archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ipsec/spd/server/qm-policy.c

1348 lines
27 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1999 Microsoft Corporation
  6. Module Name:
  8. qm-policy.c
  10. Abstract:
  13. Author:
  16. Environment: User Mode
  19. Revision History:
  22. --*/
  25. #include "precomp.h"
  28. DWORD
  29. AddQMPolicy(
  30. LPWSTR pServerName,
  31. DWORD dwFlags,
  32. PIPSEC_QM_POLICY pQMPolicy
  33. )
  34. /*++
  36. Routine Description:
  38. This function adds a quick mode policy to the SPD.
  40. Arguments:
  42. pServerName - Server on which the quick mode policy is to be added.
  44. pQMPolicy - Quick mode policy to be added.
  46. Return Value:
  48. ERROR_SUCCESS - Success.
  50. Win32 Error - Failure.
  52. --*/
  53. {
  54. DWORD dwError = 0;
  55. PINIQMPOLICY pIniQMPolicy = NULL;
  56. BOOL bPersist = FALSE;
  59. bPersist = (BOOL) (dwFlags & PERSIST_SPD_OBJECT);
  61. //
  62. // Validate the quick mode policy.
  63. //
  65. dwError = ValidateQMPolicy(
  66. pQMPolicy
  67. );
  68. BAIL_ON_WIN32_ERROR(dwError);
  70. ENTER_SPD_SECTION();
  72. dwError = ValidateSecurity(
  73. SPD_OBJECT_SERVER,
  74. SERVER_ACCESS_ADMINISTER,
  75. NULL,
  76. NULL
  77. );
  78. BAIL_ON_LOCK_ERROR(dwError);
  80. pIniQMPolicy = FindQMPolicy(
  81. gpIniQMPolicy,
  82. pQMPolicy->pszPolicyName
  83. );
  84. if (pIniQMPolicy) {
  85. dwError = ERROR_IPSEC_QM_POLICY_EXISTS;
  86. BAIL_ON_LOCK_ERROR(dwError);
  87. }
  89. pIniQMPolicy = FindQMPolicyByGuid(
  90. gpIniQMPolicy,
  91. pQMPolicy->gPolicyID
  92. );
  93. if (pIniQMPolicy) {
  94. dwError = ERROR_IPSEC_QM_POLICY_EXISTS;
  95. BAIL_ON_LOCK_ERROR(dwError);
  96. }
  98. if (bPersist && !gbLoadingPersistence) {
  99. dwError = PersistQMPolicy(
  100. pQMPolicy
  101. );
  102. BAIL_ON_LOCK_ERROR(dwError);
  103. }
  105. dwError = CreateIniQMPolicy(
  106. pQMPolicy,
  107. &pIniQMPolicy
  108. );
  109. BAIL_ON_LOCK_ERROR(dwError);
  111. pIniQMPolicy->bIsPersisted = bPersist;
  113. pIniQMPolicy->pNext = gpIniQMPolicy;
  114. gpIniQMPolicy = pIniQMPolicy;
  116. if ((pIniQMPolicy->dwFlags) & IPSEC_QM_POLICY_DEFAULT_POLICY) {
  117. gpIniDefaultQMPolicy = pIniQMPolicy;
  118. }
  120. LEAVE_SPD_SECTION();
  122. return (dwError);
  124. lock:
  126. LEAVE_SPD_SECTION();
  128. error:
  130. if (pQMPolicy && bPersist && !gbLoadingPersistence) {
  131. (VOID) SPDPurgeQMPolicy(
  132. pQMPolicy->gPolicyID
  133. );
  134. }
  136. return (dwError);
  137. }
  140. DWORD
  141. ValidateQMPolicy(
  142. PIPSEC_QM_POLICY pQMPolicy
  143. )
  144. {
  145. DWORD dwError = 0;
  148. if (!pQMPolicy) {
  149. dwError = ERROR_INVALID_PARAMETER;
  150. BAIL_ON_WIN32_ERROR(dwError);
  151. }
  153. if (!(pQMPolicy->pszPolicyName) || !(*(pQMPolicy->pszPolicyName))) {
  154. dwError = ERROR_INVALID_PARAMETER;
  155. BAIL_ON_WIN32_ERROR(dwError);
  156. }
  158. dwError = ValidateQMOffers(
  159. pQMPolicy->dwOfferCount,
  160. pQMPolicy->pOffers
  161. );
  162. BAIL_ON_WIN32_ERROR(dwError);
  164. error:
  166. return (dwError);
  167. }
  171. DWORD
  172. ValidateQMOffers(
  173. DWORD dwOfferCount,
  174. PIPSEC_QM_OFFER pOffers
  175. )
  176. {
  177. DWORD dwError = 0;
  178. DWORD i = 0;
  179. PIPSEC_QM_OFFER pTemp = NULL;
  180. DWORD j = 0;
  181. BOOL bAH = FALSE;
  182. BOOL bESP = FALSE;
  183. DWORD dwQMGroup = PFS_GROUP_NONE;
  186. if (!dwOfferCount || !pOffers || (dwOfferCount > IPSEC_MAX_QM_OFFERS)) {
  187. dwError = ERROR_INVALID_PARAMETER;
  188. BAIL_ON_WIN32_ERROR(dwError);
  189. }
  191. //
  192. // Need to catch the exception when the number of offers
  193. // specified is more than the actual number of offers.
