mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1657 lines
37 KiB
1657 lines
37 KiB
/*++
|
|
|
|
Copyright (c) 1999 Microsoft Corporation
|
|
|
|
|
|
Module Name:
|
|
|
|
mmspecific.c
|
|
|
|
Abstract:
|
|
|
|
This module contains all of the code to drive the
|
|
mm specific filter list management of IPSecSPD Service.
|
|
|
|
Author:
|
|
|
|
abhisheV 08-December-1999
|
|
|
|
Environment
|
|
|
|
User Level: Win32
|
|
|
|
Revision History:
|
|
|
|
|
|
--*/
|
|
|
|
|
|
#include "precomp.h"
|
|
|
|
|
|
DWORD
|
|
ApplyMMTransform(
|
|
PINIMMFILTER pFilter,
|
|
MATCHING_ADDR * pMatchingAddresses,
|
|
DWORD dwAddrCnt,
|
|
PINIMMSFILTER * ppSpecificFilters
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function expands a generic mm filter into its
|
|
corresponding specific filters.
|
|
|
|
Arguments:
|
|
|
|
pFilter - Generic filter to expand.
|
|
|
|
pMatchingAddresses - List of local ip addresses whose interface
|
|
type matches that of the filter.
|
|
|
|
dwAddrCnt - Number of local ip addresses in the list.
|
|
|
|
ppSpecificFilters - List of specific filters expanded for the
|
|
given generic filter.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
PINIMMSFILTER pSpecificFilters = NULL;
|
|
PINIMMSFILTER pOutboundSpecificFilters = NULL;
|
|
PINIMMSFILTER pInboundSpecificFilters = NULL;
|
|
|
|
PADDR pOutSrcAddrList = NULL;
|
|
DWORD dwOutSrcAddrCnt = 0;
|
|
PADDR pInSrcAddrList = NULL;
|
|
DWORD dwInSrcAddrCnt = 0;
|
|
|
|
PADDR pOutDesAddrList = NULL;
|
|
DWORD dwOutDesAddrCnt = 0;
|
|
PADDR pInDesAddrList = NULL;
|
|
DWORD dwInDesAddrCnt = 0;
|
|
|
|
|
|
//
|
|
// Form the outbound and inbound source and destination
|
|
// address lists.
|
|
//
|
|
|
|
dwError = FormMMOutboundInboundAddresses(
|
|
pFilter,
|
|
pMatchingAddresses,
|
|
dwAddrCnt,
|
|
&pOutSrcAddrList,
|
|
&dwOutSrcAddrCnt,
|
|
&pInSrcAddrList,
|
|
&dwInSrcAddrCnt,
|
|
&pOutDesAddrList,
|
|
&dwOutDesAddrCnt,
|
|
&pInDesAddrList,
|
|
&dwInDesAddrCnt
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
|
|
//
|
|
// Form outbound specific filters.
|
|
//
|
|
|
|
dwError = FormSpecificMMFilters(
|
|
pFilter,
|
|
pOutSrcAddrList,
|
|
dwOutSrcAddrCnt,
|
|
pOutDesAddrList,
|
|
dwOutDesAddrCnt,
|
|
FILTER_DIRECTION_OUTBOUND,
|
|
&pOutboundSpecificFilters
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
|
|
//
|
|
// Form inbound specific filters.
|
|
//
|
|
|
|
dwError = FormSpecificMMFilters(
|
|
pFilter,
|
|
pInSrcAddrList,
|
|
dwInSrcAddrCnt,
|
|
pInDesAddrList,
|
|
dwInDesAddrCnt,
|
|
FILTER_DIRECTION_INBOUND,
|
|
&pInboundSpecificFilters
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
|
|
pSpecificFilters = pOutboundSpecificFilters;
|
|
|
|
AddToSpecificMMList(
|
|
&pSpecificFilters,
|
|
pInboundSpecificFilters
|
|
);
|
|
|
|
|
|
*ppSpecificFilters = pSpecificFilters;
|
|
|
|
cleanup:
|
|
|
|
if (pOutSrcAddrList) {
|
|
FreeSPDMemory(pOutSrcAddrList);
|
|
}
|
|
|
|
if (pInSrcAddrList) {
|
|
FreeSPDMemory(pInSrcAddrList);
|
|
}
|
|
|
|
if (pOutDesAddrList) {
|
|
FreeSPDMemory(pOutDesAddrList);
|
|
}
|
|
|
|
if (pInDesAddrList) {
|
|
FreeSPDMemory(pInDesAddrList);
|
|
}
|
|
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pOutboundSpecificFilters) {
|
|
FreeIniMMSFilterList(pOutboundSpecificFilters);
|
|
}
|
|
|
|
if (pInboundSpecificFilters) {
|
|
FreeIniMMSFilterList(pInboundSpecificFilters);
|
|
}
|
|
|
|
|
|
*ppSpecificFilters = NULL;
|
|
goto cleanup;
|
|
}
|
|
|
|
|
|
DWORD
|
|
FormMMOutboundInboundAddresses(
|
|
PINIMMFILTER pFilter,
|
|
MATCHING_ADDR * pMatchingAddresses,
|
|
DWORD dwAddrCnt,
|
|
PADDR * ppOutSrcAddrList,
|
|
PDWORD pdwOutSrcAddrCnt,
|
|
PADDR * ppInSrcAddrList,
|
|
PDWORD pdwInSrcAddrCnt,
|
|
PADDR * ppOutDesAddrList,
|
|
PDWORD pdwOutDesAddrCnt,
|
|
PADDR * ppInDesAddrList,
|
|
PDWORD pdwInDesAddrCnt
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function forms the outbound and inbound source and
|
|
destination address sets for a generic filter.
|
|
|
|
Arguments:
|
|
|
|
pFilter - Generic filter under consideration.
|
|
|
|
pMatchingAddresses - List of local ip addresses whose interface
|
|
type matches that of the filter.
|
|
|
|
dwAddrCnt - Number of local ip addresses in the list.
|
|
|
|
ppOutSrcAddrList - List of outbound source addresses.
|
|
|
|
pdwOutSrcAddrCnt - Number of addresses in the outbound
|
|
source address list.
|
|
|
|
ppInSrcAddrList - List of inbound source addresses.
