archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ipsec/spd/server/mmauth.c

1170 lines
24 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1999 Microsoft Corporation
  6. Module Name:
  8. mmauth.c
  10. Abstract:
  13. Author:
  15. abhishev 06-January-2000
  17. Environment: User Mode
  20. Revision History:
  23. --*/
  26. #include "precomp.h"
  29. DWORD
  30. WINAPI
  31. AddMMAuthMethods(
  32. LPWSTR pServerName,
  33. DWORD dwFlags,
  34. PMM_AUTH_METHODS pMMAuthMethods
  35. )
  36. /*++
  38. Routine Description:
  40. This function adds main mode auths to the SPD.
  42. Arguments:
  44. pServerName - Server on which the main mode auths are to be added.
  46. pMMAuthMethods - Main mode auths to be added.
  48. Return Value:
  50. ERROR_SUCCESS - Success.
  52. Win32 Error - Failure.
  54. --*/
  55. {
  56. DWORD dwError = 0;
  57. PINIMMAUTHMETHODS pIniMMAuthMethods = NULL;
  58. BOOL bPersist = FALSE;
  61. bPersist = (BOOL) (dwFlags & PERSIST_SPD_OBJECT);
  63. //
  64. // Validate the main mode auth methods.
  65. //
  67. dwError = ValidateMMAuthMethods(
  68. pMMAuthMethods
  69. );
  70. BAIL_ON_WIN32_ERROR(dwError);
  72. ENTER_SPD_SECTION();
  74. dwError = ValidateSecurity(
  75. SPD_OBJECT_SERVER,
  76. SERVER_ACCESS_ADMINISTER,
  77. NULL,
  78. NULL
  79. );
  80. BAIL_ON_LOCK_ERROR(dwError);
  82. pIniMMAuthMethods = FindMMAuthMethods(
  83. gpIniMMAuthMethods,
  84. pMMAuthMethods->gMMAuthID
  85. );
  86. if (pIniMMAuthMethods) {
  87. dwError = ERROR_IPSEC_MM_AUTH_EXISTS;
  88. BAIL_ON_LOCK_ERROR(dwError);
  89. }
  91. if (bPersist && !gbLoadingPersistence) {
  92. dwError = PersistMMAuthMethods(
  93. pMMAuthMethods
  94. );
  95. BAIL_ON_LOCK_ERROR(dwError);
  96. }
  98. dwError = CreateIniMMAuthMethods(
  99. pMMAuthMethods,
  100. &pIniMMAuthMethods
  101. );
  102. BAIL_ON_LOCK_ERROR(dwError);
  104. pIniMMAuthMethods->bIsPersisted = bPersist;
  106. pIniMMAuthMethods->pNext = gpIniMMAuthMethods;
  107. gpIniMMAuthMethods = pIniMMAuthMethods;
  109. if ((pIniMMAuthMethods->dwFlags) & IPSEC_MM_AUTH_DEFAULT_AUTH) {
  110. gpIniDefaultMMAuthMethods = pIniMMAuthMethods;
  111. }
  113. LEAVE_SPD_SECTION();
  115. return (dwError);
  117. lock:
  119. LEAVE_SPD_SECTION();
  121. error:
  123. if (pMMAuthMethods && bPersist && !gbLoadingPersistence) {
  124. (VOID) SPDPurgeMMAuthMethods(
  125. pMMAuthMethods->gMMAuthID
  126. );
  127. }
  129. return (dwError);
  130. }
  133. DWORD
  134. ValidateMMAuthMethods(
  135. PMM_AUTH_METHODS pMMAuthMethods
  136. )
  137. {
  138. DWORD dwError = 0;
  139. DWORD i = 0;
  140. PIPSEC_MM_AUTH_INFO pTemp = NULL;
  141. DWORD dwNumAuthInfos = 0;
  142. PIPSEC_MM_AUTH_INFO pAuthenticationInfo = NULL;
  143. BOOL bSSPI = FALSE;
  144. BOOL bPresharedKey = FALSE;
  147. if (!pMMAuthMethods) {
  148. dwError = ERROR_INVALID_PARAMETER;
  149. BAIL_ON_WIN32_ERROR(dwError);
  150. }
  152. dwNumAuthInfos = pMMAuthMethods->dwNumAuthInfos;
  153. pAuthenticationInfo = pMMAuthMethods->pAuthenticationInfo;
  155. if (!dwNumAuthInfos || !pAuthenticationInfo) {
  156. dwError = ERROR_INVALID_PARAMETER;
  157. BAIL_ON_WIN32_ERROR(dwError);
  158. }
  160. //
  161. // Need to catch the exception when the number of auth infos
  162. // specified is more than the actual number of auth infos.
