Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1514 lines
41 KiB

#include "precomp.h"
const DWORD PS_INTERFACE_TYPE_NONE = 0;
const DWORD PS_INTERFACE_TYPE_DIALUP = -1;
const DWORD PS_INTERFACE_TYPE_LAN = -2;
const DWORD PS_INTERFACE_TYPE_ALL = -3;
DWORD
GenerateDefaultInformation(
HANDLE hPolicyStore
)
{
DWORD dwError = 0;
PIPSEC_FILTER_DATA pAllFilter = NULL;
PIPSEC_FILTER_DATA pAllICMPFilter = NULL;
PIPSEC_NEGPOL_DATA pPermitNegPol = NULL;
PIPSEC_NEGPOL_DATA pRequestSecurityNegPol = NULL;
PIPSEC_NEGPOL_DATA pRequireSecurityNegPol = NULL;
PIPSEC_ISAKMP_DATA pDefaultISAKMP = NULL;
// {72385234-70FA-11d1-864C-14A300000000}
static const GUID GUID_DEFAULT_ISAKMP=
{ 0x72385234, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
dwError = CreateAllFilter(
hPolicyStore,
&pAllFilter
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = CreateAllICMPFilter(
hPolicyStore,
&pAllICMPFilter
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = CreatePermitNegPol(
hPolicyStore,
&pPermitNegPol
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = CreateRequestSecurityNegPol(
hPolicyStore,
&pRequestSecurityNegPol
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = CreateRequireSecurityNegPol(
hPolicyStore,
&pRequireSecurityNegPol
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = CreateClientPolicy(
hPolicyStore
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = CreateRequestSecurityPolicy(
hPolicyStore,
pAllFilter,
pAllICMPFilter,
pPermitNegPol,
pRequestSecurityNegPol
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = CreateRequireSecurityPolicy(
hPolicyStore,
pAllFilter,
pAllICMPFilter,
pPermitNegPol,
pRequireSecurityNegPol
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = CreateISAKMP(
hPolicyStore,
GUID_DEFAULT_ISAKMP,
&pDefaultISAKMP
);
BAIL_ON_WIN32_ERROR(dwError);
error:
if (pAllFilter) {
FreeIpsecFilterData(pAllFilter);
}
if (pAllICMPFilter) {
FreeIpsecFilterData(pAllICMPFilter);
}
if (pPermitNegPol) {
FreeIpsecNegPolData(pPermitNegPol);
}
if (pRequestSecurityNegPol) {
FreeIpsecNegPolData(pRequestSecurityNegPol);
}
if (pRequireSecurityNegPol) {
FreeIpsecNegPolData(pRequireSecurityNegPol);
}
if (pDefaultISAKMP) {
FreeIpsecISAKMPData(pDefaultISAKMP);
}
return(dwError);
}
DWORD
CreateAllFilter(
HANDLE hPolicyStore,
PIPSEC_FILTER_DATA * ppAllFilter
)
{
DWORD dwError = 0;
PIPSEC_FILTER_DATA pAllFilter = NULL;
DWORD dwNumFilterSpecs = 0;
PIPSEC_FILTER_SPEC * ppFilterSpecs = NULL;
PIPSEC_FILTER_SPEC pFilterSpec = NULL;
// {7238523a-70FA-11d1-864C-14A300000000}
static const GUID GUID_ALL_FILTER=
{ 0x7238523a, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
pAllFilter = (PIPSEC_FILTER_DATA) AllocPolMem(
sizeof(IPSEC_FILTER_DATA)
);
if (!pAllFilter) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
memcpy(
&(pAllFilter->FilterIdentifier),
&(GUID_ALL_FILTER),
sizeof(GUID)
);
pAllFilter->dwWhenChanged = 0;
dwError = MapAndAllocPolStr(&(pAllFilter->pszIpsecName),
POLSTORE_ALL_FILTER_NAME
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = MapAndAllocPolStr(&(pAllFilter->pszDescription),
POLSTORE_ALL_FILTER_DESCRIPTION
);
BAIL_ON_WIN32_ERROR(dwError);
dwNumFilterSpecs = 1;
ppFilterSpecs = (PIPSEC_FILTER_SPEC *) AllocPolMem(
sizeof(PIPSEC_FILTER_SPEC)*dwNumFilterSpecs
);
if (!ppFilterSpecs) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
pAllFilter->dwNumFilterSpecs = dwNumFilterSpecs;
pAllFilter->ppFilterSpecs = ppFilterSpecs;
pFilterSpec = (PIPSEC_FILTER_SPEC) AllocPolMem(
sizeof(IPSEC_FILTER_SPEC)
);
if (!pFilterSpec) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
*(ppFilterSpecs + 0) = pFilterSpec;
pFilterSpec->pszSrcDNSName = NULL;
pFilterSpec->pszDestDNSName = NULL;
pFilterSpec->pszDescription = NULL;
dwError = UuidCreate(
&pFilterSpec->FilterSpecGUID
);
BAIL_ON_WIN32_ERROR(dwError);
pFilterSpec->dwMirrorFlag = 1;
pFilterSpec->Filter.SrcAddr = 0;
pFilterSpec->Filter.SrcMask = -1;
pFilterSpec->Filter.DestAddr = 0;
pFilterSpec->Filter.DestMask = 0;