|
|
|
|
pdwInSrcAddrCnt - Number of addresses in the inbound
|
|
source address list.
|
|
|
|
ppOutDesAddrList - List of outbound destination addresses.
|
|
|
|
pdwOutDesAddrCnt - Number of addresses in the outbound
|
|
destination address list.
|
|
|
|
ppInDesAddrList - List of inbound destination addresses.
|
|
|
|
pdwInDesAddrCnt - Number of addresses in the inbound
|
|
destination address list.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
|
|
PADDR pSrcAddrList = NULL;
|
|
DWORD dwSrcAddrCnt = 0;
|
|
PADDR pDesAddrList = NULL;
|
|
DWORD dwDesAddrCnt = 0;
|
|
|
|
PADDR pOutSrcAddrList = NULL;
|
|
DWORD dwOutSrcAddrCnt = 0;
|
|
PADDR pInSrcAddrList = NULL;
|
|
DWORD dwInSrcAddrCnt = 0;
|
|
|
|
PADDR pOutDesAddrList = NULL;
|
|
DWORD dwOutDesAddrCnt = 0;
|
|
PADDR pInDesAddrList = NULL;
|
|
DWORD dwInDesAddrCnt = 0;
|
|
|
|
|
|
//
|
|
// Replace wild card information to generate the new source
|
|
// address list.
|
|
//
|
|
|
|
dwError = FormAddressList(
|
|
pFilter->SrcAddr,
|
|
pMatchingAddresses,
|
|
dwAddrCnt,
|
|
&pSrcAddrList,
|
|
&dwSrcAddrCnt
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
//
|
|
// Replace wild card information to generate the new destination
|
|
// address list.
|
|
//
|
|
|
|
dwError = FormAddressList(
|
|
pFilter->DesAddr,
|
|
pMatchingAddresses,
|
|
dwAddrCnt,
|
|
&pDesAddrList,
|
|
&dwDesAddrCnt
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
//
|
|
// Separate the source address list into outbound and inbound
|
|
// source address sets based on the local machine's ip addresses.
|
|
//
|
|
|
|
dwError = SeparateAddrList(
|
|
pFilter->SrcAddr.AddrType,
|
|
pSrcAddrList,
|
|
dwSrcAddrCnt,
|
|
pMatchingAddresses,
|
|
dwAddrCnt,
|
|
&pOutSrcAddrList,
|
|
&dwOutSrcAddrCnt,
|
|
&pInSrcAddrList,
|
|
&dwInSrcAddrCnt
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
//
|
|
// Separate the destination address list into outbound and inbound
|
|
// destination address sets based on the local machine's ip
|
|
// addresses.
|
|
//
|
|
|
|
dwError = SeparateAddrList(
|
|
pFilter->DesAddr.AddrType,
|
|
pDesAddrList,
|
|
dwDesAddrCnt,
|
|
pMatchingAddresses,
|
|
dwAddrCnt,
|
|
&pInDesAddrList,
|
|
&dwInDesAddrCnt,
|
|
&pOutDesAddrList,
|
|
&dwOutDesAddrCnt
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
*ppOutSrcAddrList = pOutSrcAddrList;
|
|
*pdwOutSrcAddrCnt = dwOutSrcAddrCnt;
|
|
*ppInSrcAddrList = pInSrcAddrList;
|
|
*pdwInSrcAddrCnt = dwInSrcAddrCnt;
|
|
|
|
*ppOutDesAddrList = pOutDesAddrList;
|
|
*pdwOutDesAddrCnt = dwOutDesAddrCnt;
|
|
*ppInDesAddrList = pInDesAddrList;
|
|
*pdwInDesAddrCnt = dwInDesAddrCnt;
|
|
|
|
cleanup:
|
|
|
|
if (pSrcAddrList) {
|
|
FreeSPDMemory(pSrcAddrList);
|
|
}
|
|
|
|
if (pDesAddrList) {
|
|
FreeSPDMemory(pDesAddrList);
|
|
}
|
|
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pOutSrcAddrList) {
|
|
FreeSPDMemory(pOutSrcAddrList);
|
|
}
|
|
|
|
if (pInSrcAddrList) {
|
|
FreeSPDMemory(pInSrcAddrList);
|
|
}
|
|
|
|
if (pOutDesAddrList) {
|
|
FreeSPDMemory(pOutDesAddrList);
|
|
}
|
|
|
|
if (pInDesAddrList) {
|
|
FreeSPDMemory(pInDesAddrList);
|
|
}
|
|
|
|
*ppOutSrcAddrList = NULL;
|
|
*pdwOutSrcAddrCnt = 0;
|
|
*ppInSrcAddrList = NULL;
|
|
*pdwInSrcAddrCnt = 0;
|
|
|
|
*ppOutDesAddrList = NULL;
|
|
*pdwOutDesAddrCnt = 0;
|
|
*ppInDesAddrList = NULL;
|
|
*pdwInDesAddrCnt = 0;
|
|
|
|
goto cleanup;
|
|
}
|
|
|
|
|
|
DWORD
|
|
FormSpecificMMFilters(
|
|
PINIMMFILTER pFilter,
|
|
PADDR pSrcAddrList,
|
|
DWORD dwSrcAddrCnt,
|
|
PADDR pDesAddrList,
|
|
DWORD dwDesAddrCnt,
|
|
DWORD dwDirection,
|
|
PINIMMSFILTER * ppSpecificFilters
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function forms the specific main mode filters
|
|
for the given generic filter and the source and
|
|
destination address sets.
|
|
|
|
Arguments:
|
|
|
|
pFilter - Generic filter for which specific filters
|
|
are to be created.
|
|
|
|
pSrcAddrList - List of source addresses.
|
|
|
|
dwSrcAddrCnt - Number of addresses in the source
|
|
address list.
|
|
|
|
pDesAddrList - List of destination addresses.
|
|
|
|
dwDesAddrCnt - Number of addresses in the destination
|
|
address list.
