/* Copyright 2015-2016 Amebis Copyright 2016 GÉANT This file is part of GEANTLink. GEANTLink is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. GEANTLink is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GEANTLink. If not, see . */ #include #include #include extern "C" { #include } #include #include namespace eap { class session_base; template class peer; }; #pragma once #define ETW_ERROR(kw, f, ...) m_ep.write(TRACE_LEVEL_ERROR , kw, _T(__FUNCTION__) _T(" ") f, ##__VA_ARGS__) #define ETW_WARNING(kw, f, ...) m_ep.write(TRACE_LEVEL_WARNING , kw, _T(__FUNCTION__) _T(" ") f, ##__VA_ARGS__) #define ETW_INFO(kw, f, ...) m_ep.write(TRACE_LEVEL_INFORMATION, kw, _T(__FUNCTION__) _T(" ") f, ##__VA_ARGS__) #define ETW_VERBOSE(kw, f, ...) m_ep.write(TRACE_LEVEL_VERBOSE , kw, _T(__FUNCTION__) _T(" ") f, ##__VA_ARGS__) #define ETW_FN_VOID winstd::event_fn_auto < &EAPMETHOD_TRACE_EVT_FN_CALL, &EAPMETHOD_TRACE_EVT_FN_RETURN > _event_auto(m_ep, __FUNCTION__) #define ETW_FN_DWORD(res) winstd::event_fn_auto_ret _event_auto(m_ep, __FUNCTION__, res) #define ETW_FN_HRESULT(res) winstd::event_fn_auto_ret _event_auto(m_ep, __FUNCTION__, res) namespace eap { /// /// EAP session /// class session_base { public: /// /// Constructor /// session_base(); /// /// Starts an EAP authentication session on the peer EAPHost using the EAP method. /// /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx) /// virtual DWORD begin(_In_ DWORD dwFlags, _In_ const EapAttributes *pAttributeArray, _In_ HANDLE hTokenImpersonateUser, _In_ DWORD dwSizeofConnectionData, _In_count_(dwSizeofConnectionData) BYTE *pConnectionData, _In_ DWORD dwSizeofUserData, _In_count_(dwSizeofUserData) BYTE *pUserData, _In_ DWORD dwMaxSendPacketSize, _Out_ EAP_ERROR **ppEapError); /// /// Ends an EAP authentication session for the EAP method. /// /// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx) /// virtual DWORD end(_Out_ EAP_ERROR **ppEapError); /// /// Processes a packet received by EAPHost from a supplicant. /// /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx) /// virtual DWORD process_request_packet(_In_ DWORD dwSizeofReceivePacket, _In_bytecount_(dwSizeofReceivePacket) EapPacket *pReceivePacket, _Out_ EapPeerMethodOutput *pEapOutput, _Out_ EAP_ERROR **ppEapError); /// /// Obtains a response packet from the EAP method. /// /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx) /// virtual DWORD get_response_packet(_Inout_ DWORD *pcbSendPacket, _Out_cap_(*pcbSendPacket) EapPacket *pSendPacket, _Out_ EAP_ERROR **ppEapError); /// /// Obtains the result of an authentication session from the EAP method. /// /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx) /// virtual DWORD get_result(_In_ EapPeerMethodResultReason reason, _Out_ EapPeerMethodResult *ppResult, _Out_ EAP_ERROR **ppEapError); /// /// Obtains the user interface context from the EAP method. /// /// \note This function is always followed by the `EapPeerInvokeInteractiveUI()` function, which is followed by the `EapPeerSetUIContext()` function. /// /// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx) /// virtual DWORD get_ui_context(_Out_ DWORD *dwSizeOfUIContextData, _Out_cap_(*dwSizeOfUIContextData) BYTE **pUIContextData, _Out_ EAP_ERROR **ppEapError); /// /// Provides a user interface context to the EAP method. /// /// \note This function is called after the UI has been raised through the `EapPeerGetUIContext()` function. /// /// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx) /// virtual DWORD set_ui_context(_In_ DWORD dwSizeOfUIContextData, _In_count_(dwSizeOfUIContextData) const BYTE *pUIContextData, _Out_ EapPeerMethodOutput *pEapOutput, _Out_ EAP_ERROR **ppEapError); /// /// Obtains an array of EAP response attributes from the EAP method. /// /// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx) /// virtual DWORD get_response_attributes(_Out_ EapAttributes *pAttribs, _Out_ EAP_ERROR **ppEapError); /// /// Provides an updated array of EAP response attributes to the EAP method. /// /// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx) /// virtual DWORD set_response_attributes(_In_ EapAttributes *pAttribs, _Out_ EapPeerMethodOutput *pEapOutput, _Out_ EAP_ERROR **ppEapError); }; /// /// EAP peer base class /// template class peer { public: inline DWORD create() { m_ep.create(&EAPMETHOD_TRACE_EVENT_PROVIDER); m_ep.write(&EAPMETHOD_TRACE_EVT_MODULE_LOAD, winstd::event_data((BYTE)EAPMETHOD_TYPE), winstd::event_data::blank); if (!m_heap.create(0, 0, 0)) return ERROR_OUTOFMEMORY; return ERROR_SUCCESS; } virtual ~peer() { m_ep.write(&EAPMETHOD_TRACE_EVT_MODULE_UNLOAD, winstd::event_data((BYTE)EAPMETHOD_TYPE), winstd::event_data::blank); } /// /// Obtains a set of function pointers for an implementation of the EAP peer method currently loaded on the EAPHost service /// /// \sa [EapPeerGetInfo function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363608.aspx) /// inline void get_info(_Out_ EAP_PEER_METHOD_ROUTINES *pEapPeerMethodRoutines) const { ETW_FN_VOID; assert(pEapPeerMethodRoutines); pEapPeerMethodRoutines->dwVersion = PRODUCT_VERSION; pEapPeerMethodRoutines->pEapType = NULL; pEapPeerMethodRoutines->EapPeerInitialize = initialize; pEapPeerMethodRoutines->EapPeerShutdown = shutdown; pEapPeerMethodRoutines->EapPeerBeginSession = begin_session; pEapPeerMethodRoutines->EapPeerEndSession = end_session; pEapPeerMethodRoutines->EapPeerSetCredentials = NULL; // Always NULL unless we want to use generic credential UI pEapPeerMethodRoutines->EapPeerGetIdentity = get_identity; pEapPeerMethodRoutines->EapPeerProcessRequestPacket = process_request_packet; pEapPeerMethodRoutines->EapPeerGetResponsePacket = get_response_packet; pEapPeerMethodRoutines->EapPeerGetResult = get_result; pEapPeerMethodRoutines->EapPeerGetUIContext = get_ui_context; pEapPeerMethodRoutines->EapPeerSetUIContext = set_ui_context; pEapPeerMethodRoutines->EapPeerGetResponseAttributes = get_response_attributes; pEapPeerMethodRoutines->EapPeerSetResponseAttributes = set_response_attributes; } /// /// Free BLOB allocated with this peer /// inline void free_memory(_In_ void *ptr) { ETW_FN_VOID; if (ptr) { // Since we do security here and some of the BLOBs contain credentials, sanitize every memory block before freeing. SecureZeroMemory(ptr, HeapSize(m_heap, 0, ptr)); HeapFree(m_heap, 0, ptr); } } /// /// Allocate a EAP_ERROR and fill it according to dwErrorCode /// EAP_ERROR *make_error(_In_ DWORD dwErrorCode, _In_ DWORD dwReasonCode, _In_ LPCGUID pRootCauseGuid, _In_ LPCGUID pRepairGuid, _In_ LPCGUID pHelpLinkGuid, _In_z_ LPCWSTR pszRootCauseString, _In_z_ LPCWSTR pszRepairString) const { // Calculate memory size requirement. SIZE_T nRootCauseSize = pszRootCauseString != NULL && pszRootCauseString[0] ? (wcslen(pszRootCauseString) + 1)*sizeof(WCHAR) : 0, nRepairStringSize = pszRepairString != NULL && pszRepairString [0] ? (wcslen(pszRepairString ) + 1)*sizeof(WCHAR) : 0, nEapErrorSize = sizeof(EAP_ERROR) + nRootCauseSize + nRepairStringSize; EAP_ERROR *pError = (EAP_ERROR*)HeapAlloc(m_heap, 0, nEapErrorSize); if (!pError) return NULL; BYTE *p = (BYTE*)(pError + 1); // Fill the error descriptor. pError->dwWinError = dwErrorCode; pError->type.eapType.type = EAPMETHOD_TYPE; pError->type.eapType.dwVendorId = 0; pError->type.eapType.dwVendorType = 0; pError->type.dwAuthorId = 67532; pError->dwReasonCode = dwReasonCode; pError->rootCauseGuid = pRootCauseGuid != NULL ? *pRootCauseGuid : GUID_NULL; pError->repairGuid = pRepairGuid != NULL ? *pRepairGuid : GUID_NULL; pError->helpLinkGuid = pHelpLinkGuid != NULL ? *pHelpLinkGuid : GUID_NULL; if (nRootCauseSize) { pError->pRootCauseString = (LPWSTR)p; memcpy(pError->pRootCauseString, pszRootCauseString, nRootCauseSize); p += nRootCauseSize; } else