|
|
/*++
Copyright (c) 2000, Microsoft Corporation
Module Name: eapolutil.c
Abstract:
Tools and ends
Revision History:
sachins, Apr 23 2000, Created
--*/
#include "pcheapol.h"
#pragma hdrstop
//
// Definitions used to read/write to registry
//
#define MAX_REGISTRY_VALUE_LENGTH ((64*1024) - 1)
// Location of User blob
#define cwszEapKeyEapolUser L"Software\\Microsoft\\EAPOL\\UserEapInfo"
// Location of Connection blob
#define cwszEapKeyEapolConn L"Software\\Microsoft\\EAPOL\\Parameters\\Interfaces"
// Location of EAPOL Parameters Service
#define cwszEapKeyEapolServiceParams L"Software\\Microsoft\\EAPOL\\Parameters\\General"
// Location of EAPOL Global state machine params
#define cwszEAPOLGlobalParams L"Software\\Microsoft\\EAPOL\\Parameters\\General\\Global"
// Location of policy parameters
#define cwszEAPOLPolicyParams L"Software\\Policies\\Microsoft\\Windows\\Network Connections\\8021X"
// Location of netman dll
#define NETMAN_DLL_PATH L"%SystemRoot%\\system32\\netman.dll"
#define cwszEapolEnabled L"EapolEnabled"
#define cwszDefaultEAPType L"DefaultEAPType"
#define cwszLastUsedSSID L"LastUsedSSID"
#define cwszInterfaceList L"InterfaceList"
#define cwszAuthPeriod L"authPeriod"
#define cwszHeldPeriod L"heldPeriod"
#define cwszStartPeriod L"startPeriod"
#define cwszMaxStart L"maxStart"
#define cwszSupplicantMode L"SupplicantMode"
#define cwszAuthMode L"AuthMode"
#define cszCARootHash "8021XCARootHash"
#define SIZE_OF_CA_CONV_STR 3
#define PASSWORDMAGIC 0xA5
#define WZCSVC_SERVICE_NAME L"WZCSVC"
//
// EAPOLRESPUI function mapping
//
EAPOLUIRESPFUNCMAP EapolUIRespFuncMap[NUM_EAPOL_DLG_MSGS]= { {EAPOLUI_GET_USERIDENTITY, ElProcessUserIdentityResponse, 3}, {EAPOLUI_GET_USERNAMEPASSWORD, ElProcessUserNamePasswordResponse, 2}, {EAPOLUI_INVOKEINTERACTIVEUI, ElProcessInvokeInteractiveUIResponse, 1}, {EAPOLUI_EAP_NOTIFICATION, NULL, 0}, {EAPOLUI_REAUTHENTICATE, ElProcessReauthResponse, 0}, {EAPOLUI_CREATEBALLOON, NULL, 0}, {EAPOLUI_CLEANUP, NULL, 0} };
BYTE g_bDefaultSSID[MAX_SSID_LEN]={0x11, 0x22, 0x33, 0x11, 0x22, 0x33, 0x11, 0x22, 0x33, 0x11, 0x22, 0x33, 0x11, 0x22, 0x33, 0x11, 0x22, 0x33, 0x11, 0x22, 0x33, 0x11, 0x22, 0x33, 0x11, 0x22, 0x33, 0x11, 0x22, 0x33, 0x11, 0x22};
#define MAX_VALUENAME_LEN 33
//
// HostToWireFormat16
//
// Description:
//
// Will convert a 16 bit integer from host format to wire format
//
VOIDHostToWireFormat16 ( IN WORD wHostFormat, IN OUT PBYTE pWireFormat ){ *((PBYTE)(pWireFormat)+0) = (BYTE) ((DWORD)(wHostFormat) >> 8); *((PBYTE)(pWireFormat)+1) = (BYTE) (wHostFormat);}
//
// WireToHostFormat16
//
// Description:
//
// Will convert a 16 bit integer from wire format to host format
//
WORDWireToHostFormat16 ( IN PBYTE pWireFormat ){ WORD wHostFormat = ((*((PBYTE)(pWireFormat)+0) << 8) + (*((PBYTE)(pWireFormat)+1)));
return( wHostFormat );}
//
// HostToWireFormat32
//
// Description:
//
// Will convert a 32 bit integer from host format to wire format
//
VOIDHostToWireFormat32 ( IN DWORD dwHostFormat, IN OUT PBYTE pWireFormat ){ *((PBYTE)(pWireFormat)+0) = (BYTE) ((DWORD)(dwHostFormat) >> 24); *((PBYTE)(pWireFormat)+1) = (BYTE) ((DWORD)(dwHostFormat) >> 16); *((PBYTE)(pWireFormat)+2) = (BYTE) ((DWORD)(dwHostFormat) >> 8); *((PBYTE)(pWireFormat)+3) = (BYTE) (dwHostFormat);}
//
// WireToHostFormat32
//
// Description:
//
// Will convert a 32 bit integer from wire format to host format
//
DWORDWireToHostFormat32 ( IN PBYTE pWireFormat ){ DWORD dwHostFormat = ((*((PBYTE)(pWireFormat)+0) << 24) + (*((PBYTE)(pWireFormat)+1) << 16) + (*((PBYTE)(pWireFormat)+2) << 8) + (*((PBYTE)(pWireFormat)+3) ));
return( dwHostFormat );}
//
// ElSetCustomAuthData
//
// Description:
//
// Function called to set the connection data for an interface for a specific
// EAP type and SSID (if any). Data will be stored in the HKLM hive
//
// Arguments:
// pwszGUID - pointer to GUID string for the interface
// dwEapTypeId - EAP type for which connection data is to be stored
// dwSizeOfSSID - Size of special identifier, if any, for the EAP blob
// pwszSSID - Special identifier, if any, for the EAP blob
// pbConnInfo - pointer to EAP connection data blob
// pdwInfoSize - Size of EAP connection blob
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElSetCustomAuthData ( IN WCHAR *pwszGUID, IN DWORD dwEapTypeId, IN DWORD dwSizeOfSSID, IN BYTE *pbSSID, IN PBYTE pbConnInfo, IN DWORD *pdwInfoSize ){ HKEY hkey = NULL; HKEY hkey1 = NULL; DWORD dwDisposition; DWORD dwNumValues = 0, dwMaxValueNameLen = 0, dwMaxValueLen = 0; DWORD dwIndex = 0, dwMaxValueName = 0; BYTE *pbValueBuf = NULL; DWORD dwValueData = 0; WCHAR *pwszValueName = NULL; WCHAR wcszValueName[MAX_VALUENAME_LEN]; BYTE *pbDefaultValue = NULL; DWORD dwDefaultValueLen = 0; BYTE *pbEapBlob = NULL, *pbEapBlobIn = NULL; DWORD dwEapBlob = 0; BOOLEAN fFoundValue = FALSE; EAPOL_INTF_PARAMS *pRegParams = NULL; EAPOL_INTF_PARAMS *pDefIntfParams = NULL; LONG lError = ERROR_SUCCESS; DWORD dwRetCode = ERROR_SUCCESS;
do { // Validate input params
if (pwszGUID == NULL) { TRACE0 (ANY, "ElSetCustomAuthData: GUID = NULL"); dwRetCode = ERROR_INVALID_PARAMETER; break; } if (dwEapTypeId == 0) { TRACE0 (ANY, "ElSetCustomAuthData: GUID = NULL"); dwRetCode = ERROR_INVALID_PARAMETER; break; } if (dwSizeOfSSID > MAX_SSID_LEN) { TRACE1 (ANY, "ElSetCustomAuthData: Invalid SSID length = (%ld)", dwSizeOfSSID); dwRetCode = ERROR_INVALID_PARAMETER; break; }
// Get handle to HKLM\Software\Microsoft\EAPOL\Parameters\Interfaces
if ((lError = RegCreateKeyEx ( HKEY_LOCAL_MACHINE, cwszEapKeyEapolConn, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hkey, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetCustomAuthData: Error in RegCreateKeyEx for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Get handle to HKLM\Software\...\Interfaces\<GUID>
if ((lError = RegCreateKeyEx ( hkey, pwszGUID, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hkey1, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetCustomAuthData: Error in RegCreateKeyEx for GUID, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Work with appropriate SSID
if ((dwSizeOfSSID == 0) || (pbSSID == NULL)) { pbSSID = g_bDefaultSSID; dwSizeOfSSID = MAX_SSID_LEN; }
if ((lError = RegQueryInfoKey ( hkey1, NULL, NULL, NULL, NULL, NULL, NULL, &dwNumValues, &dwMaxValueNameLen, &dwMaxValueLen, NULL, NULL )) != NO_ERROR) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElSetCustomAuthData: RegQueryInfoKey failed with error %ld", dwRetCode); break; }
if (dwMaxValueNameLen > MAX_VALUENAME_LEN) { TRACE1 (ANY, "ElSetCustomAuthData: Valuename too long (%ld)", dwMaxValueLen); break; }
if ((pbValueBuf = MALLOC (dwMaxValueLen)) == NULL) { TRACE0 (ANY, "ElSetCustomAuthData: MALLOC failed for pbValueBuf"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
for (dwIndex = 0; dwIndex < dwNumValues; dwIndex++) { dwValueData = dwMaxValueLen; dwMaxValueNameLen = MAX_VALUENAME_LEN; ZeroMemory (&wcszValueName, MAX_VALUENAME_LEN*sizeof(WCHAR)); if ((lError = RegEnumValue ( hkey1, dwIndex, wcszValueName, &dwMaxValueNameLen, NULL, NULL, pbValueBuf, &dwValueData )) != ERROR_SUCCESS) { if (lError != ERROR_MORE_DATA) { break; } lError = ERROR_SUCCESS; }
if (dwValueData < sizeof (EAPOL_INTF_PARAMS)) { TRACE0 (ANY, "ElSetCustomAuthData: dwValueData < sizeof (EAPOL_INTF_PARAMS"); lError = ERROR_INVALID_DATA; break; } pRegParams = (EAPOL_INTF_PARAMS *)pbValueBuf;
if (((DWORD)_wtol(wcszValueName)) > dwMaxValueName) { dwMaxValueName = _wtol (wcszValueName); }
if (!memcmp (pRegParams->bSSID, pbSSID, dwSizeOfSSID)) { fFoundValue = TRUE; break; }
if (!memcmp (pRegParams->bSSID, g_bDefaultSSID, MAX_SSID_LEN)) { if ((pbDefaultValue = MALLOC (dwValueData)) == NULL) { TRACE0 (ANY, "ElSetCustomAuthData: MALLOC failed for pbDefaultValue"); lError = ERROR_NOT_ENOUGH_MEMORY; break; } memcpy (pbDefaultValue, pbValueBuf, dwValueData); dwDefaultValueLen = dwValueData; } } if ((lError != ERROR_SUCCESS) && (lError != ERROR_NO_MORE_ITEMS)) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElSetCustomAuthData: RegQueryInfoKey failed with error %ld", dwRetCode); break; } else { lError = ERROR_SUCCESS; }
if (!fFoundValue) { DWORD dwNewValueName = (dwMaxValueName >= dwNumValues)?(++dwMaxValueName):dwNumValues; _ltow (dwNewValueName, wcszValueName, 10); if ((pbDefaultValue = MALLOC (sizeof(EAPOL_INTF_PARAMS))) == NULL) { TRACE0 (ANY, "ElSetCustomAuthData: MALLOC failed for pbDefaultValue"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } pDefIntfParams = (EAPOL_INTF_PARAMS *)pbDefaultValue; pDefIntfParams->dwEapFlags = DEFAULT_EAP_STATE; pDefIntfParams->dwEapType = dwEapTypeId; pDefIntfParams->dwVersion = EAPOL_CURRENT_VERSION; pDefIntfParams->dwSizeOfSSID = dwSizeOfSSID; memcpy (pDefIntfParams->bSSID, pbSSID, dwSizeOfSSID);
dwEapBlob = sizeof(EAPOL_INTF_PARAMS); pbEapBlob = pbDefaultValue; } else { // Use pbValueBuf & dwValueData
pbEapBlob = pbValueBuf; dwEapBlob = dwValueData; }
if ((dwRetCode = ElValidateCustomAuthData ( dwEapBlob, pbEapBlob )) != NO_ERROR) { TRACE1 (ANY, "ElSetCustomAuthData: ElValidateCustomAuthData failed with error (%ld)", dwRetCode); break; }
pbEapBlobIn = pbEapBlob; if ((dwRetCode = ElSetEapData ( dwEapTypeId, &dwEapBlob, &pbEapBlob, sizeof (EAPOL_INTF_PARAMS), *pdwInfoSize, pbConnInfo )) != NO_ERROR) { TRACE1 (ANY, "ElSetCustomAuthData: ElSetEapData failed with error %ld", dwRetCode); break; }
// Overwrite/Create new value
if ((lError = RegSetValueEx ( hkey1, wcszValueName, 0, REG_BINARY, pbEapBlob, dwEapBlob)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetCustomAuthData: Error in RegSetValueEx for SSID, %ld", lError); dwRetCode = (DWORD)lError; break; }
TRACE0 (ANY, "ElSetCustomAuthData: Set value succeeded");
} while (FALSE);
if (hkey != NULL) { RegCloseKey (hkey); } if (hkey1 != NULL) { RegCloseKey (hkey1); } if ((pbEapBlob != pbEapBlobIn) && (pbEapBlob != NULL)) { FREE (pbEapBlob); } if (pbValueBuf != NULL) { FREE (pbValueBuf); } if (pbDefaultValue != NULL) { FREE (pbDefaultValue); }
return dwRetCode;}
//
// ElGetCustomAuthData
//
// Description:
//
// Function called to retrieve the connection data for an interface for a
// specific EAP type and SSID (if any). Data is retrieved from the HKLM hive
//
// Arguments:
//
// pwszGUID - pointer to GUID string for the interface
// dwEapTypeId - EAP type for which connection data is to be retrieved
// dwSizeOfSSID - Size of Special identifier if any for the EAP blob
// pbSSID - Special identifier if any for the EAP blob
// pbConnInfo - output: pointer to EAP connection data blob
// pdwInfoSize - output: pointer to size of EAP connection blob
//
// Return values:
//
// NO_ERROR - success
// non-zero - error
//
DWORDElGetCustomAuthData ( IN WCHAR *pwszGUID, IN DWORD dwEapTypeId, IN DWORD dwSizeOfSSID, IN BYTE *pbSSID, IN OUT BYTE *pbConnInfo, IN OUT DWORD *pdwInfoSize ){ HKEY hkey = NULL; HKEY hkey1 = NULL; DWORD dwNumValues = 0, dwMaxValueNameLen = 0, dwTempValueNameLen = 0, dwMaxValueLen = 0; DWORD dwIndex = 0, dwMaxValueName = 0; WCHAR *pwszValueName = NULL; BYTE *pbValueBuf = NULL; DWORD dwValueData = 0; BYTE *pbDefaultValue = NULL; DWORD dwDefaultValueLen = 0; BYTE *pbEapBlob = NULL; DWORD dwEapBlob = 0; BYTE *pbAuthData = NULL; DWORD dwAuthData = 0; BYTE *pbAuthDataIn = NULL; DWORD dwAuthDataIn = 0; BOOLEAN fFreeAuthData = FALSE; BOOLEAN fFoundValue = FALSE; EAPOL_INTF_PARAMS *pRegParams = NULL; LONG lError = ERROR_SUCCESS; DWORD dwRetCode = ERROR_SUCCESS;
do { // Validate input params
if (pwszGUID == NULL) { TRACE0 (ANY, "ElGetCustomAuthData: GUID = NULL"); dwRetCode = ERROR_INVALID_PARAMETER; break; } if (dwEapTypeId == 0) { TRACE0 (ANY, "ElGetCustomAuthData: EapTypeId invalid"); dwRetCode = ERROR_INVALID_PARAMETER; break; } if (dwSizeOfSSID > MAX_SSID_LEN) { TRACE1 (ANY, "ElGetCustomAuthData: Invalid SSID length = (%ld)", dwSizeOfSSID); dwRetCode = ERROR_INVALID_PARAMETER; break; }
// Work with appropriate SSID
if ((dwSizeOfSSID == 0) || (pbSSID == NULL)) { pbSSID = g_bDefaultSSID; dwSizeOfSSID = MAX_SSID_LEN; }
// Get handle to HKLM\Software\Microsoft\EAPOL\Parameters\Interfaces
if ((lError = RegOpenKeyEx ( HKEY_LOCAL_MACHINE, cwszEapKeyEapolConn, 0, KEY_READ, &hkey )) != ERROR_SUCCESS) { // Assume no value is found and proceed ahead
if (lError == ERROR_FILE_NOT_FOUND) { lError = ERROR_SUCCESS; fFoundValue = FALSE; goto LNotFoundValue; } else { TRACE1 (ANY, "ElGetCustomAuthData: Error in RegOpenKeyEx for base key, %ld", lError); dwRetCode = (DWORD)lError; break; } }
// Get handle to HKLM\Software\...\Interfaces\<GUID>
if ((lError = RegOpenKeyEx ( hkey, pwszGUID, 0, KEY_READ, &hkey1 )) != ERROR_SUCCESS) { // Assume no value is found and proceed ahead
if (lError == ERROR_FILE_NOT_FOUND) { lError = ERROR_SUCCESS; fFoundValue = FALSE; goto LNotFoundValue; } else { TRACE1 (ANY, "ElGetCustomAuthData: Error in RegOpenKeyEx for GUID, %ld", lError); dwRetCode = (DWORD)lError; break; } }
if ((lError = RegQueryInfoKey ( hkey1, NULL, NULL, NULL, NULL, NULL, NULL, &dwNumValues, &dwMaxValueNameLen, &dwMaxValueLen, NULL, NULL )) != NO_ERROR) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElGetCustomAuthData: RegQueryInfoKey failed with error %ld", dwRetCode); break; }
if ((pwszValueName = MALLOC ((dwMaxValueNameLen + 1) * sizeof (WCHAR))) == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElGetCustomAuthData: MALLOC failed for pwszValueName"); break; } dwMaxValueNameLen++; if ((pbValueBuf = MALLOC (dwMaxValueLen)) == NULL) { TRACE0 (ANY, "ElGetCustomAuthData: MALLOC failed for pbValueBuf"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
for (dwIndex = 0; dwIndex < dwNumValues; dwIndex++) { dwTempValueNameLen = dwMaxValueNameLen; dwValueData = dwMaxValueLen; ZeroMemory ((VOID *)pwszValueName, dwMaxValueNameLen*sizeof(WCHAR)); ZeroMemory ((VOID *)pbValueBuf, dwMaxValueLen); if ((lError = RegEnumValue ( hkey1, dwIndex, pwszValueName, &dwTempValueNameLen, NULL, NULL, pbValueBuf, &dwValueData )) != ERROR_SUCCESS) { if (lError != ERROR_MORE_DATA) { break; } lError = ERROR_SUCCESS; }
if (dwValueData < sizeof (EAPOL_INTF_PARAMS)) { lError = ERROR_INVALID_DATA; TRACE0 (ANY, "ElGetCustomAuthData: dwValueData < sizeof (EAPOL_INTF_PARAMS)"); break; } pRegParams = (EAPOL_INTF_PARAMS *)pbValueBuf;
if (((DWORD)_wtol(pwszValueName)) > dwMaxValueName) { dwMaxValueName = _wtol (pwszValueName); }
if (!memcmp (pRegParams->bSSID, pbSSID, dwSizeOfSSID)) { fFoundValue = TRUE; break; } } if ((lError != ERROR_SUCCESS) && (lError != ERROR_NO_MORE_ITEMS)) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElGetCustomAuthData: RegEnumValue 2 failed with error %ld", dwRetCode); break; } else { lError = ERROR_SUCCESS; }
LNotFoundValue:
// For SSIDs for which there is no blob stored, create default blob
// For default SSID, there should have been a blob created
if (!fFoundValue) { if ((dwRetCode = ElCreateDefaultEapData (&dwDefaultValueLen, NULL)) == ERROR_BUFFER_TOO_SMALL) { EAPOL_INTF_PARAMS IntfParams; IntfParams.dwVersion = EAPOL_CURRENT_VERSION; if ((pbDefaultValue = MALLOC (dwDefaultValueLen)) == NULL) { TRACE0 (ANY, "ElGetCustomAuthData: MALLOC failed for Conn Prop"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } if ((dwRetCode = ElCreateDefaultEapData (&dwDefaultValueLen, pbDefaultValue)) != NO_ERROR) { TRACE1 (ANY, "ElGetCustomAuthData: ElCreateDefaultEapData failed with error (%ld)", dwRetCode); break; } pbEapBlob = (BYTE *)&IntfParams; dwEapBlob = sizeof (EAPOL_INTF_PARAMS); if ((dwRetCode = ElSetEapData ( DEFAULT_EAP_TYPE, &dwEapBlob, &pbEapBlob, sizeof (EAPOL_INTF_PARAMS), dwDefaultValueLen, pbDefaultValue )) != NO_ERROR) { TRACE1 (ANY, "ElGetCustomAuthData: ElSetEapData failed with error %ld", dwRetCode); break; } // Assign to pbDefaultValue for freeing later on
FREE (pbDefaultValue); pbDefaultValue = pbEapBlob; dwDefaultValueLen = dwEapBlob; } else { TRACE0 (ANY, "ElGetCustomAuthData: ElCreateDefaultEapData should have failed !!!"); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
// Use pbDefaultValue & dwDefaultValueLen
pbEapBlob = pbDefaultValue; dwEapBlob = dwDefaultValueLen; } else { if (fFoundValue) { // Use pbValueBuf & dwValueData
pbEapBlob = pbValueBuf; dwEapBlob = dwValueData; } }
// If default blob is not present, exit
if ((pbEapBlob == NULL) && (dwEapBlob == 0)) { TRACE0 (ANY, "ElGetCustomAuthData: (pbEapBlob == NULL) && (dwEapBlob == 0)"); dwRetCode = ERROR_INVALID_DATA; break; }
if ((dwRetCode = ElValidateCustomAuthData ( dwEapBlob, pbEapBlob )) != NO_ERROR) { TRACE1 (ANY, "ElGetCustomAuthData: ElValidateCustomAuthData failed with error (%ld)", dwRetCode); break; }
if ((dwRetCode = ElGetEapData ( dwEapTypeId, dwEapBlob, pbEapBlob, sizeof (EAPOL_INTF_PARAMS), &dwAuthData, &pbAuthData )) != NO_ERROR) { TRACE1 (ANY, "ElGetCustomAuthData: ElGetEapData failed with error %ld", dwRetCode); break; }
pbAuthDataIn = pbAuthData; dwAuthDataIn = dwAuthData;
// Get the policy data, if any
// If there is policy data use it instead of the registry setting
if ((dwRetCode = ElGetPolicyCustomAuthData ( dwEapTypeId, dwSizeOfSSID, pbSSID, &pbAuthDataIn, &dwAuthDataIn, &pbAuthData, &dwAuthData )) == NO_ERROR) { TRACE0 (ANY, "ElGetCustomAuthData: POLICY: Initialized with Policy data"); fFreeAuthData = TRUE; } else { if (dwRetCode != ERROR_FILE_NOT_FOUND) { TRACE1 (ANY, "ElGetCustomAuthData: ElGetPolicyCustomAuthData returned error %ld", dwRetCode); } dwRetCode = NO_ERROR; }
// Return the data if sufficient space allocated
