As it told here,
Security descriptors cannot be null when used in filter conditions. Moreover, they need to be in self-relative format.
I use the same function (which calls BuildSecurityDescriptor() that creates
ALREADY a self-relative security descriptor) to fill in the condition for enumerating and adding filters, and it works for adding, but don't work for enumerating!
bool FillUserIdCondition(FWPM_FILTER_CONDITION *pFC){
EXPLICIT_ACCESS ea;
FWP_BYTE_BLOB *pSDBLOB=new FWP_BYTE_BLOB;
pSDBLOB->size=SECURITY_MAX_SID_SIZE;
BuildExplicitAccessWithName(&ea,L"User",FWP_ACTRL_MATCH_FILTER,GRANT_ACCESS,0);
dwBytes=BuildSecurityDescriptor(0,0,1,&ea,0,0,0,(ULONG*)&pSDBLOB->size,(PSECURITY_DESCRIPTOR*)&pSDBLOB->data);
if(dwBytes){
//Handle an error
delete pSDBLOB;
}else{
pFC->fieldKey=FWPM_CONDITION_ALE_USER_ID;
pFC->matchType=FWP_MATCH_EQUAL;
pFC->conditionValue.type=FWP_SECURITY_DESCRIPTOR_TYPE;
pFC->conditionValue.sd=pSDBLOB;
}
return !dwBytes;
}
…
FWPM_FILTER_CONDITION cond={};
FWPM_FILTER_ENUM_TEMPLATE et={0,FWPM_LAYER_ALE_AUTH_CONNECT_V4,FWP_FILTER_ENUM_OVERLAPPING,FWP_FILTER_ENUM_FLAG_SORTED,0,1,&cond,FWP_ACTION_BLOCK};
if(FillUserIdCondition(&cond)){
dwErr=FwpmFilterCreateEnumHandle(hEngine,&et,&hEnum); //here it fails with FWP_E_TYPE_MISMATCH
…
}
Initially I forgot about setting FWP_SECURITY_DESCRIPTOR_TYPE in my FillUserIdCondition() function, so there was no error in FwpmFilterCreateEnumHandle() (but added filters weren't working because of incorrect condition type). But when I found
an error and fixed it, filters started working, but FwpmFilterCreateEnumHandle() now returns that error.
How to make it work correctly?
If I fall I will arise on my way to paradise
