotiation || dwClientProcessId) {
|
|
dwError=ERROR_NOT_SUPPORTED;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
} else {
|
|
if (phIKENegotiation || dwClientProcessId || uhClientEvent) {
|
|
if (!phIKENegotiation || !dwClientProcessId || !uhClientEvent) {
|
|
dwError=ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!(pQMFilterContainer->pQMFilters) ||
|
|
!(pQMFilterContainer->dwNumFilters)) {
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
|
|
dwError = ValidateIPSecQMFilter(
|
|
pQMFilterContainer->pQMFilters
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
error:
|
|
|
|
return dwError;
|
|
}
|
|
|
|
|
|
DWORD
|
|
ValidateQueryIKENegotiationStatus(
|
|
IKENEGOTIATION_HANDLE hIKENegotiation,
|
|
SA_NEGOTIATION_STATUS_INFO *NegotiationStatus
|
|
)
|
|
|
|
{
|
|
|
|
DWORD dwError=ERROR_SUCCESS;
|
|
|
|
if (!hIKENegotiation || !NegotiationStatus) {
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
error:
|
|
return dwError;
|
|
}
|
|
|
|
|
|
DWORD
|
|
ValidateCloseIKENegotiationHandle(
|
|
IKENEGOTIATION_HANDLE * phIKENegotiation
|
|
)
|
|
{
|
|
DWORD dwError=ERROR_SUCCESS;
|
|
|
|
if (!phIKENegotiation) {
|
|
dwError=ERROR_INVALID_PARAMETER;
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
error:
|
|
return dwError;
|
|
}
|
|
|
|
|
|
DWORD
|
|
ValidateEnumMMSAs(
|
|
STRING_HANDLE pServerName,
|
|
PMM_SA_CONTAINER pMMTemplate,
|
|
PMM_SA_CONTAINER *ppMMSAContainer,
|
|
LPDWORD pdwNumEntries,
|
|
LPDWORD pdwTotalMMsAvailable,
|
|
LPDWORD pdwEnumHandle,
|
|
DWORD dwFlags
|
|
)
|
|
{
|
|
DWORD dwError=ERROR_SUCCESS;
|
|
|
|
if (pMMTemplate == NULL ||
|
|
pMMTemplate->pMMSAs == NULL ||
|
|
pMMTemplate->dwNumMMSAs == 0 ||
|
|
ppMMSAContainer == NULL ||
|
|
*ppMMSAContainer == NULL ||
|
|
pdwNumEntries == NULL ||
|
|
pdwTotalMMsAvailable == NULL ||
|
|
pdwEnumHandle == NULL ) {
|
|
dwError=ERROR_INVALID_PARAMETER;
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = ValidateAddr(&(pMMTemplate->pMMSAs->Me));
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = ValidateAddr(&(pMMTemplate->pMMSAs->Peer));
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
error:
|
|
|
|
return dwError;
|
|
}
|
|
|
|
|
|
DWORD
|
|
ValidateDeleteMMSAs(
|
|
STRING_HANDLE pServerName,
|
|
PMM_SA_CONTAINER pMMTemplate,
|
|
DWORD dwFlags
|
|
)
|
|
|
|
{
|
|
DWORD dwError=ERROR_SUCCESS;
|
|
|
|
if (pMMTemplate == NULL ||
|
|
pMMTemplate->dwNumMMSAs == 0 ||
|
|
pMMTemplate->pMMSAs == NULL) {
|
|
dwError=ERROR_INVALID_PARAMETER;
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = ValidateAddr(&(pMMTemplate->pMMSAs->Me));
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = ValidateAddr(&(pMMTemplate->pMMSAs->Peer));
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
error:
|
|
|
|
return dwError;
|
|
}
|
|
|
|
|
|
DWORD
|
|
ValidateQueryIKEStatistics(
|
|
STRING_HANDLE pServerName,
|
|
IKE_STATISTICS *pIKEStatistics
|
|
)
|
|
|
|
{
|
|
|
|
DWORD dwError=ERROR_SUCCESS;
|
|
|
|
if (pIKEStatistics == NULL) {
|
|
dwError=ERROR_INVALID_PARAMETER;
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
error:
|
|
return dwError;
|
|
}
|
|
|
|
|
|
DWORD
|
|
ValidateRegisterIKENotifyClient(
|
|
STRING_HANDLE pServerName,
|
|
DWORD dwClientProcessId,
|
|
ULONG uhClientEvent,
|
|
PQM_SA_CONTAINER pQMSATemplateContainer,
|
|
IKENOTIFY_HANDLE *phNotifyHandle,
|
|
DWORD dwFlags
|
|
)
|
|
{
|
|
DWORD dwError=ERROR_SUCCESS;
|
|
|
|
if (pServerName && (wcscmp(pServerName,L"") != 0)) {
|
|
return ERROR_NOT_SUPPORTED;
|
|
}
|
|
|
|
if (pQMSATemplateContainer == NULL ||
