|
|
/*++
Copyright (c) 1999 Microsoft Corporation
Module Name:
mmspecific.c
Abstract:
This module contains all of the code to drive the mm specific filter list management of IPSecSPD Service.
Author:
abhisheV 08-December-1999
Environment
User Level: Win32
Revision History:
--*/
#include "precomp.h"
DWORDApplyMMTransform( PINIMMFILTER pFilter, MATCHING_ADDR * pMatchingAddresses, DWORD dwAddrCnt, PINIMMSFILTER * ppSpecificFilters )/*++
Routine Description:
This function expands a generic mm filter into its corresponding specific filters.
Arguments:
pFilter - Generic filter to expand.
pMatchingAddresses - List of local ip addresses whose interface type matches that of the filter.
dwAddrCnt - Number of local ip addresses in the list.
ppSpecificFilters - List of specific filters expanded for the given generic filter.
Return Value:
ERROR_SUCCESS - Success.
Win32 Error - Failure.
--*/{ DWORD dwError = 0; PINIMMSFILTER pSpecificFilters = NULL; PINIMMSFILTER pOutboundSpecificFilters = NULL; PINIMMSFILTER pInboundSpecificFilters = NULL;
PADDR pOutSrcAddrList = NULL; DWORD dwOutSrcAddrCnt = 0; PADDR pInSrcAddrList = NULL; DWORD dwInSrcAddrCnt = 0;
PADDR pOutDesAddrList = NULL; DWORD dwOutDesAddrCnt = 0; PADDR pInDesAddrList = NULL; DWORD dwInDesAddrCnt = 0;
//
// Form the outbound and inbound source and destination
// address lists.
//
dwError = FormMMOutboundInboundAddresses( pFilter, pMatchingAddresses, dwAddrCnt, &pOutSrcAddrList, &dwOutSrcAddrCnt, &pInSrcAddrList, &dwInSrcAddrCnt, &pOutDesAddrList, &dwOutDesAddrCnt, &pInDesAddrList, &dwInDesAddrCnt ); BAIL_ON_WIN32_ERROR(dwError);
//
// Form outbound specific filters.
//
dwError = FormSpecificMMFilters( pFilter, pOutSrcAddrList, dwOutSrcAddrCnt, pOutDesAddrList, dwOutDesAddrCnt, FILTER_DIRECTION_OUTBOUND, &pOutboundSpecificFilters ); BAIL_ON_WIN32_ERROR(dwError);
//
// Form inbound specific filters.
//
dwError = FormSpecificMMFilters( pFilter, pInSrcAddrList, dwInSrcAddrCnt, pInDesAddrList, dwInDesAddrCnt, FILTER_DIRECTION_INBOUND, &pInboundSpecificFilters ); BAIL_ON_WIN32_ERROR(dwError);
pSpecificFilters = pOutboundSpecificFilters;
AddToSpecificMMList( &pSpecificFilters, pInboundSpecificFilters );
*ppSpecificFilters = pSpecificFilters;
cleanup:
if (pOutSrcAddrList) { FreeSPDMemory(pOutSrcAddrList); }
if (pInSrcAddrList) { FreeSPDMemory(pInSrcAddrList); }
if (pOutDesAddrList) { FreeSPDMemory(pOutDesAddrList); }
if (pInDesAddrList) { FreeSPDMemory(pInDesAddrList); }
return (dwError);
error:
if (pOutboundSpecificFilters) { FreeIniMMSFilterList(pOutboundSpecificFilters); }
if (pInboundSpecificFilters) { FreeIniMMSFilterList(pInboundSpecificFilters); }
*ppSpecificFilters = NULL; goto cleanup;}
DWORDFormMMOutboundInboundAddresses( PINIMMFILTER pFilter, MATCHING_ADDR * pMatchingAddresses, DWORD dwAddrCnt, PADDR * ppOutSrcAddrList, PDWORD pdwOutSrcAddrCnt, PADDR * ppInSrcAddrList, PDWORD pdwInSrcAddrCnt, PADDR * ppOutDesAddrList, PDWORD pdwOutDesAddrCnt, PADDR * ppInDesAddrList, PDWORD pdwInDesAddrCnt )/*++
Routine Description:
This function forms the outbound and inbound source and destination address sets for a generic filter.
Arguments:
pFilter - Generic filter under consideration.
pMatchingAddresses - List of local ip addresses whose interface type matches that of the filter.
dwAddrCnt - Number of local ip addresses in the list.
ppOutSrcAddrList - List of outbound source addresses.
pdwOutSrcAddrCnt - Number of addresses in the outbound source address list.
ppInSrcAddrList - List of inbound source addresses.
pdwInSrcAddrCnt - Number of addresses in the inbound source address list.
ppOutDesAddrList - List of outbound destination addresses.
pdwOutDesAddrCnt - Number of addresses in the outbound destination address list.
ppInDesAddrList - List of inbound destination addresses.
pdwInDesAddrCnt - Number of addresses in the inbound destination address list.
