archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/net/ias/providers/ntuser/eap/eap.cpp

343 lines
9.3 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. ///////////////////////////////////////////////////////////////////////////////
  2. //
  3. // Copyright (c) Microsoft Corporation
  4. //
  5. // SYNOPSIS
  6. //
  7. // Defines the class EAP.
  8. //
  9. ///////////////////////////////////////////////////////////////////////////////
  11. #include <ias.h>
  12. #include <iaslsa.h>
  13. #include <iastlutl.h>
  15. #include <eap.h>
  16. #include <eapdnary.h>
  17. #include <eapstate.h>
  18. #include <eaptypes.h>
  19. #include <vector>
  21. //////////
  22. // Define static members.
  23. //////////
  24. EAPTypes EAP::theTypes;
  26. STDMETHODIMP EAP::Initialize()
  27. {
  28. HRESULT hr;
  30. // Initialize the LSA API.
  31. DWORD error = IASLsaInitialize();
  32. if (error)
  33. {
  34. hr = HRESULT_FROM_WIN32(error);
  35. goto lsa_failed;
  36. }
  38. // Initialize the sessions.
  39. hr = EAPSession::initialize();
  40. if (FAILED(hr))
  41. {
  42. goto sessions_failed;
  43. }
  45. // Initialize the IAS <--> RAS translator.
  46. hr = EAPTranslator::initialize();
  47. if (FAILED(hr))
  48. {
  49. goto translator_failed;
  50. }
  52. // The rest can't fail.
  53. EAPState::initialize();
  54. theTypes.initialize();
  56. // Everything succeeded, so we're done.
  57. return S_OK;
  59. translator_failed:
  60. EAPSession::finalize();
  62. sessions_failed:
  63. IASLsaUninitialize();
  65. lsa_failed:
  66. return hr;
  67. }
  69. STDMETHODIMP EAP::Shutdown()
  70. {
  71. // Clear out any remaining sessions.
  72. sessions.clear();
  74. // Shutdown our sub-systems.
  75. theTypes.finalize();
  76. EAPTranslator::finalize();
  77. EAPSession::finalize();
  78. IASLsaUninitialize();
  80. return S_OK;
  81. }
  83. STDMETHODIMP EAP::PutProperty(LONG Id, VARIANT* pValue)
  84. {
  85. if (pValue == NULL) { return E_INVALIDARG; }
  87. switch (Id)
  88. {
  89. case PROPERTY_EAP_SESSION_TIMEOUT:
  90. {
  91. if (V_VT(pValue) != VT_I4) { return DISP_E_TYPEMISMATCH; }
  92. if (V_I4(pValue) <= 0) { return E_INVALIDARG; }
  94. IASTracePrintf("Setting EAP session timeout to %ld msec.", V_I4(pValue));
  96. sessions.setSessionTimeout(V_I4(pValue));
  97. break;
  98. }
  100. case PROPERTY_EAP_MAX_SESSIONS:
  101. {
  102. if (V_VT(pValue) != VT_I4) { return DISP_E_TYPEMISMATCH; }
  103. if (V_I4(pValue) <= 0) { return E_INVALIDARG; }
  105. IASTracePrintf("Setting max. EAP sessions to %ld.", V_I4(pValue));
  107. sessions.setMaxSessions(V_I4(pValue));
  108. break;
  109. }
  111. default:
  112. {
  113. return DISP_E_MEMBERNOTFOUND;
  114. }
  115. }
  117. return S_OK;
  118. }
  120. ///////////////////////////////////////////////////////////////////////////////
  121. //
  122. // METHOD
  123. //
  124. // EAP::onSyncRequest
  125. //
  126. // DESCRIPTION
  127. //
  128. // Processes a request. Note that this method does only enough work to
  129. // retrieve or create a session object. Once this has been accomplished
  130. // the main processing logic takes place inside EAPSession (q.v.).
  131. //
  132. ///////////////////////////////////////////////////////////////////////////////
  133. IASREQUESTSTATUS EAP::onSyncRequest(IRequest* pRequest) throw ()
  134. {
  135. EAPSession* session = NULL;
  137. try
  138. {
  139. IASRequest request(pRequest);
  141. //////////
  142. // Does the request contain an EAP-Message?
  143. //////////
  145. DWORD attrID = RADIUS_ATTRIBUTE_EAP_MESSAGE;
  146. IASAttributeVectorWithBuffer<16> eapMessage;
  147. if (!eapMessage.load(request, 1, &attrID))
  148. {
  149. // If not, we're not interested.
  150. return IAS_REQUEST_STATUS_CONTINUE;
  151. }
  153. IASTraceString("NT-SAM EAP handler received request.");
  155. //////////
  156. // Concatenate the RADIUS EAP-Message attributes into a single packet.
  157. //////////
  159. IASAttributeVector::iterator it;
  160. DWORD pktlen = 0;
  161. for (it = eapMessage.begin(); it != eapMessage.end(); ++it)
  162. {
  163. pktlen += it->pAttribute->Value.OctetString.dwLength;
  164. }
  166. PBYTE p = (PBYTE)_alloca(pktlen);
  167. PPPP_EAP_PACKET recvPkt = (PPPP_EAP_PACKET)p;
  168. for (it = eapMessage.begin(); it != eapMessage.end(); ++it)
  169. {
  170. memcpy(p,
  171. it->pAttribute->Value.OctetString.lpValue,
  172. it->pAttribute->Value.OctetString.dwLength);
  173. p += it->pAttribute->Value.OctetString.dwLength;
  174. }
  176. //////////
  177. // Ensure that the packet is valid.
