windows-nt/Source/XPSP1/NT/net/ipsec/polstore/update-d.c

690 lines
16 KiB
C
Raw Permalink Normal View History

2020-09-26 03:20:57 -05:00
#include "precomp.h"
DWORD
DirBackPropIncChangesForISAKMPToPolicy(
HLDAP hLdapBindHandle,
LPWSTR pszIpsecRootContainer,
GUID ISAKMPIdentifier
)
{
DWORD dwError = 0;
LPWSTR * ppszIpsecPolicyReferences = NULL;
DWORD dwNumReferences = 0;
DWORD i = 0;
LPWSTR pszIpsecPolicyReference = NULL;
dwError = DirGetPolicyReferencesForISAKMP(
hLdapBindHandle,
pszIpsecRootContainer,
ISAKMPIdentifier,
&ppszIpsecPolicyReferences,
&dwNumReferences
);
for (i = 0; i < dwNumReferences; i++) {
pszIpsecPolicyReference = *(ppszIpsecPolicyReferences + i);
dwError = DirUpdatePolicy(
hLdapBindHandle,
pszIpsecRootContainer,
pszIpsecPolicyReference,
0x200
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = DirUpdatePolicy(
hLdapBindHandle,
pszIpsecRootContainer,
pszIpsecPolicyReference,
0x100
);
BAIL_ON_WIN32_ERROR(dwError);
}
dwError = ERROR_SUCCESS;
error:
if (ppszIpsecPolicyReferences) {
FreeNFAReferences(
ppszIpsecPolicyReferences,
dwNumReferences
);
}
return (dwError);
}
DWORD
DirBackPropIncChangesForFilterToNFA(
HLDAP hLdapBindHandle,
LPWSTR pszIpsecRootContainer,
GUID FilterIdentifier
)
{
DWORD dwError = 0;
LPWSTR * ppszIpsecNFAReferences = NULL;
DWORD dwNumReferences = 0;
DWORD i = 0;
LPWSTR pszIpsecNFAReference = NULL;
dwError = DirGetNFAReferencesForFilter(
hLdapBindHandle,
pszIpsecRootContainer,
FilterIdentifier,
&ppszIpsecNFAReferences,
&dwNumReferences
);
for (i = 0; i < dwNumReferences; i++) {
pszIpsecNFAReference = *(ppszIpsecNFAReferences + i);
dwError = DirUpdateNFA(
hLdapBindHandle,
pszIpsecRootContainer,
pszIpsecNFAReference,
0x200
);
if (dwError) {
continue;
}
dwError = DirUpdateNFA(
hLdapBindHandle,
pszIpsecRootContainer,
pszIpsecNFAReference,
0x100
);
if (dwError) {
continue;
}
dwError = DirBackPropIncChangesForNFAToPolicy(
hLdapBindHandle,
pszIpsecRootContainer,
pszIpsecNFAReference
);
if (dwError) {
continue;
}
}
dwError = ERROR_SUCCESS;
if (ppszIpsecNFAReferences) {
FreeNFAReferences(
ppszIpsecNFAReferences,
dwNumReferences
);
}
return (dwError);
}
DWORD
DirBackPropIncChangesForNegPolToNFA(
HLDAP hLdapBindHandle,
LPWSTR pszIpsecRootContainer,
GUID NegPolIdentifier
)
{
DWORD dwError = 0;
LPWSTR * ppszIpsecNFAReferences = NULL;
DWORD dwNumReferences = 0;
DWORD i = 0;
LPWSTR pszIpsecNFAReference = NULL;
dwError = DirGetNFAReferencesForNegPol(
hLdapBindHandle,
pszIpsecRootContainer,
NegPolIdentifier,
&ppszIpsecNFAReferences,
&dwNumReferences
);
for (i = 0; i < dwNumReferences; i++) {
pszIpsecNFAReference = *(ppszIpsecNFAReferences + i);
dwError = DirUpdateNFA(
hLdapBindHandle,
pszIpsecRootContainer,
pszIpsecNFAReference,
0x200
);
if (dwError) {
continue;
}
dwError = DirUpdateNFA(
hLdapBindHandle,
pszIpsecRootContainer,
pszIpsecNFAReference,
