mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
606 lines
20 KiB
606 lines
20 KiB
/////////////////////////////////////////////////////////////
|
|
// Copyright(c) 1998-2000, Microsoft Corporation
|
|
//
|
|
// text2pol.h
|
|
//
|
|
// Created on 4/5/98 by Randyram
|
|
// Revisions:
|
|
// Moved the routines to this module 8/25/98
|
|
//
|
|
// SPD update 2/15/00 DKalin
|
|
//
|
|
// Includes all the necessary header files and definitions
|
|
// for the text to policy conversion routines
|
|
//
|
|
// GUID generation update 2/29/00 DKalin
|
|
//
|
|
// GUID manipulation routines added.
|
|
//
|
|
// Polstore v2 update 5/12/00 DKalin
|
|
//
|
|
// Polstore v2 support added
|
|
//
|
|
// Added SPDUtil.cpp declarations 3/27/01 DKalin
|
|
//
|
|
/////////////////////////////////////////////////////////////
|
|
|
|
/* HOW TO USE THE TEXT2POL ROUTINES
|
|
The following are guidelines/things you need to know to use these:
|
|
|
|
1. The functions will not touch fields that it doesn't have to. YOU
|
|
are responsible for cleaning out the structures before you call a
|
|
Text2Pol routine.
|
|
|
|
What this also achieves is that you can set the structures to your
|
|
desired defaults-- the defaults are written over if the string to
|
|
convert specifies so. If the Text2Pol routine doesn't have to touch
|
|
it, then your default will be preserved.
|
|
|
|
2. Return values and Error codes:
|
|
Text2Pol routines return DWORDs
|
|
The return codes are defined in t2pmsgs.h.
|
|
The text2pol.dll has a resource table of messages compiled it with it.
|
|
So, when you want to obtain the descriptive string that maps to the
|
|
code, you can use FormatMessage API like so:
|
|
FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ALLOCATE_BUFFER,
|
|
GetModuleHandle(TEXT("text2pol.dll")),
|
|
ReturnCodeFromText2PolFunction, 0,
|
|
(LPTSTR)&myTest, 0, NULL);
|
|
See MSDN for more on FormatMessage.
|
|
One gotcha is that you need to pass in a handle to text2pol.dll because
|
|
that is where the string table resource is.
|
|
|
|
3. These are not UNICODE compliant yet.
|
|
*/
|
|
|
|
#ifndef TEXT2POL_H
|
|
#define TEXT2POL_H
|
|
|
|
//#define T2P_TEST_VERSION
|
|
|
|
// some macros
|
|
#define T2P_SUCCESS(Status) ((DWORD)Status == T2P_OK)
|
|
|
|
const UINT POTF_MAX_STRLEN = 256;
|
|
|
|
const char POTF_FILTER_TOKEN = '=';
|
|
const char POTF_FILTER_MIRTOKEN = '+'; // indicates filter is two way
|
|
const char POTF_PT_TOKEN = ':';
|
|
const char POTF_MASK_TOKEN = '/';
|
|
const char POTF_ANYADDR_TOKEN = '*';
|
|
const char POTF_ME_TOKEN = '0';
|
|
const char POTF_GUID_TOKEN = '{';
|
|
const char POTF_GUID_END_TOKEN = '}';
|
|
const char POTF_OAKAUTH_TOKEN = ':';
|
|
const char POTF_QM_TOKEN = '/';
|
|