  194. //
  197. pTemp = pOffers;
  199. if (pTemp->bPFSRequired) {
  200. if ((pTemp->dwPFSGroup != PFS_GROUP_1) &&
  201. (pTemp->dwPFSGroup != PFS_GROUP_2) &&
  202. (pTemp->dwPFSGroup != PFS_GROUP_MM)) {
  203. dwError = ERROR_INVALID_PARAMETER;
  204. BAIL_ON_WIN32_ERROR(dwError);
  205. }
  206. dwQMGroup=pTemp->dwPFSGroup;
  207. }
  208. else {
  209. if (pTemp->dwPFSGroup != PFS_GROUP_NONE) {
  210. dwError = ERROR_INVALID_PARAMETER;
  211. BAIL_ON_WIN32_ERROR(dwError);
  212. }
  213. }
  215. for (i = 0; i < dwOfferCount; i++) {
  217. if (dwQMGroup) {
  218. if ((!pTemp->bPFSRequired) || (pTemp->dwPFSGroup != dwQMGroup)) {
  219. dwError = ERROR_INVALID_PARAMETER;
  220. BAIL_ON_WIN32_ERROR(dwError);
  221. }
  222. } else {
  223. if ((pTemp->bPFSRequired) || (pTemp->dwPFSGroup != PFS_GROUP_NONE)) {
  224. dwError = ERROR_INVALID_PARAMETER;
  225. BAIL_ON_WIN32_ERROR(dwError);
  226. }
  227. }
  229. if (!(pTemp->dwNumAlgos) || (pTemp->dwNumAlgos > QM_MAX_ALGOS)) {
  230. dwError = ERROR_INVALID_PARAMETER;
  231. BAIL_ON_WIN32_ERROR(dwError);
  232. }
  234. bAH = FALSE;
  235. bESP = FALSE;
  237. for (j = 0; j < (pTemp->dwNumAlgos); j++) {
  239. switch (pTemp->Algos[j].Operation) {
  241. case AUTHENTICATION:
  242. if (bAH) {
  243. dwError = ERROR_INVALID_PARAMETER;
  244. BAIL_ON_WIN32_ERROR(dwError);
  245. }
  246. if ((pTemp->Algos[j].uAlgoIdentifier == IPSEC_DOI_AH_NONE) ||
  247. (pTemp->Algos[j].uAlgoIdentifier >= IPSEC_DOI_AH_MAX)) {
  248. dwError = ERROR_INVALID_PARAMETER;
  249. BAIL_ON_WIN32_ERROR(dwError);
  250. }
  251. if (pTemp->Algos[j].uSecAlgoIdentifier != HMAC_AH_NONE) {
  252. dwError = ERROR_INVALID_PARAMETER;
  253. BAIL_ON_WIN32_ERROR(dwError);
  254. }
  255. bAH = TRUE;
  256. break;
  258. case ENCRYPTION:
  259. if (bESP) {
  260. dwError = ERROR_INVALID_PARAMETER;
  261. BAIL_ON_WIN32_ERROR(dwError);
  262. }
  263. if (pTemp->Algos[j].uAlgoIdentifier >= IPSEC_DOI_ESP_MAX) {
  264. dwError = ERROR_INVALID_PARAMETER;
  265. BAIL_ON_WIN32_ERROR(dwError);
  266. }
  267. if (pTemp->Algos[j].uSecAlgoIdentifier >= HMAC_AH_MAX) {
  268. dwError = ERROR_INVALID_PARAMETER;
  269. BAIL_ON_WIN32_ERROR(dwError);
  270. }
  271. if (pTemp->Algos[j].uAlgoIdentifier == IPSEC_DOI_ESP_NONE) {
  272. if (pTemp->Algos[j].uSecAlgoIdentifier == HMAC_AH_NONE) {
  273. dwError = ERROR_INVALID_PARAMETER;
  274. BAIL_ON_WIN32_ERROR(dwError);
  275. }
  276. }
  277. bESP = TRUE;
  278. break;
  280. case NONE:
  281. case COMPRESSION:
  282. default:
  283. dwError = ERROR_INVALID_PARAMETER;
  284. BAIL_ON_WIN32_ERROR(dwError);
  285. break;
  287. }
  289. }
  291. pTemp++;
  293. }
  295. error:
  297. return (dwError);
  298. }
  300. DWORD
  301. CreateIniQMPolicy(
  302. PIPSEC_QM_POLICY pQMPolicy,
  303. PINIQMPOLICY * ppIniQMPolicy
  304. )
  305. {
  306. DWORD dwError = 0;
  307. PINIQMPOLICY pIniQMPolicy = NULL;
  310. dwError = AllocateSPDMemory(
  311. sizeof(INIQMPOLICY),
  312. &pIniQMPolicy
  313. );
  314. BAIL_ON_WIN32_ERROR(dwError);
  316. memcpy(
  317. &(pIniQMPolicy->gPolicyID),
  318. &(pQMPolicy->gPolicyID),
  319. sizeof(GUID)
  320. );
  322. dwError = AllocateSPDString(
  323. pQMPolicy->pszPolicyName,
  324. &(pIniQMPolicy->pszPolicyName)
  325. );
  326. BAIL_ON_WIN32_ERROR(dwError);
  328. pIniQMPolicy->cRef = 0;
  329. pIniQMPolicy->bIsPersisted = FALSE;
