EAP_ERROR replaced with C++ exceptions for increased code readability
This commit is contained in:
@@ -90,6 +90,7 @@
|
||||
<ItemGroup>
|
||||
<ClCompile Include="..\src\Config.cpp" />
|
||||
<ClCompile Include="..\src\Credentials.cpp" />
|
||||
<ClCompile Include="..\src\EAP.cpp" />
|
||||
<ClCompile Include="..\src\Module.cpp" />
|
||||
<ClCompile Include="..\src\Method.cpp" />
|
||||
<ClCompile Include="..\src\StdAfx.cpp">
|
||||
|
||||
@@ -49,5 +49,8 @@
|
||||
<ClCompile Include="..\src\Module.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="..\src\EAP.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
@@ -149,29 +149,19 @@ namespace eap
|
||||
/// @{
|
||||
|
||||
///
|
||||
/// Save configuration to XML document
|
||||
/// Save to XML document
|
||||
///
|
||||
/// \param[in] pDoc XML document
|
||||
/// \param[in] pConfigRoot Suggested root element for saving configuration
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[in] pConfigRoot Suggested root element for saving
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const;
|
||||
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
|
||||
|
||||
///
|
||||
/// Load configuration from XML document
|
||||
/// Load from XML document
|
||||
///
|
||||
/// \param[in] pConfigRoot Root element for loading configuration
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[in] pConfigRoot Root element for loading
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError);
|
||||
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
|
||||
|
||||
/// @}
|
||||
|
||||
@@ -306,29 +296,19 @@ namespace eap
|
||||
/// @{
|
||||
|
||||
///
|
||||
/// Save configuration to XML document
|
||||
/// Save to XML document
|
||||
///
|
||||
/// \param[in] pDoc XML document
|
||||
/// \param[in] pConfigRoot Suggested root element for saving configuration
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[in] pConfigRoot Suggested root element for saving
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const;
|
||||
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
|
||||
|
||||
///
|
||||
/// Load configuration from XML document
|
||||
/// Load from XML document
|
||||
///
|
||||
/// \param[in] pConfigRoot Root element for loading configuration
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[in] pConfigRoot Root element for loading
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError);
|
||||
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
|
||||
|
||||
/// @}
|
||||
|
||||
@@ -418,29 +398,19 @@ namespace eap
|
||||
/// @{
|
||||
|
||||
///
|
||||
/// Save configuration to XML document
|
||||
/// Save to XML document
|
||||
///
|
||||
/// \param[in] pDoc XML document
|
||||
/// \param[in] pConfigRoot Suggested root element for saving configuration
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[in] pConfigRoot Suggested root element for saving
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const;
|
||||
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
|
||||
|
||||
///
|
||||
/// Load configuration from XML document
|
||||
/// Load from XML document
|
||||
///
|
||||
/// \param[in] pConfigRoot Root element for loading configuration
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[in] pConfigRoot Root element for loading
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError);
|
||||
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
|
||||
|
||||
/// @}
|
||||
|
||||
@@ -537,29 +507,19 @@ namespace eap
|
||||
/// @{
|
||||
|
||||
///
|
||||
/// Save configuration to XML document
|
||||
/// Save to XML document
|
||||
///
|
||||
/// \param[in] pDoc XML document
|
||||
/// \param[in] pConfigRoot Suggested root element for saving configuration
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[in] pConfigRoot Suggested root element for saving
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const;
|
||||
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
|
||||
|
||||
///
|
||||
/// Load configuration from XML document
|
||||
/// Load from XML document
|
||||
///
|
||||
/// \param[in] pConfigRoot Root element for loading configuration
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[in] pConfigRoot Root element for loading
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError);
|
||||
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
|
||||
|
||||
/// @}
|
||||
|
||||
|
||||
@@ -108,36 +108,6 @@ namespace eap
|
||||
///
|
||||
virtual bool empty() const;
|
||||
|
||||
/// \name XML configuration management
|
||||
/// @{
|
||||
|
||||
///
|
||||
/// Save credentials to XML document
|
||||
///
|
||||
/// \param[in] pDoc XML document
|
||||
/// \param[in] pConfigRoot Suggested root element for saving credentials
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const;
|
||||
|
||||
///
|
||||
/// Load credentials from XML document
|
||||
///
|
||||
/// \param[in] pConfigRoot Root element for loading credentials
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError);
|
||||
|
||||
/// @}
|
||||
|
||||
/// \name Storage
|
||||
/// @{
|
||||
|
||||
@@ -145,25 +115,15 @@ namespace eap
|
||||
/// Save credentials to Windows Credential Manager
|
||||
///
|
||||
/// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const = 0;
|
||||
virtual void store(_In_ LPCTSTR pszTargetName) const = 0;
|
||||
|
||||
///
|
||||
/// Retrieve credentials from Windows Credential Manager
|
||||
///
|
||||
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) = 0;
|
||||
virtual void retrieve(_In_ LPCTSTR pszTargetName) = 0;
|
||||
|
||||
///
|
||||
/// Returns target name for Windows Credential Manager credential name
|
||||
@@ -261,29 +221,19 @@ namespace eap
|
||||
/// @{
|
||||
|
||||
///
|
||||
/// Save credentials to XML document
|
||||
/// Save to XML document
|
||||
///
|
||||
/// \param[in] pDoc XML document
|
||||
/// \param[in] pConfigRoot Suggested root element for saving credentials
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[in] pConfigRoot Suggested root element for saving
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const;
|
||||
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
|
||||
|
||||
///
|
||||
/// Load credentials from XML document
|
||||
/// Load from XML document
|
||||
///
|
||||
/// \param[in] pConfigRoot Root element for loading credentials
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[in] pConfigRoot Root element for loading
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError);
|
||||
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
|
||||
|
||||
/// @}
|
||||
|
||||
@@ -320,25 +270,15 @@ namespace eap
|
||||
/// Save credentials to Windows Credential Manager
|
||||
///
|
||||
/// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const;
|
||||
virtual void store(_In_ LPCTSTR pszTargetName) const;
|
||||
|
||||
///
|
||||
/// Retrieve credentials from Windows Credential Manager
|
||||
///
|
||||
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError);
|
||||
virtual void retrieve(_In_ LPCTSTR pszTargetName);
|
||||
|
||||
/// @}
|
||||
|
||||
|
||||
@@ -37,6 +37,7 @@
|
||||
|
||||
#include <list>
|
||||
#include <memory>
|
||||
#include <stdexcept>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
||||
@@ -56,6 +57,11 @@ namespace eap
|
||||
/// Sanitizing dynamically allocated BLOB
|
||||
///
|
||||
typedef std::vector<unsigned char, winstd::sanitizing_allocator<unsigned char> > sanitizing_blob;
|
||||
|
||||
///
|
||||
/// Windows runtime error
|
||||
///
|
||||
class win_runtime_error;
|
||||
}
|
||||
|
||||
///
|
||||
@@ -361,6 +367,7 @@ namespace eap
|
||||
ptr_type ptr_end; ///< Pointer to the end of available memory
|
||||
};
|
||||
|
||||
|
||||
struct cursor_in
|
||||
{
|
||||
typedef const unsigned char *ptr_type;
|
||||
@@ -368,6 +375,59 @@ namespace eap
|
||||
ptr_type ptr; ///< Pointer to first data unread
|
||||
ptr_type ptr_end; ///< Pointer to the end of BLOB
|
||||
};
|
||||
|
||||
|
||||
class win_runtime_error : public std::runtime_error
|
||||
{
|
||||
public:
|
||||
///
|
||||
/// Constructs an exception
|
||||
///
|
||||
/// \param[in] error Windows error code
|
||||
/// \param[in] msg Error message
|
||||
///
|
||||
win_runtime_error(_In_ DWORD error, _In_ const winstd::tstring& msg);
|
||||
|
||||
///
|
||||
/// Constructs an exception
|
||||
///
|
||||
/// \param[in] error Windows error code
|
||||
/// \param[in] msg Error message
|
||||
///
|
||||
win_runtime_error(_In_ DWORD error, _In_z_ const TCHAR *msg);
|
||||
|
||||
///
|
||||
/// Constructs an exception using `GetLastError()`
|
||||
///
|
||||
/// \param[in] msg Error message
|
||||
///
|
||||
win_runtime_error(_In_ const winstd::tstring& msg);
|
||||
|
||||
///
|
||||
/// Constructs an exception using `GetLastError()`
|
||||
///
|
||||
/// \param[in] msg Error message
|
||||
///
|
||||
win_runtime_error(_In_z_ const TCHAR *msg);
|
||||
|
||||
///
|
||||
/// Copies an exception
|
||||
///
|
||||
/// \param[in] other Exception to copy from
|
||||
///
|
||||
win_runtime_error(const win_runtime_error &other);
|
||||
|
||||
///
|
||||
/// Copies an exception
|
||||
///
|
||||
/// \param[in] other Exception to copy from
|
||||
///
|
||||
win_runtime_error& operator=(const win_runtime_error &other);
|
||||
|
||||
public:
|
||||
DWORD m_error; ///< Windows error code
|
||||
winstd::tstring m_msg; ///< Error description
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -95,70 +95,46 @@ namespace eap
|
||||
///
|
||||
/// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool begin_session(
|
||||
virtual void begin_session(
|
||||
_In_ DWORD dwFlags,
|
||||
_In_ const EapAttributes *pAttributeArray,
|
||||
_In_ HANDLE hTokenImpersonateUser,
|
||||
_In_ DWORD dwMaxSendPacketSize,
|
||||
_Out_ EAP_ERROR **ppEapError);
|
||||
_In_ DWORD dwMaxSendPacketSize);
|
||||
|
||||
///
|
||||
/// Ends an EAP authentication session for the EAP method.
|
||||
///
|
||||
/// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool end_session(_Out_ EAP_ERROR **ppEapError);
|
||||
virtual void end_session();
|
||||
|
||||
///
|
||||
/// Processes a packet received by EAPHost from a supplicant.
