mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
460 lines
9.2 KiB
460 lines
9.2 KiB
/**********************************************************************/
|
|
/** Microsoft Windows/NT **/
|
|
/** Copyright(c) Microsoft Corporation, 1997 - 1999 **/
|
|
/**********************************************************************/
|
|
|
|
/*
|
|
spdutil.cpp
|
|
|
|
FILE HISTORY:
|
|
|
|
*/
|
|
#include "stdafx.h"
|
|
#include "winipsec.h"
|
|
#include "spdutil.h"
|
|
#include "objplus.h"
|
|
#include "ipaddres.h"
|
|
#include "spddb.h"
|
|
#include "server.h"
|
|
|
|
extern CHashTable g_HashTable;
|
|
|
|
const DWORD IPSM_PROTOCOL_TCP = 6;
|
|
const DWORD IPSM_PROTOCOL_UDP = 17;
|
|
|
|
const TCHAR c_szSingleAddressMask[] = _T("255.255.255.255");
|
|
|
|
const ProtocolStringMap c_ProtocolStringMap[] =
|
|
{
|
|
{0, IDS_PROTOCOL_ANY},
|
|
{1, IDS_PROTOCOL_ICMP},
|
|
{3, IDS_PROTOCOL_GGP},
|
|
{6, IDS_PROTOCOL_TCP},
|
|
{8, IDS_PROTOCOL_EGP},
|
|
{12, IDS_PROTOCOL_PUP},
|
|
{17, IDS_PROTOCOL_UDP},
|
|
{20, IDS_PROTOCOL_HMP},
|
|
{22, IDS_PROTOCOL_XNS_IDP},
|
|
{27, IDS_PROTOCOL_RDP},
|
|
{66, IDS_PROTOCOL_RVD}
|
|
};
|
|
|
|
const int c_nProtocols = DimensionOf(c_ProtocolStringMap);
|
|
|
|
ULONG RevertDwordBytes(DWORD dw)
|
|
{
|
|
ULONG ulRet;
|
|
ulRet = dw >> 24;
|
|
ulRet += (dw & 0xFF0000) >> 8;
|
|
ulRet += (dw & 0x00FF00) << 8;
|
|
ulRet += (dw & 0x0000FF) << 24;
|
|
|
|
return ulRet;
|
|
}
|
|
|
|
void PortToString
|
|
(
|
|
PORT port,
|
|
CString * pst
|
|
)
|
|
{
|
|
if (0 == port.wPort)
|
|
{
|
|
pst->LoadString(IDS_PORT_ANY);
|
|
}
|
|
else
|
|
{
|
|
pst->Format(_T("%d"), port.wPort);
|
|
}
|
|
}
|
|
|
|
void FilterFlagToString
|
|
(
|
|
FILTER_FLAG FltrFlag,
|
|
CString * pst
|
|
)
|
|
{
|
|
pst->Empty();
|
|
switch(FltrFlag)
|
|
{
|
|
case PASS_THRU:
|
|
pst->LoadString(IDS_PASS_THROUGH);
|
|
break;
|
|
case BLOCKING:
|
|
pst->LoadString(IDS_BLOCKING);
|
|
break;
|
|
case NEGOTIATE_SECURITY:
|
|
pst->LoadString(IDS_NEG_SEC);
|
|
break;
|
|
}
|
|
}
|
|
|
|
void ProtocolToString
|
|
(
|
|
PROTOCOL protocol,
|
|
CString * pst
|
|
)
|
|
{
|
|
BOOL fFound = FALSE;
|
|
for (int i = 0; i < DimensionOf(c_ProtocolStringMap); i++)
|
|
{
|
|
if (c_ProtocolStringMap[i].dwProtocol == protocol.dwProtocol)
|
|
{
|
|
pst->LoadString(c_ProtocolStringMap[i].nStringID);
|
|
fFound = TRUE;
|
|
}
|
|
}
|
|
|
|
if (!fFound)
|
|
{
|
|
pst->Format(IDS_OTHER_PROTO, protocol.dwProtocol);
|
|
}
|
|
}
|
|
|
|
void InterfaceTypeToString
|
|
(
|
|
IF_TYPE ifType,
|
|
CString * pst
|
|
)
|
|
{
|
|
switch (ifType)
|
|
{
|
|
case INTERFACE_TYPE_ALL:
|
|
pst->LoadString (IDS_IF_TYPE_ALL);
|
|
break;
|
|
|
|
case INTERFACE_TYPE_LAN:
|
|
pst->LoadString (IDS_IF_TYPE_LAN);
|
|
break;
|
|
|
|
case INTERFACE_TYPE_DIALUP:
|
|
pst->LoadString (IDS_IF_TYPE_RAS);
|
|
break;
|
|
|
|
default:
|
|
pst->LoadString (IDS_UNKNOWN);
|
|
break;
|
|
}
|
|
}
|
|
|
|
void BoolToString
|
|
(
|
|
BOOL bl,
|
|
CString * pst
|
|
