archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ipsec/spd/server/pamm-pol.c

610 lines
12 KiB
Raw Normal View History

Add source files
4 years ago
  3. #include "precomp.h"
  6. DWORD
  7. PAAddMMPolicies(
  8. PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData,
  9. DWORD dwNumPolicies
  10. )
  11. {
  12. DWORD dwError = 0;
  13. DWORD i = 0;
  14. PMMPOLICYSTATE pMMPolicyState = NULL;
  15. PIPSEC_MM_POLICY pSPDMMPolicy = NULL;
  16. LPWSTR pServerName = NULL;
  17. DWORD dwPersist = 0;
  20. for (i = 0; i < dwNumPolicies; i++) {
  22. dwError = PACreateMMPolicyState(
  23. *(ppIpsecISAKMPData + i),
  24. &pMMPolicyState
  25. );
  26. if (dwError) {
  27. continue;
  28. }
  30. dwError = PACreateMMPolicy(
  31. *(ppIpsecISAKMPData + i),
  32. pMMPolicyState,
  33. &pSPDMMPolicy
  34. );
  35. if (dwError) {
  37. pMMPolicyState->bInSPD = FALSE;
  38. pMMPolicyState->dwErrorCode = dwError;
  40. pMMPolicyState->pNext = gpMMPolicyState;
  41. gpMMPolicyState = pMMPolicyState;
  43. continue;
  45. }
  47. dwError = AddMMPolicy(
  48. pServerName,
  49. dwPersist,
  50. pSPDMMPolicy
  51. );
  52. if (dwError) {
  53. pMMPolicyState->bInSPD = FALSE;
  54. pMMPolicyState->dwErrorCode = dwError;
  55. }
  56. else {
  57. pMMPolicyState->bInSPD = TRUE;
  58. pMMPolicyState->dwErrorCode = ERROR_SUCCESS;
  59. }
  61. pMMPolicyState->pNext = gpMMPolicyState;
  62. gpMMPolicyState = pMMPolicyState;
  64. PAFreeMMPolicy(pSPDMMPolicy);
  66. }
  68. return (dwError);
  69. }
  72. DWORD
  73. PACreateMMPolicyState(
  74. PIPSEC_ISAKMP_DATA pIpsecISAKMPData,
  75. PMMPOLICYSTATE * ppMMPolicyState
  76. )
  77. {
  78. DWORD dwError = 0;
  79. PMMPOLICYSTATE pMMPolicyState = NULL;
  80. WCHAR pszName[512];
  83. dwError = AllocateSPDMemory(
  84. sizeof(MMPOLICYSTATE),
  85. &pMMPolicyState
  86. );
  87. BAIL_ON_WIN32_ERROR(dwError);
  89. memcpy(
  90. &(pMMPolicyState->gPolicyID),
  91. &(pIpsecISAKMPData->ISAKMPIdentifier),
  92. sizeof(GUID)
  93. );
  95. wsprintf(pszName, L"%d", ++gdwMMPolicyCounter);
  97. dwError = AllocateSPDString(
  98. pszName,
  99. &(pMMPolicyState->pszPolicyName)
  100. );
  101. BAIL_ON_WIN32_ERROR(dwError);
  103. pMMPolicyState->bInSPD = FALSE;
  104. pMMPolicyState->dwErrorCode = 0;
  105. pMMPolicyState->pNext = NULL;
  107. *ppMMPolicyState = pMMPolicyState;
  109. return (dwError);
  111. error:
  113. if (pMMPolicyState) {
  114. PAFreeMMPolicyState(pMMPolicyState);
  115. }
  117. *ppMMPolicyState = NULL;
  119. return (dwError);
  120. }
  123. VOID
  124. PAFreeMMPolicyState(
  125. PMMPOLICYSTATE pMMPolicyState
  126. )
  127. {
  128. if (pMMPolicyState) {
  129. if (pMMPolicyState->pszPolicyName) {
  130. FreeSPDString(pMMPolicyState->pszPolicyName);
  131. }
  132. FreeSPDMemory(pMMPolicyState);
  133. }
  134. }
  137. DWORD
  138. PACreateMMPolicy(
  139. PIPSEC_ISAKMP_DATA pIpsecISAKMPData,
  140. PMMPOLICYSTATE pMMPolicyState,
  141. PIPSEC_MM_POLICY * ppSPDMMPolicy
  142. )
  143. {
  144. DWORD dwError = 0;
  145. PIPSEC_MM_POLICY pSPDMMPolicy = NULL;
  148. dwError = AllocateSPDMemory(