if ((pbConnInfo != NULL) && (*pdwInfoSize >= dwAuthData)) { memcpy (pbConnInfo, pbAuthData, dwAuthData); } else { dwRetCode = ERROR_BUFFER_TOO_SMALL; } *pdwInfoSize = dwAuthData;
} while (FALSE);
if (hkey != NULL) { RegCloseKey (hkey); } if (hkey1 != NULL) { RegCloseKey (hkey1); } if (pbValueBuf != NULL) { FREE (pbValueBuf); } if (pbDefaultValue != NULL) { FREE (pbDefaultValue); } if (pwszValueName != NULL) { FREE (pwszValueName); } if (fFreeAuthData) { if (pbAuthData != NULL) { FREE (pbAuthData); } }
return dwRetCode;}
//
// ElReAuthenticateInterface
//
// Description:
//
// Function called to reinitiate authentication on an interface
//
// Arguments:
//
// pwszGUID - pointer to GUID string for the interface
//
// Return values:
//
// NO_ERROR - success
// non-zero - error
//
DWORDElReAuthenticateInterface ( IN WCHAR *pwszGUID ){ BYTE *pbData = NULL; DWORD dwEventStatus = 0; BOOLEAN fDecrWorkerThreadCount = FALSE; DWORD dwRetCode = NO_ERROR;
do { if (g_hEventTerminateEAPOL == NULL) { dwRetCode = NO_ERROR; break; } if (( dwEventStatus = WaitForSingleObject ( g_hEventTerminateEAPOL, 0)) == WAIT_FAILED) { dwRetCode = GetLastError (); break; } if (dwEventStatus == WAIT_OBJECT_0) { dwRetCode = NO_ERROR; break; }
fDecrWorkerThreadCount = TRUE; InterlockedIncrement (&g_lWorkerThreads);
pbData = (BYTE *) MALLOC ((wcslen(pwszGUID)+1)*sizeof(WCHAR)); if (pbData == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } wcscpy ((WCHAR *)pbData, pwszGUID);
if (!QueueUserWorkItem ( (LPTHREAD_START_ROUTINE)ElReAuthenticateInterfaceWorker, (PVOID)pbData, WT_EXECUTELONGFUNCTION)) { dwRetCode = GetLastError(); TRACE1 (DEVICE, "ElPostEapConfigChanged: QueueUserWorkItem failed with error %ld", dwRetCode); break; } else { fDecrWorkerThreadCount = FALSE; } } while (FALSE);
if (dwRetCode != NO_ERROR) { if (pbData != NULL) { FREE (pbData); } } if (fDecrWorkerThreadCount) { InterlockedDecrement (&g_lWorkerThreads); }
return dwRetCode;}
//
// ElReAuthenticateInterfaceWorker
//
// Description:
//
// Worker function called to reinitiate authentication on an interface
//
// Arguments:
//
// pwszGUID - pointer to GUID string for the interface
//
// Return values:
//
// NO_ERROR - success
// non-zero - error
//
DWORDWINAPIElReAuthenticateInterfaceWorker ( IN PVOID pvContext ){ PWCHAR pwszGUID = NULL; DWORD dwRetCode = NO_ERROR;
do { pwszGUID = (PWCHAR)pvContext;
// Do not shutdown interface, merely restart authentication
#if 0
if ((dwRetCode = ElShutdownInterface (pwszGUID)) != NO_ERROR) { TRACE1 (ANY, "ElReAuthenticateInterface: ElShutdownInterface failed with error %ld", dwRetCode); break; }#endif
if ((dwRetCode = ElEnumAndOpenInterfaces ( NULL, pwszGUID, 0, NULL)) != NO_ERROR) { TRACE1 (ANY, "ElReAuthenticateInterface: ElEnumAndOpenInterfaces returned error %ld", dwRetCode); } } while (FALSE);
if (pvContext != NULL) { FREE (pvContext); } InterlockedDecrement (&g_lWorkerThreads);
return dwRetCode;}
//
// ElQueryInterfaceState
//
// Description:
//
// Function called to query the EAPOL state for an interface
//
// Arguments:
//
// pwszGUID - pointer to GUID string for the interface
// pIntfState - pointer to interface state structure
//
// Return values:
//
// NO_ERROR - success
// non-zero - error
//
DWORDElQueryInterfaceState ( IN WCHAR *pwszGUID, IN OUT EAPOL_INTF_STATE *pIntfState ){ EAPOL_PCB *pPCB = NULL; BOOLEAN fPortReferenced = FALSE; BOOLEAN fPCBLocked = FALSE; DWORD dwRetCode = NO_ERROR;
do { ACQUIRE_WRITE_LOCK (&g_PCBLock); if ((pPCB = ElGetPCBPointerFromPortGUID (pwszGUID)) != NULL) { if (EAPOL_REFERENCE_PORT (pPCB)) { fPortReferenced = TRUE; } else { pPCB = NULL; } } RELEASE_WRITE_LOCK (&g_PCBLock); if (pPCB == NULL) { break; }
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock)); fPCBLocked = TRUE;
if (pPCB->pSSID) { pIntfState->dwSizeOfSSID = pPCB->pSSID->SsidLength; memcpy (pIntfState->bSSID, pPCB->pSSID->Ssid, NDIS_802_11_SSID_LEN-sizeof(ULONG)); } else { pIntfState->dwSizeOfSSID = 0; }
if (pPCB->pszIdentity) { if ((pIntfState->pszEapIdentity = RpcCAlloc((strlen(pPCB->pszIdentity)+1)*sizeof(CHAR))) == NULL) { dwRetCode = GetLastError (); break; } strcpy (pIntfState->pszEapIdentity, (LPSTR)pPCB->pszIdentity); }
if ((pIntfState->pwszLocalMACAddr = RpcCAlloc(3*SIZE_MAC_ADDR*sizeof(WCHAR))) == NULL) { dwRetCode = GetLastError (); break; } ZeroMemory ((PVOID)pIntfState->pwszLocalMACAddr, 3*SIZE_MAC_ADDR*sizeof(WCHAR)); MACADDR_BYTE_TO_WSTR(pPCB->bSrcMacAddr, pIntfState->pwszLocalMACAddr);
if ((pIntfState->pwszRemoteMACAddr = RpcCAlloc(3*SIZE_MAC_ADDR*sizeof(WCHAR))) == NULL) { dwRetCode = GetLastError (); break; } ZeroMemory ((PVOID)pIntfState->pwszRemoteMACAddr, 3*SIZE_MAC_ADDR*sizeof(WCHAR)); MACADDR_BYTE_TO_WSTR(pPCB->bDestMacAddr, pIntfState->pwszRemoteMACAddr);
pIntfState->dwState = pPCB->State; pIntfState->dwEapUIState = pPCB->EapUIState; pIntfState->dwEAPOLAuthMode = pPCB->dwEAPOLAuthMode; pIntfState->dwEAPOLAuthenticationType = pPCB->PreviousAuthenticationType; pIntfState->dwEapType = pPCB->dwEapTypeToBeUsed; pIntfState->dwFailCount = pPCB->dwAuthFailCount; pIntfState->dwPhysicalMediumType = pPCB->PhysicalMediumType; } while (FALSE);
if (fPCBLocked) { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); } if (fPortReferenced) { EAPOL_DEREFERENCE_PORT (pPCB); } if (dwRetCode != NO_ERROR) { RpcFree (pIntfState->pwszLocalMACAddr); RpcFree (pIntfState->pwszRemoteMACAddr); RpcFree (pIntfState->pszEapIdentity); pIntfState->pwszLocalMACAddr = NULL; pIntfState->pwszRemoteMACAddr = NULL; pIntfState->pszEapIdentity = NULL; }
return dwRetCode;}
//
// ElSetEapUserInfo
//
// Description:
//
// Function called to store the user data for an interface for a
// specific EAP type and SSID (if any). Data is stored in the HKCU hive.
// In case of EAP-TLS, this data will be the hash blob of the certificate
// chosen for the last successful authentication.
//
// Arguments:
//
// hToken - Handle to token for the logged on user
// pwszGUID - pointer to GUID string for the interface
// dwEapTypeId - EAP type for which user data is to be stored
// dwSizeOfSSID - Size of Special identifier if any for the EAP user blob
// pbSSID - Special identifier if any for the EAP user blob
// pbUserInfo - pointer to EAP user data blob
// dwInfoSize - Size of EAP user blob
//
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElSetEapUserInfo ( IN HANDLE hToken, IN WCHAR *pwszGUID, IN DWORD dwEapTypeId, IN DWORD dwSizeOfSSID, IN BYTE *pbSSID, IN PBYTE pbUserInfo, IN DWORD dwInfoSize ){ HKEY hkey = NULL; HKEY hkey1 = NULL; HKEY hkey2 = NULL; DWORD dwDisposition; DWORD dwNumValues = 0, dwMaxValueNameLen = 0, dwMaxValueLen = 0; DWORD dwIndex = 0, dwMaxValueName = 0; BYTE *pbValueBuf = NULL; DWORD dwValueData = 0; WCHAR wcszValueName[MAX_VALUENAME_LEN]; WCHAR *pwszValueName = NULL; BYTE *pbDefaultValue = NULL; DWORD dwDefaultValueLen = 0; BYTE *pbEapBlob = NULL, *pbEapBlobIn = NULL; DWORD dwEapBlob = 0; BOOLEAN fFoundValue = FALSE; EAPOL_INTF_PARAMS *pRegParams = NULL; EAPOL_INTF_PARAMS *pDefIntfParams = NULL; LONG lError = ERROR_SUCCESS; DWORD dwRetCode = ERROR_SUCCESS;
do { // Validate input params
if (hToken == NULL) { TRACE0 (ANY, "ElSetEapUserInfo: User Token = NULL"); break; } if (pwszGUID == NULL) { TRACE0 (ANY, "ElSetEapUserInfo: GUID = NULL"); break; } if (dwEapTypeId == 0) { TRACE0 (ANY, "ElSetEapUserInfo: GUID = NULL"); break; } if ((pbUserInfo == NULL) || (dwInfoSize <= 0)) { TRACE0 (ANY, "ElSetEapUserInfo: Invalid blob data"); break; }
// Get handle to HKCU
if ((dwRetCode = ElGetEapKeyFromToken ( hToken, &hkey)) != NO_ERROR) { TRACE1 (ANY, "ElSetEapUserInfo: Error in ElGetEapKeyFromToken %ld", dwRetCode); break; }
if ((lError = RegCreateKeyEx ( hkey, cwszEapKeyEapolUser, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE | KEY_READ, NULL, &hkey1, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetEapUserInfo: Error in RegCreateKeyEx for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Get handle to HKCU\Software\...\UserEapInfo\<GUID>
if ((lError = RegCreateKeyEx ( hkey1, pwszGUID, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE | KEY_READ, NULL, &hkey2, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetEapUserInfo: Error in RegCreateKeyEx for GUID, %ld", lError); dwRetCode = (DWORD)lError; break; }
if ((lError = RegQueryInfoKey ( hkey2, NULL, NULL, NULL, NULL, NULL, NULL, &dwNumValues, &dwMaxValueNameLen, &dwMaxValueLen, NULL, NULL )) != NO_ERROR) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElSetEapUserInfo: RegQueryInfoKey failed with error %ld", dwRetCode); break; }
if (dwMaxValueNameLen > MAX_VALUENAME_LEN) { TRACE1 (ANY, "ElSetEapUserInfo: dwMaxValueNameLen too long (%ld)", dwMaxValueNameLen); } dwMaxValueNameLen = MAX_VALUENAME_LEN; if ((pbValueBuf = MALLOC (dwMaxValueLen)) == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElSetEapUserInfo: MALLOC failed for pbValueBuf"); break; }
// Set correct SSID
if ((dwSizeOfSSID == 0) || (dwSizeOfSSID > MAX_SSID_LEN) || (pbSSID == NULL)) { pbSSID = g_bDefaultSSID; dwSizeOfSSID = MAX_SSID_LEN; }
for (dwIndex = 0; dwIndex < dwNumValues; dwIndex++) { dwValueData = dwMaxValueLen; dwMaxValueNameLen = MAX_VALUENAME_LEN; ZeroMemory (wcszValueName, MAX_VALUENAME_LEN*sizeof(WCHAR)); if ((lError = RegEnumValue ( hkey2, dwIndex, wcszValueName, &dwMaxValueNameLen, NULL, NULL, pbValueBuf, &dwValueData )) != ERROR_SUCCESS) { if (lError != ERROR_MORE_DATA) { break; } lError = ERROR_SUCCESS; }
if (dwValueData < sizeof (EAPOL_INTF_PARAMS)) { lError = ERROR_INVALID_DATA; TRACE2 (ANY, "ElSetEapUserInfo: dwValueData (%ld) < sizeof (EAPOL_INTF_PARAMS) (%ld)", dwValueData, sizeof (EAPOL_INTF_PARAMS)); break; } pRegParams = (EAPOL_INTF_PARAMS *)pbValueBuf;
if (((DWORD)_wtol(wcszValueName)) > dwMaxValueName) { dwMaxValueName = _wtol (wcszValueName); }
if (!memcmp (pRegParams->bSSID, pbSSID, dwSizeOfSSID)) { fFoundValue = TRUE; break; }
} if ((lError != ERROR_SUCCESS) && (lError != ERROR_NO_MORE_ITEMS)) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElSetEapUserInfo: RegEnumValue 2 failed with error %ld", dwRetCode); break; } else { lError = ERROR_SUCCESS; }
if (!fFoundValue) { DWORD dwNewValueName = (dwMaxValueName >= dwNumValues)?(++dwMaxValueName):dwNumValues; _ltow (dwNewValueName, wcszValueName, 10); if ((pbDefaultValue = MALLOC (sizeof(EAPOL_INTF_PARAMS))) == NULL) { TRACE0 (ANY, "ElSetEapUserInfo: MALLOC failed for pbDefaultValue"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } // Mark that SSID for this entry
// Rest of the parameters are dummy for UserEapInfo
pDefIntfParams = (EAPOL_INTF_PARAMS *)pbDefaultValue; pDefIntfParams->dwSizeOfSSID = dwSizeOfSSID; memcpy (pDefIntfParams->bSSID, pbSSID, dwSizeOfSSID);
dwEapBlob = sizeof(EAPOL_INTF_PARAMS); pbEapBlob = pbDefaultValue; } else { // Use pbValueBuf & dwValueData
pbEapBlob = pbValueBuf; dwEapBlob = dwValueData; }
pbEapBlobIn = pbEapBlob; if ((dwRetCode = ElSetEapData ( dwEapTypeId, &dwEapBlob, &pbEapBlob, sizeof (EAPOL_INTF_PARAMS), dwInfoSize, pbUserInfo )) != NO_ERROR) { TRACE1 (ANY, "ElSetEapUserInfo: ElSetEapData failed with error %ld", dwRetCode); break; }
// Overwrite/Create new value
if ((lError = RegSetValueEx ( hkey2, wcszValueName, 0, REG_BINARY, pbEapBlob, dwEapBlob)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetEapUserInfo: Error in RegSetValueEx for SSID, %ld", lError); dwRetCode = (DWORD)lError; break; }
TRACE0 (ANY, "ElSetEapUserInfo: Set value succeeded");
} while (FALSE);
if (hkey != NULL) { RegCloseKey (hkey); } if (hkey1 != NULL) { RegCloseKey (hkey1); } if (hkey2 != NULL) { RegCloseKey (hkey2); } if ((pbEapBlob != pbEapBlobIn) && (pbEapBlob != NULL)) { FREE (pbEapBlob); } if (pbValueBuf != NULL) { FREE (pbValueBuf); } if (pbDefaultValue != NULL) { FREE (pbDefaultValue); }
return dwRetCode;}
//
// ElGetEapUserInfo
//
// Description:
//
// Function called to retrieve the user data for an interface for a
// specific EAP type and SSID (if any). Data is retrieved from the HKCU hive
//
// Arguments:
// hToken - Handle to token for the logged on user
// pwszGUID - pointer to GUID string for the interface
// dwEapTypeId - EAP type for which user data is to be stored
// dwSizeOfSSID - Size of Special identifier if any for the EAP user blob
// pbSSID - Special identifier if any for the EAP user blob
// pbUserInfo - output: pointer to EAP user data blob
// dwInfoSize - output: pointer to size of EAP user blob
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElGetEapUserInfo ( IN HANDLE hToken, IN WCHAR *pwszGUID, IN DWORD dwEapTypeId, IN DWORD dwSizeOfSSID, IN BYTE *pbSSID, IN OUT PBYTE pbUserInfo, IN OUT DWORD *pdwInfoSize ){ HKEY hkey = NULL; HKEY hkey1 = NULL; HKEY hkey2 = NULL; DWORD dwNumValues = 0, dwMaxValueNameLen = 0, dwTempValueNameLen = 0, dwMaxValueLen = 0; DWORD dwIndex = 0, dwMaxValueName = 0; WCHAR *pwszValueName = NULL; BYTE *pbValueBuf = NULL; DWORD dwValueData = 0; BYTE *pbDefaultValue = NULL; DWORD dwDefaultValueLen = 0; BYTE *pbEapBlob = NULL; DWORD dwEapBlob = 0; BYTE *pbAuthData = NULL; DWORD dwAuthData = 0; BOOLEAN fFoundValue = FALSE; EAPOL_INTF_PARAMS *pRegParams = NULL; LONG lError = ERROR_SUCCESS; DWORD dwRetCode = ERROR_SUCCESS;
do { // Validate input params
if (hToken == NULL) { TRACE0 (ANY, "ElGetEapUserInfo: User Token = NULL"); break; } if (pwszGUID == NULL) { TRACE0 (ANY, "ElGetEapUserInfo: GUID = NULL"); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; } if (dwEapTypeId == 0) { TRACE0 (ANY, "ElGetEapUserInfo: GUID = NULL"); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
// Get handle to HKCU
if ((dwRetCode = ElGetEapKeyFromToken ( hToken, &hkey)) != NO_ERROR) { TRACE1 (ANY, "ElGetEapUserInfo: Error in ElGetEapKeyFromToken %ld", dwRetCode); break; }
// Get handle to HKCU\Software\...\UserEapInfo\<GUID>
if ((lError = RegOpenKeyEx ( hkey, cwszEapKeyEapolUser, 0, KEY_READ, &hkey1 )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetEapUserInfo: Error in RegOpenKeyEx for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Get handle to HKCU\Software\...\UserEapInfo\<GUID>
if ((lError = RegOpenKeyEx ( hkey1, pwszGUID, 0, KEY_READ, &hkey2 )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetEapUserInfo: Error in RegOpenKeyEx for GUID, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Set correct SSID
if ((dwSizeOfSSID == 0) || (dwSizeOfSSID > MAX_SSID_LEN) || (pbSSID == NULL)) { pbSSID = g_bDefaultSSID; dwSizeOfSSID = MAX_SSID_LEN; }
if ((lError = RegQueryInfoKey ( hkey2, NULL, NULL, NULL, NULL, NULL, NULL, &dwNumValues, &dwMaxValueNameLen, &dwMaxValueLen, NULL, NULL )) != NO_ERROR) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElGetEapUserInfo: RegQueryInfoKey failed with error %ld", dwRetCode); break; }
if ((pwszValueName = MALLOC ((dwMaxValueNameLen + 1) * sizeof (WCHAR))) == NULL) { TRACE0 (ANY, "ElGetEapUserInfo: MALLOC failed for pwszValueName"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } dwMaxValueNameLen++; if ((pbValueBuf = MALLOC (dwMaxValueLen)) == NULL) { TRACE0 (ANY, "ElGetEapUserInfo: MALLOC failed for pbValueBuf"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
for (dwIndex = 0; dwIndex < dwNumValues; dwIndex++) { dwValueData = dwMaxValueLen; dwTempValueNameLen = dwMaxValueNameLen; if ((lError = RegEnumValue ( hkey2, dwIndex, pwszValueName, &dwTempValueNameLen, NULL, NULL, pbValueBuf, &dwValueData )) != ERROR_SUCCESS) { if (lError != ERROR_MORE_DATA) { break; } lError = ERROR_SUCCESS; }
if (dwValueData < sizeof (EAPOL_INTF_PARAMS)) { TRACE0 (ANY, "ElGetEapUserInfo: dwValueData < sizeof (EAPOL_INTF_PARAMS)"); lError = ERROR_INVALID_DATA; break; } pRegParams = (EAPOL_INTF_PARAMS *)pbValueBuf;
if (((DWORD)_wtol(pwszValueName)) > dwMaxValueName) { dwMaxValueName = _wtol (pwszValueName); }
if (!memcmp (pRegParams->bSSID, pbSSID, dwSizeOfSSID)) { fFoundValue = TRUE; break; } } if ((lError != ERROR_SUCCESS) && (lError != ERROR_NO_MORE_ITEMS)) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElGetEapUserInfo: RegEnumValue 2 failed with error %ld", dwRetCode); break; } else { lError = ERROR_SUCCESS; }
if (!fFoundValue) { pbEapBlob = NULL; dwEapBlob = 0; } else { // Use pbValueBuf & dwValueData
pbEapBlob = pbValueBuf; dwEapBlob = dwValueData; }
// If blob is not present, exit
if ((pbEapBlob == NULL) && (dwEapBlob == 0)) { TRACE0 (ANY, "ElGetEapUserInfo: (pbEapBlob == NULL) && (dwEapBlob == 0)"); *pdwInfoSize = 0; break; }
if ((dwRetCode = ElGetEapData ( dwEapTypeId, dwEapBlob, pbEapBlob, sizeof (EAPOL_INTF_PARAMS), &dwAuthData, &pbAuthData )) != NO_ERROR) { TRACE1 (ANY, "ElGetEapUserInfo: ElGetEapData failed with error %ld", dwRetCode); break; }
// Return the data if sufficient space allocated
if ((pbUserInfo != NULL) && (*pdwInfoSize >= dwAuthData)) { memcpy (pbUserInfo, pbAuthData, dwAuthData); } else { dwRetCode = ERROR_BUFFER_TOO_SMALL; } *pdwInfoSize = dwAuthData;
TRACE0 (ANY, "ElGetEapUserInfo: Get value succeeded");
} while (FALSE);
if (hkey != NULL) { RegCloseKey (hkey); } if (hkey1 != NULL) { RegCloseKey (hkey1); } if (hkey2 != NULL) { RegCloseKey (hkey2); } if (pbValueBuf != NULL) { FREE (pbValueBuf); } if (pbDefaultValue != NULL) { FREE (pbDefaultValue); } if (pwszValueName != NULL) { FREE (pwszValueName); }
return dwRetCode;}
//
// ElDeleteEapUserInfo
//
// Description:
//
// Function called to delete the user data for an interface for a
// specific EAP type and SSID (if any). Data is stored in the HKCU hive.