|
|
pQMSATemplateContainer->pQMSAs == NULL ||
|
|
pQMSATemplateContainer->dwNumQMSAs == 0 ||
|
|
phNotifyHandle == NULL) {
|
|
dwError=ERROR_INVALID_PARAMETER;
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = ValidateQMFilterAddresses(
|
|
&pQMSATemplateContainer->pQMSAs->IpsecQMFilter
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
error:
|
|
|
|
return dwError;
|
|
}
|
|
|
|
DWORD ValidateQueryNotifyData(
|
|
IKENOTIFY_HANDLE uhNotifyHandle,
|
|
PDWORD pdwNumEntries,
|
|
PQM_SA_CONTAINER *ppQMSAContainer,
|
|
DWORD dwFlags
|
|
)
|
|
|
|
{
|
|
|
|
DWORD dwError=ERROR_SUCCESS;
|
|
|
|
if (ppQMSAContainer == NULL ||
|
|
*ppQMSAContainer == NULL ||
|
|
pdwNumEntries == NULL ||
|
|
*pdwNumEntries == 0) {
|
|
dwError=ERROR_INVALID_PARAMETER;
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
error:
|
|
return dwError;
|
|
|
|
}
|
|
|
|
DWORD ValidateCloseNotifyHandle(
|
|
IKENOTIFY_HANDLE *phHandle
|
|
)
|
|
{
|
|
DWORD dwError=ERROR_SUCCESS;
|
|
|
|
if (phHandle == NULL) {
|
|
dwError=ERROR_INVALID_PARAMETER;
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
error:
|
|
return dwError;
|
|
}
|
|
|
|
DWORD ValidateIPSecAddSA(
|
|
STRING_HANDLE pServerName,
|
|
IPSEC_SA_DIRECTION SADirection,
|
|
PIPSEC_QM_POLICY_CONTAINER pQMPolicyContainer,
|
|
PQM_FILTER_CONTAINER pQMFilterContainer,
|
|
DWORD *uhLarvalContext,
|
|
DWORD dwInboundKeyMatLen,
|
|
BYTE *pInboundKeyMat,
|
|
DWORD dwOutboundKeyMatLen,
|
|
BYTE *pOutboundKeyMat,
|
|
BYTE *pContextInfo,
|
|
UDP_ENCAP_INFO EncapInfo,
|
|
DWORD dwFlags)
|
|
|
|
{
|
|
DWORD dwError=ERROR_SUCCESS;
|
|
DWORD dwNumOffers=1;
|
|
|
|
if (!pQMFilterContainer ||
|
|
!pQMPolicyContainer ||
|
|
pContextInfo == NULL) {
|
|
dwError= ERROR_INVALID_PARAMETER;
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
if (uhLarvalContext == NULL){
|
|
dwError= ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
if (SADirection >= SA_DIRECTION_MAX ||
|
|
SADirection < SA_DIRECTION_BOTH) {
|
|
dwError= ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
if (!(pQMFilterContainer->pQMFilters) ||
|
|
!(pQMFilterContainer->dwNumFilters)) {
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
if (!(pQMPolicyContainer->pPolicies) ||
|
|
!(pQMPolicyContainer->dwNumPolicies)) {
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
dwError = ValidateIPSecQMFilter(
|
|
pQMFilterContainer->pQMFilters
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = ValidateQMOffers(
|
|
dwNumOffers,
|
|
pQMPolicyContainer->pPolicies->pOffers);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
if (EncapInfo.SAEncapType < SA_UDP_ENCAP_TYPE_NONE ||
|
|
EncapInfo.SAEncapType >= SA_UDP_ENCAP_TYPE_MAX) {
|
|
dwError=ERROR_INVALID_PARAMETER;
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
if (EncapInfo.SAEncapType == SA_UDP_ENCAP_TYPE_OTHER) {
|
|
dwError=ERROR_NOT_SUPPORTED;
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
if (EncapInfo.SAEncapType != SA_UDP_ENCAP_TYPE_NONE) {
|
|
if (EncapInfo.PeerAddrVersion != IPSEC_PROTOCOL_V4) {
|
|
dwError=ERROR_INVALID_PARAMETER;
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
if (EncapInfo.PeerPrivateAddr.AddrType != IP_ADDR_UNIQUE) {
|
|
dwError=ERROR_INVALID_PARAMETER;
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError=VerifyAddresses(&EncapInfo.PeerPrivateAddr,
|
|
FALSE,
|
|
TRUE);
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
error:
|
|
return dwError;
|
|
}
|
|
|
|
DWORD ValidateSetConfigurationVariables(
|
|
LPWSTR pServerName,
|
|
