archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
3.8 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ipsec/spd/server/pammauth.c

655 lines
14 KiB
Raw Normal View History

Add source files
4 years ago
  3. #include "precomp.h"
  6. DWORD
  7. PAAddMMAuthMethods(
  8. PIPSEC_NFA_DATA * ppIpsecNFAData,
  9. DWORD dwNumNFACount
  10. )
  11. {
  12. DWORD dwError = 0;
  13. DWORD i = 0;
  14. PMMAUTHSTATE pMMAuthState = NULL;
  15. PMM_AUTH_METHODS pSPDMMAuthMethods = NULL;
  16. LPWSTR pServerName = NULL;
  17. DWORD dwPersist = 0;
  20. for (i = 0; i < dwNumNFACount; i++) {
  22. dwError = PACreateMMAuthState(
  23. *(ppIpsecNFAData + i),
  24. &pMMAuthState
  25. );
  26. if (dwError) {
  27. continue;
  28. }
  30. dwError = PACreateMMAuthMethods(
  31. *(ppIpsecNFAData + i),
  32. &pSPDMMAuthMethods
  33. );
  34. if (dwError) {
  36. pMMAuthState->bInSPD = FALSE;
  37. pMMAuthState->dwErrorCode = dwError;
  39. pMMAuthState->pNext = gpMMAuthState;
  40. gpMMAuthState = pMMAuthState;
  42. continue;
  44. }
  46. dwError = AddMMAuthMethods(
  47. pServerName,
  48. dwPersist,
  49. pSPDMMAuthMethods
  50. );
  51. if (dwError) {
  52. pMMAuthState->bInSPD = FALSE;
  53. pMMAuthState->dwErrorCode = dwError;
  54. }
  55. else {
  56. pMMAuthState->bInSPD = TRUE;
  57. pMMAuthState->dwErrorCode = ERROR_SUCCESS;
  58. }
  60. pMMAuthState->pNext = gpMMAuthState;
  61. gpMMAuthState = pMMAuthState;
  63. PAFreeMMAuthMethods(pSPDMMAuthMethods);
  65. }
  67. return (dwError);
  68. }
  71. DWORD
  72. PACreateMMAuthState(
  73. PIPSEC_NFA_DATA pIpsecNFAData,
  74. PMMAUTHSTATE * ppMMAuthState
  75. )
  76. {
  77. DWORD dwError = 0;
  78. PMMAUTHSTATE pMMAuthState = NULL;
  81. dwError = AllocateSPDMemory(
  82. sizeof(MMAUTHSTATE),
  83. &pMMAuthState
  84. );
  85. BAIL_ON_WIN32_ERROR(dwError);
  87. memcpy(
  88. &(pMMAuthState->gMMAuthID),
  89. &(pIpsecNFAData->NFAIdentifier),
  90. sizeof(GUID)
  91. );
  93. pMMAuthState->bInSPD = FALSE;
  94. pMMAuthState->dwErrorCode = 0;
  95. pMMAuthState->pNext = NULL;
  97. *ppMMAuthState = pMMAuthState;
  99. return (dwError);
  101. error:
  103. *ppMMAuthState = NULL;
  105. return (dwError);
  106. }
  109. DWORD
  110. PACreateMMAuthMethods(
  111. PIPSEC_NFA_DATA pIpsecNFAData,
  112. PMM_AUTH_METHODS * ppSPDMMAuthMethods
  113. )
  114. {
  115. DWORD dwError = 0;
  116. DWORD dwAuthMethodCount = 0;
  117. PIPSEC_AUTH_METHOD * ppAuthMethods = NULL;
  118. PMM_AUTH_METHODS pSPDMMAuthMethods = NULL;
  119. PIPSEC_NEGPOL_DATA pIpsecNegPolData = NULL;
  122. dwAuthMethodCount = pIpsecNFAData->dwAuthMethodCount;
  123. ppAuthMethods = pIpsecNFAData->ppAuthMethods;
