archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ipsec/ipseccmd/print.cpp

645 lines
22 KiB
Raw Normal View History

Add source files
4 years ago
  1. /////////////////////////////////////////////////////////////
  2. // Copyright(c) 1998, Microsoft Corporation
  3. //
  4. // print.cpp
  5. //
  6. // Created on 3/2/00 by DKalin
  7. // Revisions:
  8. //
  9. // Print routines for ipsecpol tool
  10. //
  11. /////////////////////////////////////////////////////////////
  13. #include "ipseccmd.h"
  15. #define PRINT _ftprintf
  16. #define OUTSTREAM stdout
  18. // comment this if you don't want debug spew
  19. //#define DEBUG
  21. // The following is to format the output so that understandable text can be printed
  22. // instead of DWORDs or ints
  24. TCHAR esp_algo[][25]= {_T("NONE"),
  25. _T("DES"),
  26. _T("Unknown"),
  27. _T("3DES"),
  28. _T("IPSEC_ESP_MAX")};
  30. TCHAR ah_algo[][25]= {_T("NONE"),
  31. _T("MD5"),
  32. _T("SHA1"),
  33. _T("IPSEC_AH_MAX")};
  35. TCHAR operation[][25]= {_T("None"),
  36. _T("Authentication"),
  37. _T("Encryption"),
  38. _T("Compression"),
  39. _T("SA Delete")};
  41. TCHAR oakley_states[][50]= {_T("MainMode No State"),
  42. _T("MainMode SA Setup"),
  43. _T("MainMode Key Exchange"),
  44. _T("MainMode Key Authorizated"),
  45. _T("AG Normal State"),
  46. _T("AG Init Exchange"),
  47. _T("AG Authorization"),
  48. _T("QuickMode SA Accept"),
  49. _T("QuickMode Awaiting Authorization"),
  50. _T("QuickMode Idle"),
  51. _T("QuickMode Waiting for Connection")
  52. };
  54. TCHAR oak_auth[][25]= {_T("Unknown"),
  55. _T("Preshared Key"),
  56. _T("DSS Signature"),
  57. _T("RSA (Cert) Signature"),
  58. _T("RSA (Cert) Encryption"),
  59. _T("Kerberos")
  60. };
  61. TCHAR if_types[][25]= {_T("Unknown"),
  62. _T("All"),
  63. _T("LAN"),
  64. _T("Dialup"),
  65. _T("All")
  66. };
  69. /////////////////////// UTILITY FUNCTIONS //////////////////////////
  70. // PrintQMOffer will print quick mode policy offer with given prefix string (actually two prefix strings)
  71. // Parms: IN qmOffer - IPSEC_QM_OFFER structure
  72. // IN pszPrefix - prefix string
  73. // IN pszPrefix2 - 2nd prefix string (will be added to 1st)
  74. // Returns: None
  76. void PrintQMOffer(IN IPSEC_QM_OFFER qmOffer, IN PTCHAR pszPrefix, IN PTCHAR pszPrefix2)
  77. {
  78. int i;
  80. #ifdef DEBUG
  81. printf("DEBUG - number of Algos for this offer is %d\n", qmOffer.dwNumAlgos);
  82. #endif
  84. for (i = 0; i < (int) qmOffer.dwNumAlgos; i++)
  85. {
  86. //print algo
  87. PRINT(OUTSTREAM,TEXT("%s%sAlgo #%d : "), pszPrefix, pszPrefix2, i+1);
  88. #ifdef DEBUG
  89. printf("DEBUG - operation code is %d\n", qmOffer.Algos[i].Operation);
  90. #endif
  91. PRINT(OUTSTREAM,TEXT("%s"), operation[qmOffer.Algos[i].Operation]);
  93. switch (qmOffer.Algos[i].Operation)
  94. {
  95. case ENCRYPTION:
  96. PRINT(OUTSTREAM,TEXT(" %s"), esp_algo[qmOffer.Algos[i].uAlgoIdentifier]);
  97. if (qmOffer.Algos[i].uSecAlgoIdentifier != HMAC_AH_NONE)
  98. {
