archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ipsec/spd/server/mm-policy.c

1271 lines
24 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1999 Microsoft Corporation
  6. Module Name:
  8. mm-policy.c
  10. Abstract:
  13. Author:
  16. Environment: User Mode
  19. Revision History:
  22. --*/
  25. #include "precomp.h"
  28. DWORD
  29. AddMMPolicy(
  30. LPWSTR pServerName,
  31. DWORD dwFlags,
  32. PIPSEC_MM_POLICY pMMPolicy
  33. )
  34. /*++
  36. Routine Description:
  38. This function adds a main mode policy to the SPD.
  40. Arguments:
  42. pServerName - Server on which the main mode policy is to be added.
  44. pMMPolicy - Main mode policy to be added.
  46. Return Value:
  48. ERROR_SUCCESS - Success.
  50. Win32 Error - Failure.
  52. --*/
  53. {
  54. DWORD dwError = 0;
  55. PINIMMPOLICY pIniMMPolicy = NULL;
  56. BOOL bPersist = FALSE;
  59. bPersist = (BOOL) (dwFlags & PERSIST_SPD_OBJECT);
  61. //
  62. // Validate the main mode policy.
  63. //
  65. dwError = ValidateMMPolicy(
  66. pMMPolicy
  67. );
  68. BAIL_ON_WIN32_ERROR(dwError);
  70. ENTER_SPD_SECTION();
  72. dwError = ValidateSecurity(
  73. SPD_OBJECT_SERVER,
  74. SERVER_ACCESS_ADMINISTER,
  75. NULL,
  76. NULL
  77. );
  78. BAIL_ON_LOCK_ERROR(dwError);
  80. pIniMMPolicy = FindMMPolicy(
  81. gpIniMMPolicy,
  82. pMMPolicy->pszPolicyName
  83. );
  84. if (pIniMMPolicy) {
  85. dwError = ERROR_IPSEC_MM_POLICY_EXISTS;
  86. BAIL_ON_LOCK_ERROR(dwError);
  87. }
  89. pIniMMPolicy = FindMMPolicyByGuid(
  90. gpIniMMPolicy,
  91. pMMPolicy->gPolicyID
  92. );
  93. if (pIniMMPolicy) {
  94. dwError = ERROR_IPSEC_MM_POLICY_EXISTS;
  95. BAIL_ON_LOCK_ERROR(dwError);
  96. }
  98. if (bPersist && !gbLoadingPersistence) {
  99. dwError = PersistMMPolicy(
  100. pMMPolicy
  101. );
  102. BAIL_ON_LOCK_ERROR(dwError);
  103. }
  105. dwError = CreateIniMMPolicy(
  106. pMMPolicy,
  107. &pIniMMPolicy
  108. );
  109. BAIL_ON_LOCK_ERROR(dwError);
  111. pIniMMPolicy->bIsPersisted = bPersist;
  113. pIniMMPolicy->pNext = gpIniMMPolicy;
  114. gpIniMMPolicy = pIniMMPolicy;
  116. if ((pIniMMPolicy->dwFlags) & IPSEC_MM_POLICY_DEFAULT_POLICY) {
  117. gpIniDefaultMMPolicy = pIniMMPolicy;
  118. }
  120. LEAVE_SPD_SECTION();
  122. return (dwError);
  124. lock:
  126. LEAVE_SPD_SECTION();
  128. error:
  130. if (pMMPolicy && bPersist && !gbLoadingPersistence) {
  131. (VOID) SPDPurgeMMPolicy(
  132. pMMPolicy->gPolicyID
  133. );
  134. }
  136. return (dwError);
  137. }
  140. DWORD
  141. ValidateMMPolicy(
  142. PIPSEC_MM_POLICY pMMPolicy
  143. )
  144. {
  145. DWORD dwError = 0;
  148. if (!pMMPolicy) {
  149. dwError = ERROR_INVALID_PARAMETER;
  150. BAIL_ON_WIN32_ERROR(dwError);
  151. }
  153. if (!(pMMPolicy->pszPolicyName) || !(*(pMMPolicy->pszPolicyName))) {
  154. dwError = ERROR_INVALID_PARAMETER;
  155. BAIL_ON_WIN32_ERROR(dwError);
  156. }
  158. dwError = ValidateMMOffers(
  159. pMMPolicy->dwOfferCount,
  160. pMMPolicy->pOffers
  161. );
  162. BAIL_ON_WIN32_ERROR(dwError);
  164. error:
  166. return (dwError);
  167. }
  170. DWORD
  171. ValidateMMOffers(
  172. DWORD dwOfferCount,
  173. PIPSEC_MM_OFFER pOffers
  174. )
  175. {
  176. DWORD dwError = 0;
  177. DWORD i = 0;
  178. PIPSEC_MM_OFFER pTemp = NULL;
  181. if (!dwOfferCount || !pOffers) {
  182. dwError = ERROR_INVALID_PARAMETER;
  183. BAIL_ON_WIN32_ERROR(dwError);
  184. }
  186. //
  187. // Need to catch the exception when the number of offers
  188. // specified is more than the actual number of offers.
