646 lines
22 KiB
C++
646 lines
22 KiB
C++
|
/////////////////////////////////////////////////////////////
|
||
|
// Copyright(c) 1998, Microsoft Corporation
|
||
|
//
|
||
|
// print.cpp
|
||
|
//
|
||
|
// Created on 3/2/00 by DKalin
|
||
|
// Revisions:
|
||
|
//
|
||
|
// Print routines for ipsecpol tool
|
||
|
//
|
||
|
/////////////////////////////////////////////////////////////
|
||
|
|
||
|
#include "ipseccmd.h"
|
||
|
|
||
|
#define PRINT _ftprintf
|
||
|
#define OUTSTREAM stdout
|
||
|
|
||
|
// comment this if you don't want debug spew
|
||
|
//#define DEBUG
|
||
|
|
||
|
// The following is to format the output so that understandable text can be printed
|
||
|
// instead of DWORDs or ints
|
||
|
|
||
|
TCHAR esp_algo[][25]= {_T("NONE"),
|
||
|
_T("DES"),
|
||
|
_T("Unknown"),
|
||
|
_T("3DES"),
|
||
|
_T("IPSEC_ESP_MAX")};
|
||
|
|
||
|
TCHAR ah_algo[][25]= {_T("NONE"),
|
||
|
_T("MD5"),
|
||
|
_T("SHA1"),
|
||
|
_T("IPSEC_AH_MAX")};
|
||
|
|
||
|
TCHAR operation[][25]= {_T("None"),
|
||
|
_T("Authentication"),
|
||
|
_T("Encryption"),
|
||
|
_T("Compression"),
|
||
|
_T("SA Delete")};
|
||
|
|
||
|
TCHAR oakley_states[][50]= {_T("MainMode No State"),
|
||
|
_T("MainMode SA Setup"),
|
||
|
_T("MainMode Key Exchange"),
|
||
|
_T("MainMode Key Authorizated"),
|
||
|
_T("AG Normal State"),
|
||
|
_T("AG Init Exchange"),
|
||
|
_T("AG Authorization"),
|
||
|
_T("QuickMode SA Accept"),
|
||
|
_T("QuickMode Awaiting Authorization"),
|
||
|
_T("QuickMode Idle"),
|
||
|
_T("QuickMode Waiting for Connection")
|
||
|
};
|
||
|
|
||
|
TCHAR oak_auth[][25]= {_T("Unknown"),
|
||
|
_T("Preshared Key"),
|
||
|
_T("DSS Signature"),
|
||
|
_T("RSA (Cert) Signature"),
|
||
|
_T("RSA (Cert) Encryption"),
|
||
|
_T("Kerberos")
|
||
|
};
|
||
|
TCHAR if_types[][25]= {_T("Unknown"),
|
||
|
_T("All"),
|
||
|
_T("LAN"),
|
||
|
_T("Dialup"),
|
||
|
_T("All")
|
||
|
};
|
||
|
|
||
|
|
||
|
/////////////////////// UTILITY FUNCTIONS //////////////////////////
|
||
|
// PrintQMOffer will print quick mode policy offer with given prefix string (actually two prefix strings)
|
||
|
// Parms: IN qmOffer - IPSEC_QM_OFFER structure
|
||
|
// IN pszPrefix - prefix string
|
||
|
// IN pszPrefix2 - 2nd prefix string (will be added to 1st)
|
||
|
// Returns: None
|
||
|
|
||
|
void PrintQMOffer(IN IPSEC_QM_OFFER qmOffer, IN PTCHAR pszPrefix, IN PTCHAR pszPrefix2)
|
||
|
{
|
||
|
int i;
|
||
|
|
||
|
#ifdef DEBUG
|
||
|
printf("DEBUG - number of Algos for this offer is %d\n", qmOffer.dwNumAlgos);
|
||
|
#endif
|
||
|
|
||
|
for (i = 0; i < (int) qmOffer.dwNumAlgos; i++)
|
||
|
{
|
||
|
//print algo
|
||
|
PRINT(OUTSTREAM,TEXT("%s%sAlgo #%d : "), pszPrefix, pszPrefix2, i+1);
|
||
|
#ifdef DEBUG
|
||
|
printf("DEBUG - operation code is %d\n", qmOffer.Algos[i].Operation);
|
||
|
#endif
|
||
|
PRINT(OUTSTREAM,TEXT("%s"), operation[qmOffer.Algos[i].Operation]);
|
||
|
|
||
|
switch (qmOffer.Algos[i].Operation)
|
||
|
{
|
||
|
case ENCRYPTION:
|
||
|
PRINT(OUTSTREAM,TEXT(" %s"), esp_algo[qmOffer.Algos[i].uAlgoIdentifier]);
|
||
|
if (qmOffer.Algos[i].uSecAlgoIdentifier != HMAC_AH_NONE)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT(" %s"), ah_algo[qmOffer.Algos[i].uSecAlgoIdentifier]);