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
/// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
|
||||
///
|
||||
virtual bool process_request_packet(
|
||||
virtual void process_request_packet(
|
||||
_In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket,
|
||||
_In_ DWORD dwReceivedPacketSize,
|
||||
_Out_ EapPeerMethodOutput *pEapOutput,
|
||||
_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
_Inout_ EapPeerMethodOutput *pEapOutput) = 0;
|
||||
|
||||
///
|
||||
/// Obtains a response packet from the EAP method.
|
||||
///
|
||||
/// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool get_response_packet(
|
||||
virtual void get_response_packet(
|
||||
_Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket,
|
||||
_Inout_ DWORD *pdwSendPacketSize,
|
||||
_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
_Inout_ DWORD *pdwSendPacketSize) = 0;
|
||||
|
||||
///
|
||||
/// Obtains the result of an authentication session from the EAP method.
|
||||
///
|
||||
/// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool get_result(
|
||||
_In_ EapPeerMethodResultReason reason,
|
||||
_Out_ EapPeerMethodResult *ppResult,
|
||||
_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
virtual void get_result(
|
||||
_In_ EapPeerMethodResultReason reason,
|
||||
_Inout_ EapPeerMethodResult *ppResult) = 0;
|
||||
|
||||
/// @}
|
||||
|
||||
|
||||
@@ -53,6 +53,8 @@ extern "C" {
|
||||
|
||||
#include <EventsETW.h> // Must include after <Windows.h>
|
||||
|
||||
#include <exception>
|
||||
|
||||
|
||||
namespace eap
|
||||
{
|
||||
@@ -79,6 +81,11 @@ namespace eap
|
||||
///
|
||||
EAP_ERROR* make_error(_In_ DWORD dwErrorCode, _In_opt_z_ LPCWSTR pszRootCauseString = NULL, _In_opt_z_ LPCWSTR pszRepairString = NULL, _In_opt_ DWORD dwReasonCode = 0, _In_opt_ LPCGUID pRootCauseGuid = NULL, _In_opt_ LPCGUID pRepairGuid = NULL, _In_opt_ LPCGUID pHelpLinkGuid = NULL) const;
|
||||
|
||||
///
|
||||
/// Allocate a EAP_ERROR and fill it according to exception
|
||||
///
|
||||
EAP_ERROR* make_error(_In_ std::exception &err) const;
|
||||
|
||||
///
|
||||
/// Allocate BLOB
|
||||
///
|
||||
@@ -204,137 +211,108 @@ namespace eap
|
||||
///
|
||||
/// Encrypts data
|
||||
///
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] data Pointer to data to encrypt
|
||||
/// \param[in ] size Size of \p data in bytes
|
||||
/// \param[out] enc Encrypted data
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[out] hHash Handle of hashing object
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] data Pointer to data to encrypt
|
||||
/// \param[in ] size Size of \p data in bytes
|
||||
/// \param[out] enc Encrypted data
|
||||
/// \param[out] hHash Handle of hashing object
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
/// \returns Encrypted data
|
||||
///
|
||||
bool encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<unsigned char> &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const;
|
||||
std::vector<unsigned char> encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_opt_ HCRYPTHASH hHash = NULL) const;
|
||||
|
||||
|
||||
///
|
||||
/// Encrypts a string
|
||||
///
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] val String to encrypt
|
||||
/// \param[out] enc Encrypted data
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[out] hHash Handle of hashing object
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] val String to encrypt
|
||||
/// \param[out] hHash Handle of hashing object
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
/// \returns Encrypted data
|
||||
///
|
||||
template<class _Elem, class _Traits, class _Ax>
|
||||
bool encrypt(_In_ HCRYPTPROV hProv, _In_ const std::basic_string<_Elem, _Traits, _Ax> &val, _Out_ std::vector<unsigned char> &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const
|
||||
std::vector<unsigned char> encrypt(_In_ HCRYPTPROV hProv, _In_ const std::basic_string<_Elem, _Traits, _Ax> &val, _Out_opt_ HCRYPTHASH hHash = NULL) const
|
||||
{
|
||||
return encrypt(hProv, val.c_str(), val.length()*sizeof(_Elem), enc, ppEapError, hHash);
|
||||
return encrypt(hProv, val.c_str(), val.length()*sizeof(_Elem), hHash);
|
||||
}
|
||||
|
||||
|
||||
///
|
||||
/// Encrypts a wide string
|
||||
///
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] val String to encrypt
|
||||
/// \param[out] enc Encrypted data
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[out] hHash Handle of hashing object
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] val String to encrypt
|
||||
/// \param[out] hHash Handle of hashing object
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
/// \returns Encrypted data
|
||||
///
|
||||
template<class _Traits, class _Ax>
|
||||
bool encrypt(_In_ HCRYPTPROV hProv, _In_ const std::basic_string<wchar_t, _Traits, _Ax> &val, _Out_ std::vector<unsigned char> &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const
|
||||
std::vector<unsigned char> encrypt(_In_ HCRYPTPROV hProv, _In_ const std::basic_string<wchar_t, _Traits, _Ax> &val, _Out_opt_ HCRYPTHASH hHash = NULL) const
|
||||
{
|
||||
winstd::sanitizing_string val_utf8;
|
||||
WideCharToMultiByte(CP_UTF8, 0, val.c_str(), (int)val.length(), val_utf8, NULL, NULL);
|
||||
return encrypt(hProv, val_utf8, enc, ppEapError, hHash);
|
||||
return encrypt(hProv, val_utf8, hHash);
|
||||
}
|
||||
|
||||
|
||||
///
|
||||
/// Encrypts data and add MD5 hash for integrity check
|
||||
///
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] data Pointer to data to encrypt
|
||||
/// \param[in ] size Size of \p data in bytes
|
||||
/// \param[out] enc Encrypted data with 16B MD5 hash appended
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] data Pointer to data to encrypt
|
||||
/// \param[in ] size Size of \p data in bytes
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
/// \returns Encrypted data with 16B MD5 hash appended
|
||||
///
|
||||
bool encrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<unsigned char> &enc, _Out_ EAP_ERROR **ppEapError) const;
|
||||
std::vector<unsigned char> encrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size) const;
|
||||
|
||||
|
||||
///
|
||||
/// Encrypts a string and add MD5 hash for integrity check
|
||||
///
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] val String to encrypt
|
||||
/// \param[out] enc Encrypted data with 16B MD5 hash appended
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] val String to encrypt
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
/// \returns Encrypted data with 16B MD5 hash appended
|
||||
///
|
||||
template<class _Elem, class _Traits, class _Ax>
|
||||
bool encrypt_md5(_In_ HCRYPTPROV hProv, _In_ const std::basic_string<_Elem, _Traits, _Ax> &val, _Out_ std::vector<unsigned char> &enc, _Out_ EAP_ERROR **ppEapError) const
|
||||
std::vector<unsigned char> encrypt_md5(_In_ HCRYPTPROV hProv, _In_ const std::basic_string<_Elem, _Traits, _Ax> &val) const
|
||||
{
|
||||
return encrypt_md5(hProv, val.c_str(), val.length()*sizeof(_Elem), enc, ppEapError);
|
||||
return encrypt_md5(hProv, val.c_str(), val.length()*sizeof(_Elem));
|
||||
}
|
||||
|
||||
|
||||
///
|
||||
/// Encrypts a wide string and add MD5 hash for integrity check
|
||||
///
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] val String to encrypt
|
||||
/// \param[out] enc Encrypted data with 16B MD5 hash appended
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] val String to encrypt
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
/// \returns Encrypted data with 16B MD5 hash appended
|
||||
///
|
||||
template<class _Traits, class _Ax>
|
||||
bool encrypt_md5(_In_ HCRYPTPROV hProv, _In_ const std::basic_string<wchar_t, _Traits, _Ax> &val, _Out_ std::vector<unsigned char> &enc, _Out_ EAP_ERROR **ppEapError) const
|
||||
std::vector<unsigned char> encrypt_md5(_In_ HCRYPTPROV hProv, _In_ const std::basic_string<wchar_t, _Traits, _Ax> &val) const
|
||||
{
|
||||
winstd::sanitizing_string val_utf8;
|
||||
WideCharToMultiByte(CP_UTF8, 0, val.c_str(), (int)val.length(), val_utf8, NULL, NULL);
|
||||
return encrypt_md5(hProv, val_utf8, enc, ppEapError);
|
||||
return encrypt_md5(hProv, val_utf8);
|
||||
}
|
||||
|
||||
|
||||
///
|
||||
/// Decrypts data
|
||||
///
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] data Pointer to data to decrypt
|
||||
/// \param[in ] size Size of \p data in bytes
|
||||
/// \param[out] dec Decrypted data
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[out] hHash Handle of hashing object
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] data Pointer to data to decrypt
|
||||
/// \param[in ] size Size of \p data in bytes
|
||||
/// \param[out] hHash Handle of hashing object
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
/// \returns Decrypted data
|
||||
///
|
||||
template<class _Ty, class _Ax>
|
||||
bool decrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<_Ty, _Ax> &dec, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const
|
||||
std::vector<_Ty, _Ax> decrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_opt_ HCRYPTHASH hHash = NULL) const
|
||||
{
|
||||
assert(ppEapError);
|
||||
|
||||
// Import the private RSA key.
|
||||
HRSRC res = FindResource(m_instance, MAKEINTRESOURCE(IDR_EAP_KEY_PRIVATE), RT_RCDATA);
|
||||
assert(res);
|
||||
@@ -343,183 +321,133 @@ namespace eap
|
||||
winstd::crypt_key key_rsa;
|
||||
std::unique_ptr<unsigned char[], winstd::LocalFree_delete<unsigned char[]> > keyinfo_data;
|
||||
DWORD keyinfo_size = 0;
|
||||
if (!CryptDecodeObjectEx(X509_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, (const BYTE*)::LockResource(res_handle), ::SizeofResource(m_instance, res), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size)) {
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptDecodeObjectEx failed."));
|
||||
return false;
|
||||
}
|
||||
if (!key_rsa.import(hProv, keyinfo_data.get(), keyinfo_size, NULL, 0)) {
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Private key import failed."));
|
||||
return false;
|
||||
}
|
||||
if (!CryptDecodeObjectEx(X509_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, (const BYTE*)::LockResource(res_handle), ::SizeofResource(m_instance, res), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" CryptDecodeObjectEx failed."));
|
||||
if (!key_rsa.import(hProv, keyinfo_data.get(), keyinfo_size, NULL, 0))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" Private key import failed."));
|
||||
|
||||
// Import the 256-bit AES session key.
|
||||
winstd::crypt_key key_aes;
|
||||
if (!CryptImportKey(hProv, (LPCBYTE)data, 268, key_rsa, 0, &key_aes)) {
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptImportKey failed."));
|
||||
return false;
|
||||
}
|
||||
if (!CryptImportKey(hProv, (LPCBYTE)data, 268, key_rsa, 0, &key_aes))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" CryptImportKey failed."));
|
||||
|
||||
// Decrypt the data using AES session key.
