archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ipsec/spd/server/driver.c

1994 lines
42 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1999 Microsoft Corporation
  6. Module Name:
  8. driver.c
  10. Abstract:
  12. This module contains all of the code to drive the
  13. management of specific filters in the IPSec driver.
  15. Author:
  17. abhisheV 05-November-1999
  19. Environment
  21. User Level: Win32
  23. Revision History:
  26. --*/
  29. #include "precomp.h"
  32. DWORD
  33. SPDStartIPSecDriver(
  34. )
  35. /*++
  37. Routine Description:
  39. Starts the IPSec Driver service.
  41. Arguments:
  43. None.
  45. Return Value:
  47. ERROR_SUCCESS - Success.
  49. Win32 Error - Failure.
  51. --*/
  52. {
  53. SC_HANDLE ServiceDatabase = NULL;
  54. SC_HANDLE ServiceHandle = NULL;
  55. BOOL bStatus = FALSE;
  56. DWORD dwError = 0;
  57. SERVICE_STATUS IpsecStatus;
  60. memset(&IpsecStatus, 0, sizeof(SERVICE_STATUS));
  63. ServiceDatabase = OpenSCManager(
  64. NULL,
  65. NULL,
  66. SC_MANAGER_ALL_ACCESS
  67. );
  68. if (ServiceDatabase == NULL) {
  69. dwError = GetLastError();
  70. BAIL_ON_WIN32_ERROR(dwError);
  71. }
  74. ServiceHandle = OpenService(
  75. ServiceDatabase,
  76. IPSEC_SERVICE_NAME,
  77. SERVICE_START | SERVICE_QUERY_STATUS
  78. );
  79. if (ServiceHandle == NULL) {
  80. dwError = GetLastError();
  81. BAIL_ON_WIN32_ERROR(dwError);
  82. }
  85. bStatus = QueryServiceStatus(
  86. ServiceHandle,
  87. &IpsecStatus
  88. );
  89. if (bStatus == FALSE) {
  90. dwError = GetLastError();
  91. BAIL_ON_WIN32_ERROR(dwError);
  92. }
  95. if (IpsecStatus.dwCurrentState == SERVICE_STOPPED) {
  97. bStatus = StartService(
  98. ServiceHandle,
  99. 0,
  100. NULL
  101. );
  102. if (bStatus == FALSE) {
  103. dwError = GetLastError();
  104. BAIL_ON_WIN32_ERROR(dwError);
  105. }
  107. }
  110. error:
  112. if (ServiceDatabase != NULL) {
  113. CloseServiceHandle(ServiceDatabase);
  114. }
  116. if (ServiceHandle != NULL) {
  117. CloseServiceHandle(ServiceHandle);
  118. }
  120. return (dwError);
  121. }
  124. DWORD
  125. SPDStopIPSecDriver(
  126. )
  127. /*++
  129. Routine Description:
  131. Stops the IPSec Driver service.
  133. Arguments:
  135. None.
  137. Return Value:
  139. ERROR_SUCCESS - Success.
  141. Win32 Error - Failure.
  143. --*/
  144. {
  145. SC_HANDLE ServiceDatabase = NULL;
  146. SC_HANDLE ServiceHandle = NULL;
  147. BOOL bStatus = FALSE;
  148. DWORD dwError = 0;
  149. SERVICE_STATUS IpsecStatus;
  152. memset(&IpsecStatus, 0, sizeof(SERVICE_STATUS));
  155. ServiceDatabase = OpenSCManager(
  156. NULL,
  157. NULL,
  158. SC_MANAGER_ALL_ACCESS
  159. );
  160. if (ServiceDatabase == NULL) {
  161. dwError = GetLastError();
  162. BAIL_ON_WIN32_ERROR(dwError);
  163. }
  166. ServiceHandle = OpenService(
  167. ServiceDatabase,
  168. IPSEC_SERVICE_NAME,
  169. SERVICE_STOP | SERVICE_QUERY_STATUS
  170. );
  171. if (ServiceHandle == NULL) {
  172. dwError = GetLastError();
  173. BAIL_ON_WIN32_ERROR(dwError);
  174. }
  177. bStatus = QueryServiceStatus(
  178. ServiceHandle,
  179. &IpsecStatus
  180. );
  181. if (bStatus == FALSE) {
  182. dwError = GetLastError();
  183. BAIL_ON_WIN32_ERROR(dwError);
  184. }
  187. if (IpsecStatus.dwCurrentState == SERVICE_RUNNING) {
  189. bStatus = ControlService(
  190. ServiceHandle,
  191. SERVICE_CONTROL_STOP,
  192. &IpsecStatus
  193. );
  194. if (bStatus == FALSE) {
  195. dwError = GetLastError();
  196. BAIL_ON_WIN32_ERROR(dwError);
  197. }
  199. }
  202. error:
  204. if (ServiceDatabase != NULL) {
  205. CloseServiceHandle(ServiceDatabase);
  206. }
  208. if (ServiceHandle != NULL) {
  209. CloseServiceHandle(ServiceHandle);
  210. }
  212. return (dwError);
  213. }
  216. DWORD
  217. SPDOpenIPSecDriver(
  218. PHANDLE phIPSecDriver
  219. )
  220. /*++
  222. Routine Description:
  224. Opens a handle to the IPSec Driver.
  226. Arguments:
  228. phIPSecDriver - pointer to a handle to the IPSec Driver.
  230. Return Value:
  232. ERROR_SUCCESS - Success.
  234. Win32 Error - Failure.
  236. --*/
  237. {
  238. DWORD dwError = 0;
  239. HANDLE hIPSecDriver = NULL;
  242. hIPSecDriver = CreateFile(
  243. DEVICE_NAME, // File name.
  244. GENERIC_READ | GENERIC_WRITE, // Access mode.
  245. 0, // Share mode.
  246. NULL, // Security attributes.
  247. OPEN_EXISTING, // How to create.
  248. 0, // File attributes.
  249. NULL // Handle to file.
  250. );
  251. if (hIPSecDriver == INVALID_HANDLE_VALUE) {
  252. dwError = GetLastError();
  253. BAIL_ON_WIN32_ERROR(dwError);
  254. }
  256. *phIPSecDriver = hIPSecDriver;
  258. return (dwError);
  260. error:
  262. *phIPSecDriver = INVALID_HANDLE_VALUE;
  264. return (dwError);
  265. }
  268. VOID
  269. SPDCloseIPSecDriver(
  270. HANDLE hIPSecDriver
  271. )
  272. /*++
  274. Routine Description:
  276. Closes the handle to the IPSec Driver.
  278. Arguments:
  280. hIPSecDriver - handle to the IPSec Driver to close.
  282. Return Value:
  284. None.
  286. --*/
  287. {
  288. if (hIPSecDriver) {
  289. CloseHandle(hIPSecDriver);
  290. }
  291. }
  294. DWORD
  295. InsertTransportFiltersIntoIPSec(
  296. PINITXSFILTER pSpecificFilters
  297. )
  298. /*++
  300. Routine Description:
  302. Insert a list of specific filters into the
  303. IPSec Driver.
  305. Arguments:
  307. pSpecificFilters - list of filters to insert.
