Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

"Last Authentication Failed" flag extended to support finer feedback, why last authentication failed

Browse Source
This commit is contained in:
Simon Rozman
2016-09-06 14:10:02 +02:00
parent b7ed9d076f
commit c765954c0f
15 changed files with 149 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
lib/EAPBase/include/Config.h
View File

@@ -352,10 +352,25 @@ namespace eap
virtual credentials* make_credentials() const = 0;
public:
bool m_allow_save; ///< Are credentials allowed to be saved to Windows Credential Manager?
bool m_use_preshared; ///< Use pre-shared credentials
std::unique_ptr<credentials> m_preshared; ///< Pre-shared credentials
bool m_auth_failed; ///< Did credential fail last time?
bool m_allow_save; ///< Are credentials allowed to be saved to Windows Credential Manager?
bool m_use_preshared; ///< Use pre-shared credentials
std::unique_ptr<credentials> m_preshared; ///< Pre-shared credentials
enum status {
status_success = 0, ///< Authentication succeeded
status_auth_failed, ///< Authentication failed
status_cred_invalid, ///< Invalid credentials
status_cred_expired, ///< Credentials expired
status_cred_changing, ///< Credentials are being changed
status_account_disabled, ///< Account is disabled
status_account_logon_hours, ///< Restricted account logon hours
status_account_denied, ///< Account access is denied
// Meta statuses
status_cred_begin = status_cred_invalid, ///< First credential related problem
status_cred_end = status_cred_changing + 1, ///< First problem, that is not credential related any more
} m_last_status; ///< Status of authentication the last time
std::wstring m_last_msg; ///< Server message at the last authentication
};
@@ -604,3 +619,21 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config &val)
{
val.operator>>(cursor);
}
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::config_method_with_cred::status &val)
{
cursor << (unsigned char)val;
}
inline size_t pksizeof(_In_ const eap::config_method_with_cred::status &val)
{
return pksizeof((unsigned char)val);
}
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config_method_with_cred::status &val)
{
cursor >> (unsigned char&)val;
}

2
lib/EAPBase/include/Method.h
View File

@@ -124,7 +124,7 @@ namespace eap
///
virtual void get_result(
_In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *ppResult) = 0;
_Inout_ EapPeerMethodResult *ppResult);
/// @}

34
lib/EAPBase/src/Config.cpp
View File

@@ -142,18 +142,19 @@ eap::config_method& eap::config_method::operator=(_Inout_ config_method &&other)
eap::config_method_with_cred::config_method_with_cred(_In_ module &mod) :
m_allow_save(true),
m_use_preshared(false),
m_auth_failed(false),
m_last_status(status_success),
config_method(mod)
{
}
eap::config_method_with_cred::config_method_with_cred(_In_ const config_method_with_cred &other) :
m_allow_save(other.m_allow_save),
m_use_preshared(other.m_use_preshared),
m_preshared(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr),
m_auth_failed(other.m_auth_failed),
config_method(other)
m_allow_save (other.m_allow_save ),
m_use_preshared(other.m_use_preshared ),
m_preshared (other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr),
m_last_status (other.m_last_status ),
m_last_msg (other.m_last_msg ),
config_method (other )
{
}
@@ -162,7 +163,8 @@ eap::config_method_with_cred::config_method_with_cred(_Inout_ config_method_with
m_allow_save (std::move(other.m_allow_save )),
m_use_preshared(std::move(other.m_use_preshared)),
m_preshared (std::move(other.m_preshared )),
m_auth_failed (std::move(other.m_auth_failed )),
m_last_status (std::move(other.m_last_status )),
m_last_msg (std::move(other.m_last_msg )),
config_method (std::move(other ))
{
}
@@ -175,7 +177,8 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_In_ const
m_allow_save = other.m_allow_save;
m_use_preshared = other.m_use_preshared;
m_preshared.reset(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr);
m_auth_failed = other.m_auth_failed;
m_last_status = other.m_last_status;
m_last_msg = other.m_last_msg;
}
return *this;
@@ -189,7 +192,8 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_Inout_ co
m_allow_save = std::move(other.m_allow_save );
m_use_preshared = std::move(other.m_use_preshared);
m_preshared = std::move(other.m_preshared );
m_auth_failed = std::move(other.m_auth_failed );
m_last_status = std::move(other.m_last_status );
m_last_msg = std::move(other.m_last_msg );
}
return *this;
@@ -241,6 +245,9 @@ void eap::config_method_with_cred::load(_In_ IXMLDOMNode *pConfigRoot)
// This is not really an error - merely an indication pre-shared credentials are unavailable.
}
}
m_last_status = status_success;
m_last_msg.clear();
}
@@ -250,7 +257,8 @@ void eap::config_method_with_cred::operator<<(_Inout_ cursor_out &cursor) const
cursor << m_allow_save;
cursor << m_use_preshared;
cursor << *m_preshared;
cursor << m_auth_failed;
cursor << m_last_status;
cursor << m_last_msg;
}
@@ -261,7 +269,8 @@ size_t eap::config_method_with_cred::get_pk_size() const
pksizeof(m_allow_save ) +
pksizeof(m_use_preshared) +
pksizeof(*m_preshared ) +
pksizeof(m_auth_failed );
pksizeof(m_last_status ) +
pksizeof(m_last_msg );
}
@@ -271,7 +280,8 @@ void eap::config_method_with_cred::operator>>(_Inout_ cursor_in &cursor)
cursor >> m_allow_save;
cursor >> m_use_preshared;
cursor >> *m_preshared;
cursor >> m_auth_failed;
cursor >> m_last_status;
cursor >> m_last_msg;
}

33
lib/EAPBase/src/Method.cpp
View File

@@ -68,6 +68,11 @@ void eap::method::begin_session(
UNREFERENCED_PARAMETER(pAttributeArray);
UNREFERENCED_PARAMETER(hTokenImpersonateUser);
UNREFERENCED_PARAMETER(dwMaxSendPacketSize);
// Presume authentication will fail with generic protocol failure. (Pesimist!!!)
// We will reset once we get get_result(Success) call.
m_cfg.m_last_status = config_method_with_cred::status_auth_failed;
m_cfg.m_last_msg.clear();
}
@@ -76,6 +81,34 @@ void eap::method::end_session()
}
void eap::method::get_result(
_In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *ppResult)
{
assert(ppResult);
switch (reason) {
case EapPeerMethodResultSuccess: {
m_module.log_event(&EAPMETHOD_METHOD_SUCCESS, event_data((unsigned int)m_cfg.get_method_id()), event_data::blank);
m_cfg.m_last_status = config_method_with_cred::status_success;
break;
}
case EapPeerMethodResultFailure:
m_module.log_event(&EAPMETHOD_METHOD_FAILURE_ERROR2, event_data((unsigned int)m_cfg.get_method_id()), event_data((unsigned int)m_cfg.m_last_status), event_data::blank);
break;
default:
throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
}
// Always ask EAP host to save the connection data. And it will save it *only* when we report "success".
// Don't worry. EapHost is well aware of failed authentication condition.
ppResult->fSaveConnectionData = TRUE;
ppResult->fIsSuccess = TRUE;
}
//////////////////////////////////////////////////////////////////////
// eap::method_noneap
//////////////////////////////////////////////////////////////////////