Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1609 lines
50 KiB

  1. /*
  2. Copyright (c) 1997, Microsoft Corporation, all rights reserved
  3. File:
  4. eaptls.h
  5. Description:
  6. PPP EAP TLS Authentication Protocol. Based on RFC xxxx.
  7. History:
  8. Oct 9, 1997: Vijay Baliga created original version.
  9. */
  10. #ifndef _EAPTLS_H_
  11. #define _EAPTLS_H_
  12. #define EAPTLS_KEY_13 L"System\\CurrentControlSet\\Services\\Rasman\\PPP\\EAP\\13"
  13. #define EAPTLS_VAL_SERVER_CONFIG_DATA L"ServerConfigData"
  14. #define EAPTLS_VAL_MAX_TLS_MESSAGE_LENGTH L"MaxTLSMessageLength"
  15. #define EAPTLS_VAL_IGNORE_NO_REVOCATION_CHECK L"IgnoreNoRevocationCheck"
  16. #define EAPTLS_VAL_IGNORE_REVOCATION_OFFLINE L"IgnoreRevocationOffline"
  17. #define EAPTLS_VAL_NO_ROOT_REVOCATION_CHECK L"NoRootRevocationCheck"
  18. #define EAPTLS_VAL_NO_REVOCATION_CHECK L"NoRevocationCheck"
  19. #define EAPTLS_8021x_PIN_DATA_DESCR L"starcehvionrsf"
  20. #define MAX_HASH_SIZE 20 // Certificate hash size
  21. // EAPTLS_PACKET flags
  22. #define EAPTLS_PACKET_FLAG_LENGTH_INCL 0x80
  23. #define EAPTLS_PACKET_FLAG_MORE_FRAGMENTS 0x40
  24. #define EAPTLS_PACKET_FLAG_TLS_START 0x20
  25. //
  26. // Versioning for PEAP. This will include the highest and lowest
  27. // supported versions
  28. //
  29. #define EAPTLS_PACKET_HIGHEST_SUPPORTED_VERSION 0x00
  30. #define EAPTLS_PACKET_LOWEST_SUPPORTED_VERSION 0x00
  31. #define EAPTLS_PACKET_CURRENT_VERSION 0x00
  32. typedef struct _EAPTLS_PACKET
  33. {
  34. BYTE bCode; // See EAPCODE_*
  35. BYTE bId; // Id of this packet
  36. BYTE pbLength[2]; // Length of this packet
  37. BYTE bType; // Should be PPP_EAP_TLS
  38. // (only for Request, Response)
  39. BYTE bFlags; // See EAPTLS_PACKET_FLAG_*
  40. // (only for Request, Response)
  41. BYTE pbData[1]; // Data
  42. // (only for Request, Response)
  43. } EAPTLS_PACKET;
  44. #define EAPTLS_PACKET_HDR_LEN (sizeof(EAPTLS_PACKET) - 1)
  45. // The largest EAP TLS header has 4 more octects for TLS blob size
  46. #define EAPTLS_PACKET_HDR_LEN_MAX (EAPTLS_PACKET_HDR_LEN + 4)
  47. // EAP TLS states
  48. typedef enum EAPTLS_STATE
  49. {
  50. EAPTLS_STATE_INITIAL,
  51. EAPTLS_STATE_SENT_START, // Server only
  52. EAPTLS_STATE_SENT_HELLO,
  53. EAPTLS_STATE_SENT_FINISHED,
  54. EAPTLS_STATE_RECD_FINISHED, // Client only
  55. EAPTLS_STATE_SENT_RESULT, // Server only
  56. EAPTLS_STATE_RECD_RESULT, // Client only
  57. EAPTLS_STATE_WAIT_FOR_USER_OK // Client only
  58. } EAPTLS_STATE;
  59. // Highest number we can handle
  60. #define EAPTLS_STATE_LIMIT EAPTLS_STATE_RECD_RESULT
  61. typedef struct _EAPTLS_HASH
  62. {
  63. DWORD cbHash; // Number of bytes in the hash
  64. BYTE pbHash[MAX_HASH_SIZE]; // The hash of a certificate
  65. } EAPTLS_HASH;
  66. // Values of the EAPTLS_CONN_PROPERTIES->fFlags field
  67. // Use a certificate on this machine
  68. #define EAPTLS_CONN_FLAG_REGISTRY 0x00000001
  69. // Do not validate server cert
  70. #define EAPTLS_CONN_FLAG_NO_VALIDATE_CERT 0x00000002
  71. // Do not Validate server name
  72. #define EAPTLS_CONN_FLAG_NO_VALIDATE_NAME 0x00000004
  73. // Send a different EAP Identity
  74. #define EAPTLS_CONN_FLAG_DIFF_USER 0x00000008
  75. // User simple cert selection logic
  76. #define EAPTLS_CONN_FLAG_SIMPLE_CERT_SEL 0x00000010
  77. #define EAPTLS_CONN_PROP_WATERMARK 0xBEEFFEEB
  78. //
  79. // EAPTLS_CONN_PROPERTIES + EAPTLS_CONN_PROPERTIES_V1_EXTRA
  80. // are send back to the calling application. However, internally
  81. // EAPTLS_CONN_PROPERTIES_V1 is used.
  82. //
  83. typedef struct _EAPTLS_CONN_PROPERTIES
  84. {
  85. DWORD dwVersion; //Version will be 1 for this release
  86. DWORD dwSize; // Number of bytes in this structure
  87. DWORD fFlags; // See EAPTLS_CONN_FLAG_*
  88. EAPTLS_HASH Hash; // Hash of the first certificate
  89. WCHAR awszServerName[1]; // server name of the first server
  90. } EAPTLS_CONN_PROPERTIES;
  91. //
  92. // This is a very messy way of doing things
  93. // but cannot help it because the verion
  94. // checking on the data structure was not
  95. // done to begin with. Hopefully some day
  96. // we will be able to get away from this
  97. // deal. Other part of the story is CM is
  98. // unable to create targetted connectoids.
  99. // So we have to carry this structure going
  100. // ahead unless CM is smart about targetted
  101. // connectoids.
  102. //
  103. // Additional stuff required in
  104. // version 1 of data structure
  105. //
  106. typedef struct _EAPTLS_CONN_PROPERTIES_V1_EXTRA
  107. {
  108. DWORD dwNumHashes; // Number of Hashes in the
  109. // structure including the one
  110. // in v0 struct above
  111. BYTE bData[1]; // Data - contains an array of
  112. // EAPTLS_HASH structures followed by
  113. // a string specifying server names
  114. // minus the first server
  115. }EAPTLS_CONN_PROPERTIES_V1_EXTRA;
  116. //The new v1.0 structure used internally
  117. typedef struct _EAPTLS_CONN_PROPERTIES_V1
  118. {
  119. DWORD dwVersion; // Version will be 1 for this release
  120. DWORD dwSize; // Number of bytes in this structure
  121. DWORD fFlags; // See EAPTLS_CONN_FLAG_*
  122. DWORD dwNumHashes; // Number of hash structures in the list
  123. BYTE bData[1]; // Data - contains an array of
  124. // EAPTLS_HASH structures followed by
  125. // a string specifying server name
  126. }EAPTLS_CONN_PROPERTIES_V1;
  127. // The old 'PIN must be saved' flag
  128. #define EAPTLS_USER_FLAG_OLD_SAVE_PIN 0x00000001
  129. // The PIN must be saved
  130. #define EAPTLS_USER_FLAG_SAVE_PIN 0x00000002
  131. typedef struct _EAPTLS_USER_PROPERTIES
  132. {
  133. DWORD reserved; // Must be 0 (compare with EAPLOGONINFO)
  134. DWORD dwVersion;
  135. DWORD dwSize; // Number of bytes in this structure
  136. DWORD fFlags; // See EAPTLS_USER_FLAG_*
  137. EAPTLS_HASH Hash; // Hash for the user certificate
  138. WCHAR* pwszDiffUser; // The EAP Identity to send
  139. DWORD dwPinOffset; // Offset in abData
  140. WCHAR* pwszPin; // The smartcard PIN
  141. USHORT usLength; // Part of UnicodeString
  142. USHORT usMaximumLength; // Part of UnicodeString
  143. UCHAR ucSeed; // To unlock the UnicodeString
  144. WCHAR awszString[1]; // Storage for pwszDiffUser and pwszPin
  145. } EAPTLS_USER_PROPERTIES;
  146. typedef struct _EAPTLS_PIN
  147. {
  148. WCHAR *pwszPin;
  149. USHORT usLength;
  150. USHORT usMaximumLength;
  151. UCHAR ucSeed;
  152. } EAPTLS_PIN;
  153. // Values of the EAPTLSCB->fFlags field
  154. // We are the server
  155. #define EAPTLSCB_FLAG_SERVER 0x00000001
  156. // We are a router
  157. #define EAPTLSCB_FLAG_ROUTER 0x00000002
  158. // The call is happening during logon
  159. #define EAPTLSCB_FLAG_LOGON 0x00000004
  160. // Negotiation is complete, and so far appears successful. A server may get a
  161. // TLS Alert message from the client at this point, in which case it will
  162. // realize that the negotiation was unsuccessful. However, a client never
  163. // changes its mind.