  99. PRINT(OUTSTREAM,TEXT(" %s"), ah_algo[qmOffer.Algos[i].uSecAlgoIdentifier]);
  100. }
  101. if (qmOffer.Algos[i].uAlgoKeyLen != 0 || qmOffer.Algos[i].uAlgoRounds != 0)
  102. {
  103. PRINT(OUTSTREAM,TEXT(" (%lubytes/%lurounds)"), qmOffer.Algos[i].uAlgoKeyLen, qmOffer.Algos[i].uAlgoRounds);
  104. }
  106. break;
  107. case AUTHENTICATION:
  108. PRINT(OUTSTREAM,TEXT(" %s"), ah_algo[qmOffer.Algos[i].uAlgoIdentifier]);
  109. if (qmOffer.Algos[i].uAlgoKeyLen != 0 || qmOffer.Algos[i].uAlgoRounds != 0)
  110. {
  111. PRINT(OUTSTREAM,TEXT(" (%lubytes/%lurounds)"), qmOffer.Algos[i].uAlgoKeyLen, qmOffer.Algos[i].uAlgoRounds);
  112. }
  114. break;
  115. case NONE:
  116. case COMPRESSION:
  117. case SA_DELETE:
  118. default:
  119. break;
  120. }
  122. if (qmOffer.Algos[i].MySpi != 0 || qmOffer.Algos[i].PeerSpi != 0)
  123. {
  124. PRINT(OUTSTREAM,TEXT("\n%s%s\t "), pszPrefix, pszPrefix2);
  125. }
  127. if (qmOffer.Algos[i].MySpi != 0)
  128. {
  129. PRINT(OUTSTREAM,TEXT(" MySpi %lu"), qmOffer.Algos[i].MySpi);
  130. }
  131. if (qmOffer.Algos[i].PeerSpi != 0)
  132. {
  133. PRINT(OUTSTREAM,TEXT(" PeerSpi %lu"), qmOffer.Algos[i].PeerSpi);
  134. }
  136. PRINT(OUTSTREAM,TEXT("\n"));
  137. }
  139. PRINT(OUTSTREAM,TEXT("%s%sPFS : %s"), pszPrefix, pszPrefix2, qmOffer.bPFSRequired ? _T("True") : _T("False"));
  140. if (qmOffer.bPFSRequired)
  141. {
  142. PRINT(OUTSTREAM,TEXT(" (Group %lu)"), qmOffer.dwPFSGroup);
  143. }
  144. PRINT(OUTSTREAM,TEXT(", Lifetime %luKbytes/%luseconds\n"), qmOffer.Lifetime.uKeyExpirationKBytes, qmOffer.Lifetime.uKeyExpirationTime);
  146. if (qmOffer.dwFlags != 0)
  147. {
  148. PRINT(OUTSTREAM,TEXT("%s%sFlags : %lu\n"), pszPrefix, pszPrefix2, qmOffer.dwFlags);
  149. }
  150. } // end of PrintQMOffer
  152. // PrintFilterAction will print filter action info with given prefix string
  153. // Parms: IN qmPolicy - QM policy (aka filter action) information
  154. // IN pszPrefix - prefix string
  155. // Returns: None
  157. void PrintFilterAction(IN IPSEC_QM_POLICY qmPolicy, IN PTCHAR pszPrefix)
  158. {
  159. TCHAR* StringTxt = new TCHAR[STRING_TEXT_SIZE];
  160. int i;
  162. // continue here
  163. // dump all data
  164. PRINT(OUTSTREAM,TEXT("%sName : %s\n"), pszPrefix, qmPolicy.pszPolicyName );
  165. StringFromGUID2(qmPolicy.gPolicyID, StringTxt, STRING_TEXT_SIZE);
  166. PRINT(OUTSTREAM,TEXT("%sPolicy Id : %s\n"), pszPrefix, StringTxt);
  167. PRINT(OUTSTREAM,TEXT("%sFlags : %lu %s %s %s\n"), pszPrefix, qmPolicy.dwFlags,
  168. (qmPolicy.dwFlags & IPSEC_QM_POLICY_TUNNEL_MODE) ? _T("(Tunnel)") : _T(""),
  169. (qmPolicy.dwFlags & IPSEC_QM_POLICY_DEFAULT_POLICY) ? _T("(Default)") : _T(""),
  170. (qmPolicy.dwFlags & IPSEC_QM_POLICY_ALLOW_SOFT) ? _T("(Allow Soft)") : _T(""));
  172. for (i = 0; i < (int) qmPolicy.dwOfferCount; i++)
  173. {
  174. PRINT(OUTSTREAM,TEXT("%sOffer #%d\n"), pszPrefix, i+1);
  175. PrintQMOffer(qmPolicy.pOffers[i], pszPrefix, TEXT("\t"));
  176. }
  177. } // end of PrintFilterAction
