archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ipsec/ipseccmd/usepa.cpp

1186 lines
33 KiB
Raw Normal View History

Add source files
4 years ago
  1. /////////////////////////////////////////////////////////////
  2. // Copyright(c) 1998, Microsoft Corporation
  3. //
  4. // useparpc.cpp
  5. //
  6. // Created on 8/15/98 by Randyram
  7. // Revisions:
  8. // 2/29/00 - DKalin
  9. // Removed out-of-date PA RPC routines, added Ipsecpol service management
  10. //
  11. // This holds all the init and cleanup code for using the
  12. // SPD API and for using SCM for controlling PA and ipsecpolsvc
  13. // see usepa.h for usage
  14. //
  15. /////////////////////////////////////////////////////////////
  17. #include "ipseccmd.h"
  19. const TCHAR szIpsecpolsvc[] = TEXT("ipsecpolsvc");
  21. bool PAIsRunning(OUT DWORD &dwError, TCHAR *szServ)
  22. {
  23. bool bReturn = true;
  24. dwError = ERROR_SUCCESS;
  26. SERVICE_STATUS ServStat;
  27. memset(&ServStat, 0, sizeof(SERVICE_STATUS));
  29. SC_HANDLE schMan = OpenSCManager(szServ, NULL, SC_MANAGER_ALL_ACCESS);
  31. if (schMan == NULL)
  32. {
  33. dwError = GetLastError();
  34. bReturn = false;
  35. }
  36. else
  37. {
  38. SC_HANDLE schPA = OpenService(schMan, TEXT("policyagent"),
  39. SERVICE_QUERY_STATUS | SERVICE_START | SERVICE_STOP);
  40. if (schPA == NULL)
  41. {
  42. dwError = GetLastError();
  43. bReturn = false;
  44. }
  45. else if (QueryServiceStatus(schPA, &ServStat))
  46. {
  47. // check the status finally
  48. if (ServStat.dwCurrentState != SERVICE_RUNNING)
  49. {
  50. bReturn = false;
  51. }
  52. CloseServiceHandle(schPA);
  53. }
  54. CloseServiceHandle(schMan);
  55. }
  57. return bReturn;
  58. }
  60. bool StartPA(OUT DWORD &dwError, OPTIONAL TCHAR *szServ)
  61. {
  62. bool bReturn = true;
  63. dwError = ERROR_SUCCESS;
  65. SERVICE_STATUS ServStat;
  66. memset(&ServStat, 0, sizeof(SERVICE_STATUS));
  68. SC_HANDLE schMan = OpenSCManager(szServ, NULL, SC_MANAGER_ALL_ACCESS);
  70. if (schMan == NULL)
  71. {
  72. dwError = GetLastError();
  73. bReturn = false;
  74. }
  75. else
  76. {
  77. SC_HANDLE schPA = OpenService(schMan, TEXT("policyagent"),
  78. SERVICE_QUERY_STATUS | SERVICE_START | SERVICE_STOP);
  79. if (schPA == NULL)
  80. {
  81. dwError = GetLastError();
  82. bReturn = false;
  83. }
  84. else if (QueryServiceStatus(schPA, &ServStat))
  85. {
  86. // check the status finally
  87. if (ServStat.dwCurrentState != SERVICE_RUNNING)
  88. {
  89. if (!StartService(schPA, 0, NULL))
  90. {
  91. dwError = GetLastError();
  92. bReturn = false;
  93. }
  94. }
  95. CloseServiceHandle(schPA);
  96. }
  97. CloseServiceHandle(schMan);
  98. }
  100. return bReturn;
  101. }
  103. /*********************************************************************
  104. FUNCTION: InstallIpsecpolService
  105. PURPOSE: Installs ipsecpolsvc service (incl. copying .exe to system32 dir)
  106. PARAMS:
  107. pszFilename - name of the .exe file (full path recommended)
  108. bFailIfExists - if TRUE, fail if service already exists,
  109. if FALSE, stop service, delete it and proceed
  110. ( default = TRUE )
  111. RETURNS: ERROR_SUCESS or GetLastError code
  112. COMMENTS:
  113. *********************************************************************/
  114. DWORD InstallIpsecpolService (IN LPCTSTR pszFilename, IN OPTIONAL BOOL bFailIfExists)
  115. {
  116. DWORD dwReturn = ERROR_SUCCESS;
  118. // open SCM Manager first
  119. SC_HANDLE schMan = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
  120. SC_HANDLE schIpsecpolsvc;
  122. if (schMan == NULL)
  123. {
  124. dwReturn = GetLastError();
  125. }
  126. else
  127. {
  128. // OK, we have handle access to SCM manager
  129. // if bFailIfExists == FALSE, let's check if service is running and stop it
  130. if (!bFailIfExists)
  131. {
  132. if (IsIpsecpolServiceRunning(dwReturn))
  133. {
  134. dwReturn = StopIpsecpolService();
  135. }
  136. }
  138. // continue only if we're okay so far
  139. if (dwReturn != ERROR_SUCCESS)
  140. {
  141. CloseServiceHandle(schMan);
  142. return dwReturn;
  143. }
  145. // now handle copyfile stuff
  146. TCHAR pszDestination[MAX_PATH+1];
  147. TCHAR* pszWindir = _tgetenv(TEXT("WINDIR"));
  148. TCHAR* pTmp;
  149. if (pszWindir == NULL || pszFilename == NULL || pszFilename[0] == 0)
  150. {
  151. CloseServiceHandle(schMan);
  152. return ERROR_PATH_NOT_FOUND;
  153. }
  155. _tcscpy(pszDestination, pszWindir);
