Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

EAP-TTLS session development continues...

Browse Source
This commit is contained in:
Simon Rozman 2016-08-05 00:32:57 +02:00
parent a102b43a19
commit f2aa43913d
14 changed files with 565 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
EAPMethods/src/Main.cpp
View File

@ -376,11 +376,12 @@ DWORD APIENTRY EapPeerProcessRequestPacket(
if (!hSession) if (!hSession)
g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" hSession is NULL."))); g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" hSession is NULL.")));
else if (!pReceivedPacket && dwReceivedPacketSize) else if (!pReceivedPacket || dwReceivedPacketSize < 4)
g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pReceivedPacket is NULL."))); g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pReceivedPacket is NULL or too short.")));
else if (!pEapOutput) else if (!pEapOutput)
g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapOutput is NULL."))); g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapOutput is NULL.")));
else { else {
assert(dwReceivedPacketSize == ntohs(*(WORD*)pReceivedPacket->Length));
if (!static_cast<_EAPMETHOD_SESSION*>(hSession)->process_request_packet(dwReceivedPacketSize, pReceivedPacket, pEapOutput, ppEapError)) { if (!static_cast<_EAPMETHOD_SESSION*>(hSession)->process_request_packet(dwReceivedPacketSize, pReceivedPacket, pEapOutput, ppEapError)) {
if (*ppEapError) { if (*ppEapError) {
g_peer.log_error(*ppEapError); g_peer.log_error(*ppEapError);

4
lib/EAPBase/include/Module.h
View File

@ -622,7 +622,7 @@ namespace eap
*pdwDataOutSize = (DWORD)data_enc.size(); *pdwDataOutSize = (DWORD)data_enc.size();
*ppDataOut = alloc_memory(*pdwDataOutSize); *ppDataOut = alloc_memory(*pdwDataOutSize);
if (!*ppDataOut) { if (!*ppDataOut) {
log_error(*ppEapError = g_peer.make_error(ERROR_OUTOFMEMORY, tstring_printf(_T(__FUNCTION__) _T(" Error allocating memory for BLOB (%uB)."), *pdwDataOutSize).c_str())); log_error(*ppEapError = g_peer.make_error(ERROR_OUTOFMEMORY, wstring_printf(_T(__FUNCTION__) _T(" Error allocating memory for BLOB (%uB)."), *pdwDataOutSize).c_str()));
return false; return false;
} }
memcpy(*ppDataOut, data_enc.data(), *pdwDataOutSize); memcpy(*ppDataOut, data_enc.data(), *pdwDataOutSize);
@ -631,7 +631,7 @@ namespace eap
*pdwDataOutSize = (DWORD)pksizeof(record); *pdwDataOutSize = (DWORD)pksizeof(record);
*ppDataOut = alloc_memory(*pdwDataOutSize); *ppDataOut = alloc_memory(*pdwDataOutSize);
if (!*ppDataOut) { if (!*ppDataOut) {
log_error(*ppEapError = g_peer.make_error(ERROR_OUTOFMEMORY, tstring_printf(_T(__FUNCTION__) _T(" Error allocating memory for BLOB (%uB)."), *pdwDataOutSize).c_str())); log_error(*ppEapError = g_peer.make_error(ERROR_OUTOFMEMORY, wstring_printf(_T(__FUNCTION__) _T(" Error allocating memory for BLOB (%uB)."), *pdwDataOutSize).c_str()));
return false; return false;
} }