const char POTF_P1_TOKEN = '-';
|
|
const char POTF_REKEY_TOKEN = '/';
|
|
const char POTF_ESPTRANS_TOKEN = ',';
|
|
const char POTF_STAR_TOKEN = '*';
|
|
const char POTF_STORAGE_TOKEN = ':';
|
|
|
|
const char POTF_PASSTHRU_OPEN_TOKEN = '(';
|
|
const char POTF_PASSTHRU_CLOSE_TOKEN = ')';
|
|
const char POTF_DROP_OPEN_TOKEN = '[';
|
|
const char POTF_DROP_CLOSE_TOKEN = ']';
|
|
|
|
const char POTF_ME_TUNNEL[] = "0";
|
|
|
|
const char POTF_OAKAUTH_PRESHARE[] = "PRESHARE";
|
|
const char POTF_OAKAUTH_KERBEROS[] = "KERBEROS";
|
|
const char POTF_OAKAUTH_CERT[] = "CERT";
|
|
|
|
const char POTF_STORAGE_REG[] = "REG";
|
|
const char POTF_STORAGE_DS[] = "DS";
|
|
const char POTF_STORAGE_CACHE[] = "CACHE";
|
|
|
|
const char POTF_P1_DES40[] = "INVALID";
|
|
|
|
const char POTF_P1_DES[] = "DES";
|
|
const char POTF_P1_3DES[] = "3DES";
|
|
const char POTF_P1_SHA[] = "SHA";
|
|
const char POTF_P1_SHA1[] = "SHA1"; // same as SHA
|
|
const char POTF_P1_MD5[] = "MD5";
|
|
|
|
const char POTF_PASSTHRU[] = "PASS";
|
|
const char POTF_INBOUND_PASSTHRU[] = "INPASS";
|
|
const char POTF_BLOCK[] = "BLOCK";
|
|
|
|
const UINT POTF_OAKLEY_GROUP1 = DH_GROUP_1;
|
|
const UINT POTF_OAKLEY_GROUP2 = DH_GROUP_2;
|
|
|
|
const ULONG POTF_OAKLEY_ALGOKEYLEN = 64;
|
|
const ULONG POTF_OAKLEY_ALGOROUNDS = 8;
|
|
|
|
const char POTF_TCP_STR[] = "TCP";
|
|
const char POTF_UDP_STR[] = "UDP";
|
|
const char POTF_RAW_STR[] = "RAW";
|
|
const char POTF_ICMP_STR[] = "ICMP";
|
|
|
|
const char POTF_FILTER_DEFAULT[] = "DEFAULT";
|
|
const DWORD POTF_DEFAULT_RESPONSE_FLAG = 0x00001000;
|
|
|
|
const DWORD POTF_TCP_PROTNUM = 6;
|
|
const DWORD POTF_UDP_PROTNUM = 17;
|
|
const DWORD POTF_ICMP_PROTNUM = 1;
|
|
const DWORD POTF_RAW_PROTNUM = 255;
|
|
|
|
const char POTF_NEGPOL_ESP[] = "ESP";
|
|
const char POTF_NEGPOL_AH[] = "AH";
|
|
|
|
const char POTF_NEGPOL_DES40[] = "INVALID";
|
|
|
|
const char POTF_NEGPOL_DES[] = "DES";
|
|
const char POTF_NEGPOL_3DES[] = "3DES";
|
|
const char POTF_NEGPOL_SHA[] = "SHA";
|
|
const char POTF_NEGPOL_SHA1[] = "SHA1"; // same as SHA
|
|
const char POTF_NEGPOL_MD5[] = "MD5";
|
|
const char POTF_NEGPOL_NONE[] = "NONE";
|
|
const char POTF_NEGPOL_OPEN = '[';
|
|
const char POTF_NEGPOL_CLOSE = ']';
|
|
const char POTF_NEGPOL_AND = '+';
|
|
const char POTF_NEGPOL_PFS = 'P';
|
|
|
|
// COMMAND LINE FLAGS /////////////////////
|
|
const char POTF_FLAG_TOKENS[] = "-/"; // what designates a flag
|
|
const char POTF_FILTER_FLAG = 'f';
|
|
const char POTF_NEGPOL_FLAG = 'n';
|
|
const char POTF_TUNNEL_FLAG = 't';
|
|
const char POTF_AUTH_FLAG = 'a';
|
|
const char POTF_CONFIRM_FLAG = 'c';
|
|
const char POTF_STORAGE_FLAG = 'w';
|
|
const char POTF_POLNAME_FLAG = 'p';
|
|
const char POTF_RULENAME_FLAG = 'r';
|
|
const char POTF_SETACTIVE_FLAG = 'x';