|
||
|
}
|
||
|
if (qmOffer.Algos[i].uAlgoKeyLen != 0 || qmOffer.Algos[i].uAlgoRounds != 0)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT(" (%lubytes/%lurounds)"), qmOffer.Algos[i].uAlgoKeyLen, qmOffer.Algos[i].uAlgoRounds);
|
||
|
}
|
||
|
|
||
|
break;
|
||
|
case AUTHENTICATION:
|
||
|
PRINT(OUTSTREAM,TEXT(" %s"), ah_algo[qmOffer.Algos[i].uAlgoIdentifier]);
|
||
|
if (qmOffer.Algos[i].uAlgoKeyLen != 0 || qmOffer.Algos[i].uAlgoRounds != 0)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT(" (%lubytes/%lurounds)"), qmOffer.Algos[i].uAlgoKeyLen, qmOffer.Algos[i].uAlgoRounds);
|
||
|
}
|
||
|
|
||
|
break;
|
||
|
case NONE:
|
||
|
case COMPRESSION:
|
||
|
case SA_DELETE:
|
||
|
default:
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
if (qmOffer.Algos[i].MySpi != 0 || qmOffer.Algos[i].PeerSpi != 0)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("\n%s%s\t "), pszPrefix, pszPrefix2);
|
||
|
}
|
||
|
|
||
|
if (qmOffer.Algos[i].MySpi != 0)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT(" MySpi %lu"), qmOffer.Algos[i].MySpi);
|
||
|
}
|
||
|
if (qmOffer.Algos[i].PeerSpi != 0)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT(" PeerSpi %lu"), qmOffer.Algos[i].PeerSpi);
|
||
|
}
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT("\n"));
|
||
|
}
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT("%s%sPFS : %s"), pszPrefix, pszPrefix2, qmOffer.bPFSRequired ? _T("True") : _T("False"));
|
||
|
if (qmOffer.bPFSRequired)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT(" (Group %lu)"), qmOffer.dwPFSGroup);
|
||
|
}
|
||
|
PRINT(OUTSTREAM,TEXT(", Lifetime %luKbytes/%luseconds\n"), qmOffer.Lifetime.uKeyExpirationKBytes, qmOffer.Lifetime.uKeyExpirationTime);
|
||
|
|
||
|
if (qmOffer.dwFlags != 0)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("%s%sFlags : %lu\n"), pszPrefix, pszPrefix2, qmOffer.dwFlags);
|
||
|
}
|
||
|
} // end of PrintQMOffer
|
||
|
|
||
|
// PrintFilterAction will print filter action info with given prefix string
|
||
|
// Parms: IN qmPolicy - QM policy (aka filter action) information
|
||
|
// IN pszPrefix - prefix string
|
||
|
// Returns: None
|
||
|
|
||
|
void PrintFilterAction(IN IPSEC_QM_POLICY qmPolicy, IN PTCHAR pszPrefix)
|
||
|
{
|
||
|
TCHAR* StringTxt = new TCHAR[STRING_TEXT_SIZE];
|
||
|
int i;
|
||
|
|
||
|
// continue here
|
||
|
// dump all data
|
||
|
PRINT(OUTSTREAM,TEXT("%sName : %s\n"), pszPrefix, qmPolicy.pszPolicyName );
|
||
|
StringFromGUID2(qmPolicy.gPolicyID, StringTxt, STRING_TEXT_SIZE);
|
||
|
PRINT(OUTSTREAM,TEXT("%sPolicy Id : %s\n"), pszPrefix, StringTxt);
|
||
|
PRINT(OUTSTREAM,TEXT("%sFlags : %lu %s %s %s\n"), pszPrefix, qmPolicy.dwFlags,
|
||
|
(qmPolicy.dwFlags & IPSEC_QM_POLICY_TUNNEL_MODE) ? _T("(Tunnel)") : _T(""),
|
||
|
(qmPolicy.dwFlags & IPSEC_QM_POLICY_DEFAULT_POLICY) ? _T("(Default)") : _T(""),
|
||
|
(qmPolicy.dwFlags & IPSEC_QM_POLICY_ALLOW_SOFT) ? _T("(Allow Soft)") : _T(""));
|
||
|
|
||
|
for (i = 0; i < (int) qmPolicy.dwOfferCount; i++)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("%sOffer #%d\n"), pszPrefix, i+1);
|
||
|
PrintQMOffer(qmPolicy.pOffers[i], pszPrefix, TEXT("\t"));
|
||
|
}
|
||
|
} // end of PrintFilterAction
|
||
|
|
||