  125. if (!dwAuthMethodCount || !ppAuthMethods) {
  126. dwError = ERROR_INVALID_PARAMETER;
  127. BAIL_ON_WIN32_ERROR(dwError);
  128. }
  130. dwError = AllocateSPDMemory(
  131. sizeof(MM_AUTH_METHODS),
  132. &pSPDMMAuthMethods
  133. );
  134. BAIL_ON_WIN32_ERROR(dwError);
  136. memcpy(
  137. &(pSPDMMAuthMethods->gMMAuthID),
  138. &(pIpsecNFAData->NFAIdentifier),
  139. sizeof(GUID)
  140. );
  142. pSPDMMAuthMethods->dwFlags = 0;
  144. pIpsecNegPolData = pIpsecNFAData->pIpsecNegPolData;
  146. if (!memcmp(
  147. &(pIpsecNegPolData->NegPolType),
  148. &(GUID_NEGOTIATION_TYPE_DEFAULT),
  149. sizeof(GUID))) {
  150. pSPDMMAuthMethods->dwFlags |= IPSEC_MM_AUTH_DEFAULT_AUTH;
  151. }
  153. dwError = PACreateMMAuthInfos(
  154. dwAuthMethodCount,
  155. ppAuthMethods,
  156. &(pSPDMMAuthMethods->dwNumAuthInfos),
  157. &(pSPDMMAuthMethods->pAuthenticationInfo)
  158. );
  159. BAIL_ON_WIN32_ERROR(dwError);
  161. *ppSPDMMAuthMethods = pSPDMMAuthMethods;
  162. return (dwError);
  164. error:
  166. if (pSPDMMAuthMethods) {
  167. PAFreeMMAuthMethods(pSPDMMAuthMethods);
  168. }
  170. *ppSPDMMAuthMethods = NULL;
  171. return (dwError);
  172. }
  175. DWORD
  176. PACreateMMAuthInfos(
  177. DWORD dwAuthMethodCount,
  178. PIPSEC_AUTH_METHOD * ppAuthMethods,
  179. PDWORD pdwNumAuthInfos,
  180. PIPSEC_MM_AUTH_INFO * ppAuthenticationInfo
  181. )
  182. {
  183. DWORD dwError = 0;
  184. PIPSEC_MM_AUTH_INFO pAuthenticationInfo = NULL;
  185. PIPSEC_MM_AUTH_INFO pTemp = NULL;
  186. PIPSEC_AUTH_METHOD pAuthMethod = NULL;
  187. DWORD i = 0;
  190. //
  191. // dwAuthMethodCount is not zero at this point.
  192. // ppAuthMethods is not null at this point.
  193. //
  195. dwError = AllocateSPDMemory(
  196. sizeof(IPSEC_MM_AUTH_INFO)*dwAuthMethodCount,
  197. &(pAuthenticationInfo)
  198. );
  199. BAIL_ON_WIN32_ERROR(dwError);
  201. pTemp = pAuthenticationInfo;
  203. for (i = 0; i < dwAuthMethodCount; i++) {
  205. pAuthMethod = *(ppAuthMethods + i);
  207. pTemp->AuthMethod = (MM_AUTH_ENUM) pAuthMethod->dwAuthType;
  209. switch(pTemp->AuthMethod) {
  211. case IKE_SSPI:
  213. pTemp->dwAuthInfoSize = 0;
  214. pTemp->pAuthInfo = NULL;
  215. break;
  217. case IKE_RSA_SIGNATURE:
  219. if (pAuthMethod->dwAltAuthLen && pAuthMethod->pAltAuthMethod) {
  221. dwError = AllocateSPDMemory(
  222. pAuthMethod->dwAltAuthLen,
  223. &(pTemp->pAuthInfo)
  224. );
  225. BAIL_ON_WIN32_ERROR(dwError);
  226. pTemp->dwAuthInfoSize = pAuthMethod->dwAltAuthLen;
  228. //
  229. // Need to catch the exception when the size of auth info
  230. // specified is more than the actual size.