  164. #define EAPTLSCB_FLAG_SUCCESS 0x00000008
  165. // The peer has a large blob to send. So it has divided it into fragments
  166. #define EAPTLSCB_FLAG_RECEIVING_FRAGMENTS 0x00000010
  167. // Keeps track of whether we need to call FreeCredentialsHandle(hCredential)
  168. #define EAPTLSCB_FLAG_HCRED_INVALID 0x00000020
  169. // Keeps track of whether we need to call DeleteSecurityContext(hContext)
  170. #define EAPTLSCB_FLAG_HCTXT_INVALID 0x00000040
  171. // We are not allowed to display any UI
  172. #define EAPTLSCB_FLAG_NON_INTERACTIVE 0x00000080
  173. // This is the first link in a multilink bundle. This is not a callback.
  174. #define EAPTLSCB_FLAG_FIRST_LINK 0x00000100
  175. // The user data was obtained from Winlogon
  176. #define EAPTLSCB_FLAG_WINLOGON_DATA 0x00000200
  177. // We are doing Machine Authentication
  178. #define EAPTLSCB_FLAG_MACHINE_AUTH 0x00000400
  179. // We are providing guest access
  180. #define EAPTLSCB_FLAG_GUEST_ACCESS 0x00000800
  181. //We want to do something specific to 8021x auth
  182. #define EAPTLSCB_FLAG_8021X_AUTH 0x00001000
  183. //We are using cached credentials
  184. #define EAPTLSCB_FLAG_USING_CACHED_CREDS 0x00002000
  185. //We are running in PEAP context
  186. #define EAPTLSCB_FLAG_EXECUTING_PEAP 0x00004000
  187. //We are using default credentials on server side
  188. #define EAPTLSCB_FLAG_USING_DEFAULT_CREDS 0x00008000
  189. //Eaptls is hosted inside PEAP
  190. #define EAPTLSCB_FLAG_HOSTED_INSIDE_PEAP 0x00010000
  191. // The EAP TLS work buffer
  192. typedef struct _EAPTLS_CONTROL_BLOCK
  193. {
  194. EAPTLS_STATE EapTlsState;
  195. DWORD fFlags; // See EAPTLSCB_FLAG_*
  196. HANDLE hTokenImpersonateUser; // Client only
  197. WCHAR awszIdentity[UNLEN + 1];// Server only
  198. RAS_AUTH_ATTRIBUTE* pAttributes; // Username or MPPE key
  199. EAPTLS_CONN_PROPERTIES_V1* pConnProp; // Client only
  200. EAPTLS_CONN_PROPERTIES_V1 * pNewConnProp;// Client only
  201. EAPTLS_USER_PROPERTIES* pUserProp;
  202. // Client only, EAPTLSCB_FLAG_LOGON only
  203. BYTE* pUserData;
  204. DWORD dwSizeOfUserData;
  205. PCCERT_CONTEXT pCertContext; // Certificate context
  206. HCRYPTPROV hProv; // CSP Provider. Needed in case
  207. // of smart cards.
  208. CredHandle hCredential; // The credentials handle
  209. CtxtHandle hContext; // The context handle
  210. ULONG fContextReq; // Required context attributes
  211. BYTE* pbBlobIn; // TLS blob received from the peer
  212. DWORD cbBlobIn; // Number of bytes in the TLS blob
  213. // received from the peer
  214. DWORD cbBlobInBuffer; // Number of bytes allocated for the
  215. // pbBlobIn buffer
  216. DWORD dwBlobInRemining; // We are receiving fragments from
  217. // the peer and the peer has
  218. // promised to send dwBlobInRemining
  219. // more bytes
  220. BYTE* pbBlobOut; // TLS blob created for the peer
  221. DWORD cbBlobOut; // Number of bytes in the TLS blob
  222. // created for the peer
  223. DWORD cbBlobOutBuffer; // Number of bytes allocated for the
  224. // pbBlobOut buffer
  225. DWORD dwBlobOutOffset; // Pointer to the first byte in
  226. // pbBlobOut that has to be sent
  227. DWORD dwBlobOutOffsetNew; // Update dwBlobOutOffset to this
  228. // value when the peer confirms
  229. // receipt of the previous packet
  230. BYTE bCode; // bCode of the last packet sent
  231. BYTE bId; // bId of the last packet sent
  232. DWORD dwAuthResultCode; // The error code that we get when
  233. EAPTLS_PIN *pSavedPin;
  234. // the negotiation is complete
  235. HANDLE hEventLog;
  236. BYTE* pUIContextData;
  237. BYTE bNextId; // Saved when we raise UI
  238. EAPTLS_PACKET ReceivePacket; // Saved when we go off to get PIN
  239. } EAPTLSCB;
  240. typedef struct _EAPTLS_CERT_NODE EAPTLS_CERT_NODE;
  241. struct _EAPTLS_CERT_NODE
  242. {
  243. EAPTLS_CERT_NODE* pNext;
  244. EAPTLS_HASH Hash;
  245. WCHAR* pwszDisplayName;
  246. WCHAR* pwszFriendlyName;
  247. WCHAR* pwszIssuer;
  248. WCHAR* pwszExpiration;
  249. //
  250. // New fields added vivekk
  251. //
  252. FILETIME IssueDate;
  253. #if 0
  254. WCHAR* pwszIssuedTo;
  255. WCHAR* pwszIssuedBy;
  256. #endif
  257. };
  258. // Values of the EAPTLS_CONN_DIALOG->fFlags field
  259. // We are a router
  260. #define EAPTLS_CONN_DIALOG_FLAG_ROUTER 0x00000001
  261. #define EAPTLS_CONN_DIALOG_FLAG_READONLY 0x00000002
  262. typedef struct _EAPTLS_CONN_DIALOG
  263. {
  264. DWORD fFlags; // See
  265. // EAPTLS_CONN_DIALOG_FLAG_*
  266. EAPTLS_CERT_NODE* pCertList; //List of all the root certificates
  267. //from internet trusted root store
  268. EAPTLS_CERT_NODE** ppSelCertList; //List of pointers to selected certs.
  269. //will be as many as num hashes
  270. //in conn prop.
