Maximum inner method packet length now precisely calculated in begin_session() methods too

2016-11-03 07:55:33 +01:00 · 2016-11-03 07:55:33 +01:00 · a450d02485
commit a450d02485
parent 70ce94b84e
4 changed files with 68 additions and 1 deletions
--- a/lib/EAPBase/include/Method.h
+++ b/lib/EAPBase/include/Method.h
@ -342,6 +342,17 @@ namespace eap
        ///
        method_eap& operator=(_Inout_ method_eap &&other);

+        /// \name Session management
+        /// @{
+
+        virtual void begin_session(
+            _In_        DWORD         dwFlags,
+            _In_  const EapAttributes *pAttributeArray,
+            _In_        HANDLE        hTokenImpersonateUser,
+            _In_opt_    DWORD         dwMaxSendPacketSize = MAXDWORD);
+
+        /// @}
+
        /// \name Packet processing
        /// @{

--- a/lib/EAPBase/src/Method.cpp
+++ b/lib/EAPBase/src/Method.cpp
@ -266,6 +266,24 @@ eap::method_eap& eap::method_eap::operator=(_Inout_ method_eap &&other)
 }


+void eap::method_eap::begin_session(
+    _In_        DWORD         dwFlags,
+    _In_  const EapAttributes *pAttributeArray,
+    _In_        HANDLE        hTokenImpersonateUser,
+    _In_opt_    DWORD         dwMaxSendPacketSize)
+{
+    // Initialize tunnel method session only.
+    method::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
+
+    // Inner method can generate packets of up to 64kB (less the EAP packet header).
+    // Initialize inner method with appropriately less packet size maximum.
+    if (dwMaxSendPacketSize < sizeof(EapPacket))
+        throw invalid_argument(string_printf(__FUNCTION__ " Maximum packet size too small (minimum: %u, available: %u).", sizeof(EapPacket) + 1, dwMaxSendPacketSize));
+    assert(m_inner);
+    m_inner->begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, std::min<DWORD>(dwMaxSendPacketSize, MAXWORD) - sizeof(EapPacket));
+}
+
+
 EapPeerMethodResponseAction eap::method_eap::process_request_packet(
    _In_bytecount_(dwReceivedPacketSize) const void  *pReceivedPacket,
    _In_                                       DWORD dwReceivedPacketSize)
--- a/lib/TTLS/include/Method.h
+++ b/lib/TTLS/include/Method.h
@ -103,6 +103,17 @@ namespace eap
        ///
        method_defrag& operator=(_Inout_ method_defrag &&other);

+        /// \name Session management
+        /// @{
+
+        virtual void begin_session(
+            _In_        DWORD         dwFlags,
+            _In_  const EapAttributes *pAttributeArray,
+            _In_        HANDLE        hTokenImpersonateUser,
+            _In_opt_    DWORD         dwMaxSendPacketSize = MAXDWORD);
+
+        /// @}
+
        /// \name Packet processing
        /// @{

--- a/lib/TTLS/src/Method.cpp
+++ b/lib/TTLS/src/Method.cpp
@ -59,6 +59,21 @@ eap::method_defrag& eap::method_defrag::operator=(_Inout_ method_defrag &&other)
 }


+void eap::method_defrag::begin_session(
+    _In_        DWORD         dwFlags,
+    _In_  const EapAttributes *pAttributeArray,
+    _In_        HANDLE        hTokenImpersonateUser,
+    _In_opt_    DWORD         dwMaxSendPacketSize)
+{
+    // Initialize tunnel method session only.
+    method::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
+
+    // Inner method can generate packets of up to 4GB.
+    assert(m_inner);
+    m_inner->begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, MAXDWORD);
+}
+
+
 EapPeerMethodResponseAction eap::method_defrag::process_request_packet(
    _In_bytecount_(dwReceivedPacketSize) const void  *pReceivedPacket,
    _In_                                       DWORD dwReceivedPacketSize)
@ -194,7 +209,16 @@ void eap::method_eapmsg::begin_session(
    _In_        HANDLE        hTokenImpersonateUser,
    _In_opt_    DWORD         dwMaxSendPacketSize)
 {
-    method_tunnel::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
+    // Initialize tunnel method session only.
+    method::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
+
+    // Inner method can generate packets of up to 16MB (less the Diameter AVP header).
+    // Initialize inner method with appropriately less packet size maximum.
+    if (dwMaxSendPacketSize < sizeof(diameter_avp_header))
+        throw invalid_argument(string_printf(__FUNCTION__ " Maximum packet size too small (minimum: %u, available: %u).", sizeof(diameter_avp_header) + 1, dwMaxSendPacketSize));
+    assert(m_inner);
+    m_inner->begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, std::min<DWORD>(dwMaxSendPacketSize, 0xffffff) - sizeof(diameter_avp_header));
+
    m_phase = phase_identity;
 }

@ -367,6 +391,9 @@ void eap::method_ttls::begin_session(
    _In_        HANDLE        hTokenImpersonateUser,
    _In_opt_    DWORD         dwMaxSendPacketSize)
 {
+    // In TLS, maximum packet length can precisely be calculated only after handshake is complete.
+    // Therefore, we allow inner method same maximum packet size as this method.
+    // Initialize tunnel and inner method session with same parameters.
    method_tunnel::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);

    // Presume authentication will fail with generic protocol failure. (Pesimist!!!)