  231. //
  232. //
  234. memcpy(
  235. pTemp->pAuthInfo,
  236. pAuthMethod->pAltAuthMethod,
  237. pAuthMethod->dwAltAuthLen
  238. );
  239. }
  240. else {
  242. if (!(pAuthMethod->dwAuthLen) || !(pAuthMethod->pszAuthMethod)) {
  243. dwError = ERROR_INVALID_PARAMETER;
  244. BAIL_ON_WIN32_ERROR(dwError);
  245. }
  246. dwError = EncodeName(
  247. pAuthMethod->pszAuthMethod,
  248. &pTemp->pAuthInfo,
  249. &pTemp->dwAuthInfoSize
  250. );
  251. BAIL_ON_WIN32_ERROR(dwError);
  253. }
  254. break;
  256. default:
  258. if (!(pAuthMethod->dwAuthLen) || !(pAuthMethod->pszAuthMethod)) {
  259. dwError = ERROR_INVALID_PARAMETER;
  260. BAIL_ON_WIN32_ERROR(dwError);
  261. }
  262. dwError = AllocateSPDMemory(
  263. (pAuthMethod->dwAuthLen)*sizeof(WCHAR),
  264. &(pTemp->pAuthInfo)
  265. );
  266. BAIL_ON_WIN32_ERROR(dwError);
  267. pTemp->dwAuthInfoSize = (pAuthMethod->dwAuthLen)*sizeof(WCHAR);
  269. //
  270. // Need to catch the exception when the size of auth info
  271. // specified is more than the actual size.
  272. //
  273. //
  275. memcpy(
  276. pTemp->pAuthInfo,
  277. (LPBYTE) pAuthMethod->pszAuthMethod,
  278. (pAuthMethod->dwAuthLen)*sizeof(WCHAR)
  279. );
  280. break;
  282. }
  284. pTemp++;
  286. }
  288. *pdwNumAuthInfos = dwAuthMethodCount;
  289. *ppAuthenticationInfo = pAuthenticationInfo;
  290. return (dwError);
  292. error:
  294. if (pAuthenticationInfo) {
  295. PAFreeMMAuthInfos(
  296. i,
  297. pAuthenticationInfo
  298. );
  299. }
  301. *pdwNumAuthInfos = 0;
  302. *ppAuthenticationInfo = NULL;
  303. return (dwError);
  304. }
  307. VOID
  308. PAFreeMMAuthMethods(
  309. PMM_AUTH_METHODS pSPDMMAuthMethods
  310. )
  311. {
  312. if (pSPDMMAuthMethods) {
  314. PAFreeMMAuthInfos(
  315. pSPDMMAuthMethods->dwNumAuthInfos,
  316. pSPDMMAuthMethods->pAuthenticationInfo
  317. );
  319. FreeSPDMemory(pSPDMMAuthMethods);
  321. }
  322. }
  325. VOID
  326. PAFreeMMAuthInfos(
  327. DWORD dwNumAuthInfos,
  328. PIPSEC_MM_AUTH_INFO pAuthenticationInfo
  329. )
  330. {
  331. DWORD i = 0;
  332. PIPSEC_MM_AUTH_INFO pTemp = NULL;
  335. if (pAuthenticationInfo) {
  337. pTemp = pAuthenticationInfo;
  339. for (i = 0; i < dwNumAuthInfos; i++) {
  340. if (pTemp->pAuthInfo) {
  341. FreeSPDMemory(pTemp->pAuthInfo);
  342. }
  343. pTemp++;
  344. }
  346. FreeSPDMemory(pAuthenticationInfo);
  348. }
  349. }
  352. DWORD
  353. PADeleteAllMMAuthMethods(
  354. )
  355. {
  356. DWORD dwError = 0;
  357. PMMAUTHSTATE pMMAuthState = NULL;
  358. LPWSTR pServerName = NULL;
  359. PMMAUTHSTATE pTemp = NULL;
  360. PMMAUTHSTATE pLeftMMAuthState = NULL;