Return Value:
ERROR_SUCCESS - Success.
Win32 Error - Failure.
--*/{ DWORD dwError = 0;
PADDR pSrcAddrList = NULL; DWORD dwSrcAddrCnt = 0; PADDR pDesAddrList = NULL; DWORD dwDesAddrCnt = 0;
PADDR pOutSrcAddrList = NULL; DWORD dwOutSrcAddrCnt = 0; PADDR pInSrcAddrList = NULL; DWORD dwInSrcAddrCnt = 0;
PADDR pOutDesAddrList = NULL; DWORD dwOutDesAddrCnt = 0; PADDR pInDesAddrList = NULL; DWORD dwInDesAddrCnt = 0;
//
// Replace wild card information to generate the new source
// address list.
//
dwError = FormAddressList( pFilter->SrcAddr, pMatchingAddresses, dwAddrCnt, &pSrcAddrList, &dwSrcAddrCnt ); BAIL_ON_WIN32_ERROR(dwError);
//
// Replace wild card information to generate the new destination
// address list.
//
dwError = FormAddressList( pFilter->DesAddr, pMatchingAddresses, dwAddrCnt, &pDesAddrList, &dwDesAddrCnt ); BAIL_ON_WIN32_ERROR(dwError);
//
// Separate the source address list into outbound and inbound
// source address sets based on the local machine's ip addresses.
//
dwError = SeparateAddrList( pFilter->SrcAddr.AddrType, pSrcAddrList, dwSrcAddrCnt, pMatchingAddresses, dwAddrCnt, &pOutSrcAddrList, &dwOutSrcAddrCnt, &pInSrcAddrList, &dwInSrcAddrCnt ); BAIL_ON_WIN32_ERROR(dwError);
//
// Separate the destination address list into outbound and inbound
// destination address sets based on the local machine's ip
// addresses.
//
dwError = SeparateAddrList( pFilter->DesAddr.AddrType, pDesAddrList, dwDesAddrCnt, pMatchingAddresses, dwAddrCnt, &pInDesAddrList, &dwInDesAddrCnt, &pOutDesAddrList, &dwOutDesAddrCnt ); BAIL_ON_WIN32_ERROR(dwError);
*ppOutSrcAddrList = pOutSrcAddrList; *pdwOutSrcAddrCnt = dwOutSrcAddrCnt; *ppInSrcAddrList = pInSrcAddrList; *pdwInSrcAddrCnt = dwInSrcAddrCnt;
*ppOutDesAddrList = pOutDesAddrList; *pdwOutDesAddrCnt = dwOutDesAddrCnt; *ppInDesAddrList = pInDesAddrList; *pdwInDesAddrCnt = dwInDesAddrCnt;
cleanup:
if (pSrcAddrList) { FreeSPDMemory(pSrcAddrList); }
if (pDesAddrList) { FreeSPDMemory(pDesAddrList); }
return (dwError);
error:
if (pOutSrcAddrList) { FreeSPDMemory(pOutSrcAddrList); }
if (pInSrcAddrList) { FreeSPDMemory(pInSrcAddrList); }
if (pOutDesAddrList) { FreeSPDMemory(pOutDesAddrList); }
if (pInDesAddrList) { FreeSPDMemory(pInDesAddrList); }
*ppOutSrcAddrList = NULL; *pdwOutSrcAddrCnt = 0; *ppInSrcAddrList = NULL; *pdwInSrcAddrCnt = 0;
*ppOutDesAddrList = NULL; *pdwOutDesAddrCnt = 0; *ppInDesAddrList = NULL; *pdwInDesAddrCnt = 0;
goto cleanup;}
DWORDFormSpecificMMFilters( PINIMMFILTER pFilter, PADDR pSrcAddrList, DWORD dwSrcAddrCnt, PADDR pDesAddrList, DWORD dwDesAddrCnt, DWORD dwDirection, PINIMMSFILTER * ppSpecificFilters )/*++
Routine Description:
This function forms the specific main mode filters for the given generic filter and the source and destination address sets.
Arguments:
pFilter - Generic filter for which specific filters are to be created.
pSrcAddrList - List of source addresses.
dwSrcAddrCnt - Number of addresses in the source address list.
pDesAddrList - List of destination addresses.
dwDesAddrCnt - Number of addresses in the destination address list.
ppSpecificFilters - Specific filters created for the given generic filter and the given addresses.
Return Value:
ERROR_SUCCESS - Success.
Win32 Error - Failure.
--*/{ DWORD dwError = 0; PINIMMSFILTER pSpecificFilters = NULL; DWORD i = 0, j = 0; PINIMMSFILTER pSpecificFilter = NULL;
for (i = 0; i < dwSrcAddrCnt; i++) {
for (j = 0; j < dwDesAddrCnt; j++) {
dwError = CreateSpecificMMFilter( pFilter, pSrcAddrList[i], pDesAddrList[j], &pSpecificFilter ); BAIL_ON_WIN32_ERROR(dwError);
//
// Set the direction of the filter.