  189. //
  192. pTemp = pOffers;
  194. for (i = 0; i < dwOfferCount; i++) {
  196. if ((pTemp->dwDHGroup != DH_GROUP_1) &&
  197. (pTemp->dwDHGroup != DH_GROUP_2)) {
  198. dwError = ERROR_INVALID_PARAMETER;
  199. BAIL_ON_WIN32_ERROR(dwError);
  200. }
  202. if (pTemp->EncryptionAlgorithm.uAlgoIdentifier >= IPSEC_DOI_ESP_MAX) {
  203. dwError = ERROR_INVALID_PARAMETER;
  204. BAIL_ON_WIN32_ERROR(dwError);
  205. }
  207. if (pTemp->HashingAlgorithm.uAlgoIdentifier >= IPSEC_DOI_AH_MAX) {
  208. dwError = ERROR_INVALID_PARAMETER;
  209. BAIL_ON_WIN32_ERROR(dwError);
  210. }
  212. pTemp++;
  214. }
  216. error:
  218. return (dwError);
  219. }
  222. DWORD
  223. CreateIniMMPolicy(
  224. PIPSEC_MM_POLICY pMMPolicy,
  225. PINIMMPOLICY * ppIniMMPolicy
  226. )
  227. {
  228. DWORD dwError = 0;
  229. PINIMMPOLICY pIniMMPolicy = NULL;
  232. dwError = AllocateSPDMemory(
  233. sizeof(INIMMPOLICY),
  234. &pIniMMPolicy
  235. );
  236. BAIL_ON_WIN32_ERROR(dwError);
  238. memcpy(
  239. &(pIniMMPolicy->gPolicyID),
  240. &(pMMPolicy->gPolicyID),
  241. sizeof(GUID)
  242. );
  244. dwError = AllocateSPDString(
  245. pMMPolicy->pszPolicyName,
  246. &(pIniMMPolicy->pszPolicyName)
  247. );
  248. BAIL_ON_WIN32_ERROR(dwError);
  250. pIniMMPolicy->cRef = 0;
  251. pIniMMPolicy->bIsPersisted = FALSE;
  253. pIniMMPolicy->dwFlags = pMMPolicy->dwFlags;
  254. pIniMMPolicy->uSoftSAExpirationTime = pMMPolicy->uSoftSAExpirationTime;
  255. pIniMMPolicy->pNext = NULL;
  257. dwError = CreateIniMMOffers(
  258. pMMPolicy->dwOfferCount,
  259. pMMPolicy->pOffers,
  260. &(pIniMMPolicy->dwOfferCount),
  261. &(pIniMMPolicy->pOffers)
  262. );
  263. BAIL_ON_WIN32_ERROR(dwError);
  265. *ppIniMMPolicy = pIniMMPolicy;
  266. return (dwError);
  268. error:
  270. if (pIniMMPolicy) {
  271. FreeIniMMPolicy(
  272. pIniMMPolicy
  273. );
  274. }
  276. *ppIniMMPolicy = NULL;
  277. return (dwError);
  278. }
  281. DWORD
  282. CreateIniMMOffers(
  283. DWORD dwInOfferCount,
  284. PIPSEC_MM_OFFER pInOffers,
  285. PDWORD pdwOfferCount,
  286. PIPSEC_MM_OFFER * ppOffers
  287. )
  288. {
  289. DWORD dwError = 0;
  290. PIPSEC_MM_OFFER pOffers = NULL;
  291. PIPSEC_MM_OFFER pTemp = NULL;
  292. PIPSEC_MM_OFFER pInTempOffer = NULL;
  293. DWORD i = 0;
  296. //
  297. // Offer count and the offers themselves have already been validated.
