archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ipsec/spd/server/ikerpc.c

585 lines
13 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1999 Microsoft Corporation
  6. Module Name:
  8. ikerpc.c
  10. Abstract:
  12. This module contains all of the code to service the
  13. RPC calls made to the SPD that are serviced in IKE.
  15. Author:
  17. abhisheV 30-September-1999
  19. Environment
  21. User Level: Win32
  23. Revision History:
  26. --*/
  29. #include "precomp.h"
  32. VOID
  33. IKENEGOTIATION_HANDLE_rundown(
  34. IKENEGOTIATION_HANDLE hIKENegotiation
  35. )
  36. {
  37. if (!gbIsIKEUp) {
  38. return;
  39. }
  41. if (hIKENegotiation) {
  42. (VOID) IKECloseIKENegotiationHandle(
  43. hIKENegotiation
  44. );
  45. }
  46. }
  49. VOID
  50. IKENOTIFY_HANDLE_rundown(
  51. IKENOTIFY_HANDLE hIKENotifyHandle
  52. )
  53. {
  54. if (!gbIsIKEUp) {
  55. return;
  56. }
  58. if (hIKENotifyHandle) {
  59. (VOID) IKECloseIKENotifyHandle(
  60. hIKENotifyHandle
  61. );
  62. }
  63. }
  66. DWORD
  67. RpcInitiateIKENegotiation(
  68. STRING_HANDLE pServerName,
  69. PQM_FILTER_CONTAINER pQMFilterContainer,
  70. DWORD dwClientProcessId,
  71. ULONG uhClientEvent,
  72. DWORD dwFlags,
  73. IKENEGOTIATION_HANDLE * phIKENegotiation
  74. )
  75. {
  76. DWORD dwError = 0;
  77. HANDLE hClientEvent = NULL;
  78. PIPSEC_QM_FILTER pQMFilter = NULL;
  79. BOOL bImpersonating = FALSE;
  81. dwError = SPDImpersonateClient(
  82. &bImpersonating
  83. );
  84. BAIL_ON_WIN32_ERROR(dwError);
  86. ENTER_SPD_SECTION();
  87. dwError = ValidateSecurity(
  88. SPD_OBJECT_SERVER,
  89. SERVER_ACCESS_ADMINISTER,
  90. NULL,
  91. NULL
  92. );
  93. LEAVE_SPD_SECTION();
  94. BAIL_ON_WIN32_ERROR(dwError);
  96. dwError = ValidateInitiateIKENegotiation(pServerName,
  97. pQMFilterContainer,
  98. dwClientProcessId,
  99. uhClientEvent,
  100. dwFlags,
  101. phIKENegotiation);
  102. BAIL_ON_WIN32_ERROR(dwError);
  105. hClientEvent = LongToHandle(uhClientEvent);
  107. pQMFilter = pQMFilterContainer->pQMFilters;
  109. dwError = IKEInitiateIKENegotiation(
  110. pQMFilter,
  111. dwClientProcessId,
  112. hClientEvent,
  113. dwFlags,
  114. phIKENegotiation
  115. );
  116. BAIL_ON_WIN32_ERROR(dwError);
  118. error:
  120. SPDRevertToSelf(bImpersonating);
  121. return (dwError);
  122. }
  125. DWORD
  126. RpcQueryIKENegotiationStatus(
  127. IKENEGOTIATION_HANDLE hIKENegotiation,
  128. SA_NEGOTIATION_STATUS_INFO *NegotiationStatus
  129. )
  130. {
  131. DWORD dwError = 0;
  132. DWORD dwFlags=0;
  133. BOOL bImpersonating = FALSE;
  135. dwError = SPDImpersonateClient(
  136. &bImpersonating
  137. );
  138. BAIL_ON_WIN32_ERROR(dwError);
  140. ENTER_SPD_SECTION();
  141. dwError = ValidateSecurity(
  142. SPD_OBJECT_SERVER,
  143. SERVER_ACCESS_ADMINISTER,
  144. NULL,
  145. NULL
  146. );
  147. LEAVE_SPD_SECTION();
  148. BAIL_ON_WIN32_ERROR(dwError);
  151. dwError=ValidateQueryIKENegotiationStatus(hIKENegotiation,
  152. NegotiationStatus);
  153. BAIL_ON_WIN32_ERROR(dwError);
  155. dwError = IKEQueryIKENegotiationStatus(
  156. hIKENegotiation,