IKE_CONFIG IKEConfig
|
|
)
|
|
{
|
|
DWORD dwError = ERROR_SUCCESS;
|
|
|
|
if (IKEConfig.dwStrongCRLCheck > 2) {
|
|
dwError= ERROR_INVALID_PARAMETER;
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
if (IKEConfig.dwNLBSFlags >= FLAGS_NLBS_MAX) {
|
|
dwError= ERROR_INVALID_PARAMETER;
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
if (IKEConfig.dwFlags != 0) {
|
|
dwError= ERROR_INVALID_PARAMETER;
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
error:
|
|
return dwError;
|
|
}
|
|
|
|
DWORD ValidateGetConfigurationVariables(
|
|
LPWSTR pServerName,
|
|
PIKE_CONFIG pIKEConfig
|
|
)
|
|
{
|
|
DWORD dwError = ERROR_SUCCESS;
|
|
|
|
if (pIKEConfig == NULL) {
|
|
dwError=ERROR_INVALID_PARAMETER;
|
|
}
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
error:
|
|
return dwError;
|
|
}
|
|
|
|
|
|
DWORD WINAPI ConvertExtMMAuthToInt(PMM_AUTH_METHODS pMMAuthMethods,
|
|
PINT_MM_AUTH_METHODS *pIntMMAuthMethods)
|
|
{
|
|
|
|
PINT_MM_AUTH_METHODS pIntAuth=NULL;
|
|
DWORD dwError;
|
|
DWORD dwNumIntAuths=0;
|
|
DWORD i,j;
|
|
PIPSEC_MM_AUTH_INFO pAuthInfo;
|
|
PINT_IPSEC_MM_AUTH_INFO pIntAuthInfo;
|
|
DWORD dwCurIndex=0;
|
|
PCERT_ROOT_CONFIG pInboundCertArray;
|
|
|
|
dwError=AllocateSPDMemory(sizeof(INT_MM_AUTH_METHODS),&pIntAuth);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
memcpy(&pIntAuth->gMMAuthID,&pMMAuthMethods->gMMAuthID,sizeof(GUID));
|
|
pIntAuth->dwFlags=pMMAuthMethods->dwFlags;
|
|
|
|
for (i=0; i < pMMAuthMethods->dwNumAuthInfos; i++) {
|
|
pAuthInfo=&pMMAuthMethods->pAuthenticationInfo[i];
|
|
switch(pAuthInfo->AuthMethod) {
|
|
case IKE_PRESHARED_KEY:
|
|
case IKE_SSPI:
|
|
dwNumIntAuths++;
|
|
break;
|
|
case IKE_RSA_SIGNATURE:
|
|
dwNumIntAuths += pAuthInfo->CertAuthInfo.dwInboundRootArraySize;
|
|
break;
|
|
}
|
|
}
|
|
pIntAuth->dwNumAuthInfos=dwNumIntAuths;
|
|
|
|
dwError=AllocateSPDMemory(sizeof(INT_IPSEC_MM_AUTH_INFO) * dwNumIntAuths,
|
|
&pIntAuth->pAuthenticationInfo);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
for (i=0; i < pMMAuthMethods->dwNumAuthInfos; i++) {
|
|
pAuthInfo=&pMMAuthMethods->pAuthenticationInfo[i];
|
|
pIntAuthInfo=&pIntAuth->pAuthenticationInfo[dwCurIndex];
|
|
pIntAuthInfo->AuthMethod=pAuthInfo->AuthMethod;
|
|
switch(pAuthInfo->AuthMethod) {
|
|
case IKE_PRESHARED_KEY:
|
|
dwError=AllocateSPDMemory(pAuthInfo->GeneralAuthInfo.dwAuthInfoSize,
|
|
&pIntAuthInfo->pAuthInfo);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
memcpy(pIntAuthInfo->pAuthInfo,
|
|
pAuthInfo->GeneralAuthInfo.pAuthInfo,
|
|
pAuthInfo->GeneralAuthInfo.dwAuthInfoSize);
|
|
pIntAuthInfo->dwAuthInfoSize=pAuthInfo->GeneralAuthInfo.dwAuthInfoSize;
|
|
dwCurIndex++;
|
|
break;
|
|
case IKE_SSPI:
|
|
dwCurIndex++;
|
|
break;
|
|
case IKE_RSA_SIGNATURE:
|
|
pInboundCertArray=pAuthInfo->CertAuthInfo.pInboundRootArray;
|
|
for (j=0;j< pAuthInfo->CertAuthInfo.dwInboundRootArraySize;j++) {
|
|
pIntAuthInfo=&pIntAuth->pAuthenticationInfo[dwCurIndex];
|
|
dwError=AllocateSPDMemory(pInboundCertArray[j].dwCertDataSize,
|
|
&pIntAuthInfo->pAuthInfo);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
memcpy(pIntAuthInfo->pAuthInfo,pInboundCertArray[j].pCertData,
|
|
pInboundCertArray[j].dwCertDataSize);
|
|
pIntAuthInfo->dwAuthInfoSize=pInboundCertArray[j].dwCertDataSize;
|
|
pIntAuthInfo->AuthMethod=IKE_RSA_SIGNATURE;
|
|
pIntAuthInfo->dwAuthFlags=pInboundCertArray[j].dwFlags;
|
|
dwCurIndex++;
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
|
|
*pIntMMAuthMethods=pIntAuth;
|
|
return ERROR_SUCCESS;
|
|
|
|
error:
|
|
|
|
FreeIntMMAuthMethods(pIntAuth);
|
|
return (dwError);
|
|
}
|
|
|
|
#define INVALID_INDEX 0xffff
|
|
|
|
|
|
DWORD WINAPI ConvertIntMMAuthToExt(PINT_MM_AUTH_METHODS pIntMMAuthMethods,
|
|
PMM_AUTH_METHODS *pMMAuthMethods)
|
|
|
|
{
|
|
|
|
PMM_AUTH_METHODS pExtAuth=NULL;
|
|
DWORD dwError;
|
|
DWORD dwNumExtAuths=0;
|
|
DWORD i;
|
|
PINT_IPSEC_MM_AUTH_INFO pAuthInfo;
|
|
PIPSEC_MM_AUTH_INFO pExtAuthInfo;
|
|
PMM_CERT_INFO pCertInfo;
|
|
DWORD dwCurCertIndex=0;
|
|
PCERT_ROOT_CONFIG pInboundCertArray;
|
|
|
|
DWORD dwNumCerts=0;
|
|
DWORD dwCertIndex=INVALID_INDEX;
|
|
DWORD dwPSKeyIndex=INVALID_INDEX;
|
|
DWORD dwKerbIndex=INVALID_INDEX;
|
|
|
|
dwError=AllocateSPDMemory(sizeof(MM_AUTH_METHODS),&pExtAuth);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
memcpy(&pExtAuth->gMMAuthID,&pIntMMAuthMethods->gMMAuthID,sizeof(GUID));
|
|
pExtAuth->dwFlags=pIntMMAuthMethods->dwFlags;
|
|
|
|
for (i=0; i < pIntMMAuthMethods->dwNumAuthInfos; i++) {
|
|
pAuthInfo=&pIntMMAuthMethods->pAuthenticationInfo[i];
|
|
switch(pAuthInfo->AuthMethod) {
|
|
case IKE_PRESHARED_KEY:
|
|
dwPSKeyIndex=dwNumExtAuths;
|
|
dwNumExtAuths++;
|
|
break;
|
|
case IKE_SSPI:
|
|
dwKerbIndex=dwNumExtAuths;
|
|
dwNumExtAuths++;
|
|
break;
|
|
case IKE_RSA_SIGNATURE:
|
|
if (dwCertIndex == INVALID_INDEX) {
|
|
dwCertIndex=dwNumExtAuths;
|
|
dwNumExtAuths++;
|
|
}
|
|
dwNumCerts++;
|
|
break;
|
|
}
|
|
}
|
|
pExtAuth->dwNumAuthInfos=dwNumExtAuths;
|
|
|
|
dwError=AllocateSPDMemory(sizeof(IPSEC_MM_AUTH_INFO) * dwNumExtAuths,
|
|
&pExtAuth->pAuthenticationInfo);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
if (dwCertIndex != INVALID_INDEX) {
|
|
pCertInfo=&pExtAuth->pAuthenticationInfo[dwCertIndex].CertAuthInfo;
|
|
dwError=AllocateSPDMemory(sizeof(CERT_ROOT_CONFIG) * dwNumCerts,
|
|
&pCertInfo->pInboundRootArray);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
dwError=AllocateSPDMemory(sizeof(CERT_ROOT_CONFIG) * dwNumCerts,
|
|
&pCertInfo->pOutboundRootArray);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
for (i=0; i < pIntMMAuthMethods->dwNumAuthInfos; i++) {
|
|
pAuthInfo=&pIntMMAuthMethods->pAuthenticationInfo[i];
|
|
switch(pAuthInfo->AuthMethod) {
|
|
case IKE_PRESHARED_KEY:
|
|
pExtAuthInfo=&pExtAuth->pAuthenticationInfo[dwPSKeyIndex];
|
|
dwError=AllocateSPDMemory(pAuthInfo->dwAuthInfoSize,
|
|
&pExtAuthInfo->GeneralAuthInfo.pAuthInfo);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
memcpy(pExtAuthInfo->GeneralAuthInfo.pAuthInfo,
|
|
pAuthInfo->pAuthInfo,
|
|
pAuthInfo->dwAuthInfoSize);
|
|
pExtAuthInfo->GeneralAuthInfo.dwAuthInfoSize=pAuthInfo->dwAuthInfoSize;
|
|
pExtAuthInfo->AuthMethod=IKE_PRESHARED_KEY;
|
|
break;
|
|
case IKE_SSPI:
|
|
pExtAuthInfo=&pExtAuth->pAuthenticationInfo[dwKerbIndex];
|
|
pExtAuthInfo->AuthMethod=IKE_SSPI;
|
|
break;
|
|
case IKE_RSA_SIGNATURE:
|
|
pExtAuthInfo=&pExtAuth->pAuthenticationInfo[dwCertIndex];
|
|
pExtAuthInfo->AuthMethod=IKE_RSA_SIGNATURE;
|
|
pCertInfo=&pExtAuthInfo->CertAuthInfo;
|
|
dwError=AllocateSPDMemory(pAuthInfo->dwAuthInfoSize,
|
|
&pCertInfo->pInboundRootArray[dwCurCertIndex].pCertData);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
memcpy(pCertInfo->pInboundRootArray[dwCurCertIndex].pCertData,
|
|
pAuthInfo->pAuthInfo,
|
|
pAuthInfo->dwAuthInfoSize);
|
|
pCertInfo->pInboundRootArray[dwCurCertIndex].dwCertDataSize=pAuthInfo->dwAuthInfoSize;
|
|
pCertInfo->pInboundRootArray[dwCurCertIndex].dwFlags = pAuthInfo->dwAuthFlags;
|
|
|
|
// Copy same info into *pOutboundRootArray as well.
