3.1.4.28 RRPC_FWEnumPhase1SAs (Opnum 27)
The RRPC_FWEnumPhase1SAs method requests the server to return all the security associations of the IPsec first negotiation phase contained in the store referenced by the hPolicy handle. The method returns a linked list of all these security associations.
-
unsigned long RRPC_FWEnumPhase1SAs( [in] FW_CONN_HANDLE rpcConnHandle, [in] FW_POLICY_STORE_HANDLE hPolicy, [in, unique] PFW_ENDPOINTS pEndpoints, [out, ref] unsigned long* pdwNumSAs, [out, size_is(, *pdwNumSAs)] PFW_PHASE1_SA_DETAILS* ppSAs );
rpcConnHandle: This parameter is an RPC binding handle that connects to the RPC interface of the Firewall and Advanced Security Protocol.
hPolicy: This input parameter is an FW_POLICY_STORE_HANDLE data type. The data type MUST contain an opened policy store handle, successfully opened with the RRPC_FWOpenPolicyStore (Opnum 0) method. This handle MUST be of the FW_STORE_TYPE_DYNAMIC store.
pEndpoints: This parameter is a pointer to an FW_ENDPOINTS data type that can hold the addresses of the destination and source host. These addresses are used to match the security associations that will be returned. If this parameter is NULL, the method returns all IPsec first-phase security associations.
pdwNumSAs: This is an output parameter that on success MUST be equal to the number of security associations returned.
ppSAs: This is an output parameter that on success contains a linked list of FW_PHASE1_SA_DETAILS data types, each of which represents the first-phase security association.
Return Values: The method returns 0 if successful; if failed, it returns a nonzero error code. The field can take any specific error code value, as specified in [MS-ERREF]. The following return values are common.
-
Return value/code
Description
0x00000005
ERROR_ACCESS_DENIED
The client does not have the required credentials to call the method.
0x00000032
ERROR_NOT_SUPPORTED
The store handle is not of the dynamic store.
0x00000057
ERROR_INVALID_PARAMETER
One of the parameters of this method is incorrect, or is required and not specified.
Exceptions Thrown: No exceptions are thrown beyond those thrown by the underlying RPC protocol, as specified in [MS-RPCE]. If any lower-layer errors are reported by RPC exception, this exception is converted to an error code and reported to higher-layer protocols via the return value.
The server MUST validate that the client is authorized to perform the requested operation (as defined in section 3.1.4) before executing this method.
When this method is called, the server looks for the binary version of the client, which was associated with the hPolicy handle when the client sent the RRPC_FWOpenPolicyStore call. The server compares this binary version parameter with the schema version that it supports. If the server’s schema version is greater than the binary version passed by the client, the server removes all FW_PHASE1_SA_DETAILS objects that contain values that are not valid for an FW_AUTH_SET (section 2.2.65) structure that has the schema version value passed by the client.