  157. NegotiationStatus,
  158. dwFlags
  159. );
  160. BAIL_ON_WIN32_ERROR(dwError);
  162. error:
  164. SPDRevertToSelf(bImpersonating);
  165. return (dwError);
  166. }
  169. DWORD
  170. RpcCloseIKENegotiationHandle(
  171. IKENEGOTIATION_HANDLE * phIKENegotiation
  172. )
  173. {
  174. DWORD dwError = 0;
  175. BOOL bImpersonating = FALSE;
  178. dwError = SPDImpersonateClient(
  179. &bImpersonating
  180. );
  181. BAIL_ON_WIN32_ERROR(dwError);
  183. ENTER_SPD_SECTION();
  184. dwError = ValidateSecurity(
  185. SPD_OBJECT_SERVER,
  186. SERVER_ACCESS_ADMINISTER,
  187. NULL,
  188. NULL
  189. );
  190. LEAVE_SPD_SECTION();
  191. BAIL_ON_WIN32_ERROR(dwError);
  193. dwError=ValidateCloseIKENegotiationHandle(phIKENegotiation);
  194. BAIL_ON_WIN32_ERROR(dwError);
  196. dwError = IKECloseIKENegotiationHandle(
  197. *phIKENegotiation
  198. );
  199. BAIL_ON_WIN32_ERROR(dwError);
  201. *phIKENegotiation = NULL;
  203. error:
  205. SPDRevertToSelf(bImpersonating);
  206. return (dwError);
  207. }
  210. DWORD
  211. RpcEnumMMSAs(
  212. STRING_HANDLE pServerName,
  213. PMM_SA_CONTAINER pMMTemplate,
  214. PMM_SA_CONTAINER *ppMMSAContainer,
  215. LPDWORD pdwNumEntries,
  216. LPDWORD pdwTotalMMsAvailable,
  217. LPDWORD pdwEnumHandle,
  218. DWORD dwFlags
  219. )
  220. {
  222. DWORD dwError = 0;
  223. PIPSEC_MM_SA pMMSAs=NULL;
  224. BOOL bImpersonating = FALSE;
  227. dwError = SPDImpersonateClient(
  228. &bImpersonating
  229. );
  230. BAIL_ON_WIN32_ERROR(dwError);
  232. ENTER_SPD_SECTION();
  233. dwError = ValidateSecurity(
  234. SPD_OBJECT_SERVER,
  235. SERVER_ACCESS_ADMINISTER,
  236. NULL,
  237. NULL
  238. );
  239. LEAVE_SPD_SECTION();
  240. BAIL_ON_WIN32_ERROR(dwError);
  242. dwError=ValidateEnumMMSAs(pServerName,
  243. pMMTemplate,
  244. ppMMSAContainer,
  245. pdwNumEntries,
  246. pdwTotalMMsAvailable,
  247. pdwEnumHandle,
  248. dwFlags);
  249. BAIL_ON_WIN32_ERROR(dwError);
  251. dwError= IKEEnumMMs(
  252. pMMTemplate->pMMSAs,
  253. &pMMSAs,
  254. pdwNumEntries,
  255. pdwTotalMMsAvailable,
  256. pdwEnumHandle,
  257. dwFlags
  258. );
  259. BAIL_ON_WIN32_ERROR(dwError);
  261. (*ppMMSAContainer)->pMMSAs=pMMSAs;
  262. (*ppMMSAContainer)->dwNumMMSAs=*pdwNumEntries;
  264. error:
  266. if (dwError != ERROR_SUCCESS) {
  267. if (ppMMSAContainer && *ppMMSAContainer) {
  268. (*ppMMSAContainer)->pMMSAs=NULL;
  269. (*ppMMSAContainer)->dwNumMMSAs=0;
  270. }
  271. }
  273. SPDRevertToSelf(bImpersonating);
  274. return dwError;
  275. }
  278. DWORD
  279. RpcDeleteMMSAs(
  280. STRING_HANDLE pServerName,
  281. PMM_SA_CONTAINER pMMTemplate,
  282. DWORD dwFlags
  283. )
  284. {
  285. DWORD dwError = 0;
  286. BOOL bImpersonating = FALSE;
  289. dwError = SPDImpersonateClient(
  290. &bImpersonating
  291. );
  292. BAIL_ON_WIN32_ERROR(dwError);
  294. ENTER_SPD_SECTION();
  295. dwError = ValidateSecurity(
  296. SPD_OBJECT_SERVER,
  297. SERVER_ACCESS_ADMINISTER,
  298. NULL,
  299. NULL
  300. );
  301. LEAVE_SPD_SECTION();
  302. BAIL_ON_WIN32_ERROR(dwError);
  304. dwError=ValidateDeleteMMSAs(pServerName,