|
|
const char POTF_SETINACTIVE_FLAG = 'y';
|
|
const char POTF_DEACTIVATE_FLAG = 'd';
|
|
|
|
const char POTF_MMFILTER_FLAG[] = "1f"; // SPD addition
|
|
const char POTF_SOFTSAEXP_FLAG[] = "1e"; // SPD addition
|
|
const char POTF_SECMETHOD_FLAG[] = "1s";
|
|
const char POTF_P1PFS_FLAG[] = "1p";
|
|
const char POTF_P1REKEY_FLAG[] = "1k";
|
|
const char POTF_SOFTSA_FLAG[] = "soft";
|
|
const char POTF_DIALUP_FLAG[] = "dialup";
|
|
const char POTF_LAN_FLAG[] = "lan";
|
|
const char POTF_DELETERULE_FLAG = 'u';
|
|
const char POTF_DELETEPOLICY_FLAG = 'o';
|
|
const char POTF_HELP_FLAGS[] = "hH?";
|
|
|
|
const DWORD POTF_MIN_P2LIFE_BYTES = 20480; // KB
|
|
const DWORD POTF_MIN_P2LIFE_TIME = 300; // seconds
|
|
|
|
const DWORD POTF_DEF_P1SOFT_TIME = 300; // seconds
|
|
|
|
//
|
|
// Structure for storage information
|
|
//
|
|
|
|
enum StorageType { STORAGE_TYPE_NONE = 0, STORAGE_TYPE_DS,
|
|
STORAGE_TYPE_REGISTRY, STORAGE_TYPE_CACHE };
|
|
|
|
const UINT DNSNAME_MAXLEN = 255;
|
|
|
|
typedef struct DnsFilter {
|
|
|
|
char szSourceName[DNSNAME_MAXLEN];
|
|
char szDestName[DNSNAME_MAXLEN];
|
|
|
|
} *PDNSFILTER, DNSFILTER;
|
|
|
|
typedef struct StorageInfo {
|
|
|
|
StorageType Type;
|
|
time_t tPollingInterval;
|
|
GUID guidNegPolAction; // passthur, block, inbound passthru
|
|
BOOL bSetActive;
|
|
BOOL bSetInActive;
|
|
BOOL bDeleteRule;
|
|
BOOL bDeletePolicy;
|
|
PIPSEC_FILTER_SPEC FilterList; // holds filter data for the storage
|
|
UINT uNumFilters;
|
|
|
|
WCHAR szLocationName[POTF_MAX_STRLEN];
|
|
WCHAR szPolicyName[POTF_MAX_STRLEN];
|
|
WCHAR szRuleName[POTF_MAX_STRLEN];
|
|
|
|
|
|
} *PSTORAGE_INFO, STORAGE_INFO;
|
|
|
|
|
|
//
|
|
// structre for passing to CmdLineToPolicy
|
|
// holds everything you want to know about
|
|
// setting policy through the SPD/Polstore API
|
|
//
|
|
|
|
// macros
|
|
#define LASTERR(X,Y) sprintf(STRLASTERR, X, Y)
|
|
#define LASTERR2(X,Y,Z) sprintf(STRLASTERR, X, Y, Z)
|
|
#define PARSE_ERROR cerr << STRLASTERR << endl
|
|
#define WARN cout << STRLASTERR << endl
|
|
|
|
// use defaults from polwrap.h for policy
|
|
const DWORD POTF_DEFAULT_P2REKEY_TIME = 0;
|
|
const DWORD POTF_DEFAULT_P2REKEY_BYTES = 0;
|
|
|
|
const DWORD POTF_DEFAULT_P1REKEY_TIME = 480*60;
|
|
const DWORD POTF_DEFAULT_P1REKEY_QMS = 0;
|
|
|
|
|
|
// globals
|
|
extern char STRLASTERR[POTF_MAX_STRLEN]; // used for error macro
|
|
|
|
#define POTF_FAILED 0
|
|
|
|
// this is for calling HrSetActivePolicy explicitly
|
|
typedef HRESULT (*LPHRSETACTIVEPOLICY)(GUID *);
|
|
|
|
typedef struct _IPSEC_IKE_POLICY {
|
|
DWORD dwNumMMFilters;
|
|
MM_FILTER* pMMFilters;
|
|
QM_FILTER_TYPE QMFilterType;
|
|
DWORD dwNumFilters;
|
|
TRANSPORT_FILTER* pTransportFilters;
|
|
TUNNEL_FILTER* pTunnelFilters;