|
|
|
|
ppSpecificFilters - Specific filters created for the given
|
|
generic filter and the given addresses.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
PINIMMSFILTER pSpecificFilters = NULL;
|
|
DWORD i = 0, j = 0;
|
|
PINIMMSFILTER pSpecificFilter = NULL;
|
|
|
|
|
|
|
|
for (i = 0; i < dwSrcAddrCnt; i++) {
|
|
|
|
for (j = 0; j < dwDesAddrCnt; j++) {
|
|
|
|
dwError = CreateSpecificMMFilter(
|
|
pFilter,
|
|
pSrcAddrList[i],
|
|
pDesAddrList[j],
|
|
&pSpecificFilter
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
//
|
|
// Set the direction of the filter.
|
|
//
|
|
|
|
pSpecificFilter->dwDirection = dwDirection;
|
|
|
|
AssignMMFilterWeight(pSpecificFilter);
|
|
|
|
AddToSpecificMMList(
|
|
&pSpecificFilters,
|
|
pSpecificFilter
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
*ppSpecificFilters = pSpecificFilters;
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pSpecificFilters) {
|
|
FreeIniMMSFilterList(pSpecificFilters);
|
|
}
|
|
|
|
*ppSpecificFilters = NULL;
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
CreateSpecificMMFilter(
|
|
PINIMMFILTER pGenericFilter,
|
|
ADDR SrcAddr,
|
|
ADDR DesAddr,
|
|
PINIMMSFILTER * ppSpecificFilter
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
PINIMMSFILTER pSpecificFilter = NULL;
|
|
|
|
|
|
dwError = AllocateSPDMemory(
|
|
sizeof(INIMMSFILTER),
|
|
&pSpecificFilter
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pSpecificFilter->cRef = 0;
|
|
|
|
CopyGuid(pGenericFilter->gFilterID, &(pSpecificFilter->gParentID));
|
|
|
|
dwError = AllocateSPDString(
|
|
pGenericFilter->pszFilterName,
|
|
&(pSpecificFilter->pszFilterName)
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pSpecificFilter->InterfaceType = pGenericFilter->InterfaceType;
|
|
|
|
pSpecificFilter->dwFlags = pGenericFilter->dwFlags;
|
|
|
|
CopyAddresses(SrcAddr, &(pSpecificFilter->SrcAddr));
|
|
|
|
CopyAddresses(DesAddr, &(pSpecificFilter->DesAddr));
|
|
|
|
//
|
|
// Direction must be set in the calling routine.
|
|
//
|
|
|
|
pSpecificFilter->dwDirection = 0;
|
|
|
|
//
|
|
// Weight must be set in the calling routine.
|
|
//
|
|
|
|
pSpecificFilter->dwWeight = 0;
|
|
|
|
CopyGuid(pGenericFilter->gMMAuthID, &(pSpecificFilter->gMMAuthID));
|
|
|
|
CopyGuid(pGenericFilter->gPolicyID, &(pSpecificFilter->gPolicyID));
|
|
|
|
pSpecificFilter->pIniMMAuthMethods = NULL;
|
|
|
|
pSpecificFilter->pIniMMPolicy = NULL;
|
|
|
|
pSpecificFilter->pNext = NULL;
|
|
|
|
*ppSpecificFilter = pSpecificFilter;
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pSpecificFilter) {
|
|
FreeIniMMSFilter(pSpecificFilter);
|
|
}
|
|
|
|
*ppSpecificFilter = NULL;
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
VOID
|
|
AssignMMFilterWeight(
|
|
PINIMMSFILTER pSpecificFilter
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Computes and assigns the weight to a specific mm filter.
|
|
|
|
The mm filter weight consists of the following:
|
|
|
|
31 16 12 8 0
|
|
+-----------+--------+-----------+--------+
|
|
|AddrMaskWgt| Reserved |
|
|
+-----------+--------+-----------+--------+
|
|
|
|
Arguments:
|
|
|
|
pSpecificFilter - Specific mm filter to which the weight
|
|
is to be assigned.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwWeight = 0;
|
|
ULONG SrcMask = 0;
|
|
ULONG DesMask = 0;
|
|
DWORD dwMaskWeight = 0;
|
|
DWORD i = 0;
|
|
|
|
|
|
//
|
|
// Weight Rule:
|
|
// A field with a more specific value gets a higher weight than
|
|
// the same field with a lesser specific value.
|
|
//
|
|
|
|
//
|
|
// IP addresses get the weight values based on their mask values.
|
|
// In the address case, the weight is computed as a sum of the
|
|
// bit positions starting from the position that contains the
|
|
// first least significant non-zero bit to the most significant
|
|
// bit position of the mask.
|
|
// All unique ip addresses have a mask of 0xFFFFFFFF and thus get
|
|
// the same weight, which is 1 + 2 + .... + 32.
|
|
// A subnet address has a mask with atleast the least significant
|
|
// bit zero and thus gets weight in the range (2 + .. + 32) to 0.
|
|
//
|
|
|
|
DesMask = ntohl(pSpecificFilter->DesAddr.uSubNetMask);
|
|
|
|
for (i = 0; i < sizeof(ULONG) * 8; i++) {
|
|
|
|
//
|
|
// If the bit position contains a non-zero bit, add the bit
|
|
// position to the sum.
|
|
//
|
|
|
|
if ((DesMask & 0x1) == 0x1) {
|
|
dwMaskWeight += (i+1);
|
|
}
|
|
|
|
//
|
|
// Move to the next bit position.
|
|
//
|
|
|
|
DesMask = DesMask >> 1;
|
|
|
|
}
|
|
|
|
|
|
SrcMask = ntohl(pSpecificFilter->SrcAddr.uSubNetMask);
|
|
|
|
for (i = 0; i < sizeof(ULONG) * 8; i++) {
|
|
|
|
//
|
|
// If the bit position contains a non-zero bit, add the bit
|
|
// position to the sum.
|
|
//
|
|
|
|
if ((SrcMask & 0x1) == 0x1) {
|
|
dwMaskWeight += (i+1);
|
|
}
|
|
|
|
//
|
|
// Move to the next bit position.
|
|
//
|
|
|
|
SrcMask = SrcMask >> 1;
|
|
|
|
}
|
|
|
|
//
|
|
// Move the mask weight to the set of bits in the overall weight
|
|
// that it occupies.