  309. Return Value:
  311. ERROR_SUCCESS - Success.
  313. Win32 Error - Failure.
  315. --*/
  316. {
  317. DWORD dwError = 0;
  318. HANDLE hIPSecDriver = NULL;
  319. LPBYTE pInBuffer = NULL;
  320. DWORD dwInBufferSize = 0;
  322. BOOL bStatus = FALSE;
  324. LPBYTE pOutBuffer = NULL;
  325. DWORD dwOutBufferSize = 0;
  326. DWORD dwBytesReturned = 0;
  328. DWORD dwNumFilters = 0;
  329. PIPSEC_FILTER_INFO pInternalFilters = NULL;
  330. LPBYTE pTemp = NULL;
  331. DWORD i = 0;
  334. if (!pSpecificFilters) {
  335. return (dwError);
  336. }
  338. dwError = SPDOpenIPSecDriver(
  339. &hIPSecDriver
  340. );
  341. BAIL_ON_WIN32_ERROR(dwError);
  344. dwError = WrapTransportFilters(
  345. pSpecificFilters,
  346. &pInternalFilters,
  347. &dwNumFilters
  348. );
  349. BAIL_ON_WIN32_ERROR(dwError);
  352. dwInBufferSize = sizeof(DWORD) +
  353. sizeof(IPSEC_FILTER_INFO)*dwNumFilters;
  355. dwError = AllocateSPDMemory(
  356. dwInBufferSize,
  357. &pInBuffer
  358. );
  359. BAIL_ON_WIN32_ERROR(dwError);
  362. pTemp = pInBuffer;
  363. memcpy(pTemp, &dwNumFilters, sizeof(DWORD));
  364. pTemp += sizeof(DWORD);
  366. for (i = 0 ; i < dwNumFilters; i++) {
  368. memcpy(pTemp, &(pInternalFilters[i]), sizeof(IPSEC_FILTER_INFO));
  369. pTemp += sizeof(IPSEC_FILTER_INFO);
  371. }
  374. bStatus = DeviceIoControl(
  375. hIPSecDriver,
  376. IOCTL_IPSEC_ADD_FILTER,
  377. pInBuffer,
  378. dwInBufferSize,
  379. pOutBuffer,
  380. dwOutBufferSize,
  381. &dwBytesReturned,
  382. NULL
  383. );
  384. if (bStatus == FALSE) {
  385. dwError = GetLastError();
  386. BAIL_ON_WIN32_ERROR(dwError);
  387. }
  390. error:
  392. if (hIPSecDriver != INVALID_HANDLE_VALUE) {
  393. SPDCloseIPSecDriver(hIPSecDriver);
  394. }
  396. if (pInternalFilters) {
  397. FreeSPDMemory(pInternalFilters);
  398. }
  400. if (pInBuffer) {
  401. FreeSPDMemory(pInBuffer);
  402. }
  404. if (pOutBuffer) {
  405. LocalFree(pOutBuffer);
  406. }
  408. return (dwError);
  409. }
  412. DWORD
  413. DeleteTransportFiltersFromIPSec(
  414. PINITXSFILTER pSpecificFilters
  415. )
  416. /*++
  418. Routine Description:
  420. Delete a list of filters from the IPSec Driver.
  422. Arguments:
  424. pSpecificFilters - list of filters to delete.
  426. Return Value:
  428. ERROR_SUCCESS - Success.
  430. Win32 Error - Failure.
  432. --*/
  433. {
  434. DWORD dwError = 0;
  435. HANDLE hIPSecDriver = NULL;
  436. LPBYTE pInBuffer = NULL;
  437. DWORD dwInBufferSize = 0;
  439. BOOL bStatus = FALSE;
  441. LPBYTE pOutBuffer = NULL;
  442. DWORD dwOutBufferSize = 0;
  443. DWORD dwBytesReturned = 0;
  445. DWORD dwNumFilters = 0;
  446. PIPSEC_FILTER_INFO pInternalFilters = NULL;
  447. LPBYTE pTemp = NULL;
  448. DWORD i = 0;
  451. if (!pSpecificFilters) {
  452. return (dwError);
  453. }
  455. dwError = SPDOpenIPSecDriver(
  456. &hIPSecDriver
  457. );
  458. BAIL_ON_WIN32_ERROR(dwError);
  461. dwError = WrapTransportFilters(
  462. pSpecificFilters,
  463. &pInternalFilters,
  464. &dwNumFilters
  465. );
  466. BAIL_ON_WIN32_ERROR(dwError);
  469. dwInBufferSize = sizeof(DWORD) +
  470. sizeof(IPSEC_FILTER_INFO)*dwNumFilters;
  472. dwError = AllocateSPDMemory(
  473. dwInBufferSize,
  474. &pInBuffer
  475. );
  476. BAIL_ON_WIN32_ERROR(dwError);
  479. pTemp = pInBuffer;
  480. memcpy(pTemp, &dwNumFilters, sizeof(DWORD));
  481. pTemp += sizeof(DWORD);
  483. for (i = 0 ; i < dwNumFilters; i++) {
  485. memcpy(pTemp, &(pInternalFilters[i]), sizeof(IPSEC_FILTER_INFO));
  486. pTemp += sizeof(IPSEC_FILTER_INFO);
  488. }
  491. bStatus = DeviceIoControl(
  492. hIPSecDriver,
  493. IOCTL_IPSEC_DELETE_FILTER,
  494. pInBuffer,
  495. dwInBufferSize,
  496. pOutBuffer,
  497. dwOutBufferSize,
  498. &dwBytesReturned,
  499. NULL
  500. );
  502. if (bStatus == FALSE) {
  503. dwError = GetLastError();
  504. BAIL_ON_WIN32_ERROR(dwError);
  505. }
  508. error:
  510. if (hIPSecDriver != INVALID_HANDLE_VALUE) {
  511. SPDCloseIPSecDriver(hIPSecDriver);
  512. }
  514. if (pInternalFilters) {
  515. FreeSPDMemory(pInternalFilters);
  516. }
  518. if (pInBuffer) {
  519. FreeSPDMemory(pInBuffer);
  520. }
  522. if (pOutBuffer) {
  523. LocalFree(pOutBuffer);
  524. }
  526. return (dwError);
  527. }
  530. DWORD
  531. WrapTransportFilters(
  532. PINITXSFILTER pSpecificFilters,
  533. PIPSEC_FILTER_INFO * ppInternalFilters,
  534. PDWORD pdwNumFilters
  535. )
  536. /*++
  538. Routine Description:
  540. Transforms a list of specific transport filters to
  541. an equivalent list of filters acceptable to the
  542. IPSec Driver.
  544. Arguments:
  546. pSpecificFilters - list of filters to convert.
  548. ppInternalFilters - list of transformed filters.
  550. pdwNumFilters - count of the filters in the transformed
  551. list.
  553. Return Value:
  555. ERROR_SUCCESS - Success.
  557. Win32 Error - Failure.
  559. --*/
  560. {
  561. DWORD dwError = 0;
  562. PINITXSFILTER pTempFilter = NULL;
  563. PIPSEC_FILTER_INFO pInternalFilters = NULL;
  564. DWORD dwNumFilters = 0;
  565. DWORD i = 0;
  568. //
  569. // At this point, there's atleast one filter in the
  570. // specific filter list.
  571. //
  573. pTempFilter = pSpecificFilters;
  575. while(pTempFilter) {
  576. pTempFilter = pTempFilter->pNext;
  577. dwNumFilters++;
  578. }
  581. dwError = AllocateSPDMemory(
  582. sizeof(IPSEC_FILTER_INFO)*dwNumFilters,
  583. &pInternalFilters
  584. );
  585. BAIL_ON_WIN32_ERROR(dwError);
  588. pTempFilter = pSpecificFilters;
  590. while(pTempFilter) {
  592. FormIPSecTransportFilter(
  593. pTempFilter,
  594. &(pInternalFilters[i])
  595. );
  597. pTempFilter = pTempFilter->pNext;
  598. i++;
  600. }
  602. *ppInternalFilters = pInternalFilters;
  603. *pdwNumFilters = dwNumFilters;
  604. return (dwError);
  606. error:
  608. *ppInternalFilters = NULL;
  609. *pdwNumFilters = 0;
  610. return (dwError);
  611. }
  614. VOID
  615. FormIPSecTransportFilter(
  616. PINITXSFILTER pSpecificFilter,
  617. PIPSEC_FILTER_INFO pIpsecFilter
  618. )
  619. /*++
  621. Routine Description:
  623. Transforms a specific transport filter to an
  624. equivalent filter acceptable to the IPSec Driver.
