archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
3.8 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/net/diagnostics/netdiag/ipsec.c

967 lines
27 KiB
Raw Normal View History

Add source files
4 years ago
  1. //++
  2. //
  3. // Copyright (C) Microsoft Corporation, 1987 - 2000
  4. //
  5. // Module Name:
  6. //
  7. // ipsec.c
  8. //
  9. // Abstract:
  10. //
  11. // IP Security stats for netdiag
  12. //
  13. // Author:
  14. //
  15. // DKalin - 8/3/1999
  16. //
  17. // Environment:
  18. //
  19. // User mode only.
  20. // Contains NT-specific code.
  21. //
  22. // Revision History:
  23. //
  24. // Changed behavior for Whistler - now we report registry/OU settings only
  25. // More specific code moved to ipseccmd.exe tool
  26. //--
  28. #include "precomp.h"
  30. #include <snmp.h>
  31. #include "tcpinfo.h"
  32. #include "ipinfo.h"
  33. #include "llinfo.h"
  36. #include <windows.h>
  37. #include <winsock2.h>
  38. #include <ipexport.h>
  39. #include <icmpapi.h>
  40. #include <stdlib.h>
  41. #include <assert.h>
  42. #include <tchar.h>
  43. #include <wincrypt.h>
  44. #include <stdio.h>
  45. #include <objbase.h>
  46. #include <dsgetdc.h>
  47. #include <lm.h>
  48. #include <userenv.h>
  50. #define MAXSTRLEN (1024)
  51. #define STRING_TEXT_SIZE 4096
  52. #define NETDIAG_TEXT_LIMIT 3072
  54. // policy source constants
  55. #define PS_NO_POLICY 0
  56. #define PS_DS_POLICY 1
  57. #define PS_LOC_POLICY 2
  59. // magic strings
  60. #define IPSEC_SERVICE_NAME TEXT("policyagent")
  61. #define GPEXT_KEY TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions")
  62. TCHAR pcszGPTIPSecKey[] = TEXT("SOFTWARE\\Policies\\Microsoft\\Windows\\IPSEC\\GPTIPSECPolicy");
  63. TCHAR pcszGPTIPSecName[] = TEXT("DSIPSECPolicyName");
  64. TCHAR pcszGPTIPSecFlags[] = TEXT("DSIPSECPolicyFlags");
  65. TCHAR pcszGPTIPSecPath[] = TEXT("DSIPSECPolicyPath");
  66. TCHAR pcszLocIPSecKey[] = TEXT("SOFTWARE\\Policies\\Microsoft\\Windows\\IPSEC\\Policy\\Local");
  67. TCHAR pcszLocIPSecPol[] = TEXT("ActivePolicy");
  68. TCHAR pcszCacheIPSecKey[] = TEXT("SOFTWARE\\Policies\\Microsoft\\Windows\\IPSEC\\Policy\\Cache");
  69. TCHAR pcszIPSecPolicy[] = TEXT("ipsecPolicy");
  70. TCHAR pcszIPSecName[] = TEXT("ipsecName");
  71. TCHAR pcszIPSecDesc[] = TEXT("description");
  72. TCHAR pcszIPSecTimestamp[] = TEXT("whenChanged");
  74. // BAIL_xx defines
  75. #define BAIL_ON_WIN32_ERROR(dwError) \
  76. if (dwError) {\
  77. goto error; \
  78. }
  81. #define BAIL_ON_FAILURE(hr) \
  82. if (FAILED(hr)) {\
  83. goto error; \
  84. }
  86. typedef struct
  87. {
  88. int iPolicySource; // one of the three constants mentioned above
  89. TCHAR pszPolicyName[MAXSTRLEN]; // policy name
  90. TCHAR pszPolicyDesc[MAXSTRLEN]; // policy description
  91. TCHAR pszPolicyPath[MAXSTRLEN]; // policy path (DN or RegKey)
  92. time_t timestamp; // last updated time
  93. } POLICY_INFO, *PPOLICY_INFO;
  95. typedef struct
  96. {
  97. SERVICE_STATUS servStat; // service status
  98. QUERY_SERVICE_CONFIG servConfig; // service configuration
  99. } SERVICE_INFO, *PSERVICE_INFO;
  101. typedef struct
  102. {
  103. TCHAR pszComputerOU[MAXSTRLEN]; // this computer' OU name
  104. PGROUP_POLICY_OBJECT pGPO; // GPO that is assigning IPSec Policy
  105. TCHAR pszPolicyOU [MAXSTRLEN]; // OU that has the GPO assigned
  106. } DS_POLICY_INFO, *PDS_POLICY_INFO;
  108. DWORD MyFormatMessage ( DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId,
  109. LPTSTR lpBuffer, DWORD nSize, va_list *Arguments );