  298. //
  300. dwError = AllocateSPDMemory(
  301. sizeof(IPSEC_MM_OFFER) * dwInOfferCount,
  302. &(pOffers)
  303. );
  304. BAIL_ON_WIN32_ERROR(dwError);
  306. pTemp = pOffers;
  307. pInTempOffer = pInOffers;
  309. for (i = 0; i < dwInOfferCount; i++) {
  311. memcpy(
  312. &(pTemp->Lifetime),
  313. &(pInTempOffer->Lifetime),
  314. sizeof(KEY_LIFETIME)
  315. );
  316. if (!(pTemp->Lifetime.uKeyExpirationTime)) {
  317. pTemp->Lifetime.uKeyExpirationTime = DEFAULT_MM_KEY_EXPIRATION_TIME;
  318. }
  320. pTemp->dwFlags = pInTempOffer->dwFlags;
  321. pTemp->dwQuickModeLimit = pInTempOffer->dwQuickModeLimit;
  322. pTemp->dwDHGroup = pInTempOffer->dwDHGroup;
  324. memcpy(
  325. &(pTemp->EncryptionAlgorithm),
  326. &(pInTempOffer->EncryptionAlgorithm),
  327. sizeof(IPSEC_MM_ALGO)
  328. );
  329. memcpy(
  330. &(pTemp->HashingAlgorithm),
  331. &(pInTempOffer->HashingAlgorithm),
  332. sizeof(IPSEC_MM_ALGO)
  333. );
  335. pInTempOffer++;
  336. pTemp++;
  338. }
  340. *pdwOfferCount = dwInOfferCount;
  341. *ppOffers = pOffers;
  342. return (dwError);
  344. error:
  346. if (pOffers) {
  347. FreeIniMMOffers(
  348. i,
  349. pOffers
  350. );
  351. }
  353. *pdwOfferCount = 0;
  354. *ppOffers = NULL;
  355. return (dwError);
  356. }
  359. VOID
  360. FreeIniMMPolicy(
  361. PINIMMPOLICY pIniMMPolicy
  362. )
  363. {
  364. if (pIniMMPolicy) {
  366. if (pIniMMPolicy->pszPolicyName) {
  367. FreeSPDString(pIniMMPolicy->pszPolicyName);
  368. }
  370. FreeIniMMOffers(
  371. pIniMMPolicy->dwOfferCount,
  372. pIniMMPolicy->pOffers
  373. );
  375. FreeSPDMemory(pIniMMPolicy);
  377. }
  378. }
  381. VOID
  382. FreeIniMMOffers(
  383. DWORD dwOfferCount,
  384. PIPSEC_MM_OFFER pOffers
  385. )
  386. {
  387. if (pOffers) {
  388. FreeSPDMemory(pOffers);
  389. }
  390. }
  393. PINIMMPOLICY
  394. FindMMPolicy(
  395. PINIMMPOLICY pIniMMPolicyList,
  396. LPWSTR pszPolicyName
  397. )
  398. {
  399. DWORD dwError = 0;
  400. PINIMMPOLICY pTemp = NULL;
  403. pTemp = pIniMMPolicyList;
  405. while (pTemp) {
  407. if (!_wcsicmp(pTemp->pszPolicyName, pszPolicyName)) {
  408. return (pTemp);
  409. }
  410. pTemp = pTemp->pNext;
  412. }
  414. return (NULL);
  415. }
  418. DWORD
  419. DeleteMMPolicy(
  420. LPWSTR pServerName,
  421. LPWSTR pszPolicyName
  422. )
  423. /*++
  425. Routine Description:
  427. This function deletes a main mode policy from the SPD.
  429. Arguments:
  431. pServerName - Server on which the main mode policy is to be deleted.
  433. pszPolicyName - Main mode policy to be deleted.
  435. Return Value:
  437. ERROR_SUCCESS - Success.
  439. Win32 Error - Failure.
  441. --*/
  442. {
  443. DWORD dwError = 0;
  444. PINIMMPOLICY pIniMMPolicy = NULL;
  445. GUID gPolicyID;
  448. if (!pszPolicyName || !*pszPolicyName) {
  449. return (ERROR_INVALID_PARAMETER);
  450. }
  452. ENTER_SPD_SECTION();
  454. dwError = ValidateSecurity(
  455. SPD_OBJECT_SERVER,
  456. SERVER_ACCESS_ADMINISTER,
  457. NULL,
  458. NULL
  459. );
  460. BAIL_ON_LOCK_ERROR(dwError);
  462. pIniMMPolicy = FindMMPolicy(
  463. gpIniMMPolicy,
  464. pszPolicyName
  465. );
  466. if (!pIniMMPolicy) {
  467. dwError = ERROR_IPSEC_MM_POLICY_NOT_FOUND;
  468. BAIL_ON_LOCK_ERROR(dwError);
  469. }
  471. if (pIniMMPolicy->cRef) {
  472. dwError = ERROR_IPSEC_MM_POLICY_IN_USE;
  473. memcpy(&gPolicyID, &pIniMMPolicy->gPolicyID, sizeof(GUID));
  474. BAIL_ON_LOCK_ERROR(dwError);
  475. }
  477. memcpy(&gPolicyID, &pIniMMPolicy->gPolicyID, sizeof(GUID));
  479. if (pIniMMPolicy->bIsPersisted) {
  480. dwError = SPDPurgeMMPolicy(
  481. gPolicyID
  482. );
  483. BAIL_ON_LOCK_ERROR(dwError);
  484. }
  486. dwError = DeleteIniMMPolicy(
  487. pIniMMPolicy
  488. );
  489. BAIL_ON_LOCK_ERROR(dwError);
  491. LEAVE_SPD_SECTION();
  493. if (gbIKENotify) {
  494. (VOID) IKENotifyPolicyChange(
  495. &(gPolicyID),
  496. POLICY_GUID_MM
  497. );
  498. }
  500. return (dwError);
  502. lock:
  504. LEAVE_SPD_SECTION();
  506. if ((dwError == ERROR_IPSEC_MM_POLICY_IN_USE) && gbIKENotify) {
  507. (VOID) IKENotifyPolicyChange(
  508. &(gPolicyID),
  509. POLICY_GUID_MM
  510. );
  511. }
  513. return (dwError);
  514. }
  517. DWORD
  518. EnumMMPolicies(
  519. LPWSTR pServerName,
  520. PIPSEC_MM_POLICY * ppMMPolicies,
  521. DWORD dwPreferredNumEntries,
  522. LPDWORD pdwNumPolicies,
  523. LPDWORD pdwResumeHandle
  524. )
