diff --git a/lib/EAPBase/include/Config.h b/lib/EAPBase/include/Config.h index fc8889a..3753729 100644 --- a/lib/EAPBase/include/Config.h +++ b/lib/EAPBase/include/Config.h @@ -389,11 +389,15 @@ namespace eap // winstd::com_obj pXmlElClientSideCredential; if (eapxml::select_element(pConfigRoot, winstd::bstr(L"eap-metadata:ClientSideCredential"), &pXmlElClientSideCredential) == ERROR_SUCCESS) { + std::wstring xpath(eapxml::get_xpath(pXmlElClientSideCredential)); + // eapxml::get_element_value(pXmlElClientSideCredential, winstd::bstr(L"eap-metadata:allow-save"), &m_allow_save); + m_module.log_config((xpath + L"/allow-save").c_str(), m_allow_save); // eapxml::get_element_value(pXmlElClientSideCredential, winstd::bstr(L"eap-metadata:AnonymousIdentity"), m_anonymous_identity); + m_module.log_config((xpath + L"/AnonymousIdentity").c_str(), m_anonymous_identity.c_str()); if (!m_preshared.load(pXmlElClientSideCredential, ppEapError)) { // This is not really an error - merely an indication pre-shared credentials are unavailable. @@ -687,14 +691,17 @@ namespace eap DWORD dwResult; std::wstring lang; LoadString(m_module.m_instance, 2, lang); + std::wstring xpath(eapxml::get_xpath(pConfigRoot)); // if ((dwResult = eapxml::get_element_value(pConfigRoot, winstd::bstr(L"eap-metadata:read-only"), &m_read_only)) != ERROR_SUCCESS) m_read_only = true; + m_module.log_config((xpath + L"/read-only").c_str(), m_read_only); // m_id.clear(); eapxml::get_element_value(pConfigRoot, winstd::bstr(L"eap-metadata:ID"), m_id); + m_module.log_config((xpath + L"/ID").c_str(), m_id.c_str()); // m_name.clear(); @@ -706,29 +713,40 @@ namespace eap m_lbl_alt_password.clear(); winstd::com_obj pXmlElProviderInfo; if (eapxml::select_element(pConfigRoot, winstd::bstr(L"eap-metadata:ProviderInfo"), &pXmlElProviderInfo) == ERROR_SUCCESS) { + std::wstring xpathProviderInfo(xpath + L"/ProviderInfo"); + // eapxml::get_element_localized(pXmlElProviderInfo, winstd::bstr(L"eap-metadata:DisplayName"), lang.c_str(), m_name); + m_module.log_config((xpathProviderInfo + L"/DisplayName").c_str(), m_name.c_str()); winstd::com_obj pXmlElHelpdesk; if (eapxml::select_element(pXmlElProviderInfo, winstd::bstr(L"eap-metadata:Helpdesk"), &pXmlElHelpdesk) == ERROR_SUCCESS) { + std::wstring xpathHelpdesk(xpathProviderInfo + L"/Helpdesk"); + // / eapxml::get_element_localized(pXmlElHelpdesk, winstd::bstr(L"eap-metadata:EmailAddress"), lang.c_str(), m_help_email); + m_module.log_config((xpathHelpdesk + L"/EmailAddress").c_str(), m_help_email.c_str()); // / eapxml::get_element_localized(pXmlElHelpdesk, winstd::bstr(L"eap-metadata:WebAddress"), lang.c_str(), m_help_web); + m_module.log_config((xpathHelpdesk + L"/WebAddress").c_str(), m_help_web.c_str()); // / eapxml::get_element_localized(pXmlElHelpdesk, winstd::bstr(L"eap-metadata:Phone"), lang.c_str(), m_help_phone); + m_module.log_config((xpathHelpdesk + L"/Phone").c_str(), m_help_phone.c_str()); } // eapxml::get_element_localized(pXmlElProviderInfo, winstd::bstr(L"eap-metadata:CredentialPrompt"), lang.c_str(), m_lbl_alt_credential); + m_module.log_config((xpathProviderInfo + L"/CredentialPrompt").c_str(), m_lbl_alt_credential.c_str()); // eapxml::get_element_localized(pXmlElProviderInfo, winstd::bstr(L"eap-metadata:UserNameLabel"), lang.c_str(), m_lbl_alt_identity); + m_module.log_config((xpathProviderInfo + L"/UserNameLabel").c_str(), m_lbl_alt_identity.c_str()); // eapxml::get_element_localized(pXmlElProviderInfo, winstd::bstr(L"eap-metadata:PasswordLabel"), lang.c_str(), m_lbl_alt_password); + m_module.log_config((xpathProviderInfo + L"/PasswordLabel").c_str(), m_lbl_alt_password.c_str()); } // Iterate authentication methods (). diff --git a/lib/EAPBase/include/Module.h b/lib/EAPBase/include/Module.h index 808352a..4f8f370 100644 --- a/lib/EAPBase/include/Module.h +++ b/lib/EAPBase/include/Module.h @@ -130,6 +130,69 @@ namespace eap /// void log_error(_In_ const EAP_ERROR *err) const; + /// + /// Logs Unicode string config value + /// + inline void log_config(_In_z_ LPCWSTR name, _In_z_ LPCWSTR value) const + { + m_ep.write(&EAPMETHOD_TRACE_EVT_CFG_VALUE_UNICODE_STRING, winstd::event_data(name), winstd::event_data(value), winstd::event_data::blank); + } + + /// + /// Logs string list config value + /// + template + inline void log_config(_In_z_ LPCWSTR name, _In_z_ const std::list, _Ax_list> &value) const + { + // Prepare a table of event data descriptors. + std::vector desc; + size_t count = value.size(); + desc.reserve(count + 2); + desc.push_back(winstd::event_data( name )); + desc.push_back(winstd::event_data((unsigned int)count)); + for (std::list, _Ax_list>::const_iterator v = value.cbegin(), v_end = value.cend(); v != v_end; ++v) + desc.push_back(winstd::event_data(*v)); + + m_ep.write(&EAPMETHOD_TRACE_EVT_CFG_VALUE_ANSI_STRING_ARRAY, (ULONG)desc.size(), desc.data()); + } + + /// + /// Logs Unicode string list config value + /// + template + inline void log_config(_In_z_ LPCWSTR name, _In_z_ const std::list, _Ax_list> &value) const + { + // Prepare a table of event data descriptors. + std::vector desc; + size_t count = value.size(); + desc.reserve(count + 2); + desc.push_back(winstd::event_data( name )); + desc.push_back(winstd::event_data((unsigned int)count)); + for (std::list, _Ax_list>::const_iterator v = value.cbegin(), v_end = value.cend(); v != v_end; ++v) + desc.push_back(winstd::event_data(*v)); + + m_ep.write(&EAPMETHOD_TRACE_EVT_CFG_VALUE_UNICODE_STRING_ARRAY, (ULONG)desc.size(), desc.data()); + } + + /// + /// Logs boolean config value + /// + inline void log_config(_In_z_ LPCWSTR name, _In_ bool value) const + { + m_ep.write(&EAPMETHOD_TRACE_EVT_CFG_VALUE_BOOL, winstd::event_data(name), winstd::event_data((int)value), winstd::event_data::blank); + } + + /// + /// Logs event + /// + inline void log_event(_In_ PCEVENT_DESCRIPTOR EventDescriptor, ...) const + { + va_list arg; + va_start(arg, EventDescriptor); + m_ep.write(EventDescriptor, arg); + va_end(arg); + } + /// @} /// \name Encryption diff --git a/lib/EAPBase/src/Credentials.cpp b/lib/EAPBase/src/Credentials.cpp index f7c2652..157f86b 100644 --- a/lib/EAPBase/src/Credentials.cpp +++ b/lib/EAPBase/src/Credentials.cpp @@ -103,11 +103,15 @@ bool eap::credentials::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppE assert(pConfigRoot); DWORD dwResult; + std::wstring xpath(eapxml::get_xpath(pConfigRoot)); + if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)) != ERROR_SUCCESS) { *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document.")); return false; } + m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str()); + return true; } @@ -199,6 +203,8 @@ bool eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR if (!credentials::load(pConfigRoot, ppEapError)) return false; + std::wstring xpath(eapxml::get_xpath(pConfigRoot)); + bstr pass; if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)) != ERROR_SUCCESS) { *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document.")); @@ -207,6 +213,14 @@ bool eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR m_password = pass; SecureZeroMemory((BSTR)pass, sizeof(OLECHAR)*pass.length()); + m_module.log_config((xpath + L"/Password").c_str(), +#ifdef _DEBUG + m_password.c_str() +#else + L"********" +#endif + ); + return true; } @@ -286,6 +300,16 @@ bool eap::credentials_pass::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR else m_identity.clear(); + wstring xpath(pszTargetName); + m_module.log_config((xpath + L"/Username").c_str(), m_identity.c_str()); + m_module.log_config((xpath + L"/Password").c_str(), +#ifdef _DEBUG + m_password.c_str() +#else + L"********" +#endif + ); + return true; } diff --git a/lib/Events/res/EventsETW.man b/lib/Events/res/EventsETW.man index 