|
// PrintFilter will print [transport] filter info with (optional) filter action info embedded
|
||
|
// Parms: IN tFilter - filter information (TRANSPORT_FILTER structure)
|
||
|
// IN bPrintNegPol - should we print the filter action info
|
||
|
// IN bPrintSpecific - should we print specific filter information
|
||
|
// Returns: FALSE if error occured while retrieving filter action info
|
||
|
// TRUE if everything is OK
|
||
|
|
||
|
BOOL PrintFilter (IN TRANSPORT_FILTER tFilter, IN BOOL bPrintNegPol, IN BOOL bPrintSpecific)
|
||
|
{
|
||
|
int i;
|
||
|
TCHAR * StringTxt = new TCHAR[STRING_TEXT_SIZE];
|
||
|
DWORD hr;
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT(" Name : %s\n"),tFilter.pszFilterName );
|
||
|
StringFromGUID2(tFilter.gFilterID, StringTxt, STRING_TEXT_SIZE);
|
||
|
PRINT(OUTSTREAM,TEXT(" Filter Id : %s\n"),StringTxt);
|
||
|
StringFromGUID2(tFilter.gPolicyID, StringTxt, STRING_TEXT_SIZE);
|
||
|
PRINT(OUTSTREAM,TEXT(" Policy Id : %s\n"),StringTxt);
|
||
|
if (bPrintNegPol && (tFilter.InboundFilterFlag == NEGOTIATE_SECURITY || tFilter.OutboundFilterFlag == NEGOTIATE_SECURITY) )
|
||
|
{
|
||
|
// printing negpol only if we have actual negpol
|
||
|
// need additional check for specific filter
|
||
|
if (!bPrintSpecific ||
|
||
|
(tFilter.dwDirection == FILTER_DIRECTION_INBOUND && tFilter.InboundFilterFlag == NEGOTIATE_SECURITY) ||
|
||
|
(tFilter.dwDirection == FILTER_DIRECTION_OUTBOUND && tFilter.OutboundFilterFlag == NEGOTIATE_SECURITY))
|
||
|
{
|
||
|
// get qm policy and print it, right here
|
||
|
PIPSEC_QM_POLICY pipsqmp;
|
||
|
|
||
|
if ((hr = GetQMPolicyByID(szServ, tFilter.gPolicyID, &pipsqmp)) != ERROR_SUCCESS)
|
||
|
{
|
||
|
// PRINT(OUTSTREAM,TEXT("GetQMPolicyByID failed with error %d\n"), hr);
|
||
|
return FALSE;
|
||
|
}
|
||
|
|
||
|
PrintFilterAction(pipsqmp[0], TEXT("\t"));
|
||
|
SPDApiBufferFree(pipsqmp);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT(" Src Addr : "));
|
||
|
PrintAddr(tFilter.SrcAddr);
|
||
|
PRINT(OUTSTREAM,TEXT("\n"));
|
||
|
PRINT(OUTSTREAM,TEXT(" Des Addr : "));
|
||
|
PrintAddr(tFilter.DesAddr);
|
||
|
PRINT(OUTSTREAM,TEXT("\n"));
|
||
|
PRINT(OUTSTREAM,TEXT(" Protocol : %lu Src Port : %u Des Port : %u\n"), tFilter.Protocol.dwProtocol, tFilter.SrcPort.wPort, tFilter.DesPort.wPort);
|
||
|
if (!bPrintSpecific || tFilter.dwDirection == FILTER_DIRECTION_INBOUND)
|
||
|
{
|
||
|
if (tFilter.InboundFilterFlag == PASS_THRU)
|
||
|
PRINT(OUTSTREAM,TEXT(" Inbound Passthru\n"));
|
||
|
if (tFilter.InboundFilterFlag == BLOCKING)
|
||
|
PRINT(OUTSTREAM,TEXT(" Inbound Block\n"));
|
||
|
}
|
||
|
if (!bPrintSpecific || tFilter.dwDirection == FILTER_DIRECTION_OUTBOUND)
|
||
|
{
|
||
|
if (tFilter.OutboundFilterFlag == PASS_THRU)
|
||
|
PRINT(OUTSTREAM,TEXT(" Outbound Passthru\n"));
|
||
|
if (tFilter.OutboundFilterFlag == BLOCKING)
|
||
|
PRINT(OUTSTREAM,TEXT(" Outbound Block\n"));
|
||
|
}
|
||
|
|
||
|
if (bPrintSpecific)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT(" Direction : %s, Weight : %lu\n"),
|
||
|
(tFilter.dwDirection == FILTER_DIRECTION_INBOUND) ? _T("Inbound") : ((tFilter.dwDirection == FILTER_DIRECTION_OUTBOUND) ? _T("Outbound") : _T("Error")),
|
||
|