  271. EAPTLS_CONN_PROPERTIES* pConnProp; // ConfigData in phonebook
  272. EAPTLS_CONN_PROPERTIES_V1 * pConnPropv1; // Version 1.0 config data
  273. HWND hWndRadioUseCard;
  274. HWND hWndRadioUseRegistry;
  275. HWND hWndCheckValidateCert;
  276. HWND hWndCheckValidateName;
  277. HWND hWndEditServerName;
  278. HWND hWndStaticRootCaName;
  279. //HWND hWndComboRootCaName; //This will go away
  280. HWND hWndListRootCaName; //This is the new list
  281. HWND hWndCheckDiffUser;
  282. HWND hWndCheckUseSimpleSel;
  283. HWND hWndViewCertDetails;
  284. } EAPTLS_CONN_DIALOG;
  285. // Values of the EAPTLS_USER_DIALOG->fFlags field
  286. // We need to send a different EAP Identity
  287. #define EAPTLS_USER_DIALOG_FLAG_DIFF_USER 0x00000001
  288. // We need to change the title
  289. #define EAPTLS_USER_DIALOG_FLAG_DIFF_TITLE 0x00000002
  290. //USe simple cert selection
  291. #define EAPTLS_USER_DIALOG_FLAG_USE_SIMPLE_CERTSEL 0x00000004
  292. //
  293. // Nodes are grouped by displayname
  294. //
  295. typedef struct _EAPTLS_GROUPED_CERT_NODES EAPTLS_GROUPED_CERT_NODES;
  296. typedef struct _EAPTLS_GROUPED_CERT_NODES* PEAPTLS_GROUPED_CERT_NODES;
  297. struct _EAPTLS_GROUPED_CERT_NODES
  298. {
  299. PEAPTLS_GROUPED_CERT_NODES pNext;
  300. WCHAR* pwszDisplayName;
  301. //Most current one in the colation...
  302. EAPTLS_CERT_NODE* pMostRecentCert;
  303. };
  304. typedef struct _EAPTLS_USER_DIALOG
  305. {
  306. DWORD fFlags; // See
  307. // EAPTLS_USER_DIALOG_FLAG_*
  308. EAPTLS_CERT_NODE* pCertList;
  309. EAPTLS_CERT_NODE* pCert;
  310. PEAPTLS_GROUPED_CERT_NODES pGroupedList;
  311. EAPTLS_USER_PROPERTIES* pUserProp; // UserData in registry
  312. const WCHAR* pwszEntry;
  313. const WCHAR* pwszStoreName;
  314. BOOL fIdentity; //Identity UI is being shown here
  315. HWND hWndComboUserName;
  316. HWND hWndBtnViewCert;
  317. // These are required for the server's certificate selection
  318. HWND hWndEditFriendlyName;
  319. HWND hWndEditIssuer;
  320. HWND hWndEditExpiration;
  321. HWND hWndStaticDiffUser;
  322. HWND hWndEditDiffUser;
  323. } EAPTLS_USER_DIALOG;
  324. // Values of the EAPTLS_PIN_DIALOG->fFlags field
  325. // We need to send a different EAP Identity
  326. #define EAPTLS_PIN_DIALOG_FLAG_DIFF_USER 0x00000001
  327. // The UI is coming up before Logon
  328. #define EAPTLS_PIN_DIALOG_FLAG_LOGON 0x00000002
  329. #define EAPTLS_PIN_DIALOG_FLAG_ROUTER 0x00000004
  330. typedef struct _EAPTLS_PIN_DIALOG
  331. {
  332. DWORD fFlags; // See
  333. // EAPTLS_PIN_DIALOG_FLAG_*
  334. EAPTLS_USER_PROPERTIES* pUserProp; // UserData in registry
  335. const WCHAR* pwszEntry;
  336. PCCERT_CONTEXT pCertContext; //Certificate Context for selected certificate.
  337. DWORD dwRetCode; //Return Code of Validate PIN operation.
  338. HWND hWndStaticDiffUser;
  339. HWND hWndEditDiffUser;
  340. HWND hWndStaticPin;
  341. HWND hWndEditPin;
  342. } EAPTLS_PIN_DIALOG;
  343. #define NUM_CHARS_TITLE 100
  344. typedef struct _EAPTLS_VALIDATE_SERVER
  345. {
  346. DWORD dwSize;
  347. DWORD fShowCertDetails;
  348. EAPTLS_HASH Hash; //Hash of the root certificate to show details
  349. WCHAR awszTitle[NUM_CHARS_TITLE];
  350. WCHAR awszWarning[1];
  351. } EAPTLS_VALIDATE_SERVER;
  352. #ifdef ALLOC_EAPTLS_GLOBALS
  353. DWORD g_dwEapTlsTraceId = INVALID_TRACEID;
  354. int g_nEapTlsClientNextState[] =
  355. {
  356. EAPTLS_STATE_SENT_HELLO,
  357. EAPTLS_STATE_INITIAL, // Impossible
  358. EAPTLS_STATE_SENT_FINISHED,
  359. EAPTLS_STATE_RECD_FINISHED,
  360. EAPTLS_STATE_RECD_RESULT,
  361. EAPTLS_STATE_INITIAL, // Impossible
  362. EAPTLS_STATE_RECD_RESULT,
  363. EAPTLS_STATE_RECD_FINISHED
  364. };
  365. int g_nEapTlsServerNextState[] =
  366. {
  367. EAPTLS_STATE_SENT_START,
  368. EAPTLS_STATE_SENT_HELLO,
  369. EAPTLS_STATE_SENT_FINISHED,
  370. EAPTLS_STATE_SENT_RESULT,
  371. EAPTLS_STATE_INITIAL, // Impossible
  372. EAPTLS_STATE_SENT_RESULT,
  373. EAPTLS_STATE_INITIAL, // Impossible
  374. EAPTLS_STATE_INITIAL, // Impossible
  375. };
  376. CHAR *g_szEapTlsState[] =
  377. {
  378. "Initial",
  379. "SentStart",
  380. "SentHello",
  381. "SentFinished",
  382. "RecdFinished",
  383. "SentResult",
  384. "RecdResult",
  385. "WaitForUserOK",
  386. };
  387. #else // !ALLOC_EAPTLS_GLOBALS
  388. extern DWORD g_dwEapTlsTraceId;
  389. #endif // ALLOC_EAPTLS_GLOBALS
  390. // Prototypes for functions in util.c
  391. VOID
  392. EapTlsTrace(
  393. IN CHAR* Format,
  394. ...
