archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ipsec/polstore/policy-r.c

1157 lines
28 KiB
Raw Normal View History

Add source files
4 years ago
  1. //----------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 2000.
  5. //
  6. // File: policy-r.c
  7. //
  8. // Contents: Policy management for registry.
  9. //
  10. //
  11. // History: KrishnaG.
  12. // AbhisheV.
  13. //
  14. //----------------------------------------------------------------------------
  16. #include "precomp.h"
  18. extern LPWSTR PolicyDNAttributes[];
  20. DWORD
  21. RegEnumPolicyData(
  22. HKEY hRegistryKey,
  23. LPWSTR pszIpsecRootContainer,
  24. PIPSEC_POLICY_DATA ** pppIpsecPolicyData,
  25. PDWORD pdwNumPolicyObjects
  26. )
  27. {
  28. DWORD dwError = 0;
  29. PIPSEC_POLICY_OBJECT * ppIpsecPolicyObjects = NULL;
  30. PIPSEC_POLICY_DATA pIpsecPolicyData = NULL;
  31. PIPSEC_POLICY_DATA * ppIpsecPolicyData = NULL;
  32. DWORD dwNumPolicyObjects = 0;
  33. DWORD i = 0;
  34. DWORD j = 0;
  37. dwError = RegEnumPolicyObjects(
  38. hRegistryKey,
  39. pszIpsecRootContainer,
  40. &ppIpsecPolicyObjects,
  41. &dwNumPolicyObjects
  42. );
  43. BAIL_ON_WIN32_ERROR(dwError);
  45. if (dwNumPolicyObjects) {
  46. ppIpsecPolicyData = (PIPSEC_POLICY_DATA *) AllocPolMem(
  47. dwNumPolicyObjects*sizeof(PIPSEC_POLICY_DATA));
  48. if (!ppIpsecPolicyData) {
  49. dwError = ERROR_OUTOFMEMORY;
  50. BAIL_ON_WIN32_ERROR(dwError);
  51. }
  52. }
  54. for (i = 0; i < dwNumPolicyObjects; i++) {
  56. dwError = RegUnmarshallPolicyData(
  57. *(ppIpsecPolicyObjects + i),
  58. &pIpsecPolicyData
  59. );
  60. if (!dwError) {
  61. *(ppIpsecPolicyData + j) = pIpsecPolicyData;
  62. j++;
  63. }
  64. }
  66. if (j == 0) {
  67. if (ppIpsecPolicyData) {
  68. FreePolMem(ppIpsecPolicyData);
  69. ppIpsecPolicyData = NULL;
  70. }
  71. }
  73. *pppIpsecPolicyData = ppIpsecPolicyData;
  74. *pdwNumPolicyObjects = j;
  76. dwError = ERROR_SUCCESS;
  78. cleanup:
  80. if (ppIpsecPolicyObjects) {
  81. FreeIpsecPolicyObjects(
  82. ppIpsecPolicyObjects,
  83. dwNumPolicyObjects
  84. );
  85. }
  87. return(dwError);
  89. error:
  91. if (ppIpsecPolicyData) {
  92. FreeMulIpsecPolicyData(
  93. ppIpsecPolicyData,
  94. i
  95. );
  96. }
  98. *pppIpsecPolicyData = NULL;
  99. *pdwNumPolicyObjects = 0;
  101. goto cleanup;
  103. }
  105. DWORD
  106. RegEnumPolicyObjects(
  107. HKEY hRegistryKey,
  108. LPWSTR pszIpsecRootContainer,
  109. PIPSEC_POLICY_OBJECT ** pppIpsecPolicyObjects,
  110. PDWORD pdwNumPolicyObjects
  111. )
  112. {
  114. DWORD dwError = 0;
  115. DWORD i = 0;
  116. DWORD dwCount = 0;
  117. PIPSEC_POLICY_OBJECT pIpsecPolicyObject = NULL;
  118. PIPSEC_POLICY_OBJECT * ppIpsecPolicyObjects = NULL;
  120. DWORD dwNumPolicyObjectsReturned = 0;
  121. DWORD dwIndex = 0;
  122. WCHAR szPolicyName[MAX_PATH];
  123. DWORD dwSize = 0;
  125. *pppIpsecPolicyObjects = NULL;
  126. *pdwNumPolicyObjects = 0;
  128. while (1) {
  130. dwSize = MAX_PATH;
  131. szPolicyName[0] = L'\0';
  133. dwError = RegEnumKeyExW(
  134. hRegistryKey,
  135. dwIndex,
  136. szPolicyName,
  137. &dwSize,
  138. NULL,
  139. NULL,
  140. 0,
  141. 0
  142. );
  143. if (dwError == ERROR_NO_MORE_ITEMS) {
  144. break;
  145. }
  146. BAIL_ON_WIN32_ERROR(dwError);
  148. if (!wcsstr(szPolicyName, L"ipsecPolicy")) {