  163. //
  166. pTemp = pAuthenticationInfo;
  168. for (i = 0; i < dwNumAuthInfos; i++) {
  170. if ((pTemp->AuthMethod != IKE_PRESHARED_KEY) &&
  171. (pTemp->AuthMethod != IKE_RSA_SIGNATURE) &&
  172. (pTemp->AuthMethod != IKE_SSPI)) {
  173. dwError = ERROR_INVALID_PARAMETER;
  174. BAIL_ON_WIN32_ERROR(dwError);
  175. }
  177. if (pTemp->AuthMethod != IKE_SSPI) {
  178. if (!(pTemp->dwAuthInfoSize) || !(pTemp->pAuthInfo)) {
  179. dwError = ERROR_INVALID_PARAMETER;
  180. BAIL_ON_WIN32_ERROR(dwError);
  181. }
  182. }
  184. if (pTemp->AuthMethod == IKE_SSPI) {
  185. if (bSSPI) {
  186. dwError = ERROR_INVALID_PARAMETER;
  187. BAIL_ON_WIN32_ERROR(dwError);
  188. }
  189. bSSPI = TRUE;
  190. }
  192. if (pTemp->AuthMethod == IKE_PRESHARED_KEY) {
  193. if (bPresharedKey) {
  194. dwError = ERROR_INVALID_PARAMETER;
  195. BAIL_ON_WIN32_ERROR(dwError);
  196. }
  197. bPresharedKey = TRUE;
  198. }
  200. pTemp++;
  202. }
  204. error:
  206. return (dwError);
  207. }
  210. PINIMMAUTHMETHODS
  211. FindMMAuthMethods(
  212. PINIMMAUTHMETHODS pIniMMAuthMethods,
  213. GUID gMMAuthID
  214. )
  215. {
  216. DWORD dwError = 0;
  217. PINIMMAUTHMETHODS pTemp = NULL;
  220. pTemp = pIniMMAuthMethods;
  222. while (pTemp) {
  224. if (!memcmp(&(pTemp->gMMAuthID), &gMMAuthID, sizeof(GUID))) {
  225. return (pTemp);
  226. }
  227. pTemp = pTemp->pNext;
  229. }
  231. return (NULL);
  232. }
  235. DWORD
  236. CreateIniMMAuthMethods(
  237. PMM_AUTH_METHODS pMMAuthMethods,
  238. PINIMMAUTHMETHODS * ppIniMMAuthMethods
  239. )
  240. {
  241. DWORD dwError = 0;
  242. PINIMMAUTHMETHODS pIniMMAuthMethods = NULL;
  245. dwError = AllocateSPDMemory(
  246. sizeof(INIMMAUTHMETHODS),
  247. &pIniMMAuthMethods
  248. );
  249. BAIL_ON_WIN32_ERROR(dwError);
  251. memcpy(
  252. &(pIniMMAuthMethods->gMMAuthID),
  253. &(pMMAuthMethods->gMMAuthID),
  254. sizeof(GUID)
  255. );
  257. pIniMMAuthMethods->dwFlags = pMMAuthMethods->dwFlags;
  258. pIniMMAuthMethods->cRef = 0;
  259. pIniMMAuthMethods->bIsPersisted = FALSE;
  260. pIniMMAuthMethods->pNext = NULL;
  262. dwError = CreateIniMMAuthInfos(
  263. pMMAuthMethods->dwNumAuthInfos,
  264. pMMAuthMethods->pAuthenticationInfo,
  265. &(pIniMMAuthMethods->dwNumAuthInfos),
  266. &(pIniMMAuthMethods->pAuthenticationInfo)
  267. );
  268. BAIL_ON_WIN32_ERROR(dwError);
  270. *ppIniMMAuthMethods = pIniMMAuthMethods;
  271. return (dwError);
  273. error:
  275. if (pIniMMAuthMethods) {
  276. FreeIniMMAuthMethods(
  277. pIniMMAuthMethods
  278. );
  279. }
  281. *ppIniMMAuthMethods = NULL;
  282. return (dwError);
  283. }
  286. DWORD
  287. CreateIniMMAuthInfos(
  288. DWORD dwInNumAuthInfos,
  289. PIPSEC_MM_AUTH_INFO pInAuthenticationInfo,
  290. PDWORD pdwNumAuthInfos,
  291. PIPSEC_MM_AUTH_INFO * ppAuthenticationInfo
  292. )
  293. {
  294. DWORD dwError = 0;
  295. PIPSEC_MM_AUTH_INFO pAuthenticationInfo = NULL;
  296. PIPSEC_MM_AUTH_INFO pTemp = NULL;
  297. PIPSEC_MM_AUTH_INFO pInTemp = NULL;
  298. DWORD i = 0;
  301. //
  302. // Number of auth infos and the auth infos themselves
  303. // have already been validated.
