//---------------------------------------------------------------------------- // // Microsoft Windows // Copyright (C) Microsoft Corporation, 2000. // // File: negpols-d.c // // Contents: NegPol management for directory. // // // History: KrishnaG // AbhisheV // //---------------------------------------------------------------------------- #include "precomp.h" extern LPWSTR NegPolDNAttributes[]; DWORD DirEnumNegPolData( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, PIPSEC_NEGPOL_DATA ** pppIpsecNegPolData, PDWORD pdwNumNegPolObjects ) { DWORD dwError = 0; PIPSEC_NEGPOL_OBJECT * ppIpsecNegPolObjects = NULL; PIPSEC_NEGPOL_DATA pIpsecNegPolData = NULL; PIPSEC_NEGPOL_DATA * ppIpsecNegPolData = NULL; DWORD dwNumNegPolObjects = 0; DWORD i = 0; DWORD j = 0; dwError = DirEnumNegPolObjects( hLdapBindHandle, pszIpsecRootContainer, &ppIpsecNegPolObjects, &dwNumNegPolObjects ); BAIL_ON_WIN32_ERROR(dwError); if (dwNumNegPolObjects) { ppIpsecNegPolData = (PIPSEC_NEGPOL_DATA *) AllocPolMem( dwNumNegPolObjects*sizeof(PIPSEC_NEGPOL_DATA)); if (!ppIpsecNegPolData) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } } for (i = 0; i < dwNumNegPolObjects; i++) { dwError = DirUnmarshallNegPolData( *(ppIpsecNegPolObjects + i), &pIpsecNegPolData ); if (!dwError) { *(ppIpsecNegPolData + j) = pIpsecNegPolData; j++; } } if (j == 0) { if (ppIpsecNegPolData) { FreePolMem(ppIpsecNegPolData); ppIpsecNegPolData = NULL; } } *pppIpsecNegPolData = ppIpsecNegPolData; *pdwNumNegPolObjects = j; dwError = ERROR_SUCCESS; cleanup: if (ppIpsecNegPolObjects) { FreeIpsecNegPolObjects( ppIpsecNegPolObjects, dwNumNegPolObjects ); } return(dwError); error: if (ppIpsecNegPolData) { FreeMulIpsecNegPolData( ppIpsecNegPolData, i ); } *pppIpsecNegPolData = NULL; *pdwNumNegPolObjects = 0; goto cleanup; } DWORD DirEnumNegPolObjects( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, PIPSEC_NEGPOL_OBJECT ** pppIpsecNegPolObjects, PDWORD pdwNumNegPolObjects ) { LDAPMessage *res = NULL; LDAPMessage *e = NULL; DWORD dwError = 0; LPWSTR pszNegPolString = NULL; DWORD i = 0; DWORD dwCount = 0; PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject = NULL; PIPSEC_NEGPOL_OBJECT * ppIpsecNegPolObjects = NULL; DWORD dwNumNegPolObjectsReturned = 0; dwError = GenerateAllNegPolsQuery( &pszNegPolString ); BAIL_ON_WIN32_ERROR(dwError); dwError = LdapSearchST( hLdapBindHandle, pszIpsecRootContainer, LDAP_SCOPE_ONELEVEL, pszNegPolString, NegPolDNAttributes, 0, NULL, &res ); BAIL_ON_WIN32_ERROR(dwError); dwCount = LdapCountEntries( hLdapBindHandle, res ); if (!dwCount) { dwError = ERROR_DS_NO_ATTRIBUTE_OR_VALUE; BAIL_ON_WIN32_ERROR(dwError); } ppIpsecNegPolObjects = (PIPSEC_NEGPOL_OBJECT *)AllocPolMem( sizeof(PIPSEC_NEGPOL_OBJECT)*dwCount ); if (!ppIpsecNegPolObjects) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } for (i = 0; i < dwCount; i++) { if (i == 0) { dwError = LdapFirstEntry( hLdapBindHandle, res, &e ); BAIL_ON_WIN32_ERROR(dwError); } else { dwError = LdapNextEntry( hLdapBindHandle, e, &e ); BAIL_ON_WIN32_ERROR(dwError); } dwError =UnMarshallNegPolObject( hLdapBindHandle, e, &pIpsecNegPolObject ); if (dwError == ERROR_SUCCESS) { *(ppIpsecNegPolObjects + dwNumNegPolObjectsReturned) = pIpsecNegPolObject; dwNumNegPolObjectsReturned++; } } *pppIpsecNegPolObjects = ppIpsecNegPolObjects; *pdwNumNegPolObjects = dwNumNegPolObjectsReturned; dwError = ERROR_SUCCESS; cleanup: if (pszNegPolString) { FreePolMem(pszNegPolString); } if (res) { LdapMsgFree(res); } return(dwError); error: if (ppIpsecNegPolObjects) { FreeIpsecNegPolObjects( ppIpsecNegPolObjects, dwNumNegPolObjectsReturned ); } *pppIpsecNegPolObjects = NULL; *pdwNumNegPolObjects = 0; goto cleanup; } DWORD DirSetNegPolData( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, PIPSEC_NEGPOL_DATA pIpsecNegPolData ) { DWORD dwError = 0; PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject = NULL; dwError = DirMarshallNegPolObject( pIpsecNegPolData, pszIpsecRootContainer, &pIpsecNegPolObject ); BAIL_ON_WIN32_ERROR(dwError); dwError = DirSetNegPolObject( hLdapBindHandle, pszIpsecRootContainer, pIpsecNegPolObject ); BAIL_ON_WIN32_ERROR(dwError); dwError = DirBackPropIncChangesForNegPolToNFA( hLdapBindHandle, pszIpsecRootContainer, pIpsecNegPolData->NegPolIdentifier ); BAIL_ON_WIN32_ERROR(dwError); error: if (pIpsecNegPolObject) { FreeIpsecNegPolObject(pIpsecNegPolObject); } return(dwError); } DWORD DirSetNegPolObject( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject ) { DWORD dwError = 0; LDAPModW ** ppLDAPModW = NULL; dwError = DirMarshallSetNegPolObject( hLdapBindHandle, pszIpsecRootContainer, pIpsecNegPolObject, &ppLDAPModW ); BAIL_ON_WIN32_ERROR(dwError); dwError = LdapModifyS( hLdapBindHandle, pIpsecNegPolObject->pszDistinguishedName, ppLDAPModW ); BAIL_ON_WIN32_ERROR(dwError); error: // // Free the amods structures. // if (ppLDAPModW) { FreeLDAPModWs( ppLDAPModW ); } return(dwError); } DWORD DirCreateNegPolData( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, PIPSEC_NEGPOL_DATA pIpsecNegPolData ) { DWORD dwError = 0; PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject = NULL; dwError = DirMarshallNegPolObject( pIpsecNegPolData, pszIpsecRootContainer, &pIpsecNegPolObject ); BAIL_ON_WIN32_ERROR(dwError); dwError = DirCreateNegPolObject( hLdapBindHandle, pszIpsecRootContainer, pIpsecNegPolObject ); BAIL_ON_WIN32_ERROR(dwError); error: if (pIpsecNegPolObject) { FreeIpsecNegPolObject( pIpsecNegPolObject ); } return(dwError); } DWORD DirCreateNegPolObject( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject ) { DWORD dwError = 0; LDAPModW ** ppLDAPModW = NULL; dwError = DirMarshallAddNegPolObject( hLdapBindHandle, pszIpsecRootContainer, pIpsecNegPolObject, &ppLDAPModW ); BAIL_ON_WIN32_ERROR(dwError); dwError = LdapAddS( hLdapBindHandle, pIpsecNegPolObject->pszDistinguishedName, ppLDAPModW ); BAIL_ON_WIN32_ERROR(dwError); error: // // Free the amods structures. // if (ppLDAPModW) { FreeLDAPModWs( ppLDAPModW ); } return(dwError); } DWORD DirDeleteNegPolData( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, GUID NegPolIdentifier ) { DWORD dwError = ERROR_SUCCESS; WCHAR szGuid[MAX_PATH]; WCHAR szDistinguishedName[MAX_PATH]; LPWSTR pszStringUuid = NULL; szGuid[0] = L'\0'; szDistinguishedName[0] = L'\0'; dwError = UuidToString( &NegPolIdentifier, &pszStringUuid ); BAIL_ON_WIN32_ERROR(dwError); wcscpy(szGuid, L"{"); wcscat(szGuid, pszStringUuid); wcscat(szGuid, L"}"); wcscpy(szDistinguishedName,L"CN=ipsecNegotiationPolicy"); wcscat(szDistinguishedName, szGuid); wcscat(szDistinguishedName, L","); wcscat(szDistinguishedName, pszIpsecRootContainer); dwError = LdapDeleteS( hLdapBindHandle, szDistinguishedName ); BAIL_ON_WIN32_ERROR(dwError); error: if (pszStringUuid) { RpcStringFree(&pszStringUuid); } return(dwError); } DWORD DirMarshallAddNegPolObject( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject, LDAPModW *** pppLDAPModW ) { DWORD i = 0; LDAPModW ** ppLDAPModW = NULL; LDAPModW * pLDAPModW = NULL; DWORD dwNumAttributes = 8; DWORD dwError = 0; WCHAR Buffer[64]; if (!pIpsecNegPolObject->pszIpsecName || !