  178. //////////
  180. if (pktlen < 5 || IASExtractWORD(recvPkt->Length) != pktlen)
  181. {
  182. IASTraceString("Assembled EAP-Message has invalid length.");
  184. request.SetResponse(IAS_RESPONSE_DISCARD_PACKET,
  185. IAS_MALFORMED_REQUEST);
  186. return IAS_REQUEST_STATUS_ABORT;
  187. }
  189. //////////
  190. // Get a session object to handle this request.
  191. //////////
  193. IASREQUESTSTATUS retval;
  194. IASAttribute state;
  195. if (state.load(request, RADIUS_ATTRIBUTE_STATE, IASTYPE_OCTET_STRING))
  196. {
  197. //////////
  198. // If the State attribute exists, this is an ongoing session.
  199. //////////
  201. EAPState& s = (EAPState&)(state->Value.OctetString);
  203. if (!s.isValid())
  204. {
  205. IASTraceString("State attribute is present, but unrecognized.");
  207. // We don't recognize this state attribute, so it must belong
  208. // to someone else.
  209. return IAS_REQUEST_STATUS_CONTINUE;
  210. }
  212. // Retrieve the object for this session ID.
  213. session = sessions.remove(s.getSessionID());
  215. if (!session)
  216. {
  217. IASTraceString("Session timed-out. Discarding packet.");
  219. // The session is already complete.
  220. request.SetResponse(IAS_RESPONSE_DISCARD_PACKET,
  221. IAS_SESSION_TIMEOUT);
  222. return IAS_REQUEST_STATUS_ABORT;
  223. }
  225. IASTracePrintf("Successfully retrieved session state for user %S.",
  226. session->getAccountName());
  228. retval = session->process(request, recvPkt);
  229. }
  230. else
  231. {
  232. IASTraceString("No State attribute present. Creating new session.");
  234. //////////
  235. // No state attribute, so this is a new session.
  236. // Does the request contain an NT4-Account-Name ?
  237. //////////
  239. IASAttribute identity;
  240. if (!identity.load(request,
  241. IAS_ATTRIBUTE_NT4_ACCOUNT_NAME,
  242. IASTYPE_STRING))
  243. {
  244. IASTraceString("SAM account name not found.");
  246. // We only handle SAM users.
  247. return IAS_REQUEST_STATUS_CONTINUE;
  248. }
  250. //////////
  251. // Find out which EAP provider to use.
  252. //////////
  254. // Load the EAP Types attributes into the vector.
  255. IASAttributeVectorWithBuffer<8> eapTypes;
  256. if (!eapTypes.load(request, IAS_ATTRIBUTE_NP_ALLOWED_EAP_TYPE))
  257. {
  258. IASTraceString("EAP not authorized for this user.");
  260. // Since we don't have an EAP-Type attribute, the user is not
  261. // allowed to use EAP.
  262. request.SetResponse(IAS_RESPONSE_ACCESS_REJECT,
  263. IAS_INVALID_AUTH_TYPE);
  264. return IAS_REQUEST_STATUS_HANDLED;
  265. }
  267. //////////
  268. // Retrieve the provider for each EAP type.
  269. //////////
  271. // Fill the vector of providers
  272. std::vector<EAPType*> providers;
  273. providers.reserve(eapTypes.size());
  274. for (IASAttributeVector::iterator i = eapTypes.begin();
  275. i != eapTypes.end();
  276. ++i)
  277. {
  278. IASTracePrintf(
  279. "Allowed EAP type: %d",
  280. i->pAttribute->Value.Integer
  281. );
  283. EAPType* provider = theTypes[i->pAttribute->Value.Enumerator];
  284. if (!provider)
  285. {
  286. // We can't handle this EAP type. This is an internal error.
  287. // Lets try the other types.
  288. IASTraceString("Ignoring EAP type.");
  289. }
  290. else
  291. {
  292. providers.push_back(provider);
  293. }
  294. }
  296. // pass a vector of providers
  297. if (!providers.empty())
  298. {
  299. session = new EAPSession(identity, providers);
  300. _ASSERT(session);
  302. IASTracePrintf(
  303. "Successfully created new EAP session for user %S.",
  304. session->getAccountName()
  305. );
  307. retval = session->begin(request, recvPkt);
  308. }
  309. else
  310. {
  311. IASTraceString("No authorized EAP types could be loaded.");
  313. // Since we don't have an EAP-Type attribute, the user is not
  314. // allowed to use EAP.
  315. request.SetResponse(
  316. IAS_RESPONSE_DISCARD_PACKET,
  317. IAS_EAP_NEGOTIATION_FAILED
  318. );
  319. return IAS_REQUEST_STATUS_ABORT;
  320. }
  321. }
  323. // Save it for later.
  324. sessions.insert(session);
  326. return retval;
  327. }
  328. catch (const _com_error& )
  329. {
  330. IASTraceExcept();
  331. pRequest->SetResponse(IAS_RESPONSE_DISCARD_PACKET, IAS_INTERNAL_ERROR);
  332. }
  333. catch (const std::bad_alloc&)
  334. {
  335. IASTraceExcept();
  336. pRequest->SetResponse(IAS_RESPONSE_DISCARD_PACKET, IAS_INTERNAL_ERROR);
  337. }
  339. // If we have any errors, we'll delete the session.
  340. delete session;
  342. return IAS_REQUEST_STATUS_ABORT;
  343. }