  363. pMMAuthState = gpMMAuthState;
  365. while (pMMAuthState) {
  367. if (pMMAuthState->bInSPD) {
  369. dwError = DeleteMMAuthMethods(
  370. pServerName,
  371. pMMAuthState->gMMAuthID
  372. );
  373. if (!dwError) {
  374. pTemp = pMMAuthState;
  375. pMMAuthState = pMMAuthState->pNext;
  376. FreeSPDMemory(pTemp);
  377. }
  378. else {
  379. pMMAuthState->dwErrorCode = dwError;
  381. pTemp = pMMAuthState;
  382. pMMAuthState = pMMAuthState->pNext;
  384. pTemp->pNext = pLeftMMAuthState;
  385. pLeftMMAuthState = pTemp;
  386. }
  388. }
  389. else {
  391. pTemp = pMMAuthState;
  392. pMMAuthState = pMMAuthState->pNext;
  393. FreeSPDMemory(pTemp);
  395. }
  397. }
  399. gpMMAuthState = pLeftMMAuthState;
  401. return (dwError);
  402. }
  405. VOID
  406. PAFreeMMAuthStateList(
  407. PMMAUTHSTATE pMMAuthState
  408. )
  409. {
  410. PMMAUTHSTATE pTemp = NULL;
  413. while (pMMAuthState) {
  415. pTemp = pMMAuthState;
  416. pMMAuthState = pMMAuthState->pNext;
  417. FreeSPDMemory(pTemp);
  419. }
  420. }
  423. PMMAUTHSTATE
  424. FindMMAuthState(
  425. GUID gMMAuthID
  426. )
  427. {
  428. PMMAUTHSTATE pMMAuthState = NULL;
  431. pMMAuthState = gpMMAuthState;
  433. while (pMMAuthState) {
  435. if (!memcmp(&(pMMAuthState->gMMAuthID), &gMMAuthID, sizeof(GUID))) {
  436. return (pMMAuthState);
  437. }
  439. pMMAuthState = pMMAuthState->pNext;
  441. }
  443. return (NULL);
  444. }
  447. DWORD
  448. PADeleteMMAuthMethods(
  449. PIPSEC_NFA_DATA * ppIpsecNFAData,
  450. DWORD dwNumNFACount
  451. )
  452. {
  453. DWORD dwError = 0;
  454. DWORD i = 0;
  455. PIPSEC_NFA_DATA pIpsecNFAData = NULL;
  458. for (i = 0; i < dwNumNFACount; i++) {
  460. pIpsecNFAData = *(ppIpsecNFAData + i);
  462. dwError = PADeleteMMAuthMethod(
  463. pIpsecNFAData->NFAIdentifier
  464. );
  466. }
  468. return (dwError);
  469. }
  472. DWORD
  473. PADeleteMMAuthMethod(
  474. GUID gMMAuthID
  475. )
  476. {
  477. DWORD dwError = 0;
  478. PMMAUTHSTATE pMMAuthState = NULL;
  479. LPWSTR pServerName = NULL;
  482. pMMAuthState = FindMMAuthState(
  483. gMMAuthID
  484. );
  485. if (!pMMAuthState) {
  486. dwError = ERROR_SUCCESS;
  487. return (dwError);
  488. }
  490. if (pMMAuthState->bInSPD) {
  492. dwError = DeleteMMAuthMethods(
  493. pServerName,
  494. pMMAuthState->gMMAuthID
  495. );
  496. if (dwError) {
  497. pMMAuthState->dwErrorCode = dwError;
  498. }
  499. BAIL_ON_WIN32_ERROR(dwError);
  501. }
  503. PADeleteMMAuthState(pMMAuthState);
  505. error:
  507. return (dwError);
  508. }
  511. VOID
  512. PADeleteMMAuthState(
  513. PMMAUTHSTATE pMMAuthState