  149. sizeof(IPSEC_MM_POLICY),
  150. &pSPDMMPolicy
  151. );
  152. BAIL_ON_WIN32_ERROR(dwError);
  154. memcpy(
  155. &(pSPDMMPolicy->gPolicyID),
  156. &(pIpsecISAKMPData->ISAKMPIdentifier),
  157. sizeof(GUID)
  158. );
  160. dwError = AllocateSPDString(
  161. pMMPolicyState->pszPolicyName,
  162. &(pSPDMMPolicy->pszPolicyName)
  163. );
  164. BAIL_ON_WIN32_ERROR(dwError);
  166. pSPDMMPolicy->dwFlags = 0;
  167. pSPDMMPolicy->dwFlags |= IPSEC_MM_POLICY_DEFAULT_POLICY;
  169. dwError = PACreateMMOffers(
  170. pIpsecISAKMPData->dwNumISAKMPSecurityMethods,
  171. pIpsecISAKMPData->pSecurityMethods,
  172. &(pSPDMMPolicy->dwOfferCount),
  173. &(pSPDMMPolicy->pOffers)
  174. );
  175. BAIL_ON_WIN32_ERROR(dwError);
  177. pSPDMMPolicy->uSoftSAExpirationTime =
  178. (pSPDMMPolicy->pOffers)->Lifetime.uKeyExpirationTime;
  180. *ppSPDMMPolicy = pSPDMMPolicy;
  182. return (dwError);
  184. error:
  186. if (pSPDMMPolicy) {
  187. PAFreeMMPolicy(
  188. pSPDMMPolicy
  189. );
  190. }
  192. *ppSPDMMPolicy = NULL;
  194. return (dwError);
  195. }
  198. DWORD
  199. PACreateMMOffers(
  200. DWORD dwNumISAKMPSecurityMethods,
  201. PCRYPTO_BUNDLE pSecurityMethods,
  202. PDWORD pdwOfferCount,
  203. PIPSEC_MM_OFFER * ppOffers
  204. )
  205. {
  206. DWORD dwError = 0;
  207. DWORD dwOfferCount = 0;
  208. PIPSEC_MM_OFFER pOffers = NULL;
  209. PIPSEC_MM_OFFER pTempOffer = NULL;
  210. PCRYPTO_BUNDLE pTempBundle = NULL;
  211. DWORD i = 0;
  214. if (!dwNumISAKMPSecurityMethods || !pSecurityMethods) {
  215. dwError = ERROR_INVALID_PARAMETER;
  216. BAIL_ON_WIN32_ERROR(dwError);
  217. }
  219. if (dwNumISAKMPSecurityMethods > IPSEC_MAX_MM_OFFERS) {
  220. dwOfferCount = IPSEC_MAX_MM_OFFERS;
  221. }
  222. else {
  223. dwOfferCount = dwNumISAKMPSecurityMethods;
  224. }
  226. dwError = AllocateSPDMemory(
  227. sizeof(IPSEC_MM_OFFER)*dwOfferCount,
  228. &(pOffers)
  229. );
  230. BAIL_ON_WIN32_ERROR(dwError);
  232. pTempOffer = pOffers;
  233. pTempBundle = pSecurityMethods;
  235. for (i = 0; i < dwOfferCount; i++) {
  237. PACopyMMOffer(
  238. pTempBundle,
  239. pTempOffer
  240. );
  242. pTempOffer++;
  243. pTempBundle++;
  245. }
  247. *pdwOfferCount = dwOfferCount;
  248. *ppOffers = pOffers;
  249. return (dwError);
  251. error:
  253. if (pOffers) {
  254. PAFreeMMOffers(
  255. i,
  256. pOffers
  257. );
  258. }
  260. *pdwOfferCount = 0;
  261. *ppOffers = NULL;
  262. return (dwError);
  263. }
  266. VOID
  267. PACopyMMOffer(
  268. PCRYPTO_BUNDLE pBundle,
  269. PIPSEC_MM_OFFER pOffer
  270. )
  271. {
  272. pOffer->Lifetime.uKeyExpirationKBytes = pBundle->Lifetime.KBytes;
  273. pOffer->Lifetime.uKeyExpirationTime = pBundle->Lifetime.Seconds;
  275. pOffer->dwFlags = 0;
  277. pOffer->dwQuickModeLimit = pBundle->QuickModeLimit;
  279. pOffer->dwDHGroup = pBundle->OakleyGroup;
  281. if ((pOffer->dwDHGroup != DH_GROUP_1) &&
  282. (pOffer->dwDHGroup != DH_GROUP_2)) {
  283. pOffer->dwDHGroup = DH_GROUP_1;
  284. }
  286. switch (pBundle->EncryptionAlgorithm.AlgorithmIdentifier) {
  288. case IPSEC_ESP_DES:
  289. pOffer->EncryptionAlgorithm.uAlgoIdentifier = IPSEC_DOI_ESP_DES;
  290. break;
  292. case IPSEC_ESP_DES_40:
  293. pOffer->EncryptionAlgorithm.uAlgoIdentifier = IPSEC_DOI_ESP_DES;
  294. break;
  296. case IPSEC_ESP_3_DES:
  297. pOffer->EncryptionAlgorithm.uAlgoIdentifier = IPSEC_DOI_ESP_3_DES;
  298. break;
  300. default:
  301. pOffer->EncryptionAlgorithm.uAlgoIdentifier= IPSEC_DOI_ESP_NONE;
  302. break;
  304. }
  306. pOffer->EncryptionAlgorithm.uAlgoKeyLen =
  307. pBundle->EncryptionAlgorithm.KeySize;
  309. pOffer->EncryptionAlgorithm.uAlgoRounds =
  310. pBundle->EncryptionAlgorithm.Rounds;
  312. switch(pBundle->HashAlgorithm.AlgorithmIdentifier) {
  314. case IPSEC_AH_MD5:
  315. pOffer->HashingAlgorithm.uAlgoIdentifier = IPSEC_DOI_AH_MD5;
  316. break;
  318. case IPSEC_AH_SHA:
  319. pOffer->HashingAlgorithm.uAlgoIdentifier = IPSEC_DOI_AH_SHA1;
  320. break;
  322. default:
  323. pOffer->HashingAlgorithm.uAlgoIdentifier = IPSEC_DOI_AH_NONE;
  324. break;
  326. }
  328. pOffer->HashingAlgorithm.uAlgoKeyLen =
  329. pBundle->HashAlgorithm.KeySize;
  331. pOffer->HashingAlgorithm.uAlgoRounds =
  332. pBundle->HashAlgorithm.Rounds;
  333. }
  336. VOID
  337. PAFreeMMPolicy(
  338. PIPSEC_MM_POLICY pSPDMMPolicy
  339. )
  340. {
  341. if (pSPDMMPolicy) {
  343. if (pSPDMMPolicy->pszPolicyName) {
  344. FreeSPDString(pSPDMMPolicy->pszPolicyName);
  345. }
  347. PAFreeMMOffers(
  348. pSPDMMPolicy->dwOfferCount,
  349. pSPDMMPolicy->pOffers
  350. );
  352. FreeSPDMemory(pSPDMMPolicy);
  354. }
  355. }
  358. VOID
  359. PAFreeMMOffers(
  360. DWORD dwOfferCount,
  361. PIPSEC_MM_OFFER pOffers
  362. )
  363. {
  364. if (pOffers) {
  365. FreeSPDMemory(pOffers);
  366. }
  367. }
  370. DWORD
  371. PADeleteAllMMPolicies(
  372. )
  373. {
  374. DWORD dwError = 0;
  375. PMMPOLICYSTATE pMMPolicyState = NULL;
  376. LPWSTR pServerName = NULL;
  377. PMMPOLICYSTATE pTemp = NULL;
  378. PMMPOLICYSTATE pLeftMMPolicyState = NULL;
  381. pMMPolicyState = gpMMPolicyState;
  383. while (pMMPolicyState) {
  385. if (pMMPolicyState->bInSPD) {
  387. dwError = DeleteMMPolicy(
  388. pServerName,
  389. pMMPolicyState->pszPolicyName
  390. );
  391. if (!dwError) {
  392. pTemp = pMMPolicyState;
  393. pMMPolicyState = pMMPolicyState->pNext;
  394. PAFreeMMPolicyState(pTemp);
  395. }
  396. else {
  397. pMMPolicyState->dwErrorCode = dwError;
  399. pTemp = pMMPolicyState;
  400. pMMPolicyState = pMMPolicyState->pNext;
  402. pTemp->pNext = pLeftMMPolicyState;
  403. pLeftMMPolicyState = pTemp;
  404. }
  406. }
  407. else {
  409. pTemp = pMMPolicyState;
  410. pMMPolicyState = pMMPolicyState->pNext;
  411. PAFreeMMPolicyState(pTemp);
  413. }
  415. }
  417. gpMMPolicyState = pLeftMMPolicyState;
  419. return (dwError);
  420. }
  423. VOID
  424. PAFreeMMPolicyStateList(
  425. PMMPOLICYSTATE pMMPolicyState
  426. )
  427. {
  428. PMMPOLICYSTATE pTemp = NULL;
  431. while (pMMPolicyState) {
  433. pTemp = pMMPolicyState;
  434. pMMPolicyState = pMMPolicyState->pNext;
  435. PAFreeMMPolicyState(pTemp);
  437. }
  438. }
  441. PMMPOLICYSTATE
  442. FindMMPolicyState(