pFilterSpec->Filter.TunnelAddr = 0;
pFilterSpec->Filter.Protocol = 0;
pFilterSpec->Filter.SrcPort = 0;
pFilterSpec->Filter.DestPort = 0;
pFilterSpec->Filter.TunnelFilter = 0;
pFilterSpec->Filter.Flags = 0;
dwError = IPSecCreateFilterData(
hPolicyStore,
pAllFilter
);
BAIL_ON_WIN32_ERROR(dwError);
*ppAllFilter = pAllFilter;
return (dwError);
error:
if (pAllFilter) {
FreeIpsecFilterData(pAllFilter);
}
*ppAllFilter = NULL;
return (dwError);
}
DWORD
CreateAllICMPFilter(
HANDLE hPolicyStore,
PIPSEC_FILTER_DATA * ppAllICMPFilter
)
{
DWORD dwError = 0;
PIPSEC_FILTER_DATA pAllICMPFilter = NULL;
DWORD dwNumFilterSpecs = 0;
PIPSEC_FILTER_SPEC * ppFilterSpecs = NULL;
PIPSEC_FILTER_SPEC pFilterSpec = NULL;
// {72385235-70FA-11d1-864C-14A300000000}
static const GUID GUID_ALL_ICMP_FILTER =
{ 0x72385235, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
pAllICMPFilter = (PIPSEC_FILTER_DATA) AllocPolMem(
sizeof(IPSEC_FILTER_DATA)
);
if (!pAllICMPFilter) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
memcpy(
&(pAllICMPFilter->FilterIdentifier),
&(GUID_ALL_ICMP_FILTER),
sizeof(GUID)
);
pAllICMPFilter->dwWhenChanged = 0;
dwError = MapAndAllocPolStr(&(pAllICMPFilter->pszIpsecName),
POLSTORE_ALL_ICMP_FILTER_NAME
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = MapAndAllocPolStr(&(pAllICMPFilter->pszDescription),
POLSTORE_ALL_ICMP_FILTER_DESCRIPTION
);
BAIL_ON_WIN32_ERROR(dwError);
dwNumFilterSpecs = 1;
ppFilterSpecs = (PIPSEC_FILTER_SPEC *) AllocPolMem(
sizeof(PIPSEC_FILTER_SPEC)*dwNumFilterSpecs
);
if (!ppFilterSpecs) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
pAllICMPFilter->dwNumFilterSpecs = dwNumFilterSpecs;
pAllICMPFilter->ppFilterSpecs = ppFilterSpecs;
pFilterSpec = (PIPSEC_FILTER_SPEC) AllocPolMem(
sizeof(IPSEC_FILTER_SPEC)
);
if (!pFilterSpec) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
*(ppFilterSpecs + 0) = pFilterSpec;
pFilterSpec->pszSrcDNSName = NULL;
pFilterSpec->pszDestDNSName = NULL;
dwError = MapAndAllocPolStr(&(pFilterSpec->pszDescription),
POLSTORE_ICMPFILTER_SPEC_DESCRIPTION
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = UuidCreate(
&pFilterSpec->FilterSpecGUID
);
BAIL_ON_WIN32_ERROR(dwError);
pFilterSpec->dwMirrorFlag = 1;
pFilterSpec->Filter.SrcAddr = 0;
pFilterSpec->Filter.SrcMask = -1;
pFilterSpec->Filter.DestAddr = 0;
pFilterSpec->Filter.DestMask = 0;
pFilterSpec->Filter.TunnelAddr = 0;
pFilterSpec->Filter.Protocol = 1;
pFilterSpec->Filter.SrcPort = 0;
pFilterSpec->Filter.DestPort = 0;
pFilterSpec->Filter.TunnelFilter = 0;
pFilterSpec->Filter.Flags = 0;
dwError = IPSecCreateFilterData(
hPolicyStore,
pAllICMPFilter
);
BAIL_ON_WIN32_ERROR(dwError);
*ppAllICMPFilter = pAllICMPFilter;
return (dwError);
error:
if (pAllICMPFilter) {
FreeIpsecFilterData(pAllICMPFilter);
}
*ppAllICMPFilter = NULL;
return (dwError);
}
DWORD
CreatePermitNegPol(
HANDLE hPolicyStore,
PIPSEC_NEGPOL_DATA * ppPermitNegPol
)
{
DWORD dwError = 0;
PIPSEC_NEGPOL_DATA pPermitNegPol = NULL;
static const GUID GUID_PERMIT_NEGPOL =
{ 0x7238523b, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
pPermitNegPol = (PIPSEC_NEGPOL_DATA) AllocPolMem(
sizeof(IPSEC_NEGPOL_DATA)
);
if (!pPermitNegPol) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
memcpy(
&(pPermitNegPol->NegPolIdentifier),
&(GUID_PERMIT_NEGPOL),
sizeof(GUID)
);
memcpy(
&(pPermitNegPol->NegPolAction),
&(GUID_NEGOTIATION_ACTION_NO_IPSEC),
sizeof(GUID)
);
memcpy(
&(pPermitNegPol->NegPolType),
&(GUID_NEGOTIATION_TYPE_STANDARD),
sizeof(GUID)
);
pPermitNegPol->dwSecurityMethodCount = 0;
pPermitNegPol->pIpsecSecurityMethods = NULL;
pPermitNegPol->dwWhenChanged = 0;
dwError = MapAndAllocPolStr(&(pPermitNegPol->pszIpsecName),
POLSTORE_PERMIT_NEG_POL_NAME
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = MapAndAllocPolStr(&(pPermitNegPol->pszDescription),
POLSTORE_PERMIT_NEG_POL_DESCRIPTION
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = IPSecCreateNegPolData(
hPolicyStore,
pPermitNegPol
);
