3.1.4.24 RRPC_FWSetCryptoSet (Opnum 23)
The RRPC_FWSetCryptoSet method requests the server to modify the specified cryptographic set in the policy contained in the policy store referenced by the handle specified in the hPolicy parameter.
-
unsigned long RRPC_FWSetCryptoSet( [in] FW_CONN_HANDLE rpcConnHandle, [in] FW_POLICY_STORE_HANDLE hPolicy, [in] PFW_CRYPTO_SET pCrypto );
rpcConnHandle: This parameter is an RPC binding handle that connects to the RPC interface of the Firewall and Advanced Security Protocol.
hPolicy: This input parameter is an FW_POLICY_STORE_HANDLE data type. The data type MUST contain an opened policy store handle, successfully opened with the RRPC_FWOpenPolicyStore (Opnum 0) method. The handle MUST have read/write access rights.
pCrypto: This parameter represents the cryptographic set the client wants to modify in the store. The set MUST be valid, as specified in the definition of the FW_CRYPTO_SET data type.
Return Values: The method returns 0 if successful; if failed, it returns a nonzero error code. The field can take any specific error code value, as specified in [MS-ERREF]. The following return values are common.
-
Return value/code
Description
0x00000032
ERROR_NOT_SUPPORTED
The specified store does not support this method; the store might be read-only.
0x00000005
ERROR_ACCESS_DENIED
The hPolicy handle was not opened with read/write access rights. The error is also returned if the client does not have the required credentials to call the method.
0x00000002
ERROR_FILE_NOT_FOUND
The specified set referenced by the wszSetId member string of the FW_CRYPTO_SET data type is not found in the policy store.
0x00000057
ERROR_INVALID_PARAMETER
One of the parameters of this method is incorrect, or is required and not specified. This error can be returned because:
The pCrypto object did not pass the cryptographic set validations specified in the definition of the FW_CRYPTO_SET data type.
One of the required values is not specified.
Exceptions Thrown: No exceptions are thrown beyond those thrown by the underlying RPC protocol, as specified in [MS-RPCE]. If any lower-layer errors are reported by RPC exception, this exception is converted to an error code and reported to higher-layer protocols via the return value.
This method modifies a cryptographic set in the cryptographic linked list of the memory representation of the store being modified. It also writes through and saves the set to the disk. If called on an online store, the method enumerates the connection security rules list and reapplies each rule referencing this primary set to complete the enforcement of the policy.
The server MUST determine whether the local computer is operating in common criteria mode by invoking the abstract interface IsComputerInCommonCriteriaMode (section 3.1.6.5). If the local computer is operating in common criteria mode, the server MUST fail the operation and return an error of ERROR_ACCESS_DENIED (5). Otherwise, the server MUST validate that the client is authorized to perform the requested operation (as defined in section 3.1.4) before executing this method.