  156. _tcscat(pszDestination, TEXT("\\system32\\"));
  158. pTmp = (TCHAR*) _tcsrchr(pszFilename, TEXT('\\'));
  159. if (pTmp == NULL)
  160. {
  161. _tcscat(pszDestination, pszFilename);
  162. }
  163. else
  164. {
  165. _tcscat(pszDestination, pTmp+1);
  166. }
  168. // now copy file
  169. if (!CopyFile(pszFilename, pszDestination, FALSE))
  170. {
  171. CloseServiceHandle(schMan);
  172. return GetLastError();
  173. }
  175. // now delete service if it already exists and bFailIfExists is FALSE
  176. if (!bFailIfExists)
  177. {
  178. // check if it exists and try to delete
  179. schIpsecpolsvc = OpenService(schMan, szIpsecpolsvc,
  180. SERVICE_QUERY_STATUS | SERVICE_START | SERVICE_STOP | STANDARD_RIGHTS_REQUIRED );
  181. if (schIpsecpolsvc == NULL)
  182. {
  183. dwReturn = GetLastError();
  184. if (dwReturn == ERROR_INVALID_NAME || dwReturn == ERROR_SERVICE_DOES_NOT_EXIST)
  185. {
  186. // doesn't exist, continue normally
  187. dwReturn = ERROR_SUCCESS;
  188. }
  189. else
  190. { // some real error
  191. CloseServiceHandle(schMan);
  192. return dwReturn;
  193. }
  194. }
  195. else
  196. {
  197. // service exists, delete
  198. DeleteService(schIpsecpolsvc);
  199. CloseServiceHandle(schIpsecpolsvc);
  200. }
  202. }
  204. // now create new service
  205. schIpsecpolsvc = CreateService(schMan,
  206. szIpsecpolsvc,
  207. szIpsecpolsvc,
  208. SERVICE_QUERY_STATUS | SERVICE_START | SERVICE_STOP | STANDARD_RIGHTS_REQUIRED,
  209. SERVICE_WIN32_OWN_PROCESS,
  210. SERVICE_DEMAND_START,
  211. SERVICE_ERROR_NORMAL,
  212. pszDestination,
  213. NULL,
  214. NULL,
  215. NULL,
  216. NULL,
  217. NULL);
  218. if (schIpsecpolsvc == NULL)
  219. {
  220. // some error
  221. CloseServiceHandle(schMan);
  222. return GetLastError();
  223. }
  224. CloseServiceHandle(schIpsecpolsvc);
  225. CloseServiceHandle(schMan);
  226. }
  228. return dwReturn;
  229. } /* InstallIpsecpolService */
  231. /*********************************************************************
  232. FUNCTION: StartIpsecpolService
  233. PURPOSE: Attempts to start ipsecpolsvc service
  234. PARAMS:
  235. pszServ - optional name of the server (default is NULL, start on local machine)
  236. RETURNS: ERROR_SUCESS or GetLastError code
  237. COMMENTS:
  238. *********************************************************************/
  239. DWORD StartIpsecpolService (IN OPTIONAL LPCTSTR pszServ)
  240. {
  241. DWORD dwReturn = ERROR_SUCCESS;
  243. SERVICE_STATUS ServStat;
  244. memset(&ServStat, 0, sizeof(SERVICE_STATUS));
  246. SC_HANDLE schMan = OpenSCManager(pszServ, NULL, SC_MANAGER_ALL_ACCESS);
  248. if (schMan == NULL)
  249. {
  250. dwReturn = GetLastError();
  251. }
  252. else
  253. {
  254. SC_HANDLE schIpsecpolsvc = OpenService(schMan, szIpsecpolsvc,
  255. SERVICE_QUERY_STATUS | SERVICE_START | SERVICE_STOP);
  256. if (schIpsecpolsvc == NULL)
  257. {
  258. dwReturn = GetLastError();
  259. }
  260. else if (QueryServiceStatus(schIpsecpolsvc, &ServStat))
  261. {
  262. // check the status finally
  263. if (ServStat.dwCurrentState != SERVICE_RUNNING)
  264. {
  265. if (!StartService(schIpsecpolsvc, 0, NULL))
  266. {
  267. dwReturn = GetLastError();
  268. }
  269. }
  270. CloseServiceHandle(schIpsecpolsvc);
  271. }
  272. CloseServiceHandle(schMan);
  273. }
  275. return dwReturn;
  276. } /* StartIpsecpolService */
  278. /*********************************************************************
  279. FUNCTION: StopIpsecpolService
  280. PURPOSE: Attempts to stop ipsecpolsvc service
  281. PARAMS:
  282. pszServ - optional name of the server (default is NULL, start on local machine)
  283. RETURNS: ERROR_SUCESS or GetLastError code
  284. COMMENTS:
  285. *********************************************************************/
  286. DWORD StopIpsecpolService (IN OPTIONAL LPCTSTR pszServ)
  287. {
  288. DWORD dwReturn = ERROR_SUCCESS;
  290. SERVICE_STATUS ServStat;
  291. memset(&ServStat, 0, sizeof(SERVICE_STATUS));
  293. SC_HANDLE schMan = OpenSCManager(pszServ, NULL, SC_MANAGER_ALL_ACCESS);
  295. if (schMan == NULL)
  296. {
  297. dwReturn = GetLastError();
  298. }
  299. else
  300. {
  301. SC_HANDLE schIpsecpolsvc = OpenService(schMan, szIpsecpolsvc,
  302. SERVICE_QUERY_STATUS | SERVICE_START | SERVICE_STOP);
  303. if (schIpsecpolsvc == NULL)
  304. {
  305. dwReturn = GetLastError();
  306. }
  307. else if (QueryServiceStatus(schIpsecpolsvc, &ServStat))
  308. {
  309. // check the status finally