// In case of EAP-TLS, this data will be the hash blob of the certificate
// chosen for the last successful authentication.
//
// Arguments:
//
// hToken - Handle to token for the logged on user
// pwszGUID - pointer to GUID string for the interface
// dwEapTypeId - EAP type for which user data is to be stored
// dwSizeOfSSID - Size of Special identifier if any for the EAP user blob
// pbSSID - Special identifier if any for the EAP user blob
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElDeleteEapUserInfo ( IN HANDLE hToken, IN WCHAR *pwszGUID, IN DWORD dwEapTypeId, IN DWORD dwSizeOfSSID, IN BYTE *pbSSID ){ HKEY hkey = NULL; HKEY hkey1 = NULL; HKEY hkey2 = NULL; DWORD dwDisposition; DWORD dwNumValues = 0, dwMaxValueNameLen = 0, dwTempValueNameLen = 0, dwMaxValueLen = 0; DWORD dwIndex = 0, dwMaxValueName = 0; BYTE *pbValueBuf = NULL; DWORD dwValueData = 0; WCHAR *pwszValueName = NULL; DWORD dwDefaultValueLen = 0; BYTE *pbEapBlob = NULL, *pbEapBlobIn = NULL; DWORD dwEapBlob = 0; BOOLEAN fFoundValue = FALSE; EAPOL_INTF_PARAMS *pRegParams = NULL; EAPOL_INTF_PARAMS *pDefIntfParams = NULL; LONG lError = ERROR_SUCCESS; DWORD dwRetCode = ERROR_SUCCESS;
do { // Validate input params
if (hToken == NULL) { TRACE0 (ANY, "ElDeleteEapUserInfo: User Token = NULL"); break; } if (pwszGUID == NULL) { TRACE0 (ANY, "ElDeleteEapUserInfo: GUID = NULL"); break; } if (dwEapTypeId == 0) { TRACE0 (ANY, "ElDeleteEapUserInfo: GUID = NULL"); break; }
// Get handle to HKCU
if ((dwRetCode = ElGetEapKeyFromToken ( hToken, &hkey)) != NO_ERROR) { TRACE1 (ANY, "ElDeleteEapUserInfo: Error in ElGetEapKeyFromToken %ld", dwRetCode); break; }
if ((lError = RegOpenKeyEx ( hkey, cwszEapKeyEapolUser, 0, KEY_ALL_ACCESS, &hkey1)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElDeleteEapUserInfo: Error in RegOpenKeyEx for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Get handle to HKCU\Software\...\UserEapInfo\<GUID>
if ((lError = RegOpenKeyEx ( hkey1, pwszGUID, 0, KEY_ALL_ACCESS, &hkey2)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElDeleteEapUserInfo: Error in RegOpenKeyEx for GUID, %ld", lError); dwRetCode = (DWORD)lError; break; }
if ((lError = RegQueryInfoKey ( hkey2, NULL, NULL, NULL, NULL, NULL, NULL, &dwNumValues, &dwMaxValueNameLen, &dwMaxValueLen, NULL, NULL )) != NO_ERROR) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElDeleteEapUserInfo: RegQueryInfoKey failed with error %ld", dwRetCode); break; }
if ((pwszValueName = MALLOC ((dwMaxValueNameLen + 1) * sizeof (WCHAR))) == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElDeleteEapUserInfo: MALLOC failed for pwszValueName"); break; } dwMaxValueNameLen++; if ((pbValueBuf = MALLOC (dwMaxValueLen)) == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElDeleteEapUserInfo: MALLOC failed for pbValueBuf"); break; }
// Set correct SSID
if ((dwSizeOfSSID == 0) || (dwSizeOfSSID > MAX_SSID_LEN) || (pbSSID == NULL)) { pbSSID = g_bDefaultSSID; dwSizeOfSSID = MAX_SSID_LEN; }
for (dwIndex = 0; dwIndex < dwNumValues; dwIndex++) { dwValueData = dwMaxValueLen; dwTempValueNameLen = dwMaxValueNameLen; if ((lError = RegEnumValue ( hkey2, dwIndex, pwszValueName, &dwTempValueNameLen, NULL, NULL, pbValueBuf, &dwValueData )) != ERROR_SUCCESS) { if (lError != ERROR_MORE_DATA) { break; } lError = ERROR_SUCCESS; }
if (dwValueData < sizeof (EAPOL_INTF_PARAMS)) { lError = ERROR_INVALID_DATA; TRACE0 (ANY, "ElDeleteEapUserInfo: dwValueData < sizeof (EAPOL_INTF_PARAMS)"); break; } pRegParams = (EAPOL_INTF_PARAMS *)pbValueBuf;
if (((DWORD)_wtol(pwszValueName)) > dwMaxValueName) { dwMaxValueName = _wtol (pwszValueName); }
if (!memcmp (pRegParams->bSSID, pbSSID, dwSizeOfSSID)) { fFoundValue = TRUE; break; } } if ((lError != ERROR_SUCCESS) && (lError != ERROR_NO_MORE_ITEMS)) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElDeleteEapUserInfo: RegEnumValue 2 failed with error %ld", dwRetCode); break; } else { lError = ERROR_SUCCESS; }
if (!fFoundValue) { break; } else { // Use pbValueBuf & dwValueData
pbEapBlob = pbValueBuf; dwEapBlob = dwValueData; }
pbEapBlobIn = pbEapBlob; if ((dwRetCode = ElSetEapData ( dwEapTypeId, &dwEapBlob, &pbEapBlob, sizeof(EAPOL_INTF_PARAMS), 0, NULL )) != NO_ERROR) { TRACE1 (ANY, "ElDeleteEapUserInfo: ElSetEapData failed with error %ld", dwRetCode); break; }
// Overwrite value
if ((lError = RegSetValueEx ( hkey2, pwszValueName, 0, REG_BINARY, pbEapBlob, dwEapBlob)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElDeleteEapUserInfo: Error in RegSetValueEx for SSID, %ld", lError); dwRetCode = (DWORD)lError; break; }
TRACE0 (ANY, "ElDeleteEapUserInfo: Delete value succeeded");
} while (FALSE);
if (hkey != NULL) { RegCloseKey (hkey); } if (hkey1 != NULL) { RegCloseKey (hkey1); } if (hkey2 != NULL) { RegCloseKey (hkey2); } if ((pbEapBlob != pbEapBlobIn) && (pbEapBlob != NULL)) { FREE (pbEapBlob); } if (pbValueBuf != NULL) { FREE (pbValueBuf); } if (pwszValueName != NULL) { FREE (pwszValueName); }
return dwRetCode;}
//
// ElGetInterfaceParams
//
// Description:
//
// Function called to retrieve the EAPOL parameters for an interface, stored
// in the HKLM hive.
//
// Arguments:
//
// pwszGUID - pointer to GUID string for the interface
// pIntfParams - pointer to interface parameter structure
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElGetInterfaceParams ( IN WCHAR *pwszGUID, IN OUT EAPOL_INTF_PARAMS *pIntfParams ){ HKEY hkey = NULL; HKEY hkey1 = NULL; BYTE *pbSSID = NULL; BYTE bSSID[MAX_SSID_LEN]; DWORD dwSizeOfSSID = 0; DWORD dwNumValues = 0, dwMaxValueNameLen = 0, dwTempValueNameLen = 0, dwMaxValueLen = 0; DWORD dwIndex = 0, dwMaxValueName = 0; WCHAR *pwszValueName = NULL; BYTE *pbValueBuf = NULL; DWORD dwValueData = 0; BYTE *pbDefaultValue = NULL; DWORD dwDefaultValueLen = 0; BYTE *pbEapBlob = NULL; DWORD dwEapBlob = 0; BOOLEAN fFoundValue = FALSE; EAPOL_INTF_PARAMS *pRegParams = NULL; EAPOL_POLICY_PARAMS EAPOLPolicyParams = {0}; LONG lError = ERROR_SUCCESS; EAPOL_PCB *pPCB = NULL; DWORD dwRetCode = NO_ERROR;
do { // Validate input params
if (pwszGUID == NULL) { dwRetCode = ERROR_CAN_NOT_COMPLETE; TRACE0 (ANY, "ElGetInterfaceParams: GUID = NULL"); break; }
if (pIntfParams == NULL) { dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
// Work with appropriate SSID
if (pIntfParams->dwSizeOfSSID != 0) { dwSizeOfSSID = pIntfParams->dwSizeOfSSID; if (dwSizeOfSSID > MAX_SSID_LEN) { dwRetCode = ERROR_INVALID_PARAMETER; TRACE2 (ANY, "ElGetInterfaceParams: dwSizeOfSSID (%ld) > MAX_SSID_LEN (%ld)", dwSizeOfSSID, MAX_SSID_LEN); break; } pbSSID = pIntfParams->bSSID; } else { ACQUIRE_WRITE_LOCK (&g_PCBLock);
if ((pPCB = ElGetPCBPointerFromPortGUID (pwszGUID)) != NULL) { ACQUIRE_WRITE_LOCK (&(pPCB->rwLock)); if ((pPCB->pSSID != NULL) && (pPCB->MediaState != MEDIA_STATE_DISCONNECTED)) { dwSizeOfSSID = pPCB->pSSID->SsidLength; ZeroMemory (bSSID, MAX_SSID_LEN); memcpy (bSSID, pPCB->pSSID->Ssid, pPCB->pSSID->SsidLength); pbSSID = bSSID; } RELEASE_WRITE_LOCK (&(pPCB->rwLock)); }
RELEASE_WRITE_LOCK (&g_PCBLock);
if (dwSizeOfSSID == 0) { dwSizeOfSSID = MAX_SSID_LEN; pbSSID = g_bDefaultSSID; } }
// Get handle to HKLM\Software\Microsoft\EAPOL\Parameters\Interfaces
if ((lError = RegOpenKeyEx ( HKEY_LOCAL_MACHINE, cwszEapKeyEapolConn, 0, KEY_READ, &hkey )) != ERROR_SUCCESS) { // Assume no value is found and proceed ahead
if (lError == ERROR_FILE_NOT_FOUND) { lError = ERROR_SUCCESS; fFoundValue = FALSE; goto LNotFoundValue; } else { TRACE1 (ANY, "ElGetInterfaceParams: Error in RegOpenKeyEx for base key, %ld", lError); dwRetCode = (DWORD)lError; break; } }
// Get handle to HKLM\Software\...\Interfaces\<GUID>
if ((lError = RegOpenKeyEx ( hkey, pwszGUID, 0, KEY_READ, &hkey1 )) != ERROR_SUCCESS) { // Assume no value is found and proceed ahead
if (lError == ERROR_FILE_NOT_FOUND) { lError = ERROR_SUCCESS; fFoundValue = FALSE; goto LNotFoundValue; } else { TRACE1 (ANY, "ElGetInterfaceParams: Error in RegOpenKeyEx for GUID, %ld", lError); dwRetCode = (DWORD)lError; break; } }
if ((lError = RegQueryInfoKey ( hkey1, NULL, NULL, NULL, NULL, NULL, NULL, &dwNumValues, &dwMaxValueNameLen, &dwMaxValueLen, NULL, NULL )) != NO_ERROR) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElGetInterfaceParams: RegQueryInfoKey failed with error %ld", dwRetCode); break; }
if ((pwszValueName = MALLOC ((dwMaxValueNameLen + 1) * sizeof (WCHAR))) == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElGetInterfaceParams: MALLOC failed for pwszValueName"); break; } dwMaxValueNameLen++; if ((pbValueBuf = MALLOC (dwMaxValueLen)) == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElGetInterfaceParams: MALLOC failed for pbValueBuf"); break; }
for (dwIndex = 0; dwIndex < dwNumValues; dwIndex++) { dwValueData = dwMaxValueLen; dwTempValueNameLen = dwMaxValueNameLen; if ((lError = RegEnumValue ( hkey1, dwIndex, pwszValueName, &dwTempValueNameLen, NULL, NULL, pbValueBuf, &dwValueData )) != ERROR_SUCCESS) { if (lError != ERROR_MORE_DATA) { break; } lError = ERROR_SUCCESS; }
if (dwValueData < sizeof (EAPOL_INTF_PARAMS)) { TRACE0 (ANY, "ElGetInterfaceParams: dwValueData < sizeof (EAPOL_INTF_PARAMS)"); lError = ERROR_INVALID_DATA; break; } pRegParams = (EAPOL_INTF_PARAMS *)pbValueBuf;
if (((DWORD)_wtol(pwszValueName)) > dwMaxValueName) { dwMaxValueName = _wtol (pwszValueName); }
if (!memcmp (pRegParams->bSSID, pbSSID, dwSizeOfSSID)) { fFoundValue = TRUE; break; } } if ((lError != ERROR_SUCCESS) && (lError != ERROR_NO_MORE_ITEMS)) { dwRetCode = (DWORD)lError; break; } else { lError = ERROR_SUCCESS; }
LNotFoundValue:
if (!fFoundValue) { if ((pbDefaultValue = MALLOC (sizeof (EAPOL_INTF_PARAMS))) == NULL) { lError = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElGetInterfaceParams: MALLOC failed for pbDefaultValue"); break; } pRegParams = (EAPOL_INTF_PARAMS *)pbDefaultValue; pRegParams->dwEapType = DEFAULT_EAP_TYPE; pRegParams->dwEapFlags = DEFAULT_EAP_STATE; pRegParams->dwVersion = EAPOL_CURRENT_VERSION; pRegParams->dwSizeOfSSID = dwSizeOfSSID; memcpy (pRegParams->bSSID, pbSSID, dwSizeOfSSID); dwDefaultValueLen = sizeof(EAPOL_INTF_PARAMS);
// Use pbDefaultValue & dwDefaultValueLen
pbEapBlob = pbDefaultValue; dwEapBlob = dwDefaultValueLen; } else { if (dwSizeOfSSID == MAX_SSID_LEN) { if (!memcmp (pbSSID, g_bDefaultSSID, MAX_SSID_LEN)) { pRegParams = (EAPOL_INTF_PARAMS *)pbValueBuf; if ((pRegParams->dwVersion != EAPOL_CURRENT_VERSION) && (pRegParams->dwEapType == EAP_TYPE_TLS)) { pRegParams->dwVersion = EAPOL_CURRENT_VERSION; pRegParams->dwEapFlags |= DEFAULT_MACHINE_AUTH_STATE; pRegParams->dwEapFlags &= ~EAPOL_GUEST_AUTH_ENABLED; } } }
// Use pbValueBuf & dwValueData
pbEapBlob = pbValueBuf; dwEapBlob = dwValueData; }
if ((dwRetCode = ElGetPolicyInterfaceParams ( dwSizeOfSSID, pbSSID, &EAPOLPolicyParams )) == NO_ERROR) { TRACE0 (ANY, "ElGetInterfaceParams: POLICY: ElGetPolicyInterfaceParams found relevant data"); pbEapBlob = (PBYTE)(&(EAPOLPolicyParams.IntfParams)); dwEapBlob = sizeof(EAPOL_INTF_PARAMS); } else { if (dwRetCode != ERROR_FILE_NOT_FOUND) { TRACE1 (ANY, "ElGetInterfaceParams: ElGetPolicyInterfaceParams failed with error (%ld)", dwRetCode); } dwRetCode = NO_ERROR; }
// Existing blob is not valid
if ((dwEapBlob < sizeof(EAPOL_INTF_PARAMS))) { dwRetCode = ERROR_FILE_NOT_FOUND; TRACE0 (ANY, "ElGetInterfaceParams: (dwEapBlob < sizeof(EAPOL_INTF_PARAMS)) || (pbEapBlob == NULL)"); break; }
memcpy ((BYTE *)pIntfParams, (BYTE *)pbEapBlob, sizeof(EAPOL_INTF_PARAMS)); } while (FALSE);
if (hkey != NULL) { RegCloseKey (hkey); } if (hkey1 != NULL) { RegCloseKey (hkey1); } if (pbValueBuf != NULL) { FREE (pbValueBuf); } if (pbDefaultValue != NULL) { FREE (pbDefaultValue); } if (pwszValueName != NULL) { FREE (pwszValueName); }
return dwRetCode;}
//
// ElSetInterfaceParams
//
// Description:
//
// Function called to set the EAPOL parameters for an interface, in the HKLM
// hive
//
// Arguments:
//
// pwszGUID - Pointer to GUID string for the interface
// pIntfParams - pointer to interface parameter structure
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
//
DWORDElSetInterfaceParams ( IN WCHAR *pwszGUID, IN OUT EAPOL_INTF_PARAMS *pIntfParams ){ HKEY hkey = NULL; HKEY hkey1 = NULL; DWORD dwDisposition; BYTE *pbSSID = NULL; DWORD dwSizeOfSSID = 0; DWORD dwNumValues = 0, dwMaxValueNameLen = 0, dwMaxValueLen = 0; DWORD dwIndex = 0, dwMaxValueName = 0; WCHAR wcszValueName[MAX_VALUENAME_LEN]; BYTE *pbValueBuf = NULL; DWORD dwValueData = 0; BYTE *pbDefaultValue = NULL; DWORD dwDefaultValueLen = 0; BYTE *pbEapBlob = NULL; DWORD dwEapBlob = 0; BOOLEAN fFoundValue = FALSE; EAPOL_INTF_PARAMS *pRegParams = NULL; LONG lError = ERROR_SUCCESS; DWORD dwRetCode = NO_ERROR;
do { // Validate input params
if (pwszGUID == NULL) { TRACE0 (ANY, "ElSetInterfaceParams: GUID = NULL"); break; }
if (pIntfParams == NULL) { dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
TRACE1 (ANY, "Setting stuff in registry for %ws", pwszGUID);
// Get handle to HKLM\Software\Microsoft\EAPOL\Parameters\Interfaces
if ((lError = RegCreateKeyEx ( HKEY_LOCAL_MACHINE, cwszEapKeyEapolConn, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE | KEY_READ, NULL, &hkey, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetInterfaceParams: Error in RegCreateKeyEx for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Get handle to HKLM\Software\...\Interfaces\<GUID>
if ((lError = RegCreateKeyEx ( hkey, pwszGUID, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE | KEY_READ, NULL, &hkey1, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetInterfaceParams: Error in RegCreateKeyEx for GUID, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Select correct SSID value