tFilter.dwWeight);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT(" Mirrored : %s\n"), tFilter.bCreateMirror ? _T("True") : _T("False"));
|
||
|
}
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT(" Interface Type : %s\n"), if_types[tFilter.InterfaceType]);
|
||
|
|
||
|
return TRUE;
|
||
|
} // end of PrintFilter
|
||
|
|
||
|
// PrintTunnelFilter will print tunnel filter info with (optional) filter action info embedded
|
||
|
// Parms: IN tFilter - filter information (TUNNEL_FILTER structure)
|
||
|
// IN bPrintNegPol - should we print the filter action info
|
||
|
// IN bPrintSpecific - should we print specific filter information
|
||
|
// Returns: FALSE if error occured while retrieving filter action info
|
||
|
// TRUE if everything is OK
|
||
|
|
||
|
BOOL PrintTunnelFilter (IN TUNNEL_FILTER tFilter, IN BOOL bPrintNegPol, IN BOOL bPrintSpecific)
|
||
|
{
|
||
|
int i;
|
||
|
TCHAR * StringTxt = new TCHAR[STRING_TEXT_SIZE];
|
||
|
DWORD hr;
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT(" Name : %s\n"),tFilter.pszFilterName );
|
||
|
StringFromGUID2(tFilter.gFilterID, StringTxt, STRING_TEXT_SIZE);
|
||
|
PRINT(OUTSTREAM,TEXT(" Filter Id : %s\n"),StringTxt);
|
||
|
StringFromGUID2(tFilter.gPolicyID, StringTxt, STRING_TEXT_SIZE);
|
||
|
PRINT(OUTSTREAM,TEXT(" Policy Id : %s\n"),StringTxt);
|
||
|
if (bPrintNegPol && (tFilter.InboundFilterFlag == NEGOTIATE_SECURITY || tFilter.OutboundFilterFlag == NEGOTIATE_SECURITY) )
|
||
|
{
|
||
|
// printing negpol only if we have actual negpol
|
||
|
// need additional check for specific filter
|
||
|
if (!bPrintSpecific ||
|
||
|
(tFilter.dwDirection == FILTER_DIRECTION_INBOUND && tFilter.InboundFilterFlag == NEGOTIATE_SECURITY) ||
|
||
|
(tFilter.dwDirection == FILTER_DIRECTION_OUTBOUND && tFilter.OutboundFilterFlag == NEGOTIATE_SECURITY))
|
||
|
{
|
||
|
// get qm policy and print it, right here
|
||
|
PIPSEC_QM_POLICY pipsqmp;
|
||
|
|
||
|
if ((hr = GetQMPolicyByID(szServ, tFilter.gPolicyID, &pipsqmp)) != ERROR_SUCCESS)
|
||
|
{
|
||
|
// PRINT(OUTSTREAM,TEXT("GetQMPolicyByID failed with error %d\n"), hr);
|
||
|
return FALSE;
|
||
|
}
|
||
|
|
||
|
PrintFilterAction(pipsqmp[0], TEXT("\t"));
|
||
|
SPDApiBufferFree(pipsqmp);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT(" Src Addr : "));
|
||
|
PrintAddr(tFilter.SrcAddr);
|
||
|
PRINT(OUTSTREAM,TEXT("\n"));
|
||
|
PRINT(OUTSTREAM,TEXT(" Des Addr : "));
|
||
|
PrintAddr(tFilter.DesAddr);
|
||
|
PRINT(OUTSTREAM,TEXT("\n"));
|
||
|
PRINT(OUTSTREAM,TEXT(" Src Tunnel Addr : "));
|
||
|
PrintAddr(tFilter.SrcTunnelAddr);
|
||
|
PRINT(OUTSTREAM,TEXT("\n"));
|
||
|
PRINT(OUTSTREAM,TEXT(" Des Tunnel Addr : "));
|
||
|
PrintAddr(tFilter.DesTunnelAddr);
|
||
|
PRINT(OUTSTREAM,TEXT("\n"));
|
||
|
PRINT(OUTSTREAM,TEXT(" Protocol : %lu Src Port : %u Des Port : %u\n"), tFilter.Protocol.dwProtocol, tFilter.SrcPort.wPort, tFilter.DesPort.wPort);
|
||
|
if (!bPrintSpecific || tFilter.dwDirection == FILTER_DIRECTION_INBOUND)
|
||
|
{
|
||
|
if (tFilter.InboundFilterFlag == PASS_THRU)
|
||
|
PRINT(OUTSTREAM,TEXT(" Inbound Passthru\n"));
|
||
|
if (tFilter.InboundFilterFlag == BLOCKING)
|
||
|
PRINT(OUTSTREAM,TEXT(" Inbound Block\n"));
|
||
|
}
|
||
|