  305. pMMTemplate,
  306. dwFlags);
  307. BAIL_ON_WIN32_ERROR(dwError);
  309. dwError= IKEDeleteAssociation(
  310. pMMTemplate->pMMSAs,
  311. dwFlags);
  313. BAIL_ON_WIN32_ERROR(dwError);
  315. error:
  317. SPDRevertToSelf(bImpersonating);
  318. return dwError;
  319. }
  321. DWORD
  322. RpcQueryIKEStatistics(
  323. STRING_HANDLE pServerName,
  324. IKE_STATISTICS *pIKEStatistics
  325. )
  326. {
  327. DWORD dwError = 0;
  328. BOOL bImpersonating = FALSE;
  331. dwError = SPDImpersonateClient(
  332. &bImpersonating
  333. );
  334. BAIL_ON_WIN32_ERROR(dwError);
  336. ENTER_SPD_SECTION();
  337. dwError = ValidateSecurity(
  338. SPD_OBJECT_SERVER,
  339. SERVER_ACCESS_ADMINISTER,
  340. NULL,
  341. NULL
  342. );
  343. LEAVE_SPD_SECTION();
  344. BAIL_ON_WIN32_ERROR(dwError);
  346. dwError=ValidateQueryIKEStatistics(pServerName,
  347. pIKEStatistics);
  348. BAIL_ON_WIN32_ERROR(dwError);
  350. dwError = IKEQueryStatistics(pIKEStatistics);
  352. BAIL_ON_WIN32_ERROR(dwError);
  354. error:
  356. SPDRevertToSelf(bImpersonating);
  357. return dwError;
  358. }
  361. DWORD
  362. RpcRegisterIKENotifyClient(
  363. STRING_HANDLE pServerName,
  364. DWORD dwClientProcessId,
  365. ULONG uhClientEvent,
  366. PQM_SA_CONTAINER pQMSATemplateContainer,
  367. IKENOTIFY_HANDLE *phNotifyHandle,
  368. DWORD dwFlags
  369. )
  370. {
  371. DWORD dwError = 0;
  372. HANDLE hClientEvent = LongToHandle(uhClientEvent);
  373. BOOL bImpersonating = FALSE;
  376. dwError = SPDImpersonateClient(
  377. &bImpersonating
  378. );
  379. BAIL_ON_WIN32_ERROR(dwError);
  381. ENTER_SPD_SECTION();
  382. dwError = ValidateSecurity(
  383. SPD_OBJECT_SERVER,
  384. SERVER_ACCESS_ADMINISTER,
  385. NULL,
  386. NULL
  387. );
  388. LEAVE_SPD_SECTION();
  389. BAIL_ON_WIN32_ERROR(dwError);
  391. dwError=ValidateRegisterIKENotifyClient(pServerName,
  392. dwClientProcessId,
  393. uhClientEvent,
  394. pQMSATemplateContainer,
  395. phNotifyHandle,
  396. dwFlags);
  397. BAIL_ON_WIN32_ERROR(dwError);
  399. dwError= IKERegisterNotifyClient(
  400. dwClientProcessId,
  401. hClientEvent,
  402. *pQMSATemplateContainer->pQMSAs,
  403. phNotifyHandle);
  405. BAIL_ON_WIN32_ERROR(dwError);
  407. error:
  409. SPDRevertToSelf(bImpersonating);
  410. return dwError;
  411. }
  413. DWORD RpcQueryNotifyData(
  414. IKENOTIFY_HANDLE uhNotifyHandle,
  415. PDWORD pdwNumEntries,
  416. PQM_SA_CONTAINER *ppQMSAContainer,
  417. DWORD dwFlags
  418. )
  419. {
  420. DWORD dwError = 0;
  421. PIPSEC_QM_SA pQMSAs=NULL;
  422. BOOL bImpersonating = FALSE;
  425. dwError = SPDImpersonateClient(
  426. &bImpersonating
  427. );
  428. BAIL_ON_WIN32_ERROR(dwError);
  430. ENTER_SPD_SECTION();
  431. dwError = ValidateSecurity(
  432. SPD_OBJECT_SERVER,
  433. SERVER_ACCESS_ADMINISTER,
  434. NULL,
  435. NULL
  436. );
  437. LEAVE_SPD_SECTION();
  438. BAIL_ON_WIN32_ERROR(dwError);
  440. dwError=ValidateQueryNotifyData(uhNotifyHandle,
  441. pdwNumEntries,
  442. ppQMSAContainer,
  443. dwFlags);
  444. BAIL_ON_WIN32_ERROR(dwError);
  446. dwError= IKEQuerySpiChange(