  310. if (ServStat.dwCurrentState == SERVICE_RUNNING)
  311. {
  312. if (!ControlService(schIpsecpolsvc, SERVICE_CONTROL_STOP, &ServStat))
  313. {
  314. dwReturn = GetLastError();
  315. }
  316. }
  317. CloseServiceHandle(schIpsecpolsvc);
  318. }
  319. CloseServiceHandle(schMan);
  320. }
  322. return dwReturn;
  323. } /* StopIpsecpolService */
  325. /*********************************************************************
  326. FUNCTION: IsIpsecpolServiceRunning
  327. PURPOSE: Checks if ipsecpolsvc service is currently running
  328. PARAMS:
  329. dwReturn - holds errors retuned by SCM if any
  330. pszServ - optional name of the server (default is NULL, start on local machine)
  331. RETURNS: TRUE/FALSE
  332. COMMENTS: TRUE returned means service is running
  333. FALSE and dwReturn == ERROR_SUCCESS means service is not running
  334. FALSE and dwReturn != ERROR_SUCCESS means SCM operation failed (dwReturn is error code)
  335. *********************************************************************/
  336. BOOL IsIpsecpolServiceRunning (OUT DWORD &dwReturn, OPTIONAL LPCTSTR pszServ)
  337. {
  338. BOOL bReturn = TRUE;
  339. dwReturn = ERROR_SUCCESS;
  341. SERVICE_STATUS ServStat;
  342. memset(&ServStat, 0, sizeof(SERVICE_STATUS));
  344. SC_HANDLE schMan = OpenSCManager(pszServ, NULL, SC_MANAGER_ALL_ACCESS);
  346. if (schMan == NULL)
  347. {
  348. dwReturn = GetLastError();
  349. bReturn = FALSE;
  350. }
  351. else
  352. {
  353. SC_HANDLE schIpsecpolsvc = OpenService(schMan, szIpsecpolsvc,
  354. SERVICE_QUERY_STATUS | SERVICE_START | SERVICE_STOP);
  355. if (schIpsecpolsvc == NULL)
  356. {
  357. dwReturn = GetLastError();
  358. bReturn = FALSE;
  359. }
  360. else if (QueryServiceStatus(schIpsecpolsvc, &ServStat))
  361. {
  362. // check the status finally
  363. if (ServStat.dwCurrentState != SERVICE_RUNNING)
  364. {
  365. bReturn = FALSE;
  366. }
  367. CloseServiceHandle(schIpsecpolsvc);
  368. }
  369. CloseServiceHandle(schMan);
  370. }
  372. return bReturn;
  373. } /* IsIpsecpolServiceRunning */
  375. /*********************************************************************
  376. FUNCTION: InitIpsecpolsvcRPC
  377. PURPOSE: Get an RPC handle from ipsecpolsvc that can be used to call its APIs
  378. PARAMS:
  379. pszServ - name of the server (pass NULL for the local machine)
  380. hIpsecpolsvc - returned handle
  381. RETURNS: RPC_S_OK or RPC api error code
  382. COMMENTS: Service running is not prereq
  383. *********************************************************************/
  384. RPC_STATUS InitIpsecpolsvcRPC (IN TCHAR *pszServ, OUT handle_t &hIpsecpolsvc)
  385. {
  386. RPC_STATUS status = RPC_S_OK;
  387. TCHAR localProtocol[] = TEXT("ncacn_np");
  388. TCHAR remoteProtocol[] = TEXT("ncacn_np");
  389. TCHAR endpoint[] = TEXT("\\pipe\\ipsecpolsvc");
  390. PUSHORT stringBinding = NULL;
  391. ULONG SecurityLevel = RPC_C_AUTHN_LEVEL_CONNECT;
  393. if (pszServ != 0)
  394. {
  395. if (pszServ[0] == 0)
  396. {
  397. // empty string
  398. pszServ = NULL;
  399. }
  400. }
  402. status = RpcStringBindingCompose(0,
  403. (PUSHORT)((pszServ == NULL) ? localProtocol : remoteProtocol),
  404. (PUSHORT)pszServ,
  405. (PUSHORT)endpoint,
  406. 0,
  407. &stringBinding);
  408. if (status == RPC_S_OK)
  409. {
  410. status = RpcBindingFromStringBinding(stringBinding, &hIpsecpolsvc);
  411. }
  414. if (status == RPC_S_OK)
  415. {
  416. status =
  417. RpcBindingSetAuthInfo(hIpsecpolsvc,
  418. 0,
  419. SecurityLevel,
  420. RPC_C_AUTHN_WINNT,
  421. 0,
  422. 0
  423. );
  424. }
  427. if (stringBinding != NULL)
  428. {
  429. status = RpcStringFree(&stringBinding);
  430. }
  432. return status;
  433. } /* InitIpsecpolsvcRPC */
  435. /*********************************************************************
  436. FUNCTION: ShutdownIpsecpolsvcRPC
  437. PURPOSE: Close RPC handle
  438. PARAMS:
  439. hIpsecpolsvc - handle
  440. RETURNS: RPC_S_OK or RPC api error code
  441. COMMENTS:
  442. *********************************************************************/
  443. RPC_STATUS ShutdownIpsecpolsvcRPC (IN handle_t hIpsecpolsvc)
  444. {
  445. return RpcBindingFree(&hIpsecpolsvc);
  446. } /* ShutdownIpsecpolsvcRPC */
  448. /*********************************************************************
  449. FUNCTION: PlumbIPSecPolicy
  450. PURPOSE: Plumbs IPSEC_IKE_POLICY to the specified machine
  451. PARAMS:
  452. pszServerName - machine name or NULL for local
  453. pIPSecIkePol - pointer to IPSEC_IKE_POLICY.
