Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Compare commits

base: Amebis:1.0c
Branches Tags
Amebis:master Amebis:ver1.0 Amebis:ver1.1
Amebis:1.3g Amebis:1.3f Amebis:1.3e Amebis:1.3d Amebis:1.3c Amebis:1.3b Amebis:1.3a Amebis:1.3 Amebis:1.2g Amebis:1.2f Amebis:1.1h Amebis:1.0i Amebis:1.2e Amebis:1.1g Amebis:1.0h Amebis:1.2d Amebis:1.1f Amebis:1.0g Amebis:1.2c Amebis:1.1e Amebis:1.0f Amebis:1.2b Amebis:1.1d Amebis:1.0e Amebis:1.2a Amebis:1.1c Amebis:1.0d Amebis:1.2 Amebis:1.1b Amebis:1.0c Amebis:1.2-beta2 Amebis:1.2-beta1 Amebis:1.2-beta Amebis:1.1a Amebis:1.0b Amebis:1.1 Amebis:1.1-beta2 Amebis:1.1-beta1 Amebis:1.0a Amebis:1.1-beta Amebis:1.0 Amebis:1.0-beta8 Amebis:1.0-beta7 Amebis:1.0-beta6 Amebis:1.0-beta5 Amebis:1.0-beta4 Amebis:1.0-beta3 Amebis:1.0-beta2 Amebis:1.0-beta1 Amebis:1.0-beta Amebis:1.0-alpha17 Amebis:1.0-alpha16 Amebis:1.0-alpha15 Amebis:1.0-alpha14 Amebis:1.0-alpha13 Amebis:1.0-alpha12 Amebis:1.0-alpha11 Amebis:1.0-alpha10 Amebis:1.0-alpha10-owntls Amebis:1.0-alpha9 Amebis:1.0-alpha8 Amebis:1.0-alpha7 Amebis:1.0-alpha6 Amebis:1.0-alpha5 Amebis:1.0-alpha4 Amebis:1.0-alpha3 Amebis:1.0-alpha2 Amebis:1.0-alpha1 Amebis:1.0-alpha0
...
compare: Amebis:1.1-beta
Branches Tags
Amebis:master Amebis:ver1.0 Amebis:ver1.1
Amebis:1.3g Amebis:1.3f Amebis:1.3e Amebis:1.3d Amebis:1.3c Amebis:1.3b Amebis:1.3a Amebis:1.3 Amebis:1.2g Amebis:1.2f Amebis:1.1h Amebis:1.0i Amebis:1.2e Amebis:1.1g Amebis:1.0h Amebis:1.2d Amebis:1.1f Amebis:1.0g Amebis:1.2c Amebis:1.1e Amebis:1.0f Amebis:1.2b Amebis:1.1d Amebis:1.0e Amebis:1.2a Amebis:1.1c Amebis:1.0d Amebis:1.2 Amebis:1.1b Amebis:1.0c Amebis:1.2-beta2 Amebis:1.2-beta1 Amebis:1.2-beta Amebis:1.1a Amebis:1.0b Amebis:1.1 Amebis:1.1-beta2 Amebis:1.1-beta1 Amebis:1.0a Amebis:1.1-beta Amebis:1.0 Amebis:1.0-beta8 Amebis:1.0-beta7 Amebis:1.0-beta6 Amebis:1.0-beta5 Amebis:1.0-beta4 Amebis:1.0-beta3 Amebis:1.0-beta2 Amebis:1.0-beta1 Amebis:1.0-beta Amebis:1.0-alpha17 Amebis:1.0-alpha16 Amebis:1.0-alpha15 Amebis:1.0-alpha14 Amebis:1.0-alpha13 Amebis:1.0-alpha12 Amebis:1.0-alpha11 Amebis:1.0-alpha10 Amebis:1.0-alpha10-owntls Amebis:1.0-alpha9 Amebis:1.0-alpha8 Amebis:1.0-alpha7 Amebis:1.0-alpha6 Amebis:1.0-alpha5 Amebis:1.0-alpha4 Amebis:1.0-alpha3 Amebis:1.0-alpha2 Amebis:1.0-alpha1 Amebis:1.0-alpha0

119 Commits
1.0c ... 1.1-beta

Author SHA1 Message Date
Simon Rozman
4d4bbe66e7 Version set to 1.1-beta 2016-11-07 14:34:19 +01:00
Simon Rozman
e8d2e33aac WideCharToMultiByte() and MultiByteToWideChar() optimization 2016-11-07 13:44:40 +01:00
Simon Rozman
9efb75d66f Documentation update 2016-11-07 12:59:50 +01:00
Simon Rozman
c053fd75e3 POT update 2016-11-07 12:40:51 +01:00
Simon Rozman
4ae048fd9f Auditing of CryptProtectData() enabled 2016-11-07 11:06:20 +01:00
Simon Rozman
3b6d2b2c14 Password and certificate output to log is no longer conditioned by _DEBUG 2016-11-07 10:48:13 +01:00
Simon Rozman
3a653be368 POT update 2016-11-04 14:13:15 +01:00
Simon Rozman
10aa7ad3f1 MSI localized files contain and install own resources only now 2016-11-04 14:03:33 +01:00
Simon Rozman
6ccf96c338 Non-ready localizations deactivated 2016-11-04 14:00:30 +01:00
Simon Rozman
9ef95a8d64 EventMonitor Doxygen documentation update 2016-11-04 12:53:44 +01:00
Simon Rozman
6166dd3887 Reported events are more consistent now 2016-11-04 11:51:39 +01:00
Simon Rozman
d08b70c284 Last result status handling improved 2016-11-04 11:50:58 +01:00
Simon Rozman
7750ebdb66 MSCHAPv2 server challenge issue fixed 2016-11-04 11:49:01 +01:00
Simon Rozman
c908e8ecfb EAPMsg branch is mainstream now 2016-11-04 10:06:28 +01:00
Simon Rozman
1fc2b7ff66 Redundant std::string to const char* conversion in exception constructors cleaned 2016-11-04 09:26:27 +01:00
Simon Rozman
eea136619c method_pap >> method_pap_diameter 2016-11-04 09:18:16 +01:00
Simon Rozman
88651e4ffe EAP-MSCHAPv2 support finished 2016-11-04 09:16:43 +01:00
Simon Rozman
fa3e7c0e6d Issue with passing wrong EAP type packet to tunneled method introduced in 70ce94b84e fixed 2016-11-03 11:22:05 +01:00
Simon Rozman
a8e1ac7455 Separate configuration for EAP-MSCHAPv2 introduced 2016-11-03 11:13:12 +01:00
Simon Rozman
48ba0b3664 Typo in documentation fixed 2016-11-03 11:11:54 +01:00
Simon Rozman
e7e484c814 Support for EapHost based inner methods has been (temporarily) disabled 2016-11-03 10:23:30 +01:00
Simon Rozman
b87e30bc9d Some final adjustments to EapHost inner method code before I put it to rest because of RasMan MSCHAPv2 heap corruption :( 2016-11-03 10:11:31 +01:00
Simon Rozman
60aa513375 Aesthetic modifications 2016-11-03 09:33:25 +01:00
Simon Rozman
a450d02485 Maximum inner method packet length now precisely calculated in begin_session() methods too 2016-11-03 07:55:33 +01:00
Simon Rozman
70ce94b84e Support for Legacy Nak introduced 2016-11-02 11:36:43 +01:00
Simon Rozman
fba3619747 eap::method_eapmsg initial testing and issue resolving 2016-11-02 11:04:48 +01:00
Simon Rozman
d234e55ae4 - Doxygen documentation updated 
- Some minor issues stumbled upon fixed
- WIN1250 >> UTF-8
 2016-11-02 01:25:38 +01:00
Simon Rozman
0387d7d593 Orphaned PAP.cpp files removed 2016-11-01 06:37:37 +01:00
Simon Rozman
b1a0669c40 EventMonitor's wxFormBuilder resources moved to res sub-folder 2016-11-01 05:56:10 +01:00
Simon Rozman
52a428bb5e Various ownTLS leftover clean-up 2016-11-01 05:33:55 +01:00
Simon Rozman
655cbe70d1 EapHostPeerInvokeIdentityUI() call fixed 2016-10-31 17:17:21 +01:00
Simon Rozman
c31e019cef eap::metod thorough redesign: 
- Support for method stacking introduced
- EAP-TLS method has been discontinued
- ownTLS has been discontinued
 2016-10-31 16:58:53 +01:00
Simon Rozman
b054dcdc7a eap::diameter_avp_append() set of functions introduced 2016-10-31 16:28:38 +01:00
Simon Rozman
0d8f243d31 eap::module::make_error() extended to support EAP_ERROR duplication 2016-10-31 16:23:42 +01:00
Simon Rozman
96d5b95b6f Doxygen documentation update 2016-10-31 16:22:45 +01:00
Simon Rozman
af56825d39 Code clean-up 2016-10-28 13:50:30 +02:00
Simon Rozman
f5a40f7ca8 Doxygen update 2016-10-28 13:47:59 +02:00
Simon Rozman
6f30239ada method_eaphost is no longer method_noneap child but correctly a method child 2016-10-27 14:13:02 +02:00
Simon Rozman
55f160bce3 Code clean-up 2016-10-27 13:59:08 +02:00
Simon Rozman
654c965851 Support for various peer action request extended 2016-10-27 10:00:18 +02:00
Simon Rozman
fc008bcfb4 Unable to set blank certificate credentials issue fixed 2016-10-25 14:13:12 +02:00
Simon Rozman
ddd83a74e5 eap::credentials_eaphost now complete 2016-10-25 13:39:54 +02:00
Simon Rozman
d87b3d37e5 Discrete output of credentials to event log centralized 2016-10-25 13:37:39 +02:00
Simon Rozman
04af17121c Redundant eap::credentials_eaphost::get_identity() removed 2016-10-25 13:34:21 +02:00
Simon Rozman
aa18aed868 Zero-length event property data retrieval fixed 2016-10-25 13:33:13 +02:00
Simon Rozman
7d1668e2e0 Configuration value logging replaced with array variant instead of varadic event_provider::write() method for performance reasons 2016-10-25 13:04:12 +02:00
Simon Rozman
1d302954e3 event_data::blank redefined to prevent confusion with NULL values causing premature varadic argument termination leading to incomplete event data 2016-10-25 13:01:56 +02:00
Simon Rozman
dd55dfd24d eap::config_method_eaphost::get_method_str() finished 2016-10-25 11:06:11 +02:00
Simon Rozman
65ea47eb4e EAPMsg >> EapHost 2016-10-25 08:51:13 +02:00
Simon Rozman
abf54ad342 Doxygen documentation update 2016-10-25 08:51:04 +02:00
Simon Rozman
2041accecb EAP-Message integration continues... 2016-10-24 15:08:25 +02:00
Simon Rozman
e7e1a6735d pEapOutput Prefast specifier for process_request_packet() methods changed 2016-10-24 14:55:31 +02:00
Simon Rozman
2c91b6ca8c pEapOutput Prefast specifier for set_response_attributes() methods changed 2016-10-24 14:42:56 +02:00
Simon Rozman
45ce38916b eap_error_runtime introduced 2016-10-24 14:13:27 +02:00
Simon Rozman
131e19df88 new wxExtend library version 2016-10-24 14:12:24 +02:00
Simon Rozman
0d73e2f7a2 Incorrect pEapOutput in method::set_ui_context() methods fixed 2016-10-24 14:11:15 +02:00
Simon Rozman
a1f9a7bab9 ppResult >> pResult 2016-10-24 13:33:01 +02:00
Simon Rozman
6f90cfaf99 Sub-module update 2016-10-18 14:29:16 +02:00
Simon Rozman
2cf134db1e Incorrect string template fixed 2016-10-17 16:39:23 +02:00
Simon Rozman
7557bf784a Excessive c_str() removed 2016-10-17 16:37:27 +02:00
Simon Rozman
68c2c05b41 wxEAPGetProviderName() output fixed 2016-10-17 16:15:26 +02:00
Simon Rozman
de2506bcc4 Unified credential TTLS prompt replaced with separate prompts for identity provider, outer credentials and inner credentials 
EapHost peers provide credential dialogs only and cannot be integrated into unified credential prompt as a panel, requiring additional clicking and pop-ups for user to enter credentials.
 2016-10-17 16:05:36 +02:00
Simon Rozman
ee94756655 Missing type-cast preventing correct CA certificate file import fixed 
(broken in 559ffc5ead)
 2016-10-17 14:04:21 +02:00
Simon Rozman
af2d0fde1f Missing credentials BLOB sanitizing added 2016-10-17 13:18:54 +02:00
Simon Rozman
31f4ec4b93 Bulgarian translation included in final MSI 2016-10-17 10:32:07 +02:00
Simon Rozman
ec238001cd Merge branch 'master' of https://github.com/Amebis/GEANTLink 2016-10-17 10:31:57 +02:00
Simon Rozman
f42c7f8bb5 Localization update 2016-10-17 10:31:13 +02:00
Simon Rozman
bafbdec9d3 User interaction and EAP response attributes management delegated to eap::method 2016-10-14 10:34:14 +02:00
Simon Rozman
3f75ef83bb Non-saving inner method configuration issue fixed 2016-10-14 10:29:14 +02:00
Simon Rozman
6d4802a06f Sub-module update 2016-10-14 10:11:36 +02:00
Simon Rozman
2e38f79a6e Localization and compilation separated, as satisfied Localization target skipped building 2016-10-11 11:32:22 +02:00
Simon Rozman
6b7a1966e3 Norwegian Bokmål translations added to MSI 2016-10-10 17:40:58 +02:00
Simon Rozman
3606a8d25d Catalan translations added to MSI 2016-10-10 17:40:57 +02:00
Simon Rozman
6be4fddcd7 Translation updated 2016-10-10 17:40:57 +02:00
Simon Rozman
7a26128c7b "auto" simplified 2016-10-10 15:00:10 +02:00
Simon Rozman
f9697dfcee Loading EAPMsg credentials from Windows Credential Manager temporarily commented 2016-10-10 14:54:22 +02:00
Simon Rozman
e40ee1c34b Missing EapHost peer initialization added 2016-10-10 14:31:32 +02:00
Simon Rozman
e94e3bdd60 credentials::combine() methods updated with support for EAPMsg: 
- Additional parameters
- Additional result code
- User impersonation now mounted inside of credentials::combine() when required
 2016-10-10 14:31:23 +02:00
Simon Rozman
c660e2b3e6 config_method_with_cred::make_credentials() method moved to parent class config_method for seamless EAPMsg method support 2016-10-10 13:20:08 +02:00
Simon Rozman
864105186b Serbian translation added to MSI 
(Except from MSI setup, UI is completely translated to Serbian now)
 2016-10-10 10:19:31 +02:00
Simon Rozman
028742d7e6 Translations update 2016-10-10 10:19:31 +02:00
Simon Rozman
5d891c9581 Sub-module update 2016-10-07 15:38:32 +02:00
Simon Rozman
e4758faba3 Host name and FQDN validators moved to wxExtend; Incorrect FeatureComponent mappings of EventMonitor localization components fixed 2016-10-07 15:28:47 +02:00
Simon Rozman
9aacbb2fef Sub-module update 2016-10-07 12:38:04 +02:00
Simon Rozman
5c966f35a8 wxInitializeLocale moved to wxExtend 2016-10-05 12:11:17 +02:00
Simon Rozman
a2830d2aee EAPMsg profile configuration XML load/save support added 2016-10-04 12:35:32 +02:00
Simon Rozman
ce05418d8e Both XML selection namespaces (eap-metadata and eaphostconfig) are configured now 2016-10-04 12:33:43 +02:00
Simon Rozman
583fc19da7 config_method_ttls::make_config_method() method modified to support EAPMsg 2016-10-04 12:12:46 +02:00
Simon Rozman
597095b536 Support for packing and unpacking of config_method_eapmsg added 2016-10-04 11:23:12 +02:00
Simon Rozman
5dad353d98 winstd::eap_runtime_error exception introduced 2016-10-04 11:21:40 +02:00
Simon Rozman
dab9e69dd3 Inner EAP method support progress continues... 2016-10-04 10:32:11 +02:00
Simon Rozman
2bc6d97ab0 m_cred >> m_cred_blob 2016-10-04 10:30:37 +02:00
Simon Rozman
2f49934a92 Some more C casting replaced with C++ dynamic casting 2016-10-04 10:20:01 +02:00
Simon Rozman
e8eec11618 EAP-TTLS inner method no longer needs to have support for configured credentials 2016-10-04 10:13:45 +02:00
Simon Rozman
03d6823241 Some more C casting replaced with C++ dynamic casting 2016-10-04 09:16:14 +02:00
Simon Rozman
5a36eb0d23 Documentation update 2016-10-04 09:04:09 +02:00
Simon Rozman
7d13222838 Inner EAP method support progress continues... 2016-10-03 15:48:54 +02:00
Simon Rozman
c53ed21d55 Code clean-up 2016-10-03 14:54:02 +02:00
Simon Rozman
10c03ccedb 1.5.2 False positives from security audit resolved 2016-10-03 14:54:02 +02:00
Simon Rozman
01245d15d9 ID 8. A typo in the comment from security audit resolved 2016-10-03 14:54:02 +02:00
Simon Rozman
ff4e8c6885 ID 7. Commented out parts of the code from security audit partially resolved 2016-10-03 14:54:02 +02:00
Simon Rozman
111ede456e ID 5. Unused variables from security audit partially fixed 2016-10-03 14:54:01 +02:00
Simon Rozman
f0af016efe ID 4. Possibility of method_tls class initialization list optimization from security audit fixed 2016-10-03 14:54:01 +02:00
Simon Rozman
559ffc5ead ID 3. C style pointer casting from security audit fixed 2016-10-03 14:53:50 +02:00
Simon Rozman
28408fcea7 ID 2. Missing functionality from security audit report partially fixed 2016-10-03 14:52:57 +02:00
Simon Rozman
7924612419 ID 1. Variables shadowing from security audit report fixed 2016-10-03 14:52:44 +02:00
Simon Rozman
c1a483a0bd Version set to 1.0-beta7 2016-10-03 14:52:12 +02:00
Simon Rozman
b34aee8493 Translation update 2016-10-03 14:52:01 +02:00
Simon Rozman
a1455078e9 Explicit server certificate check introduced 2016-10-03 14:51:45 +02:00
Simon Rozman
a834fbcb7c Inner EAP method support progress continues... 2016-09-30 15:22:12 +02:00
Simon Rozman
13d84c3c4d Various events are propagated to parent classes now 2016-09-30 11:00:23 +02:00
Simon Rozman
1d4a77b96b Remove CA button enable/disable logic fixed after CA list box switched to single selection in c371187edc commit 2016-09-30 11:00:14 +02:00
Simon Rozman
7a379a1a87 OnInitDialog events are propagated to parent classes now 2016-09-30 11:00:02 +02:00
Simon Rozman
7d986b82d8 OnUpdateUI events are propagated to parent classes now 2016-09-30 09:58:00 +02:00
Simon Rozman
2bc43869b0 Revert "Switching inner authentication method re-layouts configuration dialog now" 
This reverts commit 67003bd478.
 2016-09-29 15:33:37 +02:00
Simon Rozman
caf80e07f9 Switching inner authentication method re-layouts configuration dialog now 2016-09-29 14:48:12 +02:00
Simon Rozman
0d1bcbf9c4 Localization and compilation separated, as satisfied Localization target skipped building 2016-09-29 14:47:58 +02:00
Simon Rozman
9ea80712d9 EAPMsg integration 2016-09-29 14:39:39 +02:00
Simon Rozman
613117775d Initial versions of EAPMsg libraries 2016-09-29 14:07:52 +02:00
108 changed files with 8042 additions and 6078 deletions
Expand all files Collapse all files

13
Doxyfile
View File

@@ -51,7 +51,7 @@ PROJECT_BRIEF = "EAP Supplicant for Windows"
# and the maximum width should not exceed 200 pixels. Doxygen will copy the logo
# to the output directory.
PROJECT_LOGO =
PROJECT_LOGO = include\icon_ui.ico
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path
# into which the generated documentation will be written. If a relative path is
@@ -694,7 +694,7 @@ CITE_BIB_FILES =
# messages are off.
# The default value is: NO.
QUIET = NO
QUIET = YES
# The WARNINGS tag can be used to turn on/off the warning messages that are
# generated to standard error ( stderr) by doxygen. If WARNINGS is set to YES
@@ -718,7 +718,7 @@ WARN_IF_UNDOCUMENTED = YES
# markup commands wrongly.
# The default value is: YES.
WARN_IF_DOC_ERROR = NO
WARN_IF_DOC_ERROR = YES
# This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that
# are documented, but have no documentation for their parameters or return
@@ -790,11 +790,16 @@ RECURSIVE = YES
# run.
EXCLUDE = \
CredWrite\README.md \
EventMonitor\res \
lib\EAPBase_UI\res \
lib\EapHost_UI\res \
lib\TLS_UI\res \
lib\TTLS_UI\res \
lib\WinStd
lib\WinStd \
lib\wxExtend \
MsiUseFeature\README.md \
WLANManager\README.md
# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
# directories that are symbolic links (a Unix file system feature) are excluded

3
EAPMethods/EAPTTLS/EAPTTLS.vcxproj
View File

@@ -97,6 +97,9 @@
<ProjectReference Include="..\..\lib\EAPBase\build\EAPBase.vcxproj">
<Project>{ad6816a0-9600-4e01-8c49-39d03d1e791f}</Project>
</ProjectReference>
<ProjectReference Include="..\..\lib\EapHost\build\EapHost.vcxproj">
<Project>{b385ec2b-c3f4-48bb-9bac-8b996de7f754}</Project>
</ProjectReference>
<ProjectReference Include="..\..\lib\Events\build\Events.vcxproj">
<Project>{d63f24bd-92a0-4d6b-8b69-ed947e4d2b1b}</Project>
</ProjectReference>

6
EAPMethods/EAPTTLSUI/EAPTTLSUI.vcxproj
View File

@@ -100,6 +100,12 @@
<ProjectReference Include="..\..\lib\EAPBase_UI\build\EAPBase_UI.vcxproj">
<Project>{d4b54856-be1f-4937-a8f7-495125be76be}</Project>
</ProjectReference>
<ProjectReference Include="..\..\lib\EapHost\build\EapHost.vcxproj">
<Project>{b385ec2b-c3f4-48bb-9bac-8b996de7f754}</Project>
</ProjectReference>
<ProjectReference Include="..\..\lib\EapHost_UI\build\EapHost_UI.vcxproj">
<Project>{13d2d8b5-f6aa-459d-b5f7-29b95dd9d583}</Project>
</ProjectReference>
<ProjectReference Include="..\..\lib\Events\build\Events.vcxproj">
<Project>{d63f24bd-92a0-4d6b-8b69-ed947e4d2b1b}</Project>
</ProjectReference>

BIN
EAPMethods/MSIBuild/Makefile
View File

Binary file not shown.

188
EAPMethods/locale/EAPMethods.pot
View File

@@ -2,23 +2,24 @@
msgid ""
msgstr ""
"Project-Id-Version: EAPMethods\n"
"POT-Creation-Date: 2016-09-28 13:27+0200\n"
"POT-Creation-Date: 2016-11-07 12:40+0100\n"
"PO-Revision-Date: 2016-06-02 12:27+0200\n"
"Last-Translator: Simon Rozman <simon.rozman@amebis.si>\n"
"Language-Team: Amebis, d. o. o., Kamnik <info@amebis.si>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Poedit 1.8.9\n"
"X-Generator: Poedit 1.8.10\n"
"X-Poedit-Basepath: ../..\n"
"X-Poedit-SourceCharset: UTF-8\n"
"X-Poedit-KeywordsList: _\n"
"X-Poedit-SearchPath-0: lib/EAPBase_UI\n"
"X-Poedit-SearchPath-1: lib/MSCHAPv2_UI\n"
"X-Poedit-SearchPath-2: lib/PAP_UI\n"
"X-Poedit-SearchPath-3: lib/TLS_UI\n"
"X-Poedit-SearchPath-4: lib/TTLS_UI\n"
"X-Poedit-SearchPath-5: EAPMethods\n"
"X-Poedit-SearchPath-1: lib/EapHost_UI\n"
"X-Poedit-SearchPath-2: lib/MSCHAPv2_UI\n"
"X-Poedit-SearchPath-3: lib/PAP_UI\n"
"X-Poedit-SearchPath-4: lib/TLS_UI\n"
"X-Poedit-SearchPath-5: lib/TTLS_UI\n"
"X-Poedit-SearchPath-6: EAPMethods\n"
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:37
msgid "+"
@@ -44,7 +45,7 @@ msgstr ""
msgid "Opens dialog with provider settings"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:229 lib/EAPBase_UI/include/EAP_UI.h:581
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:229 lib/EAPBase_UI/include/EAP_UI.h:665
#, c-format
msgid "%s User Credentials"
msgstr ""
@@ -211,66 +212,102 @@ msgstr ""
msgid "(Warning: Once locked, you can not revert using this dialog!)"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:97
#: lib/EAPBase_UI/src/EAP_UI.cpp:103
#, c-format
msgid "%s Credentials"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:122 lib/EAPBase_UI/include/EAP_UI.h:355
#: lib/EAPBase_UI/include/EAP_UI.h:365 lib/EAPBase_UI/res/wxEAP_UI.h:119
msgid "EAP Credentials"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:165
#: lib/EAPBase_UI/src/EAP_UI.cpp:139
#, c-format
msgid "For additional help and instructions, please contact %s at:"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:166
#: lib/EAPBase_UI/src/EAP_UI.cpp:140
msgid "your provider"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:185
#: lib/EAPBase_UI/src/EAP_UI.cpp:159
msgid "Open the default web browser"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:196
#: lib/EAPBase_UI/src/EAP_UI.cpp:170
msgid "Open your e-mail program"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:207
#: lib/EAPBase_UI/src/EAP_UI.cpp:181
msgid "Dial the phone number"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:227
#: lib/EAPBase_UI/src/EAP_UI.cpp:203
#, c-format
msgid "%s has pre-set parts of this configuration. Those parts are locked to prevent accidental modification."
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:228
#: lib/EAPBase_UI/src/EAP_UI.cpp:204
msgid "Your provider"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:249
#: lib/EAPBase_UI/src/EAP_UI.cpp:225
msgid "Previous attempt to connect reported invalid credentials."
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:250
#: lib/EAPBase_UI/src/EAP_UI.cpp:226
msgid "Previous attempt to connect reported your credentials expired."
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:251
#: lib/EAPBase_UI/src/EAP_UI.cpp:227
msgid "Previous attempt to connect reported your credentials are being changed."
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:252
#: lib/EAPBase_UI/src/EAP_UI.cpp:228
msgid "Previous attempt to connect failed."
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:253
#: lib/EAPBase_UI/src/EAP_UI.cpp:229
msgid "Please, make sure your credentials are correct, or try again later."
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:250
#, c-format
msgid "The %s version installed on this computer logs credentials in visible and easy to read way."
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:251
msgid "Please, reconsider necessity to enter your credentials."
msgstr ""
#: lib/EapHost_UI/res/wxEapHost_UI.cpp:17
msgid "Inner EAP Method"
msgstr ""
#: lib/EapHost_UI/res/wxEapHost_UI.cpp:28
msgid "Select and configure inner EAP method"
msgstr ""
#: lib/EapHost_UI/res/wxEapHost_UI.cpp:40
msgid "&Settings"
msgstr ""
#: lib/EapHost_UI/src/EapHost_UI.cpp:59
#, c-format
msgid "Enumerating EAP methods failed (error %u, %s, %s)."
msgstr ""
#: lib/EapHost_UI/src/EapHost_UI.cpp:61
#, c-format
msgid "Enumerating EAP methods failed (error %u)."
msgstr ""
#: lib/EapHost_UI/src/EapHost_UI.cpp:136
#, c-format
msgid "Configuring EAP method failed (error %u, %s, %s)."
msgstr ""
#: lib/EapHost_UI/src/EapHost_UI.cpp:138
#, c-format
msgid "Configuring EAP method failed (error %u)."
msgstr ""
#: lib/MSCHAPv2_UI/src/MSCHAPv2_UI.cpp:33
msgid "MSCHAPv2 User ID and Password"
msgstr ""
@@ -331,7 +368,7 @@ msgstr ""
msgid "(Example: foo.bar.com;server2.bar.com)"
msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:119 lib/TLS_UI/src/TLS_UI.cpp:571
#: lib/TLS_UI/res/wxTLS_UI.cpp:119 lib/TLS_UI/src/TLS_UI.cpp:325
msgid "User Certificate"
msgstr ""
@@ -351,46 +388,37 @@ msgstr ""
msgid "Your identity (username@domain) to override one from certificate; or blank to use one provided in certificate"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:118
#, c-format
msgid "Invalid character in host name found: %c"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:118
msgid "Validation conflict"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:327 lib/EAPBase_UI/include/EAP_UI.h:769
#: lib/EAPBase_UI/include/EAP_UI.h:778
#: lib/TLS_UI/src/TLS_UI.cpp:61 lib/EAPBase_UI/include/EAP_UI.h:861
#: lib/EAPBase_UI/include/EAP_UI.h:870
msgid "<empty>"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:500
#: lib/TLS_UI/src/TLS_UI.cpp:252
msgid "Add Certificate"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:501
#: lib/TLS_UI/src/TLS_UI.cpp:253
msgid "Certificate Files (*.cer;*.crt;*.der;*.p7b;*.pem)"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:502
#: lib/TLS_UI/src/TLS_UI.cpp:254
msgid "X.509 Certificate Files (*.cer;*.crt;*.der;*.pem)"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:503
#: lib/TLS_UI/src/TLS_UI.cpp:255
msgid "PKCS #7 Certificate Files (*.p7b)"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:504
#: lib/TLS_UI/src/TLS_UI.cpp:256
msgid "All Files (*.*)"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:520
#: lib/TLS_UI/src/TLS_UI.cpp:270
#, c-format
msgid "Invalid or unsupported certificate file %s"
msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:520
#: lib/TLS_UI/src/TLS_UI.cpp:270
msgid "Error"
msgstr ""
@@ -430,77 +458,99 @@ msgstr ""
msgid "Custom outer identity to use"
msgstr ""
#: lib/TTLS_UI/src/Module.cpp:274 lib/TTLS_UI/src/Module.cpp:284
#: lib/EAPBase_UI/include/EAP_UI.h:696
#: lib/TTLS_UI/src/Module.cpp:262 lib/TTLS_UI/src/Module.cpp:318
#: lib/EAPBase_UI/include/EAP_UI.h:784
#, c-format
msgid "Error writing credentials to Credential Manager: %hs (error %u)"
msgstr ""
#: lib/TTLS_UI/src/Module.cpp:276 lib/TTLS_UI/src/Module.cpp:286
#: lib/EAPBase_UI/include/EAP_UI.h:699
#: lib/TTLS_UI/src/Module.cpp:264 lib/TTLS_UI/src/Module.cpp:320
#: lib/EAPBase_UI/include/EAP_UI.h:787
msgid "Writing credentials failed."
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:36 lib/TTLS_UI/src/TTLS_UI.cpp:181
#: lib/TTLS_UI/src/Module.cpp:355
#, c-format
msgid "Invoking EAP identity UI failed (error %u, %s, %s)."
msgstr ""
#: lib/TTLS_UI/src/Module.cpp:357
#, c-format
msgid "Invoking EAP identity UI failed (error %u)."
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:117
msgid "Inner Authentication"
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:61 lib/TTLS_UI/src/TTLS_UI.cpp:196
msgid "Outer Authentication"
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:187
#: lib/TTLS_UI/src/TTLS_UI.cpp:123
msgid "Select inner authentication method from the list"
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:189
#: lib/TTLS_UI/src/TTLS_UI.cpp:125
msgid "PAP"
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:191
#: lib/TTLS_UI/src/TTLS_UI.cpp:127
msgid "MSCHAPv2"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:292
#: lib/TTLS_UI/src/TTLS_UI.cpp:129
msgid "EAP-MSCHAPv2"
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:132
msgid "Other EAP methods..."
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:138
msgid "Outer Authentication"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:284
#, c-format
msgid "Are you sure you want to permanently remove %s provider from configuration?"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:292
#: lib/EAPBase_UI/include/EAP_UI.h:284
msgid "Warning"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:552
#: lib/EAPBase_UI/include/EAP_UI.h:362 lib/EAPBase_UI/res/wxEAP_UI.h:119
msgid "EAP Credentials"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:632
msgid "Provider Settings"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:717
#: lib/EAPBase_UI/include/EAP_UI.h:807
#, c-format
msgid "Deleting credentials failed (error %u)."
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:754
#: lib/EAPBase_UI/include/EAP_UI.h:846
#, c-format
msgid "<error %u>"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:758
#: lib/EAPBase_UI/include/EAP_UI.h:850
msgid "<error>"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:769 lib/EAPBase_UI/include/EAP_UI.h:778
#: lib/EAPBase_UI/include/EAP_UI.h:861 lib/EAPBase_UI/include/EAP_UI.h:870
msgid "<blank ID>"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:820
#: lib/EAPBase_UI/include/EAP_UI.h:910
msgid "&Remember"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:821
#: lib/EAPBase_UI/include/EAP_UI.h:911
msgid "Check if you would like to save credentials"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:964
#: lib/EAPBase_UI/include/EAP_UI.h:1069
msgid "<Your Organization>"
msgstr ""
@@ -508,6 +558,10 @@ msgstr ""
msgid "EAP Connection Configuration"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.h:312
msgid "EAP Identity Provider"
msgstr ""
#: EAPMethods/MSIBuild/en_US.Win32.Debug.Feature-2.idtx:4
#: EAPMethods/MSIBuild/en_US.Win32.Release.Feature-2.idtx:4
#: EAPMethods/MSIBuild/en_US.x64.Debug.Feature-2.idtx:4

12
EventMonitor/App.h
View File

@@ -19,8 +19,10 @@
*/
///
/// EventMonitor application
/// \defgroup EventMonitor Event Monitor
/// Real-time log of application events
///
class wxEventMonitorApp;
#pragma once
@@ -32,6 +34,12 @@ class wxEventMonitorApp;
#include <wx/intl.h>
/// \addtogroup EventMonitor
/// @{
///
/// EventMonitor application
///
class wxEventMonitorApp : public wxApp
{
public:
@@ -57,4 +65,6 @@ public:
wxLocale m_locale; ///< Current locale
};
/// @}
wxDECLARE_APP(wxEventMonitorApp);

16
EventMonitor/ETWLog.cpp
View File

@@ -115,6 +115,8 @@ void wxEventTraceProcessorThread::Abort()
}
/// \cond internal
wxThread::ExitCode wxEventTraceProcessorThread::Entry()
{
// Process events.
@@ -139,6 +141,8 @@ VOID WINAPI wxEventTraceProcessorThread::EventRecordCallback(_In_ PEVENT_RECORD
_this->m_parent->QueueEvent(new wxETWEvent(wxEVT_ETW_EVENT, *pEvent));
}
/// \endcond
//////////////////////////////////////////////////////////////////////////
// wxETWListCtrl
@@ -228,7 +232,7 @@ wxETWListCtrl::wxETWListCtrl(wxWindow *parent, wxWindowID id, const wxPoint& pos
wxLogError(_("Access denied creating event session: you need administrative privileges (Run As Administrator) or be a member of Performance Log Users group to start event tracing session."));
return;
} else if (ulResult == ERROR_ALREADY_EXISTS) {
wxLogDebug(_("The %s event session already exists."), name.c_str());
wxLogDebug(_("The %s event session already exists."), name);
// Do not despair... Retry with a new session name and ID.
continue;
} else {
@@ -460,6 +464,8 @@ void wxETWListCtrl::RebuildItems()
}
/// \cond internal
bool wxETWListCtrl::IsVisible(const EVENT_RECORD &rec) const
{
return
@@ -561,7 +567,7 @@ wxString wxETWListCtrl::OnGetItemText(long item, long column) const
}
wxString wxETWListCtrl::OnGetItemText(const event_rec &rec, long column) const
wxString wxETWListCtrl::OnGetItemText(const winstd::event_rec &rec, long column) const
{
switch (column) {
case 0: {
@@ -678,6 +684,8 @@ void wxETWListCtrl::OnETWEvent(wxETWEvent& event)
}
}
/// \endcond
//////////////////////////////////////////////////////////////////////////
// wxPersistentETWListCtrl
@@ -703,7 +711,7 @@ void wxPersistentETWListCtrl::Save() const
col.SetMask(wxLIST_MASK_TEXT | wxLIST_MASK_WIDTH);
for (int i = 0, n = wnd->GetColumnCount(); i < n; i++) {
wnd->GetColumn(i, col);
SaveValue(wxString::Format(wxT("Column%sWidth"), col.GetText().c_str()), col.GetWidth());
SaveValue(wxString::Format(wxT("Column%sWidth"), col.GetText()), col.GetWidth());
}
SaveValue(wxT("ScrollAuto"), wnd->m_scroll_auto);
@@ -728,7 +736,7 @@ bool wxPersistentETWListCtrl::Restore()
wnd->GetColumn(i, col);
int width;
if (RestoreValue(wxString::Format(wxT("Column%sWidth"), col.GetText().c_str()), &width))
if (RestoreValue(wxString::Format(wxT("Column%sWidth"), col.GetText()), &width))
wnd->SetColumnWidth(i, width);
}

193
EventMonitor/ETWLog.h
View File

@@ -20,32 +20,23 @@
#include <wx/event.h>
/// \addtogroup EventMonitor
/// @{
///
/// Maximum number of event records kept
///
#define wxETWEVENT_RECORDS_MAX 1000000
///
/// ETW event
///
/// @}
class wxETWEvent;
wxDECLARE_EVENT(wxEVT_ETW_EVENT, wxETWEvent);
#define wxETWEventHandler(func) wxEVENT_HANDLER_CAST(wxETWEventFunction, func)
#define EVT_ETW_EVENT(func) wx__DECLARE_EVT0(wxEVT_ETW_EVENT, wxETWEventHandler(func))
///
/// Event trace processor
///
class wxEventTraceProcessorThread;
///
/// Event list control
///
class wxETWListCtrl;
///
/// Supports saving/restoring wxETWListCtrl state
///
class wxPersistentETWListCtrl;
#pragma once
@@ -61,47 +52,106 @@ class wxPersistentETWListCtrl;
#include <set>
/// \addtogroup EventMonitor
/// @{
///
/// ETW event
///
class wxETWEvent : public wxEvent
{
public:
///
/// Creates ETW event
///
/// \param[in] type The unique type of event
/// \param[in] record ETW event record
///
wxETWEvent(wxEventType type = wxEVT_NULL, const EVENT_RECORD &record = s_record_null);
///
/// Copies an ETW event
///
/// \param[in] event ETW event to copy from
///
wxETWEvent(const wxETWEvent& event);
virtual wxEvent *Clone() const { return new wxETWEvent(*this); }
inline const winstd::event_rec& GetRecord() const { return m_record; }
inline winstd::event_rec& GetRecord() { return m_record; }
///
/// Clones the ETW event
///
/// \returns Event copy
///
virtual wxEvent *Clone() const
{
return new wxETWEvent(*this);
}
protected:
bool DoSetExtendedData(size_t extended_data_count, const EVENT_HEADER_EXTENDED_DATA_ITEM *extended_data);
bool DoSetUserData(size_t user_data_length, const void *user_data);
///
/// Returns ETW event record assosiated with event
///
inline const winstd::event_rec& GetRecord() const
{
return m_record;
}
///
/// Returns ETW event record assosiated with event
///
inline winstd::event_rec& GetRecord()
{
return m_record;
}
private:
DECLARE_DYNAMIC_CLASS_NO_ASSIGN(wxETWEvent)
public:
static const EVENT_RECORD s_record_null;
static const EVENT_RECORD s_record_null; ///< Blank ETW event record
protected:
winstd::event_rec m_record; ///< ETW event record
};
///
/// Prototype of the function consuming `wxETWEvent` events
///
typedef void (wxEvtHandler::*wxETWEventFunction)(wxETWEvent&);
///
/// Monitors ETW events and forwards them as `wxETWEvent` event
///
class wxEventTraceProcessorThread : public wxThread
{
public:
///
/// A thread to process ETW events
///
/// \param[in] parent Event handler this thread will send record notifications
/// \param[in] sessions An array of sessions to monitor
///
wxEventTraceProcessorThread(wxEvtHandler *parent, const wxArrayString &sessions);
///
/// Destructor
///
virtual ~wxEventTraceProcessorThread();
///
/// Closes all session handles to allow graceful thread termination
///
void Abort();
protected:
/// \cond internal
virtual ExitCode Entry();
/// \endcond
private:
/// \cond internal
static VOID WINAPI EventRecordCallback(PEVENT_RECORD pEvent);
/// \endcond
protected:
std::vector<TRACEHANDLE> m_traces; ///< An array of tracing sessions this thread is monitoring
@@ -109,6 +159,9 @@ protected:
};
///
/// Event list control
///
class wxETWListCtrl : public wxListCtrl
{
protected:
@@ -117,6 +170,9 @@ protected:
///
struct less_guid : public std::binary_function<GUID, GUID, bool>
{
///
/// Compares two GUIDs
///
bool operator()(const GUID &a, const GUID &b) const
{
if (a.Data1 < b.Data1) return true;
@@ -136,6 +192,17 @@ protected:
typedef std::set<GUID, less_guid> guidset;
public:
///
/// Creates a list control for ETW log display
///
/// \param[in] parent Parent window. Must not be \c NULL.
/// \param[in] id Window identifier. The value \c wxID_ANY indicates a default value.
/// \param[in] pos Window position. If \c wxDefaultPosition is specified then a default position is chosen.
/// \param[in] size Window size. If \c wxDefaultSize is specified then the window is sized appropriately.
/// \param[in] style Window style. See \c wxListCtrl.
/// \param[in] validator Window validator
/// \param[in] name Window name
///
wxETWListCtrl(
wxWindow *parent,
wxWindowID id = wxID_ANY,
@@ -144,21 +211,70 @@ public:
long style = wxLC_NO_SORT_HEADER|wxLC_REPORT|wxLC_VIRTUAL|wxNO_BORDER,
const wxValidator &validator = wxDefaultValidator,
const wxString &name = wxListCtrlNameStr);
///
/// Destructor
///
virtual ~wxETWListCtrl();
inline bool IsEmpty() const { return m_rec_db.empty(); }
///
/// Returns true if the list is empty
///
inline bool IsEmpty() const
{
return m_rec_db.empty();
}
///
/// Copies selected rows to clipboard
///
void CopySelected() const;
///
/// Copies all rows (including hidden ones) to clipboard
///
void CopyAll() const;
///
/// Empties the list
///
void ClearAll();
///
/// Selects all rows
///
void SelectAll();
///
/// Clears row selection
///
void SelectNone();
///
/// Rebuilds the list
///
void RebuildItems();
///
/// Checks if given ETW source is enabled
///
/// \param[in] guid GUID of ETW source
///
/// \returns
/// - \c true if ETW source with \p guid GUID is enabled;
/// - \c false otherwise.
///
inline bool IsSourceEnabled(const GUID &guid) const
{
return m_sources.find(guid) != m_sources.end();
}
///
/// Enables/Disables ETW source
///
/// \param[in] guid GUID of ETW source
/// \param[in] enable \c true to enable, \c false to disable
///
inline void EnableSource(const GUID &guid, bool enable = true)
{
auto s = m_sources.find(guid);
@@ -178,6 +294,7 @@ public:
friend class wxPersistentETWListCtrl; // Allow saving/restoring window state.
protected:
/// \cond internal
bool IsVisible(const EVENT_RECORD &rec) const;
void FormatRow(const winstd::event_rec &rec, std::string &rowA, std::wstring &rowW) const;
bool CopyToClipboard(const std::string &dataA, const std::wstring &dataW) const;
@@ -186,6 +303,8 @@ protected:
virtual wxString OnGetItemText(long item, long column) const;
virtual wxString OnGetItemText(const winstd::event_rec &rec, long column) const;
void OnETWEvent(wxETWEvent& event);
/// \endcond
DECLARE_EVENT_TABLE()
public:
@@ -209,18 +328,48 @@ protected:
};
///
/// Supports saving/restoring `wxETWListCtrl` state
///
class wxPersistentETWListCtrl : public wxPersistentWindow<wxETWListCtrl>
{
public:
///
/// Constructor for a persistent window object
///
/// \param[in] wnd Window this object will save/restore
///
wxPersistentETWListCtrl(wxETWListCtrl *wnd);
///
/// Returns the string uniquely identifying the objects supported by this adapter.
///
/// \returns This implementation always returns `wxT(wxPERSIST_TLW_KIND)`
///
virtual wxString GetKind() const;
///
/// Saves the object properties
///
virtual void Save() const;
///
/// Restores the object properties
///
/// \returns
/// - \c true if the properties were successfully restored;
/// - \c false otherwise.
///
virtual bool Restore();
};
///
/// Creates persistent window object for `wxETWListCtrl` class window
///
inline wxPersistentObject *wxCreatePersistentObject(wxETWListCtrl *wnd)
{
return new wxPersistentETWListCtrl(wnd);
}
/// @}

4
EventMonitor/Frame.cpp
View File

@@ -261,6 +261,8 @@ wxEventMonitorFrame::~wxEventMonitorFrame()
}
/// \cond internal
void wxEventMonitorFrame::OnExit(wxCommandEvent& event)
{
Close();
@@ -408,6 +410,8 @@ void wxEventMonitorFrame::OnViewToolbar(wxCommandEvent& event)
}
}
/// \endcond
//////////////////////////////////////////////////////////////////////////
// wxPersistentEventMonitorFrame

56
EventMonitor/Frame.h
View File

@@ -18,14 +18,7 @@
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
///
/// EventMonitor main frame
///
class wxEventMonitorFrame;
///
/// Supports saving/restoring wxEventMonitorFrame GUI state
///
class wxPersistentEventMonitorFrame;
#pragma once;
@@ -42,6 +35,12 @@ class wxPersistentEventMonitorFrame;
#include <WinStd/Win.h>
/// \addtogroup EventMonitor
/// @{
///
/// EventMonitor main frame
///
class wxEventMonitorFrame : public wxFrame
{
protected:
@@ -62,12 +61,28 @@ protected:
};
public:
///
/// Creates an EventMonitor frame window
///
/// \param[in] parent The window parent. This may be \c NULL. If it is non-NULL, the frame will always be displayed on top of the parent window on Windows.
/// \param[in] id The window identifier. It may take a value of \c wxID_ANY to indicate a default value.
/// \param[in] title The caption to be displayed on the frame's title bar.
/// \param[in] pos The window position. The value \c wxDefaultPosition indicates a default position, chosen by either the windowing system or wxWidgets, depending on platform.
/// \param[in] size The window size. The value \c wxDefaultSize indicates a default size, chosen by either the windowing system or wxWidgets, depending on platform.
/// \param[in] style The window style. See `wxFrame` class description.
/// \param[in] name The name of the window. This parameter is used to associate a name with the item, allowing the application user to set Motif resource values for individual windows.
///
wxEventMonitorFrame(wxWindow* parent, wxWindowID id = wxID_ANY, const wxString& title = _("Event Monitor"), const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize(600,400), long style = wxDEFAULT_FRAME_STYLE|wxTAB_TRAVERSAL, const wxString& name = wxT("EventMonitor"));
///
/// Destructor
///
~wxEventMonitorFrame();
friend class wxPersistentEventMonitorFrame;
protected:
/// \cond internal
void OnExit(wxCommandEvent& event);
void OnEditCopyUpdate(wxUpdateUIEvent& event);
void OnEditCopy(wxCommandEvent& event);
@@ -87,8 +102,10 @@ protected:
void OnViewLevel(wxCommandEvent& event);
void OnViewToolbarUpdate(wxUpdateUIEvent& event);
void OnViewToolbar(wxCommandEvent& event);
/// \endcond
protected:
/// \cond internal
wxMenuBar* m_menubar;
wxMenu* m_menuProgram;
wxMenu* m_menuEdit;
@@ -114,20 +131,45 @@ protected:
wxStatusBar* m_statusBar;
wxEventMonitorLogPanel* m_panel;
wxAuiManager m_mgr;
/// \endcond
};
///
/// Supports saving/restoring `wxEventMonitorFrame` GUI state
///
class wxPersistentEventMonitorFrame : public wxPersistentTLW
{
public:
///
/// Constructor for a persistent window object
///
/// \param[in] wnd Window this object will save/restore
///
wxPersistentEventMonitorFrame(wxEventMonitorFrame *wnd);
///
/// Saves the object properties
///
virtual void Save() const;
///
/// Restores the object properties
///
/// \returns
/// - \c true if the properties were successfully restored;
/// - \c false otherwise.
///
virtual bool Restore();
};
///
/// Creates persistent window object for `wxETWListCtrl` class window
///
inline wxPersistentObject *wxCreatePersistentObject(wxEventMonitorFrame *wnd)
{
return new wxPersistentEventMonitorFrame(wnd);
}
/// @}

48
EventMonitor/LogPanel.h
View File

@@ -18,14 +18,7 @@
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
///
/// EventMonitor trace log panel
///
class wxEventMonitorLogPanel;
///
/// Supports saving/restoring wxEventMonitorLogPanel state
///
class wxPersistentEventMonitorLogPanel;
#pragma once
@@ -34,27 +27,68 @@ class wxPersistentEventMonitorLogPanel;
#include <wx/persist/window.h>
/// \addtogroup EventMonitor
/// @{
///
/// EventMonitor trace log panel
///
class wxEventMonitorLogPanel : public wxEventMonitorLogPanelBase
{
public:
///
/// Constructs EventMonitor log panel
///
/// \param[in] parent Parent window. Must not be \c NULL.
///
wxEventMonitorLogPanel(wxWindow* parent);
friend class wxPersistentEventMonitorLogPanel; // Allow saving/restoring window state.
};
///
/// Supports saving/restoring `wxEventMonitorLogPanel` state
///
class wxPersistentEventMonitorLogPanel : public wxPersistentWindow<wxEventMonitorLogPanel>
{
public:
///
/// Constructor for a persistent window object
///
/// \param[in] wnd Window this object will save/restore
///
wxPersistentEventMonitorLogPanel(wxEventMonitorLogPanel *wnd);
///
/// Returns the string uniquely identifying the objects supported by this adapter.
///
/// \returns This implementation always returns `wxT(wxPERSIST_TLW_KIND)`
///
virtual wxString GetKind() const;
///
/// Saves the object properties
///
virtual void Save() const;
///
/// Restores the object properties
///
/// \returns
/// - \c true if the properties were successfully restored;
/// - \c false otherwise.
///
virtual bool Restore();
};
///
/// Creates persistent window object for `wxEventMonitorLogPanel` class window
///
inline wxPersistentObject *wxCreatePersistentObject(wxEventMonitorLogPanel *wnd)
{
return new wxPersistentEventMonitorLogPanel(wnd);
}
/// @}

BIN
EventMonitor/MSIBuild/Makefile
View File

Binary file not shown.

38
EventMonitor/locale/EventMonitor.pot
View File

@@ -2,14 +2,14 @@
msgid ""
msgstr ""
"Project-Id-Version: EventMonitor\n"
"POT-Creation-Date: 2016-09-19 11:14+0200\n"
"POT-Creation-Date: 2016-11-04 14:10+0100\n"
"PO-Revision-Date: 2016-06-02 12:27+0200\n"
"Last-Translator: Simon Rozman <simon.rozman@amebis.si>\n"
"Language-Team: Amebis, d. o. o., Kamnik <info@amebis.si>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Poedit 1.8.9\n"
"X-Generator: Poedit 1.8.10\n"
"X-Poedit-Basepath: ..\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
"Language: en_US\n"
@@ -17,7 +17,9 @@ msgstr ""
"X-Poedit-KeywordsList: _\n"
"X-Poedit-SearchPath-0: .\n"
#: App.cpp:61 Frame.h:67 MSIBuild/en_US.Win32.Release.Feature-2.idtx:4
#: App.cpp:61 Frame.h:75 MSIBuild/en_US.Win32.Debug.Feature-2.idtx:4
#: MSIBuild/en_US.Win32.Release.Feature-2.idtx:4
#: MSIBuild/en_US.x64.Debug.Feature-2.idtx:4
#: MSIBuild/en_US.x64.Release.Feature-2.idtx:4
msgid "Event Monitor"
msgstr ""
@@ -27,41 +29,41 @@ msgstr ""
msgid "Error opening event trace (error %u)."
msgstr ""
#: ETWLog.cpp:167
#: ETWLog.cpp:171
msgid "Time"
msgstr ""
#: ETWLog.cpp:168
#: ETWLog.cpp:172
msgid "PID"
msgstr ""
#: ETWLog.cpp:169
#: ETWLog.cpp:173
msgid "TID"
msgstr ""
#: ETWLog.cpp:170
#: ETWLog.cpp:174
msgid "Source"
msgstr ""
#: ETWLog.cpp:171
#: ETWLog.cpp:175
msgid "Event"
msgstr ""
#: ETWLog.cpp:228
#: ETWLog.cpp:232
msgid "Access denied creating event session: you need administrative privileges (Run As Administrator) or be a member of Performance Log Users group to start event tracing session."
msgstr ""
#: ETWLog.cpp:231
#, c-format
msgid "The %s event session already exists."
msgstr ""
#: ETWLog.cpp:235
#, c-format
msgid "The %s event session already exists."
msgstr ""
#: ETWLog.cpp:239
#, c-format
msgid "Error creating event session (error %u)."
msgstr ""
#: ETWLog.cpp:251 ETWLog.cpp:267 ETWLog.cpp:281
#: ETWLog.cpp:255 ETWLog.cpp:271 ETWLog.cpp:285
#, c-format
msgid "Error enabling %s event provider (error %u)."
msgstr ""
@@ -205,14 +207,20 @@ msgstr ""
msgid "Trace Log"
msgstr ""
#: MSIBuild/en_US.Win32.Debug.Feature-2.idtx:4
#: MSIBuild/en_US.Win32.Debug.Shortcut-2.idtx:4
#: MSIBuild/en_US.Win32.Release.Feature-2.idtx:4
#: MSIBuild/en_US.Win32.Release.Shortcut-2.idtx:4
#: MSIBuild/en_US.x64.Debug.Feature-2.idtx:4
#: MSIBuild/en_US.x64.Debug.Shortcut-2.idtx:4
#: MSIBuild/en_US.x64.Release.Feature-2.idtx:4
#: MSIBuild/en_US.x64.Release.Shortcut-2.idtx:4
msgid "Real-time display of internal events"
msgstr ""
#: MSIBuild/en_US.Win32.Debug.Shortcut-2.idtx:4
#: MSIBuild/en_US.Win32.Release.Shortcut-2.idtx:4
#: MSIBuild/en_US.x64.Debug.Shortcut-2.idtx:4
#: MSIBuild/en_US.x64.Release.Shortcut-2.idtx:4
msgid "EVENTM~1|GÉANTLink Event Monitor"
msgstr ""

BIN
MSI/Base/Main/Makefile
View File

Binary file not shown.