  626. Arguments:
  628. pSpecificFilter - filter to convert.
  630. pIpsecFilter - transformed filter.
  632. Return Value:
  634. NONE.
  636. --*/
  637. {
  638. memcpy(
  639. &(pIpsecFilter->FilterId),
  640. &(pSpecificFilter->gParentID),
  641. sizeof(GUID)
  642. );
  644. memcpy(
  645. &(pIpsecFilter->PolicyId),
  646. &(pSpecificFilter->gPolicyID),
  647. sizeof(GUID)
  648. );
  650. pIpsecFilter->Index = pSpecificFilter->dwWeight;
  652. pIpsecFilter->AssociatedFilter.SrcAddr = pSpecificFilter->SrcAddr.uIpAddr;
  653. pIpsecFilter->AssociatedFilter.SrcMask = pSpecificFilter->SrcAddr.uSubNetMask;
  655. pIpsecFilter->AssociatedFilter.DestAddr = pSpecificFilter->DesAddr.uIpAddr;
  656. pIpsecFilter->AssociatedFilter.DestMask = pSpecificFilter->DesAddr.uSubNetMask;
  658. pIpsecFilter->AssociatedFilter.Protocol = pSpecificFilter->Protocol.dwProtocol;
  659. pIpsecFilter->AssociatedFilter.SrcPort = pSpecificFilter->SrcPort.wPort;
  660. pIpsecFilter->AssociatedFilter.DestPort = pSpecificFilter->DesPort.wPort;
  662. pIpsecFilter->AssociatedFilter.TunnelFilter = FALSE;
  663. pIpsecFilter->AssociatedFilter.TunnelAddr = 0;
  665. pIpsecFilter->AssociatedFilter.Flags = 0;
  667. if (pSpecificFilter->dwDirection == FILTER_DIRECTION_INBOUND) {
  668. pIpsecFilter->AssociatedFilter.Flags |= FILTER_FLAGS_INBOUND;
  669. switch (pSpecificFilter->InboundFilterFlag) {
  671. case PASS_THRU:
  672. pIpsecFilter->AssociatedFilter.Flags |= FILTER_FLAGS_PASS_THRU;
  673. break;
  675. case BLOCKING:
  676. pIpsecFilter->AssociatedFilter.Flags |= FILTER_FLAGS_DROP;
  677. break;
  679. default:
  680. break;
  681. }
  682. }
  683. else {
  684. pIpsecFilter->AssociatedFilter.Flags |= FILTER_FLAGS_OUTBOUND;
  685. switch (pSpecificFilter->OutboundFilterFlag) {
  687. case PASS_THRU:
  688. pIpsecFilter->AssociatedFilter.Flags |= FILTER_FLAGS_PASS_THRU;
  689. break;
  691. case BLOCKING:
  692. pIpsecFilter->AssociatedFilter.Flags |= FILTER_FLAGS_DROP;
  693. break;
  695. default:
  696. break;
  697. }
  698. }
  699. }
  702. DWORD
  703. QueryIPSecStatistics(
  704. LPWSTR pServerName,
  705. PIPSEC_STATISTICS * ppIpsecStatistics
  706. )
  707. {
  708. DWORD dwError = 0;
  709. PIPSEC_STATISTICS pIpsecStatistics = NULL;
  712. ENTER_SPD_SECTION();
  713. dwError = ValidateSecurity(
  714. SPD_OBJECT_SERVER,
  715. SERVER_ACCESS_ADMINISTER,
  716. NULL,
  717. NULL
  718. );
  719. LEAVE_SPD_SECTION();
  720. BAIL_ON_WIN32_ERROR(dwError);
  722. dwError = QueryDriverForIpsecStats(
  723. &pIpsecStatistics
  724. );
  725. BAIL_ON_WIN32_ERROR(dwError);
  727. *ppIpsecStatistics = pIpsecStatistics;
  729. cleanup:
  731. return (dwError);
  733. error:
  735. *ppIpsecStatistics = NULL;
  737. goto cleanup;
  738. }
  741. DWORD
  742. QueryDriverForIpsecStats(
  743. PIPSEC_QUERY_STATS * ppQueryStats
  744. )
  745. {
  746. DWORD dwError = 0;
  747. PIPSEC_QUERY_STATS pQueryStats = NULL;
  748. HANDLE hIPSecDriver = NULL;
  749. LPBYTE pInBuffer = NULL;
  750. DWORD dwInBufferSize = 0;
  751. BOOL bStatus = FALSE;
  752. LPBYTE pOutBuffer = NULL;
  753. DWORD dwOutBufferSize = 0;
  754. DWORD dwBytesReturned = 0;
  757. dwError = SPDApiBufferAllocate(
  758. sizeof(IPSEC_QUERY_STATS),
  759. &pQueryStats
  760. );
  761. BAIL_ON_WIN32_ERROR(dwError);
  763. dwError = SPDOpenIPSecDriver(
  764. &hIPSecDriver
  765. );
  766. BAIL_ON_WIN32_ERROR(dwError);
  768. pInBuffer = (LPBYTE) pQueryStats;
  769. dwInBufferSize = sizeof(IPSEC_QUERY_STATS);
  771. pOutBuffer = (LPBYTE) pQueryStats;
  772. dwOutBufferSize = sizeof(IPSEC_QUERY_STATS);
  774. dwBytesReturned = dwOutBufferSize;
  776. bStatus = DeviceIoControl(
  777. hIPSecDriver,
  778. IOCTL_IPSEC_QUERY_STATS,
  779. pInBuffer,
  780. dwInBufferSize,
  781. pOutBuffer,
  782. dwOutBufferSize,
  783. &dwBytesReturned,
  784. NULL
  785. );
  786. if (bStatus == FALSE) {
  787. dwError = GetLastError();
  788. BAIL_ON_WIN32_ERROR(dwError);
  789. }
  791. *ppQueryStats = pQueryStats;
  793. cleanup:
  795. if (hIPSecDriver != INVALID_HANDLE_VALUE) {
  796. SPDCloseIPSecDriver(hIPSecDriver);
  797. }
  799. return (dwError);
  801. error:
  803. if (pQueryStats) {
  804. SPDApiBufferFree(pQueryStats);
  805. }
  807. *ppQueryStats = NULL;
  809. goto cleanup;
  810. }
  813. DWORD
  814. EnumQMSAs(
  815. LPWSTR pServerName,
  816. PIPSEC_QM_SA pQMSATemplate,
  817. PIPSEC_QM_SA * ppQMSAs,
  818. DWORD dwPreferredNumEntries,
  819. LPDWORD pdwNumQMSAs,
  820. LPDWORD pdwNumTotalQMSAs,
  821. LPDWORD pdwResumeHandle,
  822. DWORD dwFlags
  823. )
  824. {
  825. DWORD dwError = 0;
  826. DWORD dwResumeHandle = 0;
  827. DWORD dwNumToEnum = 0;
  828. DWORD dwNumTotalQMSAs = 0;
  829. PIPSEC_ENUM_SAS pIpsecEnumSAs = NULL;
  830. PIPSEC_SA_INFO pInfo = NULL;
  831. DWORD i = 0;
  832. DWORD dwNumQMSAs = 0;
  833. PIPSEC_QM_SA pQMSAs = NULL;
  834. PIPSEC_SA_INFO pTemp = NULL;