  525. /*++
  527. Routine Description:
  529. This function enumerates main mode policies from the SPD.
  531. Arguments:
  533. pServerName - Server on which the main mode policies are to
  534. be enumerated.
  536. ppMMPolicies - Enumerated main mode policies returned to the
  537. caller.
  539. dwPreferredNumEntries - Preferred number of enumeration entries.
  541. pdwNumPolicies - Number of main mode policies actually enumerated.
  543. pdwResumeHandle - Handle to the location in the main mode policy
  544. list from which to resume enumeration.
  546. Return Value:
  548. ERROR_SUCCESS - Success.
  550. Win32 Error - Failure.
  552. --*/
  553. {
  554. DWORD dwError = 0;
  555. DWORD dwResumeHandle = 0;
  556. DWORD dwNumToEnum = 0;
  557. PINIMMPOLICY pIniMMPolicy = NULL;
  558. DWORD i = 0;
  559. PINIMMPOLICY pTemp = NULL;
  560. DWORD dwNumPolicies = 0;
  561. PIPSEC_MM_POLICY pMMPolicies = NULL;
  562. PIPSEC_MM_POLICY pMMPolicy = NULL;
  565. dwResumeHandle = *pdwResumeHandle;
  567. if (!dwPreferredNumEntries || (dwPreferredNumEntries > MAX_MMPOLICY_ENUM_COUNT)) {
  568. dwNumToEnum = MAX_MMPOLICY_ENUM_COUNT;
  569. }
  570. else {
  571. dwNumToEnum = dwPreferredNumEntries;
  572. }
  574. ENTER_SPD_SECTION();
  576. dwError = ValidateSecurity(
  577. SPD_OBJECT_SERVER,
  578. SERVER_ACCESS_ADMINISTER,
  579. NULL,
  580. NULL
  581. );
  582. BAIL_ON_LOCK_ERROR(dwError);
  584. pIniMMPolicy = gpIniMMPolicy;
  586. for (i = 0; (i < dwResumeHandle) && (pIniMMPolicy != NULL); i++) {
  587. pIniMMPolicy = pIniMMPolicy->pNext;
  588. }
  590. if (!pIniMMPolicy) {
  591. dwError = ERROR_NO_DATA;
  592. BAIL_ON_LOCK_ERROR(dwError);
  593. }
  595. pTemp = pIniMMPolicy;
  597. while (pTemp && (dwNumPolicies < dwNumToEnum)) {
  598. dwNumPolicies++;
  599. pTemp = pTemp->pNext;
  600. }
  602. dwError = SPDApiBufferAllocate(
  603. sizeof(IPSEC_MM_POLICY)*dwNumPolicies,
  604. &pMMPolicies
  605. );
  606. BAIL_ON_LOCK_ERROR(dwError);
  608. pTemp = pIniMMPolicy;
  609. pMMPolicy = pMMPolicies;
  611. for (i = 0; i < dwNumPolicies; i++) {
  613. dwError = CopyMMPolicy(
  614. pTemp,
  615. pMMPolicy
  616. );
  617. BAIL_ON_LOCK_ERROR(dwError);
  619. pTemp = pTemp->pNext;
  620. pMMPolicy++;
  622. }
  624. *ppMMPolicies = pMMPolicies;
  625. *pdwResumeHandle = dwResumeHandle + dwNumPolicies;
  626. *pdwNumPolicies = dwNumPolicies;
  628. LEAVE_SPD_SECTION();
  629. return (dwError);
  631. lock:
  633. LEAVE_SPD_SECTION();
  635. if (pMMPolicies) {
  636. FreeMMPolicies(
  637. i,
  638. pMMPolicies
  639. );
  640. }
  642. *ppMMPolicies = NULL;
  643. *pdwResumeHandle = dwResumeHandle;
  644. *pdwNumPolicies = 0;
  646. return (dwError);
  647. }
  650. DWORD
  651. SetMMPolicy(
  652. LPWSTR pServerName,
  653. LPWSTR pszPolicyName,
  654. PIPSEC_MM_POLICY pMMPolicy
  655. )