11
MSI/Base/locale/MSIBase.pot
View File

@@ -2,14 +2,14 @@
msgid ""
msgstr ""
"Project-Id-Version: GÉANTLink MSI\n"
"POT-Creation-Date: 2016-09-19 11:20+0200\n"
"POT-Creation-Date: 2016-11-04 14:10+0100\n"
"PO-Revision-Date: 2016-06-02 12:27+0200\n"
"Last-Translator: Simon Rozman <simon.rozman@amebis.si>\n"
"Language-Team: Amebis, d. o. o., Kamnik <info@amebis.si>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Poedit 1.8.9\n"
"X-Generator: Poedit 1.8.10\n"
"X-Poedit-Basepath: ../Main\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
"Language: en_US\n"
@@ -17,16 +17,21 @@ msgstr ""
"X-Poedit-KeywordsList: _\n"
"X-Poedit-SearchPath-0: .\n"
#: en_US.Win32.Debug.LaunchCondition-2.idtx:4
#: en_US.Win32.Release.LaunchCondition-2.idtx:4
#: en_US.x64.Debug.LaunchCondition-2.idtx:4
#: en_US.x64.Release.LaunchCondition-2.idtx:4
msgid "[ProductName] requires Windows Vista or later version of Windows."
msgstr ""
#: en_US.Win32.Debug.Property-2.idtx:4 en_US.Win32.Debug.Property-2.idtx:5
#: en_US.Win32.Release.Property-2.idtx:4 en_US.Win32.Release.Property-2.idtx:5
#: en_US.x64.Debug.Property-2.idtx:4 en_US.x64.Debug.Property-2.idtx:5
#: en_US.x64.Release.Property-2.idtx:4 en_US.x64.Release.Property-2.idtx:5
msgid "http://www.geant.org/"
msgstr ""
#: en_US.Win32.Release.Property-2.idtx:6 en_US.x64.Release.Property-2.idtx:6
#: en_US.Win32.Debug.Property-2.idtx:6 en_US.Win32.Release.Property-2.idtx:6
#: en_US.x64.Debug.Property-2.idtx:6 en_US.x64.Release.Property-2.idtx:6
msgid "https://github.com/Amebis/GEANTLink/releases"
msgstr ""

BIN
Makefile
View File

Binary file not shown.

17
README.md
View File

@@ -8,22 +8,22 @@ Suite of EAP supplicants for Windows - IEEE 802.1X plug-ins for enterprise netwo
- Microsoft Windows Vista or later
- Microsoft Visual Studio 2010 SP1
- _msgfmt.exe_ from [gettext](https://www.gnu.org/software/gettext/);
Hint: [Poedit](https://poedit.net/) contains up-to-date binary Win32 compiled gettext-utilities. Install it and add _GettextTools\bin_ folder to path.
Hint: [Poedit](https://poedit.net/) contains up-to-date binary Win32 compiled gettext-utilities. Install it and add `GettextTools\bin` folder to the system path.
- _sed.exe_ and _grep.exe_
- _MsiDb.Exe_ and other command line utilities for MSI packaging distributed as a part of Microsoft Windows SDK (installed with Visual Studio). Add SDK's _Bin_ folder to path.
- _MsiDb.Exe_ and other command line utilities for MSI packaging distributed as a part of Microsoft Windows SDK (installed with Visual Studio). Add SDK's `Bin` folder to the system path.
### wxWidgets
GÉANTLink is using wxWidgets v3.0.2 static libraries. Unfortunately, only dynamic libraries (DLL) variant is available as a binary download. Therefore static libraries needs to be compiled from [source](https://github.com/wxWidgets/wxWidgets).
#### Compiling wxWidgets Win32 static libraries
1. Start _Visual Studio Command Prompt (2010)_
2. Change working directory to _build\msw_
2. Change working folder to `build\msw`
3. Run: `nmake /f makefile.vc /ls RUNTIME_LIBS=static SHARED=0`
4. Run: `nmake /f makefile.vc /ls RUNTIME_LIBS=static SHARED=0 BUILD=release`
#### Compiling wxWidgets x64 static libraries
1. Start _Visual Studio x64 Cross Tools Command Prompt (2010)_
2. Change working directory to _build\msw_
2. Change working folder to `build\msw`
3. Run: `nmake /f makefile.vc /ls RUNTIME_LIBS=static SHARED=0 TARGET_CPU=X64`
4. Run: `nmake /f makefile.vc /ls RUNTIME_LIBS=static SHARED=0 TARGET_CPU=X64 BUILD=release`
@@ -43,6 +43,9 @@ Please note that only Release builds are configured for timestamp signing. Debug
### Building
#### Building in Visual Studio IDE
GÉANTLink has some submodules. When cloning Git repository, make sure to use `--recursive` Git switch to clone submodules too. Example:
`git clone --recursive "https://github.com/Amebis/GEANTLink.git" "C:\Projects\GEANTLink"`
GÉANTLink can be build and debugged opening _VS10Solution.sln_ in Visual C++ 2010 IDE.
Before one can attempt to debug EAP DLLs, you should run `nmake register` from an elevated command prompt. See _Building in command line_ chapter below.
@@ -66,7 +69,7 @@ A few seconds after desired function call has finished, _DllHost.exe_ terminates
To debug early life of our GUI DLL, uncomment `Sleep(10000)` in `DllMain()` of the module, and set breakpoints. This should give you plenty of time to attach the debugger to _DllHost.exe_ process before our DLL starts.
#### Building in command line
Use of standard command prompt is recommended, providing that Microsoft Visual Studio 2010 folders containing _nmake.exe_ and _devenv.com_ are added to the path.
Use of standard command prompt is recommended, providing that Microsoft Visual Studio 2010 folders containing _nmake.exe_ and _devenv.com_ are added to the system path.
Use Microsoft NMAKE to build the project.
@@ -75,7 +78,7 @@ Command | Explanation
`nmake Clean` | Deletes all intermediate and output files.
`nmake Register` | Builds a debug version of project, registers DLLs, and adds Start Menu shortcuts. For testing and development purposes only! Requires elevated command prompt.
`nmake Unregister` | Removes Start Menu shortcuts, unregisters DLLs. For testing development purposes only! Requires elevated command prompt.
`nmake Setup` | Builds a release version of project and release MSI setup files. The resulting files can be found in _output\Setup_ folder.
`nmake SetupDebug` | Builds a debug version of project and debug MSI setup files. The resulting files can be found in _output\Setup_ folder.
`nmake Setup` | Builds a release version of project and release MSI setup files. The resulting files can be found in `output\Setup` folder.
`nmake SetupDebug` | Builds a debug version of project and debug MSI setup files. The resulting files can be found in `output\Setup` folder.
The `/ls` flag can be appended to the commands above to reduce NMAKEs verbosity. You can combine multiple targets (i.e. nmake Unregister Clean). Please, see NMAKE reference for further reading.

22
VS10Solution.sln
View File

@@ -51,6 +51,10 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MSCHAPv2", "lib\MSCHAPv2\bu
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MSCHAPv2_UI", "lib\MSCHAPv2_UI\build\MSCHAPv2_UI.vcxproj", "{7AF5B922-7C17-428A-97E0-09E3B41A684D}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "EapHost", "lib\EapHost\build\EapHost.vcxproj", "{B385EC2B-C3F4-48BB-9BAC-8B996DE7F754}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "EapHost_UI", "lib\EapHost_UI\build\EapHost_UI.vcxproj", "{13D2D8B5-F6AA-459D-B5F7-29B95DD9D583}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Win32 = Debug|Win32
@@ -211,6 +215,22 @@ Global
{7AF5B922-7C17-428A-97E0-09E3B41A684D}.Release|Win32.Build.0 = Release|Win32
{7AF5B922-7C17-428A-97E0-09E3B41A684D}.Release|x64.ActiveCfg = Release|x64
{7AF5B922-7C17-428A-97E0-09E3B41A684D}.Release|x64.Build.0 = Release|x64
{B385EC2B-C3F4-48BB-9BAC-8B996DE7F754}.Debug|Win32.ActiveCfg = Debug|Win32
{B385EC2B-C3F4-48BB-9BAC-8B996DE7F754}.Debug|Win32.Build.0 = Debug|Win32
{B385EC2B-C3F4-48BB-9BAC-8B996DE7F754}.Debug|x64.ActiveCfg = Debug|x64
{B385EC2B-C3F4-48BB-9BAC-8B996DE7F754}.Debug|x64.Build.0 = Debug|x64
{B385EC2B-C3F4-48BB-9BAC-8B996DE7F754}.Release|Win32.ActiveCfg = Release|Win32
{B385EC2B-C3F4-48BB-9BAC-8B996DE7F754}.Release|Win32.Build.0 = Release|Win32
{B385EC2B-C3F4-48BB-9BAC-8B996DE7F754}.Release|x64.ActiveCfg = Release|x64
{B385EC2B-C3F4-48BB-9BAC-8B996DE7F754}.Release|x64.Build.0 = Release|x64
{13D2D8B5-F6AA-459D-B5F7-29B95DD9D583}.Debug|Win32.ActiveCfg = Debug|Win32
{13D2D8B5-F6AA-459D-B5F7-29B95DD9D583}.Debug|Win32.Build.0 = Debug|Win32
{13D2D8B5-F6AA-459D-B5F7-29B95DD9D583}.Debug|x64.ActiveCfg = Debug|x64
{13D2D8B5-F6AA-459D-B5F7-29B95DD9D583}.Debug|x64.Build.0 = Debug|x64
{13D2D8B5-F6AA-459D-B5F7-29B95DD9D583}.Release|Win32.ActiveCfg = Release|Win32
{13D2D8B5-F6AA-459D-B5F7-29B95DD9D583}.Release|Win32.Build.0 = Release|Win32
{13D2D8B5-F6AA-459D-B5F7-29B95DD9D583}.Release|x64.ActiveCfg = Release|x64
{13D2D8B5-F6AA-459D-B5F7-29B95DD9D583}.Release|x64.Build.0 = Release|x64
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
@@ -231,6 +251,8 @@ Global
{D3E29951-D9F5-486D-A167-20AE8E90B1FA} = {E66A3FE1-4EE4-401F-8EAD-BE518B230393}
{86A6D6A0-4B7D-4134-BE81-A5755C77584D} = {E66A3FE1-4EE4-401F-8EAD-BE518B230393}
{7AF5B922-7C17-428A-97E0-09E3B41A684D} = {E66A3FE1-4EE4-401F-8EAD-BE518B230393}
{B385EC2B-C3F4-48BB-9BAC-8B996DE7F754} = {E66A3FE1-4EE4-401F-8EAD-BE518B230393}
{13D2D8B5-F6AA-459D-B5F7-29B95DD9D583} = {E66A3FE1-4EE4-401F-8EAD-BE518B230393}
{2D3CE079-7EB1-4F47-B79E-F0310671ECCB} = {7B5EC9B7-208C-426A-941D-DAF9271BD4A4}
{679D03C5-CD70-4FFA-93F8-A4AB3637509B} = {7B5EC9B7-208C-426A-941D-DAF9271BD4A4}
{E0D0725B-B2FC-4225-9481-CA9B1B6306F2} = {7B5EC9B7-208C-426A-941D-DAF9271BD4A4}

BIN
include/MSIBuildCfg.mak
View File

Binary file not shown.

14
include/Version.h
View File

@@ -29,7 +29,7 @@
// Product version as a single DWORD
// Note: Used for version comparison within C/C++ code.
//
#define PRODUCT_VERSION 0x00ff1900
#define PRODUCT_VERSION 0x01010000
//
// Product version by components
@@ -37,28 +37,28 @@
// thus we need to specify major, minor and other version components
// separately.
//
#define PRODUCT_VERSION_MAJ 0
#define PRODUCT_VERSION_MIN 255
#define PRODUCT_VERSION_REV 25
#define PRODUCT_VERSION_MAJ 1
#define PRODUCT_VERSION_MIN 1
#define PRODUCT_VERSION_REV 0
#define PRODUCT_VERSION_BUILD 0
//
// Human readable product version and build year for UI
//
#define PRODUCT_VERSION_STR "1.0-beta7"
#define PRODUCT_VERSION_STR "1.1-beta"
#define PRODUCT_BUILD_YEAR_STR "2016"
//
// Numerical version presentation for ProductVersion propery in
// MSI packages (syntax: N.N[.N[.N]])
//
#define PRODUCT_VERSION_INST "0.255.25"
#define PRODUCT_VERSION_INST "1.1"
//
// The product code for ProductCode property in MSI packages
// Replace with new on every version change, regardless how minor it is.
//
#define PRODUCT_VERSION_GUID "{603E4647-DA68-4F56-9503-9050756C3159}"
#define PRODUCT_VERSION_GUID "{AD491849-8F70-4C09-BDF9-3FD9608DF418}"
//
// Product vendor

262
lib/EAPBase/include/Config.h
View File

@@ -24,32 +24,16 @@
namespace eap
{
///
/// Base class for configuration storage
///
class config;
///
/// Base class for method configuration storage
///
class config_method;
///
/// Base class for method with credentials
///
class config_method_with_cred;
///
/// Provider configuration storage
///
class config_provider;
///
/// Connection configuration storage
///
class config_connection;
}
/// \addtogroup EAPBaseStream
/// @{
///
/// Packs a configuration
///
@@ -65,7 +49,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::config &
///
/// \returns Size of data when packed (in bytes)
///
inline size_t pksizeof(const eap::config &val);
inline size_t pksizeof(_In_ const eap::config &val);
///
/// Unpacks a configuration
@@ -75,6 +59,8 @@ inline size_t pksizeof(const eap::config &val);
///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config &val);
/// @}
#pragma once
#include "Module.h"
@@ -96,6 +82,15 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config &val);
namespace eap
{
///
/// \defgroup EAPBaseConfig Configuration
/// Configuration management
///
/// @{
///
/// Base class for configuration storage
///
class config
{
public:
@@ -139,17 +134,17 @@ namespace eap
config& operator=(_Inout_ config &&other);
///
/// Clones this configuration
/// Clones this object
///
/// \returns Pointer to cloned configuration
/// \returns Pointer to cloned object with identical data
///
virtual config* clone() const = 0;
/// \name XML configuration management
/// \name XML management
/// @{
///
/// Save to XML document
/// Save data to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
@@ -169,21 +164,21 @@ namespace eap
/// @{
///
/// Packs a configuration
/// Packs this object
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
/// Returns packed size of this object
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
/// Unpacks this object
///
/// \param[inout] cursor Memory cursor
///
@@ -192,13 +187,19 @@ namespace eap
/// @}
public:
module &m_module; ///< EAP module
module &m_module; ///< EAP module
protected:
static const winstd::bstr namespace_eapmetadata;
static const winstd::bstr namespace_eapmetadata; ///< Reusable BSTR containing "urn:ietf:params:xml:ns:yang:ietf-eap-metadata"
};
class credentials;
///
/// Base class for method configuration storage
///
class config_method : public config
{
public:
@@ -261,50 +262,17 @@ namespace eap
///
config_method& operator=(_Inout_ config_method &&other);
/// \name XML configuration management
/// \name XML management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
///
@@ -319,6 +287,11 @@ namespace eap
///
virtual const wchar_t* get_method_str() const = 0;
///
/// Creates a blank set of credentials suitable for this method
///
virtual credentials* make_credentials() const = 0;
public:
const unsigned int m_level; ///< Config level (0=outer, 1=inner, 2=inner-inner...)
bool m_allow_save; ///< Are credentials allowed to be saved to Windows Credential Manager?
@@ -327,9 +300,9 @@ namespace eap
};
class credentials;
///
/// Base class for method with credentials
///
class config_method_with_cred : public config_method
{
public:
@@ -373,63 +346,28 @@ namespace eap
///
config_method_with_cred& operator=(_Inout_ config_method_with_cred &&other);
/// \name XML configuration management
/// \name XML management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
///
/// Creates a blank set of credentials suitable for this method
///
virtual credentials* make_credentials() const = 0;
public:
bool m_use_cred; ///< Use configured credentials
std::unique_ptr<credentials> m_cred; ///< Configured credentials
};
///
/// Provider configuration storage
///
class config_provider : public config
{
public:
@@ -472,57 +410,19 @@ namespace eap
///
config_provider& operator=(_Inout_ config_provider &&other);
///
/// Clones configuration
///
/// \returns Pointer to cloned configuration
///
virtual config* clone() const;
/// \name XML configuration management
/// \name XML management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
///
@@ -555,9 +455,15 @@ namespace eap
};
///
/// Connection configuration storage
///
class config_connection : public config
{
public:
///
/// List of configuration providers
///
typedef std::list<eap::config_provider> provider_list;
public:
@@ -600,62 +506,26 @@ namespace eap
///
config_connection& operator=(_Inout_ config_connection &&other);
///
/// Clones configuration
///
/// \returns Pointer to cloned configuration
///
virtual config* clone() const;
/// \name XML configuration management
/// \name XML management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
public:
std::list<eap::config_provider> m_providers; ///< Provider configurations
};
/// @}
}
@@ -665,7 +535,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::config &
}
inline size_t pksizeof(const eap::config &val)
inline size_t pksizeof(_In_ const eap::config &val)
{
return val.get_pk_size();
}
@@ -677,19 +547,43 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config &val)
}
/// \addtogroup EAPBaseStream
/// @{
///
/// Packs a method status
///
/// \param[inout] cursor Memory cursor
/// \param[in] val Method status to pack
///
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::config_method::status_t &val)
{
cursor << (unsigned char)val;
}
///
/// Returns packed size of a method status
///
/// \param[in] val Method status to pack
///
/// \returns Size of data when packed (in bytes)
///
inline size_t pksizeof(_In_ const eap::config_method::status_t &val)
{
return pksizeof((unsigned char)val);
}
///
/// Unpacks a method status
///
/// \param[inout] cursor Memory cursor
/// \param[out] val Method status to unpack to
///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config_method::status_t &val)
{
cursor >> (unsigned char&)val;
}
/// @}

239
lib/EAPBase/include/Credentials.h
View File

@@ -22,19 +22,8 @@
namespace eap
{
///
/// Base class for method credential storage
///
class credentials;
///
/// Password based method credentials
///
class credentials_pass;
///
/// Connection credentials
///
class credentials_connection;
}
@@ -58,6 +47,15 @@ namespace eap
namespace eap
{
///
/// \defgroup EAPBaseCred Credentials
/// Credential management
///
/// @{
///
/// Base class for method credential storage
///
class credentials : public config
{
public:
@@ -68,7 +66,8 @@ namespace eap
source_unknown = -1, ///< Unknown source
source_cache = 0, ///< Credentials were obtained from EapHost cache
source_config, ///< Credentials were set by method configuration
source_storage ///< Credentials were loaded from Windows Credential Manager
source_storage, ///< Credentials were loaded from Windows Credential Manager
source_lower, ///< Credentials were set by lower EAP method
};
@@ -126,50 +125,17 @@ namespace eap
///
virtual bool empty() const;
/// \name XML configuration management
/// \name XML management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
/// \name Storage
@@ -239,12 +205,14 @@ namespace eap
/// Combine credentials in the following order:
///
/// 1. Cached credentials
/// 2. Pre-configured credentials
/// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`)
/// 3. Stored credentials
///
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be the same type of credentials as `this`)
/// \param[in] cfg Method configuration (must be the same type of configuration as `this` credentials belong to)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior
/// \param[in] hTokenImpersonateUser Impersonation token for a logged-on user to collect user-related information
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be the same type of credentials as `this`)
/// \param[in] cfg Method configuration (must be the same type of configuration as `this` credentials belong to)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c source_cache Credentials were obtained from EapHost cache
@@ -252,15 +220,20 @@ namespace eap
/// - \c source_storage Credentials were loaded from Windows Credential Manager
///
virtual source_t combine(
_In_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName) = 0;
_In_ DWORD dwFlags,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName) = 0;
public:
std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.)
};
///
/// Password based method credentials
///
class credentials_pass : public credentials
{
public:
@@ -314,109 +287,47 @@ namespace eap
///
credentials_pass& operator=(_Inout_ credentials_pass &&other);
///
/// Clones credentials
///
/// \returns Pointer to cloned credentials
///
virtual config* clone() const;
///
/// Resets credentials
///
virtual void clear();
///
/// Test credentials if blank
///
/// \returns
/// - \c true if blank
/// - \c false otherwise
///
virtual bool empty() const;
/// \name XML configuration management
/// \name XML management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
/// \name Storage
/// @{
///
/// Save credentials to Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const;
///
/// Retrieve credentials from Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level);
///
/// Return target suffix for Windows Credential Manager credential name
/// @copydoc eap::credentials::target_suffix()
/// \returns This implementation always returns `_T("pass")`
///
virtual LPCTSTR target_suffix() const;
/// @}
///
/// Combine credentials in the following order:
///
/// 1. Cached credentials
/// 2. Pre-configured credentials
/// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`)
/// 3. Stored credentials
///
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_pass* type)
/// \param[in] cfg Method configuration (must be config_method_pap type)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior
/// \param[in] hTokenImpersonateUser Impersonation token for a logged-on user to collect user-related information
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL)
/// \param[in] cfg Method configuration (when derived from `config_method_with_cred`, metod attempt to load credentials from \p cfg)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c source_cache Credentials were obtained from EapHost cache
@@ -424,13 +335,15 @@ namespace eap
/// - \c source_storage Credentials were loaded from Windows Credential Manager
///
virtual source_t combine(
_In_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName);
_In_ DWORD dwFlags,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName);
public:
winstd::sanitizing_wstring m_password; ///< Password
enc_alg_t m_enc_alg; ///< Encryption algorithm used for XML password keeping
winstd::sanitizing_wstring m_password; ///< Password
enc_alg_t m_enc_alg; ///< Encryption algorithm used for XML password keeping
private:
/// \cond internal
@@ -439,6 +352,9 @@ namespace eap
};
///
/// Connection credentials
///
class credentials_connection : public config
{
public:
@@ -482,57 +398,19 @@ namespace eap
///
credentials_connection& operator=(_Inout_ credentials_connection &&other);
///
/// Clones configuration
///
/// \returns Pointer to cloned configuration
///
virtual config* clone() const;
/// \name XML configuration management
/// \name XML management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
///
@@ -566,22 +444,47 @@ namespace eap
std::wstring m_id; ///< Provider ID
std::unique_ptr<credentials> m_cred; ///< Credentials
};
/// @}
}
/// \addtogroup EAPBaseStream
/// @{
///
/// Packs a credential encryption algorithm ID
///
/// \param[inout] cursor Memory cursor
/// \param[in] val Credential encryption algorithm ID to pack
///
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::credentials_pass::enc_alg_t &val)
{
cursor << (unsigned char)val;
}
///
/// Returns packed size of a credential encryption algorithm ID
///
/// \param[in] val Credential encryption algorithm ID to pack
///
/// \returns Size of data when packed (in bytes)
///
inline size_t pksizeof(_In_ const eap::credentials_pass::enc_alg_t &val)
{
return pksizeof((unsigned char)val);
}
///
/// Unpacks a credential encryption algorithm ID
///
/// \param[inout] cursor Memory cursor
/// \param[out] val Credential encryption algorithm ID to unpack to
///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::credentials_pass::enc_alg_t &val)
{
cursor >> (unsigned char&)val;
}
/// @}

290
lib/EAPBase/include/EAP.h
View File

@@ -21,9 +21,18 @@
#define IDR_EAP_KEY_PUBLIC 1
#define IDR_EAP_KEY_PRIVATE 2
///
/// \defgroup EAPBaseStream Memory Packaging
/// Simple serialization/deserialization of data to/from memory opaque BLOBs
///
/// @{
#ifndef EAP_ENCRYPT_BLOBS
///
/// Compiler variable to control whether BLOBs leaving our module get encrypted
///
#define EAP_ENCRYPT_BLOBS 1
#endif
/// @}
#define _HOST_LOW_ENDIAN
@@ -42,15 +51,17 @@
namespace eap
{
///
/// Output BLOB cursor
///
struct cursor_out;
struct cursor_in;
template<size_t N> struct WINSTD_NOVTABLE sanitizing_blob_f;
template<size_t N> struct WINSTD_NOVTABLE sanitizing_blob_zf;
///
/// Input BLOB cursor
/// \defgroup EAPBaseSanitizing Sanitizing memory
/// Secure memory erasing after use
///
struct cursor_in;
/// @{
///
/// Sanitizing dynamically allocated BLOB
@@ -58,17 +69,7 @@ namespace eap
typedef std::vector<unsigned char, winstd::sanitizing_allocator<unsigned char> > sanitizing_blob;
///
/// Sanitizing BLOB of fixed size
///
template<size_t N> struct sanitizing_blob_f;
///
/// Sanitizing BLOB of fixed size (zero initialized)
///
template<size_t N> struct sanitizing_blob_zf;
///
/// Sanitizing BLOB of fixed size (zero initialized in _DEBUG version)
/// Sanitizing BLOB of fixed size (zero initialized in _DEBUG version, non-initialized in release version)
///
#ifdef _DEBUG
#define sanitizing_blob_xf sanitizing_blob_zf
@@ -76,27 +77,55 @@ namespace eap
#define sanitizing_blob_xf sanitizing_blob_f
#endif
///
/// Diameter AVP flags
///
/// @}
/// \addtogroup EAPBaseDiameter
/// @{
enum diameter_avp_flags_t;
///
/// Diameter AVP header
///
struct diameter_avp_header;
///
/// Diameter AVP header with Vendor-ID
///
struct diameter_avp_header_ven;
///
/// EAP packet
/// Appends Diameter AVP to response packet
///
class packet;
/// \param[in ] code AVP code
/// \param[in ] flags AVP flags
/// \param[in ] data AVP data (<16777212B)
/// \param[in ] size Size of \p data in bytes
/// \param[inout] packet Response packet to append data to
///
void diameter_avp_append(
_In_ unsigned int code,
_In_ unsigned char flags,
_In_bytecount_(size) const void *data,
_In_ unsigned int size,
_Inout_ sanitizing_blob &packet);
///
/// Appends Diameter AVP to response packet
///
/// \param[in ] code AVP code
/// \param[in ] vendor_id Vendor-ID
/// \param[in ] flags AVP flags
/// \param[in ] data AVP data (<16777212B)
/// \param[in ] size Size of \p data in bytes
/// \param[inout] packet Response packet to append data to
///
void diameter_avp_append(
_In_ unsigned int code,
_In_ unsigned int vendor_id,
_In_ unsigned char flags,
_In_bytecount_(size) const void *data,
_In_ unsigned int size,
_Inout_ sanitizing_blob &packet);
/// @}
}
/// \addtogroup EAPBaseStream
/// @{
///
/// Packs a boolean
///
@@ -214,7 +243,7 @@ template<class _Elem, class _Traits, class _Ax> inline void operator<<(_Inout_ e
///
/// \returns Size of data when packed (in bytes)
///
template<class _Elem, class _Traits, class _Ax> inline size_t pksizeof(const std::basic_string<_Elem, _Traits, _Ax> &val);
template<class _Elem, class _Traits, class _Ax> inline size_t pksizeof(_In_ const std::basic_string<_Elem, _Traits, _Ax> &val);
///
/// Unpacks a string
@@ -239,7 +268,7 @@ template<class _Traits, class _Ax> inline void operator<<(_Inout_ eap::cursor_ou
///
/// \returns Size of data when packed (in bytes)
///
template<class _Traits, class _Ax> inline size_t pksizeof(const std::basic_string<wchar_t, _Traits, _Ax> &val);
template<class _Traits, class _Ax> inline size_t pksizeof(_In_ const std::basic_string<wchar_t, _Traits, _Ax> &val);
///
/// Unpacks a wide string
@@ -264,7 +293,7 @@ template<class _Ty, class _Ax> inline void operator<<(_Inout_ eap::cursor_out &c
///
/// \returns Size of data when packed (in bytes)
///
template<class _Ty, class _Ax> inline size_t pksizeof(const std::vector<_Ty, _Ax> &val);
template<class _Ty, class _Ax> inline size_t pksizeof(_In_ const std::vector<_Ty, _Ax> &val);
///
/// Unpacks a vector
@@ -289,7 +318,7 @@ template<class _Ty, class _Ax> inline void operator<<(_Inout_ eap::cursor_out &c
///
/// \returns Size of data when packed (in bytes)
///
template<class _Ty, class _Ax> inline size_t pksizeof(const std::list<_Ty, _Ax> &val);
template<class _Ty, class _Ax> inline size_t pksizeof(_In_ const std::list<_Ty, _Ax> &val);
///
/// Unpacks a list
@@ -314,16 +343,9 @@ template<class _Ty, class _Dx> inline void operator<<(_Inout_ eap::cursor_out &c
///
/// \returns Size of data when packed (in bytes)
///
template<class _Ty, class _Dx> inline size_t pksizeof(const std::unique_ptr<_Ty, _Dx> &val);
template<class _Ty, class _Dx> inline size_t pksizeof(_In_ const std::unique_ptr<_Ty, _Dx> &val);
/////
///// Unpacks a std::unique_ptr
/////
///// \note Not generally unpackable, since we do not know, how to create a new instance of unique_ptr.
/////
///// \param[inout] cursor Memory cursor
///// \param[out] val std::unique_ptr to unpack to
/////
// std::unique_ptr<> is generally not unpackable, since we do not know, how to create a new instance of unique_ptr.
//template<class _Ty, class _Dx> inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ std::unique_ptr<_Ty, _Dx> &val);
///
@@ -341,7 +363,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const winstd::cert_
///
/// \returns Size of data when packed (in bytes)
///
inline size_t pksizeof(const winstd::cert_context &val);
inline size_t pksizeof(_In_ const winstd::cert_context &val);
///
/// Unpacks a certificate context
@@ -366,7 +388,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const winstd::eap_t
///
/// \returns Size of data when packed (in bytes)
///
inline size_t pksizeof(const winstd::eap_type_t &val);
inline size_t pksizeof(_In_ const winstd::eap_type_t &val);
///
/// Unpacks an EAP method type
@@ -426,6 +448,39 @@ inline size_t pksizeof(_In_ const GUID &val);
///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ GUID &val);
///
/// Packs a EAP_METHOD_TYPE
///
/// \param[inout] cursor Memory cursor
/// \param[in] val Variable with data to pack
///
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const EAP_METHOD_TYPE &val);
///
/// Returns packed size of a EAP_METHOD_TYPE
///
/// \param[in] val Data to pack
///
/// \returns Size of data when packed (in bytes)
///
inline size_t pksizeof(_In_ const EAP_METHOD_TYPE &val);
///
/// Unpacks a EAP_METHOD_TYPE
///
/// \param[inout] cursor Memory cursor
/// \param[out] val Variable to receive unpacked value
///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ EAP_METHOD_TYPE &val);
/// @}
///
/// \defgroup EAPBaseConversion Data conversion
/// Data conversion
///
/// @{
#ifndef htonll
///
/// Converts an unsigned __int64 from host to TCP/IP network byte order.
@@ -438,7 +493,7 @@ inline unsigned __int64 htonll(unsigned __int64 val);
#endif
///
/// Converts an 24-bit integer from host to TCP/IP network byte order.
/// Converts a 24-bit integer from host to TCP/IP network byte order.
///
/// \param[in ] val A 24-bit unsigned number in host byte order
/// \param[out] out A 24-bit unsigned number in network byte order
@@ -446,7 +501,7 @@ inline unsigned __int64 htonll(unsigned __int64 val);
inline void hton24(_In_ unsigned int val, _Out_ unsigned char out[3]);
///
/// Converts an 24-bit integer from TCP/IP network to host byte order.
/// Converts a 24-bit integer from TCP/IP network to host byte order.
///
/// \param[in] val A 24-bit unsigned number in network byte order
///
@@ -454,13 +509,24 @@ inline void hton24(_In_ unsigned int val, _Out_ unsigned char out[3]);
///
inline unsigned int ntoh24(_In_ const unsigned char val[3]);
/// @}
#pragma once
namespace eap
{
/// \addtogroup EAPBaseStream
/// @{
///
/// Output BLOB cursor
///
struct cursor_out
{
///
/// Pointer to output data type
///
typedef unsigned char *ptr_type;
ptr_type ptr; ///< Pointer to first data unwritten
@@ -468,20 +534,32 @@ namespace eap
};
///
/// Input BLOB cursor
///
struct cursor_in
{
///
/// Pointer to input data type
///
typedef const unsigned char *ptr_type;
ptr_type ptr; ///< Pointer to first data unread
ptr_type ptr_end; ///< Pointer to the end of BLOB
};
/// @}
/// \addtogroup EAPBaseSanitizing
/// @{
#pragma pack(push)
#pragma pack(1)
template<size_t N>
struct __declspec(novtable) sanitizing_blob_f<N>
///
/// Sanitizing BLOB of fixed size
///
template<size_t N> struct WINSTD_NOVTABLE sanitizing_blob_f<N>
{
unsigned char data[N]; ///< BLOB data
@@ -604,8 +682,11 @@ namespace eap
}
};
template<size_t N>
struct __declspec(novtable) sanitizing_blob_zf<N> : sanitizing_blob_f<N>
///
/// Sanitizing BLOB of fixed size (zero initialized)
///
template<size_t N> struct WINSTD_NOVTABLE sanitizing_blob_zf<N> : sanitizing_blob_f<N>
{
///
/// Constructor
@@ -637,7 +718,17 @@ namespace eap
};
#pragma pack(pop)
/// @}
///
/// \defgroup EAPBaseDiameter Diameter
/// Diameter authentication protocol
///
/// @{
///
/// Diameter AVP flags
///
#pragma warning(suppress: 4480)
enum diameter_avp_flags_t : unsigned char {
diameter_avp_flag_vendor = 0x80, ///< Vendor-ID present
@@ -649,6 +740,9 @@ namespace eap
#pragma pack(push)
#pragma pack(1)
///
/// Diameter AVP header
///
struct diameter_avp_header
{
unsigned char code[4]; ///< AVP Code
@@ -657,6 +751,9 @@ namespace eap
};
///
/// Diameter AVP header with Vendor-ID
///
struct diameter_avp_header_ven : public diameter_avp_header
{
unsigned char vendor[4]; ///< Vendor-ID
@@ -664,57 +761,7 @@ namespace eap
#pragma pack(pop)
class packet
{
public:
///
/// Constructs an empty packet
///
packet();
///
/// Copies a packet
///
/// \param[in] other Packet to copy from
///
packet(_In_ const packet &other);
///
/// Moves a packet
///
/// \param[in] other Packet to move from
///
packet(_Inout_ packet &&other);
///
/// Copies a packet
///
/// \param[in] other Packet to copy from
///
/// \returns Reference to this object
///
packet& operator=(_In_ const packet &other);
///
/// Moves a packet
///
/// \param[in] other Packet to move from
///
/// \returns Reference to this object
///
packet& operator=(_Inout_ packet &&other);
///
/// Empty the packet
///
virtual void clear();
public:
EapCode m_code; ///< Packet code
unsigned char m_id; ///< Packet ID
sanitizing_blob m_data; ///< Packet data
};
/// @}
}
@@ -834,7 +881,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const std::basic_st
template<class _Elem, class _Traits, class _Ax>
inline size_t pksizeof(const std::basic_string<_Elem, _Traits, _Ax> &val)
inline size_t pksizeof(_In_ const std::basic_string<_Elem, _Traits, _Ax> &val)
{
return sizeof(_Elem)*(val.length() + 1);
}
@@ -855,13 +902,13 @@ template<class _Traits, class _Ax>
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const std::basic_string<wchar_t, _Traits, _Ax> &val)
{
std::string val_utf8;
WideCharToMultiByte(CP_UTF8, 0, val.c_str(), (int)val.length(), val_utf8, NULL, NULL);
WideCharToMultiByte(CP_UTF8, 0, val, val_utf8, NULL, NULL);
cursor << val_utf8;
}
template<class _Traits, class _Ax>
inline size_t pksizeof(const std::basic_string<wchar_t, _Traits, _Ax> &val)
inline size_t pksizeof(_In_ const std::basic_string<wchar_t, _Traits, _Ax> &val)
{
return sizeof(char)*(WideCharToMultiByte(CP_UTF8, 0, val.c_str(), (int)val.length(), NULL, 0, NULL, NULL) + 1);
}
@@ -872,7 +919,7 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ std::basic_string<w
{
std::string val_utf8;
cursor >> val_utf8;
MultiByteToWideChar(CP_UTF8, 0, val_utf8.c_str(), (int)val_utf8.length(), val);
MultiByteToWideChar(CP_UTF8, 0, val_utf8, val);
}
@@ -890,7 +937,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const std::vector<_
template<class _Ty, class _Ax>
inline size_t pksizeof(const std::vector<_Ty, _Ax> &val)
inline size_t pksizeof(_In_ const std::vector<_Ty, _Ax> &val)
{
// Since we do not know wheter vector elements are primitives or objects, iterate instead of sizeof().
// For performance critical vectors of flat opaque data types write specialized template instantiation.
@@ -934,7 +981,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const std::list<_Ty
template<class _Ty, class _Ax>
inline size_t pksizeof(const std::list<_Ty, _Ax> &val)
inline size_t pksizeof(_In_ const std::list<_Ty, _Ax> &val)
{
// Since we do not know wheter list elements are primitives or objects, iterate instead of sizeof().
// For performance critical vectors of flat opaque data types write specialized template instantiation.
@@ -973,7 +1020,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const std::unique_p
template<class _Ty, class _Dx>
inline size_t pksizeof(const std::unique_ptr<_Ty, _Dx> &val)
inline size_t pksizeof(_In_ const std::unique_ptr<_Ty, _Dx> &val)
{
return
val ?
@@ -999,7 +1046,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const winstd::cert_
}
inline size_t pksizeof(const winstd::cert_context &val)
inline size_t pksizeof(_In_ const winstd::cert_context &val)
{
return
val ?
@@ -1100,6 +1147,31 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ GUID &val)
}
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const EAP_METHOD_TYPE &val)
{
auto ptr_end = cursor.ptr + sizeof(EAP_METHOD_TYPE);
assert(ptr_end <= cursor.ptr_end);
memcpy(cursor.ptr, &val, sizeof(EAP_METHOD_TYPE));
cursor.ptr = ptr_end;
}
inline size_t pksizeof(_In_ const EAP_METHOD_TYPE &val)
{
UNREFERENCED_PARAMETER(val);
return sizeof(EAP_METHOD_TYPE);
}
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ EAP_METHOD_TYPE &val)
{
auto ptr_end = cursor.ptr + sizeof(EAP_METHOD_TYPE);
assert(ptr_end <= cursor.ptr_end);
memcpy(&val, cursor.ptr, sizeof(EAP_METHOD_TYPE));
cursor.ptr = ptr_end;
}
#ifndef htonll
inline unsigned __int64 htonll(unsigned __int64 val)

492
lib/EAPBase/include/EAPXML.h
View File

@@ -29,39 +29,531 @@
namespace eapxml
{
///
/// \defgroup EAPBaseXML XML DOM
/// Easy interaction with MSXML
///
/// @{
///
/// Returns owner document object for a given node
///
/// \param[in ] pXmlNode XML node
/// \param[out] ppXmlDoc XML document
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT get_document(_In_ IXMLDOMNode *pXmlNode, _Out_ winstd::com_obj<IXMLDOMDocument2> &ppXmlDoc);
///
/// Selects single child node by name
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrNodeName XML node selection name
/// \param[out] ppXmlNode Child XML node found
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT select_node(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrNodeName, _Out_ winstd::com_obj<IXMLDOMNode> &ppXmlNode);
///
/// Selects child nodes by name
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrNodeName XML node selection name
/// \param[out] ppXmlNodes List of child XML nodes found
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT select_nodes(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrNodeName, _Out_ winstd::com_obj<IXMLDOMNodeList> &ppXmlNodes);
///
/// Selects single child element by name
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrElementName XML element selection name
/// \param[out] ppXmlElement Child XML element found
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT select_element(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ winstd::com_obj<IXMLDOMElement> &ppXmlElement);
///
/// Creates a new element
///
/// \param[in ] pDoc Owner XML document
/// \param[in ] bstrElementName XML element name
/// \param[in ] bstrNamespace XML element namespace
/// \param[out] ppXmlElement XML element created
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT create_element(_In_ IXMLDOMDocument *pDoc, _In_z_ const BSTR bstrElementName, _In_z_ const BSTR bstrNamespace, _Out_ winstd::com_obj<IXMLDOMElement> &ppXmlElement);
///
/// Creates a new child element if not already present
///
/// \param[in ] pDoc Owner XML document
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrElementNameSelect XML element selection name
/// \param[in ] bstrElementNameCreate XML element name
/// \param[in ] bstrNamespace XML element namespace
/// \param[out] ppXmlElement XML element found or created
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT create_element(_In_ IXMLDOMDocument *pDoc, IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementNameSelect, _In_z_ const BSTR bstrElementNameCreate, _In_z_ const BSTR bstrNamespace, _Out_ winstd::com_obj<IXMLDOMElement> &ppXmlElement);
///
/// Tests if node has a parent set
///
/// \param[in] pXmlNode XML node
///
/// \returns
/// - Non zero when \p pXmlNode has a parent set;
/// - Zero otherwise.
///
inline bool has_parent(_In_ IXMLDOMNode *pXmlNode);
///
/// Returns child element text
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrElementName XML element selection name
/// \param[out] pbstrValue XML element text
/// \param[out] ppXmlElement Child XML element found
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ winstd::bstr &pbstrValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
///
/// Returns child element text
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrElementName XML element selection name
/// \param[out] sValue XML element text
/// \param[out] ppXmlElement Child XML element found
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
template<class _Traits, class _Ax> inline HRESULT get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &sValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
///
/// Returns child element text converted to number
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrElementName XML element selection name
/// \param[out] pdwValue XML element text converted to number
/// \param[out] ppXmlElement Child XML element found
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ DWORD &pdwValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
///
/// Returns child element text converted to boolean
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrElementName XML element selection name
/// \param[out] pbValue XML element text converted to boolean
/// \param[out] ppXmlElement Child XML element found
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ bool &pbValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
///
/// Returns child element BLOB encoded as Base64 text
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrElementName XML element selection name
/// \param[out] aValue XML element BLOB
/// \param[out] ppXmlElement Child XML element found
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
template<class _Ty, class _Ax> inline HRESULT get_element_base64(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::vector<_Ty, _Ax> &aValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
///
/// Returns child element BLOB encoded as hexadecimal text
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrElementName XML element selection name
/// \param[out] aValue XML element BLOB
/// \param[out] ppXmlElement Child XML element found
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
template<class _Ty, class _Ax> inline HRESULT get_element_hex(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::vector<_Ty, _Ax> &aValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
///
/// Returns child element localizable text
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrElementName XML element selection name
/// \param[in ] pszLang Desired localization
/// \param[out] pbstrValue XML element text
/// \param[out] ppXmlElement Child XML element found
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT get_element_localized(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _In_z_ LPCWSTR pszLang, _Out_ winstd::bstr &pbstrValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
///
/// Returns child element localizable text
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrElementName XML element selection name
/// \param[in ] pszLang Desired localization
/// \param[out] sValue XML element text
/// \param[out] ppXmlElement Child XML element found
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
template<class _Traits, class _Ax> inline HRESULT get_element_localized(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _In_z_ LPCWSTR pszLang, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &sValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
///
/// Creates a new child element
///
/// \param[in ] pDoc Owner XML document
/// \param[in ] pCurrentDOMNode Parent XML node
/// \param[in ] bstrElementName XML element name
/// \param[in ] bstrNamespace XML element namespace
/// \param[out] ppXmlElement XML element created
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT put_element(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _Out_ winstd::com_obj<IXMLDOMElement> &ppXmlElement);
///
/// Creates a new child element with text
///
/// \param[in ] pDoc Owner XML document
/// \param[in ] pCurrentDOMNode Parent XML node
/// \param[in ] bstrElementName XML element name
/// \param[in ] bstrNamespace XML element namespace
/// \param[in ] bstrValue XML element text
/// \param[out] ppXmlElement XML element created
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_z_ const BSTR bstrValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
///
/// Creates a new child element with text converted from number
///
/// \param[in ] pDoc Owner XML document
/// \param[in ] pCurrentDOMNode Parent XML node
/// \param[in ] bstrElementName XML element name
/// \param[in ] bstrNamespace XML element namespace
/// \param[in ] dwValue XML element number
/// \param[out] ppXmlElement XML element created
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_ DWORD dwValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
///
/// Creates a new child element with text converted from boolean
///
/// \param[in ] pDoc Owner XML document
/// \param[in ] pCurrentDOMNode Parent XML node
/// \param[in ] bstrElementName XML element name
/// \param[in ] bstrNamespace XML element namespace
/// \param[in ] bValue XML element boolean
/// \param[out] ppXmlElement XML element created
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_ bool bValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
///
/// Creates a new child element with Base64 encoded text from BLOB
///
/// \param[in ] pDoc Owner XML document
/// \param[in ] pCurrentDOMNode Parent XML node
/// \param[in ] bstrElementName XML element name
/// \param[in ] bstrNamespace XML element namespace
/// \param[in ] pValue Pointer to BLOB data
/// \param[in ] nValueLen Size of \p pValue in bytes
/// \param[out] ppXmlElement XML element created
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT put_element_base64(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_count_(nValueLen) LPCVOID pValue, _In_ SIZE_T nValueLen, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
///
/// Creates a new child element with hexadecimal encoded text from BLOB
///
/// \param[in ] pDoc Owner XML document
/// \param[in ] pCurrentDOMNode Parent XML node
/// \param[in ] bstrElementName XML element name
/// \param[in ] bstrNamespace XML element namespace
/// \param[in ] pValue Pointer to BLOB data
/// \param[in ] nValueLen Size of \p pValue in bytes
/// \param[out] ppXmlElement XML element created
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT put_element_hex(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_count_(nValueLen) LPCVOID pValue, _In_ SIZE_T nValueLen, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
///
/// Returns attribute text
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrAttributeName XML attribute selection name
/// \param[out] pbstrValue XML atribute value
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT get_attrib_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrAttributeName, _Out_ winstd::bstr &pbstrValue);
///
/// Returns attribute text
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrAttributeName XML attribute selection name
/// \param[out] sValue XML atribute value
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
template<class _Traits, class _Ax> inline HRESULT get_attrib_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrAttributeName, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &sValue);
///
/// Returns attribute text converted to number
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrAttributeName XML attribute selection name
/// \param[out] pdwValue XML atribute value
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT get_attrib_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrAttributeName, _Out_ DWORD &pdwValue);
///
/// Returns attribute text converted to boolean
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrAttributeName XML attribute selection name
/// \param[out] pbValue XML atribute value
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT get_attrib_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrAttributeName, _Out_ bool &pbValue);
///
/// Returns attribute BLOB converted from Base64 encoded text
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrAttributeName XML attribute selection name
/// \param[out] aValue XML atribute value
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
template<class _Ty, class _Ax> inline HRESULT get_attrib_base64(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrAttributeName, _Out_ std::vector<_Ty, _Ax> &aValue);
///
/// Returns attribute BLOB converted from hexadecimal encoded text
///
/// \param[in ] pXmlParent Parent XML node
/// \param[in ] bstrAttributeName XML attribute selection name
/// \param[out] aValue XML atribute value
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
template<class _Ty, class _Ax> inline HRESULT get_attrib_hex(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrAttributeName, _Out_ std::vector<_Ty, _Ax> &aValue);
///
/// Sets node attribute
///
/// \param[in ] pCurrentDOMNode Parent XML node
/// \param[in ] bstrAttributeName XML attribute name
/// \param[out] bstrValue XML atribute value
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT put_attrib_value(_In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrAttributeName, _In_opt_z_ _In_z_ const BSTR bstrValue);
///
/// Sets node attribute converted from number
///
/// \param[in ] pCurrentDOMNode Parent XML node
/// \param[in ] bstrAttributeName XML attribute name
/// \param[out] dwValue XML atribute value
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT put_attrib_value(_In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrAttributeName, _In_opt_z_ _In_ DWORD dwValue);
///
/// Sets node attribute converted from boolean
///
/// \param[in ] pCurrentDOMNode Parent XML node
/// \param[in ] bstrAttributeName XML attribute name
/// \param[out] bValue XML atribute value
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT put_attrib_value(_In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrAttributeName, _In_opt_z_ _In_ bool bValue);
///
/// Sets node attribute to Base64 encoded text from BLOB
///
/// \param[in ] pCurrentDOMNode Parent XML node
/// \param[in ] bstrAttributeName XML attribute name
/// \param[in ] pValue Pointer to BLOB data
/// \param[in ] nValueLen Size of \p pValue in bytes
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT put_attrib_base64(_In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrAttributeName, _In_opt_z_ _In_count_(nValueLen) LPCVOID pValue, _In_ SIZE_T nValueLen);
///
/// Sets node attribute to hexadecimal encoded text from BLOB
///
/// \param[in ] pCurrentDOMNode Parent XML node
/// \param[in ] bstrAttributeName XML attribute name
/// \param[in ] pValue Pointer to BLOB data
/// \param[in ] nValueLen Size of \p pValue in bytes
///
/// \returns
/// - >0 if succeeded with warnings;
/// - =0 (\c S_OK) if successful;
/// - <0 if failed.
/// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
///
inline HRESULT put_attrib_hex(_In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrAttributeName, _In_count_(nValueLen) LPCVOID pValue, _In_ SIZE_T nValueLen);
///
/// Builds XPath for a given node
///
/// \param[in] pXmlNode XML node
///
/// \returns String with XPath for a given node up to node terminal parent
///
inline std::wstring get_xpath(_In_ IXMLDOMNode *pXmlNode);
/// @}
}
#pragma once

294
lib/EAPBase/include/Method.h
View File

@@ -20,15 +20,9 @@
namespace eap
{
///
/// EAP and non-EAP method base class
///
class method;
///
/// Non-EAP method base class
///
class method_noneap;
class method_tunnel;
class method_eap;
}
#pragma once
@@ -49,37 +43,44 @@ extern "C" {
namespace eap
{
///
/// \defgroup EAPBaseMethod Methods
/// Methods
///
/// @{
///
/// Method base class
///
class method
{
WINSTD_NONCOPYABLE(method)
public:
///
/// Constructs an EAP method
/// Constructs a method
///
/// \param[in] mod EAP module to use for global services
/// \param[in] cfg Method configuration
/// \param[in] cred User credentials
/// \param[in] mod Module to use for global services
///
method(_In_ module &module, _In_ config_method &cfg, _In_ credentials &cred);
method(_In_ module &mod);
///
/// Moves an EAP method
/// Moves a method
///
/// \param[in] other EAP method to move from
/// \param[in] other Method to move from
///
method(_Inout_ method &&other);
///
/// Moves an EAP method
/// Moves a method
///
/// \param[in] other EAP method to move from
/// \param[in] other Method to move from
///
/// \returns Reference to this object
///
method& operator=(_Inout_ method &&other);
/// \name Packet processing
/// \name Session management
/// @{
///
@@ -87,6 +88,11 @@ namespace eap
///
/// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
///
/// \param[in] dwFlags A combination of EAP flags that describe the new EAP authentication session behavior.
/// \param[in] pAttributeArray A pointer to an array structure that specifies the EAP attributes of the entity to authenticate.
/// \param[in] hTokenImpersonateUser Specifies a handle to the user impersonation token to use in this session.
/// \param[in] dwMaxSendPacketSize Specifies the maximum size in bytes of an EAP packet sent during the session. If the method needs to send a packet larger than the maximum size, the method must accommodate fragmentation and reassembly.
///
virtual void begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
@@ -100,111 +106,271 @@ namespace eap
///
virtual void end_session();
/// @}
/// \name Packet processing
/// @{
///
/// Processes a packet received by EapHost from a supplicant.
///
/// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
///
virtual void process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize,
_Out_ EapPeerMethodOutput *pEapOutput) = 0;
/// \param[in] pReceivedPacket Received packet data
/// \param[in] dwReceivedPacketSize \p pReceivedPacket size in bytes
///
/// \returns Action peer wants EapHost to do next.
///
virtual EapPeerMethodResponseAction process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize) = 0;
///
/// Obtains a response packet from the EAP method.
///
/// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
///
/// \param[out] packet Response packet
/// \param[in] size_max The maximum size in bytes \p packet must not exceed. If the method needs to send a packet larger than the maximum size, the method must accommodate fragmentation and reassembly.
///
virtual void get_response_packet(
_Inout_bytecap_(*dwSendPacketSize) void *pSendPacket,
_Inout_ DWORD *pdwSendPacketSize) = 0;
_Out_ sanitizing_blob &packet,
_In_opt_ DWORD size_max = MAXDWORD) = 0;
/// @}
///
/// Obtains the result of an authentication session from the EAP method.
///
/// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
///
/// \param[in ] reason The reason code for the authentication result returned in \p pResult.
/// \param[out] pResult A pointer to a structure that contains the authentication results.
///
virtual void get_result(
_In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *pResult);
_In_ EapPeerMethodResultReason reason,
_Out_ EapPeerMethodResult *pResult);
/// \name User Interaction
/// @{
///
/// Obtains the user interface context from the EAP method.
///
/// \note This function is always followed by the `EapPeerInvokeInteractiveUI()` function, which is followed by the `EapPeerSetUIContext()` function.
///
/// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx)
///
/// \param[out] ppUIContextData A pointer to an address that contains a byte buffer with the supplicant user interface context data from EAPHost.
/// \param[out] pdwUIContextDataSize A pointer to a value that specifies the size of the user interface context data byte buffer returned in \p ppUIContextData.
///
virtual void get_ui_context(
_Out_ BYTE **ppUIContextData,
_Out_ DWORD *pdwUIContextDataSize);
///
/// Provides a user interface context to the EAP method.
///
/// \note This function is called after the UI has been raised through the `EapPeerGetUIContext()` function.
///
/// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx)
///
/// \param[in] pUIContextData A pointer to an address that contains a byte buffer with the new supplicant UI context data to set on EAPHost.
/// \param[in] dwUIContextDataSize \p pUIContextData size in bytes
///
/// \returns Action peer wants EapHost to do next.
///
virtual EapPeerMethodResponseAction set_ui_context(
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
_In_ DWORD dwUIContextDataSize);
/// @}
/// \name EAP Response Attributes
/// @{
///
/// Obtains an array of EAP response attributes from the EAP method.
///
/// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx)
///
/// \param[out] pAttribs A pointer to a structure that contains an array of EAP authentication response attributes for the supplicant.
///
virtual void get_response_attributes(_Out_ EapAttributes *pAttribs);
///
/// Provides an updated array of EAP response attributes to the EAP method.
///
/// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx)
///
/// \param[in] pAttribs A pointer to a structure that contains an array of new EAP authentication response attributes to set for the supplicant on EAPHost.
///
/// \returns Action peer wants EapHost to do next.
///
virtual EapPeerMethodResponseAction set_response_attributes(_In_ const EapAttributes *pAttribs);
/// @}
public:
module &m_module; ///< EAP module
config_method &m_cfg; ///< Connection configuration
credentials &m_cred; ///< User credentials
std::vector<winstd::eap_attr> m_eap_attr; ///< EAP attributes
module &m_module; ///< Module for global services
};
class method_noneap : public method
///
/// Tunnel method base class
///
/// This is a base class for all the methods that encapsulate inner methods to provide stacking framework.
///
class method_tunnel : public method
{
WINSTD_NONCOPYABLE(method_noneap)
WINSTD_NONCOPYABLE(method_tunnel)
public:
///
/// Constructs an EAP method
/// Constructs a method
///
/// \param[in] mod EAP module to use for global services
/// \param[in] cfg Method configuration
/// \param[in] cred User credentials
/// \param[in] mod Module to use for global services
/// \param[in] inner Inner method
///
method_noneap(_In_ module &module, _In_ config_method &cfg, _In_ credentials &cred);
method_tunnel(_In_ module &mod, _In_ method *inner);
///
/// Moves an EAP method
/// Moves a method
///
/// \param[in] other EAP method to move from
/// \param[in] other Method to move from
///
method_noneap(_Inout_ method_noneap &&other);
method_tunnel(_Inout_ method_tunnel &&other);
///
/// Moves an EAP method
/// Moves a method
///
/// \param[in] other EAP method to move from
/// \param[in] other Method to move from
///
/// \returns Reference to this object
///
method_noneap& operator=(_Inout_ method_noneap &&other);
method_tunnel& operator=(_Inout_ method_tunnel &&other);
/// \name Session management
/// @{
virtual void begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize = MAXDWORD);
virtual void end_session();
/// @}
/// \name Packet processing
/// @{
///
/// Obtains a response packet from the EAP method.
///
/// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
///
virtual EapPeerMethodResponseAction process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize);
virtual void get_response_packet(
_Inout_bytecap_(*dwSendPacketSize) void *pSendPacket,
_Inout_ DWORD *pdwSendPacketSize);
_Out_ sanitizing_blob &packet,
_In_opt_ DWORD size_max = MAXDWORD);
/// @}
virtual void get_result(
_In_ EapPeerMethodResultReason reason,
_Out_ EapPeerMethodResult *pResult);
/// \name User Interaction
/// @{
virtual void get_ui_context(
_Out_ BYTE **ppUIContextData,
_Out_ DWORD *pdwUIContextDataSize);
virtual EapPeerMethodResponseAction set_ui_context(
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
_In_ DWORD dwUIContextDataSize);
/// @}
/// \name EAP Response Attributes
/// @{
virtual void get_response_attributes(_Out_ EapAttributes *pAttribs);
virtual EapPeerMethodResponseAction set_response_attributes(_In_ const EapAttributes *pAttribs);
/// @}
protected:
std::unique_ptr<method> m_inner; ///< Inner method
};
///
/// EAP tunnel method
///
/// This method encapsulates inner data in EAP packets.
///
class method_eap : public method_tunnel
{
WINSTD_NONCOPYABLE(method_eap)
public:
///
/// Appends Diameter AVP to response packet
/// Constructs a method
///
/// \param[in] code AVP code
/// \param[in] flags AVP flags
/// \param[in] data AVP data (<16777212B)
/// \param[in] size Size of \p data in bytes
/// \param[in] mod Module to use for global services
/// \param[in] eap_method EAP method type
/// \param[in] inner Inner method
///
void append_avp(_In_ unsigned int code, _In_ unsigned char flags, _In_bytecount_(size) const void *data, _In_ unsigned int size);
method_eap(_In_ module &mod, _In_ winstd::eap_type_t eap_method, _In_ method *inner);
///
/// Appends Diameter AVP to response packet
/// Moves a method
///
/// \param[in] code AVP code
/// \param[in] vendor_id Vendor-ID
/// \param[in] flags AVP flags
/// \param[in] data AVP data (<16777212B)
/// \param[in] size Size of \p data in bytes
/// \param[in] other Method to move from
///
void append_avp(_In_ unsigned int code, _In_ unsigned int vendor_id, _In_ unsigned char flags, _In_bytecount_(size) const void *data, _In_ unsigned int size);
method_eap(_Inout_ method_eap &&other);
///
/// Moves a method
///
/// \param[in] other Method to move from
///
/// \returns Reference to this object
///
method_eap& operator=(_Inout_ method_eap &&other);
/// \name Session management
/// @{
virtual void begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize = MAXDWORD);
/// @}
/// \name Packet processing
/// @{
virtual EapPeerMethodResponseAction process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize);
virtual void get_response_packet(
_Out_ sanitizing_blob &packet,
_In_opt_ DWORD size_max = MAXDWORD);
/// @}
protected:
sanitizing_blob m_packet_res; ///< Response packet
const winstd::eap_type_t m_eap_method; ///< EAP method type
unsigned char m_id; ///< Request packet ID
bool m_send_nak; ///< Are we sending Legacy Nak response?
};
/// @}
}