  447. uhNotifyHandle,
  448. pdwNumEntries,
  449. &pQMSAs);
  451. if ((dwError == ERROR_SUCCESS) ||
  452. (dwError == ERROR_MORE_DATA)) {
  454. (*ppQMSAContainer)->pQMSAs=pQMSAs;
  455. (*ppQMSAContainer)->dwNumQMSAs=*pdwNumEntries;
  457. SPDRevertToSelf(bImpersonating);
  458. return dwError;
  459. }
  461. error:
  463. if (ppQMSAContainer && *ppQMSAContainer) {
  464. (*ppQMSAContainer)->pQMSAs=NULL;
  465. (*ppQMSAContainer)->dwNumQMSAs=0;
  466. }
  467. if (pdwNumEntries) {
  468. *pdwNumEntries=0;
  469. }
  471. SPDRevertToSelf(bImpersonating);
  472. return dwError;
  473. }
  476. DWORD RpcCloseNotifyHandle(
  477. IKENOTIFY_HANDLE *phHandle
  478. )
  479. {
  480. DWORD dwError =0;
  481. BOOL bImpersonating = FALSE;
  484. dwError = SPDImpersonateClient(
  485. &bImpersonating
  486. );
  487. BAIL_ON_WIN32_ERROR(dwError);
  489. ENTER_SPD_SECTION();
  490. dwError = ValidateSecurity(
  491. SPD_OBJECT_SERVER,
  492. SERVER_ACCESS_ADMINISTER,
  493. NULL,
  494. NULL
  495. );
  496. LEAVE_SPD_SECTION();
  497. BAIL_ON_WIN32_ERROR(dwError);
  499. dwError=ValidateCloseNotifyHandle(phHandle);
  500. BAIL_ON_WIN32_ERROR(dwError);
  502. dwError = IKECloseIKENotifyHandle(*phHandle);
  503. BAIL_ON_WIN32_ERROR(dwError);
  505. *phHandle = NULL;
  507. error:
  509. SPDRevertToSelf(bImpersonating);
  510. return dwError;
  511. }
  513. DWORD RpcIPSecAddSA(
  514. STRING_HANDLE pServerName,
  515. PIPSEC_QM_POLICY_CONTAINER pQMPolicyContainer,
  516. PQM_FILTER_CONTAINER pQMFilterContainer,
  517. DWORD *uhLarvalContext,
  518. DWORD dwInboundKeyMatLen,
  519. BYTE *pInboundKeyMat,
  520. DWORD dwOutboundKeyMatLen,
  521. BYTE *pOutboundKeyMat,
  522. BYTE *pContextInfo,
  523. DWORD dwFlags)
  526. {
  527. DWORD dwError = 0;
  528. HANDLE hLarvalContext = NULL;
  529. PIPSEC_QM_FILTER pQMFilter = NULL;
  530. PIPSEC_QM_OFFER pQMOffer = NULL;
  531. BOOL bImpersonating = FALSE;
  534. dwError = SPDImpersonateClient(
  535. &bImpersonating
  536. );
  537. BAIL_ON_WIN32_ERROR(dwError);
  539. ENTER_SPD_SECTION();
  540. dwError = ValidateSecurity(
  541. SPD_OBJECT_SERVER,
  542. SERVER_ACCESS_ADMINISTER,
  543. NULL,
  544. NULL
  545. );
  546. LEAVE_SPD_SECTION();
  547. BAIL_ON_WIN32_ERROR(dwError);
  549. dwError=ValidateIPSecAddSA(pServerName,
  550. pQMPolicyContainer,
  551. pQMFilterContainer,
  552. uhLarvalContext,
  553. dwInboundKeyMatLen,
  554. pInboundKeyMat,
  555. dwOutboundKeyMatLen,
  556. pOutboundKeyMat,
  557. pContextInfo,
  558. dwFlags);
  559. BAIL_ON_WIN32_ERROR(dwError);
  562. hLarvalContext = LongToHandle(*uhLarvalContext);
  563. pQMFilter = pQMFilterContainer->pQMFilters;
  564. pQMOffer = pQMPolicyContainer->pPolicies->pOffers;
  566. dwError=IKEAddSAs(
  567. pQMOffer,
  568. pQMFilter,
  569. &hLarvalContext,
  570. dwInboundKeyMatLen,
  571. pInboundKeyMat,
  572. dwOutboundKeyMatLen,
  573. pOutboundKeyMat,
  574. pContextInfo,
  575. dwFlags);
  577. BAIL_ON_WIN32_ERROR(dwError);
  579. *uhLarvalContext = HandleToLong(hLarvalContext);
  581. error:
  583. SPDRevertToSelf(bImpersonating);
  584. return (dwError);
  585. }