pError->pRootCauseString = NULL; if (nRepairStringSize) { pError->pRepairString = (LPWSTR)p; memcpy(pError->pRepairString, pszRepairString, nRepairStringSize); p += nRepairStringSize; } else pError->pRepairString = NULL; // Write trace event. std::vector evt_desc; evt_desc.reserve(8); evt_desc.push_back(winstd::event_data(pError->dwWinError)); evt_desc.push_back(winstd::event_data(pError->type.eapType.type)); evt_desc.push_back(winstd::event_data(pError->dwReasonCode)); evt_desc.push_back(winstd::event_data(&(pError->rootCauseGuid), sizeof(GUID))); evt_desc.push_back(winstd::event_data(&(pError->repairGuid), sizeof(GUID))); evt_desc.push_back(winstd::event_data(&(pError->helpLinkGuid), sizeof(GUID))); evt_desc.push_back(winstd::event_data(pError->pRootCauseString)); evt_desc.push_back(winstd::event_data(pError->pRepairString)); m_ep.write(&EAPMETHOD_TRACE_EAP_ERROR, (ULONG)evt_desc.size(), evt_desc.data()); return pError; } /// /// Free EAP_ERROR allocated with `make_error()` method /// void free_error_memory(_In_ EAP_ERROR *err) { ETW_FN_VOID; if (err) { // pRootCauseString and pRepairString always trail the ppEapError to reduce number of (de)allocations. HeapFree(m_heap, 0, err); } } protected: /// /// Initializes an EAP peer method for EAPHost. /// /// \sa [EapPeerGetInfo function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363613.aspx) /// static DWORD APIENTRY initialize(_Out_ EAP_ERROR **ppEapError) { UNREFERENCED_PARAMETER(ppEapError); return ERROR_SUCCESS; } /// /// Shuts down the EAP method and prepares to unload its corresponding DLL. /// /// \sa [EapPeerShutdown function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363627.aspx) /// static DWORD APIENTRY shutdown(_Out_ EAP_ERROR **ppEapError) { UNREFERENCED_PARAMETER(ppEapError); return ERROR_SUCCESS; } /// /// Returns the user data and user identity after being called by EAPHost. /// /// \sa [EapPeerGetIdentity function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363607.aspx) /// static DWORD APIENTRY get_identity(_In_ DWORD dwFlags, _In_ DWORD dwSizeofConnectionData, _In_count_(dwSizeofConnectionData) const BYTE *pConnectionData, _In_ DWORD dwSizeofUserData, _In_count_(dwSizeofUserData) const BYTE *pUserData, _In_ HANDLE hTokenImpersonateUser, _Out_ BOOL *pfInvokeUI, _Inout_ DWORD *pdwSizeOfUserDataOut, _Out_cap_(*pdwSizeOfUserDataOut) BYTE **ppUserDataOut, _Out_ WCHAR **ppwszIdentity, _Out_ EAP_ERROR **ppEapError) { UNREFERENCED_PARAMETER(dwFlags); UNREFERENCED_PARAMETER(dwSizeofConnectionData); UNREFERENCED_PARAMETER(pConnectionData); UNREFERENCED_PARAMETER(dwSizeofUserData); UNREFERENCED_PARAMETER(pUserData); UNREFERENCED_PARAMETER(hTokenImpersonateUser); UNREFERENCED_PARAMETER(pfInvokeUI); UNREFERENCED_PARAMETER(pdwSizeOfUserDataOut); UNREFERENCED_PARAMETER(ppUserDataOut); UNREFERENCED_PARAMETER(ppwszIdentity); UNREFERENCED_PARAMETER(ppEapError); return ERROR_NOT_SUPPORTED; } /// /// Starts an EAP authentication session on the peer EAPHost using the EAP method. /// /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx) /// static DWORD APIENTRY begin_session(_In_ DWORD dwFlags, _In_ const EapAttributes *pAttributeArray, _In_ HANDLE hTokenImpersonateUser, _In_ DWORD dwSizeofConnectionData, _In_count_(dwSizeofConnectionData) BYTE *pConnectionData, _In_ DWORD dwSizeofUserData, _In_count_(dwSizeofUserData) BYTE *pUserData, _In_ DWORD dwMaxSendPacketSize, _Out_ EAP_SESSION_HANDLE *phSession, _Out_ EAP_ERROR **ppEapError) { // Allocate new session. Ts *session = new Ts(); if (!session) return ERROR_OUTOFMEMORY; // Begin the session. DWORD dwResult = session->begin(dwFlags, pAttributeArray, hTokenImpersonateUser, dwSizeofConnectionData, pConnectionData, dwSizeofUserData, pUserData, dwMaxSendPacketSize, ppEapError); if (dwResult == ERROR_SUCCESS) { assert(phSession); *phSession = session; return