|
|
//
|
|
|
|
dwMaskWeight = dwMaskWeight << 16;
|
|
|
|
dwWeight += dwMaskWeight;
|
|
|
|
pSpecificFilter->dwWeight = dwWeight;
|
|
}
|
|
|
|
|
|
VOID
|
|
AddToSpecificMMList(
|
|
PINIMMSFILTER * ppSpecificMMFilterList,
|
|
PINIMMSFILTER pSpecificMMFilters
|
|
)
|
|
{
|
|
PINIMMSFILTER pListOne = NULL;
|
|
PINIMMSFILTER pListTwo = NULL;
|
|
PINIMMSFILTER pListMerge = NULL;
|
|
PINIMMSFILTER pLast = NULL;
|
|
|
|
if (!(*ppSpecificMMFilterList) && !pSpecificMMFilters) {
|
|
return;
|
|
}
|
|
|
|
if (!(*ppSpecificMMFilterList)) {
|
|
*ppSpecificMMFilterList = pSpecificMMFilters;
|
|
return;
|
|
}
|
|
|
|
if (!pSpecificMMFilters) {
|
|
return;
|
|
}
|
|
|
|
pListOne = *ppSpecificMMFilterList;
|
|
pListTwo = pSpecificMMFilters;
|
|
|
|
while (pListOne && pListTwo) {
|
|
|
|
if ((pListOne->dwWeight) > (pListTwo->dwWeight)) {
|
|
|
|
if (!pListMerge) {
|
|
pListMerge = pListOne;
|
|
pLast = pListOne;
|
|
pListOne = pListOne->pNext;
|
|
}
|
|
else {
|
|
pLast->pNext = pListOne;
|
|
pListOne = pListOne->pNext;
|
|
pLast = pLast->pNext;
|
|
}
|
|
|
|
}
|
|
else {
|
|
|
|
if (!pListMerge) {
|
|
pListMerge = pListTwo;
|
|
pLast = pListTwo;
|
|
pListTwo = pListTwo->pNext;
|
|
}
|
|
else {
|
|
pLast->pNext = pListTwo;
|
|
pListTwo = pListTwo->pNext;
|
|
pLast = pLast->pNext;
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (pListOne) {
|
|
pLast->pNext = pListOne;
|
|
}
|
|
else {
|
|
pLast->pNext = pListTwo;
|
|
}
|
|
|
|
*ppSpecificMMFilterList = pListMerge;
|
|
return;
|
|
}
|
|
|
|
|
|
VOID
|
|
FreeIniMMSFilterList(
|
|
PINIMMSFILTER pIniMMSFilterList
|
|
)
|
|
{
|
|
PINIMMSFILTER pFilter = NULL;
|
|
PINIMMSFILTER pTempFilter = NULL;
|
|
|
|
pFilter = pIniMMSFilterList;
|
|
|
|
while (pFilter) {
|
|
pTempFilter = pFilter;
|
|
pFilter = pFilter->pNext;
|
|
FreeIniMMSFilter(pTempFilter);
|
|
}
|
|
}
|
|
|
|
|
|
VOID
|
|
FreeIniMMSFilter(
|
|
PINIMMSFILTER pIniMMSFilter
|
|
)
|
|
{
|
|
if (pIniMMSFilter) {
|
|
if (pIniMMSFilter->pszFilterName) {
|
|
FreeSPDString(pIniMMSFilter->pszFilterName);
|
|
}
|
|
|
|
//
|
|
// Must not ever free pIniMMSFilter->pIniMMPolicy.
|
|
//
|
|
|
|
FreeSPDMemory(pIniMMSFilter);
|
|
}
|
|
}
|
|
|
|
|
|
VOID
|
|
LinkMMSpecificFiltersToPolicy(
|
|
PINIMMPOLICY pIniMMPolicy,
|
|
PINIMMSFILTER pIniMMSFilters
|
|
)
|
|
{
|
|
PINIMMSFILTER pTemp = NULL;
|
|
|
|
pTemp = pIniMMSFilters;
|
|
|
|
while (pTemp) {
|
|
pTemp->pIniMMPolicy = pIniMMPolicy;
|
|
pTemp = pTemp->pNext;
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
|
|
VOID
|
|
LinkMMSpecificFiltersToAuth(
|
|
PINIMMAUTHMETHODS pIniMMAuthMethods,
|
|
PINIMMSFILTER pIniMMSFilters
|
|
)
|
|
{
|
|
PINIMMSFILTER pTemp = NULL;
|
|
|
|
pTemp = pIniMMSFilters;
|
|
|
|
while (pTemp) {
|
|
pTemp->pIniMMAuthMethods = pIniMMAuthMethods;
|
|
pTemp = pTemp->pNext;
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
|
|
VOID
|
|
RemoveIniMMSFilter(
|
|
PINIMMSFILTER pIniMMSFilter
|
|
)
|
|
{
|
|
PINIMMSFILTER * ppTemp = NULL;
|
|
|
|
ppTemp = &gpIniMMSFilter;
|
|
|
|
while (*ppTemp) {
|
|
|
|
if (*ppTemp == pIniMMSFilter) {
|
|
break;
|
|
}
|
|
ppTemp = &((*ppTemp)->pNext);
|
|
}
|
|
|
|
if (*ppTemp) {
|
|
*ppTemp = pIniMMSFilter->pNext;
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
|
|
DWORD
|
|
EnumSpecificMMFilters(
|
|
PINIMMSFILTER pIniMMSFilterList,
|
|
DWORD dwResumeHandle,
|
|
DWORD dwPreferredNumEntries,
|
|
PMM_FILTER * ppMMFilters,
|
|
PDWORD pdwNumMMFilters
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function creates enumerated specific filters.
|
|
|
|
Arguments:
|
|
|
|
pIniMMSFilterList - List of specific filters to enumerate.
|
|
|
|
dwResumeHandle - Location in the specific filter list from which
|
|
to resume enumeration.
|
|
|
|
dwPreferredNumEntries - Preferred number of enumeration entries.
|
|
|
|
ppMMFilters - Enumerated filters returned to the caller.