  656. /*++
  658. Routine Description:
  660. This function updates a main mode policy in the SPD.
  662. Arguments:
  664. pServerName - Server on which the main mode policy is to be
  665. updated.
  667. pszPolicyName - Name of the main mode policy to be updated.
  669. pMMPolicy - New main mode policy which will replace the
  670. existing policy.
  672. Return Value:
  674. ERROR_SUCCESS - Success.
  676. Win32 Error - Failure.
  678. --*/
  679. {
  680. DWORD dwError = 0;
  681. PINIMMPOLICY pIniMMPolicy = NULL;
  684. if (!pszPolicyName || !*pszPolicyName) {
  685. return (ERROR_INVALID_PARAMETER);
  686. }
  688. //
  689. // Validate main mode policy.
  690. //
  692. dwError = ValidateMMPolicy(
  693. pMMPolicy
  694. );
  695. BAIL_ON_WIN32_ERROR(dwError);
  697. ENTER_SPD_SECTION();
  699. dwError = ValidateSecurity(
  700. SPD_OBJECT_SERVER,
  701. SERVER_ACCESS_ADMINISTER,
  702. NULL,
  703. NULL
  704. );
  705. BAIL_ON_LOCK_ERROR(dwError);
  707. pIniMMPolicy = FindMMPolicy(
  708. gpIniMMPolicy,
  709. pszPolicyName
  710. );
  711. if (!pIniMMPolicy) {
  712. dwError = ERROR_IPSEC_MM_POLICY_NOT_FOUND;
  713. BAIL_ON_LOCK_ERROR(dwError);
  714. }
  716. if (memcmp(
  717. &(pIniMMPolicy->gPolicyID),
  718. &(pMMPolicy->gPolicyID),
  719. sizeof(GUID))) {
  720. dwError = ERROR_INVALID_PARAMETER;
  721. BAIL_ON_LOCK_ERROR(dwError);
  722. }
  724. dwError = SetIniMMPolicy(
  725. pIniMMPolicy,
  726. pMMPolicy
  727. );
  728. BAIL_ON_LOCK_ERROR(dwError);
  730. if (pIniMMPolicy->bIsPersisted) {
  731. dwError = PersistMMPolicy(
  732. pMMPolicy
  733. );
  734. BAIL_ON_LOCK_ERROR(dwError);
  735. }
  737. LEAVE_SPD_SECTION();
  739. (VOID) IKENotifyPolicyChange(
  740. &(pMMPolicy->gPolicyID),
  741. POLICY_GUID_MM
  742. );
  744. return (dwError);
  746. lock:
  748. LEAVE_SPD_SECTION();
  750. error:
  752. return (dwError);
  753. }
  756. DWORD
  757. GetMMPolicy(
  758. LPWSTR pServerName,
  759. LPWSTR pszPolicyName,
  760. PIPSEC_MM_POLICY * ppMMPolicy
  761. )
  762. /*++
  764. Routine Description:
  766. This function gets a main mode policy from the SPD.
  768. Arguments:
  770. pServerName - Server from which to get the main mode policy.
  772. pszPolicyName - Name of the main mode policy to get.
  774. ppMMPolicy - Main mode policy found returned to the caller.