  111. void reportError ( HRESULT hr, NETDIAG_PARAMS* pParams, NETDIAG_RESULT* pResults );
  112. void reportServiceInfo ( NETDIAG_PARAMS* pParams, NETDIAG_RESULT* pResults );
  113. HRESULT getPolicyInfo ( );
  114. DWORD getMorePolicyInfo ( );
  115. DWORD getServiceInfo ( PSERVICE_INFO pInfo );
  116. PGROUP_POLICY_OBJECT getIPSecGPO ( );
  117. void StringToGuid( TCHAR * szValue, GUID * pGuid );
  119. BOOL bTestSkipped = FALSE;
  120. BOOL bTestPassed = FALSE;
  121. POLICY_INFO piAssignedPolicy;
  122. SERVICE_INFO siIPSecStatus;
  123. DS_POLICY_INFO dpiAssignedPolicy;
  124. TCHAR pszBuf[STRING_TEXT_SIZE];
  125. WCHAR StringTxt[STRING_TEXT_SIZE];
  127. BOOL
  128. IPSecTest(NETDIAG_PARAMS* pParams, NETDIAG_RESULT* pResults)
  129. //++
  130. // Description:
  131. // This is IPSec test
  132. //
  133. // Arguments:
  134. // None.
  135. //
  136. // Author:
  137. // DKalin 08/03/99
  138. //--
  139. {
  141. DWORD dwError = ERROR_SUCCESS;
  142. HRESULT hr = ERROR_SUCCESS;
  143. PGROUP_POLICY_OBJECT pGPO = NULL;
  145. PrintStatusMessage( pParams, 4, IDS_IPSEC_STATUS_MSG );
  147. InitializeListHead(&pResults->IPSec.lmsgGlobalOutput);
  148. InitializeListHead(&pResults->IPSec.lmsgAdditOutput);
  150. dwError = getServiceInfo(&siIPSecStatus);
  152. if (dwError != ERROR_SUCCESS || siIPSecStatus.servStat.dwCurrentState != SERVICE_RUNNING)
  153. {
  154. // test skipped
  155. bTestSkipped = TRUE;
  156. if (dwError == ERROR_SERVICE_DOES_NOT_EXIST)
  157. {
  158. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  159. IDS_IPSEC_PA_NOT_INSTALLED );
  160. }
  161. else if (dwError == ERROR_SUCCESS)
  162. {
  163. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  164. IDS_IPSEC_PA_NOT_STARTED );
  165. reportServiceInfo(pParams, pResults);
  166. }
  167. else
  168. {
  169. // some error
  170. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  171. IDS_IPSEC_PA_NO_INFO );
  172. reportError(dwError, pParams, pResults);
  173. }
  174. return S_OK;
  175. }
  176. else
  177. {
  178. // test passed
  179. bTestPassed = TRUE;
  181. reportServiceInfo(pParams, pResults);
  182. hr = getPolicyInfo();
  184. if (hr != ERROR_SUCCESS)
  185. {
  186. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  187. IDS_IPSEC_NO_POLICY_INFO );
  188. reportError(hr, pParams, pResults);
  189. }
  190. else
  191. {
  192. switch (piAssignedPolicy.iPolicySource)
  193. {
  194. case PS_NO_POLICY:
  195. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  196. IDS_IPSEC_NO_POLICY );
  197. break;
  198. case PS_DS_POLICY:
  199. getMorePolicyInfo();
  200. pGPO = getIPSecGPO();
  202. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  203. IDS_IPSEC_DS_POLICY );
  204. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  205. IDS_IPSEC_POLICY_NAME, piAssignedPolicy.pszPolicyName );
  207. // description and timestamp - not available yet
  208. /*
  209. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  210. IDS_IPSEC_DESCRIPTION, piAssignedPolicy.pszPolicyDesc );
  211. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  212. IDS_IPSEC_TIMESTAMP );
  213. if (piAssignedPolicy.timestamp == 0)
  214. {
  215. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  216. IDS_GLOBAL_ADAPTER_UNKNOWN);
  217. }
  218. else
  219. {
  220. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  221. IDSSZ_GLOBAL_String, _tctime(&(piAssignedPolicy.timestamp)));
  222. }
  223. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  224. IDS_GLOBAL_EmptyLine);
  225. */
  227. // GPO / OU