  395. );
  396. DWORD
  397. EapTlsInitialize2(
  398. IN BOOL fInitialize,
  399. IN BOOL fUI
  400. );
  401. DWORD
  402. EapTlsInitialize(
  403. IN BOOL fInitialize
  404. );
  405. VOID
  406. EncodePin(
  407. IN EAPTLS_USER_PROPERTIES* pUserProp
  408. );
  409. VOID
  410. DecodePin(
  411. IN EAPTLS_USER_PROPERTIES* pUserProp
  412. );
  413. BOOL
  414. FFormatMachineIdentity1 (
  415. LPWSTR lpszMachineNameRaw,
  416. LPWSTR * lppszMachineNameFormatted );
  417. BOOL
  418. FFormatMachineIdentity (
  419. IN LPWSTR lpszMachineNameRaw,
  420. OUT LPWSTR * lppszMachineNameFormatted );
  421. BOOL
  422. FCertToStr(
  423. IN PCCERT_CONTEXT pCertContext,
  424. IN DWORD fFlags,
  425. IN BOOL fMachineCert,
  426. OUT WCHAR** ppwszName
  427. );
  428. BOOL
  429. FMachineAuthCertToStr (
  430. IN PCCERT_CONTEXT pCertContext,
  431. OUT WCHAR ** ppwszName
  432. );
  433. BOOL
  434. FGetFriendlyName(
  435. IN PCCERT_CONTEXT pCertContext,
  436. OUT WCHAR** ppwszName
  437. );
  438. BOOL
  439. FSmartCardReaderInstalled(
  440. VOID
  441. );
  442. DWORD DwGetEKUUsage (
  443. IN PCCERT_CONTEXT pCertContext,
  444. OUT PCERT_ENHKEY_USAGE * ppUsage
  445. );
  446. BOOL
  447. FCheckSCardCertAndCanOpenSilentContext (
  448. IN PCCERT_CONTEXT pCertContext
  449. );
  450. BOOL
  451. FCheckUsage(
  452. IN PCCERT_CONTEXT pCertContext,
  453. IN PCERT_ENHKEY_USAGE pUsage,
  454. IN BOOL fMachine
  455. );
  456. BOOL
  457. FCheckCSP(
  458. IN PCCERT_CONTEXT pCertContext
  459. );
  460. BOOL
  461. FCheckTimeValidity(
  462. IN PCCERT_CONTEXT pCertContext
  463. );
  464. DWORD DwCheckCertPolicy (
  465. IN PCCERT_CONTEXT pCertContextUser,
  466. OUT PCCERT_CHAIN_CONTEXT * ppCertChainContext
  467. );
  468. DWORD
  469. GetRootCertHashAndNameVerifyChain(
  470. IN PCERT_CONTEXT pCertContextServer,
  471. OUT EAPTLS_HASH* pHash,
  472. OUT WCHAR** ppwszName,
  473. IN BOOL fVerifyGP,
  474. OUT BOOL * pfRootCheckRequired
  475. );
  476. DWORD
  477. ServerConfigDataIO(
  478. IN BOOL fRead,
  479. IN WCHAR* pwszMachineName,
  480. IN OUT BYTE** ppData,
  481. IN DWORD dwNumBytes
  482. );
  483. VOID
  484. FreeCertList(
  485. IN EAPTLS_CERT_NODE* pNode
  486. );
  487. VOID
  488. CreateCertList(
  489. IN BOOL fServer,
  490. IN BOOL fRouter,
  491. IN BOOL fRoot,
  492. OUT EAPTLS_CERT_NODE** ppCertList,
  493. OUT EAPTLS_CERT_NODE** ppCert,
  494. IN DWORD dwNumHashStructs,
  495. IN EAPTLS_HASH* pHash,
  496. IN WCHAR* pwszStoreName
  497. );
  498. DWORD
  499. GetDefaultClientMachineCert(
  500. IN HCERTSTORE hCertStore,
  501. OUT PCCERT_CONTEXT* ppCertContext
  502. );
  503. DWORD
  504. GetDefaultMachineCert(
  505. IN HCERTSTORE hCertStore,
  506. OUT PCCERT_CONTEXT* ppCertContext
  507. );
  508. DWORD
  509. GetCertFromLogonInfo(
  510. IN BYTE* pUserDataIn,
  511. IN DWORD dwSizeOfUserDataIn,
  512. OUT PCCERT_CONTEXT* ppCertContext
  513. );
  514. DWORD
  515. GetIdentityFromLogonInfo(
  516. IN BYTE* pUserDataIn,
  517. IN DWORD dwSizeOfUserDataIn,
  518. OUT WCHAR** ppwszIdentity
  519. );
  520. DWORD
  521. ReadConnectionData(
  522. IN BOOL fWireless,
  523. IN BYTE* pConnectionDataIn,
  524. IN DWORD dwSizeOfConnectionDataIn,
  525. OUT EAPTLS_CONN_PROPERTIES** ppConnProp
  526. );
  527. DWORD
  528. ReadUserData(
  529. IN BYTE* pUserDataIn,
  530. IN DWORD dwSizeOfUserDataIn,
  531. OUT EAPTLS_USER_PROPERTIES** ppUserProp
  532. );
  533. DWORD
  534. AllocUserDataWithNewIdentity(
  535. IN EAPTLS_USER_PROPERTIES* pUserProp,
  536. IN WCHAR* pwszIdentity,
  537. OUT EAPTLS_USER_PROPERTIES** ppUserProp
  538. );
  539. DWORD
  540. AllocUserDataWithNewPin(
  541. IN EAPTLS_USER_PROPERTIES* pUserProp,
  542. IN PBYTE pbzPin,
  543. IN DWORD cbPin,
  544. OUT EAPTLS_USER_PROPERTIES** ppUserProp
  545. );
  546. WCHAR*
  547. WszFromId(
  548. IN HINSTANCE hInstance,
  549. IN DWORD dwStringId
  550. );
  551. // Prototypes for functions in eaptls.c
  552. DWORD
  553. EapTlsBegin(
  554. OUT VOID** ppWorkBuffer,
  555. IN PPP_EAP_INPUT* pPppEapInput
  556. );
  557. DWORD
  558. EapTlsEnd(
  559. IN EAPTLSCB* pEapTlsCb
  560. );
  561. DWORD
  562. EapTlsMakeMessage(
  563. IN EAPTLSCB* pEapTlsCb,
  564. IN PPP_EAP_PACKET* pInput,
  565. OUT PPP_EAP_PACKET* pOutput,
  566. IN DWORD cbSendPacket,
  567. OUT PPP_EAP_OUTPUT* pEapOutput,
  568. IN PPP_EAP_INPUT* pEapInput
  569. );
  570. DWORD
  571. GetCredentials(
  572. IN EAPTLSCB* pEapTlsCb
  573. );
  574. DWORD
  575. EapTlsCMakeMessage(
  576. IN EAPTLSCB* pEapTlsCb,
  577. IN EAPTLS_PACKET* pReceivePacket,
  578. OUT EAPTLS_PACKET* pSendPacket,
  579. IN DWORD cbSendPacket,
  580. OUT PPP_EAP_OUTPUT* pEapOutput,
  581. IN PPP_EAP_INPUT* pEapInput
  582. );
  583. DWORD
  584. EapTlsSMakeMessage(
  585. IN EAPTLSCB* pEapTlsCb,
  586. IN EAPTLS_PACKET* pReceivePacket,
  587. OUT EAPTLS_PACKET* pSendPacket,
  588. IN DWORD cbSendPacket,
  589. OUT PPP_EAP_OUTPUT* pEapOutput,
  590. IN PPP_EAP_INPUT* pEapInput
  591. );
  592. // Prototypes for functions in scard.c
  593. DWORD
  594. GetCertFromCard(
  595. OUT PCCERT_CONTEXT* ppCertContext
  596. );
  597. VOID
  598. FreeScardDlgDll(
  599. VOID
  600. );
  601. // Prototypes for functions in eapui.cpp
  602. HINSTANCE
  603. GetHInstance(
  604. VOID
  605. );
  606. // Prototypes for functions in dialog.c
  607. VOID
  608. GetString(
  609. IN HWND hwndParent,
  610. IN UINT ID,
  611. IN OUT WCHAR** ppwszString
  612. );
  613. //
  614. //Prototypes in eaptls.c
  615. //
  616. DWORD
  617. AssociatePinWithCertificate(
  618. IN PCCERT_CONTEXT pCertContext,
  619. IN EAPTLS_USER_PROPERTIES* pUserProp,
  620. IN BOOL fErarePIN,
  621. IN BOOL fCheckNullPin,
  622. IN OUT HCRYPTPROV * phProv
  623. );
  624. DWORD EncryptData
  625. (
  626. IN PBYTE pbPlainData,
  627. IN DWORD cbPlainData,
  628. OUT PBYTE * ppEncData,
  629. OUT DWORD * pcbEncData
  630. );
  631. //
  632. // Prototypes of functions in util.c
  633. //
  634. DWORD GetMBytePIN ( WCHAR * pwszPIN, CHAR ** ppszPIN );
  635. DWORD VerifyCallerTrust ( void * callersaddress );
  636. #if 0
  637. //
  638. //This function get's the hash blob
  639. //deposited by Group Policy in the registry
  640. //
  641. DWORD
  642. ReadGPCARootHashes(
  643. DWORD *pdwSizeOfRootHashBlob,
  644. PBYTE *ppbRootHashBlob
  645. );
  646. #endif
  647. //
  648. // These functions are around the cludgy
  649. // CONN PROP structure.