//
pSpecificFilter->dwDirection = dwDirection;
AssignMMFilterWeight(pSpecificFilter);
AddToSpecificMMList( &pSpecificFilters, pSpecificFilter );
}
}
*ppSpecificFilters = pSpecificFilters; return (dwError);
error:
if (pSpecificFilters) { FreeIniMMSFilterList(pSpecificFilters); }
*ppSpecificFilters = NULL; return (dwError);}
DWORDCreateSpecificMMFilter( PINIMMFILTER pGenericFilter, ADDR SrcAddr, ADDR DesAddr, PINIMMSFILTER * ppSpecificFilter ){ DWORD dwError = 0; PINIMMSFILTER pSpecificFilter = NULL;
dwError = AllocateSPDMemory( sizeof(INIMMSFILTER), &pSpecificFilter ); BAIL_ON_WIN32_ERROR(dwError);
pSpecificFilter->cRef = 0;
CopyGuid(pGenericFilter->gFilterID, &(pSpecificFilter->gParentID));
dwError = AllocateSPDString( pGenericFilter->pszFilterName, &(pSpecificFilter->pszFilterName) ); BAIL_ON_WIN32_ERROR(dwError);
pSpecificFilter->InterfaceType = pGenericFilter->InterfaceType;
pSpecificFilter->dwFlags = pGenericFilter->dwFlags;
CopyAddresses(SrcAddr, &(pSpecificFilter->SrcAddr));
CopyAddresses(DesAddr, &(pSpecificFilter->DesAddr));
//
// Direction must be set in the calling routine.
//
pSpecificFilter->dwDirection = 0;
//
// Weight must be set in the calling routine.
//
pSpecificFilter->dwWeight = 0;
CopyGuid(pGenericFilter->gMMAuthID, &(pSpecificFilter->gMMAuthID));
CopyGuid(pGenericFilter->gPolicyID, &(pSpecificFilter->gPolicyID));
pSpecificFilter->pIniMMAuthMethods = NULL;
pSpecificFilter->pIniMMPolicy = NULL;
pSpecificFilter->pNext = NULL;
*ppSpecificFilter = pSpecificFilter; return (dwError);
error:
if (pSpecificFilter) { FreeIniMMSFilter(pSpecificFilter); }
*ppSpecificFilter = NULL; return (dwError);}
VOIDAssignMMFilterWeight( PINIMMSFILTER pSpecificFilter )/*++
Routine Description:
Computes and assigns the weight to a specific mm filter.
The mm filter weight consists of the following:
31 16 12 8 0 +-----------+--------+-----------+--------+ |AddrMaskWgt| Reserved | +-----------+--------+-----------+--------+
Arguments:
pSpecificFilter - Specific mm filter to which the weight is to be assigned.
Return Value:
None.
--*/{ DWORD dwWeight = 0; ULONG SrcMask = 0; ULONG DesMask = 0; DWORD dwMaskWeight = 0; DWORD i = 0;
//
// Weight Rule:
// A field with a more specific value gets a higher weight than
// the same field with a lesser specific value.
//
//
// IP addresses get the weight values based on their mask values.
// In the address case, the weight is computed as a sum of the
// bit positions starting from the position that contains the
// first least significant non-zero bit to the most significant
// bit position of the mask.
// All unique ip addresses have a mask of 0xFFFFFFFF and thus get
// the same weight, which is 1 + 2 + .... + 32.
// A subnet address has a mask with atleast the least significant
// bit zero and thus gets weight in the range (2 + .. + 32) to 0.
//
DesMask = ntohl(pSpecificFilter->DesAddr.uSubNetMask);
for (i = 0; i < sizeof(ULONG) * 8; i++) {
//
// If the bit position contains a non-zero bit, add the bit
// position to the sum.
//
if ((DesMask & 0x1) == 0x1) { dwMaskWeight += (i+1); }
//
// Move to the next bit position.
//
DesMask = DesMask >> 1;
}
SrcMask = ntohl(pSpecificFilter->SrcAddr.uSubNetMask);
for (i = 0; i < sizeof(ULONG) * 8; i++) {
//
// If the bit position contains a non-zero bit, add the bit
// position to the sum.
//
if ((SrcMask & 0x1) == 0x1) { dwMaskWeight += (i+1); }
//
// Move to the next bit position.
//
SrcMask = SrcMask >> 1;
}
//
// Move the mask weight to the set of bits in the overall weight
// that it occupies.
