archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ipsec/spd/server/patx-fil.c

583 lines
12 KiB
Raw Normal View History

Add source files
4 years ago
  3. #include "precomp.h"
  6. DWORD
  7. PAAddQMFilters(
  8. PIPSEC_NFA_DATA * ppIpsecNFAData,
  9. DWORD dwNumNFACount
  10. )
  11. {
  12. DWORD dwError = 0;
  13. DWORD i = 0;
  14. PIPSEC_NFA_DATA pIpsecNFAData = NULL;
  17. for (i = 0; i < dwNumNFACount; i++) {
  19. pIpsecNFAData = *(ppIpsecNFAData + i);
  21. if (!(pIpsecNFAData->dwTunnelFlags)) {
  23. dwError = PAAddTxFilterSpecs(
  24. pIpsecNFAData
  25. );
  27. }
  28. else {
  30. dwError = PAAddTnFilterSpecs(
  31. pIpsecNFAData
  32. );
  34. }
  36. }
  38. return (dwError);
  39. }
  42. DWORD
  43. PAAddTxFilterSpecs(
  44. PIPSEC_NFA_DATA pIpsecNFAData
  45. )
  46. {
  47. DWORD dwError = 0;
  48. PIPSEC_NEGPOL_DATA pIpsecNegPolData = NULL;
  49. PIPSEC_FILTER_DATA pIpsecFilterData = NULL;
  50. PQMPOLICYSTATE pQMPolicyState = NULL;
  51. DWORD dwNumFilterSpecs = 0;
  52. PIPSEC_FILTER_SPEC * ppFilterSpecs = NULL;
  53. DWORD i = 0;
  54. PTXFILTERSTATE pTxFilterState = NULL;
  55. PTRANSPORT_FILTER pSPDTxFilter = NULL;
  56. LPWSTR pServerName = NULL;
  57. DWORD dwPersist = 0;
  60. pIpsecNegPolData = pIpsecNFAData->pIpsecNegPolData;
  62. if (!memcmp(
  63. &(pIpsecNegPolData->NegPolType),
  64. &(GUID_NEGOTIATION_TYPE_DEFAULT),
  65. sizeof(GUID))) {
  66. dwError = ERROR_SUCCESS;
  67. return (dwError);
  68. }
  70. pIpsecFilterData = pIpsecNFAData->pIpsecFilterData;
  72. if (!pIpsecFilterData) {
  73. dwError = ERROR_SUCCESS;
  74. return (dwError);
  75. }
  77. pQMPolicyState = FindQMPolicyState(
  78. pIpsecNegPolData->NegPolIdentifier
  79. );
  80. if (!pQMPolicyState) {
  81. dwError = ERROR_INVALID_PARAMETER;
  82. return (dwError);
  83. }
  85. if (!IsClearOnly(pQMPolicyState->gNegPolAction) &&
  86. !IsBlocking(pQMPolicyState->gNegPolAction) &&
  87. !(pQMPolicyState->bInSPD)) {
  88. dwError = ERROR_INVALID_PARAMETER;
  89. return (dwError);
  90. }
  92. dwNumFilterSpecs = pIpsecFilterData->dwNumFilterSpecs;
  93. ppFilterSpecs = pIpsecFilterData->ppFilterSpecs;
  96. for (i = 0; i < dwNumFilterSpecs; i++) {
  98. dwError = PACreateTxFilterState(
  99. pIpsecNegPolData,
  100. pIpsecNFAData,
  101. *(ppFilterSpecs + i),
  102. &pTxFilterState
  103. );
  104. if (dwError) {
  105. continue;
  106. }
  108. dwError = PACreateTxFilter(
  109. pIpsecNegPolData,
  110. pIpsecNFAData,
  111. *(ppFilterSpecs + i),
  112. pQMPolicyState,
  113. &pSPDTxFilter
  114. );
  115. if (dwError) {
  117. pTxFilterState->hTxFilter = NULL;
  119. pTxFilterState->pNext = gpTxFilterState;
  120. gpTxFilterState = pTxFilterState;
  122. continue;
  124. }
  126. dwError = AddTransportFilter(
  127. pServerName,
  128. dwPersist,
  129. pSPDTxFilter,
  130. &(pTxFilterState->hTxFilter)
  131. );
  133. pTxFilterState->pNext = gpTxFilterState;
  134. gpTxFilterState = pTxFilterState;