|
|
IPSEC_MM_POLICY IkePol;
|
|
IPSEC_QM_POLICY IpsPol;
|
|
MM_AUTH_METHODS AuthInfos;
|
|
} *PIPSEC_IKE_POLICY, IPSEC_IKE_POLICY;
|
|
|
|
// this is T2P_FILTER structure
|
|
typedef struct _T2P_FILTER {
|
|
|
|
QM_FILTER_TYPE QMFilterType;
|
|
TRANSPORT_FILTER TransportFilter; // only one out of two gets filled
|
|
TUNNEL_FILTER TunnelFilter;
|
|
|
|
} *PT2P_FILTER, T2P_FILTER;
|
|
|
|
|
|
////////////////////////////////////////////////////////////////
|
|
// Function: TextToFilter
|
|
// Purpose: Converts text to a T2P_FILTER struct
|
|
/* string is of format:
|
|
A.B.C.D/mask:port=A.B.C.D/mask:port:protocol
|
|
The Source address is always on the left of the '=' and the Destination
|
|
address is always on the right.
|
|
|
|
If you replace the '=' with a '+' two filters will be created,
|
|
one in each direction.
|
|
|
|
mask and port are optional. If omitted, Any port and
|
|
mask 255.255.255.255 will be used for the filter.
|
|
|
|
You can replace A.B.C.D/mask with the following for
|
|
special meaning:
|
|
0 means My address(es)
|
|
* means Any address
|
|
a DNS name
|
|
|
|
protocol is optional, if omitted, Any protocol is assumed. If you
|
|
indicate a protocol, a port must precede it or :: must preceded it.
|
|
Examples:
|
|
Machine1+Machine2::6 will filter TCP traffic between Machine1 and Machine2
|
|
172.31.0.0/255.255.0.0:80-157.0.0.0/255.0.0.0:80:TCP will filter
|
|
all TCP traffic from the first subnet, port 80 to the second subnet,
|
|
port 80
|
|
|
|
And, yes, you can use the following protocol symbols:
|
|
ICMP UDP RAW TCP
|
|
|
|
*/
|
|
//
|
|
// Pre-conditions: szText must be NULL terminated
|
|
//
|
|
// Parameters:
|
|
// szText IN the string to convert
|
|
// Filter IN OUT a user allocated T2P_FILTER struct,
|
|
// user should fill QMFilterType field (otherwise we'll assume it's a transport filter)
|
|
//
|
|
// Returns: T2P_OK on success
|
|
// on failure:
|
|
// T2P_PASSTHRU_NOT_CLOSED
|
|
// T2P_DROP_NOT_CLOSED
|
|
// T2P_NULL_STRING
|
|
// T2P_NOSRCDEST_TOKEN
|
|
//
|
|
// whatever UuidCreate,TextToFiltAddr, TextToProtocol returns on failure
|
|
|
|
DWORD TextToFilter(IN char *szText,
|
|
IN OUT T2P_FILTER &Filter,
|
|
char *szSrc = NULL,
|
|
char *szDst = NULL
|
|
);
|
|
|
|
DWORD ConvertFilter(IN T2P_FILTER &Filter,
|
|
IN OUT IPSEC_FILTER_SPEC &PolstoreFilter);
|
|
|
|
////////////////////////////////////////////////////////////////
|
|
// Function: TextToFiltAddr
|
|
// Purpose:
|
|
// will take A.B.C.D/Mask:port part and translate
|
|
// if bDest is true, puts the info into the dest addr of a filter
|
|
// if bDest is not specified or false, puts info into src addr
|
|
//
|
|
// Pre-conditions: szAddr must be zero terminated
|
|
//
|
|
// Parameters:
|