  650. //
  651. EAPTLS_CONN_PROPERTIES_V1_EXTRA UNALIGNED * ConnPropGetExtraPointer (EAPTLS_CONN_PROPERTIES * pConnProp);
  652. DWORD ConnPropGetNumHashes(EAPTLS_CONN_PROPERTIES * pConnProp );
  653. void ConnPropSetNumHashes(EAPTLS_CONN_PROPERTIES * pConnProp, DWORD dwNumHashes );
  654. DWORD ConnPropGetV1Struct ( EAPTLS_CONN_PROPERTIES * pConnProp, EAPTLS_CONN_PROPERTIES_V1 ** ppConnPropv1 );
  655. DWORD ConnPropGetV0Struct ( EAPTLS_CONN_PROPERTIES_V1 * pConnPropv1, EAPTLS_CONN_PROPERTIES ** ppConnProp );
  656. void ShowCertDetails ( HWND hWnd, HCERTSTORE hStore, PCCERT_CONTEXT pCertContext);
  657. //////////////////////////All Peap Related Declarations /////////////////////
  658. //
  659. // PEAP Message Types
  660. //
  661. //
  662. //TBD: Check with IANA ( ashwinp ) what the type will be.
  663. #define PEAP_TYPE_AVP 0x21
  664. //
  665. // TLV Format is:
  666. // Flags - 2bits
  667. // Type - 14 bits
  668. // Length - 2 octets
  669. // Value - Variable
  670. //
  671. // TLV Flags
  672. //
  673. #define PEAP_AVP_FLAG_MANDATORY 0x80
  674. //
  675. // TLV types are of following types
  676. //
  677. // Status TLV. Tell's if the outcome of the EAP is success
  678. // or failure.
  679. //
  680. #define MS_PEAP_AVP_LANGUAGE_NEGOTIATE 0x01
  681. #define MS_PEAP_AVP_CIPHERSUITE_NEGOTIATE 0x02
  682. #define MS_PEAP_AVP_TYPE_STATUS 0x03
  683. //
  684. // Values possible in Status AVP
  685. //
  686. #define MS_PEAP_AVP_VALUE_SUCCESS 0x1
  687. #define MS_PEAP_AVP_VALUE_FAILURE 0x2
  688. // PEAP Reg Keys
  689. #define PEAP_KEY_25 L"System\\CurrentControlSet\\Services\\Rasman\\PPP\\EAP\\25"
  690. #define PEAP_VAL_SERVER_CONFIG_DATA L"ServerConfigData"
  691. //
  692. // This key is required for include only MSCHAPv2. IF this is missing all protocols will be included in PEAP
  693. // except PEAP itself
  694. //
  695. #define PEAP_KEY_PEAP L"System\\CurrentControlSet\\Services\\Rasman\\PPP\\EAP\\25"
  696. #define PEAP_CRIPPLE_VALUE L"EAPMschapv2Only"
  697. #define PEAP_KEY_EAP L"System\\CurrentControlSet\\Services\\Rasman\\PPP\\EAP"
  698. #define PEAP_REGVAL_PATH L"Path"
  699. #define PEAP_REGVAL_FRIENDLYNAME L"FriendlyName"
  700. #define PEAP_REGVAL_CONFIGDLL L"ConfigUIPath"
  701. #define PEAP_REGVAL_IDENTITYDLL L"IdentityPath"
  702. #define PEAP_REGVAL_INTERACTIVEUIDLL L"InteractiveUIPath"
  703. #define PEAP_REGVAL_CONFIGCLSID L"ConfigCLSID"
  704. #define PEAP_REGVAL_ROLESSUPPORTED L"RolesSupported"
  705. #define PEAP_REGVAL_STANDALONESUPPORTED L"StandAloneSupported"
  706. #define PEAP_EAPTYPE_IDENTITY 1
  707. #define PEAP_EAPTYPE_NAK 3
  708. typedef DWORD (APIENTRY * RASEAPFREE)( PBYTE );
  709. typedef DWORD (APIENTRY * RASEAPINVOKECONFIGUI)( DWORD, HWND, DWORD, PBYTE, DWORD, PBYTE*, DWORD*);
  710. typedef DWORD (APIENTRY * RASEAPGETIDENTITY)( DWORD, HWND, DWORD, const WCHAR*, const WCHAR*, PBYTE, DWORD, PBYTE, DWORD, PBYTE*, DWORD*, WCHAR** );
  711. typedef DWORD (APIENTRY * RASEAPINVOKEINTERACTIVEUI)(
  712. DWORD,
  713. HWND,
  714. PBYTE,
  715. DWORD,
  716. PBYTE *,
  717. DWORD *);
  718. //List of all EAP types allowed in PEAP
  719. typedef struct _PEAP_EAP_INFO PEAP_EAP_INFO;
  720. typedef struct _PEAP_EAP_INFO* PPEAP_EAP_INFO;
  721. struct _PEAP_EAP_INFO
  722. {
  723. //Next one in the list
  724. PPEAP_EAP_INFO pNext;
  725. //Type
  726. DWORD dwTypeId;
  727. // Path of the protocol DLL
  728. LPWSTR lpwszPath;
  729. //Friendly Name
  730. LPWSTR lpwszFriendlyName;
  731. //Configuration UI path for client
  732. LPWSTR lpwszConfigUIPath;
  733. //Identity UI path
  734. LPWSTR lpwszIdentityUIPath;
  735. //Interactive UI path
  736. LPWSTR lpwszInteractiveUIPath;
  737. //Configuration GUID
  738. LPWSTR lpwszConfigClsId;
  739. //Stand Alone supported?
  740. DWORD dwStandAloneSupported;
  741. //Library HAndle
  742. HMODULE hEAPModule;
  743. //Eap Info for each EAP Type
  744. PPP_EAP_INFO PppEapInfo;
  745. //Work buffer for each eap type
  746. PBYTE pWorkBuf;
  747. // Original Client Config from PEAP blob
  748. PBYTE pbClientConfigOrig;
  749. // Client Config Length
  750. DWORD dwClientConfigOrigSize;
  751. // New client config
  752. PBYTE pbNewClientConfig;
  753. // New client config length
  754. DWORD dwNewClientConfigSize;
  755. // Original User Config information
  756. PBYTE pbUserConfigOrig;
  757. // Original size of user configuration
  758. DWORD dwUserConfigOrigSize;
  759. // New user config
  760. PBYTE pbUserConfigNew;
  761. // New user config size
  762. DWORD dwNewUserConfigSize;
  763. //
  764. DWORD (APIENTRY *RasEapGetCredentials)(
  765. IN DWORD dwTypeId,
  766. IN VOID * pWorkBuf,
  767. OUT VOID ** pInfo);
  768. //There will be more items in this node...
  769. };
  770. typedef enum _PEAP_STATE
  771. {
  772. PEAP_STATE_INITIAL,
  773. PEAP_STATE_TLS_INPROGRESS, // PEAP-Part 1 (TLS) is being executed
  774. PEAP_WAITING_FOR_IDENTITY, // Client should expect and identity request
  775. // server should send identity request
  776. PEAP_STATE_IDENTITY_REQUEST_SENT, // identity request send by server
  777. PEAP_STATE_IDENTITY_RESPONSE_SENT, // identity response send to server
  778. PEAP_STATE_EAP_TYPE_INPROGRESS, // PEAP-Part 2 (Embedded EAP) is being
  779. // executed
  780. PEAP_STATE_EAP_TYPE_FINISHED, // sever should send identity request
  781. PEAP_STATE_PEAP_SUCCESS_SEND, // server send PEAP success request
  782. PEAP_STATE_PEAP_FAIL_SEND, // server send PEAP fail request
  783. PEAP_STATE_FAST_ROAMING_IDENTITY_REQUEST// client is not setup to do fast roaming
  784. // and the server send a roaming success
  785. // we replied with fail and are now expecting
  786. // an identity request from server.
  787. } PEAP_STATE;
  788. //
  789. // connection properties for
  790. // each of the peap entries
  791. //
  792. typedef struct _PEAP_ENTRY_CONN_PROPERTIES
  793. {
  794. DWORD dwVersion; //Version will be 1 for this release
  795. DWORD dwSize; //Number of bytes in this structure
  796. DWORD dwEapTypeId; //TypeId for this Entry Properties
  797. BYTE bData[1]; //Actual conn properties for the given
  798. //Type Id
  799. }PEAP_ENTRY_CONN_PROPERTIES, *PPEAP_ENTRY_CONN_PROPERTIES;
  800. //
  801. // This structure holds EapTlsConn Prop along with
  802. // each configured eap type.