34
lib/EAPBase/include/Session.h
View File

@ -224,7 +224,6 @@ namespace eap
_Out_ EapPeerMethodOutput *pEapOutput, _Out_ EapPeerMethodOutput *pEapOutput,
_Out_ EAP_ERROR **ppEapError) = 0; _Out_ EAP_ERROR **ppEapError) = 0;
/// ///
/// Obtains a response packet from the EAP method. /// Obtains a response packet from the EAP method.
/// ///
@ -237,23 +236,7 @@ namespace eap
virtual bool get_response_packet( virtual bool get_response_packet(
_Inout_ DWORD *pdwSendPacketSize, _Inout_ DWORD *pdwSendPacketSize,
_Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket, _Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket,
_Out_ EAP_ERROR **ppEapError) _Out_ EAP_ERROR **ppEapError) = 0;
{
assert(pdwSendPacketSize);
assert(pSendPacket);
assert(ppEapError);
WORD size = m_packet.size();
if (size > *pdwSendPacketSize) {
*ppEapError = m_module.make_error(ERROR_INSUFFICIENT_BUFFER, winstd::string_printf(_T(__FUNCTION__) _T(" Packet buffer is too small (%uB required, %uB provided)."), m_packet.size(), *pdwSendPacketSize).c_str());
return false;
}
memcpy(pSendPacket, (const EapPacket*)m_packet, size);
*pdwSendPacketSize = size;
return true;
}
/// ///
/// Obtains the result of an authentication session from the EAP method. /// Obtains the result of an authentication session from the EAP method.
@ -366,13 +349,12 @@ namespace eap
/// @} /// @}
public: public:
module &m_module; ///< Reference of the EAP module module &m_module; ///< Reference of the EAP module
config_providers m_cfg; ///< Session configuration config_providers m_cfg; ///< Session configuration
credentials_type m_cred; ///< User credentials credentials_type m_cred; ///< User credentials
winstd::eap_packet m_packet; ///< Response packet interactive_request_type m_intreq; ///< Interactive UI request data
interactive_request_type m_intreq; ///< Interactive UI request data DWORD m_eap_flags; ///< A combination of EAP flags that describe the new EAP authentication session behavior
DWORD m_eap_flags; ///< A combination of EAP flags that describe the new EAP authentication session behavior HANDLE m_token; ///< Specifies a handle to the user impersonation token to use in this session
HANDLE m_token; ///< Specifies a handle to the user impersonation token to use in this session DWORD m_send_packet_size_max; ///< Specifies the maximum size in bytes of an EAP packet sent during the session. If the method needs to send a packet larger than the maximum size, the method must accommodate fragmentation and reassembly.
DWORD m_send_packet_size_max; ///< Specifies the maximum size in bytes of an EAP packet sent during the session. If the method needs to send a packet larger than the maximum size, the method must accommodate fragmentation and reassembly.
}; };
} }

1
lib/Events/build/Events.vcxproj
View File

@ -93,6 +93,7 @@
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(IntDir)EventsETW.h;$(IntDir)EventsETW.rc;$(IntDir)EventsETW_MSG00001.bin;$(IntDir)EventsETWTEMP.BIN;%(Outputs)</Outputs> <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(IntDir)EventsETW.h;$(IntDir)EventsETW.rc;$(IntDir)EventsETW_MSG00001.bin;$(IntDir)EventsETWTEMP.BIN;%(Outputs)</Outputs>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)EventsETW.h;$(IntDir)EventsETW.rc;$(IntDir)EventsETW_MSG00001.bin;$(IntDir)EventsETWTEMP.BIN;%(Outputs)</Outputs> <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)EventsETW.h;$(IntDir)EventsETW.rc;$(IntDir)EventsETW_MSG00001.bin;$(IntDir)EventsETWTEMP.BIN;%(Outputs)</Outputs>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(IntDir)EventsETW.h;$(IntDir)EventsETW.rc;$(IntDir)EventsETW_MSG00001.bin;$(IntDir)EventsETWTEMP.BIN;%(Outputs)</Outputs> <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(IntDir)EventsETW.h;$(IntDir)EventsETW.rc;$(IntDir)EventsETW_MSG00001.bin;$(IntDir)EventsETWTEMP.BIN;%(Outputs)</Outputs>
<SubType>Designer</SubType>
</CustomBuild> </CustomBuild>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>

BIN
lib/Events/res/EventsETW.man
View File

Binary file not shown.

2
lib/TLS/build/TLS.vcxproj
View File

@ -81,10 +81,12 @@
<ItemGroup> <ItemGroup>
<ClInclude Include="..\include\Config.h" /> <ClInclude Include="..\include\Config.h" />
<ClInclude Include="..\include\Credentials.h" /> <ClInclude Include="..\include\Credentials.h" />
<ClInclude Include="..\include\Session.h" />
<ClInclude Include="..\src\StdAfx.h" /> <ClInclude Include="..\src\StdAfx.h" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClCompile Include="..\src\Config.cpp" /> <ClCompile Include="..\src\Config.cpp" />
<ClCompile Include="..\src\Session.cpp" />
<ClCompile Include="..\src\StdAfx.cpp"> <ClCompile Include="..\src\StdAfx.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader> <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader> <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>