//
dwMaskWeight = dwMaskWeight << 16;
dwWeight += dwMaskWeight;
pSpecificFilter->dwWeight = dwWeight;}
VOIDAddToSpecificMMList( PINIMMSFILTER * ppSpecificMMFilterList, PINIMMSFILTER pSpecificMMFilters ){ PINIMMSFILTER pListOne = NULL; PINIMMSFILTER pListTwo = NULL; PINIMMSFILTER pListMerge = NULL; PINIMMSFILTER pLast = NULL;
if (!(*ppSpecificMMFilterList) && !pSpecificMMFilters) { return; }
if (!(*ppSpecificMMFilterList)) { *ppSpecificMMFilterList = pSpecificMMFilters; return; }
if (!pSpecificMMFilters) { return; }
pListOne = *ppSpecificMMFilterList; pListTwo = pSpecificMMFilters;
while (pListOne && pListTwo) {
if ((pListOne->dwWeight) > (pListTwo->dwWeight)) {
if (!pListMerge) { pListMerge = pListOne; pLast = pListOne; pListOne = pListOne->pNext; } else { pLast->pNext = pListOne; pListOne = pListOne->pNext; pLast = pLast->pNext; }
} else {
if (!pListMerge) { pListMerge = pListTwo; pLast = pListTwo; pListTwo = pListTwo->pNext; } else { pLast->pNext = pListTwo; pListTwo = pListTwo->pNext; pLast = pLast->pNext; }
}
}
if (pListOne) { pLast->pNext = pListOne; } else { pLast->pNext = pListTwo; }
*ppSpecificMMFilterList = pListMerge; return;}
VOIDFreeIniMMSFilterList( PINIMMSFILTER pIniMMSFilterList ){ PINIMMSFILTER pFilter = NULL; PINIMMSFILTER pTempFilter = NULL;
pFilter = pIniMMSFilterList;
while (pFilter) { pTempFilter = pFilter; pFilter = pFilter->pNext; FreeIniMMSFilter(pTempFilter); }}
VOIDFreeIniMMSFilter( PINIMMSFILTER pIniMMSFilter ){ if (pIniMMSFilter) { if (pIniMMSFilter->pszFilterName) { FreeSPDString(pIniMMSFilter->pszFilterName); }
//
// Must not ever free pIniMMSFilter->pIniMMPolicy.
//
FreeSPDMemory(pIniMMSFilter); }}
VOIDLinkMMSpecificFiltersToPolicy( PINIMMPOLICY pIniMMPolicy, PINIMMSFILTER pIniMMSFilters ){ PINIMMSFILTER pTemp = NULL;
pTemp = pIniMMSFilters;
while (pTemp) { pTemp->pIniMMPolicy = pIniMMPolicy; pTemp = pTemp->pNext; }
return;}
VOIDLinkMMSpecificFiltersToAuth( PINIMMAUTHMETHODS pIniMMAuthMethods, PINIMMSFILTER pIniMMSFilters ){ PINIMMSFILTER pTemp = NULL;
pTemp = pIniMMSFilters;
while (pTemp) { pTemp->pIniMMAuthMethods = pIniMMAuthMethods; pTemp = pTemp->pNext; }
return;}
VOIDRemoveIniMMSFilter( PINIMMSFILTER pIniMMSFilter ){ PINIMMSFILTER * ppTemp = NULL;
ppTemp = &gpIniMMSFilter;
while (*ppTemp) {
if (*ppTemp == pIniMMSFilter) { break; } ppTemp = &((*ppTemp)->pNext); }
if (*ppTemp) { *ppTemp = pIniMMSFilter->pNext; }
return;}
DWORDEnumSpecificMMFilters( PINIMMSFILTER pIniMMSFilterList, DWORD dwResumeHandle, DWORD dwPreferredNumEntries, PMM_FILTER * ppMMFilters, PDWORD pdwNumMMFilters )/*++
Routine Description:
This function creates enumerated specific filters.
Arguments:
pIniMMSFilterList - List of specific filters to enumerate.
dwResumeHandle - Location in the specific filter list from which to resume enumeration.
dwPreferredNumEntries - Preferred number of enumeration entries.
ppMMFilters - Enumerated filters returned to the caller.
pdwNumMMFilters - Number of filters actually enumerated.
Return Value:
ERROR_SUCCESS - Success.
Win32 Error - Failure.
--*/{ DWORD dwError = 0; DWORD dwNumToEnum = 0; PINIMMSFILTER pIniMMSFilter = NULL; DWORD i = 0; PINIMMSFILTER pTemp = NULL; DWORD dwNumMMFilters = 0; PMM_FILTER pMMFilters = 0; PMM_FILTER pMMFilter = 0;
if (!dwPreferredNumEntries || (dwPreferredNumEntries > MAX_MMFILTER_ENUM_COUNT)) { dwNumToEnum = MAX_MMFILTER_ENUM_COUNT; } else { dwNumToEnum = dwPreferredNumEntries; }
pIniMMSFilter = pIniMMSFilterList;
for (i = 0; (i < dwResumeHandle) && (pIniMMSFilter != NULL); i++) { pIniMMSFilter = pIniMMSFilter->pNext; }
if (!pIniMMSFilter) { dwError = ERROR_NO_DATA; BAIL_ON_WIN32_ERROR(dwError); }
pTemp = pIniMMSFilter;
while (pTemp && (dwNumMMFilters < dwNumToEnum)) { dwNumMMFilters++; pTemp = pTemp->pNext; }
dwError = SPDApiBufferAllocate( sizeof(MM_FILTER)*dwNumMMFilters, &pMMFilters ); BAIL_ON_WIN32_ERROR(dwError);
pTemp = pIniMMSFilter; pMMFilter = pMMFilters;
for (i = 0; i < dwNumMMFilters; i++) {
dwError = CopyMMSFilter( pTemp, pMMFilter ); BAIL_ON_WIN32_ERROR(dwError);
pTemp = pTemp->pNext; pMMFilter++;
}
*ppMMFilters = pMMFilters; *pdwNumMMFilters = dwNumMMFilters; return (dwError);
error:
if (pMMFilters) { FreeMMFilters( i, pMMFilters ); }
*ppMMFilters = NULL; *pdwNumMMFilters = 0;
return (dwError);}
DWORDCopyMMSFilter( PINIMMSFILTER pIniMMSFilter, PMM_FILTER pMMFilter )/*++
Routine Description:
This function copies an internal filter into an external filter container.