|
|
dwError=AllocateSPDMemory(pAuthInfo->dwAuthInfoSize,
|
|
&pCertInfo->pOutboundRootArray[dwCurCertIndex].pCertData);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
memcpy(pCertInfo->pOutboundRootArray[dwCurCertIndex].pCertData,
|
|
pAuthInfo->pAuthInfo,
|
|
pAuthInfo->dwAuthInfoSize);
|
|
pCertInfo->pOutboundRootArray[dwCurCertIndex].dwCertDataSize=pAuthInfo->dwAuthInfoSize;
|
|
pCertInfo->pOutboundRootArray[dwCurCertIndex].dwFlags = pAuthInfo->dwAuthFlags;
|
|
|
|
dwCurCertIndex++;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (dwCertIndex != INVALID_INDEX) {
|
|
pExtAuth->pAuthenticationInfo[dwCertIndex].CertAuthInfo.dwInboundRootArraySize = dwCurCertIndex;
|
|
pExtAuth->pAuthenticationInfo[dwCertIndex].CertAuthInfo.dwOutboundRootArraySize = dwCurCertIndex;
|
|
}
|
|
|
|
*pMMAuthMethods=pExtAuth;
|
|
return ERROR_SUCCESS;
|
|
|
|
error:
|
|
|
|
FreeExtMMAuthMethods(pExtAuth);
|
|
return (dwError);
|
|
}
|
|
|
|
DWORD WINAPI SPDConvertIntMMAuthToExt(PINT_MM_AUTH_METHODS pIntMMAuthMethods,
|
|
PMM_AUTH_METHODS *pMMAuthMethods)
|
|
|
|
{
|
|
|
|
PMM_AUTH_METHODS pExtAuth=NULL;
|
|
DWORD dwError;
|
|
DWORD dwNumExtAuths=0;
|
|
DWORD i;
|
|
PINT_IPSEC_MM_AUTH_INFO pAuthInfo;
|
|
PIPSEC_MM_AUTH_INFO pExtAuthInfo;
|
|
PMM_CERT_INFO pCertInfo;
|
|
DWORD dwCurCertIndex=0;
|
|
PCERT_ROOT_CONFIG pInboundCertArray;
|
|
|
|
DWORD dwNumCerts=0;
|
|
DWORD dwCertIndex=INVALID_INDEX;
|
|
DWORD dwPSKeyIndex=INVALID_INDEX;
|
|
DWORD dwKerbIndex=INVALID_INDEX;
|
|
|
|
dwError=SPDApiBufferAllocate(sizeof(MM_AUTH_METHODS),&pExtAuth);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
memcpy(&pExtAuth->gMMAuthID,&pIntMMAuthMethods->gMMAuthID,sizeof(GUID));
|
|
pExtAuth->dwFlags=pIntMMAuthMethods->dwFlags;
|
|
|
|
for (i=0; i < pIntMMAuthMethods->dwNumAuthInfos; i++) {
|
|
pAuthInfo=&pIntMMAuthMethods->pAuthenticationInfo[i];
|
|
switch(pAuthInfo->AuthMethod) {
|
|
case IKE_PRESHARED_KEY:
|
|
dwPSKeyIndex=dwNumExtAuths;
|
|
dwNumExtAuths++;
|
|
break;
|
|
case IKE_SSPI:
|
|
dwKerbIndex=dwNumExtAuths;
|
|
dwNumExtAuths++;
|
|
break;
|
|
case IKE_RSA_SIGNATURE:
|
|
if (dwCertIndex == INVALID_INDEX) {
|
|
dwCertIndex=dwNumExtAuths;
|
|
dwNumExtAuths++;
|
|
}
|
|
dwNumCerts++;
|
|
break;
|
|
}
|
|
}
|
|
pExtAuth->dwNumAuthInfos=dwNumExtAuths;
|
|
dwError=SPDApiBufferAllocate(sizeof(IPSEC_MM_AUTH_INFO) * dwNumExtAuths,
|
|
&pExtAuth->pAuthenticationInfo);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
if (dwCertIndex != INVALID_INDEX) {
|
|
pCertInfo=&pExtAuth->pAuthenticationInfo[dwCertIndex].CertAuthInfo;
|
|
dwError=SPDApiBufferAllocate(sizeof(CERT_ROOT_CONFIG) * dwNumCerts,
|
|
&pCertInfo->pInboundRootArray);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
dwError=SPDApiBufferAllocate(sizeof(CERT_ROOT_CONFIG) * dwNumCerts,
|
|
&pCertInfo->pOutboundRootArray);
|
|
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
for (i=0; i < pIntMMAuthMethods->dwNumAuthInfos; i++) {
|
|
pAuthInfo=&pIntMMAuthMethods->pAuthenticationInfo[i];
|
|
switch(pAuthInfo->AuthMethod) {
|
|
case IKE_PRESHARED_KEY:
|
|
pExtAuthInfo=&pExtAuth->pAuthenticationInfo[dwPSKeyIndex];
|
|
dwError=SPDApiBufferAllocate(pAuthInfo->dwAuthInfoSize,
|
|
