Discrete output of credentials to event log centralized

2016-10-25 13:37:39 +02:00 · 2016-10-25 13:37:39 +02:00 · d87b3d37e5
commit d87b3d37e5
parent 04af17121c
6 changed files with 57 additions and 20 deletions
--- a/lib/EAPBase/include/Module.h
+++ b/lib/EAPBase/include/Module.h
@ -159,7 +159,7 @@ namespace eap
        /// Logs string list config value
        ///
        template<class _Traits, class _Ax, class _Ax_list>
-        inline void log_config(_In_z_ LPCWSTR name, _In_z_ const std::list<std::basic_string<char, _Traits, _Ax>, _Ax_list> &value) const
+        inline void log_config(_In_z_ LPCWSTR name, _In_ const std::list<std::basic_string<char, _Traits, _Ax>, _Ax_list> &value) const
        {
            // Prepare a table of event data descriptors.
            std::vector<EVENT_DATA_DESCRIPTOR> desc;
@ -177,7 +177,7 @@ namespace eap
        /// Logs Unicode string list config value
        ///
        template<class _Traits, class _Ax, class _Ax_list>
-        inline void log_config(_In_z_ LPCWSTR name, _In_z_ const std::list<std::basic_string<wchar_t, _Traits, _Ax>, _Ax_list> &value) const
+        inline void log_config(_In_z_ LPCWSTR name, _In_ const std::list<std::basic_string<wchar_t, _Traits, _Ax>, _Ax_list> &value) const
        {
            // Prepare a table of event data descriptors.
            std::vector<EVENT_DATA_DESCRIPTOR> desc;
@ -204,6 +204,48 @@ namespace eap
            m_ep.write(&EAPMETHOD_TRACE_EVT_CFG_VALUE_BOOL, _countof(desc), desc);
        }

+        ///
+        /// Logs binary config value
+        ///
+        inline void log_config(_In_z_ LPCWSTR name, _In_bytecount_(size) const void *data, _In_ ULONG size) const
+        {
+            EVENT_DATA_DESCRIPTOR desc[] = {
+                winstd::event_data(      name),
+                winstd::event_data(      size),
+                winstd::event_data(data, size)
+            };
+
+            m_ep.write(&EAPMETHOD_TRACE_EVT_CFG_VALUE_BINARY, _countof(desc), desc);
+        }
+
+        ///
+        /// Discretely logs Unicode string config value
+        ///
+        /// If \c _DEBUG is set the value is masked.
+        ///
+        inline void log_config_discrete(_In_z_ LPCWSTR name, _In_z_ LPCWSTR value) const
+        {
+#ifdef _DEBUG
+            log_config(name, value);
+#else
+            log_config(name, value ? value[0] ? L"********" : L"" : NULL);
+#endif
+        }
+
+        ///
+        /// Discretely logs binary config value
+        ///
+        /// If \c _DEBUG is set the value is masked.
+        ///
+        inline void log_config_discrete(_In_z_ LPCWSTR name, _In_bytecount_(size) const void *data, _In_ ULONG size) const
+        {
+#ifdef _DEBUG
+            log_config(name, data, size);
+#else
+            log_config(name, data ? size ? L"********" : L"" : NULL);
+#endif
+        }
+
        ///
        /// Logs event
        ///
--- a/lib/EAPBase/src/Credentials.cpp
+++ b/lib/EAPBase/src/Credentials.cpp
@ -319,13 +319,7 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
        SecureZeroMemory((BSTR)password, sizeof(OLECHAR)*password.length());
    }

-    m_module.log_config((xpath + L"/Password").c_str(),
-#ifdef _DEBUG
-        m_password.c_str()
-#else
-        L"********"
-#endif
-        );
+    m_module.log_config_discrete((xpath + L"/Password").c_str(), m_password.c_str());
 }


@ -420,13 +414,7 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned

    wstring xpath(pszTargetName);
    m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
-    m_module.log_config((xpath + L"/Password").c_str(),
-#ifdef _DEBUG
-        m_password.c_str()
-#else
-        L"********"
-#endif
-        );
+    m_module.log_config_discrete((xpath + L"/Password").c_str(), m_password.c_str());
 }


--- a/lib/EapHost/src/Credentials.cpp
+++ b/lib/EapHost/src/Credentials.cpp
@ -118,8 +118,7 @@ void eap::credentials_eaphost::load(_In_ IXMLDOMNode *pConfigRoot)
    if (FAILED(hr = eapxml::get_element_base64(pConfigRoot, bstr(L"eap-metadata:Credentials"), m_cred_blob)))
        throw com_runtime_error(hr, __FUNCTION__ " Error reading <Credentials> element.");

-    // TODO: Finish log output!
-    //m_module.log_config((xpath + L"/Credentials").c_str(), get_name().c_str());
+    m_module.log_config_discrete((xpath + L"/Credentials").c_str(), m_cred_blob.data(), (ULONG)m_cred_blob.size());
 }


--- a/lib/EapHost/src/StdAfx.h
+++ b/lib/EapHost/src/StdAfx.h
@ -24,6 +24,7 @@
 #include "../include/Credentials.h"
 #include "../include/Method.h"

+#include <WinStd/Cred.h>
 #include <WinStd/Win.h>

 #include <Windows.h>
--- a/lib/Events/res/EventsETW.man
+++ b/lib/Events/res/EventsETW.man
--- a/lib/TLS/src/Credentials.cpp
+++ b/lib/TLS/src/Credentials.cpp
@ -140,7 +140,11 @@ void eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot)
                m_cert.create(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size());
        }
    }
-    m_module.log_config((xpath + L"/ClientCertificate").c_str(), get_name().c_str());
+
+    if (m_cert)
+        m_module.log_config_discrete((xpath + L"/ClientCertificate").c_str(), m_cert->pbCertEncoded, m_cert->cbCertEncoded);
+    else
+        m_module.log_config_discrete((xpath + L"/ClientCertificate").c_str(), NULL, 0);
 }


@ -234,7 +238,10 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned

    wstring xpath(pszTargetName);
    m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
-    m_module.log_config((xpath + L"/Certificate").c_str(), get_name().c_str());
+    if (m_cert)
+        m_module.log_config_discrete((xpath + L"/Certificate").c_str(), m_cert->pbCertEncoded, m_cert->cbCertEncoded);
+    else
+        m_module.log_config_discrete((xpath + L"/Certificate").c_str(), NULL, 0);
 }