|
|
|
|
pdwNumMMFilters - Number of filters actually enumerated.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwNumToEnum = 0;
|
|
PINIMMSFILTER pIniMMSFilter = NULL;
|
|
DWORD i = 0;
|
|
PINIMMSFILTER pTemp = NULL;
|
|
DWORD dwNumMMFilters = 0;
|
|
PMM_FILTER pMMFilters = 0;
|
|
PMM_FILTER pMMFilter = 0;
|
|
|
|
|
|
if (!dwPreferredNumEntries ||
|
|
(dwPreferredNumEntries > MAX_MMFILTER_ENUM_COUNT)) {
|
|
dwNumToEnum = MAX_MMFILTER_ENUM_COUNT;
|
|
}
|
|
else {
|
|
dwNumToEnum = dwPreferredNumEntries;
|
|
}
|
|
|
|
pIniMMSFilter = pIniMMSFilterList;
|
|
|
|
for (i = 0; (i < dwResumeHandle) && (pIniMMSFilter != NULL); i++) {
|
|
pIniMMSFilter = pIniMMSFilter->pNext;
|
|
}
|
|
|
|
if (!pIniMMSFilter) {
|
|
dwError = ERROR_NO_DATA;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
pTemp = pIniMMSFilter;
|
|
|
|
while (pTemp && (dwNumMMFilters < dwNumToEnum)) {
|
|
dwNumMMFilters++;
|
|
pTemp = pTemp->pNext;
|
|
}
|
|
|
|
dwError = SPDApiBufferAllocate(
|
|
sizeof(MM_FILTER)*dwNumMMFilters,
|
|
&pMMFilters
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pTemp = pIniMMSFilter;
|
|
pMMFilter = pMMFilters;
|
|
|
|
for (i = 0; i < dwNumMMFilters; i++) {
|
|
|
|
dwError = CopyMMSFilter(
|
|
pTemp,
|
|
pMMFilter
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pTemp = pTemp->pNext;
|
|
pMMFilter++;
|
|
|
|
}
|
|
|
|
*ppMMFilters = pMMFilters;
|
|
*pdwNumMMFilters = dwNumMMFilters;
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pMMFilters) {
|
|
FreeMMFilters(
|
|
i,
|
|
pMMFilters
|
|
);
|
|
}
|
|
|
|
*ppMMFilters = NULL;
|
|
*pdwNumMMFilters = 0;
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
CopyMMSFilter(
|
|
PINIMMSFILTER pIniMMSFilter,
|
|
PMM_FILTER pMMFilter
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function copies an internal filter into an external filter
|
|
container.
|
|
|
|
Arguments:
|
|
|
|
pIniMMSFilter - Internal filter to copy.
|
|
|
|
pMMFilter - External filter container in which to copy.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
|
|
CopyGuid(pIniMMSFilter->gParentID, &(pMMFilter->gFilterID));
|
|
|
|
dwError = CopyName(
|
|
pIniMMSFilter->pszFilterName,
|
|
&(pMMFilter->pszFilterName)
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pMMFilter->InterfaceType = pIniMMSFilter->InterfaceType;
|
|
|
|
pMMFilter->bCreateMirror = FALSE;
|
|
|
|
pMMFilter->dwFlags = pIniMMSFilter->dwFlags;
|
|
|
|
CopyAddresses(pIniMMSFilter->SrcAddr, &(pMMFilter->SrcAddr));
|
|
|
|
CopyAddresses(pIniMMSFilter->DesAddr, &(pMMFilter->DesAddr));
|
|
|
|
pMMFilter->dwDirection = pIniMMSFilter->dwDirection;
|
|
|
|
pMMFilter->dwWeight = pIniMMSFilter->dwWeight;
|
|
|
|
CopyGuid(pIniMMSFilter->gMMAuthID, &(pMMFilter->gMMAuthID));
|
|
|
|
CopyGuid(pIniMMSFilter->gPolicyID, &(pMMFilter->gPolicyID));
|
|
|
|
error:
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
EnumSelectSpecificMMFilters(
|
|
PINIMMFILTER pIniMMFilter,
|
|
DWORD dwResumeHandle,
|
|
DWORD dwPreferredNumEntries,
|
|
PMM_FILTER * ppMMFilters,
|
|
PDWORD pdwNumMMFilters
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function creates enumerated specific filters for
|
|
the given generic filter.
|
|
|
|
Arguments:
|
|
|
|
pIniMMFilter - Generic filter for which specific filters
|
|
are to be enumerated.
|
|
|
|
dwResumeHandle - Location in the specific filter list for the
|
|
given generic filter from which to resume
|
|
enumeration.
|
|
|
|
dwPreferredNumEntries - Preferred number of enumeration entries.
|
|
|
|
ppMMFilters - Enumerated filters returned to the caller.
|
|
|
|
pdwNumMMFilters - Number of filters actually enumerated.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwNumToEnum = 0;
|
|
DWORD dwNumMMSFilters = 0;
|
|
PINIMMSFILTER * ppIniMMSFilters = NULL;
|
|
DWORD i = 0;
|
|
DWORD dwNumMMFilters = 0;
|
|
PMM_FILTER pMMFilters = 0;
|
|
PMM_FILTER pMMFilter = 0;
|
|
|
|
|
|
if (!dwPreferredNumEntries ||
|
|
(dwPreferredNumEntries > MAX_MMFILTER_ENUM_COUNT)) {
|
|
dwNumToEnum = MAX_MMFILTER_ENUM_COUNT;
|
|
}
|
|
else {
|
|
dwNumToEnum = dwPreferredNumEntries;
|
|
}
|
|
|
|
dwNumMMSFilters = pIniMMFilter->dwNumMMSFilters;
|
|
ppIniMMSFilters = pIniMMFilter->ppIniMMSFilters;
|
|
|
|
if (!dwNumMMSFilters || (dwNumMMSFilters <= dwResumeHandle)) {
|
|
dwError = ERROR_NO_DATA;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
dwNumMMFilters = min((dwNumMMSFilters-dwResumeHandle),
|
|
dwNumToEnum);
|
|
|
|
dwError = SPDApiBufferAllocate(
|
|
sizeof(MM_FILTER)*dwNumMMFilters,
|
|
&pMMFilters
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pMMFilter = pMMFilters;
|
|
|
|
for (i = 0; i < dwNumMMFilters; i++) {
|
|
|
|
dwError = CopyMMSFilter(
|
|
*(ppIniMMSFilters + (dwResumeHandle + i)),
|
|
pMMFilter
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
pMMFilter++;
|
|
|
|
}
|
|
|
|
*ppMMFilters = pMMFilters;
|
|
*pdwNumMMFilters = dwNumMMFilters;
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pMMFilters) {
|
|
FreeMMFilters(
|
|
i,
|
|
pMMFilters
|
|
);
|
|
}
|
|
|
|
*ppMMFilters = NULL;
|
|
*pdwNumMMFilters = 0;
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
MatchMMFilter(
|
|
LPWSTR pServerName,
|
|
PMM_FILTER pMMFilter,
|
|
DWORD dwFlags,
|
|
PMM_FILTER * ppMatchedMMFilters,
|
|
PIPSEC_MM_POLICY * ppMatchedMMPolicies,
|
|
PMM_AUTH_METHODS * ppMatchedMMAuthMethods,
|
|
DWORD dwPreferredNumEntries,
|
|
LPDWORD pdwNumMatches,
|
|
LPDWORD pdwResumeHandle
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function finds the matching mm filters for the given mm
|
|
filter template. The matched filters can not be more specific
|
|
than the given filter template.