  835. PIPSEC_QM_SA pTempQMSA = NULL;
  838. dwResumeHandle = *pdwResumeHandle;
  840. if (!dwPreferredNumEntries || (dwPreferredNumEntries > MAX_QMSA_ENUM_COUNT)) {
  841. dwNumToEnum = MAX_QMSA_ENUM_COUNT;
  842. }
  843. else {
  844. dwNumToEnum = dwPreferredNumEntries;
  845. }
  847. ENTER_SPD_SECTION();
  848. dwError = ValidateSecurity(
  849. SPD_OBJECT_SERVER,
  850. SERVER_ACCESS_ADMINISTER,
  851. NULL,
  852. NULL
  853. );
  854. LEAVE_SPD_SECTION();
  855. BAIL_ON_WIN32_ERROR(dwError);
  857. dwError = IpsecEnumSAs(
  858. &dwNumTotalQMSAs,
  859. &pIpsecEnumSAs
  860. );
  861. BAIL_ON_WIN32_ERROR(dwError);
  863. if (dwNumTotalQMSAs <= dwResumeHandle) {
  864. dwError = ERROR_NO_DATA;
  865. BAIL_ON_WIN32_ERROR(dwError);
  866. }
  868. pInfo = pIpsecEnumSAs->pInfo;
  870. for (i = 0; i < dwResumeHandle; i++) {
  871. pInfo++;
  872. }
  874. dwNumQMSAs = dwNumTotalQMSAs - dwResumeHandle;
  876. if (dwNumQMSAs > dwNumToEnum) {
  877. dwNumQMSAs = dwNumToEnum;
  878. }
  880. dwError = SPDApiBufferAllocate(
  881. sizeof(IPSEC_QM_SA)*dwNumQMSAs,
  882. &pQMSAs
  883. );
  884. BAIL_ON_WIN32_ERROR(dwError);
  886. pTemp = pInfo;
  887. pTempQMSA = pQMSAs;
  889. for (i = 0; i < dwNumQMSAs; i++) {
  891. dwError = CopyQMSA(
  892. pTemp,
  893. pTempQMSA
  894. );
  895. BAIL_ON_WIN32_ERROR(dwError);
  897. pTemp++;
  898. pTempQMSA++;
  900. }
  902. *ppQMSAs = pQMSAs;
  903. *pdwResumeHandle = dwResumeHandle + dwNumQMSAs;
  904. *pdwNumQMSAs = dwNumQMSAs;
  905. *pdwNumTotalQMSAs = dwNumTotalQMSAs;
  907. cleanup:
  909. if (pIpsecEnumSAs) {
  910. FreeSPDMem(pIpsecEnumSAs);
  911. }
  913. return (dwError);
  915. error:
  917. if (pQMSAs) {
  918. FreeQMSAs(
  919. i,
  920. pQMSAs
  921. );
  922. }
  924. *ppQMSAs = NULL;
  925. *pdwResumeHandle = dwResumeHandle;
  926. *pdwNumQMSAs = 0;
  927. *pdwNumTotalQMSAs = 0;
  929. goto cleanup;
  930. }
  933. DWORD
  934. IpsecEnumSAs(
  935. PDWORD pdwNumberOfSAs,
  936. PIPSEC_ENUM_SAS * ppIpsecEnumSAs
  937. )
  938. {
  939. DWORD dwError = 0;
  940. DWORD dwNumberOfSAs = 0;
  941. PIPSEC_ENUM_SAS pIpsecEnumSAs = NULL;
  942. HANDLE hIPSecDriver = NULL;
  943. BOOL bStatus = FALSE;
  944. PIPSEC_ENUM_SAS pOutBuffer = NULL;
  945. DWORD dwOutBufferSize = 0;
  946. DWORD dwBytesReturned = 0;
  949. dwError = SPDOpenIPSecDriver(
  950. &hIPSecDriver
  951. );
  952. BAIL_ON_WIN32_ERROR(dwError);
  954. //
  955. // The first call passes in a return buffer of size IPSEC_ENUM_SAS.
  956. // The idea here is to determine the number of SAs and then pass
  957. // a second buffer with the correct size.
  958. //
  960. dwOutBufferSize = sizeof(IPSEC_ENUM_SAS);
  962. pOutBuffer = (PIPSEC_ENUM_SAS) AllocSPDMem(
  963. sizeof(IPSEC_ENUM_SAS)
  964. );
  965. if (!pOutBuffer) {
  966. dwError = ERROR_OUTOFMEMORY;
  967. BAIL_ON_WIN32_ERROR(dwError);
  968. }
  970. memset(pOutBuffer, 0, dwOutBufferSize);
  971. dwBytesReturned = dwOutBufferSize;
  973. bStatus = DeviceIoControl(
  974. hIPSecDriver,
  975. IOCTL_IPSEC_ENUM_SAS,
  976. NULL,
  977. 0,
  978. (PVOID) pOutBuffer,
  979. dwOutBufferSize,
  980. &dwBytesReturned,
  981. NULL
  982. );
  984. //
  985. // The error code here should be either ERROR_BUFFER_OVERFLOW
  986. // or ERROR_MORE_DATA or ERROR_SUCCESS.
  987. //
  989. if (!bStatus) {
  990. dwError = GetLastError();
  991. }
  992. else {
  993. dwError = ERROR_SUCCESS;
  994. }
  996. while (dwError == ERROR_BUFFER_OVERFLOW || dwError == ERROR_MORE_DATA) {
  998. //
  999. // Determine the number of SAs that the driver currently has.
  1000. //
  1002. pIpsecEnumSAs = (PIPSEC_ENUM_SAS) pOutBuffer;
  1003. dwNumberOfSAs = pIpsecEnumSAs->NumEntriesPresent;
  1005. if (dwNumberOfSAs == 0) {
  1006. dwError = ERROR_NO_DATA;
  1007. BAIL_ON_WIN32_ERROR(dwError);
  1008. }
  1010. if (pOutBuffer) {
  1011. FreeSPDMem(pOutBuffer);
  1012. pOutBuffer = NULL;
  1013. }
  1015. dwOutBufferSize = sizeof(IPSEC_ENUM_SAS)
  1016. + (dwNumberOfSAs -1)*sizeof(IPSEC_SA_INFO);
  1018. pOutBuffer = (PIPSEC_ENUM_SAS) AllocSPDMem(
  1019. dwOutBufferSize
  1020. );
  1021. if (!pOutBuffer) {
  1022. dwError = ERROR_OUTOFMEMORY;
  1023. BAIL_ON_WIN32_ERROR(dwError);
  1024. }
  1026. memset(pOutBuffer, 0, dwOutBufferSize);
  1027. dwBytesReturned = dwOutBufferSize;
  1029. bStatus = DeviceIoControl(
  1030. hIPSecDriver,
  1031. IOCTL_IPSEC_ENUM_SAS,
  1032. NULL,
  1033. 0,
  1034. (PVOID) pOutBuffer,
  1035. dwOutBufferSize,
  1036. &dwBytesReturned,
  1037. NULL
  1038. );
  1040. if (!bStatus) {
  1041. dwError = GetLastError();
  1042. }
  1043. else {
  1044. dwError = ERROR_SUCCESS;
  1045. }
  1047. }
  1049. pIpsecEnumSAs = (PIPSEC_ENUM_SAS) pOutBuffer;
  1050. dwNumberOfSAs = pIpsecEnumSAs->NumEntries;
  1052. if (dwNumberOfSAs == 0) {
  1053. dwError = ERROR_NO_DATA;
  1054. BAIL_ON_WIN32_ERROR(dwError);
  1055. }
  1057. *pdwNumberOfSAs = dwNumberOfSAs;
  1058. *ppIpsecEnumSAs = pIpsecEnumSAs;