  304. //
  306. dwError = AllocateSPDMemory(
  307. sizeof(IPSEC_MM_AUTH_INFO) * dwInNumAuthInfos,
  308. &(pAuthenticationInfo)
  309. );
  310. BAIL_ON_WIN32_ERROR(dwError);
  312. pTemp = pAuthenticationInfo;
  313. pInTemp = pInAuthenticationInfo;
  315. for (i = 0; i < dwInNumAuthInfos; i++) {
  317. pTemp->AuthMethod = pInTemp->AuthMethod;
  319. if (pInTemp->AuthMethod == IKE_SSPI) {
  321. pTemp->dwAuthInfoSize = 0;
  322. pTemp->pAuthInfo = NULL;
  324. }
  325. else {
  327. if (!(pInTemp->dwAuthInfoSize) || !(pInTemp->pAuthInfo)) {
  328. dwError = ERROR_INVALID_PARAMETER;
  329. BAIL_ON_WIN32_ERROR(dwError);
  330. }
  332. dwError = AllocateSPDMemory(
  333. pInTemp->dwAuthInfoSize,
  334. &(pTemp->pAuthInfo)
  335. );
  336. BAIL_ON_WIN32_ERROR(dwError);
  338. pTemp->dwAuthInfoSize = pInTemp->dwAuthInfoSize;
  340. //
  341. // Need to catch the exception when the size of auth info
  342. // specified is more than the actual size. This can
  343. // not be checked earlier in the validation routine.
  344. //
  345. //
  347. memcpy(
  348. pTemp->pAuthInfo,
  349. pInTemp->pAuthInfo,
  350. pInTemp->dwAuthInfoSize
  351. );
  353. }
  355. pInTemp++;
  356. pTemp++;
  358. }
  360. *pdwNumAuthInfos = dwInNumAuthInfos;
  361. *ppAuthenticationInfo = pAuthenticationInfo;
  362. return (dwError);
  364. error:
  366. if (pAuthenticationInfo) {
  367. FreeIniMMAuthInfos(
  368. i,
  369. pAuthenticationInfo
  370. );
  371. }
  373. *pdwNumAuthInfos = 0;
  374. *ppAuthenticationInfo = NULL;
  375. return (dwError);
  376. }
  379. VOID
  380. FreeIniMMAuthMethods(
  381. PINIMMAUTHMETHODS pIniMMAuthMethods
  382. )
  383. {
  384. if (pIniMMAuthMethods) {
  386. FreeIniMMAuthInfos(
  387. pIniMMAuthMethods->dwNumAuthInfos,
  388. pIniMMAuthMethods->pAuthenticationInfo
  389. );
  391. FreeSPDMemory(pIniMMAuthMethods);
  393. }
  394. }
  397. VOID
  398. FreeIniMMAuthInfos(
  399. DWORD dwNumAuthInfos,
  400. PIPSEC_MM_AUTH_INFO pAuthenticationInfo
  401. )
  402. {
  403. DWORD i = 0;
  404. PIPSEC_MM_AUTH_INFO pTemp = NULL;
  407. if (pAuthenticationInfo) {
  409. pTemp = pAuthenticationInfo;
  411. for (i = 0; i < dwNumAuthInfos; i++) {
  412. if (pTemp->pAuthInfo) {
  413. FreeSPDMemory(pTemp->pAuthInfo);
  414. }
  415. pTemp++;
  416. }
  418. FreeSPDMemory(pAuthenticationInfo);
  420. }
  421. }
  424. DWORD
  425. WINAPI
  426. DeleteMMAuthMethods(
  427. LPWSTR pServerName,
  428. GUID gMMAuthID
  429. )
  430. /*++
  432. Routine Description:
  434. This function deletes main mode auth methods from the SPD.
  436. Arguments:
  438. pServerName - Server on which the main mode auth methods
  439. are to be deleted.
  441. gMMAuthID - Main mode methods to be deleted.