|
|
|
|
Arguments:
|
|
|
|
pServerName - Server on which a filter template is to be matched.
|
|
|
|
pMMFilter - Filter template to match.
|
|
|
|
dwFlags - Flags.
|
|
|
|
ppMatchedMMFilters - Matched main mode filters returned to the
|
|
caller.
|
|
|
|
ppMatchedMMPolicies - Main mode policies corresponding to the
|
|
matched main mode filters returned to the
|
|
caller.
|
|
|
|
ppMatchedMMAuthMethods - Main mode auth methods corresponding to the
|
|
matched main mode filters returned to the
|
|
caller.
|
|
|
|
dwPreferredNumEntries - Preferred number of matched entries.
|
|
|
|
pdwNumMatches - Number of filters actually matched.
|
|
|
|
pdwResumeHandle - Handle to the location in the matched filter
|
|
list from which to resume enumeration.
|
|
|
|
Return Value:
|
|
|
|
ERROR_SUCCESS - Success.
|
|
|
|
Win32 Error - Failure.
|
|
|
|
--*/
|
|
{
|
|
DWORD dwError = 0;
|
|
DWORD dwResumeHandle = 0;
|
|
DWORD dwNumToMatch = 0;
|
|
PINIMMSFILTER pIniMMSFilter = NULL;
|
|
DWORD i = 0;
|
|
BOOL bMatches = FALSE;
|
|
PINIMMSFILTER pTemp = NULL;
|
|
DWORD dwNumMatches = 0;
|
|
PINIMMSFILTER pLastMatchedFilter = NULL;
|
|
PMM_FILTER pMatchedMMFilters = NULL;
|
|
PIPSEC_MM_POLICY pMatchedMMPolicies = NULL;
|
|
PMM_AUTH_METHODS pMatchedMMAuthMethods = NULL;
|
|
DWORD dwNumFilters = 0;
|
|
DWORD dwNumPolicies = 0;
|
|
DWORD dwNumAuthMethods = 0;
|
|
PMM_FILTER pMatchedMMFilter = NULL;
|
|
PIPSEC_MM_POLICY pMatchedMMPolicy = NULL;
|
|
PMM_AUTH_METHODS pTempMMAuthMethods = NULL;
|
|
|
|
|
|
dwError = ValidateMMFilterTemplate(
|
|
pMMFilter
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwResumeHandle = *pdwResumeHandle;
|
|
|
|
if (!dwPreferredNumEntries) {
|
|
dwNumToMatch = 1;
|
|
}
|
|
else if (dwPreferredNumEntries > MAX_MMFILTER_ENUM_COUNT) {
|
|
dwNumToMatch = MAX_MMFILTER_ENUM_COUNT;
|
|
}
|
|
else {
|
|
dwNumToMatch = dwPreferredNumEntries;
|
|
}
|
|
|
|
ENTER_SPD_SECTION();
|
|
|
|
dwError = ValidateMMSecurity(
|
|
SPD_OBJECT_SERVER,
|
|
SERVER_ACCESS_ADMINISTER,
|
|
NULL,
|
|
NULL
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
|
|
pIniMMSFilter = gpIniMMSFilter;
|
|
|
|
while ((i < dwResumeHandle) && (pIniMMSFilter != NULL)) {
|
|
bMatches = MatchIniMMSFilter(
|
|
pIniMMSFilter,
|
|
pMMFilter
|
|
);
|
|
if (bMatches) {
|
|
i++;
|
|
}
|
|
pIniMMSFilter = pIniMMSFilter->pNext;
|
|
}
|
|
|
|
if (!pIniMMSFilter) {
|
|
if (!(dwFlags & RETURN_DEFAULTS_ON_NO_MATCH)) {
|
|
dwError = ERROR_NO_DATA;
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
}
|
|
else {
|
|
dwError = CopyMMMatchDefaults(
|
|
&pMatchedMMFilters,
|
|
&pMatchedMMAuthMethods,
|
|
&pMatchedMMPolicies,
|
|
&dwNumMatches
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
BAIL_ON_LOCK_SUCCESS(dwError);
|
|
}
|
|
}
|
|
|
|
pTemp = pIniMMSFilter;
|
|
|
|
while (pTemp && (dwNumMatches < dwNumToMatch)) {
|
|
bMatches = MatchIniMMSFilter(
|
|
pTemp,
|
|
pMMFilter
|
|
);
|
|
if (bMatches) {
|
|
pLastMatchedFilter = pTemp;
|
|
dwNumMatches++;
|
|
}
|
|
pTemp = pTemp->pNext;
|
|
}
|
|
|
|
if (!dwNumMatches) {
|
|
if (!(dwFlags & RETURN_DEFAULTS_ON_NO_MATCH)) {
|
|
dwError = ERROR_NO_DATA;
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
}
|
|
else {
|
|
dwError = CopyMMMatchDefaults(
|
|
&pMatchedMMFilters,
|
|
&pMatchedMMAuthMethods,
|
|
&pMatchedMMPolicies,
|
|
&dwNumMatches
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
BAIL_ON_LOCK_SUCCESS(dwError);
|
|
}
|
|
}
|
|
|
|
dwError = SPDApiBufferAllocate(
|
|
sizeof(MM_FILTER)*dwNumMatches,
|
|
&pMatchedMMFilters
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
|
|
dwError = SPDApiBufferAllocate(
|
|
sizeof(IPSEC_MM_POLICY)*dwNumMatches,
|
|
&pMatchedMMPolicies
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
|
|
dwError = SPDApiBufferAllocate(
|
|
sizeof(MM_AUTH_METHODS)*dwNumMatches,
|
|
&pMatchedMMAuthMethods
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
|
|
if (dwNumMatches == 1) {