|
||||
std::vector<unsigned char, winstd::sanitizing_allocator<unsigned char> > buf;
|
||||
buf.assign((const unsigned char*)data + 268, (const unsigned char*)data + size);
|
||||
if (!CryptDecrypt(key_aes, hHash, TRUE, 0, buf)) {
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptDecrypt failed."));
|
||||
return false;
|
||||
}
|
||||
dec.assign(buf.begin(), buf.end());
|
||||
if (!CryptDecrypt(key_aes, hHash, TRUE, 0, buf))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" CryptDecrypt failed."));
|
||||
|
||||
return true;
|
||||
return std::vector<_Ty, _Ax>(buf);
|
||||
}
|
||||
|
||||
|
||||
///
|
||||
/// Decrypts a string
|
||||
///
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] data Pointer to data to decrypt
|
||||
/// \param[in ] size Size of \p data in bytes
|
||||
/// \param[out] dec Decrypted string
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[out] hHash Handle of hashing object
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] data Pointer to data to decrypt
|
||||
/// \param[in ] size Size of \p data in bytes
|
||||
/// \param[out] hHash Handle of hashing object
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
/// \returns Decrypted string
|
||||
///
|
||||
template<class _Elem, class _Traits, class _Ax>
|
||||
bool decrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::basic_string<_Elem, _Traits, _Ax> &dec, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const
|
||||
std::basic_string<_Elem, _Traits, _Ax> decrypt_str(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_opt_ HCRYPTHASH hHash = NULL) const
|
||||
{
|
||||
std::vector<_Elem, sanitizing_allocator<_Elem> > buf;
|
||||
if (!decrypt(hProv, data, size, buf, ppEapError, hHash))
|
||||
return false;
|
||||
dec.assign(buf.data(), buf.size());
|
||||
|
||||
return true;
|
||||
std::vector<_Elem, sanitizing_allocator<_Elem> > buf(std::move(decrypt(hProv, data, size, hHash)));
|
||||
return std::basic_string<_Elem, _Traits, _Ax>(buf.data(), buf.size());
|
||||
}
|
||||
|
||||
|
||||
///
|
||||
/// Decrypts a wide string
|
||||
///
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] data Pointer to data to decrypt
|
||||
/// \param[in ] size Size of \p data in bytes
|
||||
/// \param[out] dec Decrypted string
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[out] hHash Handle of hashing object
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] data Pointer to data to decrypt
|
||||
/// \param[in ] size Size of \p data in bytes
|
||||
/// \param[out] hHash Handle of hashing object
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
/// \returns Decrypted string
|
||||
///
|
||||
template<class _Traits, class _Ax>
|
||||
bool decrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &dec, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const
|
||||
std::basic_string<wchar_t, _Traits, _Ax> decrypt_str(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_opt_ HCRYPTHASH hHash = NULL) const
|
||||
{
|
||||
winstd::sanitizing_string buf;
|
||||
if (!decrypt(hProv, data, size, buf, ppEapError, hHash))
|
||||
return false;
|
||||
winstd::sanitizing_string buf(std::move(decrypt_str(hProv, data, size, hHash)));
|
||||
std::basic_string<wchar_t, _Traits, _Ax> dec;
|
||||
MultiByteToWideChar(CP_UTF8, 0, buf.data(), (int)buf.size(), dec);
|
||||
|
||||
return true;
|
||||
return dec;
|
||||
}
|
||||
|
||||
|
||||
///
|
||||
/// Decrypts data with MD5 integrity check
|
||||
///
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] data Pointer to data with 16B MD5 hash appended to decrypt
|
||||
/// \param[in ] size Size of \p data in bytes
|
||||
/// \param[out] dec Decrypted data
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] data Pointer to data with 16B MD5 hash appended to decrypt
|
||||
/// \param[in ] size Size of \p data in bytes
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
/// \returns Decrypted data
|
||||
///
|
||||
template<class _Ty, class _Ax>
|
||||
bool decrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<_Ty, _Ax> &dec, _Out_ EAP_ERROR **ppEapError) const
|
||||
std::vector<_Ty, _Ax> decrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size) const
|
||||
{
|
||||
// Create hash.
|
||||
winstd::crypt_hash hash;
|
||||
if (!hash.create(hProv, CALG_MD5)) {
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Creating MD5 hash failed."));
|
||||
return false;
|
||||
}
|
||||
DWORD dwHashSize, dwHashSizeSize = sizeof(dwHashSize);
|
||||
CryptGetHashParam(hash, HP_HASHSIZE, (LPBYTE)&dwHashSize, &dwHashSizeSize, 0);
|
||||
if (size < dwHashSize) {
|
||||
*ppEapError = make_error(ERROR_INVALID_DATA, _T(__FUNCTION__) _T(" Encrypted data too short."));
|
||||
return false;
|
||||
}
|
||||
if (!hash.create(hProv, CALG_MD5))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" Creating MD5 hash failed."));
|
||||
DWORD dwHashSize;
|
||||
CryptGetHashParam(hash, HP_HASHSIZE, dwHashSize, 0);
|
||||
if (size < dwHashSize)
|
||||
throw invalid_argument(__FUNCTION__ " Encrypted data too short.");
|
||||
size_t enc_size = size - dwHashSize;
|
||||
|
||||
// Decrypt data.
|
||||
if (!decrypt(hProv, data, enc_size, dec, ppEapError, hash))
|
||||
return false;
|
||||
std::vector<_Ty, _Ax> dec(std::move(decrypt<_Ty, _Ax>(hProv, data, enc_size, hash)));
|
||||
|
||||
// Calculate MD5 hash and verify it.
|
||||
std::vector<unsigned char> hash_bin;
|
||||
if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0)) {
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Calculating MD5 hash failed."));
|
||||
return false;
|
||||
}
|
||||
if (memcmp((unsigned char*)data + enc_size, hash_bin.data(), dwHashSize) != 0) {
|
||||
*ppEapError = make_error(ERROR_INVALID_DATA, _T(__FUNCTION__) _T(" Invalid encrypted data."));
|
||||
return false;
|
||||
}
|
||||
if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" Calculating MD5 hash failed."));
|
||||
if (memcmp((unsigned char*)data + enc_size, hash_bin.data(), dwHashSize) != 0)
|
||||
throw invalid_argument(__FUNCTION__ " Invalid encrypted data.");
|
||||
|
||||
return true;
|
||||
return dec;
|
||||
}
|
||||
|
||||
|
||||
///
|
||||
/// Decrypts a string with MD5 integrity check
|
||||
///
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] data Pointer to data with 16B MD5 hash appended to decrypt
|
||||
/// \param[in ] size Size of \p data in bytes
|
||||
/// \param[out] dec Decrypted string
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] data Pointer to data with 16B MD5 hash appended to decrypt
|
||||
/// \param[in ] size Size of \p data in bytes
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
/// \returns Decrypted string
|
||||
///
|
||||
template<class _Elem, class _Traits, class _Ax>
|
||||
bool decrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::basic_string<_Elem, _Traits, _Ax> &dec, _Out_ EAP_ERROR **ppEapError) const
|
||||
std::basic_string<_Elem, _Traits, _Ax> decrypt_str_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size) const
|
||||
{
|
||||
std::vector<_Elem, sanitizing_allocator<_Elem> > buf;
|
||||
if (!decrypt_md5(hProv, data, size, buf, ppEapError))
|
||||
return false;
|
||||
dec.assign(buf.data(), buf.size());
|
||||
|
||||
return true;
|
||||
std::vector<_Elem, sanitizing_allocator<_Elem> > buf(std::move(decrypt_md5(hProv, data, size)));
|
||||
return std::basic_string<_Elem, _Traits, _Ax>(buf.data(), buf.size());
|
||||
}
|
||||
|
||||
|
||||
///
|
||||
/// Decrypts a wide string with MD5 integrity check
|
||||
///
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] data Pointer to data with 16B MD5 hash appended to decrypt
|
||||
/// \param[in ] size Size of \p data in bytes
|
||||
/// \param[out] dec Decrypted string
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
/// \param[in ] hProv Handle of cryptographics provider
|
||||
/// \param[in ] data Pointer to data with 16B MD5 hash appended to decrypt
|
||||
/// \param[in ] size Size of \p data in bytes
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
/// \returns Decrypted string
|
||||
///
|
||||
template<class _Traits, class _Ax>
|
||||
bool decrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &dec, _Out_ EAP_ERROR **ppEapError) const
|
||||
std::basic_string<wchar_t, _Traits, _Ax> decrypt_str_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size) const
|
||||
{
|
||||
winstd::sanitizing_string buf;
|
||||
if (!decrypt_md5(hProv, data, size, buf, ppEapError))
|
||||
return false;
|
||||
winstd::sanitizing_string buf(std::move(decrypt_str_md5(hProv, data, size)));
|
||||
std::basic_string<wchar_t, _Traits, _Ax> dec;
|
||||
MultiByteToWideChar(CP_UTF8, 0, buf.data(), (int)buf.size(), dec);
|
||||
|
||||
return true;
|
||||
return dec;
|
||||
}
|
||||
|
||||
/// @}
|
||||
@@ -540,35 +468,26 @@ namespace eap
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
template<class T>
|
||||
bool unpack(
|
||||
void unpack(
|
||||
_Inout_ T &record,
|
||||
_In_count_(dwDataInSize) const BYTE *pDataIn,
|
||||
_In_ DWORD dwDataInSize,
|
||||
_Out_ EAP_ERROR **ppEapError)
|
||||
_In_ DWORD dwDataInSize)
|
||||
{
|
||||
#if EAP_ENCRYPT_BLOBS
|
||||
// Prepare cryptographics provider.
|
||||
winstd::crypt_prov cp;
|
||||
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) {
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptAcquireContext failed."));
|
||||
return false;
|
||||
}
|
||||
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" CryptAcquireContext failed."));
|
||||
|
||||
// Decrypt data.
|
||||
std::vector<unsigned char, winstd::sanitizing_allocator<unsigned char> > data;
|
||||
if (!decrypt_md5(cp, pDataIn, dwDataInSize, data, ppEapError))
|
||||
return false;
|
||||
std::vector<unsigned char, winstd::sanitizing_allocator<unsigned char> > data(std::move(decrypt_md5<unsigned char, winstd::sanitizing_allocator<unsigned char> >(cp, pDataIn, dwDataInSize)));
|
||||
|
||||
cursor_in cursor = { data.data(), data.data() + data.size() };
|
||||
#else
|
||||
UNREFERENCED_PARAMETER(ppEapError);
|
||||
|
||||
cursor_in cursor = { pDataIn, pDataIn + dwDataInSize };
|
||||
#endif
|
||||
cursor >> record;
|
||||
assert(cursor.ptr == cursor.ptr_end);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@@ -578,18 +497,12 @@ namespace eap
|
||||
/// \param[in ] record Object to pack
|
||||
/// \param[out] ppDataOut Pointer to pointer to receive encrypted BLOB. Pointer must be freed using `module::free_memory()`.