Arguments:
pIniMMSFilter - Internal filter to copy.
pMMFilter - External filter container in which to copy.
Return Value:
ERROR_SUCCESS - Success.
Win32 Error - Failure.
--*/{ DWORD dwError = 0;
CopyGuid(pIniMMSFilter->gParentID, &(pMMFilter->gFilterID));
dwError = CopyName( pIniMMSFilter->pszFilterName, &(pMMFilter->pszFilterName) ); BAIL_ON_WIN32_ERROR(dwError);
pMMFilter->InterfaceType = pIniMMSFilter->InterfaceType;
pMMFilter->bCreateMirror = FALSE;
pMMFilter->dwFlags = pIniMMSFilter->dwFlags;
CopyAddresses(pIniMMSFilter->SrcAddr, &(pMMFilter->SrcAddr));
CopyAddresses(pIniMMSFilter->DesAddr, &(pMMFilter->DesAddr));
pMMFilter->dwDirection = pIniMMSFilter->dwDirection;
pMMFilter->dwWeight = pIniMMSFilter->dwWeight;
CopyGuid(pIniMMSFilter->gMMAuthID, &(pMMFilter->gMMAuthID));
CopyGuid(pIniMMSFilter->gPolicyID, &(pMMFilter->gPolicyID));
error:
return (dwError);}
DWORDEnumSelectSpecificMMFilters( PINIMMFILTER pIniMMFilter, DWORD dwResumeHandle, DWORD dwPreferredNumEntries, PMM_FILTER * ppMMFilters, PDWORD pdwNumMMFilters )/*++
Routine Description:
This function creates enumerated specific filters for the given generic filter.
Arguments:
pIniMMFilter - Generic filter for which specific filters are to be enumerated.
dwResumeHandle - Location in the specific filter list for the given generic filter from which to resume enumeration.
dwPreferredNumEntries - Preferred number of enumeration entries.
ppMMFilters - Enumerated filters returned to the caller.
pdwNumMMFilters - Number of filters actually enumerated.
Return Value:
ERROR_SUCCESS - Success.
Win32 Error - Failure.
--*/{ DWORD dwError = 0; DWORD dwNumToEnum = 0; DWORD dwNumMMSFilters = 0; PINIMMSFILTER * ppIniMMSFilters = NULL; DWORD i = 0; DWORD dwNumMMFilters = 0; PMM_FILTER pMMFilters = 0; PMM_FILTER pMMFilter = 0;
if (!dwPreferredNumEntries || (dwPreferredNumEntries > MAX_MMFILTER_ENUM_COUNT)) { dwNumToEnum = MAX_MMFILTER_ENUM_COUNT; } else { dwNumToEnum = dwPreferredNumEntries; }
dwNumMMSFilters = pIniMMFilter->dwNumMMSFilters; ppIniMMSFilters = pIniMMFilter->ppIniMMSFilters;
if (!dwNumMMSFilters || (dwNumMMSFilters <= dwResumeHandle)) { dwError = ERROR_NO_DATA; BAIL_ON_WIN32_ERROR(dwError); }
dwNumMMFilters = min((dwNumMMSFilters-dwResumeHandle), dwNumToEnum); dwError = SPDApiBufferAllocate( sizeof(MM_FILTER)*dwNumMMFilters, &pMMFilters ); BAIL_ON_WIN32_ERROR(dwError);
pMMFilter = pMMFilters;
for (i = 0; i < dwNumMMFilters; i++) {
dwError = CopyMMSFilter( *(ppIniMMSFilters + (dwResumeHandle + i)), pMMFilter ); BAIL_ON_WIN32_ERROR(dwError); pMMFilter++;
}
*ppMMFilters = pMMFilters; *pdwNumMMFilters = dwNumMMFilters; return (dwError);
error:
if (pMMFilters) { FreeMMFilters( i, pMMFilters ); }
*ppMMFilters = NULL; *pdwNumMMFilters = 0;
return (dwError);}
DWORDMatchMMFilter( LPWSTR pServerName, PMM_FILTER pMMFilter, DWORD dwFlags, PMM_FILTER * ppMatchedMMFilters, PIPSEC_MM_POLICY * ppMatchedMMPolicies, PMM_AUTH_METHODS * ppMatchedMMAuthMethods, DWORD dwPreferredNumEntries, LPDWORD pdwNumMatches, LPDWORD pdwResumeHandle )/*++
Routine Description:
This function finds the matching mm filters for the given mm filter template. The matched filters can not be more specific than the given filter template.