  149. dwIndex++;
  150. continue;
  151. }
  153. pIpsecPolicyObject = NULL;
  155. dwError =UnMarshallRegistryPolicyObject(
  156. hRegistryKey,
  157. pszIpsecRootContainer,
  158. szPolicyName,
  159. REG_RELATIVE_NAME,
  160. &pIpsecPolicyObject
  161. );
  162. if (dwError == ERROR_SUCCESS) {
  165. dwError = ReallocatePolMem(
  166. (LPVOID *) &ppIpsecPolicyObjects,
  167. sizeof(PIPSEC_POLICY_OBJECT)*(dwNumPolicyObjectsReturned),
  168. sizeof(PIPSEC_POLICY_OBJECT)*(dwNumPolicyObjectsReturned + 1)
  169. );
  170. BAIL_ON_WIN32_ERROR(dwError);
  172. *(ppIpsecPolicyObjects + dwNumPolicyObjectsReturned) = pIpsecPolicyObject;
  174. dwNumPolicyObjectsReturned++;
  176. }
  178. dwIndex++;
  180. }
  182. *pppIpsecPolicyObjects = ppIpsecPolicyObjects;
  183. *pdwNumPolicyObjects = dwNumPolicyObjectsReturned;
  185. dwError = ERROR_SUCCESS;
  187. return(dwError);
  189. error:
  192. if (ppIpsecPolicyObjects) {
  193. FreeIpsecPolicyObjects(
  194. ppIpsecPolicyObjects,
  195. dwNumPolicyObjectsReturned
  196. );
  197. }
  199. if (pIpsecPolicyObject) {
  200. FreeIpsecPolicyObject(
  201. pIpsecPolicyObject
  202. );
  203. }
  205. *pppIpsecPolicyObjects = NULL;
  206. *pdwNumPolicyObjects = 0;
  209. return(dwError);
  210. }
  213. DWORD
  214. RegSetPolicyData(
  215. HKEY hRegistryKey,
  216. LPWSTR pszIpsecRootContainer,
  217. LPWSTR pszLocationName,
  218. PIPSEC_POLICY_DATA pIpsecPolicyData
  219. )
  220. {
  221. DWORD dwError = 0;
  222. PIPSEC_POLICY_OBJECT pIpsecPolicyObject = NULL;
  223. LPWSTR pszAbsOldISAKMPRef = NULL;
  224. LPWSTR pszRelOldISAKMPRef = NULL;
  225. WCHAR szAbsPolicyReference[MAX_PATH];
  226. LPWSTR pszRelISAKMPReference = NULL;
  227. DWORD dwRootPathLen = 0;
  228. BOOL bIsActive = FALSE;
  231. dwRootPathLen = wcslen(pszIpsecRootContainer);
  233. dwError = RegGetPolicyExistingISAKMPRef(
  234. hRegistryKey,
  235. pIpsecPolicyData,
  236. &pszAbsOldISAKMPRef
  237. );
  238. // BAIL_ON_WIN32_ERROR(dwError);
  240. if (pszAbsOldISAKMPRef && *pszAbsOldISAKMPRef) {
  241. pszRelOldISAKMPRef = pszAbsOldISAKMPRef + dwRootPathLen + 1;
  242. }
  244. dwError = RegMarshallPolicyObject(
  245. pIpsecPolicyData,
  246. pszIpsecRootContainer,
  247. &pIpsecPolicyObject
  248. );
  249. BAIL_ON_WIN32_ERROR(dwError);
  251. dwError = RegSetPolicyObject(
  252. hRegistryKey,
  253. pszIpsecRootContainer,
  254. pIpsecPolicyObject
  255. );
  256. BAIL_ON_WIN32_ERROR(dwError);
  258. szAbsPolicyReference[0] = L'\0';
  259. wcscpy(szAbsPolicyReference, pszIpsecRootContainer);
  260. wcscat(szAbsPolicyReference, L"\\");
  261. wcscat(szAbsPolicyReference, pIpsecPolicyObject->pszIpsecOwnersReference);
  263. pszRelISAKMPReference = pIpsecPolicyObject->pszIpsecISAKMPReference
  264. + dwRootPathLen + 1;
  266. if (pszRelOldISAKMPRef) {
  267. dwError = RegRemovePolicyReferenceFromISAKMPObject(
  268. hRegistryKey,
  269. pszRelOldISAKMPRef,
  270. szAbsPolicyReference
  271. );
  272. // BAIL_ON_WIN32_ERROR(dwError);
  273. }
  275. dwError = RegAddPolicyReferenceToISAKMPObject(
  276. hRegistryKey,
  277. pszRelISAKMPReference,
  278. szAbsPolicyReference
  279. );
  280. BAIL_ON_WIN32_ERROR(dwError);
  282. dwError = RegUpdateISAKMPReferenceInPolicyObject(
  283. hRegistryKey,
  284. pIpsecPolicyObject->pszIpsecOwnersReference,
  285. pszAbsOldISAKMPRef,