  228. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  229. IDS_IPSEC_GPO);
  230. if (pGPO)
  231. {
  232. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  233. IDSSZ_GLOBAL_String, pGPO->lpDisplayName);
  234. }
  235. else
  236. {
  237. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  238. IDS_GLOBAL_ADAPTER_UNKNOWN);
  239. }
  240. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  241. IDS_GLOBAL_EmptyLine);
  243. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  244. IDS_IPSEC_OU);
  245. if (pGPO)
  246. {
  247. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  248. IDSSZ_GLOBAL_String, pGPO->lpLink);
  249. }
  250. else
  251. {
  252. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  253. IDS_GLOBAL_ADAPTER_UNKNOWN);
  254. }
  255. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  256. IDS_GLOBAL_EmptyLine);
  258. // policy path
  259. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  260. IDS_IPSEC_POLICY_PATH);
  261. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  262. IDSSZ_GLOBAL_StringLine, piAssignedPolicy.pszPolicyPath);
  264. // cleanup GPO
  265. if (pGPO)
  266. {
  267. FreeGPOList (pGPO);
  268. }
  269. break;
  270. case PS_LOC_POLICY:
  271. getMorePolicyInfo();
  272. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  273. IDS_IPSEC_LOC_POLICY );
  274. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  275. IDS_IPSEC_POLICY_NAME, piAssignedPolicy.pszPolicyName );
  277. // description and timestamp
  278. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  279. IDS_IPSEC_DESCRIPTION, piAssignedPolicy.pszPolicyDesc );
  280. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  281. IDS_IPSEC_TIMESTAMP );
  282. if (piAssignedPolicy.timestamp == 0)
  283. {
  284. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  285. IDS_GLOBAL_ADAPTER_UNKNOWN);
  286. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  287. IDS_GLOBAL_EmptyLine);
  288. }
  289. else
  290. {
  291. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  292. IDSSZ_GLOBAL_String, _tctime(&(piAssignedPolicy.timestamp)));
  293. }
  295. // local policy path
  296. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  297. IDS_IPSEC_POLICY_PATH);
  298. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  299. IDS_IPSEC_LOCAL_PATH, piAssignedPolicy.pszPolicyPath);
  300. break;
  301. }
  302. }
  303. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  304. IDS_IPSEC_IPSECCMD );
  305. }
  307. return S_OK;
  308. }
  310. void IPSecGlobalPrint(NETDIAG_PARAMS *pParams, NETDIAG_RESULT *pResults)
  311. {
  312. PrintMessage(pParams, IDS_GLOBAL_EmptyLine);
  313. if (bTestSkipped)
  314. {
  315. PrintTestTitleResult(pParams, IDS_IPSEC_LONG, IDS_IPSEC_SHORT, FALSE, S_FALSE, 0);
  316. }
  317. if (bTestPassed)
  318. {
  319. PrintTestTitleResult(pParams, IDS_IPSEC_LONG, IDS_IPSEC_SHORT, TRUE, S_OK, 0);
  320. }
  321. PrintMessageList(pParams, &pResults->IPSec.lmsgGlobalOutput);
  322. PrintMessageList(pParams, &pResults->IPSec.lmsgAdditOutput);
  323. }
  326. void IPSecPerInterfacePrint(NETDIAG_PARAMS *pParams, NETDIAG_RESULT *pResults, INTERFACE_RESULT *pInterfaceResults)
  327. {
  328. return;
  329. }
  332. void IPSecCleanup(IN NETDIAG_PARAMS *pParams,
  333. IN OUT NETDIAG_RESULT *pResults)
  334. {
  335. MessageListCleanUp(&pResults->IPSec.lmsgGlobalOutput);
  336. MessageListCleanUp(&pResults->IPSec.lmsgAdditOutput);
  337. }
  339. //#define MSG_HANDLE_INVALID TEXT("Handle is invalid. Is IPSEC Policy Agent Service running?")