Arguments:
pServerName - Server on which a filter template is to be matched.
pMMFilter - Filter template to match.
dwFlags - Flags.
ppMatchedMMFilters - Matched main mode filters returned to the caller.
ppMatchedMMPolicies - Main mode policies corresponding to the matched main mode filters returned to the caller.
ppMatchedMMAuthMethods - Main mode auth methods corresponding to the matched main mode filters returned to the caller.
dwPreferredNumEntries - Preferred number of matched entries.
pdwNumMatches - Number of filters actually matched.
pdwResumeHandle - Handle to the location in the matched filter list from which to resume enumeration.
Return Value:
ERROR_SUCCESS - Success.
Win32 Error - Failure.
--*/{ DWORD dwError = 0; DWORD dwResumeHandle = 0; DWORD dwNumToMatch = 0; PINIMMSFILTER pIniMMSFilter = NULL; DWORD i = 0; BOOL bMatches = FALSE; PINIMMSFILTER pTemp = NULL; DWORD dwNumMatches = 0; PINIMMSFILTER pLastMatchedFilter = NULL; PMM_FILTER pMatchedMMFilters = NULL; PIPSEC_MM_POLICY pMatchedMMPolicies = NULL; PMM_AUTH_METHODS pMatchedMMAuthMethods = NULL; DWORD dwNumFilters = 0; DWORD dwNumPolicies = 0; DWORD dwNumAuthMethods = 0; PMM_FILTER pMatchedMMFilter = NULL; PIPSEC_MM_POLICY pMatchedMMPolicy = NULL; PMM_AUTH_METHODS pTempMMAuthMethods = NULL;
dwError = ValidateMMFilterTemplate( pMMFilter ); BAIL_ON_WIN32_ERROR(dwError);
dwResumeHandle = *pdwResumeHandle;
if (!dwPreferredNumEntries) { dwNumToMatch = 1; } else if (dwPreferredNumEntries > MAX_MMFILTER_ENUM_COUNT) { dwNumToMatch = MAX_MMFILTER_ENUM_COUNT; } else { dwNumToMatch = dwPreferredNumEntries; }
ENTER_SPD_SECTION();
dwError = ValidateMMSecurity( SPD_OBJECT_SERVER, SERVER_ACCESS_ADMINISTER, NULL, NULL ); BAIL_ON_LOCK_ERROR(dwError);
pIniMMSFilter = gpIniMMSFilter;
while ((i < dwResumeHandle) && (pIniMMSFilter != NULL)) { bMatches = MatchIniMMSFilter( pIniMMSFilter, pMMFilter ); if (bMatches) { i++; } pIniMMSFilter = pIniMMSFilter->pNext; }
if (!pIniMMSFilter) { if (!(dwFlags & RETURN_DEFAULTS_ON_NO_MATCH)) { dwError = ERROR_NO_DATA; BAIL_ON_LOCK_ERROR(dwError); } else { dwError = CopyMMMatchDefaults( &pMatchedMMFilters, &pMatchedMMAuthMethods, &pMatchedMMPolicies, &dwNumMatches ); BAIL_ON_LOCK_ERROR(dwError); BAIL_ON_LOCK_SUCCESS(dwError); } }
pTemp = pIniMMSFilter;
while (pTemp && (dwNumMatches < dwNumToMatch)) { bMatches = MatchIniMMSFilter( pTemp, pMMFilter ); if (bMatches) { pLastMatchedFilter = pTemp; dwNumMatches++; } pTemp = pTemp->pNext; }
if (!dwNumMatches) { if (!(dwFlags & RETURN_DEFAULTS_ON_NO_MATCH)) { dwError = ERROR_NO_DATA; BAIL_ON_LOCK_ERROR(dwError); } else { dwError = CopyMMMatchDefaults( &pMatchedMMFilters, &pMatchedMMAuthMethods, &pMatchedMMPolicies, &dwNumMatches ); BAIL_ON_LOCK_ERROR(dwError); BAIL_ON_LOCK_SUCCESS(dwError); } }
dwError = SPDApiBufferAllocate( sizeof(MM_FILTER)*dwNumMatches, &pMatchedMMFilters ); BAIL_ON_LOCK_ERROR(dwError);
dwError = SPDApiBufferAllocate( sizeof(IPSEC_MM_POLICY)*dwNumMatches, &pMatchedMMPolicies ); BAIL_ON_LOCK_ERROR(dwError);
dwError = SPDApiBufferAllocate( sizeof(MM_AUTH_METHODS)*dwNumMatches, &pMatchedMMAuthMethods ); BAIL_ON_LOCK_ERROR(dwError);