  179. // PrintFilter will print [transport] filter info with (optional) filter action info embedded
  180. // Parms: IN tFilter - filter information (TRANSPORT_FILTER structure)
  181. // IN bPrintNegPol - should we print the filter action info
  182. // IN bPrintSpecific - should we print specific filter information
  183. // Returns: FALSE if error occured while retrieving filter action info
  184. // TRUE if everything is OK
  186. BOOL PrintFilter (IN TRANSPORT_FILTER tFilter, IN BOOL bPrintNegPol, IN BOOL bPrintSpecific)
  187. {
  188. int i;
  189. TCHAR * StringTxt = new TCHAR[STRING_TEXT_SIZE];
  190. DWORD hr;
  192. PRINT(OUTSTREAM,TEXT(" Name : %s\n"),tFilter.pszFilterName );
  193. StringFromGUID2(tFilter.gFilterID, StringTxt, STRING_TEXT_SIZE);
  194. PRINT(OUTSTREAM,TEXT(" Filter Id : %s\n"),StringTxt);
  195. StringFromGUID2(tFilter.gPolicyID, StringTxt, STRING_TEXT_SIZE);
  196. PRINT(OUTSTREAM,TEXT(" Policy Id : %s\n"),StringTxt);
  197. if (bPrintNegPol && (tFilter.InboundFilterFlag == NEGOTIATE_SECURITY || tFilter.OutboundFilterFlag == NEGOTIATE_SECURITY) )
  198. {
  199. // printing negpol only if we have actual negpol
  200. // need additional check for specific filter
  201. if (!bPrintSpecific ||
  202. (tFilter.dwDirection == FILTER_DIRECTION_INBOUND && tFilter.InboundFilterFlag == NEGOTIATE_SECURITY) ||
  203. (tFilter.dwDirection == FILTER_DIRECTION_OUTBOUND && tFilter.OutboundFilterFlag == NEGOTIATE_SECURITY))
  204. {
  205. // get qm policy and print it, right here
  206. PIPSEC_QM_POLICY pipsqmp;
  208. if ((hr = GetQMPolicyByID(szServ, tFilter.gPolicyID, &pipsqmp)) != ERROR_SUCCESS)
  209. {
  210. // PRINT(OUTSTREAM,TEXT("GetQMPolicyByID failed with error %d\n"), hr);
  211. return FALSE;
  212. }
  214. PrintFilterAction(pipsqmp[0], TEXT("\t"));
  215. SPDApiBufferFree(pipsqmp);
  216. }
  217. }
  219. PRINT(OUTSTREAM,TEXT(" Src Addr : "));
  220. PrintAddr(tFilter.SrcAddr);
  221. PRINT(OUTSTREAM,TEXT("\n"));
  222. PRINT(OUTSTREAM,TEXT(" Des Addr : "));
  223. PrintAddr(tFilter.DesAddr);
  224. PRINT(OUTSTREAM,TEXT("\n"));
  225. PRINT(OUTSTREAM,TEXT(" Protocol : %lu Src Port : %u Des Port : %u\n"), tFilter.Protocol.dwProtocol, tFilter.SrcPort.wPort, tFilter.DesPort.wPort);
  226. if (!bPrintSpecific || tFilter.dwDirection == FILTER_DIRECTION_INBOUND)
  227. {
  228. if (tFilter.InboundFilterFlag == PASS_THRU)
  229. PRINT(OUTSTREAM,TEXT(" Inbound Passthru\n"));
  230. if (tFilter.InboundFilterFlag == BLOCKING)
  231. PRINT(OUTSTREAM,TEXT(" Inbound Block\n"));
  232. }
  233. if (!bPrintSpecific || tFilter.dwDirection == FILTER_DIRECTION_OUTBOUND)
  234. {
  235. if (tFilter.OutboundFilterFlag == PASS_THRU)
  236. PRINT(OUTSTREAM,TEXT(" Outbound Passthru\n"));
  237. if (tFilter.OutboundFilterFlag == BLOCKING)
  238. PRINT(OUTSTREAM,TEXT(" Outbound Block\n"));
  239. }
  241. if (bPrintSpecific)
  242. {
  243. PRINT(OUTSTREAM,TEXT(" Direction : %s, Weight : %lu\n"),
  244. (tFilter.dwDirection == FILTER_DIRECTION_INBOUND) ? _T("Inbound") : ((tFilter.dwDirection == FILTER_DIRECTION_OUTBOUND) ? _T("Outbound") : _T("Error")),