6
lib/TLS/build/TLS.vcxproj.filters
View File

@ -20,6 +20,9 @@
<ClInclude Include="..\include\Credentials.h"> <ClInclude Include="..\include\Credentials.h">
<Filter>Header Files</Filter> <Filter>Header Files</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="..\include\Session.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClCompile Include="..\src\StdAfx.cpp"> <ClCompile Include="..\src\StdAfx.cpp">
@ -31,5 +34,8 @@
<ClCompile Include="..\src\Credentials.cpp"> <ClCompile Include="..\src\Credentials.cpp">
<Filter>Source Files</Filter> <Filter>Source Files</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="..\src\Session.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup> </ItemGroup>
</Project> </Project>

141
lib/TLS/include/Session.h Normal file
View File

@ -0,0 +1,141 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
namespace eap
{
///
/// TLS session
///
class session_tls;
}
#pragma once
#include "../include/Config.h"
#include "../include/Credentials.h"
#include "../../EAPBase/include/Session.h"
#include <WinStd/Crypt.h>
namespace eap
{
class session_tls : public session<config_method_tls, credentials_tls, bool, bool>
{
public:
///
/// Constructor
///
/// \param[in] mod Reference of the EAP module to use for global services
///
session_tls(_In_ module &mod);
///
/// Copies TLS session
///
/// \param[in] other Session to copy from
///
session_tls(_In_ const session_tls &other);
///
/// Moves TLS session
///
/// \param[in] other Session to move from
///
session_tls(_Inout_ session_tls &&other);
///
/// Copies TLS session
///
/// \param[in] other Session to copy from
///
/// \returns Reference to this object
///
session_tls& operator=(_In_ const session_tls &other);
///
/// Moves TLS session
///
/// \param[in] other Session to move from
///
/// \returns Reference to this object
///
session_tls& operator=(_Inout_ session_tls &&other);
/// \name Session start/end
/// @{
///
/// Starts an EAP authentication session on the peer EAPHost using the EAP method.
///
/// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
///
/// \returns
/// - \c true if succeeded
/// - \c false otherwise. See \p ppEapError for details.
///
//virtual bool begin(
// _In_ DWORD dwFlags,
// _In_ const EapAttributes *pAttributeArray,
// _In_ HANDLE hTokenImpersonateUser,
// _In_ DWORD dwMaxSendPacketSize,
// _Out_ EAP_ERROR **ppEapError);
/// @}
/// \name Packet processing
/// @{
///
/// Processes a packet received by EAPHost from a supplicant.
///
/// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
///
/// \returns
/// - \c true if succeeded
/// - \c false otherwise. See \p ppEapError for details.
///
virtual bool process_request_packet(
_In_ DWORD dwReceivedPacketSize,
_In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket,
_Out_ EapPeerMethodOutput *pEapOutput,
_Out_ EAP_ERROR **ppEapError);
///
/// Obtains the result of an authentication session from the EAP method.
///
/// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
///
/// \returns
/// - \c true if succeeded
/// - \c false otherwise. See \p ppEapError for details.
///
virtual bool get_result(
_In_ EapPeerMethodResultReason reason,
_Out_ EapPeerMethodResult *ppResult,
_Out_ EAP_ERROR **ppEapError);
/// @}
public:
winstd::crypt_prov m_cp; ///< Cryptography provider
};
}

109
lib/TLS/src/Session.cpp Normal file
View File

@ -0,0 +1,109 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::session_tls
//////////////////////////////////////////////////////////////////////
eap::session_tls::session_tls(_In_ module &mod) : session<config_method_tls, credentials_tls, bool, bool>(mod)
{
}
eap::session_tls::session_tls(_In_ const session_tls &other) :
session<config_method_tls, credentials_tls, bool, bool>(other)
{
}
eap::session_tls::session_tls(_Inout_ session_tls &&other) :
session<config_method_tls, credentials_tls, bool, bool>(std::move(other))
{
}
eap::session_tls& eap::session_tls::operator=(_In_ const session_tls &other)
{
if (this != &other)
(session<config_method_tls, credentials_tls, bool, bool>&)*this = other;
return *this;
}
eap::session_tls& eap::session_tls::operator=(_Inout_ session_tls &&other)
{
if (this != &other)
(session<config_method_tls, credentials_tls, bool, bool>&)*this = std::move(other);
return *this;
}
//bool eap::session_tls::begin(
// _In_ DWORD dwFlags,
// _In_ const EapAttributes *pAttributeArray,
// _In_ HANDLE hTokenImpersonateUser,
// _In_ DWORD dwMaxSendPacketSize,
// _Out_ EAP_ERROR **ppEapError)
//{
// if (!session<config_method_tls, credentials_tls, bool, bool>::begin(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize, ppEapError))
// return false;
//
//
//
// return true;
//}
bool eap::session_tls::process_request_packet(
_In_ DWORD dwReceivedPacketSize,
_In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket,
_Out_ EapPeerMethodOutput *pEapOutput,
_Out_ EAP_ERROR **ppEapError)
{
UNREFERENCED_PARAMETER(dwReceivedPacketSize);
UNREFERENCED_PARAMETER(pReceivedPacket);
UNREFERENCED_PARAMETER(pEapOutput);
assert(ppEapError);
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
return false;
}
bool eap::session_tls::get_result(
_In_ EapPeerMethodResultReason reason,
_Out_ EapPeerMethodResult *ppResult,
_Out_ EAP_ERROR **ppEapError)
{
UNREFERENCED_PARAMETER(reason);
UNREFERENCED_PARAMETER(ppResult);
assert(ppEapError);
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
return false;
}