  136. PAFreeTxFilter(pSPDTxFilter);
  138. }
  140. return (dwError);
  141. }
  144. DWORD
  145. PACreateTxFilterState(
  146. PIPSEC_NEGPOL_DATA pIpsecNegPolData,
  147. PIPSEC_NFA_DATA pIpsecNFAData,
  148. PIPSEC_FILTER_SPEC pFilterSpec,
  149. PTXFILTERSTATE * ppTxFilterState
  150. )
  151. {
  152. DWORD dwError = 0;
  153. PTXFILTERSTATE pTxFilterState = NULL;
  156. dwError = AllocateSPDMemory(
  157. sizeof(TXFILTERSTATE),
  158. &pTxFilterState
  159. );
  160. BAIL_ON_WIN32_ERROR(dwError);
  162. memcpy(
  163. &(pTxFilterState->gFilterID),
  164. &(pFilterSpec->FilterSpecGUID),
  165. sizeof(GUID)
  166. );
  168. memcpy(
  169. &(pTxFilterState->gPolicyID),
  170. &(pIpsecNegPolData->NegPolIdentifier),
  171. sizeof(GUID)
  172. );
  174. pTxFilterState->hTxFilter = NULL;
  175. pTxFilterState->pNext = NULL;
  177. *ppTxFilterState = pTxFilterState;
  179. return (dwError);
  181. error:
  183. *ppTxFilterState = NULL;
  185. return (dwError);
  186. }
  189. DWORD
  190. PACreateTxFilter(
  191. PIPSEC_NEGPOL_DATA pIpsecNegPolData,
  192. PIPSEC_NFA_DATA pIpsecNFAData,
  193. PIPSEC_FILTER_SPEC pFilterSpec,
  194. PQMPOLICYSTATE pQMPolicyState,
  195. PTRANSPORT_FILTER * ppSPDTxFilter
  196. )
  197. {
  198. DWORD dwError = 0;
  199. PTRANSPORT_FILTER pSPDTxFilter = NULL;
  200. WCHAR pszName[512];
  203. dwError = AllocateSPDMemory(
  204. sizeof(TRANSPORT_FILTER),
  205. &pSPDTxFilter
  206. );
  207. BAIL_ON_WIN32_ERROR(dwError);
  209. memcpy(
  210. &(pSPDTxFilter->gFilterID),
  211. &(pFilterSpec->FilterSpecGUID),
  212. sizeof(GUID)
  213. );
  215. if (pFilterSpec->pszDescription && *(pFilterSpec->pszDescription)) {
  217. dwError = AllocateSPDString(
  218. pFilterSpec->pszDescription,
  219. &(pSPDTxFilter->pszFilterName)
  220. );
  221. BAIL_ON_WIN32_ERROR(dwError);
  223. }
  224. else {
  226. wsprintf(pszName, L"%d", ++gdwTxFilterCounter);
  228. dwError = AllocateSPDString(
  229. pszName,
  230. &(pSPDTxFilter->pszFilterName)
  231. );
  232. BAIL_ON_WIN32_ERROR(dwError);
  234. }
  236. PASetInterfaceType(
  237. pIpsecNFAData->dwInterfaceType,
  238. &(pSPDTxFilter->InterfaceType)
  239. );
  241. pSPDTxFilter->bCreateMirror = (BOOL) pFilterSpec->dwMirrorFlag;
  243. pSPDTxFilter->dwFlags = 0;
  245. PASetAddress(
  246. pFilterSpec->Filter.SrcMask,
  247. pFilterSpec->Filter.SrcAddr,
  248. &(pSPDTxFilter->SrcAddr)
  249. );
  251. PASetAddress(
  252. pFilterSpec->Filter.DestMask,
  253. pFilterSpec->Filter.DestAddr,
  254. &(pSPDTxFilter->DesAddr)
  255. );
  257. pSPDTxFilter->Protocol.ProtocolType = PROTOCOL_UNIQUE;
  258. pSPDTxFilter->Protocol.dwProtocol = pFilterSpec->Filter.Protocol;
  260. pSPDTxFilter->SrcPort.PortType = PORT_UNIQUE;
  261. pSPDTxFilter->SrcPort.wPort = pFilterSpec->Filter.SrcPort;
  263. pSPDTxFilter->DesPort.PortType = PORT_UNIQUE;
  264. pSPDTxFilter->DesPort.wPort = pFilterSpec->Filter.DestPort;
  266. SetFilterActions(
  267. pQMPolicyState,
  268. &(pSPDTxFilter->InboundFilterFlag),