|
||||
/// \param[out] pdwDataOutSize Pointer to \p ppDataOut size
|
||||
/// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
template<class T>
|
||||
bool pack(
|
||||
_In_ const T &record,
|
||||
_Out_ BYTE **ppDataOut,
|
||||
_Out_ DWORD *pdwDataOutSize,
|
||||
_Out_ EAP_ERROR **ppEapError)
|
||||
void pack(
|
||||
_In_ const T &record,
|
||||
_Out_ BYTE **ppDataOut,
|
||||
_Out_ DWORD *pdwDataOutSize)
|
||||
{
|
||||
assert(ppDataOut);
|
||||
assert(pdwDataOutSize);
|
||||
@@ -606,32 +519,24 @@ namespace eap
|
||||
|
||||
// Prepare cryptographics provider.
|
||||
winstd::crypt_prov cp;
|
||||
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) {
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptAcquireContext failed."));
|
||||
return false;
|
||||
}
|
||||
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" CryptAcquireContext failed."));
|
||||
|
||||
// Encrypt BLOB.
|
||||
std::vector<unsigned char> data_enc;
|
||||
if (!encrypt_md5(cp, data.data(), data.size(), data_enc, ppEapError))
|
||||
return false;
|
||||
std::vector<unsigned char> data_enc(std::move(encrypt_md5(cp, data.data(), data.size())));
|
||||
|
||||
// Copy encrypted BLOB to output.
|
||||
*pdwDataOutSize = (DWORD)data_enc.size();
|
||||
*ppDataOut = alloc_memory(*pdwDataOutSize);
|
||||
if (!*ppDataOut) {
|
||||
*ppEapError = make_error(ERROR_OUTOFMEMORY, winstd::wstring_printf(_T(__FUNCTION__) _T(" Error allocating memory for BLOB (%uB)."), *pdwDataOutSize).c_str());
|
||||
return false;
|
||||
}
|
||||
if (!*ppDataOut)
|
||||
throw win_runtime_error(ERROR_OUTOFMEMORY, winstd::wstring_printf(_T(__FUNCTION__) _T(" Error allocating memory for BLOB (%uB)."), *pdwDataOutSize).c_str());
|
||||
memcpy(*ppDataOut, data_enc.data(), *pdwDataOutSize);
|
||||
#else
|
||||
// Allocate BLOB.
|
||||
*pdwDataOutSize = (DWORD)pksizeof(record);
|
||||
*ppDataOut = alloc_memory(*pdwDataOutSize);
|
||||
if (!*ppDataOut) {
|
||||
*ppEapError = make_error(ERROR_OUTOFMEMORY, winstd::wstring_printf(_T(__FUNCTION__) _T(" Error allocating memory for BLOB (%uB)."), *pdwDataOutSize).c_str());
|
||||
return false;
|
||||
}
|
||||
if (!*ppDataOut)
|
||||
throw win_runtime_error(ERROR_OUTOFMEMORY, winstd::wstring_printf(_T(__FUNCTION__) _T(" Error allocating memory for BLOB (%uB)."), *pdwDataOutSize).c_str());
|
||||
|
||||
// Pack to BLOB.
|
||||
cursor_out cursor = { *ppDataOut, *ppDataOut + *pdwDataOutSize };
|
||||
@@ -639,8 +544,6 @@ namespace eap
|
||||
assert(cursor.ptr == cursor.ptr_end);
|
||||
*pdwDataOutSize = cursor.ptr - *ppDataOut;
|
||||
#endif
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/// @}
|
||||
@@ -670,55 +573,38 @@ namespace eap
|
||||
///
|
||||
/// \sa [EapPeerGetInfo function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363613.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool initialize(_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
virtual void initialize() = 0;
|
||||
|
||||
///
|
||||
/// Shuts down the EAP method and prepares to unload its corresponding DLL.
|
||||
///
|
||||
/// \sa [EapPeerShutdown function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363627.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool shutdown(_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
virtual void shutdown() = 0;
|
||||
|
||||
///
|
||||
/// Returns the user data and user identity after being called by EAPHost.
|
||||
///
|
||||
/// \sa [EapPeerGetIdentity function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363607.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool get_identity(
|
||||
_In_ DWORD dwFlags,
|
||||
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
|
||||
_In_ DWORD dwConnectionDataSize,
|
||||
_In_count_(dwUserDataSize) const BYTE *pUserData,
|
||||
_In_ DWORD dwUserDataSize,
|
||||
_Out_ BYTE **ppUserDataOut,
|
||||
_Out_ DWORD *pdwUserDataOutSize,
|
||||
_In_ HANDLE hTokenImpersonateUser,
|
||||
_Out_ BOOL *pfInvokeUI,
|
||||
_Out_ WCHAR **ppwszIdentity,
|
||||
_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
virtual void get_identity(
|
||||
_In_ DWORD dwFlags,
|
||||
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
|
||||
_In_ DWORD dwConnectionDataSize,
|
||||
_In_count_(dwUserDataSize) const BYTE *pUserData,
|
||||
_In_ DWORD dwUserDataSize,
|
||||
_Inout_ BYTE **ppUserDataOut,
|
||||
_Inout_ DWORD *pdwUserDataOutSize,
|
||||
_In_ HANDLE hTokenImpersonateUser,
|
||||
_Inout_ BOOL *pfInvokeUI,
|
||||
_Inout_ WCHAR **ppwszIdentity) = 0;
|
||||
|
||||
///
|
||||
/// Defines the implementation of an EAP method-specific function that retrieves the properties of an EAP method given the connection and user data.
|
||||
///
|
||||
/// \sa [EapPeerGetMethodProperties function](https://msdn.microsoft.com/en-us/library/windows/desktop/hh706636.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool get_method_properties(
|
||||
virtual void get_method_properties(
|
||||
_In_ DWORD dwVersion,
|
||||
_In_ DWORD dwFlags,
|
||||
_In_ HANDLE hUserImpersonationToken,
|
||||
@@ -726,100 +612,72 @@ namespace eap
|
||||
_In_ DWORD dwConnectionDataSize,
|
||||
_In_count_(dwUserDataSize) const BYTE *pUserData,
|
||||
_In_ DWORD dwUserDataSize,
|
||||
_Out_ EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray,
|
||||
_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
_Inout_ EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray) = 0;
|
||||
|
||||
///
|
||||
/// Converts XML into the configuration BLOB. The XML based credentials can come from group policy or from a system administrator.
|
||||
///
|
||||
/// \sa [EapPeerCredentialsXml2Blob function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363603.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool credentials_xml2blob(
|
||||
virtual void credentials_xml2blob(
|
||||
_In_ DWORD dwFlags,
|
||||
_In_ IXMLDOMNode *pConfigRoot,
|
||||
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
|
||||
_In_ DWORD dwConnectionDataSize,
|
||||
_Out_ BYTE **ppCredentialsOut,
|
||||
_Out_ DWORD *pdwCredentialsOutSize,
|
||||
_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
_Inout_ BYTE **ppCredentialsOut,
|
||||
_Inout_ DWORD *pdwCredentialsOutSize) = 0;
|
||||
|
||||
///
|
||||
/// Defines the implementation of an EAP method-specific function that obtains the EAP Single-Sign-On (SSO) credential input fields for an EAP method.
|
||||
///
|
||||
/// \sa [EapPeerQueryCredentialInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363622.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool query_credential_input_fields(
|
||||
virtual void query_credential_input_fields(
|
||||
_In_ HANDLE hUserImpersonationToken,
|
||||
_In_ DWORD dwFlags,
|
||||
_In_ DWORD dwConnectionDataSize,
|
||||
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
|
||||
_Out_ EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray,
|
||||
_Out_ EAP_ERROR **ppEapError) const;
|
||||
_Inout_ EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray) const;
|
||||
|
||||
///
|
||||
/// Defines the implementation of an EAP method function that obtains the user BLOB data provided in an interactive Single-Sign-On (SSO) UI raised on the supplicant.
|
||||
///
|
||||
/// \sa [EapPeerQueryUserBlobFromCredentialInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb204697.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool query_user_blob_from_credential_input_fields(
|
||||
virtual void query_user_blob_from_credential_input_fields(
|
||||
_In_ HANDLE hUserImpersonationToken,
|
||||
_In_ DWORD dwFlags,
|
||||
_In_ DWORD dwConnectionDataSize,
|
||||
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
|
||||
_In_ const EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldArray,
|
||||
_Inout_ DWORD *pdwUsersBlobSize,
|
||||
_Inout_ BYTE **ppUserBlob,
|
||||
_Out_ EAP_ERROR **ppEapError) const;
|
||||
_Inout_ BYTE **ppUserBlob) const;
|
||||
|
||||
///
|
||||
/// Defines the implementation of an EAP method API that provides the input fields for interactive UI components to be raised on the supplicant.
|
||||
///
|
||||
/// \sa [EapPeerQueryInteractiveUIInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb204695.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool query_interactive_ui_input_fields(
|
||||
virtual void query_interactive_ui_input_fields(
|
||||
_In_ DWORD dwVersion,
|
||||
_In_ DWORD dwFlags,
|
||||
_In_ DWORD dwUIContextDataSize,
|
||||
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
|
||||
_Out_ EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData,
|
||||
_Out_ EAP_ERROR **ppEapError,
|
||||
_Inout_ LPVOID *pvReserved) const;
|
||||
_Inout_ EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData) const;
|
||||
|
||||
///
|
||||
/// Converts user information into a user BLOB that can be consumed by EAPHost run-time functions.