|
|
|
|
dwError = CopyMMSFilter(
|
|
pLastMatchedFilter,
|
|
pMatchedMMFilters
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
dwNumFilters++;
|
|
|
|
if (pLastMatchedFilter->pIniMMPolicy) {
|
|
dwError = CopyMMPolicy(
|
|
pLastMatchedFilter->pIniMMPolicy,
|
|
pMatchedMMPolicies
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
}
|
|
else {
|
|
memset(pMatchedMMPolicies, 0, sizeof(IPSEC_MM_POLICY));
|
|
}
|
|
dwNumPolicies++;
|
|
|
|
if (pLastMatchedFilter->pIniMMAuthMethods) {
|
|
dwError = CopyMMAuthMethods(
|
|
pLastMatchedFilter->pIniMMAuthMethods,
|
|
pMatchedMMAuthMethods
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
}
|
|
else {
|
|
memset(pMatchedMMAuthMethods, 0, sizeof(MM_AUTH_METHODS));
|
|
}
|
|
dwNumAuthMethods++;
|
|
|
|
}
|
|
else {
|
|
|
|
pTemp = pIniMMSFilter;
|
|
pMatchedMMFilter = pMatchedMMFilters;
|
|
pMatchedMMPolicy = pMatchedMMPolicies;
|
|
pTempMMAuthMethods = pMatchedMMAuthMethods;
|
|
i = 0;
|
|
|
|
while (i < dwNumMatches) {
|
|
|
|
bMatches = MatchIniMMSFilter(
|
|
pTemp,
|
|
pMMFilter
|
|
);
|
|
if (bMatches) {
|
|
|
|
dwError = CopyMMSFilter(
|
|
pTemp,
|
|
pMatchedMMFilter
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
pMatchedMMFilter++;
|
|
dwNumFilters++;
|
|
|
|
if (pTemp->pIniMMPolicy) {
|
|
dwError = CopyMMPolicy(
|
|
pTemp->pIniMMPolicy,
|
|
pMatchedMMPolicy
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
}
|
|
else {
|
|
memset(pMatchedMMPolicy, 0, sizeof(IPSEC_MM_POLICY));
|
|
}
|
|
pMatchedMMPolicy++;
|
|
dwNumPolicies++;
|
|
|
|
if (pTemp->pIniMMAuthMethods) {
|
|
dwError = CopyMMAuthMethods(
|
|
pTemp->pIniMMAuthMethods,
|
|
pTempMMAuthMethods
|
|
);
|
|
BAIL_ON_LOCK_ERROR(dwError);
|
|
}
|
|
else {
|
|
memset(pTempMMAuthMethods, 0, sizeof(MM_AUTH_METHODS));
|
|
}
|
|
pTempMMAuthMethods++;
|
|
dwNumAuthMethods++;
|
|
|
|
i++;
|
|
|
|
}
|
|
|
|
pTemp = pTemp->pNext;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
lock_success:
|
|
|
|
LEAVE_SPD_SECTION();
|
|
|
|
*ppMatchedMMFilters = pMatchedMMFilters;
|
|
*ppMatchedMMPolicies = pMatchedMMPolicies;
|
|
*ppMatchedMMAuthMethods = pMatchedMMAuthMethods;
|
|
*pdwNumMatches = dwNumMatches;
|
|
*pdwResumeHandle = dwResumeHandle + dwNumMatches;
|
|
|
|
return (dwError);
|
|
|
|
lock:
|
|
|
|
LEAVE_SPD_SECTION();
|
|
|
|
error:
|
|
|
|
if (pMatchedMMFilters) {
|
|
FreeMMFilters(
|
|
dwNumFilters,
|
|
pMatchedMMFilters
|
|
);
|
|
}
|
|
|
|
if (pMatchedMMPolicies) {
|
|
FreeMMPolicies(
|
|
dwNumPolicies,
|
|
pMatchedMMPolicies
|
|
);
|
|
}
|
|
|
|
if (pMatchedMMAuthMethods) {
|
|
FreeMMAuthMethods(
|
|
dwNumAuthMethods,
|
|
pMatchedMMAuthMethods
|
|
);
|
|
}
|
|
|
|
*ppMatchedMMFilters = NULL;
|
|
*ppMatchedMMPolicies = NULL;
|
|
*ppMatchedMMAuthMethods = NULL;
|
|
*pdwNumMatches = 0;
|
|
*pdwResumeHandle = dwResumeHandle;
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
ValidateMMFilterTemplate(
|
|
PMM_FILTER pMMFilter
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
BOOL bConflicts = FALSE;
|
|
|
|
|
|
if (!pMMFilter) {
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
dwError = VerifyAddresses(pMMFilter->SrcAddr, TRUE, FALSE);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = VerifyAddresses(pMMFilter->DesAddr, TRUE, TRUE);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
bConflicts = AddressesConflict(
|
|
pMMFilter->SrcAddr,
|
|
pMMFilter->DesAddr
|
|
);
|
|
if (bConflicts) {
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
if (pMMFilter->dwDirection) {
|
|
if ((pMMFilter->dwDirection != FILTER_DIRECTION_INBOUND) &&
|
|
(pMMFilter->dwDirection != FILTER_DIRECTION_OUTBOUND)) {
|
|
dwError = ERROR_INVALID_PARAMETER;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
}
|
|
|
|
error:
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
BOOL
|
|
MatchIniMMSFilter(
|
|
PINIMMSFILTER pIniMMSFilter,
|
|
PMM_FILTER pMMFilter
|
|
)
|
|
{
|
|
BOOL bMatches = FALSE;
|
|
|
|