  454. GUIDs/names must be generated prior to the call
  455. bFailMMIfExists - specifies MM filter behavior
  456. bFailMMIfExists == FALSE will cause the call not to break
  457. on ERROR_MM_FILTER_EXISTS when duplicate MM filters are there
  458. bFailMMIfExists == TRUE will fail on any SPD API error
  459. ppMMFilterHandles - array of mm filter handles will be returned here
  460. ppFilterHandles - array of qm filter handles will be returned here
  461. bPersist - if TRUE, information will be persisted
  462. RETURNS: ERROR_SUCCESS or win32 error code
  463. COMMENTS: CALLER is responsible for freeing the memory for the handle arrays
  464. *********************************************************************/
  465. DWORD
  466. PlumbIPSecPolicy(
  467. IN LPWSTR pServerName,
  468. IN PIPSEC_IKE_POLICY pIPSecIkePol,
  469. IN BOOL bFailMMIfExists,
  470. OUT PHANDLE *ppMMFilterHandles,
  471. OUT PHANDLE *ppFilterHandles,
  472. IN OPTIONAL BOOL bPersist
  473. )
  474. {
  475. DWORD dwReturn = ERROR_SUCCESS;
  476. RPC_STATUS RpcStat = RPC_S_OK;
  477. int i;
  478. HANDLE hFilter;
  479. BOOL bDefaultRule = FALSE; // will be true if default response rule is specified
  480. // default response rule is specified if there is exactly 1 transport filter that is Me-to-Me
  482. if (!pIPSecIkePol)
  483. {
  484. return ERROR_NO_DATA;
  485. }
  487. if (pIPSecIkePol->dwNumFilters == 1 && pIPSecIkePol->QMFilterType == QM_TRANSPORT_FILTER)
  488. {
  489. if (pIPSecIkePol->pTransportFilters[0].SrcAddr.AddrType == IP_ADDR_UNIQUE
  490. && pIPSecIkePol->pTransportFilters[0].SrcAddr.uIpAddr == IP_ADDRESS_ME
  491. && pIPSecIkePol->pTransportFilters[0].DesAddr.AddrType == IP_ADDR_UNIQUE
  492. && pIPSecIkePol->pTransportFilters[0].DesAddr.uIpAddr == IP_ADDRESS_ME
  493. && pIPSecIkePol->pTransportFilters[0].InboundFilterFlag == (FILTER_FLAG) POTF_DEFAULT_RESPONSE_FLAG
  494. && pIPSecIkePol->pTransportFilters[0].OutboundFilterFlag == (FILTER_FLAG) POTF_DEFAULT_RESPONSE_FLAG)
  495. {
  496. bDefaultRule = TRUE;
  497. }
  498. }
  500. // allocate handle arrays first
  501. if (bDefaultRule)
  502. {
  503. *ppMMFilterHandles = *ppFilterHandles = 0;
  504. pIPSecIkePol->AuthInfos.dwFlags |= IPSEC_MM_AUTH_DEFAULT_AUTH;
  505. pIPSecIkePol->IkePol.dwFlags |= IPSEC_MM_POLICY_DEFAULT_POLICY;
  506. pIPSecIkePol->IpsPol.dwFlags |= IPSEC_QM_POLICY_DEFAULT_POLICY;
  507. }
  508. else
  509. {
  510. if (ppMMFilterHandles && pIPSecIkePol->dwNumMMFilters)
  511. {
  512. *ppMMFilterHandles = new HANDLE[pIPSecIkePol->dwNumMMFilters];
  513. if (*ppMMFilterHandles == 0)
  514. {
  515. return ERROR_OUTOFMEMORY;
  516. }
  517. memset(*ppMMFilterHandles, 0, sizeof(HANDLE)*pIPSecIkePol->dwNumMMFilters);
  518. }
  519. if (ppFilterHandles && pIPSecIkePol->dwNumFilters)
  520. {
  521. *ppFilterHandles = new HANDLE[pIPSecIkePol->dwNumFilters];
  522. if (*ppFilterHandles == 0)
  523. {
  524. if (ppMMFilterHandles)
  525. {
  526. if (*ppMMFilterHandles) { delete[] *ppMMFilterHandles; *ppMMFilterHandles = 0; }
  527. }
  528. return ERROR_OUTOFMEMORY;
  529. }
  530. memset(*ppFilterHandles, 0, sizeof(HANDLE)*pIPSecIkePol->dwNumFilters);
  531. }
  532. }
  534. // let's go and plumb everything
  535. // authinfos first
  536. if (!UuidIsNil(&(pIPSecIkePol->AuthInfos.gMMAuthID), &RpcStat))
  537. {
  538. dwReturn = AddMMAuthMethods(pServerName, bPersist ? PERSIST_SPD_OBJECT : 0, &(pIPSecIkePol->AuthInfos));
  539. }
  541. if (dwReturn != ERROR_SUCCESS)
  542. {
  543. if (ppMMFilterHandles && *ppMMFilterHandles) { delete[] *ppMMFilterHandles; *ppMMFilterHandles = 0; }
  544. if (ppFilterHandles && *ppFilterHandles) { delete[] *ppFilterHandles; *ppFilterHandles = 0; }
  545. return dwReturn;
  546. }
  547. if (RpcStat != RPC_S_OK)
  548. {
  549. if (ppMMFilterHandles && *ppMMFilterHandles) { delete[] *ppMMFilterHandles; *ppMMFilterHandles = 0; }
  550. if (ppFilterHandles && *ppFilterHandles) { delete[] *ppFilterHandles; *ppFilterHandles = 0; }
  551. return GetLastError();
  552. }
  554. // mm policy
  555. if (!UuidIsNil(&(pIPSecIkePol->IkePol.gPolicyID), &RpcStat))
  556. {
  557. dwReturn = AddMMPolicy(pServerName, bPersist ? PERSIST_SPD_OBJECT : 0, &(pIPSecIkePol->IkePol));
