Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Configuration and credentials logging introduced

Browse Source
This commit is contained in:
Simon Rozman 2016-07-19 12:53:54 +02:00
parent 2f28b89ab2
commit 4acabbca4e
8 changed files with 127 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lib/EAPBase/include/Config.h
View File

@ -389,11 +389,15 @@ namespace eap
// <ClientSideCredential>
winstd::com_obj<IXMLDOMElement> pXmlElClientSideCredential;
if (eapxml::select_element(pConfigRoot, winstd::bstr(L"eap-metadata:ClientSideCredential"), &pXmlElClientSideCredential) == ERROR_SUCCESS) {
std::wstring xpath(eapxml::get_xpath(pXmlElClientSideCredential));
// <allow-save>
eapxml::get_element_value(pXmlElClientSideCredential, winstd::bstr(L"eap-metadata:allow-save"), &m_allow_save);
m_module.log_config((xpath + L"/allow-save").c_str(), m_allow_save);
// <AnonymousIdentity>
eapxml::get_element_value(pXmlElClientSideCredential, winstd::bstr(L"eap-metadata:AnonymousIdentity"), m_anonymous_identity);
m_module.log_config((xpath + L"/AnonymousIdentity").c_str(), m_anonymous_identity.c_str());
if (!m_preshared.load(pXmlElClientSideCredential, ppEapError)) {
// This is not really an error - merely an indication pre-shared credentials are unavailable.
@ -687,14 +691,17 @@ namespace eap
DWORD dwResult;
std::wstring lang;
LoadString(m_module.m_instance, 2, lang);
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
// <read-only>
if ((dwResult = eapxml::get_element_value(pConfigRoot, winstd::bstr(L"eap-metadata:read-only"), &m_read_only)) != ERROR_SUCCESS)
m_read_only = true;
m_module.log_config((xpath + L"/read-only").c_str(), m_read_only);
// <ID>
m_id.clear();
eapxml::get_element_value(pConfigRoot, winstd::bstr(L"eap-metadata:ID"), m_id);
m_module.log_config((xpath + L"/ID").c_str(), m_id.c_str());
// <ProviderInfo>
m_name.clear();
@ -706,29 +713,40 @@ namespace eap
m_lbl_alt_password.clear();
winstd::com_obj<IXMLDOMElement> pXmlElProviderInfo;
if (eapxml::select_element(pConfigRoot, winstd::bstr(L"eap-metadata:ProviderInfo"), &pXmlElProviderInfo) == ERROR_SUCCESS) {
std::wstring xpathProviderInfo(xpath + L"/ProviderInfo");
// <DisplayName>
eapxml::get_element_localized(pXmlElProviderInfo, winstd::bstr(L"eap-metadata:DisplayName"), lang.c_str(), m_name);
m_module.log_config((xpathProviderInfo + L"/DisplayName").c_str(), m_name.c_str());
winstd::com_obj<IXMLDOMElement> pXmlElHelpdesk;
if (eapxml::select_element(pXmlElProviderInfo, winstd::bstr(L"eap-metadata:Helpdesk"), &pXmlElHelpdesk) == ERROR_SUCCESS) {
std::wstring xpathHelpdesk(xpathProviderInfo + L"/Helpdesk");
// <Helpdesk>/<EmailAddress>
eapxml::get_element_localized(pXmlElHelpdesk, winstd::bstr(L"eap-metadata:EmailAddress"), lang.c_str(), m_help_email);
m_module.log_config((xpathHelpdesk + L"/EmailAddress").c_str(), m_help_email.c_str());
// <Helpdesk>/<WebAddress>
eapxml::get_element_localized(pXmlElHelpdesk, winstd::bstr(L"eap-metadata:WebAddress"), lang.c_str(), m_help_web);
m_module.log_config((xpathHelpdesk + L"/WebAddress").c_str(), m_help_web.c_str());
// <Helpdesk>/<Phone>
eapxml::get_element_localized(pXmlElHelpdesk, winstd::bstr(L"eap-metadata:Phone"), lang.c_str(), m_help_phone);
m_module.log_config((xpathHelpdesk + L"/Phone").c_str(), m_help_phone.c_str());
}
// <CredentialPrompt>
eapxml::get_element_localized(pXmlElProviderInfo, winstd::bstr(L"eap-metadata:CredentialPrompt"), lang.c_str(), m_lbl_alt_credential);
m_module.log_config((xpathProviderInfo + L"/CredentialPrompt").c_str(), m_lbl_alt_credential.c_str());
// <UserNameLabel>
eapxml::get_element_localized(pXmlElProviderInfo, winstd::bstr(L"eap-metadata:UserNameLabel"), lang.c_str(), m_lbl_alt_identity);
m_module.log_config((xpathProviderInfo + L"/UserNameLabel").c_str(), m_lbl_alt_identity.c_str());
// <PasswordLabel>
eapxml::get_element_localized(pXmlElProviderInfo, winstd::bstr(L"eap-metadata:PasswordLabel"), lang.c_str(), m_lbl_alt_password);
m_module.log_config((xpathProviderInfo + L"/PasswordLabel").c_str(), m_lbl_alt_password.c_str());
}
// Iterate authentication methods (<AuthenticationMethods>).