  341. // this will call SDK' FormatMessage function but will also correct some awkward messages
  342. // will work only for FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM flag combination
  343. DWORD MyFormatMessage(
  344. DWORD dwFlags, // source and processing options
  345. LPCVOID lpSource, // pointer to message source
  346. DWORD dwMessageId, // requested message identifier
  347. DWORD dwLanguageId, // language identifier for requested message
  348. LPTSTR lpBuffer, // pointer to message buffer
  349. DWORD nSize, // maximum size of message buffer
  350. va_list *Arguments // pointer to array of message inserts
  351. )
  352. {
  353. LPTSTR* tmp = (LPTSTR*) lpBuffer;
  355. switch (dwMessageId)
  356. {
  357. /* case ERROR_INVALID_HANDLE: // patch for "handle is invalid" message. Suggest to check if service is started
  358. if (dwFlags == (FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM))
  359. {
  360. *tmp = (LPTSTR) malloc((_tcslen(MSG_HANDLE_INVALID)+1)*sizeof(TCHAR));
  361. _tcscpy(*tmp, MSG_HANDLE_INVALID);
  362. return _tcslen(*tmp);
  363. }
  364. else
  365. {
  366. return FormatMessage(dwFlags,lpSource,dwMessageId,dwLanguageId,lpBuffer,nSize,Arguments);
  367. }
  368. */ default: // call standard method
  369. return FormatMessage(dwFlags,lpSource,dwMessageId,dwLanguageId,lpBuffer,nSize,Arguments);
  370. }
  371. }
  373. /********************************************************************
  374. FUNCTION: getPolicyInfo
  376. PURPOSE: gets information about currently assigned policy
  377. into piAssignedPolicy global structure
  378. INPUT: none
  380. RETURNS: HRESULT. Will return ERROR_SUCCESS if everything is fine.
  381. *********************************************************************/
  383. HRESULT getPolicyInfo ( )
  384. {
  385. LONG lRegistryCallResult;
  386. HKEY hRegKey;
  388. DWORD dwType; // for RegQueryValueEx
  389. DWORD dwBufLen; // for RegQueryValueEx
  391. lRegistryCallResult = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
  392. pcszGPTIPSecKey,
  393. 0,
  394. KEY_READ,
  395. &hRegKey);
  397. if (lRegistryCallResult == ERROR_SUCCESS)
  398. {
  399. DWORD dwType;
  400. DWORD dwValue;
  401. DWORD dwLength = sizeof(DWORD);
  403. // query for flags, if flags aint' there or equal to 0, we don't have domain policy
  404. lRegistryCallResult = RegQueryValueEx(hRegKey,
  405. pcszGPTIPSecFlags,
  406. NULL,
  407. &dwType,
  408. (LPBYTE)&dwValue,
  409. &dwLength);
  411. if (lRegistryCallResult == ERROR_SUCCESS)
  412. {
  413. if (dwValue == 0)
  414. lRegistryCallResult = ERROR_FILE_NOT_FOUND;
  415. }
  417. // now get name
  418. if (lRegistryCallResult == ERROR_SUCCESS)
  419. {
  420. dwBufLen = MAXSTRLEN*sizeof(TCHAR);
  421. lRegistryCallResult = RegQueryValueEx( hRegKey,
  422. pcszGPTIPSecName,
  423. NULL,
  424. &dwType, // will be REG_SZ
  425. (LPBYTE) pszBuf,
  426. &dwBufLen);
  427. }
  428. }
  430. if (lRegistryCallResult == ERROR_SUCCESS)
  431. {
  432. piAssignedPolicy.iPolicySource = PS_DS_POLICY;
  433. piAssignedPolicy.pszPolicyPath[0] = 0;
  434. _tcscpy(piAssignedPolicy.pszPolicyName, pszBuf);
  436. dwBufLen = MAXSTRLEN*sizeof(TCHAR);
  437. lRegistryCallResult = RegQueryValueEx( hRegKey,
  438. pcszGPTIPSecPath,
  439. NULL,
  440. &dwType, // will be REG_SZ
  441. (LPBYTE) pszBuf,
  442. &dwBufLen);
  443. if (lRegistryCallResult == ERROR_SUCCESS)
  444. {
  445. _tcscpy(piAssignedPolicy.pszPolicyPath, pszBuf);
  446. }
  448. RegCloseKey(hRegKey);