*pIpsecNegPolObject->pszIpsecName) { dwNumAttributes--; } if (!pIpsecNegPolObject->pszDescription || !*pIpsecNegPolObject->pszDescription) { dwNumAttributes--; } ppLDAPModW = (LDAPModW **) AllocPolMem( (dwNumAttributes+1) * sizeof(LDAPModW*) ); if (!ppLDAPModW) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } pLDAPModW = (LDAPModW *) AllocPolMem( dwNumAttributes * sizeof(LDAPModW) ); if (!pLDAPModW) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } // // 0. objectClass // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"objectClass", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPStringValue( L"ipsecNegotiationPolicy", (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; // // 1. ipsecName // if (pIpsecNegPolObject->pszIpsecName && *pIpsecNegPolObject->pszIpsecName) { ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecName", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPStringValue( pIpsecNegPolObject->pszIpsecName, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; } // // 2. ipsecID // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecID", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPStringValue( pIpsecNegPolObject->pszIpsecID, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; // // 3. ipsecDataType // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecDataType", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); _itow( pIpsecNegPolObject->dwIpsecDataType, Buffer, 10 ); dwError = AllocateLDAPStringValue( Buffer, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; // // 4. ipsecData // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecData", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPBinaryValue( pIpsecNegPolObject->pIpsecData, pIpsecNegPolObject->dwIpsecDataLen, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW+i)->mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES; i++; // // 5. description // if (pIpsecNegPolObject->pszDescription && *pIpsecNegPolObject->pszDescription) { ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"description", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPStringValue( pIpsecNegPolObject->pszDescription, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; } // // 6. ipsecNegotiationPolicyAction // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecNegotiationPolicyAction", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPStringValue( pIpsecNegPolObject->pszIpsecNegPolAction, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; // // 7. ipsecNegotiationPolicyType // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecNegotiationPolicyType", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPStringValue( pIpsecNegPolObject->pszIpsecNegPolType, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; *pppLDAPModW = ppLDAPModW; return(dwError); error: if (ppLDAPModW) { FreeLDAPModWs( ppLDAPModW ); } *pppLDAPModW = NULL; return(dwError); } DWORD DirMarshallSetNegPolObject( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject, LDAPModW *** pppLDAPModW ) { DWORD i = 0; LDAPModW ** ppLDAPModW = NULL; LDAPModW * pLDAPModW = NULL; DWORD dwNumAttributes = 7; DWORD dwError = 0; WCHAR Buffer[64]; if (!pIpsecNegPolObject->pszIpsecName || !*pIpsecNegPolObject->pszIpsecName) { dwNumAttributes--; } if (!pIpsecNegPolObject->pszDescription || !