  514. )
  515. {
  516. PMMAUTHSTATE * ppTemp = NULL;
  519. ppTemp = &gpMMAuthState;
  521. while (*ppTemp) {
  523. if (*ppTemp == pMMAuthState) {
  524. break;
  525. }
  526. ppTemp = &((*ppTemp)->pNext);
  528. }
  530. if (*ppTemp) {
  531. *ppTemp = pMMAuthState->pNext;
  532. }
  534. FreeSPDMemory(pMMAuthState);
  536. return;
  537. }
  540. DWORD
  541. PADeleteInUseMMAuthMethods(
  542. )
  543. {
  544. DWORD dwError = 0;
  545. PMMAUTHSTATE pMMAuthState = NULL;
  546. LPWSTR pServerName = NULL;
  547. PMMAUTHSTATE pTemp = NULL;
  548. PMMAUTHSTATE pLeftMMAuthState = NULL;
  551. pMMAuthState = gpMMAuthState;
  553. while (pMMAuthState) {
  555. if (pMMAuthState->bInSPD &&
  556. (pMMAuthState->dwErrorCode == ERROR_IPSEC_MM_AUTH_IN_USE)) {
  558. dwError = DeleteMMAuthMethods(
  559. pServerName,
  560. pMMAuthState->gMMAuthID
  561. );
  562. if (!dwError) {
  563. pTemp = pMMAuthState;
  564. pMMAuthState = pMMAuthState->pNext;
  565. FreeSPDMemory(pTemp);
  566. }
  567. else {
  568. pTemp = pMMAuthState;
  569. pMMAuthState = pMMAuthState->pNext;
  571. pTemp->pNext = pLeftMMAuthState;
  572. pLeftMMAuthState = pTemp;
  573. }
  575. }
  576. else {
  578. pTemp = pMMAuthState;
  579. pMMAuthState = pMMAuthState->pNext;
  581. pTemp->pNext = pLeftMMAuthState;
  582. pLeftMMAuthState = pTemp;
  584. }
  586. }
  588. gpMMAuthState = pLeftMMAuthState;
  590. return (dwError);
  591. }
  594. DWORD
  595. EncodeName(
  596. LPWSTR pszSubjectName,
  597. PBYTE * ppEncodedName,
  598. PDWORD pdwEncodedLength
  599. )
  600. {
  601. DWORD dwError = ERROR_SUCCESS;
  604. *ppEncodedName = NULL;
  605. *pdwEncodedLength = 0;
  608. if (!CertStrToName(
  609. X509_ASN_ENCODING,
  610. pszSubjectName,
  611. CERT_X500_NAME_STR,
  612. NULL,
  613. NULL,
  614. pdwEncodedLength,
  615. NULL)) {
  616. dwError = GetLastError();
  617. BAIL_ON_WIN32_ERROR(dwError);
  618. }
  620. if (!*pdwEncodedLength) {
  621. dwError = ERROR_INVALID_DATA;
  622. BAIL_ON_WIN32_ERROR(dwError);
  623. }
  625. dwError = AllocateSPDMemory(
  626. *pdwEncodedLength,
  627. (PVOID) ppEncodedName
  628. );
  629. BAIL_ON_WIN32_ERROR(dwError);
  631. if (!CertStrToName(
  632. X509_ASN_ENCODING,
  633. pszSubjectName,
  634. CERT_X500_NAME_STR,
  635. NULL,
  636. (*ppEncodedName),
  637. pdwEncodedLength,
  638. NULL)) {
  639. dwError = GetLastError();
  640. BAIL_ON_WIN32_ERROR(dwError);
  641. }
  643. return (dwError);
  645. error:
  647. if (*ppEncodedName) {
  648. FreeSPDMemory(*ppEncodedName);
  649. *ppEncodedName = NULL;
  650. }
  651. *pdwEncodedLength = 0;
  653. return (dwError);
  654. }