5a3fabc..847992e 100644 Binary files a/lib/Events/res/EventsETW.man and b/lib/Events/res/EventsETW.man differ diff --git a/lib/TLS/src/Config.cpp b/lib/TLS/src/Config.cpp index 02d45d6..5135433 100644 --- a/lib/TLS/src/Config.cpp +++ b/lib/TLS/src/Config.cpp @@ -179,12 +179,16 @@ bool eap::config_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEa if (!config_method::load(pConfigRoot, ppEapError)) return false; + std::wstring xpath(eapxml::get_xpath(pConfigRoot)); + m_trusted_root_ca.clear(); m_server_names.clear(); // com_obj pXmlElServerSideCredential; if (eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), &pXmlElServerSideCredential) == ERROR_SUCCESS) { + std::wstring xpathServerSideCredential(xpath + L"/ServerSideCredential"); + // com_obj pXmlListCAs; long lCACount = 0; @@ -212,6 +216,12 @@ bool eap::config_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEa add_trusted_ca(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size()); } + + // Log loaded CA certificates. + list cert_names; + for (std::list::const_iterator cert = m_trusted_root_ca.cbegin(), cert_end = m_trusted_root_ca.cend(); cert != cert_end; ++cert) + cert_names.push_back(std::move(eap::get_cert_title(*cert))); + m_module.log_config((xpathServerSideCredential + L"/CA").c_str(), cert_names); } // @@ -229,8 +239,10 @@ bool eap::config_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEa string str; WideCharToMultiByte(CP_UTF8, 0, bstrServerID, bstrServerID.length(), str, NULL, NULL); - m_server_names.push_back(str); + m_server_names.push_back(str); } + + m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names); } } diff --git a/lib/TLS/src/Credentials.cpp b/lib/TLS/src/Credentials.cpp index d03458d..55dd48b 100644 --- a/lib/TLS/src/Credentials.cpp +++ b/lib/TLS/src/Credentials.cpp @@ -137,6 +137,8 @@ bool eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR * //if (!credentials::load(pConfigRoot, ppEapError)) // return false; + std::wstring xpath(eapxml::get_xpath(pConfigRoot)); + m_identity.clear(); m_cert.free(); @@ -161,6 +163,7 @@ bool eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR * } } } + m_module.log_config((xpath + L"/ClientCertificate").c_str(), m_cert ? eap::get_cert_title(m_cert).c_str() : L""); return true; } @@ -238,6 +241,8 @@ bool eap::credentials_tls::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR // Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username). CertGetNameString(m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, m_identity); + m_module.log_config((wstring(pszTargetName) + L"/Certificate").c_str(), m_identity.c_str()); + return true; } diff --git a/lib/TTLS/src/Config.cpp b/lib/TTLS/src/Config.cpp index 3319425..dd94fbf 100644 --- a/lib/TTLS/src/Config.cpp +++ b/lib/TTLS/src/Config.cpp @@ -130,6 +130,8 @@ bool eap::config_ttls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppE if (!config_tls::load(pConfigRoot, ppEapError)) return false; + std::wstring xpath(eapxml::get_xpath(pConfigRoot)); + // Load inner authentication configuration (). com_obj pXmlElInnerAuthenticationMethod; if ((dwResult = eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), &pXmlElInnerAuthenticationMethod)) != ERROR_SUCCESS) { @@ -150,6 +152,7 @@ bool eap::config_ttls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppE CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrMethod, bstrMethod.length(), L"PAP", -1, NULL, NULL, 0) == CSTR_EQUAL) { // PAP + m_module.log_config((xpath + L"/NonEAPAuthMethod").c_str(), L"PAP"); assert(!m_inner); m_inner = new eap::config_pap(m_module); if (!m_inner->load(pXmlElInnerAuthenticationMethod, ppEapError)) diff --git a/lib/WinStd b/lib/WinStd index 91ad14c..f721de2 160000 --- a/lib/WinStd +++ b/lib/WinStd @@ -1 +1 @@ -Subproject commit 91ad14cf6a91cadea4d2b2ad6a9f0cff6fd8c6e9 +Subproject commit f721de2f263bf7bc14b705a9729d9dd91a60eed2