Share via

3.1.4.25 RRPC_FWDeleteCryptoSet (Opnum 24)

  • Article

The RRPC_FWDeleteCryptoSet method requests the server to delete the specified cryptographic set in the policy contained in the policy store that is referenced by the handle specified in the hPolicy parameter.

 ULONG RRPC_FWDeleteCryptoSet(
   [in] FW_CONN_HANDLE rpcConnHandle,
   [in] FW_POLICY_STORE_HANDLE hPolicy,
   [in, range(FW_IPSEC_PHASE_INVALID+1, FW_IPSEC_PHASE_MAX-1)] 
     FW_IPSEC_PHASE IpSecPhase,
   [in, string, ref] const wchar_t* wszSetId
 );

rpcConnHandle: This parameter is an RPC binding handle that connects to the RPC interface of the Firewall and Advanced Security Protocol.

hPolicy: This input parameter is an FW_POLICY_STORE_HANDLE data type. The data type MUST contain an opened policy store handle that is successfully opened by using the RRPC_FWOpenPolicyStore (Opnum 0) method. The handle MUST have read/write access rights.

IpSecPhase: This parameter specifies the IPsec negotiation phase type in which this set is used.

wszSetId: This parameter is the pointer to a string that is the ID of the cryptographic set that the client wants to delete from the specified store.

This ID can be obtained by enumerating cryptographic sets using the RRPC_FWEnumCryptoSets (Opnum 26) where the ID is returned  in the FW_CRYPTO_SET structure.

Return Values: The method returns 0 if successful; if it fails, it returns a nonzero error code. The field can take any specific error code value, as specified in [MS-ERREF]. The following return values are common.

Return value/code

Description

0x00000962

ERROR_ACTIVE_CONNECTIONS

The specified set is still referenced by connection security or main mode rules. This failure happens only when the set is not a primary set. There is always a primary set to use, either from other stores or a hard-coded one.

0x00000032

ERROR_NOT_SUPPORTED

The specified store does not support this method; the store might be read-only.

0x00000005

ERROR_ACCESS_DENIED

The hPolicy handle was not opened with read/write access rights. The error is also returned if the client does not have the required credentials to call the method.

0x00000002

ERROR_FILE_NOT_FOUND

The specified rule that is referenced by the wszSetId string is not found in the policy store.

0x00000057

ERROR_INVALID_PARAMETER

The specified IPsec phase is not a valid one.

Exceptions Thrown: No exceptions are thrown except those that are thrown by the underlying RPC protocol, as specified in [MS-RPCE]. If any lower-layer errors are reported by RPC exception, this exception is converted to an error code and reported to higher-layer protocols via the return value.

This method deletes a cryptographic set in the cryptographic linked list of the memory representation of the store being modified. It also writes through and saves the set to disk. If called on an online store and the set is not a primary set, the method does not delete the specified set if any connection rule references this set.

The server MUST determine whether the local computer is operating in common criteria mode by invoking the abstract interface IsComputerInCommonCriteriaMode (section 3.1.6.5). If the local computer is operating in common criteria mode, the server MUST fail the operation and return an error of ERROR_ACCESS_DENIED (5). Otherwise, the server MUST validate that the client is authorized to perform the requested operation (as defined in section 3.1.4) before executing this method.