  443. Return Value:
  445. ERROR_SUCCESS - Success.
  447. Win32 Error - Failure.
  449. --*/
  450. {
  451. DWORD dwError = 0;
  452. PINIMMAUTHMETHODS pIniMMAuthMethods = NULL;
  455. ENTER_SPD_SECTION();
  457. dwError = ValidateSecurity(
  458. SPD_OBJECT_SERVER,
  459. SERVER_ACCESS_ADMINISTER,
  460. NULL,
  461. NULL
  462. );
  463. BAIL_ON_LOCK_ERROR(dwError);
  465. pIniMMAuthMethods = FindMMAuthMethods(
  466. gpIniMMAuthMethods,
  467. gMMAuthID
  468. );
  469. if (!pIniMMAuthMethods) {
  470. dwError = ERROR_IPSEC_MM_AUTH_NOT_FOUND;
  471. BAIL_ON_LOCK_ERROR(dwError);
  472. }
  474. if (pIniMMAuthMethods->cRef) {
  475. dwError = ERROR_IPSEC_MM_AUTH_IN_USE;
  476. BAIL_ON_LOCK_ERROR(dwError);
  477. }
  479. if (pIniMMAuthMethods->bIsPersisted) {
  480. dwError = SPDPurgeMMAuthMethods(
  481. gMMAuthID
  482. );
  483. BAIL_ON_LOCK_ERROR(dwError);
  484. }
  486. dwError = DeleteIniMMAuthMethods(
  487. pIniMMAuthMethods
  488. );
  489. BAIL_ON_LOCK_ERROR(dwError);
  491. LEAVE_SPD_SECTION();
  493. if (gbIKENotify) {
  494. (VOID) IKENotifyPolicyChange(
  495. &(gMMAuthID),
  496. POLICY_GUID_AUTH
  497. );
  498. }
  500. return (dwError);
  502. lock:
  504. LEAVE_SPD_SECTION();
  506. if ((dwError == ERROR_IPSEC_MM_AUTH_IN_USE) && gbIKENotify) {
  507. (VOID) IKENotifyPolicyChange(
  508. &(gMMAuthID),
  509. POLICY_GUID_AUTH
  510. );
  511. }
  513. return (dwError);
  514. }
  517. DWORD
  518. DeleteIniMMAuthMethods(
  519. PINIMMAUTHMETHODS pIniMMAuthMethods
  520. )
  521. {
  522. DWORD dwError = 0;
  523. PINIMMAUTHMETHODS * ppTemp = NULL;
  526. ppTemp = &gpIniMMAuthMethods;
  528. while (*ppTemp) {
  530. if (*ppTemp == pIniMMAuthMethods) {
  531. break;
  532. }
  533. ppTemp = &((*ppTemp)->pNext);
  535. }
  537. if (*ppTemp) {
  538. *ppTemp = pIniMMAuthMethods->pNext;
  539. }
  541. if ((pIniMMAuthMethods->dwFlags) & IPSEC_MM_AUTH_DEFAULT_AUTH) {
  542. gpIniDefaultMMAuthMethods = NULL;
  543. }
  545. FreeIniMMAuthMethods(pIniMMAuthMethods);
  547. return (dwError);
  548. }
  551. DWORD
  552. WINAPI
  553. EnumMMAuthMethods(
  554. LPWSTR pServerName,
  555. PMM_AUTH_METHODS * ppMMAuthMethods,
  556. DWORD dwPreferredNumEntries,
  557. LPDWORD pdwNumAuthMethods,
  558. LPDWORD pdwResumeHandle
  559. )
  560. /*++
  562. Routine Description:
  564. This function enumerates main mode auth methods from the SPD.
  566. Arguments:
  568. pServerName - Server on which the main mode auth methods are to
  569. be enumerated.
  571. ppMMAuthMethods - Enumerated main mode auth methods returned to
  572. the caller.
  574. dwPreferredNumEntries - Preferred number of enumeration entries.
  576. pdwNumAuthMethods - Number of main mode auth methods actually
  577. enumerated.
  579. pdwResumeHandle - Handle to the location in the main mode auth
  580. methods list from which to resume enumeration.