  449. return ERROR_SUCCESS;
  450. }
  451. else
  452. {
  453. RegCloseKey(hRegKey);
  454. if (lRegistryCallResult == ERROR_FILE_NOT_FOUND)
  455. { // DS reg key not found, check local
  456. lRegistryCallResult = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
  457. pcszLocIPSecKey,
  458. 0,
  459. KEY_READ,
  460. &hRegKey);
  461. if (lRegistryCallResult == ERROR_SUCCESS)
  462. {
  463. dwBufLen = MAXSTRLEN*sizeof(TCHAR);
  464. lRegistryCallResult = RegQueryValueEx( hRegKey,
  465. pcszLocIPSecPol,
  466. NULL,
  467. &dwType, // will be REG_SZ
  468. (LPBYTE) pszBuf,
  469. &dwBufLen);
  470. }
  471. else
  472. {
  473. return lRegistryCallResult; // return whatever error we got
  474. }
  476. RegCloseKey(hRegKey);
  478. if (lRegistryCallResult == ERROR_FILE_NOT_FOUND)
  479. { // no policy assigned
  480. piAssignedPolicy.iPolicySource = PS_NO_POLICY;
  481. piAssignedPolicy.pszPolicyPath[0] = 0;
  482. piAssignedPolicy.pszPolicyName[0] = 0;
  483. return ERROR_SUCCESS;
  484. }
  485. else
  486. { // read it
  487. lRegistryCallResult = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
  488. pszBuf,
  489. 0,
  490. KEY_READ,
  491. &hRegKey);
  492. _tcscpy(piAssignedPolicy.pszPolicyPath, pszBuf);
  493. if (lRegistryCallResult == ERROR_SUCCESS)
  494. {
  495. dwBufLen = MAXSTRLEN*sizeof(TCHAR);
  496. lRegistryCallResult = RegQueryValueEx( hRegKey,
  497. pcszIPSecName,
  498. NULL,
  499. &dwType, // will be REG_SZ
  500. (LPBYTE) pszBuf,
  501. &dwBufLen);
  502. }
  504. RegCloseKey(hRegKey);
  506. if (lRegistryCallResult == ERROR_FILE_NOT_FOUND)
  507. { // no policy assigned
  508. piAssignedPolicy.iPolicySource = PS_NO_POLICY;
  509. piAssignedPolicy.pszPolicyPath[0] = 0;
  510. return ERROR_SUCCESS;
  511. }
  512. else if (lRegistryCallResult == ERROR_SUCCESS)
  513. { // found it
  514. piAssignedPolicy.iPolicySource = PS_LOC_POLICY;
  515. _tcscpy(piAssignedPolicy.pszPolicyName, pszBuf);
  516. }
  517. }
  518. }
  519. return (HRESULT) lRegistryCallResult;
  520. }
  521. }
  523. /********************************************************************
  524. FUNCTION: getServiceInfo
  526. PURPOSE: gets information about current state and configuration of IPSec Service
  527. into *pInfo structure
  528. INPUT: pInfo - pointer to SERVICE_INFO structure which will be updated with current information
  529. TODO:
  531. RETURNS: Win32 error codes. Will return ERROR_SUCCESS if everything is fine.
  532. ERROR_SERVICE_DOES_NOT_EXIST is returned is service is not installed on the system
  533. *********************************************************************/
  535. DWORD getServiceInfo ( OUT PSERVICE_INFO pInfo )
  536. {
  537. DWORD dwError = ERROR_SUCCESS;
  538. DWORD dwRequiredSize = 0;
  539. PVOID pLargeConfig = 0;
  540. SC_HANDLE schMan = NULL;
  541. SC_HANDLE schPA = NULL;
  543. if (!pInfo)
  544. {
  545. return ERROR_INVALID_PARAMETER;
  546. }
  548. memset(&(pInfo->servStat), 0, sizeof(SERVICE_STATUS));
  549. memset(&(pInfo->servConfig), 0, sizeof(QUERY_SERVICE_CONFIG));
  552. schMan = OpenSCManager(NULL, NULL, GENERIC_READ);
  554. if (schMan == NULL)
  555. {
  556. dwError = GetLastError();
  557. goto error;
  558. }
  560. schPA = OpenService(schMan, IPSEC_SERVICE_NAME, GENERIC_READ);
  562. if (schMan == NULL)
  563. {
  564. dwError = GetLastError();
  565. goto error;
  566. }
  568. if (!QueryServiceStatus(schPA, &(pInfo->servStat)))
  569. {
  570. dwError = GetLastError();