  286. pIpsecPolicyObject->pszIpsecISAKMPReference
  287. );
  288. BAIL_ON_WIN32_ERROR(dwError);
  290. dwError = IsRegPolicyCurrentlyActive(
  291. hRegistryKey,
  292. pszIpsecRootContainer,
  293. pIpsecPolicyData->PolicyIdentifier,
  294. &bIsActive
  295. );
  296. BAIL_ON_WIN32_ERROR(dwError);
  298. if (bIsActive) {
  299. dwError = PingPolicyAgentSvc(pszLocationName);
  300. BAIL_ON_WIN32_ERROR(dwError);
  301. }
  303. error:
  305. if (pIpsecPolicyObject) {
  306. FreeIpsecPolicyObject(pIpsecPolicyObject);
  307. }
  309. if (pszAbsOldISAKMPRef) {
  310. FreePolStr(pszAbsOldISAKMPRef);
  311. }
  313. return(dwError);
  314. }
  317. DWORD
  318. RegSetPolicyObject(
  319. HKEY hRegistryKey,
  320. LPWSTR pszIpsecRootContainer,
  321. PIPSEC_POLICY_OBJECT pIpsecPolicyObject
  322. )
  323. {
  324. DWORD dwError = 0;
  326. dwError = PersistPolicyObject(
  327. hRegistryKey,
  328. pIpsecPolicyObject
  329. );
  330. BAIL_ON_WIN32_ERROR(dwError);
  332. error:
  334. return(dwError);
  335. }
  338. DWORD
  339. RegCreatePolicyData(
  340. HKEY hRegistryKey,
  341. LPWSTR pszIpsecRootContainer,
  342. PIPSEC_POLICY_DATA pIpsecPolicyData
  343. )
  344. {
  345. DWORD dwError = 0;
  346. PIPSEC_POLICY_OBJECT pIpsecPolicyObject = NULL;
  347. WCHAR szAbsPolicyReference[MAX_PATH];
  348. LPWSTR pszRelISAKMPReference = NULL;
  349. DWORD dwRootPathLen = 0;
  352. dwRootPathLen = wcslen(pszIpsecRootContainer);
  354. dwError = RegMarshallPolicyObject(
  355. pIpsecPolicyData,
  356. pszIpsecRootContainer,
  357. &pIpsecPolicyObject
  358. );
  359. BAIL_ON_WIN32_ERROR(dwError);
  361. dwError = RegCreatePolicyObject(
  362. hRegistryKey,
  363. pszIpsecRootContainer,
  364. pIpsecPolicyObject
  365. );
  366. BAIL_ON_WIN32_ERROR(dwError);
  368. szAbsPolicyReference[0] = L'\0';
  369. wcscpy(szAbsPolicyReference, pszIpsecRootContainer);
  370. wcscat(szAbsPolicyReference, L"\\");
  371. wcscat(szAbsPolicyReference, pIpsecPolicyObject->pszIpsecOwnersReference);
  373. pszRelISAKMPReference = pIpsecPolicyObject->pszIpsecISAKMPReference
  374. + dwRootPathLen + 1;
  376. //
  377. // Write the ISAKMP object reference.
  378. //
  380. dwError = RegAddPolicyReferenceToISAKMPObject(
  381. hRegistryKey,
  382. pszRelISAKMPReference,
  383. szAbsPolicyReference
  384. );
  385. BAIL_ON_WIN32_ERROR(dwError);
  387. //
  388. // Write the Policy object reference.
  389. //
  391. dwError = RegAddISAKMPReferenceToPolicyObject(
  392. hRegistryKey,
  393. pIpsecPolicyObject->pszIpsecOwnersReference,
  394. pIpsecPolicyObject->pszIpsecISAKMPReference
  395. );
  396. BAIL_ON_WIN32_ERROR(dwError);
  398. error:
  400. if (pIpsecPolicyObject) {
  401. FreeIpsecPolicyObject(
  402. pIpsecPolicyObject
  403. );
  404. }
  406. return(dwError);
  407. }
  410. DWORD
  411. RegCreatePolicyObject(
  412. HKEY hRegistryKey,
  413. LPWSTR pszIpsecRootContainer,
  414. PIPSEC_POLICY_OBJECT pIpsecPolicyObject
  415. )
  416. {
  418. DWORD dwError = 0;
  420. dwError = PersistPolicyObject(
  421. hRegistryKey,
  422. pIpsecPolicyObject
  423. );
  424. BAIL_ON_WIN32_ERROR(dwError);
  426. error:
  428. return(dwError);
  429. }
  432. DWORD
  433. RegDeletePolicyData(
  434. HKEY hRegistryKey,
  435. LPWSTR pszIpsecRootContainer,
  436. PIPSEC_POLICY_DATA pIpsecPolicyData
  437. )
  438. {
  439. DWORD dwError = ERROR_SUCCESS;