220
lib/EAPBase/include/Module.h
View File

@@ -20,18 +20,7 @@
namespace eap
{
///
/// EAP module base class
///
/// Provides basic services to EAP methods.
///
class module;
///
/// EAP peer base class
///
/// A group of methods all EAP peers must or should implement.
///
class peer;
}
@@ -58,6 +47,17 @@ extern "C" {
namespace eap
{
///
/// \defgroup EAPBaseModule Modules
/// Modules
///
/// @{
///
/// EAP module base class
///
/// Provides basic services to EAP methods.
///
class module
{
WINSTD_NONCOPYABLE(module)
@@ -88,6 +88,11 @@ namespace eap
///
EAP_ERROR* make_error(_In_ std::exception &err) const;
///
/// Allocate a EAP_ERROR and fill it according to another EAP_ERROR
///
EAP_ERROR* make_error(_In_ const EAP_ERROR *err) const;
///
/// Allocate BLOB
///
@@ -104,7 +109,9 @@ namespace eap
void free_error_memory(_In_ EAP_ERROR *err);
///
/// Makes a new method config
/// Makes a new method configuration
///
/// \returns New method configuration
///
virtual config_method* make_config_method();
@@ -129,6 +136,7 @@ namespace eap
/// Writes EAPMETHOD_TRACE_EVT_FN_CALL and returns auto event writer class
///
/// \param[in] pszFnName Function name
/// \param[in] result Reference to function return variable
///
/// \returns A new auto event writer that writes EAPMETHOD_TRACE_EVT_FN_RETURN_DWORD event on destruction
///
@@ -223,9 +231,13 @@ namespace eap
///
/// If \c _DEBUG is set the value is masked.
///
/// \param[in] name Variable name
/// \param[in] value Variable value
///
inline void log_config_discrete(_In_z_ LPCWSTR name, _In_z_ LPCWSTR value) const
{
#ifdef _DEBUG
#ifdef __DANGEROUS__LOG_CONFIDENTIAL_DATA
#pragma message (__FILE__ "(" STRING(__LINE__) "): Warning: !!! DANGER !!! Passwords and certificates will be logged as a clear-text. Please, consider undefining __DANGEROUS__LOG_CONFIDENTIAL_DATA.")
log_config(name, value);
#else
log_config(name, value ? value[0] ? L"********" : L"" : NULL);
@@ -237,9 +249,14 @@ namespace eap
///
/// If \c _DEBUG is set the value is masked.
///
/// \param[in] name Variable name
/// \param[in] data Variable data
/// \param[in] size \p data size in bytes
///
inline void log_config_discrete(_In_z_ LPCWSTR name, _In_bytecount_(size) const void *data, _In_ ULONG size) const
{
#ifdef _DEBUG
#ifdef __DANGEROUS__LOG_CONFIDENTIAL_DATA
#pragma message (__FILE__ "(" STRING(__LINE__) "): Warning: !!! DANGER !!! Passwords and certificates will be logged as a clear-text. Please, consider undefining __DANGEROUS__LOG_CONFIDENTIAL_DATA.")
log_config(name, data, size);
#else
log_config(name, data ? size ? L"********" : L"" : NULL);
@@ -249,6 +266,8 @@ namespace eap
///
/// Logs event
///
/// \param[in] EventDescriptor Event descriptor
///
inline void log_event(_In_ PCEVENT_DESCRIPTOR EventDescriptor, ...) const
{
va_list arg;
@@ -268,7 +287,6 @@ namespace eap
/// \param[in ] hProv Handle of cryptographics provider
/// \param[in ] data Pointer to data to encrypt
/// \param[in ] size Size of \p data in bytes
/// \param[out] enc Encrypted data
/// \param[out] hHash Handle of hashing object
///
/// \returns Encrypted data
@@ -305,7 +323,7 @@ namespace eap
std::vector<unsigned char> encrypt(_In_ HCRYPTPROV hProv, _In_ const std::basic_string<wchar_t, _Traits, _Ax> &val, _Out_opt_ HCRYPTHASH hHash = NULL) const
{
winstd::sanitizing_string val_utf8;
WideCharToMultiByte(CP_UTF8, 0, val.c_str(), (int)val.length(), val_utf8, NULL, NULL);
WideCharToMultiByte(CP_UTF8, 0, val, val_utf8, NULL, NULL);
return encrypt(hProv, val_utf8, hHash);
}
@@ -349,7 +367,7 @@ namespace eap
std::vector<unsigned char> encrypt_md5(_In_ HCRYPTPROV hProv, _In_ const std::basic_string<wchar_t, _Traits, _Ax> &val) const
{
winstd::sanitizing_string val_utf8;
WideCharToMultiByte(CP_UTF8, 0, val.c_str(), (int)val.length(), val_utf8, NULL, NULL);
WideCharToMultiByte(CP_UTF8, 0, val, val_utf8, NULL, NULL);
return encrypt_md5(hProv, val_utf8);
}
@@ -430,7 +448,7 @@ namespace eap
{
winstd::sanitizing_string buf(std::move(decrypt_str(hProv, data, size, hHash)));
std::basic_string<wchar_t, _Traits, _Ax> dec;
MultiByteToWideChar(CP_UTF8, 0, buf.data(), (int)buf.size(), dec);
MultiByteToWideChar(CP_UTF8, 0, buf, dec);
return dec;
}
@@ -502,7 +520,7 @@ namespace eap
{
winstd::sanitizing_string buf(std::move(decrypt_str_md5<char, std::char_traits<char>, sanitizing_allocator<char> >(hProv, data, size)));
std::basic_string<wchar_t, _Traits, _Ax> dec;
MultiByteToWideChar(CP_UTF8, 0, buf.data(), (int)buf.size(), dec);
MultiByteToWideChar(CP_UTF8, 0, buf, dec);
return dec;
}
@@ -517,11 +535,6 @@ namespace eap
/// \param[inout] record Object to unpack to
/// \param[in ] pDataIn Pointer to encrypted BLOB
/// \param[in ] dwDataInSize Size of \p pDataIn
/// \param[out ] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
///
/// \returns
/// - \c true if succeeded
/// - \c false otherwise. See \p ppEapError for details.
///
template<class T>
void unpack(
@@ -610,6 +623,11 @@ namespace eap
};
///
/// EAP peer base class
///
/// A group of methods all EAP peers must or should implement.
///
class peer : public module
{
WINSTD_NONCOPYABLE(peer)
@@ -641,23 +659,43 @@ namespace eap
///
/// \sa [EapPeerGetIdentity function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363607.aspx)
///
/// \param[in ] dwFlags A combination of EAP flags that describe the EAP authentication session behavior.
/// \param[in ] pConnectionData Connection data used for the EAP method. If set to \c NULL, the static property of the method, as configured in the registry, is returned.
/// \param[in ] dwConnectionDataSize The size, in bytes, of the connection data buffer provided in \p pConnectionData.
/// \param[in ] pUserData A pointer to a byte buffer that contains the opaque user data BLOB. This parameter can be \c NULL.
/// \param[in ] dwUserDataSize The size, in bytes, of the user data buffer provided in \p pUserData.
/// \param[out] ppUserDataOut A pointer to a pointer to the returned user data. The data is passed to \p EapPeerBeginSession() as input \p pUserData.
/// \param[out] pdwUserDataOutSize Specifies the size, in bytes, of the \p ppUserDataOut buffer.
/// \param[in ] hTokenImpersonateUser A handle to the user impersonation token to use in this session.
/// \param[out] pfInvokeUI Returns \c TRUE if the user identity and user data blob aren't returned successfully, and the method seeks to collect the information from the user through the user interface dialog.
/// \param[out] ppwszIdentity A pointer to the returned user identity. The pointer will be included in the identity response packet and returned to the server.
///
virtual void get_identity(
_In_ DWORD dwFlags,
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
_In_ DWORD dwConnectionDataSize,
_In_count_(dwUserDataSize) const BYTE *pUserData,
_In_ DWORD dwUserDataSize,
_Inout_ BYTE **ppUserDataOut,
_Inout_ DWORD *pdwUserDataOutSize,
_Out_ BYTE **ppUserDataOut,
_Out_ DWORD *pdwUserDataOutSize,
_In_ HANDLE hTokenImpersonateUser,
_Inout_ BOOL *pfInvokeUI,
_Inout_ WCHAR **ppwszIdentity) = 0;
_Out_ BOOL *pfInvokeUI,
_Out_ WCHAR **ppwszIdentity) = 0;
///
/// Defines the implementation of an EAP method-specific function that retrieves the properties of an EAP method given the connection and user data.
///
/// \sa [EapPeerGetMethodProperties function](https://msdn.microsoft.com/en-us/library/windows/desktop/hh706636.aspx)
///
/// \param[in ] dwVersion The version number of the API.
/// \param[in ] dwFlags A combination of EAP flags that describe the EAP authentication session behavior.
/// \param[in ] hUserImpersonationToken A handle to the user impersonation token to use in this session.
/// \param[in ] pConnectionData Connection data used for the EAP method. If set to \c NULL, the static property of the method, as configured in the registry, is returned.
/// \param[in ] dwConnectionDataSize The size, in bytes, of the connection data buffer provided in \p pConnectionData.
/// \param[in ] pUserData A pointer to a byte buffer that contains the opaque user data BLOB. This parameter can be \c NULL.
/// \param[in ] dwUserDataSize The size, in bytes, of the user data buffer provided in \p pUserData.
/// \param[out] pMethodPropertyArray A pointer to the method properties array. Caller should free the inner pointers using `EapHostPeerFreeMemory()` starting at the innermost pointer. The caller should free an \c empvtString value only when the type is \c empvtString.
///
virtual void get_method_properties(
_In_ DWORD dwVersion,
_In_ DWORD dwFlags,
@@ -666,72 +704,107 @@ namespace eap
_In_ DWORD dwConnectionDataSize,
_In_count_(dwUserDataSize) const BYTE *pUserData,
_In_ DWORD dwUserDataSize,
_Inout_ EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray) = 0;
_Out_ EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray) = 0;
///
/// Converts XML into the configuration BLOB. The XML based credentials can come from group policy or from a system administrator.
///
/// \sa [EapPeerCredentialsXml2Blob function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363603.aspx)
///
/// \param[in ] dwFlags A combination of EAP flags that describe the EAP authentication session behavior.
/// \param[in ] pConfigRoot A pointer to an XML node that contains credentials, which are either user or machine credentials depending on the configuration passed in. The XML document is created with the EapHostUserCredentials Schema.
/// \param[in ] dwConnectionDataSize The size of the EAP SSO configuration data pointed to by \p pConnectionData, in bytes.
/// \param[in ] pConnectionData A pointer to an opaque byte buffer that contains the EAP SSO configuration data BLOB.
/// \param[out] ppCredentialsOut A pointer to the byte buffer that receives the credentials BLOB buffer generated by the input XML. The buffer can is of size \p pdwCredentialsOutSize. After consuming the data, this memory must be freed by calling `EapPeerFreeMemory()`.
/// \param[out] pdwCredentialsOutSize The size, in bytes, of the buffer pointed to by \p ppCredentialsOut.
///
virtual void credentials_xml2blob(
_In_ DWORD dwFlags,
_In_ IXMLDOMNode *pConfigRoot,
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
_In_ DWORD dwConnectionDataSize,
_Inout_ BYTE **ppCredentialsOut,
_Inout_ DWORD *pdwCredentialsOutSize) = 0;
_Out_ BYTE **ppCredentialsOut,
_Out_ DWORD *pdwCredentialsOutSize) = 0;
///
/// Defines the implementation of an EAP method-specific function that obtains the EAP Single-Sign-On (SSO) credential input fields for an EAP method.
///
/// \sa [EapPeerQueryCredentialInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363622.aspx)
///
/// \param[in ] hUserImpersonationToken An impersonation token for the user whose credentials are to be requested and obtained.
/// \param[in ] dwFlags A combination of EAP flags that describe the EAP authentication session behavior.
/// \param[in ] dwConnectionDataSize The size of the EAP SSO configuration data pointed to by \p pConnectionData, in bytes.
/// \param[in ] pConnectionData A pointer to an opaque byte buffer that contains the EAP SSO configuration data BLOB.
/// \param[out] pEapConfigInputFieldsArray A Pointer to a structure that contains the input fields to display to the supplicant user. The `pwszData` fields in the individual `EAP_CONFIG_INPUT_FIELD_DATA` elements are initialized to \c NULL.
///
virtual void query_credential_input_fields(
_In_ HANDLE hUserImpersonationToken,
_In_ DWORD dwFlags,
_In_ DWORD dwConnectionDataSize,
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
_Inout_ EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray) const;
_Out_ EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray) const;
///
/// Defines the implementation of an EAP method function that obtains the user BLOB data provided in an interactive Single-Sign-On (SSO) UI raised on the supplicant.
///
/// \sa [EapPeerQueryUserBlobFromCredentialInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb204697.aspx)
///
/// \param[in ] hUserImpersonationToken An impersonation token for the user whose credentials are to be requested and obtained.
/// \param[in ] dwFlags A combination of EAP flags that describe the EAP authentication session behavior.
/// \param[in ] dwConnectionDataSize The size of the EAP SSO configuration data pointed to by \p pConnectionData, in bytes.
/// \param[in ] pConnectionData A pointer to an opaque byte buffer that contains the EAP SSO configuration data BLOB.
/// \param[in ] pEapConfigInputFieldArray A pointer to a structure that contains the input fields to display to the supplicant user. The `pwszData` fields in the individual `EAP_CONFIG_INPUT_FIELD_DATA` elements are initialized to \c NULL.
/// \param[out] pdwUsersBlobSize A pointer to a buffer that contains the size, in bytes, of the opaque user configuration data BLOB in \p ppUserBlob.
/// \param[out] ppUserBlob A pointer that contains the opaque user data BLOB.
///
virtual void query_user_blob_from_credential_input_fields(
_In_ HANDLE hUserImpersonationToken,
_In_ DWORD dwFlags,
_In_ DWORD dwConnectionDataSize,
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
_In_ const EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldArray,
_Inout_ DWORD *pdwUsersBlobSize,
_Inout_ BYTE **ppUserBlob) const;
_Out_ DWORD *pdwUsersBlobSize,
_Out_ BYTE **ppUserBlob) const;
///
/// Defines the implementation of an EAP method API that provides the input fields for interactive UI components to be raised on the supplicant.
///
/// \sa [EapPeerQueryInteractiveUIInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb204695.aspx)
///
/// \param[in ] dwVersion The version number of the API.
/// \param[in ] dwFlags A combination of EAP flags that describe the EAP authentication session behavior.
/// \param[in ] dwUIContextDataSize The size of the context data in \p pUIContextData, in bytes.
/// \param[in ] pUIContextData A pointer to a BLOB that contains UI context data, represented as inner pointers to field data. The supplicant obtained these inner pointers from EAPHost run-time APIs.
/// \param[out] pEapInteractiveUIData Pointer that receives a structure that contains configuration information for interactive UI components raised on an EAP supplicant.
///
virtual void query_interactive_ui_input_fields(
_In_ DWORD dwVersion,
_In_ DWORD dwFlags,
_In_ DWORD dwUIContextDataSize,
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
_Inout_ EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData) const;
_Out_ EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData) const;
///
/// Converts user information into a user BLOB that can be consumed by EapHost run-time functions.
///
/// \sa [EapPeerQueryUIBlobFromInteractiveUIInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb204696.aspx)
///
/// \param[in ] dwVersion The version number of the API.
/// \param[in ] dwFlags A combination of EAP flags that describe the EAP authentication session behavior.
/// \param[in ] dwUIContextDataSize The size of the context data in \p pUIContextData, in bytes.
/// \param[in ] pUIContextData A pointer to a BLOB that contains UI context data, represented as inner pointers to field data. The supplicant obtained these inner pointers from EAPHost run-time APIs.
/// \param[in ] pEapInteractiveUIData Pointer with a structure that contains configuration information for interactive user interface components raised on an EAP supplicant.
/// \param[out] pdwDataFromInteractiveUISize A pointer to a `DWORD` that specifies the size of the buffer pointed to by the \p ppDataFromInteractiveUI parameter, in bytes. If this value is not set to \c 0, then a pointer to a buffer of the size specified in this parameter must be supplied in the \p ppDataFromInteractiveUI parameter.
/// \param[out] ppDataFromInteractiveUI A pointer that receives a credentials BLOB that can be used in authentication. The caller should free the inner pointers using the function \p EapPeerFreeMemory(), starting at the innermost pointer. If a non-NULL value is supplied for this parameter, meaning that an existing data BLOB is passed to it, the supplied data BLOB will be updated and returned in this parameter.
///
virtual void query_ui_blob_from_interactive_ui_input_fields(
_In_ DWORD dwVersion,
_In_ DWORD dwFlags,
_In_ DWORD dwUIContextDataSize,
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
_In_ const EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData,
_Inout_ DWORD *pdwDataFromInteractiveUISize,
_Inout_ BYTE **ppDataFromInteractiveUI) const;
_Out_ DWORD *pdwDataFromInteractiveUISize,
_Out_ BYTE **ppDataFromInteractiveUI) const;
/// \name Session management
/// @{
@@ -741,6 +814,15 @@ namespace eap
///
/// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
///
/// \param[in] dwFlags A combination of EAP flags that describe the new EAP authentication session behavior.
/// \param[in] pAttributeArray A pointer to an array structure that specifies the EAP attributes of the entity to authenticate.
/// \param[in] hTokenImpersonateUser Specifies a handle to the user impersonation token to use in this session.
/// \param[in] pConnectionData Connection data specific to this method used to decide the user data returned from this API, where the user data depends on certain connection data configuration. When this parameter is NULL the method implementation should use default values for connection.
/// \param[in] dwConnectionDataSize Specifies the size, in bytes, of the connection data buffer provided in \p pConnectionData.
/// \param[in] pUserData A pointer to a byte buffer that contains the opaque user data BLOB.
/// \param[in] dwUserDataSize Specifies the size in bytes of the user data buffer provided in \p pUserData.
/// \param[in] dwMaxSendPacketSize Specifies the maximum size in bytes of an EAP packet sent during the session. If the method needs to send a packet larger than the maximum size, the method must accommodate fragmentation and reassembly.
///
/// \returns Session handle
///
virtual EAP_SESSION_HANDLE begin_session(
@@ -758,13 +840,25 @@ namespace eap
///
/// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx)
///
/// \param[in] hSession A unique handle for this EAP authentication session on the EAPHost server. This handle is returned in the \p pSessionHandle parameter in a previous call to `EapPeerBeginSession()`.
///
virtual void end_session(_In_ EAP_SESSION_HANDLE hSession) = 0;
/// @}
/// \name Packet processing
/// @{
///
/// Processes a packet received by EapHost from a supplicant.
///
/// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
///
/// \param[in] hSession A unique handle for this EAP authentication session on the EAPHost server. This handle is returned in the \p pSessionHandle parameter in a previous call to `EapPeerBeginSession()`.
/// \param[in] pReceivedPacket Received packet data
/// \param[in] dwReceivedPacketSize \p pReceivedPacket size in bytes
/// \param[in] pEapOutput A pointer to a structure that contains the output of the packet process operation.
///
virtual void process_request_packet(
_In_ EAP_SESSION_HANDLE hSession,
_In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket,
@@ -776,20 +870,33 @@ namespace eap
///
/// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
///
/// \param[in ] hSession A unique handle for this EAP authentication session on the EAPHost server. This handle is returned in the \p pSessionHandle parameter in a previous call to `EapPeerBeginSession()`.
/// \param[inout] pSendPacket A pointer to a structure that contains the response packet.
/// \param[inout] pdwSendPacketSize A pointer to a value that contains the size in bytes of the buffer allocated for the response packet. On return, this parameter receives a pointer to the actual size in bytes of \p pSendPacket.
///
virtual void get_response_packet(
_In_ EAP_SESSION_HANDLE hSession,
_Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket,
_Inout_ DWORD *pdwSendPacketSize) = 0;
/// @}
///
/// Obtains the result of an authentication session from the EAP method.
///
/// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
///
/// \param[in ] hSession A unique handle for this EAP authentication session on the EAPHost server. This handle is returned in the \p pSessionHandle parameter in a previous call to `EapPeerBeginSession()`.
/// \param[in ] reason The reason code for the authentication result returned in \p pResult.
/// \param[out] pResult A pointer to a structure that contains the authentication results.
///
virtual void get_result(
_In_ EAP_SESSION_HANDLE hSession,
_In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *pResult) = 0;
_In_ EAP_SESSION_HANDLE hSession,
_In_ EapPeerMethodResultReason reason,
_Out_ EapPeerMethodResult *pResult) = 0;
/// \name User Interaction
/// @{
///
/// Obtains the user interface context from the EAP method.
@@ -798,10 +905,14 @@ namespace eap
///
/// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx)
///
/// \param[in ] hSession A unique handle for this EAP authentication session on the EAPHost server. This handle is returned in the \p pSessionHandle parameter in a previous call to `EapPeerBeginSession()`.
/// \param[out] ppUIContextData A pointer to an address that contains a byte buffer with the supplicant user interface context data from EAPHost.
/// \param[out] pdwUIContextDataSize A pointer to a value that specifies the size of the user interface context data byte buffer returned in \p ppUIContextData.
///
virtual void get_ui_context(
_In_ EAP_SESSION_HANDLE hSession,
_Inout_ BYTE **ppUIContextData,
_Inout_ DWORD *pdwUIContextDataSize) = 0;
_In_ EAP_SESSION_HANDLE hSession,
_Out_ BYTE **ppUIContextData,
_Out_ DWORD *pdwUIContextDataSize) = 0;
///
/// Provides a user interface context to the EAP method.
@@ -810,26 +921,43 @@ namespace eap
///
/// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx)
///
/// \param[in] hSession A unique handle for this EAP authentication session on the EAPHost server. This handle is returned in the \p pSessionHandle parameter in a previous call to `EapPeerBeginSession()`.
/// \param[in] pUIContextData A pointer to an address that contains a byte buffer with the new supplicant UI context data to set on EAPHost.
/// \param[in] dwUIContextDataSize \p pUIContextData size in bytes
/// \param[in] pEapOutput A pointer to a structure that contains the output of the packet process operation.
///
virtual void set_ui_context(
_In_ EAP_SESSION_HANDLE hSession,
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
_In_ DWORD dwUIContextDataSize,
_Out_ EapPeerMethodOutput *pEapOutput) = 0;
/// @}
/// \name EAP Response Attributes
/// @{
///
/// Obtains an array of EAP response attributes from the EAP method.
///
/// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx)
///
/// \param[in ] hSession A unique handle for this EAP authentication session on the EAPHost server. This handle is returned in the \p pSessionHandle parameter in a previous call to `EapPeerBeginSession()`.
/// \param[out] pAttribs A pointer to a structure that contains an array of EAP authentication response attributes for the supplicant.
///
virtual void get_response_attributes(
_In_ EAP_SESSION_HANDLE hSession,
_Inout_ EapAttributes *pAttribs) = 0;
_In_ EAP_SESSION_HANDLE hSession,
_Out_ EapAttributes *pAttribs) = 0;
///
/// Provides an updated array of EAP response attributes to the EAP method.
///
/// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx)
///
/// \param[in] hSession A unique handle for this EAP authentication session on the EAPHost server. This handle is returned in the \p pSessionHandle parameter in a previous call to `EapPeerBeginSession()`.
/// \param[in] pAttribs A pointer to a structure that contains an array of new EAP authentication response attributes to set for the supplicant on EAPHost.
/// \param[in] pEapOutput A pointer to a structure that contains the output of the packet process operation.
///
virtual void set_response_attributes(
_In_ EAP_SESSION_HANDLE hSession,
_In_ const EapAttributes *pAttribs,
@@ -837,4 +965,6 @@ namespace eap
/// @}
};
/// @}
}

48
lib/EAPBase/src/Credentials.cpp
View File

@@ -251,7 +251,7 @@ void eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p
switch (m_enc_alg) {
case enc_alg_kph: {
sanitizing_string password_utf8;
WideCharToMultiByte(CP_UTF8, 0, m_password.c_str(), -1, password_utf8, NULL, NULL);
WideCharToMultiByte(CP_UTF8, 0, m_password, password_utf8, NULL, NULL);
wstring password_enc(std::move(kph_encrypt<wchar_t, char_traits<wchar_t>, allocator<wchar_t> >(cp, password_utf8.c_str())));
com_obj<IXMLDOMElement> pXmlElPassword;
if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), namespace_eapmetadata, bstr(password_enc), std::addressof(pXmlElPassword))))
@@ -308,7 +308,7 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
} else if (encryption && CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, encryption, encryption.length(), _L("KPH"), -1, NULL, NULL, 0) == CSTR_EQUAL) {
// Decrypt password.
sanitizing_string password_utf8(std::move(kph_decrypt<OLECHAR>(password)));
MultiByteToWideChar(CP_UTF8, 0, password_utf8.c_str(), -1, m_password);
MultiByteToWideChar(CP_UTF8, 0, password_utf8, m_password);
m_enc_alg = enc_alg_kph;
} else if (encryption && encryption[0]) {
// Encryption is defined but unrecognized.
@@ -354,13 +354,13 @@ void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned in
// Convert password to UTF-8.
sanitizing_string cred_utf8;
WideCharToMultiByte(CP_UTF8, 0, m_password.c_str(), (int)m_password.length(), cred_utf8, NULL, NULL);
WideCharToMultiByte(CP_UTF8, 0, m_password, cred_utf8, NULL, NULL);
// Encrypt the password using user's key.
DATA_BLOB cred_blob = { (DWORD)cred_utf8.size() , const_cast<LPBYTE>(reinterpret_cast<LPCBYTE>(cred_utf8.data())) };
DATA_BLOB entropy_blob = { sizeof(s_entropy), const_cast<LPBYTE>( s_entropy ) };
data_blob cred_enc;
if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc))
if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_AUDIT, &cred_enc))
throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
tstring target(target_name(pszTargetName, level));
@@ -425,32 +425,40 @@ LPCTSTR eap::credentials_pass::target_suffix() const
eap::credentials::source_t eap::credentials_pass::combine(
_In_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName)
_In_ DWORD dwFlags,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName)
{
UNREFERENCED_PARAMETER(dwFlags);
if (cred_cached) {
// Using EAP service cached credentials.
*this = *dynamic_cast<const credentials_pass*>(cred_cached);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data(pszTargetName), event_data::blank);
return source_cache;
}
if (cfg.m_use_cred) {
auto cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
if (cfg_with_cred && cfg_with_cred->m_use_cred) {
// Using configured credentials.
*this = *dynamic_cast<const credentials_pass*>(cfg.m_cred.get());
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank);
*this = *dynamic_cast<const credentials_pass*>(cfg_with_cred->m_cred.get());
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data(pszTargetName), event_data::blank);
return source_config;
}
if (pszTargetName) {
// Switch user context.
user_impersonator impersonating(hTokenImpersonateUser);
try {
credentials_pass cred_loaded(m_module);
cred_loaded.retrieve(pszTargetName, cfg.m_level);
// Using stored credentials.
*this = std::move(cred_loaded);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data(pszTargetName), event_data::blank);
return source_storage;
} catch (...) {
// Not actually an error.
@@ -461,6 +469,7 @@ eap::credentials::source_t eap::credentials_pass::combine(
}
/// \cond internal
const unsigned char eap::credentials_pass::s_entropy[1024] = {
0x40, 0x88, 0xd3, 0x13, 0x81, 0x8a, 0xf6, 0x74, 0x55, 0x8e, 0xcc, 0x73, 0x2c, 0xf8, 0x93, 0x37,
0x4f, 0xeb, 0x1d, 0x66, 0xb7, 0xfb, 0x47, 0x75, 0xb4, 0xfd, 0x07, 0xbb, 0xf6, 0xb3, 0x05, 0x30,
@@ -527,6 +536,7 @@ const unsigned char eap::credentials_pass::s_entropy[1024] = {
0x30, 0x29, 0x39, 0x9a, 0xd6, 0xab, 0x2e, 0xc6, 0x42, 0x47, 0x5e, 0x54, 0xbb, 0x90, 0xe6, 0x98,
0xe6, 0x52, 0x58, 0x58, 0x1e, 0xd0, 0x00, 0x9c, 0x8f, 0x4a, 0x17, 0x7e, 0x8a, 0x5a, 0xef, 0x3e,
};
/// \endcond
//////////////////////////////////////////////////////////////////////
@@ -650,14 +660,13 @@ void eap::credentials_connection::load(_In_ IXMLDOMNode *pConfigRoot)
if (match(*cfg_prov)) {
// Matching provider found. Create matching blank credential set, then load.
if (cfg_prov->m_methods.empty())
throw invalid_argument(string_printf(__FUNCTION__ " %ls provider has no methods.", cfg_prov->get_id().c_str()).c_str());
const config_method_with_cred *cfg_method = dynamic_cast<const config_method_with_cred*>(cfg_prov->m_methods.front().get());
m_cred.reset(cfg_method->make_credentials());
throw invalid_argument(string_printf(__FUNCTION__ " %ls provider has no methods.", cfg_prov->get_id().c_str()));
m_cred.reset(cfg_prov->m_methods.front().get()->make_credentials());
m_cred->load(pXmlElClientSideCredential);
break;
}
} else
throw invalid_argument(string_printf(__FUNCTION__ " Credentials do not match to any provider within this connection configuration (provider: %ls).", get_id().c_str()).c_str());
throw invalid_argument(string_printf(__FUNCTION__ " Credentials do not match to any provider within this connection configuration (provider: %ls).", get_id().c_str()));
}
}
@@ -693,14 +702,13 @@ void eap::credentials_connection::operator>>(_Inout_ cursor_in &cursor)
if (match(*cfg_prov)) {
// Matching provider found. Create matching blank credential set, then read.
if (cfg_prov->m_methods.empty())
throw invalid_argument(string_printf(__FUNCTION__ " %ls provider has no methods.", cfg_prov->get_id().c_str()).c_str());
const config_method_with_cred *cfg_method = dynamic_cast<const config_method_with_cred*>(cfg_prov->m_methods.front().get());
m_cred.reset(cfg_method->make_credentials());
throw invalid_argument(string_printf(__FUNCTION__ " %ls provider has no methods.", cfg_prov->get_id().c_str()));
m_cred.reset(cfg_prov->m_methods.front().get()->make_credentials());
cursor >> *m_cred;
break;
}
} else
throw invalid_argument(string_printf(__FUNCTION__ " Credentials do not match to any provider within this connection configuration (provider: %ls).", get_id().c_str()).c_str());
throw invalid_argument(string_printf(__FUNCTION__ " Credentials do not match to any provider within this connection configuration (provider: %ls).", get_id().c_str()));
}
}

109
lib/EAPBase/src/EAP.cpp
View File

@@ -25,59 +25,72 @@ using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::packet
// eap::diameter_avp_append
//////////////////////////////////////////////////////////////////////
eap::packet::packet() :
m_code((EapCode)0),
m_id(0)
void eap::diameter_avp_append(
_In_ unsigned int code,
_In_ unsigned char flags,
_In_bytecount_(size) const void *data,
_In_ unsigned int size,
_Inout_ sanitizing_blob &packet)
{
unsigned int
padding = (unsigned int)((4 - size) % 4),
size_outer;
packet.reserve(
packet.size() +
(size_outer =
sizeof(diameter_avp_header) + // Diameter header
size) + // Data
padding); // Data padding
// Diameter AVP header
diameter_avp_header hdr;
*reinterpret_cast<unsigned int*>(hdr.code) = htonl(code);
hdr.flags = flags;
hton24(size_outer, hdr.length);
packet.insert(packet.end(), reinterpret_cast<const unsigned char*>(&hdr), reinterpret_cast<const unsigned char*>(&hdr + 1));
// Data
packet.insert(packet.end(), reinterpret_cast<const unsigned char*>(data), reinterpret_cast<const unsigned char*>(data) + size);
packet.insert(packet.end(), padding, 0);
}
eap::packet::packet(_In_ const packet &other) :
m_code(other.m_code),
m_id (other.m_id ),
m_data(other.m_data)
//////////////////////////////////////////////////////////////////////
// eap::diameter_avp_append
//////////////////////////////////////////////////////////////////////
void eap::diameter_avp_append(
_In_ unsigned int code,
_In_ unsigned int vendor_id,
_In_ unsigned char flags,
_In_bytecount_(size) const void *data,
_In_ unsigned int size,
_Inout_ sanitizing_blob &packet)
{
}
eap::packet::packet(_Inout_ packet &&other) :
m_code(std::move(other.m_code)),
m_id (std::move(other.m_id )),
m_data(std::move(other.m_data))
{
}
eap::packet& eap::packet::operator=(_In_ const packet &other)
{
if (this != std::addressof(other)) {
m_code = other.m_code;
m_id = other.m_id ;
m_data = other.m_data;
}
return *this;
}
eap::packet& eap::packet::operator=(_Inout_ packet &&other)
{
if (this != std::addressof(other)) {
m_code = std::move(other.m_code);
m_id = std::move(other.m_id );
m_data = std::move(other.m_data);
}
return *this;
}
void eap::packet::clear()
{
m_code = (EapCode)0;
m_id = 0;
m_data.clear();
unsigned int
padding = (unsigned int)((4 - size) % 4),
size_outer;
packet.reserve(
packet.size() +
(size_outer =
sizeof(diameter_avp_header_ven) + // Diameter header
size) + // Data
padding); // Data padding
// Diameter AVP header
diameter_avp_header_ven hdr;
*reinterpret_cast<unsigned int*>(hdr.code) = htonl(code);
hdr.flags = flags | diameter_avp_flag_vendor;
hton24(size_outer, hdr.length);
*reinterpret_cast<unsigned int*>(hdr.vendor) = htonl(vendor_id);
packet.insert(packet.end(), reinterpret_cast<const unsigned char*>(&hdr), reinterpret_cast<const unsigned char*>(&hdr + 1));
// Data
packet.insert(packet.end(), reinterpret_cast<const unsigned char*>(data), reinterpret_cast<const unsigned char*>(data) + size);
packet.insert(packet.end(), padding, 0);
}

346
lib/EAPBase/src/Method.cpp
View File

@@ -28,19 +28,14 @@ using namespace winstd;
// eap::method
//////////////////////////////////////////////////////////////////////
eap::method::method(_In_ module &module, _In_ config_method &cfg, _In_ credentials &cred) :
m_module(module),
m_cfg(cfg),
m_cred(cred)
eap::method::method(_In_ module &mod) :
m_module(mod)
{
}
eap::method::method(_Inout_ method &&other) :
m_module ( other.m_module ),
m_cfg ( other.m_cfg ),
m_cred ( other.m_cred ),
m_eap_attr(std::move(other.m_eap_attr))
m_module(other.m_module)
{
}
@@ -49,9 +44,6 @@ eap::method& eap::method::operator=(_Inout_ method &&other)
{
if (this != std::addressof(other)) {
assert(std::addressof(m_module) == std::addressof(other.m_module)); // Move method within same module only!
assert(std::addressof(m_cfg ) == std::addressof(other.m_cfg )); // Move method with same configuration only!
assert(std::addressof(m_cred ) == std::addressof(other.m_cred )); // Move method with same credentials only!
m_eap_attr = std::move(other.m_eap_attr);
}
return *this;
@@ -68,11 +60,6 @@ void eap::method::begin_session(
UNREFERENCED_PARAMETER(pAttributeArray);
UNREFERENCED_PARAMETER(hTokenImpersonateUser);
UNREFERENCED_PARAMETER(dwMaxSendPacketSize);
// Presume authentication will fail with generic protocol failure. (Pesimist!!!)
// We will reset once we get get_result(Success) call.
m_cfg.m_last_status = config_method::status_auth_failed;
m_cfg.m_last_msg.clear();
}
@@ -85,123 +72,286 @@ void eap::method::get_result(
_In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *pResult)
{
assert(pResult);
UNREFERENCED_PARAMETER(reason);
UNREFERENCED_PARAMETER(pResult);
}
switch (reason) {
case EapPeerMethodResultSuccess: {
m_module.log_event(&EAPMETHOD_METHOD_SUCCESS, event_data((unsigned int)m_cfg.get_method_id()), event_data::blank);
m_cfg.m_last_status = config_method::status_success;
break;
}
case EapPeerMethodResultFailure:
m_module.log_event(&EAPMETHOD_METHOD_FAILURE_ERROR2, event_data((unsigned int)m_cfg.get_method_id()), event_data((unsigned int)m_cfg.m_last_status), event_data::blank);
break;
void eap::method::get_ui_context(
_Out_ BYTE **ppUIContextData,
_Out_ DWORD *pdwUIContextDataSize)
{
assert(ppUIContextData);
assert(pdwUIContextDataSize);
default:
throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
}
// Default implementation returns blank context data.
*ppUIContextData = NULL;
*pdwUIContextDataSize = 0;
}
// Always ask EAP host to save the connection data. And it will save it *only* when we report "success".
// Don't worry. EapHost is well aware of failed authentication condition.
pResult->fSaveConnectionData = TRUE;
pResult->fIsSuccess = TRUE;
EapPeerMethodResponseAction eap::method::set_ui_context(
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
_In_ DWORD dwUIContextDataSize)
{
UNREFERENCED_PARAMETER(pUIContextData);
UNREFERENCED_PARAMETER(dwUIContextDataSize);
// Default implementation does nothing with context data.
return EapPeerMethodResponseActionNone;
}
void eap::method::get_response_attributes(_Inout_ EapAttributes *pAttribs)
{
assert(pAttribs);
// Default implementation returns no EAP attributes.
pAttribs->dwNumberOfAttributes = 0;
pAttribs->pAttribs = NULL;
}
EapPeerMethodResponseAction eap::method::set_response_attributes(_In_ const EapAttributes *pAttribs)
{
UNREFERENCED_PARAMETER(pAttribs);
// Default implementation does nothing with EAP attributes.
return EapPeerMethodResponseActionNone;
}
//////////////////////////////////////////////////////////////////////
// eap::method_noneap
// eap::method_tunnel
//////////////////////////////////////////////////////////////////////
eap::method_noneap::method_noneap(_In_ module &module, _In_ config_method &cfg, _In_ credentials &cred) : method(module, cfg, cred)
eap::method_tunnel::method_tunnel(_In_ module &mod, _In_ method *inner) :
m_inner(inner),
method(mod)
{
}
eap::method_noneap::method_noneap(_Inout_ method_noneap &&other) :
m_packet_res(std::move(other.m_packet_res)),
method (std::move(other ))
eap::method_tunnel::method_tunnel(_Inout_ method_tunnel &&other) :
m_inner(std::move(other.m_inner)),
method (std::move(other ))
{
}
eap::method_noneap& eap::method_noneap::operator=(_Inout_ method_noneap &&other)
eap::method_tunnel& eap::method_tunnel::operator=(_Inout_ method_tunnel &&other)
{
if (this != std::addressof(other)) {
assert(std::addressof(m_cred) == std::addressof(other.m_cred)); // Move method with same credentials only!
(method&)*this = std::move(other );
m_packet_res = std::move(other.m_packet_res);
(method&)*this = std::move(other );
m_inner = std::move(other.m_inner);
}
return *this;
}
void eap::method_noneap::get_response_packet(
_Inout_bytecap_(*dwSendPacketSize) void *pSendPacket,
_Inout_ DWORD *pdwSendPacketSize)
void eap::method_tunnel::begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize)
{
assert(pdwSendPacketSize);
assert(pSendPacket);
method::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
size_t size_packet = m_packet_res.size();
if (size_packet > *pdwSendPacketSize)
throw invalid_argument(string_printf(__FUNCTION__ " This method does not support packet fragmentation, but the data size is too big to fit in one packet (packet: %u, maximum: %u).", size_packet, *pdwSendPacketSize).c_str());
memcpy(pSendPacket, m_packet_res.data(), size_packet);
*pdwSendPacketSize = (DWORD)size_packet;
m_packet_res.clear();
assert(m_inner);
m_inner->begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
}
void eap::method_noneap::append_avp(_In_ unsigned int code, _In_ unsigned char flags, _In_bytecount_(size) const void *data, _In_ unsigned int size)
void eap::method_tunnel::end_session()
{
unsigned int
padding = (unsigned int)((4 - size) % 4),
size_outer;
assert(m_inner);
m_inner->end_session();
m_packet_res.reserve(
m_packet_res.size() +
(size_outer =
sizeof(diameter_avp_header) + // Diameter header
size) + // Data
padding); // Data padding
// Diameter AVP header
diameter_avp_header hdr;
*reinterpret_cast<unsigned int*>(hdr.code) = htonl(code);
hdr.flags = flags;
hton24(size_outer, hdr.length);
m_packet_res.insert(m_packet_res.end(), reinterpret_cast<const unsigned char*>(&hdr), reinterpret_cast<const unsigned char*>(&hdr + 1));
// Data
m_packet_res.insert(m_packet_res.end(), reinterpret_cast<const unsigned char*>(data), reinterpret_cast<const unsigned char*>(data) + size);
m_packet_res.insert(m_packet_res.end(), padding, 0);
method::end_session();
}
void eap::method_noneap::append_avp(_In_ unsigned int code, _In_ unsigned int vendor_id, _In_ unsigned char flags, _In_bytecount_(size) const void *data, _In_ unsigned int size)
EapPeerMethodResponseAction eap::method_tunnel::process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize)
{
unsigned int
padding = (unsigned int)((4 - size) % 4),
size_outer;
m_packet_res.reserve(
m_packet_res.size() +
(size_outer =
sizeof(diameter_avp_header_ven) + // Diameter header
size) + // Data
padding); // Data padding
// Diameter AVP header
diameter_avp_header_ven hdr;
*reinterpret_cast<unsigned int*>(hdr.code) = htonl(code);
hdr.flags = flags | diameter_avp_flag_vendor;
hton24(size_outer, hdr.length);
*reinterpret_cast<unsigned int*>(hdr.vendor) = htonl(vendor_id);
m_packet_res.insert(m_packet_res.end(), reinterpret_cast<const unsigned char*>(&hdr), reinterpret_cast<const unsigned char*>(&hdr + 1));
// Data
m_packet_res.insert(m_packet_res.end(), reinterpret_cast<const unsigned char*>(data), reinterpret_cast<const unsigned char*>(data) + size);
m_packet_res.insert(m_packet_res.end(), padding, 0);
assert(m_inner);
return m_inner->process_request_packet(pReceivedPacket, dwReceivedPacketSize);
}
void eap::method_tunnel::get_response_packet(
_Out_ sanitizing_blob &packet,
_In_opt_ DWORD size_max)
{
assert(m_inner);
m_inner->get_response_packet(packet, size_max);
}
void eap::method_tunnel::get_result(
_In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *pResult)
{
assert(m_inner);
m_inner->get_result(reason, pResult);
}
void eap::method_tunnel::get_ui_context(
_Out_ BYTE **ppUIContextData,
_Out_ DWORD *pdwUIContextDataSize)
{
assert(m_inner);
m_inner->get_ui_context(ppUIContextData, pdwUIContextDataSize);
}
EapPeerMethodResponseAction eap::method_tunnel::set_ui_context(
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
_In_ DWORD dwUIContextDataSize)
{
assert(m_inner);
return m_inner->set_ui_context(pUIContextData, dwUIContextDataSize);
}
void eap::method_tunnel::get_response_attributes(_Inout_ EapAttributes *pAttribs)
{
assert(m_inner);
m_inner->get_response_attributes(pAttribs);
}
EapPeerMethodResponseAction eap::method_tunnel::set_response_attributes(_In_ const EapAttributes *pAttribs)
{
assert(m_inner);
return m_inner->set_response_attributes(pAttribs);
}
//////////////////////////////////////////////////////////////////////
// eap::method_eap
//////////////////////////////////////////////////////////////////////
eap::method_eap::method_eap(_In_ module &mod, _In_ winstd::eap_type_t eap_method, _In_ method *inner) :
m_eap_method(eap_method),
m_id(0),
m_send_nak(false),
method_tunnel(mod, inner)
{
}
eap::method_eap::method_eap(_Inout_ method_eap &&other) :
m_eap_method (std::move(other.m_eap_method)),
m_id (std::move(other.m_id )),
m_send_nak (std::move(other.m_send_nak )),
method_tunnel(std::move(other ))
{
}
eap::method_eap& eap::method_eap::operator=(_Inout_ method_eap &&other)
{
if (this != std::addressof(other)) {
assert(m_eap_method == other.m_eap_method); // Move method within same EAP method type only!
(method_tunnel&)*this = std::move(other );
m_id = std::move(other.m_id );
m_send_nak = std::move(other.m_send_nak);
}
return *this;
}
void eap::method_eap::begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize)
{
// Initialize tunnel method session only.
method::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
// Inner method can generate packets of up to 64kB (less the EAP packet header).
// Initialize inner method with appropriately less packet size maximum.
if (dwMaxSendPacketSize < sizeof(EapPacket))
throw invalid_argument(string_printf(__FUNCTION__ " Maximum packet size too small (minimum: %u, available: %u).", sizeof(EapPacket) + 1, dwMaxSendPacketSize));
assert(m_inner);
m_inner->begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, std::min<DWORD>(dwMaxSendPacketSize, MAXWORD) - sizeof(EapPacket));
}
EapPeerMethodResponseAction eap::method_eap::process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize)
{
assert(dwReceivedPacketSize >= sizeof(EapPacket)); // Request packet should contain an EAP packet header at least.
auto hdr = reinterpret_cast<const EapPacket*>(pReceivedPacket);
// This must be an EAP-Request packet.
if (hdr->Code != EapCodeRequest)
throw invalid_argument(string_printf(__FUNCTION__ " Unknown EAP packet received (expected: %u, received: %u).", EapCodeRequest, (int)hdr->Code));
// Check packet size.
DWORD size_packet = ntohs(*reinterpret_cast<const unsigned short*>(hdr->Length));
if (size_packet > dwReceivedPacketSize)
throw invalid_argument(string_printf(__FUNCTION__ " Incorrect EAP packet length (expected: %uB, received: %uB).", size_packet, dwReceivedPacketSize));
// Save request packet ID to make matching response packet in get_response_packet() later.
m_id = hdr->Id;
if (hdr->Data[0] != m_eap_method) {
// Unsupported EAP method. Respond with Legacy Nak.
m_send_nak = true;
return EapPeerMethodResponseActionSend;
} else {
// Process the data with underlying method.
m_send_nak = false;
return method_tunnel::process_request_packet(hdr->Data + 1, size_packet - sizeof(EapPacket));
}
}
void eap::method_eap::get_response_packet(
_Out_ sanitizing_blob &packet,
_In_opt_ DWORD size_max)
{
assert(size_max >= sizeof(EapPacket)); // We should be able to respond with at least an EAP packet header.
if (size_max > MAXWORD) size_max = MAXWORD; // EAP packets maximum size is 64kB.
// Prepare EAP packet header.
EapPacket hdr;
hdr.Code = (BYTE)EapCodeResponse;
hdr.Id = m_id;
if (!m_send_nak) {
hdr.Data[0] = m_eap_method;
packet.reserve(size_max); // To avoid reallocation when inserting EAP packet header later.
// Get data from underlying method.
method_tunnel::get_response_packet(packet, size_max - sizeof(EapPacket));
} else {
// Respond with Legacy Nak suggesting our EAP method to continue.
hdr.Data[0] = eap_type_nak;
// Check packet size. We will suggest one EAP method alone, so we need one byte for data.
size_t size_packet = sizeof(EapPacket) + 1;
if (size_packet > size_max)
throw invalid_argument(string_printf(__FUNCTION__ " This method does not support packet fragmentation, but the data size is too big to fit in one packet (packet: %u, maximum: %u).", size_packet, size_max));
packet.reserve(size_packet); // To avoid reallocation when inserting EAP packet header later.
// Data of Legacy Nak packet is a list of supported EAP types: our method alone.
packet.assign(1, m_eap_method);
}
size_t size_packet = packet.size() + sizeof(EapPacket);
assert(size_packet <= MAXWORD); // Packets spanning over 64kB are not supported.
*reinterpret_cast<unsigned short*>(hdr.Length) = htons((unsigned short)size_packet);
// Insert EAP packet header before data.
packet.insert(packet.begin(), reinterpret_cast<const unsigned char*>(&hdr), reinterpret_cast<const unsigned char*>(&hdr + 1));
}

31
lib/EAPBase/src/Module.cpp
View File

@@ -90,6 +90,12 @@ EAP_ERROR* eap::module::make_error(_In_ std::exception &err) const
wstring what;
MultiByteToWideChar(CP_ACP, 0, err.what(), -1, what);
{
eap_runtime_error *e = dynamic_cast<eap_runtime_error*>(&err);
if (e)
return make_error(e->number(), e->root_cause(), e->repair(), e->reason(), &e->root_cause_id(), &e->repair_id(), &e->help_link_id());
}
{
win_runtime_error *e = dynamic_cast<win_runtime_error*>(&err);
if (e)
@@ -122,6 +128,19 @@ EAP_ERROR* eap::module::make_error(_In_ std::exception &err) const
}
EAP_ERROR* eap::module::make_error(_In_ const EAP_ERROR *err) const
{
return make_error(
err->dwWinError,
err->pRootCauseString,
err->pRepairString,
err->dwReasonCode,
&(err->rootCauseGuid),
&(err->repairGuid),
&(err->helpLinkGuid));
}
BYTE* eap::module::alloc_memory(_In_ size_t size)
{
BYTE *p = (BYTE*)HeapAlloc(m_heap, 0, size);
@@ -251,7 +270,7 @@ void eap::peer::query_credential_input_fields(
_In_ DWORD dwFlags,
_In_ DWORD dwConnectionDataSize,
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
_Inout_ EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray) const
_Out_ EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray) const
{
UNREFERENCED_PARAMETER(hUserImpersonationToken);
UNREFERENCED_PARAMETER(dwFlags);
@@ -269,8 +288,8 @@ void eap::peer::query_user_blob_from_credential_input_fields(
_In_ DWORD dwConnectionDataSize,
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
_In_ const EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldArray,
_Inout_ DWORD *pdwUsersBlobSize,
_Inout_ BYTE **ppUserBlob) const
_Out_ DWORD *pdwUsersBlobSize,
_Out_ BYTE **ppUserBlob) const
{
UNREFERENCED_PARAMETER(hUserImpersonationToken);
UNREFERENCED_PARAMETER(dwFlags);
@@ -289,7 +308,7 @@ void eap::peer::query_interactive_ui_input_fields(
_In_ DWORD dwFlags,
_In_ DWORD dwUIContextDataSize,
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
_Inout_ EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData) const
_Out_ EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData) const
{
UNREFERENCED_PARAMETER(dwVersion);
UNREFERENCED_PARAMETER(dwFlags);
@@ -307,8 +326,8 @@ void eap::peer::query_ui_blob_from_interactive_ui_input_fields(
_In_ DWORD dwUIContextDataSize,
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
_In_ const EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData,
_Inout_ DWORD *pdwDataFromInteractiveUISize,
_Inout_ BYTE **ppDataFromInteractiveUI) const
_Out_ DWORD *pdwDataFromInteractiveUISize,
_Out_ BYTE **ppDataFromInteractiveUI) const
{
UNREFERENCED_PARAMETER(dwVersion);
UNREFERENCED_PARAMETER(dwFlags);