  558. }
  560. if (dwReturn != ERROR_SUCCESS)
  561. {
  562. if (ppMMFilterHandles && *ppMMFilterHandles) { delete[] *ppMMFilterHandles; *ppMMFilterHandles = 0; }
  563. if (ppFilterHandles && *ppFilterHandles) { delete[] *ppFilterHandles; *ppFilterHandles = 0; }
  564. return dwReturn;
  565. }
  566. if (RpcStat != RPC_S_OK)
  567. {
  568. if (ppMMFilterHandles && *ppMMFilterHandles) { delete[] *ppMMFilterHandles; *ppMMFilterHandles = 0; }
  569. if (ppFilterHandles && *ppFilterHandles) { delete[] *ppFilterHandles; *ppFilterHandles = 0; }
  570. return GetLastError();
  571. }
  573. // qm policy
  574. if (!UuidIsNil(&(pIPSecIkePol->IpsPol.gPolicyID), &RpcStat))
  575. {
  576. dwReturn = AddQMPolicy(pServerName, bPersist ? PERSIST_SPD_OBJECT : 0, &(pIPSecIkePol->IpsPol));
  577. }
  579. if (dwReturn != ERROR_SUCCESS)
  580. {
  581. if (ppMMFilterHandles && *ppMMFilterHandles) { delete[] *ppMMFilterHandles; *ppMMFilterHandles = 0; }
  582. if (ppFilterHandles && *ppFilterHandles) { delete[] *ppFilterHandles; *ppFilterHandles = 0; }
  583. return dwReturn;
  584. }
  585. if (RpcStat != RPC_S_OK)
  586. {
  587. if (ppMMFilterHandles && *ppMMFilterHandles) { delete[] *ppMMFilterHandles; *ppMMFilterHandles = 0; }
  588. if (ppFilterHandles && *ppFilterHandles) { delete[] *ppFilterHandles; *ppFilterHandles = 0; }
  589. return GetLastError();
  590. }
  592. if (bDefaultRule)
  593. {
  594. // return here
  595. return dwReturn;
  596. }
  598. // mm filters
  599. for (i = 0; i < (int) pIPSecIkePol->dwNumMMFilters; i++)
  600. {
  601. hFilter = NULL;
  602. if (!UuidIsNil(&(pIPSecIkePol->pMMFilters[i].gFilterID), &RpcStat))
  603. {
  604. dwReturn = AddMMFilter(pServerName, bPersist ? PERSIST_SPD_OBJECT : 0, &(pIPSecIkePol->pMMFilters[i]), &hFilter);
  605. }
  607. if (RpcStat != RPC_S_OK)
  608. {
  609. if (ppFilterHandles && *ppFilterHandles) { delete[] *ppFilterHandles; *ppFilterHandles = 0; }
  610. return GetLastError();
  611. }
  613. if (!bFailMMIfExists && (dwReturn == ERROR_IPSEC_MM_POLICY_EXISTS || dwReturn == ERROR_IPSEC_MM_AUTH_EXISTS || dwReturn == ERROR_IPSEC_MM_FILTER_EXISTS))
  614. {
  615. dwReturn = ERROR_SUCCESS; // it's not actually an error
  616. }
  618. if (dwReturn != ERROR_SUCCESS)
  619. {
  620. if (ppFilterHandles && *ppFilterHandles) { delete[] *ppFilterHandles; *ppFilterHandles = 0; }
  621. return dwReturn;
  622. }
  624. if (ppMMFilterHandles)
  625. {
  626. (*ppMMFilterHandles)[i] = hFilter;
  627. }
  628. }
  630. // qm filters
  631. for (i = 0; i < (int) pIPSecIkePol->dwNumFilters; i++)
  632. {
  633. hFilter = NULL;
  634. if (pIPSecIkePol->QMFilterType == QM_TRANSPORT_FILTER)
  635. {
  636. if (!UuidIsNil(&(pIPSecIkePol->pTransportFilters[i].gFilterID), &RpcStat))
  637. {
  638. dwReturn = AddTransportFilter(pServerName, bPersist ? PERSIST_SPD_OBJECT : 0, &(pIPSecIkePol->pTransportFilters[i]), &hFilter);
  639. }
  640. }
  641. else
  642. {
  643. // tunnel
  644. if (!UuidIsNil(&(pIPSecIkePol->pTunnelFilters[i].gFilterID), &RpcStat))
  645. {
  646. dwReturn = AddTunnelFilter(pServerName, bPersist ? PERSIST_SPD_OBJECT : 0, &(pIPSecIkePol->pTunnelFilters[i]), &hFilter);
  647. }
  648. }
  650. if (dwReturn != ERROR_SUCCESS)
  651. {
  652. return dwReturn;
  653. }
  654. if (RpcStat != RPC_S_OK)
  655. {
  656. return GetLastError();
  657. }
  659. if (ppFilterHandles)
  660. {
  661. (*ppFilterHandles)[i] = hFilter;
  662. }
  663. }
  665. return dwReturn;
  666. } /* PlumbIPSecPolicy */
  668. /*********************************************************************
  669. FUNCTION: DeleteIPSecPolicy
  670. PURPOSE: Complementary to PlumbIPSecPolicy, removes IPSEC_IKE_POLICY
  671. PARAMS:
  672. pszServerName - machine name or NULL for local
  673. pIPSecIkePol - pointer to IPSEC_IKE_POLICY.
  674. GUIDs/names must be generated prior to the call
  675. pMMFilterHandles - array of main mode filter handles
  676. pFilterHandles - array of quick mode filter handles
  677. RETURNS: ERROR_SUCCESS or win32 error code
  678. COMMENTS: Function will try to
  679. remove everything specified in the IPSEC_IKE_POLICY structure.