  331. pIniQMPolicy->dwFlags = pQMPolicy->dwFlags;
  332. pIniQMPolicy->pNext = NULL;
  334. dwError = CreateIniQMOffers(
  335. pQMPolicy->dwOfferCount,
  336. pQMPolicy->pOffers,
  337. &(pIniQMPolicy->dwOfferCount),
  338. &(pIniQMPolicy->pOffers)
  339. );
  340. BAIL_ON_WIN32_ERROR(dwError);
  342. *ppIniQMPolicy = pIniQMPolicy;
  343. return (dwError);
  345. error:
  347. if (pIniQMPolicy) {
  348. FreeIniQMPolicy(
  349. pIniQMPolicy
  350. );
  351. }
  353. *ppIniQMPolicy = NULL;
  354. return (dwError);
  355. }
  358. DWORD
  359. CreateIniQMOffers(
  360. DWORD dwInOfferCount,
  361. PIPSEC_QM_OFFER pInOffers,
  362. PDWORD pdwOfferCount,
  363. PIPSEC_QM_OFFER * ppOffers
  364. )
  365. {
  366. DWORD dwError = 0;
  367. PIPSEC_QM_OFFER pOffers = NULL;
  368. PIPSEC_QM_OFFER pTemp = NULL;
  369. PIPSEC_QM_OFFER pInTempOffer = NULL;
  370. DWORD i = 0;
  371. DWORD j = 0;
  374. //
  375. // Offer count and the offers themselves have already been validated.
  376. //
  378. dwError = AllocateSPDMemory(
  379. sizeof(IPSEC_QM_OFFER) * dwInOfferCount,
  380. &(pOffers)
  381. );
  382. BAIL_ON_WIN32_ERROR(dwError);
  384. pTemp = pOffers;
  385. pInTempOffer = pInOffers;
  387. for (i = 0; i < dwInOfferCount; i++) {
  389. memcpy(
  390. &(pTemp->Lifetime),
  391. &(pInTempOffer->Lifetime),
  392. sizeof(KEY_LIFETIME)
  393. );
  395. pTemp->dwFlags = pInTempOffer->dwFlags;
  396. pTemp->bPFSRequired = pInTempOffer->bPFSRequired;
  397. pTemp->dwPFSGroup = pInTempOffer->dwPFSGroup;
  398. pTemp->dwNumAlgos = pInTempOffer->dwNumAlgos;
  400. for (j = 0; j < (pInTempOffer->dwNumAlgos); j++) {
  401. memcpy(
  402. &(pTemp->Algos[j]),
  403. &(pInTempOffer->Algos[j]),
  404. sizeof(IPSEC_QM_ALGO)
  405. );
  406. }
  408. pInTempOffer++;
  409. pTemp++;
  411. }
  413. *pdwOfferCount = dwInOfferCount;
  414. *ppOffers = pOffers;
  415. return (dwError);
  417. error:
  419. if (pOffers) {
  420. FreeIniQMOffers(
  421. i,
  422. pOffers
  423. );
  424. }
  426. *pdwOfferCount = 0;
  427. *ppOffers = NULL;
  428. return (dwError);
  429. }
  432. VOID
  433. FreeIniQMPolicy(
  434. PINIQMPOLICY pIniQMPolicy
  435. )
  436. {
  437. if (pIniQMPolicy) {
  439. if (pIniQMPolicy->pszPolicyName) {
  440. FreeSPDString(pIniQMPolicy->pszPolicyName);
  441. }
  443. FreeIniQMOffers(
  444. pIniQMPolicy->dwOfferCount,
  445. pIniQMPolicy->pOffers
  446. );
  448. FreeSPDMemory(pIniQMPolicy);
  450. }
  451. }
  454. VOID
  455. FreeIniQMOffers(
  456. DWORD dwOfferCount,
  457. PIPSEC_QM_OFFER pOffers
  458. )
  459. {
  460. if (pOffers) {
  461. FreeSPDMemory(pOffers);
  462. }
  463. }
  466. PINIQMPOLICY
  467. FindQMPolicy(
  468. PINIQMPOLICY pIniQMPolicyList,
  469. LPWSTR pszPolicyName
  470. )
  471. {
  472. DWORD dwError = 0;
  473. PINIQMPOLICY pTemp = NULL;
  476. pTemp = pIniQMPolicyList;
  478. while (pTemp) {
  480. if (!_wcsicmp(pTemp->pszPolicyName, pszPolicyName)) {
  481. return (pTemp);
  482. }
  483. pTemp = pTemp->pNext;
  485. }
  487. return (NULL);
  488. }
  491. DWORD
  492. DeleteQMPolicy(
  493. LPWSTR pServerName,
  494. LPWSTR pszPolicyName
  495. )
  496. /*++
  498. Routine Description:
  500. This function deletes a quick mode policy from the SPD.
  502. Arguments:
  504. pServerName - Server on which the quick mode policy is to be deleted.