)
|
|
{
|
|
if (bl)
|
|
pst->LoadString (IDS_YES);
|
|
else
|
|
pst->LoadString (IDS_NO);
|
|
}
|
|
|
|
void DirectionToString
|
|
(
|
|
DWORD dwDir,
|
|
CString * pst
|
|
)
|
|
{
|
|
switch (dwDir)
|
|
{
|
|
case FILTER_DIRECTION_INBOUND:
|
|
pst->LoadString(IDS_FLTR_DIR_IN);
|
|
break;
|
|
case FILTER_DIRECTION_OUTBOUND:
|
|
pst->LoadString(IDS_FLTR_DIR_OUT);
|
|
break;
|
|
default:
|
|
pst->Empty();
|
|
break;
|
|
}
|
|
}
|
|
|
|
void DoiEspAlgorithmToString
|
|
(
|
|
IPSEC_MM_ALGO algo,
|
|
CString * pst
|
|
)
|
|
{
|
|
switch (algo.uAlgoIdentifier)
|
|
{
|
|
case IPSEC_DOI_ESP_NONE:
|
|
pst->LoadString(IDS_DOI_ESP_NONE);
|
|
break;
|
|
case IPSEC_DOI_ESP_DES:
|
|
pst->LoadString(IDS_DOI_ESP_DES);
|
|
break;
|
|
case IPSEC_DOI_ESP_3_DES:
|
|
pst->LoadString(IDS_DOI_ESP_3_DES);
|
|
break;
|
|
default:
|
|
pst->Empty();
|
|
break;
|
|
}
|
|
}
|
|
|
|
void DoiAuthAlgorithmToString
|
|
(
|
|
IPSEC_MM_ALGO algo,
|
|
CString * pst
|
|
)
|
|
{
|
|
switch(algo.uAlgoIdentifier)
|
|
{
|
|
case IPSEC_DOI_AH_NONE:
|
|
pst->LoadString(IDS_DOI_AH_NONE);
|
|
break;
|
|
case IPSEC_DOI_AH_MD5:
|
|
pst->LoadString(IDS_DOI_AH_MD5);
|
|
break;
|
|
case IPSEC_DOI_AH_SHA1:
|
|
pst->LoadString(IDS_DOI_AH_SHA);
|
|
break;
|
|
default:
|
|
pst->Empty();
|
|
break;
|
|
}
|
|
}
|
|
|
|
void DhGroupToString(DWORD dwGp, CString * pst)
|
|
{
|
|
switch(dwGp)
|
|
{
|
|
case 1:
|
|
pst->LoadString(IDS_DHGROUP_LOW);
|
|
break;
|
|
case 2:
|
|
pst->LoadString(IDS_DHGROUP_MEDIUM);
|
|
break;
|
|
case 3:
|
|
pst->LoadString(IDS_DHGROUP_HIGH);
|
|
break;
|
|
default:
|
|
pst->Format(_T("%d"), dwGp);
|
|
break;
|
|
}
|
|
}
|
|
|
|
void MmAuthToString(MM_AUTH_ENUM auth, CString * pst)
|
|
{
|
|
switch(auth)
|
|
{
|
|
case IKE_PRESHARED_KEY:
|
|
pst->LoadString(IDS_IKE_PRESHARED_KEY);
|
|
break;
|
|
case IKE_DSS_SIGNATURE:
|
|
pst->LoadString(IDS_IKE_DSS_SIGNATURE);
|
|
break;
|
|
case IKE_RSA_SIGNATURE:
|
|
pst->LoadString(IDS_IKE_RSA_SIGNATURE);
|
|
break;
|
|
case IKE_RSA_ENCRYPTION:
|
|
pst->LoadString(IDS_IKE_RSA_ENCRYPTION);
|
|
break;
|
|
case IKE_SSPI:
|
|
pst->LoadString(IDS_IKE_SSPI);
|
|
break;
|
|
default:
|
|
pst->Empty();
|
|
break;
|
|
}
|
|
}
|
|
|
|
void KeyLifetimeToString(KEY_LIFETIME lifetime, CString * pst)
|
|
{
|
|
pst->Format(IDS_KEY_LIFE_TIME, lifetime.uKeyExpirationKBytes, lifetime.uKeyExpirationTime);
|
|
}
|
|
|
|
void IpToString(ULONG ulIp, CString *pst)
|
|
{
|
|
ULONG ul;
|
|
CIpAddress ipAddr;
|
|
ul = RevertDwordBytes(ulIp);
|
|
ipAddr = ul;
|
|
*pst = (CString) ipAddr;
|
|
}
|
|
|
|
void AddressToString(ADDR addr, CString * pst, BOOL * pfIsDnsName)
|
|
{
|
|
Assert(pst);
|
|
if (NULL == pst)
|
|
return;
|
|
|
|
if (pfIsDnsName)
|
|
{
|
|
*pfIsDnsName = FALSE;
|
|
}
|
|
|
|
ULONG ul;
|
|
CIpAddress ipAddr;
|
|
|
|
pst->Empty();
|
|
|
|
switch (addr.AddrType)
|
|
{
|
|
case IP_ADDR_UNIQUE:
|
|
if (IP_ADDRESS_ME == addr.uIpAddr)
|
|
{
|
|
pst->LoadString(IDS_ADDR_ME);
|
|
}
|
|
else
|
|
{
|