if (dwNumMatches == 1) {
dwError = CopyMMSFilter( pLastMatchedFilter, pMatchedMMFilters ); BAIL_ON_LOCK_ERROR(dwError); dwNumFilters++;
if (pLastMatchedFilter->pIniMMPolicy) { dwError = CopyMMPolicy( pLastMatchedFilter->pIniMMPolicy, pMatchedMMPolicies ); BAIL_ON_LOCK_ERROR(dwError); } else { memset(pMatchedMMPolicies, 0, sizeof(IPSEC_MM_POLICY)); } dwNumPolicies++;
if (pLastMatchedFilter->pIniMMAuthMethods) { dwError = CopyMMAuthMethods( pLastMatchedFilter->pIniMMAuthMethods, pMatchedMMAuthMethods ); BAIL_ON_LOCK_ERROR(dwError); } else { memset(pMatchedMMAuthMethods, 0, sizeof(MM_AUTH_METHODS)); } dwNumAuthMethods++;
} else {
pTemp = pIniMMSFilter; pMatchedMMFilter = pMatchedMMFilters; pMatchedMMPolicy = pMatchedMMPolicies; pTempMMAuthMethods = pMatchedMMAuthMethods; i = 0;
while (i < dwNumMatches) {
bMatches = MatchIniMMSFilter( pTemp, pMMFilter ); if (bMatches) {
dwError = CopyMMSFilter( pTemp, pMatchedMMFilter ); BAIL_ON_LOCK_ERROR(dwError); pMatchedMMFilter++; dwNumFilters++;
if (pTemp->pIniMMPolicy) { dwError = CopyMMPolicy( pTemp->pIniMMPolicy, pMatchedMMPolicy ); BAIL_ON_LOCK_ERROR(dwError); } else { memset(pMatchedMMPolicy, 0, sizeof(IPSEC_MM_POLICY)); } pMatchedMMPolicy++; dwNumPolicies++;
if (pTemp->pIniMMAuthMethods) { dwError = CopyMMAuthMethods( pTemp->pIniMMAuthMethods, pTempMMAuthMethods ); BAIL_ON_LOCK_ERROR(dwError); } else { memset(pTempMMAuthMethods, 0, sizeof(MM_AUTH_METHODS)); } pTempMMAuthMethods++; dwNumAuthMethods++;
i++;
}
pTemp = pTemp->pNext;
}
}
lock_success:
LEAVE_SPD_SECTION();
*ppMatchedMMFilters = pMatchedMMFilters; *ppMatchedMMPolicies = pMatchedMMPolicies; *ppMatchedMMAuthMethods = pMatchedMMAuthMethods; *pdwNumMatches = dwNumMatches; *pdwResumeHandle = dwResumeHandle + dwNumMatches;
return (dwError);
lock:
LEAVE_SPD_SECTION();
error:
if (pMatchedMMFilters) { FreeMMFilters( dwNumFilters, pMatchedMMFilters ); }
if (pMatchedMMPolicies) { FreeMMPolicies( dwNumPolicies, pMatchedMMPolicies ); }
if (pMatchedMMAuthMethods) { FreeMMAuthMethods( dwNumAuthMethods, pMatchedMMAuthMethods ); }
*ppMatchedMMFilters = NULL; *ppMatchedMMPolicies = NULL; *ppMatchedMMAuthMethods = NULL; *pdwNumMatches = 0; *pdwResumeHandle = dwResumeHandle;
return (dwError);}
DWORDValidateMMFilterTemplate( PMM_FILTER pMMFilter ){ DWORD dwError = 0; BOOL bConflicts = FALSE;
if (!pMMFilter) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_WIN32_ERROR(dwError); }
dwError = VerifyAddresses(pMMFilter->SrcAddr, TRUE, FALSE); BAIL_ON_WIN32_ERROR(dwError);
dwError = VerifyAddresses(pMMFilter->DesAddr, TRUE, TRUE); BAIL_ON_WIN32_ERROR(dwError);
bConflicts = AddressesConflict( pMMFilter->SrcAddr, pMMFilter->DesAddr ); if (bConflicts) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_WIN32_ERROR(dwError); }
if (pMMFilter->dwDirection) { if ((pMMFilter->dwDirection != FILTER_DIRECTION_INBOUND) && (pMMFilter->dwDirection != FILTER_DIRECTION_OUTBOUND)) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_WIN32_ERROR(dwError); } }
error:
return (dwError);}
BOOLMatchIniMMSFilter( PINIMMSFILTER pIniMMSFilter, PMM_FILTER pMMFilter ){ BOOL bMatches = FALSE;