  582. Return Value:
  584. ERROR_SUCCESS - Success.
  586. Win32 Error - Failure.
  588. --*/
  589. {
  590. DWORD dwError = 0;
  591. DWORD dwResumeHandle = 0;
  592. DWORD dwNumToEnum = 0;
  593. PINIMMAUTHMETHODS pIniMMAuthMethods = NULL;
  594. DWORD i = 0;
  595. PINIMMAUTHMETHODS pTemp = NULL;
  596. DWORD dwNumAuthMethods = 0;
  597. PMM_AUTH_METHODS pMMAuthMethods = NULL;
  598. PMM_AUTH_METHODS pTempMMAuthMethods = NULL;
  601. dwResumeHandle = *pdwResumeHandle;
  603. if (!dwPreferredNumEntries || (dwPreferredNumEntries > MAX_MMAUTH_ENUM_COUNT)) {
  604. dwNumToEnum = MAX_MMAUTH_ENUM_COUNT;
  605. }
  606. else {
  607. dwNumToEnum = dwPreferredNumEntries;
  608. }
  610. ENTER_SPD_SECTION();
  612. dwError = ValidateSecurity(
  613. SPD_OBJECT_SERVER,
  614. SERVER_ACCESS_ADMINISTER,
  615. NULL,
  616. NULL
  617. );
  618. BAIL_ON_LOCK_ERROR(dwError);
  620. pIniMMAuthMethods = gpIniMMAuthMethods;
  622. for (i = 0; (i < dwResumeHandle) && (pIniMMAuthMethods != NULL); i++) {
  623. pIniMMAuthMethods = pIniMMAuthMethods->pNext;
  624. }
  626. if (!pIniMMAuthMethods) {
  627. dwError = ERROR_NO_DATA;
  628. BAIL_ON_LOCK_ERROR(dwError);
  629. }
  631. pTemp = pIniMMAuthMethods;
  633. while (pTemp && (dwNumAuthMethods < dwNumToEnum)) {
  634. dwNumAuthMethods++;
  635. pTemp = pTemp->pNext;
  636. }
  638. dwError = SPDApiBufferAllocate(
  639. sizeof(MM_AUTH_METHODS)*dwNumAuthMethods,
  640. &pMMAuthMethods
  641. );
  642. BAIL_ON_LOCK_ERROR(dwError);
  644. pTemp = pIniMMAuthMethods;
  645. pTempMMAuthMethods = pMMAuthMethods;
  647. for (i = 0; i < dwNumAuthMethods; i++) {
  649. dwError = CopyMMAuthMethods(
  650. pTemp,
  651. pTempMMAuthMethods
  652. );
  653. BAIL_ON_LOCK_ERROR(dwError);
  655. pTemp = pTemp->pNext;
  656. pTempMMAuthMethods++;
  658. }
  660. *ppMMAuthMethods = pMMAuthMethods;
  661. *pdwResumeHandle = dwResumeHandle + dwNumAuthMethods;
  662. *pdwNumAuthMethods = dwNumAuthMethods;
  664. LEAVE_SPD_SECTION();
  665. return (dwError);
  667. lock:
  669. LEAVE_SPD_SECTION();
  671. if (pMMAuthMethods) {
  672. FreeMMAuthMethods(
  673. i,
  674. pMMAuthMethods
  675. );
  676. }
  678. *ppMMAuthMethods = NULL;
  679. *pdwResumeHandle = dwResumeHandle;
  680. *pdwNumAuthMethods = 0;
  682. return (dwError);
  683. }
  686. DWORD
  687. WINAPI
  688. SetMMAuthMethods(
  689. LPWSTR pServerName,
  690. GUID gMMAuthID,
  691. PMM_AUTH_METHODS pMMAuthMethods
  692. )
  693. /*++
  695. Routine Description:
  697. This function updates main mode auth methods in the SPD.
  699. Arguments:
  701. pServerName - Server on which the main mode auth methods are to
  702. be updated.
  704. gMMAuthID - Guid of the main mode auth methods to be updated.
  706. pMMAuthMethods - New main mode auth methods which will replace
  707. the existing methods.
  709. Return Value:
  711. ERROR_SUCCESS - Success.
  713. Win32 Error - Failure.
  715. --*/
  716. {
  717. DWORD dwError = 0;
  718. PINIMMAUTHMETHODS pIniMMAuthMethods = NULL;
  721. //
  722. // Validate main mode auth methods.