63
lib/EAPBase/include/Module.h
View File

@ -130,6 +130,69 @@ namespace eap
///
void log_error(_In_ const EAP_ERROR *err) const;
///
/// Logs Unicode string config value
///
inline void log_config(_In_z_ LPCWSTR name, _In_z_ LPCWSTR value) const
{
m_ep.write(&EAPMETHOD_TRACE_EVT_CFG_VALUE_UNICODE_STRING, winstd::event_data(name), winstd::event_data(value), winstd::event_data::blank);
}
///
/// Logs string list config value
///
template<class _Traits, class _Ax, class _Ax_list>
inline void log_config(_In_z_ LPCWSTR name, _In_z_ const std::list<std::basic_string<char, _Traits, _Ax>, _Ax_list> &value) const
{
// Prepare a table of event data descriptors.
std::vector<EVENT_DATA_DESCRIPTOR> desc;
size_t count = value.size();
desc.reserve(count + 2);
desc.push_back(winstd::event_data( name ));
desc.push_back(winstd::event_data((unsigned int)count));
for (std::list<std::basic_string<char, _Traits, _Ax>, _Ax_list>::const_iterator v = value.cbegin(), v_end = value.cend(); v != v_end; ++v)
desc.push_back(winstd::event_data(*v));
m_ep.write(&EAPMETHOD_TRACE_EVT_CFG_VALUE_ANSI_STRING_ARRAY, (ULONG)desc.size(), desc.data());
}
///
/// Logs Unicode string list config value
///
template<class _Traits, class _Ax, class _Ax_list>
inline void log_config(_In_z_ LPCWSTR name, _In_z_ const std::list<std::basic_string<wchar_t, _Traits, _Ax>, _Ax_list> &value) const
{
// Prepare a table of event data descriptors.
std::vector<EVENT_DATA_DESCRIPTOR> desc;
size_t count = value.size();
desc.reserve(count + 2);
desc.push_back(winstd::event_data( name ));
desc.push_back(winstd::event_data((unsigned int)count));
for (std::list<std::basic_string<wchar_t, _Traits, _Ax>, _Ax_list>::const_iterator v = value.cbegin(), v_end = value.cend(); v != v_end; ++v)
desc.push_back(winstd::event_data(*v));
m_ep.write(&EAPMETHOD_TRACE_EVT_CFG_VALUE_UNICODE_STRING_ARRAY, (ULONG)desc.size(), desc.data());
}
///
/// Logs boolean config value
///
inline void log_config(_In_z_ LPCWSTR name, _In_ bool value) const
{
m_ep.write(&EAPMETHOD_TRACE_EVT_CFG_VALUE_BOOL, winstd::event_data(name), winstd::event_data((int)value), winstd::event_data::blank);
}
///
/// Logs event
///
inline void log_event(_In_ PCEVENT_DESCRIPTOR EventDescriptor, ...) const
{
va_list arg;
va_start(arg, EventDescriptor);
m_ep.write(EventDescriptor, arg);
va_end(arg);
}
/// @}
/// \name Encryption