  506. pszPolicyName - Quick mode policy to be deleted.
  508. Return Value:
  510. ERROR_SUCCESS - Success.
  512. Win32 Error - Failure.
  514. --*/
  515. {
  516. DWORD dwError = 0;
  517. PINIQMPOLICY pIniQMPolicy = NULL;
  518. GUID gPolicyID;
  521. if (!pszPolicyName || !*pszPolicyName) {
  522. return (ERROR_INVALID_PARAMETER);
  523. }
  525. ENTER_SPD_SECTION();
  527. dwError = ValidateSecurity(
  528. SPD_OBJECT_SERVER,
  529. SERVER_ACCESS_ADMINISTER,
  530. NULL,
  531. NULL
  532. );
  533. BAIL_ON_LOCK_ERROR(dwError);
  535. pIniQMPolicy = FindQMPolicy(
  536. gpIniQMPolicy,
  537. pszPolicyName
  538. );
  539. if (!pIniQMPolicy) {
  540. dwError = ERROR_IPSEC_QM_POLICY_NOT_FOUND;
  541. BAIL_ON_LOCK_ERROR(dwError);
  542. }
  544. if (pIniQMPolicy->cRef) {
  545. dwError = ERROR_IPSEC_QM_POLICY_IN_USE;
  546. memcpy(&gPolicyID, &pIniQMPolicy->gPolicyID, sizeof(GUID));
  547. BAIL_ON_LOCK_ERROR(dwError);
  548. }
  550. memcpy(&gPolicyID, &pIniQMPolicy->gPolicyID, sizeof(GUID));
  552. if (pIniQMPolicy->bIsPersisted) {
  553. dwError = SPDPurgeQMPolicy(
  554. gPolicyID
  555. );
  556. BAIL_ON_LOCK_ERROR(dwError);
  557. }
  559. dwError = DeleteIniQMPolicy(
  560. pIniQMPolicy
  561. );
  562. BAIL_ON_LOCK_ERROR(dwError);
  564. LEAVE_SPD_SECTION();
  566. if (gbIKENotify) {
  567. (VOID) IKENotifyPolicyChange(
  568. &(gPolicyID),
  569. POLICY_GUID_QM
  570. );
  571. }
  573. return (dwError);
  575. lock:
  577. LEAVE_SPD_SECTION();
  579. if ((dwError == ERROR_IPSEC_QM_POLICY_IN_USE) && gbIKENotify) {
  580. (VOID) IKENotifyPolicyChange(
  581. &(gPolicyID),
  582. POLICY_GUID_QM
  583. );
  584. }
  586. return (dwError);
  587. }
  590. DWORD
  591. EnumQMPolicies(
  592. LPWSTR pServerName,
  593. PIPSEC_QM_POLICY * ppQMPolicies,
  594. DWORD dwPreferredNumEntries,
  595. LPDWORD pdwNumPolicies,
  596. LPDWORD pdwResumeHandle
  597. )
  598. /*++
  600. Routine Description:
  602. This function enumerates quick mode policies from the SPD.
  604. Arguments:
  606. pServerName - Server on which the quick mode policies are to
  607. be enumerated.
  609. ppQMPolicies - Enumerated quick mode policies returned to the
  610. caller.
  612. dwPreferredNumEntries - Preferred number of enumeration entries.
  614. pdwNumPolicies - Number of quick mode policies actually enumerated.
  616. pdwResumeHandle - Handle to the location in the quick mode policy
  617. list from which to resume enumeration.