  1060. cleanup:
  1062. if (hIPSecDriver != INVALID_HANDLE_VALUE) {
  1063. SPDCloseIPSecDriver(hIPSecDriver);
  1064. }
  1066. return (dwError);
  1068. error:
  1070. *pdwNumberOfSAs = 0;
  1071. *ppIpsecEnumSAs = NULL;
  1073. if (pOutBuffer) {
  1074. FreeSPDMem(pOutBuffer);
  1075. }
  1077. goto cleanup;
  1078. }
  1081. DWORD
  1082. CopyQMSA(
  1083. PIPSEC_SA_INFO pInfo,
  1084. PIPSEC_QM_SA pQMSA
  1085. )
  1086. {
  1087. DWORD dwError = 0;
  1090. memcpy(
  1091. &(pQMSA->gQMPolicyID),
  1092. &(pInfo->PolicyId),
  1093. sizeof(GUID)
  1094. );
  1096. memcpy(
  1097. &(pQMSA->gQMFilterID),
  1098. &(pInfo->FilterId),
  1099. sizeof(GUID)
  1100. );
  1102. CopyQMSAOffer(
  1103. pInfo,
  1104. &(pQMSA->SelectedQMOffer)
  1105. );
  1107. CopyQMSAFilter(
  1108. pInfo->InboundTunnelAddr,
  1109. &(pInfo->AssociatedFilter),
  1110. &(pQMSA->IpsecQMFilter)
  1111. );
  1113. CopyQMSAMMSpi(
  1114. pInfo->CookiePair,
  1115. &(pQMSA->MMSpi)
  1116. );
  1118. return (dwError);
  1119. }
  1122. VOID
  1123. CopyQMSAOffer(
  1124. PIPSEC_SA_INFO pInfo,
  1125. PIPSEC_QM_OFFER pOffer
  1126. )
  1127. {
  1128. DWORD i = 0;
  1129. DWORD j = 0;
  1130. DWORD k = 0;
  1133. pOffer->Lifetime.uKeyExpirationTime =
  1134. pInfo->Lifetime.KeyExpirationTime;
  1136. pOffer->Lifetime.uKeyExpirationKBytes =
  1137. pInfo->Lifetime.KeyExpirationBytes;
  1139. pOffer->dwFlags = 0;
  1141. pOffer->dwPFSGroup = pInfo->dwQMPFSGroup;
  1143. if ((pOffer->dwPFSGroup != PFS_GROUP_1) &&
  1144. (pOffer->dwPFSGroup != PFS_GROUP_2) &&
  1145. (pOffer->dwPFSGroup != PFS_GROUP_MM)) {
  1146. pOffer->dwPFSGroup = PFS_GROUP_NONE;
  1147. pOffer->bPFSRequired = FALSE;
  1148. }
  1149. else {
  1150. pOffer->bPFSRequired = TRUE;
  1151. }
  1153. i = 0;
  1155. for (j = 0; (j < pInfo->NumOps) && (i < QM_MAX_ALGOS) ; j++) {
  1157. switch (pInfo->Operation[j]) {
  1159. case Auth:
  1161. switch (pInfo->AlgoInfo[j].IntegrityAlgo.algoIdentifier) {
  1163. case IPSEC_AH_MD5:
  1164. pOffer->Algos[i].uAlgoIdentifier = IPSEC_DOI_AH_MD5;
  1165. break;
  1167. case IPSEC_AH_SHA:
  1168. pOffer->Algos[i].uAlgoIdentifier = IPSEC_DOI_AH_SHA1;
  1169. break;
  1171. default:
  1172. pOffer->Algos[i].uAlgoIdentifier = IPSEC_DOI_AH_NONE;
  1173. break;
  1175. }
  1177. pOffer->Algos[i].uSecAlgoIdentifier = HMAC_AH_NONE;
  1179. pOffer->Algos[i].Operation = AUTHENTICATION;
  1181. pOffer->Algos[i].uAlgoKeyLen =
  1182. pInfo->AlgoInfo[j].IntegrityAlgo.algoKeylen;
  1184. pOffer->Algos[i].uAlgoRounds =
  1185. pInfo->AlgoInfo[j].IntegrityAlgo.algoRounds;
  1187. pOffer->Algos[i].MySpi = pInfo->InboundSPI[j];
  1188. pOffer->Algos[i].PeerSpi = pInfo->OutboundSPI[j];
  1190. i++;
  1191. break;
  1193. case Encrypt:
  1195. switch (pInfo->AlgoInfo[j].ConfAlgo.algoIdentifier) {
  1197. case IPSEC_ESP_DES:
  1198. pOffer->Algos[i].uAlgoIdentifier = IPSEC_DOI_ESP_DES;
  1199. break;
  1201. case IPSEC_ESP_DES_40:
  1202. pOffer->Algos[i].uAlgoIdentifier = IPSEC_DOI_ESP_DES;
  1203. break;
  1205. case IPSEC_ESP_3_DES:
  1206. pOffer->Algos[i].uAlgoIdentifier = IPSEC_DOI_ESP_3_DES;
  1207. break;
  1209. default:
  1210. pOffer->Algos[i].uAlgoIdentifier = IPSEC_DOI_ESP_NONE;
  1211. break;
  1213. }
  1215. switch (pInfo->AlgoInfo[j].IntegrityAlgo.algoIdentifier) {
  1217. case IPSEC_AH_MD5:
  1218. pOffer->Algos[i].uSecAlgoIdentifier = HMAC_AH_MD5;
  1219. break;
  1221. case IPSEC_AH_SHA:
  1222. pOffer->Algos[i].uSecAlgoIdentifier = HMAC_AH_SHA1;
  1223. break;
  1225. default:
  1226. pOffer->Algos[i].uSecAlgoIdentifier = HMAC_AH_NONE;
  1227. break;
  1229. }
  1231. pOffer->Algos[i].Operation = ENCRYPTION;
  1233. pOffer->Algos[i].uAlgoKeyLen =
  1234. pInfo->AlgoInfo[j].ConfAlgo.algoKeylen;
  1236. pOffer->Algos[i].uAlgoRounds =
  1237. pInfo->AlgoInfo[j].ConfAlgo.algoRounds;
  1239. pOffer->Algos[i].MySpi = pInfo->InboundSPI[j];
  1240. pOffer->Algos[i].PeerSpi = pInfo->OutboundSPI[j];
  1242. i++;
  1243. break;
  1245. case None:
  1247. pOffer->Algos[i].Operation = NONE;
  1248. pOffer->Algos[i].uAlgoIdentifier = IPSEC_DOI_ESP_NONE;
  1249. pOffer->Algos[i].uSecAlgoIdentifier = HMAC_AH_NONE;
  1250. pOffer->Algos[i].uAlgoKeyLen = 0;
  1251. pOffer->Algos[i].uAlgoRounds = 0;
  1252. pOffer->Algos[i].MySpi = pInfo->InboundSPI[j];
  1253. pOffer->Algos[i].PeerSpi = pInfo->OutboundSPI[j];
  1255. i++;
  1256. break;
  1258. case Compress:
  1259. default:
  1260. break;
  1262. }
  1264. }
  1266. for (k = i; k < QM_MAX_ALGOS; k++) {
  1267. memset(&(pOffer->Algos[k]), 0, sizeof(IPSEC_QM_ALGO));
  1268. }
  1270. pOffer->dwNumAlgos = i;
  1272. return;
  1273. }
  1276. VOID
  1277. CopyQMSAFilter(
  1278. IPAddr MyTunnelEndpt,
  1279. PIPSEC_FILTER pIpsecFilter,
  1280. PIPSEC_QM_FILTER pIpsecQMFilter
  1281. )
  1282. {
  1283. if (pIpsecFilter->TunnelFilter) {
  1284. pIpsecQMFilter->QMFilterType = QM_TUNNEL_FILTER;
  1285. }
  1286. else {