|
// szAddr IN the string to convert
|
|
// Filter IN OUT the target filter
|
|
// bDest IN OPTIONAL
|
|
//
|
|
// Returns: T2P_OK on success
|
|
// on failure:
|
|
// T2P_DNSLOOKUP_FAILED
|
|
// T2P_INVALID_ADDR
|
|
// T2P_NULL_STRING
|
|
|
|
DWORD TextToFiltAddr(IN char *szAddr, IN OUT T2P_FILTER & Filter,
|
|
OUT char *szName = NULL,
|
|
IN bool bDest = false);
|
|
|
|
////////////////////////////////////////////////////////////////
|
|
// Function:
|
|
// Purpose:
|
|
// will convert string to protocol, including special
|
|
// protocol strings like TCP, UDP, RAW, and ICMP
|
|
//
|
|
// Pre-conditions: szProt has to be NULL terminated
|
|
//
|
|
// Parameters:
|
|
// szProt IN string to convert
|
|
// dwProtocol OUT protocol number returned
|
|
//
|
|
// Returns: T2P_OK on success
|
|
// T2P_INVALID_PROTOCOL on failure
|
|
//
|
|
|
|
DWORD TextToProtocol(IN char *szProt, OUT DWORD & dwProtocol);
|
|
|
|
////////////////////////////////////////////////////////////////
|
|
// Function: TextToOffer
|
|
// Purpose: converts string to a Phase 2 offer
|
|
// based on following format:
|
|
/*
|
|
ESP[ConfAlg,AuthAlg]RekeyPFS
|
|
AH[HashAlg]
|
|
AH[HashAlg]+ESP[ConfAlg,AuthAlg]
|
|
|
|
where ConfAlg can be NONE, DES, DES40 or 3DES
|
|
and AuthAlg can be NONE, MD5, or SHA
|
|
and HashAlg is MD5 or SHA
|
|
|
|
ESP[NONE, NONE] is not a supported config
|
|
|
|
*/
|
|
//
|
|
// Pre-conditions: szText is null terminated
|
|
//
|
|
// Parameters:
|
|
// szText IN the string to convert
|
|
// Offer IN OUT the returned offer
|
|
// Returns: T2P_OK on success
|
|
// on failure:
|
|
// T2P_INVALID_P2REKEY_UNIT
|
|
// T2P_NULL_STRING
|
|
// and anything that TextToAlgoInfo returns
|
|
|
|
DWORD TextToOffer(IN char *szText, IN OUT IPSEC_QM_OFFER &);
|
|
|
|
////////////////////////////////////////////////////////////////
|
|
// Function: TextToAlgoInfo
|
|
// Purpose: converts string to IPSEC_QM_ALGO
|
|
// parses AH[alg] or ESP[hashalg,encalg]
|
|
//
|
|
// Pre-conditions: szText is null terminated string
|
|
//
|
|
// Parameters:
|
|
// szText IN string to convert
|
|
// algoInfo IN OUT target struct
|
|
// Returns: T2P_OK on success
|
|
// on failure:
|
|
// T2P_INVALID_HASH_ALG
|
|
// T2P_GENERAL_PARSE_ERROR
|
|
// T2P_DUP_ALGS
|
|
// T2P_NONE_NONE
|
|
// T2P_INCOMPLETE_ESPALGS
|
|
// T2P_INVALID_IPSECPROT
|
|
// T2P_NULL_STRING
|
|
|
|
DWORD TextToAlgoInfo(IN char *szText, IN OUT IPSEC_QM_ALGO & algoInfo);
|
|
|
|
////////////////////////////////////////////////////////////////
|
|
// Function: TextToIPAddr
|
|
// Purpose: converts string to IPAddr, string of format:
|
|
// IPv4 dot notation
|
|
// DNS name
|
|
//
|
|
// CAVEAT: If domain name resolves to multiple addresses,
|
|
// only the first one is used.
