From d87b3d37e50da01354b6bb4c386e4eb8da9d50c8 Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Tue, 25 Oct 2016 13:37:39 +0200 Subject: [PATCH] Discrete output of credentials to event log centralized --- lib/EAPBase/include/Module.h | 46 ++++++++++++++++++++++++++++++-- lib/EAPBase/src/Credentials.cpp | 16 ++--------- lib/EapHost/src/Credentials.cpp | 3 +-- lib/EapHost/src/StdAfx.h | 1 + lib/Events/res/EventsETW.man | Bin 105046 -> 105862 bytes lib/TLS/src/Credentials.cpp | 11 ++++++-- 6 files changed, 57 insertions(+), 20 deletions(-) diff --git a/lib/EAPBase/include/Module.h b/lib/EAPBase/include/Module.h index c5ba7c4..5378cd4 100644 --- a/lib/EAPBase/include/Module.h +++ b/lib/EAPBase/include/Module.h @@ -159,7 +159,7 @@ namespace eap /// Logs string list config value /// template - inline void log_config(_In_z_ LPCWSTR name, _In_z_ const std::list, _Ax_list> &value) const + inline void log_config(_In_z_ LPCWSTR name, _In_ const std::list, _Ax_list> &value) const { // Prepare a table of event data descriptors. std::vector desc; @@ -177,7 +177,7 @@ namespace eap /// Logs Unicode string list config value /// template - inline void log_config(_In_z_ LPCWSTR name, _In_z_ const std::list, _Ax_list> &value) const + inline void log_config(_In_z_ LPCWSTR name, _In_ const std::list, _Ax_list> &value) const { // Prepare a table of event data descriptors. std::vector desc; @@ -204,6 +204,48 @@ namespace eap m_ep.write(&EAPMETHOD_TRACE_EVT_CFG_VALUE_BOOL, _countof(desc), desc); } + /// + /// Logs binary config value + /// + inline void log_config(_In_z_ LPCWSTR name, _In_bytecount_(size) const void *data, _In_ ULONG size) const + { + EVENT_DATA_DESCRIPTOR desc[] = { + winstd::event_data( name), + winstd::event_data( size), + winstd::event_data(data, size) + }; + + m_ep.write(&EAPMETHOD_TRACE_EVT_CFG_VALUE_BINARY, _countof(desc), desc); + } + + /// + /// Discretely logs Unicode string config value + /// + /// If \c _DEBUG is set the value is masked. + /// + inline void log_config_discrete(_In_z_ LPCWSTR name, _In_z_ LPCWSTR value) const + { +#ifdef _DEBUG + log_config(name, value); +#else + log_config(name, value ? value[0] ? L"********" : L"" : NULL); +#endif + } + + /// + /// Discretely logs binary config value + /// + /// If \c _DEBUG is set the value is masked. + /// + inline void log_config_discrete(_In_z_ LPCWSTR name, _In_bytecount_(size) const void *data, _In_ ULONG size) const + { +#ifdef _DEBUG + log_config(name, data, size); +#else + log_config(name, data ? size ? L"********" : L"" : NULL); +#endif + } + /// /// Logs event /// diff --git a/lib/EAPBase/src/Credentials.cpp b/lib/EAPBase/src/Credentials.cpp index 88acfd3..d98d7bd 100644 --- a/lib/EAPBase/src/Credentials.cpp +++ b/lib/EAPBase/src/Credentials.cpp @@ -319,13 +319,7 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot) SecureZeroMemory((BSTR)password, sizeof(OLECHAR)*password.length()); } - m_module.log_config((xpath + L"/Password").c_str(), -#ifdef _DEBUG - m_password.c_str() -#else - L"********" -#endif - ); + m_module.log_config_discrete((xpath + L"/Password").c_str(), m_password.c_str()); } @@ -420,13 +414,7 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned wstring xpath(pszTargetName); m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str()); - m_module.log_config((xpath + L"/Password").c_str(), -#ifdef _DEBUG - m_password.c_str() -#else - L"********" -#endif - ); + m_module.log_config_discrete((xpath + L"/Password").c_str(), m_password.c_str()); } diff --git a/lib/EapHost/src/Credentials.cpp b/lib/EapHost/src/Credentials.cpp index 6033666..636e37f 100644 --- a/lib/EapHost/src/Credentials.cpp +++ b/lib/EapHost/src/Credentials.cpp @@ -118,8 +118,7 @@ void eap::credentials_eaphost::load(_In_ IXMLDOMNode *pConfigRoot) if (FAILED(hr = eapxml::get_element_base64(pConfigRoot, bstr(L"eap-metadata:Credentials"), m_cred_blob))) throw com_runtime_error(hr, __FUNCTION__ " Error reading element."); - // TODO: Finish log output! - //m_module.log_config((xpath + L"/Credentials").c_str(), get_name().c_str()); + m_module.log_config_discrete((xpath + L"/Credentials").c_str(), m_cred_blob.data(), (ULONG)m_cred_blob.size()); } diff --git a/lib/EapHost/src/StdAfx.h b/lib/EapHost/src/StdAfx.h index 4e421e0..25689c4 100644 --- a/lib/EapHost/src/StdAfx.h +++ b/lib/EapHost/src/StdAfx.h @@ -24,6 +24,7 @@ #include "../include/Credentials.h" #include "../include/Method.h" +#include #include #include diff --git a/lib/Events/res/EventsETW.man b/lib/Events/res/EventsETW.man index dc3ae1581be0a32a7fd8cc614893a46f33878bd6..3f5fc8ba81dcc3c2249bac7a0ab68c067225a1bd 100644 GIT binary patch delta 151 zcmcb%g{^Hj+lB?zlN%}oIGq?W8S)qs8Hy%vte8Eyp_5~BNt)K=hDs~Z9EMb&Ogcje zLk5E_gAzk9P-WHR!Zi8GYkK(@6((a_A&4Pzvfv8gNgE^>O(#!W7YLMq+Qm>g`QqyI$?rCZO+UxMD6zS2(~aipbCertEncoded, m_cert->cbCertEncoded); + else + m_module.log_config_discrete((xpath + L"/ClientCertificate").c_str(), NULL, 0); } @@ -234,7 +238,10 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned wstring xpath(pszTargetName); m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str()); - m_module.log_config((xpath + L"/Certificate").c_str(), get_name().c_str()); + if (m_cert) + m_module.log_config_discrete((xpath + L"/Certificate").c_str(), m_cert->pbCertEncoded, m_cert->cbCertEncoded); + else + m_module.log_config_discrete((xpath + L"/Certificate").c_str(), NULL, 0); }