ERROR_SUCCESS; } // Cleanup. delete session; return dwResult; } /// /// Ends an EAP authentication session for the EAP method. /// /// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx) /// static DWORD APIENTRY end_session(_In_ EAP_SESSION_HANDLE hSession, _Out_ EAP_ERROR **ppEapError) { assert(hSession); DWORD dwResult = static_cast(hSession)->end(ppEapError); delete static_cast(hSession); return dwResult; } /// /// Processes a packet received by EAPHost from a supplicant. /// /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx) /// static DWORD APIENTRY process_request_packet(_In_ EAP_SESSION_HANDLE hSession, _In_ DWORD dwSizeofReceivePacket, _In_bytecount_(dwSizeofReceivePacket) EapPacket *pReceivePacket, _Out_ EapPeerMethodOutput *pEapOutput, _Out_ EAP_ERROR **ppEapError) { assert(hSession); return static_cast(hSession)->process_request_packet(dwSizeofReceivePacket, pReceivePacket, pEapOutput, ppEapError); } /// /// Obtains a response packet from the EAP method. /// /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx) /// static DWORD APIENTRY get_response_packet(_In_ EAP_SESSION_HANDLE hSession, _Inout_ DWORD *pcbSendPacket, _Out_cap_(*pcbSendPacket) EapPacket *pSendPacket, _Out_ EAP_ERROR **ppEapError) { assert(hSession); return static_cast(hSession)->get_response_packet(pcbSendPacket, pSendPacket, ppEapError); } /// /// Obtains the result of an authentication session from the EAP method. /// /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx) /// static DWORD APIENTRY get_result(_In_ EAP_SESSION_HANDLE hSession, _In_ EapPeerMethodResultReason reason, _Out_ EapPeerMethodResult *ppResult, _Out_ EAP_ERROR **ppEapError) { assert(hSession); return static_cast(hSession)->get_result(reason, ppResult, ppEapError); } /// /// Obtains the user interface context from the EAP method. /// /// \note This function is always followed by the `EapPeerInvokeInteractiveUI()` function, which is followed by the `EapPeerSetUIContext()` function. /// /// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx) /// static DWORD APIENTRY get_ui_context(_In_ EAP_SESSION_HANDLE hSession, _Out_ DWORD *dwSizeOfUIContextData, _Out_cap_(*dwSizeOfUIContextData) BYTE **pUIContextData, _Out_ EAP_ERROR **ppEapError) { assert(hSession); return static_cast(hSession)->get_ui_context(dwSizeOfUIContextData, pUIContextData, ppEapError); } /// /// Provides a user interface context to the EAP method. /// /// \note This function is called after the UI has been raised through the `EapPeerGetUIContext()` function. /// /// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx) /// static DWORD APIENTRY set_ui_context(_In_ EAP_SESSION_HANDLE hSession, _In_ DWORD dwSizeOfUIContextData, _In_count_(dwSizeOfUIContextData) const BYTE *pUIContextData, _Out_ EapPeerMethodOutput *pEapOutput, _Out_ EAP_ERROR **ppEapError) { assert(hSession); return static_cast(hSession)->set_ui_context(dwSizeOfUIContextData, pUIContextData, pEapOutput, ppEapError); } /// /// Obtains an array of EAP response attributes from the EAP method. /// /// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx) /// static DWORD APIENTRY get_response_attributes(_In_ EAP_SESSION_HANDLE hSession, _Out_ EapAttributes *pAttribs, _Out_ EAP_ERROR **ppEapError) { assert(hSession); return static_cast(hSession)->get_response_attributes(pAttribs, ppEapError); } /// /// Provides an updated array of EAP response attributes to the EAP method. /// /// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx) /// static DWORD APIENTRY set_response_attributes(_In_ EAP_SESSION_HANDLE hSession, _In_ EapAttributes *pAttribs, _Out_ EapPeerMethodOutput *pEapOutput, _Out_ EAP_ERROR **ppEapError) { assert(hSession); return static_cast(hSession)->set_response_attributes(pAttribs, pEapOutput, ppEapError); } protected: winstd::heap m_heap; ///< Heap mutable winstd::event_provider m_ep; ///< Event Provider }; };