if (!bPrintSpecific || tFilter.dwDirection == FILTER_DIRECTION_OUTBOUND)
|
||
|
{
|
||
|
if (tFilter.OutboundFilterFlag == PASS_THRU)
|
||
|
PRINT(OUTSTREAM,TEXT(" Outbound Passthru\n"));
|
||
|
if (tFilter.OutboundFilterFlag == BLOCKING)
|
||
|
PRINT(OUTSTREAM,TEXT(" Outbound Block\n"));
|
||
|
}
|
||
|
|
||
|
if (bPrintSpecific)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT(" Direction : %s, Weight : %lu\n"),
|
||
|
(tFilter.dwDirection == FILTER_DIRECTION_INBOUND) ? _T("Inbound") : ((tFilter.dwDirection == FILTER_DIRECTION_OUTBOUND) ? _T("Outbound") : _T("Error")),
|
||
|
tFilter.dwWeight);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT(" Mirrored : %s\n"), tFilter.bCreateMirror ? _T("True") : _T("False"));
|
||
|
}
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT(" Interface Type : %s\n"), if_types[tFilter.InterfaceType]);
|
||
|
|
||
|
return TRUE;
|
||
|
} // end of PrintFilter
|
||
|
|
||
|
// PrintMMFilter will print mainmode filter info with (optional) mmpolicy info embedded
|
||
|
// Parms: IN mmFilter - Mainmode filter
|
||
|
// IN bPrintNegPol - should we print the mmpolicy info
|
||
|
// IN bPrintSpecific - should we print specific filter info
|
||
|
// Returns: FALSE if any error, TRUE if OK
|
||
|
|
||
|
BOOL PrintMMFilter (IN MM_FILTER mmFilter, IN BOOL bPrintNegPol, IN BOOL bPrintSpecific)
|
||
|
{
|
||
|
int i;
|
||
|
TCHAR * StringTxt = new TCHAR[STRING_TEXT_SIZE];
|
||
|
DWORD hr;
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT(" Name : %s\n"),mmFilter.pszFilterName );
|
||
|
StringFromGUID2(mmFilter.gFilterID, StringTxt, STRING_TEXT_SIZE);
|
||
|
PRINT(OUTSTREAM,TEXT(" Filter Id : %s\n"),StringTxt);
|
||
|
StringFromGUID2(mmFilter.gPolicyID, StringTxt, STRING_TEXT_SIZE);
|
||
|
PRINT(OUTSTREAM,TEXT(" Policy Id : %s\n"),StringTxt);
|
||
|
if (bPrintNegPol)
|
||
|
{
|
||
|
// get mm policy and print it, right here
|
||
|
PIPSEC_MM_POLICY pipsmmp;
|
||
|
|
||
|
if ((hr = GetMMPolicyByID(szServ, mmFilter.gPolicyID, &pipsmmp)) != ERROR_SUCCESS)
|
||
|
{
|
||
|
// PRINT(OUTSTREAM,TEXT("GetMMPolicyByID failed with error %d\n"), hr);
|
||
|
return FALSE;
|
||
|
}
|
||
|
|
||
|
PrintMMPolicy(pipsmmp[0], TEXT("\t"));
|
||
|
SPDApiBufferFree(pipsmmp);
|
||
|
}
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT(" Src Addr : "));
|
||
|
PrintAddr(mmFilter.SrcAddr);
|
||
|
PRINT(OUTSTREAM,TEXT("\n"));
|
||
|
PRINT(OUTSTREAM,TEXT(" Des Addr : "));
|
||
|
PrintAddr(mmFilter.DesAddr);
|
||
|
PRINT(OUTSTREAM,TEXT("\n"));
|
||
|
|
||
|
if (bPrintSpecific)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT(" Direction : %s, Weight : %lu\n"),
|
||
|
(mmFilter.dwDirection == FILTER_DIRECTION_INBOUND) ? _T("Inbound") : ((mmFilter.dwDirection == FILTER_DIRECTION_OUTBOUND) ? _T("Outbound") : _T("Error")),
|
||
|
mmFilter.dwWeight);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT(" Mirrored : %s\n"), mmFilter.bCreateMirror ? _T("True") : _T("False"));
|
||
|
}
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT(" Interface Type : %s\n"), if_types[mmFilter.InterfaceType]);
|
||
|
|
||
|
StringFromGUID2(mmFilter.gMMAuthID, StringTxt, STRING_TEXT_SIZE);
|
||
|
PRINT(OUTSTREAM,TEXT(" Auth Methods Id: %s\n"),StringTxt);
|
||
|
if (bPrintNegPol)
