3.1.4.22 RRPC_FWEnumAuthenticationSets (Opnum 21)

The RRPC_FWEnumAuthenticationSets method requests the server to return all the authentication sets of the specified IPsec phase contained in the store referenced by the hPolicy handle. The method returns a linked list of these objects.

 unsigned long RRPC_FWEnumAuthenticationSets(
   [in] FW_CONN_HANDLE rpcConnHandle,
   [in] FW_POLICY_STORE_HANDLE hPolicy,
   [in, range(FW_IPSEC_PHASE_INVALID+1, FW_IPSEC_PHASE_MAX-1)] 
     FW_IPSEC_PHASE IpSecPhase,
   [in] unsigned long dwFilteredByStatus,
   [in] unsigned short wFlags,
   [out] unsigned long* pdwNumAuthSets,
   [out] PFW_AUTH_SET2_10* ppAuth
 );

rpcConnHandle: This parameter is an RPC binding handle that connects to the RPC interface of the Firewall and Advanced Security Protocol.

hPolicy: This input parameter is an FW_POLICY_STORE_HANDLE data type. The data type MUST contain an opened policy store handle, successfully opened with the RRPC_FWOpenPolicyStore (Opnum 0) method. The handle MUST have read or read/write access rights.

IpSecPhase: This parameter specifies the specific IPsec negotiation phase to which this set applies.

dwFilteredByStatus: This parameter is a combination of flags from the FW_RULE_STATUS_CLASS enumeration. This method uses this bitmask to determine which rules will be returned. Sets that contain a status code of the class specified by this parameter will be returned in the linked list.

wFlags: This parameter is a combination of flags from the FW_ENUM_RULES_FLAGS that modifies the behavior of the method and performs operations on the sets before returning them in the linked list.

pdwNumAuthSets: This is an output parameter that on success MUST be equal to the number of sets returned.

ppAuth: This is an output parameter that on success contains a linked list of FW_AUTH_SET2_10 data types.

Return Values: The method returns 0 if successful; if failed, it returns a nonzero error code. The field can take any specific error code value, as specified in [MS-ERREF]. The following return values are common.

Return value/code

Description

0x00000005

ERROR_ACCESS_DENIED

The client does not have the required credentials to call the method.

0x00000057

ERROR_INVALID_PARAMETER

One of the parameters of this method is incorrect, or is required and not specified. This error can be returned because:

  • The IpSecPhase parameter specifies an invalid IPsec negotiation phase.

  • One of the required values is not specified.

Exceptions Thrown: No exceptions are thrown beyond those thrown by the underlying RPC protocol, as specified in [MS-RPCE]. If any lower-layer errors are reported by RPC exception, this exception is converted to an error code and reported to higher-layer protocols via the return value.

The server MUST validate that the client is authorized to perform the requested operation (as defined in section 3.1.4) before executing this method.

When this method is called, the server looks for the binary version of the client, which was associated with the hPolicy handle when the client sent the RRPC_FWOpenPolicyStore() call. The server compares this binary version parameter with the schema version it supports. If the server has a schema version of 0x0201 and the client passed a 0x0200 binary version, then the server removes all values that are not valid for a FW_AUTH_SET (section 2.2.64) structure that has a 0x0200 schema version. If the removed value was present on one or more suites of the set, the server removes those suites as a whole, leaving the remaining suites intact. For each set that had a value removed, the server sets a FW_RULE_STATUS_PARTIALLY_IGNORED value on the Status field of the set. Then the client receives authentication sets with values that correspond to the correct schema version, but the client recognizes that the information it has about the sets is potentially incomplete.