24
lib/EAPBase/src/Credentials.cpp
View File

@ -103,11 +103,15 @@ bool eap::credentials::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppE
assert(pConfigRoot);
DWORD dwResult;
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading <UserName> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
return false;
}
m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
return true;
}
@ -199,6 +203,8 @@ bool eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR
if (!credentials::load(pConfigRoot, ppEapError))
return false;
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
bstr pass;
if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading <Password> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
@ -207,6 +213,14 @@ bool eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR
m_password = pass;
SecureZeroMemory((BSTR)pass, sizeof(OLECHAR)*pass.length());
m_module.log_config((xpath + L"/Password").c_str(),
#ifdef _DEBUG
m_password.c_str()
#else
L"********"
#endif
);
return true;
}
@ -286,6 +300,16 @@ bool eap::credentials_pass::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR
else
m_identity.clear();
wstring xpath(pszTargetName);
m_module.log_config((xpath + L"/Username").c_str(), m_identity.c_str());
m_module.log_config((xpath + L"/Password").c_str(),
#ifdef _DEBUG
m_password.c_str()
#else
L"********"
#endif
);
return true;
}

BIN
lib/Events/res/EventsETW.man
View File

Binary file not shown.

12
lib/TLS/src/Config.cpp
View File

@ -179,12 +179,16 @@ bool eap::config_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEa
if (!config_method<credentials_tls>::load(pConfigRoot, ppEapError))
return false;
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
m_trusted_root_ca.clear();
m_server_names.clear();
// <ServerSideCredential>
com_obj<IXMLDOMElement> pXmlElServerSideCredential;
if (eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), &pXmlElServerSideCredential) == ERROR_SUCCESS) {
std::wstring xpathServerSideCredential(xpath + L"/ServerSideCredential");
// <CA>
com_obj<IXMLDOMNodeList> pXmlListCAs;
long lCACount = 0;
@ -212,6 +216,12 @@ bool eap::config_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEa
add_trusted_ca(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size());
}
// Log loaded CA certificates.
list<tstring> cert_names;
for (std::list<winstd::cert_context>::const_iterator cert = m_trusted_root_ca.cbegin(), cert_end = m_trusted_root_ca.cend(); cert != cert_end; ++cert)
cert_names.push_back(std::move(eap::get_cert_title(*cert)));
m_module.log_config((xpathServerSideCredential + L"/CA").c_str(), cert_names);
}
// <ServerName>
@ -231,6 +241,8 @@ bool eap::config_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEa
m_server_names.push_back(str);
}
m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names);
}
}

5
lib/TLS/src/Credentials.cpp
View File

@ -137,6 +137,8 @@ bool eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR *
//if (!credentials::load(pConfigRoot, ppEapError))
// return false;
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
m_identity.clear();
m_cert.free();
@ -161,6 +163,7 @@ bool eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR *
}
}
}
m_module.log_config((xpath + L"/ClientCertificate").c_str(), m_cert ? eap::get_cert_title(m_cert).c_str() : L"<blank>");
return true;
}
@ -238,6 +241,8 @@ bool eap::credentials_tls::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR
// Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username).
CertGetNameString(m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, m_identity);
m_module.log_config((wstring(pszTargetName) + L"/Certificate").c_str(), m_identity.c_str());
return true;
}

3
lib/TTLS/src/Config.cpp
View File

@ -130,6 +130,8 @@ bool eap::config_ttls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppE
if (!config_tls::load(pConfigRoot, ppEapError))
return false;
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
// Load inner authentication configuration (<InnerAuthenticationMethod>).
com_obj<IXMLDOMElement> pXmlElInnerAuthenticationMethod;
if ((dwResult = eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), &pXmlElInnerAuthenticationMethod)) != ERROR_SUCCESS) {
@ -150,6 +152,7 @@ bool eap::config_ttls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppE
CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrMethod, bstrMethod.length(), L"PAP", -1, NULL, NULL, 0) == CSTR_EQUAL)
{
// PAP
m_module.log_config((xpath + L"/NonEAPAuthMethod").c_str(), L"PAP");
assert(!m_inner);
m_inner = new eap::config_pap(m_module);
if (!m_inner->load(pXmlElInnerAuthenticationMethod, ppEapError))

2
lib/WinStd

@ -1 +1 @@
Subproject commit 91ad14cf6a91cadea4d2b2ad6a9f0cff6fd8c6e9
Subproject commit f721de2f263bf7bc14b705a9729d9dd91a60eed2