306
lib/EAPBase_UI/include/EAP_UI.h
View File

@@ -27,94 +27,75 @@
#include <Windows.h>
///
/// Reusable EAP dialog banner for `wxEAPConfigDialog` and `wxEAPCredentialsDialog`
///
class wxEAPBannerPanel;
///
/// EAP top-most configuration dialog
///
template <class _wxT> class wxEAPConfigDialog;
///
/// EAP general-use dialog
///
class wxEAPGeneralDialog;
///
/// EAP method credential dialog
///
class wxEAPCredentialsDialog;
///
/// EAP connection credential dialog
///
class wxEAPCredentialsConnectionDialog;
///
/// EAP general note
///
class wxEAPNotePanel;
///
/// EAP provider-locked congifuration note
///
class wxEAPProviderLockedPanel;
///
/// EAP credential warning note
///
class wxEAPCredentialWarningPanel;
///
/// EAP Configuration window
///
#ifdef __DANGEROUS__LOG_CONFIDENTIAL_DATA
class wxEAPCredentialLogWarningPanel;
#endif
class wxEAPConfigWindow;
///
/// EAP provider contact info config panel
///
class wxEAPProviderContactInfoPanel;
///
/// EAP provider identity config panel
///
class wxEAPProviderIDPanel;
///
/// EAP provider configuration dialog
///
class wxEAPConfigProvider;
///
/// Base template for credential configuration panel
///
template <class _Tcred, class _wxT> class wxEAPCredentialsConfigPanel;
///
/// Helper template for all credential entry panels
///
template <class _Tcred, class _Tbase> class wxEAPCredentialsPanel;
template <class _Tcred, class _Tbase> class wxPasswordCredentialsPanel;
class wxEAPProviderSelectDialog;
///
/// Generic password credential entry panel
/// \defgroup EAPBaseGUI GUI
/// Graphical User Interface
///
template <class _Tcred, class _Tbase> class wxPasswordCredentialsPanel;
/// @{
///
/// Loads icon from resource
///
/// When icon of desired \p cx × \p cy dimensions is not found, the most appropriate variant (larger if available) is loaded and scaled to \p cx × \p cy.
///
/// \sa [LoadIconWithScaleDown function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb775703.aspx)
///
/// \param[in] hinst Resource module instance handle
/// \param[in] pszName Resource name (`MAKEINTRESOURCE()` macro can be used for numerical resources)
/// \param[in] cx Desired width of the icon
/// \param[in] cy Desired height of the icon
///
/// \returns
/// - Loaded icon when successful;
/// - \c wxNullIcon otherwise.
///
inline wxIcon wxLoadIconFromResource(HINSTANCE hinst, PCWSTR pszName, int cx = GetSystemMetrics(SM_CXICON), int cy = GetSystemMetrics(SM_CYICON));
///
/// Loads icon from resource
///
/// When icon of desired \p size dimensions is not found, the most appropriate variant (larger if available) is loaded and scaled to \p size.
///
/// \sa [LoadIconWithScaleDown function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb775703.aspx)
///
/// \param[in] hinst Resource module instance handle
/// \param[in] pszName Resource name (`MAKEINTRESOURCE()` macro can be used for numerical resources)
/// \param[in] size Desired width and height of the icon
///
/// \returns
/// - Loaded icon when successful;
/// - \c wxNullIcon otherwise.
///
inline wxIcon wxLoadIconFromResource(HINSTANCE hinst, PCWSTR pszName, const wxSize &size);
///
/// Returns GUI displayable provider name
///
/// \param[in] id Provider name
///
/// \returns
/// - \p id when \p id is not blank;
/// - localized "<Your Organization>" otherwise.
///
inline wxString wxEAPGetProviderName(const std::wstring &id);
///
@@ -122,12 +103,10 @@ inline wxString wxEAPGetProviderName(const std::wstring &id);
///
inline void wxInitializeConfig();
/// @}
namespace eap
{
///
/// Base class to prevent multiple instances of the same dialog
///
class monitor_ui;
}
@@ -151,13 +130,20 @@ namespace eap
#include <list>
#include <memory>
/// \addtogroup EAPBaseGUI
/// @{
///
/// Reusable EAP dialog banner for `wxEAPConfigDialog` and `wxEAPCredentialsDialog`
///
class wxEAPBannerPanel : public wxEAPBannerPanelBase
{
public:
///
/// Constructs a banner pannel and set the title text to product name
///
/// \param[in] parent Parent window
///
wxEAPBannerPanel(wxWindow* parent);
protected:
@@ -167,6 +153,9 @@ protected:
};
///
/// EAP top-most configuration dialog template
///
template <class _wxT>
class wxEAPConfigDialog : public wxEAPConfigDialogBase
{
@@ -326,12 +315,22 @@ protected:
};
///
/// EAP general-use dialog
///
class wxEAPGeneralDialog : public wxEAPGeneralDialogBase
{
public:
///
/// Constructs a dialog
///
/// \param[in] parent Parent window
/// \param[in] id An identifier for the dialog. A value of \c wxID_ANY is taken to mean a default.
/// \param[in] title The title of the dialog
/// \param[in] pos The dialog position. The value \c wxDefaultPosition indicates a default position, chosen by either the windowing system or wxWidgets, depending on platform.
/// \param[in] size The dialog size. The value \c wxDefaultSize indicates a default size, chosen by either the windowing system or wxWidgets, depending on platform.
/// \param[in] style The window style.
///
wxEAPGeneralDialog(wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = wxEmptyString, const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
///
@@ -351,6 +350,9 @@ protected:
};
///
/// EAP method credential dialog
///
class wxEAPCredentialsDialog : public wxEAPGeneralDialog
{
public:
@@ -361,21 +363,41 @@ public:
};
class wxEAPCredentialsConnectionDialog : public wxEAPCredentialsConnectionDialogBase
///
/// EAP provider select dialog
///
class wxEAPProviderSelectDialog : public wxEAPProviderSelectDialogBase
{
public:
///
/// Constructs a credential dialog
/// Constructs a provider select dialog
///
wxEAPCredentialsConnectionDialog(wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = _("EAP Credentials"), const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
/// \param[inout] cfg Connection configuration
/// \param[in] parent Parent window
///
wxEAPProviderSelectDialog(eap::config_connection &cfg, wxWindow* parent);
///
/// Returns pointer to selected provider or NULL if no provider is selected.
///
inline eap::config_provider* GetSelection() const
{
return m_selected;
}
protected:
/// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event);
virtual void OnProvSelect(wxCommandEvent& event);
/// \endcond
protected:
eap::config_provider* m_selected; ///< Pointer to selected provider (or NULL if none selected).
};
///
/// EAP general note
///
class wxEAPNotePanel : public wxEAPNotePanelBase
{
public:
@@ -415,16 +437,19 @@ protected:
/// \endcond
protected:
wxStaticText *m_provider_notice;
wxStaticText *m_help_web_label;
wxHyperlinkCtrl *m_help_web_value;
wxStaticText *m_help_email_label;
wxHyperlinkCtrl *m_help_email_value;
wxStaticText *m_help_phone_label;
wxHyperlinkCtrl *m_help_phone_value;
wxStaticText *m_provider_notice; ///< Identity provider notice
wxStaticText *m_help_web_label; ///< Helpdesk URL label
wxHyperlinkCtrl *m_help_web_value; ///< Helpdesk URL
wxStaticText *m_help_email_label; ///< Helpdesk e-mail label
wxHyperlinkCtrl *m_help_email_value; ///< Helpdesk e-mail
wxStaticText *m_help_phone_label; ///< Helpdesk phone number label
wxHyperlinkCtrl *m_help_phone_value; ///< Helpdesk phone number
};
///
/// EAP provider-locked congifuration note
///
class wxEAPProviderLockedPanel : public wxEAPNotePanel
{
public:
@@ -435,6 +460,9 @@ public:
};
///
/// EAP credential warning note
///
class wxEAPCredentialWarningPanel : public wxEAPNotePanel
{
public:
@@ -445,6 +473,23 @@ public:
};
///
/// EAP credential logging enabled warning note
///
#ifdef __DANGEROUS__LOG_CONFIDENTIAL_DATA
class wxEAPCredentialLogWarningPanel : public wxEAPNotePanel
{
public:
///
/// Constructs a notice pannel and set the title text
///
wxEAPCredentialLogWarningPanel(wxWindow* parent);
};
#endif
///
/// EAP Configuration window
///
class wxEAPConfigWindow : public wxScrolledWindow
{
public:
@@ -452,7 +497,7 @@ public:
/// Constructs a configuration window
///
/// \param[in] prov Provider configuration data
/// \param[inout] cfg Configuration data
/// \param[inout] cfg Method configuration data
/// \param[in] parent Parent window
///
wxEAPConfigWindow(eap::config_provider &prov, eap::config_method &cfg, wxWindow* parent);
@@ -463,8 +508,21 @@ public:
virtual ~wxEAPConfigWindow();
public:
inline eap::config_provider& GetProvider() const { return m_prov; }
inline eap::config_method & GetConfig () const { return m_cfg ; }
///
/// Returns reference to configuration provider
///
inline eap::config_provider& GetProvider() const
{
return m_prov;
}
///
/// Returns reference to method configuration
///
inline eap::config_method& GetConfig() const
{
return m_cfg;
}
protected:
/// \cond internal
@@ -477,6 +535,9 @@ protected:
};
///
/// EAP provider contact info config panel
///
class wxEAPProviderContactInfoPanel : public wxEAPProviderContactInfoPanelBase
{
public:
@@ -501,6 +562,9 @@ protected:
};
///
/// EAP provider identity config panel
///
class wxEAPProviderIDPanel : public wxEAPProviderIDPanelBase
{
public:
@@ -523,6 +587,9 @@ protected:
};
///
/// EAP provider lock config panel
///
class wxEAPProviderLockPanel : public wxEAPProviderLockPanelBase
{
public:
@@ -545,6 +612,9 @@ protected:
};
///
/// EAP provider configuration dialog
///
class wxEAPConfigProvider : public wxEAPGeneralDialog
{
public:
@@ -553,6 +623,11 @@ public:
///
/// \param[inout] prov Provider configuration data
/// \param[in] parent Parent window
/// \param[in] id An identifier for the dialog. A value of \c wxID_ANY is taken to mean a default.
/// \param[in] title The title of the dialog
/// \param[in] pos The dialog position. The value \c wxDefaultPosition indicates a default position, chosen by either the windowing system or wxWidgets, depending on platform.
/// \param[in] size The dialog size. The value \c wxDefaultSize indicates a default size, chosen by either the windowing system or wxWidgets, depending on platform.
/// \param[in] style The window style.
///
wxEAPConfigProvider(eap::config_provider &prov, wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = _("Provider Settings"), const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
@@ -564,6 +639,9 @@ protected:
};
///
/// Base template for credential configuration panel
///
template <class _Tcred, class _wxT>
class wxEAPCredentialsConfigPanel : public wxEAPCredentialsConfigPanelBase
{
@@ -572,8 +650,9 @@ public:
/// Constructs a credential configuration panel
///
/// \param[in] prov Provider configuration data
/// \param[inout] cfg Configuration data
/// \param[inout] cfg Method configuration data
/// \param[in] parent Parent window
/// \param[in] method Method name to display
///
wxEAPCredentialsConfigPanel(const eap::config_provider &prov, eap::config_method_with_cred &cfg, wxWindow *parent, const wxString &method = wxEmptyString) :
m_prov(prov),
@@ -736,9 +815,7 @@ protected:
wxEAPCredentialsConfigPanelBase::OnSetConfig(event);
wxEAPCredentialsDialog dlg(m_prov, this);
_wxT *panel = new _wxT(m_prov, m_cfg, m_cred_config, &dlg, true);
dlg.AddContent(panel);
if (dlg.ShowModal() == wxID_OK)
UpdateConfigIdentity();
@@ -806,23 +883,21 @@ private:
};
///
/// Helper template for all credential entry panels
///
template <class _Tcred, class _Tbase>
class wxEAPCredentialsPanel : public _Tbase
{
private:
/// \cond internal
typedef wxEAPCredentialsPanel<_Tcred, _Tbase> _Tthis;
/// \endcond
public:
///
/// Constructs a credentials panel
///
/// \param[in] prov Provider configuration data
/// \param[in] cfg Configuration data
/// \param[inout] cred Credentials data
/// \param[in] parent Parent window
/// \param[in] is_config Is this panel used to config credentials?
/// \param[in] prov Provider configuration data
/// \param[in] cfg Method configuration data
/// \param[inout] cred Credentials data
/// \param[in] parent Parent window
/// \param[in] is_config Is this panel used to config credentials?
///
wxEAPCredentialsPanel(const eap::config_provider &prov, const eap::config_method_with_cred &cfg, _Tcred &cred, wxWindow* parent, bool is_config = false) :
m_prov(prov),
@@ -839,12 +914,20 @@ public:
m_remember = NULL;
}
///
/// (Un)checks "Remember credentials" checkbox
///
/// \param[in] val If \c true, checkbox is checked; otherwise cleared
///
virtual void SetRemember(bool val)
{
if (m_remember)
m_remember->SetValue(val);
}
///
/// Returns \c true if "Remember credentials" checkbox is checked
///
virtual bool GetRemember() const
{
return m_remember ?
@@ -861,6 +944,9 @@ protected:
};
///
/// Generic password credential entry panel
///
template <class _Tcred, class _Tbase>
class wxPasswordCredentialsPanel : public wxEAPCredentialsPanel<_Tcred, _Tbase>
{
@@ -869,7 +955,7 @@ public:
/// Constructs a password credentials panel
///
/// \param[in] prov Provider configuration data
/// \param[in] cfg Configuration data
/// \param[in] cfg Method configuration data
/// \param[inout] cred Credentials data
/// \param[in] parent Parent window
/// \param[in] is_config Is this panel used to config credentials?
@@ -950,6 +1036,8 @@ private:
bool m_password_set;
};
/// @}
inline wxIcon wxLoadIconFromResource(HINSTANCE hinst, PCWSTR pszName, int cx, int cy)
{
@@ -991,31 +1079,67 @@ inline void wxInitializeConfig()
namespace eap
{
/// \addtogroup EAPBaseGUI
/// @{
///
/// Base class to enable single instance of the same dialog (master) return result to multiple threads (slaves)
///
class monitor_ui
{
public:
///
/// Constructs a UI monitor
///
monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid);
///
/// Destructs the UI monitor
///
virtual ~monitor_ui();
///
/// Sets pop-up window handle
///
/// \param[in] hwnd Handle of window to set as a new pop-up
///
void set_popup(_In_ HWND hwnd);
///
/// Notifies all slaves waiting for this master and send them result data
///
/// \param[in] data Pointer to result data
/// \param[in] size \p data size in bytes
///
void release_slaves(_In_bytecount_(size) const void *data, _In_ size_t size) const;
///
/// Returns true if this is a master
///
inline bool is_master() const
{
return m_is_master;
}
///
/// Returns true if this is a slave
///
inline bool is_slave() const
{
return !is_master();
}
///
/// Returns the data master send
///
inline const std::vector<unsigned char>& master_data() const
{
return m_data;
}
protected:
/// \cond internal
virtual LRESULT winproc(
_In_ UINT msg,
_In_ WPARAM wparam,
@@ -1027,6 +1151,8 @@ namespace eap
_In_ WPARAM wparam,
_In_ LPARAM lparam);
/// \endcond
protected:
bool m_is_master; ///< Is this monitor master?
HWND m_hwnd; ///< Message window handle
@@ -1038,4 +1164,6 @@ namespace eap
static const UINT s_msg_attach; ///< Slave sends this message to attach to master
static const UINT s_msg_finish; ///< Master sends this message to slaves to notify them it has finished (wparam has size, lparam has data)
};
/// @}
}

66
lib/EAPBase_UI/include/Module.h
View File

@@ -20,11 +20,6 @@
namespace eap
{
///
/// EAP UI peer base abstract class
///
/// A group of methods all EAP UI peers must or should implement.
///
class peer_ui;
}
@@ -35,6 +30,14 @@ namespace eap
namespace eap
{
/// \addtogroup EAPBaseModule
/// @{
///
/// EAP UI peer base abstract class
///
/// A group of methods all EAP UI peers must or should implement.
///
class peer_ui : public module
{
public:
@@ -50,11 +53,16 @@ namespace eap
///
/// \sa [EapPeerConfigXml2Blob function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363602.aspx)
///
/// \param[in ] dwFlags A combination of EAP flags that describe the EAP authentication session behavior.
/// \param[in ] pConfigRoot Pointer to the XML configuration to be converted.
/// \param[out] pConnectionDataOut A pointer to a pointer to a byte buffer that contains the configuration data converted from XML. The configuration data is created inside the EapHostConfig Schema element. The buffer is of size \p pdwConnectionDataOutSize. After consuming the data, this memory must be freed by calling \p EapPeerFreeMemory().
/// \param[out] pdwConnectionDataOutSize A pointer to the size, in bytes, of the configuration BLOB in \p pConnectionDataOut.
///
virtual void config_xml2blob(
_In_ DWORD dwFlags,
_In_ IXMLDOMNode *pConfigRoot,
_Inout_ BYTE **pConnectionDataOut,
_Inout_ DWORD *pdwConnectionDataOutSize) = 0;
_In_ DWORD dwFlags,
_In_ IXMLDOMNode *pConfigRoot,
_Out_ BYTE **pConnectionDataOut,
_Out_ DWORD *pdwConnectionDataOutSize) = 0;
///
/// Converts the configuration BLOB to XML.
@@ -63,6 +71,12 @@ namespace eap
///
/// \sa [EapPeerConfigBlob2Xml function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363601.aspx)
///
/// \param[in] dwFlags A combination of EAP flags that describe the EAP authentication session behavior.
/// \param[in] pConnectionData A pointer to a buffer that contains the configuration BLOB to convert. The buffer is of size \p dwConnectionDataSize.
/// \param[in] dwConnectionDataSize The size, in bytes, of the configuration BLOB in \p pConnectionData.
/// \param[in] pDoc A pointer to a pointer to an XML document that contains the converted configuration. If the EAP method does not support the \p EapPeerConfigBlob2Xml() function, the XML document will contain the \p ConfigBlob node with the BLOB in string form. The EAP method should create configuration inside the EapHostConfig Schema configuration element.
/// \param[in] pConfigRoot Configuration root XML node
///
virtual void config_blob2xml(
_In_ DWORD dwFlags,
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
@@ -75,18 +89,34 @@ namespace eap
///
/// \sa [EapPeerInvokeConfigUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363614.aspx)
///
/// \param[in ] hwndParent A handle to the parent window which will spawn the connection configuration user interface dialog.
/// \param[in ] pConnectionDataIn A pointer to a buffer that contains the configuration BLOB to convert. The buffer is of size \p dwConnectionDataInSize.
/// \param[in ] dwConnectionDataInSize The size, in bytes, of the configuration BLOB in \p pConnectionDataIn.
/// \param[out] ppConnectionDataOut Receives a pointer to a pointer that contains a byte buffer with the user-configured connection data.
/// \param[out] pdwConnectionDataOutSize Receives a pointer to the size, in bytes, of the \p ppConnectionDataOut parameter.
///
virtual void invoke_config_ui(
_In_ HWND hwndParent,
_In_count_(dwConnectionDataInSize) const BYTE *pConnectionDataIn,
_In_ DWORD dwConnectionDataInSize,
_Inout_ BYTE **ppConnectionDataOut,
_Inout_ DWORD *pdwConnectionDataOutSize) = 0;
_Out_ BYTE **ppConnectionDataOut,
_Out_ DWORD *pdwConnectionDataOutSize) = 0;
///
/// Raises a custom interactive user interface dialog to obtain user identity information for the EAP method on the client.
///
/// \sa [EapPeerInvokeIdentityUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363615.aspx)
///
/// \param[in ] hwndParent A handle to the parent window which will spawn the interactive user interface dialog to obtain the identity data. Can be \c NULL.
/// \param[in ] dwFlags A combination of EAP flags that describe the EAP authentication session behavior.
/// \param[in ] pConnectionData A pointer to a buffer that contains the configuration BLOB to convert. The buffer is of size \p dwConnectionDataSize.
/// \param[in ] dwConnectionDataSize The size, in bytes, of the configuration BLOB in \p pConnectionData.
/// \param[in ] pUserData A pointer to the user data specific to this authentication used to pre-populate the user data. When this API is called for the first time, or when a new authentication session starts, this parameter is \c NULL. Otherwise, set this parameter to the `pUserData` member of the structure pointed to by the \p pResult parameter received by `EapPeerGetResult()`.
/// \param[in ] dwUserDataSize Specifies the size, in bytes, of the user identity data returned in \p pUserData.
/// \param[out] ppUserDataOut A pointer to the pointer of the returned user data. The data is passed to `EapPeerBeginSession()` as input \p pUserData.
/// \param[out] pdwUserDataOutSize Specifies the size, in bytes, of the \p ppUserDataOut buffer.
/// \param[out] ppwszIdentity A pointer to the returned user identity. The pointer will be included in the identity response packet and returned to the server.
///
virtual void invoke_identity_ui(
_In_ HWND hwndParent,
_In_ DWORD dwFlags,
@@ -94,15 +124,21 @@ namespace eap
_In_ DWORD dwConnectionDataSize,
_In_count_(dwUserDataSize) const BYTE *pUserData,
_In_ DWORD dwUserDataSize,
_Inout_ BYTE **ppUserDataOut,
_Inout_ DWORD *pdwUserDataOutSize,
_Inout_ LPWSTR *ppwszIdentity) = 0;
_Out_ BYTE **ppUserDataOut,
_Out_ DWORD *pdwUserDataOutSize,
_Out_ LPWSTR *ppwszIdentity) = 0;
///
/// Raises a custom interactive user interface dialog for the EAP method on the client.
///
/// \sa [EapPeerInvokeInteractiveUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363616.aspx)
///
/// \param[in ] hwndParent A handle to the parent window which will spawn the interactive user interface dialog.
/// \param[in ] pUIContextData A pointer to an opaque byte buffer that contains the context data used to create the user interface dialog.
/// \param[in ] dwUIContextDataSize The size, in bytes, of the user interface context data specified by \p pUIContextData.
/// \param[out] ppDataFromInteractiveUI A pointer to the address of an opaque byte buffer that contains data obtained from the interactive user interface dialog.
/// \param[out] pdwDataFromInteractiveUISize A pointer to the size, in bytes, of the data returned in \p ppDataFromInteractiveUI.
///
virtual void invoke_interactive_ui(
_In_ HWND hwndParent,
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
@@ -110,4 +146,6 @@ namespace eap
_Inout_ BYTE **ppDataFromInteractiveUI,
_Inout_ DWORD *pdwDataFromInteractiveUISize) = 0;
};
/// @}
}

30
lib/EAPBase_UI/include/wxEAP_UIBase.h
View File

@@ -18,9 +18,6 @@
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
///
/// Base class for all credential entry panel that must provide "Remember" credentials checkbox
///
class wxEAPCredentialsPanelBase;
#pragma once
@@ -28,12 +25,28 @@ class wxEAPCredentialsPanelBase;
#include <wx/panel.h>
///
/// \defgroup EAPBaseGUI GUI
/// Graphical User Interface
///
/// @{
///
/// Base class for all credential entry panel that must provide "Remember" credentials checkbox
///
class wxEAPCredentialsPanelBase : public wxPanel
{
public:
///
/// Constructs a wxPanel with "Remember" credentials checkbox
///
/// \param[in] parent The parent window
/// \param[in] winid An identifier for the panel. \c wxID_ANY is taken to mean a default.
/// \param[in] pos The panel position. The value \c wxDefaultPosition indicates a default position, chosen by either the windowing system or wxWidgets, depending on platform.
/// \param[in] size The panel size. The value \c wxDefaultSize indicates a default size, chosen by either the windowing system or wxWidgets, depending on platform.
/// \param[in] style The window style. See `wxPanel`.
/// \param[in] name Window name
///
wxEAPCredentialsPanelBase(wxWindow *parent,
wxWindowID winid = wxID_ANY,
const wxPoint& pos = wxDefaultPosition,
@@ -43,6 +56,17 @@ public:
{
}
///
/// (Un)checks "Remember credentials" checkbox
///
/// \param[in] val If \c true, checkbox is checked; otherwise cleared
///
virtual void SetRemember(bool val) = 0;
///
/// Returns \c true if "Remember credentials" checkbox is checked
///
virtual bool GetRemember() const = 0;
};
/// @}

40
lib/EAPBase_UI/res/wxEAP_UI.cpp
View File

@@ -607,3 +607,43 @@ wxEAPProviderLockPanelBase::wxEAPProviderLockPanelBase( wxWindow* parent, wxWind
wxEAPProviderLockPanelBase::~wxEAPProviderLockPanelBase()
{
}
wxEAPProviderSelectDialogBase::wxEAPProviderSelectDialogBase( wxWindow* parent, wxWindowID id, const wxString& title, const wxPoint& pos, const wxSize& size, long style ) : wxDialog( parent, id, title, pos, size, style )
{
this->SetSizeHints( wxDefaultSize, wxDefaultSize );
wxBoxSizer* sb_content;
sb_content = new wxBoxSizer( wxVERTICAL );
m_banner = new wxEAPBannerPanel( this );
sb_content->Add( m_banner, 0, wxEXPAND|wxBOTTOM, 5 );
m_providers = new wxBoxSizer( wxVERTICAL );
m_providers->SetMinSize( wxSize( 350,-1 ) );
sb_content->Add( m_providers, 1, wxEXPAND|wxALL, 5 );
m_buttons = new wxStdDialogButtonSizer();
m_buttonsCancel = new wxButton( this, wxID_CANCEL );
m_buttons->AddButton( m_buttonsCancel );
m_buttons->Realize();
sb_content->Add( m_buttons, 0, wxEXPAND|wxALL, 5 );
this->SetSizer( sb_content );
this->Layout();
sb_content->Fit( this );
// Connect Events
this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPProviderSelectDialogBase::OnInitDialog ) );
}
wxEAPProviderSelectDialogBase::~wxEAPProviderSelectDialogBase()
{
// Disconnect Events
this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPProviderSelectDialogBase::OnInitDialog ) );
}

191
lib/EAPBase_UI/res/wxEAP_UI.fbp
View File

@@ -5139,5 +5139,196 @@
</object>
</object>
</object>
<object class="Dialog" expanded="1">
<property name="aui_managed">0</property>
<property name="aui_manager_style">wxAUI_MGR_DEFAULT</property>
<property name="bg"></property>
<property name="center"></property>
<property name="context_help"></property>
<property name="context_menu">1</property>
<property name="enabled">1</property>
<property name="event_handler">impl_virtual</property>
<property name="extra_style"></property>
<property name="fg"></property>
<property name="font"></property>
<property name="hidden">0</property>
<property name="id">wxID_ANY</property>
<property name="maximum_size"></property>
<property name="minimum_size"></property>
<property name="name">wxEAPProviderSelectDialogBase</property>
<property name="pos"></property>
<property name="size"></property>
<property name="style">wxDEFAULT_DIALOG_STYLE</property>
<property name="subclass"></property>
<property name="title">EAP Identity Provider</property>
<property name="tooltip"></property>
<property name="window_extra_style"></property>
<property name="window_name"></property>
<property name="window_style"></property>
<event name="OnActivate"></event>
<event name="OnActivateApp"></event>
<event name="OnAuiFindManager"></event>
<event name="OnAuiPaneButton"></event>
<event name="OnAuiPaneClose"></event>
<event name="OnAuiPaneMaximize"></event>
<event name="OnAuiPaneRestore"></event>
<event name="OnAuiRender"></event>
<event name="OnChar"></event>
<event name="OnClose"></event>
<event name="OnEnterWindow"></event>
<event name="OnEraseBackground"></event>
<event name="OnHibernate"></event>
<event name="OnIconize"></event>
<event name="OnIdle"></event>
<event name="OnInitDialog">OnInitDialog</event>
<event name="OnKeyDown"></event>
<event name="OnKeyUp"></event>
<event name="OnKillFocus"></event>
<event name="OnLeaveWindow"></event>
<event name="OnLeftDClick"></event>
<event name="OnLeftDown"></event>
<event name="OnLeftUp"></event>
<event name="OnMiddleDClick"></event>
<event name="OnMiddleDown"></event>
<event name="OnMiddleUp"></event>
<event name="OnMotion"></event>
<event name="OnMouseEvents"></event>
<event name="OnMouseWheel"></event>
<event name="OnPaint"></event>
<event name="OnRightDClick"></event>
<event name="OnRightDown"></event>
<event name="OnRightUp"></event>
<event name="OnSetFocus"></event>
<event name="OnSize"></event>
<event name="OnUpdateUI"></event>
<object class="wxBoxSizer" expanded="1">
<property name="minimum_size"></property>
<property name="name">sb_content</property>
<property name="orient">wxVERTICAL</property>
<property name="permission">none</property>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
<property name="flag">wxEXPAND|wxBOTTOM</property>
<property name="proportion">0</property>
<object class="CustomControl" expanded="1">
<property name="BottomDockable">1</property>
<property name="LeftDockable">1</property>
<property name="RightDockable">1</property>
<property name="TopDockable">1</property>
<property name="aui_layer"></property>
<property name="aui_name"></property>
<property name="aui_position"></property>
<property name="aui_row"></property>
<property name="best_size"></property>
<property name="bg"></property>
<property name="caption"></property>
<property name="caption_visible">1</property>
<property name="center_pane">0</property>
<property name="class">wxEAPBannerPanel</property>
<property name="close_button">1</property>
<property name="construction">m_banner = new wxEAPBannerPanel( this );&#x0A;</property>
<property name="context_help"></property>
<property name="context_menu">1</property>
<property name="declaration">wxEAPBannerPanel *m_banner;</property>
<property name="default_pane">0</property>
<property name="dock">Dock</property>
<property name="dock_fixed">0</property>
<property name="docking">Left</property>
<property name="enabled">1</property>
<property name="fg"></property>
<property name="floatable">1</property>
<property name="font"></property>
<property name="gripper">0</property>
<property name="hidden">0</property>
<property name="id">wxID_ANY</property>
<property name="include">class wxEAPBannerPanel;</property>
<property name="max_size"></property>
<property name="maximize_button">0</property>
<property name="maximum_size"></property>
<property name="min_size"></property>
<property name="minimize_button">0</property>
<property name="minimum_size"></property>
<property name="moveable">1</property>
<property name="name">m_banner</property>
<property name="pane_border">1</property>
<property name="pane_position"></property>
<property name="pane_size"></property>
<property name="permission">protected</property>
<property name="pin_button">1</property>
<property name="pos"></property>
<property name="resize">Resizable</property>
<property name="settings"></property>
<property name="show">1</property>
<property name="size">-1,-1</property>
<property name="subclass">; ../include/EAP_UI.h</property>
<property name="toolbar_pane">0</property>
<property name="tooltip"></property>
<property name="window_extra_style"></property>
<property name="window_name"></property>
<property name="window_style"></property>
<event name="OnChar"></event>
<event name="OnEnterWindow"></event>
<event name="OnEraseBackground"></event>
<event name="OnKeyDown"></event>
<event name="OnKeyUp"></event>
<event name="OnKillFocus"></event>
<event name="OnLeaveWindow"></event>
<event name="OnLeftDClick"></event>
<event name="OnLeftDown"></event>
<event name="OnLeftUp"></event>
<event name="OnMiddleDClick"></event>
<event name="OnMiddleDown"></event>
<event name="OnMiddleUp"></event>
<event name="OnMotion"></event>
<event name="OnMouseEvents"></event>
<event name="OnMouseWheel"></event>
<event name="OnPaint"></event>
<event name="OnRightDClick"></event>
<event name="OnRightDown"></event>
<event name="OnRightUp"></event>
<event name="OnSetFocus"></event>
<event name="OnSize"></event>
<event name="OnUpdateUI"></event>
</object>
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
<property name="flag">wxEXPAND|wxALL</property>
<property name="proportion">1</property>
<object class="wxBoxSizer" expanded="1">
<property name="minimum_size">350,-1</property>
<property name="name">m_providers</property>
<property name="orient">wxVERTICAL</property>
<property name="permission">protected</property>
</object>
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
<property name="flag">wxEXPAND|wxALL</property>
<property name="proportion">0</property>
<object class="wxStdDialogButtonSizer" expanded="1">
<property name="Apply">0</property>
<property name="Cancel">1</property>
<property name="ContextHelp">0</property>
<property name="Help">0</property>
<property name="No">0</property>
<property name="OK">0</property>
<property name="Save">0</property>
<property name="Yes">0</property>
<property name="minimum_size"></property>
<property name="name">m_buttons</property>
<property name="permission">protected</property>
<event name="OnApplyButtonClick"></event>
<event name="OnCancelButtonClick"></event>
<event name="OnContextHelpButtonClick"></event>
<event name="OnHelpButtonClick"></event>
<event name="OnNoButtonClick"></event>
<event name="OnOKButtonClick"></event>
<event name="OnSaveButtonClick"></event>
<event name="OnYesButtonClick"></event>
</object>
</object>
</object>
</object>
</object>
</wxFormBuilder_Project>

24
lib/EAPBase_UI/res/wxEAP_UI.h
View File

@@ -290,4 +290,28 @@ class wxEAPProviderLockPanelBase : public wxPanel
};
///////////////////////////////////////////////////////////////////////////////
/// Class wxEAPProviderSelectDialogBase
///////////////////////////////////////////////////////////////////////////////
class wxEAPProviderSelectDialogBase : public wxDialog
{
private:
protected:
wxEAPBannerPanel *m_banner;
wxBoxSizer* m_providers;
wxStdDialogButtonSizer* m_buttons;
wxButton* m_buttonsCancel;
// Virtual event handlers, overide them in your derived class
virtual void OnInitDialog( wxInitDialogEvent& event ) { event.Skip(); }
public:
wxEAPProviderSelectDialogBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxString& title = _("EAP Identity Provider"), const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE );
~wxEAPProviderSelectDialogBase();
};
#endif //__WXEAP_UI_H__

122
lib/EAPBase_UI/src/EAP_UI.cpp
View File

@@ -30,10 +30,12 @@ wxEAPBannerPanel::wxEAPBannerPanel(wxWindow* parent) : wxEAPBannerPanelBase(pare
}
/// \cond internal
bool wxEAPBannerPanel::AcceptsFocusFromKeyboard() const
{
return false;
}
/// \endcond
//////////////////////////////////////////////////////////////////////
@@ -79,6 +81,7 @@ void wxEAPGeneralDialog::AddContent(wxPanel *content)
}
/// \cond internal
void wxEAPGeneralDialog::OnInitDialog(wxInitDialogEvent& event)
{
wxEAPGeneralDialogBase::OnInitDialog(event);
@@ -86,6 +89,7 @@ void wxEAPGeneralDialog::OnInitDialog(wxInitDialogEvent& event)
for (wxSizerItemList::compatibility_iterator panel = m_panels->GetChildren().GetFirst(); panel; panel = panel->GetNext())
panel->GetData()->GetWindow()->GetEventHandler()->ProcessEvent(event);
}
/// \endcond
//////////////////////////////////////////////////////////////////////
@@ -97,46 +101,10 @@ wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov,
{
// Set banner title.
m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), wxEAPGetProviderName(prov.m_name)));
}
//////////////////////////////////////////////////////////////////////
// wxEAPCredentialsConnectionDialog
//////////////////////////////////////////////////////////////////////
wxEAPCredentialsConnectionDialog::wxEAPCredentialsConnectionDialog(wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
wxEAPCredentialsConnectionDialogBase(parent, id, title, pos, size, style)
{
// Set extra style here, as wxFormBuilder overrides all default flags.
this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY);
// Load window icons.
#ifdef __WINDOWS__
wxIconBundle icons;
icons.AddIcon(wxIcon(wxT("product.ico"), wxBITMAP_TYPE_ICO_RESOURCE, ::GetSystemMetrics(SM_CXSMICON), ::GetSystemMetrics(SM_CYSMICON)));
icons.AddIcon(wxIcon(wxT("product.ico"), wxBITMAP_TYPE_ICO_RESOURCE, ::GetSystemMetrics(SM_CXICON ), ::GetSystemMetrics(SM_CYICON )));
this->SetIcons(icons);
#else
this->SetIcon(wxIcon(wxICON(product.ico)));
#ifdef __DANGEROUS__LOG_CONFIDENTIAL_DATA
AddContent(new wxEAPCredentialLogWarningPanel(this));
#endif
// Set banner title.
m_banner->m_title->SetLabel(_("EAP Credentials"));
m_buttonsOK->SetDefault();
}
void wxEAPCredentialsConnectionDialog::OnInitDialog(wxInitDialogEvent& event)
{
wxEAPCredentialsConnectionDialogBase::OnInitDialog(event);
// Forward the event to child panels.
for (wxWindowList::compatibility_iterator provider = m_providers->GetChildren().GetFirst(); provider; provider = provider->GetNext()) {
wxWindow *prov = wxDynamicCast(provider->GetData(), wxWindow);
if (prov)
prov->GetEventHandler()->ProcessEvent(event);
}
}
@@ -157,6 +125,8 @@ wxEAPNotePanel::wxEAPNotePanel(wxWindow* parent) :
}
/// \cond internal
bool wxEAPNotePanel::AcceptsFocusFromKeyboard() const
{
return m_help_web_value || m_help_email_value || m_help_phone_label;
@@ -216,6 +186,8 @@ void wxEAPNotePanel::CreateContactFields(const eap::config_provider &prov)
}
}
/// \endcond
//////////////////////////////////////////////////////////////////////
// wxEAPProviderLockedPanel
@@ -263,6 +235,27 @@ wxEAPCredentialWarningPanel::wxEAPCredentialWarningPanel(const eap::config_provi
}
//////////////////////////////////////////////////////////////////////
// wxEAPCredentialWarningPanel
//////////////////////////////////////////////////////////////////////
#ifdef __DANGEROUS__LOG_CONFIDENTIAL_DATA
wxEAPCredentialLogWarningPanel::wxEAPCredentialLogWarningPanel(wxWindow* parent) : wxEAPNotePanel(parent)
{
// Load and set icon.
winstd::library lib_shell32;
if (lib_shell32.load(_T("imageres.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
m_note_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(105)));
m_note_label->SetLabel(wxString::Format(_("The %s version installed on this computer logs credentials in visible and easy to read way."), wxT(PRODUCT_NAME_STR)) + " " +
_("Please, reconsider necessity to enter your credentials."));
m_note_label->Wrap(449);
this->Layout();
}
#endif
//////////////////////////////////////////////////////////////////////
// wxEAPConfigWindow
//////////////////////////////////////////////////////////////////////
@@ -286,6 +279,7 @@ wxEAPConfigWindow::~wxEAPConfigWindow()
}
/// \cond internal
void wxEAPConfigWindow::OnInitDialog(wxInitDialogEvent& event)
{
// Call TransferDataToWindow() manually, as wxScrolledWindow somehow skips that.
@@ -293,6 +287,7 @@ void wxEAPConfigWindow::OnInitDialog(wxInitDialogEvent& event)
event.Skip();
}
/// \endcond
//////////////////////////////////////////////////////////////////////
@@ -310,6 +305,8 @@ wxEAPProviderContactInfoPanel::wxEAPProviderContactInfoPanel(eap::config_provide
}
/// \cond internal
bool wxEAPProviderContactInfoPanel::TransferDataToWindow()
{
m_provider_name ->SetValue(m_prov.m_name );
@@ -333,6 +330,8 @@ bool wxEAPProviderContactInfoPanel::TransferDataFromWindow()
return true;
}
/// \endcond
//////////////////////////////////////////////////////////////////////
// wxEAPProviderIDPanel
@@ -349,6 +348,8 @@ wxEAPProviderIDPanel::wxEAPProviderIDPanel(eap::config_provider &prov, wxWindow*
}
/// \cond internal
bool wxEAPProviderIDPanel::TransferDataToWindow()
{
m_provider_namespace->SetStringSelection(m_prov.m_namespace);
@@ -368,6 +369,8 @@ bool wxEAPProviderIDPanel::TransferDataFromWindow()
return true;
}
/// \endcond
//////////////////////////////////////////////////////////////////////
// wxEAPProviderLockPanel
@@ -384,6 +387,8 @@ wxEAPProviderLockPanel::wxEAPProviderLockPanel(eap::config_provider &prov, wxWin
}
/// \cond internal
bool wxEAPProviderLockPanel::TransferDataToWindow()
{
m_provider_lock->SetValue(m_prov.m_read_only);
@@ -401,6 +406,8 @@ bool wxEAPProviderLockPanel::TransferDataFromWindow()
return true;
}
/// \endcond
//////////////////////////////////////////////////////////////////////
// wxEAPConfigProvider
@@ -426,6 +433,41 @@ wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow *p
}
//////////////////////////////////////////////////////////////////////
// wxEAPProviderSelectDialog
//////////////////////////////////////////////////////////////////////
wxEAPProviderSelectDialog::wxEAPProviderSelectDialog(eap::config_connection &cfg, wxWindow *parent) :
m_selected(NULL),
wxEAPProviderSelectDialogBase(parent)
{
// Set banner title.
std::unique_ptr<eap::config_method> cfg_dummy(cfg.m_module.make_config_method());
m_banner->m_title->SetLabel(wxString::Format("%s %s", wxT(PRODUCT_NAME_STR), cfg_dummy->get_method_str()));
for (auto prov = cfg.m_providers.cbegin(), prov_end = cfg.m_providers.cend(); prov != prov_end; ++prov) {
wxCommandLinkButton *btn = new wxCommandLinkButton(this, wxID_ANY, wxEAPGetProviderName(prov->m_name));
m_providers->Add(btn, 0, wxALL|wxEXPAND, 5);
btn->Connect(wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler(wxEAPProviderSelectDialog::OnProvSelect), new wxVariant((void*)&*prov), this);
}
this->Layout();
this->GetSizer()->Fit(this);
}
/// \cond internal
void wxEAPProviderSelectDialog::OnProvSelect(wxCommandEvent& event)
{
// Set selected provider and dismiss dialog.
m_selected = static_cast<eap::config_provider*>(dynamic_cast<const wxVariant*>(event.GetEventUserData())->GetVoidPtr());
this->EndModal(wxID_OK);
event.Skip();
}
/// \endcond
using namespace std;
using namespace winstd;
@@ -551,6 +593,8 @@ void eap::monitor_ui::release_slaves(_In_bytecount_(size) const void *data, _In_
}
/// \cond internal
LRESULT eap::monitor_ui::winproc(
_In_ UINT msg,
_In_ WPARAM wparam,
@@ -614,6 +658,8 @@ LRESULT CALLBACK eap::monitor_ui::winproc(
}
}
/// \endcond
const UINT eap::monitor_ui::s_msg_attach = RegisterWindowMessage(_T(PRODUCT_NAME_STR) _T("-Attach"));
const UINT eap::monitor_ui::s_msg_finish = RegisterWindowMessage(_T(PRODUCT_NAME_STR) _T("-Finish"));

2
lib/EAPBase_UI/src/StdAfx.h
View File

@@ -24,3 +24,5 @@
#include "../include/EAP_UI.h"
#include "../include/Module.h"
#include <wx/commandlinkbutton.h>

2
lib/EapHost/build/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
/temp
/*.user

12
lib/EapHost/build/EapHost.props Normal file
View File

@@ -0,0 +1,12 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ImportGroup Label="PropertySheets" />
<PropertyGroup Label="UserMacros" />
<PropertyGroup />
<ItemDefinitionGroup>
<ClCompile>
<AdditionalIncludeDirectories>..\..\Events\build\temp\Events.$(Platform).$(Configuration).$(PlatformToolset);..\..\WinStd\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
</ItemDefinitionGroup>
<ItemGroup />
</Project>

106
lib/EapHost/build/EapHost.vcxproj Normal file
View File

@@ -0,0 +1,106 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{B385EC2B-C3F4-48BB-9BAC-8B996DE7F754}</ProjectGuid>
<RootNamespace>EapHost</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\..\..\include\Win32.props" />
<Import Project="..\..\..\include\Debug.props" />
<Import Project="EapHost.props" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\..\..\include\x64.props" />
<Import Project="..\..\..\include\Debug.props" />
<Import Project="EapHost.props" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\..\..\include\Win32.props" />
<Import Project="..\..\..\include\Release.props" />
<Import Project="EapHost.props" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\..\..\include\x64.props" />
<Import Project="..\..\..\include\Release.props" />
<Import Project="EapHost.props" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup />
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
<ItemGroup>
<ClInclude Include="..\include\Config.h" />
<ClInclude Include="..\include\Credentials.h" />
<ClInclude Include="..\include\Method.h" />
<ClInclude Include="..\src\StdAfx.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\src\Config.cpp" />
<ClCompile Include="..\src\Credentials.cpp" />
<ClCompile Include="..\src\Method.cpp" />
<ClCompile Include="..\src\StdAfx.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\Events\build\Events.vcxproj">
<Project>{d63f24bd-92a0-4d6b-8b69-ed947e4d2b1b}</Project>
</ProjectReference>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

41
lib/EapHost/build/EapHost.vcxproj.filters Normal file
View File

@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\src\StdAfx.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\Config.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\Method.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\Credentials.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\src\StdAfx.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\src\Config.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\src\Method.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\src\Credentials.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
</Project>

143
lib/EapHost/include/Config.h Normal file
View File

@@ -0,0 +1,143 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include <sal.h>
namespace eap
{
class config_method_eaphost;
}
#pragma once
#include "../../EAPBase/include/Config.h"
#include <Windows.h>
#include <sal.h>
#include <tchar.h>
namespace eap
{
/// \addtogroup EAPBaseConfig
/// @{
///
/// EapHost peer method configuration
///
class config_method_eaphost : public config_method
{
public:
///
/// Constructs configuration
///
/// \param[in] mod EAP module to use for global services
/// \param[in] level Config level (0=outer, 1=inner, 2=inner-inner...)
///
config_method_eaphost(_In_ module &mod, _In_ unsigned int level);
///
/// Copies configuration
///
/// \param[in] other Configuration to copy from
///
config_method_eaphost(_In_ const config_method_eaphost &other);
///
/// Moves configuration
///
/// \param[in] other Configuration to move from
///
config_method_eaphost(_Inout_ config_method_eaphost &&other);
///
/// Copies configuration
///
/// \param[in] other Configuration to copy from
///
/// \returns Reference to this object
///
config_method_eaphost& operator=(_In_ const config_method_eaphost &other);
///
/// Moves configuration
///
/// \param[in] other Configuration to move from
///
/// \returns Reference to this object
///
config_method_eaphost& operator=(_Inout_ config_method_eaphost &&other);
virtual config* clone() const;
/// \name XML management
/// @{
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
virtual void operator<<(_Inout_ cursor_out &cursor) const;
virtual size_t get_pk_size() const;
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
virtual winstd::eap_type_t get_method_id() const;
virtual const wchar_t* get_method_str() const;
///
/// @copydoc eap::config_method::make_credentials()
/// \returns This implementation always returns `eap::credentials_eaphost` type of credentials
///
virtual credentials* make_credentials() const;
///
/// Returns method EAP_METHOD_TYPE
///
inline const EAP_METHOD_TYPE& get_type() const
{
return m_type;
}
///
/// Set method EAP_METHOD_TYPE
///
inline void set_type(_In_ const EAP_METHOD_TYPE &type)
{
m_type = type;
update_type();
}
protected:
/// \cond internal
void update_type();
/// \endcond
protected:
EAP_METHOD_TYPE m_type; ///< EapHost method type: (EAP type, vendor ID, vendor type, author ID) tuple
std::wstring m_type_str; ///< EAP method type as a string
public:
sanitizing_blob m_cfg_blob; ///< Method configuration BLOB
};
/// @}
}

154
lib/EapHost/include/Credentials.h Normal file
View File

@@ -0,0 +1,154 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include <sal.h>
namespace eap
{
class credentials_eaphost;
}
#pragma once
#include "Config.h"
#include "../../EAPBase/include/Credentials.h"
#include <WinStd/Crypt.h>
#include <Windows.h>
#include <vector>
namespace eap
{
/// \addtogroup EAPBaseCred
/// @{
///
/// EapHost peer method credentials
///
class credentials_eaphost : public credentials
{
public:
///
/// Constructs credentials
///
/// \param[in] mod EAP module to use for global services
///
credentials_eaphost(_In_ module &mod);
///
/// Copies credentials
///
/// \param[in] other Credentials to copy from
///
credentials_eaphost(_In_ const credentials_eaphost &other);
///
/// Moves credentials
///
/// \param[in] other Credentials to move from
///
credentials_eaphost(_Inout_ credentials_eaphost &&other);
///
/// Copies credentials
///
/// \param[in] other Credentials to copy from
///
/// \returns Reference to this object
///
credentials_eaphost& operator=(_In_ const credentials_eaphost &other);
///
/// Moves credentials
///
/// \param[in] other Credentials to move from
///
/// \returns Reference to this object
///
credentials_eaphost& operator=(_Inout_ credentials_eaphost &&other);
virtual config* clone() const;
virtual void clear();
virtual bool empty() const;
/// \name XML management
/// @{
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
virtual void operator<<(_Inout_ cursor_out &cursor) const;
virtual size_t get_pk_size() const;
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
/// \name Storage
/// @{
virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const;
virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level);
///
/// @copydoc eap::credentials::target_suffix()
/// \returns This implementation always returns `_T("BLOB")`
///
virtual LPCTSTR target_suffix() const;
/// @}
///
/// Combine credentials in the following order:
///
/// 1. Cached credentials
/// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`)
/// 3. Stored credentials
///
/// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior
/// \param[in] hTokenImpersonateUser Impersonation token for a logged-on user to collect user-related information
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be `credentials_eaphost*` type)
/// \param[in] cfg Method configuration (unused, as must be as config_method_eaphost is not derived from `config_method_with_cred`)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c source_cache Credentials were obtained from EapHost cache
/// - \c source_config Credentials were set by method configuration
/// - \c source_storage Credentials were loaded from Windows Credential Manager
///
virtual source_t combine(
_In_ DWORD dwFlags,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName);
public:
sanitizing_blob m_cred_blob; ///< Credentials BLOB
private:
/// \cond internal
static const unsigned char s_entropy[1024];
/// \endcond
};
/// @}
}

157
lib/EapHost/include/Method.h Normal file
View File

@@ -0,0 +1,157 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
namespace eap
{
class method_eaphost;
}
#pragma once
#include "Config.h"
#include "Credentials.h"
#include "../../EAPBase/include/Method.h"
namespace eap
{
/// \addtogroup EAPBaseMethod
/// @{
///
/// EapHost peer method
///
/// A wrapper class to provide system installed 3rd party EAP methods integration.
///
class method_eaphost : public method
{
WINSTD_NONCOPYABLE(method_eaphost)
public:
///
/// Constructs an EAP method
///
/// \param[in] mod EAP module to use for global services
/// \param[in] cfg Method configuration
/// \param[in] cred User credentials
///
method_eaphost(_In_ module &mod, _In_ config_method_eaphost &cfg, _In_ credentials_eaphost &cred);
///
/// Moves an EAP method
///
/// \param[in] other EAP method to move from
///
method_eaphost(_Inout_ method_eaphost &&other);
///
/// Moves an EAP method
///
/// \param[in] other EAP method to move from
///
/// \returns Reference to this object
///
method_eaphost& operator=(_Inout_ method_eaphost &&other);
/// \name Session management
/// @{
virtual void begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize = MAXDWORD);
virtual void end_session();
/// @}
/// \name Packet processing
/// @{
virtual EapPeerMethodResponseAction process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize);
virtual void get_response_packet(
_Out_ sanitizing_blob &packet,
_In_opt_ DWORD size_max = MAXDWORD);
/// @}
virtual void get_result(
_In_ EapPeerMethodResultReason reason,
_Out_ EapPeerMethodResult *pResult);
/// \name User Interaction
/// @{
virtual void get_ui_context(
_Out_ BYTE **ppUIContextData,
_Out_ DWORD *pdwUIContextDataSize);
virtual EapPeerMethodResponseAction set_ui_context(
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
_In_ DWORD dwUIContextDataSize);
/// @}
/// \name EAP Response Attributes
/// @{
virtual void get_response_attributes(_Out_ EapAttributes *pAttribs);
virtual EapPeerMethodResponseAction set_response_attributes(_In_ const EapAttributes *pAttribs);
/// @}
protected:
///
/// Converts EapHost peer action to output structure.
///
/// \param[in] action EapHost peer action
///
/// \returns EAP method output action
///
inline EapPeerMethodResponseAction action_h2p(_In_ EapHostPeerResponseAction action)
{
switch (action) {
case EapHostPeerResponseDiscard : return EapPeerMethodResponseActionDiscard ;
case EapHostPeerResponseSend : return EapPeerMethodResponseActionSend ;
case EapHostPeerResponseResult : return EapPeerMethodResponseActionResult ;
case EapHostPeerResponseInvokeUi : return EapPeerMethodResponseActionInvokeUI;
case EapHostPeerResponseRespond : return EapPeerMethodResponseActionRespond ;
case EapHostPeerResponseStartAuthentication: return EapPeerMethodResponseActionDiscard ; // The session could not be found. So the supplicant either needs to start session again with the same packet or discard the packet.
case EapHostPeerResponseNone : return EapPeerMethodResponseActionNone ;
default : throw std::invalid_argument(winstd::string_printf(__FUNCTION__ " Unknown action (%u).", action));
}
}
protected:
config_method_eaphost &m_cfg; ///< Method configuration
credentials_eaphost &m_cred; ///< Method user credentials
EAP_SESSIONID m_session_id; ///< EAP session ID
};
/// @}
}

211
lib/EapHost/src/Config.cpp Normal file
View File

@@ -0,0 +1,211 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::config_method_eaphost
//////////////////////////////////////////////////////////////////////
eap::config_method_eaphost::config_method_eaphost(_In_ module &mod, _In_ unsigned int level) :
config_method(mod, level),
m_type_str(L"EapHost")
{
memset(&m_type, 0, sizeof(EAP_METHOD_TYPE));
}
eap::config_method_eaphost::config_method_eaphost(_In_ const config_method_eaphost &other) :
m_type (other.m_type ),
m_type_str (other.m_type_str),
m_cfg_blob (other.m_cfg_blob),
config_method(other )
{
}
eap::config_method_eaphost::config_method_eaphost(_Inout_ config_method_eaphost &&other) :
m_type (std::move(other.m_type )),
m_type_str (std::move(other.m_type_str)),
m_cfg_blob (std::move(other.m_cfg_blob)),
config_method(std::move(other ))
{
}
eap::config_method_eaphost& eap::config_method_eaphost::operator=(_In_ const config_method_eaphost &other)
{
if (this != &other) {
(config_method&)*this = other;
m_type = other.m_type;
m_type_str = other.m_type_str;
m_cfg_blob = other.m_cfg_blob;
}
return *this;
}
eap::config_method_eaphost& eap::config_method_eaphost::operator=(_Inout_ config_method_eaphost &&other)
{
if (this != &other) {
(config_method&&)*this = std::move(other );
m_type = std::move(other.m_type );
m_type_str = std::move(other.m_type_str);
m_cfg_blob = std::move(other.m_cfg_blob);
}
return *this;
}
eap::config* eap::config_method_eaphost::clone() const
{
return new config_method_eaphost(*this);
}
void eap::config_method_eaphost::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{
assert(pDoc);
assert(pConfigRoot);
config_method::save(pDoc, pConfigRoot);
// Convert configuration BLOB to XML using EapHost (and ultimately method peer's EapPeerConfigBlob2Xml).
com_obj<IXMLDOMDocument2> pConfigDoc;
eap_error error;
DWORD dwResult = EapHostPeerConfigBlob2Xml(0, m_type, (DWORD)m_cfg_blob.size(), const_cast<BYTE*>(m_cfg_blob.data()), &pConfigDoc, &error._Myptr);
if (dwResult == ERROR_SUCCESS) {
HRESULT hr;
com_obj<IXMLDOMElement> pXmlElConfigDoc;
if (FAILED(hr = pConfigDoc->get_documentElement(&pXmlElConfigDoc)))
throw com_runtime_error(hr, __FUNCTION__ " Error getting XML document element.");
// Insert method configuration into our XML configuration.
if (FAILED(hr = pConfigRoot->appendChild(pXmlElConfigDoc, NULL)))
throw com_runtime_error(hr, __FUNCTION__ " Error appending configuration document element.");
} else if (error)
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerConfigBlob2Xml failed.");
else
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerConfigBlob2Xml failed.");
}
void eap::config_method_eaphost::load(_In_ IXMLDOMNode *pConfigRoot)
{
assert(pConfigRoot);
config_method::load(pConfigRoot);
// <EapHostConfig>
winstd::com_obj<IXMLDOMElement> pXmlElEapHostConfig;
if (SUCCEEDED(eapxml::select_element(pConfigRoot, winstd::bstr(L"eaphostconfig:EapHostConfig"), pXmlElEapHostConfig))) {
// Convert configuration XML to BLOB using EapHost (and ultimately method peer's EapPeerConfigXml2Blob).
DWORD cfg_data_size = 0;
eap_blob cfg_data;
eap_error error;
DWORD dwResult = EapHostPeerConfigXml2Blob(0, pXmlElEapHostConfig, &cfg_data_size, &cfg_data._Myptr, &m_type, &error._Myptr);
if (dwResult == ERROR_SUCCESS) {
update_type();
const BYTE *_cfg_data = cfg_data.get();
m_cfg_blob.assign(_cfg_data, _cfg_data + cfg_data_size);
} else if (error)
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerConfigXml2Blob failed.");
else
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerConfigXml2Blob failed.");
}
}
void eap::config_method_eaphost::operator<<(_Inout_ cursor_out &cursor) const
{
config_method::operator<<(cursor);
cursor << m_type ;
cursor << m_cfg_blob;
}
size_t eap::config_method_eaphost::get_pk_size() const
{
return
config_method::get_pk_size() +
pksizeof(m_type ) +
pksizeof(m_cfg_blob);
}
void eap::config_method_eaphost::operator>>(_Inout_ cursor_in &cursor)
{
config_method::operator>>(cursor);
cursor >> m_type ; update_type();
cursor >> m_cfg_blob;
}
eap_type_t eap::config_method_eaphost::get_method_id() const
{
return (eap_type_t)m_type.eapType.type;
}
const wchar_t* eap::config_method_eaphost::get_method_str() const
{
return m_type_str.c_str();
}
eap::credentials* eap::config_method_eaphost::make_credentials() const
{
return new credentials_eaphost(m_module);
}
/// \cond internal
void eap::config_method_eaphost::update_type()
{
// Query registry for EAP method name and save it to m_type_str.
// get_method_str() can return pointer to static string only, therefore we need to have the method name ready in advance.
reg_key key;
if (key.open(HKEY_LOCAL_MACHINE,
m_type.dwAuthorId == 0 ? tstring_printf(_T("SYSTEM\\CurrentControlSet\\services\\RasMan\\PPP\\EAP\\%u" ), m_type.eapType.type ).c_str() : // Legacy EAP method (RasMan)
m_type.eapType.type == 254 ? tstring_printf(_T("SYSTEM\\CurrentControlSet\\services\\EapHost\\Methods\\%u\\%u\\%u\\%u"), m_type.dwAuthorId, m_type.eapType.type, m_type.eapType.dwVendorId, m_type.eapType.dwVendorType).c_str() : // EapHost Expanded Type Peer
tstring_printf(_T("SYSTEM\\CurrentControlSet\\services\\EapHost\\Methods\\%u\\%u" ), m_type.dwAuthorId, m_type.eapType.type ).c_str(), // EapHost Peer
0,
KEY_READ) &&
RegLoadMUIStringW(key,
m_type.dwAuthorId == 0 ? L"FriendlyName" :
L"PeerFriendlyName",
m_type_str,
0,
NULL) == ERROR_SUCCESS)
return;
// Query failed. Provide generic name.
if (m_type.dwAuthorId == 0 ) sprintf(m_type_str, L"RasMan-%u" , m_type.eapType.type );
else if (m_type.eapType.type == 254) sprintf(m_type_str, L"EapHost-%u-%u-%u-%u", m_type.dwAuthorId, m_type.eapType.type, m_type.eapType.dwVendorId, m_type.eapType.dwVendorType);
else sprintf(m_type_str, L"EapHost-%u-%u" , m_type.dwAuthorId, m_type.eapType.type );
}
/// \endcond