  440. PIPSEC_POLICY_OBJECT pIpsecPolicyObject = NULL;
  441. WCHAR szAbsPolicyReference[MAX_PATH];
  442. LPWSTR pszRelISAKMPReference = NULL;
  443. DWORD dwRootPathLen = 0;
  444. BOOL bIsActive = FALSE;
  447. dwError = IsRegPolicyCurrentlyActive(
  448. hRegistryKey,
  449. pszIpsecRootContainer,
  450. pIpsecPolicyData->PolicyIdentifier,
  451. &bIsActive
  452. );
  453. BAIL_ON_WIN32_ERROR(dwError);
  455. if (bIsActive) {
  456. dwError = ERROR_INVALID_PARAMETER;
  457. BAIL_ON_WIN32_ERROR(dwError);
  458. }
  460. dwRootPathLen = wcslen(pszIpsecRootContainer);
  462. dwError = RegMarshallPolicyObject(
  463. pIpsecPolicyData,
  464. pszIpsecRootContainer,
  465. &pIpsecPolicyObject
  466. );
  467. BAIL_ON_WIN32_ERROR(dwError);
  469. szAbsPolicyReference[0] = L'\0';
  470. wcscpy(szAbsPolicyReference, pszIpsecRootContainer);
  471. wcscat(szAbsPolicyReference, L"\\");
  472. wcscat(szAbsPolicyReference, pIpsecPolicyObject->pszIpsecOwnersReference);
  474. pszRelISAKMPReference = pIpsecPolicyObject->pszIpsecISAKMPReference
  475. + dwRootPathLen + 1;
  477. dwError = RegRemovePolicyReferenceFromISAKMPObject(
  478. hRegistryKey,
  479. pszRelISAKMPReference,
  480. szAbsPolicyReference
  481. );
  482. // BAIL_ON_WIN32_ERROR(dwError);
  484. dwError = RegDeleteKeyW(
  485. hRegistryKey,
  486. pIpsecPolicyObject->pszIpsecOwnersReference
  487. );
  488. BAIL_ON_WIN32_ERROR(dwError);
  490. error:
  492. if (pIpsecPolicyObject) {
  493. FreeIpsecPolicyObject(pIpsecPolicyObject);
  494. }
  496. return(dwError);
  497. }
  500. DWORD
  501. RegUnmarshallPolicyData(
  502. PIPSEC_POLICY_OBJECT pIpsecPolicyObject,
  503. PIPSEC_POLICY_DATA * ppIpsecPolicyData
  504. )
  505. {
  506. DWORD dwError = 0;
  508. dwError = UnmarshallPolicyObject(
  509. pIpsecPolicyObject,
  510. IPSEC_REGISTRY_PROVIDER,
  511. ppIpsecPolicyData
  512. );
  515. return(dwError);
  516. }
  518. DWORD
  519. RegMarshallPolicyObject(
  520. PIPSEC_POLICY_DATA pIpsecPolicyData,
  521. LPWSTR pszIpsecRootContainer,
  522. PIPSEC_POLICY_OBJECT * ppIpsecPolicyObject
  523. )
  524. {
  525. DWORD dwError = 0;
  526. PIPSEC_POLICY_OBJECT pIpsecPolicyObject = NULL;
  527. WCHAR szGuid[MAX_PATH];
  528. WCHAR szDistinguishedName[MAX_PATH];
  529. LPBYTE pBuffer = NULL;
  530. DWORD dwBufferLen = 0;
  531. LPWSTR pszStringUuid = NULL;
  532. LPWSTR pszIpsecISAKMPReference = NULL;
  533. time_t PresentTime;
  535. szGuid[0] = L'\0';
  536. szDistinguishedName[0] = L'\0';
  537. pIpsecPolicyObject = (PIPSEC_POLICY_OBJECT)AllocPolMem(
  538. sizeof(IPSEC_POLICY_OBJECT)
  539. );
  540. if (!pIpsecPolicyObject) {
  541. dwError = ERROR_OUTOFMEMORY;
  542. BAIL_ON_WIN32_ERROR(dwError);
  543. }
  545. dwError = UuidToString(
  546. &pIpsecPolicyData->PolicyIdentifier,
  547. &pszStringUuid
  548. );
  549. BAIL_ON_WIN32_ERROR(dwError);
  550. wcscpy(szGuid, L"{");
  551. wcscat(szGuid, pszStringUuid);
  552. wcscat(szGuid, L"}");
  554. //
  555. // Fill in the distinguishedName
  556. //
  558. wcscpy(szDistinguishedName,L"ipsecPolicy");
  559. wcscat(szDistinguishedName, szGuid);
  560. pIpsecPolicyObject->pszIpsecOwnersReference = AllocPolStr(
  561. szDistinguishedName
  562. );
  563. if (!pIpsecPolicyObject->pszIpsecOwnersReference) {
  564. dwError = ERROR_OUTOFMEMORY;
  565. BAIL_ON_WIN32_ERROR(dwError);
  566. }
  569. //