  245. tFilter.dwWeight);
  246. }
  247. else
  248. {
  249. PRINT(OUTSTREAM,TEXT(" Mirrored : %s\n"), tFilter.bCreateMirror ? _T("True") : _T("False"));
  250. }
  252. PRINT(OUTSTREAM,TEXT(" Interface Type : %s\n"), if_types[tFilter.InterfaceType]);
  254. return TRUE;
  255. } // end of PrintFilter
  257. // PrintTunnelFilter will print tunnel filter info with (optional) filter action info embedded
  258. // Parms: IN tFilter - filter information (TUNNEL_FILTER structure)
  259. // IN bPrintNegPol - should we print the filter action info
  260. // IN bPrintSpecific - should we print specific filter information
  261. // Returns: FALSE if error occured while retrieving filter action info
  262. // TRUE if everything is OK
  264. BOOL PrintTunnelFilter (IN TUNNEL_FILTER tFilter, IN BOOL bPrintNegPol, IN BOOL bPrintSpecific)
  265. {
  266. int i;
  267. TCHAR * StringTxt = new TCHAR[STRING_TEXT_SIZE];
  268. DWORD hr;
  270. PRINT(OUTSTREAM,TEXT(" Name : %s\n"),tFilter.pszFilterName );
  271. StringFromGUID2(tFilter.gFilterID, StringTxt, STRING_TEXT_SIZE);
  272. PRINT(OUTSTREAM,TEXT(" Filter Id : %s\n"),StringTxt);
  273. StringFromGUID2(tFilter.gPolicyID, StringTxt, STRING_TEXT_SIZE);
  274. PRINT(OUTSTREAM,TEXT(" Policy Id : %s\n"),StringTxt);
  275. if (bPrintNegPol && (tFilter.InboundFilterFlag == NEGOTIATE_SECURITY || tFilter.OutboundFilterFlag == NEGOTIATE_SECURITY) )
  276. {
  277. // printing negpol only if we have actual negpol
  278. // need additional check for specific filter
  279. if (!bPrintSpecific ||
  280. (tFilter.dwDirection == FILTER_DIRECTION_INBOUND && tFilter.InboundFilterFlag == NEGOTIATE_SECURITY) ||
  281. (tFilter.dwDirection == FILTER_DIRECTION_OUTBOUND && tFilter.OutboundFilterFlag == NEGOTIATE_SECURITY))
  282. {
  283. // get qm policy and print it, right here
  284. PIPSEC_QM_POLICY pipsqmp;
  286. if ((hr = GetQMPolicyByID(szServ, tFilter.gPolicyID, &pipsqmp)) != ERROR_SUCCESS)
  287. {
  288. // PRINT(OUTSTREAM,TEXT("GetQMPolicyByID failed with error %d\n"), hr);
  289. return FALSE;
  290. }
  292. PrintFilterAction(pipsqmp[0], TEXT("\t"));
  293. SPDApiBufferFree(pipsqmp);
  294. }
  295. }
  297. PRINT(OUTSTREAM,TEXT(" Src Addr : "));
  298. PrintAddr(tFilter.SrcAddr);
  299. PRINT(OUTSTREAM,TEXT("\n"));
  300. PRINT(OUTSTREAM,TEXT(" Des Addr : "));
  301. PrintAddr(tFilter.DesAddr);
  302. PRINT(OUTSTREAM,TEXT("\n"));
  303. PRINT(OUTSTREAM,TEXT(" Src Tunnel Addr : "));
  304. PrintAddr(tFilter.SrcTunnelAddr);
  305. PRINT(OUTSTREAM,TEXT("\n"));
  306. PRINT(OUTSTREAM,TEXT(" Des Tunnel Addr : "));
  307. PrintAddr(tFilter.DesTunnelAddr);
  308. PRINT(OUTSTREAM,TEXT("\n"));
  309. PRINT(OUTSTREAM,TEXT(" Protocol : %lu Src Port : %u Des Port : %u\n"), tFilter.Protocol.dwProtocol, tFilter.SrcPort.wPort, tFilter.DesPort.wPort);
  310. if (!bPrintSpecific || tFilter.dwDirection == FILTER_DIRECTION_INBOUND)
  311. {
  312. if (tFilter.InboundFilterFlag == PASS_THRU)
  313. PRINT(OUTSTREAM,TEXT(" Inbound Passthru\n"));