|
||
|
{
|
||
|
//print auth methods as well
|
||
|
PMM_AUTH_METHODS pmmam;
|
||
|
|
||
|
if ((hr = GetMMAuthMethods(szServ, mmFilter.gMMAuthID, &pmmam)) != ERROR_SUCCESS)
|
||
|
{
|
||
|
// PRINT(OUTSTREAM,TEXT("GetMMAuthMethods failed with error %d\n"), hr);
|
||
|
return FALSE;
|
||
|
}
|
||
|
|
||
|
for (i = 0; i < (int) pmmam[0].dwNumAuthInfos; i++)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("\tAM #%d : "), i+1);
|
||
|
PrintAuthInfo(pmmam[0].pAuthenticationInfo[i]);
|
||
|
PRINT(OUTSTREAM,TEXT("\n"));
|
||
|
}
|
||
|
SPDApiBufferFree(pmmam);
|
||
|
}
|
||
|
|
||
|
return TRUE;
|
||
|
|
||
|
} // end of PrintMMFilter
|
||
|
|
||
|
|
||
|
// PrintMMAuthMethods will print main mode authentication methods information with given prefix string
|
||
|
// Parms: IN mmAuth - MM_AUTH_METHODS structure
|
||
|
// IN pszPrefix - prefix string
|
||
|
// Returns: None
|
||
|
|
||
|
void PrintMMAuthMethods(IN MM_AUTH_METHODS mmAuth, IN PTCHAR pszPrefix)
|
||
|
{
|
||
|
int i;
|
||
|
TCHAR * StringTxt = new TCHAR[STRING_TEXT_SIZE];
|
||
|
DWORD hr;
|
||
|
|
||
|
StringFromGUID2(mmAuth.gMMAuthID, StringTxt, STRING_TEXT_SIZE);
|
||
|
PRINT(OUTSTREAM,TEXT("%sAuth Methods Id: %s\n"), pszPrefix, StringTxt);
|
||
|
for (i = 0; i < (int) mmAuth.dwNumAuthInfos; i++)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("%s\tAM #%d : "), pszPrefix, i+1);
|
||
|
PrintAuthInfo(mmAuth.pAuthenticationInfo[i]);
|
||
|
PRINT(OUTSTREAM,TEXT("\n"));
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// PrintMMPolicy will print main mode policy information with given prefix string
|
||
|
// Parms: IN mmPolicy - IPSEC_MM_POLICY structure
|
||
|
// IN pszPrefix - prefix string
|
||
|
// Returns: None
|
||
|
|
||
|
void PrintMMPolicy(IN IPSEC_MM_POLICY mmPolicy, IN PTCHAR pszPrefix)
|
||
|
{
|
||
|
int i;
|
||
|
TCHAR * StringTxt = new TCHAR[STRING_TEXT_SIZE];
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT("%sName : %s\n"), pszPrefix, mmPolicy.pszPolicyName );
|
||
|
StringFromGUID2(mmPolicy.gPolicyID, StringTxt, STRING_TEXT_SIZE);
|
||
|
PRINT(OUTSTREAM,TEXT("%sPolicy Id : %s\n"), pszPrefix, StringTxt);
|
||
|
PRINT(OUTSTREAM,TEXT("%sFlags : %lu %s %s\n"), pszPrefix, mmPolicy.dwFlags,
|
||
|
(mmPolicy.dwFlags & IPSEC_MM_POLICY_DEFAULT_POLICY) ? _T("(Default)") : _T(""),
|
||
|
(mmPolicy.dwFlags & IPSEC_MM_POLICY_ENABLE_DIAGNOSTICS) ? _T("(Enable Diag)") : _T(""));
|
||
|
|
||
|
if (mmPolicy.uSoftSAExpirationTime != 0)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("%sSoft SA expiration time : %lu\n"), pszPrefix, mmPolicy.uSoftSAExpirationTime);
|
||
|
}
|
||
|
for (i = 0; i < (int) mmPolicy.dwOfferCount; i++)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("%sOffer #%d\n"), pszPrefix, i+1);
|
||
|
PrintMMOffer(mmPolicy.pOffers[i], pszPrefix, TEXT("\t"));
|
||
|
}
|
||
|
|
||
|
} // end of PrintMMPolicy
|
||
|
|
||
|
// PrintMMOffer will print main mode policy offer with given prefix string (actually two prefix strings)
|
||
|
// Parms: IN mmOffer - IPSEC_MM_OFFER structure
|
||
|
// IN pszPrefix - prefix string
|
||
|
// IN pszPrefix2 - 2nd prefix string (will be added to 1st)
|
||
|
// Returns: None
|
||
|
|
||
|
