EAP-TTLS work continues...

lib/TTLS/src/Method.cpp

@@ -71,16 +71,26 @@ eap::method_ttls& eap::method_ttls::operator=(_Inout_ method_ttls &&other)
 }
 
 
+bool eap::method_ttls::begin_session(
+    _In_        DWORD         dwFlags,
+    _In_  const EapAttributes *pAttributeArray,
+    _In_        HANDLE        hTokenImpersonateUser,
+    _In_        DWORD         dwMaxSendPacketSize,
+    _Out_       EAP_ERROR     **ppEapError)
+{
+    if (!m_outer.begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize, ppEapError))
+        return false;
+
+    return true;
+}
+
+
 bool eap::method_ttls::process_request_packet(
     _In_bytecount_(dwReceivedPacketSize) const EapPacket           *pReceivedPacket,
     _In_                                       DWORD               dwReceivedPacketSize,
     _Out_                                      EapPeerMethodOutput *pEapOutput,
     _Out_                                      EAP_ERROR           **ppEapError)
 {
-    // Initialize output.
-    pEapOutput->fAllowNotifications = TRUE;
-    pEapOutput->action              = EapPeerMethodResponseActionDiscard;
-
     // Is this a valid EAP-TTLS packet?
     if (dwReceivedPacketSize < 6) {
         *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Packet is too small. EAP-%s packets should be at least 6B."));
@@ -90,6 +100,15 @@ bool eap::method_ttls::process_request_packet(
         return false;
     }
 
+    if (pReceivedPacket->Code == EapCodeRequest && (pReceivedPacket->Data[1] & ttls_flags_start)) {
+        // This is a start EAP-TTLS packet.
+
+        // Determine minimum EAP-TTLS version supported by server and us.
+        version_t ver_remote = (version_t)(pReceivedPacket->Data[1] & ttls_flags_ver_mask);
+        m_version = std::min<version_t>(ver_remote, version_0);
+        m_module.log_event(&EAPMETHOD_HANDSHAKE_START1, event_data((DWORD)eap_type_ttls), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank);
+    }
+
     return m_outer.process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput, ppEapError);
 }
 
@@ -99,5 +118,13 @@ bool eap::method_ttls::get_response_packet(
     _Inout_                            DWORD     *pdwSendPacketSize,
     _Out_                              EAP_ERROR **ppEapError)
 {
-    return m_outer.get_response_packet(pSendPacket, pdwSendPacketSize, ppEapError);
+    if (!m_outer.get_response_packet(pSendPacket, pdwSendPacketSize, ppEapError))
+        return false;
+
+    // Change packet type to EAP-TTLS, and add EAP-TTLS version.
+    pSendPacket->Data[0]  = (BYTE)eap_type_ttls;
+    pSendPacket->Data[1] &= ~ttls_flags_ver_mask;
+    pSendPacket->Data[1] |= m_version;
+
+    return true;
 }

lib/TTLS/src/Module.cpp

@@ -90,17 +90,17 @@ bool eap::peer_ttls::get_identity(
         return false;
     }
 
-    // Unpack cached credentials.
-    credentials_ttls cred_in(*this);
-    if (dwUserDataSize && !unpack(cred_in, pUserData, dwUserDataSize, ppEapError))
-        return false;
-
     // Get method configuration.
     const config_provider &cfg_prov(cfg.m_providers.front());
     const config_method_ttls *cfg_method = dynamic_cast<const config_method_ttls*>(cfg_prov.m_methods.front().get());
     assert(cfg_method);
     const config_method_pap *cfg_inner_pap = dynamic_cast<const config_method_pap*>(cfg_method->m_inner.get());
 
+    // Unpack cached credentials.
+    credentials_ttls cred_in(*this);
+    if (dwUserDataSize && !unpack(cred_in, pUserData, dwUserDataSize, ppEapError))
+        return false;
+
     credentials_ttls cred_out(*this);
 
     // Determine credential storage target(s). Also used as user-friendly method name for logging.
@@ -323,11 +323,6 @@ bool eap::peer_ttls::begin_session(
     _Out_                                  EAP_SESSION_HANDLE *phSession,
     _Out_                                  EAP_ERROR          **ppEapError)
 {
-    UNREFERENCED_PARAMETER(dwFlags);
-    UNREFERENCED_PARAMETER(pAttributeArray);
-    UNREFERENCED_PARAMETER(hTokenImpersonateUser);
-    UNREFERENCED_PARAMETER(dwMaxSendPacketSize);
-
     *phSession = NULL;
 
     // Allocate new session.
@@ -337,10 +332,25 @@ bool eap::peer_ttls::begin_session(
         return false;
     }
 
-    // Begin the session.
-    if (!unpack(s->m_cfg, pConnectionData, dwConnectionDataSize, ppEapError) ||
-        !unpack(s->m_cred, pUserData, dwUserDataSize, ppEapError)/* ||
-        !s->begin(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize, ppEapError)*/)
+    // Unpack configuration.
+    config_provider_list cfg(*this);
+    if (!unpack(cfg, pConnectionData, dwConnectionDataSize, ppEapError))
+        return false;
+    else if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty()) {
+        *ppEapError = make_error(ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" Configuration has no providers and/or methods."));
+        return false;
+    }
+
+    // Copy method configuration.
+    const config_provider &cfg_prov(cfg.m_providers.front());
+    s->m_cfg = *dynamic_cast<const config_method_ttls*>(cfg_prov.m_methods.front().get());
+
+    // Unpack credentials.
+    if (!unpack(s->m_cred, pUserData, dwUserDataSize, ppEapError))
+        return false;
+
+    // Initialize method.
+    if (!s->m_method.begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize, ppEapError))
         return false;
 
     *phSession = s.release();