  619. Return Value:
  621. ERROR_SUCCESS - Success.
  623. Win32 Error - Failure.
  625. --*/
  626. {
  627. DWORD dwError = 0;
  628. DWORD dwResumeHandle = 0;
  629. DWORD dwNumToEnum = 0;
  630. PINIQMPOLICY pIniQMPolicy = NULL;
  631. DWORD i = 0;
  632. PINIQMPOLICY pTemp = NULL;
  633. DWORD dwNumPolicies = 0;
  634. PIPSEC_QM_POLICY pQMPolicies = NULL;
  635. PIPSEC_QM_POLICY pQMPolicy = NULL;
  638. dwResumeHandle = *pdwResumeHandle;
  640. if (!dwPreferredNumEntries || (dwPreferredNumEntries > MAX_QMPOLICY_ENUM_COUNT)) {
  641. dwNumToEnum = MAX_QMPOLICY_ENUM_COUNT;
  642. }
  643. else {
  644. dwNumToEnum = dwPreferredNumEntries;
  645. }
  647. ENTER_SPD_SECTION();
  649. dwError = ValidateSecurity(
  650. SPD_OBJECT_SERVER,
  651. SERVER_ACCESS_ADMINISTER,
  652. NULL,
  653. NULL
  654. );
  655. BAIL_ON_LOCK_ERROR(dwError);
  657. pIniQMPolicy = gpIniQMPolicy;
  659. for (i = 0; (i < dwResumeHandle) && (pIniQMPolicy != NULL); i++) {
  660. pIniQMPolicy = pIniQMPolicy->pNext;
  661. }
  663. if (!pIniQMPolicy) {
  664. dwError = ERROR_NO_DATA;
  665. BAIL_ON_LOCK_ERROR(dwError);
  666. }
  668. pTemp = pIniQMPolicy;
  670. while (pTemp && (dwNumPolicies < dwNumToEnum)) {
  671. dwNumPolicies++;
  672. pTemp = pTemp->pNext;
  673. }
  675. dwError = SPDApiBufferAllocate(
  676. sizeof(IPSEC_QM_POLICY)*dwNumPolicies,
  677. &pQMPolicies
  678. );
  679. BAIL_ON_LOCK_ERROR(dwError);
  681. pTemp = pIniQMPolicy;
  682. pQMPolicy = pQMPolicies;
  684. for (i = 0; i < dwNumPolicies; i++) {
  686. dwError = CopyQMPolicy(
  687. pTemp,
  688. pQMPolicy
  689. );
  690. BAIL_ON_LOCK_ERROR(dwError);
  692. pTemp = pTemp->pNext;
  693. pQMPolicy++;
  695. }
  697. *ppQMPolicies = pQMPolicies;
  698. *pdwResumeHandle = dwResumeHandle + dwNumPolicies;
  699. *pdwNumPolicies = dwNumPolicies;
  701. LEAVE_SPD_SECTION();
  702. return (dwError);
  704. lock:
  706. LEAVE_SPD_SECTION();
  708. if (pQMPolicies) {
  709. FreeQMPolicies(
  710. i,
  711. pQMPolicies
  712. );
  713. }
  715. *ppQMPolicies = NULL;
  716. *pdwResumeHandle = dwResumeHandle;
  717. *pdwNumPolicies = 0;
  719. return (dwError);
  720. }
  723. DWORD
  724. SetQMPolicy(
  725. LPWSTR pServerName,
  726. LPWSTR pszPolicyName,
  727. PIPSEC_QM_POLICY pQMPolicy
  728. )
  729. /*++
  731. Routine Description:
  733. This function updates a quick mode policy in the SPD.
  735. Arguments:
  737. pServerName - Server on which the quick mode policy is to be
  738. updated.
  740. pszPolicyName - Name of the quick mode policy to be updated.
  742. pQMPolicy - New quick mode policy which will replace the
  743. existing policy.
  745. Return Value:
  747. ERROR_SUCCESS - Success.
  749. Win32 Error - Failure.
  751. --*/
  752. {
  753. DWORD dwError = 0;
  754. PINIQMPOLICY pIniQMPolicy = NULL;
  757. if (!pszPolicyName || !*pszPolicyName) {
  758. return (ERROR_INVALID_PARAMETER);
  759. }
  761. //
  762. // Validate quick mode policy.
  763. //
  765. dwError = ValidateQMPolicy(
  766. pQMPolicy
  767. );
  768. BAIL_ON_WIN32_ERROR(dwError);
  770. ENTER_SPD_SECTION();
  772. dwError = ValidateSecurity(
  773. SPD_OBJECT_SERVER,
  774. SERVER_ACCESS_ADMINISTER,
  775. NULL,
  776. NULL
  777. );
  778. BAIL_ON_LOCK_ERROR(dwError);
  780. pIniQMPolicy = FindQMPolicy(
  781. gpIniQMPolicy,
  782. pszPolicyName
  783. );
  784. if (!pIniQMPolicy) {
  785. dwError = ERROR_IPSEC_QM_POLICY_NOT_FOUND;
  786. BAIL_ON_LOCK_ERROR(dwError);
  787. }
  789. if (memcmp(
  790. &(pIniQMPolicy->gPolicyID),
  791. &(pQMPolicy->gPolicyID),
  792. sizeof(GUID))) {
  793. dwError = ERROR_INVALID_PARAMETER;
  794. BAIL_ON_LOCK_ERROR(dwError);
  795. }
  797. dwError = SetIniQMPolicy(
  798. pIniQMPolicy,
  799. pQMPolicy
  800. );
  801. BAIL_ON_LOCK_ERROR(dwError);
  803. if (pIniQMPolicy->bIsPersisted) {
  804. dwError = PersistQMPolicy(
  805. pQMPolicy
  806. );
  807. BAIL_ON_LOCK_ERROR(dwError);
  808. }
  810. LEAVE_SPD_SECTION();
  812. (VOID) IKENotifyPolicyChange(
  813. &(pQMPolicy->gPolicyID),
  814. POLICY_GUID_QM
  815. );
  817. return (dwError);
  819. lock:
  821. LEAVE_SPD_SECTION();
  823. error:
  825. return (dwError);
  826. }
  829. DWORD
  830. GetQMPolicy(
  831. LPWSTR pServerName,
  832. LPWSTR pszPolicyName,
  833. PIPSEC_QM_POLICY * ppQMPolicy
  834. )
  835. /*++
  837. Routine Description:
  839. This function gets a quick mode policy from the SPD.
  841. Arguments:
  843. pServerName - Server from which to get the quick mode policy.