  571. goto error;
  572. }
  574. if (!QueryServiceConfig(schPA, &(pInfo->servConfig), sizeof(QUERY_SERVICE_CONFIG), &dwRequiredSize))
  575. {
  576. dwError = GetLastError();
  577. if (dwError == ERROR_INSUFFICIENT_BUFFER)
  578. {
  579. pLargeConfig = malloc(dwRequiredSize);
  580. if (!pLargeConfig)
  581. {
  582. goto error;
  583. }
  584. if (!QueryServiceConfig(schPA, (LPQUERY_SERVICE_CONFIG) pLargeConfig, dwRequiredSize, &dwRequiredSize))
  585. {
  586. dwError = GetLastError();
  587. goto error;
  588. }
  589. // else we just got the information, copy over to *pInfo
  590. memcpy(&(pInfo->servConfig), pLargeConfig, sizeof(QUERY_SERVICE_CONFIG));
  591. dwError = ERROR_SUCCESS;
  592. }
  594. goto error;
  595. }
  597. error:
  598. if (schPA)
  599. CloseServiceHandle(schPA);
  600. if (schMan)
  601. CloseServiceHandle(schMan);
  602. if (pLargeConfig)
  603. {
  604. free(pLargeConfig);
  605. }
  606. return dwError;
  607. }
  609. /********************************************************************
  610. FUNCTION: reportError
  612. PURPOSE: prints out message code and message itself
  613. INPUT: HRESULT - error code
  615. RETURNS: none
  616. *********************************************************************/
  618. void reportError ( HRESULT hr, NETDIAG_PARAMS* pParams, NETDIAG_RESULT* pResults )
  619. {
  620. LPTSTR msg = NULL;
  622. MyFormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM,
  623. NULL, hr, 0, (LPTSTR) &msg, 0, NULL );
  625. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  626. IDS_IPSEC_ERROR_MSG, hr, msg );
  627. }
  629. /********************************************************************
  630. FUNCTION: reportServiceInfo
  632. PURPOSE: prints out service status and startup information
  633. INPUT: none
  635. RETURNS: none
  636. *********************************************************************/
  637. void reportServiceInfo ( NETDIAG_PARAMS* pParams, NETDIAG_RESULT* pResults )
  638. {
  639. // print status information
  640. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  641. IDS_IPSEC_PA_STATUS );
  642. switch (siIPSecStatus.servStat.dwCurrentState)
  643. {
  644. case SERVICE_RUNNING:
  645. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  646. IDS_IPSEC_PA_STARTED );
  647. break;
  648. case SERVICE_STOPPED:
  649. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  650. IDS_IPSEC_PA_STOPPED );
  651. break;
  652. case SERVICE_PAUSED:
  653. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  654. IDS_IPSEC_PA_PAUSED );
  655. break;
  656. default:
  657. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  658. IDS_GLOBAL_ADAPTER_UNKNOWN);
  659. break;
  660. }
  661. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  662. IDS_GLOBAL_EmptyLine);
  664. // print config information
  665. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  666. IDS_IPSEC_PA_STARTUP );
  667. switch (siIPSecStatus.servConfig.dwStartType)
  668. {
  669. case SERVICE_AUTO_START:
  670. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  671. IDS_IPSEC_PA_AUTOMATIC );
  672. break;
  673. case SERVICE_DEMAND_START:
  674. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  675. IDS_IPSEC_PA_MANUAL );
  676. break;
  677. case SERVICE_DISABLED:
  678. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  679. IDS_IPSEC_PA_DISABLED );
  680. break;
  681. default:
  682. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  683. IDS_GLOBAL_ADAPTER_UNKNOWN);
  684. break;