if (pIntfParams->dwSizeOfSSID != 0) { dwSizeOfSSID = pIntfParams->dwSizeOfSSID; if (dwSizeOfSSID > MAX_SSID_LEN) { dwRetCode = ERROR_INVALID_PARAMETER; TRACE2 (ANY, "ElSetInterfaceParams: dwSizeOfSSID (%ld) > MAX_SSID_LEN (%ld)", dwSizeOfSSID, MAX_SSID_LEN); break; } pbSSID = pIntfParams->bSSID; } else { dwSizeOfSSID = MAX_SSID_LEN; pbSSID = g_bDefaultSSID; }
if ((lError = RegQueryInfoKey ( hkey1, NULL, NULL, NULL, NULL, NULL, NULL, &dwNumValues, &dwMaxValueNameLen, &dwMaxValueLen, NULL, NULL )) != NO_ERROR) { dwRetCode = (DWORD)lError; break; }
if (dwMaxValueNameLen > MAX_VALUENAME_LEN) { dwRetCode = ERROR_INVALID_DATA; TRACE1 (ANY, "ElSetInterfaceParams: dwMaxValueNameLen too long (%ld)", dwMaxValueNameLen); break; } if ((pbValueBuf = MALLOC (dwMaxValueLen)) == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
for (dwIndex = 0; dwIndex < dwNumValues; dwIndex++) { dwValueData = dwMaxValueLen; dwMaxValueNameLen = MAX_VALUENAME_LEN; ZeroMemory (wcszValueName, MAX_VALUENAME_LEN*sizeof(WCHAR));
if ((lError = RegEnumValue ( hkey1, dwIndex, wcszValueName, &dwMaxValueNameLen, NULL, NULL, pbValueBuf, &dwValueData )) != ERROR_SUCCESS) { if (lError != ERROR_MORE_DATA) { break; } lError = ERROR_SUCCESS; }
if (dwValueData < sizeof (EAPOL_INTF_PARAMS)) { lError = ERROR_INVALID_DATA; TRACE0 (ANY, "ElSetInterfaceParams: dwValueData < sizeof (EAPOL_INTF_PARAMS)"); break; } pRegParams = (EAPOL_INTF_PARAMS *)pbValueBuf;
if (((DWORD)_wtol(wcszValueName)) > dwMaxValueName) { dwMaxValueName = _wtol (wcszValueName); }
if (!memcmp (pRegParams->bSSID, pbSSID, dwSizeOfSSID)) { fFoundValue = TRUE; break; }
} if ((lError != ERROR_SUCCESS) && (lError != ERROR_NO_MORE_ITEMS)) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElSetInterfaceParams: RegEnumValue 2 failed with error %ld", dwRetCode); break; } else { lError = ERROR_SUCCESS; }
if (!fFoundValue) { DWORD dwNewValueName = (dwMaxValueName >= dwNumValues)?(++dwMaxValueName):dwNumValues; _ltow (dwNewValueName, wcszValueName, 10); } else { // Use pbValueBuf & dwValueData
pbEapBlob = pbValueBuf; dwEapBlob = dwValueData; }
if ((dwEapBlob < sizeof(EAPOL_INTF_PARAMS)) && (pbEapBlob != NULL)) { TRACE0 (ANY, "ElSetInterfaceParams: (dwEapBlob < sizeof(EAPOL_INTF_PARAMS)) && (pbEapBlob != NULL)"); break; }
if (pbEapBlob != NULL) { memcpy ((BYTE *)pbEapBlob, (BYTE *)pIntfParams, sizeof(EAPOL_INTF_PARAMS)); } else { pbEapBlob = (BYTE *)pIntfParams; dwEapBlob = sizeof(EAPOL_INTF_PARAMS); } pRegParams = (EAPOL_INTF_PARAMS *)pbEapBlob; pRegParams->dwVersion = EAPOL_CURRENT_VERSION; pRegParams->dwSizeOfSSID = dwSizeOfSSID; memcpy (pRegParams->bSSID, pbSSID, dwSizeOfSSID);
// Overwrite/Create new value
if ((lError = RegSetValueEx ( hkey1, wcszValueName, 0, REG_BINARY, pbEapBlob, dwEapBlob)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetInterfaceParams: Error in RegSetValueEx for SSID, %ld", lError); dwRetCode = (DWORD)lError; break; }
TRACE0 (ANY, "ElSetInterfaceParams: Succeeded");
} while (FALSE);
if (hkey != NULL) { RegCloseKey (hkey); } if (hkey1 != NULL) { RegCloseKey (hkey1); } if (pbValueBuf != NULL) { FREE (pbValueBuf); } if (pbDefaultValue != NULL) { FREE (pbDefaultValue); }
return dwRetCode;}
//
// ElGetEapData
//
// Description:
//
// Function to extract Eap Data out of a blob containing many EAP data
//
// Arguments:
// dwEapType -
// dwSizeOfIn -
// pbBufferIn -
// dwOffset -
// pdwSizeOfOut -
// ppbBufferOut -
//
// Return values:
//
//
DWORDElGetEapData ( IN DWORD dwEapType, IN DWORD dwSizeOfIn, IN BYTE *pbBufferIn, IN DWORD dwOffset, IN DWORD *pdwSizeOfOut, IN PBYTE *ppbBufferOut ){ DWORD dwRetCode = NO_ERROR; DWORD cbOffset = 0; EAPOL_AUTH_DATA *pCustomData = NULL;
do { *pdwSizeOfOut = 0; *ppbBufferOut = NULL;
if (pbBufferIn == NULL) { break; }
// Align to start of EAP blob
cbOffset = dwOffset;
while (cbOffset < dwSizeOfIn) { pCustomData = (EAPOL_AUTH_DATA *) ((PBYTE) pbBufferIn + cbOffset);
if (pCustomData->dwEapType == dwEapType) { break; } cbOffset += sizeof (EAPOL_AUTH_DATA) + pCustomData->dwSize; }
if (cbOffset < dwSizeOfIn) { *pdwSizeOfOut = pCustomData->dwSize; *ppbBufferOut = pCustomData->bData; } } while (FALSE);
return dwRetCode;}
//
// ElSetEapData
//
// Description:
//
// Function to set Eap Data in a blob containing many EAP data
//
// Arguments:
// dwEapType -
// dwSizeOfIn -
// pbBufferIn -
// dwOffset -
// pdwSizeOfOut -
// ppbBufferOut -
//
// Return values:
//
//
DWORDElSetEapData ( IN DWORD dwEapType, IN DWORD *pdwSizeOfIn, IN PBYTE *ppbBufferIn, IN DWORD dwOffset, IN DWORD dwAuthData, IN PBYTE pbAuthData ){ DWORD cbOffset = 0; EAPOL_AUTH_DATA *pCustomData = NULL; BYTE *pbNewAuthData = NULL; DWORD dwSize = 0; DWORD dwRetCode = NO_ERROR;
do { // Align to start of EAP blob
cbOffset = dwOffset;
// Find the old EAP Data
while (cbOffset < *pdwSizeOfIn) { pCustomData = (EAPOL_AUTH_DATA *) ((PBYTE) *ppbBufferIn + cbOffset);
if (pCustomData->dwEapType == dwEapType) { break; } cbOffset += sizeof (EAPOL_AUTH_DATA) + pCustomData->dwSize; }
if (cbOffset < *pdwSizeOfIn) { dwSize = sizeof (EAPOL_AUTH_DATA) + pCustomData->dwSize; MoveMemory (*ppbBufferIn + cbOffset, *ppbBufferIn + cbOffset + dwSize, *pdwSizeOfIn - cbOffset - dwSize); *pdwSizeOfIn -= dwSize; } if ((*pdwSizeOfIn == 0) && (*ppbBufferIn != NULL)) { // FREE (*ppbBufferIn);
*ppbBufferIn = NULL; }
if ((dwAuthData == 0) || (pbAuthData == NULL)) { break; }
#ifdef _WIN64
dwSize = ((dwAuthData+7) & 0xfffffff8) + *pdwSizeOfIn + sizeof (EAPOL_AUTH_DATA);#else
dwSize = dwAuthData + *pdwSizeOfIn + sizeof (EAPOL_AUTH_DATA);#endif
if ((pbNewAuthData = MALLOC (dwSize)) == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
CopyMemory (pbNewAuthData, *ppbBufferIn, *pdwSizeOfIn);
pCustomData = (EAPOL_AUTH_DATA *) (pbNewAuthData + *pdwSizeOfIn);
pCustomData->dwEapType = dwEapType; CopyMemory (pCustomData->bData, pbAuthData, dwAuthData);#ifdef _WIN64
pCustomData->dwSize = (dwAuthData+7) & 0xfffffff8;#else
pCustomData->dwSize = dwAuthData;#endif
if (*ppbBufferIn != NULL) { // FREE (*ppbBufferIn);
}
*ppbBufferIn = pbNewAuthData; *pdwSizeOfIn = dwSize; } while (FALSE);
return dwRetCode;}
//
// ElGetEapKeyFromToken
//
// Description:
//
// Function to get handle to User hive from User Token
//
// Arguments:
// hUserToken - handle to user token
// phkey - output: pointer to handle to user hive
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElGetEapKeyFromToken ( IN HANDLE hUserToken, OUT HKEY *phkey ){ DWORD dwSizeNeeded; TOKEN_USER *pTokenData = NULL; UNICODE_STRING UnicodeSidString; WCHAR wsUnicodeBuffer[256]; HKEY hUserKey; HKEY hkeyEap; DWORD dwDisposition; NTSTATUS Status = STATUS_SUCCESS; PBYTE pbInfo = NULL; CHAR *pszInfo = NULL; DWORD dwType; DWORD dwInfoSize = 0; LONG lRetVal; EAPOL_PCB *pPCB; DWORD i; LONG lError = ERROR_SUCCESS; DWORD dwRetCode = NO_ERROR;
do { if (hUserToken != NULL) { if (!GetTokenInformation(hUserToken, TokenUser, 0, 0, &dwSizeNeeded)) { if ((dwRetCode = GetLastError()) == ERROR_INSUFFICIENT_BUFFER) { pTokenData = (TOKEN_USER *) MALLOC (dwSizeNeeded);
if (pTokenData == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY,"ElGetEapKeyFromToken: Allocation for TokenData failed"); break; } // Reset error code since we are continuing processing
// This was a valid scenario
dwRetCode = NO_ERROR; } else { TRACE1 (ANY,"ElGetEapKeyFromToken: Error in GetTokenInformation = %ld", dwRetCode); break; }
if (!GetTokenInformation (hUserToken, TokenUser, pTokenData, dwSizeNeeded, &dwSizeNeeded)) { dwRetCode = GetLastError (); TRACE1 (ANY,"ElGetEapKeyFromToken: GetTokenInformation failed with error %ld", dwRetCode); break; }
UnicodeSidString.Buffer = wsUnicodeBuffer; UnicodeSidString.Length = 0; UnicodeSidString.MaximumLength = sizeof(wsUnicodeBuffer);
Status = RtlConvertSidToUnicodeString ( &UnicodeSidString, pTokenData->User.Sid, FALSE);
if (!NT_SUCCESS(Status)) { dwRetCode = GetLastError (); TRACE1 (ANY, "ElGetEapKeyFromToken: RtlconvertSidToUnicodeString failed with error %ld", dwRetCode); break; }
UnicodeSidString.Buffer[UnicodeSidString.Length] = 0;
// Open the user's key
if ((lError = RegOpenKeyEx(HKEY_USERS, UnicodeSidString.Buffer, 0, KEY_ALL_ACCESS, &hUserKey)) != ERROR_SUCCESS) { dwRetCode = (DWORD)lError; TRACE1 (USER, "ElGetEapKeyFromToken: RegOpenKeyEx failed with error %ld", dwRetCode); break; } } else { TRACE0 (ANY,"ElGetEapKeyFromToken: GetTokenInformation succeeded when it should have failed"); break; } } else { TRACE0 (ANY, "ElGetEapKeyFromToken: Error, hUserToken == NULL "); dwRetCode = ERROR_NO_TOKEN; break; }
*phkey = hUserKey;
} while (FALSE);
if (pTokenData != NULL) { FREE (pTokenData); }
return dwRetCode;}
//
// ElInitRegPortData
//
// Description:
//
// Function to verify existence of connection data for the port
// If no data exists, initialize with default values
// For EAP-TLS, default settings are no server certificate authentication,
// registry certificates
//
// Arguments:
// pwszDeviceGUID - Pointer to GUID string for the port for which data is being
// initiialized
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElInitRegPortData ( WCHAR *pwszDeviceGUID ){ DWORD dwAuthData = 0; BYTE *pConnProp = NULL; DWORD dwSizeOfConnProp = 0; DWORD dwRetCode = NO_ERROR;
do { // Get the size of the Eap data first
if ((dwRetCode = ElGetCustomAuthData ( pwszDeviceGUID, DEFAULT_EAP_TYPE, 0, NULL, NULL, &dwAuthData )) != NO_ERROR) { TRACE1 (ANY, "ElInitRegPortData: ElGetCustomAuthData returned error %ld", dwRetCode);
// There is data in the registry
if (dwRetCode == ERROR_BUFFER_TOO_SMALL) { dwRetCode = NO_ERROR; break; }
if ((dwRetCode = ElCreateDefaultEapData (&dwSizeOfConnProp, NULL)) == ERROR_BUFFER_TOO_SMALL) { if ((pConnProp = MALLOC (dwSizeOfConnProp)) == NULL) { TRACE0 (ANY, "ElInitRegPortData: MALLOC failed for Conn Prop"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } if ((dwRetCode = ElCreateDefaultEapData (&dwSizeOfConnProp, pConnProp)) != NO_ERROR) { TRACE1 (ANY, "ElInitRegPortData: ElCreateDefaultEapData failed with error (%ld)", dwRetCode); break; } }
// Set this blob into the registry for the port
if ((dwRetCode = ElSetCustomAuthData ( pwszDeviceGUID, DEFAULT_EAP_TYPE, 0, NULL, pConnProp, &dwSizeOfConnProp )) != NO_ERROR) { TRACE1 (ANY, "ElInitRegPortData: ElSetCustomAuthData failed with %ld", dwRetCode); break; } }
} while (FALSE);
if (pConnProp != NULL) { FREE (pConnProp); pConnProp = NULL; }
TRACE1 (ANY, "ElInitRegPortData: completed with error %ld", dwRetCode);
return dwRetCode;}
//
// ElCreateDefaultEapData
//
// Description:
//
// Function to create default EAP data for a connection
// Current default EAP type is EAP-TLS.
// For EAP-TLS, default settings are no server certificate authentication,
// registry certificates
//
// Arguments:
// *pdwSizeOfEapData -
// pbEapData -
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElCreateDefaultEapData ( IN OUT DWORD *pdwSizeOfEapData, IN OUT BYTE *pbEapData ){ EAPTLS_CONN_PROPERTIES ConnProp; DWORD dwRetCode = NO_ERROR;
do { if (*pdwSizeOfEapData < sizeof (EAPTLS_CONN_PROPERTIES)) { *pdwSizeOfEapData = sizeof (EAPTLS_CONN_PROPERTIES); dwRetCode = ERROR_BUFFER_TOO_SMALL; break; }
ZeroMemory ((VOID *)&ConnProp, sizeof (EAPTLS_CONN_PROPERTIES));
// Registry certs, Server cert validation, No server name
// comparison
ConnProp.fFlags = (EAPTLS_CONN_FLAG_REGISTRY | EAPTLS_CONN_FLAG_NO_VALIDATE_CERT | EAPTLS_CONN_FLAG_NO_VALIDATE_NAME);
ConnProp.fFlags &= ~EAPTLS_CONN_FLAG_NO_VALIDATE_CERT; ConnProp.dwSize = sizeof (EAPTLS_CONN_PROPERTIES);
memcpy ((VOID *)pbEapData, (VOID *)&ConnProp, sizeof (EAPTLS_CONN_PROPERTIES)); *pdwSizeOfEapData = sizeof (EAPTLS_CONN_PROPERTIES);
} while (FALSE);
return dwRetCode;}
//
// ElAuthAttributeGetVendorSpecific
//
//
// Description:
// Helper function used to extract MPPE Key out of Attrribute.
//
RAS_AUTH_ATTRIBUTE *ElAuthAttributeGetVendorSpecific ( IN DWORD dwVendorId, IN DWORD dwVendorType, IN RAS_AUTH_ATTRIBUTE * pAttributes ){ HANDLE hAttribute; RAS_AUTH_ATTRIBUTE * pAttribute;
//
// First search for the vendor specific attribute
//
pAttribute = ElAuthAttributeGetFirst ( raatVendorSpecific, pAttributes, &hAttribute );
while ( pAttribute != NULL ) { //
// If this attribute is of at least size to hold vendor Id/Type
//
if ( pAttribute->dwLength >= 8 ) { //
// Does this have the correct VendorId
//
if (WireToHostFormat32( (PBYTE)(pAttribute->Value) ) == dwVendorId) { //
// Does this have the correct Vendor Type
//
if ( *(((PBYTE)(pAttribute->Value))+4) == dwVendorType ) { return( pAttribute ); } } }
pAttribute = ElAuthAttributeGetNext ( &hAttribute, raatVendorSpecific ); }
return( NULL );}
//
// ElAuthAttributeGetFirst
//
// Description:
// Helper function used to extract MPPE Key out of Attrribute.
//
RAS_AUTH_ATTRIBUTE *ElAuthAttributeGetFirst ( IN RAS_AUTH_ATTRIBUTE_TYPE raaType, IN RAS_AUTH_ATTRIBUTE * pAttributes, OUT HANDLE * phAttribute ){ DWORD dwIndex; RAS_AUTH_ATTRIBUTE * pRequiredAttribute;
pRequiredAttribute = ElAuthAttributeGet ( raaType, pAttributes );
if ( pRequiredAttribute == NULL ) { *phAttribute = NULL;
return( NULL ); }
*phAttribute = pRequiredAttribute;
return( pRequiredAttribute );}
//
// ElAuthAttributeGetNext
//
// Description:
// Helper function used to extract MPPE Key out of Attrribute.
//
RAS_AUTH_ATTRIBUTE *ElAuthAttributeGetNext ( IN OUT HANDLE * phAttribute, IN RAS_AUTH_ATTRIBUTE_TYPE raaType ){ DWORD dwIndex; RAS_AUTH_ATTRIBUTE * pAttributes = (RAS_AUTH_ATTRIBUTE *)*phAttribute;
if ( pAttributes == NULL ) { return( NULL ); }
pAttributes++;
while( pAttributes->raaType != raatMinimum ) { if ( pAttributes->raaType == raaType ) { *phAttribute = pAttributes; return( pAttributes ); }
pAttributes++; }
*phAttribute = NULL; return( NULL );}
//
// ElAuthAttributeGet
//
// Description:
// Helper function used to extract MPPE Key out of Attrribute.