  803. //
  804. // Allow fast roaming
  805. #define PEAP_CONN_FLAG_FAST_ROAMING 0x00000001
  806. typedef struct _PEAP_CONN_PROPERTIES
  807. {
  808. //Version will be 1 for this release
  809. DWORD dwVersion;
  810. //
  811. //Number of bytes in this structure
  812. //
  813. DWORD dwSize;
  814. //Number of types configured in this PEAP
  815. //For now there is only one.
  816. DWORD dwNumPeapTypes;
  817. //Flags
  818. DWORD dwFlags;
  819. //Tls Connection Properties to start with - This is a variable length structure
  820. EAPTLS_CONN_PROPERTIES_V1 EapTlsConnProp;
  821. //Array of PPEAP_ENTRY_CONN_PROPERTIES follows here
  822. }PEAP_CONN_PROP, *PPEAP_CONN_PROP;
  823. //
  824. // Default credentials for eaptypes that dont expose
  825. // identity UI
  826. //
  827. typedef struct _PEAP_DEFAULT_CREDENTIALS
  828. {
  829. WCHAR wszUserName[UNLEN+1];
  830. WCHAR wszPassword[PWLEN+1];
  831. WCHAR wszDomain[DNLEN+1];
  832. }PEAP_DEFAULT_CREDENTIALS, *PPEAP_DEFAULT_CREDENTIALS;
  833. //
  834. // user properties for
  835. // each of the peap entries
  836. //
  837. typedef struct _PEAP_ENTRY_USER_PROPERTIES
  838. {
  839. DWORD dwVersion; //Version will be 1 for this release
  840. DWORD dwSize; //Number of bytes in this structure
  841. DWORD dwEapTypeId; //TypeId for this Entry Properties
  842. BOOL fUsingPeapDefault; //Default Identity provided by PEAP is being used.
  843. BYTE bData[1]; //Actual User properties for the given
  844. //Type Id
  845. }PEAP_ENTRY_USER_PROPERTIES, *PPEAP_ENTRY_USER_PROPERTIES;
  846. // Allow fast roaming
  847. #define PEAP_USER_FLAG_FAST_ROAMING 0x00000001
  848. typedef struct _PEAP_USER_PROPERTIES_V1
  849. {
  850. //Version will be 1 for this release
  851. DWORD dwVersion;
  852. //Number of bytes in this structure
  853. DWORD dwSize;
  854. //Flags
  855. DWORD dwFlags;
  856. //Hash for user certificate
  857. EAPTLS_HASH CertHash;
  858. // User properties for an entry
  859. PEAP_ENTRY_USER_PROPERTIES UserProperties;
  860. //
  861. // Array of PEAP_ENTRY_USER_PROPERTIES for each eap type.
  862. // should be as many as dwNumPeapTypes in PEAP_CONN_PROP
  863. // structure
  864. // For now there is only one element...
  865. }PEAP_USER_PROP_V1, *PPEAP_USER_PROP_V1;
  866. //
  867. // Current USER Properties structure.
  868. //
  869. typedef struct _PEAP_USER_PROPERTIES
  870. {
  871. //Version will be 2 for this release
  872. DWORD dwVersion;
  873. //Number of bytes in this structure
  874. DWORD dwSize;
  875. //Flags
  876. DWORD dwFlags;
  877. //Hash for user certificate
  878. EAPTLS_HASH CertHash;
  879. //Number of entries for this PEAP config
  880. DWORD dwNumberOfEntries;
  881. // User properties for an entry
  882. PEAP_ENTRY_USER_PROPERTIES UserProperties;
  883. //
  884. // Array of PEAP_ENTRY_USER_PROPERTIES for each eap type.
  885. // should be as many as dwNumPeapTypes in PEAP_CONN_PROP
  886. // structure
  887. // For now there is only one element...
  888. }PEAP_USER_PROP, *PPEAP_USER_PROP;
  889. // We are a router
  890. #define PEAP_CONN_DIALOG_FLAG_ROUTER 0x00000001
  891. #define PEAP_CONN_DIALOG_FLAG_8021x 0x00000002
  892. typedef struct _PEAP_CONN_DIALOG
  893. {
  894. DWORD fFlags; // See
  895. // PEAP_CONN_DIALOG_FLAG_*
  896. EAPTLS_CERT_NODE* pCertList; //List of all the root certificates
  897. //from internet trusted root store
  898. EAPTLS_CERT_NODE** ppSelCertList; //List of pointers to selected certs.
  899. //will be as many as num hashes
  900. //in conn prop.
  901. PPEAP_CONN_PROP pConnProp;
  902. PPEAP_EAP_INFO pEapInfo; //List of all the PEAP Eap Types
  903. PPEAP_EAP_INFO pSelEapInfo; //Selected Peap Type
  904. HWND hWndCheckValidateCert;
  905. HWND hWndCheckValidateName;
  906. HWND hWndEditServerName;
  907. HWND hWndStaticRootCaName;
  908. HWND hWndListRootCaName;
  909. HWND hWndComboPeapType;
  910. HWND hWndButtonConfigure;
  911. HWND hWndCheckEnableFastReconnect;
  912. } PEAP_CONN_DIALOG, *PPEAP_CONN_DIALOG;
  913. typedef struct _PEAP_SERVER_CONFIG_DIALOG
  914. {
  915. EAPTLS_CERT_NODE* pCertList; //List of all certificates in MY machine
  916. //store
  917. EAPTLS_CERT_NODE* pSelCertList; //List of selected cert.
  918. PPEAP_USER_PROP pUserProp; //User properties
  919. PPEAP_USER_PROP pNewUserProp; //New USer Properties
  920. PPEAP_EAP_INFO pEapInfo; //List of all the PEAP Eap Types
  921. PPEAP_EAP_INFO pSelEapInfo; //Selected Peap Type
  922. LPWSTR pwszMachineName;
  923. BOOL fStandAloneMachine; //Stand Alone Machine
  924. HWND hWndComboServerName;
  925. HWND hWndEditFriendlyName;
  926. HWND hWndEditIssuer;
  927. HWND hWndEditExpiration;
  928. HWND hWndListPeapType;
  929. HWND hWndBtnAdd;
  930. HWND hWndBtnEdit;
  931. HWND hWndBtnRemove;
  932. HWND hWndBtnMoveUp;
  933. HWND hWndBtnMoveDown;
  934. HWND hEndEnableFastReconnect;
  935. }PEAP_SERVER_CONFIG_DIALOG, *PPEAP_SERVER_CONFIG_DIALOG;
  936. typedef struct _PEAP_DEFAULT_CRED_DIALOG
  937. {
  938. PEAP_DEFAULT_CREDENTIALS PeapDefaultCredentials;
  939. HWND hWndUserName;
  940. HWND hWndPassword;
  941. HWND hWndDomain;
  942. }PEAP_DEFAULT_CRED_DIALOG, *PPEAP_DEFAULT_CRED_DIALOG;
  943. typedef struct _PEAP_INTERACTIVE_UI
  944. {
  945. DWORD dwEapTypeId; // Embedded Eap Type Id requesting
  946. // interactive UI
  947. DWORD dwSizeofUIContextData;
  948. BYTE bUIContextData[1];
  949. }PEAP_INTERACTIVE_UI, *PPEAP_INTERACTIVE_UI;
  950. typedef struct _PEAP_COOKIE_ATTRIBUTE
  951. {
  952. RAS_AUTH_ATTRIBUTE_TYPE raaType;
  953. DWORD dwLength;
  954. BYTE Data[1];
  955. }PEAP_COOKIE_ATTRIBUTE, *PPEAP_COOKIE_ATTRIBUTE;
  956. typedef struct _PEAP_COOKIE
  957. {
  958. WCHAR awszIdentity[DNLEN+UNLEN+1]; // Outer Identity that was used for
  959. // authentication.