|
|
// Pre-conditions: szText is null terminated string
|
|
//
|
|
// Parameters:
|
|
// szText IN string to convert
|
|
// ipaddr OUT target
|
|
//
|
|
// Returns: T2P_OK on success
|
|
// on failure:
|
|
// T2P_NULL_STRING
|
|
// T2P_INVALID_ADDR
|
|
// T2P_DNSLOOKUP_FAILED
|
|
//
|
|
DWORD TextToIPAddr(IN char *szText, IN OUT IPAddr &ipaddr);
|
|
|
|
////////////////////////////////////////////////////////////////
|
|
// Function: TextToOakleyAuth
|
|
// Purpose: converts string to IPSEC_MM_AUTH_INFO
|
|
//
|
|
// Pre-conditions: szText is null terminated string
|
|
//
|
|
// Parameters:
|
|
// szText IN input string
|
|
// OakAuth IN OUT target struct
|
|
//
|
|
// Returns: T2P_OK on success
|
|
// on failure:
|
|
// T2P_NO_PRESHARED_KEY
|
|
// T2P_INVALID_AUTH_METHOD
|
|
// T2P_MB2WC_FAILED
|
|
// T2P_NULL_STRING
|
|
//
|
|
|
|
DWORD TextToOakleyAuth(IN char *szText, IN OUT IPSEC_MM_AUTH_INFO & OakAuth);
|
|
|
|
////////////////////////////////////////////////////////////////
|
|
// Function: TextToSecMethod
|
|
// Purpose: converts string to Phase 1 offer
|
|
//
|
|
// Pre-conditions: szText is null term. string
|
|
//
|
|
// Parameters:
|
|
// szText IN string to convert
|
|
// p1offer IN OUT target struct
|
|
//
|
|
// Returns: T2P_OK on success
|
|
// T2P_NULL_STRING
|
|
// T2P_GENERAL_PARSE_ERROR
|
|
// T2P_DUP_ALGS
|
|
// T2P_INVALID_P1GROUP
|
|
// T2P_P1GROUP_MISSING
|
|
//
|
|
|
|
DWORD TextToSecMethod(IN char *szText, IN OUT IPSEC_MM_OFFER &p1offer);
|
|
|
|
|
|
////////////////////////////////////////////////////////////////
|
|
// Function: TextToP1Rekey
|
|
// Purpose: converts string to KEY_LIFETIME and QM limit
|
|
//
|
|
// Pre-conditions: szText is null term. string
|
|
//
|
|
// Parameters:
|
|
// szText IN input string
|
|
// OakLife IN OUT target struct
|
|
// QMLimit IN OUT target QM limit
|
|
//
|
|
// Returns: T2P_OK on success
|
|
// on failure:
|
|
// T2P_INVALID_P1REKEY_UNIT
|
|
// T2P_NULL_STRING
|
|
|
|
DWORD TextToP1Rekey(IN char *szText, IN OUT KEY_LIFETIME &OakLife, DWORD & QMLim);
|
|
|
|
////////////////////////////////////////////////////////////////
|
|
// Function: TextToMMFilter
|
|
// Purpose: Converts text to a MM_FILTER struct
|
|
/* string is of format:
|
|
A.B.C.D/mask=A.B.C.D/mask
|
|
The Source address is always on the left of the '=' and the Destination
|
|
address is always on the right.
|
|
|
|
If you replace the '=' with a '+' two filters will be created,
|
|
one in each direction.
|
|
|
|
mask is optional. If omitted,
|
|
mask 255.255.255.255 will be used for the filter.
|
|
|
|
You can replace A.B.C.D/mask with the following for
|
|
special meaning:
|
|
0 means My address(es)
|
|
* means Any address
|
|
a DNS name
|
|
|
|
*/
|
|
//
|
|
// Pre-conditions: szText must be NULL terminated
|
|
//
|
|
// Parameters:
|
|
// szText IN the string to convert
|
|
// Filter IN OUT a user allocated MM_FILTER struct,
|
|
//
|
|
// Returns: T2P_OK on success
|
|
// on failure:
|
|
// T2P_NULL_STRING
|
|
// T2P_NOSRCDEST_TOKEN
|
|
//
|
|
// whatever UuidCreate,TextToFiltAddr returns on failure
|
|
|
|
DWORD TextToMMFilter(IN char *szText,
|
|
IN OUT MM_FILTER &Filter,
|
|
char *szSrc = NULL,
|
|
char *szDst = NULL
|
|
);
|
|
|
|
// CmdLineToPolicy
|
|
// This will take the command line, parse it all out
|
|
// and fill out the policy structures.