  685. }
  686. AddMessageToList( &pResults->IPSec.lmsgGlobalOutput, Nd_Verbose,
  687. IDS_GLOBAL_EmptyLine);
  688. }
  690. /********************************************************************
  691. FUNCTION: getIPSecGPO
  693. PURPOSE: returns GPO that is assigning IPSec Policy
  694. INPUT: none
  696. RETURNS: pointer to GROUP_POLICY_OBJECT structure
  697. NULL if policy is not assigned or if GPO information is not retrievable
  698. NOTES: Tested only with domain GPOs
  699. Behaves unpredictably when run for the computer
  700. that does not have active Directory IPSec policy assigned
  701. CALLER is responsible for freeing the memory!
  702. *********************************************************************/
  703. PGROUP_POLICY_OBJECT getIPSecGPO ( )
  704. {
  705. HKEY hKey, hSubKey;
  706. DWORD dwType, dwSize, dwIndex, dwNameSize;
  707. LONG lResult;
  708. TCHAR szName[50];
  709. GUID guid;
  710. PGROUP_POLICY_OBJECT pGPO, pGPOTemp;
  711. PGROUP_POLICY_OBJECT pGPOReturn = NULL;
  712. DWORD dwResult;
  714. //
  715. // Enumerate the extensions
  716. //
  718. lResult = RegOpenKeyEx (HKEY_LOCAL_MACHINE, GPEXT_KEY, 0, KEY_READ, &hKey);
  720. if (lResult == ERROR_SUCCESS)
  721. {
  723. dwIndex = 0;
  724. dwNameSize = 50;
  726. while ((dwResult = RegEnumKeyEx (hKey, dwIndex++, szName, &dwNameSize, NULL, NULL,
  727. NULL, NULL)) == ERROR_SUCCESS)
  728. {
  730. dwNameSize = 50;
  732. //
  733. // Skip the registry extension since we did it above
  734. //
  736. if (lstrcmpi(TEXT("{35378EAC-683F-11D2-A89A-00C04FBBCFA2}"), szName))
  737. {
  739. //
  740. // Get the list of GPOs this extension applied
  741. //
  743. StringToGuid(szName, &guid);
  745. lResult = GetAppliedGPOList (GPO_LIST_FLAG_MACHINE, NULL, NULL,
  746. &guid, &pGPO);
  748. if (lResult == ERROR_SUCCESS)
  749. {
  750. if (pGPO)
  751. {
  752. //
  753. // Get the extension's friendly display name
  754. //
  756. lResult = RegOpenKeyEx (hKey, szName, 0, KEY_READ, &hSubKey);
  758. if (lResult == ERROR_SUCCESS)
  759. {
  760. if (!lstrcmpi(TEXT("{e437bc1c-aa7d-11d2-a382-00c04f991e27}"), szName))
  761. {
  762. // found IPSec
  763. return pGPO;
  764. }
  765. else
  766. {
  767. FreeGPOList(pGPO);
  768. }
  769. }
  770. }
  771. }
  772. }
  773. }
  774. }
  776. return pGPOReturn;
  777. }
  779. //*************************************************************
  780. //
  781. // StringToGuid()
  782. //
  783. // Purpose: Converts a GUID in string format to a GUID structure
  784. //
  785. // Parameters: szValue - guid in string format
  786. // pGuid - guid structure receiving the guid
  787. //
  788. //
  789. // Return: void
  790. //
  791. //*************************************************************
  793. void StringToGuid( TCHAR * szValue, GUID * pGuid )
  794. {
  795. TCHAR wc;
  796. INT i;
  798. //
  799. // If the first character is a '{', skip it
  800. //
  801. if ( szValue[0] == TEXT('{') )
  802. szValue++;
  804. //
  805. // Since szValue may be used again, no permanent modification to
  806. // it is be made.
  807. //
  809. wc = szValue[8];
  810. szValue[8] = 0;
  811. pGuid->Data1 = _tcstoul( &szValue[0], 0, 16 );
  812. szValue[8] = wc;
  813. wc = szValue[13];
  814. szValue[13] = 0;
  815. pGuid->Data2 = (USHORT)_tcstoul( &szValue[9], 0, 16 );
  816. szValue[13] = wc;
  817. wc = szValue[18];
  818. szValue[18] = 0;
  819. pGuid->Data3 = (USHORT)_tcstoul( &szValue[14], 0, 16 );
  820. szValue[18] = wc;
  822. wc = szValue[21];
  823. szValue[21] = 0;
  824. pGuid->Data4[0] = (unsigned char)_tcstoul( &szValue[19], 0, 16 );
  825. szValue[21] = wc;
  826. wc = szValue[23];
  827. szValue[23] = 0;
  828. pGuid->Data4[1] = (unsigned char)_tcstoul( &szValue[21], 0, 16 );
  829. szValue[23] = wc;
  831. for ( i = 0; i < 6; i++ )
  832. {
  833. wc = szValue[26+i*2];
  834. szValue[26+i*2] = 0;
  835. pGuid->Data4[2+i] = (unsigned char)_tcstoul( &szValue[24+i*2], 0, 16 );
  836. szValue[26+i*2] = wc;