&pExtAuthInfo->GeneralAuthInfo.pAuthInfo);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
memcpy(pExtAuthInfo->GeneralAuthInfo.pAuthInfo,
|
|
pAuthInfo->pAuthInfo,
|
|
pAuthInfo->dwAuthInfoSize);
|
|
pExtAuthInfo->GeneralAuthInfo.dwAuthInfoSize=pAuthInfo->dwAuthInfoSize;
|
|
pExtAuthInfo->AuthMethod=IKE_PRESHARED_KEY;
|
|
break;
|
|
case IKE_SSPI:
|
|
pExtAuthInfo=&pExtAuth->pAuthenticationInfo[dwKerbIndex];
|
|
pExtAuthInfo->AuthMethod=IKE_SSPI;
|
|
break;
|
|
case IKE_RSA_SIGNATURE:
|
|
pExtAuthInfo=&pExtAuth->pAuthenticationInfo[dwCertIndex];
|
|
pExtAuthInfo->AuthMethod=IKE_RSA_SIGNATURE;
|
|
pCertInfo=&pExtAuthInfo->CertAuthInfo;
|
|
dwError=SPDApiBufferAllocate(pAuthInfo->dwAuthInfoSize,
|
|
&pCertInfo->pInboundRootArray[dwCurCertIndex].pCertData);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
memcpy(pCertInfo->pInboundRootArray[dwCurCertIndex].pCertData,
|
|
pAuthInfo->pAuthInfo,
|
|
pAuthInfo->dwAuthInfoSize);
|
|
pCertInfo->pInboundRootArray[dwCurCertIndex].dwCertDataSize=pAuthInfo->dwAuthInfoSize;
|
|
pCertInfo->pInboundRootArray[dwCurCertIndex].dwFlags = pAuthInfo->dwAuthFlags;
|
|
|
|
// Copy same info into *pOutboundRootArray as well.
|
|
dwError=SPDApiBufferAllocate(pAuthInfo->dwAuthInfoSize,
|
|
&pCertInfo->pOutboundRootArray[dwCurCertIndex].pCertData);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
memcpy(pCertInfo->pOutboundRootArray[dwCurCertIndex].pCertData,
|
|
pAuthInfo->pAuthInfo,
|
|
pAuthInfo->dwAuthInfoSize);
|
|
pCertInfo->pOutboundRootArray[dwCurCertIndex].dwCertDataSize=pAuthInfo->dwAuthInfoSize;
|
|
pCertInfo->pOutboundRootArray[dwCurCertIndex].dwFlags = pAuthInfo->dwAuthFlags;
|
|
|
|
dwCurCertIndex++;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (dwCertIndex != INVALID_INDEX) {
|
|
pExtAuth->pAuthenticationInfo[dwCertIndex].CertAuthInfo.dwInboundRootArraySize = dwCurCertIndex;
|
|
pExtAuth->pAuthenticationInfo[dwCertIndex].CertAuthInfo.dwOutboundRootArraySize = dwCurCertIndex;
|
|
}
|
|
|
|
*pMMAuthMethods=pExtAuth;
|
|
return ERROR_SUCCESS;
|
|
|
|
error:
|
|
|
|
SPDFreeExtMMAuthMethods(pExtAuth);
|
|
return (dwError);
|
|
}
|
|
|
|
DWORD
|
|
WINAPI
|
|
SPDConvertArrayIntMMAuthToExt(
|
|
PINT_MM_AUTH_METHODS pIntMMAuthMethods,
|
|
PMM_AUTH_METHODS *ppMMAuthMethods,
|
|
DWORD dwNumAuthMeths)
|
|
{
|
|
DWORD dwError = ERROR_SUCCESS;
|
|
DWORD dwConvertIdx = 0;
|
|
PMM_AUTH_METHODS *ppTempAuthMethods = NULL;
|
|
PMM_AUTH_METHODS pExtAuthMethods = NULL;
|
|
|
|
dwError = SPDApiBufferAllocate(
|
|
dwNumAuthMeths * sizeof(MM_AUTH_METHODS),
|
|
&pExtAuthMethods
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = SPDApiBufferAllocate(
|
|
dwNumAuthMeths * sizeof(PMM_AUTH_METHODS),
|
|
(LPVOID *) &ppTempAuthMethods
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
for (dwConvertIdx = 0; dwConvertIdx < dwNumAuthMeths; dwConvertIdx++) {
|
|
dwError = SPDConvertIntMMAuthToExt(&pIntMMAuthMethods[dwConvertIdx],
|
|
&ppTempAuthMethods[dwConvertIdx]);
|
|
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
memcpy(
|
|
&pExtAuthMethods[dwConvertIdx],
|
|
ppTempAuthMethods[dwConvertIdx],
|
|
sizeof(MM_AUTH_METHODS)
|
|
);
|
|
}
|
|
|
|
// Shallow free ppTempAuthMethods[i] (pExtAuthMethods has copies.)