  680. It is possible that one or several errors will be encountered.
  681. Function will continue, but later first error will be returned.
  682. *********************************************************************/
  683. DWORD
  684. DeleteIPSecPolicy(
  685. IN LPWSTR pServerName,
  686. IN PIPSEC_IKE_POLICY pIPSecIkePol,
  687. IN PHANDLE pMMFilterHandles,
  688. IN PHANDLE pFilterHandles
  689. )
  690. {
  691. DWORD dwReturn = ERROR_SUCCESS;
  692. DWORD dwErrorCode = ERROR_SUCCESS;
  693. RPC_STATUS RpcStat = RPC_S_OK;
  694. int i;
  696. // mm filters
  697. if (pMMFilterHandles)
  698. {
  699. for (i = 0; i < (int) pIPSecIkePol->dwNumMMFilters; i++)
  700. {
  701. if (!UuidIsNil(&(pIPSecIkePol->pMMFilters[i].gFilterID), &RpcStat))
  702. {
  703. dwReturn = DeleteMMFilter(pMMFilterHandles[i]);
  704. }
  706. if (RpcStat != RPC_S_OK && dwErrorCode == ERROR_SUCCESS)
  707. {
  708. dwErrorCode = GetLastError();
  709. }
  711. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  712. {
  713. dwErrorCode = dwReturn;
  714. }
  715. }
  716. }
  718. // qm filters
  719. if (pFilterHandles)
  720. {
  721. for (i = 0; i < (int) pIPSecIkePol->dwNumFilters; i++)
  722. {
  723. if (pIPSecIkePol->QMFilterType == QM_TRANSPORT_FILTER)
  724. {
  725. if (!UuidIsNil(&(pIPSecIkePol->pTransportFilters[i].gFilterID), &RpcStat))
  726. {
  727. dwReturn = DeleteTransportFilter(pFilterHandles[i]);
  728. }
  729. }
  730. else
  731. {
  732. // tunnel
  733. if (!UuidIsNil(&(pIPSecIkePol->pTunnelFilters[i].gFilterID), &RpcStat))
  734. {
  735. dwReturn = DeleteTunnelFilter(pFilterHandles[i]);
  736. }
  737. }
  739. if (RpcStat != RPC_S_OK && dwErrorCode == ERROR_SUCCESS)
  740. {
  741. dwErrorCode = GetLastError();
  742. }
  744. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  745. {
  746. dwErrorCode = dwReturn;
  747. }
  748. }
  749. }
  751. // mm auth methods
  752. if (!UuidIsNil(&(pIPSecIkePol->AuthInfos.gMMAuthID), &RpcStat))
  753. {
  754. dwReturn = DeleteMMAuthMethods(pServerName, pIPSecIkePol->AuthInfos.gMMAuthID);
  755. }
  756. if (RpcStat != RPC_S_OK && dwErrorCode == ERROR_SUCCESS)
  757. {
  758. dwErrorCode = GetLastError();
  759. }
  761. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  762. {
  763. dwErrorCode = dwReturn;
  764. }
  766. // mm policy
  767. if (!UuidIsNil(&(pIPSecIkePol->IkePol.gPolicyID), &RpcStat))
  768. {
  769. dwReturn = DeleteMMPolicy(pServerName, pIPSecIkePol->IkePol.pszPolicyName);
  770. }
  771. if (RpcStat != RPC_S_OK && dwErrorCode == ERROR_SUCCESS)
  772. {
  773. dwErrorCode = GetLastError();
  774. }
  776. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  777. {
  778. dwErrorCode = dwReturn;
  779. }
  781. // qm policy
  782. if (!UuidIsNil(&(pIPSecIkePol->IpsPol.gPolicyID), &RpcStat))
  783. {
  784. dwReturn = DeleteQMPolicy(pServerName, pIPSecIkePol->IpsPol.pszPolicyName);
  785. }
  786. if (RpcStat != RPC_S_OK && dwErrorCode == ERROR_SUCCESS)
  787. {
  788. dwErrorCode = GetLastError();
  789. }
  791. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  792. {
  793. dwErrorCode = dwReturn;
  794. }
  796. return dwErrorCode;
  798. } /* DeleteIPSecPolicy */
  800. /*********************************************************************
  801. FUNCTION: DeletePersistedIPSecPolicy
  802. PURPOSE: Complementary to PlumbIPSecPolicy with persistent flag on,
  803. removes persisted policy
  804. PARAMS:
  805. pszServerName - machine name or NULL for local
  806. pPolicyName - policy name prefix, if empty string of NULL,
  807. all persisted policy settings will be removed
  808. RETURNS: ERROR_SUCCESS or win32 error code
  809. COMMENTS: Function will try to
  810. remove everything specified.
  811. It is possible that one or several errors will be encountered.
  812. Function will continue, but later first error will be returned.
  813. *********************************************************************/
  814. DWORD
  815. DeletePersistedIPSecPolicy(
  816. IN LPWSTR pServerName,
  817. IN LPWSTR pPolicyName
  818. )
  819. {
  820. DWORD dwErrorCode, dwReturn;
  821. int i, j;
  822. PMM_FILTER pmmf; // for MM filter calls
  823. PIPSEC_QM_POLICY pipsqmp; // for QM policy calls
  824. PTRANSPORT_FILTER ptf; // for transport filter calls
  825. PTUNNEL_FILTER ptunf; // for tunnel filter calls
  826. PMM_AUTH_METHODS pam; // for auth method calls
  827. PIPSEC_MM_POLICY pipsmmp; // for MM policy calls
  828. DWORD dwCount; // counting objects here
  829. DWORD dwResumeHandle; // handle for continuation calls
  830. DWORD dwReserved; // reserved container
  831. GUID gDefaultGUID = {0}; // NULL GUID value
  832. int iPolNameLen = 0;
  833. HANDLE hFilter;
  834. BOOL bRemoveDefault = FALSE;
  836. dwErrorCode = dwReturn = ERROR_SUCCESS;
  837. if (pPolicyName && *pPolicyName)
  838. {
  839. iPolNameLen = wcslen(pPolicyName);
  840. }
  842. // start with mm filters, enum all
  843. pmmf=NULL;
  844. dwResumeHandle=0;
  845. // make the call(s)
  846. for (i = 0; ;i+=dwCount)
  847. {
  848. BOOL bRemoved = FALSE;
  849. DWORD dwOldResumeHandle = dwResumeHandle;
  851. dwReturn = EnumMMFilters(pServerName, ENUM_GENERIC_FILTERS, gDefaultGUID, &pmmf, 0, &dwCount, &dwResumeHandle);
  852. if (dwReturn == ERROR_NO_DATA || dwCount == 0)
  853. {
  854. dwReturn = ERROR_SUCCESS;
  855. // no more filters
  856. break;
  857. }
  858. if (dwReturn != ERROR_SUCCESS)
  859. {
  860. break;
  861. }
  862. for (j = 0; j < (int) dwCount; j++)
  863. {
  864. // check if it's our filter
  865. if (iPolNameLen == 0|| wcsncmp(pPolicyName, pmmf[j].pszFilterName, iPolNameLen) == 0)
  866. {
  867. dwReturn = OpenMMFilterHandle(pServerName, &(pmmf[j]), &hFilter);
  868. if (dwReturn == ERROR_SUCCESS)
  869. {
  870. dwReturn = DeleteMMFilter(hFilter);
  871. if (dwReturn == ERROR_SUCCESS)
  872. {
  873. bRemoved = TRUE;
  874. }
  875. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  876. {
  877. dwErrorCode = dwReturn;
  878. }
  879. dwReturn = CloseMMFilterHandle(hFilter);
  880. }
  881. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  882. {
  883. dwErrorCode = dwReturn;
  884. }
  885. }
  886. }
  887. SPDApiBufferFree(pmmf);
  888. pmmf=NULL;
  889. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  890. {
  891. dwErrorCode = dwReturn;
  892. }
  893. if (bRemoved)
  894. {
  895. dwResumeHandle = dwOldResumeHandle; // need to restart enumeration!