|
||||
///
|
||||
/// \sa [EapPeerQueryUIBlobFromInteractiveUIInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb204696.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool query_ui_blob_from_interactive_ui_input_fields(
|
||||
virtual void query_ui_blob_from_interactive_ui_input_fields(
|
||||
_In_ DWORD dwVersion,
|
||||
_In_ DWORD dwFlags,
|
||||
_In_ DWORD dwUIContextDataSize,
|
||||
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
|
||||
_In_ const EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData,
|
||||
_Out_ DWORD *pdwDataFromInteractiveUISize,
|
||||
_Out_ BYTE **ppDataFromInteractiveUI,
|
||||
_Out_ EAP_ERROR **ppEapError,
|
||||
_Inout_ LPVOID *ppvReserved) const;
|
||||
_Inout_ DWORD *pdwDataFromInteractiveUISize,
|
||||
_Inout_ BYTE **ppDataFromInteractiveUI) const;
|
||||
|
||||
/// \name Session management
|
||||
/// @{
|
||||
@@ -829,80 +687,55 @@ namespace eap
|
||||
///
|
||||
/// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
/// \returns Session handle
|
||||
///
|
||||
virtual bool begin_session(
|
||||
_In_ DWORD dwFlags,
|
||||
_In_ const EapAttributes *pAttributeArray,
|
||||
_In_ HANDLE hTokenImpersonateUser,
|
||||
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
|
||||
_In_ DWORD dwConnectionDataSize,
|
||||
_In_count_(dwUserDataSize) const BYTE *pUserData,
|
||||
_In_ DWORD dwUserDataSize,
|
||||
_In_ DWORD dwMaxSendPacketSize,
|
||||
_Out_ EAP_SESSION_HANDLE *phSession,
|
||||
_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
virtual EAP_SESSION_HANDLE begin_session(
|
||||
_In_ DWORD dwFlags,
|
||||
_In_ const EapAttributes *pAttributeArray,
|
||||
_In_ HANDLE hTokenImpersonateUser,
|
||||
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
|
||||
_In_ DWORD dwConnectionDataSize,
|
||||
_In_count_(dwUserDataSize) const BYTE *pUserData,
|
||||
_In_ DWORD dwUserDataSize,
|
||||
_In_ DWORD dwMaxSendPacketSize) = 0;
|
||||
|
||||
///
|
||||
/// Ends an EAP authentication session for the EAP method.
|
||||
///
|
||||
/// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool end_session(
|
||||
_In_ EAP_SESSION_HANDLE hSession,
|
||||
_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
virtual void end_session(_In_ EAP_SESSION_HANDLE hSession) = 0;
|
||||
|
||||
///
|
||||
/// Processes a packet received by EAPHost from a supplicant.
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
/// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
|
||||
///
|
||||
virtual bool process_request_packet(
|
||||
virtual void process_request_packet(
|
||||
_In_ EAP_SESSION_HANDLE hSession,
|
||||
_In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket,
|
||||
_In_ DWORD dwReceivedPacketSize,
|
||||
_Out_ EapPeerMethodOutput *pEapOutput,
|
||||
_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
_Inout_ EapPeerMethodOutput *pEapOutput) = 0;
|
||||
|
||||
///
|
||||
/// Obtains a response packet from the EAP method.
|
||||
///
|
||||
/// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool get_response_packet(
|
||||
virtual void get_response_packet(
|
||||
_In_ EAP_SESSION_HANDLE hSession,
|
||||
_Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket,
|
||||
_Inout_ DWORD *pdwSendPacketSize,
|
||||
_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
_Inout_ DWORD *pdwSendPacketSize) = 0;
|
||||
|
||||
///
|
||||
/// Obtains the result of an authentication session from the EAP method.
|
||||
///
|
||||
/// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool get_result(
|
||||
_In_ EAP_SESSION_HANDLE hSession,
|
||||
_In_ EapPeerMethodResultReason reason,
|
||||
_Out_ EapPeerMethodResult *ppResult,
|
||||
_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
virtual void get_result(
|
||||
_In_ EAP_SESSION_HANDLE hSession,
|
||||
_In_ EapPeerMethodResultReason reason,
|
||||
_Inout_ EapPeerMethodResult *ppResult) = 0;
|
||||
|
||||
///
|
||||
/// Obtains the user interface context from the EAP method.
|
||||
@@ -911,15 +744,10 @@ namespace eap
|
||||
///
|
||||
/// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool get_ui_context(
|
||||
_In_ EAP_SESSION_HANDLE hSession,
|
||||
_Out_ BYTE **ppUIContextData,
|
||||
_Out_ DWORD *pdwUIContextDataSize,
|
||||
_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
virtual void get_ui_context(
|
||||
_In_ EAP_SESSION_HANDLE hSession,
|
||||
_Inout_ BYTE **ppUIContextData,
|
||||
_Inout_ DWORD *pdwUIContextDataSize) = 0;
|
||||
|
||||
///
|
||||
/// Provides a user interface context to the EAP method.
|
||||
@@ -928,45 +756,30 @@ namespace eap
|
||||
///
|
||||
/// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool set_ui_context(
|
||||
virtual void set_ui_context(
|
||||
_In_ EAP_SESSION_HANDLE hSession,
|
||||
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
|
||||
_In_ DWORD dwUIContextDataSize,
|
||||
_In_ const EapPeerMethodOutput *pEapOutput,
|
||||
_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
_In_ const EapPeerMethodOutput *pEapOutput) = 0;
|
||||
|
||||
///
|
||||
/// Obtains an array of EAP response attributes from the EAP method.
|
||||
///
|
||||
/// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool get_response_attributes(
|
||||
_In_ EAP_SESSION_HANDLE hSession,
|
||||
_Out_ EapAttributes *pAttribs,
|
||||
_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
virtual void get_response_attributes(
|
||||
_In_ EAP_SESSION_HANDLE hSession,
|
||||
_Inout_ EapAttributes *pAttribs) = 0;
|
||||
|
||||
///
|
||||
/// Provides an updated array of EAP response attributes to the EAP method.
|
||||
///
|
||||
/// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx)
|
||||
///
|
||||
/// \returns
|
||||
/// - \c true if succeeded
|
||||
/// - \c false otherwise. See \p ppEapError for details.
|
||||
///
|
||||
virtual bool set_response_attributes(
|
||||
virtual void set_response_attributes(
|
||||
_In_ EAP_SESSION_HANDLE hSession,
|
||||
_In_ const EapAttributes *pAttribs,
|
||||
_Out_ EapPeerMethodOutput *pEapOutput,
|
||||
_Out_ EAP_ERROR **ppEapError) = 0;
|
||||
_Inout_ EapPeerMethodOutput *pEapOutput) = 0;
|
||||
|
||||
/// @}
|
||||
};
|
||||
|
||||
@@ -64,22 +64,16 @@ eap::config& eap::config::operator=(_Inout_ config &&other)
|
||||
}
|
||||
|
||||
|
||||
bool eap::config::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
|
||||
void eap::config::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
|
||||
{
|
||||
UNREFERENCED_PARAMETER(pDoc);
|
||||
UNREFERENCED_PARAMETER(pConfigRoot);
|
||||
UNREFERENCED_PARAMETER(ppEapError);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
bool eap::config::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
|
||||
void eap::config::load(_In_ IXMLDOMNode *pConfigRoot)
|
||||
{
|
||||
UNREFERENCED_PARAMETER(pConfigRoot);
|
||||
UNREFERENCED_PARAMETER(ppEapError);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@@ -194,39 +188,31 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_Inout_ co
|
||||
}
|
||||
|
||||
|
||||
bool eap::config_method_with_cred::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
|
||||
void eap::config_method_with_cred::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
|
||||
{
|
||||
assert(pDoc);
|
||||
assert(pConfigRoot);
|
||||
assert(ppEapError);
|
||||
|
||||
const winstd::bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
|
||||
DWORD dwResult;
|
||||
|
||||
// <ClientSideCredential>
|
||||
winstd::com_obj<IXMLDOMElement> pXmlElClientSideCredential;
|
||||
if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, winstd::bstr(L"eap-metadata:ClientSideCredential"), winstd::bstr(L"ClientSideCredential"), bstrNamespace, &pXmlElClientSideCredential)) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ClientSideCredential> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, winstd::bstr(L"eap-metadata:ClientSideCredential"), winstd::bstr(L"ClientSideCredential"), bstrNamespace, &pXmlElClientSideCredential)) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ClientSideCredential> element."));
|
||||
|
||||
// <ClientSideCredential>/<allow-save>
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, winstd::bstr(L"allow-save"), bstrNamespace, m_allow_save)) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <allow-save> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, winstd::bstr(L"allow-save"), bstrNamespace, m_allow_save)) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <allow-save> element."));
|
||||
|
||||
if (m_use_preshared && !m_preshared->save(pDoc, pXmlElClientSideCredential, ppEapError))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
if (m_use_preshared)
|
||||
m_preshared->save(pDoc, pXmlElClientSideCredential);
|
||||
}
|
||||
|
||||
|
||||
bool eap::config_method_with_cred::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
|
||||
void eap::config_method_with_cred::load(_In_ IXMLDOMNode *pConfigRoot)
|
||||
{
|
||||
assert(pConfigRoot);
|
||||
assert(ppEapError);
|
||||
|
||||
m_allow_save = true;
|
||||
m_use_preshared = false;
|
||||
@@ -241,18 +227,13 @@ bool eap::config_method_with_cred::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP
|
||||
eapxml::get_element_value(pXmlElClientSideCredential, winstd::bstr(L"eap-metadata:allow-save"), &m_allow_save);
|
||||
m_module.log_config((xpath + L"/allow-save").c_str(), m_allow_save);
|
||||
|
||||
if (m_preshared->load(pXmlElClientSideCredential, ppEapError)) {
|
||||
try {
|
||||
m_preshared->load(pXmlElClientSideCredential);
|
||||
m_use_preshared = true;
|
||||
} else {
|
||||
} catch (...) {
|
||||
// This is not really an error - merely an indication pre-shared credentials are unavailable.