379
lib/EapHost/src/Credentials.cpp Normal file
View File

@@ -0,0 +1,379 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
#pragma comment(lib, "Eappprxy.lib")
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::credentials_eaphost
//////////////////////////////////////////////////////////////////////
eap::credentials_eaphost::credentials_eaphost(_In_ module &mod) : credentials(mod)
{
}
eap::credentials_eaphost::credentials_eaphost(_In_ const credentials_eaphost &other) :
m_cred_blob(other.m_cred_blob),
credentials(other )
{
}
eap::credentials_eaphost::credentials_eaphost(_Inout_ credentials_eaphost &&other) :
m_cred_blob(std::move(other.m_cred_blob)),
credentials(std::move(other ))
{
}
eap::credentials_eaphost& eap::credentials_eaphost::operator=(_In_ const credentials_eaphost &other)
{
if (this != &other) {
(credentials&)*this = other;
m_cred_blob = other.m_cred_blob;
}
return *this;
}
eap::credentials_eaphost& eap::credentials_eaphost::operator=(_Inout_ credentials_eaphost &&other)
{
if (this != &other) {
(credentials&)*this = std::move(other);
m_cred_blob = std::move(other.m_cred_blob);
}
return *this;
}
eap::config* eap::credentials_eaphost::clone() const
{
return new credentials_eaphost(*this);
}
void eap::credentials_eaphost::clear()
{
credentials::clear();
m_cred_blob.clear();
}
bool eap::credentials_eaphost::empty() const
{
return m_cred_blob.empty();
}
void eap::credentials_eaphost::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{
assert(pDoc);
assert(pConfigRoot);
credentials::save(pDoc, pConfigRoot);
HRESULT hr;
// <Credentials>
if (FAILED(hr = eapxml::put_element_base64(pDoc, pConfigRoot, bstr(L"Credentials"), namespace_eapmetadata, m_cred_blob.data(), m_cred_blob.size())))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <Credentials> element.");
}
void eap::credentials_eaphost::load(_In_ IXMLDOMNode *pConfigRoot)
{
assert(pConfigRoot);
HRESULT hr;
credentials::load(pConfigRoot);
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
m_cred_blob.clear();
if (FAILED(hr = eapxml::get_element_base64(pConfigRoot, bstr(L"eap-metadata:Credentials"), m_cred_blob)))
throw com_runtime_error(hr, __FUNCTION__ " Error reading <Credentials> element.");
m_module.log_config_discrete((xpath + L"/Credentials").c_str(), m_cred_blob.data(), (ULONG)m_cred_blob.size());
}
void eap::credentials_eaphost::operator<<(_Inout_ cursor_out &cursor) const
{
credentials::operator<<(cursor);
cursor << m_cred_blob;
}
size_t eap::credentials_eaphost::get_pk_size() const
{
return
credentials::get_pk_size() +
pksizeof(m_cred_blob);
}
void eap::credentials_eaphost::operator>>(_Inout_ cursor_in &cursor)
{
credentials::operator>>(cursor);
cursor >> m_cred_blob;
}
void eap::credentials_eaphost::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const
{
assert(pszTargetName);
data_blob cred_enc;
if (!m_cred_blob.empty()) {
// Encrypt credentials BLOB using user's key.
DATA_BLOB cred_blob = { (DWORD)m_cred_blob.size(), const_cast<LPBYTE>(m_cred_blob.data()) };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , const_cast<LPBYTE>(s_entropy) };
if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_AUDIT, &cred_enc))
throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
}
tstring target(target_name(pszTargetName, level));
// Write credentials.
assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH );
CREDENTIAL cred = {
0, // Flags
CRED_TYPE_GENERIC, // Type
const_cast<LPTSTR>(target.c_str()), // TargetName
_T(""), // Comment
{ 0, 0 }, // LastWritten
cred_enc.cbData, // CredentialBlobSize
cred_enc.pbData, // CredentialBlob
CRED_PERSIST_ENTERPRISE, // Persist
0, // AttributeCount
NULL, // Attributes
NULL, // TargetAlias
const_cast<LPTSTR>(m_identity.c_str()) // UserName
};
if (!CredWrite(&cred, 0))
throw win_runtime_error(__FUNCTION__ " CredWrite failed.");
}
void eap::credentials_eaphost::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level)
{
// Read credentials.
unique_ptr<CREDENTIAL, CredFree_delete<CREDENTIAL> > cred;
if (!CredRead(target_name(pszTargetName, level).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred))
throw win_runtime_error(__FUNCTION__ " CredRead failed.");
if (cred->CredentialBlobSize) {
// Decrypt the credentials BLOB using user's key.
DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , const_cast<LPBYTE>(s_entropy) };
data_blob cred_int;
if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int))
throw win_runtime_error(__FUNCTION__ " CryptUnprotectData failed.");
m_cred_blob.assign(cred_int.pbData, cred_int.pbData + cred_int.cbData);
SecureZeroMemory(cred_int.pbData, cred_int.cbData);
} else
m_cred_blob.clear();
if (cred->UserName)
m_identity = cred->UserName;
else
m_identity.clear();
wstring xpath(pszTargetName);
m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
m_module.log_config_discrete((xpath + L"/Credentials").c_str(), m_cred_blob.data(), (ULONG)m_cred_blob.size());
}
LPCTSTR eap::credentials_eaphost::target_suffix() const
{
return _T("BLOB");
}
eap::credentials::source_t eap::credentials_eaphost::combine(
_In_ DWORD dwFlags,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName)
{
// When cached credentials are available, EapHost calls EapPeerGetIdentity() anyway.
// This allows each peer to decide to reuse or drop cached credentials itself.
// To mimic that behaviour, we do the same:
// 1. Retrieve credentials from cache, store, or configuration
// 2. Call EapHostPeerGetIdentity()
source_t src = source_unknown;
if (cred_cached) {
// Using EAP service cached credentials.
*this = *dynamic_cast<const credentials_eaphost*>(cred_cached);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
src = source_cache;
}
// Note: Currently we do not provide credential storage for EapHost methods within configuration.
// EapHost credentials will never get loaded from configuration, since config_method_eaphost is config_method based, not config_method_with_cred.
// The code is kept (and maintained) for consistency with another methods, if we choose to provide that feature at a later time.
if (src == source_unknown) {
auto cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
if (cfg_with_cred && cfg_with_cred->m_use_cred) {
// Using configured credentials.
*this = *dynamic_cast<const credentials_eaphost*>(cfg_with_cred->m_cred.get());
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_eaphost::get_name()), event_data(pszTargetName), event_data::blank);
src = source_config;
}
}
if (src == source_unknown && pszTargetName) {
// Switch user context.
user_impersonator impersonating(hTokenImpersonateUser);
try {
credentials_eaphost cred_loaded(m_module);
cred_loaded.retrieve(pszTargetName, cfg.m_level);
// Using stored credentials.
*this = std::move(cred_loaded);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
src = source_storage;
} catch (...) {
// Not actually an error.
}
}
auto cfg_eaphost = dynamic_cast<const config_method_eaphost*>(&cfg);
BOOL fInvokeUI = FALSE;
DWORD cred_data_size = 0;
eap_blob_runtime cred_data;
unique_ptr<WCHAR[], EapHostPeerFreeRuntimeMemory_delete> identity;
eap_error error; // MSDN says to use EapHostPeerFreeErrorMemory()/eap_error, but given the context of execution, eap_error_runtime might be the right choice.
DWORD dwResult = EapHostPeerGetIdentity(
0,
dwFlags,
cfg_eaphost->get_type(),
(DWORD)cfg_eaphost->m_cfg_blob.size(), cfg_eaphost->m_cfg_blob.data(),
src != source_unknown ? (DWORD)m_cred_blob.size() : 0, src != source_unknown ? m_cred_blob.data() : NULL,
hTokenImpersonateUser,
&fInvokeUI,
&cred_data_size, &cred_data._Myptr,
&identity._Myptr,
&error._Myptr,
NULL);
if (dwResult == ERROR_SUCCESS) {
if (identity && !fInvokeUI) {
// Inner EAP method provided identity and does not require additional UI prompt.
m_identity = identity.get();
m_cred_blob.assign(cred_data.get(), cred_data.get() + cred_data_size);
SecureZeroMemory(cred_data.get(), cred_data_size);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_EAPHOST, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
return source_lower;
} else
SecureZeroMemory(cred_data.get(), cred_data_size);
} else if (error) {
// An EAP error in inner EAP method occurred.
m_module.log_error(error.get());
} else {
// A runtime error in inner EAP method occurred.
m_module.log_event(&EAPMETHOD_TRACE_EVT_WIN_ERROR, event_data((unsigned int)dwResult), event_data(__FUNCTION__ " EapHostPeerGetIdentity failed."), event_data::blank);
}
return source_unknown;
}
/// \cond internal
const unsigned char eap::credentials_eaphost::s_entropy[1024] = {
0xe6, 0x01, 0x7b, 0x5f, 0xe5, 0x32, 0xee, 0x8c, 0x57, 0x41, 0x52, 0x95, 0xab, 0xe5, 0x65, 0xdd,
0xb3, 0x12, 0x7c, 0xcb, 0xdb, 0x37, 0x03, 0x76, 0xfc, 0x53, 0x4a, 0xf9, 0x3f, 0xf1, 0xd8, 0x7e,
0x60, 0x9a, 0x49, 0x93, 0xeb, 0x2e, 0x18, 0xd0, 0xfb, 0x40, 0xa9, 0x95, 0x66, 0x8a, 0xdd, 0x99,
0x51, 0x1c, 0xfb, 0x73, 0xa9, 0x7c, 0x31, 0x2b, 0xe6, 0x54, 0x61, 0x64, 0x25, 0x86, 0x36, 0xd4,
0xde, 0xc8, 0x6d, 0x3e, 0x6f, 0x47, 0x40, 0x6f, 0xd6, 0x5b, 0xe2, 0x0c, 0x92, 0x16, 0xe2, 0xdc,
0x45, 0x2f, 0x44, 0xf4, 0x87, 0x64, 0x6d, 0x4e, 0x5c, 0x24, 0x8a, 0x10, 0xb1, 0x2f, 0xa7, 0xe3,
0x7d, 0x60, 0x98, 0x1c, 0xd4, 0x8d, 0xbb, 0x27, 0xb9, 0x02, 0xb1, 0x4a, 0x49, 0xd9, 0x80, 0xe1,
0x7d, 0x20, 0xac, 0xba, 0x12, 0x23, 0x67, 0x28, 0x9e, 0xe8, 0xb6, 0x27, 0x4a, 0x90, 0x47, 0xcf,
0x92, 0x00, 0xde, 0x95, 0xeb, 0x23, 0x3b, 0x0d, 0x5e, 0x08, 0xe9, 0x45, 0x42, 0x7a, 0x6a, 0x73,
0xbb, 0x44, 0xfb, 0x92, 0xc0, 0x24, 0xe2, 0x41, 0xdf, 0x97, 0xb9, 0x02, 0xd4, 0xfd, 0x75, 0x72,
0x99, 0x6d, 0xbc, 0xf8, 0x20, 0xa4, 0x25, 0x99, 0x5b, 0xb6, 0xfe, 0xf9, 0x1e, 0x4c, 0x02, 0x81,
0xe8, 0xb7, 0x5f, 0x5f, 0x01, 0xbc, 0xa3, 0xf6, 0xef, 0x8e, 0x28, 0x9d, 0x20, 0x80, 0xc1, 0xb2,
0xd5, 0x80, 0x44, 0x8d, 0xf3, 0x01, 0x71, 0x3c, 0x0c, 0xb8, 0xc1, 0x0f, 0xc4, 0x79, 0x5a, 0x4d,
0xd3, 0xd6, 0xe8, 0x6d, 0xe2, 0x6c, 0x50, 0x49, 0x54, 0x27, 0x9b, 0x2f, 0xf2, 0x79, 0xbd, 0xa3,
0x25, 0xa5, 0x2c, 0x5c, 0x62, 0x89, 0x13, 0xc3, 0x81, 0x31, 0xdd, 0x31, 0x61, 0x43, 0xce, 0xa6,
0x67, 0x63, 0x25, 0xa4, 0xd0, 0xa7, 0x4c, 0x6c, 0x51, 0x7b, 0xaf, 0x8e, 0xdb, 0xaf, 0x77, 0xeb,
0x31, 0xfc, 0xb2, 0xdb, 0xc1, 0x89, 0x6a, 0xa8, 0x5e, 0xae, 0xf4, 0xff, 0x55, 0x84, 0xb0, 0x62,
0x5f, 0x41, 0xde, 0x43, 0x97, 0x2c, 0xe8, 0x86, 0xbe, 0x94, 0xb6, 0xb3, 0x08, 0x38, 0x32, 0xc6,
0x71, 0x10, 0x5c, 0x82, 0x6c, 0x5d, 0x31, 0x5b, 0x09, 0xd7, 0x92, 0x14, 0xab, 0xcf, 0x8d, 0xc7,
0xc3, 0xdd, 0x2f, 0xef, 0x20, 0x6e, 0x84, 0x4d, 0xb5, 0x9a, 0x44, 0xac, 0x3f, 0xe4, 0x30, 0xa7,
0x7a, 0xff, 0xe3, 0xf6, 0x90, 0xa9, 0xeb, 0xca, 0x49, 0x52, 0x89, 0xd6, 0xca, 0x7b, 0xf2, 0x68,
0xda, 0xe0, 0x88, 0xb0, 0xa2, 0x47, 0xbc, 0x81, 0x2e, 0x58, 0xe0, 0x48, 0xac, 0x6f, 0xf3, 0x66,
0xd1, 0xa7, 0xd6, 0xda, 0x16, 0x88, 0x69, 0x46, 0x95, 0x5f, 0x35, 0x0c, 0x8d, 0x50, 0xbc, 0x27,
0xdb, 0xc5, 0x49, 0x9a, 0xf4, 0x4a, 0x7a, 0x03, 0xad, 0xfc, 0x0f, 0x72, 0x5d, 0x6c, 0x62, 0x06,
0x48, 0x68, 0x75, 0x02, 0xbd, 0xdd, 0xf3, 0xb1, 0xa1, 0x20, 0x64, 0xaf, 0x6f, 0xf2, 0xc0, 0x8c,
0xe8, 0x3c, 0x58, 0x3b, 0xa7, 0x05, 0x2f, 0x4b, 0xef, 0x29, 0x8b, 0x6f, 0x64, 0x39, 0x03, 0x97,
0x8b, 0x91, 0x41, 0xbc, 0xa2, 0x02, 0xa9, 0x0c, 0x5c, 0x52, 0x32, 0xf3, 0xe5, 0x4d, 0x5b, 0x7d,
0xfe, 0x67, 0xe1, 0x82, 0x21, 0x9e, 0x83, 0xf3, 0xd1, 0x5e, 0x37, 0xd9, 0xc6, 0x38, 0x2d, 0x02,
0x1e, 0x18, 0xa3, 0x47, 0xcf, 0xad, 0x99, 0xe7, 0xe1, 0xc9, 0x86, 0x52, 0xdc, 0x18, 0xe7, 0x3b,
0x5f, 0x1d, 0xd8, 0x9c, 0xbe, 0xfb, 0x24, 0x09, 0xe9, 0x51, 0x02, 0x51, 0x01, 0xd4, 0xc5, 0x49,
0xb5, 0x87, 0xd4, 0x5f, 0x7c, 0xdc, 0xf9, 0xc7, 0x7a, 0xf5, 0xb7, 0x1e, 0x6d, 0xc9, 0xc1, 0x1f,
0x27, 0xd1, 0x77, 0x0e, 0xbb, 0xf8, 0x79, 0x48, 0x55, 0x73, 0x8e, 0xc9, 0x14, 0x8d, 0x6f, 0xf6,
0xe5, 0xbe, 0x6c, 0xff, 0xa4, 0x4a, 0xa9, 0x03, 0x08, 0xa2, 0xe4, 0xda, 0xcd, 0x8a, 0x83, 0x86,
0xbd, 0x6e, 0x99, 0xce, 0x98, 0x11, 0xfb, 0x2a, 0x17, 0xd6, 0x79, 0x80, 0x92, 0x11, 0x8d, 0xc4,
0x4a, 0xef, 0x97, 0xb8, 0x0c, 0x9d, 0xce, 0x2a, 0xda, 0xc9, 0x8f, 0xd9, 0x63, 0x89, 0xf0, 0x44,
0x94, 0x75, 0xbf, 0x69, 0x8a, 0xe2, 0x6d, 0x40, 0x75, 0x47, 0xd8, 0x4c, 0x91, 0x85, 0x8d, 0x51,
0xe6, 0xa2, 0x31, 0x13, 0xe5, 0x87, 0x59, 0xb0, 0xf3, 0x89, 0x51, 0xc1, 0xe0, 0xa7, 0xb4, 0x8f,
0x5e, 0xdd, 0x10, 0x80, 0xd8, 0x4a, 0x69, 0x93, 0x14, 0xf5, 0x2c, 0xef, 0xfb, 0xf0, 0xcb, 0x70,
0x72, 0x95, 0xb7, 0xec, 0xa4, 0x79, 0xa3, 0xa2, 0x44, 0xfa, 0x02, 0x9f, 0x2a, 0xbf, 0x8b, 0xe7,
0x87, 0xd4, 0xc2, 0x72, 0x46, 0xd4, 0xf7, 0x57, 0xbe, 0x9a, 0x4e, 0xd4, 0xb5, 0x0f, 0x8d, 0x46,
0x81, 0x6e, 0x1b, 0xe2, 0x85, 0x3b, 0x78, 0x78, 0x9f, 0xa1, 0xd7, 0x27, 0x2d, 0x92, 0x28, 0x62,
0x6d, 0xcd, 0xfe, 0x48, 0x18, 0x19, 0x6c, 0x61, 0x6c, 0x8b, 0xbe, 0xe5, 0xb0, 0xff, 0x80, 0x4d,
0x60, 0x71, 0x89, 0x79, 0x41, 0x08, 0x8e, 0x81, 0x84, 0x71, 0xb8, 0xcd, 0x00, 0x27, 0x37, 0xa2,
0xad, 0x47, 0xc5, 0x6a, 0xf9, 0xb3, 0x00, 0x67, 0x11, 0x60, 0x93, 0xd1, 0xe1, 0x89, 0x9f, 0xec,
0x92, 0xb4, 0x48, 0xa6, 0x11, 0x5f, 0xc1, 0x62, 0xb9, 0xd2, 0x3f, 0xb0, 0x4e, 0xd2, 0xdb, 0x1d,
0x80, 0xd6, 0x02, 0x82, 0x39, 0xb4, 0xbb, 0x3b, 0x51, 0x26, 0xb5, 0x0c, 0xb9, 0xff, 0x9a, 0x38,
0xa8, 0x49, 0x58, 0x70, 0xdd, 0xec, 0x71, 0x27, 0xec, 0x3c, 0x13, 0x8b, 0x2f, 0xf3, 0x38, 0xa8,
0x6e, 0xf2, 0xe2, 0xa0, 0xcd, 0xa4, 0x2a, 0x8b, 0xd4, 0xaa, 0x31, 0x83, 0x4c, 0xe6, 0x98, 0xf5,
0x11, 0xea, 0x40, 0xf9, 0x22, 0xf8, 0x30, 0x56, 0x58, 0xe6, 0xe2, 0x69, 0x49, 0xec, 0x50, 0xbf,
0x39, 0x10, 0x77, 0xa1, 0x54, 0xf8, 0x82, 0x19, 0x7b, 0xa2, 0xc0, 0x45, 0x25, 0x9a, 0xb0, 0xff,
0x3e, 0x7a, 0x61, 0xd6, 0xf4, 0xfb, 0xb9, 0x3a, 0x1e, 0x07, 0xee, 0xd4, 0xf2, 0x73, 0x98, 0x1b,
0xfa, 0xae, 0xe2, 0x3e, 0x5f, 0x5a, 0xd1, 0xda, 0x86, 0x48, 0xfd, 0x43, 0xf4, 0x97, 0x69, 0x58,
0x0e, 0xb8, 0xca, 0xd2, 0x65, 0xb9, 0x64, 0xdb, 0x2b, 0xe8, 0x26, 0x4c, 0x35, 0xc8, 0x86, 0x9a,
0xe7, 0xc1, 0x99, 0x39, 0x85, 0x87, 0xd9, 0x1c, 0x5d, 0xea, 0xa2, 0x6f, 0x5b, 0x81, 0x1a, 0x73,
0x08, 0xf8, 0xf3, 0x07, 0xcb, 0x9c, 0x32, 0x3a, 0x2c, 0x8b, 0x44, 0xe6, 0x48, 0x1e, 0x66, 0x1b,
0x5e, 0xe3, 0x54, 0xef, 0x68, 0xf7, 0x28, 0xf8, 0xd6, 0x16, 0xe5, 0xde, 0xb0, 0xbc, 0x2d, 0x15,
0xa0, 0x9f, 0xa6, 0x91, 0x4c, 0x1c, 0x91, 0xc9, 0xf2, 0x63, 0x32, 0xf2, 0xfb, 0xd9, 0x5e, 0x53,
0xd6, 0x72, 0x8c, 0x1b, 0xe5, 0xf1, 0x80, 0xcc, 0x21, 0xa9, 0x87, 0xaf, 0x64, 0x8d, 0x0f, 0xae,
0xe9, 0x0c, 0x31, 0x26, 0xa4, 0x72, 0x30, 0x8d, 0x0c, 0xfe, 0x5a, 0x25, 0x2d, 0x18, 0xe5, 0x39,
0xcc, 0x04, 0x56, 0xa3, 0x65, 0x84, 0x95, 0x43, 0x40, 0x94, 0x6d, 0x16, 0x15, 0x79, 0x35, 0xa1,
0x7f, 0x4b, 0x3e, 0x08, 0xf1, 0x53, 0xf2, 0xc6, 0x31, 0x7e, 0xb8, 0x29, 0x9b, 0xa4, 0xe9, 0x9d,
0x6b, 0x95, 0xae, 0x37, 0xdf, 0x1d, 0x8c, 0xea, 0xc2, 0x50, 0x14, 0x48, 0x05, 0xd0, 0xcd, 0xd1,
0x25, 0x25, 0x10, 0xa2, 0x85, 0x6f, 0x88, 0xe1, 0x22, 0x9d, 0xd2, 0xbe, 0x59, 0x88, 0x86, 0x20,
0x93, 0x6a, 0x44, 0xed, 0xc8, 0xee, 0x73, 0xe7, 0x1a, 0xc3, 0x16, 0x23, 0xff, 0x69, 0x8c, 0xd0,
};
/// \endcond

60
lib/EapHost/src/EapHost.cpp Normal file
View File

@@ -0,0 +1,60 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
//////////////////////////////////////////////////////////////////////
// eap::credentials_eaphost
//////////////////////////////////////////////////////////////////////
eap::credentials_eaphost::credentials_eaphost(_In_ module &mod) : credentials_pass(mod)
{
}
eap::credentials_eaphost::credentials_eaphost(_In_ const credentials_eaphost &other) :
credentials_pass(other)
{
}
eap::credentials_eaphost::credentials_eaphost(_Inout_ credentials_eaphost &&other) :
credentials_pass(std::move(other))
{
}
eap::credentials_eaphost& eap::credentials_eaphost::operator=(_In_ const credentials_eaphost &other)
{
if (this != &other)
(credentials_pass&)*this = other;
return *this;
}
eap::credentials_eaphost& eap::credentials_eaphost::operator=(_Inout_ credentials_eaphost &&other)
{
if (this != &other)
(credentials_pass&&)*this = std::move(other);
return *this;
}

289
lib/EapHost/src/Method.cpp Normal file
View File

@@ -0,0 +1,289 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::method_eaphost
//////////////////////////////////////////////////////////////////////
eap::method_eaphost::method_eaphost(_In_ module &mod, _In_ config_method_eaphost &cfg, _In_ credentials_eaphost &cred) :
m_cfg(cfg),
m_cred(cred),
m_session_id(0),
method(mod)
{
}
eap::method_eaphost::method_eaphost(_Inout_ method_eaphost &&other) :
m_cfg ( other.m_cfg ),
m_cred ( other.m_cred ),
m_session_id(std::move(other.m_session_id)),
method (std::move(other ))
{
}
eap::method_eaphost& eap::method_eaphost::operator=(_Inout_ method_eaphost &&other)
{
if (this != std::addressof(other)) {
assert(std::addressof(m_cfg ) == std::addressof(other.m_cfg )); // Move method within same configuration only!
assert(std::addressof(m_cred) == std::addressof(other.m_cred)); // Move method within same credentials only!
(method&)*this = std::move(other );
m_session_id = std::move(other.m_session_id);
}
return *this;
}
void eap::method_eaphost::begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize)
{
method::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
// Presume authentication will fail with generic protocol failure. (Pesimist!!!)
// We will reset once we get get_result(Success) call.
m_cfg.m_last_status = config_method::status_auth_failed;
m_cfg.m_last_msg.clear();
// Create EapHost peer session using available connection data (m_cfg) and user data (m_cred).
eap_error_runtime error;
DWORD dwResult = EapHostPeerBeginSession(
dwFlags,
m_cfg.get_type(),
pAttributeArray,
hTokenImpersonateUser,
(DWORD)m_cfg.m_cfg_blob.size(),
m_cfg.m_cfg_blob.data(),
(DWORD)m_cred.m_cred_blob.size(),
m_cred.m_cred_blob.data(),
dwMaxSendPacketSize,
NULL, NULL, NULL,
&m_session_id,
&error._Myptr);
if (dwResult == ERROR_SUCCESS) {
// Session succesfully created.
} else if (error)
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerBeginSession failed.");
else
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerBeginSession failed.");
}
void eap::method_eaphost::end_session()
{
// End EapHost peer session.
eap_error_runtime error;
DWORD dwResult = EapHostPeerEndSession(m_session_id, &error._Myptr);
if (dwResult == ERROR_SUCCESS) {
// Session successfuly ended.
} else if (error)
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerEndSession failed.");
else
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerEndSession failed.");
method::end_session();
}
EapPeerMethodResponseAction eap::method_eaphost::process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize)
{
assert(pReceivedPacket || dwReceivedPacketSize == 0);
// Let EapHost peer process the packet.
EapHostPeerResponseAction action;
eap_error_runtime error;
DWORD dwResult = EapHostPeerProcessReceivedPacket(
m_session_id,
dwReceivedPacketSize,
reinterpret_cast<const BYTE*>(pReceivedPacket),
&action,
&error._Myptr);
if (dwResult == ERROR_SUCCESS) {
// Packet successfuly processed.
return action_h2p(action);
} else if (error)
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerProcessReceivedPacket failed.");
else
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerProcessReceivedPacket failed.");
}
void eap::method_eaphost::get_response_packet(
_Out_ sanitizing_blob &packet,
_In_opt_ DWORD size_max)
{
// Let EapHost peer prepare response packet.
eap_blob_runtime _packet;
eap_error_runtime error;
DWORD dwResult = EapHostPeerGetSendPacket(
m_session_id,
&size_max,
&_packet._Myptr,
&error._Myptr);
if (dwResult == ERROR_SUCCESS) {
// Packet successfuly prepared.
packet.assign(_packet.get(), _packet.get() + size_max);
} else if (error)
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerGetSendPacket failed.");
else
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerGetSendPacket failed.");
}
void eap::method_eaphost::get_result(
_In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *pResult)
{
// Let EapHost peer return result.
eap_error_runtime error;
EapHostPeerMethodResult result = {};
DWORD dwResult = EapHostPeerGetResult(
m_session_id,
EapHostPeerMethodResultFromMethod,
&result,
&error._Myptr);
if (dwResult == ERROR_SUCCESS) {
// Result successfuly returned.
method::get_result(reason, pResult);
pResult->dwFailureReasonCode = result.dwFailureReasonCode;
pResult->pAttribArray = result.pAttribArray;
if (result.pEapError) {
// Transfer error to our module memory space.
pResult->pEapError = m_module.make_error(result.pEapError);
EapHostPeerFreeEapError(result.pEapError);
result.pEapError = NULL;
}
if (result.fSaveConnectionData) {
// Update configuration BLOB.
m_cfg.m_cfg_blob.assign(result.pConnectionData, result.pConnectionData + result.dwSizeofConnectionData);
}
if (result.fSaveUserData) {
// Update credentials BLOB.
m_cred.m_cred_blob.assign(result.pUserData, result.pUserData + result.dwSizeofUserData);
}
if (reason == EapPeerMethodResultSuccess)
m_cfg.m_last_status = config_method::status_success;
// Always ask EAP host to save the connection data. And it will save it *only* when we report "success".
// Don't worry. EapHost is well aware of failed authentication condition.
pResult->fSaveConnectionData = TRUE;
pResult->fIsSuccess = TRUE;
} else if (error)
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerGetResult failed.");
else
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerGetResult failed.");
}
void eap::method_eaphost::get_ui_context(
_Out_ BYTE **ppUIContextData,
_Out_ DWORD *pdwUIContextDataSize)
{
// Get EapHost peer UI context data.
eap_error_runtime error;
DWORD dwResult = EapHostPeerGetUIContext(
m_session_id,
pdwUIContextDataSize,
ppUIContextData,
&error._Myptr);
if (dwResult == ERROR_SUCCESS) {
// UI context data successfuly returned.
} else if (error)
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerGetUIContext failed.");
else
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerGetUIContext failed.");
}
EapPeerMethodResponseAction eap::method_eaphost::set_ui_context(
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
_In_ DWORD dwUIContextDataSize)
{
// Set EapHost peer UI context data.
EapHostPeerResponseAction action;
eap_error_runtime error;
DWORD dwResult = EapHostPeerSetUIContext(
m_session_id,
dwUIContextDataSize,
pUIContextData,
&action,
&error._Myptr);
if (dwResult == ERROR_SUCCESS) {
// UI context data successfuly returned.
return action_h2p(action);
} else if (error)
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerSetUIContext failed.");
else
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerSetUIContext failed.");
}
void eap::method_eaphost::get_response_attributes(_Inout_ EapAttributes *pAttribs)
{
// Get response attributes from EapHost peer.
eap_error_runtime error;
DWORD dwResult = EapHostPeerGetResponseAttributes(
m_session_id,
pAttribs,
&error._Myptr);
if (dwResult == ERROR_SUCCESS) {
// Response attributes successfuly returned.
} else if (error)
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerGetResponseAttributes failed.");
else
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerGetResponseAttributes failed.");
}
EapPeerMethodResponseAction eap::method_eaphost::set_response_attributes(_In_ const EapAttributes *pAttribs)
{
// Set response attributes for EapHost peer.
EapHostPeerResponseAction action;
eap_error_runtime error;
DWORD dwResult = EapHostPeerSetResponseAttributes(
m_session_id,
pAttribs,
&action,
&error._Myptr);
if (dwResult == ERROR_SUCCESS) {
// Response attributes successfuly set.
return action_h2p(action);
} else if (error)
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerGetResponseAttributes failed.");
else
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerGetResponseAttributes failed.");
}

21
lib/EapHost/src/StdAfx.cpp Normal file
View File

@@ -0,0 +1,21 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"

33
lib/EapHost/src/StdAfx.h Normal file
View File

@@ -0,0 +1,33 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include "../include/Config.h"
#include "../include/Credentials.h"
#include "../include/Method.h"
#include <WinStd/Cred.h>
#include <WinStd/Win.h>
#include <Windows.h>
#include <EapHostError.h> // include after Windows.h
#include <EapHostPeerTypes.h>
#include <eappapis.h>

2
lib/EapHost_UI/build/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
/temp
/*.user

12
lib/EapHost_UI/build/EapHost_UI.props Normal file
View File

@@ -0,0 +1,12 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ImportGroup Label="PropertySheets" />
<PropertyGroup Label="UserMacros" />
<PropertyGroup />
<ItemDefinitionGroup>
<ClCompile>
<AdditionalIncludeDirectories>..\..\Events\build\temp\Events.$(Platform).$(Configuration).$(PlatformToolset);..\..\WinStd\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
</ItemDefinitionGroup>
<ItemGroup />
</Project>

107
lib/EapHost_UI/build/EapHost_UI.vcxproj Normal file
View File

@@ -0,0 +1,107 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{13D2D8B5-F6AA-459D-B5F7-29B95DD9D583}</ProjectGuid>
<RootNamespace>EapHost_UI</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\..\..\include\Win32.props" />
<Import Project="..\..\..\include\Debug.props" />
<Import Project="EapHost_UI.props" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\..\..\include\x64.props" />
<Import Project="..\..\..\include\Debug.props" />
<Import Project="EapHost_UI.props" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\..\..\include\Win32.props" />
<Import Project="..\..\..\include\Release.props" />
<Import Project="EapHost_UI.props" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\..\..\include\x64.props" />
<Import Project="..\..\..\include\Release.props" />
<Import Project="EapHost_UI.props" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup />
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
<ItemGroup>
<ClInclude Include="..\include\EapHost_UI.h" />
<ClInclude Include="..\res\wxEapHost_UI.h" />
<ClInclude Include="..\src\StdAfx.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\res\wxEapHost_UI.cpp" />
<ClCompile Include="..\src\EapHost_UI.cpp" />
<ClCompile Include="..\src\StdAfx.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\Events\build\Events.vcxproj">
<Project>{d63f24bd-92a0-4d6b-8b69-ed947e4d2b1b}</Project>
</ProjectReference>
</ItemGroup>
<ItemGroup>
<None Include="..\res\wxEapHost_UI.fbp" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

44
lib/EapHost_UI/build/EapHost_UI.vcxproj.filters Normal file
View File

@@ -0,0 +1,44 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\src\StdAfx.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\EapHost_UI.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\res\wxEapHost_UI.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\src\StdAfx.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\src\EapHost_UI.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\res\wxEapHost_UI.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<None Include="..\res\wxEapHost_UI.fbp">
<Filter>Resource Files</Filter>
</None>
</ItemGroup>
</Project>

126
lib/EapHost_UI/include/EapHost_UI.h Normal file
View File

@@ -0,0 +1,126 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "../../EAPBase_UI/include/EAP_UI.h"
#include "../../EapHost/include/Config.h"
class wxEAPMethodTypeClientData;
class wxEapHostMethodConfigPanel;
class wxEapHostConfigPanel;
/// \addtogroup EAPBaseGUI
/// @{
///
/// EapHost peer method credential configuration panel
///
typedef wxEAPCredentialsConfigPanel<eap::credentials_pass, wxPasswordCredentialsPanel<eap::credentials_pass, wxPasswordCredentialsPanelBase> > wxEapHostCredentialsConfigPanel;
/// @}
#pragma once
#include "../res/wxEapHost_UI.h"
#include <wx/panel.h>
#include <wx/stattext.h>
#include <Windows.h>
/// \addtogroup EAPBaseGUI
/// @{
///
/// Helper class for auto-destroyable EAP_METHOD_TYPE used in wxWidget's item containers
///
class wxEAPMethodTypeClientData : public wxClientData
{
public:
///
/// Constructs client data object with existing handle
///
wxEAPMethodTypeClientData(const EAP_METHOD_TYPE &type, DWORD properties);
public:
EAP_METHOD_TYPE m_type; ///< EapHost method type
DWORD m_properties; ///< Method properties
eap::sanitizing_blob m_cfg_blob; ///< Method configuration BLOB
};
///
/// Inner EAP method config panel
///
class wxEapHostMethodConfigPanel : public wxEapHostMethodConfigPanelBase
{
public:
///
/// Constructs an inner EAP method config panel
///
/// \param[in ] prov Provider configuration data
/// \param[inout] cfg Method configuration data
/// \param[in ] parent Parent window
///
wxEapHostMethodConfigPanel(const eap::config_provider &prov, eap::config_method_eaphost &cfg, wxWindow *parent);
protected:
/// \cond internal
virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow();
virtual void OnUpdateUI(wxUpdateUIEvent& event);
virtual void OnSettings(wxCommandEvent& event);
/// \endcond
protected:
eap::config_method_eaphost &m_cfg; ///< Method configuration
};
///
/// EapHost peer method configuration panel
///
class wxEapHostConfigPanel : public wxPanel
{
public:
///
/// Constructs a configuration panel
///
/// \param[in ] prov Provider configuration data
/// \param[inout] cfg Method configuration data
/// \param[in ] parent Parent window
///
wxEapHostConfigPanel(const eap::config_provider &prov, eap::config_method_eaphost &cfg, wxWindow* parent);
///
/// Destructs the configuration panel
///
virtual ~wxEapHostConfigPanel();
protected:
/// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event);
/// \endcond
protected:
wxEapHostMethodConfigPanel *m_method; ///< Method configuration panel
};
/// @}

67
lib/EapHost_UI/res/wxEapHost_UI.cpp Normal file
View File

@@ -0,0 +1,67 @@
///////////////////////////////////////////////////////////////////////////
// C++ code generated with wxFormBuilder (version Jun 17 2015)
// http://www.wxformbuilder.org/
//
// PLEASE DO "NOT" EDIT THIS FILE!
///////////////////////////////////////////////////////////////////////////
#include <StdAfx.h>
#include "wxEapHost_UI.h"
///////////////////////////////////////////////////////////////////////////
wxEapHostMethodConfigPanelBase::wxEapHostMethodConfigPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{
wxStaticBoxSizer* sb_method;
sb_method = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Inner EAP Method") ), wxVERTICAL );
wxBoxSizer* sb_method_horiz;
sb_method_horiz = new wxBoxSizer( wxHORIZONTAL );
m_method_icon = new wxStaticBitmap( sb_method->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_method_horiz->Add( m_method_icon, 0, wxALL, 5 );
wxBoxSizer* sb_method_vert;
sb_method_vert = new wxBoxSizer( wxVERTICAL );
m_method_label = new wxStaticText( sb_method->GetStaticBox(), wxID_ANY, _("Select and configure inner EAP method"), wxDefaultPosition, wxDefaultSize, 0 );
m_method_label->Wrap( 440 );
sb_method_vert->Add( m_method_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_method_inner;
sb_method_inner = new wxBoxSizer( wxHORIZONTAL );
wxArrayString m_methodChoices;
m_method = new wxChoice( sb_method->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, m_methodChoices, 0 );
m_method->SetSelection( 0 );
sb_method_inner->Add( m_method, 1, wxRIGHT|wxEXPAND, 5 );
m_settings = new wxButton( sb_method->GetStaticBox(), wxID_ANY, _("&Settings"), wxDefaultPosition, wxDefaultSize, 0 );
sb_method_inner->Add( m_settings, 0, 0, 5 );
sb_method_vert->Add( sb_method_inner, 0, wxEXPAND|wxALL, 5 );
sb_method_horiz->Add( sb_method_vert, 1, wxEXPAND, 5 );
sb_method->Add( sb_method_horiz, 1, wxEXPAND, 5 );
this->SetSizer( sb_method );
this->Layout();
// Connect Events
this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEapHostMethodConfigPanelBase::OnUpdateUI ) );
m_settings->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEapHostMethodConfigPanelBase::OnSettings ), NULL, this );
}
wxEapHostMethodConfigPanelBase::~wxEapHostMethodConfigPanelBase()
{
// Disconnect Events
this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEapHostMethodConfigPanelBase::OnUpdateUI ) );
m_settings->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEapHostMethodConfigPanelBase::OnSettings ), NULL, this );
}

465
lib/EapHost_UI/res/wxEapHost_UI.fbp Normal file
View File

@@ -0,0 +1,465 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<wxFormBuilder_Project>
<FileVersion major="1" minor="13" />
<object class="Project" expanded="1">
<property name="class_decoration">; </property>
<property name="code_generation">C++</property>
<property name="disconnect_events">1</property>
<property name="disconnect_mode">source_name</property>
<property name="disconnect_php_events">0</property>
<property name="disconnect_python_events">0</property>
<property name="embedded_files_path">.</property>
<property name="encoding">UTF-8</property>
<property name="event_generation">connect</property>
<property name="file">wxEapHost_UI</property>
<property name="first_id">1000</property>
<property name="help_provider">none</property>
<property name="internationalize">1</property>
<property name="name">wxEapHost_UI</property>
<property name="namespace"></property>
<property name="path">.</property>
<property name="precompiled_header">#include &lt;StdAfx.h&gt;</property>
<property name="relative_path">1</property>
<property name="skip_lua_events">1</property>
<property name="skip_php_events">1</property>
<property name="skip_python_events">1</property>
<property name="ui_table">UI</property>
<property name="use_enum">1</property>
<property name="use_microsoft_bom">1</property>
<object class="Panel" expanded="1">
<property name="aui_managed">0</property>
<property name="aui_manager_style">wxAUI_MGR_DEFAULT</property>
<property name="bg"></property>
<property name="context_help"></property>
<property name="context_menu">1</property>
<property name="enabled">1</property>
<property name="event_handler">impl_virtual</property>
<property name="fg"></property>
<property name="font"></property>
<property name="hidden">0</property>
<property name="id">wxID_ANY</property>
<property name="maximum_size"></property>
<property name="minimum_size"></property>
<property name="name">wxEapHostMethodConfigPanelBase</property>
<property name="pos"></property>
<property name="size">500,-1</property>
<property name="subclass"></property>
<property name="tooltip"></property>
<property name="window_extra_style"></property>
<property name="window_name"></property>
<property name="window_style">wxTAB_TRAVERSAL</property>
<event name="OnAuiFindManager"></event>
<event name="OnAuiPaneButton"></event>
<event name="OnAuiPaneClose"></event>
<event name="OnAuiPaneMaximize"></event>
<event name="OnAuiPaneRestore"></event>
<event name="OnAuiRender"></event>
<event name="OnChar"></event>
<event name="OnEnterWindow"></event>
<event name="OnEraseBackground"></event>
<event name="OnInitDialog"></event>
<event name="OnKeyDown"></event>
<event name="OnKeyUp"></event>
<event name="OnKillFocus"></event>
<event name="OnLeaveWindow"></event>
<event name="OnLeftDClick"></event>
<event name="OnLeftDown"></event>
<event name="OnLeftUp"></event>
<event name="OnMiddleDClick"></event>
<event name="OnMiddleDown"></event>
<event name="OnMiddleUp"></event>
<event name="OnMotion"></event>
<event name="OnMouseEvents"></event>
<event name="OnMouseWheel"></event>
<event name="OnPaint"></event>
<event name="OnRightDClick"></event>
<event name="OnRightDown"></event>
<event name="OnRightUp"></event>
<event name="OnSetFocus"></event>
<event name="OnSize"></event>
<event name="OnUpdateUI">OnUpdateUI</event>
<object class="wxStaticBoxSizer" expanded="1">
<property name="id">wxID_ANY</property>
<property name="label">Inner EAP Method</property>
<property name="minimum_size"></property>
<property name="name">sb_method</property>
<property name="orient">wxVERTICAL</property>
<property name="permission">none</property>
<event name="OnUpdateUI"></event>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
<property name="flag">wxEXPAND</property>
<property name="proportion">1</property>
<object class="wxBoxSizer" expanded="1">
<property name="minimum_size"></property>
<property name="name">sb_method_horiz</property>
<property name="orient">wxHORIZONTAL</property>
<property name="permission">none</property>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
<property name="flag">wxALL</property>
<property name="proportion">0</property>
<object class="wxStaticBitmap" expanded="1">
<property name="BottomDockable">1</property>
<property name="LeftDockable">1</property>
<property name="RightDockable">1</property>
<property name="TopDockable">1</property>
<property name="aui_layer"></property>
<property name="aui_name"></property>
<property name="aui_position"></property>
<property name="aui_row"></property>
<property name="best_size"></property>
<property name="bg"></property>
<property name="bitmap">Load From Icon Resource; ; [32; 32]</property>
<property name="caption"></property>
<property name="caption_visible">1</property>
<property name="center_pane">0</property>
<property name="close_button">1</property>
<property name="context_help"></property>
<property name="context_menu">1</property>
<property name="default_pane">0</property>
<property name="dock">Dock</property>
<property name="dock_fixed">0</property>
<property name="docking">Left</property>
<property name="enabled">1</property>
<property name="fg"></property>
<property name="floatable">1</property>
<property name="font"></property>
<property name="gripper">0</property>
<property name="hidden">0</property>
<property name="id">wxID_ANY</property>
<property name="max_size"></property>
<property name="maximize_button">0</property>
<property name="maximum_size"></property>
<property name="min_size"></property>
<property name="minimize_button">0</property>
<property name="minimum_size"></property>
<property name="moveable">1</property>
<property name="name">m_method_icon</property>
<property name="pane_border">1</property>
<property name="pane_position"></property>
<property name="pane_size"></property>
<property name="permission">protected</property>
<property name="pin_button">1</property>
<property name="pos"></property>
<property name="resize">Resizable</property>
<property name="show">1</property>
<property name="size"></property>
<property name="subclass"></property>
<property name="toolbar_pane">0</property>
<property name="tooltip"></property>
<property name="window_extra_style"></property>
<property name="window_name"></property>
<property name="window_style"></property>
<event name="OnChar"></event>
<event name="OnEnterWindow"></event>
<event name="OnEraseBackground"></event>
<event name="OnKeyDown"></event>
<event name="OnKeyUp"></event>
<event name="OnKillFocus"></event>
<event name="OnLeaveWindow"></event>
<event name="OnLeftDClick"></event>
<event name="OnLeftDown"></event>
<event name="OnLeftUp"></event>
<event name="OnMiddleDClick"></event>
<event name="OnMiddleDown"></event>
<event name="OnMiddleUp"></event>
<event name="OnMotion"></event>
<event name="OnMouseEvents"></event>
<event name="OnMouseWheel"></event>
<event name="OnPaint"></event>
<event name="OnRightDClick"></event>
<event name="OnRightDown"></event>
<event name="OnRightUp"></event>
<event name="OnSetFocus"></event>
<event name="OnSize"></event>
<event name="OnUpdateUI"></event>
</object>
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
<property name="flag">wxEXPAND</property>
<property name="proportion">1</property>
<object class="wxBoxSizer" expanded="1">
<property name="minimum_size"></property>
<property name="name">sb_method_vert</property>
<property name="orient">wxVERTICAL</property>
<property name="permission">none</property>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
<property name="flag">wxALL|wxEXPAND</property>
<property name="proportion">0</property>
<object class="wxStaticText" expanded="1">
<property name="BottomDockable">1</property>
<property name="LeftDockable">1</property>
<property name="RightDockable">1</property>
<property name="TopDockable">1</property>
<property name="aui_layer"></property>
<property name="aui_name"></property>
<property name="aui_position"></property>
<property name="aui_row"></property>
<property name="best_size"></property>
<property name="bg"></property>
<property name="caption"></property>
<property name="caption_visible">1</property>
<property name="center_pane">0</property>
<property name="close_button">1</property>
<property name="context_help"></property>
<property name="context_menu">1</property>
<property name="default_pane">0</property>
<property name="dock">Dock</property>
<property name="dock_fixed">0</property>
<property name="docking">Left</property>
<property name="enabled">1</property>
<property name="fg"></property>
<property name="floatable">1</property>
<property name="font"></property>
<property name="gripper">0</property>
<property name="hidden">0</property>
<property name="id">wxID_ANY</property>
<property name="label">Select and configure inner EAP method</property>
<property name="max_size"></property>
<property name="maximize_button">0</property>
<property name="maximum_size"></property>
<property name="min_size"></property>
<property name="minimize_button">0</property>
<property name="minimum_size"></property>
<property name="moveable">1</property>
<property name="name">m_method_label</property>
<property name="pane_border">1</property>
<property name="pane_position"></property>
<property name="pane_size"></property>
<property name="permission">protected</property>
<property name="pin_button">1</property>
<property name="pos"></property>
<property name="resize">Resizable</property>
<property name="show">1</property>
<property name="size"></property>
<property name="style"></property>
<property name="subclass"></property>
<property name="toolbar_pane">0</property>
<property name="tooltip"></property>
<property name="window_extra_style"></property>
<property name="window_name"></property>
<property name="window_style"></property>
<property name="wrap">440</property>
<event name="OnChar"></event>
<event name="OnEnterWindow"></event>
<event name="OnEraseBackground"></event>
<event name="OnKeyDown"></event>
<event name="OnKeyUp"></event>
<event name="OnKillFocus"></event>
<event name="OnLeaveWindow"></event>
<event name="OnLeftDClick"></event>
<event name="OnLeftDown"></event>
<event name="OnLeftUp"></event>
<event name="OnMiddleDClick"></event>
<event name="OnMiddleDown"></event>
<event name="OnMiddleUp"></event>
<event name="OnMotion"></event>
<event name="OnMouseEvents"></event>
<event name="OnMouseWheel"></event>
<event name="OnPaint"></event>
<event name="OnRightDClick"></event>
<event name="OnRightDown"></event>
<event name="OnRightUp"></event>
<event name="OnSetFocus"></event>
<event name="OnSize"></event>
<event name="OnUpdateUI"></event>
</object>
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
<property name="flag">wxEXPAND|wxALL</property>
<property name="proportion">0</property>
<object class="wxBoxSizer" expanded="1">
<property name="minimum_size"></property>
<property name="name">sb_method_inner</property>
<property name="orient">wxHORIZONTAL</property>
<property name="permission">none</property>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
<property name="flag">wxRIGHT|wxEXPAND</property>
<property name="proportion">1</property>
<object class="wxChoice" expanded="1">
<property name="BottomDockable">1</property>
<property name="LeftDockable">1</property>
<property name="RightDockable">1</property>
<property name="TopDockable">1</property>
<property name="aui_layer"></property>
<property name="aui_name"></property>
<property name="aui_position"></property>
<property name="aui_row"></property>
<property name="best_size"></property>
<property name="bg"></property>
<property name="caption"></property>
<property name="caption_visible">1</property>
<property name="center_pane">0</property>
<property name="choices"></property>
<property name="close_button">1</property>
<property name="context_help"></property>
<property name="context_menu">1</property>
<property name="default_pane">0</property>
<property name="dock">Dock</property>
<property name="dock_fixed">0</property>
<property name="docking">Left</property>
<property name="enabled">1</property>
<property name="fg"></property>
<property name="floatable">1</property>
<property name="font"></property>
<property name="gripper">0</property>
<property name="hidden">0</property>
<property name="id">wxID_ANY</property>
<property name="max_size"></property>
<property name="maximize_button">0</property>
<property name="maximum_size"></property>
<property name="min_size"></property>
<property name="minimize_button">0</property>
<property name="minimum_size"></property>
<property name="moveable">1</property>
<property name="name">m_method</property>
<property name="pane_border">1</property>
<property name="pane_position"></property>
<property name="pane_size"></property>
<property name="permission">protected</property>
<property name="pin_button">1</property>
<property name="pos"></property>
<property name="resize">Resizable</property>
<property name="selection">0</property>
<property name="show">1</property>
<property name="size"></property>
<property name="style"></property>
<property name="subclass"></property>
<property name="toolbar_pane">0</property>
<property name="tooltip"></property>
<property name="validator_data_type"></property>
<property name="validator_style">wxFILTER_NONE</property>
<property name="validator_type">wxDefaultValidator</property>
<property name="validator_variable"></property>
<property name="window_extra_style"></property>
<property name="window_name"></property>
<property name="window_style"></property>
<event name="OnChar"></event>
<event name="OnChoice"></event>
<event name="OnEnterWindow"></event>
<event name="OnEraseBackground"></event>
<event name="OnKeyDown"></event>
<event name="OnKeyUp"></event>
<event name="OnKillFocus"></event>
<event name="OnLeaveWindow"></event>
<event name="OnLeftDClick"></event>
<event name="OnLeftDown"></event>
<event name="OnLeftUp"></event>
<event name="OnMiddleDClick"></event>
<event name="OnMiddleDown"></event>
<event name="OnMiddleUp"></event>
<event name="OnMotion"></event>
<event name="OnMouseEvents"></event>
<event name="OnMouseWheel"></event>
<event name="OnPaint"></event>
<event name="OnRightDClick"></event>
<event name="OnRightDown"></event>
<event name="OnRightUp"></event>
<event name="OnSetFocus"></event>
<event name="OnSize"></event>
<event name="OnUpdateUI"></event>
</object>
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
<property name="flag"></property>
<property name="proportion">0</property>
<object class="wxButton" expanded="1">
<property name="BottomDockable">1</property>
<property name="LeftDockable">1</property>
<property name="RightDockable">1</property>
<property name="TopDockable">1</property>
<property name="aui_layer"></property>
<property name="aui_name"></property>
<property name="aui_position"></property>
<property name="aui_row"></property>
<property name="best_size"></property>
<property name="bg"></property>
<property name="caption"></property>
<property name="caption_visible">1</property>
<property name="center_pane">0</property>
<property name="close_button">1</property>
<property name="context_help"></property>
<property name="context_menu">1</property>
<property name="default">0</property>
<property name="default_pane">0</property>
<property name="dock">Dock</property>
<property name="dock_fixed">0</property>
<property name="docking">Left</property>
<property name="enabled">1</property>
<property name="fg"></property>
<property name="floatable">1</property>
<property name="font"></property>
<property name="gripper">0</property>
<property name="hidden">0</property>
<property name="id">wxID_ANY</property>
<property name="label">&amp;Settings</property>
<property name="max_size"></property>
<property name="maximize_button">0</property>
<property name="maximum_size"></property>
<property name="min_size"></property>
<property name="minimize_button">0</property>
<property name="minimum_size"></property>
<property name="moveable">1</property>
<property name="name">m_settings</property>
<property name="pane_border">1</property>
<property name="pane_position"></property>
<property name="pane_size"></property>
<property name="permission">protected</property>
<property name="pin_button">1</property>
<property name="pos"></property>
<property name="resize">Resizable</property>
<property name="show">1</property>
<property name="size"></property>
<property name="style"></property>
<property name="subclass"></property>
<property name="toolbar_pane">0</property>
<property name="tooltip"></property>
<property name="validator_data_type"></property>
<property name="validator_style">wxFILTER_NONE</property>
<property name="validator_type">wxDefaultValidator</property>
<property name="validator_variable"></property>
<property name="window_extra_style"></property>
<property name="window_name"></property>
<property name="window_style"></property>
<event name="OnButtonClick">OnSettings</event>
<event name="OnChar"></event>
<event name="OnEnterWindow"></event>
<event name="OnEraseBackground"></event>
<event name="OnKeyDown"></event>
<event name="OnKeyUp"></event>
<event name="OnKillFocus"></event>
<event name="OnLeaveWindow"></event>
<event name="OnLeftDClick"></event>
<event name="OnLeftDown"></event>
<event name="OnLeftUp"></event>
<event name="OnMiddleDClick"></event>
<event name="OnMiddleDown"></event>
<event name="OnMiddleUp"></event>
<event name="OnMotion"></event>
<event name="OnMouseEvents"></event>
<event name="OnMouseWheel"></event>
<event name="OnPaint"></event>
<event name="OnRightDClick"></event>
<event name="OnRightDown"></event>
<event name="OnRightUp"></event>
<event name="OnSetFocus"></event>
<event name="OnSize"></event>
<event name="OnUpdateUI"></event>
</object>
</object>
</object>
</object>
</object>
</object>
</object>
</object>
</object>
</object>
</object>
</wxFormBuilder_Project>