BAIL_ON_WIN32_ERROR(dwError);
*ppPermitNegPol = pPermitNegPol;
return (dwError);
error:
if (pPermitNegPol) {
FreeIpsecNegPolData(pPermitNegPol);
}
*ppPermitNegPol = NULL;
return (dwError);
}
DWORD
CreateRequestSecurityNegPol(
HANDLE hPolicyStore,
PIPSEC_NEGPOL_DATA * ppRequestSecurityNegPol
)
{
DWORD dwError = 0;
PIPSEC_NEGPOL_DATA pRequestSecurityNegPol = NULL;
DWORD dwSecurityMethodCount = 0;
PIPSEC_SECURITY_METHOD pIpsecSecurityMethods = NULL;
PIPSEC_SECURITY_METHOD pMethod = NULL;
// {72385233-70FA-11d1-864C-14A300000000}
static const GUID GUID_SECURE_INITIATOR_NEGPOL =
{ 0x72385233, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
pRequestSecurityNegPol = (PIPSEC_NEGPOL_DATA) AllocPolMem(
sizeof(IPSEC_NEGPOL_DATA)
);
if (!pRequestSecurityNegPol) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
memcpy(
&(pRequestSecurityNegPol->NegPolIdentifier),
&(GUID_SECURE_INITIATOR_NEGPOL),
sizeof(GUID)
);
memcpy(
&(pRequestSecurityNegPol->NegPolAction),
&(GUID_NEGOTIATION_ACTION_INBOUND_PASSTHRU),
sizeof(GUID)
);
memcpy(
&(pRequestSecurityNegPol->NegPolType),
&(GUID_NEGOTIATION_TYPE_STANDARD),
sizeof(GUID)
);
dwSecurityMethodCount = 5;
pIpsecSecurityMethods = (PIPSEC_SECURITY_METHOD) AllocPolMem(
sizeof(IPSEC_SECURITY_METHOD)*dwSecurityMethodCount
);
if (!pIpsecSecurityMethods) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
pMethod = pIpsecSecurityMethods;
pMethod->Lifetime.KeyExpirationTime = 900;
pMethod->Lifetime.KeyExpirationBytes = 100000;
pMethod->Flags = 0;
pMethod->PfsQMRequired = FALSE;
pMethod->Count = 1;
pMethod->Algos[0].operation = Encrypt;
pMethod->Algos[0].algoIdentifier = IPSEC_ESP_3_DES;
pMethod->Algos[0].secondaryAlgoIdentifier = IPSEC_AH_SHA;
pMethod ++;
pMethod->Lifetime.KeyExpirationTime = 900;
pMethod->Lifetime.KeyExpirationBytes = 100000;
pMethod->Flags = 0;
pMethod->PfsQMRequired = FALSE;
pMethod->Count = 1;
pMethod->Algos[0].operation = Encrypt;
pMethod->Algos[0].algoIdentifier = IPSEC_ESP_DES;
pMethod->Algos[0].secondaryAlgoIdentifier = IPSEC_AH_SHA;
pMethod ++;
pMethod->Lifetime.KeyExpirationTime = 300;
pMethod->Lifetime.KeyExpirationBytes = 100000;
pMethod->Flags = 0;
pMethod->PfsQMRequired = FALSE;
pMethod->Count = 1;
pMethod->Algos[0].operation = Auth;
pMethod->Algos[0].algoIdentifier = IPSEC_AH_SHA;
pMethod->Algos[0].secondaryAlgoIdentifier = 0;;
pMethod ++;
pMethod->Lifetime.KeyExpirationTime = 300;
pMethod->Lifetime.KeyExpirationBytes = 100000;
pMethod->Flags = 0;
pMethod->PfsQMRequired = FALSE;
pMethod->Count = 1;
pMethod->Algos[0].operation = Auth;
pMethod->Algos[0].algoIdentifier = IPSEC_AH_MD5;
pMethod->Algos[0].secondaryAlgoIdentifier = 0;
pMethod ++;
pMethod->Lifetime.KeyExpirationTime = 0;
pMethod->Lifetime.KeyExpirationBytes = 0;
pMethod->Flags = 0;
pMethod->PfsQMRequired = FALSE;
pMethod->Count = 0;
pRequestSecurityNegPol->dwSecurityMethodCount = dwSecurityMethodCount;
pRequestSecurityNegPol->pIpsecSecurityMethods = pIpsecSecurityMethods;
pRequestSecurityNegPol->dwWhenChanged = 0;
dwError = MapAndAllocPolStr(&(pRequestSecurityNegPol->pszIpsecName),
POLSTORE_REQUEST_SECURITY_NEG_POL_NAME
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = MapAndAllocPolStr(&(pRequestSecurityNegPol->pszDescription),
POLSTORE_REQUEST_SECURITY_NEG_POL_DESCRIPTION
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = IPSecCreateNegPolData(
hPolicyStore,
pRequestSecurityNegPol
);
BAIL_ON_WIN32_ERROR(dwError);
*ppRequestSecurityNegPol = pRequestSecurityNegPol;
return (dwError);
error:
if (pRequestSecurityNegPol) {
FreeIpsecNegPolData(pRequestSecurityNegPol);
}
*ppRequestSecurityNegPol = NULL;
return (dwError);
}
DWORD
CreateRequireSecurityNegPol(
HANDLE hPolicyStore,
PIPSEC_NEGPOL_DATA * ppRequireSecurityNegPol
)
{
DWORD dwError = 0;
PIPSEC_NEGPOL_DATA pRequireSecurityNegPol = NULL;
DWORD dwSecurityMethodCount = 0;
PIPSEC_SECURITY_METHOD pIpsecSecurityMethods = NULL;
PIPSEC_SECURITY_METHOD pMethod = NULL;
// {7238523f-70FA-11d1-864C-14A300000000}