1
lib/TLS/src/StdAfx.h
View File

@ -22,6 +22,7 @@
#include "../include/Config.h" #include "../include/Config.h"
#include "../include/Credentials.h" #include "../include/Credentials.h"
#include "../include/Session.h"
#include "../../EAPBase/include/EAPXML.h" #include "../../EAPBase/include/EAPXML.h"

69
lib/TTLS/include/Session.h
View File

@ -24,6 +24,14 @@ namespace eap
/// TTLS session /// TTLS session
/// ///
class session_ttls; class session_ttls;
///
/// EAP-TTLS packet flags
///
/// \sa [Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0) (Chapter: 9.1 Packet Format)](https://tools.ietf.org/html/rfc5281#section-9.1)
///
enum ttls_flags_t;
} }
#pragma once #pragma once
@ -33,6 +41,14 @@ namespace eap
namespace eap namespace eap
{ {
enum ttls_flags_t {
ttls_flags_length_incl = 0x80, ///< Length included
ttls_flags_more_frag = 0x40, ///< More fragments
ttls_flags_start = 0x20, ///< Start
ttls_flags_ver_mask = 0x07, ///< Version mask
};
class session_ttls : public session<config_method_ttls, credentials_ttls, bool, bool> class session_ttls : public session<config_method_ttls, credentials_ttls, bool, bool>
{ {
public: public:
@ -75,6 +91,27 @@ namespace eap
/// ///
session_ttls& operator=(_Inout_ session_ttls &&other); session_ttls& operator=(_Inout_ session_ttls &&other);
/// \name Session start/end
/// @{
///
/// Starts an EAP authentication session on the peer EAPHost using the EAP method.
///
/// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
///
/// \returns
/// - \c true if succeeded
/// - \c false otherwise. See \p ppEapError for details.
///
virtual bool begin(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_ DWORD dwMaxSendPacketSize,
_Out_ EAP_ERROR **ppEapError);
/// @}
/// \name Packet processing /// \name Packet processing
/// @{ /// @{
@ -93,6 +130,20 @@ namespace eap
_Out_ EapPeerMethodOutput *pEapOutput, _Out_ EapPeerMethodOutput *pEapOutput,
_Out_ EAP_ERROR **ppEapError); _Out_ EAP_ERROR **ppEapError);
///
/// Obtains a response packet from the EAP method.
///
/// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
///
/// \returns
/// - \c true if succeeded
/// - \c false otherwise. See \p ppEapError for details.
///
virtual bool get_response_packet(
_Inout_ DWORD *pdwSendPacketSize,
_Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket,
_Out_ EAP_ERROR **ppEapError);
/// ///
/// Obtains the result of an authentication session from the EAP method. /// Obtains the result of an authentication session from the EAP method.
/// ///
@ -108,5 +159,23 @@ namespace eap
_Out_ EAP_ERROR **ppEapError); _Out_ EAP_ERROR **ppEapError);
/// @} /// @}
public:
enum phase_t {
phase_handshake_start = 0,
} m_phase; ///< Session phase
enum version_t {
version_0 = 0, ///< EAP-TTLS v0
} m_version; ///< EAP-TTLS version
struct {
EapCode m_code; ///< Packet code
BYTE m_id; ///< Packet ID
BYTE m_flags; ///< Packet flags
std::vector<BYTE> m_data; ///< Packet data
}
m_packet_req, ///< Request packet
m_packet_res; ///< Response packet
}; };
} }