  845. pszPolicyName - Name of the quick mode policy to get.
  847. ppQMPolicy - Quick mode policy found returned to the caller.
  849. Return Value:
  851. ERROR_SUCCESS - Success.
  853. Win32 Error - Failure.
  855. --*/
  856. {
  857. DWORD dwError = 0;
  858. PINIQMPOLICY pIniQMPolicy = NULL;
  859. PIPSEC_QM_POLICY pQMPolicy = NULL;
  862. if (!pszPolicyName || !*pszPolicyName) {
  863. dwError = ERROR_INVALID_PARAMETER;
  864. BAIL_ON_WIN32_ERROR(dwError);
  865. }
  867. ENTER_SPD_SECTION();
  869. dwError = ValidateSecurity(
  870. SPD_OBJECT_SERVER,
  871. SERVER_ACCESS_ADMINISTER,
  872. NULL,
  873. NULL
  874. );
  875. BAIL_ON_LOCK_ERROR(dwError);
  877. pIniQMPolicy = FindQMPolicy(
  878. gpIniQMPolicy,
  879. pszPolicyName
  880. );
  881. if (!pIniQMPolicy) {
  882. dwError = ERROR_IPSEC_QM_POLICY_NOT_FOUND;
  883. BAIL_ON_LOCK_ERROR(dwError);
  884. }
  886. dwError = GetIniQMPolicy(
  887. pIniQMPolicy,
  888. &pQMPolicy
  889. );
  890. BAIL_ON_LOCK_ERROR(dwError);
  892. *ppQMPolicy = pQMPolicy;
  894. LEAVE_SPD_SECTION();
  895. return (dwError);
  897. lock:
  899. LEAVE_SPD_SECTION();
  901. error:
  903. *ppQMPolicy = NULL;
  904. return (dwError);
  905. }
  908. DWORD
  909. SetIniQMPolicy(
  910. PINIQMPOLICY pIniQMPolicy,
  911. PIPSEC_QM_POLICY pQMPolicy
  912. )
  913. {
  914. DWORD dwError = 0;
  915. DWORD dwOfferCount = 0;
  916. PIPSEC_QM_OFFER pOffers = NULL;
  919. dwError = CreateIniQMOffers(
  920. pQMPolicy->dwOfferCount,
  921. pQMPolicy->pOffers,
  922. &dwOfferCount,
  923. &pOffers
  924. );
  925. BAIL_ON_WIN32_ERROR(dwError);
  927. FreeIniQMOffers(
  928. pIniQMPolicy->dwOfferCount,
  929. pIniQMPolicy->pOffers
  930. );
  932. if ((pIniQMPolicy->dwFlags) & IPSEC_QM_POLICY_DEFAULT_POLICY) {
  933. gpIniDefaultQMPolicy = NULL;
  934. }
  936. pIniQMPolicy->dwFlags = pQMPolicy->dwFlags;
  937. pIniQMPolicy->dwOfferCount = dwOfferCount;
  938. pIniQMPolicy->pOffers = pOffers;
  940. if ((pIniQMPolicy->dwFlags) & IPSEC_QM_POLICY_DEFAULT_POLICY) {
  941. gpIniDefaultQMPolicy = pIniQMPolicy;
  942. }
  944. error:
  946. return (dwError);
  947. }
  950. DWORD
  951. GetIniQMPolicy(
  952. PINIQMPOLICY pIniQMPolicy,
  953. PIPSEC_QM_POLICY * ppQMPolicy
  954. )
  955. {
  956. DWORD dwError = 0;
  957. PIPSEC_QM_POLICY pQMPolicy = NULL;
  960. dwError = SPDApiBufferAllocate(
  961. sizeof(IPSEC_QM_POLICY),
  962. &pQMPolicy
  963. );
  964. BAIL_ON_WIN32_ERROR(dwError);
  966. dwError = CopyQMPolicy(
  967. pIniQMPolicy,
  968. pQMPolicy
  969. );
  970. BAIL_ON_WIN32_ERROR(dwError);
  972. *ppQMPolicy = pQMPolicy;
  973. return (dwError);
  975. error:
  977. if (pQMPolicy) {
  978. SPDApiBufferFree(pQMPolicy);
  979. }
  981. *ppQMPolicy = NULL;
  982. return (dwError);
  983. }
  986. DWORD
  987. CopyQMPolicy(
  988. PINIQMPOLICY pIniQMPolicy,
  989. PIPSEC_QM_POLICY pQMPolicy
  990. )
  991. {
  992. DWORD dwError = 0;
  995. memcpy(
  996. &(pQMPolicy->gPolicyID),
  997. &(pIniQMPolicy->gPolicyID),
  998. sizeof(GUID)
  999. );
  1001. dwError = SPDApiBufferAllocate(
  1002. wcslen(pIniQMPolicy->pszPolicyName)*sizeof(WCHAR)
  1003. + sizeof(WCHAR),
  1004. &(pQMPolicy->pszPolicyName)
  1005. );
  1006. BAIL_ON_WIN32_ERROR(dwError);
  1008. wcscpy(pQMPolicy->pszPolicyName, pIniQMPolicy->pszPolicyName);
  1010. pQMPolicy->dwFlags = pIniQMPolicy->dwFlags;
  1012. dwError = CreateQMOffers(
  1013. pIniQMPolicy->dwOfferCount,
  1014. pIniQMPolicy->pOffers,
  1015. &(pQMPolicy->dwOfferCount),
  1016. &(pQMPolicy->pOffers)
  1017. );
  1018. BAIL_ON_WIN32_ERROR(dwError);
  1020. return (dwError);
  1022. error:
  1024. if (pQMPolicy->pszPolicyName) {
  1025. SPDApiBufferFree(pQMPolicy->pszPolicyName);
  1026. }
  1028. return (dwError);
  1029. }
  1032. DWORD
  1033. CreateQMOffers(
  1034. DWORD dwInOfferCount,
  1035. PIPSEC_QM_OFFER pInOffers,
  1036. PDWORD pdwOfferCount,
  1037. PIPSEC_QM_OFFER * ppOffers
  1038. )
  1039. {
  1040. DWORD dwError = 0;
  1041. PIPSEC_QM_OFFER pOffers = NULL;
  1042. PIPSEC_QM_OFFER pTemp = NULL;
  1043. PIPSEC_QM_OFFER pInTempOffer = NULL;
  1044. DWORD i = 0;
  1045. DWORD j = 0;
  1046. DWORD k = 0;
  1049. //
  1050. // Offer count and the offers themselves have already been validated.