0x100
);
if (dwError) {
continue;
}
dwError = DirBackPropIncChangesForNFAToPolicy(
hLdapBindHandle,
pszIpsecRootContainer,
pszIpsecNFAReference
);
if (dwError) {
continue;
}
}
dwError = ERROR_SUCCESS;
if (ppszIpsecNFAReferences) {
FreeNFAReferences(
ppszIpsecNFAReferences,
dwNumReferences
);
}
return (dwError);
}
DWORD
DirBackPropIncChangesForNFAToPolicy(
HLDAP hLdapBindHandle,
LPWSTR pszIpsecRootContainer,
LPWSTR pszNFADistinguishedName
)
{
DWORD dwError = 0;
LPWSTR * ppszIpsecPolicyReferences = NULL;
DWORD dwNumReferences = 0;
DWORD i = 0;
LPWSTR pszIpsecPolicyReference = NULL;
dwError = DirGetPolicyReferencesForNFA(
hLdapBindHandle,
pszIpsecRootContainer,
pszNFADistinguishedName,
&ppszIpsecPolicyReferences,
&dwNumReferences
);
for (i = 0; i < dwNumReferences; i++) {
pszIpsecPolicyReference = *(ppszIpsecPolicyReferences + i);
dwError = DirUpdatePolicy(
hLdapBindHandle,
pszIpsecRootContainer,
pszIpsecPolicyReference,
0x200
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = DirUpdatePolicy(
hLdapBindHandle,
pszIpsecRootContainer,
pszIpsecPolicyReference,
0x100
);
BAIL_ON_WIN32_ERROR(dwError);
}
dwError = ERROR_SUCCESS;
error:
if (ppszIpsecPolicyReferences) {
FreeNFAReferences(
ppszIpsecPolicyReferences,
dwNumReferences
);
}
return (dwError);
}
DWORD
DirGetPolicyReferencesForISAKMP(
HLDAP hLdapBindHandle,
LPWSTR pszIpsecRootContainer,
GUID ISAKMPIdentifier,
LPWSTR ** pppszIpsecPolicyReferences,
PDWORD pdwNumReferences
)
{
DWORD dwError = 0;
PIPSEC_ISAKMP_OBJECT pIpsecISAKMPObject = NULL;
LPWSTR * ppszIpsecPolicyReferences = NULL;
DWORD dwNumReferences = 0;
dwError = DirGetISAKMPObject(
hLdapBindHandle,
pszIpsecRootContainer,
ISAKMPIdentifier,
&pIpsecISAKMPObject
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = CopyReferences(
pIpsecISAKMPObject->ppszIpsecNFAReferences,
pIpsecISAKMPObject->dwNFACount,
&ppszIpsecPolicyReferences,
&dwNumReferences
);
BAIL_ON_WIN32_ERROR(dwError);
*pppszIpsecPolicyReferences = ppszIpsecPolicyReferences;
*pdwNumReferences = dwNumReferences;
cleanup:
if (pIpsecISAKMPObject) {
FreeIpsecISAKMPObject(pIpsecISAKMPObject);
}
return (dwError);
error:
*pppszIpsecPolicyReferences = NULL;
*pdwNumReferences = 0;
goto cleanup;
}
DWORD
DirUpdatePolicy(
HLDAP hLdapBindHandle,
LPWSTR pszIpsecRootContainer,
LPWSTR pszIpsecPolicyReference,
DWORD dwDataType
)
{
DWORD dwError = 0;
DWORD dwNumAttributes = 1;
DWORD i = 0;
LDAPModW ** ppLDAPModW = NULL;
LDAPModW * pLDAPModW = NULL;
WCHAR Buffer[64];
DWORD dwIpsecDataType = dwDataType;
Buffer[0] = L'\0';
ppLDAPModW = (LDAPModW **) AllocPolMem(
(dwNumAttributes+1) * sizeof(LDAPModW*)
);
if (!ppLDAPModW) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
pLDAPModW = (LDAPModW *) AllocPolMem(
dwNumAttributes * sizeof(LDAPModW)
);
if (!pLDAPModW) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