static const GUID GUID_LOCKDOWN_NEGPOL =
{ 0x7238523f, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
pRequireSecurityNegPol = (PIPSEC_NEGPOL_DATA) AllocPolMem(
sizeof(IPSEC_NEGPOL_DATA)
);
if (!pRequireSecurityNegPol) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
memcpy(
&(pRequireSecurityNegPol->NegPolIdentifier),
&(GUID_LOCKDOWN_NEGPOL),
sizeof(GUID)
);
memcpy(
&(pRequireSecurityNegPol->NegPolAction),
&(GUID_NEGOTIATION_ACTION_INBOUND_PASSTHRU),
sizeof(GUID)
);
memcpy(
&(pRequireSecurityNegPol->NegPolType),
&(GUID_NEGOTIATION_TYPE_STANDARD),
sizeof(GUID)
);
dwSecurityMethodCount = 4;
pIpsecSecurityMethods = (PIPSEC_SECURITY_METHOD) AllocPolMem(
sizeof(IPSEC_SECURITY_METHOD)*dwSecurityMethodCount
);
if (!pIpsecSecurityMethods) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
pMethod = pIpsecSecurityMethods;
pMethod->Lifetime.KeyExpirationTime = 900;
pMethod->Lifetime.KeyExpirationBytes = 100000;
pMethod->Flags = 0;
pMethod->PfsQMRequired = FALSE;
pMethod->Count = 1;
pMethod->Algos[0].operation = Encrypt;
pMethod->Algos[0].algoIdentifier = IPSEC_ESP_3_DES;
pMethod->Algos[0].secondaryAlgoIdentifier = IPSEC_AH_SHA;
pMethod ++;
pMethod->Lifetime.KeyExpirationTime = 900;
pMethod->Lifetime.KeyExpirationBytes = 100000;
pMethod->Flags = 0;
pMethod->PfsQMRequired = FALSE;
pMethod->Count = 1;
pMethod->Algos[0].operation = Encrypt;
pMethod->Algos[0].algoIdentifier = IPSEC_ESP_3_DES;
pMethod->Algos[0].secondaryAlgoIdentifier = IPSEC_AH_MD5;
pMethod ++;
pMethod->Lifetime.KeyExpirationTime = 900;
pMethod->Lifetime.KeyExpirationBytes = 100000;
pMethod->Flags = 0;
pMethod->PfsQMRequired = FALSE;
pMethod->Count = 1;
pMethod->Algos[0].operation = Encrypt;
pMethod->Algos[0].algoIdentifier = IPSEC_ESP_DES;
pMethod->Algos[0].secondaryAlgoIdentifier = IPSEC_AH_SHA;
pMethod ++;
pMethod->Lifetime.KeyExpirationTime = 900;
pMethod->Lifetime.KeyExpirationBytes = 100000;
pMethod->Flags = 0;
pMethod->PfsQMRequired = FALSE;
pMethod->Count = 1;
pMethod->Algos[0].operation = Encrypt;
pMethod->Algos[0].algoIdentifier = IPSEC_ESP_DES;
pMethod->Algos[0].secondaryAlgoIdentifier = IPSEC_AH_MD5;
pRequireSecurityNegPol->dwSecurityMethodCount = dwSecurityMethodCount;
pRequireSecurityNegPol->pIpsecSecurityMethods = pIpsecSecurityMethods;
pRequireSecurityNegPol->dwWhenChanged = 0;
dwError = MapAndAllocPolStr(&(pRequireSecurityNegPol->pszIpsecName),
POLSTORE_REQUIRE_SECURITY_NEG_POL_NAME
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = MapAndAllocPolStr(&(pRequireSecurityNegPol->pszDescription),
POLSTORE_REQUIRE_SECURITY_NEG_POL_DESCRIPTION
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = IPSecCreateNegPolData(
hPolicyStore,
pRequireSecurityNegPol
);
BAIL_ON_WIN32_ERROR(dwError);
*ppRequireSecurityNegPol = pRequireSecurityNegPol;
return (dwError);
error:
if (pRequireSecurityNegPol) {
FreeIpsecNegPolData(pRequireSecurityNegPol);
}
*ppRequireSecurityNegPol = NULL;
return (dwError);
}
DWORD
CreateClientPolicy(
HANDLE hPolicyStore
)
{
DWORD dwError = 0;
PIPSEC_ISAKMP_DATA pClientISAKMP = NULL;
PIPSEC_POLICY_DATA pIpsecPolicyData = NULL;
PIPSEC_NEGPOL_DATA pDefaultNegPol = NULL;
GUID NFAIdentifier;
GUID FilterIdentifier;
LPWSTR pszNFAName = NULL;
LPWSTR pszNFADescription = NULL;
// {72385237-70FA-11d1-864C-14A300000000}
static const GUID GUID_RESPONDER_ISAKMP =
{ 0x72385237, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
// {72385236-70FA-11d1-864C-14A300000000}
static const GUID GUID_RESPONDER_POLICY =
{ 0x72385236, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
dwError = CreateISAKMP(
hPolicyStore,
GUID_RESPONDER_ISAKMP,
&pClientISAKMP
);
BAIL_ON_WIN32_ERROR(dwError);
pIpsecPolicyData = (PIPSEC_POLICY_DATA) AllocPolMem(
sizeof(IPSEC_POLICY_DATA)
);
if (!pIpsecPolicyData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
memcpy(
&(pIpsecPolicyData->PolicyIdentifier),
&GUID_RESPONDER_POLICY,
sizeof(GUID)
);
pIpsecPolicyData->dwPollingInterval = 10800;
pIpsecPolicyData->pIpsecISAKMPData = NULL;