  314. if (tFilter.InboundFilterFlag == BLOCKING)
  315. PRINT(OUTSTREAM,TEXT(" Inbound Block\n"));
  316. }
  317. if (!bPrintSpecific || tFilter.dwDirection == FILTER_DIRECTION_OUTBOUND)
  318. {
  319. if (tFilter.OutboundFilterFlag == PASS_THRU)
  320. PRINT(OUTSTREAM,TEXT(" Outbound Passthru\n"));
  321. if (tFilter.OutboundFilterFlag == BLOCKING)
  322. PRINT(OUTSTREAM,TEXT(" Outbound Block\n"));
  323. }
  325. if (bPrintSpecific)
  326. {
  327. PRINT(OUTSTREAM,TEXT(" Direction : %s, Weight : %lu\n"),
  328. (tFilter.dwDirection == FILTER_DIRECTION_INBOUND) ? _T("Inbound") : ((tFilter.dwDirection == FILTER_DIRECTION_OUTBOUND) ? _T("Outbound") : _T("Error")),
  329. tFilter.dwWeight);
  330. }
  331. else
  332. {
  333. PRINT(OUTSTREAM,TEXT(" Mirrored : %s\n"), tFilter.bCreateMirror ? _T("True") : _T("False"));
  334. }
  336. PRINT(OUTSTREAM,TEXT(" Interface Type : %s\n"), if_types[tFilter.InterfaceType]);
  338. return TRUE;
  339. } // end of PrintFilter
  341. // PrintMMFilter will print mainmode filter info with (optional) mmpolicy info embedded
  342. // Parms: IN mmFilter - Mainmode filter
  343. // IN bPrintNegPol - should we print the mmpolicy info
  344. // IN bPrintSpecific - should we print specific filter info
  345. // Returns: FALSE if any error, TRUE if OK
  347. BOOL PrintMMFilter (IN MM_FILTER mmFilter, IN BOOL bPrintNegPol, IN BOOL bPrintSpecific)
  348. {
  349. int i;
  350. TCHAR * StringTxt = new TCHAR[STRING_TEXT_SIZE];
  351. DWORD hr;
  353. PRINT(OUTSTREAM,TEXT(" Name : %s\n"),mmFilter.pszFilterName );
  354. StringFromGUID2(mmFilter.gFilterID, StringTxt, STRING_TEXT_SIZE);
  355. PRINT(OUTSTREAM,TEXT(" Filter Id : %s\n"),StringTxt);
  356. StringFromGUID2(mmFilter.gPolicyID, StringTxt, STRING_TEXT_SIZE);
  357. PRINT(OUTSTREAM,TEXT(" Policy Id : %s\n"),StringTxt);
  358. if (bPrintNegPol)
  359. {
  360. // get mm policy and print it, right here
  361. PIPSEC_MM_POLICY pipsmmp;
  363. if ((hr = GetMMPolicyByID(szServ, mmFilter.gPolicyID, &pipsmmp)) != ERROR_SUCCESS)
  364. {
  365. // PRINT(OUTSTREAM,TEXT("GetMMPolicyByID failed with error %d\n"), hr);
  366. return FALSE;
  367. }
  369. PrintMMPolicy(pipsmmp[0], TEXT("\t"));
  370. SPDApiBufferFree(pipsmmp);
  371. }
  373. PRINT(OUTSTREAM,TEXT(" Src Addr : "));
  374. PrintAddr(mmFilter.SrcAddr);
  375. PRINT(OUTSTREAM,TEXT("\n"));
  376. PRINT(OUTSTREAM,TEXT(" Des Addr : "));
  377. PrintAddr(mmFilter.DesAddr);
  378. PRINT(OUTSTREAM,TEXT("\n"));
  380. if (bPrintSpecific)
  381. {
  382. PRINT(OUTSTREAM,TEXT(" Direction : %s, Weight : %lu\n"),
  383. (mmFilter.dwDirection == FILTER_DIRECTION_INBOUND) ? _T("Inbound") : ((mmFilter.dwDirection == FILTER_DIRECTION_OUTBOUND) ? _T("Outbound") : _T("Error")),
  384. mmFilter.dwWeight);
  385. }
  386. else
  387. {
  388. PRINT(OUTSTREAM,TEXT(" Mirrored : %s\n"), mmFilter.bCreateMirror ? _T("True") : _T("False"));
  389. }
  391. PRINT(OUTSTREAM,TEXT(" Interface Type : %s\n"), if_types[mmFilter.InterfaceType]);