  1287. pIpsecQMFilter->QMFilterType = QM_TRANSPORT_FILTER;
  1288. }
  1290. PASetAddress(
  1291. pIpsecFilter->SrcMask,
  1292. pIpsecFilter->SrcAddr,
  1293. &(pIpsecQMFilter->SrcAddr)
  1294. );
  1296. PASetAddress(
  1297. pIpsecFilter->DestMask,
  1298. pIpsecFilter->DestAddr,
  1299. &(pIpsecQMFilter->DesAddr)
  1300. );
  1302. pIpsecQMFilter->Protocol.ProtocolType = PROTOCOL_UNIQUE;
  1303. pIpsecQMFilter->Protocol.dwProtocol = pIpsecFilter->Protocol;
  1305. pIpsecQMFilter->SrcPort.PortType = PORT_UNIQUE;
  1306. pIpsecQMFilter->SrcPort.wPort = ntohs(pIpsecFilter->SrcPort);
  1308. pIpsecQMFilter->DesPort.PortType = PORT_UNIQUE;
  1309. pIpsecQMFilter->DesPort.wPort = ntohs(pIpsecFilter->DestPort);
  1311. if (pIpsecFilter->TunnelFilter) {
  1312. PASetTunnelAddress(
  1313. MyTunnelEndpt,
  1314. &(pIpsecQMFilter->MyTunnelEndpt)
  1315. );
  1316. PASetTunnelAddress(
  1317. pIpsecFilter->TunnelAddr,
  1318. &(pIpsecQMFilter->PeerTunnelEndpt)
  1319. );
  1320. }
  1321. else {
  1322. PASetAddress(
  1323. SUBNET_MASK_ANY,
  1324. SUBNET_ADDRESS_ANY,
  1325. &(pIpsecQMFilter->MyTunnelEndpt)
  1326. );
  1327. PASetAddress(
  1328. SUBNET_MASK_ANY,
  1329. SUBNET_ADDRESS_ANY,
  1330. &(pIpsecQMFilter->PeerTunnelEndpt)
  1331. );
  1332. }
  1334. pIpsecQMFilter->dwFlags = 0;
  1336. if ((pIpsecFilter->Flags) & FILTER_FLAGS_INBOUND) {
  1337. pIpsecQMFilter->dwFlags |= FILTER_DIRECTION_INBOUND;
  1338. }
  1339. else {
  1340. pIpsecQMFilter->dwFlags |= FILTER_DIRECTION_OUTBOUND;
  1341. }
  1343. if ((pIpsecFilter->Flags) & FILTER_FLAGS_PASS_THRU) {
  1344. pIpsecQMFilter->dwFlags |= FILTER_NATURE_PASS_THRU;
  1345. }
  1346. else if ((pIpsecFilter->Flags) & FILTER_FLAGS_DROP) {
  1347. pIpsecQMFilter->dwFlags |= FILTER_NATURE_BLOCKING;
  1348. }
  1349. else {
  1350. pIpsecQMFilter->dwFlags |= 0;
  1351. }
  1353. return;
  1354. }
  1357. VOID
  1358. CopyQMSAMMSpi(
  1359. IKE_COOKIE_PAIR CookiePair,
  1360. PIKE_COOKIE_PAIR pMMSpi
  1361. )
  1362. {
  1363. pMMSpi->Initiator = CookiePair.Initiator;
  1365. pMMSpi->Responder = CookiePair.Responder;
  1367. return;
  1368. }
  1371. VOID
  1372. FreeQMSAs(
  1373. DWORD dwCnt,
  1374. PIPSEC_QM_SA pQMSAs
  1375. )
  1376. {
  1377. if (pQMSAs) {
  1378. SPDApiBufferFree(pQMSAs);
  1379. }
  1380. }
  1383. DWORD
  1384. InsertTunnelFiltersIntoIPSec(
  1385. PINITNSFILTER pSpecificFilters
  1386. )
  1387. /*++
  1389. Routine Description:
  1391. Insert a list of specific filters into the
  1392. IPSec Driver.
  1394. Arguments:
  1396. pSpecificFilters - list of filters to insert.
  1398. Return Value:
  1400. ERROR_SUCCESS - Success.
  1402. Win32 Error - Failure.
  1404. --*/
  1405. {
  1406. DWORD dwError = 0;
  1407. HANDLE hIPSecDriver = NULL;
  1408. LPBYTE pInBuffer = NULL;
  1409. DWORD dwInBufferSize = 0;
  1411. BOOL bStatus = FALSE;
  1413. LPBYTE pOutBuffer = NULL;
  1414. DWORD dwOutBufferSize = 0;
  1415. DWORD dwBytesReturned = 0;
  1417. DWORD dwNumFilters = 0;
  1418. PIPSEC_FILTER_INFO pInternalFilters = NULL;
  1419. LPBYTE pTemp = NULL;
  1420. DWORD i = 0;
  1423. if (!pSpecificFilters) {
  1424. return (dwError);
  1425. }
  1427. dwError = SPDOpenIPSecDriver(
  1428. &hIPSecDriver
  1429. );
  1430. BAIL_ON_WIN32_ERROR(dwError);
  1433. dwError = WrapTunnelFilters(
  1434. pSpecificFilters,
  1435. &pInternalFilters,
  1436. &dwNumFilters
  1437. );
  1438. BAIL_ON_WIN32_ERROR(dwError);
  1441. dwInBufferSize = sizeof(DWORD) +
  1442. sizeof(IPSEC_FILTER_INFO)*dwNumFilters;
  1444. dwError = AllocateSPDMemory(
  1445. dwInBufferSize,
  1446. &pInBuffer
  1447. );
  1448. BAIL_ON_WIN32_ERROR(dwError);
  1451. pTemp = pInBuffer;
  1452. memcpy(pTemp, &dwNumFilters, sizeof(DWORD));
  1453. pTemp += sizeof(DWORD);
  1455. for (i = 0 ; i < dwNumFilters; i++) {
  1457. memcpy(pTemp, &(pInternalFilters[i]), sizeof(IPSEC_FILTER_INFO));
  1458. pTemp += sizeof(IPSEC_FILTER_INFO);
  1460. }
  1463. bStatus = DeviceIoControl(
  1464. hIPSecDriver,
  1465. IOCTL_IPSEC_ADD_FILTER,
  1466. pInBuffer,
  1467. dwInBufferSize,
  1468. pOutBuffer,
  1469. dwOutBufferSize,
  1470. &dwBytesReturned,
  1471. NULL
  1472. );
  1473. if (bStatus == FALSE) {
  1474. dwError = GetLastError();
  1475. BAIL_ON_WIN32_ERROR(dwError);
  1476. }
  1479. error:
  1481. if (hIPSecDriver != INVALID_HANDLE_VALUE) {
  1482. SPDCloseIPSecDriver(hIPSecDriver);
  1483. }
  1485. if (pInternalFilters) {
  1486. FreeSPDMemory(pInternalFilters);
  1487. }
  1489. if (pInBuffer) {
  1490. FreeSPDMemory(pInBuffer);
  1491. }
  1493. if (pOutBuffer) {
  1494. LocalFree(pOutBuffer);
  1495. }
  1497. return (dwError);
  1498. }
  1501. DWORD
  1502. DeleteTunnelFiltersFromIPSec(
  1503. PINITNSFILTER pSpecificFilters
  1504. )
  1505. /*++
  1507. Routine Description:
  1509. Delete a list of filters from the IPSec Driver.
  1511. Arguments:
  1513. pSpecificFilters - list of filters to delete.