  776. Return Value:
  778. ERROR_SUCCESS - Success.
  780. Win32 Error - Failure.
  782. --*/
  783. {
  784. DWORD dwError = 0;
  785. PINIMMPOLICY pIniMMPolicy = NULL;
  786. PIPSEC_MM_POLICY pMMPolicy = NULL;
  789. if (!pszPolicyName || !*pszPolicyName) {
  790. dwError = ERROR_INVALID_PARAMETER;
  791. BAIL_ON_WIN32_ERROR(dwError);
  792. }
  794. ENTER_SPD_SECTION();
  796. dwError = ValidateSecurity(
  797. SPD_OBJECT_SERVER,
  798. SERVER_ACCESS_ADMINISTER,
  799. NULL,
  800. NULL
  801. );
  802. BAIL_ON_LOCK_ERROR(dwError);
  804. pIniMMPolicy = FindMMPolicy(
  805. gpIniMMPolicy,
  806. pszPolicyName
  807. );
  808. if (!pIniMMPolicy) {
  809. dwError = ERROR_IPSEC_MM_POLICY_NOT_FOUND;
  810. BAIL_ON_LOCK_ERROR(dwError);
  811. }
  813. dwError = GetIniMMPolicy(
  814. pIniMMPolicy,
  815. &pMMPolicy
  816. );
  817. BAIL_ON_LOCK_ERROR(dwError);
  819. *ppMMPolicy = pMMPolicy;
  821. LEAVE_SPD_SECTION();
  822. return (dwError);
  824. lock:
  826. LEAVE_SPD_SECTION();
  828. error:
  830. *ppMMPolicy = NULL;
  831. return (dwError);
  832. }
  835. DWORD
  836. SetIniMMPolicy(
  837. PINIMMPOLICY pIniMMPolicy,
  838. PIPSEC_MM_POLICY pMMPolicy
  839. )
  840. {
  841. DWORD dwError = 0;
  842. DWORD dwOfferCount = 0;
  843. PIPSEC_MM_OFFER pOffers = NULL;
  846. dwError = CreateIniMMOffers(
  847. pMMPolicy->dwOfferCount,
  848. pMMPolicy->pOffers,
  849. &dwOfferCount,
  850. &pOffers
  851. );
  852. BAIL_ON_WIN32_ERROR(dwError);
  854. FreeIniMMOffers(
  855. pIniMMPolicy->dwOfferCount,
  856. pIniMMPolicy->pOffers
  857. );
  859. if ((pIniMMPolicy->dwFlags) & IPSEC_MM_POLICY_DEFAULT_POLICY) {
  860. gpIniDefaultMMPolicy = NULL;
  861. }
  863. pIniMMPolicy->dwFlags = pMMPolicy->dwFlags;
  864. pIniMMPolicy->uSoftSAExpirationTime = pMMPolicy->uSoftSAExpirationTime;
  865. pIniMMPolicy->dwOfferCount = dwOfferCount;
  866. pIniMMPolicy->pOffers = pOffers;
  868. if ((pIniMMPolicy->dwFlags) & IPSEC_MM_POLICY_DEFAULT_POLICY) {
  869. gpIniDefaultMMPolicy = pIniMMPolicy;
  870. }
  872. error:
  874. return (dwError);
  875. }
  878. DWORD
  879. GetIniMMPolicy(
  880. PINIMMPOLICY pIniMMPolicy,
  881. PIPSEC_MM_POLICY * ppMMPolicy
  882. )
  883. {
  884. DWORD dwError = 0;
  885. PIPSEC_MM_POLICY pMMPolicy = NULL;
  888. dwError = SPDApiBufferAllocate(
  889. sizeof(IPSEC_MM_POLICY),
  890. &pMMPolicy
  891. );
  892. BAIL_ON_WIN32_ERROR(dwError);
  894. dwError = CopyMMPolicy(
  895. pIniMMPolicy,
  896. pMMPolicy
  897. );
  898. BAIL_ON_WIN32_ERROR(dwError);
  900. *ppMMPolicy = pMMPolicy;
  901. return (dwError);
  903. error:
  905. if (pMMPolicy) {
  906. SPDApiBufferFree(pMMPolicy);
  907. }
  909. *ppMMPolicy = NULL;
  910. return (dwError);
  911. }
  914. DWORD
  915. CopyMMPolicy(
  916. PINIMMPOLICY pIniMMPolicy,
  917. PIPSEC_MM_POLICY pMMPolicy
  918. )
  919. {
  920. DWORD dwError = 0;
  923. memcpy(
  924. &(pMMPolicy->gPolicyID),
  925. &(pIniMMPolicy->gPolicyID),
  926. sizeof(GUID)
  927. );
  929. dwError = SPDApiBufferAllocate(
  930. wcslen(pIniMMPolicy->pszPolicyName)*sizeof(WCHAR)
  931. + sizeof(WCHAR),
  932. &(pMMPolicy->pszPolicyName)
  933. );
  934. BAIL_ON_WIN32_ERROR(dwError);
  936. wcscpy(pMMPolicy->pszPolicyName, pIniMMPolicy->pszPolicyName);
  938. pMMPolicy->dwFlags = pIniMMPolicy->dwFlags;
  939. pMMPolicy->uSoftSAExpirationTime = pIniMMPolicy->uSoftSAExpirationTime;
  941. dwError = CreateMMOffers(
  942. pIniMMPolicy->dwOfferCount,
  943. pIniMMPolicy->pOffers,
  944. &(pMMPolicy->dwOfferCount),
  945. &(pMMPolicy->pOffers)
  946. );
  947. BAIL_ON_WIN32_ERROR(dwError);
  949. return (dwError);
  951. error:
  953. if (pMMPolicy->pszPolicyName) {
  954. SPDApiBufferFree(pMMPolicy->pszPolicyName);
  955. }
  957. return (dwError);
  958. }
  961. DWORD
  962. CreateMMOffers(
  963. DWORD dwInOfferCount,
  964. PIPSEC_MM_OFFER pInOffers,
  965. PDWORD pdwOfferCount,
  966. PIPSEC_MM_OFFER * ppOffers
  967. )
  968. {
  969. DWORD dwError = 0;
  970. PIPSEC_MM_OFFER pOffers = NULL;
  971. PIPSEC_MM_OFFER pTemp = NULL;
  972. PIPSEC_MM_OFFER pInTempOffer = NULL;
  973. DWORD i = 0;
  976. //
  977. // Offer count and the offers themselves have already been validated.