  269. &(pSPDTxFilter->OutboundFilterFlag)
  270. );
  272. pSPDTxFilter->dwDirection = 0;
  274. pSPDTxFilter->dwWeight = 0;
  276. memcpy(
  277. &(pSPDTxFilter->gPolicyID),
  278. &(pIpsecNegPolData->NegPolIdentifier),
  279. sizeof(GUID)
  280. );
  282. *ppSPDTxFilter = pSPDTxFilter;
  284. return (dwError);
  286. error:
  288. if (pSPDTxFilter) {
  289. PAFreeTxFilter(
  290. pSPDTxFilter
  291. );
  292. }
  294. *ppSPDTxFilter = NULL;
  296. return (dwError);
  297. }
  300. VOID
  301. SetFilterActions(
  302. PQMPOLICYSTATE pQMPolicyState,
  303. PFILTER_FLAG pInboundFilterFlag,
  304. PFILTER_FLAG pOutboundFilterFlag
  305. )
  306. {
  307. *pInboundFilterFlag = NEGOTIATE_SECURITY;
  308. *pOutboundFilterFlag = NEGOTIATE_SECURITY;
  310. if (IsBlocking(pQMPolicyState->gNegPolAction)) {
  311. *pInboundFilterFlag = BLOCKING;
  312. *pOutboundFilterFlag = BLOCKING;
  313. }
  314. else if (IsClearOnly(pQMPolicyState->gNegPolAction)) {
  315. *pInboundFilterFlag = PASS_THRU;
  316. *pOutboundFilterFlag = PASS_THRU;
  317. }
  318. else if (IsInboundPassThru(pQMPolicyState->gNegPolAction)) {
  319. *pInboundFilterFlag = PASS_THRU;
  320. }
  322. if (pQMPolicyState->bAllowsSoft && gbBackwardSoftSA) {
  323. *pInboundFilterFlag = PASS_THRU;
  324. }
  325. }
  328. VOID
  329. PAFreeTxFilter(
  330. PTRANSPORT_FILTER pSPDTxFilter
  331. )
  332. {
  333. if (pSPDTxFilter) {
  335. if (pSPDTxFilter->pszFilterName) {
  336. FreeSPDString(pSPDTxFilter->pszFilterName);
  337. }
  339. FreeSPDMemory(pSPDTxFilter);
  341. }
  343. return;
  344. }
  347. DWORD
  348. PADeleteAllTxFilters(
  349. )
  350. {
  351. DWORD dwError = 0;
  352. PTXFILTERSTATE pTxFilterState = NULL;
  353. PTXFILTERSTATE pTemp = NULL;
  354. PTXFILTERSTATE pLeftTxFilterState = NULL;
  357. pTxFilterState = gpTxFilterState;
  359. while (pTxFilterState) {
  361. if (pTxFilterState->hTxFilter) {
  363. dwError = DeleteTransportFilter(
  364. pTxFilterState->hTxFilter
  365. );
  366. if (!dwError) {
  367. pTemp = pTxFilterState;
  368. pTxFilterState = pTxFilterState->pNext;
  369. FreeSPDMemory(pTemp);
  370. }
  371. else {
  372. pTemp = pTxFilterState;
  373. pTxFilterState = pTxFilterState->pNext;
  375. pTemp->pNext = pLeftTxFilterState;
  376. pLeftTxFilterState = pTemp;
  377. }
  379. }
  380. else {
  382. pTemp = pTxFilterState;
  383. pTxFilterState = pTxFilterState->pNext;
  384. FreeSPDMemory(pTemp);
  386. }
  388. }
  390. gpTxFilterState = pLeftTxFilterState;
  392. return (dwError);
  393. }
  396. VOID
  397. PAFreeTxFilterStateList(
  398. PTXFILTERSTATE pTxFilterState
  399. )
  400. {
  401. PTXFILTERSTATE pTemp = NULL;
  404. while (pTxFilterState) {
  406. pTemp = pTxFilterState;
  407. pTxFilterState = pTxFilterState->pNext;
  408. FreeSPDMemory(pTemp);
  410. }
  411. }
  414. DWORD
  415. PADeleteQMFilters(
  416. PIPSEC_NFA_DATA * ppIpsecNFAData,
  417. DWORD dwNumNFACount
  418. )
  419. {