pIpsecPolicyData->ppIpsecNFAData = NULL;
pIpsecPolicyData->dwNumNFACount = 0;
pIpsecPolicyData->dwWhenChanged = 0;
dwError = MapAndAllocPolStr(&(pIpsecPolicyData->pszIpsecName),
POLSTORE_CLIENT_POLICY_NAME
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = MapAndAllocPolStr(&(pIpsecPolicyData->pszDescription),
POLSTORE_CLIENT_POLICY_DESCRIPTION
);
BAIL_ON_WIN32_ERROR(dwError);
memcpy(
&(pIpsecPolicyData->ISAKMPIdentifier),
&(pClientISAKMP->ISAKMPIdentifier),
sizeof(GUID)
);
dwError = IPSecCreatePolicyData(
hPolicyStore,
pIpsecPolicyData
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = CreateDefaultNegPol(
hPolicyStore,
&pDefaultNegPol
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = UuidCreate(
&NFAIdentifier
);
BAIL_ON_WIN32_ERROR(dwError);
memset(&FilterIdentifier, 0, sizeof(GUID));
dwError = CreateNFA(
hPolicyStore,
NFAIdentifier,
GUID_RESPONDER_POLICY,
FilterIdentifier,
pDefaultNegPol->NegPolIdentifier,
pszNFAName,
pszNFADescription
);
BAIL_ON_WIN32_ERROR(dwError);
error:
if (pIpsecPolicyData) {
FreeIpsecPolicyData(pIpsecPolicyData);
}
if (pClientISAKMP) {
FreeIpsecISAKMPData(pClientISAKMP);
}
if (pDefaultNegPol) {
FreeIpsecNegPolData(pDefaultNegPol);
}
return (dwError);
}
DWORD
CreateRequestSecurityPolicy(
HANDLE hPolicyStore,
PIPSEC_FILTER_DATA pAllFilter,
PIPSEC_FILTER_DATA pAllICMPFilter,
PIPSEC_NEGPOL_DATA pPermitNegPol,
PIPSEC_NEGPOL_DATA pRequestSecurityNegPol
)
{
DWORD dwError = 0;
PIPSEC_ISAKMP_DATA pRequestSecurityISAKMP = NULL;
PIPSEC_POLICY_DATA pIpsecPolicyData = NULL;
PIPSEC_NEGPOL_DATA pDefaultNegPol = NULL;
GUID NFAIdentifier;
GUID FilterIdentifier;
LPWSTR pszNFAName = NULL;
LPWSTR pszNFADescription = NULL;
// {72385231-70FA-11d1-864C-14A300000000}
static const GUID GUID_SECURE_INITIATOR_ISAKMP =
{ 0x72385231, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
// {72385230-70FA-11d1-864C-14A300000000}
static const GUID GUID_SECURE_INITIATOR_POLICY =
{ 0x72385230, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
dwError = CreateISAKMP(
hPolicyStore,
GUID_SECURE_INITIATOR_ISAKMP,
&pRequestSecurityISAKMP
);
BAIL_ON_WIN32_ERROR(dwError);
pIpsecPolicyData = (PIPSEC_POLICY_DATA) AllocPolMem(
sizeof(IPSEC_POLICY_DATA)
);
if (!pIpsecPolicyData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
memcpy(
&(pIpsecPolicyData->PolicyIdentifier),
&GUID_SECURE_INITIATOR_POLICY,
sizeof(GUID)
);
pIpsecPolicyData->dwPollingInterval = 10800;
pIpsecPolicyData->pIpsecISAKMPData = NULL;
pIpsecPolicyData->ppIpsecNFAData = NULL;
pIpsecPolicyData->dwNumNFACount = 0;
pIpsecPolicyData->dwWhenChanged = 0;
dwError = MapAndAllocPolStr(&(pIpsecPolicyData->pszIpsecName),
POLSTORE_SECURE_INITIATOR_POLICY_NAME
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = MapAndAllocPolStr(&(pIpsecPolicyData->pszDescription),
POLSTORE_SECURE_INITIATOR_POLICY_DESCRIPTION
);
BAIL_ON_WIN32_ERROR(dwError);
memcpy(
&(pIpsecPolicyData->ISAKMPIdentifier),
&(pRequestSecurityISAKMP->ISAKMPIdentifier),
sizeof(GUID)
);
dwError = IPSecCreatePolicyData(
hPolicyStore,
pIpsecPolicyData
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = CreateDefaultNegPol(
hPolicyStore,
&pDefaultNegPol
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = UuidCreate(
&NFAIdentifier
);
BAIL_ON_WIN32_ERROR(dwError);
memset(&FilterIdentifier, 0, sizeof(GUID));
dwError = CreateNFA(
hPolicyStore,
NFAIdentifier,
GUID_SECURE_INITIATOR_POLICY,
FilterIdentifier,
pDefaultNegPol->NegPolIdentifier,
pszNFAName,
pszNFADescription
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = UuidCreate(
&NFAIdentifier
);
BAIL_ON_WIN32_ERROR(dwError);
//
// Create the ICMP Rule.
//
dwError = MapIdAndCreateNFA(
hPolicyStore,
NFAIdentifier,
GUID_SECURE_INITIATOR_POLICY,
pAllICMPFilter->FilterIdentifier,
pPermitNegPol->NegPolIdentifier,
POLSTORE_ICMP_NFA_NAME,
POLSTORE_ICMP_NFA_DESCRIPTION
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = UuidCreate(
&NFAIdentifier
);
BAIL_ON_WIN32_ERROR(dwError);
//
// Create the Secure Initiator Rule.