  978. //
  980. dwError = SPDApiBufferAllocate(
  981. sizeof(IPSEC_MM_OFFER) * dwInOfferCount,
  982. &(pOffers)
  983. );
  984. BAIL_ON_WIN32_ERROR(dwError);
  986. pTemp = pOffers;
  987. pInTempOffer = pInOffers;
  989. for (i = 0; i < dwInOfferCount; i++) {
  991. memcpy(
  992. &(pTemp->Lifetime),
  993. &(pInTempOffer->Lifetime),
  994. sizeof(KEY_LIFETIME)
  995. );
  997. pTemp->dwFlags = pInTempOffer->dwFlags;
  998. pTemp->dwQuickModeLimit = pInTempOffer->dwQuickModeLimit;
  999. pTemp->dwDHGroup = pInTempOffer->dwDHGroup;
  1001. memcpy(
  1002. &(pTemp->EncryptionAlgorithm),
  1003. &(pInTempOffer->EncryptionAlgorithm),
  1004. sizeof(IPSEC_MM_ALGO)
  1005. );
  1006. memcpy(
  1007. &(pTemp->HashingAlgorithm),
  1008. &(pInTempOffer->HashingAlgorithm),
  1009. sizeof(IPSEC_MM_ALGO)
  1010. );
  1012. pInTempOffer++;
  1013. pTemp++;
  1015. }
  1017. *pdwOfferCount = dwInOfferCount;
  1018. *ppOffers = pOffers;
  1019. return (dwError);
  1021. error:
  1023. if (pOffers) {
  1024. FreeMMOffers(
  1025. i,
  1026. pOffers
  1027. );
  1028. }
  1030. *pdwOfferCount = 0;
  1031. *ppOffers = NULL;
  1032. return (dwError);
  1033. }
  1036. DWORD
  1037. DeleteIniMMPolicy(
  1038. PINIMMPOLICY pIniMMPolicy
  1039. )
  1040. {
  1041. DWORD dwError = 0;
  1042. PINIMMPOLICY * ppTemp = NULL;
  1045. ppTemp = &gpIniMMPolicy;
  1047. while (*ppTemp) {
  1049. if (*ppTemp == pIniMMPolicy) {
  1050. break;
  1051. }
  1052. ppTemp = &((*ppTemp)->pNext);
  1054. }
  1056. if (*ppTemp) {
  1057. *ppTemp = pIniMMPolicy->pNext;
  1058. }
  1060. if ((pIniMMPolicy->dwFlags) & IPSEC_MM_POLICY_DEFAULT_POLICY) {
  1061. gpIniDefaultMMPolicy = NULL;
  1062. }
  1064. FreeIniMMPolicy(pIniMMPolicy);
  1066. return (dwError);
  1067. }
  1070. VOID
  1071. FreeMMOffers(
  1072. DWORD dwOfferCount,
  1073. PIPSEC_MM_OFFER pOffers
  1074. )
  1075. {
  1076. if (pOffers) {
  1077. SPDApiBufferFree(pOffers);
  1078. }
  1079. }
  1082. VOID
  1083. FreeIniMMPolicyList(
  1084. PINIMMPOLICY pIniMMPolicyList
  1085. )
  1086. {
  1087. PINIMMPOLICY pTemp = NULL;
  1088. PINIMMPOLICY pIniMMPolicy = NULL;
  1091. pTemp = pIniMMPolicyList;
  1093. while (pTemp) {
  1095. pIniMMPolicy = pTemp;
  1096. pTemp = pTemp->pNext;
  1098. FreeIniMMPolicy(pIniMMPolicy);
  1100. }
  1101. }
  1104. PINIMMPOLICY
  1105. FindMMPolicyByGuid(
  1106. PINIMMPOLICY pIniMMPolicyList,
  1107. GUID gPolicyID
  1108. )
  1109. {
  1110. DWORD dwError = 0;
  1111. PINIMMPOLICY pTemp = NULL;
  1114. pTemp = pIniMMPolicyList;
  1116. while (pTemp) {
  1118. if (!memcmp(&(pTemp->gPolicyID), &gPolicyID, sizeof(GUID))) {
  1119. return (pTemp);
  1120. }
  1121. pTemp = pTemp->pNext;
  1123. }
  1125. return (NULL);
  1126. }
  1129. VOID
  1130. FreeMMPolicies(