|
||||
if (*ppEapError) {
|
||||
m_module.free_error_memory(*ppEapError);
|
||||
*ppEapError = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@@ -377,129 +358,95 @@ eap::config* eap::config_provider::clone() const
|
||||
}
|
||||
|
||||
|
||||
bool eap::config_provider::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
|
||||
void eap::config_provider::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
|
||||
{
|
||||
if (!config::save(pDoc, pConfigRoot, ppEapError))
|
||||
return false;
|
||||
config::save(pDoc, pConfigRoot);
|
||||
|
||||
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
|
||||
DWORD dwResult;
|
||||
HRESULT hr;
|
||||
|
||||
// <read-only>
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"read-only"), bstrNamespace, m_read_only)) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <read-only> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"read-only"), bstrNamespace, m_read_only)) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <read-only> element."));
|
||||
|
||||
// <ID>
|
||||
if (!m_id.empty())
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"ID"), bstrNamespace, bstr(m_id))) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ID> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"ID"), bstrNamespace, bstr(m_id))) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ID> element."));
|
||||
|
||||
// <ProviderInfo>
|
||||
com_obj<IXMLDOMElement> pXmlElProviderInfo;
|
||||
if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ProviderInfo"), bstr(L"ProviderInfo"), bstrNamespace, &pXmlElProviderInfo)) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ProviderInfo> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ProviderInfo"), bstr(L"ProviderInfo"), bstrNamespace, &pXmlElProviderInfo)) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ProviderInfo> element."));
|
||||
|
||||
// <ProviderInfo>/<DisplayName>
|
||||
if (!m_name.empty())
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"DisplayName"), bstrNamespace, bstr(m_name))) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <DisplayName> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"DisplayName"), bstrNamespace, bstr(m_name))) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <DisplayName> element."));
|
||||
|
||||
// <ProviderInfo>/<Helpdesk>
|
||||
com_obj<IXMLDOMElement> pXmlElHelpdesk;
|
||||
if ((dwResult = eapxml::create_element(pDoc, pXmlElProviderInfo, bstr(L"eap-metadata:Helpdesk"), bstr(L"Helpdesk"), bstrNamespace, &pXmlElHelpdesk)) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <Helpdesk> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::create_element(pDoc, pXmlElProviderInfo, bstr(L"eap-metadata:Helpdesk"), bstr(L"Helpdesk"), bstrNamespace, &pXmlElHelpdesk)) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <Helpdesk> element."));
|
||||
|
||||
// <ProviderInfo>/<Helpdesk>/<EmailAddress>
|
||||
if (!m_help_email.empty())
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"EmailAddress"), bstrNamespace, bstr(m_help_email))) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <EmailAddress> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"EmailAddress"), bstrNamespace, bstr(m_help_email))) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <EmailAddress> element."));
|
||||
|
||||
// <ProviderInfo>/<Helpdesk>/<WebAddress>
|
||||
if (!m_help_web.empty())
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"WebAddress"), bstrNamespace, bstr(m_help_web))) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <WebAddress> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"WebAddress"), bstrNamespace, bstr(m_help_web))) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <WebAddress> element."));
|
||||
|
||||
// <ProviderInfo>/<Helpdesk>/<Phone>
|
||||
if (!m_help_phone.empty())
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"Phone"), bstrNamespace, bstr(m_help_phone))) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <Phone> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"Phone"), bstrNamespace, bstr(m_help_phone))) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <Phone> element."));
|
||||
|
||||
// <ProviderInfo>/<CredentialPrompt>
|
||||
if (!m_lbl_alt_credential.empty())
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"CredentialPrompt"), bstrNamespace, bstr(m_lbl_alt_credential))) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <CredentialPrompt> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"CredentialPrompt"), bstrNamespace, bstr(m_lbl_alt_credential))) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <CredentialPrompt> element."));
|
||||
|
||||
// <ProviderInfo>/<UserNameLabel>
|
||||
if (!m_lbl_alt_identity.empty())
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"UserNameLabel"), bstrNamespace, bstr(m_lbl_alt_identity))) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <UserNameLabel> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"UserNameLabel"), bstrNamespace, bstr(m_lbl_alt_identity))) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <UserNameLabel> element."));
|
||||
|
||||
// <ProviderInfo>/<PasswordLabel>
|
||||
if (!m_lbl_alt_password.empty())
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"PasswordLabel"), bstrNamespace, bstr(m_lbl_alt_password))) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <PasswordLabel> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"PasswordLabel"), bstrNamespace, bstr(m_lbl_alt_password))) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <PasswordLabel> element."));
|
||||
|
||||
// <AuthenticationMethods>
|
||||
com_obj<IXMLDOMElement> pXmlElAuthenticationMethods;
|
||||
if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods"), bstr(L"AuthenticationMethods"), bstrNamespace, &pXmlElAuthenticationMethods)) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <AuthenticationMethods> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods"), bstr(L"AuthenticationMethods"), bstrNamespace, &pXmlElAuthenticationMethods)) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <AuthenticationMethods> element."));
|
||||
|
||||
for (list<unique_ptr<config_method> >::const_iterator method = m_methods.cbegin(), method_end = m_methods.cend(); method != method_end; ++method) {
|
||||
// <AuthenticationMethod>
|
||||
com_obj<IXMLDOMElement> pXmlElAuthenticationMethod;
|
||||
if ((dwResult = eapxml::create_element(pDoc, bstr(L"AuthenticationMethod"), bstrNamespace, &pXmlElAuthenticationMethod))) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <AuthenticationMethod> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::create_element(pDoc, bstr(L"AuthenticationMethod"), bstrNamespace, &pXmlElAuthenticationMethod)))
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <AuthenticationMethod> element."));
|
||||
|
||||
// <AuthenticationMethod>/...
|
||||
if (!method->get()->save(pDoc, pXmlElAuthenticationMethod, ppEapError))
|
||||
return false;
|
||||
method->get()->save(pDoc, pXmlElAuthenticationMethod);
|
||||
|
||||
if (FAILED(hr = pXmlElAuthenticationMethods->appendChild(pXmlElAuthenticationMethod, NULL))) {
|
||||
*ppEapError = m_module.make_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending <AuthenticationMethod> element."));
|
||||
return false;
|
||||
}
|
||||
if (FAILED(hr = pXmlElAuthenticationMethods->appendChild(pXmlElAuthenticationMethod, NULL)))
|
||||
throw win_runtime_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending <AuthenticationMethod> element."));
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
bool eap::config_provider::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
|
||||
void eap::config_provider::load(_In_ IXMLDOMNode *pConfigRoot)
|
||||
{
|
||||
assert(pConfigRoot);
|
||||
assert(ppEapError);
|
||||
DWORD dwResult;
|
||||
wstring xpath(eapxml::get_xpath(pConfigRoot));
|
||||
|
||||
if (!config::load(pConfigRoot, ppEapError))
|
||||
return false;
|
||||
config::load(pConfigRoot);
|
||||
|
||||
// <read-only>
|
||||
if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:read-only"), &m_read_only)) != ERROR_SUCCESS)
|
||||
@@ -562,10 +509,8 @@ bool eap::config_provider::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR *
|
||||
// Iterate authentication methods (<AuthenticationMethods>).
|
||||
m_methods.clear();
|
||||
com_obj<IXMLDOMNodeList> pXmlListMethods;
|
||||
if ((dwResult = eapxml::select_nodes(pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods/eap-metadata:AuthenticationMethod"), &pXmlListMethods)) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_FOUND, _T(__FUNCTION__) _T(" Error selecting <AuthenticationMethods>/<AuthenticationMethod> elements."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::select_nodes(pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods/eap-metadata:AuthenticationMethod"), &pXmlListMethods)) != ERROR_SUCCESS)
|
||||
throw invalid_argument(__FUNCTION__ " Error selecting <AuthenticationMethods>/<AuthenticationMethod> elements.");
|
||||
long lCount = 0;
|
||||
pXmlListMethods->get_length(&lCount);
|
||||
for (long i = 0; i < lCount; i++) {
|
||||
@@ -584,14 +529,11 @@ bool eap::config_provider::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR *
|
||||
}
|
||||
|
||||
// Load configuration.
|
||||
if (!cfg->load(pXmlElMethod, ppEapError))
|
||||
return false;
|
||||
cfg->load(pXmlElMethod);
|
||||
|
||||
// Add configuration to the list.
|
||||
m_methods.push_back(std::move(cfg));
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@@ -708,10 +650,9 @@ eap::config* eap::config_provider_list::clone() const
|
||||
}
|
||||
|
||||
|
||||
bool eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
|
||||
void eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
|
||||
{
|
||||
if (!config::save(pDoc, pConfigRoot, ppEapError))
|
||||
return false;
|
||||
config::save(pDoc, pConfigRoot);
|
||||
|
||||
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
|
||||
DWORD dwResult;
|
||||
@@ -719,48 +660,35 @@ bool eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNod
|
||||
|
||||
// Select <EAPIdentityProviderList> node.
|
||||
com_obj<IXMLDOMNode> pXmlElIdentityProviderList;
|
||||
if ((dwResult = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList"), &pXmlElIdentityProviderList)) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_FOUND, _T(__FUNCTION__) _T(" Error selecting <EAPIdentityProviderList> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList"), &pXmlElIdentityProviderList)) != ERROR_SUCCESS)
|
||||
throw invalid_argument(__FUNCTION__ " Error selecting <EAPIdentityProviderList> element.");
|
||||
|
||||
for (list<config_provider>::const_iterator provider = m_providers.cbegin(), provider_end = m_providers.cend(); provider != provider_end; ++provider) {
|
||||
// <EAPIdentityProvider>
|
||||
com_obj<IXMLDOMElement> pXmlElIdentityProvider;
|
||||
if ((dwResult = eapxml::create_element(pDoc, bstr(L"EAPIdentityProvider"), bstrNamespace, &pXmlElIdentityProvider))) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <EAPIdentityProvider> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::create_element(pDoc, bstr(L"EAPIdentityProvider"), bstrNamespace, &pXmlElIdentityProvider)))
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <EAPIdentityProvider> element."));
|
||||
|
||||
// <EAPIdentityProvider>/...
|
||||
if (!provider->save(pDoc, pXmlElIdentityProvider, ppEapError))
|
||||
return false;
|
||||
provider->save(pDoc, pXmlElIdentityProvider);
|
||||
|
||||
if (FAILED(hr = pXmlElIdentityProviderList->appendChild(pXmlElIdentityProvider, NULL))) {
|
||||
*ppEapError = m_module.make_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending <EAPIdentityProvider> element."));
|
||||
return false;
|
||||
}
|
||||
if (FAILED(hr = pXmlElIdentityProviderList->appendChild(pXmlElIdentityProvider, NULL)))
|
||||
throw win_runtime_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending <EAPIdentityProvider> element."));
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
bool eap::config_provider_list::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
|
||||
void eap::config_provider_list::load(_In_ IXMLDOMNode *pConfigRoot)
|
||||
{
|
||||
assert(pConfigRoot);
|
||||
assert(ppEapError);
|
||||
DWORD dwResult;
|
||||
|
||||
if (!config::load(pConfigRoot, ppEapError))
|
||||
return false;
|
||||
config::load(pConfigRoot);
|
||||
|
||||
// Iterate authentication providers (<EAPIdentityProvider>).