if (pMMFilter->dwDirection) { if (pMMFilter->dwDirection != pIniMMSFilter->dwDirection) { return (FALSE); } }
bMatches = MatchAddresses( pIniMMSFilter->SrcAddr, pMMFilter->SrcAddr ); if (!bMatches) { return (FALSE); }
bMatches = MatchAddresses( pIniMMSFilter->DesAddr, pMMFilter->DesAddr ); if (!bMatches) { return (FALSE); }
return (TRUE);}
DWORDCopyMMMatchDefaults( PMM_FILTER * ppMMFilters, PMM_AUTH_METHODS * ppMMAuthMethods, PIPSEC_MM_POLICY * ppMMPolicies, PDWORD pdwNumMatches ){ DWORD dwError = 0; PMM_FILTER pMMFilters = NULL; PMM_AUTH_METHODS pMMAuthMethods = NULL; PIPSEC_MM_POLICY pMMPolicies = NULL; DWORD dwNumFilters = 0; DWORD dwNumAuthMethods = 0; DWORD dwNumPolicies = 0;
if (!gpIniDefaultMMPolicy) { dwError = ERROR_IPSEC_DEFAULT_MM_POLICY_NOT_FOUND; BAIL_ON_WIN32_ERROR(dwError); }
if (!gpIniDefaultMMAuthMethods) { dwError = ERROR_IPSEC_DEFAULT_MM_AUTH_NOT_FOUND; BAIL_ON_WIN32_ERROR(dwError); }
dwError = SPDApiBufferAllocate( sizeof(MM_FILTER), &pMMFilters ); BAIL_ON_WIN32_ERROR(dwError);
dwError = SPDApiBufferAllocate( sizeof(IPSEC_MM_POLICY), &pMMPolicies ); BAIL_ON_WIN32_ERROR(dwError);
dwError = SPDApiBufferAllocate( sizeof(MM_AUTH_METHODS), &pMMAuthMethods ); BAIL_ON_WIN32_ERROR(dwError);
dwError = CopyDefaultMMFilter( pMMFilters, gpIniDefaultMMAuthMethods, gpIniDefaultMMPolicy ); BAIL_ON_WIN32_ERROR(dwError); dwNumFilters++;
dwError = CopyMMPolicy( gpIniDefaultMMPolicy, pMMPolicies ); BAIL_ON_WIN32_ERROR(dwError); pMMPolicies->dwFlags |= IPSEC_MM_POLICY_ON_NO_MATCH; dwNumPolicies++;
dwError = CopyMMAuthMethods( gpIniDefaultMMAuthMethods, pMMAuthMethods ); BAIL_ON_WIN32_ERROR(dwError); pMMAuthMethods->dwFlags |= IPSEC_MM_AUTH_ON_NO_MATCH; dwNumAuthMethods++;
*ppMMFilters = pMMFilters; *ppMMPolicies = pMMPolicies; *ppMMAuthMethods = pMMAuthMethods; *pdwNumMatches = 1;
return (dwError);
error:
if (pMMFilters) { FreeMMFilters( dwNumFilters, pMMFilters ); }
if (pMMPolicies) { FreeMMPolicies( dwNumPolicies, pMMPolicies ); }
if (pMMAuthMethods) { FreeMMAuthMethods( dwNumAuthMethods, pMMAuthMethods ); }
*ppMMFilters = NULL; *ppMMPolicies = NULL; *ppMMAuthMethods = NULL; *pdwNumMatches = 0;
return (dwError);}
DWORDCopyDefaultMMFilter( PMM_FILTER pMMFilter, PINIMMAUTHMETHODS pIniMMAuthMethods, PINIMMPOLICY pIniMMPolicy ){ DWORD dwError = 0;
UuidCreate(&(pMMFilter->gFilterID));
dwError = CopyName( L"0", &(pMMFilter->pszFilterName) ); BAIL_ON_WIN32_ERROR(dwError);
pMMFilter->InterfaceType = INTERFACE_TYPE_ALL;
pMMFilter->bCreateMirror = TRUE;
pMMFilter->dwFlags = 0;
pMMFilter->dwFlags |= IPSEC_MM_POLICY_DEFAULT_POLICY; pMMFilter->dwFlags |= IPSEC_MM_AUTH_DEFAULT_AUTH;
pMMFilter->SrcAddr.AddrType = IP_ADDR_SUBNET; pMMFilter->SrcAddr.uIpAddr = SUBNET_ADDRESS_ANY; pMMFilter->SrcAddr.uSubNetMask = SUBNET_MASK_ANY;
pMMFilter->DesAddr.AddrType = IP_ADDR_SUBNET; pMMFilter->DesAddr.uIpAddr = SUBNET_ADDRESS_ANY; pMMFilter->DesAddr.uSubNetMask = SUBNET_MASK_ANY;
pMMFilter->dwDirection = 0;
pMMFilter->dwWeight = 0;
CopyGuid(pIniMMAuthMethods->gMMAuthID, &(pMMFilter->gMMAuthID));
CopyGuid(pIniMMPolicy->gPolicyID, &(pMMFilter->gPolicyID));
error:
return (dwError);}
|