  1515. Return Value:
  1517. ERROR_SUCCESS - Success.
  1519. Win32 Error - Failure.
  1521. --*/
  1522. {
  1523. DWORD dwError = 0;
  1524. HANDLE hIPSecDriver = NULL;
  1525. LPBYTE pInBuffer = NULL;
  1526. DWORD dwInBufferSize = 0;
  1528. BOOL bStatus = FALSE;
  1530. LPBYTE pOutBuffer = NULL;
  1531. DWORD dwOutBufferSize = 0;
  1532. DWORD dwBytesReturned = 0;
  1534. DWORD dwNumFilters = 0;
  1535. PIPSEC_FILTER_INFO pInternalFilters = NULL;
  1536. LPBYTE pTemp = NULL;
  1537. DWORD i = 0;
  1540. if (!pSpecificFilters) {
  1541. return (dwError);
  1542. }
  1544. dwError = SPDOpenIPSecDriver(
  1545. &hIPSecDriver
  1546. );
  1547. BAIL_ON_WIN32_ERROR(dwError);
  1550. dwError = WrapTunnelFilters(
  1551. pSpecificFilters,
  1552. &pInternalFilters,
  1553. &dwNumFilters
  1554. );
  1555. BAIL_ON_WIN32_ERROR(dwError);
  1558. dwInBufferSize = sizeof(DWORD) +
  1559. sizeof(IPSEC_FILTER_INFO)*dwNumFilters;
  1561. dwError = AllocateSPDMemory(
  1562. dwInBufferSize,
  1563. &pInBuffer
  1564. );
  1565. BAIL_ON_WIN32_ERROR(dwError);
  1568. pTemp = pInBuffer;
  1569. memcpy(pTemp, &dwNumFilters, sizeof(DWORD));
  1570. pTemp += sizeof(DWORD);
  1572. for (i = 0 ; i < dwNumFilters; i++) {
  1574. memcpy(pTemp, &(pInternalFilters[i]), sizeof(IPSEC_FILTER_INFO));
  1575. pTemp += sizeof(IPSEC_FILTER_INFO);
  1577. }
  1580. bStatus = DeviceIoControl(
  1581. hIPSecDriver,
  1582. IOCTL_IPSEC_DELETE_FILTER,
  1583. pInBuffer,
  1584. dwInBufferSize,
  1585. pOutBuffer,
  1586. dwOutBufferSize,
  1587. &dwBytesReturned,
  1588. NULL
  1589. );
  1591. if (bStatus == FALSE) {
  1592. dwError = GetLastError();
  1593. BAIL_ON_WIN32_ERROR(dwError);
  1594. }
  1597. error:
  1599. if (hIPSecDriver != INVALID_HANDLE_VALUE) {
  1600. SPDCloseIPSecDriver(hIPSecDriver);
  1601. }
  1603. if (pInternalFilters) {
  1604. FreeSPDMemory(pInternalFilters);
  1605. }
  1607. if (pInBuffer) {
  1608. FreeSPDMemory(pInBuffer);
  1609. }
  1611. if (pOutBuffer) {
  1612. LocalFree(pOutBuffer);
  1613. }
  1615. return (dwError);
  1616. }
  1619. DWORD
  1620. WrapTunnelFilters(
  1621. PINITNSFILTER pSpecificFilters,
  1622. PIPSEC_FILTER_INFO * ppInternalFilters,
  1623. PDWORD pdwNumFilters
  1624. )
  1625. /*++
  1627. Routine Description:
  1629. Transforms a list of specific tunnel filters to
  1630. an equivalent list of filters acceptable to the
  1631. IPSec Driver.
  1633. Arguments:
  1635. pSpecificFilters - list of filters to convert.
  1637. ppInternalFilters - list of transformed filters.
  1639. pdwNumFilters - count of the filters in the transformed
  1640. list.
  1642. Return Value:
  1644. ERROR_SUCCESS - Success.
  1646. Win32 Error - Failure.
  1648. --*/
  1649. {
  1650. DWORD dwError = 0;
  1651. PINITNSFILTER pTempFilter = NULL;
  1652. PIPSEC_FILTER_INFO pInternalFilters = NULL;
  1653. DWORD dwNumFilters = 0;
  1654. DWORD i = 0;
  1657. //
  1658. // At this point, there's atleast one filter in the
  1659. // specific filter list.
  1660. //
  1662. pTempFilter = pSpecificFilters;
  1664. while(pTempFilter) {
  1665. pTempFilter = pTempFilter->pNext;
  1666. dwNumFilters++;
  1667. }
  1670. dwError = AllocateSPDMemory(
  1671. sizeof(IPSEC_FILTER_INFO)*dwNumFilters,
  1672. &pInternalFilters
  1673. );
  1674. BAIL_ON_WIN32_ERROR(dwError);
  1677. pTempFilter = pSpecificFilters;
  1679. while(pTempFilter) {
  1681. FormIPSecTunnelFilter(
  1682. pTempFilter,
  1683. &(pInternalFilters[i])
  1684. );
  1686. pTempFilter = pTempFilter->pNext;
  1687. i++;
  1689. }
  1691. *ppInternalFilters = pInternalFilters;
  1692. *pdwNumFilters = dwNumFilters;
  1693. return (dwError);
  1695. error:
  1697. *ppInternalFilters = NULL;
  1698. *pdwNumFilters = 0;
  1699. return (dwError);
  1700. }
  1703. VOID
  1704. FormIPSecTunnelFilter(
  1705. PINITNSFILTER pSpecificFilter,
  1706. PIPSEC_FILTER_INFO pIpsecFilter
  1707. )
  1708. /*++
  1710. Routine Description:
  1712. Transforms a specific tunnel filter to an
  1713. equivalent filter acceptable to the IPSec Driver.
  1715. Arguments:
  1717. pSpecificFilter - filter to convert.
  1719. pIpsecFilter - transformed filter.
  1721. Return Value:
  1723. NONE.
  1725. --*/
  1726. {
  1727. memcpy(
  1728. &(pIpsecFilter->FilterId),
  1729. &(pSpecificFilter->gParentID),
  1730. sizeof(GUID)
  1731. );
  1733. memcpy(
  1734. &(pIpsecFilter->PolicyId),
  1735. &(pSpecificFilter->gPolicyID),
  1736. sizeof(GUID)
  1737. );
  1739. pIpsecFilter->Index = pSpecificFilter->dwWeight;
  1741. pIpsecFilter->AssociatedFilter.SrcAddr = pSpecificFilter->SrcAddr.uIpAddr;
  1742. pIpsecFilter->AssociatedFilter.SrcMask = pSpecificFilter->SrcAddr.uSubNetMask;
  1744. pIpsecFilter->AssociatedFilter.DestAddr = pSpecificFilter->DesAddr.uIpAddr;
  1745. pIpsecFilter->AssociatedFilter.DestMask = pSpecificFilter->DesAddr.uSubNetMask;
  1747. pIpsecFilter->AssociatedFilter.Protocol = pSpecificFilter->Protocol.dwProtocol;
  1748. pIpsecFilter->AssociatedFilter.SrcPort = pSpecificFilter->SrcPort.wPort;
  1749. pIpsecFilter->AssociatedFilter.DestPort = pSpecificFilter->DesPort.wPort;
  1751. pIpsecFilter->AssociatedFilter.TunnelFilter = TRUE;
  1752. pIpsecFilter->AssociatedFilter.TunnelAddr = pSpecificFilter->DesTunnelAddr.uIpAddr;
  1754. pIpsecFilter->AssociatedFilter.Flags = 0;
  1756. if (pSpecificFilter->dwDirection == FILTER_DIRECTION_INBOUND) {
  1757. pIpsecFilter->AssociatedFilter.Flags |= FILTER_FLAGS_INBOUND;
  1758. switch (pSpecificFilter->InboundFilterFlag) {
  1760. case PASS_THRU:
  1761. pIpsecFilter->AssociatedFilter.Flags |= FILTER_FLAGS_PASS_THRU;
  1762. break;
  1764. case BLOCKING:
  1765. pIpsecFilter->AssociatedFilter.Flags |= FILTER_FLAGS_DROP;
  1766. break;
  1768. default:
  1769. break;
  1770. }
  1771. }
  1772. else {
  1773. pIpsecFilter->AssociatedFilter.Flags |= FILTER_FLAGS_OUTBOUND;
  1774. switch (pSpecificFilter->OutboundFilterFlag) {
  1776. case PASS_THRU:
  1777. pIpsecFilter->AssociatedFilter.Flags |= FILTER_FLAGS_PASS_THRU;
  1778. break;
  1780. case BLOCKING:
  1781. pIpsecFilter->AssociatedFilter.Flags |= FILTER_FLAGS_DROP;
  1782. break;
  1784. default:
  1785. break;
  1786. }
  1787. }
  1788. }
  1791. DWORD
  1792. SPDSetIPSecDriverOpMode(
  1793. DWORD dwOpMode
  1794. )
  1795. {
  1796. DWORD dwError = 0;
  1797. HANDLE hIPSecDriver = NULL;
  1798. PIPSEC_SET_OPERATION_MODE pIpsecSetOpMode = NULL;
  1799. LPBYTE pInBuffer = NULL;
  1800. DWORD dwInBufferSize = 0;
  1801. LPBYTE pOutBuffer = NULL;
  1802. DWORD dwOutBufferSize = 0;
  1803. DWORD dwBytesReturned = 0;
  1804. BOOL bStatus = FALSE;
  1807. dwError = SPDOpenIPSecDriver(
  1808. &hIPSecDriver
  1809. );
  1810. BAIL_ON_WIN32_ERROR(dwError);
  1812. dwError = AllocateSPDMemory(
  1813. sizeof(IPSEC_SET_OPERATION_MODE),
  1814. &pIpsecSetOpMode
  1815. );
  1816. BAIL_ON_WIN32_ERROR(dwError);
  1818. pIpsecSetOpMode->OperationMode = (OPERATION_MODE) dwOpMode;
  1820. pInBuffer = (LPBYTE) pIpsecSetOpMode;
  1821. dwInBufferSize = sizeof(IPSEC_SET_OPERATION_MODE);
  1823. pOutBuffer = (LPBYTE) pIpsecSetOpMode;
  1824. dwOutBufferSize = sizeof(IPSEC_SET_OPERATION_MODE);
  1826. dwBytesReturned = dwOutBufferSize;
  1828. bStatus = DeviceIoControl(
  1829. hIPSecDriver,
  1830. IOCTL_IPSEC_SET_OPERATION_MODE,
  1831. pInBuffer,
  1832. dwInBufferSize,
  1833. pOutBuffer,
  1834. dwOutBufferSize,
  1835. &dwBytesReturned,
  1836. NULL
  1837. );
  1838. if (bStatus == FALSE) {
  1839. dwError = GetLastError();
  1840. BAIL_ON_WIN32_ERROR(dwError);
  1841. }
  1843. error:
  1845. if (hIPSecDriver != INVALID_HANDLE_VALUE) {
  1846. SPDCloseIPSecDriver(hIPSecDriver);
  1847. }
  1849. if (pIpsecSetOpMode) {
  1850. FreeSPDMemory(pIpsecSetOpMode);
  1851. }
  1853. return (dwError);
  1854. }
  1857. DWORD
  1858. IPSecDeleteQMSAs(
  1859. LPWSTR pServerName,
  1860. PIPSEC_QM_SA pIpsecQMSA,
  1861. DWORD dwFlags
  1862. )
  1863. {
  1864. DWORD dwError = ERROR_SUCCESS;
  1865. HANDLE hIPSecDriver = NULL;
  1866. IPSEC_DELETE_SA IpsecDeleteSA;
  1867. LPBYTE pInBuffer = NULL;
  1868. DWORD dwInBufferSize = 0;
  1869. LPBYTE pOutBuffer = NULL;
  1870. DWORD dwOutBufferSize = 0;
  1871. DWORD dwBytesReturned = 0;
  1872. BOOL bStatus = FALSE;
  1875. ENTER_SPD_SECTION();
  1876. dwError = ValidateSecurity(
  1877. SPD_OBJECT_SERVER,
  1878. SERVER_ACCESS_ADMINISTER,
  1879. NULL,
  1880. NULL
  1881. );
  1882. LEAVE_SPD_SECTION();
  1883. BAIL_ON_WIN32_ERROR(dwError);
  1886. dwError = SPDOpenIPSecDriver(
  1887. &hIPSecDriver
  1888. );
  1889. BAIL_ON_WIN32_ERROR(dwError);
  1891. memcpy(
  1892. &IpsecDeleteSA.SATemplate,
  1893. pIpsecQMSA,
  1894. sizeof(IPSEC_QM_SA)
  1895. );
  1897. pInBuffer = (LPBYTE) &IpsecDeleteSA;
  1898. dwInBufferSize = sizeof(IPSEC_DELETE_SA);
  1900. pOutBuffer = (LPBYTE) &IpsecDeleteSA;
  1901. dwOutBufferSize = sizeof(IPSEC_DELETE_SA);
  1903. dwBytesReturned = dwOutBufferSize;
  1905. bStatus = DeviceIoControl(
  1906. hIPSecDriver,
  1907. IOCTL_IPSEC_DELETE_SA,
  1908. pInBuffer,
  1909. dwInBufferSize,
  1910. pOutBuffer,
  1911. dwOutBufferSize,
  1912. &dwBytesReturned,
  1913. NULL
  1914. );
  1915. if (bStatus == FALSE) {
  1916. dwError = GetLastError();
  1917. BAIL_ON_WIN32_ERROR(dwError);
  1918. }
  1920. error:
  1922. if (hIPSecDriver != INVALID_HANDLE_VALUE) {
  1923. SPDCloseIPSecDriver(hIPSecDriver);
  1924. }
  1926. return (dwError);
  1927. }
  1930. DWORD
  1931. SPDRegisterIPSecDriverProtocols(
  1932. DWORD dwRegisterMode
  1933. )
  1934. {
  1935. DWORD dwError = 0;
  1936. HANDLE hIPSecDriver = NULL;
  1937. PIPSEC_REGISTER_PROTOCOL pIpsecRegisterProtocol = NULL;
  1938. LPBYTE pInBuffer = NULL;
  1939. DWORD dwInBufferSize = 0;
  1940. LPBYTE pOutBuffer = NULL;
  1941. DWORD dwOutBufferSize = 0;
  1942. DWORD dwBytesReturned = 0;
  1943. BOOL bStatus = FALSE;
  1946. dwError = SPDOpenIPSecDriver(
  1947. &hIPSecDriver
  1948. );
  1949. BAIL_ON_WIN32_ERROR(dwError);
  1951. dwError = AllocateSPDMemory(
  1952. sizeof(IPSEC_REGISTER_PROTOCOL),
  1953. &pIpsecRegisterProtocol
  1954. );
  1955. BAIL_ON_WIN32_ERROR(dwError);
  1957. pIpsecRegisterProtocol->RegisterProtocol = (REGISTER_PROTOCOL) dwRegisterMode;
  1959. pInBuffer = (LPBYTE) pIpsecRegisterProtocol;
  1960. dwInBufferSize = sizeof(IPSEC_REGISTER_PROTOCOL);
  1962. pOutBuffer = (LPBYTE) pIpsecRegisterProtocol;
  1963. dwOutBufferSize = sizeof(IPSEC_REGISTER_PROTOCOL);
  1965. dwBytesReturned = dwOutBufferSize;
  1967. bStatus = DeviceIoControl(
  1968. hIPSecDriver,
  1969. IOCTL_IPSEC_REGISTER_PROTOCOL,
  1970. pInBuffer,
  1971. dwInBufferSize,
  1972. pOutBuffer,
  1973. dwOutBufferSize,
  1974. &dwBytesReturned,
  1975. NULL
  1976. );
  1977. if (bStatus == FALSE) {
  1978. dwError = GetLastError();
  1979. BAIL_ON_WIN32_ERROR(dwError);
  1980. }
  1982. error:
  1984. if (hIPSecDriver != INVALID_HANDLE_VALUE) {
  1985. SPDCloseIPSecDriver(hIPSecDriver);
  1986. }
  1988. if (pIpsecRegisterProtocol) {
  1989. FreeSPDMemory(pIpsecRegisterProtocol);
  1990. }
  1992. return (dwError);
  1993. }