Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Work continues...

Browse Source 
- More event reporting added
- unsigned long and DWORD replaced with unsigned int for code readability and (possibly) portability
- Client hello message fixed
- SSL version reverted to TLS 1.0, will catch-up later if required
This commit is contained in:
Simon Rozman
2016-08-07 12:15:45 +02:00
parent e649a86b1f
commit d199cb68bb
9 changed files with 119 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/TTLS/include/Method.h
View File

@@ -143,6 +143,20 @@ namespace eap
_Inout_ DWORD *pdwSendPacketSize,
_Out_ EAP_ERROR **ppEapError);
///
/// Obtains the result of an authentication session from the EAP method.
///
/// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
///
/// \returns
/// - \c true if succeeded
/// - \c false otherwise. See \p ppEapError for details.
///
virtual bool get_result(
_In_ EapPeerMethodResultReason reason,
_Out_ EapPeerMethodResult *ppResult,
_Out_ EAP_ERROR **ppEapError);
/// @}
public:

11
lib/TTLS/src/Method.cpp
View File

@@ -106,7 +106,7 @@ bool eap::method_ttls::process_request_packet(
// Determine minimum EAP-TTLS version supported by server and us.
version_t ver_remote = (version_t)(pReceivedPacket->Data[1] & ttls_flags_ver_mask);
m_version = std::min<version_t>(ver_remote, version_0);
m_module.log_event(&EAPMETHOD_HANDSHAKE_START1, event_data((DWORD)eap_type_ttls), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank);
m_module.log_event(&EAPMETHOD_HANDSHAKE_START1, event_data((unsigned int)eap_type_ttls), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank);
}
return m_outer.process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput, ppEapError);
@@ -128,3 +128,12 @@ bool eap::method_ttls::get_response_packet(
return true;
}
bool eap::method_ttls::get_result(
_In_ EapPeerMethodResultReason reason,
_Out_ EapPeerMethodResult *ppResult,
_Out_ EAP_ERROR **ppEapError)
{
return m_outer.get_result(reason, ppResult, ppEapError);
}

26
lib/TTLS/src/Module.cpp
View File

@@ -122,14 +122,14 @@ bool eap::peer_ttls::get_identity(
if (!is_outer_set) {
// Outer TLS: Using EAP service cached credentials.
cred_out.m_outer = cred_in.m_outer;
log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((DWORD)eap_type_tls), event_data(cred_out.m_outer.get_name()), event_data::blank);
log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_tls), event_data(cred_out.m_outer.get_name()), event_data::blank);
is_outer_set = true;
}
if (!is_inner_set && cred_in.m_inner) {
// Inner PAP: Using EAP service cached credentials.
cred_out.m_inner.reset((credentials*)cred_in.m_inner->clone());
log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((DWORD)type_inner), event_data(cred_out.m_inner->get_name()), event_data::blank);
log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)type_inner), event_data(cred_out.m_inner->get_name()), event_data::blank);
is_inner_set = true;
}
}
@@ -137,7 +137,7 @@ bool eap::peer_ttls::get_identity(
if (!is_outer_set && cfg_method->m_outer.m_use_preshared) {
// Outer TLS: Using preshared credentials.
cred_out.m_outer = *(credentials_tls*)cfg_method->m_outer.m_preshared.get();
log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((DWORD)eap_type_tls), event_data(cred_out.m_outer.get_name()), event_data::blank);
log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_tls), event_data(cred_out.m_outer.get_name()), event_data::blank);
is_outer_set = true;
}
@@ -146,7 +146,7 @@ bool eap::peer_ttls::get_identity(
if (cfg_inner_pap->m_use_preshared) {
// Inner PAP: Using preshared credentials.
cred_out.m_inner.reset((credentials*)cfg_inner_pap->m_preshared->clone());
log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((DWORD)type_inner), event_data(cred_out.m_inner->get_name()), event_data::blank);
log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)type_inner), event_data(cred_out.m_inner->get_name()), event_data::blank);
is_inner_set = true;
}
} else
@@ -164,7 +164,7 @@ bool eap::peer_ttls::get_identity(
if (cred_loaded.retrieve(cfg_prov.m_id.c_str(), ppEapError)) {
// Outer TLS: Using stored credentials.
cred_out.m_outer = std::move(cred_loaded);
log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((DWORD)eap_type_tls), event_data(cred_out.m_outer.get_name()), event_data::blank);
log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_tls), event_data(cred_out.m_outer.get_name()), event_data::blank);
is_outer_set = true;
} else {
// Not actually an error.
@@ -179,7 +179,7 @@ bool eap::peer_ttls::get_identity(
if (cred_loaded->retrieve(cfg_prov.m_id.c_str(), ppEapError)) {
// Inner PAP: Using stored credentials.
cred_out.m_inner = std::move(cred_loaded);
log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((DWORD)type_inner), event_data(cred_out.m_inner->get_name()), event_data::blank);
log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)type_inner), event_data(cred_out.m_inner->get_name()), event_data::blank);
is_inner_set = true;
} else {
// Not actually an error.
@@ -195,13 +195,13 @@ bool eap::peer_ttls::get_identity(
if ((dwFlags & EAP_FLAG_MACHINE_AUTH) == 0) {
// Per-user authentication
if (!is_outer_set) {
log_event(&EAPMETHOD_TRACE_EVT_CRED_INVOKE_UI1, event_data((DWORD)eap_type_tls), event_data::blank);
log_event(&EAPMETHOD_TRACE_EVT_CRED_INVOKE_UI1, event_data((unsigned int)eap_type_tls), event_data::blank);
*pfInvokeUI = TRUE;
return true;
}
if (!is_inner_set) {
log_event(&EAPMETHOD_TRACE_EVT_CRED_INVOKE_UI1, event_data((DWORD)type_inner), event_data::blank);
log_event(&EAPMETHOD_TRACE_EVT_CRED_INVOKE_UI1, event_data((unsigned int)type_inner), event_data::blank);
*pfInvokeUI = TRUE;
return true;
}
@@ -217,7 +217,7 @@ bool eap::peer_ttls::get_identity(
// Build our identity. ;)
wstring identity(std::move(cfg_method->get_public_identity(cred_out)));
log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((DWORD)eap_type_ttls), event_data(identity), event_data::blank);
log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_ttls), event_data(identity), event_data::blank);
size_t size = sizeof(WCHAR)*(identity.length() + 1);
*ppwszIdentity = (WCHAR*)alloc_memory(size);
memcpy(*ppwszIdentity, identity.c_str(), size);
@@ -400,13 +400,7 @@ bool eap::peer_ttls::get_result(
_Out_ EapPeerMethodResult *ppResult,
_Out_ EAP_ERROR **ppEapError)
{
UNREFERENCED_PARAMETER(hSession);
UNREFERENCED_PARAMETER(reason);
UNREFERENCED_PARAMETER(ppResult);
assert(ppEapError);
*ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
return false;
return static_cast<session*>(hSession)->m_method.get_result(reason, ppResult, ppEapError);
}