void PrintMMOffer(IN IPSEC_MM_OFFER mmOffer, IN PTCHAR pszPrefix, IN PTCHAR pszPrefix2)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("%s%s%s"), pszPrefix, pszPrefix2, esp_algo[mmOffer.EncryptionAlgorithm.uAlgoIdentifier]);
|
||
|
if (mmOffer.EncryptionAlgorithm.uAlgoKeyLen != 0 || mmOffer.EncryptionAlgorithm.uAlgoRounds != 0)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("(%lubytes/%lurounds)"), mmOffer.EncryptionAlgorithm.uAlgoKeyLen, mmOffer.EncryptionAlgorithm.uAlgoRounds);
|
||
|
}
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT(" %s"), ah_algo[mmOffer.HashingAlgorithm.uAlgoIdentifier]);
|
||
|
if (mmOffer.HashingAlgorithm.uAlgoKeyLen != 0 || mmOffer.HashingAlgorithm.uAlgoRounds != 0)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("(%lubytes/%lurounds)"), mmOffer.HashingAlgorithm.uAlgoKeyLen, mmOffer.HashingAlgorithm.uAlgoRounds);
|
||
|
}
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT(" DH Group %lu\n"), mmOffer.dwDHGroup);
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT("%s%sQuickmode limit : %lu, Lifetime %luKbytes/%luseconds\n"), pszPrefix, pszPrefix2, mmOffer.dwQuickModeLimit,
|
||
|
mmOffer.Lifetime.uKeyExpirationKBytes, mmOffer.Lifetime.uKeyExpirationTime);
|
||
|
|
||
|
if (mmOffer.dwFlags != 0)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("%s%sFlags : %lu\n"), pszPrefix, pszPrefix2, mmOffer.dwFlags);
|
||
|
}
|
||
|
} // end of PrintMMOffer
|
||
|
|
||
|
// PrintAddr will print ADDR structure (address used in SPD)
|
||
|
// Parms: IN addr - ADDR structure
|
||
|
// Returns: None
|
||
|
|
||
|
void PrintAddr(IN ADDR addr)
|
||
|
{
|
||
|
struct in_addr inAddr;
|
||
|
TCHAR * StringTxt = new TCHAR[STRING_TEXT_SIZE];
|
||
|
|
||
|
if (addr.AddrType == IP_ADDR_UNIQUE && addr.uIpAddr == IP_ADDRESS_ME)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("Me"));
|
||
|
}
|
||
|
else if (addr.AddrType == IP_ADDR_SUBNET && addr.uIpAddr == SUBNET_ADDRESS_ANY && addr.uSubNetMask == SUBNET_MASK_ANY)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("Any"));
|
||
|
}
|
||
|
else if (addr.AddrType == IP_ADDR_UNIQUE)
|
||
|
{
|
||
|
inAddr.s_addr = addr.uIpAddr;
|
||
|
PRINT(OUTSTREAM,TEXT("%S"), inet_ntoa(inAddr)) ;
|
||
|
}
|
||
|
else if (addr.AddrType == IP_ADDR_SUBNET)
|
||
|
{
|
||
|
inAddr.s_addr = addr.uIpAddr;
|
||
|
PRINT(OUTSTREAM,TEXT("subnet %S "), inet_ntoa(inAddr)) ;
|
||
|
inAddr.s_addr = addr.uSubNetMask;
|
||
|
PRINT(OUTSTREAM,TEXT("mask %S"), inet_ntoa(inAddr)) ;
|
||
|
}
|
||
|
else if (addr.AddrType == IP_ADDR_INTERFACE)
|
||
|
{
|
||
|
StringFromGUID2(addr.gInterfaceID, StringTxt, STRING_TEXT_SIZE);
|
||
|
PRINT(OUTSTREAM,TEXT("interface id %s "), StringTxt);
|
||
|
if (addr.uIpAddr != IP_ADDRESS_ME)
|
||
|
{
|
||
|
inAddr.s_addr = addr.uIpAddr;
|
||
|
PRINT(OUTSTREAM,TEXT("IP Addr %S "), inet_ntoa(inAddr)) ;
|
||
|
}
|
||
|
}
|
||
|
} // end of PrintAddr
|
||
|
|
||
|
// PrintAuthInfo will print authentication method information
|
||
|
// Parms: IN authInfo - IPSEC_MM_AUTH_INFO structure
|
||
|
// Returns: None
|
||
|
|
||
|
void PrintAuthInfo(IN IPSEC_MM_AUTH_INFO authInfo)
|
||
|
{
|
||
|
int i;
|
||
|
DWORD dwReturn;
|
||
|
WCHAR *pszCertStr, *pTmp;
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT("%s"), oak_auth[authInfo.AuthMethod]);