  960. DWORD dwNumAuthAttribs; // Number of Ras Auth Attributes
  961. // other than MPPE keys
  962. // returned when auth succeeded
  963. // with full handshake
  964. BYTE Data[1]; // Data Conn Props + RAS Auth Attribs
  965. }PEAP_COOKIE, *PPEAP_COOKIE;
  966. //PEAP Flags
  967. #define PEAPCB_FLAG_SERVER 0x00000001 // This is a server
  968. #define PEAPCB_FLAG_ROUTER 0x00000002 // This is a router
  969. #define PEAPCB_FLAG_NON_INTERACTIVE 0x00000004 // No UI should be displayed
  970. #define PEAPCB_FLAG_LOGON 0x00000008 // The user data was
  971. // obtained from Winlogon
  972. #define PEAPCB_FLAG_PREVIEW 0x00000010 // User has checked
  973. // "Prompt for information
  974. // before dialing"
  975. #define PEAPCB_FLAG_FIRST_LINK 0x00000020 // This is the first link
  976. #define PEAPCB_FLAG_MACHINE_AUTH 0x00000040 // Use the default machine cert
  977. // or user cert based on the
  978. // application logon context
  979. #define PEAPCB_FLAG_GUEST_ACCESS 0x00000080 // Request to provide guest
  980. // access.
  981. #define PEAPCB_FLAG_8021X_AUTH 0x00000100 // Anything specific to 8021x
  982. // to be done in TLS
  983. #define PEAPCB_VERSION_OK 0x00000200 // version negotiation took place
  984. // and all's ok.
  985. #define PEAPCB_FAST_ROAMING 0x00000400 // Allow fast roaming
  986. typedef struct _PEAP_CONTROL_BLOCK
  987. {
  988. PEAP_STATE PeapState; //Current Peap State
  989. DWORD dwFlags; //Peap Flags
  990. HANDLE hTokenImpersonateUser; //Impersonation token.
  991. BYTE bId; //Peap Packet Id
  992. WCHAR awszIdentity[DNLEN+ UNLEN + 1];
  993. WCHAR awszTypeIdentity[DNLEN+ UNLEN + 1];
  994. WCHAR awszPassword[PWLEN+1]; //Type's password if
  995. //send in.
  996. BOOL fTlsConnPropDirty; //Need to save the TLS Conn prop
  997. EAPTLS_CONN_PROPERTIES_V1 * pNewTlsConnProp;
  998. BOOL fEntryConnPropDirty;
  999. PPEAP_CONN_PROP pConnProp; //Peap Connection Prop
  1000. BOOL fTlsUserPropDirty; //Need to saveTLS user prop
  1001. BOOL fEntryUserPropDirty;
  1002. DWORD dwAuthResultCode; //Result of authentication
  1003. BOOL fFastReconnectedSession; //The session fast reconnected
  1004. BOOL fReceivedTLVSuccessFail; //Received a TLV instead of
  1005. //a real success or failure
  1006. BOOL fSendTLVSuccessforFastRoaming;
  1007. PPP_EAP_PACKET * pPrevReceivePacket; //Previously received packet
  1008. WORD cbPrevReceivePacket; //Number of bytes in previously
  1009. //received packet
  1010. PBYTE pPrevDecData; //Previously Decrypted packet data
  1011. WORD cbPrevDecData; //Data size
  1012. //
  1013. // Encryption related entries in the control block
  1014. //
  1015. HCRYPTPROV hProv; //CryptoProvider
  1016. //
  1017. // following info is used if we use TLS to do encryption
  1018. // This is the desired way of doing things since the cipher suite
  1019. // is negotiated within TLS
  1020. SecPkgContext_StreamSizes PkgStreamSizes;
  1021. SecPkgContext_ConnectionInfo PkgConnInfo;
  1022. PBYTE pbIoBuffer;
  1023. DWORD dwIoBufferLen; //Enc or Dec Data Length
  1024. PPEAP_USER_PROP pUserProp; //Peap User Prop
  1025. RAS_AUTH_ATTRIBUTE * pTlsUserAttributes; //User Attributes send
  1026. //back by EAPTLS
  1027. RAS_AUTH_ATTRIBUTE * pTypeUserAttributes; //User Attributes send
  1028. //back by embedded EAP Type
  1029. RAS_AUTH_ATTRIBUTE * pFinalUserAttributes; //Combination of both TLS and Type
  1030. //User attributes.
  1031. PPEAP_INTERACTIVE_UI pUIContextData; //UI context Data for an eap type
  1032. BOOL fInvokedInteractiveUI; //PEAP has invoked interactive UI
  1033. BOOL fExecutingInteractiveUI;
  1034. EAPTLSCB * pEapTlsCB; //Tls Control Block
  1035. PPEAP_EAP_INFO pEapInfo; //Eap info - that is currently
  1036. //in use
  1037. }PEAPCB, * PPEAPCB;
  1038. DWORD
  1039. EapPeapInitialize(
  1040. IN BOOL fInitialize
  1041. );
  1042. DWORD
  1043. EapPeapBegin(
  1044. OUT VOID** ppWorkBuffer,
  1045. IN PPP_EAP_INPUT* pPppEapInput
  1046. );
  1047. DWORD
  1048. EapPeapEnd(
  1049. IN PPEAPCB pPeapCb
  1050. );
  1051. DWORD
  1052. EapPeapMakeMessage(
  1053. IN PPEAPCB pPeapCb,
  1054. IN PPP_EAP_PACKET* pInput,
  1055. OUT PPP_EAP_PACKET* pOutput,
  1056. IN DWORD cbSendPacket,
  1057. OUT PPP_EAP_OUTPUT* pEapOutput,
  1058. IN PPP_EAP_INPUT* pEapInput
  1059. );
  1060. DWORD
  1061. EapPeapCMakeMessage(
  1062. IN PPEAPCB pPeapCb,
  1063. IN PPP_EAP_PACKET* pReceivePacket,
  1064. OUT PPP_EAP_PACKET* pSendPacket,
  1065. IN DWORD cbSendPacket,
  1066. OUT PPP_EAP_OUTPUT* pEapOutput,
  1067. IN PPP_EAP_INPUT* pEapInput
  1068. );
  1069. DWORD
  1070. EapPeapSMakeMessage(
  1071. IN PPEAPCB pPeapCb,
  1072. IN PPP_EAP_PACKET* pReceivePacket,
  1073. OUT PPP_EAP_PACKET* pSendPacket,
  1074. IN DWORD cbSendPacket,
  1075. OUT PPP_EAP_OUTPUT* pEapOutput,
  1076. IN PPP_EAP_INPUT* pEapInput
  1077. );
  1078. //Peap functions from util.c
  1079. DWORD
  1080. PeapReadConnectionData(
  1081. IN BOOL fWireless,
  1082. IN BYTE* pConnectionDataIn,
  1083. IN DWORD dwSizeOfConnectionDataIn,
  1084. OUT PPEAP_CONN_PROP* ppConnProp
  1085. );
  1086. DWORD
  1087. PeapReadUserData(
  1088. IN BOOL fServer,
  1089. IN BYTE* pUserDataIn,
  1090. IN DWORD dwSizeOfUserDataIn,
  1091. OUT PPEAP_USER_PROP* ppUserProp
  1092. );
  1093. DWORD
  1094. PeapVerifyUserData(
