次の方法で共有


3.1.4.14 RRPC_FWSetConnectionSecurityRule (Opnum 13)

The RRPC_FWSetConnectionSecurityRule method requests the server to modify the specified connection security rule in the policy contained in the policy store that is referenced by the handle specified in the hPolicy parameter.

 ULONG RRPC_FWSetConnectionSecurityRule(
   [in] FW_CONN_HANDLE rpcConnHandle,
   [in] FW_POLICY_STORE_HANDLE hPolicy,
   [in] PFW_CS_RULE2_0 pRule
 );

rpcConnHandle: This parameter is an RPC binding handle that connects to the RPC interface of the Firewall and Advanced Security Protocol.

hPolicy: This input parameter is an FW_POLICY_STORE_HANDLE data type. The data type MUST contain an opened policy store handle that is successfully opened by using the RRPC_FWOpenPolicyStore (Opnum 0) method. The handle MUST have read/write access rights.

pRule: This parameter represents the connection security rule that the client wants to modify in the store. The rule MUST be a valid rule, as specified in the definition of the FW_CS_RULE2_0 data type.

Return Values: The method returns 0 if successful; if it fails, it returns a nonzero error code. The field can take any specific error code value, as specified in [MS-ERREF]. The following return values are common.

Return value/code

Description

0x00000032

ERROR_NOT_SUPPORTED

The specified store does not support this method; the store might be read-only.

0x00000005

ERROR_ACCESS_DENIED

The hPolicy handle was not opened with read/write access rights. This error is also returned if the client does not have the required credentials to call the method.

0x00000002

ERROR_FILE_NOT_FOUND

The specified rule that is referenced by the wszRuleID member string of the FW_CS_RULE data type is not found in the policy store.

0x00000057

ERROR_INVALID_PARAMETER

A parameter of this method is incorrect, or is required and not specified. This error can be returned because:

  • The pRule object did not pass the connection security rule validations that are specified in the definition of the FW_CS_RULE data type.

  • The rule has a phase 2 crypto set that specified FW_CRYPTO_PRPTOCOL_AUTH_NO_ENCAP (see section 2.2.69), and either it is a tunnel mode rule or it has an AuthSet that specifies a preshared key auth method.

  • A required value is not specified.

Exceptions Thrown: No exceptions are thrown except those that are thrown by the underlying RPC protocol, as specified in [MS-RPCE]. If any lower-layer errors are reported by RPC exception, this exception is converted to an error code and reported to higher-layer protocols via the return value.

This method modifies a connection security rule already stored in the connection security linked list of the memory representation of the store being modified. It uses this list to determine whether the rule exists. It also writes through and saves the rule in disk. If called on an online store, the connection security rule modifications are also enforced.

The server MUST validate that the client is authorized to perform the requested operation (as defined in section 3.1.4) before executing this method.