//
RAS_AUTH_ATTRIBUTE *ElAuthAttributeGet ( IN RAS_AUTH_ATTRIBUTE_TYPE raaType, IN RAS_AUTH_ATTRIBUTE * pAttributes ){ DWORD dwIndex;
if ( pAttributes == NULL ) { return( NULL ); }
for( dwIndex = 0; pAttributes[dwIndex].raaType != raatMinimum; dwIndex++ ) { if ( pAttributes[dwIndex].raaType == raaType ) { return( &(pAttributes[dwIndex]) ); } }
return( NULL );}
//
// ElReverseString
//
// Description:
// Reverses order of characters in 'psz'
//
VOIDElReverseString ( CHAR* psz ){ CHAR* pszBegin; CHAR* pszEnd;
for (pszBegin = psz, pszEnd = psz + strlen( psz ) - 1; pszBegin < pszEnd; ++pszBegin, --pszEnd) { CHAR ch = *pszBegin; *pszBegin = *pszEnd; *pszEnd = ch; }}
//
// ElEncodePw
//
// Description:
//
// Obfuscate 'pszPassword' in place to foil memory scans for passwords.
// Returns the address of 'pszPassword'.
//
CHAR*ElEncodePw ( IN OUT CHAR* pszPassword ){ if (pszPassword) { CHAR* psz;
ElReverseString (pszPassword);
for (psz = pszPassword; *psz != '\0'; ++psz) { if (*psz != (CHAR)PASSWORDMAGIC) *psz ^= PASSWORDMAGIC; } }
return pszPassword;}
//
// ElDecodePw
//
// Description:
//
// Un-obfuscate 'pszPassword' in place.
// Returns the address of 'pszPassword'.
//
CHAR*ElDecodePw ( IN OUT CHAR* pszPassword ){ return ElEncodePw (pszPassword);}
//
// ElSecureEncodePw
//
// Description:
//
// Encrypt password locally using user-ACL
//
DWORDElSecureEncodePw ( IN BYTE *pbPassword, IN DWORD dwSizeOfPassword, OUT DATA_BLOB *pDataBlob ){ DWORD dwRetCode = NO_ERROR; DATA_BLOB blobIn = {0}, blobOut = {0};
do { blobIn.cbData = dwSizeOfPassword; blobIn.pbData = pbPassword;
if (!CryptProtectData ( &blobIn, L"", NULL, NULL, NULL, 0, &blobOut)) { dwRetCode = GetLastError (); break; } // copy over blob to password
if (pDataBlob->pbData != NULL) { FREE (pDataBlob->pbData); pDataBlob->pbData = NULL; pDataBlob->cbData = 0; }
pDataBlob->pbData = MALLOC (blobOut.cbData); if (pDataBlob->pbData == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
memcpy (pDataBlob->pbData, blobOut.pbData, blobOut.cbData); pDataBlob->cbData = blobOut.cbData; } while (FALSE);
if (blobOut.pbData != NULL) { LocalFree (blobOut.pbData); }
if (dwRetCode != NO_ERROR) { if (pDataBlob->pbData != NULL) { FREE (pDataBlob->pbData); pDataBlob->pbData = NULL; pDataBlob->cbData = 0; } }
return dwRetCode;}
//
// ElDecodePw
//
// Description:
//
// Decrypt password locally using user-ACL
//
DWORDElSecureDecodePw ( IN DATA_BLOB *pDataBlob, OUT PBYTE *ppbPassword, OUT DWORD *pdwSizeOfPassword ){ DWORD dwRetCode = NO_ERROR; DATA_BLOB blobOut = {0}; LPWSTR pDescrOut = NULL; // NULL;
do { if (!CryptUnprotectData ( pDataBlob, &pDescrOut, NULL, NULL, NULL, 0, &blobOut)) { dwRetCode = GetLastError (); break; } // copy over blob to password
if (*ppbPassword != NULL) { FREE (*ppbPassword); *ppbPassword = NULL; }
*ppbPassword = MALLOC (blobOut.cbData); if (*ppbPassword == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
*pdwSizeOfPassword = blobOut.cbData; memcpy ((BYTE *)*ppbPassword, blobOut.pbData, blobOut.cbData); // TRACE1 (ANY, "SecureDecode: Password = %ws", *ppbPassword);
} while (FALSE);
if (blobOut.pbData != NULL) { LocalFree (blobOut.pbData); } if (pDescrOut) { LocalFree (pDescrOut); }
if (dwRetCode != NO_ERROR) { if (*ppbPassword != NULL) { FREE (*ppbPassword); *ppbPassword = NULL; } }
return dwRetCode;}
//
// Call: ElEncryptKeyUsingMD5
//
// Description:
// Given a secret, encrypt a given blob
//
//
//
VOIDElEncryptBlockUsingMD5 ( IN BYTE *pbSecret, IN ULONG ulSecretLen, IN OUT BYTE *pbBuf, IN ULONG ulBufLen ){ MD5_CTX MD5Context; BYTE bcipherText[MD5DIGESTLEN]; BYTE *pbWork = NULL, *pbEnd = NULL; BYTE *pbEndBlock = NULL, *pbSrc = NULL;
//
// Compute the beginning and end of the data to be crypted
//
pbWork = pbBuf; pbEnd = pbBuf + ulBufLen;
//
// Loop through the buffer
//
while (pbWork < pbEnd) { // Compute the digest
MD5Init (&MD5Context); MD5Update (&MD5Context, pbSecret, ulSecretLen); MD5Final (&MD5Context);
// Find the end of the block to be decrypted
pbEndBlock = pbWork + MD5DIGESTLEN; if (pbEndBlock >= pbEnd) { // We've reached the end of the buffer
pbEndBlock = pbEnd; } else { // ISSUE: Save the ciphertext for the next pass?
} // Crypt the block
for (pbSrc = MD5Context.digest; pbWork < pbEndBlock; ++pbWork, ++pbSrc) { *pbWork ^= *pbSrc; } }}
//
// ElDecryptKeyUsingMD5
//
// Description:
// Given a secret, decrypt a given blob
//
//
//
VOIDElDecryptBlockUsingMD5 ( IN BYTE *pbSecret, IN ULONG ulSecretLen, IN OUT BYTE *pbBuf, IN ULONG ulBufLen ){ MD5_CTX MD5Context; BYTE bcipherText[MD5DIGESTLEN]; BYTE *pbWork = NULL, *pbEnd = NULL; BYTE *pbEndBlock = NULL, *pbSrc = NULL; DWORD dwNumBlocks = 0; DWORD dwBlock = 0; DWORD dwIndex = 0;
dwNumBlocks = ( ulBufLen - 2 ) / MD5DIGESTLEN;
//
// Walk through the blocks
//
for (dwBlock = 0; dwBlock < dwNumBlocks; dwBlock++ ) { MD5Init ( &MD5Context); MD5Update ( &MD5Context, (PBYTE)pbSecret, ulSecretLen);
//
// ISSUE:
// Do we use any part of the ciphertext at all to generate
// the digest
//
MD5Final ( &MD5Context);
for ( dwIndex = 0; dwIndex < MD5DIGESTLEN; dwIndex++ ) { *pbBuf ^= MD5Context.digest[dwIndex]; pbBuf++; } }
}
//
// ElGetHMACMD5Digest
//
// Description:
//
// Given a secret, generate a MD5 digest
//
// Arguments:
// pbBuf - pointer to data stream
// dwBufLen - length of data stream
// pbKey - pointer to authentication key
// dwKeyLen - length of authentication key
// pvDigest - caller digest to be filled in
//
// Return values:
// None
//
VOIDElGetHMACMD5Digest ( IN BYTE *pbBuf, IN DWORD dwBufLen, IN BYTE *pbKey, IN DWORD dwKeyLen, IN OUT VOID *pvDigest ){ MD5_CTX MD5context; UCHAR k_ipad[65]; /* inner padding - key XORd with ipad */ UCHAR k_opad[65]; /* outer padding - key XORd with opad */ UCHAR tk[16]; DWORD dwIndex = 0;
// if key is longer than 64 bytes reset it to key=MD5(key)
if (dwKeyLen > 64) { MD5_CTX tctx;
MD5Init (&tctx); MD5Update (&tctx, pbKey, dwKeyLen); MD5Final (&tctx); memcpy (tk, tctx.digest, 16); pbKey = tk; dwKeyLen = 16; } //
// the HMAC_MD5 transform looks like:
//
// MD5(K XOR opad, MD5(K XOR ipad, text))
//
// where K is an n byte key
// ipad is the byte 0x36 repeated 64 times
// opad is the byte 0x5c repeated 64 times
// and text is the data being protected
//
// start out by storing key in pads
ZeroMemory ( k_ipad, sizeof k_ipad); ZeroMemory ( k_opad, sizeof k_opad); memcpy ( k_ipad, pbKey, dwKeyLen); memcpy ( k_opad, pbKey, dwKeyLen);
// XOR key with ipad and opad values
for (dwIndex=0; dwIndex<64; dwIndex++) { k_ipad[dwIndex] ^= 0x36; k_opad[dwIndex] ^= 0x5c; }
//
// perform inner MD5
//
// init context for 1st pass
MD5Init(&MD5context); // start with inner pad
MD5Update(&MD5context, k_ipad, 64); // then text of datagram
MD5Update(&MD5context, pbBuf, dwBufLen); // finish up 1st pass
MD5Final(&MD5context); memcpy (pvDigest, MD5context.digest, MD5DIGESTLEN);
//
// perform outer MD5
//
// init context for 2nd pass
MD5Init(&MD5context); // start with outer pad
MD5Update(&MD5context, k_opad, 64); // then results of 1st hash
MD5Update(&MD5context, pvDigest, 16); // finish up 2nd pass
MD5Final(&MD5context); memcpy (pvDigest, MD5context.digest, MD5DIGESTLEN);}
//
// ElWmiGetValue
//
// Description:
//
// Get a value for a GUID instance through WMI
//
// Arguments:
// pGuid - Pointer to guid for which value is to be fetched
// pszInstanceName - Friendly name for the interface
// pbInputBuffer - Pointer to data
// dwInputBufferSize - Size of data
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElWmiGetValue ( IN GUID *pGuid, IN CHAR *pszInstanceName, IN OUT BYTE *pbOutputBuffer, IN OUT DWORD *pdwOutputBufferSize ){ WMIHANDLE WmiHandle = NULL; PWNODE_SINGLE_INSTANCE pWnode; ULONG ulBufferSize = 0; WCHAR *pwszInstanceName = NULL; BYTE *pbLocalBuffer = NULL; DWORD dwLocalBufferSize = 0; LONG lStatus = ERROR_SUCCESS;
do {
if ((pwszInstanceName = MALLOC ((strlen(pszInstanceName)+1) * sizeof (WCHAR))) == NULL) { TRACE2 (ANY, "ElWmiGetValue: MALLOC failed for pwszInstanceName, Friendlyname =%s, len= %ld", pszInstanceName, strlen(pszInstanceName)); lStatus = ERROR_NOT_ENOUGH_MEMORY; break; }
if (0 == MultiByteToWideChar( CP_ACP, 0, pszInstanceName, -1, pwszInstanceName, strlen(pszInstanceName)+1 ) ) { lStatus = GetLastError(); TRACE2 (ANY, "ElWmiGetValue: MultiByteToWideChar(%s) failed: %ld", pszInstanceName, lStatus); break; } pwszInstanceName[strlen(pszInstanceName)] = L'\0'; TRACE1 (ANY, "ElWmiGetValue: MultiByteToWideChar succeeded: %ws", pwszInstanceName);
if ((lStatus = WmiOpenBlock (pGuid, 0, &WmiHandle)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWmiGetValue: WmiOpenBlock failed with error %ld", lStatus); break; }
if ((lStatus = WmiQuerySingleInstance (WmiHandle, pwszInstanceName, &dwLocalBufferSize, NULL)) != ERROR_SUCCESS) {
if (lStatus == ERROR_INSUFFICIENT_BUFFER) { TRACE1 (ANY, "ElWmiGetValue: Size Required = %ld", dwLocalBufferSize);
if ((pbLocalBuffer = MALLOC (dwLocalBufferSize)) == NULL) { TRACE0 (ANY, "ElWmiGetValue: MALLOC failed for pbLocalBuffer"); lStatus = ERROR_NOT_ENOUGH_MEMORY; break; }
if ((lStatus = WmiQuerySingleInstance (WmiHandle, pwszInstanceName, &dwLocalBufferSize, pbLocalBuffer)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWmiGetValue: WmiQuerySingleInstance failed with error %ld", lStatus); break; }
pWnode = (PWNODE_SINGLE_INSTANCE)pbLocalBuffer;
// If enough space in the output buffer, copy the data block
if (*pdwOutputBufferSize >= pWnode->SizeDataBlock) { memcpy (pbOutputBuffer, (PBYTE)((BYTE *)pWnode + pWnode->DataBlockOffset), pWnode->SizeDataBlock ); } else { lStatus = ERROR_INSUFFICIENT_BUFFER; TRACE0 (ANY, "ElWmiGetValue: Not sufficient space to copy DataBlock"); *pdwOutputBufferSize = pWnode->SizeDataBlock; break; } *pdwOutputBufferSize = pWnode->SizeDataBlock; TRACE0 (ANY, "ElWmiGetValue: Got values from Wmi"); TRACE1 (ANY, "SizeofDataBlock = %ld", pWnode->SizeDataBlock); EAPOL_DUMPBA (pbOutputBuffer, *pdwOutputBufferSize); } else { TRACE1 (ANY, "ElWmiGetValue: WmiQuerySingleInstance failed with error %ld", lStatus); break; }
}
} while (FALSE);
if (WmiHandle != NULL) { if ((lStatus = WmiCloseBlock (WmiHandle)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWmiGetValue: WmiOpenBlock failed with error %ld", lStatus); } }
if (pbLocalBuffer != NULL) { FREE (pbLocalBuffer); }
if (pwszInstanceName != NULL) { FREE (pwszInstanceName); }
return (DWORD)lStatus;
}
//
// ElWmiSetValue
//
// Description:
//
// Set a value for a GUID instance through WMI
//
// Arguments:
// pGuid - Pointer to guid for which value is to be set
// pszInstanceName - Friendly name for the interface
// pbInputBuffer - Pointer to data
// dwInputBufferSize - Size of data
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElWmiSetValue ( IN GUID *pGuid, IN CHAR *pszInstanceName, IN BYTE *pbInputBuffer, IN DWORD dwInputBufferSize ){ WMIHANDLE WmiHandle = NULL; PWNODE_SINGLE_INSTANCE pWnode; ULONG ulBufferSize = 0; WCHAR *pwszInstanceName = NULL; BYTE bBuffer[4096];
LONG lStatus = ERROR_SUCCESS;
do {
if ((pwszInstanceName = MALLOC ((strlen(pszInstanceName)+1) * sizeof (WCHAR))) == NULL) { TRACE0 (ANY, "ElWmiSetValue: MALLOC failed for pwszInstanceName"); lStatus = ERROR_NOT_ENOUGH_MEMORY; break; }
if (0 == MultiByteToWideChar( CP_ACP, 0, pszInstanceName, -1, pwszInstanceName, strlen(pszInstanceName)+1 ) ) { lStatus = GetLastError(); TRACE2 (ANY, "ElWmiSetValue: MultiByteToWideChar(%s) failed: %d", pszInstanceName, lStatus); break; } pwszInstanceName[strlen(pszInstanceName)] = L'\0'; if ((lStatus = WmiOpenBlock (pGuid, 0, &WmiHandle)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWmiSetValue: WmiOpenBlock failed with error %ld", lStatus); break; }
if ((lStatus = WmiSetSingleInstance (WmiHandle, pwszInstanceName, 1, dwInputBufferSize, pbInputBuffer)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWmiSetValue: WmiSetSingleInstance failed with error %ld", lStatus); break; }
TRACE0 (ANY, "ElWmiSetValue: Successful !!!");
} while (FALSE);
if (WmiHandle != NULL) { if ((lStatus = WmiCloseBlock (WmiHandle)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWmiSetValue: WmiOpenBlock failed with error %ld", lStatus); } }
if (pwszInstanceName != NULL) { FREE (pwszInstanceName); }
return (DWORD)lStatus;
}
//
// ElNdisuioSetOIDValue
//
// Description:
//
// Set a value for an OID for an interface using Ndisuio
//
// Arguments:
// hInterface - Ndisuio handle to interface
// Oid - Oid for which value needs to be set
// pbOidData - Pointer to Oid data
// ulOidDataLength - Oid data length
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElNdisuioSetOIDValue ( IN HANDLE hInterface, IN NDIS_OID Oid, IN BYTE *pbOidData, IN ULONG ulOidDataLength ){ PNDISUIO_SET_OID pSetOid = NULL; DWORD BytesReturned = 0; BOOLEAN fSuccess = TRUE; DWORD dwRetCode = NO_ERROR;
do { pSetOid = (PNDISUIO_SET_OID) MALLOC (ulOidDataLength + sizeof(NDISUIO_SET_OID));
if (pSetOid == NULL) { TRACE0 (ANY, "ElNdisuioSetOIDValue: MALLOC failed for pSetOid"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } pSetOid->Oid = Oid; memcpy(&pSetOid->Data[0], pbOidData, ulOidDataLength);
fSuccess = (BOOLEAN) DeviceIoControl ( hInterface, IOCTL_NDISUIO_SET_OID_VALUE, (LPVOID)pSetOid, FIELD_OFFSET(NDISUIO_SET_OID, Data) + ulOidDataLength, (LPVOID)pSetOid, 0, &BytesReturned, NULL); if (!fSuccess) { TRACE1 (ANY, "ElNdisuioSetOIDValue: DeviceIoControl failed with error %ld", (dwRetCode = GetLastError())); break; } else { TRACE0 (ANY, "ElNdisuioSetOIDValue: DeviceIoControl succeeded"); }
} while (FALSE);
if (pSetOid != NULL) { FREE (pSetOid); }