  393. StringFromGUID2(mmFilter.gMMAuthID, StringTxt, STRING_TEXT_SIZE);
  394. PRINT(OUTSTREAM,TEXT(" Auth Methods Id: %s\n"),StringTxt);
  395. if (bPrintNegPol)
  396. {
  397. //print auth methods as well
  398. PMM_AUTH_METHODS pmmam;
  400. if ((hr = GetMMAuthMethods(szServ, mmFilter.gMMAuthID, &pmmam)) != ERROR_SUCCESS)
  401. {
  402. // PRINT(OUTSTREAM,TEXT("GetMMAuthMethods failed with error %d\n"), hr);
  403. return FALSE;
  404. }
  406. for (i = 0; i < (int) pmmam[0].dwNumAuthInfos; i++)
  407. {
  408. PRINT(OUTSTREAM,TEXT("\tAM #%d : "), i+1);
  409. PrintAuthInfo(pmmam[0].pAuthenticationInfo[i]);
  410. PRINT(OUTSTREAM,TEXT("\n"));
  411. }
  412. SPDApiBufferFree(pmmam);
  413. }
  415. return TRUE;
  417. } // end of PrintMMFilter
  420. // PrintMMAuthMethods will print main mode authentication methods information with given prefix string
  421. // Parms: IN mmAuth - MM_AUTH_METHODS structure
  422. // IN pszPrefix - prefix string
  423. // Returns: None
  425. void PrintMMAuthMethods(IN MM_AUTH_METHODS mmAuth, IN PTCHAR pszPrefix)
  426. {
  427. int i;
  428. TCHAR * StringTxt = new TCHAR[STRING_TEXT_SIZE];
  429. DWORD hr;
  431. StringFromGUID2(mmAuth.gMMAuthID, StringTxt, STRING_TEXT_SIZE);
  432. PRINT(OUTSTREAM,TEXT("%sAuth Methods Id: %s\n"), pszPrefix, StringTxt);
  433. for (i = 0; i < (int) mmAuth.dwNumAuthInfos; i++)
  434. {
  435. PRINT(OUTSTREAM,TEXT("%s\tAM #%d : "), pszPrefix, i+1);
  436. PrintAuthInfo(mmAuth.pAuthenticationInfo[i]);
  437. PRINT(OUTSTREAM,TEXT("\n"));
  438. }
  439. }
  441. // PrintMMPolicy will print main mode policy information with given prefix string
  442. // Parms: IN mmPolicy - IPSEC_MM_POLICY structure
  443. // IN pszPrefix - prefix string
  444. // Returns: None
  446. void PrintMMPolicy(IN IPSEC_MM_POLICY mmPolicy, IN PTCHAR pszPrefix)
  447. {
  448. int i;
  449. TCHAR * StringTxt = new TCHAR[STRING_TEXT_SIZE];
  451. PRINT(OUTSTREAM,TEXT("%sName : %s\n"), pszPrefix, mmPolicy.pszPolicyName );
  452. StringFromGUID2(mmPolicy.gPolicyID, StringTxt, STRING_TEXT_SIZE);
  453. PRINT(OUTSTREAM,TEXT("%sPolicy Id : %s\n"), pszPrefix, StringTxt);
  454. PRINT(OUTSTREAM,TEXT("%sFlags : %lu %s %s\n"), pszPrefix, mmPolicy.dwFlags,
  455. (mmPolicy.dwFlags & IPSEC_MM_POLICY_DEFAULT_POLICY) ? _T("(Default)") : _T(""),
  456. (mmPolicy.dwFlags & IPSEC_MM_POLICY_ENABLE_DIAGNOSTICS) ? _T("(Enable Diag)") : _T(""));
  458. if (mmPolicy.uSoftSAExpirationTime != 0)
  459. {
  460. PRINT(OUTSTREAM,TEXT("%sSoft SA expiration time : %lu\n"), pszPrefix, mmPolicy.uSoftSAExpirationTime);
  461. }
  462. for (i = 0; i < (int) mmPolicy.dwOfferCount; i++)
  463. {
  464. PRINT(OUTSTREAM,TEXT("%sOffer #%d\n"), pszPrefix, i+1);
  465. PrintMMOffer(mmPolicy.pOffers[i], pszPrefix, TEXT("\t"));
  466. }
  468. } // end of PrintMMPolicy
  470. // PrintMMOffer will print main mode policy offer with given prefix string (actually two prefix strings)
  471. // Parms: IN mmOffer - IPSEC_MM_OFFER structure
  472. // IN pszPrefix - prefix string