228
lib/TTLS/src/Session.cpp
View File

@ -28,27 +28,72 @@ using namespace winstd;
// eap::session_ttls // eap::session_ttls
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::session_ttls::session_ttls(_In_ module &mod) : session<config_method_ttls, credentials_ttls, bool, bool>(mod) eap::session_ttls::session_ttls(_In_ module &mod) :
m_phase(phase_handshake_start),
m_version(version_0),
session<config_method_ttls, credentials_ttls, bool, bool>(mod)
{ {
m_packet_req.m_code = (EapCode)0;
m_packet_req.m_id = 0;
m_packet_req.m_flags = version_0;
m_packet_res.m_code = (EapCode)0;
m_packet_res.m_id = 0;
m_packet_res.m_flags = version_0;
} }
eap::session_ttls::session_ttls(_In_ const session_ttls &other) : eap::session_ttls::session_ttls(_In_ const session_ttls &other) :
m_phase(other.m_phase),
m_version(other.m_version),
session<config_method_ttls, credentials_ttls, bool, bool>(other) session<config_method_ttls, credentials_ttls, bool, bool>(other)
{ {
m_packet_req.m_code = other.m_packet_req.m_code ;
m_packet_req.m_id = other.m_packet_req.m_id ;
m_packet_req.m_flags = other.m_packet_req.m_flags;
m_packet_req.m_data = other.m_packet_req.m_data ;
m_packet_res.m_code = other.m_packet_res.m_code ;
m_packet_res.m_id = other.m_packet_res.m_id ;
m_packet_res.m_flags = other.m_packet_res.m_flags;
m_packet_res.m_data = other.m_packet_res.m_data ;
} }
eap::session_ttls::session_ttls(_Inout_ session_ttls &&other) : eap::session_ttls::session_ttls(_Inout_ session_ttls &&other) :
m_phase(std::move(other.m_phase)),
m_version(std::move(other.m_version)),
session<config_method_ttls, credentials_ttls, bool, bool>(std::move(other)) session<config_method_ttls, credentials_ttls, bool, bool>(std::move(other))
{ {
m_packet_req.m_code = std::move(other.m_packet_req.m_code );
m_packet_req.m_id = std::move(other.m_packet_req.m_id );
m_packet_req.m_flags = std::move(other.m_packet_req.m_flags);
m_packet_req.m_data = std::move(other.m_packet_req.m_data );
m_packet_res.m_code = std::move(other.m_packet_res.m_code );
m_packet_res.m_id = std::move(other.m_packet_res.m_id );
m_packet_res.m_flags = std::move(other.m_packet_res.m_flags);
m_packet_res.m_data = std::move(other.m_packet_res.m_data );
} }
eap::session_ttls& eap::session_ttls::operator=(_In_ const session_ttls &other) eap::session_ttls& eap::session_ttls::operator=(_In_ const session_ttls &other)
{ {
if (this != &other) if (this != &other) {
(session<config_method_ttls, credentials_ttls, bool, bool>&)*this = other; (session<config_method_ttls, credentials_ttls, bool, bool>&)*this = other;
m_phase = other.m_phase;
m_version = other.m_version;
m_packet_req.m_code = other.m_packet_req.m_code ;
m_packet_req.m_id = other.m_packet_req.m_id ;
m_packet_req.m_flags = other.m_packet_req.m_flags;
m_packet_req.m_data = other.m_packet_req.m_data ;
m_packet_res.m_code = other.m_packet_res.m_code ;
m_packet_res.m_id = other.m_packet_res.m_id ;
m_packet_res.m_flags = other.m_packet_res.m_flags;
m_packet_res.m_data = other.m_packet_res.m_data ;
}
return *this; return *this;
} }
@ -56,26 +101,193 @@ eap::session_ttls& eap::session_ttls::operator=(_In_ const session_ttls &other)
eap::session_ttls& eap::session_ttls::operator=(_Inout_ session_ttls &&other) eap::session_ttls& eap::session_ttls::operator=(_Inout_ session_ttls &&other)
{ {
if (this != &other) if (this != &other) {
(session<config_method_ttls, credentials_ttls, bool, bool>&)*this = std::move(other); (session<config_method_ttls, credentials_ttls, bool, bool>&)*this = std::move(other);
m_phase = std::move(other.m_phase);
m_version = std::move(other.m_version);
m_packet_req.m_code = std::move(other.m_packet_req.m_code );
m_packet_req.m_id = std::move(other.m_packet_req.m_id );