  1051. //
  1053. dwError = SPDApiBufferAllocate(
  1054. sizeof(IPSEC_QM_OFFER) * dwInOfferCount,
  1055. &(pOffers)
  1056. );
  1057. BAIL_ON_WIN32_ERROR(dwError);
  1059. pTemp = pOffers;
  1060. pInTempOffer = pInOffers;
  1062. for (i = 0; i < dwInOfferCount; i++) {
  1064. memcpy(
  1065. &(pTemp->Lifetime),
  1066. &(pInTempOffer->Lifetime),
  1067. sizeof(KEY_LIFETIME)
  1068. );
  1070. pTemp->dwFlags = pInTempOffer->dwFlags;
  1071. pTemp->bPFSRequired = pInTempOffer->bPFSRequired;
  1072. pTemp->dwPFSGroup = pInTempOffer->dwPFSGroup;
  1073. pTemp->dwNumAlgos = pInTempOffer->dwNumAlgos;
  1075. for (j = 0; j < (pInTempOffer->dwNumAlgos); j++) {
  1076. memcpy(
  1077. &(pTemp->Algos[j]),
  1078. &(pInTempOffer->Algos[j]),
  1079. sizeof(IPSEC_QM_ALGO)
  1080. );
  1081. }
  1083. for (k = j; k < QM_MAX_ALGOS; k++) {
  1084. memset(&(pTemp->Algos[k]), 0, sizeof(IPSEC_QM_ALGO));
  1085. }
  1087. pInTempOffer++;
  1088. pTemp++;
  1090. }
  1092. *pdwOfferCount = dwInOfferCount;
  1093. *ppOffers = pOffers;
  1094. return (dwError);
  1096. error:
  1098. if (pOffers) {
  1099. FreeQMOffers(
  1100. i,
  1101. pOffers
  1102. );
  1103. }
  1105. *pdwOfferCount = 0;
  1106. *ppOffers = NULL;
  1107. return (dwError);
  1108. }
  1111. DWORD
  1112. DeleteIniQMPolicy(
  1113. PINIQMPOLICY pIniQMPolicy
  1114. )
  1115. {
  1116. DWORD dwError = 0;
  1117. PINIQMPOLICY * ppTemp = NULL;
  1120. ppTemp = &gpIniQMPolicy;
  1122. while (*ppTemp) {
  1124. if (*ppTemp == pIniQMPolicy) {
  1125. break;
  1126. }
  1127. ppTemp = &((*ppTemp)->pNext);
  1129. }
  1131. if (*ppTemp) {
  1132. *ppTemp = pIniQMPolicy->pNext;
  1133. }
  1135. if ((pIniQMPolicy->dwFlags) & IPSEC_QM_POLICY_DEFAULT_POLICY) {
  1136. gpIniDefaultQMPolicy = NULL;
  1137. }
  1139. FreeIniQMPolicy(pIniQMPolicy);
  1141. return (dwError);
  1142. }
  1145. VOID
  1146. FreeQMOffers(
  1147. DWORD dwOfferCount,
  1148. PIPSEC_QM_OFFER pOffers
  1149. )
  1150. {
  1151. if (pOffers) {
  1152. SPDApiBufferFree(pOffers);
  1153. }
  1154. }
  1157. VOID
  1158. FreeIniQMPolicyList(
  1159. PINIQMPOLICY pIniQMPolicyList
  1160. )
  1161. {
  1162. PINIQMPOLICY pTemp = NULL;
  1163. PINIQMPOLICY pIniQMPolicy = NULL;
  1166. pTemp = pIniQMPolicyList;
  1168. while (pTemp) {
  1170. pIniQMPolicy = pTemp;
  1171. pTemp = pTemp->pNext;
  1173. FreeIniQMPolicy(pIniQMPolicy);
  1175. }
  1176. }
  1179. PINIQMPOLICY
  1180. FindQMPolicyByGuid(
  1181. PINIQMPOLICY pIniQMPolicyList,
  1182. GUID gPolicyID
  1183. )
  1184. {
  1185. DWORD dwError = 0;
  1186. PINIQMPOLICY pTemp = NULL;
  1189. pTemp = pIniQMPolicyList;
  1191. while (pTemp) {
  1193. if (!memcmp(&(pTemp->gPolicyID), &gPolicyID, sizeof(GUID))) {
  1194. return (pTemp);
  1195. }
  1196. pTemp = pTemp->pNext;
  1198. }