return dwRetCode;}
//
// ElNdisuioQueryOIDValue
//
// Description:
//
// Query the value for an OID for an interface using Ndisuio
//
// Arguments:
// hInterface - Ndisuio handle to interface
// Oid - Oid for which value needs to be set
// pbOidValue - Pointer to Oid value
// pulOidDataLength - Pointer to Oid data length
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElNdisuioQueryOIDValue ( IN HANDLE hInterface, IN NDIS_OID Oid, IN BYTE *pbOidData, IN ULONG *pulOidDataLength ){ PNDISUIO_QUERY_OID pQueryOid = NULL; DWORD BytesReturned = 0; BOOLEAN fSuccess = TRUE; DWORD dwRetCode = NO_ERROR;
do { pQueryOid = (PNDISUIO_QUERY_OID) MALLOC (*pulOidDataLength + sizeof(NDISUIO_QUERY_OID));
if (pQueryOid == NULL) { TRACE0 (ANY, "ElNdisuioQueryOIDValue: MALLOC failed for pQueryOid"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } pQueryOid->Oid = Oid;
fSuccess = (BOOLEAN) DeviceIoControl ( hInterface, IOCTL_NDISUIO_QUERY_OID_VALUE, (LPVOID)pQueryOid, FIELD_OFFSET(NDISUIO_QUERY_OID, Data) + *pulOidDataLength, (LPVOID)pQueryOid, FIELD_OFFSET(NDISUIO_QUERY_OID, Data) + *pulOidDataLength, &BytesReturned, NULL); if (!fSuccess) { dwRetCode = GetLastError(); TRACE2 (ANY, "ElNdisuioQueryOIDValue: DeviceIoControl failed with error %ld, BytesReturned = %ld", dwRetCode, BytesReturned); *pulOidDataLength = BytesReturned; break; } else { BytesReturned -= FIELD_OFFSET(NDISUIO_QUERY_OID, Data);
if (BytesReturned > *pulOidDataLength) { BytesReturned = *pulOidDataLength; } else { *pulOidDataLength = BytesReturned; }
memcpy(pbOidData, &pQueryOid->Data[0], BytesReturned); } } while (FALSE);
if (pQueryOid != NULL) { FREE (pQueryOid); }
return dwRetCode;}
//
// ElGuidFromString
//
// Description:
//
// Convert a GUID-string to GUID
//
// Arguments:
// pGuid - pointer to GUID
// pwszGuidString - pointer to string version of GUID
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORD ElGuidFromString ( IN OUT GUID *pGuid, IN WCHAR *pwszGuidString ){ DWORD dwGuidLen = 0; WCHAR wszGuidString[64]; LPWSTR lpwszWithBraces = NULL; HRESULT hr = S_OK; DWORD dwRetCode = NO_ERROR;
do {
if (pwszGuidString == NULL) { break; }
ZeroMemory (pGuid, sizeof(GUID));
if ((hr = CLSIDFromString (pwszGuidString, pGuid)) != NOERROR) { TRACE1 (ANY, "ElGuidFromString: CLSIDFromString failed with error %0lx", hr); dwRetCode = ERROR_CAN_NOT_COMPLETE; }
} while (FALSE);
return dwRetCode;}
//
// ElGetLoggedOnUserName
//
// Description:
//
// Get the Username and Domain of the currently logged in user
//
// Arguments:
// hToken - User token
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
//
DWORDElGetLoggedOnUserName ( IN HANDLE hToken, OUT PWCHAR *ppwszActiveUserName ){ HANDLE hUserToken; WCHAR *pwszUserNameBuffer = NULL; DWORD dwBufferSize = 0; BOOL fNeedToRevertToSelf = FALSE; DWORD dwRetCode = NO_ERROR;
do { hUserToken = hToken;
if (hUserToken != NULL) { if (!ImpersonateLoggedOnUser (hUserToken)) { dwRetCode = GetLastError(); TRACE1 (USER, "ElGetLoggedOnUserName: ImpersonateLoggedOnUser failed with error %ld", dwRetCode); break; }
fNeedToRevertToSelf = TRUE;
dwBufferSize = 0; if (!GetUserNameEx (NameSamCompatible, NULL, &dwBufferSize)) { dwRetCode = GetLastError (); if (dwRetCode == ERROR_MORE_DATA) { dwRetCode = NO_ERROR; if ((pwszUserNameBuffer = MALLOC (dwBufferSize*sizeof(WCHAR))) == NULL) { TRACE0 (ANY, "ElGetLoggedOnUserName: MALLOC failed for pwszUserNameBuffer"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } if (!GetUserNameEx (NameSamCompatible, pwszUserNameBuffer, &dwBufferSize)) { dwRetCode = GetLastError (); TRACE1 (ANY, "ElGetLoggedOnUserName: GetUserNameEx failed with error %ld", dwRetCode); break; } TRACE1 (ANY, "ElGetLoggedOnUserName: Got User Name %ws", pwszUserNameBuffer); } else { TRACE1 (ANY, "ElGetLoggedOnUserName: GetUserNameEx failed with error %ld", dwRetCode); break; } } } else { dwRetCode = ERROR_CAN_NOT_COMPLETE; TRACE0 (ANY, "ElGetLoggedOnUserName: UserToken is NULL"); break; }
} while (FALSE);
if (pwszUserNameBuffer != NULL) { *ppwszActiveUserName = pwszUserNameBuffer; }
// Revert impersonation
if (fNeedToRevertToSelf) { if (!RevertToSelf()) { DWORD dwRetCode1 = NO_ERROR; dwRetCode1 = GetLastError(); TRACE1 (USER, "ElGetLoggedOnUserName: Error in RevertToSelf = %ld", dwRetCode1); dwRetCode = ERROR_BAD_IMPERSONATION_LEVEL; } }
return dwRetCode;}
//
// ElGetMachineName
//
// Description:
//
// Get the machine name of the computer the service is currently running on
//
// Arguments:
// pPCB - Pointer to PCB for the port on which machine name is to
// to be obtained
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
//
DWORDElGetMachineName ( IN EAPOL_PCB *pPCB ){ WCHAR *pwszComputerNameBuffer = NULL; CHAR *pszComputerNameBuffer = NULL; WCHAR *pwszComputerDomainBuffer = NULL; CHAR *pszComputerDomainBuffer = NULL; DWORD dwBufferSize = 0; DWORD dwRetCode = NO_ERROR;
do { dwBufferSize = 0; if (!GetComputerNameEx (ComputerNamePhysicalNetBIOS, NULL, &dwBufferSize)) { dwRetCode = GetLastError (); if (dwRetCode == ERROR_MORE_DATA) { // Reset error
dwRetCode = NO_ERROR; if ((pwszComputerNameBuffer = MALLOC (dwBufferSize*sizeof(WCHAR))) == NULL) { TRACE0 (ANY, "ElGetMachineName: MALLOC failed for pwszComputerNameBuffer"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
if (!GetComputerNameEx (ComputerNamePhysicalNetBIOS, pwszComputerNameBuffer, &dwBufferSize)) { dwRetCode = GetLastError (); TRACE1 (ANY, "ElGetMachineName: GetComputerNameEx failed with error %ld", dwRetCode); break; }
TRACE1 (ANY, "ElGetMachineName: Got Computer Name %ws", pwszComputerNameBuffer);
pszComputerNameBuffer = MALLOC (wcslen(pwszComputerNameBuffer) + 1); if (pszComputerNameBuffer == NULL) { TRACE0 (ANY, "ElGetMachineName: MALLOC failed for pszComputerNameBuffer"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
if (0 == WideCharToMultiByte ( CP_ACP, 0, pwszComputerNameBuffer, -1, pszComputerNameBuffer, wcslen(pwszComputerNameBuffer)+1, NULL, NULL )) { dwRetCode = GetLastError(); TRACE2 (ANY, "ElGetMachineName: WideCharToMultiByte (%ws) failed: %ld", pwszComputerNameBuffer, dwRetCode); break; }
pszComputerNameBuffer[wcslen(pwszComputerNameBuffer)] = L'\0';
} else { TRACE1 (ANY, "ElGetMachineName: GetComputerNameEx failed with error %ld", dwRetCode); break; } }
dwBufferSize = 0; if (!GetComputerNameEx (ComputerNamePhysicalDnsDomain, NULL, &dwBufferSize)) { dwRetCode = GetLastError (); if (dwRetCode == ERROR_MORE_DATA) { // Reset error
dwRetCode = NO_ERROR; if ((pwszComputerDomainBuffer = MALLOC (dwBufferSize*sizeof(WCHAR))) == NULL) { TRACE0 (ANY, "ElGetMachineName: MALLOC failed for pwszComputerDomainBuffer"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
if (!GetComputerNameEx (ComputerNamePhysicalDnsDomain, pwszComputerDomainBuffer, &dwBufferSize)) { dwRetCode = GetLastError (); TRACE1 (ANY, "ElGetMachineName: GetComputerNameEx Domain failed with error %ld", dwRetCode); break; }
TRACE1 (ANY, "ElGetMachineName: Got Computer Domain %ws", pwszComputerDomainBuffer);
pszComputerDomainBuffer = MALLOC (wcslen(pwszComputerDomainBuffer) + 1); if (pszComputerDomainBuffer == NULL) { TRACE0 (ANY, "ElGetMachineName: MALLOC failed for pszComputerDomainBuffer"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
if (0 == WideCharToMultiByte ( CP_ACP, 0, pwszComputerDomainBuffer, -1, pszComputerDomainBuffer, wcslen(pwszComputerDomainBuffer)+1, NULL, NULL )) { dwRetCode = GetLastError(); TRACE2 (ANY, "ElGetMachineName: WideCharToMultiByte (%ws) failed: %ld", pwszComputerDomainBuffer, dwRetCode); break; }
pszComputerDomainBuffer[wcslen(pwszComputerDomainBuffer)] = L'\0'; *(strrchr (pszComputerDomainBuffer, '.')) = '\0';
if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; }
pPCB->pszIdentity = MALLOC (strlen(pszComputerDomainBuffer) + strlen(pszComputerNameBuffer) + 3);
if (pPCB->pszIdentity == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElGetMachineName: MALLOC failed for pPCB->pszIdentity"); break; } memcpy (pPCB->pszIdentity, pszComputerDomainBuffer, strlen(pszComputerDomainBuffer)); pPCB->pszIdentity[strlen(pszComputerDomainBuffer)] = '\\'; memcpy (&pPCB->pszIdentity[strlen(pszComputerDomainBuffer)+1], pszComputerNameBuffer, strlen(pszComputerNameBuffer));
pPCB->pszIdentity[strlen(pszComputerDomainBuffer)+1+strlen(pszComputerNameBuffer)] = '$'; pPCB->pszIdentity[strlen(pszComputerDomainBuffer)+1+strlen(pszComputerNameBuffer)+1] = '\0';
} else { TRACE1 (ANY, "ElGetMachineName: GetComputerNameEx failed with error %ld", dwRetCode); break; } }
} while (FALSE);
if (pwszComputerNameBuffer != NULL) { FREE (pwszComputerNameBuffer); }
if (pszComputerNameBuffer != NULL) { FREE (pszComputerNameBuffer); }
if (pwszComputerDomainBuffer != NULL) { FREE (pwszComputerDomainBuffer); }
if (pszComputerDomainBuffer != NULL) { FREE (pszComputerDomainBuffer); }
return dwRetCode;
}
//
// ElUpdateRegistryInterfaceList
//
// Description:
//
// Write the interface list to which NDISUIO is bound to, to the registry
//
// Arguments:
// Interfaces - Interface list containing Device Name and Description
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
//
DWORDElUpdateRegistryInterfaceList ( IN PNDIS_ENUM_INTF Interfaces ){ WCHAR *pwszRegInterfaceList = NULL; HKEY hkey = NULL; DWORD dwDisposition = 0; LONG lError = ERROR_SUCCESS;
DWORD dwRetCode = NO_ERROR;
do { ANSI_STRING InterfaceName; UCHAR ucBuffer[256]; DWORD i; DWORD dwSizeOfList = 0;
// Determine the number of bytes in the list
for (i=0; i < Interfaces->TotalInterfaces; i++) { if (Interfaces->Interface[i].DeviceName.Buffer != NULL) { dwSizeOfList += wcslen(Interfaces->Interface[i].DeviceName.Buffer); } else { TRACE0 (ANY, "ElUpdateRegistryInterfaceList: Device Name was NULL"); continue; } }
// One extra char for terminating NULL char
pwszRegInterfaceList = (WCHAR *) MALLOC ((dwSizeOfList + 1)*sizeof(WCHAR));
if ( pwszRegInterfaceList == NULL ) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElUpdateRegistryInterfaceList: MALLOC failed for pwszRegInterfaceList"); break; }
// Start again
dwSizeOfList = 0;
// Create the string in REG_SZ format
for (i=0; i < Interfaces->TotalInterfaces; i++) { if (Interfaces->Interface[i].DeviceName.Buffer != NULL) { wcscat (pwszRegInterfaceList, Interfaces->Interface[i].DeviceName.Buffer); dwSizeOfList += (wcslen(Interfaces->Interface[i].DeviceName.Buffer)); } else { TRACE0 (ANY, "ElUpdateRegistryInterfaceList: Device Name was NULL"); continue; } }
// Final NULL character
pwszRegInterfaceList[dwSizeOfList++] = L'\0';
// Write the string as a REG_SZ value
// Get handle to
// HKLM\Software\Microsoft\EAPOL\Parameters\General
if ((lError = RegCreateKeyEx ( HKEY_LOCAL_MACHINE, cwszEapKeyEapolServiceParams, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hkey, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElUpdateRegistryInterfaceList: Error in RegCreateKeyEx for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
//
// Set the value of
// ...\EAPOL\Parameters\General\InterfaceList key
//
if ((lError = RegSetValueEx ( hkey, cwszInterfaceList, 0, REG_SZ, (BYTE *)pwszRegInterfaceList, dwSizeOfList*sizeof(WCHAR))) != ERROR_SUCCESS) { TRACE1 (ANY, "ElUpdateRegistryInterfaceList: Error in RegSetValueEx for InterfaceList, %ld", lError); dwRetCode = (DWORD)lError; break; }
} while (FALSE);
if (hkey != NULL) { RegCloseKey (hkey); }
if (pwszRegInterfaceList != NULL) { FREE (pwszRegInterfaceList); }
return dwRetCode;}
//
// ElEnumAndUpdateRegistryInterfaceList
//
// Description:
//
// Enumerate the interface list to which NDISUIO is bound to.
// Write the interface list to the registry
//
// Arguments:
// None
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
//
DWORDElEnumAndUpdateRegistryInterfaceList ( ){ CHAR EnumerateBuffer[256]; PNDIS_ENUM_INTF Interfaces = NULL; BYTE *pbNdisuioEnumBuffer = NULL; DWORD dwNdisuioEnumBufferSize = 0; DWORD dwAvailableInterfaces = 0; WCHAR *pwszRegInterfaceList = NULL; HKEY hkey = NULL; DWORD dwDisposition = 0; ANSI_STRING InterfaceName; UCHAR ucBuffer[256]; DWORD i; DWORD dwSizeOfList = 0; LONG lError = ERROR_SUCCESS; DWORD dwRetCode = NO_ERROR;
do { ZeroMemory (EnumerateBuffer, 256); Interfaces = (PNDIS_ENUM_INTF)EnumerateBuffer;
// Allocate amount of memory as instructed by NdisEnumerateInterfaces
// once the API allows querying of bytes required
if (!NdisEnumerateInterfaces(Interfaces, 256)) { dwRetCode = GetLastError (); TRACE1 (ANY, "ElEnumAndUpdateRegistryInterfaceList: NdisEnumerateInterfaces failed with error %ld", dwRetCode); break; }
dwNdisuioEnumBufferSize = (Interfaces->BytesNeeded + 7) & 0xfffffff8; dwAvailableInterfaces = Interfaces->AvailableInterfaces; if (dwNdisuioEnumBufferSize == 0) { TRACE0 (ANY, "ElEnumAndUpdateRegistryInterfaceList: MALLOC skipped for pbNdisuioEnumBuffer as dwNdisuioEnumBufferSize == 0"); dwRetCode = NO_ERROR; break; }
pbNdisuioEnumBuffer = (BYTE *) MALLOC (4*dwNdisuioEnumBufferSize);
if (pbNdisuioEnumBuffer == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElEnumAndUpdateRegistryInterfaceList: MALLOC failed for pbNdisuioEnumBuffer"); break; } Interfaces = (PNDIS_ENUM_INTF)pbNdisuioEnumBuffer;
// Enumerate all the interfaces present on the machine
if ((dwRetCode = ElNdisuioEnumerateInterfaces ( Interfaces, dwAvailableInterfaces, 4*dwNdisuioEnumBufferSize)) != NO_ERROR) { TRACE1(ANY, "ElEnumAndUpdateRegistryInterfaceList: ElNdisuioEnumerateInterfaces failed with error %d", dwRetCode); break; }
// Update the interface list in the registry that NDISUIO has bound to.
// The current interface list is just overwritten into the registry.