m_packet_req.m_flags = std::move(other.m_packet_req.m_flags);
m_packet_req.m_data = std::move(other.m_packet_req.m_data );
m_packet_res.m_code = std::move(other.m_packet_res.m_code );
m_packet_res.m_id = std::move(other.m_packet_res.m_id );
m_packet_res.m_flags = std::move(other.m_packet_res.m_flags);
m_packet_res.m_data = std::move(other.m_packet_res.m_data );
}
return *this; return *this;
} }
bool eap::session_ttls::begin(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_ DWORD dwMaxSendPacketSize,
_Out_ EAP_ERROR **ppEapError)
{
if (dwMaxSendPacketSize <= 10) {
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, wstring_printf(_T(__FUNCTION__) _T(" Maximum send packet size too small (expected: >%u, received: %u)."), 10, dwMaxSendPacketSize).c_str());
return false;
}
return session<config_method_ttls, credentials_ttls, bool, bool>::begin(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize, ppEapError);
}
bool eap::session_ttls::process_request_packet( bool eap::session_ttls::process_request_packet(
_In_ DWORD dwReceivedPacketSize, _In_ DWORD dwReceivedPacketSize,
_In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket, _In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket,
_Out_ EapPeerMethodOutput *pEapOutput, _Out_ EapPeerMethodOutput *pEapOutput,
_Out_ EAP_ERROR **ppEapError) _Out_ EAP_ERROR **ppEapError)
{ {
UNREFERENCED_PARAMETER(dwReceivedPacketSize); assert(pReceivedPacket && dwReceivedPacketSize >= 4);
UNREFERENCED_PARAMETER(pReceivedPacket); assert(pEapOutput);
UNREFERENCED_PARAMETER(pEapOutput);
assert(ppEapError); assert(ppEapError);
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); // Initialize output.
return false; pEapOutput->fAllowNotifications = TRUE;
pEapOutput->action = EapPeerMethodResponseActionDiscard;
// Is this a valid EAP-TTLS packet?
if (dwReceivedPacketSize < 6) {
*ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Packet is too small. EAP-TTLS packets should be at least 6B."));
return false;
} else if (pReceivedPacket->Data[0] != eap_type_ttls) {
*ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Packet is not EAP-TTLS (expected: %u, received: %u)."), eap_type_ttls, pReceivedPacket->Data[0]).c_str());
return false;
}
if (pReceivedPacket->Data[1] & ttls_flags_more_frag) {
if (pReceivedPacket->Data[1] & ttls_flags_length_incl) {
// First fragment received.
if (dwReceivedPacketSize < 10) {
*ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Packet is too small. EAP-TTLS first fragmented packet should be at least 10B."));
return false;
}
// Start a new packet.
m_packet_req.m_code = (EapCode)pReceivedPacket->Code;
m_packet_req.m_id = pReceivedPacket->Id;
m_packet_req.m_flags = pReceivedPacket->Data[1];
m_packet_req.m_data.reserve(*(DWORD*)(pReceivedPacket->Data + 2));
m_packet_req.m_data.assign(pReceivedPacket->Data + 6, pReceivedPacket->Data + dwReceivedPacketSize - 4);
} else {
// Mid fragment received. Append data.
m_packet_req.m_data.insert(m_packet_req.m_data.end(), pReceivedPacket->Data + 2, pReceivedPacket->Data + dwReceivedPacketSize - 4);
}
// Reply with Acknowledgement packet.
m_packet_res.m_code = EapCodeResponse;
m_packet_res.m_id = m_packet_req.m_id;
m_packet_res.m_flags = 0;
m_packet_res.m_data.clear();
pEapOutput->action = EapPeerMethodResponseActionSend;
return true;
} else if (!m_packet_req.m_data.empty()) {
// Last fragment received. Append data.
m_packet_req.m_data.insert(m_packet_req.m_data.end(),
pReceivedPacket->Data + (!(pReceivedPacket->Data[1] & ttls_flags_length_incl) ? 2 : 6), // Should not include "Length" field (by RFC 5281: https://tools.ietf.org/html/rfc5281#section-9.2.2). Tolerate.
pReceivedPacket->Data + dwReceivedPacketSize - 4);
}
if ( m_packet_req.m_code == EapCodeResponse &&