  473. // IN pszPrefix2 - 2nd prefix string (will be added to 1st)
  474. // Returns: None
  476. void PrintMMOffer(IN IPSEC_MM_OFFER mmOffer, IN PTCHAR pszPrefix, IN PTCHAR pszPrefix2)
  477. {
  478. PRINT(OUTSTREAM,TEXT("%s%s%s"), pszPrefix, pszPrefix2, esp_algo[mmOffer.EncryptionAlgorithm.uAlgoIdentifier]);
  479. if (mmOffer.EncryptionAlgorithm.uAlgoKeyLen != 0 || mmOffer.EncryptionAlgorithm.uAlgoRounds != 0)
  480. {
  481. PRINT(OUTSTREAM,TEXT("(%lubytes/%lurounds)"), mmOffer.EncryptionAlgorithm.uAlgoKeyLen, mmOffer.EncryptionAlgorithm.uAlgoRounds);
  482. }
  484. PRINT(OUTSTREAM,TEXT(" %s"), ah_algo[mmOffer.HashingAlgorithm.uAlgoIdentifier]);
  485. if (mmOffer.HashingAlgorithm.uAlgoKeyLen != 0 || mmOffer.HashingAlgorithm.uAlgoRounds != 0)
  486. {
  487. PRINT(OUTSTREAM,TEXT("(%lubytes/%lurounds)"), mmOffer.HashingAlgorithm.uAlgoKeyLen, mmOffer.HashingAlgorithm.uAlgoRounds);
  488. }
  490. PRINT(OUTSTREAM,TEXT(" DH Group %lu\n"), mmOffer.dwDHGroup);
  492. PRINT(OUTSTREAM,TEXT("%s%sQuickmode limit : %lu, Lifetime %luKbytes/%luseconds\n"), pszPrefix, pszPrefix2, mmOffer.dwQuickModeLimit,
  493. mmOffer.Lifetime.uKeyExpirationKBytes, mmOffer.Lifetime.uKeyExpirationTime);
  495. if (mmOffer.dwFlags != 0)
  496. {
  497. PRINT(OUTSTREAM,TEXT("%s%sFlags : %lu\n"), pszPrefix, pszPrefix2, mmOffer.dwFlags);
  498. }
  499. } // end of PrintMMOffer
  501. // PrintAddr will print ADDR structure (address used in SPD)
  502. // Parms: IN addr - ADDR structure
  503. // Returns: None
  505. void PrintAddr(IN ADDR addr)
  506. {
  507. struct in_addr inAddr;
  508. TCHAR * StringTxt = new TCHAR[STRING_TEXT_SIZE];
  510. if (addr.AddrType == IP_ADDR_UNIQUE && addr.uIpAddr == IP_ADDRESS_ME)
  511. {
  512. PRINT(OUTSTREAM,TEXT("Me"));
  513. }
  514. else if (addr.AddrType == IP_ADDR_SUBNET && addr.uIpAddr == SUBNET_ADDRESS_ANY && addr.uSubNetMask == SUBNET_MASK_ANY)
  515. {
  516. PRINT(OUTSTREAM,TEXT("Any"));
  517. }
  518. else if (addr.AddrType == IP_ADDR_UNIQUE)
  519. {
  520. inAddr.s_addr = addr.uIpAddr;
  521. PRINT(OUTSTREAM,TEXT("%S"), inet_ntoa(inAddr)) ;
  522. }
  523. else if (addr.AddrType == IP_ADDR_SUBNET)
  524. {
  525. inAddr.s_addr = addr.uIpAddr;
  526. PRINT(OUTSTREAM,TEXT("subnet %S "), inet_ntoa(inAddr)) ;
  527. inAddr.s_addr = addr.uSubNetMask;
  528. PRINT(OUTSTREAM,TEXT("mask %S"), inet_ntoa(inAddr)) ;
  529. }
  530. else if (addr.AddrType == IP_ADDR_INTERFACE)
  531. {
  532. StringFromGUID2(addr.gInterfaceID, StringTxt, STRING_TEXT_SIZE);
  533. PRINT(OUTSTREAM,TEXT("interface id %s "), StringTxt);
  534. if (addr.uIpAddr != IP_ADDRESS_ME)
  535. {
  536. inAddr.s_addr = addr.uIpAddr;
  537. PRINT(OUTSTREAM,TEXT("IP Addr %S "), inet_ntoa(inAddr)) ;
  538. }
  539. }
  540. } // end of PrintAddr
  542. // PrintAuthInfo will print authentication method information
  543. // Parms: IN authInfo - IPSEC_MM_AUTH_INFO structure
  544. // Returns: None
  546. void PrintAuthInfo(IN IPSEC_MM_AUTH_INFO authInfo)
  547. {
  548. int i;
  549. DWORD dwReturn;
  550. WCHAR *pszCertStr, *pTmp;