//
dwError = MapIdAndCreateNFA(
hPolicyStore,
NFAIdentifier,
GUID_SECURE_INITIATOR_POLICY,
pAllFilter->FilterIdentifier,
pRequestSecurityNegPol->NegPolIdentifier,
POLSTORE_SECURE_INITIATOR_NFA_NAME,
POLSTORE_SECURE_INITIATOR_NFA_DESCRIPTION
);
BAIL_ON_WIN32_ERROR(dwError);
error:
if (pIpsecPolicyData) {
FreeIpsecPolicyData(pIpsecPolicyData);
}
if (pRequestSecurityISAKMP) {
FreeIpsecISAKMPData(pRequestSecurityISAKMP);
}
if (pDefaultNegPol) {
FreeIpsecNegPolData(pDefaultNegPol);
}
return (dwError);
}
DWORD
CreateRequireSecurityPolicy(
HANDLE hPolicyStore,
PIPSEC_FILTER_DATA pAllFilter,
PIPSEC_FILTER_DATA pAllICMPFilter,
PIPSEC_NEGPOL_DATA pPermitNegPol,
PIPSEC_NEGPOL_DATA pRequireSecurityNegPol
)
{
DWORD dwError = 0;
PIPSEC_ISAKMP_DATA pRequireSecurityISAKMP = NULL;
PIPSEC_POLICY_DATA pIpsecPolicyData = NULL;
PIPSEC_NEGPOL_DATA pDefaultNegPol = NULL;
GUID NFAIdentifier;
GUID FilterIdentifier;
LPWSTR pszNFAName = NULL;
LPWSTR pszNFADescription = NULL;
// {7238523d-70FA-11d1-864C-14A300000000}
static const GUID GUID_LOCKDOWN_ISAKMP =
{ 0x7238523d, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
// {7238523c-70FA-11d1-864C-14A300000000}
static const GUID GUID_LOCKDOWN_POLICY =
{ 0x7238523c, 0x70fa, 0x11d1, { 0x86, 0x4c, 0x14, 0xa3, 0x0, 0x0, 0x0, 0x0 } };
dwError = CreateISAKMP(
hPolicyStore,
GUID_LOCKDOWN_ISAKMP,
&pRequireSecurityISAKMP
);
BAIL_ON_WIN32_ERROR(dwError);
pIpsecPolicyData = (PIPSEC_POLICY_DATA) AllocPolMem(
sizeof(IPSEC_POLICY_DATA)
);
if (!pIpsecPolicyData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
memcpy(
&(pIpsecPolicyData->PolicyIdentifier),
&GUID_LOCKDOWN_POLICY,
sizeof(GUID)
);
pIpsecPolicyData->dwPollingInterval = 10800;
pIpsecPolicyData->pIpsecISAKMPData = NULL;
pIpsecPolicyData->ppIpsecNFAData = NULL;
pIpsecPolicyData->dwNumNFACount = 0;
pIpsecPolicyData->dwWhenChanged = 0;
dwError = MapAndAllocPolStr(&(pIpsecPolicyData->pszIpsecName),
POLSTORE_LOCKDOWN_POLICY_NAME
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = MapAndAllocPolStr(&(pIpsecPolicyData->pszDescription),
POLSTORE_LOCKDOWN_POLICY_DESCRIPTION
);
BAIL_ON_WIN32_ERROR(dwError);
memcpy(
&(pIpsecPolicyData->ISAKMPIdentifier),
&(pRequireSecurityISAKMP->ISAKMPIdentifier),
sizeof(GUID)
);
dwError = IPSecCreatePolicyData(
hPolicyStore,
pIpsecPolicyData
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = CreateDefaultNegPol(
hPolicyStore,
&pDefaultNegPol
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = UuidCreate(
&NFAIdentifier
);
BAIL_ON_WIN32_ERROR(dwError);
memset(&FilterIdentifier, 0, sizeof(GUID));
dwError = CreateNFA(
hPolicyStore,
NFAIdentifier,
GUID_LOCKDOWN_POLICY,
FilterIdentifier,
pDefaultNegPol->NegPolIdentifier,
pszNFAName,
pszNFADescription
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = UuidCreate(
&NFAIdentifier
);
BAIL_ON_WIN32_ERROR(dwError);
//
// Create the ICMP Rule.
//
dwError = MapIdAndCreateNFA(
hPolicyStore,
NFAIdentifier,
GUID_LOCKDOWN_POLICY,
pAllICMPFilter->FilterIdentifier,
pPermitNegPol->NegPolIdentifier,
POLSTORE_ICMP_NFA_NAME,
POLSTORE_ICMP_NFA_DESCRIPTION
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = UuidCreate(
&NFAIdentifier
);
BAIL_ON_WIN32_ERROR(dwError);
//
// Create the Secure Initiator Rule.
//
dwError = MapIdAndCreateNFA(
hPolicyStore,
NFAIdentifier,
GUID_LOCKDOWN_POLICY,
pAllFilter->FilterIdentifier,
pRequireSecurityNegPol->NegPolIdentifier,
POLSTORE_LOCKDOWN_NFA_NAME,
POLSTORE_LOCKDOWN_NFA_DESCRIPTION
);
BAIL_ON_WIN32_ERROR(dwError);
error:
if (pIpsecPolicyData) {
FreeIpsecPolicyData(pIpsecPolicyData);
}
if (pRequireSecurityISAKMP) {
FreeIpsecISAKMPData(pRequireSecurityISAKMP);
}
if (pDefaultNegPol) {
FreeIpsecNegPolData(pDefaultNegPol);
}
return (dwError);
}
DWORD
CreateISAKMP(
HANDLE hPolicyStore,
GUID ISAKMPIdentifier,
PIPSEC_ISAKMP_DATA * ppIpsecISAKMPData
)
{
DWORD dwError = 0;
PIPSEC_ISAKMP_DATA pIpsecISAKMPData = NULL;
DWORD dwNumISAKMPSecurityMethods = 0;
PCRYPTO_BUNDLE pSecurityMethods = NULL;
PCRYPTO_BUNDLE pBundle = NULL;
pIpsecISAKMPData = (PIPSEC_ISAKMP_DATA) AllocPolMem(
sizeof(IPSEC_ISAKMP_DATA)
);
if (!pIpsecISAKMPData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