57
lib/EapHost_UI/res/wxEapHost_UI.h Normal file
View File

@@ -0,0 +1,57 @@
///////////////////////////////////////////////////////////////////////////
// C++ code generated with wxFormBuilder (version Jun 17 2015)
// http://www.wxformbuilder.org/
//
// PLEASE DO "NOT" EDIT THIS FILE!
///////////////////////////////////////////////////////////////////////////
#ifndef __WXEAPHOST_UI_H__
#define __WXEAPHOST_UI_H__
#include <wx/artprov.h>
#include <wx/xrc/xmlres.h>
#include <wx/intl.h>
#include <wx/bitmap.h>
#include <wx/image.h>
#include <wx/icon.h>
#include <wx/statbmp.h>
#include <wx/gdicmn.h>
#include <wx/font.h>
#include <wx/colour.h>
#include <wx/settings.h>
#include <wx/string.h>
#include <wx/stattext.h>
#include <wx/choice.h>
#include <wx/button.h>
#include <wx/sizer.h>
#include <wx/statbox.h>
#include <wx/panel.h>
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////
/// Class wxEapHostMethodConfigPanelBase
///////////////////////////////////////////////////////////////////////////////
class wxEapHostMethodConfigPanelBase : public wxPanel
{
private:
protected:
wxStaticBitmap* m_method_icon;
wxStaticText* m_method_label;
wxChoice* m_method;
wxButton* m_settings;
// Virtual event handlers, overide them in your derived class
virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
virtual void OnSettings( wxCommandEvent& event ) { event.Skip(); }
public:
wxEapHostMethodConfigPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL );
~wxEapHostMethodConfigPanelBase();
};
#endif //__WXEAPHOST_UI_H__

179
lib/EapHost_UI/src/EapHost_UI.cpp Normal file
View File

@@ -0,0 +1,179 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
#pragma comment(lib, "Eappcfg.lib")
//////////////////////////////////////////////////////////////////////
// wxEapHostMethodConfigPanel
//////////////////////////////////////////////////////////////////////
wxEAPMethodTypeClientData::wxEAPMethodTypeClientData(const EAP_METHOD_TYPE &type, DWORD properties) :
m_type(type),
m_properties(properties)
{
}
//////////////////////////////////////////////////////////////////////
// wxEapHostMethodConfigPanel
//////////////////////////////////////////////////////////////////////
wxEapHostMethodConfigPanel::wxEapHostMethodConfigPanel(const eap::config_provider &prov, eap::config_method_eaphost &cfg, wxWindow *parent) :
m_cfg(cfg),
wxEapHostMethodConfigPanelBase(parent)
{
UNREFERENCED_PARAMETER(prov);
// Load and set icon.
winstd::library lib_shell32;
if (lib_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
m_method_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(175)));
winstd::eap_method_info_array methods;
winstd::eap_error error;
DWORD dwResult = EapHostPeerGetMethods(&methods, &error._Myptr);
if (dwResult == ERROR_SUCCESS) {
for (DWORD i = 0; i < methods.dwNumberOfMethods; i++)
m_method->Append(methods.pEapMethods[i].pwszFriendlyName, new wxEAPMethodTypeClientData(methods.pEapMethods[i].eaptype, methods.pEapMethods[i].eapProperties));
} else if (error)
wxLogError(_("Enumerating EAP methods failed (error %u, %s, %s)."), error->dwWinError, error->pRootCauseString, error->pRepairString);
else
wxLogError(_("Enumerating EAP methods failed (error %u)."), dwResult);
}
/// \cond internal
bool wxEapHostMethodConfigPanel::TransferDataToWindow()
{
if (m_method->HasClientObjectData()) {
// Find configured method and set its selection and configuration BLOB.
for (unsigned int i = 0, n = m_method->GetCount(); i < n; i++) {
wxEAPMethodTypeClientData *data = dynamic_cast<wxEAPMethodTypeClientData*>(m_method->GetClientObject(i));
if (data->m_type == m_cfg.get_type()) {
m_method->SetSelection(i);
data->m_cfg_blob = m_cfg.m_cfg_blob;
}
}
}
return wxEapHostMethodConfigPanelBase::TransferDataToWindow();
}
bool wxEapHostMethodConfigPanel::TransferDataFromWindow()
{
wxCHECK(wxEapHostMethodConfigPanelBase::TransferDataFromWindow(), false);
int sel = m_method->GetSelection();
const wxEAPMethodTypeClientData *data =
sel != wxNOT_FOUND && m_method->HasClientObjectData() ?
dynamic_cast<const wxEAPMethodTypeClientData*>(m_method->GetClientObject(sel)) :
NULL;
if (data) {
// Save method selection and configuration.
m_cfg.set_type(data->m_type);
m_cfg.m_cfg_blob = data->m_cfg_blob;
}
return true;
}
void wxEapHostMethodConfigPanel::OnUpdateUI(wxUpdateUIEvent& event)
{
wxEapHostMethodConfigPanelBase::OnUpdateUI(event);
int sel = m_method->GetSelection();
const wxEAPMethodTypeClientData *data =
sel != wxNOT_FOUND && m_method->HasClientObjectData() ?
dynamic_cast<const wxEAPMethodTypeClientData*>(m_method->GetClientObject(sel)) :
NULL;
m_settings->Enable(data && (data->m_properties & eapPropSupportsConfig));
}
void wxEapHostMethodConfigPanel::OnSettings(wxCommandEvent& event)
{
wxEapHostMethodConfigPanelBase::OnSettings(event);
int sel = m_method->GetSelection();
wxEAPMethodTypeClientData *data =
sel != wxNOT_FOUND && m_method->HasClientObjectData() ?
dynamic_cast<wxEAPMethodTypeClientData*>(m_method->GetClientObject(sel)) :
NULL;
if (data && (data->m_properties & eapPropSupportsConfig)) {
DWORD cfg_data_size = 0;
winstd::eap_blob cfg_data;
winstd::eap_error error;
DWORD dwResult = EapHostPeerInvokeConfigUI(GetHWND(), 0, data->m_type, (DWORD)data->m_cfg_blob.size(), data->m_cfg_blob.data(), &cfg_data_size, &cfg_data._Myptr, &error._Myptr);
if (dwResult == ERROR_SUCCESS) {
const BYTE *_cfg_data = cfg_data.get();
data->m_cfg_blob.assign(_cfg_data, _cfg_data + cfg_data_size);
} else if (dwResult == ERROR_CANCELLED) {
// Not really an error.
} else if (error)
wxLogError(_("Configuring EAP method failed (error %u, %s, %s)."), error->dwWinError, error->pRootCauseString, error->pRepairString);
else
wxLogError(_("Configuring EAP method failed (error %u)."), dwResult);
}
}
/// \endcond
//////////////////////////////////////////////////////////////////////
// wxEapHostConfigPanel
//////////////////////////////////////////////////////////////////////
wxEapHostConfigPanel::wxEapHostConfigPanel(const eap::config_provider &prov, eap::config_method_eaphost &cfg, wxWindow* parent) : wxPanel(parent)
{
wxBoxSizer* sb_content;
sb_content = new wxBoxSizer( wxVERTICAL );
m_method = new wxEapHostMethodConfigPanel(prov, cfg, this);
sb_content->Add(m_method, 0, wxEXPAND, 5);
this->SetSizer(sb_content);
this->Layout();
// Connect Events
this->Connect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxEapHostConfigPanel::OnInitDialog));
}
wxEapHostConfigPanel::~wxEapHostConfigPanel()
{
// Disconnect Events
this->Disconnect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxEapHostConfigPanel::OnInitDialog));
}
/// \cond internal
void wxEapHostConfigPanel::OnInitDialog(wxInitDialogEvent& event)
{
// Forward the event to child panels.
if (m_method)
m_method->GetEventHandler()->ProcessEvent(event);
}
/// \endcond

21
lib/EapHost_UI/src/StdAfx.cpp Normal file
View File

@@ -0,0 +1,21 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"

29
lib/EapHost_UI/src/StdAfx.h Normal file
View File

@@ -0,0 +1,29 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#define _CRT_SECURE_NO_WARNINGS // Prevent warnings from wxWidgets headers
#include "../include/EapHost_UI.h"
#include <WinStd/EAP.h>
#include <eaphostpeerconfigapis.h>

BIN
lib/Events/res/EventsETW.man
View File

Binary file not shown.

90
lib/MSCHAPv2/include/Config.h
View File

@@ -22,10 +22,8 @@
namespace eap
{
///
/// MSCHAPv2 configuration
///
class config_method_mschapv2;
class config_method_eapmschapv2;
}
#pragma once
@@ -39,6 +37,12 @@ namespace eap
namespace eap
{
/// \addtogroup EAPBaseConfig
/// @{
///
/// MSCHAPv2 configuration
///
class config_method_mschapv2 : public config_method_with_cred
{
public:
@@ -82,28 +86,88 @@ namespace eap
///
config_method_mschapv2& operator=(_Inout_ config_method_mschapv2 &&other);
///
/// Clones configuration
///
/// \returns Pointer to cloned configuration
///
virtual config* clone() const;
///
/// Returns EAP method type of this configuration
///
/// \returns `eap::type_mschapv2`
/// @copydoc eap::config_method::get_method_id()
/// \returns This implementation always returns `winstd::eap_type_legacy_mschapv2`
///
virtual winstd::eap_type_t get_method_id() const;
///
/// Returns a string \c L"MSCHAPv2"
/// @copydoc eap::config_method::get_method_str()
/// \returns This implementation always returns `L"MSCHAPv2"`
///
virtual const wchar_t* get_method_str() const;
///
/// Creates a blank set of credentials suitable for this method
/// @copydoc eap::config_method::make_credentials()
/// \returns This implementation always returns `eap::credentials_pass` type of credentials
///
virtual credentials* make_credentials() const;
};
///
/// EAP-MSCHAPv2 configuration
///
class config_method_eapmschapv2 : public config_method_mschapv2
{
public:
///
/// Constructs configuration
///
/// \param[in] mod EAP module to use for global services
/// \param[in] level Config level (0=outer, 1=inner, 2=inner-inner...)
///
config_method_eapmschapv2(_In_ module &mod, _In_ unsigned int level);
///
/// Copies configuration
///
/// \param[in] other Configuration to copy from
///
config_method_eapmschapv2(_In_ const config_method_eapmschapv2 &other);
///
/// Moves configuration
///
/// \param[in] other Configuration to move from
///
config_method_eapmschapv2(_Inout_ config_method_eapmschapv2 &&other);
///
/// Copies configuration
///
/// \param[in] other Configuration to copy from
///
/// \returns Reference to this object
///
config_method_eapmschapv2& operator=(_In_ const config_method_eapmschapv2 &other);
///
/// Moves configuration
///
/// \param[in] other Configuration to move from
///
/// \returns Reference to this object
///
config_method_eapmschapv2& operator=(_Inout_ config_method_eapmschapv2 &&other);
virtual config* clone() const;
///
/// @copydoc eap::config_method::get_method_id()
/// \returns This implementation always returns `winstd::eap_type_mschapv2`
///
virtual winstd::eap_type_t get_method_id() const;
///
/// @copydoc eap::config_method::get_method_str()
/// \returns This implementation always returns `L"EAP-MSCHAPv2"`
///
virtual const wchar_t* get_method_str() const;
};
/// @}
}

96
lib/MSCHAPv2/include/MSCHAPv2.h
View File

@@ -23,30 +23,19 @@
namespace eap
{
///
/// MSCHAPv2 Challenge
///
struct challenge_mschapv2;
enum chap_packet_code_t;
struct WINSTD_NOVTABLE chap_header;
struct WINSTD_NOVTABLE challenge_mschapv2;
struct WINSTD_NOVTABLE challenge_hash;
struct WINSTD_NOVTABLE nt_password_hash;
struct WINSTD_NOVTABLE nt_response;
struct WINSTD_NOVTABLE authenticator_response;
///
/// MSCHAPv2 Challenge Hash
/// \defgroup MSCHAPv2 MSCHAPv2
/// Microsoft Challenge-Handshake Authentication Protocol (version 2)
///
struct challenge_hash;
///
/// NT-Password Hash
///
struct nt_password_hash;
///
/// NT-Response
///
struct nt_response;
///
/// Authenticator Response
///
struct authenticator_response;
/// @{
///
/// Creates DES encryption key with given plaintext key
@@ -55,7 +44,11 @@ namespace eap
/// \param[in] key The key (without parity bits)
/// \param[in] size Size of \p key (maximum 7B)
///
/// \returns DES encryption key
///
winstd::crypt_key create_des_key(_In_ HCRYPTPROV cp, _In_count_(size) const unsigned char *key, _In_ size_t size);
/// @}
}
#pragma once
@@ -65,10 +58,41 @@ namespace eap
namespace eap
{
/// \addtogroup MSCHAPv2
/// @{
///
/// CHAP packet codes
///
#pragma warning(suppress: 4480)
enum chap_packet_code_t : unsigned char {
chap_packet_code_challenge = 1, ///< Challenge
chap_packet_code_response = 2, ///< Response
chap_packet_code_success = 3, ///< Success
chap_packet_code_failure = 4, ///< Failure
mschapv2_packet_code_change_password = 7, ///< Change password
};
#pragma pack(push)
#pragma pack(1)
struct __declspec(novtable) challenge_mschapv2 : public sanitizing_blob_xf<16>
///
/// CHAP packet header base class
///
struct WINSTD_NOVTABLE chap_header
{
chap_packet_code_t code; ///< CHAP packet code
unsigned char ident; ///< CHAP identifier
unsigned char length[2]; ///< CHAP packet length
};
///
/// MSCHAPv2 Challenge
///
struct WINSTD_NOVTABLE challenge_mschapv2 : public sanitizing_blob_xf<16>
{
///
/// Generates random challenge
@@ -79,7 +103,10 @@ namespace eap
};
struct __declspec(novtable) challenge_hash : public sanitizing_blob_xf<8>
///
/// MSCHAPv2 Challenge Hash
///
struct WINSTD_NOVTABLE challenge_hash : public sanitizing_blob_xf<8>
{
///
/// Constructor
@@ -98,7 +125,7 @@ namespace eap
///
challenge_hash(
_In_ HCRYPTPROV cp,
_In_ const challenge_mschapv2 &challenge_server,
_In_ const sanitizing_blob &challenge_server,
_In_ const challenge_mschapv2 &challenge_client,
_In_z_ const char *username);
@@ -120,7 +147,10 @@ namespace eap
};
struct __declspec(novtable) nt_password_hash : public sanitizing_blob_xf<16>
///
/// NT-Password Hash
///
struct WINSTD_NOVTABLE nt_password_hash : public sanitizing_blob_xf<16>
{
///
/// Constructor
@@ -169,7 +199,10 @@ namespace eap
};
struct __declspec(novtable) nt_response : public sanitizing_blob_xf<24>
///
/// NT-Response
///
struct WINSTD_NOVTABLE nt_response : public sanitizing_blob_xf<24>
{
///
/// Constructor
@@ -189,7 +222,7 @@ namespace eap
///
nt_response(
_In_ HCRYPTPROV cp,
_In_ const challenge_mschapv2 &challenge_server,
_In_ const sanitizing_blob &challenge_server,
_In_ const challenge_mschapv2 &challenge_client,
_In_z_ const char *username,
_In_z_ const wchar_t *password);
@@ -212,7 +245,10 @@ namespace eap
};
struct __declspec(novtable) authenticator_response : public sanitizing_blob_xf<20>
///
/// Authenticator Response
///
struct WINSTD_NOVTABLE authenticator_response : public sanitizing_blob_xf<20>
{
///
/// Constructor
@@ -233,7 +269,7 @@ namespace eap
///
authenticator_response(
_In_ HCRYPTPROV cp,
_In_ const challenge_mschapv2 &challenge_server,
_In_ const sanitizing_blob &challenge_server,
_In_ const challenge_mschapv2 &challenge_client,
_In_z_ const char *username,
_In_z_ const wchar_t *password,
@@ -257,4 +293,6 @@ namespace eap
};
#pragma pack(pop)
/// @}
}

231
lib/MSCHAPv2/include/Method.h
View File

@@ -20,10 +20,9 @@
namespace eap
{
///
/// MSCHAPv2 method
///
class method_mschapv2_base;
class method_mschapv2;
class method_mschapv2_diameter;
}
#pragma once
@@ -38,31 +37,137 @@ namespace eap
namespace eap
{
class method_mschapv2 : public method_noneap
/// \addtogroup EAPBaseMethod
/// @{
///
/// MSCHAPv2 method base class
///
class method_mschapv2_base : public method
{
WINSTD_NONCOPYABLE(method_mschapv2_base)
public:
///
/// Constructs a MSCHAPv2 method
///
/// \param[in] mod MSCHAPv2 module to use for global services
/// \param[in] cfg Method configuration
/// \param[in] cred User credentials
///
method_mschapv2_base(_In_ module &mod, _In_ config_method_mschapv2 &cfg, _In_ credentials_pass &cred);
///
/// Moves a MSCHAPv2 method
///
/// \param[in] other MSCHAPv2 method to move from
///
method_mschapv2_base(_Inout_ method_mschapv2_base &&other);
///
/// Moves a MSCHAPv2 method
///
/// \param[in] other MSCHAPv2 method to move from
///
/// \returns Reference to this object
///
method_mschapv2_base& operator=(_Inout_ method_mschapv2_base &&other);
/// \name Session management
/// @{
virtual void begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize = MAXDWORD);
/// @}
/// \name Packet processing
/// @{
virtual void get_response_packet(
_Out_ sanitizing_blob &packet,
_In_opt_ DWORD size_max = MAXDWORD);
/// @}
virtual void get_result(
_In_ EapPeerMethodResultReason reason,
_Out_ EapPeerMethodResult *pResult);
protected:
///
/// Processes MSCHAPv2 success message
///
/// \sa [Microsoft PPP CHAP Extensions, Version 2 (Chapter 5. Success Packet)](https://tools.ietf.org/html/rfc2759#section-5)
///
/// \param[in] argv List of message values
///
void process_success(_In_ const std::list<std::string> &argv);
///
/// Processes MSCHAPv2 error message
///
/// \sa [Microsoft PPP CHAP Extensions, Version 2 (Chapter 6. Failure Packet)](https://tools.ietf.org/html/rfc2759#section-6)
///
/// \param[in] argv List of message values
///
void process_error(_In_ const std::list<std::string> &argv);
///
/// Splits MSCHAPv2 success or error messages
///
/// \param[in] resp MSCHAPv2 success or error message (i.e. "E=648 R=1 C=d86e0aa6cb5539e5fb31dd5dc5f6898c V=3 M=Password Expired")
/// \param[in] count Number of characters in \p resp
///
/// \returns A list of individual parts of \p resp message (i.e. ("E=648", "R=1", "C=d86e0aa6cb5539e5fb31dd5dc5f6898c", "V=3", "M=Password Expired"))
///
static std::list<std::string> parse_response(_In_count_(count) const char *resp, _In_ size_t count);
protected:
config_method_mschapv2 &m_cfg; ///< Method configuration
credentials_pass &m_cred; ///< Method user credentials
winstd::crypt_prov m_cp; ///< Cryptography provider for general services
sanitizing_blob m_challenge_server; ///< MSCHAP server challenge
challenge_mschapv2 m_challenge_client; ///< MSCHAP client challenge
unsigned char m_ident; ///< Ident
nt_response m_nt_resp; ///< NT-Response
sanitizing_blob m_packet_res; ///< Response packet
};
///
/// MSCHAPv2 method
///
class method_mschapv2 : public method_mschapv2_base
{
WINSTD_NONCOPYABLE(method_mschapv2)
public:
///
/// Constructs an EAP method
/// Constructs a MSCHAPv2 method
///
/// \param[in] mod EAP module to use for global services
/// \param[in] mod MSCHAPv2 module to use for global services
/// \param[in] cfg Method configuration
/// \param[in] cred User credentials
///
method_mschapv2(_In_ module &module, _In_ config_method_mschapv2 &cfg, _In_ credentials_pass &cred);
method_mschapv2(_In_ module &mod, _In_ config_method_mschapv2 &cfg, _In_ credentials_pass &cred);
///
/// Moves an EAP method
/// Moves a MSCHAPv2 method
///
/// \param[in] other EAP method to move from
/// \param[in] other MSCHAPv2 method to move from
///
method_mschapv2(_Inout_ method_mschapv2 &&other);
///
/// Moves an EAP method
/// Moves a MSCHAPv2 method
///
/// \param[in] other EAP method to move from
/// \param[in] other MSCHAPv2 method to move from
///
/// \returns Reference to this object
///
@@ -71,26 +176,66 @@ namespace eap
/// \name Packet processing
/// @{
virtual EapPeerMethodResponseAction process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize);
/// @}
};
/// @}
///
/// MSCHAPv2 method over Diameter AVP (for use as inner EAP-TTLS)
///
class method_mschapv2_diameter : public method_mschapv2_base
{
WINSTD_NONCOPYABLE(method_mschapv2_diameter)
public:
///
/// Starts an EAP authentication session on the peer EapHost using the EAP method.
/// Constructs a MSCHAPv2 method
///
/// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
/// \param[in] mod MSCHAPv2 module to use for global services
/// \param[in] cfg Method configuration
/// \param[in] cred User credentials
///
method_mschapv2_diameter(_In_ module &mod, _In_ config_method_mschapv2 &cfg, _In_ credentials_pass &cred);
///
/// Moves a MSCHAPv2 method
///
/// \param[in] other MSCHAPv2 method to move from
///
method_mschapv2_diameter(_Inout_ method_mschapv2_diameter &&other);
///
/// Moves a MSCHAPv2 method
///
/// \param[in] other MSCHAPv2 method to move from
///
/// \returns Reference to this object
///
method_mschapv2_diameter& operator=(_Inout_ method_mschapv2_diameter &&other);
/// \name Session management
/// @{
virtual void begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize = MAXDWORD);
///
/// Processes a packet received by EapHost from a supplicant.
///
/// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
///
virtual void process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize,
_Out_ EapPeerMethodOutput *pEapOutput);
/// @}
/// \name Packet processing
/// @{
virtual EapPeerMethodResponseAction process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize);
/// @}
@@ -105,44 +250,10 @@ namespace eap
///
void process_packet(_In_bytecount_(size_pck) const void *pck, _In_ size_t size_pck);
///
/// Processes MS-CHAP2-Success AVP
///
/// \sa [Microsoft PPP CHAP Extensions, Version 2 (Chapter 5. Success Packet)](https://tools.ietf.org/html/rfc2759#section-5)
///
/// \param[in] argv List of message values
///
void process_success(_In_ const std::list<std::string> &argv);
///
/// Processes MS-CHAP-Error AVP
///
/// \sa [Microsoft PPP CHAP Extensions, Version 2 (Chapter 6. Failure Packet)](https://tools.ietf.org/html/rfc2759#section-6)
///
/// \param[in] argv List of message values
///
void process_error(_In_ const std::list<std::string> &argv);
///
/// Splits MS-CHAP2-Success or MS-CHAP-Error messages
///
/// \param[in] resp MS-CHAP2-Success or MS-CHAP-Error message (i.e. "E=648 R=1 C=d86e0aa6cb5539e5fb31dd5dc5f6898c V=3 M=Password Expired")
/// \param[in] count Number of characters in \p resp
///
/// \returns A list of individual parts of \p resp message (i.e. ("E=648", "R=1", "C=d86e0aa6cb5539e5fb31dd5dc5f6898c", "V=3", "M=Password Expired"))
///
static std::list<std::string> parse_response(_In_count_(count) const char *resp, _In_ size_t count);
protected:
credentials_pass &m_cred; ///< Method user credentials
winstd::crypt_prov m_cp; ///< Cryptography provider for general services
challenge_mschapv2 m_challenge_server; ///< MSCHAP server challenge
challenge_mschapv2 m_challenge_client; ///< MSCHAP client challenge
unsigned char m_ident; ///< Ident
nt_response m_nt_resp; ///< NT-Response
bool m_success; ///< Did we receive MS-CHAP2-Success?
///
/// Communication phase
///
enum {
phase_unknown = -1, ///< Unknown phase
phase_init = 0, ///< Send client challenge
@@ -150,4 +261,6 @@ namespace eap
phase_finished, ///< Connection shut down
} m_phase; ///< What phase is our communication at?
};
/// @}
}

57
lib/MSCHAPv2/src/Config.cpp
View File

@@ -86,3 +86,60 @@ eap::credentials* eap::config_method_mschapv2::make_credentials() const
{
return new credentials_pass(m_module);
}
//////////////////////////////////////////////////////////////////////
// eap::config_method_eapmschapv2
//////////////////////////////////////////////////////////////////////
eap::config_method_eapmschapv2::config_method_eapmschapv2(_In_ module &mod, _In_ unsigned int level) : config_method_mschapv2(mod, level)
{
}
eap::config_method_eapmschapv2::config_method_eapmschapv2(_In_ const config_method_eapmschapv2 &other) :
config_method_mschapv2(other)
{
}
eap::config_method_eapmschapv2::config_method_eapmschapv2(_Inout_ config_method_eapmschapv2 &&other) :
config_method_mschapv2(std::move(other))
{
}
eap::config_method_eapmschapv2& eap::config_method_eapmschapv2::operator=(_In_ const config_method_eapmschapv2 &other)
{
if (this != &other)
(config_method_mschapv2&)*this = other;
return *this;
}
eap::config_method_eapmschapv2& eap::config_method_eapmschapv2::operator=(_Inout_ config_method_eapmschapv2 &&other)
{
if (this != &other)
(config_method_mschapv2&&)*this = std::move(other);
return *this;
}
eap::config* eap::config_method_eapmschapv2::clone() const
{
return new config_method_eapmschapv2(*this);
}
eap_type_t eap::config_method_eapmschapv2::get_method_id() const
{
return eap_type_mschapv2;
}
const wchar_t* eap::config_method_eapmschapv2::get_method_str() const
{
return L"EAP-MSCHAPv2";
}

12
lib/MSCHAPv2/src/MSCHAPv2.cpp
View File

@@ -99,16 +99,16 @@ eap::challenge_hash::challenge_hash()
eap::challenge_hash::challenge_hash(
_In_ HCRYPTPROV cp,
_In_ const challenge_mschapv2 &challenge_server,
_In_ const sanitizing_blob &challenge_server,
_In_ const challenge_mschapv2 &challenge_client,
_In_z_ const char *username)
{
crypt_hash hash;
if (!hash.create(cp, CALG_SHA))
throw win_runtime_error(__FUNCTION__ " Creating SHA hash failed.");
if (!CryptHashData(hash, (const BYTE*)&challenge_client, (DWORD)sizeof(challenge_client), 0) ||
!CryptHashData(hash, (const BYTE*)&challenge_server, (DWORD)sizeof(challenge_server), 0) ||
!CryptHashData(hash, (const BYTE*)username , (DWORD)strlen(username) , 0))
if (!CryptHashData(hash, (const BYTE*)&challenge_client , (DWORD)sizeof(challenge_client), 0) ||
!CryptHashData(hash, challenge_server.data(), (DWORD)challenge_server.size() , 0) ||
!CryptHashData(hash, (const BYTE*)username , (DWORD)strlen(username) , 0))
throw win_runtime_error(__FUNCTION__ " Error hashing data.");
unsigned char hash_val[20];
DWORD size_hash_val = sizeof(hash_val);
@@ -201,7 +201,7 @@ eap::nt_response::nt_response()
eap::nt_response::nt_response(
_In_ HCRYPTPROV cp,
_In_ const challenge_mschapv2 &challenge_server,
_In_ const sanitizing_blob &challenge_server,
_In_ const challenge_mschapv2 &challenge_client,
_In_z_ const char *username,
_In_z_ const wchar_t *password)
@@ -270,7 +270,7 @@ eap::authenticator_response::authenticator_response()
eap::authenticator_response::authenticator_response(
_In_ HCRYPTPROV cp,
_In_ const challenge_mschapv2 &challenge_server,
_In_ const sanitizing_blob &challenge_server,
_In_ const challenge_mschapv2 &challenge_client,
_In_z_ const char *username,
_In_z_ const wchar_t *password,

461
lib/MSCHAPv2/src/Method.cpp
View File

@@ -25,98 +25,365 @@ using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::method_mschapv2
// eap::method_mschapv2_base
//////////////////////////////////////////////////////////////////////
eap::method_mschapv2::method_mschapv2(_In_ module &module, _In_ config_method_mschapv2 &cfg, _In_ credentials_pass &cred) :
eap::method_mschapv2_base::method_mschapv2_base(_In_ module &mod, _In_ config_method_mschapv2 &cfg, _In_ credentials_pass &cred) :
m_cfg(cfg),
m_cred(cred),
m_ident(0),
m_success(false),
m_phase(phase_unknown),
method_noneap(module, cfg, cred)
method(mod)
{
}
eap::method_mschapv2::method_mschapv2(_Inout_ method_mschapv2 &&other) :
eap::method_mschapv2_base::method_mschapv2_base(_Inout_ method_mschapv2_base &&other) :
m_cfg ( other.m_cfg ),
m_cred ( other.m_cred ),
m_cp (std::move(other.m_cp )),
m_challenge_server(std::move(other.m_challenge_server)),
m_challenge_client(std::move(other.m_challenge_client)),
m_ident (std::move(other.m_ident )),
m_nt_resp (std::move(other.m_nt_resp )),
m_success (std::move(other.m_success )),
m_phase (std::move(other.m_phase )),
method_noneap (std::move(other ))
m_packet_res (std::move(other.m_packet_res )),
method (std::move(other ))
{
}
eap::method_mschapv2& eap::method_mschapv2::operator=(_Inout_ method_mschapv2 &&other)
eap::method_mschapv2_base& eap::method_mschapv2_base::operator=(_Inout_ method_mschapv2_base &&other)
{
if (this != std::addressof(other)) {
assert(std::addressof(m_cred) == std::addressof(other.m_cred)); // Move method with same credentials only!
(method_noneap&)*this = std::move(other );
m_cp = std::move(other.m_cp );
m_challenge_server = std::move(other.m_challenge_server);
m_challenge_client = std::move(other.m_challenge_client);
m_ident = std::move(other.m_ident );
m_nt_resp = std::move(other.m_nt_resp );
m_success = std::move(other.m_success );
m_phase = std::move(other.m_phase );
assert(std::addressof(m_cfg ) == std::addressof(other.m_cfg )); // Move method within same configuration only!
assert(std::addressof(m_cred) == std::addressof(other.m_cred)); // Move method within same credentials only!
(method&)*this = std::move(other );
m_cp = std::move(other.m_cp );
m_challenge_server = std::move(other.m_challenge_server);
m_challenge_client = std::move(other.m_challenge_client);
m_ident = std::move(other.m_ident );
m_nt_resp = std::move(other.m_nt_resp );
m_packet_res = std::move(other.m_packet_res );
}
return *this;
}
void eap::method_mschapv2::begin_session(
void eap::method_mschapv2_base::begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize)
{
method_noneap::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
method::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
// Presume authentication will fail with generic protocol failure. (Pesimist!!!)
// We will reset once we get get_result(Success) call.
m_cfg.m_last_status = config_method::status_auth_failed;
m_cfg.m_last_msg.clear();
// Create cryptographics provider for support needs (client challenge ...).
if (!m_cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
throw win_runtime_error(__FUNCTION__ " Error creating cryptographics provider.");
}
void eap::method_mschapv2_base::get_response_packet(
_Out_ sanitizing_blob &packet,
_In_opt_ DWORD size_max)
{
if (m_packet_res.size() > size_max)
throw invalid_argument(string_printf(__FUNCTION__ " This method does not support packet fragmentation, but the data size is too big to fit in one packet (packet: %u, maximum: %u).", m_packet_res.size(), size_max));
packet.assign(m_packet_res.begin(), m_packet_res.end());
}
void eap::method_mschapv2_base::get_result(
_In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *pResult)
{
assert(pResult);
method::get_result(reason, pResult);
if (reason == EapPeerMethodResultSuccess)
m_cfg.m_last_status = config_method::status_success;
// Always ask EAP host to save the connection data. And it will save it *only* when we report "success".
// Don't worry. EapHost is well aware of failed authentication condition.
pResult->fSaveConnectionData = TRUE;
pResult->fIsSuccess = TRUE;
}
void eap::method_mschapv2_base::process_success(_In_ const list<string> &argv)
{
assert(m_cfg.m_last_status != config_method::status_success);
for (auto arg = argv.cbegin(), arg_end = argv.cend(); arg != arg_end; ++arg) {
const string &val = *arg;
if ((val[0] == 'S' || val[0] == 's') && val[1] == '=') {
// "S="
hex_dec dec;
sanitizing_blob resp;
bool is_last;
dec.decode(resp, is_last, val.data() + 2, (size_t)-1);
// Calculate expected authenticator response.
sanitizing_string identity_utf8;
WideCharToMultiByte(CP_UTF8, 0, m_cred.m_identity, identity_utf8, NULL, NULL);
authenticator_response resp_exp(m_cp, m_challenge_server, m_challenge_client, identity_utf8.c_str(), m_cred.m_password.c_str(), m_nt_resp);
// Compare against provided authemticator response.
if (resp.size() != sizeof(resp_exp) || memcmp(resp.data(), &resp_exp, sizeof(resp_exp)) != 0)
throw invalid_argument(__FUNCTION__ " MS-CHAP2-Success authentication response string failed.");
m_module.log_event(&EAPMETHOD_METHOD_SUCCESS, event_data((unsigned int)m_cfg.get_method_id()), event_data::blank);
m_cfg.m_last_status = config_method::status_success;
}
}
if (m_cfg.m_last_status != config_method::status_success)
throw invalid_argument(__FUNCTION__ " MS-CHAP2-Success authentication response string not found.");
}
void eap::method_mschapv2_base::process_error(_In_ const list<string> &argv)
{
for (auto arg = argv.cbegin(), arg_end = argv.cend(); arg != arg_end; ++arg) {
const string &val = *arg;
if ((val[0] == 'E' || val[0] == 'e') && val[1] == '=') {
DWORD dwResult = strtoul(val.data() + 2, NULL, 10);
m_module.log_event(&EAPMETHOD_METHOD_FAILURE_ERROR, event_data((unsigned int)m_cfg.get_method_id()), event_data(dwResult), event_data::blank);
switch (dwResult) {
case ERROR_ACCT_DISABLED : m_cfg.m_last_status = config_method::status_account_disabled ; break;
case ERROR_RESTRICTED_LOGON_HOURS: m_cfg.m_last_status = config_method::status_account_logon_hours; break;
case ERROR_NO_DIALIN_PERMISSION : m_cfg.m_last_status = config_method::status_account_denied ; break;
case ERROR_PASSWD_EXPIRED : m_cfg.m_last_status = config_method::status_cred_expired ; break;
case ERROR_CHANGING_PASSWORD : m_cfg.m_last_status = config_method::status_cred_changing ; break;
default : m_cfg.m_last_status = config_method::status_cred_invalid ;
}
} else if ((val[0] == 'C' || val[0] == 'c') && val[1] == '=') {
hex_dec dec;
bool is_last;
dec.decode(m_challenge_server, is_last, val.data() + 2, (size_t)-1);
} else if ((val[0] == 'M' || val[0] == 'm') && val[1] == '=') {
MultiByteToWideChar(CP_UTF8, 0, val.data() + 2, (int)val.length() - 2, m_cfg.m_last_msg);
m_module.log_event(&EAPMETHOD_METHOD_FAILURE_ERROR1, event_data((unsigned int)m_cfg.get_method_id()), event_data(m_cfg.m_last_msg), event_data::blank);
}
}
}
list<string> eap::method_mschapv2_base::parse_response(_In_count_(count) const char *resp, _In_ size_t count)
{
list<string> argv;
for (size_t i = 0; i < count && resp[i]; ) {
if (i + 1 < count && (resp[i] == 'M' || resp[i] == 'm') && resp[i + 1] == '=') {
// The message is always the last value. It may contain spaces and it spans to the end.
argv.push_back(string(resp + i, strnlen(resp + i, count - i)));
break;
} else if (!isspace(resp[i])) {
// Search for the next space and add value up to it.
size_t j;
for (j = i + 1; j < count && resp[j] && !isspace(resp[j]); j++);
argv.push_back(string(resp + i, j - i));
i = j + 1;
} else {
// Skip (multiple) spaces.
i++;
}
}
return argv;
}
//////////////////////////////////////////////////////////////////////
// eap::method_mschapv2
//////////////////////////////////////////////////////////////////////
eap::method_mschapv2::method_mschapv2(_In_ module &mod, _In_ config_method_mschapv2 &cfg, _In_ credentials_pass &cred) :
method_mschapv2_base(mod, cfg, cred)
{
}
eap::method_mschapv2::method_mschapv2(_Inout_ method_mschapv2 &&other) :
method_mschapv2_base(std::move(other ))
{
}
eap::method_mschapv2& eap::method_mschapv2::operator=(_Inout_ method_mschapv2 &&other)
{
if (this != std::addressof(other))
(method_mschapv2_base&)*this = std::move(other);
return *this;
}
EapPeerMethodResponseAction eap::method_mschapv2::process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize)
{
assert(pReceivedPacket || dwReceivedPacketSize == 0);
for (const unsigned char *pck = reinterpret_cast<const unsigned char*>(pReceivedPacket), *pck_end = pck + dwReceivedPacketSize; pck < pck_end; ) {
if (pck + sizeof(chap_header) > pck_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete CHAP header.");
auto hdr = reinterpret_cast<const chap_header*>(pck);
unsigned short length = ntohs(*reinterpret_cast<const unsigned short*>(hdr->length));
const unsigned char
*msg = reinterpret_cast<const unsigned char*>(hdr + 1),
*msg_end = pck + length;
if (msg_end > pck_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete CHAP data.");
// Save packet ident.
m_ident = hdr->ident;
switch (hdr->code) {
case chap_packet_code_challenge: {
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_mschapv2), event_data::blank);
if (msg + 1 > msg_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete CHAP challenge packet.");
// Read server challenge.
if (msg + 1 + msg[0] > msg_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete CHAP server challenge.");
m_challenge_server.assign(msg + 1, msg + 1 + msg[0]);
// Randomize Peer-Challenge.
m_challenge_client.randomize(m_cp);
// Calculate NT-Response.
sanitizing_string identity_utf8;
WideCharToMultiByte(CP_UTF8, 0, m_cred.m_identity, identity_utf8, NULL, NULL);
m_nt_resp = nt_response(m_cp, m_challenge_server, m_challenge_client, identity_utf8.c_str(), m_cred.m_password.c_str());
// Prepare CHAP response value.
sanitizing_blob value;
value.reserve(
sizeof(m_challenge_client) + // Peer-Challenge
8 + // Reserved
sizeof(m_nt_resp) + // NT-Response
1); // Flags
value.insert(value.end(), reinterpret_cast<const unsigned char*>(&m_challenge_client), reinterpret_cast<const unsigned char*>(&m_challenge_client + 1)); // Peer-Challenge
value.insert(value.end(), 8, 0); // Reserved (must be zero)
value.insert(value.end(), reinterpret_cast<const unsigned char*>(&m_nt_resp), reinterpret_cast<const unsigned char*>(&m_nt_resp + 1)); // NT-Response
value.push_back(0); // Flags
chap_header hdr_resp;
hdr_resp.code = chap_packet_code_response;
hdr_resp.ident = m_ident;
size_t size_value = value.size();
*reinterpret_cast<unsigned short*>(hdr_resp.length) = htons((unsigned short)(sizeof(chap_header) + 1 + size_value + identity_utf8.length()));
assert(size_value <= 0xff); // CHAP value can be 255B max
// Append response.
m_packet_res.assign(reinterpret_cast<const unsigned char*>(&hdr_resp), reinterpret_cast<const unsigned char*>(&hdr_resp + 1));
m_packet_res.insert(m_packet_res.end(), 1, (unsigned char)size_value);
m_packet_res.insert(m_packet_res.end(), value.begin(), value.end());
m_packet_res.insert(m_packet_res.end(), identity_utf8.begin(), identity_utf8.end());
m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point.
return EapPeerMethodResponseActionSend;
}
case chap_packet_code_success:
process_success(parse_response(reinterpret_cast<const char*>(msg), reinterpret_cast<const char*>(msg_end) - reinterpret_cast<const char*>(msg)));
if (m_cfg.m_last_status == config_method::status_success) {
// Acknowledge the authentication by sending a "3" (chap_packet_code_success).
m_packet_res.assign(1, chap_packet_code_success);
m_cfg.m_last_status = config_method::status_auth_failed; // Blame protocol if we fail beyond this point.
return EapPeerMethodResponseActionSend;
} else
return EapPeerMethodResponseActionDiscard;
case chap_packet_code_failure:
process_error(parse_response(reinterpret_cast<const char*>(msg), reinterpret_cast<const char*>(msg_end) - reinterpret_cast<const char*>(msg)));
return EapPeerMethodResponseActionDiscard;
}
pck = msg_end;
}
return EapPeerMethodResponseActionNone;
}
//////////////////////////////////////////////////////////////////////
// eap::method_mschapv2_diameter
//////////////////////////////////////////////////////////////////////
eap::method_mschapv2_diameter::method_mschapv2_diameter(_In_ module &mod, _In_ config_method_mschapv2 &cfg, _In_ credentials_pass &cred) :
m_phase(phase_unknown),
method_mschapv2_base(mod, cfg, cred)
{
}
eap::method_mschapv2_diameter::method_mschapv2_diameter(_Inout_ method_mschapv2_diameter &&other) :
m_phase (std::move(other.m_phase)),
method_mschapv2_base(std::move(other ))
{
}
eap::method_mschapv2_diameter& eap::method_mschapv2_diameter::operator=(_Inout_ method_mschapv2_diameter &&other)
{
if (this != std::addressof(other)) {
(method_mschapv2_base&)*this = std::move(other );
m_phase = std::move(other.m_phase);
}
return *this;
}
void eap::method_mschapv2_diameter::begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize)
{
method_mschapv2_base::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_legacy_mschapv2), event_data::blank);
m_phase = phase_init;
}
void eap::method_mschapv2::process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize,
_Out_ EapPeerMethodOutput *pEapOutput)
EapPeerMethodResponseAction eap::method_mschapv2_diameter::process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize)
{
assert(pReceivedPacket || dwReceivedPacketSize == 0);
assert(pEapOutput);
m_module.log_event(&EAPMETHOD_PACKET_RECV, event_data((unsigned int)eap_type_legacy_mschapv2), event_data((unsigned int)dwReceivedPacketSize), event_data::blank);
switch (m_phase) {
case phase_init: {
// Convert username to UTF-8.
sanitizing_string identity_utf8;
WideCharToMultiByte(CP_UTF8, 0, m_cred.m_identity.c_str(), (int)m_cred.m_identity.length(), identity_utf8, NULL, NULL);
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_legacy_mschapv2), event_data::blank);
// Randomize Peer-Challenge
// Randomize Peer-Challenge.
m_challenge_client.randomize(m_cp);
// Calculate NT-Response
// Calculate NT-Response.
sanitizing_string identity_utf8;
WideCharToMultiByte(CP_UTF8, 0, m_cred.m_identity, identity_utf8, NULL, NULL);
m_nt_resp = nt_response(m_cp, m_challenge_server, m_challenge_client, identity_utf8.c_str(), m_cred.m_password.c_str());
// Prepare MS-CHAP2-Response
// Prepare MS-CHAP2-Response.
sanitizing_blob response;
response.reserve(
1 + // Ident
1 + // Flags
sizeof(challenge_mschapv2) + // Peer-Challenge
sizeof(m_challenge_client) + // Peer-Challenge
8 + // Reserved
sizeof(nt_response)); // Response
sizeof(m_nt_resp)); // NT-Response
response.push_back(m_ident);
response.push_back(0); // Flags
response.insert(response.end(), reinterpret_cast<const unsigned char*>(&m_challenge_client), reinterpret_cast<const unsigned char*>(&m_challenge_client + 1)); // Peer-Challenge
@@ -124,32 +391,39 @@ void eap::method_mschapv2::process_request_packet(
response.insert(response.end(), reinterpret_cast<const unsigned char*>(&m_nt_resp), reinterpret_cast<const unsigned char*>(&m_nt_resp + 1)); // NT-Response
// Diameter AVP (User-Name=1, MS-CHAP-Challenge=11/311, MS-CHAP2-Response=25/311)
append_avp( 1, diameter_avp_flag_mandatory, identity_utf8.data(), (unsigned int)identity_utf8.size() );
append_avp(11, 311, diameter_avp_flag_mandatory, reinterpret_cast<const unsigned char*>(&m_challenge_server) , (unsigned int)sizeof(m_challenge_server));
append_avp(25, 311, diameter_avp_flag_mandatory, response.data() , (unsigned int)response.size() );
m_packet_res.clear();
diameter_avp_append( 1, diameter_avp_flag_mandatory, identity_utf8 .data(), (unsigned int)identity_utf8 .size(), m_packet_res);
diameter_avp_append(11, 311, diameter_avp_flag_mandatory, m_challenge_server.data(), (unsigned int)m_challenge_server.size(), m_packet_res);
diameter_avp_append(25, 311, diameter_avp_flag_mandatory, response .data(), (unsigned int)response .size(), m_packet_res);
m_phase = phase_challenge_server;
m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point.
break;
return EapPeerMethodResponseActionSend;
}
case phase_challenge_server: {
process_packet(pReceivedPacket, dwReceivedPacketSize);
if (m_success)
if (m_cfg.m_last_status == config_method::status_success) {
m_phase = phase_finished;
break;
// Acknowledge the authentication by sending an empty response packet.
m_packet_res.clear();
m_cfg.m_last_status = config_method::status_auth_failed; // Blame protocol if we fail beyond this point.
return EapPeerMethodResponseActionSend;
} else
return EapPeerMethodResponseActionDiscard;
}
case phase_finished:
break;
}
return EapPeerMethodResponseActionNone;
pEapOutput->fAllowNotifications = TRUE;
pEapOutput->action = EapPeerMethodResponseActionSend;
default:
throw invalid_argument(string_printf(__FUNCTION__ " Unknown phase (phase %u).", m_phase));
}
}
void eap::method_mschapv2::process_packet(_In_bytecount_(size_pck) const void *_pck, _In_ size_t size_pck)
void eap::method_mschapv2_diameter::process_packet(_In_bytecount_(size_pck) const void *_pck, _In_ size_t size_pck)
{
for (const unsigned char *pck = reinterpret_cast<const unsigned char*>(_pck), *pck_end = pck + size_pck; pck < pck_end; ) {
if (pck + sizeof(diameter_avp_header) > pck_end)
@@ -178,7 +452,7 @@ void eap::method_mschapv2::process_packet(_In_bytecount_(size_pck) const void *_
if (code == 26 && vendor == 311) {
// MS-CHAP2-Success
if (msg[0] != m_ident)
throw invalid_argument(string_printf(__FUNCTION__ " Wrong MSCHAPv2 ident (expected: %u, received: %u).", m_ident, msg[0]).c_str());
throw invalid_argument(string_printf(__FUNCTION__ " Wrong MSCHAPv2 ident (expected: %u, received: %u).", m_ident, msg[0]));
const char *str = reinterpret_cast<const char*>(msg + 1);
process_success(parse_response(str, (reinterpret_cast<const char*>(msg_end) - str)));
} else if (code == 2 && vendor == 311) {
@@ -187,95 +461,8 @@ void eap::method_mschapv2::process_packet(_In_bytecount_(size_pck) const void *_
const char *str = reinterpret_cast<const char*>(msg + 1);
process_error(parse_response(str, (reinterpret_cast<const char*>(msg_end) - str)));
} else if (hdr->flags & diameter_avp_flag_mandatory)
throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Server sent mandatory Diameter AVP we do not support (code: %u, vendor: %u).", code, vendor).c_str());
throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Server sent mandatory Diameter AVP we do not support (code: %u, vendor: %u).", code, vendor));
pck = msg_next;
}
}
void eap::method_mschapv2::process_success(_In_ const list<string> &argv)
{
m_success = false;
for (auto arg = argv.cbegin(), arg_end = argv.cend(); arg != arg_end; ++arg) {
const string &val = *arg;
if ((val[0] == 'S' || val[0] == 's') && val[1] == '=') {
// "S="
hex_dec dec;
sanitizing_blob resp;
bool is_last;
dec.decode(resp, is_last, val.data() + 2, (size_t)-1);
// Calculate expected authenticator response.
sanitizing_string identity_utf8;
WideCharToMultiByte(CP_UTF8, 0, m_cred.m_identity.c_str(), (int)m_cred.m_identity.length(), identity_utf8, NULL, NULL);
authenticator_response resp_exp(m_cp, m_challenge_server, m_challenge_client, identity_utf8.c_str(), m_cred.m_password.c_str(), m_nt_resp);
// Compare against provided authemticator response.
if (resp.size() != sizeof(resp_exp) || memcmp(resp.data(), &resp_exp, sizeof(resp_exp)) != 0)
throw invalid_argument(__FUNCTION__ " MS-CHAP2-Success authentication response string failed.");
m_success = true;
}
}
if (!m_success)
throw invalid_argument(__FUNCTION__ " MS-CHAP2-Success authentication response string not found.");
}
void eap::method_mschapv2::process_error(_In_ const list<string> &argv)
{
for (auto arg = argv.cbegin(), arg_end = argv.cend(); arg != arg_end; ++arg) {
const string &val = *arg;
if ((val[0] == 'E' || val[0] == 'e') && val[1] == '=') {
DWORD dwResult = strtoul(val.data() + 2, NULL, 10);
m_module.log_event(&EAPMETHOD_METHOD_FAILURE_ERROR, event_data((unsigned int)eap_type_legacy_mschapv2), event_data(dwResult), event_data::blank);
switch (dwResult) {
case ERROR_ACCT_DISABLED : m_cfg.m_last_status = config_method::status_account_disabled ; break;
case ERROR_RESTRICTED_LOGON_HOURS: m_cfg.m_last_status = config_method::status_account_logon_hours; break;
case ERROR_NO_DIALIN_PERMISSION : m_cfg.m_last_status = config_method::status_account_denied ; break;
case ERROR_PASSWD_EXPIRED : m_cfg.m_last_status = config_method::status_cred_expired ; break;
case ERROR_CHANGING_PASSWORD : m_cfg.m_last_status = config_method::status_cred_changing ; break;
default : m_cfg.m_last_status = config_method::status_cred_invalid ;
}
} else if ((val[0] == 'C' || val[0] == 'c') && val[1] == '=') {
hex_dec dec;
sanitizing_blob resp;
bool is_last;
dec.decode(resp, is_last, val.data() + 2, (size_t)-1);
if (resp.size() != sizeof(m_challenge_server))
throw invalid_argument(string_printf(__FUNCTION__ " Incorrect MSCHAPv2 challenge length (expected: %uB, received: %uB).", sizeof(m_challenge_server), resp.size()).c_str());
memcpy(&m_challenge_server, resp.data(), sizeof(m_challenge_server));
} else if ((val[0] == 'M' || val[0] == 'm') && val[1] == '=') {
MultiByteToWideChar(CP_UTF8, 0, val.data() + 2, -1, m_cfg.m_last_msg);
m_module.log_event(&EAPMETHOD_METHOD_FAILURE_ERROR1, event_data((unsigned int)eap_type_legacy_mschapv2), event_data(m_cfg.m_last_msg), event_data::blank);
}
}
}
list<string> eap::method_mschapv2::parse_response(_In_count_(count) const char *resp, _In_ size_t count)
{
list<string> argv;
for (size_t i = 0; i < count && resp[i]; ) {
if (i + 1 < count && (resp[i] == 'M' || resp[i] == 'm') && resp[i + 1] == '=') {
// The message is always the last value. It may contain spaces and it spans to the end.
argv.push_back(string(resp + i, strnlen(resp + i, count - i)));
break;
} else if (!isspace(resp[i])) {
// Search for the next space and add value up to it.
size_t j;
for (j = i + 1; j < count && resp[j] && !isspace(resp[j]); j++);
argv.push_back(string(resp + i, j - i));
i = j + 1;
} else {
// Skip (multiple) spaces.
i++;
}
}
return argv;
}

20
lib/MSCHAPv2_UI/include/MSCHAPv2_UI.h
View File

@@ -21,21 +21,23 @@
#include "../../EAPBase_UI/include/EAP_UI.h"
#include "../../MSCHAPv2/include/Config.h"
class wxMSCHAPv2ConfigPanel;
/// \addtogroup EAPBaseGUI
/// @{
///
/// MSCHAPv2 credential configuration panel
///
typedef wxEAPCredentialsConfigPanel<eap::credentials_pass, wxPasswordCredentialsPanel<eap::credentials_pass, wxPasswordCredentialsPanelBase> > wxMSCHAPv2CredentialsConfigPanel;
///
/// MSCHAPv2 configuration panel
///
class wxMSCHAPv2ConfigPanel;
///
/// MSCHAPv2 credential entry panel
///
typedef wxPasswordCredentialsPanel<eap::credentials_pass, wxPasswordCredentialsPanelBase> wxMSCHAPv2CredentialsPanel;
/// @}
#pragma once
#include <wx/panel.h>
@@ -44,6 +46,12 @@ typedef wxPasswordCredentialsPanel<eap::credentials_pass, wxPasswordCredentialsP
#include <Windows.h>
/// \addtogroup EAPBaseGUI
/// @{
///
/// MSCHAPv2 configuration panel
///
class wxMSCHAPv2ConfigPanel : public wxPanel
{
public:
@@ -65,3 +73,5 @@ protected:
protected:
wxMSCHAPv2CredentialsConfigPanel *m_credentials; ///< Credentials configuration panel
};
/// @}

