Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Last result status handling improved

Browse Source
This commit is contained in:
Simon Rozman 2016-11-04 11:50:58 +01:00
parent 7750ebdb66
commit d08b70c284
3 changed files with 8 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/MSCHAPv2/include/Method.h
View File

@ -135,7 +135,6 @@ namespace eap
challenge_mschapv2 m_challenge_client; ///< MSCHAP client challenge challenge_mschapv2 m_challenge_client; ///< MSCHAP client challenge
unsigned char m_ident; ///< Ident unsigned char m_ident; ///< Ident
nt_response m_nt_resp; ///< NT-Response nt_response m_nt_resp; ///< NT-Response
bool m_success; ///< Did we receive MS-CHAP2-Success?
sanitizing_blob m_packet_res; ///< Response packet sanitizing_blob m_packet_res; ///< Response packet
}; };

15
lib/MSCHAPv2/src/Method.cpp
View File

@ -32,7 +32,6 @@ eap::method_mschapv2_base::method_mschapv2_base(_In_ module &mod, _In_ config_me
m_cfg(cfg), m_cfg(cfg),
m_cred(cred), m_cred(cred),
m_ident(0), m_ident(0),
m_success(false),
method(mod) method(mod)
{ {
} }
@ -46,7 +45,6 @@ eap::method_mschapv2_base::method_mschapv2_base(_Inout_ method_mschapv2_base &&o
m_challenge_client(std::move(other.m_challenge_client)), m_challenge_client(std::move(other.m_challenge_client)),
m_ident (std::move(other.m_ident )), m_ident (std::move(other.m_ident )),
m_nt_resp (std::move(other.m_nt_resp )), m_nt_resp (std::move(other.m_nt_resp )),
m_success (std::move(other.m_success )),
m_packet_res (std::move(other.m_packet_res )), m_packet_res (std::move(other.m_packet_res )),
method (std::move(other )) method (std::move(other ))
{ {
@ -64,7 +62,6 @@ eap::method_mschapv2_base& eap::method_mschapv2_base::operator=(_Inout_ method_m
m_challenge_client = std::move(other.m_challenge_client); m_challenge_client = std::move(other.m_challenge_client);
m_ident = std::move(other.m_ident ); m_ident = std::move(other.m_ident );
m_nt_resp = std::move(other.m_nt_resp ); m_nt_resp = std::move(other.m_nt_resp );
m_success = std::move(other.m_success );
m_packet_res = std::move(other.m_packet_res ); m_packet_res = std::move(other.m_packet_res );
} }
@ -122,7 +119,7 @@ void eap::method_mschapv2_base::get_result(
void eap::method_mschapv2_base::process_success(_In_ const list<string> &argv) void eap::method_mschapv2_base::process_success(_In_ const list<string> &argv)
{ {
m_success = false; assert(m_cfg.m_last_status != config_method::status_success);
for (auto arg = argv.cbegin(), arg_end = argv.cend(); arg != arg_end; ++arg) { for (auto arg = argv.cbegin(), arg_end = argv.cend(); arg != arg_end; ++arg) {
const string &val = *arg; const string &val = *arg;
@ -143,11 +140,11 @@ void eap::method_mschapv2_base::process_success(_In_ const list<string> &argv)
throw invalid_argument(__FUNCTION__ " MS-CHAP2-Success authentication response string failed."); throw invalid_argument(__FUNCTION__ " MS-CHAP2-Success authentication response string failed.");
m_module.log_event(&EAPMETHOD_METHOD_SUCCESS, event_data((unsigned int)m_cfg.get_method_id()), event_data::blank); m_module.log_event(&EAPMETHOD_METHOD_SUCCESS, event_data((unsigned int)m_cfg.get_method_id()), event_data::blank);
m_success = true; m_cfg.m_last_status = config_method::status_success;
} }
} }
if (!m_success) if (m_cfg.m_last_status != config_method::status_success)
throw invalid_argument(__FUNCTION__ " MS-CHAP2-Success authentication response string not found."); throw invalid_argument(__FUNCTION__ " MS-CHAP2-Success authentication response string not found.");
} }
@ -300,9 +297,10 @@ EapPeerMethodResponseAction eap::method_mschapv2::process_request_packet(
case chap_packet_code_success: case chap_packet_code_success:
process_success(parse_response(reinterpret_cast<const char*>(msg), reinterpret_cast<const char*>(msg_end) - reinterpret_cast<const char*>(msg))); process_success(parse_response(reinterpret_cast<const char*>(msg), reinterpret_cast<const char*>(msg_end) - reinterpret_cast<const char*>(msg)));
if (m_success) { if (m_cfg.m_last_status == config_method::status_success) {
// Acknowledge the authentication by sending a "3" (chap_packet_code_success). // Acknowledge the authentication by sending a "3" (chap_packet_code_success).
m_packet_res.assign(1, chap_packet_code_success); m_packet_res.assign(1, chap_packet_code_success);
m_cfg.m_last_status = config_method::status_auth_failed; // Blame protocol if we fail beyond this point.
return EapPeerMethodResponseActionSend; return EapPeerMethodResponseActionSend;
} else } else
return EapPeerMethodResponseActionDiscard; return EapPeerMethodResponseActionDiscard;
@ -405,11 +403,12 @@ EapPeerMethodResponseAction eap::method_mschapv2_diameter::process_request_packe
case phase_challenge_server: { case phase_challenge_server: {
process_packet(pReceivedPacket, dwReceivedPacketSize); process_packet(pReceivedPacket, dwReceivedPacketSize);
if (m_success) { if (m_cfg.m_last_status == config_method::status_success) {
m_phase = phase_finished; m_phase = phase_finished;
// Acknowledge the authentication by sending an empty response packet. // Acknowledge the authentication by sending an empty response packet.
m_packet_res.clear(); m_packet_res.clear();
m_cfg.m_last_status = config_method::status_auth_failed; // Blame protocol if we fail beyond this point.
return EapPeerMethodResponseActionSend; return EapPeerMethodResponseActionSend;
} else } else
return EapPeerMethodResponseActionDiscard; return EapPeerMethodResponseActionDiscard;