memcpy(
&(pIpsecISAKMPData->ISAKMPIdentifier),
&(ISAKMPIdentifier),
sizeof(GUID)
);
memset(
&(pIpsecISAKMPData->ISAKMPPolicy),
0,
sizeof(ISAKMP_POLICY)
);
dwNumISAKMPSecurityMethods = 4;
pSecurityMethods = (PCRYPTO_BUNDLE) AllocPolMem(
sizeof(CRYPTO_BUNDLE)*dwNumISAKMPSecurityMethods
);
if (!pSecurityMethods) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
pBundle = pSecurityMethods;
pBundle->Lifetime.Seconds = 480*60;
pBundle->EncryptionAlgorithm.AlgorithmIdentifier = IPSEC_ESP_3_DES;
pBundle->HashAlgorithm.AlgorithmIdentifier = IPSEC_AH_SHA;
pBundle->OakleyGroup = 2;
pBundle++;
pBundle->Lifetime.Seconds = 480*60;
pBundle->EncryptionAlgorithm.AlgorithmIdentifier = IPSEC_ESP_3_DES;
pBundle->HashAlgorithm.AlgorithmIdentifier = IPSEC_AH_MD5;
pBundle->OakleyGroup = 2;
pBundle++;
pBundle->Lifetime.Seconds = 480*60;
pBundle->EncryptionAlgorithm.AlgorithmIdentifier = IPSEC_ESP_DES;
pBundle->HashAlgorithm.AlgorithmIdentifier = IPSEC_AH_SHA;
pBundle->OakleyGroup = 1;
pBundle++;
pBundle->Lifetime.Seconds = 480*60;
pBundle->EncryptionAlgorithm.AlgorithmIdentifier = IPSEC_ESP_DES;
pBundle->HashAlgorithm.AlgorithmIdentifier = IPSEC_AH_MD5;
pBundle->OakleyGroup = 1;
pIpsecISAKMPData->dwNumISAKMPSecurityMethods = dwNumISAKMPSecurityMethods;
pIpsecISAKMPData->pSecurityMethods = pSecurityMethods;
pIpsecISAKMPData->dwWhenChanged = 0;
dwError = IPSecCreateISAKMPData(
hPolicyStore,
pIpsecISAKMPData
);
BAIL_ON_WIN32_ERROR(dwError);
*ppIpsecISAKMPData = pIpsecISAKMPData;
return (dwError);
error:
if (pIpsecISAKMPData) {
FreeIpsecISAKMPData(pIpsecISAKMPData);
}
*ppIpsecISAKMPData = NULL;
return (dwError);
}
DWORD
CreateDefaultNegPol(
HANDLE hPolicyStore,
PIPSEC_NEGPOL_DATA * ppDefaultNegPol
)
{
DWORD dwError = 0;
PIPSEC_NEGPOL_DATA pDefaultNegPol = NULL;
DWORD dwSecurityMethodCount = 0;
PIPSEC_SECURITY_METHOD pIpsecSecurityMethods = NULL;
PIPSEC_SECURITY_METHOD pMethod = NULL;
pDefaultNegPol = (PIPSEC_NEGPOL_DATA) AllocPolMem(
sizeof(IPSEC_NEGPOL_DATA)
);
if (!pDefaultNegPol) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
dwError = UuidCreate(
&(pDefaultNegPol->NegPolIdentifier)
);
BAIL_ON_WIN32_ERROR(dwError);
memcpy(
&(pDefaultNegPol->NegPolAction),
&(GUID_NEGOTIATION_ACTION_NORMAL_IPSEC),
sizeof(GUID)
);
memcpy(
&(pDefaultNegPol->NegPolType),
&(GUID_NEGOTIATION_TYPE_DEFAULT),
sizeof(GUID)
);
dwSecurityMethodCount = 6;
pIpsecSecurityMethods = (PIPSEC_SECURITY_METHOD) AllocPolMem(
sizeof(IPSEC_SECURITY_METHOD)*dwSecurityMethodCount
);
if (!pIpsecSecurityMethods) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
pMethod = pIpsecSecurityMethods;
pMethod->Lifetime.KeyExpirationTime = 0;
pMethod->Lifetime.KeyExpirationBytes = 0;
pMethod->Flags = 0;
pMethod->PfsQMRequired = FALSE;
pMethod->Count = 1;
pMethod->Algos[0].operation = Encrypt;
pMethod->Algos[0].algoIdentifier = IPSEC_ESP_3_DES;
pMethod->Algos[0].secondaryAlgoIdentifier = IPSEC_AH_SHA;
pMethod ++;
pMethod->Lifetime.KeyExpirationTime = 0;
pMethod->Lifetime.KeyExpirationBytes = 0;
pMethod->Flags = 0;
pMethod->PfsQMRequired = FALSE;
pMethod->Count = 1;
pMethod->Algos[0].operation = Encrypt;
pMethod->Algos[0].algoIdentifier = IPSEC_ESP_3_DES;
pMethod->Algos[0].secondaryAlgoIdentifier = IPSEC_AH_MD5;
pMethod ++;
pMethod->Lifetime.KeyExpirationTime = 0;
pMethod->Lifetime.KeyExpirationBytes = 0;
pMethod->Flags = 0;
pMethod->PfsQMRequired = FALSE;
pMethod->Count = 1;
pMethod->Algos[0].operation = Encrypt;
pMethod->Algos[0].algoIdentifier = IPSEC_ESP_DES;
pMethod->Algos[0].secondaryAlgoIdentifier = IPSEC_AH_SHA;
pMethod ++;
pMethod->Lifetime.KeyExpirationTime = 0;
pMethod->Lifetime.KeyExpirationBytes = 0;
pMethod->Flags = 0;
pMethod->PfsQMRequired = FALSE;
pMethod->Count = 1;
pMethod->Algos[0].operation = Encrypt;
pMethod->Algos[0].algoIdentifier = IPSEC_ESP_DES;
pMethod->Algos[0].secondaryAlgoIdentifier = IPSEC_AH_MD5;
pMethod ++;
pMethod->Lifetime.KeyExpirationTime = 0;
pMethod->Lifetime.KeyExpirationBytes = 0;
pMethod->Flags = 0;
pMethod->PfsQMRequired = FALSE;
pMethod->Count = 1;
pMethod->Algos[0].operation = Auth;
pMethod->Algos[0].algoIdentifier = IPSEC_AH_SHA;