  420. DWORD dwError = 0;
  421. DWORD i = 0;
  422. PIPSEC_NFA_DATA pIpsecNFAData = NULL;
  425. for (i = 0; i < dwNumNFACount; i++) {
  427. pIpsecNFAData = *(ppIpsecNFAData + i);
  429. if (!(pIpsecNFAData->dwTunnelFlags)) {
  431. dwError = PADeleteTxFilterSpecs(
  432. pIpsecNFAData
  433. );
  435. }
  436. else {
  438. dwError = PADeleteTnFilterSpecs(
  439. pIpsecNFAData
  440. );
  442. }
  444. }
  446. return (dwError);
  447. }
  450. DWORD
  451. PADeleteTxFilterSpecs(
  452. PIPSEC_NFA_DATA pIpsecNFAData
  453. )
  454. {
  455. DWORD dwError = 0;
  456. PIPSEC_NEGPOL_DATA pIpsecNegPolData = NULL;
  457. PIPSEC_FILTER_DATA pIpsecFilterData = NULL;
  458. DWORD dwNumFilterSpecs = 0;
  459. PIPSEC_FILTER_SPEC * ppFilterSpecs = NULL;
  460. DWORD i = 0;
  461. PIPSEC_FILTER_SPEC pFilterSpec = NULL;
  464. pIpsecNegPolData = pIpsecNFAData->pIpsecNegPolData;
  466. if (!memcmp(
  467. &(pIpsecNegPolData->NegPolType),
  468. &(GUID_NEGOTIATION_TYPE_DEFAULT),
  469. sizeof(GUID))) {
  470. dwError = ERROR_SUCCESS;
  471. return (dwError);
  472. }
  474. pIpsecFilterData = pIpsecNFAData->pIpsecFilterData;
  476. if (!pIpsecFilterData) {
  477. dwError = ERROR_SUCCESS;
  478. return (dwError);
  479. }
  481. dwNumFilterSpecs = pIpsecFilterData->dwNumFilterSpecs;
  482. ppFilterSpecs = pIpsecFilterData->ppFilterSpecs;
  484. for (i = 0; i < dwNumFilterSpecs; i++) {
  486. pFilterSpec = *(ppFilterSpecs + i);
  488. dwError = PADeleteTxFilter(
  489. pFilterSpec->FilterSpecGUID
  490. );
  492. }
  494. return (dwError);
  495. }
  498. DWORD
  499. PADeleteTxFilter(
  500. GUID gFilterID
  501. )
  502. {
  503. DWORD dwError = 0;
  504. PTXFILTERSTATE pTxFilterState = NULL;
  507. pTxFilterState = FindTxFilterState(
  508. gFilterID
  509. );
  510. if (!pTxFilterState) {
  511. dwError = ERROR_SUCCESS;
  512. return (dwError);
  513. }
  515. if (pTxFilterState->hTxFilter) {
  517. dwError = DeleteTransportFilter(
  518. pTxFilterState->hTxFilter
  519. );
  520. BAIL_ON_WIN32_ERROR(dwError);
  522. }
  524. PADeleteTxFilterState(pTxFilterState);
  526. error:
  528. return (dwError);
  529. }
  532. VOID
  533. PADeleteTxFilterState(
  534. PTXFILTERSTATE pTxFilterState
  535. )
  536. {
  537. PTXFILTERSTATE * ppTemp = NULL;
  540. ppTemp = &gpTxFilterState;
  542. while (*ppTemp) {
  544. if (*ppTemp == pTxFilterState) {
  545. break;
  546. }
  547. ppTemp = &((*ppTemp)->pNext);
  549. }
  551. if (*ppTemp) {
  552. *ppTemp = pTxFilterState->pNext;
  553. }
  555. FreeSPDMemory(pTxFilterState);
  557. return;
  558. }
  561. PTXFILTERSTATE
  562. FindTxFilterState(
  563. GUID gFilterID
  564. )
  565. {
  566. PTXFILTERSTATE pTxFilterState = NULL;
  569. pTxFilterState = gpTxFilterState;
  571. while (pTxFilterState) {
  573. if (!memcmp(&(pTxFilterState->gFilterID), &gFilterID, sizeof(GUID))) {
  574. return (pTxFilterState);
  575. }
  577. pTxFilterState = pTxFilterState->pNext;
  579. }
  581. return (NULL);
  582. }