|
||||
com_obj<IXMLDOMNodeList> pXmlListProviders;
|
||||
if ((dwResult = eapxml::select_nodes(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList/eap-metadata:EAPIdentityProvider"), &pXmlListProviders)) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(ERROR_NOT_FOUND, _T(__FUNCTION__) _T(" Error selecting <EAPIdentityProviderList><EAPIdentityProvider> elements."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::select_nodes(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList/eap-metadata:EAPIdentityProvider"), &pXmlListProviders)) != ERROR_SUCCESS)
|
||||
throw invalid_argument(__FUNCTION__ " Error selecting <EAPIdentityProviderList><EAPIdentityProvider> elements.");
|
||||
long lCount = 0;
|
||||
pXmlListProviders->get_length(&lCount);
|
||||
for (long i = 0; i < lCount; i++) {
|
||||
@@ -770,14 +698,11 @@ bool eap::config_provider_list::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ER
|
||||
config_provider prov(m_module);
|
||||
|
||||
// Load provider.
|
||||
if (!prov.load(pXmlElProvider, ppEapError))
|
||||
return false;
|
||||
prov.load(pXmlElProvider);
|
||||
|
||||
// Add provider to the list.
|
||||
m_providers.push_back(std::move(prov));
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -77,24 +77,6 @@ bool eap::credentials::empty() const
|
||||
}
|
||||
|
||||
|
||||
bool eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
|
||||
{
|
||||
if (!config::save(pDoc, pConfigRoot, ppEapError))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
bool eap::credentials::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
|
||||
{
|
||||
if (!config::load(pConfigRoot, ppEapError))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
tstring eap::credentials::get_name() const
|
||||
{
|
||||
return !empty() ? get_identity() : _T("<blank>");
|
||||
@@ -164,60 +146,46 @@ bool eap::credentials_pass::empty() const
|
||||
}
|
||||
|
||||
|
||||
bool eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
|
||||
void eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
|
||||
{
|
||||
assert(pDoc);
|
||||
assert(pConfigRoot);
|
||||
assert(ppEapError);
|
||||
|
||||
if (!credentials::save(pDoc, pConfigRoot, ppEapError))
|
||||
return false;
|
||||
credentials::save(pDoc, pConfigRoot);
|
||||
|
||||
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
|
||||
DWORD dwResult;
|
||||
|
||||
// <UserName>
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <UserName> element."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <UserName> element."));
|
||||
|
||||
// <Password>
|
||||
bstr pass(m_password);
|
||||
dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass);
|
||||
SecureZeroMemory((BSTR)pass, sizeof(OLECHAR)*pass.length());
|
||||
if (dwResult != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <Password> element."));
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
if (dwResult != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <Password> element."));
|
||||
}
|
||||
|
||||
|
||||
bool eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
|
||||
void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
|
||||
{
|
||||
assert(pConfigRoot);
|
||||
assert(ppEapError);
|
||||
DWORD dwResult;
|
||||
|
||||
if (!credentials::load(pConfigRoot, ppEapError))
|
||||
return false;
|
||||
credentials::load(pConfigRoot);
|
||||
|
||||
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
|
||||
|
||||
if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading <UserName> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error reading <UserName> element."));
|
||||
|
||||
m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
|
||||
|
||||
bstr pass;
|
||||
if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)) != ERROR_SUCCESS) {
|
||||
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading <Password> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
|
||||
return false;
|
||||
}
|
||||
if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)) != ERROR_SUCCESS)
|
||||
throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error reading <Password> element."));
|
||||
m_password = pass;
|
||||
SecureZeroMemory((BSTR)pass, sizeof(OLECHAR)*pass.length());
|
||||
|
||||
@@ -228,8 +196,6 @@ bool eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR
|
||||
L"********"
|
||||
#endif
|
||||
);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@@ -258,10 +224,9 @@ void eap::credentials_pass::operator>>(_Inout_ cursor_in &cursor)
|
||||
}
|
||||
|
||||
|
||||
bool eap::credentials_pass::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const
|
||||
void eap::credentials_pass::store(_In_ LPCTSTR pszTargetName) const
|
||||
{
|
||||
assert(pszTargetName);
|
||||
assert(ppEapError);
|
||||
|
||||
// Convert password to UTF-8.
|
||||
sanitizing_string cred_utf8;
|
||||
@@ -271,10 +236,8 @@ bool eap::credentials_pass::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **
|
||||
DATA_BLOB cred_blob = { (DWORD)cred_utf8.size() , (LPBYTE)cred_utf8.data() };
|
||||
DATA_BLOB entropy_blob = { sizeof(s_entropy), (LPBYTE)s_entropy };
|
||||
data_blob cred_enc;
|
||||
if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc)) {
|
||||
*ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptProtectData failed."));
|
||||
return false;
|
||||
}
|
||||
if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" CryptProtectData failed."));
|
||||
|
||||
tstring target(target_name(pszTargetName));
|
||||
|
||||
@@ -295,34 +258,26 @@ bool eap::credentials_pass::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **
|
||||
NULL, // TargetAlias
|
||||
(LPTSTR)m_identity.c_str() // UserName
|
||||
};
|
||||
if (!CredWrite(&cred, 0)) {
|
||||
*ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CredWrite failed."));
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
if (!CredWrite(&cred, 0))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" CredWrite failed."));
|
||||
}
|
||||
|
||||
|
||||
bool eap::credentials_pass::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError)
|
||||
void eap::credentials_pass::retrieve(_In_ LPCTSTR pszTargetName)
|
||||
{
|
||||
assert(pszTargetName);
|
||||
|
||||
// Read credentials.
|
||||
unique_ptr<CREDENTIAL, CredFree_delete<CREDENTIAL> > cred;
|
||||
if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred)) {
|
||||
*ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CredRead failed."));
|
||||
return false;
|
||||
}
|
||||
if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" CredRead failed."));
|
||||
|
||||
// Decrypt the password using user's key.
|
||||
DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob };
|
||||
DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy };
|
||||
data_blob cred_int;
|
||||
if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int)) {
|
||||
*ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptUnprotectData failed."));
|
||||
return false;
|
||||
}
|
||||
if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" CryptUnprotectData failed."));
|
||||
|
||||
// Convert password from UTF-8.
|
||||
MultiByteToWideChar(CP_UTF8, 0, (LPCSTR)cred_int.pbData, (int)cred_int.cbData, m_password);
|
||||
@@ -342,8 +297,6 @@ bool eap::credentials_pass::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR
|
||||
L"********"
|
||||
#endif
|
||||
);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
80
lib/EAPBase/src/EAP.cpp
Normal file
80
lib/EAPBase/src/EAP.cpp
Normal file
@@ -0,0 +1,80 @@
|
||||
/*
|
||||
Copyright 2015-2016 Amebis
|
||||
Copyright 2016 G<>ANT
|
||||
|
||||
This file is part of G<>ANTLink.
|
||||
|
||||
G<>ANTLink is free software: you can redistribute it and/or modify it
|
||||
under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
G<>ANTLink is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with G<>ANTLink. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include "StdAfx.h"
|
||||
|
||||
using namespace std;
|
||||
using namespace winstd;
|
||||
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
// eap::win_runtime_error
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
|
||||
eap::win_runtime_error::win_runtime_error(_In_ DWORD error, _In_ const tstring& msg) :
|
||||
m_error(error),
|
||||
m_msg(msg),
|
||||
runtime_error("")
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
eap::win_runtime_error::win_runtime_error(_In_ DWORD error, _In_z_ const TCHAR *msg) :
|
||||
m_error(error),
|
||||
m_msg(msg),
|
||||
runtime_error("")
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
eap::win_runtime_error::win_runtime_error(_In_ const tstring& msg) :
|
||||
m_error(GetLastError()),
|
||||
m_msg(msg),
|
||||
runtime_error("")
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
eap::win_runtime_error::win_runtime_error(_In_z_ const TCHAR *msg) :
|
||||
m_error(GetLastError()),
|
||||
m_msg(msg),
|
||||
runtime_error("")
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
eap::win_runtime_error::win_runtime_error(const win_runtime_error &other) :
|
||||
m_error(other.m_error),
|
||||
m_msg(other.m_msg),
|
||||
runtime_error(other.what())
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
eap::win_runtime_error& eap::win_runtime_error::operator=(const win_runtime_error &other)
|
||||
{
|
||||
if (this != addressof(other)) {
|
||||
*(runtime_error*)this = other;
|
||||
m_error = other.m_error;
|
||||
m_msg = other.m_msg;
|
||||
}
|
||||
|
||||
return *this;
|
||||
}
|
||||
@@ -76,26 +76,19 @@ eap::method& eap::method::operator=(_Inout_ method &&other)
|
||||
}
|
||||
|
||||
|
||||
bool eap::method::begin_session(
|
||||
void eap::method::begin_session(
|
||||
_In_ DWORD dwFlags,
|
||||
_In_ const EapAttributes *pAttributeArray,
|
||||
_In_ HANDLE hTokenImpersonateUser,
|
||||
_In_ DWORD dwMaxSendPacketSize,
|
||||
_Out_ EAP_ERROR **ppEapError)
|
||||
_In_ DWORD dwMaxSendPacketSize)
|
||||
{
|
||||
UNREFERENCED_PARAMETER(dwFlags);
|
||||
UNREFERENCED_PARAMETER(pAttributeArray);
|
||||
UNREFERENCED_PARAMETER(hTokenImpersonateUser);
|
||||
UNREFERENCED_PARAMETER(dwMaxSendPacketSize);
|
||||
UNREFERENCED_PARAMETER(ppEapError);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
bool eap::method::end_session(_Out_ EAP_ERROR **ppEapError)
|
||||
void eap::method::end_session()
|
||||
{
|
||||
UNREFERENCED_PARAMETER(ppEapError);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -85,6 +85,25 @@ EAP_ERROR* eap::module::make_error(_In_ DWORD dwErrorCode, _In_opt_z_ LPCWSTR ps
|
||||
}
|
||||
|
||||
|
||||
EAP_ERROR* eap::module::make_error(_In_ std::exception &err) const
|
||||
{
|
||||
win_runtime_error &err_rt(dynamic_cast<win_runtime_error&>(err));
|
||||
if (&err_rt)
|
||||
return make_error(err_rt.m_error, err_rt.m_msg.c_str());
|
||||
|
||||
invalid_argument &err_ia(dynamic_cast<invalid_argument&>(err));
|
||||
if (&err_ia) {
|
||||
wstring str;
|
||||
MultiByteToWideChar(CP_ACP, 0, err_ia.what(), -1, str);
|
||||
return make_error(ERROR_INVALID_PARAMETER, str.c_str());
|
||||
}
|
||||
|
||||
wstring str;
|
||||
MultiByteToWideChar(CP_ACP, 0, err.what(), -1, str);
|
||||
return make_error(ERROR_INVALID_DATA, str.c_str());
|
||||
}
|
||||
|
||||
|
||||
BYTE* eap::module::alloc_memory(_In_ size_t size)
|
||||
{
|
||||
return (BYTE*)HeapAlloc(m_heap, 0, size);
|
||||
@@ -134,16 +153,12 @@ eap::config_method* eap::module::make_config_method()
|
||||
}
|
||||
|
||||
|
||||
bool eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<unsigned char> &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash) const
|
||||
std::vector<unsigned char> eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_opt_ HCRYPTHASH hHash) const
|
||||
{
|
||||
assert(ppEapError);
|
||||
|
||||
// Generate 256-bit AES session key.