pMethod->Algos[0].secondaryAlgoIdentifier = 0;
pMethod ++;
pMethod->Lifetime.KeyExpirationTime = 0;
pMethod->Lifetime.KeyExpirationBytes = 0;
pMethod->Flags = 0;
pMethod->PfsQMRequired = FALSE;
pMethod->Count = 1;
pMethod->Algos[0].operation = Auth;
pMethod->Algos[0].algoIdentifier = IPSEC_AH_MD5;
pMethod->Algos[0].secondaryAlgoIdentifier = 0;
pDefaultNegPol->dwSecurityMethodCount = dwSecurityMethodCount;
pDefaultNegPol->pIpsecSecurityMethods = pIpsecSecurityMethods;
pDefaultNegPol->dwWhenChanged = 0;
pDefaultNegPol->pszIpsecName = NULL;
pDefaultNegPol->pszDescription = NULL;
dwError = IPSecCreateNegPolData(
hPolicyStore,
pDefaultNegPol
);
BAIL_ON_WIN32_ERROR(dwError);
*ppDefaultNegPol = pDefaultNegPol;
return (dwError);
error:
if (pDefaultNegPol) {
FreeIpsecNegPolData(pDefaultNegPol);
}
*ppDefaultNegPol = NULL;
return (dwError);
}
DWORD
CreateNFA(
HANDLE hPolicyStore,
GUID NFAIdentifier,
GUID PolicyIdentifier,
GUID FilterIdentifier,
GUID NegPolIdentifier,
LPWSTR pszNFAName,
LPWSTR pszNFADescription
)
{
DWORD dwError = 0;
PIPSEC_NFA_DATA pIpsecNFAData = NULL;
DWORD dwAuthMethodCount = 0;
PIPSEC_AUTH_METHOD * ppAuthMethods = NULL;
PIPSEC_AUTH_METHOD pMethod = NULL;
pIpsecNFAData = (PIPSEC_NFA_DATA) AllocPolMem(
sizeof(IPSEC_NFA_DATA)
);
if (!pIpsecNFAData) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
if (pszNFAName) {
pIpsecNFAData->pszIpsecName = AllocPolStr(pszNFAName);
if (!pIpsecNFAData->pszIpsecName) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
memcpy(
&(pIpsecNFAData->NFAIdentifier),
&(NFAIdentifier),
sizeof(GUID)
);
dwAuthMethodCount = 1;
ppAuthMethods = (PIPSEC_AUTH_METHOD *) AllocPolMem(
sizeof(PIPSEC_AUTH_METHOD)*dwAuthMethodCount
);
if (!ppAuthMethods) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
pIpsecNFAData->dwAuthMethodCount = dwAuthMethodCount;
pIpsecNFAData->ppAuthMethods = ppAuthMethods;
pMethod = (PIPSEC_AUTH_METHOD) AllocPolMem(
sizeof(IPSEC_AUTH_METHOD)
);
if (!pMethod) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
pMethod->dwAuthType = OAK_SSPI;
pMethod->dwAuthLen = 0;
pMethod->pszAuthMethod = NULL;
pMethod->dwAltAuthLen = 0;
pMethod->pAltAuthMethod = NULL;
*(ppAuthMethods + 0) = pMethod;
pIpsecNFAData->dwInterfaceType = PS_INTERFACE_TYPE_ALL;
pIpsecNFAData->pszInterfaceName = NULL;
pIpsecNFAData->dwTunnelIpAddr = 0;
pIpsecNFAData->dwTunnelFlags = 0;
pIpsecNFAData->dwActiveFlag = 1;
pIpsecNFAData->pszEndPointName = NULL;
pIpsecNFAData->pIpsecFilterData = NULL;
pIpsecNFAData->pIpsecNegPolData = NULL;
pIpsecNFAData->dwWhenChanged = 0;
memcpy(
&(pIpsecNFAData->NegPolIdentifier),
&(NegPolIdentifier),
sizeof(GUID)
);
memcpy(
&(pIpsecNFAData->FilterIdentifier),
&(FilterIdentifier),
sizeof(GUID)
);
if (pszNFADescription) {
pIpsecNFAData->pszDescription = AllocPolStr(pszNFADescription);
if (!pIpsecNFAData->pszDescription) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
}
dwError = IPSecCreateNFAData(
hPolicyStore,
PolicyIdentifier,
pIpsecNFAData
);
BAIL_ON_WIN32_ERROR(dwError);
error:
if (pIpsecNFAData) {
FreeIpsecNFAData(pIpsecNFAData);
}
return (dwError);
}
DWORD
MapIdAndCreateNFA(
HANDLE hPolicyStore,
GUID NFAIdentifier,
GUID PolicyIdentifier,
GUID FilterIdentifier,
GUID NegPolIdentifier,
DWORD dwNFANameID,
DWORD dwNFADescriptionID
)
{
LPWSTR pszNFAName = NULL, pszNFADescription = NULL;
DWORD dwError = 0;
dwError = MapAndAllocPolStr(&pszNFAName, dwNFANameID);
BAIL_ON_WIN32_ERROR(dwError);
dwError = MapAndAllocPolStr(&pszNFADescription, dwNFADescriptionID);
BAIL_ON_WIN32_ERROR(dwError);
dwError = CreateNFA(hPolicyStore,
NFAIdentifier,
PolicyIdentifier,
FilterIdentifier,
NegPolIdentifier,
pszNFAName,
pszNFADescription
);
error:
LocalFree(pszNFADescription);
LocalFree(pszNFAName);
return dwError;
}
DWORD
MapAndAllocPolStr(
LPWSTR * plpStr,
DWORD dwStrID
)
{
LPWSTR lpStr;
DWORD dwResult;
dwResult = FormatMessageW(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_HMODULE
| FORMAT_MESSAGE_IGNORE_INSERTS,
GetModuleHandleW(SZAPPNAME),
dwStrID, LANG_NEUTRAL,
(LPWSTR) plpStr, 0, NULL);
if (dwResult == 0) {
*plpStr = NULL;
return GetLastError();
}
return ERROR_SUCCESS;
}