|
|
for (dwConvertIdx = 0; dwConvertIdx < dwNumAuthMeths; dwConvertIdx++) {
|
|
SPDApiBufferFree(ppTempAuthMethods[dwConvertIdx]);
|
|
}
|
|
SPDApiBufferFree(ppTempAuthMethods);
|
|
|
|
*ppMMAuthMethods = pExtAuthMethods;
|
|
|
|
return dwError;
|
|
|
|
error:
|
|
// ASSERT: dwConvertIdx == number of internal auth methods successfully
|
|
// converted.
|
|
for (; dwConvertIdx ; dwConvertIdx--) {
|
|
SPDFreeExtMMAuthMethods(ppTempAuthMethods[dwConvertIdx-1]);
|
|
}
|
|
SPDApiBufferFree(ppTempAuthMethods);
|
|
|
|
SPDApiBufferFree(pExtAuthMethods);
|
|
|
|
*ppMMAuthMethods = NULL;
|
|
|
|
return dwError;
|
|
}
|
|
|
|
|
|
DWORD WINAPI FreeIntMMAuthMethods(PINT_MM_AUTH_METHODS pIntMMAuthMethods)
|
|
{
|
|
DWORD i;
|
|
PINT_IPSEC_MM_AUTH_INFO pIntAuthInfo;
|
|
|
|
if (pIntMMAuthMethods) {
|
|
if (pIntMMAuthMethods->pAuthenticationInfo) {
|
|
for (i=0; i < pIntMMAuthMethods->dwNumAuthInfos; i++) {
|
|
pIntAuthInfo=&pIntMMAuthMethods->pAuthenticationInfo[i];
|
|
FreeSPDMemory(pIntAuthInfo->pAuthInfo);
|
|
}
|
|
FreeSPDMemory(pIntMMAuthMethods->pAuthenticationInfo);
|
|
}
|
|
FreeSPDMemory(pIntMMAuthMethods);
|
|
}
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
|
|
DWORD
|
|
WINAPI
|
|
SPDFreeIntMMAuthMethods(
|
|
PINT_MM_AUTH_METHODS pIntMMAuthMethods,
|
|
BOOLEAN FreeTop)
|
|
{
|
|
DWORD i;
|
|
PINT_IPSEC_MM_AUTH_INFO pIntAuthInfo;
|
|
|
|
if (pIntMMAuthMethods) {
|
|
if (pIntMMAuthMethods->pAuthenticationInfo) {
|
|
for (i=0; i < pIntMMAuthMethods->dwNumAuthInfos; i++) {
|
|
pIntAuthInfo=&pIntMMAuthMethods->pAuthenticationInfo[i];
|
|
SPDApiBufferFree(pIntAuthInfo->pAuthInfo);
|
|
}
|
|
SPDApiBufferFree(pIntMMAuthMethods->pAuthenticationInfo);
|
|
}
|
|
if (FreeTop)
|
|
SPDApiBufferFree(pIntMMAuthMethods);
|
|
}
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
DWORD
|
|
WINAPI
|
|
SPDFreeIntMMAuthMethodsArray(
|
|
PINT_MM_AUTH_METHODS pIntMMAuthMethods,
|
|
DWORD dwNumAuthMeths)
|
|
{
|
|
DWORD Idx;
|
|
|
|
for (Idx = 0; Idx < dwNumAuthMeths; Idx++) {
|
|
SPDFreeIntMMAuthMethods(&pIntMMAuthMethods[Idx], FALSE);
|
|
}
|
|
SPDApiBufferFree(pIntMMAuthMethods);
|
|
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
|
|
|
|
|
|
VOID FreeMMAuthInfo(PIPSEC_MM_AUTH_INFO pAuthInfo)
|
|
{
|
|
PMM_CERT_INFO pCertInfo;
|
|
DWORD i;
|
|
|
|
if (pAuthInfo->AuthMethod == IKE_PRESHARED_KEY) {
|
|
FreeSPDMemory(pAuthInfo->GeneralAuthInfo.pAuthInfo);
|
|
}
|
|
if (pAuthInfo->AuthMethod == IKE_RSA_SIGNATURE) {
|
|
pCertInfo=&pAuthInfo->CertAuthInfo;
|
|
|
|
if (pCertInfo->pInboundRootArray) {
|
|
for (i=0; i < pCertInfo->dwInboundRootArraySize; i++) {
|
|
FreeSPDMemory(pCertInfo->pInboundRootArray[i].pCertData);
|
|
// The following is unused, but included for completeness
|
|
FreeSPDMemory(pCertInfo->pInboundRootArray[i].pAuthorizationData);
|
|
}
|
|
FreeSPDMemory(pCertInfo->pInboundRootArray);
|
|
}
|
|
|
|
if (pCertInfo->pOutboundRootArray) {
|
|
for (i=0; i < pCertInfo->dwOutboundRootArraySize; i++) {
|
|
FreeSPDMemory(pCertInfo->pOutboundRootArray[i].pCertData);
|
|
// The following is unused, but included for completeness
|
|
FreeSPDMemory(pCertInfo->pOutboundRootArray[i].pAuthorizationData);
|
|
}
|
|
FreeSPDMemory(pCertInfo->pOutboundRootArray);
|
|
}
|
|
|
|
// The following is unused.