  443. GUID gPolicyID
  444. )
  445. {
  446. PMMPOLICYSTATE pMMPolicyState = NULL;
  449. pMMPolicyState = gpMMPolicyState;
  451. while (pMMPolicyState) {
  453. if (!memcmp(&(pMMPolicyState->gPolicyID), &gPolicyID, sizeof(GUID))) {
  454. return (pMMPolicyState);
  455. }
  457. pMMPolicyState = pMMPolicyState->pNext;
  459. }
  461. return (NULL);
  462. }
  465. DWORD
  466. PADeleteMMPolicies(
  467. PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData,
  468. DWORD dwNumPolicies
  469. )
  470. {
  471. DWORD dwError = 0;
  472. DWORD i = 0;
  473. PIPSEC_ISAKMP_DATA pIpsecISAKMPData = NULL;
  476. for (i = 0; i < dwNumPolicies; i++) {
  478. pIpsecISAKMPData = *(ppIpsecISAKMPData + i);
  480. dwError = PADeleteMMPolicy(
  481. pIpsecISAKMPData->ISAKMPIdentifier
  482. );
  484. }
  486. return (dwError);
  487. }
  490. DWORD
  491. PADeleteMMPolicy(
  492. GUID gPolicyID
  493. )
  494. {
  495. DWORD dwError = 0;
  496. PMMPOLICYSTATE pMMPolicyState = NULL;
  497. LPWSTR pServerName = NULL;
  500. pMMPolicyState = FindMMPolicyState(
  501. gPolicyID
  502. );
  503. if (!pMMPolicyState) {
  504. dwError = ERROR_SUCCESS;
  505. return (dwError);
  506. }
  508. if (pMMPolicyState->bInSPD) {
  510. dwError = DeleteMMPolicy(
  511. pServerName,
  512. pMMPolicyState->pszPolicyName
  513. );
  514. if (dwError) {
  515. pMMPolicyState->dwErrorCode = dwError;
  516. }
  517. BAIL_ON_WIN32_ERROR(dwError);
  519. }
  521. PADeleteMMPolicyState(pMMPolicyState);
  523. error:
  525. return (dwError);
  526. }
  529. VOID
  530. PADeleteMMPolicyState(
  531. PMMPOLICYSTATE pMMPolicyState
  532. )
  533. {
  534. PMMPOLICYSTATE * ppTemp = NULL;
  537. ppTemp = &gpMMPolicyState;
  539. while (*ppTemp) {
  541. if (*ppTemp == pMMPolicyState) {
  542. break;
  543. }
  544. ppTemp = &((*ppTemp)->pNext);
  546. }
  548. if (*ppTemp) {
  549. *ppTemp = pMMPolicyState->pNext;
  550. }
  552. PAFreeMMPolicyState(pMMPolicyState);
  554. return;
  555. }
  558. DWORD
  559. PADeleteInUseMMPolicies(
  560. )
  561. {
  562. DWORD dwError = 0;
  563. PMMPOLICYSTATE pMMPolicyState = NULL;
  564. LPWSTR pServerName = NULL;
  565. PMMPOLICYSTATE pTemp = NULL;
  566. PMMPOLICYSTATE pLeftMMPolicyState = NULL;
  569. pMMPolicyState = gpMMPolicyState;
  571. while (pMMPolicyState) {
  573. if (pMMPolicyState->bInSPD &&
  574. (pMMPolicyState->dwErrorCode == ERROR_IPSEC_MM_POLICY_IN_USE)) {
  576. dwError = DeleteMMPolicy(
  577. pServerName,
  578. pMMPolicyState->pszPolicyName
  579. );
  580. if (!dwError) {
  581. pTemp = pMMPolicyState;
  582. pMMPolicyState = pMMPolicyState->pNext;
  583. PAFreeMMPolicyState(pTemp);
  584. }
  585. else {
  586. pTemp = pMMPolicyState;
  587. pMMPolicyState = pMMPolicyState->pNext;
  589. pTemp->pNext = pLeftMMPolicyState;
  590. pLeftMMPolicyState = pTemp;
  591. }
  593. }
  594. else {
  596. pTemp = pMMPolicyState;
  597. pMMPolicyState = pMMPolicyState->pNext;
  599. pTemp->pNext = pLeftMMPolicyState;
  600. pLeftMMPolicyState = pTemp;
  602. }
  604. }
  606. gpMMPolicyState = pLeftMMPolicyState;
  608. return (dwError);
  609. }