if (pMMFilter->dwDirection) {
|
|
if (pMMFilter->dwDirection != pIniMMSFilter->dwDirection) {
|
|
return (FALSE);
|
|
}
|
|
}
|
|
|
|
bMatches = MatchAddresses(
|
|
pIniMMSFilter->SrcAddr,
|
|
pMMFilter->SrcAddr
|
|
);
|
|
if (!bMatches) {
|
|
return (FALSE);
|
|
}
|
|
|
|
bMatches = MatchAddresses(
|
|
pIniMMSFilter->DesAddr,
|
|
pMMFilter->DesAddr
|
|
);
|
|
if (!bMatches) {
|
|
return (FALSE);
|
|
}
|
|
|
|
return (TRUE);
|
|
}
|
|
|
|
|
|
DWORD
|
|
CopyMMMatchDefaults(
|
|
PMM_FILTER * ppMMFilters,
|
|
PMM_AUTH_METHODS * ppMMAuthMethods,
|
|
PIPSEC_MM_POLICY * ppMMPolicies,
|
|
PDWORD pdwNumMatches
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
PMM_FILTER pMMFilters = NULL;
|
|
PMM_AUTH_METHODS pMMAuthMethods = NULL;
|
|
PIPSEC_MM_POLICY pMMPolicies = NULL;
|
|
DWORD dwNumFilters = 0;
|
|
DWORD dwNumAuthMethods = 0;
|
|
DWORD dwNumPolicies = 0;
|
|
|
|
|
|
if (!gpIniDefaultMMPolicy) {
|
|
dwError = ERROR_IPSEC_DEFAULT_MM_POLICY_NOT_FOUND;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
if (!gpIniDefaultMMAuthMethods) {
|
|
dwError = ERROR_IPSEC_DEFAULT_MM_AUTH_NOT_FOUND;
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
}
|
|
|
|
dwError = SPDApiBufferAllocate(
|
|
sizeof(MM_FILTER),
|
|
&pMMFilters
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = SPDApiBufferAllocate(
|
|
sizeof(IPSEC_MM_POLICY),
|
|
&pMMPolicies
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = SPDApiBufferAllocate(
|
|
sizeof(MM_AUTH_METHODS),
|
|
&pMMAuthMethods
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
dwError = CopyDefaultMMFilter(
|
|
pMMFilters,
|
|
gpIniDefaultMMAuthMethods,
|
|
gpIniDefaultMMPolicy
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
dwNumFilters++;
|
|
|
|
dwError = CopyMMPolicy(
|
|
gpIniDefaultMMPolicy,
|
|
pMMPolicies
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
pMMPolicies->dwFlags |= IPSEC_MM_POLICY_ON_NO_MATCH;
|
|
dwNumPolicies++;
|
|
|
|
dwError = CopyMMAuthMethods(
|
|
gpIniDefaultMMAuthMethods,
|
|
pMMAuthMethods
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
pMMAuthMethods->dwFlags |= IPSEC_MM_AUTH_ON_NO_MATCH;
|
|
dwNumAuthMethods++;
|
|
|
|
*ppMMFilters = pMMFilters;
|
|
*ppMMPolicies = pMMPolicies;
|
|
*ppMMAuthMethods = pMMAuthMethods;
|
|
*pdwNumMatches = 1;
|
|
|
|
return (dwError);
|
|
|
|
error:
|
|
|
|
if (pMMFilters) {
|
|
FreeMMFilters(
|
|
dwNumFilters,
|
|
pMMFilters
|
|
);
|
|
}
|
|
|
|
if (pMMPolicies) {
|
|
FreeMMPolicies(
|
|
dwNumPolicies,
|
|
pMMPolicies
|
|
);
|
|
}
|
|
|
|
if (pMMAuthMethods) {
|
|
FreeMMAuthMethods(
|
|
dwNumAuthMethods,
|
|
pMMAuthMethods
|
|
);
|
|
}
|
|
|
|
*ppMMFilters = NULL;
|
|
*ppMMPolicies = NULL;
|
|
*ppMMAuthMethods = NULL;
|
|
*pdwNumMatches = 0;
|
|
|
|
return (dwError);
|
|
}
|
|
|
|
|
|
DWORD
|
|
CopyDefaultMMFilter(
|
|
PMM_FILTER pMMFilter,
|
|
PINIMMAUTHMETHODS pIniMMAuthMethods,
|
|
PINIMMPOLICY pIniMMPolicy
|
|
)
|
|
{
|
|
DWORD dwError = 0;
|
|
|
|
|
|
UuidCreate(&(pMMFilter->gFilterID));
|
|
|
|
dwError = CopyName(
|
|
L"0",
|
|
&(pMMFilter->pszFilterName)
|
|
);
|
|
BAIL_ON_WIN32_ERROR(dwError);
|
|
|
|
pMMFilter->InterfaceType = INTERFACE_TYPE_ALL;
|
|
|
|
pMMFilter->bCreateMirror = TRUE;
|
|
|
|
pMMFilter->dwFlags = 0;
|
|
|
|
pMMFilter->dwFlags |= IPSEC_MM_POLICY_DEFAULT_POLICY;
|
|
pMMFilter->dwFlags |= IPSEC_MM_AUTH_DEFAULT_AUTH;
|
|
|
|
pMMFilter->SrcAddr.AddrType = IP_ADDR_SUBNET;
|
|
pMMFilter->SrcAddr.uIpAddr = SUBNET_ADDRESS_ANY;
|
|
pMMFilter->SrcAddr.uSubNetMask = SUBNET_MASK_ANY;
|
|
|
|
pMMFilter->DesAddr.AddrType = IP_ADDR_SUBNET;
|
|
pMMFilter->DesAddr.uIpAddr = SUBNET_ADDRESS_ANY;
|
|
pMMFilter->DesAddr.uSubNetMask = SUBNET_MASK_ANY;
|
|
|
|
pMMFilter->dwDirection = 0;
|
|
|
|
pMMFilter->dwWeight = 0;
|
|
|
|
CopyGuid(pIniMMAuthMethods->gMMAuthID, &(pMMFilter->gMMAuthID));
|
|
|
|
CopyGuid(pIniMMPolicy->gPolicyID, &(pMMFilter->gPolicyID));
|
|
|
|
error:
|
|
|
|
return (dwError);
|
|
}
|
|
|