|
||
|
if (authInfo.AuthMethod == IKE_PRESHARED_KEY)
|
||
|
{
|
||
|
// print preshared key
|
||
|
PRINT(OUTSTREAM,TEXT(" : \""));
|
||
|
for (i = 0; i < (int) (authInfo.dwAuthInfoSize/sizeof(TCHAR)); i++)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("%c"), *(((TCHAR*)authInfo.pAuthInfo)+i));
|
||
|
}
|
||
|
PRINT(OUTSTREAM,TEXT("\""));
|
||
|
}
|
||
|
else if (authInfo.AuthMethod == IKE_RSA_SIGNATURE || authInfo.AuthMethod == IKE_RSA_ENCRYPTION)
|
||
|
{
|
||
|
// convert and print cert
|
||
|
PRINT(OUTSTREAM,TEXT(" : \""));
|
||
|
dwReturn = CM_DecodeName(authInfo.pAuthInfo, authInfo.dwAuthInfoSize, &pszCertStr);
|
||
|
if (dwReturn != ERROR_SUCCESS)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("Unknown"));
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
for (pTmp = pszCertStr; *pTmp; pTmp++)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("%c"), *pTmp);
|
||
|
}
|
||
|
delete [] pszCertStr;
|
||
|
}
|
||
|
PRINT(OUTSTREAM,TEXT("\""));
|
||
|
}
|
||
|
} // end of PrintAuthInfo
|
||
|
|
||
|
|
||
|
void PrintPolicies(IN IPSEC_IKE_POLICY& IPSecIkePol)
|
||
|
{
|
||
|
int i;
|
||
|
IPSEC_IKE_POLICY TmpPol; // for checks
|
||
|
TCHAR szPrefix[] = TEXT(" ");
|
||
|
|
||
|
// set TmpPol to 0's
|
||
|
memset(&TmpPol, 0, sizeof(TmpPol));
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT("==========================\n"));
|
||
|
if (IPSecIkePol.dwNumMMFilters != 0)
|
||
|
{
|
||
|
for (i = 0; i < (int) IPSecIkePol.dwNumMMFilters; ++i)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("MM Filter %d\n"),i);
|
||
|
PrintMMFilter(IPSecIkePol.pMMFilters[i], FALSE, FALSE);
|
||
|
PRINT(OUTSTREAM,TEXT("==========================\n"));
|
||
|
}
|
||
|
}
|
||
|
if (IPSecIkePol.dwNumFilters != 0)
|
||
|
{
|
||
|
for (i = 0; i < (int) IPSecIkePol.dwNumFilters; ++i)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("Filter %d\n"),i);
|
||
|
if (IPSecIkePol.QMFilterType == QM_TRANSPORT_FILTER)
|
||
|
{
|
||
|
PrintFilter(IPSecIkePol.pTransportFilters[i], FALSE, FALSE);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
// tunnel
|
||
|
PrintTunnelFilter(IPSecIkePol.pTunnelFilters[i], FALSE, FALSE);
|
||
|
}
|
||
|
PRINT(OUTSTREAM,TEXT("==========================\n"));
|
||
|
}
|
||
|
}
|
||
|
PRINT(OUTSTREAM,TEXT("Oakley Auth: \n"));
|
||
|
for (i = 0; i < (int) IPSecIkePol.AuthInfos.dwNumAuthInfos; i++)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("\tAM #%d : "), i+1);
|
||
|
PrintAuthInfo(IPSecIkePol.AuthInfos.pAuthenticationInfo[i]);
|
||
|
PRINT(OUTSTREAM,TEXT("\n"));
|
||
|
}
|
||
|
PRINT(OUTSTREAM,TEXT("==========================\n"));
|
||
|
|
||
|
// continue here
|
||
|
// mm policy
|
||
|
if (memcmp(&IPSecIkePol.IkePol, &TmpPol.IkePol, sizeof(TmpPol.IkePol)) != 0)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("MM Policy: \n"));
|
||
|
PrintMMPolicy(IPSecIkePol.IkePol, szPrefix);
|
||
|
}
|
||
|
|
||
|
PRINT(OUTSTREAM,TEXT("==========================\n"));
|
||
|
// qm policy
|
||
|
if (memcmp(&IPSecIkePol.IpsPol, &TmpPol.IpsPol, sizeof(TmpPol.IpsPol)) != 0)
|
||
|
{
|
||
|
PRINT(OUTSTREAM,TEXT("QM Policy: \n"));
|
||
|
PrintFilterAction(IPSecIkePol.IpsPol, szPrefix);
|
||
|
}
|
||
|
}
|