  570. // Fill in the ipsecName
  571. //
  573. if (pIpsecPolicyData->pszIpsecName &&
  574. *pIpsecPolicyData->pszIpsecName) {
  576. pIpsecPolicyObject->pszIpsecName = AllocPolStr(
  577. pIpsecPolicyData->pszIpsecName
  578. );
  579. if (!pIpsecPolicyObject->pszIpsecName) {
  580. dwError = ERROR_OUTOFMEMORY;
  581. BAIL_ON_WIN32_ERROR(dwError);
  582. }
  583. }
  585. if (pIpsecPolicyData->pszDescription &&
  586. *pIpsecPolicyData->pszDescription) {
  588. pIpsecPolicyObject->pszDescription = AllocPolStr(
  589. pIpsecPolicyData->pszDescription
  590. );
  591. if (!pIpsecPolicyObject->pszDescription) {
  592. dwError = ERROR_OUTOFMEMORY;
  593. BAIL_ON_WIN32_ERROR(dwError);
  594. }
  595. }
  597. //
  598. // Fill in the ipsecID
  599. //
  601. pIpsecPolicyObject->pszIpsecID = AllocPolStr(
  602. szGuid
  603. );
  604. if (!pIpsecPolicyObject->pszIpsecID) {
  605. dwError = ERROR_OUTOFMEMORY;
  606. BAIL_ON_WIN32_ERROR(dwError);
  607. }
  609. //
  610. // Fill in the ipsecDataType
  611. //
  613. pIpsecPolicyObject->dwIpsecDataType = 0x100;
  616. //
  617. // Marshall the pIpsecDataBuffer and the Length
  618. //
  620. dwError = MarshallPolicyBuffer(
  621. pIpsecPolicyData,
  622. &pBuffer,
  623. &dwBufferLen
  624. );
  625. BAIL_ON_WIN32_ERROR(dwError);
  627. pIpsecPolicyObject->pIpsecData = pBuffer;
  628. pIpsecPolicyObject->dwIpsecDataLen = dwBufferLen;
  630. dwError = ConvertGuidToISAKMPString(
  631. pIpsecPolicyData->ISAKMPIdentifier,
  632. pszIpsecRootContainer,
  633. &pszIpsecISAKMPReference
  634. );
  635. BAIL_ON_WIN32_ERROR(dwError);
  636. pIpsecPolicyObject->pszIpsecISAKMPReference = pszIpsecISAKMPReference;
  638. time(&PresentTime);
  640. pIpsecPolicyObject->dwWhenChanged = (DWORD) PresentTime;
  642. *ppIpsecPolicyObject = pIpsecPolicyObject;
  644. cleanup:
  646. if (pszStringUuid) {
  647. RpcStringFree(
  648. &pszStringUuid
  649. );
  650. }
  652. return(dwError);
  654. error:
  656. if (pIpsecPolicyObject) {
  657. FreeIpsecPolicyObject(
  658. pIpsecPolicyObject
  659. );
  660. }
  662. *ppIpsecPolicyObject = NULL;
  663. goto cleanup;
  665. }
  668. DWORD
  669. MarshallPolicyBuffer(
  670. PIPSEC_POLICY_DATA pIpsecPolicyData,
  671. LPBYTE * ppBuffer,
  672. DWORD * pdwBufferLen
  673. )
  674. {
  675. LPBYTE pBuffer = NULL;
  676. DWORD dwSize = 0;
  677. DWORD dwError = 0;
  678. DWORD dwPollingInterval = 0;
  679. LPBYTE pCurrentPos = NULL;
  680. DWORD dwEffectiveSize = 0;
  682. // {22202163-4F4C-11d1-863B-00A0248D3021}
  683. static const GUID GUID_IPSEC_POLICY_DATA_BLOB =
  684. { 0x22202163, 0x4f4c, 0x11d1, { 0x86, 0x3b, 0x0, 0xa0, 0x24, 0x8d, 0x30, 0x21 } };
  687. dwSize += sizeof(GUID);
  688. dwSize += sizeof(DWORD);
  690. dwSize += sizeof(DWORD);
  691. dwSize++;
  694. pBuffer = AllocPolMem(dwSize);
  695. if (!pBuffer) {
  696. dwError = ERROR_OUTOFMEMORY;
  697. BAIL_ON_WIN32_ERROR(dwError);
  698. }
  700. pCurrentPos = pBuffer;
  702. memcpy(pCurrentPos, &GUID_IPSEC_POLICY_DATA_BLOB, sizeof(GUID));
  703. pCurrentPos += sizeof(GUID);
  705. dwEffectiveSize = dwSize - sizeof(GUID) - sizeof(DWORD) - 1;
  707. memcpy(pCurrentPos, &dwEffectiveSize, sizeof(DWORD));
  708. pCurrentPos += sizeof(DWORD);
  710. dwPollingInterval = pIpsecPolicyData->dwPollingInterval;
  711. memcpy(pCurrentPos, &dwPollingInterval, sizeof(DWORD));