ppLDAPModW[i] = pLDAPModW + i;
dwError = AllocatePolString(
L"ipsecDataType",
&(pLDAPModW +i)->mod_type
);
BAIL_ON_WIN32_ERROR(dwError);
_itow( dwIpsecDataType, Buffer, 10 );
dwError = AllocateLDAPStringValue(
Buffer,
(PLDAPOBJECT *)&(pLDAPModW +i)->mod_values
);
BAIL_ON_WIN32_ERROR(dwError);
(pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE;
dwError = LdapModifyS(
hLdapBindHandle,
pszIpsecPolicyReference,
ppLDAPModW
);
BAIL_ON_WIN32_ERROR(dwError);
error:
if (ppLDAPModW) {
FreeLDAPModWs(
ppLDAPModW
);
}
return(dwError);
}
DWORD
DirGetPolicyReferencesForNFA(
HLDAP hLdapBindHandle,
LPWSTR pszIpsecRootContainer,
LPWSTR pszNFADistinguishedName,
LPWSTR ** pppszIpsecPolicyReferences,
PDWORD pdwNumReferences
)
{
DWORD dwError = 0;
LPWSTR pszIpsecID = NULL;
GUID NFAIdentifier;
PIPSEC_NFA_OBJECT pIpsecNFAObject = NULL;
LPWSTR * ppszIpsecPolicyReferences = NULL;
DWORD dwNumReferences = 0;
pszIpsecID = wcschr(pszNFADistinguishedName, L'{');
if (!pszIpsecID) {
dwError = ERROR_INVALID_DATA;
BAIL_ON_WIN32_ERROR(dwError);
}
wGUIDFromString(
pszIpsecID,
&NFAIdentifier
);
dwError = DirGetNFAObject(
hLdapBindHandle,
pszIpsecRootContainer,
NFAIdentifier,
&pIpsecNFAObject
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = CopyReferences(
&(pIpsecNFAObject->pszIpsecOwnersReference),
1,
&ppszIpsecPolicyReferences,
&dwNumReferences
);
BAIL_ON_WIN32_ERROR(dwError);
*pppszIpsecPolicyReferences = ppszIpsecPolicyReferences;
*pdwNumReferences = dwNumReferences;
cleanup:
if (pIpsecNFAObject) {
FreeIpsecNFAObject(pIpsecNFAObject);
}
return (dwError);
error:
*pppszIpsecPolicyReferences = NULL;
*pdwNumReferences = 0;
goto cleanup;
}
DWORD
DirGetNFAReferencesForFilter(
HLDAP hLdapBindHandle,
LPWSTR pszIpsecRootContainer,
GUID FilterIdentifier,
LPWSTR ** pppszIpsecNFAReferences,
PDWORD pdwNumReferences
)
{
DWORD dwError = 0;
PIPSEC_FILTER_OBJECT pIpsecFilterObject = NULL;
LPWSTR * ppszIpsecNFAReferences = NULL;
DWORD dwNumReferences = 0;
dwError = DirGetFilterObject(
hLdapBindHandle,
pszIpsecRootContainer,
FilterIdentifier,
&pIpsecFilterObject
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = CopyReferences(
pIpsecFilterObject->ppszIpsecNFAReferences,
pIpsecFilterObject->dwNFACount,
&ppszIpsecNFAReferences,
&dwNumReferences
);
BAIL_ON_WIN32_ERROR(dwError);
*pppszIpsecNFAReferences = ppszIpsecNFAReferences;
*pdwNumReferences = dwNumReferences;
cleanup:
if (pIpsecFilterObject) {
FreeIpsecFilterObject(pIpsecFilterObject);
}
return (dwError);
error:
*pppszIpsecNFAReferences = NULL;
*pdwNumReferences = 0;
goto cleanup;
}
DWORD
DirUpdateNFA(
HLDAP hLdapBindHandle,
LPWSTR pszIpsecRootContainer,
LPWSTR pszIpsecNFAReference,
DWORD dwDataType
)
{
DWORD dwError = 0;
DWORD dwNumAttributes = 1;
DWORD i = 0;
LDAPModW ** ppLDAPModW = NULL;
LDAPModW * pLDAPModW = NULL;
WCHAR Buffer[64];