  896. }
  897. }
  898. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  899. {
  900. dwErrorCode = dwReturn;
  901. }
  903. // transport filters - the routine is similar
  904. ptf=NULL;
  905. dwResumeHandle=0;
  906. // make the call(s)
  907. for (i = 0; ;i+=dwCount)
  908. {
  909. BOOL bRemoved = FALSE;
  910. DWORD dwOldResumeHandle = dwResumeHandle;
  912. dwReturn = EnumTransportFilters(pServerName, ENUM_GENERIC_FILTERS, gDefaultGUID, &ptf, 0, &dwCount, &dwResumeHandle);
  913. if (dwReturn == ERROR_NO_DATA || dwCount == 0)
  914. {
  915. dwReturn = ERROR_SUCCESS;
  916. // no more filters
  917. break;
  918. }
  919. if (dwReturn != ERROR_SUCCESS)
  920. {
  921. break;
  922. }
  923. for (j = 0; j < (int) dwCount; j++)
  924. {
  925. // check if it's our filter
  926. if (iPolNameLen == 0|| wcsncmp(pPolicyName, ptf[j].pszFilterName, iPolNameLen) == 0)
  927. {
  928. dwReturn = OpenTransportFilterHandle(pServerName, &(ptf[j]), &hFilter);
  929. if (dwReturn == ERROR_SUCCESS)
  930. {
  931. dwReturn = DeleteTransportFilter(hFilter);
  932. if (dwReturn == ERROR_SUCCESS)
  933. {
  934. bRemoved = TRUE;
  935. }
  936. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  937. {
  938. dwErrorCode = dwReturn;
  939. }
  940. dwReturn = CloseTransportFilterHandle(hFilter);
  941. }
  942. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  943. {
  944. dwErrorCode = dwReturn;
  945. }
  946. }
  947. }
  948. SPDApiBufferFree(ptf);
  949. ptf=NULL;
  950. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  951. {
  952. dwErrorCode = dwReturn;
  953. }
  954. if (bRemoved)
  955. {
  956. dwResumeHandle = dwOldResumeHandle; // need to restart enumeration!
  957. }
  958. }
  959. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  960. {
  961. dwErrorCode = dwReturn;
  962. }
  964. // tunnel filters
  965. ptunf=NULL;
  966. dwResumeHandle=0;
  967. // make the call(s)
  968. for (i = 0; ;i+=dwCount)
  969. {
  970. BOOL bRemoved = FALSE;
  971. DWORD dwOldResumeHandle = dwResumeHandle;
  973. dwReturn = EnumTunnelFilters(pServerName, ENUM_GENERIC_FILTERS, gDefaultGUID, &ptunf, 0, &dwCount, &dwResumeHandle);
  974. if (dwReturn == ERROR_NO_DATA || dwCount == 0)
  975. {
  976. dwReturn = ERROR_SUCCESS;
  977. // no more filters
  978. break;
  979. }
  980. if (dwReturn != ERROR_SUCCESS)
  981. {
  982. break;
  983. }
  984. for (j = 0; j < (int) dwCount; j++)
  985. {
  986. // check if it's our filter
  987. if (iPolNameLen == 0|| wcsncmp(pPolicyName, ptunf[j].pszFilterName, iPolNameLen) == 0)
  988. {
  989. dwReturn = OpenTunnelFilterHandle(pServerName, &(ptunf[j]), &hFilter);
  990. if (dwReturn == ERROR_SUCCESS)
  991. {
  992. dwReturn = DeleteTunnelFilter(hFilter);
  993. if (dwReturn == ERROR_SUCCESS)
  994. {
  995. bRemoved = TRUE;
  996. }
  997. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  998. {
  999. dwErrorCode = dwReturn;
  1000. }
  1001. dwReturn = CloseTunnelFilterHandle(hFilter);
  1002. }
  1003. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  1004. {
  1005. dwErrorCode = dwReturn;
  1006. }
  1007. }
  1008. }
  1009. SPDApiBufferFree(ptunf);
  1010. ptunf=NULL;
  1011. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  1012. {
  1013. dwErrorCode = dwReturn;
  1014. }
  1015. if (bRemoved)
  1016. {
  1017. dwResumeHandle = dwOldResumeHandle; // need to restart enumeration!