  1200. return (NULL);
  1201. }
  1204. VOID
  1205. FreeQMPolicies(
  1206. DWORD dwNumQMPolicies,
  1207. PIPSEC_QM_POLICY pQMPolicies
  1208. )
  1209. {
  1210. DWORD i = 0;
  1212. if (pQMPolicies) {
  1214. for (i = 0; i < dwNumQMPolicies; i++) {
  1216. if (pQMPolicies[i].pszPolicyName) {
  1217. SPDApiBufferFree(pQMPolicies[i].pszPolicyName);
  1218. }
  1220. FreeQMOffers(
  1221. pQMPolicies[i].dwOfferCount,
  1222. pQMPolicies[i].pOffers
  1223. );
  1225. }
  1227. SPDApiBufferFree(pQMPolicies);
  1229. }
  1231. }
  1234. DWORD
  1235. GetQMPolicyByID(
  1236. LPWSTR pServerName,
  1237. GUID gQMPolicyID,
  1238. PIPSEC_QM_POLICY * ppQMPolicy
  1239. )
  1240. /*++
  1242. Routine Description:
  1244. This function gets a quick mode policy from the SPD.
  1246. Arguments:
  1248. pServerName - Server from which to get the quick mode policy.
  1250. gQMFilter - Guid of the quick mode policy to get.
  1252. ppQMPolicy - Quick mode policy found returned to the caller.
  1254. Return Value:
  1256. ERROR_SUCCESS - Success.
  1258. Win32 Error - Failure.
  1260. --*/
  1261. {
  1262. DWORD dwError = 0;
  1263. PINIQMPOLICY pIniQMPolicy = NULL;
  1264. PIPSEC_QM_POLICY pQMPolicy = NULL;
  1267. ENTER_SPD_SECTION();
  1269. dwError = ValidateSecurity(
  1270. SPD_OBJECT_SERVER,
  1271. SERVER_ACCESS_ADMINISTER,
  1272. NULL,
  1273. NULL
  1274. );
  1275. BAIL_ON_LOCK_ERROR(dwError);
  1277. pIniQMPolicy = FindQMPolicyByGuid(
  1278. gpIniQMPolicy,
  1279. gQMPolicyID
  1280. );
  1281. if (!pIniQMPolicy) {
  1282. dwError = ERROR_IPSEC_QM_POLICY_NOT_FOUND;
  1283. BAIL_ON_LOCK_ERROR(dwError);
  1284. }
  1286. dwError = GetIniQMPolicy(
  1287. pIniQMPolicy,
  1288. &pQMPolicy
  1289. );
  1290. BAIL_ON_LOCK_ERROR(dwError);
  1292. *ppQMPolicy = pQMPolicy;
  1294. LEAVE_SPD_SECTION();
  1295. return (dwError);
  1297. lock:
  1299. LEAVE_SPD_SECTION();
  1301. *ppQMPolicy = NULL;
  1302. return (dwError);
  1303. }
  1306. DWORD
  1307. LocateQMPolicy(
  1308. DWORD dwFlags,
  1309. GUID gPolicyID,
  1310. PINIQMPOLICY * ppIniQMPolicy
  1311. )
  1312. {
  1313. DWORD dwError = 0;
  1314. PINIQMPOLICY pIniQMPolicy = NULL;
  1317. if (dwFlags & IPSEC_QM_POLICY_DEFAULT_POLICY) {
  1319. if (!gpIniDefaultQMPolicy) {
  1320. dwError = ERROR_IPSEC_DEFAULT_QM_POLICY_NOT_FOUND;
  1321. BAIL_ON_WIN32_ERROR(dwError);
  1322. }
  1323. pIniQMPolicy = gpIniDefaultQMPolicy;
  1325. }
  1326. else {
  1328. pIniQMPolicy = FindQMPolicyByGuid(
  1329. gpIniQMPolicy,
  1330. gPolicyID
  1331. );
  1332. if (!pIniQMPolicy) {
  1333. dwError = ERROR_IPSEC_QM_POLICY_NOT_FOUND;
  1334. BAIL_ON_WIN32_ERROR(dwError);
  1335. }
  1337. }
  1339. *ppIniQMPolicy = pIniQMPolicy;
  1340. return (dwError);
  1342. error:
  1344. *ppIniQMPolicy = NULL;
  1345. return (dwError);
  1347. }