  723. //
  725. dwError = ValidateMMAuthMethods(
  726. pMMAuthMethods
  727. );
  728. BAIL_ON_WIN32_ERROR(dwError);
  730. ENTER_SPD_SECTION();
  732. dwError = ValidateSecurity(
  733. SPD_OBJECT_SERVER,
  734. SERVER_ACCESS_ADMINISTER,
  735. NULL,
  736. NULL
  737. );
  738. BAIL_ON_LOCK_ERROR(dwError);
  740. pIniMMAuthMethods = FindMMAuthMethods(
  741. gpIniMMAuthMethods,
  742. gMMAuthID
  743. );
  744. if (!pIniMMAuthMethods) {
  745. dwError = ERROR_IPSEC_MM_AUTH_NOT_FOUND;
  746. BAIL_ON_LOCK_ERROR(dwError);
  747. }
  749. dwError = SetIniMMAuthMethods(
  750. pIniMMAuthMethods,
  751. pMMAuthMethods
  752. );
  753. BAIL_ON_LOCK_ERROR(dwError);
  755. if (pIniMMAuthMethods->bIsPersisted) {
  756. dwError = PersistMMAuthMethods(
  757. pMMAuthMethods
  758. );
  759. BAIL_ON_LOCK_ERROR(dwError);
  760. }
  762. LEAVE_SPD_SECTION();
  764. (VOID) IKENotifyPolicyChange(
  765. &(pMMAuthMethods->gMMAuthID),
  766. POLICY_GUID_AUTH
  767. );
  769. return (dwError);
  771. lock:
  773. LEAVE_SPD_SECTION();
  775. error:
  777. return (dwError);
  778. }
  781. DWORD
  782. SetIniMMAuthMethods(
  783. PINIMMAUTHMETHODS pIniMMAuthMethods,
  784. PMM_AUTH_METHODS pMMAuthMethods
  785. )
  786. {
  787. DWORD dwError = 0;
  788. DWORD dwNumAuthInfos = 0;
  789. PIPSEC_MM_AUTH_INFO pAuthenticationInfo = NULL;
  792. dwError = CreateIniMMAuthInfos(
  793. pMMAuthMethods->dwNumAuthInfos,
  794. pMMAuthMethods->pAuthenticationInfo,
  795. &dwNumAuthInfos,
  796. &pAuthenticationInfo
  797. );
  798. BAIL_ON_WIN32_ERROR(dwError);
  800. FreeIniMMAuthInfos(
  801. pIniMMAuthMethods->dwNumAuthInfos,
  802. pIniMMAuthMethods->pAuthenticationInfo
  803. );
  805. if ((pIniMMAuthMethods->dwFlags) & IPSEC_MM_AUTH_DEFAULT_AUTH) {
  806. gpIniDefaultMMAuthMethods = NULL;
  807. }
  809. pIniMMAuthMethods->dwFlags = pMMAuthMethods->dwFlags;
  810. pIniMMAuthMethods->dwNumAuthInfos = dwNumAuthInfos;
  811. pIniMMAuthMethods->pAuthenticationInfo = pAuthenticationInfo;
  813. if ((pIniMMAuthMethods->dwFlags) & IPSEC_MM_AUTH_DEFAULT_AUTH) {
  814. gpIniDefaultMMAuthMethods = pIniMMAuthMethods;
  815. }
  817. error:
  819. return (dwError);
  820. }
  823. DWORD
  824. WINAPI
  825. GetMMAuthMethods(
  826. LPWSTR pServerName,
  827. GUID gMMAuthID,
  828. PMM_AUTH_METHODS * ppMMAuthMethods
  829. )
  830. /*++
  832. Routine Description:
  834. This function gets main mode auth methods from the SPD.
  836. Arguments:
  838. pServerName - Server from which to get the main mode auth methods.
  840. gMMAuthID - Guid of the main mode auth methods to get.
  842. ppMMAuthMethods - Main mode auth methods found returned to the
  843. caller.
