Logging and error reporting simplified
This commit is contained in:
@@ -90,7 +90,7 @@ bool eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfi
|
||||
|
||||
// <UserName>
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Error creating <UserName> element."), NULL);
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <UserName> element."));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -104,7 +104,7 @@ bool eap::credentials::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppE
|
||||
DWORD dwResult;
|
||||
|
||||
if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Error reading <UserName> element."), NULL);
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading <UserName> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -183,7 +183,7 @@ bool eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p
|
||||
dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass);
|
||||
SecureZeroMemory((BSTR)pass, sizeof(OLECHAR)*pass.length());
|
||||
if (dwResult != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Error creating <Password> element."), NULL);
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <Password> element."));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -201,7 +201,7 @@ bool eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR
|
||||
|
||||
bstr pass;
|
||||
if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Error reading <Password> element."), NULL);
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading <Password> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
|
||||
return false;
|
||||
}
|
||||
m_password = pass;
|
||||
@@ -219,7 +219,7 @@ bool eap::credentials_pass::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **
|
||||
// Prepare cryptographics provider.
|
||||
crypt_prov cp;
|
||||
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) {
|
||||
*ppEapError = m_module.make_error(GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" CryptAcquireContext failed."), NULL);
|
||||
*ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptAcquireContext failed."));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -235,7 +235,7 @@ bool eap::credentials_pass::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **
|
||||
};
|
||||
data_blob cred_enc;
|
||||
if (!CryptProtectData(&cred_blob, NULL, NULL, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc)) {
|
||||
*ppEapError = m_module.make_error(GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" CryptProtectData failed."), NULL);
|
||||
*ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptProtectData failed."));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -259,7 +259,7 @@ bool eap::credentials_pass::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **
|
||||
(LPTSTR)m_identity.c_str() // UserName
|
||||
};
|
||||
if (!CredWrite(&cred, 0)) {
|
||||
*ppEapError = m_module.make_error(GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" CredWrite failed."), NULL);
|
||||
*ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CredWrite failed."));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -274,7 +274,7 @@ bool eap::credentials_pass::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR
|
||||
// Read credentials.
|
||||
unique_ptr<CREDENTIAL, CredFree_delete<CREDENTIAL> > cred;
|
||||
if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred)) {
|
||||
*ppEapError = m_module.make_error(GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" CredRead failed."), NULL);
|
||||
*ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CredRead failed."));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -285,14 +285,14 @@ bool eap::credentials_pass::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR
|
||||
};
|
||||
data_blob cred_int;
|
||||
if (!CryptUnprotectData(&cred_enc, NULL, NULL, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int)) {
|
||||
*ppEapError = m_module.make_error(GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" CryptUnprotectData failed."), NULL);
|
||||
*ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptUnprotectData failed."));
|
||||
return false;
|
||||
}
|
||||
|
||||
// Prepare cryptographics provider.
|
||||
crypt_prov cp;
|
||||
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) {
|
||||
*ppEapError = m_module.make_error(GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" CryptAcquireContext failed."), NULL);
|
||||
*ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptAcquireContext failed."));
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@@ -45,13 +45,13 @@ eap::module::~module()
|
||||
}
|
||||
|
||||
|
||||
EAP_ERROR* eap::module::make_error(_In_ DWORD dwErrorCode, _In_ DWORD dwReasonCode, _In_ LPCGUID pRootCauseGuid, _In_ LPCGUID pRepairGuid, _In_ LPCGUID pHelpLinkGuid, _In_z_ LPCWSTR pszRootCauseString, _In_z_ LPCWSTR pszRepairString) const
|
||||
EAP_ERROR* eap::module::make_error(_In_ DWORD dwErrorCode, _In_opt_z_ LPCWSTR pszRootCauseString, _In_opt_z_ LPCWSTR pszRepairString, _In_opt_ DWORD dwReasonCode, _In_opt_ LPCGUID pRootCauseGuid, _In_opt_ LPCGUID pRepairGuid, _In_opt_ LPCGUID pHelpLinkGuid) const
|
||||
{
|
||||
// Calculate memory size requirement.