  1131. DWORD dwNumMMPolicies,
  1132. PIPSEC_MM_POLICY pMMPolicies
  1133. )
  1134. {
  1135. DWORD i = 0;
  1137. if (pMMPolicies) {
  1139. for (i = 0; i < dwNumMMPolicies; i++) {
  1141. if (pMMPolicies[i].pszPolicyName) {
  1142. SPDApiBufferFree(pMMPolicies[i].pszPolicyName);
  1143. }
  1145. FreeMMOffers(
  1146. pMMPolicies[i].dwOfferCount,
  1147. pMMPolicies[i].pOffers
  1148. );
  1150. }
  1152. SPDApiBufferFree(pMMPolicies);
  1154. }
  1156. }
  1159. DWORD
  1160. GetMMPolicyByID(
  1161. LPWSTR pServerName,
  1162. GUID gMMPolicyID,
  1163. PIPSEC_MM_POLICY * ppMMPolicy
  1164. )
  1165. /*++
  1167. Routine Description:
  1169. This function gets a main mode policy from the SPD.
  1171. Arguments:
  1173. pServerName - Server from which to get the main mode policy.
  1175. gMMPolicyID - Guid of the main mode policy to get.
  1177. ppMMPolicy - Main mode policy found returned to the caller.
  1179. Return Value:
  1181. ERROR_SUCCESS - Success.
  1183. Win32 Error - Failure.
  1185. --*/
  1186. {
  1187. DWORD dwError = 0;
  1188. PINIMMPOLICY pIniMMPolicy = NULL;
  1189. PIPSEC_MM_POLICY pMMPolicy = NULL;
  1192. ENTER_SPD_SECTION();
  1194. dwError = ValidateSecurity(
  1195. SPD_OBJECT_SERVER,
  1196. SERVER_ACCESS_ADMINISTER,
  1197. NULL,
  1198. NULL
  1199. );
  1200. BAIL_ON_LOCK_ERROR(dwError);
  1202. pIniMMPolicy = FindMMPolicyByGuid(
  1203. gpIniMMPolicy,
  1204. gMMPolicyID
  1205. );
  1206. if (!pIniMMPolicy) {
  1207. dwError = ERROR_IPSEC_MM_POLICY_NOT_FOUND;
  1208. BAIL_ON_LOCK_ERROR(dwError);
  1209. }
  1211. dwError = GetIniMMPolicy(
  1212. pIniMMPolicy,
  1213. &pMMPolicy
  1214. );
  1215. BAIL_ON_LOCK_ERROR(dwError);
  1217. *ppMMPolicy = pMMPolicy;
  1219. LEAVE_SPD_SECTION();
  1220. return (dwError);
  1222. lock:
  1224. LEAVE_SPD_SECTION();
  1226. *ppMMPolicy = NULL;
  1227. return (dwError);
  1228. }
  1231. DWORD
  1232. LocateMMPolicy(
  1233. PMM_FILTER pMMFilter,
  1234. PINIMMPOLICY * ppIniMMPolicy
  1235. )
  1236. {
  1237. DWORD dwError = 0;
  1238. PINIMMPOLICY pIniMMPolicy = NULL;
  1241. if ((pMMFilter->dwFlags) & IPSEC_MM_POLICY_DEFAULT_POLICY) {
  1243. if (!gpIniDefaultMMPolicy) {
  1244. dwError = ERROR_IPSEC_DEFAULT_MM_POLICY_NOT_FOUND;
  1245. BAIL_ON_WIN32_ERROR(dwError);
  1246. }
  1247. pIniMMPolicy = gpIniDefaultMMPolicy;
  1249. }
  1250. else {
  1252. pIniMMPolicy = FindMMPolicyByGuid(
  1253. gpIniMMPolicy,
  1254. pMMFilter->gPolicyID
  1255. );
  1256. if (!pIniMMPolicy) {
  1257. dwError = ERROR_IPSEC_MM_POLICY_NOT_FOUND;
  1258. BAIL_ON_WIN32_ERROR(dwError);
  1259. }
  1261. }
  1263. *ppIniMMPolicy = pIniMMPolicy;
  1264. return (dwError);
  1266. error:
  1268. *ppIniMMPolicy = NULL;
  1269. return (dwError);
  1270. }