  845. Return Value:
  847. ERROR_SUCCESS - Success.
  849. Win32 Error - Failure.
  851. --*/
  852. {
  853. DWORD dwError = 0;
  854. PINIMMAUTHMETHODS pIniMMAuthMethods = NULL;
  855. PMM_AUTH_METHODS pMMAuthMethods = NULL;
  858. ENTER_SPD_SECTION();
  860. dwError = ValidateSecurity(
  861. SPD_OBJECT_SERVER,
  862. SERVER_ACCESS_ADMINISTER,
  863. NULL,
  864. NULL
  865. );
  866. BAIL_ON_LOCK_ERROR(dwError);
  868. pIniMMAuthMethods = FindMMAuthMethods(
  869. gpIniMMAuthMethods,
  870. gMMAuthID
  871. );
  872. if (!pIniMMAuthMethods) {
  873. dwError = ERROR_IPSEC_MM_AUTH_NOT_FOUND;
  874. BAIL_ON_LOCK_ERROR(dwError);
  875. }
  877. dwError = GetIniMMAuthMethods(
  878. pIniMMAuthMethods,
  879. &pMMAuthMethods
  880. );
  881. BAIL_ON_LOCK_ERROR(dwError);
  883. *ppMMAuthMethods = pMMAuthMethods;
  885. LEAVE_SPD_SECTION();
  886. return (dwError);
  888. lock:
  890. LEAVE_SPD_SECTION();
  892. *ppMMAuthMethods = NULL;
  893. return (dwError);
  894. }
  897. DWORD
  898. GetIniMMAuthMethods(
  899. PINIMMAUTHMETHODS pIniMMAuthMethods,
  900. PMM_AUTH_METHODS * ppMMAuthMethods
  901. )
  902. {
  903. DWORD dwError = 0;
  904. PMM_AUTH_METHODS pMMAuthMethods = NULL;
  907. dwError = SPDApiBufferAllocate(
  908. sizeof(MM_AUTH_METHODS),
  909. &pMMAuthMethods
  910. );
  911. BAIL_ON_WIN32_ERROR(dwError);
  913. dwError = CopyMMAuthMethods(
  914. pIniMMAuthMethods,
  915. pMMAuthMethods
  916. );
  917. BAIL_ON_WIN32_ERROR(dwError);
  919. *ppMMAuthMethods = pMMAuthMethods;
  920. return (dwError);
  922. error:
  924. if (pMMAuthMethods) {
  925. SPDApiBufferFree(pMMAuthMethods);
  926. }
  928. *ppMMAuthMethods = NULL;
  929. return (dwError);
  930. }
  933. DWORD
  934. CopyMMAuthMethods(
  935. PINIMMAUTHMETHODS pIniMMAuthMethods,
  936. PMM_AUTH_METHODS pMMAuthMethods
  937. )
  938. {
  939. DWORD dwError = 0;
  941. memcpy(
  942. &(pMMAuthMethods->gMMAuthID),
  943. &(pIniMMAuthMethods->gMMAuthID),
  944. sizeof(GUID)
  945. );
  947. pMMAuthMethods->dwFlags = pIniMMAuthMethods->dwFlags;
  949. dwError = CreateMMAuthInfos(
  950. pIniMMAuthMethods->dwNumAuthInfos,
  951. pIniMMAuthMethods->pAuthenticationInfo,
  952. &(pMMAuthMethods->dwNumAuthInfos),
  953. &(pMMAuthMethods->pAuthenticationInfo)
  954. );
  955. BAIL_ON_WIN32_ERROR(dwError);
  957. error:
  959. return (dwError);
  960. }
  963. DWORD
  964. CreateMMAuthInfos(
  965. DWORD dwInNumAuthInfos,
  966. PIPSEC_MM_AUTH_INFO pInAuthenticationInfo,
  967. PDWORD pdwNumAuthInfos,
  968. PIPSEC_MM_AUTH_INFO * ppAuthenticationInfo
  969. )
  970. {
  971. DWORD dwError = 0;
  972. PIPSEC_MM_AUTH_INFO pAuthenticationInfo = NULL;
  973. PIPSEC_MM_AUTH_INFO pTemp = NULL;
  974. PIPSEC_MM_AUTH_INFO pInTemp = NULL;
  975. DWORD i = 0;
  978. //
  979. // Number of auth infos and the auth infos themselves
  980. // have already been validated.
  981. //
  983. dwError = SPDApiBufferAllocate(
  984. sizeof(IPSEC_MM_AUTH_INFO) * dwInNumAuthInfos,
  985. &(pAuthenticationInfo)
  986. );
  987. BAIL_ON_WIN32_ERROR(dwError);
  989. pTemp = pAuthenticationInfo;
  990. pInTemp = pInAuthenticationInfo;
  992. for (i = 0; i < dwInNumAuthInfos; i++) {
  994. pTemp->AuthMethod = pInTemp->AuthMethod;
  996. //
  997. // Auth info size and the auth info have already
  998. // been validated.
  999. //
  1001. if (pInTemp->AuthMethod == IKE_SSPI) {
  1003. pTemp->dwAuthInfoSize = 0;
  1004. pTemp->pAuthInfo = NULL;
  1006. }
  1007. else {
  1009. dwError = SPDApiBufferAllocate(
  1010. pInTemp->dwAuthInfoSize,
  1011. &(pTemp->pAuthInfo)
  1012. );
  1013. BAIL_ON_WIN32_ERROR(dwError);
  1015. pTemp->dwAuthInfoSize = pInTemp->dwAuthInfoSize;
  1017. //
  1018. // Need to catch the exception when the size of auth info
  1019. // specified is more than the actual size. This can
  1020. // not be checked earlier in the validation routine.