2
lib/MSCHAPv2_UI/src/MSCHAPv2_UI.cpp
View File

@@ -48,9 +48,11 @@ wxMSCHAPv2ConfigPanel::~wxMSCHAPv2ConfigPanel()
}
/// \cond internal
void wxMSCHAPv2ConfigPanel::OnInitDialog(wxInitDialogEvent& event)
{
// Forward the event to child panels.
if (m_credentials)
m_credentials->GetEventHandler()->ProcessEvent(event);
}
/// \endcond

27
lib/PAP/include/Config.h
View File

@@ -22,9 +22,6 @@
namespace eap
{
///
/// PAP configuration
///
class config_method_pap;
}
@@ -39,6 +36,12 @@ namespace eap
namespace eap
{
/// \addtogroup EAPBaseConfig
/// @{
///
/// PAP configuration
///
class config_method_pap : public config_method_with_cred
{
public:
@@ -82,28 +85,26 @@ namespace eap
///
config_method_pap& operator=(_Inout_ config_method_pap &&other);
///
/// Clones configuration
///
/// \returns Pointer to cloned configuration
///
virtual config* clone() const;
///
/// Returns EAP method type of this configuration
///
/// \returns `eap::type_pap`
/// @copydoc eap::config_method::get_method_id()
/// \returns This implementation always returns `winstd::eap_type_legacy_pap`
///
virtual winstd::eap_type_t get_method_id() const;
///
/// Returns a string \c L"PAP"
/// @copydoc eap::config_method::get_method_str()
/// \returns This implementation always returns `L"PAP"`
///
virtual const wchar_t* get_method_str() const;
///
/// Creates a blank set of credentials suitable for this method
/// @copydoc eap::config_method::make_credentials()
/// \returns This implementation always returns `eap::credentials_pass` type of credentials
///
virtual credentials* make_credentials() const;
};
/// @}
}

85
lib/PAP/include/Method.h
View File

@@ -20,10 +20,7 @@
namespace eap
{
///
/// PAP method
///
class method_pap;
class method_pap_diameter;
}
@@ -36,69 +33,85 @@ namespace eap
namespace eap
{
class method_pap : public method_noneap
/// \addtogroup EAPBaseMethod
/// @{
///
/// PAP method over Diameter AVP (for use as inner EAP-TTLS)
///
class method_pap_diameter : public method
{
WINSTD_NONCOPYABLE(method_pap)
WINSTD_NONCOPYABLE(method_pap_diameter)
public:
///
/// Constructs an EAP method
/// Constructs a PAP method
///
/// \param[in] mod EAP module to use for global services
/// \param[in] mod PAP module to use for global services
/// \param[in] cfg Method configuration
/// \param[in] cred User credentials
///
method_pap(_In_ module &module, _In_ config_method_pap &cfg, _In_ credentials_pass &cred);
method_pap_diameter(_In_ module &mod, _In_ config_method_pap &cfg, _In_ credentials_pass &cred);
///
/// Moves an EAP method
/// Moves a PAP method
///
/// \param[in] other EAP method to move from
/// \param[in] other PAP method to move from
///
method_pap(_Inout_ method_pap &&other);
method_pap_diameter(_Inout_ method_pap_diameter &&other);
///
/// Moves an EAP method
/// Moves a PAP method
///
/// \param[in] other EAP method to move from
/// \param[in] other PAP method to move from
///
/// \returns Reference to this object
///
method_pap& operator=(_Inout_ method_pap &&other);
method_pap_diameter& operator=(_Inout_ method_pap_diameter &&other);
/// \name Packet processing
/// \name Session management
/// @{
///
/// Starts an EAP authentication session on the peer EapHost using the EAP method.
///
/// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
///
virtual void begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize = MAXDWORD);
///
/// Processes a packet received by EapHost from a supplicant.
///
/// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
///
virtual void process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize,
_Out_ EapPeerMethodOutput *pEapOutput);
/// @}
/// \name Packet processing
/// @{
virtual EapPeerMethodResponseAction process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize);
virtual void get_response_packet(
_Out_ sanitizing_blob &packet,
_In_opt_ DWORD size_max = MAXDWORD);
/// @}
protected:
credentials_pass &m_cred; ///< Method user credentials
virtual void get_result(
_In_ EapPeerMethodResultReason reason,
_Out_ EapPeerMethodResult *pResult);
protected:
config_method_pap &m_cfg; ///< Method configuration
credentials_pass &m_cred; ///< Method user credentials
///
/// Communication phase
///
enum {
phase_unknown = -1, ///< Unknown phase
phase_init = 0, ///< Handshake initialize
phase_finished, ///< Connection shut down
} m_phase; ///< What phase is our communication at?
phase_unknown = -1, ///< Unknown phase
phase_init = 0, ///< Handshake initialize
phase_finished, ///< Connection shut down
} m_phase; ///< What phase is our communication at?
sanitizing_blob m_packet_res; ///< Response packet
};
/// @}
}

101
lib/PAP/src/Method.cpp
View File

@@ -25,87 +25,122 @@ using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::method_pap
// eap::method_pap_diameter
//////////////////////////////////////////////////////////////////////
eap::method_pap::method_pap(_In_ module &module, _In_ config_method_pap &cfg, _In_ credentials_pass &cred) :
eap::method_pap_diameter::method_pap_diameter(_In_ module &mod, _In_ config_method_pap &cfg, _In_ credentials_pass &cred) :
m_cfg(cfg),
m_cred(cred),
m_phase(phase_unknown),
method_noneap(module, cfg, cred)
method(mod)
{
}
eap::method_pap::method_pap(_Inout_ method_pap &&other) :
m_cred ( other.m_cred ),
m_phase (std::move(other.m_phase )),
method_noneap(std::move(other ))
eap::method_pap_diameter::method_pap_diameter(_Inout_ method_pap_diameter &&other) :
m_cfg ( other.m_cfg ),
m_cred ( other.m_cred ),
m_phase (std::move(other.m_phase )),
m_packet_res(std::move(other.m_packet_res)),
method (std::move(other ))
{
}
eap::method_pap& eap::method_pap::operator=(_Inout_ method_pap &&other)
eap::method_pap_diameter& eap::method_pap_diameter::operator=(_Inout_ method_pap_diameter &&other)
{
if (this != std::addressof(other)) {
assert(std::addressof(m_cred) == std::addressof(other.m_cred)); // Move method with same credentials only!
(method_noneap&)*this = std::move(other );
m_phase = std::move(other.m_phase );
assert(std::addressof(m_cfg ) == std::addressof(other.m_cfg )); // Move method within same configuration only!
assert(std::addressof(m_cred) == std::addressof(other.m_cred)); // Move method within same credentials only!
(method&)*this = std::move(other );
m_phase = std::move(other.m_phase );
m_packet_res = std::move(other.m_packet_res);
}
return *this;
}
void eap::method_pap::begin_session(
void eap::method_pap_diameter::begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize)
{
method_noneap::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
method::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
// Presume authentication will fail with generic protocol failure. (Pesimist!!!)
// We will reset once we get get_result(Success) call.
m_cfg.m_last_status = config_method::status_auth_failed;
m_cfg.m_last_msg.clear();
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_legacy_pap), event_data::blank);
m_phase = phase_init;
}
void eap::method_pap::process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize,
_Out_ EapPeerMethodOutput *pEapOutput)
EapPeerMethodResponseAction eap::method_pap_diameter::process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize)
{
UNREFERENCED_PARAMETER(pReceivedPacket);
assert(pReceivedPacket || dwReceivedPacketSize == 0);
assert(pEapOutput);
m_module.log_event(&EAPMETHOD_PACKET_RECV, event_data((unsigned int)eap_type_legacy_pap), event_data((unsigned int)dwReceivedPacketSize), event_data::blank);
UNREFERENCED_PARAMETER(dwReceivedPacketSize);
switch (m_phase) {
case phase_init: {
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_legacy_pap), event_data::blank);
// Convert username and password to UTF-8.
sanitizing_string identity_utf8, password_utf8;
WideCharToMultiByte(CP_UTF8, 0, m_cred.m_identity.c_str(), (int)m_cred.m_identity.length(), identity_utf8, NULL, NULL);
WideCharToMultiByte(CP_UTF8, 0, m_cred.m_password.c_str(), (int)m_cred.m_password.length(), password_utf8, NULL, NULL);
WideCharToMultiByte(CP_UTF8, 0, m_cred.m_identity, identity_utf8, NULL, NULL);
WideCharToMultiByte(CP_UTF8, 0, m_cred.m_password, password_utf8, NULL, NULL);
// PAP passwords must be padded to 16B boundary according to RFC 5281. Will not add random extra padding here, as length obfuscation should be done by outer transport layers.
size_t padding_password_ex = (16 - password_utf8.length()) % 16;
password_utf8.append(padding_password_ex, 0);
m_packet_res.clear();
// Diameter AVP (User-Name=1, User-Password=2)
append_avp(1, diameter_avp_flag_mandatory, identity_utf8.data(), (unsigned int)identity_utf8.size());
append_avp(2, diameter_avp_flag_mandatory, password_utf8.data(), (unsigned int)password_utf8.size());
m_packet_res.clear();
diameter_avp_append(1, diameter_avp_flag_mandatory, identity_utf8.data(), (unsigned int)identity_utf8.size(), m_packet_res);
diameter_avp_append(2, diameter_avp_flag_mandatory, password_utf8.data(), (unsigned int)password_utf8.size(), m_packet_res);
m_phase = phase_finished;
m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point.
break;
return EapPeerMethodResponseActionSend;
}
case phase_finished:
break;
}
return EapPeerMethodResponseActionNone;
pEapOutput->fAllowNotifications = TRUE;
pEapOutput->action = EapPeerMethodResponseActionSend;
default:
throw invalid_argument(string_printf(__FUNCTION__ " Unknown phase (phase %u).", m_phase));
}
}
void eap::method_pap_diameter::get_response_packet(
_Out_ sanitizing_blob &packet,
_In_opt_ DWORD size_max)
{
if (m_packet_res.size() > size_max)
throw invalid_argument(string_printf(__FUNCTION__ " This method does not support packet fragmentation, but the data size is too big to fit in one packet (packet: %u, maximum: %u).", m_packet_res.size(), size_max));
packet.assign(m_packet_res.begin(), m_packet_res.end());
}
void eap::method_pap_diameter::get_result(
_In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *pResult)
{
assert(pResult);
method::get_result(reason, pResult);
if (reason == EapPeerMethodResultSuccess)
m_cfg.m_last_status = config_method::status_success;
// Always ask EAP host to save the connection data. And it will save it *only* when we report "success".
// Don't worry. EapHost is well aware of failed authentication condition.
pResult->fSaveConnectionData = TRUE;
pResult->fIsSuccess = TRUE;
}

20
lib/PAP_UI/include/PAP_UI.h
View File

@@ -21,21 +21,23 @@
#include "../../EAPBase_UI/include/EAP_UI.h"
#include "../../PAP/include/Config.h"
class wxPAPConfigPanel;
/// \addtogroup EAPBaseGUI
/// @{
///
/// PAP credential configuration panel
///
typedef wxEAPCredentialsConfigPanel<eap::credentials_pass, wxPasswordCredentialsPanel<eap::credentials_pass, wxPasswordCredentialsPanelBase> > wxPAPCredentialsConfigPanel;
///
/// PAP configuration panel
///
class wxPAPConfigPanel;
///
/// PAP credential entry panel
///
typedef wxPasswordCredentialsPanel<eap::credentials_pass, wxPasswordCredentialsPanelBase> wxPAPCredentialsPanel;
/// @}
#pragma once
#include <wx/panel.h>
@@ -44,6 +46,12 @@ typedef wxPasswordCredentialsPanel<eap::credentials_pass, wxPasswordCredentialsP
#include <Windows.h>
/// \addtogroup EAPBaseGUI
/// @{
///
/// PAP configuration panel
///
class wxPAPConfigPanel : public wxPanel
{
public:
@@ -65,3 +73,5 @@ protected:
protected:
wxPAPCredentialsConfigPanel *m_credentials; ///< Credentials configuration panel
};
/// @}

2
lib/PAP_UI/src/PAP_UI.cpp
View File

@@ -48,9 +48,11 @@ wxPAPConfigPanel::~wxPAPConfigPanel()
}
/// \cond internal
void wxPAPConfigPanel::OnInitDialog(wxInitDialogEvent& event)
{
// Forward the event to child panels.
if (m_credentials)
m_credentials->GetEventHandler()->ProcessEvent(event);
}
/// \endcond

4
lib/TLS/build/TLS.vcxproj
View File

@@ -81,13 +81,10 @@
<ItemGroup>
<ClInclude Include="..\include\Config.h" />
<ClInclude Include="..\include\Credentials.h" />
<ClInclude Include="..\include\Method.h" />
<ClInclude Include="..\include\TLS.h" />
<ClInclude Include="..\src\StdAfx.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\src\Config.cpp" />
<ClCompile Include="..\src\Method.cpp" />
<ClCompile Include="..\src\StdAfx.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
@@ -95,7 +92,6 @@
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
</ClCompile>
<ClCompile Include="..\src\Credentials.cpp" />
<ClCompile Include="..\src\TLS.cpp" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\Events\build\Events.vcxproj">

12
lib/TLS/build/TLS.vcxproj.filters
View File

@@ -20,12 +20,6 @@
<ClInclude Include="..\include\Credentials.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\Method.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\TLS.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\src\StdAfx.cpp">
@@ -37,11 +31,5 @@
<ClCompile Include="..\src\Credentials.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\src\Method.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\src\TLS.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
</Project>

85
lib/TLS/include/Config.h
View File

@@ -31,22 +31,22 @@
namespace eap
{
///
/// TLS configuration
///
class config_method_tls;
/// \addtogroup EAPBaseMethod
/// @{
///
/// Helper function to compile human-readable certificate name for UI display
///
winstd::tstring get_cert_title(PCCERT_CONTEXT cert);
/// @}
}
#pragma once
#include "Credentials.h"
#include "Method.h"
#include "TLS.h"
#include "../../EAPBase/include/Config.h"
@@ -60,6 +60,12 @@ namespace eap
namespace eap
{
/// \addtogroup EAPBaseMethod
/// @{
///
/// TLS configuration
///
class config_method_tls : public config_method_with_cred
{
public:
@@ -103,91 +109,58 @@ namespace eap
///
config_method_tls& operator=(_Inout_ config_method_tls &&other);
///
/// Clones configuration
///
/// \returns Pointer to cloned configuration
///
virtual config* clone() const;
/// \name XML configuration management
/// \name XML management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
///
/// Returns EAP method type of this configuration
///
/// \returns `eap::type_tls`
/// @copydoc eap::config_method::get_method_id()
/// \returns This implementation always returns `winstd::eap_type_tls`
///
virtual winstd::eap_type_t get_method_id() const;
///
/// Returns a string \c L"EAP-TLS"
/// @copydoc eap::config_method::get_method_str()
/// \returns This implementation always returns `L"EAP-TLS"`
///
virtual const wchar_t* get_method_str() const;
///
/// Creates a blank set of credentials suitable for this method
/// @copydoc eap::config_method::make_credentials()
/// \returns This implementation always returns `eap::credentials_tls` type of credentials
///
virtual credentials* make_credentials() const;
///
/// Adds CA to the list of trusted root CA's
///
/// \sa [CertCreateCertificateContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376033.aspx)
/// \note If the CA is already on the list, function fails returning \c false.
///
/// \param[in] dwCertEncodingType Any bitwise OR combination of \c X509_ASN_ENCODING and \c PKCS_7_ASN_ENCODING flags
/// \param[in] pbCertEncoded Certificate data
/// \param[in] cbCertEncoded Size of \p pbCertEncoded in bytes
///
/// \returns
/// - \c true when adding succeeds;
/// - \c false otherwise.
///
bool add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded);
public:
std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs
std::list<std::wstring> m_server_names; ///< Acceptable authenticating server names
#if EAP_TLS < EAP_TLS_SCHANNEL
// Following members are used for session resumptions. They are not exported/imported to XML.
sanitizing_blob m_session_id; ///< TLS session ID
tls_master_secret m_master_secret; ///< TLS master secret
#endif
};
/// @}
}

104
lib/TLS/include/Credentials.h
View File

@@ -22,9 +22,6 @@
namespace eap
{
///
/// TLS credentials
///
class credentials_tls;
}
@@ -42,6 +39,12 @@ namespace eap
namespace eap
{
/// \addtogroup EAPBaseCred
/// @{
///
/// TLS credentials
///
class credentials_tls : public credentials
{
public:
@@ -84,114 +87,49 @@ namespace eap
///
credentials_tls& operator=(_Inout_ credentials_tls &&other);
///
/// Clones credentials
///
/// \returns Pointer to cloned credentials
///
virtual config* clone() const;
///
/// Resets credentials
///
virtual void clear();
///
/// Test credentials if blank
///
/// \returns
/// - \c true if blank
/// - \c false otherwise
///
virtual bool empty() const;
/// \name XML credentials management
/// \name XML management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
/// \name Storage
/// @{
///
/// Save credentials to Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const;
///
/// Retrieve credentials from Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level);
///
/// Return target suffix for Windows Credential Manager credential name
/// @copydoc eap::credentials::target_suffix()
/// \returns This implementation always returns `_T("cert")`
///
virtual LPCTSTR target_suffix() const;
/// @}
///
/// Returns credential identity.
///
virtual std::wstring get_identity() const;
///
/// Combine credentials in the following order:
///
/// 1. Cached credentials
/// 2. Pre-configured credentials
/// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`)
/// 3. Stored credentials
///
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_tls* type)
/// \param[in] cfg Method configuration (must be config_method_tls type)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior
/// \param[in] hTokenImpersonateUser Impersonation token for a logged-on user to collect user-related information
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be `credentials_tls*` type)
/// \param[in] cfg Method configuration (unused, as must be as config_method_tls is not derived from `config_method_with_cred`)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c source_cache Credentials were obtained from EapHost cache
@@ -199,16 +137,20 @@ namespace eap
/// - \c source_storage Credentials were loaded from Windows Credential Manager
///
virtual source_t combine(
_In_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName);
_In_ DWORD dwFlags,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName);
public:
winstd::cert_context m_cert; ///< Client certificate
winstd::cert_context m_cert; ///< Client certificate
private:
/// \cond internal
static const unsigned char s_entropy[1024];
/// \endcond
};
/// @}
}

491
lib/TLS/include/Method.h
View File

@@ -1,491 +0,0 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
namespace eap
{
///
/// EAP-TLS method
///
class method_tls;
}
#pragma once
#include "Config.h"
#include "Credentials.h"
#include "TLS.h"
#include "../../EAPBase/include/Method.h"
#include <WinStd/Crypt.h>
#include <WinStd/Sec.h>
#include <list>
#include <vector>
namespace eap
{
class method_tls : public method
{
WINSTD_NONCOPYABLE(method_tls)
public:
#pragma pack(push)
#pragma pack(1)
///
/// TLS message
///
struct message_header
{
tls_message_type_t type; ///< Message type (one of `message_type_t` constants)
tls_version version; ///< SSL/TLS version
unsigned char length[2]; ///< Message length (in network byte order)
};
#pragma pack(pop)
public:
///
/// Constructs an EAP method
///
/// \param[in] mod EAP module to use for global services
/// \param[in] cfg Method configuration
/// \param[in] cred User credentials
///
method_tls(_In_ module &module, _In_ config_method_tls &cfg, _In_ credentials_tls &cred);
///
/// Moves an EAP method
///
/// \param[in] other EAP method to move from
///
method_tls(_Inout_ method_tls &&other);
///
/// Moves an EAP method
///
/// \param[in] other EAP method to move from
///
/// \returns Reference to this object
///
method_tls& operator=(_Inout_ method_tls &&other);
/// \name Packet processing
/// @{
///
/// Starts an EAP authentication session on the peer EapHost using the EAP method.
///
/// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
///
virtual void begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize = MAXDWORD);
///
/// Processes a packet received by EapHost from a supplicant.
///
/// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
///
virtual void process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize,
_Out_ EapPeerMethodOutput *pEapOutput);
///
/// Obtains a response packet from the EAP method.
///
/// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
///
virtual void get_response_packet(
_Inout_bytecap_(*dwSendPacketSize) void *pSendPacket,
_Inout_ DWORD *pdwSendPacketSize);
///
/// Obtains the result of an authentication session from the EAP method.
///
/// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
///
virtual void get_result(
_In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *pResult);
/// @}
protected:
#if EAP_TLS < EAP_TLS_SCHANNEL
/// \name Client handshake message generation
/// @{
///
/// Makes a TLS client hello message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.1.2. Client Hello)](https://tools.ietf.org/html/rfc5246#section-7.4.1.2)
///
/// \returns Client hello message
///
sanitizing_blob make_client_hello();
///
/// Makes a TLS client certificate message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.6. Client Certificate)](https://tools.ietf.org/html/rfc5246#section-7.4.6)
///
/// \returns Client certificate message
///
sanitizing_blob make_client_cert() const;
///
/// Makes a TLS client key exchange message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.7. Client Key Exchange Message )](https://tools.ietf.org/html/rfc5246#section-7.4.7)
///
/// \param[in] pms Pre-master secret
///
/// \returns Client key exchange message
///
sanitizing_blob make_client_key_exchange(_In_ const tls_master_secret &pms) const;
///
/// Makes a TLS finished message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
///
/// \returns Change cipher spec
///
eap::sanitizing_blob make_finished() const;
/// @}
/// \name Client/Server handshake hashing
/// @{
///
/// Hashes handshake message for "finished" message validation.
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.9. Finished)](https://tools.ietf.org/html/rfc5246#section-7.4.9)
///
/// \param[in] data Data to hash
/// \param[in] size \p data size in bytes
///
inline void hash_handshake(_In_count_(size) const void *data, _In_ size_t size)
{
CryptHashData(m_hash_handshake_msgs_md5 , (const BYTE*)data, (DWORD)size, 0);
CryptHashData(m_hash_handshake_msgs_sha1 , (const BYTE*)data, (DWORD)size, 0);
CryptHashData(m_hash_handshake_msgs_sha256, (const BYTE*)data, (DWORD)size, 0);
}
///
/// Hashes handshake message for "finished" message validation.
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.9. Finished)](https://tools.ietf.org/html/rfc5246#section-7.4.9)
///
/// \param[in] data Data to hash
/// \param[in] size \p data size in bytes
///
template<class _Ty, class _Ax>
inline void hash_handshake(_In_ const std::vector<_Ty, _Ax> &data)
{
hash_handshake(data.data(), data.size() * sizeof(_Ty));
}
/// @}
///
/// Makes a TLS message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
///
/// \param[in] type Message type
/// \param[inout] data Message data contents
///
/// \returns TLS message message
///
eap::sanitizing_blob make_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &&data);
/// @}
#endif
/// \name Key derivation
/// @{
///
/// Generates master session key
///
/// \sa [The EAP-TLS Authentication Protocol (Chapter 2.3. Key Hierarchy)](https://tools.ietf.org/html/rfc5216#section-2.3)
///
virtual void derive_msk();
///
/// Generates keying material for inner authentication
///
virtual void derive_challenge();
/// @}
#if EAP_TLS < EAP_TLS_SCHANNEL
/// \name Server message processing
/// @{
///
/// Processes messages in a TLS packet
///
/// \param[in] pck Packet data
/// \param[in] size_pck \p pck size in bytes
///
void process_packet(_In_bytecount_(size_pck) const void *pck, _In_ size_t size_pck);
///
/// Processes a TLS change_cipher_spec message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.1. Change Cipher Spec Protocol)](https://tools.ietf.org/html/rfc5246#section-7.1)
///
/// \param[in] msg TLS change_cipher_spec message data
/// \param[in] size_msg TLS change_cipher_spec message data size
///
virtual void process_change_cipher_spec(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg);
///
/// Processes a TLS alert message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2)
///
/// \param[in] msg TLS alert message data
/// \param[in] size_msg TLS alert message data size
///
virtual void process_alert(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg);
///
/// Processes a TLS handshake message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4. Handshake Protocol)](https://tools.ietf.org/html/rfc5246#section-7.4)
///
/// \param[in] msg TLS handshake message data
/// \param[in] size_msg TLS handshake message data size
///
virtual void process_handshake(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg);
#else
///
/// Process handshake
///
void process_handshake();
#endif
///
/// Process application data
///
void process_application_data();
///
/// Processes a TLS application_data message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 10. Application Data Protocol)](https://tools.ietf.org/html/rfc5246#section-10)
///
/// \param[in] msg TLS application_data message data
/// \param[in] size_msg TLS application_data message data size
///
virtual void process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg);
/// @}
#if EAP_TLS < EAP_TLS_SCHANNEL_FULL
///
/// Verifies server's certificate if trusted by configuration
///
void verify_server_trust() const;
#endif
#if EAP_TLS < EAP_TLS_SCHANNEL
/// \name Encryption
/// @{
///
/// Encrypt TLS message
///
/// \param[in] type Message type
/// \param[inout] data TLS message to encrypt
///
void encrypt_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &data);
///
/// Decrypt TLS message
///
/// \param[in] type Original message type for HMAC verification
/// \param[inout] data TLS message to decrypt
///
void decrypt_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &data);
///
/// Returns maximum netto size of a message for a given TLS message size
///
/// \param[in] size_message Size of the final TLS message
///
/// \returns Netto size of message data
///
size_t get_max_message(_In_ size_t size_message) const;
/// @}
/// \name Pseudo-random generation
/// @{
///
/// Calculates pseudo-random P_hash data defined in RFC 5246
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5)
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5)
///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Hashing Algorithm to use (CALG_TLS1PRF = combination of MD5 and SHA-1, CALG_SHA_256...)
/// \param[in] secret Hashing secret key
/// \param[in] seed Random seed
/// \param[in] size_seed \p seed size
/// \param[in] size Number of bytes of pseudo-random data required
///
/// \returns Generated pseudo-random data (\p size bytes)
///
static sanitizing_blob prf(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_ const tls_master_secret &secret,
_In_bytecount_(size_seed) const void *seed,
_In_ size_t size_seed,
_In_ size_t size);
///
/// Calculates pseudo-random P_hash data defined in RFC 5246
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5)
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5)
///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Hashing Algorithm to use (CALG_TLS1PRF = combination of MD5 and SHA-1, CALG_SHA_256...)
/// \param[in] secret Hashing secret key
/// \param[in] seed Random seed
/// \param[in] size Number of bytes of pseudo-random data required
///
/// \returns Generated pseudo-random data (\p size bytes)
///
template<class _Ty, class _Ax>
inline static sanitizing_blob prf(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_ const tls_master_secret &secret,
_In_ const std::vector<_Ty, _Ax> &seed,
_In_ size_t size)
{
return prf(cp, alg, secret, seed.data(), seed.size() * sizeof(_Ty), size);
}
/// @}
///
/// Creates a key
///
/// \sa [How to export and import plain text session keys by using CryptoAPI](https://support.microsoft.com/en-us/kb/228786)
///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Key algorithm
/// \param[in] key Key that decrypts \p secret
/// \param[in] secret Key data
/// \param[in] size_secret \p secret size
///
/// \returns Key
///
HCRYPTKEY create_key(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_ HCRYPTKEY key,
_In_bytecount_(size_secret) const void *secret,
_In_ size_t size_secret);
#endif
protected:
config_method_tls &m_cfg; ///< EAP-TLS method configuration
credentials_tls &m_cred; ///< EAP-TLS user credentials
HANDLE m_user_ctx; ///< Handle to user context
packet_tls m_packet_req; ///< Request packet
packet_tls m_packet_res; ///< Response packet
tls_random m_key_mppe_client; ///< MS-MPPE-Recv-Key
tls_random m_key_mppe_server; ///< MS-MPPE-Send-Key
#if EAP_TLS < EAP_TLS_SCHANNEL
winstd::crypt_prov m_cp; ///< Cryptography provider for general services
winstd::crypt_prov m_cp_enc_client; ///< Cryptography provider for encryption
winstd::crypt_prov m_cp_enc_server; ///< Cryptography provider for encryption
winstd::crypt_key m_key_exp1; ///< Key for importing derived keys
tls_version m_tls_version; ///< TLS version in use
ALG_ID m_alg_prf; ///< Pseudo-random function algorithm in use
tls_conn_state m_state_client; ///< Client TLS connection state
tls_conn_state m_state_client_pending; ///< Client TLS connection state (pending)
tls_conn_state m_state_server; ///< Server TLS connection state
tls_conn_state m_state_server_pending; ///< Server TLS connection state (pending)
tls_master_secret m_master_secret; ///< TLS master secret
tls_random m_random_client; ///< Client random
tls_random m_random_server; ///< Server random
sanitizing_blob m_session_id; ///< TLS session ID
bool m_session_resumed; ///< Did TLS session resume?
std::list<winstd::cert_context> m_server_cert_chain; ///< Server certificate chain
winstd::crypt_hash m_hash_handshake_msgs_md5; ///< Running MD5 hash of handshake messages
winstd::crypt_hash m_hash_handshake_msgs_sha1; ///< Running SHA-1 hash of handshake messages
winstd::crypt_hash m_hash_handshake_msgs_sha256; ///< Running SHA-256 hash of handshake messages
tls_handshake_flags m_handshake; ///< Handshake flags (map of handshake messages received)
enum {
phase_unknown = -1, ///< Unknown phase
phase_client_hello = 0, ///< Send client hello
phase_server_hello, ///< Wait for server hello
phase_change_cipher_spec, ///< Wait for change cipher spec
phase_application_data ///< Exchange application data
} m_phase; ///< What phase is our communication at?
unsigned __int64 m_seq_num_client; ///< Sequence number for encrypting
unsigned __int64 m_seq_num_server; ///< Sequence number for decrypting
#else
winstd::tstring m_sc_target_name; ///< Schannel target name
winstd::sec_credentials m_sc_cred; ///< Schannel client credentials
std::vector<unsigned char> m_sc_queue; ///< TLS data queue
winstd::sec_context m_sc_ctx; ///< Schannel context
enum {
phase_unknown = -1, ///< Unknown phase
phase_handshake_init = 0, ///< Handshake initialize
phase_handshake_cont, ///< Handshake continue
phase_application_data, ///< Exchange application data
phase_shutdown, ///< Connection shut down
} m_phase; ///< What phase is our communication at?
#endif
};
}

671
lib/TLS/include/TLS.h
View File

@@ -1,671 +0,0 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "../../EAPBase/include/EAP.h"
namespace eap
{
///
/// TLS packet type
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: A.1. Record Layer](https://tools.ietf.org/html/rfc5246#appendix-A.1)
///
enum tls_message_type_t;
///
/// TLS handshake type
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: A.4. Handshake Protocol](https://tools.ietf.org/html/rfc5246#appendix-A.4)
///
enum tls_handshake_type_t;
///
/// TLS alert level
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2)
///
enum tls_alert_level_t;
///
/// TLS alert description
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2)
///
enum tls_alert_desc_t;
///
/// TLS protocol version
///
struct tls_version;
extern const tls_version tls_version_1_0;
extern const tls_version tls_version_1_1;
extern const tls_version tls_version_1_2;
///
/// TLS client/server random
///
struct tls_random;
///
/// Master secret
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (8.1. Computing the Master Secret)](https://tools.ietf.org/html/rfc5246#section-8.1)
///
struct tls_master_secret;
///
/// HMAC padding
///
/// \sa [HMAC: Keyed-Hashing for Message Authentication](https://tools.ietf.org/html/rfc2104)
///
struct hmac_padding;
///
/// Our own implementation of HMAC hashing
/// Microsoft's implementation ([MSDN](https://msdn.microsoft.com/en-us/library/windows/desktop/aa382379.aspx)) is flaky.
///
/// \sa [HMAC: Keyed-Hashing for Message Authentication](https://tools.ietf.org/html/rfc2104)
///
class hmac_hash;
///
/// TLS client connection state
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 6.1. Connection States)](https://tools.ietf.org/html/rfc5246#section-6.1)
///
class tls_conn_state;
///
/// EAP-TLS packet
///
class packet_tls;
///
/// TLS map of handshake messages received
///
class tls_handshake_flags;
}
#pragma once
#include <memory>
#include <assert.h>
namespace eap
{
#pragma warning(push)
#pragma warning(disable: 4480)
enum tls_message_type_t : unsigned char
{
tls_message_type_change_cipher_spec = 20,
tls_message_type_alert = 21,
tls_message_type_handshake = 22,
tls_message_type_application_data = 23,
};
enum tls_handshake_type_t : unsigned char
{
tls_handshake_type_hello_request = 0,
tls_handshake_type_client_hello = 1,
tls_handshake_type_server_hello = 2,
tls_handshake_type_certificate = 11,
tls_handshake_type_server_key_exchange = 12,
tls_handshake_type_certificate_request = 13,
tls_handshake_type_server_hello_done = 14,
tls_handshake_type_certificate_verify = 15,
tls_handshake_type_client_key_exchange = 16,
tls_handshake_type_finished = 20,
tls_handshake_type_min = 0, ///< First existing handshake message
tls_handshake_type_max = 21 ///< First non-existing (officially) handshake message
};
enum tls_alert_level_t : unsigned char
{
tls_alert_level_warning = 1,
tls_alert_level_fatal = 2,
};
enum tls_alert_desc_t : unsigned char
{
tls_alert_desc_close_notify = 0,
tls_alert_desc_unexpected_message = 10,
tls_alert_desc_bad_record_mac = 20,
tls_alert_desc_decryption_failed = 21, // reserved
tls_alert_desc_record_overflow = 22,
tls_alert_desc_decompression_failure = 30,
tls_alert_desc_handshake_failure = 40,
tls_alert_desc_no_certificate = 41, // reserved
tls_alert_desc_bad_certificate = 42,
tls_alert_desc_unsupported_certificate = 43,
tls_alert_desc_certificate_revoked = 44,
tls_alert_desc_certificate_expired = 45,
tls_alert_desc_certificate_unknown = 46,
tls_alert_desc_illegal_parameter = 47,
tls_alert_desc_unknown_ca = 48,
tls_alert_desc_access_denied = 49,
tls_alert_desc_decode_error = 50,
tls_alert_desc_decrypt_error = 51,
tls_alert_desc_export_restriction = 60, // reserved
tls_alert_desc_protocol_version = 70,
tls_alert_desc_insufficient_security = 71,
tls_alert_desc_internal_error = 80,
tls_alert_desc_user_canceled = 90,
tls_alert_desc_no_renegotiation = 100,
tls_alert_desc_unsupported_extension = 110,
};
#pragma warning(pop)
#pragma pack(push)
#pragma pack(1)
///
/// TLS protocol version
///
struct __declspec(novtable) tls_version
{
unsigned char major; ///< Major version
unsigned char minor; ///< Minor version
///
/// Copies a TLS version
///
/// \param[in] other Version to copy from
///
/// \returns Reference to this object
///
inline tls_version& operator=(_In_ const tls_version &other)
{
if (this != std::addressof(other)) {
major = other.major;
minor = other.minor;
}
return *this;
}
///
/// Is version less than?
///
/// \param[in] other Protocol version to compare against
/// \return
/// - Non zero when protocol version is less than h;
/// - Zero otherwise.
///
inline bool operator<(_In_ const tls_version &other) const
{
return major < other.major || major == other.major && minor < other.minor;
}
///
/// Is version less than or equal to?
///
/// \param[in] other Protocol version to compare against
/// \return
/// - Non zero when protocol version is less than or equal to h;
/// - Zero otherwise.
///
inline bool operator<=(_In_ const tls_version &other) const
{
return !operator>(other);
}
///
/// Is version greater than or equal to?
///
/// \param[in] other Protocol version to compare against
/// \return
/// - Non zero when protocol version is greater than or equal to h;
/// - Zero otherwise.
///
inline bool operator>=(_In_ const tls_version &other) const
{
return !operator<(other);
}
///
/// Is version greater than?
///
/// \param[in] other Protocol version to compare against
/// \return
/// - Non zero when protocol version is greater than h;
/// - Zero otherwise.
///
inline bool operator>(_In_ const tls_version &other) const
{
return other.major < major || other.major == major && other.minor < minor;
}
///
/// Is version not equal to?
///
/// \param[in] other Protocol version to compare against
/// \return
/// - Non zero when protocol version is not equal to h;
/// - Zero otherwise.
///
inline bool operator!=(_In_ const tls_version &other) const
{
return !operator==(other);
}
///
/// Is version equal to?
///
/// \param[in] other Protocol version to compare against
/// \return
/// - Non zero when protocol version is equal to h;
/// - Zero otherwise.
///
inline bool operator==(_In_ const tls_version &other) const
{
return major == other.major && minor == other.minor;
}
};
#pragma pack(pop)
#pragma pack(push)
#pragma pack(1)
struct __declspec(novtable) tls_random : public sanitizing_blob_xf<32>
{
///
/// Generate TLS random
///
/// \param[in] cp Handle of the cryptographics provider
///
void randomize(_In_ HCRYPTPROV cp);
};
#pragma pack(pop)
#pragma pack(push)
#pragma pack(1)
struct __declspec(novtable) tls_master_secret : public sanitizing_blob_xf<48>
{
///
/// Constructor
///
tls_master_secret();
///
/// Constructs a pre-master secret
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.7.1. RSA-Encrypted Premaster Secret Message)](https://tools.ietf.org/html/rfc5246#section-7.4.7.1)
///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] ver TLS version
///
tls_master_secret(_In_ HCRYPTPROV cp, _In_ tls_version ver);
///
/// Copies a master secret
///
/// \param[in] other Master secret to copy from
///
tls_master_secret(_In_ const sanitizing_blob_f<48> &other);
#ifdef _DEBUG
///
/// Moves the master secret
///
/// \param[inout] other Master secret to move from
///
tls_master_secret(_Inout_ sanitizing_blob_zf<48> &&other);
#endif
};
#pragma pack(pop)
#pragma pack(push)
#pragma pack(1)
struct __declspec(novtable) hmac_padding : public sanitizing_blob_xf<64>
{
///
/// Constructor
///
hmac_padding();
///
/// Derive padding from secret
///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Hashing algorithm
/// \param[in] secret HMAC secret
/// \param[in] size_secret \p secret size
/// \param[in] pad Padding value to XOR with (0x36=inner, 0x5c=outer...)
///
hmac_padding(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret,
_In_opt_ unsigned char pad = 0x36);
///
/// Copies a padding
///
/// \param[in] other Master secret to copy from
///
hmac_padding(_In_ const sanitizing_blob_f<64> &other);
#ifdef _DEBUG
///
/// Moves the padding
///
/// \param[inout] other Padding to move from
///
hmac_padding(_Inout_ sanitizing_blob_zf<64> &&other);
#endif
};
#pragma pack(pop)
class hmac_hash
{
public:
///
/// Construct new HMAC hashing object
///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Hashing algorithm
/// \param[in] secret HMAC secret
/// \param[in] size_secret \p secret size
///
hmac_hash(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret);
///
/// Construct new HMAC hashing object using already prepared inner padding
///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Hashing algorithm
/// \param[in] padding HMAC secret XOR inner padding
///
hmac_hash(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_ const hmac_padding &padding);
///
/// Provides access to inner hash object to hash data at will.
///
/// \returns Inner hashing object handle
///
inline operator HCRYPTHASH()
{
return m_hash_inner;
}
///
/// Completes hashing and returns hashed data.
///
/// \param[out] val Calculated hash value
///
template<class _Ty, class _Ax>
inline void calculate(_Out_ std::vector<_Ty, _Ax> &val)
{
// Calculate inner hash.
if (!CryptGetHashParam(m_hash_inner, HP_HASHVAL, val, 0))
throw win_runtime_error(__FUNCTION__ " Error calculating inner hash.");
// Hash inner hash with outer hash.
if (!CryptHashData(m_hash_outer, (const BYTE*)val.data(), (DWORD)(val.size() * sizeof(_Ty)), 0))
throw win_runtime_error(__FUNCTION__ " Error hashing inner hash.");
// Calculate outer hash.
if (!CryptGetHashParam(m_hash_outer, HP_HASHVAL, val, 0))
throw win_runtime_error(__FUNCTION__ " Error calculating outer hash.");
}
protected:
winstd::crypt_hash m_hash_inner; ///< Inner hashing object
winstd::crypt_hash m_hash_outer; ///< Outer hashing object
};
class tls_conn_state
{
public:
///
/// Constructs a connection state
///
tls_conn_state();
///
/// Copy a connection state
///
/// \param[in] other Connection state to copy from
///
tls_conn_state(_In_ const tls_conn_state &other);
///
/// Moves a connection state
///
/// \param[inout] other Connection state to move from
///
tls_conn_state(_Inout_ tls_conn_state &&other);
///
/// Copy a connection state
///
/// \param[inout] other Connection state to copy from
///
/// \returns Reference to this object
///
tls_conn_state& operator=(_In_ const tls_conn_state &other);
///
/// Moves a connection state
///
/// \param[in] other Connection state to move from
///
/// \returns Reference to this object
///
tls_conn_state& operator=(_Inout_ tls_conn_state &&other);
///
/// Configures state according to given cipher
///
/// \param[in] cipher Cipher ID
///
void set_cipher(_In_ const unsigned char cipher[2]);
public:
LPCTSTR m_prov_name; ///< Cryptography provider name
DWORD m_prov_type; ///< Cryptography provider type
ALG_ID m_alg_encrypt; ///< Bulk encryption algorithm
size_t m_size_enc_key; ///< Encryption key size in bytes (has to comply with `m_alg_encrypt`)
size_t m_size_enc_iv; ///< Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`)
size_t m_size_enc_block; ///< Encryption block size in bytes (has to comply with `m_alg_encrypt`)
winstd::crypt_key m_key; ///< Key for encrypting messages
ALG_ID m_alg_mac; ///< Message authenticy check algorithm
size_t m_size_mac_key; ///< Message authenticy check algorithm key size (has to comply with `m_alg_mac`)
size_t m_size_mac_hash; ///< Message authenticy check algorithm result size (has to comply with `m_alg_mac`)
hmac_padding m_padding_hmac; ///< Padding (key) for HMAC calculation
};
class packet_tls : public packet
{
public:
#pragma warning(push)
#pragma warning(disable: 4480)
///
/// EAP-TLS request packet flags
///
/// \sa [The EAP-TLS Authentication Protocol (Chapter: 3.1 EAP-TLS Request Packet)](https://tools.ietf.org/html/rfc5216#section-3.1)
///
enum flags_req_t : unsigned char {
flags_req_length_incl = 0x80, ///< Length included
flags_req_more_frag = 0x40, ///< More fragments
flags_req_start = 0x20, ///< Start
};
///
/// EAP-TLS response packet flags
///
/// \sa [The EAP-TLS Authentication Protocol (Chapter: 3.2 EAP-TLS Response Packet)](https://tools.ietf.org/html/rfc5216#section-3.2)
///
enum flags_res_t : unsigned char {
flags_res_length_incl = 0x80, ///< Length included
flags_res_more_frag = 0x40, ///< More fragments
};
#pragma warning(pop)
public:
///
/// Constructs an empty packet
///
packet_tls();
///
/// Copies a packet
///
/// \param[in] other Packet to copy from
///
packet_tls(_In_ const packet_tls &other);
///
/// Moves a packet
///
/// \param[in] other Packet to move from
///
packet_tls(_Inout_ packet_tls &&other);
///
/// Copies a packet
///
/// \param[in] other Packet to copy from
///
/// \returns Reference to this object
///
packet_tls& operator=(_In_ const packet_tls &other);
///
/// Moves a packet
///
/// \param[in] other Packet to move from
///
/// \returns Reference to this object
///
packet_tls& operator=(_Inout_ packet_tls &&other);
///
/// Empty the packet
///
virtual void clear();
///
/// Appends fragment
///
/// \param[in] pck EAP packet fragment
///
/// \returns
/// - \c true if this was the last fragment of a packet
/// - \c false if more fragments are to follow
///
bool append_frag(_In_ const EapPacket *pck);
///
/// Gets next fragment of the packet
///
/// \param[out ] pck Memory to write EAP packet to
/// \param[inout] size_max Available size of \p pck (in bytes)
///
/// \returns Final size of the packet (fragment)
///
unsigned short get_frag(_Out_bytecap_(size_max) EapPacket *pck, _In_ size_t size_max);
///
/// Is this packet an ACK
///
/// \param[in] id ID of originating EAP packet
///
inline bool is_ack(_In_ unsigned char id) const
{
return
m_code == EapCodeRequest &&
m_id == id &&
m_data.empty() &&
!(m_flags & (flags_req_length_incl | flags_req_more_frag | flags_req_start));
}
public:
unsigned char m_flags; ///< Packet flags
};
class tls_handshake_flags
{
public:
///
/// Constructs an empty set of flags
///
inline tls_handshake_flags()
{
memset(m_flags, 0, sizeof(m_flags));
}
///
/// Empty set of flags
///
inline void clear()
{
memset(m_flags, 0, sizeof(m_flags));
}
///
/// Set particular flag
///
/// \param[in] type TLS handshake message to set its flag
///
inline void set(_In_ tls_handshake_type_t type)
{
assert(tls_handshake_type_min <= type && type < tls_handshake_type_max);
m_flags[type] = true;
}
///
/// Get particular flag
///
/// \param[in] type TLS handshake message to get its flag
///
inline bool operator[](_In_ tls_handshake_type_t type) const
{
assert(tls_handshake_type_min <= type && type < tls_handshake_type_max);
return m_flags[type];
}
protected:
bool m_flags[tls_handshake_type_max]; ///< Set of flags
};
}

33
lib/TLS/src/Config.cpp
View File

@@ -75,10 +75,6 @@ eap::config_method_tls::config_method_tls(_In_ module &mod, _In_ unsigned int le
eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
m_trusted_root_ca(other.m_trusted_root_ca),
m_server_names(other.m_server_names),
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id(other.m_session_id),
m_master_secret(other.m_master_secret),
#endif
config_method_with_cred(other)
{
}
@@ -87,10 +83,6 @@ eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) :
m_trusted_root_ca(std::move(other.m_trusted_root_ca)),
m_server_names(std::move(other.m_server_names)),
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id(std::move(other.m_session_id)),
m_master_secret(std::move(other.m_master_secret)),
#endif
config_method_with_cred(std::move(other))
{
}
@@ -102,10 +94,6 @@ eap::config_method_tls& eap::config_method_tls::operator=(_In_ const config_meth
(config_method_with_cred&)*this = other;
m_trusted_root_ca = other.m_trusted_root_ca;
m_server_names = other.m_server_names;
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id = other.m_session_id;
m_master_secret = other.m_master_secret;
#endif
}
return *this;
@@ -118,10 +106,6 @@ eap::config_method_tls& eap::config_method_tls::operator=(_Inout_ config_method_
(config_method_with_cred&&)*this = std::move(other);
m_trusted_root_ca = std::move(other.m_trusted_root_ca);
m_server_names = std::move(other.m_server_names);
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id = std::move(other.m_session_id);
m_master_secret = std::move(other.m_master_secret);
#endif
}
return *this;
@@ -250,10 +234,6 @@ void eap::config_method_tls::operator<<(_Inout_ cursor_out &cursor) const
config_method_with_cred::operator<<(cursor);
cursor << m_trusted_root_ca;
cursor << m_server_names ;
#if EAP_TLS < EAP_TLS_SCHANNEL
cursor << m_session_id ;
cursor << m_master_secret ;
#endif
}
@@ -262,14 +242,7 @@ size_t eap::config_method_tls::get_pk_size() const
return
config_method_with_cred::get_pk_size() +
pksizeof(m_trusted_root_ca) +
pksizeof(m_server_names )
#if EAP_TLS < EAP_TLS_SCHANNEL
+
pksizeof(m_session_id ) +
pksizeof(m_master_secret );
#else
;
#endif
pksizeof(m_server_names );
}
@@ -278,10 +251,6 @@ void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor)
config_method_with_cred::operator>>(cursor);
cursor >> m_trusted_root_ca;
cursor >> m_server_names ;
#if EAP_TLS < EAP_TLS_SCHANNEL
cursor >> m_session_id ;
cursor >> m_master_secret ;
#endif
}

24
lib/TLS/src/Credentials.cpp
View File

@@ -179,7 +179,7 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int
// Encrypt the certificate using user's key.
DATA_BLOB cred_blob = { m_cert->cbCertEncoded, m_cert->pbCertEncoded };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , const_cast<LPBYTE>(s_entropy) };
if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc))
if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_AUDIT, &cred_enc))
throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
}
@@ -247,7 +247,7 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned
LPCTSTR eap::credentials_tls::target_suffix() const
{
return _T("Cert");
return _T("cert");
}
@@ -299,10 +299,14 @@ std::wstring eap::credentials_tls::get_identity() const
eap::credentials::source_t eap::credentials_tls::combine(
_In_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName)
_In_ DWORD dwFlags,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName)
{
UNREFERENCED_PARAMETER(dwFlags);
if (cred_cached) {
// Using EAP service cached credentials.
*this = *dynamic_cast<const credentials_tls*>(cred_cached);
@@ -310,14 +314,18 @@ eap::credentials::source_t eap::credentials_tls::combine(
return source_cache;
}
if (cfg.m_use_cred) {
auto cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
if (cfg_with_cred && cfg_with_cred->m_use_cred) {
// Using configured credentials.
*this = *dynamic_cast<const credentials_tls*>(cfg.m_cred.get());
*this = *dynamic_cast<const credentials_tls*>(cfg_with_cred->m_cred.get());
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
return source_config;
}
if (pszTargetName) {
// Switch user context.
user_impersonator impersonating(hTokenImpersonateUser);
try {
credentials_tls cred_loaded(m_module);
cred_loaded.retrieve(pszTargetName, cfg.m_level);
@@ -335,6 +343,7 @@ eap::credentials::source_t eap::credentials_tls::combine(
}
/// \cond internal
const unsigned char eap::credentials_tls::s_entropy[1024] = {
0xb9, 0xd1, 0x62, 0xd4, 0x1c, 0xe6, 0x8c, 0x25, 0x98, 0x9b, 0x1d, 0xbc, 0x40, 0x46, 0x9e, 0x6d,
0x63, 0xba, 0xda, 0x78, 0x65, 0x56, 0x97, 0x4f, 0xa0, 0x89, 0xf4, 0xc5, 0x1b, 0xf5, 0x8d, 0x69,
@@ -401,3 +410,4 @@ const unsigned char eap::credentials_tls::s_entropy[1024] = {
0x0d, 0xd0, 0x84, 0x17, 0x97, 0x56, 0x2e, 0xff, 0x82, 0x76, 0x61, 0x75, 0x9f, 0x15, 0xd2, 0x08,
0xbb, 0x24, 0xb5, 0xba, 0xaa, 0x5e, 0x20, 0xdd, 0x03, 0x4c, 0x3c, 0x54, 0xd8, 0x8f, 0x87, 0x49,
};
/// \endcond

1823
lib/TLS/src/Method.cpp
View File

File diff suppressed because it is too large Load Diff

2
lib/TLS/src/StdAfx.h
View File

@@ -22,8 +22,6 @@
#include "../include/Config.h"
#include "../include/Credentials.h"
#include "../include/Method.h"
#include "../include/TLS.h"
#include "../../EAPBase/include/EAPXML.h"