  714. *ppBuffer = pBuffer;
  715. *pdwBufferLen = dwSize;
  716. return(dwError);
  718. error:
  720. if (pBuffer) {
  721. FreePolMem(pBuffer);
  722. }
  724. *ppBuffer = NULL;
  725. *pdwBufferLen = 0;
  726. return(dwError);
  727. }
  730. DWORD
  731. ConvertGuidToISAKMPString(
  732. GUID ISAKMPIdentifier,
  733. LPWSTR pszIpsecRootContainer,
  734. LPWSTR * ppszIpsecISAKMPReference
  735. )
  736. {
  737. DWORD dwError = 0;
  738. WCHAR szISAKMPReference[MAX_PATH];
  739. LPWSTR pszIpsecISAKMPReference = NULL;
  740. WCHAR szGuidString[MAX_PATH];
  741. LPWSTR pszStringUuid = NULL;
  744. dwError = UuidToString(
  745. &ISAKMPIdentifier,
  746. &pszStringUuid
  747. );
  748. BAIL_ON_WIN32_ERROR(dwError);
  750. szGuidString[0] = L'\0';
  751. wcscpy(szGuidString, L"{");
  752. wcscat(szGuidString, pszStringUuid);
  753. wcscat(szGuidString, L"}");
  755. szISAKMPReference[0] = L'\0';
  756. wcscpy(szISAKMPReference, pszIpsecRootContainer);
  757. wcscat(szISAKMPReference, L"\\");
  758. wcscat(szISAKMPReference, L"ipsecISAKMPPolicy");
  759. wcscat(szISAKMPReference, szGuidString);
  761. pszIpsecISAKMPReference = AllocPolStr(
  762. szISAKMPReference
  763. );
  764. if (!pszIpsecISAKMPReference) {
  765. dwError = ERROR_OUTOFMEMORY;
  766. BAIL_ON_WIN32_ERROR(dwError);
  767. }
  769. *ppszIpsecISAKMPReference = pszIpsecISAKMPReference;
  771. cleanup:
  773. if (pszStringUuid) {
  774. RpcStringFree(&pszStringUuid);
  775. }
  777. return(dwError);
  779. error:
  781. *ppszIpsecISAKMPReference = NULL;
  783. goto cleanup;
  784. }
  787. DWORD
  788. RegGetPolicyExistingISAKMPRef(
  789. HKEY hRegistryKey,
  790. PIPSEC_POLICY_DATA pIpsecPolicyData,
  791. LPWSTR * ppszISAKMPName
  792. )
  793. {
  794. DWORD dwError = 0;
  795. LPWSTR pszStringUuid = NULL;
  796. WCHAR szRelativeName[MAX_PATH];
  797. HKEY hRegKey = NULL;
  798. DWORD dwSize = 0;
  801. szRelativeName[0] = L'\0';
  802. dwError = UuidToString(
  803. &pIpsecPolicyData->PolicyIdentifier,
  804. &pszStringUuid
  805. );
  806. BAIL_ON_WIN32_ERROR(dwError);
  807. wcscpy(szRelativeName, L"ipsecPolicy");
  808. wcscat(szRelativeName, L"{");
  809. wcscat(szRelativeName, pszStringUuid);
  810. wcscat(szRelativeName, L"}");
  812. dwError = RegOpenKeyExW(
  813. hRegistryKey,
  814. szRelativeName,
  815. 0,
  816. KEY_ALL_ACCESS,
  817. &hRegKey
  818. );
  819. BAIL_ON_WIN32_ERROR(dwError);
  821. dwError = RegstoreQueryValue(
  822. hRegKey,
  823. L"ipsecISAKMPReference",
  824. REG_SZ,
  825. (LPBYTE *)ppszISAKMPName,
  826. &dwSize
  827. );
  828. BAIL_ON_WIN32_ERROR(dwError);
  830. error:
  832. if (pszStringUuid) {
  833. RpcStringFree(&pszStringUuid);
  834. }
  836. if (hRegKey) {
  837. RegCloseKey(hRegKey);
  838. }
  840. return (dwError);
  841. }
  844. DWORD
  845. RegAssignPolicy(
  846. HKEY hRegistryKey,
  847. LPWSTR pszIpsecRootContainer,
  848. GUID PolicyIdentifier,
  849. LPWSTR pszLocationName
  850. )
  851. {
  852. DWORD dwError = 0;
  853. WCHAR szRelativeName[MAX_PATH];
  854. LPWSTR pszStringUuid = NULL;
  855. WCHAR szAbsPolicyRef[MAX_PATH];
  858. szRelativeName[0] = L'\0';
  859. dwError = UuidToString(
  860. &PolicyIdentifier,
  861. &pszStringUuid
  862. );
  863. BAIL_ON_WIN32_ERROR(dwError);
  864. wcscpy(szRelativeName, L"ipsecPolicy");
  865. wcscat(szRelativeName, L"{");