  1021. //
  1022. //
  1024. memcpy(
  1025. pTemp->pAuthInfo,
  1026. pInTemp->pAuthInfo,
  1027. pInTemp->dwAuthInfoSize
  1028. );
  1030. }
  1032. pInTemp++;
  1033. pTemp++;
  1035. }
  1037. *pdwNumAuthInfos = dwInNumAuthInfos;
  1038. *ppAuthenticationInfo = pAuthenticationInfo;
  1039. return (dwError);
  1041. error:
  1043. if (pAuthenticationInfo) {
  1044. FreeMMAuthInfos(
  1045. i,
  1046. pAuthenticationInfo
  1047. );
  1048. }
  1050. *pdwNumAuthInfos = 0;
  1051. *ppAuthenticationInfo = NULL;
  1052. return (dwError);
  1053. }
  1056. VOID
  1057. FreeMMAuthInfos(
  1058. DWORD dwNumAuthInfos,
  1059. PIPSEC_MM_AUTH_INFO pAuthenticationInfo
  1060. )
  1061. {
  1062. DWORD i = 0;
  1063. PIPSEC_MM_AUTH_INFO pTemp = NULL;
  1066. if (pAuthenticationInfo) {
  1068. pTemp = pAuthenticationInfo;
  1070. for (i = 0; i < dwNumAuthInfos; i++) {
  1071. if (pTemp->pAuthInfo) {
  1072. SPDApiBufferFree(pTemp->pAuthInfo);
  1073. }
  1074. pTemp++;
  1075. }
  1077. SPDApiBufferFree(pAuthenticationInfo);
  1079. }
  1080. }
  1083. VOID
  1084. FreeIniMMAuthMethodsList(
  1085. PINIMMAUTHMETHODS pIniMMAuthMethodsList
  1086. )
  1087. {
  1088. PINIMMAUTHMETHODS pTemp = NULL;
  1089. PINIMMAUTHMETHODS pIniMMAuthMethods = NULL;
  1092. pTemp = pIniMMAuthMethodsList;
  1094. while (pTemp) {
  1096. pIniMMAuthMethods = pTemp;
  1097. pTemp = pTemp->pNext;
  1099. FreeIniMMAuthMethods(pIniMMAuthMethods);
  1101. }
  1102. }
  1105. VOID
  1106. FreeMMAuthMethods(
  1107. DWORD dwNumAuthMethods,
  1108. PMM_AUTH_METHODS pMMAuthMethods
  1109. )
  1110. {
  1111. DWORD i = 0;
  1113. if (pMMAuthMethods) {
  1115. for (i = 0; i < dwNumAuthMethods; i++) {
  1117. FreeMMAuthInfos(
  1118. pMMAuthMethods[i].dwNumAuthInfos,
  1119. pMMAuthMethods[i].pAuthenticationInfo
  1120. );
  1122. }
  1124. SPDApiBufferFree(pMMAuthMethods);
  1126. }
  1127. }
  1130. DWORD
  1131. LocateMMAuthMethods(
  1132. PMM_FILTER pMMFilter,
  1133. PINIMMAUTHMETHODS * ppIniMMAuthMethods
  1134. )
  1135. {
  1136. DWORD dwError = 0;
  1137. PINIMMAUTHMETHODS pIniMMAuthMethods = NULL;
  1140. if ((pMMFilter->dwFlags) & IPSEC_MM_AUTH_DEFAULT_AUTH) {
  1142. if (!gpIniDefaultMMAuthMethods) {
  1143. dwError = ERROR_IPSEC_DEFAULT_MM_AUTH_NOT_FOUND;
  1144. BAIL_ON_WIN32_ERROR(dwError);
  1145. }
  1146. pIniMMAuthMethods = gpIniDefaultMMAuthMethods;
  1148. }
  1149. else {
  1151. pIniMMAuthMethods = FindMMAuthMethods(
  1152. gpIniMMAuthMethods,
  1153. pMMFilter->gMMAuthID
  1154. );
  1155. if (!pIniMMAuthMethods) {
  1156. dwError = ERROR_IPSEC_MM_AUTH_NOT_FOUND;
  1157. BAIL_ON_WIN32_ERROR(dwError);
  1158. }
  1160. }
  1162. *ppIniMMAuthMethods = pIniMMAuthMethods;
  1163. return (dwError);
  1165. error:
  1167. *ppIniMMAuthMethods = NULL;
  1168. return (dwError);
  1169. }