m_packet_req.m_id == m_packet_res.m_id &&
!(m_packet_req.m_flags & (ttls_flags_length_incl | ttls_flags_more_frag | ttls_flags_start)) &&
(m_packet_res.m_flags & ttls_flags_more_frag ))
{
// This is an Acknowledgement of our fragmented packet response. Send the next fragment.
pEapOutput->action = EapPeerMethodResponseActionSend;
return true;
}
switch (m_phase) {
case phase_handshake_start: {
// Is this an EAP-TTLS Start packet?
if (m_packet_req.m_code != EapCodeRequest) {
*ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Packet is not a request (expected: %x, received: %x)."), EapCodeRequest, m_packet_req.m_code).c_str());
return false;
} else if (!(m_packet_req.m_flags & ttls_flags_start)) {
*ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Packet is not EAP-TTLS Start (expected: %x, received: %x)."), ttls_flags_start, m_packet_req.m_flags).c_str());
return false;
}
// Determine minimum EAP-TTLS version supported by server and us.
version_t ver_remote = (version_t)(m_packet_req.m_flags & ttls_flags_ver_mask);
m_version = std::min<version_t>(ver_remote, version_0);
m_module.log_event(&EAPMETHOD_HANDSHAKE_START, event_data(m_cred.target_suffix()), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank);
// Build response packet.
//if (!m_packet_res.create(EapCodeResponse, pReceivedPacket->Id, eap_type_ttls, (BYTE)m_version)) {
// *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error creating packet."));
// return false;
//}
break;
}
default:
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
return false;
}
return true;
}
bool eap::session_ttls::get_response_packet(
_Inout_ DWORD *pdwSendPacketSize,
_Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket,
_Out_ EAP_ERROR **ppEapError)
{
assert(pdwSendPacketSize);
assert(pSendPacket);
UNREFERENCED_PARAMETER(ppEapError);
DWORD
size_data = (DWORD)m_packet_res.m_data.size(),
size_packet = size_data + 6;
WORD size_packet_limit = (WORD)std::min<DWORD>(m_send_packet_size_max, (WORD)-1);
BYTE *data_dst;
if (!(m_packet_res.m_flags & ttls_flags_more_frag)) {
// Not fragmented.
if (size_packet <= size_packet_limit) {
// No need to fragment the packet.
m_packet_res.m_flags &= ~ttls_flags_length_incl; // No need to explicitly include the Length field either.
data_dst = pSendPacket->Data + 2;
} else {
// But it should be fragmented.
m_packet_res.m_flags |= ttls_flags_length_incl | ttls_flags_more_frag;
*(DWORD*)(pSendPacket->Data + 2) = (DWORD)size_packet;
data_dst = pSendPacket->Data + 6;
size_data = size_packet_limit - 10;
size_packet = size_packet_limit;
}
} else {
// Continuing the fragmented packet...
if (size_packet <= size_packet_limit) {
// This is the last fragment.
m_packet_res.m_flags &= ~(ttls_flags_length_incl | ttls_flags_more_frag);
} else {
// This is a mid fragment.
m_packet_res.m_flags &= ~ttls_flags_length_incl;
size_data = size_packet_limit - 6;
size_packet = size_packet_limit;
}
data_dst = pSendPacket->Data + 2;
}
pSendPacket->Code = (BYTE)m_packet_res.m_code;
pSendPacket->Id = m_packet_res.m_id;
*(WORD*)pSendPacket->Length = htons((WORD)size_packet);
pSendPacket->Data[0] = (BYTE)eap_type_ttls;
pSendPacket->Data[1] = m_packet_res.m_flags | (BYTE)m_version;
memcpy(data_dst, m_packet_res.m_data.data(), size_data);
m_packet_res.m_data.erase(m_packet_res.m_data.begin(), m_packet_res.m_data.begin() + size_data);
*pdwSendPacketSize = size_packet;
return true;
} }

2
lib/TTLS/src/StdAfx.h
View File

@ -28,3 +28,5 @@
#include "../../EAPBase/include/EAPXML.h" #include "../../EAPBase/include/EAPXML.h"
#include <WinStd/EAP.h> #include <WinStd/EAP.h>
#include <EapHostError.h>

2
lib/WinStd

@ -1 +1 @@
Subproject commit 4b63d60b01c7f579f4da2d5d61bb766813884a9f Subproject commit d82a31e543b86505380719f7dca478e20a66d294