  837. }
  838. }
  840. /********************************************************************
  841. FUNCTION: getMorePolicyInfo
  843. PURPOSE: gets additional information about currently assigned policy
  844. into piAssignedPolicy global structure
  845. INPUT: none, uses global piAssignedPolicy structure
  846. particularly
  847. iPolicySource
  848. pszPolicyName
  849. pszPolicyPath
  850. fields
  852. RETURNS: HRESULT. Will return ERROR_SUCCESS if everything is fine.
  853. Currently fills pszPolicyDesc and timestamp fields of the global structure
  855. NOTES: This is separate from getPolicyInfo routine for two reasons
  856. a) the information obtained here is optional and error during this particular routine
  857. is not considered fatal
  858. b) the code structure is simpler as this routine is "built on top" of what getPolicyInfo provides
  859. *********************************************************************/
  861. DWORD getMorePolicyInfo ( )
  862. {
  863. DWORD dwError = ERROR_SUCCESS;
  864. HKEY hRegKey = NULL;
  866. DWORD dwType; // for RegQueryValueEx
  867. DWORD dwBufLen; // for RegQueryValueEx
  868. DWORD dwValue;
  869. DWORD dwLength = sizeof(DWORD);
  871. PTCHAR* ppszExplodeDN = NULL;
  873. // set some default values
  874. piAssignedPolicy.pszPolicyDesc[0] = 0;
  875. piAssignedPolicy.timestamp = 0;
  877. switch (piAssignedPolicy.iPolicySource)
  878. {
  879. case PS_LOC_POLICY:
  880. // open the key
  881. dwError = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
  882. piAssignedPolicy.pszPolicyPath,
  883. 0,
  884. KEY_READ,
  885. &hRegKey);
  886. BAIL_ON_WIN32_ERROR(dwError);
  888. // timestamp
  889. dwError = RegQueryValueEx(hRegKey,
  890. pcszIPSecTimestamp,
  891. NULL,
  892. &dwType,
  893. (LPBYTE)&dwValue,
  894. &dwLength);
  895. BAIL_ON_WIN32_ERROR(dwError);
  896. piAssignedPolicy.timestamp = dwValue;
  898. // description
  899. dwBufLen = MAXSTRLEN*sizeof(TCHAR);
  900. dwError = RegQueryValueEx( hRegKey,
  901. pcszIPSecDesc,
  902. NULL,
  903. &dwType, // will be REG_SZ
  904. (LPBYTE) pszBuf,
  905. &dwBufLen);
  906. BAIL_ON_WIN32_ERROR(dwError);
  907. _tcscpy(piAssignedPolicy.pszPolicyDesc, pszBuf);
  909. break;
  911. case PS_DS_POLICY:
  912. // get the policy name from DN
  913. _tcscpy(pszBuf, pcszCacheIPSecKey);
  914. ppszExplodeDN = ldap_explode_dn(piAssignedPolicy.pszPolicyPath, 1);
  915. if (!ppszExplodeDN)
  916. {
  917. goto error;
  918. }
  919. _tcscat(pszBuf, TEXT("\\"));
  920. _tcscat(pszBuf, ppszExplodeDN[0]);
  922. // open the regkey
  923. dwError = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
  924. pszBuf,
  925. 0,
  926. KEY_READ,
  927. &hRegKey);
  928. BAIL_ON_WIN32_ERROR(dwError);
  930. /* - tomestamp and description are not available yet
  931. // timestamp
  932. dwError = RegQueryValueEx(hRegKey,
  933. pcszIPSecTimestamp,
  934. NULL,
  935. &dwType,
  936. (LPBYTE)&dwValue,
  937. &dwLength);
  938. BAIL_ON_WIN32_ERROR(dwError);
  939. piAssignedPolicy.timestamp = dwValue;
  941. // description
  942. dwBufLen = MAXSTRLEN*sizeof(TCHAR);
  943. dwError = RegQueryValueEx( hRegKey,
  944. pcszIPSecDesc,
  945. NULL,
  946. &dwType, // will be REG_SZ
  947. (LPBYTE) pszBuf,
  948. &dwBufLen);
  949. BAIL_ON_WIN32_ERROR(dwError);
  950. _tcscpy(piAssignedPolicy.pszPolicyDesc, pszBuf);
  951. */
  953. break;
  954. }
  956. error:
  957. if (hRegKey)
  958. {
  959. RegCloseKey(hRegKey);
  960. }
  961. if (ppszExplodeDN)
  962. {
  963. ldap_value_free(ppszExplodeDN);
  964. }
  965. return dwError;
  966. }