  1095. PPEAP_EAP_INFO pEapInfo,
  1096. PPEAP_USER_PROP pUserProp,
  1097. PPEAP_USER_PROP * ppNewUserProp
  1098. );
  1099. DWORD
  1100. PeapReDoUserData (
  1101. IN DWORD dwNewTypeId,
  1102. OUT PPEAP_USER_PROP* ppNewUserProp
  1103. );
  1104. DWORD
  1105. PeapEapInfoAddListNode (PPEAP_EAP_INFO * ppEapInfo);
  1106. VOID
  1107. PeapEapInfoFreeList ( PPEAP_EAP_INFO pEapInfo );
  1108. DWORD
  1109. PeapEapInfoExpandSZ (HKEY hkeyPeapType,
  1110. LPWSTR pwszValue,
  1111. LPWSTR * ppValueData );
  1112. DWORD
  1113. PeapEapInfoGetList ( LPWSTR lpwszMachineName,
  1114. BOOL fCheckDomainMembership,
  1115. PPEAP_EAP_INFO * ppEapInfo
  1116. );
  1117. DWORD
  1118. PeapEapInfoSetConnData ( PPEAP_EAP_INFO pEapInfo, PPEAP_CONN_PROP pPeapConnProp );
  1119. DWORD PeapEapInfoInvokeClientConfigUI ( HWND hWndParent,
  1120. PPEAP_EAP_INFO pEapInfo,
  1121. DWORD fFlags);
  1122. DWORD
  1123. PeapGetFirstEntryConnProp ( PPEAP_CONN_PROP pConnProp,
  1124. PEAP_ENTRY_CONN_PROPERTIES UNALIGNED ** ppEntryProp
  1125. );
  1126. DWORD
  1127. PeapGetFirstEntryUserProp ( PPEAP_USER_PROP pUserProp,
  1128. PEAP_ENTRY_USER_PROPERTIES UNALIGNED ** ppEntryProp
  1129. );
  1130. DWORD
  1131. PeapGetNextEntryUserProp ( PEAP_ENTRY_USER_PROPERTIES UNALIGNED * pCurrentProp,
  1132. PEAP_ENTRY_USER_PROPERTIES UNALIGNED ** ppEntryProp
  1133. );
  1134. PEAP_ENTRY_USER_PROPERTIES UNALIGNED *
  1135. PeapFindEntryUserProp ( PPEAP_USER_PROP pUserProp,
  1136. DWORD dwTypeId
  1137. );
  1138. DWORD
  1139. PeapAddEntryUserProp ( PPEAP_USER_PROP pUserProp,
  1140. PPEAP_EAP_INFO pEapInfo,
  1141. PPEAP_USER_PROP * ppNewUserProp
  1142. );
  1143. DWORD
  1144. PeapRemoveEntryUserProp ( PPEAP_USER_PROP pUserProp,
  1145. PPEAP_EAP_INFO pEapInfo,
  1146. PPEAP_USER_PROP * ppNewUserProp
  1147. );
  1148. DWORD
  1149. PeapMoveEntryUserProp ( PPEAP_USER_PROP pUserProp,
  1150. DWORD dwEntryIndex,
  1151. BOOL fDirectionUp
  1152. );
  1153. DWORD
  1154. PeapEapInfoCopyListNode ( DWORD dwTypeId,
  1155. PPEAP_EAP_INFO pEapInfoList,
  1156. PPEAP_EAP_INFO * ppEapInfo );
  1157. DWORD
  1158. PeapEapInfoFindListNode ( DWORD dwTypeId,
  1159. PPEAP_EAP_INFO pEapInfoList,
  1160. PPEAP_EAP_INFO * ppEapInfo );
  1161. DWORD
  1162. PeapEapInfoGetItemCount ( PPEAP_EAP_INFO pEapInfo );
  1163. DWORD PeapEapInfoInvokeIdentityUI ( HWND hWndParent,
  1164. PPEAP_EAP_INFO pEapInfo,
  1165. const WCHAR * pwszPhoneBook,
  1166. const WCHAR * pwszEntry,
  1167. PBYTE pbUserDataIn,
  1168. DWORD cbUserDataIn,
  1169. WCHAR** ppwszIdentityOut,
  1170. DWORD fFlags);
  1171. #ifdef __cplusplus
  1172. extern "C"
  1173. #endif
  1174. DWORD PeapEapInfoInvokeServerConfigUI ( HWND hWndParent,
  1175. LPWSTR lpwszMachineName,
  1176. PPEAP_EAP_INFO pEapInfo,
  1177. const BYTE *pbConfigDataIn,
  1178. DWORD dwSizeOfConfigDataIn,
  1179. PBYTE *ppbConfigData,
  1180. DWORD *pdwSizeOfConfigData
  1181. );
  1182. DWORD
  1183. OpenPeapRegistryKey(
  1184. IN WCHAR* pwszMachineName,
  1185. IN REGSAM samDesired,
  1186. OUT HKEY* phKeyPeap
  1187. );
  1188. DWORD
  1189. PeapServerConfigDataIO(
  1190. IN BOOL fRead,
  1191. IN WCHAR* pwszMachineName,
  1192. IN OUT BYTE** ppData,
  1193. IN DWORD dwNumBytes
  1194. );
  1195. INT_PTR CALLBACK
  1196. PeapConnDialogProc(
  1197. IN HWND hWnd,
  1198. IN UINT unMsg,
  1199. IN WPARAM wParam,
  1200. IN LPARAM lParam
  1201. );
  1202. INT_PTR CALLBACK
  1203. PeapServerDialogProc(
  1204. IN HWND hWnd,
  1205. IN UINT unMsg,
  1206. IN WPARAM wParam,
  1207. IN LPARAM lParam
  1208. );
  1209. INT_PTR CALLBACK
  1210. DefaultCredDialogProc(
  1211. IN HWND hWnd,
  1212. IN UINT unMsg,
  1213. IN WPARAM wParam,
  1214. IN LPARAM lParam
  1215. );
  1216. DWORD
  1217. GetIdentityFromUserName (
  1218. LPWSTR lpszUserName,
  1219. LPWSTR lpszDomain,
  1220. LPWSTR * ppwszIdentity
  1221. );
  1222. BOOL FFormatUserIdentity (
  1223. LPWSTR lpszUserNameRaw,
  1224. LPWSTR * lppszUserNameFormatted
  1225. );
  1226. DWORD
  1227. GetLocalMachineName (
  1228. OUT WCHAR ** ppLocalMachineName
  1229. );
  1230. BOOL
  1231. IsPeapCrippled(HKEY hKeyLM);
  1232. PEAP_ENTRY_USER_PROPERTIES *
  1233. PeapGetEapConfigInfo(
  1234. PEAP_USER_PROP* pUserProp,
  1235. DWORD dwTypeId,
  1236. PBYTE* ppConfigData,
  1237. DWORD* pdwSizeOfConfigData);
  1238. DWORD
  1239. RasAuthAttributeConcat (
  1240. IN RAS_AUTH_ATTRIBUTE * pAttr1,
  1241. IN RAS_AUTH_ATTRIBUTE * pAttr2,
  1242. OUT RAS_AUTH_ATTRIBUTE ** ppAttrOut
  1243. );
  1244. DWORD
  1245. PeapAddContextAttributes(
  1246. IN PEAPCB* pPeapCb
  1247. );
  1248. DWORD
  1249. PeapSetTypeUserAttributes (
  1250. IN PEAPCB * pPeapCb,
  1251. RAS_AUTH_ATTRIBUTE * pAttrib);
  1252. BOOL IsStandaloneServer(LPCWSTR pMachineName);
  1253. VOID CALLBACK MachineStoreChangeNotification(
  1254. PVOID lpParameter, // thread data
  1255. BOOLEAN TimerOrWaitFired // reason
  1256. );
  1257. BOOL
  1258. CheckForCertificateRenewal(
  1259. DWORD dwProtocol,
  1260. PCCERT_CONTEXT pCertContext,
  1261. PCCERT_CONTEXT *ppNewCertificate);
  1262. DWORD MatchPublicPrivateKeys
  1263. (
  1264. PCCERT_CONTEXT pCertContext,
  1265. BOOL fSmartCardCert, // Is this a scard cert?
  1266. LPWSTR lpwszPin
  1267. );
  1268. DWORD SetupMachineChangeNotification ();
  1269. #endif // #ifndef _EAPTLS_H_