DWORD dwIpsecDataType = dwDataType;
Buffer[0] = L'\0';
ppLDAPModW = (LDAPModW **) AllocPolMem(
(dwNumAttributes+1) * sizeof(LDAPModW*)
);
if (!ppLDAPModW) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
pLDAPModW = (LDAPModW *) AllocPolMem(
dwNumAttributes * sizeof(LDAPModW)
);
if (!pLDAPModW) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
ppLDAPModW[i] = pLDAPModW + i;
dwError = AllocatePolString(
L"ipsecDataType",
&(pLDAPModW +i)->mod_type
);
BAIL_ON_WIN32_ERROR(dwError);
_itow( dwIpsecDataType, Buffer, 10 );
dwError = AllocateLDAPStringValue(
Buffer,
(PLDAPOBJECT *)&(pLDAPModW +i)->mod_values
);
BAIL_ON_WIN32_ERROR(dwError);
(pLDAPModW + i)->mod_op |= LDAP_MOD_REPLACE;
dwError = LdapModifyS(
hLdapBindHandle,
pszIpsecNFAReference,
ppLDAPModW
);
BAIL_ON_WIN32_ERROR(dwError);
error:
if (ppLDAPModW) {
FreeLDAPModWs(
ppLDAPModW
);
}
return(dwError);
}
DWORD
DirGetNFAReferencesForNegPol(
HLDAP hLdapBindHandle,
LPWSTR pszIpsecRootContainer,
GUID NegPolIdentifier,
LPWSTR ** pppszIpsecNFAReferences,
PDWORD pdwNumReferences
)
{
DWORD dwError = 0;
PIPSEC_NEGPOL_OBJECT pIpsecNegPolObject = NULL;
LPWSTR * ppszIpsecNFAReferences = NULL;
DWORD dwNumReferences = 0;
dwError = DirGetNegPolObject(
hLdapBindHandle,
pszIpsecRootContainer,
NegPolIdentifier,
&pIpsecNegPolObject
);
BAIL_ON_WIN32_ERROR(dwError);
dwError = CopyReferences(
pIpsecNegPolObject->ppszIpsecNFAReferences,
pIpsecNegPolObject->dwNFACount,
&ppszIpsecNFAReferences,
&dwNumReferences
);
BAIL_ON_WIN32_ERROR(dwError);
*pppszIpsecNFAReferences = ppszIpsecNFAReferences;
*pdwNumReferences = dwNumReferences;
cleanup:
if (pIpsecNegPolObject) {
FreeIpsecNegPolObject(pIpsecNegPolObject);
}
return (dwError);
error:
*pppszIpsecNFAReferences = NULL;
*pdwNumReferences = 0;
goto cleanup;
}
DWORD
CopyReferences(
LPWSTR * ppszIpsecReferences,
DWORD dwNumReferences,
LPWSTR ** pppszNewIpsecReferences,
PDWORD pdwNumNewReferences
)
{
DWORD dwError = 0;
LPWSTR * ppszNewIpsecReferences = NULL;
DWORD i = 0;
LPWSTR pszTemp = NULL;
LPWSTR pszString = NULL;
if (!dwNumReferences || !ppszIpsecReferences) {
*pppszNewIpsecReferences = NULL;
*pdwNumNewReferences = 0;
return (dwError);
}
ppszNewIpsecReferences = (LPWSTR *) AllocPolMem(
sizeof(LPWSTR) * dwNumReferences
);
if (!ppszNewIpsecReferences) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
for (i = 0; i < dwNumReferences; i++) {
pszTemp = *(ppszIpsecReferences + i);
pszString = AllocPolStr(pszTemp);
if (!pszString) {
dwError = ERROR_OUTOFMEMORY;
BAIL_ON_WIN32_ERROR(dwError);
}
*(ppszNewIpsecReferences + i) = pszString;
}
*pppszNewIpsecReferences = ppszNewIpsecReferences;
*pdwNumNewReferences = dwNumReferences;
return (dwError);
error:
if (ppszNewIpsecReferences) {
FreeNFAReferences(
ppszNewIpsecReferences,
i
);
}
*pppszNewIpsecReferences = NULL;
*pdwNumNewReferences = 0;
return (dwError);
}