|
HashEntry *pHashEntry=NULL;
|
|
|
|
if (g_HashTable.GetObject(&pHashEntry,*(in_addr*)&addr.uIpAddr) != ERROR_SUCCESS) {
|
|
ul = RevertDwordBytes(addr.uIpAddr);
|
|
ipAddr = ul;
|
|
*pst = (CString) ipAddr;
|
|
}
|
|
else
|
|
{
|
|
*pst=pHashEntry->HostName;
|
|
if (pfIsDnsName)
|
|
{
|
|
*pfIsDnsName = TRUE;
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
case IP_ADDR_SUBNET:
|
|
if (SUBNET_ADDRESS_ANY == addr.uSubNetMask)
|
|
{
|
|
pst->LoadString(IDS_ADDR_ANY);
|
|
}
|
|
else
|
|
{
|
|
ul = RevertDwordBytes(addr.uIpAddr);
|
|
ipAddr = ul;
|
|
*pst = (CString) ipAddr;
|
|
*pst += _T("(");
|
|
ul = RevertDwordBytes(addr.uSubNetMask);
|
|
ipAddr = ul;
|
|
*pst += (CString) ipAddr;
|
|
*pst += _T(")");
|
|
}
|
|
break;
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void IpsecByteBlobToString(const IPSEC_BYTE_BLOB& blob, CString * pst)
|
|
{
|
|
Assert(pst);
|
|
if (NULL == pst)
|
|
return;
|
|
|
|
pst->Empty();
|
|
//TODO to translate the blob info to readable strings
|
|
}
|
|
|
|
void QmAlgorithmToString
|
|
(
|
|
QM_ALGO_TYPE type,
|
|
CQmOffer * pOffer,
|
|
CString * pst
|
|
)
|
|
{
|
|
Assert(pst);
|
|
Assert(pOffer);
|
|
|
|
if (NULL == pst || NULL == pOffer)
|
|
return;
|
|
|
|
pst->LoadString(IDS_ALGO_NONE);
|
|
|
|
for (DWORD i = 0; i < pOffer->m_dwNumAlgos; i++)
|
|
{
|
|
switch(type)
|
|
{
|
|
case QM_ALGO_AUTH:
|
|
if (AUTHENTICATION == pOffer->m_arrAlgos[i].m_Operation)
|
|
{
|
|
switch(pOffer->m_arrAlgos[i].m_ulAlgo)
|
|
{
|
|
case IPSEC_DOI_AH_MD5:
|
|
pst->LoadString(IDS_DOI_AH_MD5);
|
|
break;
|
|
case IPSEC_DOI_AH_SHA1:
|
|
pst->LoadString(IDS_DOI_AH_SHA);
|
|
break;
|
|
}
|
|
}
|
|
break;
|
|
case QM_ALGO_ESP_CONF:
|
|
if (ENCRYPTION == pOffer->m_arrAlgos[i].m_Operation)
|
|
{
|
|
switch(pOffer->m_arrAlgos[i].m_ulAlgo)
|
|
{
|
|
case IPSEC_DOI_ESP_DES:
|
|
pst->LoadString(IDS_DOI_ESP_DES);
|
|
break;
|
|
case IPSEC_DOI_ESP_3_DES:
|
|
pst->LoadString(IDS_DOI_ESP_3_DES);
|
|
break;
|
|
}
|
|
}
|
|
break;
|
|
case QM_ALGO_ESP_INTEG:
|
|
if (ENCRYPTION == pOffer->m_arrAlgos[i].m_Operation)
|
|
{
|
|
switch(pOffer->m_arrAlgos[i].m_SecAlgo)
|
|
{
|
|
case HMAC_AH_MD5:
|
|
pst->LoadString(IDS_HMAC_AH_MD5);
|
|
break;
|
|
case HMAC_AH_SHA1:
|
|
pst->LoadString(IDS_HMAC_AH_SHA);
|
|
break;
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
void TnlEpToString
|
|
(
|
|
QM_FILTER_TYPE FltrType,
|
|
ADDR TnlEp,
|
|
CString * pst
|
|
)
|
|
{
|
|
Assert(pst);
|
|
|
|
if (NULL == pst)
|
|
return;
|
|
|
|
if (QM_TUNNEL_FILTER == FltrType)
|
|
{
|
|
AddressToString(TnlEp, pst);
|
|
}
|
|
else
|
|
{
|
|
pst->LoadString(IDS_NOT_AVAILABLE);
|
|
}
|
|
}
|
|
|
|
void TnlEpToString
|
|
(
|
|
FILTER_TYPE FltrType,
|
|
ADDR TnlEp,
|
|
CString * pst
|
|
)
|
|
{
|
|
Assert(pst);
|
|
|
|
if (NULL == pst)
|
|
return;
|
|
|
|
if (FILTER_TYPE_TUNNEL == FltrType)
|
|
{
|
|
AddressToString(TnlEp, pst);
|
|
}
|
|
else
|
|
{
|
|
pst->LoadString(IDS_NOT_AVAILABLE);
|
|
}
|
|
}
|
|
|
|
|