From 6166dd3887040ea26d717751703ba0f6216d527e Mon Sep 17 00:00:00 2001
From: Simon Rozman <simon@rozman.si>
Date: Fri, 4 Nov 2016 11:51:39 +0100
Subject: [PATCH] Reported events are more consistent now

---
 lib/Events/res/EventsETW.man | Bin 105862 -> 107960 bytes
 lib/TTLS/src/Method.cpp      |  12 +++++++-----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/Events/res/EventsETW.man b/lib/Events/res/EventsETW.man
index 3f5fc8ba81dcc3c2249bac7a0ab68c067225a1bd..69e4deab5714599e18a32a0e2c5a0c4b6aa1da2c 100644
GIT binary patch
delta 357
zcmX|*F-QV&6vqFr@;p0@j7vnq4k3eR@usGb!l4Ker)aT;3ZfiB%t;TCLnuUg!-MX`
z#%QT%Fbbl{p@s?~8Y+w$9SWL4qW>8+zVCg%@B8#K;p9p<OjogtD!x}_Q1P~SfQ?KX
zwW9AhUG=U|QUEXB*JW%Di?l01ABOh^@ZxR^qmNE(RYVJVS|-g7ew_H6LG4YbX%5H(
z$s%~@)WP}2bDeG^ZV0%&82eJUUp-Xf59*Mhh3EU@7Db#2+7c|nX7T8{AC;*t@=M_P
zqXQ7CeMsO+k+=zpEyWhtI=M}l#O#AoD`+t7qi+eE6dvKp^E$8N^GGrHic%4JY0HEj
ziW{)h*2{K&HFBWPWgeWaB#&ETi%eldOr?YY8~;#{x=mPx5WVDJu<fQDlUHyxMf&J(
V@*HUfL^~raV~wX+0c6Y7`~e6Tgz^9Y

delta 139
zcmdmSnyqa&+lI3Fn{O<T$eR9umr-K-93I9P#_3J`jDM!fumky8LX0npr-!sMYEA#p
z#%MG7!A*tjv)UNFq$b~E=a?SU!{{`fkB3ogy3ImHj_GnTjC|AQEdml;ix_#P=PhK6
jnqIJoQ4TIKY5If3j2x4%Ed(o5n=ZG6(PX;BQpN=UTy8Sc

diff --git a/lib/TTLS/src/Method.cpp b/lib/TTLS/src/Method.cpp
index 350964b..af96ffd 100644
--- a/lib/TTLS/src/Method.cpp
+++ b/lib/TTLS/src/Method.cpp
@@ -464,6 +464,8 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
 
     switch (m_phase) {
     case phase_handshake_init: {
+        m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_ttls), event_data::blank);
+
         // Prepare input buffer(s).
         SecBuffer buf_in[] = {
             { (unsigned long)dwReceivedPacketSize, SECBUFFER_TOKEN, const_cast<void*>(pReceivedPacket) },
@@ -577,7 +579,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
                 SecPkgContext_ConnectionInfo info;
                 if (SUCCEEDED(status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_CONNECTION_INFO, &info)))
                     m_module.log_event(&EAPMETHOD_TLS_HANDSHAKE_FINISHED,
-                        event_data((unsigned int)eap_type_tls),
+                        event_data((unsigned int)eap_type_ttls),
                         event_data(auth.sAuthorityName),
                         event_data(info.dwProtocol),
                         event_data(info.aiCipher),
@@ -851,7 +853,7 @@ void eap::method_ttls::verify_server_trust() const
             memcmp(cert->pbCertEncoded, (*c)->pbCertEncoded, cert->cbCertEncoded) == 0)
         {
             // Server certificate found directly on the trusted root CA list.
-            m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED_EX, event_data::blank);
+            m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED_EX1, event_data((unsigned int)eap_type_ttls), event_data::blank);
             return;
         }
     }
@@ -900,7 +902,7 @@ void eap::method_ttls::verify_server_trust() const
                     if (san_info->rgAltEntry[idx_entry].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME &&
                         _wcsicmp(s->c_str(), san_info->rgAltEntry[idx_entry].pwszDNSName) == 0)
                     {
-                        m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED1, event_data(san_info->rgAltEntry[idx_entry].pwszDNSName), event_data::blank);
+                        m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)eap_type_ttls), event_data(san_info->rgAltEntry[idx_entry].pwszDNSName), event_data::blank);
                         found = true;
                     }
                 }
@@ -915,7 +917,7 @@ void eap::method_ttls::verify_server_trust() const
 
             for (auto s = m_cfg.m_server_names.cbegin(), s_end = m_cfg.m_server_names.cend(); !found && s != s_end; ++s) {
                 if (_wcsicmp(s->c_str(), subj.c_str()) == 0) {
-                    m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED1, event_data(subj), event_data::blank);
+                    m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data::blank);
                     found = true;
                 }
             }
@@ -1005,7 +1007,7 @@ void eap::method_ttls::verify_server_trust() const
         }
     }
 
-    m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED, event_data::blank);
+    m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED1, event_data((unsigned int)eap_type_ttls), event_data::blank);
 }
 
 #endif