15
lib/TTLS/src/Method.cpp
View File

@ -591,6 +591,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
m_module.log_event(&EAPMETHOD_TLS_QUERY_FAILED, event_data((unsigned int)SECPKG_ATTR_CONNECTION_INFO), event_data(status), event_data::blank); m_module.log_event(&EAPMETHOD_TLS_QUERY_FAILED, event_data((unsigned int)SECPKG_ATTR_CONNECTION_INFO), event_data(status), event_data::blank);
m_phase = phase_finished; m_phase = phase_finished;
m_cfg.m_last_status = config_method::status_success;
method_mschapv2_diameter *inner_mschapv2 = dynamic_cast<method_mschapv2_diameter*>(m_inner.get()); method_mschapv2_diameter *inner_mschapv2 = dynamic_cast<method_mschapv2_diameter*>(m_inner.get());
if (inner_mschapv2) { if (inner_mschapv2) {
@ -833,20 +834,6 @@ void eap::method_ttls::get_result(
// Don't worry. EapHost is well aware of failed authentication condition. // Don't worry. EapHost is well aware of failed authentication condition.
pResult->fSaveConnectionData = TRUE; pResult->fSaveConnectionData = TRUE;
pResult->fIsSuccess = TRUE; pResult->fIsSuccess = TRUE;
//if (m_phase == phase_finished) {
// // Get inner method result.
// EapPeerMethodResult result = {};
// m_inner->get_result(reason, &result);
// if (result.fSaveConnectionData)
// pResult->fSaveConnectionData = TRUE;
// if (m_inner->m_cfg.m_last_status != config_method::status_success) {
// // Inner method admitted problems, so autentication must have proceeded to inner authentication already.
// // Therefore, outer authentication must have been OK.
// m_cfg.m_last_status = config_method::status_success;
// }
//}
} }