  866. wcscat(szRelativeName, pszStringUuid);
  867. wcscat(szRelativeName, L"}");
  869. szAbsPolicyRef[0] = L'\0';
  870. wcscpy(szAbsPolicyRef, pszIpsecRootContainer);
  871. wcscat(szAbsPolicyRef, L"\\");
  872. wcscat(szAbsPolicyRef, szRelativeName);
  874. dwError = RegSetValueExW(
  875. hRegistryKey,
  876. L"ActivePolicy",
  877. 0,
  878. REG_SZ,
  879. (LPBYTE) szAbsPolicyRef,
  880. (wcslen(szAbsPolicyRef) + 1)*sizeof(WCHAR)
  881. );
  882. BAIL_ON_WIN32_ERROR(dwError);
  884. dwError = PingPolicyAgentSvc(pszLocationName);
  885. BAIL_ON_WIN32_ERROR(dwError);
  887. error:
  889. if (pszStringUuid) {
  890. RpcStringFree(&pszStringUuid);
  891. }
  893. return (dwError);
  894. }
  897. DWORD
  898. RegUnassignPolicy(
  899. HKEY hRegistryKey,
  900. LPWSTR pszIpsecRootContainer,
  901. GUID PolicyIdentifier,
  902. LPWSTR pszLocationName
  903. )
  904. {
  905. DWORD dwError = 0;
  907. dwError = RegDeleteValueW(
  908. hRegistryKey,
  909. L"ActivePolicy"
  910. );
  911. BAIL_ON_WIN32_ERROR(dwError);
  913. dwError = PingPolicyAgentSvc(pszLocationName);
  914. BAIL_ON_WIN32_ERROR(dwError);
  916. error:
  918. return (dwError);
  919. }
  922. DWORD
  923. PingPolicyAgentSvc(
  924. LPWSTR pszLocationName
  925. )
  926. {
  927. SC_HANDLE ServiceDatabase = NULL;
  928. SC_HANDLE ServiceHandle = NULL;
  929. BOOL bStatus = FALSE;
  930. DWORD dwError = 0;
  931. SERVICE_STATUS IpsecStatus;
  934. memset(&IpsecStatus, 0, sizeof(SERVICE_STATUS));
  936. ServiceDatabase = OpenSCManagerW(
  937. pszLocationName,
  938. NULL,
  939. SC_MANAGER_ALL_ACCESS
  940. );
  941. if (ServiceDatabase == NULL) {
  942. dwError = GetLastError();
  943. BAIL_ON_WIN32_ERROR(dwError);
  944. }
  946. ServiceHandle = OpenService(
  947. ServiceDatabase,
  948. "PolicyAgent",
  949. SERVICE_ALL_ACCESS
  950. );
  951. if (ServiceHandle == NULL) {
  952. dwError = GetLastError();
  953. BAIL_ON_WIN32_ERROR(dwError);
  954. }
  956. bStatus = QueryServiceStatus(
  957. ServiceHandle,
  958. &IpsecStatus
  959. );
  960. if (bStatus == FALSE) {
  961. dwError = GetLastError();
  962. BAIL_ON_WIN32_ERROR(dwError);
  963. }
  965. if (IpsecStatus.dwCurrentState == SERVICE_STOPPED) {
  966. bStatus = StartService(
  967. ServiceHandle,
  968. 0,
  969. NULL
  970. );
  971. if (bStatus == FALSE) {
  972. dwError = GetLastError();
  973. BAIL_ON_WIN32_ERROR(dwError);
  974. }
  975. }
  976. else if (IpsecStatus.dwCurrentState == SERVICE_RUNNING) {
  977. bStatus = ControlService(
  978. ServiceHandle,
  979. 129,
  980. &IpsecStatus
  981. );
  982. if (bStatus == FALSE) {
  983. dwError = GetLastError();
  984. BAIL_ON_WIN32_ERROR(dwError);
  985. }
  986. }
  988. error:
  990. if (ServiceDatabase != NULL) {
  991. CloseServiceHandle(ServiceDatabase);
  992. }
  994. if (ServiceHandle != NULL) {
  995. CloseServiceHandle(ServiceHandle);
  996. }
  998. return (dwError);
  999. }
  1002. DWORD
  1003. IsRegPolicyCurrentlyActive(
  1004. HKEY hRegistryKey,
  1005. LPWSTR pszIpsecRootContainer,
  1006. GUID PolicyIdentifier,
  1007. PBOOL pbIsActive
  1008. )
  1009. {
  1010. DWORD dwError = 0;
  1011. PIPSEC_POLICY_DATA pIpsecPolicyData = NULL;
  1014. *pbIsActive = FALSE;
  1016. dwError = RegGetAssignedPolicyData(
  1017. hRegistryKey,
  1018. pszIpsecRootContainer,
  1019. &pIpsecPolicyData
  1020. );
  1021. if (pIpsecPolicyData) {
