windows-nt/Source/XPSP1/NT/net/ipsec/spd/server/init.c

213 lines
5 KiB
C
Raw Permalink Normal View History

2020-09-26 03:20:57 -05:00
/*++
Copyright (c) 1999 Microsoft Corporation
Module Name:
init.h
Abstract:
This module contains all of the code to
initialize the variables for the IPSecSPD Service.
Author:
abhisheV 30-September-1999
Environment
User Level: Win32
Revision History:
--*/
#include "precomp.h"
#define SZAPPNAME L"ipsecsvc.dll"
DWORD
InitSPDThruRegistry(
)
{
DWORD dwError = 0;
HKEY hKey = NULL;
DWORD dwtype = REG_DWORD;
DWORD dwsize = sizeof(DWORD);
DWORD dwBackwardSoftSA = 0;
dwError = RegOpenKey(
HKEY_LOCAL_MACHINE,
gpszLocPolicyAgent,
&hKey
);
if (dwError) {
gdwDSConnectivityCheck = DEFAULT_DS_CONNECTIVITY_CHECK;
dwError = ERROR_SUCCESS;
BAIL_ON_WIN32_SUCCESS(dwError);
}
//
// Get DS connectivity check polling interval in minutes.
//
dwError = RegQueryValueEx(
hKey,
L"DSConnectivityCheck",
0,
&dwtype,
(unsigned char *) &gdwDSConnectivityCheck,
&dwsize
);
if (dwError || !gdwDSConnectivityCheck) {
gdwDSConnectivityCheck = DEFAULT_DS_CONNECTIVITY_CHECK;
dwError = ERROR_SUCCESS;
}
//
// Fix for bug 628668: SECURITY: ITG: BUG: IPsec accepts unsecured packet when
// "accept unsecured" not checked. If OldFallBackToClear == 1, then will revert
// to old behavior and plumb inbound pass thru if fall back to clear selected.
// If OldFallBackToClear 0, then will plumb "negotiate security" instead.
//
dwsize = sizeof(DWORD);
dwError = RegQueryValueEx(
hKey,
L"OldFallBackToClear",
0,
&dwtype,
(unsigned char *) &dwBackwardSoftSA,
&dwsize
);
if (dwError) {
dwBackwardSoftSA = 0;
dwError = ERROR_SUCCESS;
BAIL_ON_WIN32_SUCCESS(dwError);
}
success:
gbBackwardSoftSA = dwBackwardSoftSA ? TRUE : FALSE;
if (hKey) {
RegCloseKey(hKey);
}
return (dwError);
}
DWORD
InitSPDGlobals(
)
{
DWORD dwError = 0;
SECURITY_ATTRIBUTES SecurityAttributes;
dwError = InitializeSPDSecurity(&gpSPDSD);
BAIL_ON_WIN32_ERROR(dwError);
InitializeCriticalSection(&gcSPDAuditSection);
gbSPDAuditSection = TRUE;
ghIpsecServerModule = GetModuleHandle(SZAPPNAME);
if (!ghIpsecServerModule) {
dwError = ERROR_INVALID_HANDLE;
BAIL_ON_WIN32_ERROR(dwError);
}
memset(&SecurityAttributes, 0, sizeof(SECURITY_ATTRIBUTES));
SecurityAttributes.nLength = sizeof(SecurityAttributes);
SecurityAttributes.lpSecurityDescriptor = NULL;
SecurityAttributes.bInheritHandle = TRUE;
ghNewDSPolicyEvent = CreateEvent(
&SecurityAttributes,
TRUE,
FALSE,
IPSEC_NEW_DS_POLICY_EVENT
);
if (!ghNewDSPolicyEvent) {
dwError = GetLastError();
BAIL_ON_WIN32_ERROR(dwError);
}
ghNewLocalPolicyEvent = CreateEvent(
&SecurityAttributes,
TRUE,
FALSE,
NULL
);
if (!ghNewLocalPolicyEvent) {
dwError = GetLastError();
BAIL_ON_WIN32_ERROR(dwError);
}
ghForcedPolicyReloadEvent = CreateEvent(
&SecurityAttributes,
TRUE,
FALSE,
NULL
);
if (!ghForcedPolicyReloadEvent) {
dwError = GetLastError();
BAIL_ON_WIN32_ERROR(dwError);
}
//
// IPSEC_POLICY_CHANGE_NOTIFY is defined in ipsec.h.
//
ghPolicyChangeNotifyEvent = CreateEvent(
NULL,
TRUE,
FALSE,
IPSEC_POLICY_CHANGE_NOTIFY
);
if (!ghPolicyChangeNotifyEvent) {
dwError = GetLastError();
BAIL_ON_WIN32_ERROR(dwError);
}
ghServiceStopEvent = CreateEvent(
&SecurityAttributes,
TRUE,
FALSE,
NULL
);
if (!ghServiceStopEvent) {
dwError = GetLastError();
BAIL_ON_WIN32_ERROR(dwError);
}
InitializeCriticalSection(&gcServerListenSection);
gbServerListenSection = TRUE;
gdwServersListening = 0;
InitializeCriticalSection(&gcSPDSection);
gbSPDSection = TRUE;
dwError = InitializeInterfaceChangeEvent();
BAIL_ON_WIN32_ERROR(dwError);
dwError = ResetInterfaceChangeEvent();
BAIL_ON_WIN32_ERROR(dwError);
error:
return (dwError);
}