|
||||
SIZE_T
|
||||
nRootCauseSize = pszRootCauseString != NULL && pszRootCauseString[0] ? (wcslen(pszRootCauseString) + 1)*sizeof(WCHAR) : 0,
|
||||
nRepairStringSize = pszRepairString != NULL && pszRepairString [0] ? (wcslen(pszRepairString ) + 1)*sizeof(WCHAR) : 0,
|
||||
nEapErrorSize = sizeof(EAP_ERROR) + nRootCauseSize + nRepairStringSize;
|
||||
nEapErrorSize = sizeof(EAP_ERROR) + nRootCauseSize + nRepairStringSize;
|
||||
|
||||
EAP_ERROR *pError = (EAP_ERROR*)HeapAlloc(m_heap, 0, nEapErrorSize);
|
||||
if (!pError)
|
||||
@@ -81,19 +81,6 @@ EAP_ERROR* eap::module::make_error(_In_ DWORD dwErrorCode, _In_ DWORD dwReasonCo
|
||||
} else
|
||||
pError->pRepairString = NULL;
|
||||
|
||||
// Write trace event.
|
||||
vector<EVENT_DATA_DESCRIPTOR> evt_desc;
|
||||
evt_desc.reserve(8);
|
||||
evt_desc.push_back(event_data(pError->dwWinError));
|
||||
evt_desc.push_back(event_data(pError->type.eapType.type));
|
||||
evt_desc.push_back(event_data(pError->dwReasonCode));
|
||||
evt_desc.push_back(event_data(&(pError->rootCauseGuid), sizeof(GUID)));
|
||||
evt_desc.push_back(event_data(&(pError->repairGuid), sizeof(GUID)));
|
||||
evt_desc.push_back(event_data(&(pError->helpLinkGuid), sizeof(GUID)));
|
||||
evt_desc.push_back(event_data(pError->pRootCauseString));
|
||||
evt_desc.push_back(event_data(pError->pRepairString));
|
||||
m_ep.write(&EAPMETHOD_TRACE_EAP_ERROR, (ULONG)evt_desc.size(), evt_desc.data());
|
||||
|
||||
return pError;
|
||||
}
|
||||
|
||||
@@ -106,8 +93,6 @@ BYTE* eap::module::alloc_memory(_In_ size_t size)
|
||||
|
||||
void eap::module::free_memory(_In_ BYTE *ptr)
|
||||
{
|
||||
ETW_FN_VOID;
|
||||
|
||||
// Since we do security here and some of the BLOBs contain credentials, sanitize every memory block before freeing.
|
||||
SecureZeroMemory(ptr, HeapSize(m_heap, 0, ptr));
|
||||
HeapFree(m_heap, 0, ptr);
|
||||
@@ -116,13 +101,30 @@ void eap::module::free_memory(_In_ BYTE *ptr)
|
||||
|
||||
void eap::module::free_error_memory(_In_ EAP_ERROR *err)
|
||||
{
|
||||
ETW_FN_VOID;
|
||||
|
||||
// pRootCauseString and pRepairString always trail the ppEapError to reduce number of (de)allocations.
|
||||
HeapFree(m_heap, 0, err);
|
||||
}
|
||||
|
||||
|
||||
void eap::module::log_error(_In_ const EAP_ERROR *err) const
|
||||
{
|
||||
assert(err);
|
||||
|
||||
// Write trace event.