|
|
// Returns False if there is any kind of failure
|
|
// NOTE: uArgCount should be > 0 and strArgs non-null
|
|
DWORD CmdLineToPolicy(IN UINT uArgCount, IN char *strArgs[],
|
|
OUT IPSEC_IKE_POLICY & IpsecIkePol,
|
|
OUT bool & bConfirm
|
|
,OUT PSTORAGE_INFO pStorageInfo = NULL);
|
|
|
|
// mirror filter
|
|
bool MirrorFilter(IN T2P_FILTER, OUT T2P_FILTER &);
|
|
// generate corresponding mainmode filter
|
|
bool GenerateMMFilter(IN T2P_FILTER, OUT MM_FILTER &);
|
|
|
|
// this shouldn't be in here, it's a kludge.
|
|
void LoadIkeDefaults(OUT IPSEC_MM_POLICY & IkePol);
|
|
void LoadOfferDefaults(OUT PIPSEC_QM_OFFER & Offers, OUT DWORD & NumOffers);
|
|
|
|
|
|
DWORD TextToStorageLocation(IN char *szText, IN OUT STORAGE_INFO & StoreInfo);
|
|
DWORD TextToPolicyName(IN char *szText, IN OUT STORAGE_INFO & StoreInfo);
|
|
|
|
|
|
/*********************************************************************
|
|
FUNCTION: GenerateGuidNamePair
|
|
PURPOSE: Generates GUID and name for the object using specified prefix
|
|
PARAMS:
|
|
pszPrefix - prefix to use, can be NULL (then default prefix will be used)
|
|
gID - reference to GUID
|
|
ppszName - address of name pointer, memory will be allocated inside this function
|
|
RETURNS: none, will assert if memory cannot be allocated
|
|
COMMENTS:
|
|
caller is responsible for freeing the memory allocated
|
|
(see also DeleteGuidsNames routine)
|
|
*********************************************************************/
|
|
void GenerateGuidNamePair (IN LPWSTR pszPrefix, OUT GUID& gID, OUT LPWSTR* ppszName);
|
|
|
|
/*********************************************************************
|
|
FUNCTION: GenerateGuidsNames
|
|
PURPOSE: Generates all necessary GUIDs and names for IPSEC_IKE_POLICY
|
|
PARAMS:
|
|
pszPrefix - prefix to use, can be NULL (then default prefix will be used)
|
|
IPSecIkePol - reference to IPSEC_IKE_POLICY structure
|
|
RETURNS: none, will assert if memory cannot be allocated
|
|
COMMENTS:
|
|
caller is responsible for freeing the memory allocated
|
|
(see also DeleteGuidsNames routine)
|
|
*********************************************************************/
|
|
void GenerateGuidsNames (IN LPWSTR pszPrefix, IN OUT IPSEC_IKE_POLICY& IPSecIkePol);
|
|
|
|
/*********************************************************************
|
|
FUNCTION: DeleteGuidsNames
|
|
PURPOSE: Deletes all GUIDs and names from IPSEC_IKE_POLICY (used for cleanup)
|
|
PARAMS:
|
|
IPSecIkePol - reference to IPSEC_IKE_POLICY structure
|
|
RETURNS: none
|
|
COMMENTS:
|
|
*********************************************************************/
|
|
void DeleteGuidsNames (IN OUT IPSEC_IKE_POLICY& IPSecIkePol);
|
|
|
|
///////////////////////////////////////////////////////////////////////
|
|
//
|
|
// PRIVATE DECLARATIONS (SPDUtil.cpp)
|
|
//
|
|
///////////////////////////////////////////////////////////////////////
|
|
|
|
int isdnsname(char *szStr);
|
|
DWORD CM_EncodeName ( LPTSTR pszSubjectName, BYTE **EncodedName, DWORD *EncodedNameLength );
|
|
DWORD CM_DecodeName ( BYTE *EncodedName, DWORD EncodedNameLength, LPTSTR *ppszSubjectName );
|
|
|
|
#endif
|