|
||||
crypt_key key_aes;
|
||||
if (!CryptGenKey(hProv, CALG_AES_256, MAKELONG(CRYPT_EXPORTABLE, 256), &key_aes)) {
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptGenKey failed."));
|
||||
return false;
|
||||
}
|
||||
if (!CryptGenKey(hProv, CALG_AES_256, MAKELONG(CRYPT_EXPORTABLE, 256), &key_aes))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" CryptGenKey failed."));
|
||||
|
||||
// Import the public RSA key.
|
||||
HRSRC res = FindResource(m_instance, MAKEINTRESOURCE(IDR_EAP_KEY_PUBLIC), RT_RCDATA);
|
||||
@@ -153,22 +168,16 @@ bool eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void
|
||||
crypt_key key_rsa;
|
||||
unique_ptr<CERT_PUBLIC_KEY_INFO, LocalFree_delete<CERT_PUBLIC_KEY_INFO> > keyinfo_data;
|
||||
DWORD keyinfo_size = 0;
|
||||
if (!CryptDecodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, (const BYTE*)::LockResource(res_handle), ::SizeofResource(m_instance, res), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size)) {
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptDecodeObjectEx failed."));
|
||||
return false;
|
||||
}
|
||||
if (!key_rsa.import_public(hProv, X509_ASN_ENCODING, keyinfo_data.get())) {
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Public key import failed."));
|
||||
return false;
|
||||
}
|
||||
if (!CryptDecodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, (const BYTE*)::LockResource(res_handle), ::SizeofResource(m_instance, res), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" CryptDecodeObjectEx failed."));
|
||||
if (!key_rsa.import_public(hProv, X509_ASN_ENCODING, keyinfo_data.get()))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" Public key import failed."));
|
||||
|
||||
// Export AES session key encrypted with public RSA key.
|
||||
vector<unsigned char, sanitizing_allocator<unsigned char> > buf;
|
||||
if (!CryptExportKey(key_aes, key_rsa, SIMPLEBLOB, 0, buf)) {
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptExportKey failed."));
|
||||
return false;
|
||||
}
|
||||
enc.assign(buf.begin(), buf.end());
|
||||
if (!CryptExportKey(key_aes, key_rsa, SIMPLEBLOB, 0, buf))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" CryptExportKey failed."));
|
||||
std::vector<unsigned char> enc(buf.begin(), buf.end());
|
||||
|
||||
// Pre-allocate memory to allow space, as encryption will grow the data.
|
||||
buf.assign((const unsigned char*)data, (const unsigned char*)data + size);
|
||||
@@ -177,40 +186,33 @@ bool eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void
|
||||
buf.reserve((size + dwBlockLen) / dwBlockLen * dwBlockLen);
|
||||
|
||||
// Encrypt the data using AES key.
|
||||
if (!CryptEncrypt(key_aes, hHash, TRUE, 0, buf)) {
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptEncrypt failed."));
|
||||
return false;
|
||||
}
|
||||
if (!CryptEncrypt(key_aes, hHash, TRUE, 0, buf))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" CryptEncrypt failed."));
|
||||
|
||||
// Append encrypted data.
|
||||
enc.insert(enc.cend(), buf.begin(), buf.end());
|
||||
return true;
|
||||
return enc;
|
||||
}
|
||||
|
||||
|
||||
bool eap::module::encrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<unsigned char> &enc, _Out_ EAP_ERROR **ppEapError) const
|
||||
std::vector<unsigned char> eap::module::encrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size) const
|
||||
{
|
||||
// Create hash.
|
||||
crypt_hash hash;
|
||||
if (!hash.create(hProv, CALG_MD5)) {
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Creating MD5 hash failed."));
|
||||
return false;
|
||||
}
|
||||
if (!hash.create(hProv, CALG_MD5))
|
||||
throw win_runtime_error(_T(__FUNCTION__) _T(" Creating MD5 hash failed."));
|
||||
|
||||
// Encrypt data.
|
||||
if (!encrypt(hProv, data, size, enc, ppEapError, hash))
|
||||
return false;
|
||||
std::vector<unsigned char> enc(std::move(encrypt(hProv, data, size, hash)));
|
||||
|
||||
// Calculate MD5 hash.
|
||||
vector<unsigned char> hash_bin;
|
||||
if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0)) {
|
||||
*ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Calculating MD5 hash failed."));
|
||||
return false;
|
||||
}
|
||||
if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0))
|
||||
throw invalid_argument(__FUNCTION__ " Calculating MD5 hash failed.");
|
||||
|
||||
// Append hash.
|
||||
enc.insert(enc.end(), hash_bin.begin(), hash_bin.end());
|
||||
return true;
|
||||
return enc;
|
||||
}
|
||||
|
||||
|
||||
@@ -223,35 +225,31 @@ eap::peer::peer(_In_ eap_type_t eap_method) : module(eap_method)
|
||||
}
|
||||
|
||||
|
||||
bool eap::peer::query_credential_input_fields(
|
||||
void eap::peer::query_credential_input_fields(
|
||||
_In_ HANDLE hUserImpersonationToken,
|
||||
_In_ DWORD dwFlags,
|
||||
_In_ DWORD dwConnectionDataSize,
|
||||
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
|
||||
_Out_ EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray,
|
||||
_Out_ EAP_ERROR **ppEapError) const
|
||||
_Inout_ EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray) const
|
||||
{
|
||||
UNREFERENCED_PARAMETER(hUserImpersonationToken);
|
||||
UNREFERENCED_PARAMETER(dwFlags);
|
||||
UNREFERENCED_PARAMETER(dwConnectionDataSize);
|
||||
UNREFERENCED_PARAMETER(pConnectionData);
|
||||
UNREFERENCED_PARAMETER(pEapConfigInputFieldsArray);
|
||||
UNREFERENCED_PARAMETER(ppEapError);
|
||||
|
||||
*ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
|
||||
return false;
|
||||
throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
|
||||
}
|
||||
|
||||
|
||||
bool eap::peer::query_user_blob_from_credential_input_fields(
|
||||
void eap::peer::query_user_blob_from_credential_input_fields(
|
||||
_In_ HANDLE hUserImpersonationToken,
|
||||
_In_ DWORD dwFlags,
|
||||
_In_ DWORD dwConnectionDataSize,
|
||||
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
|
||||
_In_ const EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldArray,
|
||||
_Inout_ DWORD *pdwUsersBlobSize,
|
||||
_Inout_ BYTE **ppUserBlob,
|
||||
_Out_ EAP_ERROR **ppEapError) const
|
||||
_Inout_ BYTE **ppUserBlob) const
|
||||
{
|
||||
UNREFERENCED_PARAMETER(hUserImpersonationToken);
|
||||
UNREFERENCED_PARAMETER(dwFlags);
|
||||
@@ -260,45 +258,36 @@ bool eap::peer::query_user_blob_from_credential_input_fields(
|
||||
UNREFERENCED_PARAMETER(pEapConfigInputFieldArray);
|
||||
UNREFERENCED_PARAMETER(pdwUsersBlobSize);
|
||||
UNREFERENCED_PARAMETER(ppUserBlob);
|
||||
UNREFERENCED_PARAMETER(ppEapError);
|
||||
|
||||
*ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
|
||||
return false;
|
||||
throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
|
||||
}
|
||||
|
||||
|
||||
bool eap::peer::query_interactive_ui_input_fields(
|
||||
void eap::peer::query_interactive_ui_input_fields(
|
||||
_In_ DWORD dwVersion,
|
||||
_In_ DWORD dwFlags,
|
||||
_In_ DWORD dwUIContextDataSize,
|
||||
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
|
||||
_Out_ EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData,
|
||||
_Out_ EAP_ERROR **ppEapError,
|
||||
_Inout_ LPVOID *pvReserved) const
|
||||
_Inout_ EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData) const
|
||||
{
|
||||
UNREFERENCED_PARAMETER(dwVersion);
|
||||
UNREFERENCED_PARAMETER(dwFlags);
|
||||
UNREFERENCED_PARAMETER(dwUIContextDataSize);
|
||||
UNREFERENCED_PARAMETER(pUIContextData);
|
||||
UNREFERENCED_PARAMETER(pEapInteractiveUIData);
|
||||
UNREFERENCED_PARAMETER(ppEapError);
|
||||
UNREFERENCED_PARAMETER(pvReserved);
|
||||
|
||||
*ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
|
||||
return false;
|
||||
throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
|
||||
}
|
||||
|
||||
|
||||
bool eap::peer::query_ui_blob_from_interactive_ui_input_fields(
|
||||
void eap::peer::query_ui_blob_from_interactive_ui_input_fields(
|
||||
_In_ DWORD dwVersion,
|
||||
_In_ DWORD dwFlags,
|
||||
_In_ DWORD dwUIContextDataSize,
|
||||
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
|
||||
_In_ const EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData,
|
||||
_Out_ DWORD *pdwDataFromInteractiveUISize,
|
||||
_Out_ BYTE **ppDataFromInteractiveUI,
|
||||
_Out_ EAP_ERROR **ppEapError,
|
||||
_Inout_ LPVOID *ppvReserved) const
|
||||
_Inout_ DWORD *pdwDataFromInteractiveUISize,
|
||||
_Inout_ BYTE **ppDataFromInteractiveUI) const
|
||||
{
|
||||
UNREFERENCED_PARAMETER(dwVersion);
|
||||
UNREFERENCED_PARAMETER(dwFlags);
|
||||
@@ -307,9 +296,6 @@ bool eap::peer::query_ui_blob_from_interactive_ui_input_fields(
|
||||
UNREFERENCED_PARAMETER(pEapInteractiveUIData);
|
||||
UNREFERENCED_PARAMETER(pdwDataFromInteractiveUISize);
|
||||
UNREFERENCED_PARAMETER(ppDataFromInteractiveUI);
|
||||
UNREFERENCED_PARAMETER(ppEapError);
|
||||
UNREFERENCED_PARAMETER(ppvReserved);
|
||||
|
||||
*ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
|
||||
return false;
|
||||
throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user