  1018. }
  1019. }
  1020. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  1021. {
  1022. dwErrorCode = dwReturn;
  1023. }
  1025. // mm policies
  1026. pipsmmp=NULL;
  1027. dwResumeHandle=0;
  1028. // make the call(s)
  1029. for (i = 0; ;i+=dwCount)
  1030. {
  1031. BOOL bRemoved = FALSE;
  1032. DWORD dwOldResumeHandle = dwResumeHandle;
  1034. dwReturn = EnumMMPolicies(pServerName, &pipsmmp, 0, &dwCount, &dwResumeHandle);
  1035. if (dwReturn == ERROR_NO_DATA || dwCount == 0)
  1036. {
  1037. dwReturn = ERROR_SUCCESS;
  1038. // no more filters
  1039. break;
  1040. }
  1041. if (dwReturn != ERROR_SUCCESS)
  1042. {
  1043. break;
  1044. }
  1045. for (j = 0; j < (int) dwCount; j++)
  1046. {
  1047. // check if it's our mm policy
  1048. if (iPolNameLen == 0|| wcsncmp(pPolicyName, pipsmmp[j].pszPolicyName, iPolNameLen) == 0)
  1049. {
  1050. dwReturn = DeleteMMPolicy(pServerName, pipsmmp[j].pszPolicyName);
  1051. if (dwReturn == ERROR_SUCCESS)
  1052. {
  1053. bRemoved = TRUE;
  1054. }
  1055. if (dwReturn == ERROR_SUCCESS && (pipsmmp[j].dwFlags & IPSEC_QM_POLICY_DEFAULT_POLICY))
  1056. { // got to remove other defaults too
  1057. bRemoveDefault = TRUE;
  1058. }
  1059. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  1060. {
  1061. dwErrorCode = dwReturn;
  1062. }
  1063. }
  1064. }
  1065. SPDApiBufferFree(pipsmmp);
  1066. pipsmmp=NULL;
  1067. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  1068. {
  1069. dwErrorCode = dwReturn;
  1070. }
  1071. if (bRemoved)
  1072. {
  1073. dwResumeHandle = dwOldResumeHandle; // need to restart enumeration!
  1074. }
  1075. }
  1076. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  1077. {
  1078. dwErrorCode = dwReturn;
  1079. }
  1081. // auth methods
  1082. pam=NULL;
  1083. dwResumeHandle=0;
  1084. // make the call(s)
  1085. for (i = 0; ;i+=dwCount)
  1086. {
  1087. BOOL bRemoved = FALSE;
  1088. DWORD dwOldResumeHandle = dwResumeHandle;
  1090. dwReturn = EnumMMAuthMethods(pServerName, &pam, 0, &dwCount, &dwResumeHandle);
  1091. if (dwReturn == ERROR_NO_DATA || dwCount == 0)
  1092. {
  1093. dwReturn = ERROR_SUCCESS;
  1094. // no more filters
  1095. break;
  1096. }
  1097. if (dwReturn != ERROR_SUCCESS)
  1098. {
  1099. break;
  1100. }
  1101. for (j = 0; j < (int) dwCount; j++)
  1102. {
  1103. // check if it's our auth method
  1104. if (bRemoveDefault || (pam[j].dwFlags & IPSEC_MM_AUTH_DEFAULT_AUTH) == 0)
  1105. { // either remove default is set or this is non-default
  1106. dwReturn = DeleteMMAuthMethods(pServerName, pam[j].gMMAuthID);
  1107. if (dwReturn == ERROR_SUCCESS)
  1108. {
  1109. bRemoved = TRUE;
  1110. }
  1111. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  1112. {
  1113. dwErrorCode = dwReturn;
  1114. }
  1115. }
  1116. }
  1117. SPDApiBufferFree(pam);
  1118. pam=NULL;
  1119. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  1120. {
  1121. dwErrorCode = dwReturn;
  1122. }
  1123. if (bRemoved)
  1124. {
  1125. dwResumeHandle = dwOldResumeHandle; // need to restart enumeration!
  1126. }
  1127. }
  1128. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  1129. {
  1130. dwErrorCode = dwReturn;
  1131. }
  1133. // qm policies
  1134. pipsqmp=NULL;
  1135. dwResumeHandle=0;
  1136. // make the call(s)
  1137. for (i = 0; ;i+=dwCount)
  1138. {
  1139. BOOL bRemoved = FALSE;
  1140. DWORD dwOldResumeHandle = dwResumeHandle;
  1142. dwReturn = EnumQMPolicies(pServerName, &pipsqmp, 0, &dwCount, &dwResumeHandle);
  1143. if (dwReturn == ERROR_NO_DATA || dwCount == 0)
  1144. {
  1145. dwReturn = ERROR_SUCCESS;
  1146. // no more filters
  1147. break;
  1148. }
  1149. if (dwReturn != ERROR_SUCCESS)
  1150. {
  1151. break;
  1152. }
  1153. for (j = 0; j < (int) dwCount; j++)
  1154. {
  1155. // check if it's our qm policy
  1156. if (iPolNameLen == 0|| wcsncmp(pPolicyName, pipsqmp[j].pszPolicyName, iPolNameLen) == 0)
  1157. {
  1158. dwReturn = DeleteQMPolicy(pServerName, pipsqmp[j].pszPolicyName);
  1159. if (dwReturn == ERROR_SUCCESS)
  1160. {
  1161. bRemoved = TRUE;
  1162. }
  1163. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  1164. {
  1165. dwErrorCode = dwReturn;
  1166. }
  1167. }
  1168. }
  1169. SPDApiBufferFree(pipsqmp);
  1170. pipsqmp=NULL;
  1171. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  1172. {
  1173. dwErrorCode = dwReturn;
  1174. }
  1175. if (bRemoved)
  1176. {
  1177. dwResumeHandle = dwOldResumeHandle; // need to restart enumeration!
  1178. }
  1179. }
  1180. if (dwReturn != ERROR_SUCCESS && dwErrorCode == ERROR_SUCCESS)
  1181. {
  1182. dwErrorCode = dwReturn;
  1183. }
  1185. return dwErrorCode;
  1186. } /* DeletePersistedIPSecPolicy */