594
lib/TLS/src/TLS.cpp
View File

@@ -1,594 +0,0 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::tls_version
//////////////////////////////////////////////////////////////////////
const eap::tls_version eap::tls_version_1_0 = { 3, 1 };
const eap::tls_version eap::tls_version_1_1 = { 3, 2 };
const eap::tls_version eap::tls_version_1_2 = { 3, 3 };
//////////////////////////////////////////////////////////////////////
// eap::tls_random
//////////////////////////////////////////////////////////////////////
void eap::tls_random::randomize(_In_ HCRYPTPROV cp)
{
_time32((__time32_t*)data);
if (!CryptGenRandom(cp, sizeof(data) - sizeof(__time32_t), data + sizeof(__time32_t)))
throw win_runtime_error(__FUNCTION__ " Error creating randomness.");
}
//////////////////////////////////////////////////////////////////////
// eap::tls_master_secret
//////////////////////////////////////////////////////////////////////
eap::tls_master_secret::tls_master_secret()
{
}
eap::tls_master_secret::tls_master_secret(_In_ HCRYPTPROV cp, _In_ tls_version ver)
{
data[0] = ver.major;
data[1] = ver.minor;
if (!CryptGenRandom(cp, sizeof(data) - 2, data + 2))
throw win_runtime_error(__FUNCTION__ " Error creating PMS randomness.");
}
eap::tls_master_secret::tls_master_secret(_In_ const sanitizing_blob_f<48> &other) :
sanitizing_blob_xf<48>(other)
{
}
#ifdef _DEBUG
eap::tls_master_secret::tls_master_secret(_Inout_ sanitizing_blob_zf<48> &&other) :
sanitizing_blob_xf<48>(std::move(other))
{
}
#endif
//////////////////////////////////////////////////////////////////////
// eap::hmac_padding
//////////////////////////////////////////////////////////////////////
eap::hmac_padding::hmac_padding()
{
}
eap::hmac_padding::hmac_padding(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret,
_In_opt_ unsigned char pad)
{
if (size_secret > sizeof(hmac_padding)) {
// If the secret is longer than padding, use secret's hash instead.
crypt_hash hash;
if (!hash.create(cp, alg))
throw win_runtime_error(__FUNCTION__ " Error creating hash.");
if (!CryptHashData(hash, (const BYTE*)secret, (DWORD)size_secret, 0))
throw win_runtime_error(__FUNCTION__ " Error hashing.");
DWORD size_hash = sizeof(hmac_padding);
if (!CryptGetHashParam(hash, HP_HASHVAL, data, &size_hash, 0))
throw win_runtime_error(__FUNCTION__ " Error finishing hash.");
size_secret = size_hash;
} else
memcpy(data, secret, size_secret);
for (size_t i = 0; i < size_secret; i++)
data[i] ^= pad;
memset(data + size_secret, pad, sizeof(hmac_padding) - size_secret);
}
eap::hmac_padding::hmac_padding(_In_ const sanitizing_blob_f<64> &other) :
sanitizing_blob_xf<64>(other)
{
}
#ifdef _DEBUG
eap::hmac_padding::hmac_padding(_Inout_ sanitizing_blob_zf<64> &&other) :
sanitizing_blob_xf<64>(std::move(other))
{
}
#endif
//////////////////////////////////////////////////////////////////////
// eap::hmac_hash
//////////////////////////////////////////////////////////////////////
eap::hmac_hash::hmac_hash(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret)
{
// Prepare inner padding and forward to the other constructor.
this->hmac_hash::hmac_hash(cp, alg, hmac_padding(cp, alg, secret, size_secret));
}
eap::hmac_hash::hmac_hash(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_ const hmac_padding &padding)
{
// Create inner hash.
if (!m_hash_inner.create(cp, alg))
throw win_runtime_error(__FUNCTION__ " Error creating inner hash.");
// Initialize it with the inner padding.
if (!CryptHashData(m_hash_inner, padding.data, sizeof(hmac_padding), 0))
throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
// Convert inner padding to outer padding for final calculation.
hmac_padding padding_out;
for (size_t i = 0; i < sizeof(hmac_padding); i++)
padding_out.data[i] = padding.data[i] ^ (0x36 ^ 0x5c);
// Create outer hash.
if (!m_hash_outer.create(cp, alg))
throw win_runtime_error(__FUNCTION__ " Error creating outer hash.");
// Initialize it with the outer padding.
if (!CryptHashData(m_hash_outer, padding_out.data, sizeof(hmac_padding), 0))
throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
}
//////////////////////////////////////////////////////////////////////
// eap::tls_conn_state
//////////////////////////////////////////////////////////////////////
eap::tls_conn_state::tls_conn_state()
#ifdef _DEBUG
// Initialize state primitive members for diagnostic purposes.
:
m_prov_name (NULL),
m_prov_type (0),
m_alg_encrypt (0),
m_size_enc_key (0),
m_size_enc_iv (0),
m_size_enc_block(0),
m_alg_mac (0),
m_size_mac_key (0),
m_size_mac_hash (0)
#endif
{
}
eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) :
m_prov_name (other.m_prov_name ),
m_prov_type (other.m_prov_type ),
m_alg_encrypt (other.m_alg_encrypt ),
m_size_enc_key (other.m_size_enc_key ),
m_size_enc_iv (other.m_size_enc_iv ),
m_size_enc_block(other.m_size_enc_block),
m_key (other.m_key ),
m_alg_mac (other.m_alg_mac ),
m_size_mac_key (other.m_size_mac_key ),
m_size_mac_hash (other.m_size_mac_hash ),
m_padding_hmac (other.m_padding_hmac )
{
}
eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
m_prov_name (std::move(other.m_prov_name )),
m_prov_type (std::move(other.m_prov_type )),
m_alg_encrypt (std::move(other.m_alg_encrypt )),
m_size_enc_key (std::move(other.m_size_enc_key )),
m_size_enc_iv (std::move(other.m_size_enc_iv )),
m_size_enc_block(std::move(other.m_size_enc_block)),
m_key (std::move(other.m_key )),
m_alg_mac (std::move(other.m_alg_mac )),
m_size_mac_key (std::move(other.m_size_mac_key )),
m_size_mac_hash (std::move(other.m_size_mac_hash )),
m_padding_hmac (std::move(other.m_padding_hmac ))
{
#ifdef _DEBUG
// Reinitialize other state primitive members for diagnostic purposes.
other.m_prov_name = NULL;
other.m_prov_type = 0;
other.m_alg_encrypt = 0;
other.m_size_enc_key = 0;
other.m_size_enc_iv = 0;
other.m_size_enc_block = 0;
other.m_alg_mac = 0;
other.m_size_mac_key = 0;
other.m_size_mac_hash = 0;
#endif
}
eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &other)
{
if (this != std::addressof(other)) {
m_prov_name = other.m_prov_name ;
m_prov_type = other.m_prov_type ;
m_alg_encrypt = other.m_alg_encrypt ;
m_size_enc_key = other.m_size_enc_key ;
m_size_enc_iv = other.m_size_enc_iv ;
m_size_enc_block = other.m_size_enc_block;
m_key = other.m_key ;
m_alg_mac = other.m_alg_mac ;
m_size_mac_key = other.m_size_mac_key ;
m_size_mac_hash = other.m_size_mac_hash ;
m_padding_hmac = other.m_padding_hmac ;
}
return *this;
}
eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&other)
{
if (this != std::addressof(other)) {
m_prov_name = std::move(other.m_prov_name );
m_prov_type = std::move(other.m_prov_type );
m_alg_encrypt = std::move(other.m_alg_encrypt );
m_size_enc_key = std::move(other.m_size_enc_key );
m_size_enc_iv = std::move(other.m_size_enc_iv );
m_size_enc_block = std::move(other.m_size_enc_block);
m_key = std::move(other.m_key );
m_alg_mac = std::move(other.m_alg_mac );
m_size_mac_key = std::move(other.m_size_mac_key );
m_size_mac_hash = std::move(other.m_size_mac_hash );
m_padding_hmac = std::move(other.m_padding_hmac );
#ifdef _DEBUG
// Reinitialize other state primitive members for diagnostic purposes.
other.m_prov_name = NULL;
other.m_prov_type = 0;
other.m_alg_encrypt = 0;
other.m_size_enc_key = 0;
other.m_size_enc_iv = 0;
other.m_size_enc_block = 0;
other.m_alg_mac = 0;
other.m_size_mac_key = 0;
other.m_size_mac_hash = 0;
#endif
}
return *this;
}
void eap::tls_conn_state::set_cipher(_In_ const unsigned char cipher[2])
{
if (cipher[0] == 0x00 && cipher[1] == 0x0a) {
// TLS_RSA_WITH_3DES_EDE_CBC_SHA
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_3DES;
m_size_enc_key = 192/8; // 3DES 192bits
m_size_enc_iv = 64/8; // 3DES 64bits
m_size_enc_block = 64/8; // 3DES 64bits
m_alg_mac = CALG_SHA1;
m_size_mac_key = 160/8; // SHA-1
m_size_mac_hash = 160/8; // SHA-1
} else if (cipher[0] == 0x00 && cipher[1] == 0x2f) {
// TLS_RSA_WITH_AES_128_CBC_SHA
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA1;
m_size_mac_key = 160/8; // SHA-1
m_size_mac_hash = 160/8; // SHA-1
} else if (cipher[0] == 0x00 && cipher[1] == 0x3c) {
// AES128-SHA256
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x3d) {
// AES256-SHA256
m_prov_name = MS_ENH_RSA_AES_PROV;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x40) {
// DHE-DSS-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x67) {
// DHE-RSA-AES128-SHA256
m_prov_name = MS_DEF_DH_SCHANNEL_PROV;
m_prov_type = PROV_DH_SCHANNEL;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x6a) {
// DHE-DSS-AES256-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x6b) {
// DHE-RSA-AES256-SHA256
m_prov_name = MS_DEF_DH_SCHANNEL_PROV;
m_prov_type = PROV_DH_SCHANNEL;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x23) {
// ECDHE-ECDSA-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x24) {
// ECDHE-ECDSA-AES256-SHA384
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_384;
m_size_mac_key = 384/8; // SHA-384
m_size_mac_hash = 384/8; // SHA-384
} else if (cipher[0] == 0xc0 && cipher[1] == 0x27) {
// ECDHE-RSA-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x28) {
// ECDHE-RSA-AES256-SHA384
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_384;
m_size_mac_key = 384/8; // SHA-384
m_size_mac_hash = 384/8; // SHA-384
} else
throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Unknown cipher (received 0x%02x%02x).", cipher[0], cipher[1]));
}
//////////////////////////////////////////////////////////////////////
// eap::packet_tls
//////////////////////////////////////////////////////////////////////
eap::packet_tls::packet_tls() :
m_flags(0),
packet()
{
}
eap::packet_tls::packet_tls(_In_ const packet_tls &other) :
m_flags(other.m_flags),
packet (other )
{
}
eap::packet_tls::packet_tls(_Inout_ packet_tls &&other) :
m_flags(std::move(other.m_flags)),
packet (std::move(other ))
{
}
eap::packet_tls& eap::packet_tls::operator=(_In_ const packet_tls &other)
{
if (this != std::addressof(other)) {
(packet&)*this = other;
m_flags = other.m_flags;
}
return *this;
}
eap::packet_tls& eap::packet_tls::operator=(_Inout_ packet_tls &&other)
{
if (this != std::addressof(other)) {
(packet&)*this = std::move(other);
m_flags = std::move(other.m_flags);
}
return *this;
}
void eap::packet_tls::clear()
{
packet::clear();
m_flags = 0;
}
bool eap::packet_tls::append_frag(_In_ const EapPacket *pck)
{
assert(pck);
// Get packet data pointer and size for more readable code later on.
const unsigned char *packet_data_ptr;
size_t size_packet_data;
if (pck->Data[1] & flags_req_length_incl) {
// Length field is included.
packet_data_ptr = pck->Data + 6;
size_packet_data = ntohs(*reinterpret_cast<const unsigned short*>(pck->Length)) - 10;
} else {
// Length field not included.
packet_data_ptr = pck->Data + 2;
size_packet_data = ntohs(*reinterpret_cast<const unsigned short*>(pck->Length)) - 6;
}
// Do the EAP-TLS defragmentation.
if (pck->Data[1] & flags_req_more_frag) {
if (m_data.empty()) {
// Start a new packet.
if (pck->Data[1] & flags_req_length_incl) {
// Preallocate data according to the Length field.
size_t size_tot = ntohl(*reinterpret_cast<const unsigned int*>(pck->Data + 2));
m_data.reserve(size_tot);
//m_module.log_event(&EAPMETHOD_PACKET_RECV_FRAG_FIRST, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data((unsigned int)size_tot), event_data::blank);
} else {
// The Length field was not included. Odd. Nevermind, no pre-allocation then.
//m_module.log_event(&EAPMETHOD_PACKET_RECV_FRAG_FIRST1, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data::blank);
}
} else {
// Mid fragment received.
//m_module.log_event(&EAPMETHOD_PACKET_RECV_FRAG_MID, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data((unsigned int)m_data.size()), event_data::blank);
}
m_data.insert(m_data.end(), packet_data_ptr, packet_data_ptr + size_packet_data);
return false;
} else if (!m_data.empty()) {
// Last fragment received. Append data.
m_data.insert(m_data.end(), packet_data_ptr, packet_data_ptr + size_packet_data);
//m_module.log_event(&EAPMETHOD_PACKET_RECV_FRAG_LAST, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data((unsigned int)m_data.size()), event_data::blank);
} else {
// This is a complete non-fragmented packet.
m_data.assign(packet_data_ptr, packet_data_ptr + size_packet_data);
//m_module.log_event(&EAPMETHOD_PACKET_RECV, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data::blank);
}
m_code = (EapCode)pck->Code;
m_id = pck->Id;
m_flags = pck->Data[1];
return true;
}
unsigned short eap::packet_tls::get_frag(_Out_bytecap_(size_pck) EapPacket *pck, _In_ size_t size_max)
{
assert(pck);
size_t size_data = m_data.size();
assert(size_data <= UINT_MAX - 6); // Packets spanning over 4GB are not supported by EAP.
unsigned int size_packet = (unsigned int)size_data + 6;
unsigned short size_packet_limit = (unsigned short)std::min<size_t>(size_max, USHRT_MAX);
unsigned char *data_dst;
if (!(m_flags & flags_res_more_frag)) {
// Not fragmented.
if (size_packet <= size_packet_limit) {
// No need to fragment the packet.
m_flags &= ~flags_res_length_incl; // No need to explicitly include the Length field either.
data_dst = pck->Data + 2;
//m_module.log_event(&EAPMETHOD_PACKET_SEND, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_data), event_data::blank);
} else {
// But it should be fragmented.
m_flags |= flags_res_length_incl | flags_res_more_frag;
*reinterpret_cast<unsigned int*>(pck->Data + 2) = htonl(size_packet);
data_dst = pck->Data + 6;
size_data = size_packet_limit - 10;
size_packet = size_packet_limit;
//m_module.log_event(&EAPMETHOD_PACKET_SEND_FRAG_FIRST, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_data), event_data((unsigned int)(m_data.size() - size_data)), event_data::blank);
}
} else {
// Continuing the fragmented packet...
if (size_packet > size_packet_limit) {
// This is a mid fragment.
m_flags &= ~flags_res_length_incl;
size_data = size_packet_limit - 6;
size_packet = size_packet_limit;
//m_module.log_event(&EAPMETHOD_PACKET_SEND_FRAG_MID, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_data), event_data((unsigned int)(m_data.size() - size_data)), event_data::blank);
} else {
// This is the last fragment.
m_flags &= ~(flags_res_length_incl | flags_res_more_frag);
//m_module.log_event(&EAPMETHOD_PACKET_SEND_FRAG_LAST, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_data), event_data((unsigned int)(m_data.size() - size_data)), event_data::blank);
}
data_dst = pck->Data + 2;
}
pck->Code = (BYTE)m_code;
pck->Id = m_id;
*reinterpret_cast<unsigned short*>(pck->Length) = htons((unsigned short)size_packet);
pck->Data[0] = (BYTE)eap_type_tls;
pck->Data[1] = m_flags;
memcpy(data_dst, m_data.data(), size_data);
m_data.erase(m_data.begin(), m_data.begin() + size_data);
return (unsigned short)size_packet;
}

53
lib/TLS_UI/include/TLS_UI.h
View File

@@ -35,31 +35,20 @@
#include <list>
#include <string>
///
/// Helper class for auto-destroyable certificates used in wxWidget's item containers
///
class wxCertificateClientData;
///
/// TLS credential panel
///
class wxTLSCredentialsPanel;
///
/// TLS server trust configuration panel
///
class wxTLSServerTrustPanel;
class wxTLSConfigPanel;
/// \addtogroup EAPBaseGUI
/// @{
///
/// TLS credentials configuration panel
///
typedef wxEAPCredentialsConfigPanel<eap::credentials_tls, wxTLSCredentialsPanel> wxTLSCredentialsConfigPanel;
///
/// TLS configuration panel
///
class wxTLSConfigPanel;
/// @}
#pragma once
@@ -78,12 +67,20 @@ class wxTLSConfigPanel;
#include <vector>
/// \addtogroup EAPBaseGUI
/// @{
///
/// Helper class for auto-destroyable certificates used in wxWidget's item containers
///
class wxCertificateClientData : public wxClientData
{
public:
///
/// Constructs client data object with existing handle
///
/// \param[in] cert Certificate handle
///
wxCertificateClientData(PCCERT_CONTEXT cert);
///
@@ -96,6 +93,9 @@ public:
};
///
/// TLS credential panel
///
class wxTLSCredentialsPanel : public wxEAPCredentialsPanel<eap::credentials_tls, wxTLSCredentialsPanelBase>
{
public:
@@ -103,7 +103,7 @@ public:
/// Constructs a TLS credentials panel
///
/// \param[in] prov Provider configuration data
/// \param[in] cfg Configuration data
/// \param[in] cfg Method configuration data
/// \param[inout] cred Credentials data
/// \param[in] parent Parent window
/// \param[in] is_config Is this panel used to config credentials?
@@ -119,12 +119,19 @@ protected:
};
///
/// TLS server trust configuration panel
///
class wxTLSServerTrustPanel : public wxTLSServerTrustPanelBase
{
public:
///
/// Constructs a configuration panel
///
/// \param[in ] prov Provider configuration data
/// \param[inout] cfg Method configuration data
/// \param[in ] parent Parent window
///
wxTLSServerTrustPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, wxWindow* parent);
protected:
@@ -156,12 +163,19 @@ protected:
};
///
/// TLS configuration panel
///
class wxTLSConfigPanel : public wxPanel
{
public:
///
/// Constructs a configuration panel
///
/// \param[in ] prov Provider configuration data
/// \param[inout] cfg Method configuration data
/// \param[in ] parent Parent window
///
wxTLSConfigPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, wxWindow* parent);
///
@@ -172,9 +186,6 @@ public:
protected:
/// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event);
#if EAP_TLS < EAP_TLS_SCHANNEL
virtual bool TransferDataFromWindow();
#endif
/// \endcond
protected:
@@ -183,3 +194,5 @@ protected:
wxTLSServerTrustPanel *m_server_trust; ///< Server trust configuration panel
wxTLSCredentialsConfigPanel *m_credentials; ///< Credentials configuration panel
};
/// @}

32
lib/TLS_UI/src/TLS_UI.cpp
View File

@@ -53,6 +53,8 @@ wxTLSCredentialsPanel::wxTLSCredentialsPanel(const eap::config_provider &prov, c
}
/// \cond internal
bool wxTLSCredentialsPanel::TransferDataToWindow()
{
// Populate certificate list.
@@ -129,6 +131,8 @@ void wxTLSCredentialsPanel::OnUpdateUI(wxUpdateUIEvent& event)
}
}
/// \endcond
//////////////////////////////////////////////////////////////////////
// wxTLSServerTrustPanel
@@ -150,6 +154,8 @@ wxTLSServerTrustPanel::wxTLSServerTrustPanel(const eap::config_provider &prov, e
}
/// \cond internal
bool wxTLSServerTrustPanel::TransferDataToWindow()
{
// Populate trusted CA list.
@@ -261,7 +267,7 @@ void wxTLSServerTrustPanel::OnRootCAAddFile(wxCommandEvent& event)
for (PCCERT_CONTEXT cert = NULL; (cert = CertEnumCertificatesInStore(cs, cert)) != NULL;)
AddRootCA(cert);
} else
wxMessageBox(wxString::Format(_("Invalid or unsupported certificate file %s"), paths[i].c_str()), _("Error"), wxOK | wxICON_EXCLAMATION, this);
wxMessageBox(wxString::Format(_("Invalid or unsupported certificate file %s"), paths[i]), _("Error"), wxOK | wxICON_EXCLAMATION, this);
}
}
@@ -275,6 +281,8 @@ void wxTLSServerTrustPanel::OnRootCARemove(wxCommandEvent& event)
m_root_ca->Delete(selections[i]);
}
/// \endcond
bool wxTLSServerTrustPanel::AddRootCA(PCCERT_CONTEXT cert)
{
@@ -332,6 +340,7 @@ wxTLSConfigPanel::~wxTLSConfigPanel()
}
/// \cond internal
void wxTLSConfigPanel::OnInitDialog(wxInitDialogEvent& event)
{
// Forward the event to child panels.
@@ -339,23 +348,4 @@ void wxTLSConfigPanel::OnInitDialog(wxInitDialogEvent& event)
if (m_credentials)
m_credentials->GetEventHandler()->ProcessEvent(event);
}
#if EAP_TLS < EAP_TLS_SCHANNEL
bool wxTLSConfigPanel::TransferDataFromWindow()
{
wxCHECK(wxPanel::TransferDataFromWindow(), false);
if (!m_prov.m_read_only) {
// This is not a provider-locked configuration. The data will get saved.
// Reset session ID and master secret to force clean connect next time.
m_cfg.m_session_id.clear();
m_cfg.m_master_secret.clear();
}
return true;
}
#endif
/// \endcond

1
lib/TTLS/build/TTLS.vcxproj
View File

@@ -83,7 +83,6 @@
<ClInclude Include="..\include\Credentials.h" />
<ClInclude Include="..\include\Method.h" />
<ClInclude Include="..\include\Module.h" />
<ClInclude Include="..\include\TTLS.h" />
<ClInclude Include="..\src\StdAfx.h" />
</ItemGroup>
<ItemGroup>

3
lib/TTLS/build/TTLS.vcxproj.filters
View File

@@ -26,9 +26,6 @@
<ClInclude Include="..\include\Module.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\TTLS.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\src\StdAfx.cpp">

77
lib/TTLS/include/Config.h
View File

@@ -22,9 +22,6 @@
namespace eap
{
///
/// TTLS configuration
///
class config_method_ttls;
}
@@ -40,7 +37,14 @@ namespace eap
#include <memory>
namespace eap {
namespace eap
{
/// \addtogroup EAPBaseMethod
/// @{
///
/// TTLS configuration
///
class config_method_ttls : public config_method_tls
{
public:
@@ -84,71 +88,36 @@ namespace eap {
///
config_method_ttls& operator=(_Inout_ config_method_ttls &&other);
///
/// Clones configuration
///
/// \returns Pointer to cloned configuration
///
virtual config* clone() const;
/// \name XML configuration management
/// \name XML management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
///
/// Returns EAP method type of this configuration
///
/// \returns `eap::type_ttls`
/// @copydoc eap::config_method::get_method_id()
/// \returns This implementation always returns `winstd::eap_type_ttls`
///
virtual winstd::eap_type_t get_method_id() const;
///
/// Returns a string \c L"EAP-TTLS"
/// @copydoc eap::config_method::get_method_str()
/// \returns This implementation always returns `L"EAP-TTLS"`
///
virtual const wchar_t* get_method_str() const;
///
/// Creates a blank set of credentials suitable for this method
/// @copydoc eap::config_method::make_credentials()
/// \returns This implementation always returns `eap::credentials_ttls` type of credentials
///
virtual credentials* make_credentials() const;
@@ -157,14 +126,18 @@ namespace eap {
///
/// \param[in] eap_type EAP type
///
config_method_with_cred* make_config_method(_In_ winstd::eap_type_t eap_type) const;
/// \returns A new inner method config of given type
///
config_method* make_config_method(_In_ winstd::eap_type_t eap_type) const;
///
/// Makes a new inner method config
///
/// \param[in] eap_type EAP type
///
config_method_with_cred* make_config_method(_In_ const wchar_t *eap_type) const;
/// \returns A new inner method config of given type
///
config_method* make_config_method(_In_ const wchar_t *eap_type) const;
///
/// Generates public identity using current configuration and given credentials
@@ -172,7 +145,9 @@ namespace eap {
std::wstring get_public_identity(const credentials_ttls &cred) const;
public:
std::unique_ptr<config_method_with_cred> m_inner; ///< Inner authentication configuration
std::wstring m_anonymous_identity; ///< Anonymous identity
std::unique_ptr<config_method> m_inner; ///< Inner authentication configuration
std::wstring m_anonymous_identity; ///< Anonymous identity
};
/// @}
}

103
lib/TTLS/include/Credentials.h
View File

@@ -20,9 +20,6 @@
namespace eap
{
///
/// TTLS credentials
///
class credentials_ttls;
}
@@ -35,6 +32,12 @@ namespace eap
namespace eap
{
/// \addtogroup EAPBaseCred
/// @{
///
/// TTLS credentials
///
class credentials_ttls : public credentials_tls
{
public:
@@ -77,107 +80,43 @@ namespace eap
///
credentials_ttls& operator=(_Inout_ credentials_ttls &&other);
///
/// Clones credentials
///
/// \returns Pointer to cloned credentials
///
virtual config* clone() const;
///
/// Resets credentials
///
virtual void clear();
///
/// Test credentials if blank
///
/// \returns
/// - \c true if blank
/// - \c false otherwise
///
virtual bool empty() const;
/// \name XML credentials management
/// \name XML management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
/// \name Storage
/// @{
///
/// Save credentials to Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const;
///
/// Retrieve credentials from Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level);
///
/// Returns credential identity.
///
virtual std::wstring get_identity() const;
/// @}
virtual std::wstring get_identity() const;
///
/// Combine credentials in the following order:
///
/// 1. Cached credentials
/// 2. Pre-configured credentials
/// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`)
/// 3. Stored credentials
///
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_ttls* type)
/// \param[in] cfg Method configuration (must be config_method_ttls type)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior
/// \param[in] hTokenImpersonateUser Impersonation token for a logged-on user to collect user-related information
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be `credentials_ttls*` type)
/// \param[in] cfg Method configuration (unused, as must be as config_method_ttls is not derived from `config_method_with_cred`)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c source_cache Credentials were obtained from EapHost cache
@@ -185,11 +124,15 @@ namespace eap
/// - \c source_storage Credentials were loaded from Windows Credential Manager
///
virtual source_t combine(
_In_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName);
_In_ DWORD dwFlags,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName);
public:
std::unique_ptr<credentials> m_inner; ///< Inner credentials
};
/// @}
}

293
lib/TTLS/include/Method.h
View File

@@ -20,9 +20,8 @@
namespace eap
{
///
/// EAP-TTLS method
///
class method_defrag;
class method_eapmsg;
class method_ttls;
}
@@ -30,122 +29,278 @@ namespace eap
#include "Config.h"
#include "Credentials.h"
#include "TTLS.h"
#include "../../TLS/include/Method.h"
#include "../../EAPBase/include/Method.h"
#include <WinStd/Sec.h>
namespace eap
{
class method_ttls : public method_tls
/// \addtogroup EAPBaseMethod
/// @{
///
/// EAP-(T)TLS class defragging method tunnel
///
class method_defrag : public method_tunnel
{
WINSTD_NONCOPYABLE(method_ttls)
WINSTD_NONCOPYABLE(method_defrag)
public:
#pragma warning(push)
#pragma warning(disable: 4480)
///
/// EAP-(T)TLS request packet flags
///
/// \sa [The EAP-TLS Authentication Protocol (Chapter: 3.1 EAP-TLS Request Packet)](https://tools.ietf.org/html/rfc5216#section-3.1)
/// \sa [The EAP-TTLS Authentication Protocol Version 0 (Chapter: 9.1. Packet Format)](https://tools.ietf.org/html/rfc5281#section-9.1)
///
enum flags_req_t : unsigned char {
flags_req_length_incl = 0x80, ///< Length included
flags_req_more_frag = 0x40, ///< More fragments
flags_req_start = 0x20, ///< Start
flags_req_ver_mask = 0x07, ///< Version mask
};
///
/// EAP-(T)TLS response packet flags
///
/// \sa [The EAP-TLS Authentication Protocol (Chapter: 3.2 EAP-TLS Response Packet)](https://tools.ietf.org/html/rfc5216#section-3.2)
/// \sa [The EAP-TTLS Authentication Protocol Version 0 (Chapter: 9.1. Packet Format)](https://tools.ietf.org/html/rfc5281#section-9.1)
///
enum flags_res_t : unsigned char {
flags_res_length_incl = 0x80, ///< Length included
flags_res_more_frag = 0x40, ///< More fragments
flags_res_ver_mask = 0x07, ///< Version mask
};
#pragma warning(pop)
public:
///
/// Constructs an EAP method
/// Constructs a method
///
/// \param[in] mod EAP module to use for global services
/// \param[in] cfg Method configuration
/// \param[in] cred User credentials
/// \param[in] mod Module to use for global services
/// \param[in] inner Inner method
///
method_ttls(_In_ module &module, _In_ config_method_ttls &cfg, _In_ credentials_ttls &cred);
method_defrag(_In_ module &mod, _In_ method *inner);
///
/// Moves an EAP method
/// Moves a method
///
/// \param[in] other EAP method to move from
/// \param[in] other Method to move from
///
method_ttls(_Inout_ method_ttls &&other);
method_defrag(_Inout_ method_defrag &&other);
///
/// Moves an EAP method
/// Moves a method
///
/// \param[in] other EAP method to move from
/// \param[in] other Method to move from
///
/// \returns Reference to this object
///
method_ttls& operator=(_Inout_ method_ttls &&other);
method_defrag& operator=(_Inout_ method_defrag &&other);
/// \name Packet processing
/// \name Session management
/// @{
///
/// Starts an EAP authentication session on the peer EapHost using the EAP method.
///
/// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
///
virtual void begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize = MAXDWORD);
///
/// Ends an EAP authentication session for the EAP method.
///
/// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx)
///
virtual void end_session();
/// @}
///
/// Processes a packet received by EapHost from a supplicant.
///
/// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
///
virtual void process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize,
_Out_ EapPeerMethodOutput *pEapOutput);
/// \name Packet processing
/// @{
virtual EapPeerMethodResponseAction process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize);
///
/// Obtains a response packet from the EAP method.
///
/// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
///
virtual void get_response_packet(
_Inout_bytecap_(*dwSendPacketSize) void *pSendPacket,
_Inout_ DWORD *pdwSendPacketSize);
///
/// Obtains the result of an authentication session from the EAP method.
///
/// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
///
virtual void get_result(
_In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *pResult);
_Out_ sanitizing_blob &packet,
_In_opt_ DWORD size_max = MAXDWORD);
/// @}
protected:
DWORD m_size_frag_max; ///< Maximum size of a fragment
sanitizing_blob m_data_req; ///< Data in request
sanitizing_blob m_data_res; ///< Data in response
bool m_send_res; ///< Are we sending a response?
};
///
/// Diameter EAP-Message tunnel method
///
class method_eapmsg : public method_tunnel
{
public:
///
/// Generates master session key
/// Constructs a method
///
/// \sa [The EAP-TLS Authentication Protocol (Chapter 2.3. Key Hierarchy)](https://tools.ietf.org/html/rfc5216#section-2.3)
/// \param[in] mod Module to use for global services
/// \param[in] identity User identity
/// \param[in] inner Inner method
///
virtual void derive_msk();
method_eapmsg(_In_ module &mod, _In_ const wchar_t *identity, _In_ method *inner);
///
/// Generates keying material for inner authentication
/// Moves a method
///
virtual void derive_challenge();
/// \param[in] other Method to move from
///
method_eapmsg(_Inout_ method_eapmsg &&other);
///
/// Processes an application message
/// Moves a method
///
/// \param[in] msg Application message data
/// \param[in] size_msg Application message data size
/// \param[in] other Method to move from
///
virtual void process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg);
/// \returns Reference to this object
///
method_eapmsg& operator=(_Inout_ method_eapmsg &&other);
/// \name Session management
/// @{
virtual void begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize = MAXDWORD);
/// @}
/// \name Packet processing
/// @{
virtual EapPeerMethodResponseAction process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize);
virtual void get_response_packet(
_Out_ sanitizing_blob &packet,
_In_opt_ DWORD size_max = MAXDWORD);
/// @}
protected:
#pragma warning(suppress: 4480)
enum version_t :unsigned char {
version_0 = 0, ///< EAP-TTLS v0
} m_version; ///< EAP-TTLS version
std::wstring m_identity; ///< User identity
std::unique_ptr<method> m_inner; ///< Inner authentication method
///
/// Communication phase
///
enum {
phase_unknown = -1, ///< Unknown phase
phase_identity = 0, ///< Send identity
phase_finished, ///< Connection shut down
} m_phase; ///< What phase is our communication at?
sanitizing_blob m_packet_res; ///< Response packet
};
///
/// TTLS method
///
class method_ttls : public method_tunnel
{
WINSTD_NONCOPYABLE(method_ttls)
public:
///
/// Constructs an TTLS method
///
/// \param[in] mod EAP module to use for global services
/// \param[in] cfg Method configuration
/// \param[in] cred User credentials
/// \param[in] inner Inner method
///
method_ttls(_In_ module &mod, _In_ config_method_ttls &cfg, _In_ credentials_ttls &cred, _In_ method *inner);
///
/// Moves an TTLS method
///
/// \param[in] other TTLS method to move from
///
method_ttls(_Inout_ method_ttls &&other);
///
/// Moves an TTLS method
///
/// \param[in] other TTLS method to move from
///
/// \returns Reference to this object
///
method_ttls& operator=(_Inout_ method_ttls &&other);
/// \name Session management
/// @{
virtual void begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize = MAXDWORD);
/// @}
/// \name Packet processing
/// @{
virtual EapPeerMethodResponseAction process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize);
virtual void get_response_packet(
_Out_ sanitizing_blob &packet,
_In_opt_ DWORD size_max = MAXDWORD);
/// @}
virtual void get_result(
_In_ EapPeerMethodResultReason reason,
_Out_ EapPeerMethodResult *pResult);
protected:
#if EAP_TLS < EAP_TLS_SCHANNEL_FULL
///
/// Verifies server's certificate if trusted by configuration
///
void verify_server_trust() const;
#endif
protected:
config_method_ttls &m_cfg; ///< Method configuration
credentials_ttls &m_cred; ///< Method user credentials
HANDLE m_user_ctx; ///< Handle to user context
winstd::tstring m_sc_target_name; ///< Schannel target name
winstd::sec_credentials m_sc_cred; ///< Schannel client credentials
std::vector<unsigned char> m_sc_queue; ///< TLS data queue
winstd::sec_context m_sc_ctx; ///< Schannel context
///
/// Communication phase
///
enum {
phase_unknown = -1, ///< Unknown phase
phase_handshake_init = 0, ///< Handshake initialize
phase_handshake_cont, ///< Handshake continue
phase_finished, ///< Exchange application data
} m_phase; ///< What phase is our communication at?
sanitizing_blob m_packet_res; ///< Response packet
bool m_packet_res_inner; ///< Get and ancrypt data from inner method too?
std::vector<winstd::eap_attr> m_eap_attr; ///< EAP attributes returned by get_result() method
EAP_ATTRIBUTES m_eap_attr_desc; ///< EAP attributes descriptor (required to avoid memory leakage in get_result())
};
/// @}
}

163
lib/TTLS/include/Module.h
View File

@@ -20,9 +20,6 @@
namespace eap
{
///
/// TTLS peer
///
class peer_ttls;
}
@@ -35,57 +32,43 @@ namespace eap
namespace eap
{
/// \addtogroup EAPBaseModule
/// @{
///
/// EAP-TTLS peer
///
class peer_ttls : public peer
{
WINSTD_NONCOPYABLE(peer_ttls)
public:
///
/// Constructs a EAP TTLS peer module
/// Constructs a EAP-TTLS peer module
///
peer_ttls();
///
/// Makes a new method config
/// @copydoc eap::method::make_config_method()
/// \returns This implementation always returns `eap::config_method_ttls` type of configuration
///
virtual config_method* make_config_method();
///
/// Initializes an EAP peer method for EapHost.
///
/// \sa [EapPeerGetInfo function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363613.aspx)
///
virtual void initialize();
///
/// Shuts down the EAP method and prepares to unload its corresponding DLL.
///
/// \sa [EapPeerShutdown function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363627.aspx)
///
virtual void shutdown();
///
/// Returns the user data and user identity after being called by EapHost.
///
/// \sa [EapPeerGetIdentity function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363607.aspx)
///
virtual void get_identity(
_In_ DWORD dwFlags,
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
_In_ DWORD dwConnectionDataSize,
_In_count_(dwUserDataSize) const BYTE *pUserData,
_In_ DWORD dwUserDataSize,
_Inout_ BYTE **ppUserDataOut,
_Inout_ DWORD *pdwUserDataOutSize,
_Out_ BYTE **ppUserDataOut,
_Out_ DWORD *pdwUserDataOutSize,
_In_ HANDLE hTokenImpersonateUser,
_Inout_ BOOL *pfInvokeUI,
_Inout_ WCHAR **ppwszIdentity);
_Out_ BOOL *pfInvokeUI,
_Out_ WCHAR **ppwszIdentity);
///
/// Defines the implementation of an EAP method-specific function that retrieves the properties of an EAP method given the connection and user data.
///
/// \sa [EapPeerGetMethodProperties function](https://msdn.microsoft.com/en-us/library/windows/desktop/hh706636.aspx)
///
virtual void get_method_properties(
_In_ DWORD dwVersion,
_In_ DWORD dwFlags,
@@ -94,31 +77,19 @@ namespace eap
_In_ DWORD dwConnectionDataSize,
_In_count_(dwUserDataSize) const BYTE *pUserData,
_In_ DWORD dwUserDataSize,
_Inout_ EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray);
_Out_ EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray);
///
/// Converts XML into the configuration BLOB. The XML based credentials can come from group policy or from a system administrator.
///
/// \sa [EapPeerCredentialsXml2Blob function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363603.aspx)
///
virtual void credentials_xml2blob(
_In_ DWORD dwFlags,
_In_ IXMLDOMNode *pConfigRoot,
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
_In_ DWORD dwConnectionDataSize,
_Inout_ BYTE **ppCredentialsOut,
_Inout_ DWORD *pdwCredentialsOutSize);
_Out_ BYTE **ppCredentialsOut,
_Out_ DWORD *pdwCredentialsOutSize);
/// \name Session management
/// @{
///
/// Starts an EAP authentication session on the peer EapHost using the EAP method.
///
/// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
///
/// \returns Session handle
///
virtual EAP_SESSION_HANDLE begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
@@ -129,83 +100,54 @@ namespace eap
_In_ DWORD dwUserDataSize,
_In_ DWORD dwMaxSendPacketSize);
///
/// Ends an EAP authentication session for the EAP method.
///
/// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx)
///
virtual void end_session(_In_ EAP_SESSION_HANDLE hSession);
///
/// Processes a packet received by EapHost from a supplicant.
///
/// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
///
/// @}
/// \name Packet processing
/// @{
virtual void process_request_packet(
_In_ EAP_SESSION_HANDLE hSession,
_In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize,
_Out_ EapPeerMethodOutput *pEapOutput);
///
/// Obtains a response packet from the EAP method.
///
/// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
///
virtual void get_response_packet(
_In_ EAP_SESSION_HANDLE hSession,
_Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket,
_Inout_ DWORD *pdwSendPacketSize);
///
/// Obtains the result of an authentication session from the EAP method.
///
/// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
///
/// @}
virtual void get_result(
_In_ EAP_SESSION_HANDLE hSession,
_In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *pResult);
_In_ EAP_SESSION_HANDLE hSession,
_In_ EapPeerMethodResultReason reason,
_Out_ EapPeerMethodResult *pResult);
/// \name User Interaction
/// @{
///
/// Obtains the user interface context from the EAP method.
///
/// \note This function is always followed by the `EapPeerInvokeInteractiveUI()` function, which is followed by the `EapPeerSetUIContext()` function.
///
/// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx)
///
virtual void get_ui_context(
_In_ EAP_SESSION_HANDLE hSession,
_Inout_ BYTE **ppUIContextData,
_Inout_ DWORD *pdwUIContextDataSize);
_In_ EAP_SESSION_HANDLE hSession,
_Out_ BYTE **ppUIContextData,
_Out_ DWORD *pdwUIContextDataSize);
///
/// Provides a user interface context to the EAP method.
///
/// \note This function is called after the UI has been raised through the `EapPeerGetUIContext()` function.
///
/// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx)
///
virtual void set_ui_context(
_In_ EAP_SESSION_HANDLE hSession,
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
_In_ DWORD dwUIContextDataSize,
_Out_ EapPeerMethodOutput *pEapOutput);
///
/// Obtains an array of EAP response attributes from the EAP method.
///
/// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx)
///
virtual void get_response_attributes(
_In_ EAP_SESSION_HANDLE hSession,
_Inout_ EapAttributes *pAttribs);
/// @}
/// \name EAP Response Attributes
/// @{
virtual void get_response_attributes(
_In_ EAP_SESSION_HANDLE hSession,
_Out_ EapAttributes *pAttribs);
///
/// Provides an updated array of EAP response attributes to the EAP method.
///
/// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx)
///
virtual void set_response_attributes(
_In_ EAP_SESSION_HANDLE hSession,
_In_ const EapAttributes *pAttribs,
@@ -226,23 +168,34 @@ namespace eap
_In_ HANDLE hTokenImpersonateUser);
protected:
///
/// EAP-TTLS session
///
class session {
public:
///
/// Constructs a EAP-TTLS session
///
session(_In_ module &mod);
///
/// Destructs EAP-TTLS session
///
virtual ~session();
public:
module &m_module; ///< Module
config_connection m_cfg; ///< Connection configuration
credentials_connection m_cred; ///< Connection credentials
std::unique_ptr<method_ttls> m_method; ///< EAP-TTLS method
module &m_module; ///< Module
config_connection m_cfg; ///< Connection configuration
credentials_connection m_cred; ///< Connection credentials
std::unique_ptr<method> m_method; ///< EAP-TTLS method
// The following members are required to avoid memory leakage in get_result()
EAP_ATTRIBUTES m_eap_attr_desc; ///< EAP attributes descriptor
BYTE *m_blob_cfg; ///< Configuration BLOB
BYTE *m_blob_cfg; ///< Configuration BLOB
#ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
BYTE *m_blob_cred; ///< Credentials BLOB
BYTE *m_blob_cred; ///< Credentials BLOB
#endif
};
};
/// @}
}

52
lib/TTLS/include/TTLS.h
View File

@@ -1,52 +0,0 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
namespace eap
{
///
/// EAP-TTLS packet
///
class packet_ttls;
}
#pragma once
#include "../../TLS/include/TLS.h"
namespace eap
{
class packet_ttls : public packet_tls
{
public:
///
/// EAP-TTLS packet flags
///
/// \sa [Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0) (Chapter: 9.1 Packet Format)](https://tools.ietf.org/html/rfc5281#section-9.1)
///
#pragma warning(suppress: 4480)
enum flags_t : unsigned char {
flags_length_incl = packet_tls::flags_req_length_incl, ///< Length included
flags_more_frag = packet_tls::flags_req_more_frag, ///< More fragments
flags_start = packet_tls::flags_req_start, ///< Start
flags_ver_mask = 0x07, ///< Version mask
};
};
}

30
lib/TTLS/src/Config.cpp
View File

@@ -38,7 +38,7 @@ eap::config_method_ttls::config_method_ttls(_In_ module &mod, _In_ unsigned int
eap::config_method_ttls::config_method_ttls(const _In_ config_method_ttls &other) :
m_inner(other.m_inner ? dynamic_cast<config_method_with_cred*>(other.m_inner->clone()) : nullptr),
m_inner(other.m_inner ? dynamic_cast<config_method*>(other.m_inner->clone()) : nullptr),
m_anonymous_identity(other.m_anonymous_identity),
config_method_tls(other)
{
@@ -57,7 +57,7 @@ eap::config_method_ttls& eap::config_method_ttls::operator=(const _In_ config_me
{
if (this != &other) {
(config_method_tls&)*this = other;
m_inner.reset(other.m_inner ? dynamic_cast<config_method_with_cred*>(other.m_inner->clone()) : nullptr);
m_inner.reset(other.m_inner ? dynamic_cast<config_method*>(other.m_inner->clone()) : nullptr);
m_anonymous_identity = other.m_anonymous_identity;
}
@@ -262,25 +262,29 @@ eap::credentials* eap::config_method_ttls::make_credentials() const
}
eap::config_method_with_cred* eap::config_method_ttls::make_config_method(_In_ winstd::eap_type_t eap_type) const
eap::config_method* eap::config_method_ttls::make_config_method(_In_ winstd::eap_type_t eap_type) const
{
switch (eap_type) {
case eap_type_tls : return new config_method_tls (m_module, m_level + 1);
case eap_type_ttls : return new config_method_ttls (m_module, m_level + 1);
case eap_type_legacy_pap : return new config_method_pap (m_module, m_level + 1);
case eap_type_legacy_mschapv2: return new config_method_mschapv2(m_module, m_level + 1);
case eap_type_legacy_pap : return new config_method_pap (m_module, m_level + 1);
case eap_type_legacy_mschapv2: return new config_method_mschapv2 (m_module, m_level + 1);
case eap_type_mschapv2 : return new config_method_eapmschapv2(m_module, m_level + 1);
#ifdef EAP_INNER_EAPHOST
default : return new config_method_eaphost (m_module, m_level + 1); // EapHost peer method handles all other method types
#endif
default : throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method.");
}
}
eap::config_method_with_cred* eap::config_method_ttls::make_config_method(_In_ const wchar_t *eap_type) const
eap::config_method* eap::config_method_ttls::make_config_method(_In_ const wchar_t *eap_type) const
{
if (_wcsicmp(eap_type, L"EAP-TLS" ) == 0) return new config_method_tls (m_module, m_level + 1);
else if (_wcsicmp(eap_type, L"EAP-TTLS") == 0) return new config_method_ttls (m_module, m_level + 1);
else if (_wcsicmp(eap_type, L"PAP" ) == 0) return new config_method_pap (m_module, m_level + 1);
else if (_wcsicmp(eap_type, L"MSCHAPv2") == 0) return new config_method_mschapv2(m_module, m_level + 1);
else throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method.");
if (_wcsicmp(eap_type, L"PAP" ) == 0) return new config_method_pap (m_module, m_level + 1);
else if (_wcsicmp(eap_type, L"MSCHAPv2" ) == 0) return new config_method_mschapv2 (m_module, m_level + 1);
else if (_wcsicmp(eap_type, L"EAP-MSCHAPv2") == 0) return new config_method_eapmschapv2(m_module, m_level + 1);
#ifdef EAP_INNER_EAPHOST
else if (_wcsicmp(eap_type, L"EapHost" ) == 0) return new config_method_eaphost (m_module, m_level + 1);
#endif
else throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method.");
}

12
lib/TTLS/src/Credentials.cpp
View File

@@ -179,18 +179,24 @@ wstring eap::credentials_ttls::get_identity() const
eap::credentials::source_t eap::credentials_ttls::combine(
_In_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName)
_In_ DWORD dwFlags,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName)
{
// Combine outer credentials.
source_t src_outer = credentials_tls::combine(
dwFlags,
hTokenImpersonateUser,
cred_cached,
cfg,
pszTargetName);
// Combine inner credentials.
source_t src_inner = m_inner->combine(
dwFlags,
hTokenImpersonateUser,
cred_cached ? dynamic_cast<const credentials_ttls*>(cred_cached)->m_inner.get() : NULL,
*dynamic_cast<const config_method_ttls&>(cfg).m_inner,
pszTargetName);

1112
lib/TTLS/src/Method.cpp
View File

File diff suppressed because it is too large Load Diff

119
lib/TTLS/src/Module.cpp
View File

@@ -20,6 +20,8 @@
#include "StdAfx.h"
#pragma comment(lib, "Eappprxy.lib")
using namespace std;
using namespace winstd;
@@ -50,11 +52,18 @@ void eap::peer_ttls::initialize()
if (MsiQueryFeatureState(_T(PRODUCT_VERSION_GUID), _T("featEAPTTLS")) != INSTALLSTATE_UNKNOWN)
MsiUseFeature(_T(PRODUCT_VERSION_GUID), _T("featEAPTTLS"));
#endif
// Initialize EapHost based inner authentication methods.
DWORD dwResult = EapHostPeerInitialize();
if (dwResult != ERROR_SUCCESS)
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerConfigBlob2Xml failed.");
}
void eap::peer_ttls::shutdown()
{
// Uninitialize EapHost. It was initialized for EapHost based inner authentication methods.
EapHostPeerUninitialize();
}
@@ -64,11 +73,11 @@ void eap::peer_ttls::get_identity(
_In_ DWORD dwConnectionDataSize,
_In_count_(dwUserDataSize) const BYTE *pUserData,
_In_ DWORD dwUserDataSize,
_Inout_ BYTE **ppUserDataOut,
_Inout_ DWORD *pdwUserDataOutSize,
_Out_ BYTE **ppUserDataOut,
_Out_ DWORD *pdwUserDataOutSize,
_In_ HANDLE hTokenImpersonateUser,
_Inout_ BOOL *pfInvokeUI,
_Inout_ WCHAR **ppwszIdentity)
_Out_ BOOL *pfInvokeUI,
_Out_ WCHAR **ppwszIdentity)
{
assert(pfInvokeUI);
assert(ppwszIdentity);
@@ -117,7 +126,7 @@ void eap::peer_ttls::get_method_properties(
_In_ DWORD dwConnectionDataSize,
_In_count_(dwUserDataSize) const BYTE *pUserData,
_In_ DWORD dwUserDataSize,
_Inout_ EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray)
_Out_ EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray)
{
UNREFERENCED_PARAMETER(dwVersion);
UNREFERENCED_PARAMETER(dwFlags);
@@ -167,8 +176,8 @@ void eap::peer_ttls::credentials_xml2blob(
_In_ IXMLDOMNode *pConfigRoot,
_In_count_(dwConnectionDataSize) const BYTE *pConnectionData,
_In_ DWORD dwConnectionDataSize,
_Inout_ BYTE **ppCredentialsOut,
_Inout_ DWORD *pdwCredentialsOutSize)
_Out_ BYTE **ppCredentialsOut,
_Out_ DWORD *pdwCredentialsOutSize)
{
UNREFERENCED_PARAMETER(dwFlags);
UNREFERENCED_PARAMETER(pConnectionData);
@@ -209,16 +218,46 @@ EAP_SESSION_HANDLE eap::peer_ttls::begin_session(
if (s->m_cred.match(*cfg_prov)) {
// Matching provider found.
if (cfg_prov->m_methods.empty())
throw invalid_argument(string_printf(__FUNCTION__ " %ls provider has no methods.", cfg_prov->get_id().c_str()).c_str());
throw invalid_argument(string_printf(__FUNCTION__ " %ls provider has no methods.", cfg_prov->get_id().c_str()));
cfg_method = dynamic_cast<config_method_ttls*>(cfg_prov->m_methods.front().get());
break;
}
} else
throw invalid_argument(string_printf(__FUNCTION__ " Credentials do not match to any provider within this connection configuration (provider: %ls).", s->m_cred.get_id().c_str()).c_str());
throw invalid_argument(string_printf(__FUNCTION__ " Credentials do not match to any provider within this connection configuration (provider: %ls).", s->m_cred.get_id().c_str()));
}
// We have configuration, we have credentials, create method.
s->m_method.reset(new method_ttls(*this, *cfg_method, *dynamic_cast<credentials_ttls*>(s->m_cred.m_cred.get())));
unique_ptr<method> meth_inner;
auto cfg_inner = cfg_method->m_inner.get();
auto cred_inner = dynamic_cast<credentials_ttls*>(s->m_cred.m_cred.get())->m_inner.get();
#ifdef EAP_INNER_EAPHOST
auto cfg_inner_eaphost = dynamic_cast<config_method_eaphost*>(cfg_inner);
if (!cfg_inner_eaphost)
#endif
{
// Native inner methods
switch (cfg_inner->get_method_id()) {
case eap_type_legacy_pap : meth_inner.reset(new method_pap_diameter (*this, dynamic_cast<config_method_pap &>(*cfg_inner), dynamic_cast<credentials_pass&>(*cred_inner))); break;
case eap_type_legacy_mschapv2: meth_inner.reset(new method_mschapv2_diameter(*this, dynamic_cast<config_method_mschapv2&>(*cfg_inner), dynamic_cast<credentials_pass&>(*cred_inner))); break;
case eap_type_mschapv2 : meth_inner.reset(
new method_eapmsg (*this, cred_inner->get_identity().c_str(),
new method_eap (*this, eap_type_mschapv2,
new method_mschapv2(*this, dynamic_cast<config_method_mschapv2&>(*cfg_inner), dynamic_cast<credentials_pass&>(*cred_inner))))); break;
default: throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method.");
}
}
#ifdef EAP_INNER_EAPHOST
else {
// EapHost inner method
meth_inner.reset(
new method_eapmsg (*this, cred_inner->get_identity().c_str(),
new method_eaphost(*this, *cfg_inner_eaphost, dynamic_cast<credentials_eaphost&>(*cred_inner))));
}
#endif
s->m_method.reset(
new method_eap (*this, eap_type_ttls,
new method_defrag(*this,
new method_ttls (*this, *cfg_method, *dynamic_cast<credentials_ttls*>(s->m_cred.m_cred.get()), meth_inner.release()))));
// Initialize method.
s->m_method->begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
@@ -232,7 +271,7 @@ void eap::peer_ttls::end_session(_In_ EAP_SESSION_HANDLE hSession)
assert(hSession);
// End the session.
session *s = static_cast<session*>(hSession);
auto s = static_cast<session*>(hSession);
//s->end(ppEapError);
delete s;
}
@@ -245,7 +284,9 @@ void eap::peer_ttls::process_request_packet(
_Out_ EapPeerMethodOutput *pEapOutput)
{
assert(dwReceivedPacketSize == ntohs(*(WORD*)pReceivedPacket->Length));
static_cast<session*>(hSession)->m_method->process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
assert(pEapOutput);
pEapOutput->action = static_cast<session*>(hSession)->m_method->process_request_packet(pReceivedPacket, dwReceivedPacketSize);
pEapOutput->fAllowNotifications = TRUE;
}
@@ -254,7 +295,14 @@ void eap::peer_ttls::get_response_packet(
_Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket,
_Inout_ DWORD *pdwSendPacketSize)
{
static_cast<session*>(hSession)->m_method->get_response_packet(pSendPacket, pdwSendPacketSize);
assert(pdwSendPacketSize);
assert(pSendPacket || !*pdwSendPacketSize);
sanitizing_blob packet;
static_cast<session*>(hSession)->m_method->get_response_packet(packet, *pdwSendPacketSize);
assert(packet.size() <= *pdwSendPacketSize);
memcpy(pSendPacket, packet.data(), *pdwSendPacketSize = (DWORD)packet.size());
}
@@ -263,12 +311,9 @@ void eap::peer_ttls::get_result(
_In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *pResult)
{
session *s = static_cast<session*>(hSession);
auto s = static_cast<session*>(hSession);
s->m_method->get_result(reason, pResult);
s->m_eap_attr_desc.dwNumberOfAttributes = (DWORD)s->m_method->m_eap_attr.size();
s->m_eap_attr_desc.pAttribs = s->m_method->m_eap_attr.data();
pResult->pAttribArray = &s->m_eap_attr_desc;
// Do not report failure to EapHost, as it will not save updated configuration then. But we need it to save it, to alert user on next connection attempt.
// EapHost is well aware of the failed condition.
@@ -295,15 +340,11 @@ void eap::peer_ttls::get_result(
void eap::peer_ttls::get_ui_context(
_In_ EAP_SESSION_HANDLE hSession,
_Inout_ BYTE **ppUIContextData,
_Inout_ DWORD *pdwUIContextDataSize)
_In_ EAP_SESSION_HANDLE hSession,
_Out_ BYTE **ppUIContextData,
_Out_ DWORD *pdwUIContextDataSize)
{
UNREFERENCED_PARAMETER(hSession);
UNREFERENCED_PARAMETER(ppUIContextData);
UNREFERENCED_PARAMETER(pdwUIContextDataSize);
throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
static_cast<session*>(hSession)->m_method->get_ui_context(ppUIContextData, pdwUIContextDataSize);
}
@@ -313,12 +354,9 @@ void eap::peer_ttls::set_ui_context(
_In_ DWORD dwUIContextDataSize,
_Out_ EapPeerMethodOutput *pEapOutput)
{
UNREFERENCED_PARAMETER(hSession);
UNREFERENCED_PARAMETER(pUIContextData);
UNREFERENCED_PARAMETER(dwUIContextDataSize);
UNREFERENCED_PARAMETER(pEapOutput);
throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
assert(pEapOutput);
pEapOutput->action = static_cast<session*>(hSession)->m_method->set_ui_context(pUIContextData, dwUIContextDataSize);
pEapOutput->fAllowNotifications = TRUE;
}
@@ -326,10 +364,7 @@ void eap::peer_ttls::get_response_attributes(
_In_ EAP_SESSION_HANDLE hSession,
_Inout_ EapAttributes *pAttribs)
{
UNREFERENCED_PARAMETER(hSession);
UNREFERENCED_PARAMETER(pAttribs);
throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
static_cast<session*>(hSession)->m_method->get_response_attributes(pAttribs);
}
@@ -338,11 +373,9 @@ void eap::peer_ttls::set_response_attributes(
_In_ const EapAttributes *pAttribs,
_Out_ EapPeerMethodOutput *pEapOutput)
{
UNREFERENCED_PARAMETER(hSession);
UNREFERENCED_PARAMETER(pAttribs);
UNREFERENCED_PARAMETER(pEapOutput);
throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
assert(pEapOutput);
pEapOutput->action = static_cast<session*>(hSession)->m_method->set_response_attributes(pAttribs);
pEapOutput->fAllowNotifications = TRUE;
}
@@ -364,8 +397,6 @@ const eap::config_method_ttls* eap::peer_ttls::combine_credentials(
UNREFERENCED_PARAMETER(dwUserDataSize);
#endif
user_impersonator impersonating(hTokenImpersonateUser);
for (auto cfg_prov = cfg.m_providers.cbegin(), cfg_prov_end = cfg.m_providers.cend(); cfg_prov != cfg_prov_end; ++cfg_prov) {
wstring target_name(std::move(cfg_prov->get_id()));
@@ -387,6 +418,8 @@ const eap::config_method_ttls* eap::peer_ttls::combine_credentials(
// Combine outer credentials.
LPCTSTR _target_name = (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? target_name.c_str() : NULL;
eap::credentials::source_t src_outer = cred->credentials_tls::combine(
dwFlags,
hTokenImpersonateUser,
#ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
has_cached ? cred_in.m_cred.get() : NULL,
#else
@@ -401,6 +434,8 @@ const eap::config_method_ttls* eap::peer_ttls::combine_credentials(
// Combine inner credentials.
eap::credentials::source_t src_inner = cred->m_inner->combine(
dwFlags,
hTokenImpersonateUser,
#ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
has_cached ? dynamic_cast<credentials_ttls*>(cred_in.m_cred.get())->m_inner.get() : NULL,
#else

Some files were not shown because too many files have changed in this diff Show More