|
||||
vector<EVENT_DATA_DESCRIPTOR> evt_desc;
|
||||
evt_desc.reserve(8);
|
||||
evt_desc.push_back(event_data(err->dwWinError));
|
||||
evt_desc.push_back(event_data(err->type.eapType.type));
|
||||
evt_desc.push_back(event_data(err->dwReasonCode));
|
||||
evt_desc.push_back(event_data(&(err->rootCauseGuid), sizeof(GUID)));
|
||||
evt_desc.push_back(event_data(&(err->repairGuid), sizeof(GUID)));
|
||||
evt_desc.push_back(event_data(&(err->helpLinkGuid), sizeof(GUID)));
|
||||
evt_desc.push_back(event_data(err->pRootCauseString));
|
||||
evt_desc.push_back(event_data(err->pRepairString));
|
||||
m_ep.write(&EAPMETHOD_TRACE_EAP_ERROR, (ULONG)evt_desc.size(), evt_desc.data());
|
||||
}
|
||||
|
||||
|
||||
bool eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<unsigned char> &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash) const
|
||||
{
|
||||
assert(ppEapError);
|
||||
@@ -136,12 +138,12 @@ bool eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void
|
||||
unique_ptr<CERT_PUBLIC_KEY_INFO, LocalFree_delete<CERT_PUBLIC_KEY_INFO> > keyinfo_data;
|
||||
DWORD keyinfo_size = 0;
|
||||
if (!CryptDecodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, (const BYTE*)::LockResource(res_handle), ::SizeofResource(m_instance, res), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size)) {
|
||||
*ppEapError = make_error(GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" CryptDecodeObjectEx failed."), NULL);
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptDecodeObjectEx failed."));
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!key.import_public(hProv, X509_ASN_ENCODING, keyinfo_data.get())) {
|
||||
*ppEapError = make_error(GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Public key import failed."), NULL);
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Public key import failed."));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -154,7 +156,7 @@ bool eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void
|
||||
|
||||
// Encrypt the data using our public key.
|
||||
if (!CryptEncrypt(key, hHash, TRUE, 0, buf)) {
|
||||
*ppEapError = make_error(GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Encrypting data failed."), NULL);
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptEncrypt failed."));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -169,7 +171,7 @@ bool eap::module::encrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const
|
||||
// Create hash.
|
||||
crypt_hash hash;
|
||||
if (!hash.create(hProv, CALG_MD5)) {
|
||||
*ppEapError = make_error(GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Creating MD5 hash failed."), NULL);
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Creating MD5 hash failed."));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -180,7 +182,7 @@ bool eap::module::encrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const
|
||||
// Calculate MD5 hash.
|
||||
vector<unsigned char> hash_bin;
|
||||
if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0)) {
|
||||
*ppEapError = make_error(GetLastError(), 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Calculating MD5 hash failed."), NULL);
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Calculating MD5 hash failed."));
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@@ -106,7 +106,7 @@ bool eap::session::process_request_packet(
|
||||
UNREFERENCED_PARAMETER(pEapOutput);
|
||||
assert(ppEapError);
|
||||
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Not supported."), NULL);
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -120,7 +120,7 @@ bool eap::session::get_response_packet(
|
||||
UNREFERENCED_PARAMETER(pSendPacket);
|
||||
assert(ppEapError);
|
||||
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Not supported."), NULL);
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -131,7 +131,7 @@ bool eap::session::get_result(_In_ EapPeerMethodResultReason reason, _Out_ EapPe
|
||||
UNREFERENCED_PARAMETER(ppResult);
|
||||
assert(ppEapError);
|
||||
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Not supported."), NULL);
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -145,7 +145,7 @@ bool eap::session::get_ui_context(
|
||||
UNREFERENCED_PARAMETER(ppUIContextData);
|
||||
assert(ppEapError);
|
||||
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Not supported."), NULL);
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -161,7 +161,7 @@ bool eap::session::set_ui_context(
|
||||
UNREFERENCED_PARAMETER(pEapOutput);
|
||||
assert(ppEapError);
|
||||
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Not supported."), NULL);
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -171,7 +171,7 @@ bool eap::session::get_response_attributes(_Out_ EapAttributes *pAttribs, _Out_
|
||||
UNREFERENCED_PARAMETER(pAttribs);
|
||||
assert(ppEapError);
|
||||
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Not supported."), NULL);
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -182,6 +182,6 @@ bool eap::session::set_response_attributes(const _In_ EapAttributes *pAttribs, _
|
||||
UNREFERENCED_PARAMETER(pEapOutput);
|
||||
assert(ppEapError);
|
||||
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Not supported."), NULL);
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
|
||||
return false;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user