|
|
FreeSPDMemory(pCertInfo->pMyCertHash);
|
|
}
|
|
|
|
}
|
|
|
|
VOID SPDFreeMMAuthInfo(PIPSEC_MM_AUTH_INFO pAuthInfo)
|
|
{
|
|
PMM_CERT_INFO pCertInfo;
|
|
DWORD i;
|
|
|
|
if (pAuthInfo->AuthMethod == IKE_PRESHARED_KEY) {
|
|
SPDApiBufferFree(pAuthInfo->GeneralAuthInfo.pAuthInfo);
|
|
}
|
|
if (pAuthInfo->AuthMethod == IKE_RSA_SIGNATURE) {
|
|
pCertInfo=&pAuthInfo->CertAuthInfo;
|
|
|
|
if (pCertInfo->pInboundRootArray) {
|
|
for (i=0; i < pCertInfo->dwInboundRootArraySize; i++) {
|
|
SPDApiBufferFree(pCertInfo->pInboundRootArray[i].pCertData);
|
|
// The following is unused, but included for completeness
|
|
SPDApiBufferFree(pCertInfo->pInboundRootArray[i].pAuthorizationData);
|
|
}
|
|
SPDApiBufferFree(pCertInfo->pInboundRootArray);
|
|
}
|
|
|
|
if (pCertInfo->pOutboundRootArray) {
|
|
for (i=0; i < pCertInfo->dwOutboundRootArraySize; i++) {
|
|
SPDApiBufferFree(pCertInfo->pOutboundRootArray[i].pCertData);
|
|
// The following is unused, but included for completeness
|
|
SPDApiBufferFree(pCertInfo->pOutboundRootArray[i].pAuthorizationData);
|
|
}
|
|
SPDApiBufferFree(pCertInfo->pOutboundRootArray);
|
|
}
|
|
|
|
// The following is unused.
|
|
SPDApiBufferFree(pCertInfo->pMyCertHash);
|
|
}
|
|
|
|
}
|
|
|
|
|
|
DWORD WINAPI FreeExtMMAuthMethods(PMM_AUTH_METHODS pMMAuthMethods)
|
|
{
|
|
DWORD i;
|
|
PIPSEC_MM_AUTH_INFO pAuthInfo;
|
|
|
|
if (pMMAuthMethods) {
|
|
if (pMMAuthMethods->pAuthenticationInfo) {
|
|
for (i=0; i < pMMAuthMethods->dwNumAuthInfos; i++) {
|
|
pAuthInfo=&pMMAuthMethods->pAuthenticationInfo[i];
|
|
FreeMMAuthInfo(pAuthInfo);
|
|
}
|
|
FreeSPDMemory(pMMAuthMethods->pAuthenticationInfo);
|
|
}
|
|
FreeSPDMemory(pMMAuthMethods);
|
|
}
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
DWORD WINAPI SPDFreeExtMMAuthMethods(PMM_AUTH_METHODS pMMAuthMethods)
|
|
{
|
|
DWORD i;
|
|
PIPSEC_MM_AUTH_INFO pAuthInfo;
|
|
|
|
if (pMMAuthMethods) {
|
|
if (pMMAuthMethods->pAuthenticationInfo) {
|
|
for (i=0; i < pMMAuthMethods->dwNumAuthInfos; i++) {
|
|
pAuthInfo=&pMMAuthMethods->pAuthenticationInfo[i];
|
|
SPDFreeMMAuthInfo(pAuthInfo);
|
|
}
|
|
SPDApiBufferFree(pMMAuthMethods->pAuthenticationInfo);
|
|
}
|
|
SPDApiBufferFree(pMMAuthMethods);
|
|
}
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
BOOLEAN
|
|
IsSpecialServ(
|
|
ADDR_TYPE AddrType
|
|
)
|
|
{
|
|
switch (AddrType) {
|
|
case IP_ADDR_DNS_SERVER:
|
|
case IP_ADDR_WINS_SERVER:
|
|
case IP_ADDR_DHCP_SERVER:
|
|
case IP_ADDR_DEFAULT_GATEWAY:
|
|
return TRUE;
|
|
default:
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
ADDR_TYPE
|
|
ExTypeToAddrType(
|
|
UCHAR ExType
|
|
)
|
|
{
|
|
ExType &= ~EXT_DEST;
|
|
switch (ExType) {
|
|
case EXT_DNS_SERVER:
|
|
return IP_ADDR_DNS_SERVER;
|
|
case EXT_WINS_SERVER:
|
|
return IP_ADDR_WINS_SERVER;
|
|
case EXT_DHCP_SERVER:
|
|
return IP_ADDR_DHCP_SERVER;
|
|
case EXT_DEFAULT_GATEWAY:
|
|
return IP_ADDR_DEFAULT_GATEWAY;
|
|
}
|
|
return IP_ADDR_UNIQUE;
|
|
}
|
|
|
|
|
|
|