*pIpsecNegPolObject->pszDescription) { dwNumAttributes--; } ppLDAPModW = (LDAPModW **) AllocPolMem( (dwNumAttributes+1) * sizeof(LDAPModW*) ); if (!ppLDAPModW) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } pLDAPModW = (LDAPModW *) AllocPolMem( dwNumAttributes * sizeof(LDAPModW) ); if (!pLDAPModW) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } // // 1. ipsecName // if (pIpsecNegPolObject->pszIpsecName && *pIpsecNegPolObject->pszIpsecName) { ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecName", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPStringValue( pIpsecNegPolObject->pszIpsecName, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; } // // 2. ipsecID // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecID", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPStringValue( pIpsecNegPolObject->pszIpsecID, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; // // 3. ipsecDataType // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecDataType", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); _itow( pIpsecNegPolObject->dwIpsecDataType, Buffer, 10 ); dwError = AllocateLDAPStringValue( Buffer, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; // // 4. ipsecData // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecData", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPBinaryValue( pIpsecNegPolObject->pIpsecData, pIpsecNegPolObject->dwIpsecDataLen, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW+i)->mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES; i++; // // 5. description // if (pIpsecNegPolObject->pszDescription && *pIpsecNegPolObject->pszDescription) { ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"description", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPStringValue( pIpsecNegPolObject->pszDescription, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; } // // 6. ipsecNegotiationPolicyAction // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecNegotiationPolicyAction", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPStringValue( pIpsecNegPolObject->pszIpsecNegPolAction, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; // // 7. ipsecNegotiationPolicyType // ppLDAPModW[i] = pLDAPModW + i; dwError = AllocatePolString( L"ipsecNegotiationPolicyType", &(pLDAPModW +i)->mod_type ); BAIL_ON_WIN32_ERROR(dwError); dwError = AllocateLDAPStringValue( pIpsecNegPolObject->pszIpsecNegPolType, (PLDAPOBJECT *)&(pLDAPModW +i)->mod_values ); BAIL_ON_WIN32_ERROR(dwError); (pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE; i++; *pppLDAPModW = ppLDAPModW; return(dwError); error: if (ppLDAPModW) { FreeLDAPModWs( ppLDAPModW ); } *pppLDAPModW = NULL; return(dwError); } DWORD GenerateAllNegPolsQuery( LPWSTR * ppszNegPolString ) { DWORD dwError = 0; DWORD dwLength = 0; LPWSTR pszNegPolString = NULL; // // Compute Length of Buffer to be allocated // dwLength = wcslen(L"(objectclass=ipsecNegotiationPolicy)"); pszNegPolString = (LPWSTR) AllocPolMem((dwLength + 1)*sizeof(WCHAR)); if (!pszNegPolString) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } // // Now fill in the buffer // wcscpy(pszNegPolString, L"(objectclass=ipsecNegotiationPolicy)"); *ppszNegPolString = pszNegPolString; return(0); error: if (pszNegPolString) { FreePolMem(pszNegPolString); } *ppszNegPolString = NULL; return(dwError); } DWORD DirUnmarshallNegPolData( PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject, PIPSEC_NEGPOL_DATA * ppIpsecNegPolData ) { DWORD dwError = 0; dwError = UnmarshallNegPolObject( pIpsecNegPolObject, ppIpsecNegPolData ); return(dwError); } DWORD DirMarshallNegPolObject( PIPSEC_NEGPOL_DATA pIpsecNegPolData, LPWSTR pszIpsecRootContainer, PIPSEC_NEGPOL_OBJECT * ppIpsecNegPolObject ) { DWORD dwError = 0; PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject = NULL; WCHAR szGuid[MAX_PATH]; WCHAR szDistinguishedName[MAX_PATH]; LPBYTE pBuffer = NULL; DWORD dwBufferLen = 0; LPWSTR pszStringUuid = NULL; LPWSTR pszNegPolActionUuid = NULL; LPWSTR pszNegPolTypeUuid = NULL; WCHAR szGuidAction[MAX_PATH]; WCHAR szGuidType[MAX_PATH]; szGuidAction[0] = L'\0'; szGuidType[0] = L'\0'; szGuid[0] = L'\0'; szDistinguishedName[0] = L'\0'; pIpsecNegPolObject = (PIPSEC_NEGPOL_OBJECT)AllocPolMem( sizeof(IPSEC_NEGPOL_OBJECT) ); if (!pIpsecNegPolObject) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } dwError = UuidToString( &pIpsecNegPolData->NegPolIdentifier, &pszStringUuid ); BAIL_ON_WIN32_ERROR(dwError); wcscpy(szGuid, L"{"); wcscat(szGuid, pszStringUuid); wcscat(szGuid, L"}"); // // Fill in the distinguishedName // wcscpy(szDistinguishedName,L"CN=ipsecNegotiationPolicy"); wcscat(szDistinguishedName, szGuid); wcscat(szDistinguishedName, L","); wcscat(szDistinguishedName, pszIpsecRootContainer); pIpsecNegPolObject->pszDistinguishedName = AllocPolStr( szDistinguishedName ); if (!pIpsecNegPolObject->pszDistinguishedName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } // // Fill in the ipsecName // if (pIpsecNegPolData->pszIpsecName && *pIpsecNegPolData->pszIpsecName) { pIpsecNegPolObject->pszIpsecName = AllocPolStr( pIpsecNegPolData->pszIpsecName ); if (!pIpsecNegPolObject->pszIpsecName) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } } if (pIpsecNegPolData->pszDescription && *pIpsecNegPolData->pszDescription) { pIpsecNegPolObject->pszDescription = AllocPolStr( pIpsecNegPolData->pszDescription ); if (!pIpsecNegPolObject->pszDescription) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } } // // Fill in the ipsecID // pIpsecNegPolObject->pszIpsecID = AllocPolStr( szGuid ); if (!pIpsecNegPolObject->pszIpsecID) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } dwError = UuidToString( &pIpsecNegPolData->NegPolAction, &pszNegPolActionUuid ); BAIL_ON_WIN32_ERROR(dwError); wcscpy(szGuidAction, L"{"); wcscat(szGuidAction, pszNegPolActionUuid); wcscat(szGuidAction, L"}"); pIpsecNegPolObject->pszIpsecNegPolAction = AllocPolStr( szGuidAction ); if (!pIpsecNegPolObject->pszIpsecNegPolAction) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } dwError = UuidToString( &pIpsecNegPolData->NegPolType, &pszNegPolTypeUuid ); BAIL_ON_WIN32_ERROR(dwError); wcscpy(szGuidType, L"{"); wcscat(szGuidType, pszNegPolTypeUuid); wcscat(szGuidType, L"}"); pIpsecNegPolObject->pszIpsecNegPolType = AllocPolStr( szGuidType ); if (!pIpsecNegPolObject->pszIpsecNegPolType) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } // // Fill in the ipsecDataType // pIpsecNegPolObject->dwIpsecDataType = 0x100; // // Marshall the pIpsecDataBuffer and the Length // dwError = MarshallNegPolBuffer( pIpsecNegPolData, &pBuffer, &dwBufferLen ); BAIL_ON_WIN32_ERROR(dwError); pIpsecNegPolObject->pIpsecData = pBuffer; pIpsecNegPolObject->dwIpsecDataLen = dwBufferLen; pIpsecNegPolObject->dwWhenChanged = 0; *ppIpsecNegPolObject = pIpsecNegPolObject; cleanup: if (pszStringUuid) { RpcStringFree( &pszStringUuid ); } if (pszNegPolActionUuid) { RpcStringFree( &pszNegPolActionUuid ); } if (pszNegPolTypeUuid) { RpcStringFree( &pszNegPolTypeUuid ); } return(dwError); error: if (pIpsecNegPolObject) { FreeIpsecNegPolObject( pIpsecNegPolObject ); } *ppIpsecNegPolObject = NULL; goto cleanup; } DWORD DirGetNegPolData( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, GUID NegPolGUID, PIPSEC_NEGPOL_DATA * ppIpsecNegPolData ) { DWORD dwError = 0; PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject = NULL; PIPSEC_NEGPOL_DATA pIpsecNegPolData = NULL; dwError = DirGetNegPolObject( hLdapBindHandle, pszIpsecRootContainer, NegPolGUID, &pIpsecNegPolObject ); BAIL_ON_WIN32_ERROR(dwError); dwError = DirUnmarshallNegPolData( pIpsecNegPolObject, &pIpsecNegPolData ); BAIL_ON_WIN32_ERROR(dwError); *ppIpsecNegPolData = pIpsecNegPolData; cleanup: if (pIpsecNegPolObject) { FreeIpsecNegPolObject( pIpsecNegPolObject ); } return(dwError); error: *ppIpsecNegPolData = NULL; goto cleanup; } DWORD DirGetNegPolObject( HLDAP hLdapBindHandle, LPWSTR pszIpsecRootContainer, GUID NegPolGUID, PIPSEC_NEGPOL_OBJECT * ppIpsecNegPolObject ) { DWORD dwError = 0; LPWSTR pszNegPolString = NULL; LDAPMessage * res = NULL; DWORD dwCount = 0; LDAPMessage * e = NULL; PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject = NULL; dwError = GenerateSpecificNegPolQuery( NegPolGUID, &pszNegPolString ); BAIL_ON_WIN32_ERROR(dwError); dwError = LdapSearchST( hLdapBindHandle, pszIpsecRootContainer, LDAP_SCOPE_ONELEVEL, pszNegPolString, NegPolDNAttributes, 0, NULL, &res ); BAIL_ON_WIN32_ERROR(dwError); dwCount = LdapCountEntries( hLdapBindHandle, res ); if (!dwCount) { dwError = ERROR_DS_NO_ATTRIBUTE_OR_VALUE; BAIL_ON_WIN32_ERROR(dwError); } dwError = LdapFirstEntry( hLdapBindHandle, res, &e ); BAIL_ON_WIN32_ERROR(dwError); dwError = UnMarshallNegPolObject( hLdapBindHandle, e, &pIpsecNegPolObject ); BAIL_ON_WIN32_ERROR(dwError); *ppIpsecNegPolObject = pIpsecNegPolObject; dwError = ERROR_SUCCESS; cleanup: if (pszNegPolString) { FreePolMem(pszNegPolString); } if (res) { LdapMsgFree(res); } return(dwError); error: if (pIpsecNegPolObject) { FreeIpsecNegPolObject( pIpsecNegPolObject ); } *ppIpsecNegPolObject = NULL; goto cleanup; } DWORD GenerateSpecificNegPolQuery( GUID NegPolIdentifier, LPWSTR * ppszNegPolString ) { DWORD dwError = ERROR_SUCCESS; WCHAR szGuid[MAX_PATH]; WCHAR szCommonName[MAX_PATH]; LPWSTR pszStringUuid = NULL; DWORD dwLength = 0; LPWSTR pszNegPolString = NULL; szGuid[0] = L'\0'; szCommonName[0] = L'\0'; dwError = UuidToString( &NegPolIdentifier, &pszStringUuid ); BAIL_ON_WIN32_ERROR(dwError); wcscpy(szGuid, L"{"); wcscat(szGuid, pszStringUuid); wcscat(szGuid, L"}"); wcscpy(szCommonName, L"cn=ipsecNegotiationPolicy"); wcscat(szCommonName, szGuid); // // Compute Length of Buffer to be allocated // dwLength = wcslen(L"(&(objectclass=ipsecNegotiationPolicy)"); dwLength += wcslen(L"("); dwLength += wcslen(szCommonName); dwLength += wcslen(L"))"); pszNegPolString = (LPWSTR) AllocPolMem((dwLength + 1)*sizeof(WCHAR)); if (!pszNegPolString) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_WIN32_ERROR(dwError); } wcscpy(pszNegPolString, L"(&(objectclass=ipsecNegotiationPolicy)"); wcscat(pszNegPolString, L"("); wcscat(pszNegPolString, szCommonName); wcscat(pszNegPolString, L"))"); *ppszNegPolString = pszNegPolString; cleanup: if (pszStringUuid) { RpcStringFree(&pszStringUuid); } return(dwError); error: if (pszNegPolString) { FreePolMem(pszNegPolString); } *ppszNegPolString = NULL; goto cleanup; }