  552. PRINT(OUTSTREAM,TEXT("%s"), oak_auth[authInfo.AuthMethod]);
  553. if (authInfo.AuthMethod == IKE_PRESHARED_KEY)
  554. {
  555. // print preshared key
  556. PRINT(OUTSTREAM,TEXT(" : \""));
  557. for (i = 0; i < (int) (authInfo.dwAuthInfoSize/sizeof(TCHAR)); i++)
  558. {
  559. PRINT(OUTSTREAM,TEXT("%c"), *(((TCHAR*)authInfo.pAuthInfo)+i));
  560. }
  561. PRINT(OUTSTREAM,TEXT("\""));
  562. }
  563. else if (authInfo.AuthMethod == IKE_RSA_SIGNATURE || authInfo.AuthMethod == IKE_RSA_ENCRYPTION)
  564. {
  565. // convert and print cert
  566. PRINT(OUTSTREAM,TEXT(" : \""));
  567. dwReturn = CM_DecodeName(authInfo.pAuthInfo, authInfo.dwAuthInfoSize, &pszCertStr);
  568. if (dwReturn != ERROR_SUCCESS)
  569. {
  570. PRINT(OUTSTREAM,TEXT("Unknown"));
  571. }
  572. else
  573. {
  574. for (pTmp = pszCertStr; *pTmp; pTmp++)
  575. {
  576. PRINT(OUTSTREAM,TEXT("%c"), *pTmp);
  577. }
  578. delete [] pszCertStr;
  579. }
  580. PRINT(OUTSTREAM,TEXT("\""));
  581. }
  582. } // end of PrintAuthInfo
  585. void PrintPolicies(IN IPSEC_IKE_POLICY& IPSecIkePol)
  586. {
  587. int i;
  588. IPSEC_IKE_POLICY TmpPol; // for checks
  589. TCHAR szPrefix[] = TEXT(" ");
  591. // set TmpPol to 0's
  592. memset(&TmpPol, 0, sizeof(TmpPol));
  594. PRINT(OUTSTREAM,TEXT("==========================\n"));
  595. if (IPSecIkePol.dwNumMMFilters != 0)
  596. {
  597. for (i = 0; i < (int) IPSecIkePol.dwNumMMFilters; ++i)
  598. {
  599. PRINT(OUTSTREAM,TEXT("MM Filter %d\n"),i);
  600. PrintMMFilter(IPSecIkePol.pMMFilters[i], FALSE, FALSE);
  601. PRINT(OUTSTREAM,TEXT("==========================\n"));
  602. }
  603. }
  604. if (IPSecIkePol.dwNumFilters != 0)
  605. {
  606. for (i = 0; i < (int) IPSecIkePol.dwNumFilters; ++i)
  607. {
  608. PRINT(OUTSTREAM,TEXT("Filter %d\n"),i);
  609. if (IPSecIkePol.QMFilterType == QM_TRANSPORT_FILTER)
  610. {
  611. PrintFilter(IPSecIkePol.pTransportFilters[i], FALSE, FALSE);
  612. }
  613. else
  614. {
  615. // tunnel
  616. PrintTunnelFilter(IPSecIkePol.pTunnelFilters[i], FALSE, FALSE);
  617. }
  618. PRINT(OUTSTREAM,TEXT("==========================\n"));
  619. }
  620. }
  621. PRINT(OUTSTREAM,TEXT("Oakley Auth: \n"));
  622. for (i = 0; i < (int) IPSecIkePol.AuthInfos.dwNumAuthInfos; i++)
  623. {
  624. PRINT(OUTSTREAM,TEXT("\tAM #%d : "), i+1);
  625. PrintAuthInfo(IPSecIkePol.AuthInfos.pAuthenticationInfo[i]);
  626. PRINT(OUTSTREAM,TEXT("\n"));
  627. }
  628. PRINT(OUTSTREAM,TEXT("==========================\n"));
  630. // continue here
  631. // mm policy
  632. if (memcmp(&IPSecIkePol.IkePol, &TmpPol.IkePol, sizeof(TmpPol.IkePol)) != 0)
  633. {
  634. PRINT(OUTSTREAM,TEXT("MM Policy: \n"));
  635. PrintMMPolicy(IPSecIkePol.IkePol, szPrefix);
  636. }
  638. PRINT(OUTSTREAM,TEXT("==========================\n"));
  639. // qm policy
  640. if (memcmp(&IPSecIkePol.IpsPol, &TmpPol.IpsPol, sizeof(TmpPol.IpsPol)) != 0)
  641. {
  642. PRINT(OUTSTREAM,TEXT("QM Policy: \n"));
  643. PrintFilterAction(IPSecIkePol.IpsPol, szPrefix);
  644. }
  645. }