  1022. if (!memcmp(
  1023. &PolicyIdentifier,
  1024. &pIpsecPolicyData->PolicyIdentifier,
  1025. sizeof(GUID))) {
  1026. *pbIsActive = TRUE;
  1027. }
  1028. FreeIpsecPolicyData(pIpsecPolicyData);
  1029. }
  1031. dwError = ERROR_SUCCESS;
  1033. return (dwError);
  1034. }
  1037. DWORD
  1038. RegGetPolicyData(
  1039. HKEY hRegistryKey,
  1040. LPWSTR pszIpsecRootContainer,
  1041. GUID PolicyGUID,
  1042. PIPSEC_POLICY_DATA * ppIpsecPolicyData
  1043. )
  1044. {
  1045. DWORD dwError = 0;
  1046. PIPSEC_POLICY_OBJECT pIpsecPolicyObject = NULL;
  1047. PIPSEC_POLICY_DATA pIpsecPolicyData = NULL;
  1048. WCHAR szIpsecPolicyName[MAX_PATH];
  1049. LPWSTR pszPolicyName = NULL;
  1051. szIpsecPolicyName[0] = L'\0';
  1052. wcscpy(szIpsecPolicyName, L"ipsecPolicy");
  1054. dwError = UuidToString(&PolicyGUID, &pszPolicyName);
  1055. BAIL_ON_WIN32_ERROR(dwError);
  1057. wcscat(szIpsecPolicyName, L"{");
  1058. wcscat(szIpsecPolicyName, pszPolicyName);
  1059. wcscat(szIpsecPolicyName, L"}");
  1061. dwError = UnMarshallRegistryPolicyObject(
  1062. hRegistryKey,
  1063. pszIpsecRootContainer,
  1064. szIpsecPolicyName,
  1065. REG_RELATIVE_NAME,
  1066. &pIpsecPolicyObject
  1067. );
  1068. BAIL_ON_WIN32_ERROR(dwError);
  1070. dwError = RegUnmarshallPolicyData(
  1071. pIpsecPolicyObject,
  1072. &pIpsecPolicyData
  1073. );
  1074. BAIL_ON_WIN32_ERROR(dwError);
  1076. error:
  1078. if (pIpsecPolicyObject) {
  1079. FreeIpsecPolicyObject(
  1080. pIpsecPolicyObject
  1081. );
  1082. }
  1084. if (pszPolicyName) {
  1085. RpcStringFree(&pszPolicyName);
  1086. }
  1088. *ppIpsecPolicyData = pIpsecPolicyData;
  1090. return(dwError);
  1091. }
  1094. DWORD
  1095. RegPingPASvcForActivePolicy(
  1096. HKEY hRegistryKey,
  1097. LPWSTR pszIpsecRootContainer,
  1098. LPWSTR pszLocationName
  1099. )
  1100. {
  1101. DWORD dwError = 0;
  1102. PIPSEC_POLICY_DATA pIpsecPolicyData = NULL;
  1103. WCHAR szIpsecPolicyName[MAX_PATH];
  1104. LPWSTR pszPolicyName = NULL;
  1105. WCHAR szAbsPolicyReference[MAX_PATH];
  1108. dwError = RegGetAssignedPolicyData(
  1109. hRegistryKey,
  1110. pszIpsecRootContainer,
  1111. &pIpsecPolicyData
  1112. );
  1113. BAIL_ON_WIN32_ERROR(dwError);
  1115. if (!pIpsecPolicyData) {
  1116. dwError = ERROR_SUCCESS;
  1117. return (dwError);
  1118. }
  1120. szIpsecPolicyName[0] = L'\0';
  1121. wcscpy(szIpsecPolicyName, L"ipsecPolicy");
  1123. dwError = UuidToString(&pIpsecPolicyData->PolicyIdentifier, &pszPolicyName);
  1124. BAIL_ON_WIN32_ERROR(dwError);
  1126. wcscat(szIpsecPolicyName, L"{");
  1127. wcscat(szIpsecPolicyName, pszPolicyName);
  1128. wcscat(szIpsecPolicyName, L"}");
  1130. szAbsPolicyReference[0] = L'\0';
  1131. wcscpy(szAbsPolicyReference, pszIpsecRootContainer);
  1132. wcscat(szAbsPolicyReference, L"\\");
  1133. wcscat(szAbsPolicyReference, szIpsecPolicyName);
  1135. dwError = RegUpdatePolicy(
  1136. hRegistryKey,
  1137. pszIpsecRootContainer,
  1138. szAbsPolicyReference
  1139. );
  1140. BAIL_ON_WIN32_ERROR(dwError);
  1142. dwError = PingPolicyAgentSvc(pszLocationName);
  1143. BAIL_ON_WIN32_ERROR(dwError);
  1145. error:
  1147. if (pIpsecPolicyData) {
  1148. FreeIpsecPolicyData(pIpsecPolicyData);
  1149. }
  1151. if (pszPolicyName) {
  1152. RpcStringFree(&pszPolicyName);
  1153. }
  1155. return (dwError);
  1156. }