// Determine the number of bytes in the list
for (i=0; i < Interfaces->TotalInterfaces; i++) { if (Interfaces->Interface[i].DeviceName.Buffer != NULL) { dwSizeOfList += wcslen(Interfaces->Interface[i].DeviceName.Buffer); } else { TRACE0 (ANY, "ElEnumAndUpdateRegistryInterfaceList: Device Name was NULL"); continue; } }
// One extra char for terminating NULL char
pwszRegInterfaceList = (WCHAR *) MALLOC ((dwSizeOfList + 1)*sizeof(WCHAR));
if ( pwszRegInterfaceList == NULL ) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElEnumAndUpdateRegistryInterfaceList: MALLOC failed for pwszRegInterfaceList"); break; }
// Start again
dwSizeOfList = 0;
// Create the string in REG_SZ format
for (i=0; i < Interfaces->TotalInterfaces; i++) { if (Interfaces->Interface[i].DeviceName.Buffer != NULL) { wcscat (pwszRegInterfaceList, Interfaces->Interface[i].DeviceName.Buffer); dwSizeOfList += (wcslen(Interfaces->Interface[i].DeviceName.Buffer)); } else { TRACE0 (ANY, "ElEnumAndUpdateRegistryInterfaceList: Device Name was NULL"); continue; } }
// Final NULL character
pwszRegInterfaceList[dwSizeOfList++] = L'\0';
// Write the string as a REG_SZ value
// Get handle to
// HKLM\Software\Microsoft\EAPOL\Parameters\General
if ((lError = RegCreateKeyEx ( HKEY_LOCAL_MACHINE, cwszEapKeyEapolServiceParams, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hkey, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElEnumAndUpdateRegistryInterfaceList: Error in RegCreateKeyEx for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
//
// Set the value of
// ...\EAPOL\Parameters\General\InterfaceList key
//
if ((lError = RegSetValueEx ( hkey, cwszInterfaceList, 0, REG_SZ, (BYTE *)pwszRegInterfaceList, dwSizeOfList*sizeof(WCHAR))) != ERROR_SUCCESS) { TRACE1 (ANY, "ElEnumAndUpdateRegistryInterfaceList: Error in RegSetValueEx for InterfaceList, %ld", lError); dwRetCode = (DWORD)lError; break; }
} while (FALSE);
if (pbNdisuioEnumBuffer != NULL) { FREE(pbNdisuioEnumBuffer); } if (hkey != NULL) { RegCloseKey (hkey); } if (pwszRegInterfaceList != NULL) { FREE (pwszRegInterfaceList); }
return dwRetCode;}
//
// ElReadGlobalRegistryParams
//
// Description:
//
// Read registry parameters global to EAPOL state machine
// i.e. maxStart, startPeriod, authPeriod, heldPeriod
//
// Arguments:
// Unused
//
// Return values:
//
// NO_ERROR - success
// non-zero - error
//
DWORDElReadGlobalRegistryParams (){ HKEY hKey = NULL; DWORD dwDisposition = 0; DWORD dwType = 0; DWORD dwInfoSize = 0; DWORD lError = 0; DWORD dwmaxStart=0, dwstartPeriod=0, dwauthPeriod=0, dwheldPeriod=0; DWORD dwSupplicantMode = EAPOL_DEFAULT_SUPPLICANT_MODE; DWORD dwEAPOLAuthMode = EAPOL_DEFAULT_AUTH_MODE; DWORD dwRetCode = NO_ERROR;
do {
// Get handle to
// HKLM\Software\Microsoft\EAPOL\Parameters\General\Global
if ((lError = RegCreateKeyEx ( HKEY_LOCAL_MACHINE, cwszEAPOLGlobalParams, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_READ, NULL, &hKey, &dwDisposition)) != ERROR_SUCCESS) { if (lError != ERROR_FILE_NOT_FOUND) { TRACE1 (ANY, "ElReadGlobalRegistryParams: Error in RegCreateKeyEx for base key, %ld", lError); } break; }
ACQUIRE_WRITE_LOCK (&g_EAPOLConfig);
// If setting values for the first time, initialize values
if (!(g_dwmaxStart || g_dwstartPeriod || g_dwauthPeriod || g_dwheldPeriod || g_dwSupplicantMode)) { g_dwmaxStart = EAPOL_MAX_START; g_dwstartPeriod = EAPOL_START_PERIOD; g_dwauthPeriod = EAPOL_AUTH_PERIOD; g_dwheldPeriod = EAPOL_HELD_PERIOD; g_dwSupplicantMode = EAPOL_DEFAULT_SUPPLICANT_MODE; } RELEASE_WRITE_LOCK (&g_EAPOLConfig);
dwmaxStart = g_dwmaxStart; dwstartPeriod = g_dwstartPeriod; dwauthPeriod = g_dwauthPeriod; dwheldPeriod = g_dwheldPeriod;
// Get the value of ..\General\EAPOLGlobal\authPeriod
dwInfoSize = sizeof(DWORD); if ((lError = RegQueryValueEx ( hKey, cwszAuthPeriod, 0, &dwType, (BYTE *)&dwauthPeriod, &dwInfoSize)) != ERROR_SUCCESS) { if (lError != ERROR_FILE_NOT_FOUND) { TRACE2 (ANY, "ElReadGlobalRegistryParams: Error in RegQueryValueEx for cszAuthPeriod, %ld, InfoSize=%ld", lError, dwInfoSize); } dwauthPeriod = g_dwauthPeriod; lError = ERROR_SUCCESS; }
// Get the value of ..\General\EAPOLGlobal\heldPeriod
dwInfoSize = sizeof(DWORD); if ((lError = RegQueryValueEx ( hKey, cwszHeldPeriod, 0, &dwType, (BYTE *)&dwheldPeriod, &dwInfoSize)) != ERROR_SUCCESS) { if (lError != ERROR_FILE_NOT_FOUND) { TRACE2 (ANY, "ElReadGlobalRegistryParams: Error in RegQueryValueEx for cszHeldPeriod, %ld, InfoSize=%ld", lError, dwInfoSize); } dwheldPeriod = g_dwheldPeriod; lError = ERROR_SUCCESS; }
// Get the value of ..\General\EAPOLGlobal\startPeriod
dwInfoSize = sizeof(DWORD); if ((lError = RegQueryValueEx ( hKey, cwszStartPeriod, 0, &dwType, (BYTE *)&dwstartPeriod, &dwInfoSize)) != ERROR_SUCCESS) { if (lError != ERROR_FILE_NOT_FOUND) { TRACE2 (ANY, "ElReadGlobalRegistryParams: Error in RegQueryValueEx for cszStartPeriod, %ld, InfoSize=%ld", lError, dwInfoSize); } dwstartPeriod = g_dwstartPeriod; lError = ERROR_SUCCESS; }
// Get the value of ..\General\EAPOLGlobal\maxStart
dwInfoSize = sizeof(DWORD); if ((lError = RegQueryValueEx ( hKey, cwszMaxStart, 0, &dwType, (BYTE *)&dwmaxStart, &dwInfoSize)) != ERROR_SUCCESS) { if (lError != ERROR_FILE_NOT_FOUND) { TRACE2 (ANY, "ElReadGlobalRegistryParams: Error in RegQueryValueEx for cszMaxStart, %ld, InfoSize=%ld", lError, dwInfoSize); } dwmaxStart = g_dwmaxStart; lError = ERROR_SUCCESS; }
// Get the value of ..\General\EAPOLGlobal\SupplicantMode
dwInfoSize = sizeof(DWORD); if ((lError = RegQueryValueEx ( hKey, cwszSupplicantMode, 0, &dwType, (BYTE *)&dwSupplicantMode, &dwInfoSize)) != ERROR_SUCCESS) { TRACE2 (ANY, "ElReadGlobalRegistryParams: Error in RegQueryValueEx for cwszSupplicantMode, %ld, InfoSize=%ld", lError, dwInfoSize); dwSupplicantMode = g_dwSupplicantMode; lError = ERROR_SUCCESS; } if (dwSupplicantMode > MAX_SUPPLICANT_MODE) { dwSupplicantMode = EAPOL_DEFAULT_SUPPLICANT_MODE; } g_dwSupplicantMode = dwSupplicantMode;
// Get the value of ..\General\EAPOLGlobal\AuthMode
dwInfoSize = sizeof(DWORD); if ((lError = RegQueryValueEx ( hKey, cwszAuthMode, 0, &dwType, (BYTE *)&dwEAPOLAuthMode, &dwInfoSize)) != ERROR_SUCCESS) { TRACE2 (ANY, "ElReadGlobalRegistryParams: Error in RegQueryValueEx for cwszAuthMode, %ld, InfoSize=%ld", lError, dwInfoSize); dwEAPOLAuthMode = g_dwEAPOLAuthMode; lError = ERROR_SUCCESS; } if (dwEAPOLAuthMode > MAX_EAPOL_AUTH_MODE) { dwEAPOLAuthMode = EAPOL_DEFAULT_AUTH_MODE; } g_dwEAPOLAuthMode = dwEAPOLAuthMode;
// Successful in reading all parameters
ACQUIRE_WRITE_LOCK (&g_EAPOLConfig);
g_dwmaxStart = dwmaxStart; g_dwstartPeriod = dwstartPeriod; g_dwauthPeriod = dwauthPeriod; g_dwheldPeriod = dwheldPeriod;
RELEASE_WRITE_LOCK (&g_EAPOLConfig);
} while (FALSE); dwRetCode = (DWORD)lError; if (dwRetCode != NO_ERROR) { TRACE1 (ANY, "ElReadGlobalRegistryParams: failed with error %ld", dwRetCode); }
if (hKey != NULL) { RegCloseKey(hKey); }
return dwRetCode;
}
//
// ElPostEapConfigChanged
//
// Description:
//
// Watch the registry for changes in EAP config
// - HKLM - EAP type
// - HKLM - EAPOLEnabled
//
// Restart the state machine if the params change
//
// Arguments:
// pwszGuid - Interface GUID string
//
// Return values:
// NO_ERROR - success
// !NO_ERROR - error
//
//
DWORD ElPostEapConfigChanged ( IN WCHAR *pwszGuid, IN EAPOL_INTF_PARAMS *pIntfParams ){ DWORD dwEventStatus = 0; BYTE *pbData = NULL; BOOLEAN fDecrWorkerThreadCount = FALSE; DWORD dwRetCode = NO_ERROR;
do { if (g_hEventTerminateEAPOL == NULL) { dwRetCode = NO_ERROR; break; } if (( dwEventStatus = WaitForSingleObject ( g_hEventTerminateEAPOL, 0)) == WAIT_FAILED) { dwRetCode = GetLastError (); break; } if (dwEventStatus == WAIT_OBJECT_0) { dwRetCode = NO_ERROR; break; }
fDecrWorkerThreadCount = TRUE; InterlockedIncrement (&g_lWorkerThreads);
pbData = (BYTE *) MALLOC ((((wcslen(pwszGuid)+1)*sizeof(WCHAR) + 7) & 0xfffffff8) + sizeof (EAPOL_INTF_PARAMS)); if (pbData == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
wcscpy ((WCHAR *)pbData, pwszGuid); memcpy (pbData + (((wcslen(pwszGuid)+1)*sizeof(WCHAR) + 7) & 0xfffffff8), (BYTE *)pIntfParams, sizeof(EAPOL_INTF_PARAMS));
if (!QueueUserWorkItem ( (LPTHREAD_START_ROUTINE)ElProcessEapConfigChange, (PVOID)pbData, WT_EXECUTELONGFUNCTION)) { dwRetCode = GetLastError(); TRACE1 (DEVICE, "ElPostEapConfigChanged: QueueUserWorkItem failed with error %ld", dwRetCode); break; } else { fDecrWorkerThreadCount = FALSE; } } while (FALSE);
if (dwRetCode != NO_ERROR) { if (pbData != NULL) { FREE (pbData); } }
if (fDecrWorkerThreadCount) { InterlockedDecrement (&g_lWorkerThreads); }
return dwRetCode;}
//
// ElProcessEapConfigChange
//
// Description:
//
// Read EAP config changes made in registry. Restart EAPOL on the particular
// interface or stop EAPOL
//
// Arguments:
// pvContext - GUID String
//
// Return values:
//
// NO_ERROR - success
// non-zero - error
//
DWORDWINAPIElProcessEapConfigChange ( IN PVOID pvContext ){ DWORD dwEapFlags = 0; DWORD dwEapTypeToBeUsed = 0; WCHAR *pwszModifiedGUID = NULL; DWORD dwSizeOfAuthData = 0; PBYTE pbAuthData = NULL; EAPOL_PCB *pPCB = NULL; BOOL fReStartPort = FALSE; EAPOL_ZC_INTF ZCData; EAPOL_INTF_PARAMS EapolIntfParams, *pTmpIntfParams = NULL; BYTE *pbModifiedSSID = NULL; DWORD dwSizeOfModifiedSSID = 0; BOOLEAN fPCBReferenced = FALSE; BOOLEAN fPCBLocked = FALSE; LONG lError = 0; DWORD dwRetCode = NO_ERROR;
do { // Get the GUID for the interface for which EAP config was modified
pwszModifiedGUID = (WCHAR *)pvContext; pTmpIntfParams = (EAPOL_INTF_PARAMS *)((BYTE *)pvContext + (((wcslen(pwszModifiedGUID)+1)*sizeof(WCHAR) + 7 ) & 0xfffffff8)); pbModifiedSSID = (BYTE *)(&pTmpIntfParams->bSSID[0]); dwSizeOfModifiedSSID = pTmpIntfParams->dwSizeOfSSID;
// Get interface-wide parameters
ZeroMemory ((BYTE *)&EapolIntfParams, sizeof(EAPOL_INTF_PARAMS)); EapolIntfParams.dwEapFlags = DEFAULT_EAP_STATE; EapolIntfParams.dwEapType = DEFAULT_EAP_TYPE; if ((dwRetCode = ElGetInterfaceParams ( pwszModifiedGUID, &EapolIntfParams )) != NO_ERROR) { if (dwRetCode == ERROR_FILE_NOT_FOUND) { TRACE1 (PORT, "ElProcessEapConfigChange: ElGetInterfaceParams failed with error %ld", dwRetCode); dwRetCode = NO_ERROR; } else { break; } } dwEapTypeToBeUsed = EapolIntfParams.dwEapType; dwEapFlags = EapolIntfParams.dwEapFlags;
// Check if PCB exists
ACQUIRE_WRITE_LOCK (&(g_PCBLock)); if ((pPCB = ElGetPCBPointerFromPortGUID (pwszModifiedGUID)) != NULL) { EAPOL_REFERENCE_PORT (pPCB); fPCBReferenced = TRUE; } RELEASE_WRITE_LOCK (&(g_PCBLock));
if (!fPCBReferenced) { if (IS_EAPOL_ENABLED(dwEapFlags)) { TRACE0 (ANY, "ElProcessEapConfigChange: PCB not started, enabled, starting PCB"); fReStartPort = TRUE; } else { TRACE0 (ANY, "ElProcessEapConfigChange: PCB not started, not enabled"); } break; } else { if (!IS_EAPOL_ENABLED(dwEapFlags)) { // Found PCB for interface, where EAPOLEnabled = 0
// Stop EAPOL on the port and remove the port from the module
TRACE0 (ANY, "ElProcessEapConfigChange: PCB ref'd, need to disable");#if 0
pPCB->dwFlags &= ~EAPOL_PORT_FLAG_ACTIVE; pPCB->dwFlags |= EAPOL_PORT_FLAG_DISABLED;#endif
fReStartPort = TRUE;
if ((dwRetCode = ElShutdownInterface (pwszModifiedGUID)) != NO_ERROR) { TRACE1 (ANY, "ElProcessEapConfigChange: ElShutdownInterface failed with error %ld", dwRetCode); break; }
break; } else { TRACE0 (ANY, "ElProcessEapConfigChange: PCB ref and enabled, continue check"); } }
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock)); fPCBLocked = TRUE;
// If SSID changed != current SSID of PCB, do not worry
if (pPCB->pSSID != NULL) { if (dwSizeOfModifiedSSID != pPCB->pSSID->SsidLength) { TRACE0 (ANY, "ElProcessEapConfigChange: Set for different SSID, ignore"); break; } else { if (memcmp (pPCB->pSSID->Ssid, pbModifiedSSID, pPCB->pSSID->SsidLength)) { TRACE0 (ANY, "ElProcessEapConfigChange: Same non-NULL length, diff SSID, ignoring"); break; } } } else { // No SSID on current PCB
if (dwSizeOfModifiedSSID != 0) { // Only if default SSID, should we proceed for further checks
if (dwSizeOfModifiedSSID == MAX_SSID_LEN) { if (memcmp (pbModifiedSSID, g_bDefaultSSID, MAX_SSID_LEN)) { TRACE0 (ANY, "ElProcessEapConfigChange: Modified SSID MAX_SSID_LEN, not default SSID"); break; } } else { TRACE0 (ANY, "ElProcessEapConfigChange: Modified SSID non-NULL, PCB SSID NULL"); break; } } }
// Restart port for the following cases:
// EAPOL_INTF_PARAMS for SSID changed
// CustomAuthData for default EAP type changed
if ((dwEapFlags != pPCB->dwEapFlags) || (dwEapTypeToBeUsed != pPCB->dwEapTypeToBeUsed)) { TRACE0 (ANY, "ElProcessEapConfigChange: dwEapFlags != pPCB->dwEapFlags || dwEapTypeToBeUsed != pPCB->dwEapTypeToBeUsed"); fReStartPort = TRUE; break; }
// Get Custom auth data for the current default EAP Type
// Get the size of the EAP blob
if ((dwRetCode = ElGetCustomAuthData ( pwszModifiedGUID, dwEapTypeToBeUsed, dwSizeOfModifiedSSID, pbModifiedSSID, NULL, &dwSizeOfAuthData )) != NO_ERROR) { if (dwRetCode == ERROR_BUFFER_TOO_SMALL) { if (dwSizeOfAuthData <= 0) { // No EAP blob stored in the registry
pbAuthData = NULL;
if (pPCB->pCustomAuthConnData) { if (pPCB->pCustomAuthConnData->dwSizeOfCustomAuthData > 0) { TRACE0 (ANY, "ElProcessEapConfigChange: Current customauthdata = 0; PCB != 0"); fReStartPort = TRUE; } } dwRetCode = NO_ERROR; break; } else { pbAuthData = MALLOC (dwSizeOfAuthData); if (pbAuthData == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElProcessEapConfigChange: MALLOC failed for pbAuthData"); break; } if ((dwRetCode = ElGetCustomAuthData ( pwszModifiedGUID, dwEapTypeToBeUsed, dwSizeOfModifiedSSID, pbModifiedSSID, pbAuthData, &dwSizeOfAuthData )) != NO_ERROR) { TRACE1 (ANY, "ElProcessEapConfigChange: ElGetCustomAuthData failed with %ld", dwRetCode); break; } } } else { dwRetCode = ERROR_CAN_NOT_COMPLETE; // CustomAuthData for "Default" is always created for an
// interface when EAPOL starts up
TRACE1 (ANY, "ElProcessEapConfigChange: ElGetCustomAuthData size estimation failed with error %ld", dwRetCode); break; } }
if (pPCB->pCustomAuthConnData == NULL) { if (dwSizeOfAuthData > 0) { fReStartPort = TRUE; break; } } else { if (pPCB->pCustomAuthConnData->dwSizeOfCustomAuthData != dwSizeOfAuthData) { // Same EAP Type, but different lengths
fReStartPort = TRUE; break; } else { if (memcmp ( pPCB->pCustomAuthConnData->pbCustomAuthData, pbAuthData, dwSizeOfAuthData) != 0) { // Same EAP Type, same auth data length, but
// different contents
fReStartPort = TRUE; break; } else { // No change in EAP config data for this
// interface
TRACE0 (ANY, "ElProcessEapConfigChange: Same SSID, EAPType, CustomAuth, No content change"); } } } } while (FALSE);
if (fPCBLocked && fPCBReferenced && fReStartPort) { // Reset connection to go through full authentication
if (pPCB->pSSID != NULL) { FREE (pPCB->pSSID); pPCB->pSSID = NULL; } }
if (fPCBLocked) { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); }
if (fPCBReferenced) { EAPOL_DEREFERENCE_PORT (pPCB); } if (fReStartPort) {#ifdef ZEROCONFIG_LINKED
// Indicate hard-reset to WZC
ZeroMemory ((PVOID)&ZCData, sizeof(EAPOL_ZC_INTF)); ZCData.dwAuthFailCount = 0; ZCData.PreviousAuthenticationType = 0; if ((dwRetCode = ElZeroConfigNotify ( 0, WZCCMD_HARD_RESET, pwszModifiedGUID, &ZCData )) != NO_ERROR) { TRACE1 (EAPOL, "ElProcessEapConfigChange: ElZeroConfigNotify failed with error %ld", dwRetCode); dwRetCode = NO_ERROR; }#endif // ZEROCONFIG_LINKED
DbLogPCBEvent (DBLOG_CATEG_INFO, NULL, EAPOL_PARAMS_CHANGE, pwszModifiedGUID);
if ((dwRetCode = ElEnumAndOpenInterfaces ( NULL, pwszModifiedGUID, 0, NULL)) != NO_ERROR) { TRACE1 (ANY, "ElProcessEapConfigChange: ElEnumAndOpenInterfaces returned error %ld", dwRetCode); dwRetCode = NO_ERROR; } }
TRACE1 (ANY, "ElProcessEapConfigChange: Finished with error %ld", dwRetCode);
if (pvContext != NULL) { FREE (pvContext); }
if (pbAuthData != NULL) { FREE (pbAuthData); }
InterlockedDecrement (&g_lWorkerThreads);
return 0;}
//
// ElStringToGuid
//
// Description:
//
// Function to convert a Guid-String to a GUID
//
// Arguments:
// psGuid - String-ized Guid
// pGuid - Pointer to Guid
//
// Return values:
// None
//
VOIDElStringToGuid ( IN WCHAR *pwsGuid, OUT LPGUID pGuid ){ WCHAR wc; DWORD i=0;
//
// If the first character is a '{', skip it.
//
if ( pwsGuid[0] == L'{' ) pwsGuid++;
//
// Convert string to guid
// (since pwsGuid may be used again below, no permanent modification to
// it may be made)
//
wc = pwsGuid[8]; pwsGuid[8] = 0; pGuid->Data1 = wcstoul ( &pwsGuid[0], 0, 16 ); pwsGuid[8] = wc; wc = pwsGuid[13]; pwsGuid[13] = 0; pGuid->Data2 = (USHORT)wcstoul ( &pwsGuid[9], 0, 16 ); pwsGuid[13] = wc; wc = pwsGuid[18]; pwsGuid[18] = 0; pGuid->Data3 = (USHORT)wcstoul ( &pwsGuid[14], 0, 16 ); pwsGuid[18] = wc;
wc = pwsGuid[21]; pwsGuid[21] = 0; pGuid->Data4[0] = (unsigned char)wcstoul ( &pwsGuid[19], 0, 16 ); pwsGuid[21] = wc; wc = pwsGuid[23]; pwsGuid[23] = 0; pGuid->Data4[1] = (unsigned char)wcstoul ( &pwsGuid[21], 0, 16 ); pwsGuid[23] = wc;
for ( i=0; i < 6; i++ ) { wc = pwsGuid[26+i*2]; pwsGuid[26+i*2] = 0; pGuid->Data4[2+i] = (unsigned char)wcstoul ( &pwsGuid[24+i*2], 0, 16 ); pwsGuid[26+i*2] = wc; }
return;}
//
// ElGetIdentity
//
// Description:
//
// Get the identity depending on the authentication type being used
//
// Arguments:
// pPCB - Pointer to PCB for the port
//
// Return values:
//
// NO_ERROR - success
// non-zero - error
//
DWORDElGetIdentity ( IN EAPOL_PCB *pPCB ){ BOOLEAN fUserLogonAllowed = FALSE; DWORD dwRetCode = NO_ERROR;
do { switch (pPCB->dwEAPOLAuthMode) { case EAPOL_AUTH_MODE_0: fUserLogonAllowed = TRUE; break; case EAPOL_AUTH_MODE_1: fUserLogonAllowed = TRUE; break; case EAPOL_AUTH_MODE_2: fUserLogonAllowed = FALSE; break; }
// Get user's identity if it has not been obtained till now
if ((g_fUserLoggedOn) && (fUserLogonAllowed) && (pPCB->PreviousAuthenticationType != EAPOL_MACHINE_AUTHENTICATION)) { TRACE0 (ANY, "ElGetIdentity: Userlogged, Prev !Machine auth"); if (!(pPCB->fGotUserIdentity)) { if (pPCB->dwAuthFailCount < EAPOL_MAX_AUTH_FAIL_COUNT) { pPCB->PreviousAuthenticationType = EAPOL_USER_AUTHENTICATION; if (pPCB->dwEapTypeToBeUsed == EAP_TYPE_MD5) { TRACE0 (ANY, "ElGetIdentity: Userlogged, <Maxauth, Prev !Machine auth: MD5"); // EAP-MD5CHAP
if ((dwRetCode = ElGetUserNamePassword ( pPCB)) != NO_ERROR) { TRACE1 (ANY, "ElGetIdentity: Error in ElGetUserNamePassword %ld", dwRetCode); } } else { TRACE0 (ANY, "ElGetIdentity: Userlogged, <Maxauth, Prev !Machine auth: !MD5"); // All other EAP Types
if ((dwRetCode = ElGetUserIdentity ( pPCB)) != NO_ERROR) { TRACE1 (ANY, "ElGetIdentity: Error in ElGetUserIdentity %ld", dwRetCode); } }
if ((dwRetCode == NO_ERROR) || (dwRetCode == ERROR_IO_PENDING)) { TRACE0 (ANY, "ElGetIdentity: Userlogged, <Maxauth, Prev !Machine auth: No Error: User Auth fine"); break; } else { pPCB->PreviousAuthenticationType = EAPOL_UNAUTHENTICATED_ACCESS; TRACE0 (ANY, "ElGetIdentity: Userlogged, <Maxauth, Prev !Machine auth: ERROR"); } } else { TRACE0 (ANY, "ElGetIdentity: Userlogged, >Maxauth, Prev !Machine auth"); if (!IS_GUEST_AUTH_ENABLED(pPCB->dwEapFlags)) { TRACE0 (ANY, "ElGetIdentity: Userlogged, Prev !Machine auth:>MaxAuth: Guest disabled"); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; } pPCB->PreviousAuthenticationType = EAPOL_UNAUTHENTICATED_ACCESS; dwRetCode = NO_ERROR; TRACE0 (ANY, "ElGetIdentity: Userlogged, Prev !Machine auth:>MaxAuth OR Error: Guest identity sent");
} } else { TRACE0 (ANY, "ElGetIdentity: Already got identity"); } } else { if (pPCB->hUserToken != NULL) { CloseHandle (pPCB->hUserToken); pPCB->hUserToken = NULL; }
TRACE3 (ANY, "ElGetIdentity: Userlogged=%ld, AuthMode=%ld, Prev Machine auth?=%ld", g_fUserLoggedOn?1:0, pPCB->dwEAPOLAuthMode, (pPCB->PreviousAuthenticationType==EAPOL_MACHINE_AUTHENTICATION)?1:0 );
// No UI required
if ((pPCB->dwEapTypeToBeUsed != EAP_TYPE_MD5) && (IS_MACHINE_AUTH_ENABLED(pPCB->dwEapFlags)) && (pPCB->dwAuthFailCount < EAPOL_MAX_AUTH_FAIL_COUNT)) { TRACE0 (ANY, "ElGetIdentity: !MD5, <MaxAuth, Machine auth");
pPCB->PreviousAuthenticationType = EAPOL_MACHINE_AUTHENTICATION; // Get Machine credentials
dwRetCode = ElGetUserIdentity (pPCB);
if (dwRetCode != NO_ERROR) { TRACE1 (ANY, "ElGetIdentity: ElGetUserIdentity, Machine auth, failed with error %ld", dwRetCode); pPCB->PreviousAuthenticationType = EAPOL_UNAUTHENTICATED_ACCESS; } break; }
if ((!IS_MACHINE_AUTH_ENABLED(pPCB->dwEapFlags)) || (pPCB->dwAuthFailCount >= EAPOL_MAX_AUTH_FAIL_COUNT) || (pPCB->dwEapTypeToBeUsed == EAP_TYPE_MD5)) { TRACE5 (ANY, "ElGetIdentity: Error=%ld, Machine auth enabled=%ld, MD5=%ld, auth fail (%ld), max fail (%ld)", dwRetCode?1:0, IS_MACHINE_AUTH_ENABLED(pPCB->dwEapFlags)?1:0, (pPCB->dwEapTypeToBeUsed == EAP_TYPE_MD5)?1:0, pPCB->dwAuthFailCount, EAPOL_MAX_AUTH_FAIL_COUNT); if (!IS_GUEST_AUTH_ENABLED (pPCB->dwEapFlags)) { dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; }
pPCB->PreviousAuthenticationType = EAPOL_UNAUTHENTICATED_ACCESS; dwRetCode = NO_ERROR;
TRACE0 (ANY, "ElGetIdentity: machine auth, Guest identity sent"); } }
} while (FALSE);
return dwRetCode;}
//
// ElNLAConnectLPC
//
// Description:
//
// Function called to connect to the LPC port for NLA service
//
// Arguments:
// None
//
// Return values:
// Non-NULL - valid handle
// NULL - error
//
HANDLEElNLAConnectLPC () {
HANDLE h = NULL; LARGE_INTEGER sectionSize; UNICODE_STRING portName; SECURITY_QUALITY_OF_SERVICE dynamicQoS = { sizeof(SECURITY_QUALITY_OF_SERVICE), SecurityAnonymous, SECURITY_DYNAMIC_TRACKING, FALSE }; WSM_LPC_DATA data; ULONG dataLength;
NTSTATUS status = STATUS_SUCCESS;
do { TRACE0 (EAP, "NLAConnectLPC: Entered");
// Create a shared section for passing the large-size LPC messages.
RtlZeroMemory(&g_ClientView, sizeof(g_ClientView)); g_ClientView.Length = sizeof(g_ClientView); g_ClientView.ViewSize = sizeof(LOCATION_802_1X); sectionSize.QuadPart = sizeof(LOCATION_802_1X); status = NtCreateSection (&g_ClientView.SectionHandle, (SECTION_MAP_READ | SECTION_MAP_WRITE), NULL, §ionSize, PAGE_READWRITE, SEC_COMMIT, NULL ); if (!NT_SUCCESS(status)) { h = NULL; TRACE1 (EAP, "NLAConnectLPC: NtCreateSection failed with error", status); break; } // Connect via LPC to the Network Location Awareness (NLA) service.
RtlInitUnicodeString (&portName, WSM_PRIVATE_PORT_NAME); RtlZeroMemory (&data, sizeof (data)); data.signature = WSM_SIGNATURE; data.connect.version.major = WSM_VERSION_MAJOR; data.connect.version.minor = WSM_VERSION_MINOR; dataLength = sizeof (data); status = NtConnectPort (&h, &portName, &dynamicQoS, &g_ClientView, NULL, NULL, &data, &dataLength ); // If NtConnectPort() succeeded, LPC will maintain a reference
// to the section, otherwise we no longer need it.
NtClose (g_ClientView.SectionHandle); g_ClientView.SectionHandle = NULL; if (!NT_SUCCESS(status)) { TRACE1 (EAP, "NLAConnectLPC: NtConnectPort failed with error %ld", status); }
} while (FALSE);
return (h);
}
//
// ElNLACleanupLPC
//
// Description:
//
// Function called to close the LPC port for NLA service
//
// Arguments:
// None
//
// Return values:
// None
//
VOIDElNLACleanupLPC () { if (g_hNLA_LPC_Port != NULL) { NtClose (g_hNLA_LPC_Port); g_hNLA_LPC_Port = NULL; }}
//
// ElNLARegister_802_1X
//
// Description:
//
// Function called to register 802.1X information with NLA
//
// Arguments:
// plocation - Pointer to data needed to be registered with NLA
//
// Return values:
// None
//
VOIDElNLARegister_802_1X ( IN PLOCATION_802_1X plocation ) {
WSM_LPC_MESSAGE message; NTSTATUS status;
ACQUIRE_WRITE_LOCK (&g_NLALock);
do {
TRACE0 (EAP, "NLARegister_802_1X: Entered");
// Connect to the Network Location Awareness (NLA) service if
// necessary.
if (g_hNLA_LPC_Port == NULL) { if ((g_hNLA_LPC_Port = ElNLAConnectLPC ()) == NULL) { RELEASE_WRITE_LOCK (&g_NLALock); return; } }
TRACE0 (EAP, "NLARegister_802_1X: g_hNLA_LPC_Port != NULL");
// Send information to the NLA service.
RtlZeroMemory (&message, sizeof (message)); message.portMsg.u1.s1.TotalLength = sizeof (message); message.portMsg.u1.s1.DataLength = sizeof (message.data); message.data.signature = WSM_SIGNATURE; message.data.request.type = LOCATION_802_1X_REGISTER; __try { RtlCopyMemory (g_ClientView.ViewBase, plocation, sizeof(LOCATION_802_1X)); } __except (EXCEPTION_EXECUTE_HANDLER) { RELEASE_WRITE_LOCK (&g_NLALock); return; }
status = NtRequestWaitReplyPort ( g_hNLA_LPC_Port, (PPORT_MESSAGE)&message, (PPORT_MESSAGE)&message);
if (status != STATUS_SUCCESS) { TRACE1 (EAP, "NLARegister_802_1X: NtWaitReplyPort failed with error", status);
// It's possible the service was stopped and restarted.
// Ditch the old LPC connection.
CloseHandle (g_hNLA_LPC_Port); // Create a new LPC connection.
if ((g_hNLA_LPC_Port = ElNLAConnectLPC ()) == NULL) { RELEASE_WRITE_LOCK (&g_NLALock); TRACE0 (EAP, "NLARegister_802_1X: NLAConnectLPC failed"); return; }
// Try the send one last time.
status = NtRequestWaitReplyPort (g_hNLA_LPC_Port, (PPORT_MESSAGE)&message, (PPORT_MESSAGE)&message); TRACE1 (EAP, "NLARegister_802_1X: NtWaitReplyPort, try 2, failed with error", status);
}
TRACE1 (EAP, "NLARegister_802_1X: Completed with status = %ld", status);
} while (FALSE); RELEASE_WRITE_LOCK (&g_NLALock);
}
//
// ElNLADelete_802_1X
//
// Description:
//
// Function called to de-register 802.1X information registered with NLA
//
// Arguments:
// plocation - Pointer to data to be de-registered from NLA
//
// Return values:
// None
//
VOIDElNLADelete_802_1X ( IN PLOCATION_802_1X plocation ) {
WSM_LPC_MESSAGE message; NTSTATUS status;
ACQUIRE_WRITE_LOCK (&g_NLALock);
do {
// Connect to the NLA service if necessary.
if (g_hNLA_LPC_Port == NULL) { if ((g_hNLA_LPC_Port = ElNLAConnectLPC ()) == NULL) { RELEASE_WRITE_LOCK (&g_NLALock); return; } }
// Send information to the NLA service.
RtlZeroMemory (&message, sizeof(message)); message.portMsg.u1.s1.TotalLength = sizeof (message); message.portMsg.u1.s1.DataLength = sizeof (message.data); message.data.signature = WSM_SIGNATURE; message.data.request.type = LOCATION_802_1X_DELETE; __try { RtlCopyMemory (g_ClientView.ViewBase, plocation, sizeof(plocation->adapterName)); } __except (EXCEPTION_EXECUTE_HANDLER) { RELEASE_WRITE_LOCK (&g_NLALock); return; }
status = NtRequestWaitReplyPort (g_hNLA_LPC_Port, (PPORT_MESSAGE)&message, (PPORT_MESSAGE)&message);
if (status != STATUS_SUCCESS) { // If the service was stopped (and possibly restarted), we don't
// care ... it won't have this information in its list for us
// to bother deleting.
CloseHandle (g_hNLA_LPC_Port); g_hNLA_LPC_Port = NULL; }
} while (FALSE);
RELEASE_WRITE_LOCK (&g_NLALock);
}
//
// ElGetInterfaceNdisStatistics
//
// Function to query NDIS NIC_STATISTICS parameters for an interface
//
// Input arguments:
// pszInterfaceName - Interface Name
//
// Return values:
// pStats - NIC_STATISTICS structure
//
//
DWORDElGetInterfaceNdisStatistics ( IN WCHAR *pwszInterfaceName, IN OUT NIC_STATISTICS *pStats ){ WCHAR *pwszDeviceInterfaceName = NULL; UNICODE_STRING UInterfaceName; DWORD dwRetCode = NO_ERROR;
do { pwszDeviceInterfaceName = MALLOC ((wcslen (pwszInterfaceName)+12)*sizeof(WCHAR)); if (pwszDeviceInterfaceName == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElGetInterfaceNdisStatistics: MALLOC failed for pwszDeviceInterfaceName"); break; }
wcscpy (pwszDeviceInterfaceName, L"\\Device\\"); wcscat (pwszDeviceInterfaceName, pwszInterfaceName);
TRACE1 (ANY, "ElGetInterfaceNdisStatistics: pwszDeviceInterfaceName = (%ws)", pwszDeviceInterfaceName);
RtlInitUnicodeString (&UInterfaceName, pwszDeviceInterfaceName); pStats->Size = sizeof(NIC_STATISTICS); if (NdisQueryStatistics (&UInterfaceName, pStats)) { } else { dwRetCode = GetLastError (); TRACE2 (ANY, "ElGetInterfaceNdisStatistics: NdisQueryStatistics failed with error (%ld), Interface=(%ws)", dwRetCode, UInterfaceName.Buffer); } } while (FALSE);
if (pwszDeviceInterfaceName != NULL) { FREE (pwszDeviceInterfaceName); }
return dwRetCode;}
//
// ElCheckUserLoggedOn
//
// Function to query if interactive user has logged on prior to service start
//
// Input arguments:
// None
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElCheckUserLoggedOn ( ){ BOOLEAN fDecrWorkerThreadCount = TRUE; HANDLE hUserToken = NULL; PWTS_SESSION_INFO pSessionInfo = NULL; WTS_SESSION_INFO SessionInfo; BOOL fFoundActiveConsoleId = FALSE; DWORD dwCount = 0; DWORD dwSession; PVOID pvBuffer = NULL; DWORD dwRetCode = NO_ERROR;
InterlockedIncrement (&g_lWorkerThreads);
do { TRACE1 (ANY, "ElCheckUserLoggedOn: ActiveConsoleId = (%ld)", USER_SHARED_DATA->ActiveConsoleId);
if (WTSEnumerateSessions(WTS_CURRENT_SERVER_HANDLE, 0, 1, &pSessionInfo, &dwCount)) { TRACE1 (ANY, "ElCheckUserLoggedOn: WTSEnumerateSessions, count = (%ld)", dwCount); for (dwSession = 0; dwSession < dwCount; dwSession++) { SessionInfo = pSessionInfo[dwSession]; TRACE2 (ANY, "ElCheckUserLoggedOn: WTSEnumerateSessions: enumerating SessionId =(%ld), State =(%ld)", SessionInfo.SessionId, SessionInfo.State); // Check if the user is active or connected
if ((SessionInfo.State != WTSActive) && (SessionInfo.State != WTSConnected)) { continue; }
// Check if user has actually logged in
if (ElGetWinStationUserToken (dwSession, &hUserToken) != NO_ERROR) { continue; }
if (dwSession == USER_SHARED_DATA->ActiveConsoleId) { fFoundActiveConsoleId = TRUE; g_dwCurrentSessionId = dwSession; g_fUserLoggedOn = TRUE; TRACE1 (ANY, "ElCheckUserLoggedOn: Session (%ld) is active console id", dwSession); break; } else { if (hUserToken != NULL) { CloseHandle (hUserToken); hUserToken = NULL; } } } WTSFreeMemory(pSessionInfo); } else { dwRetCode = GetLastError (); if (dwRetCode == RPC_S_INVALID_BINDING) //Due to Terminal Services Disabled
{ // Check if we can get user token for SessionId 0
if (ElGetWinStationUserToken (0, &hUserToken) == NO_ERROR) { fFoundActiveConsoleId = TRUE; g_dwCurrentSessionId = 0; g_fUserLoggedOn = TRUE; TRACE0 (ANY, "ElCheckUserLoggedOn: Session 0 is active console id"); } } else { TRACE1 (ANY, "ElCheckUserLoggedOn: WTSEnumerateSessions failed with error (%ld)", dwRetCode); } } } while (FALSE);
if (hUserToken != NULL) { CloseHandle (hUserToken); }
if (dwRetCode != NO_ERROR) { if (pvBuffer != NULL) { FREE (pvBuffer); } }
if (fDecrWorkerThreadCount) { InterlockedDecrement (&g_lWorkerThreads); }
return dwRetCode;}
typedef HRESULT (APIENTRY *GETCLIENTADVISES)(LPWSTR**, LPDWORD);
//
// ElCheckUserModuleReady
//
// Function to query if interactive user context for current
// interactive session is ready to be notified
//
// Input arguments:
// None
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElCheckUserModuleReady ( ){ HANDLE hToken = NULL; WCHAR *pwszActiveUserName = NULL; LPWSTR *ppwszAdviseUsers = NULL; DWORD dwCount = 0, dwIndex = 0; HMODULE hLib = NULL; PWCHAR pwszNetmanDllExpandedPath = NULL; DWORD cbSize = 0; GETCLIENTADVISES pGetClientAdvises = NULL; HRESULT hr = S_OK; DWORD dwRetCode = NO_ERROR;
do { // Try only if user has logged on
if (g_dwCurrentSessionId != 0xffffffff) { if ((dwRetCode = ElGetWinStationUserToken (g_dwCurrentSessionId, &hToken)) != NO_ERROR) { TRACE1 (NOTIFY, "ElCheckUserModuleReady: ElGetWinStationUserToken failed with error %ld", dwRetCode); break; } if ((dwRetCode = ElGetLoggedOnUserName (hToken, &pwszActiveUserName)) != NO_ERROR) { TRACE1 (NOTIFY, "ElCheckUserModuleReady: ElGetLoggedOnUserName failed with error %ld", dwRetCode); break; }
// Replace the %SystemRoot% with the actual path.
cbSize = ExpandEnvironmentStrings (NETMAN_DLL_PATH, NULL, 0); if (cbSize == 0) { dwRetCode = GetLastError(); break; } pwszNetmanDllExpandedPath = (LPWSTR) MALLOC (cbSize*sizeof(WCHAR)); if (pwszNetmanDllExpandedPath == (LPWSTR)NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
cbSize = ExpandEnvironmentStrings (NETMAN_DLL_PATH, pwszNetmanDllExpandedPath, cbSize); if (cbSize == 0) { dwRetCode = GetLastError(); break; }
hLib = LoadLibrary (pwszNetmanDllExpandedPath); if (hLib == NULL) { dwRetCode = GetLastError (); TRACE2 (NOTIFY, "ElCheckUserModuleReady: LoadLibrary for (%ws) failed with error %ld", NETMAN_DLL_PATH, dwRetCode); break; } if ((pGetClientAdvises = (GETCLIENTADVISES)GetProcAddress (hLib, "GetClientAdvises")) == NULL) { dwRetCode = GetLastError (); TRACE1 (NOTIFY, "ElCheckUserModuleReady: GetProcAddress failed with error %ld", dwRetCode); break; }
hr = (* pGetClientAdvises) (&ppwszAdviseUsers, &dwCount); if (FAILED(hr)) { TRACE1 (NOTIFY, "ElCheckUserModuleReady: GetClientAdvises failed with error %0lx", hr); break; }
for (dwIndex = 0; dwIndex < dwCount; dwIndex++) { TRACE2 (NOTIFY, "ElCheckUserModuleReady: Advise[%ld] = %ws", dwIndex, ppwszAdviseUsers[dwIndex]); if (!wcscmp (ppwszAdviseUsers[dwIndex], pwszActiveUserName)) { TRACE1 (NOTIFY, "ElCheckUserModuleReady: Tray icon ready for username %ws", ppwszAdviseUsers[dwIndex]); g_fTrayIconReady = TRUE; break; } }
if (!g_fTrayIconReady) { TRACE0 (NOTIFY, "ElCheckUserModuleReady: No appropriate advise found"); } } else { TRACE0 (NOTIFY, "ElCheckUserModuleReady: No user logged on"); } } while (FALSE);
if (hToken != NULL) { CloseHandle (hToken); }
if (hLib != NULL) { FreeLibrary (hLib); }
if (pwszNetmanDllExpandedPath != NULL) { FREE (pwszNetmanDllExpandedPath); }
if (pwszActiveUserName != NULL) { FREE (pwszActiveUserName); pwszActiveUserName = NULL; }
if (ppwszAdviseUsers != NULL) { CoTaskMemFree (ppwszAdviseUsers); }
return dwRetCode;}
//
// ElGetWinStationUserToken
//
// Function to get the user token for specified session id
//
// Input arguments:
// dwSessionId - Session Id
// pUserToken - Pointer to user token
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORD ElGetWinStationUserToken ( IN DWORD dwSessionId, IN OUT PHANDLE pUserToken ){ HANDLE hUserToken = NULL; HANDLE hImpersonationToken = NULL; DWORD dwRetCode = NO_ERROR;
do { *pUserToken = NULL; if (GetWinStationUserToken (dwSessionId, pUserToken)) { // TRACE0 (ANY, "ElGetWinStationUserToken: GetWinStationUserToken successful");
} else { dwRetCode = GetLastError(); TRACE2 (ANY, "ElGetWinStationUserToken: GetWinStationUserToken failed for SessionId (%ld) with error (%ld)", dwSessionId, dwRetCode); // if ((dwRetCode == RPC_S_INVALID_BINDING) && (dwSessionId == 0))
if (dwSessionId == 0) { dwRetCode = NO_ERROR; *pUserToken = NULL; hUserToken = GetCurrentUserTokenW ( L"WinSta0", TOKEN_ALL_ACCESS); if (hUserToken == NULL) { dwRetCode = GetLastError(); TRACE1 (ANY, "ElGetWinStationUserToken: GetCurrentUserTokenW failed with error (%ld)", dwRetCode); break; } else { if (!DuplicateTokenEx (hUserToken, 0, NULL, SecurityImpersonation, TokenImpersonation, &hImpersonationToken)) { dwRetCode = GetLastError(); TRACE1 (ANY, "ElGetWinStationUserToken: DuplicateTokenEx for sessionid 0 failed with error (%ld)", dwRetCode); break; } *pUserToken = hImpersonationToken;
// TRACE0 (ANY, "ElGetWinStationUserToken: GetCurrentUserTokenW succeeded");
} } else // (dwSessionId == 0)
{ TRACE2 (ANY, "ElGetWinStationUserToken: GetWinStationUserToken failed for session= (%ld) with error= (%ld)", dwSessionId, dwRetCode); } }
if (pUserToken == NULL) { dwRetCode = ERROR_CAN_NOT_COMPLETE; TRACE0 (ANY, "ElGetWinStationUserToken: UserToken = NULL after fetching successfully\n"); break; } } while (FALSE);
return dwRetCode;}
#ifdef ZEROCONFIG_LINKED
//
// ElZeroConfigEvent
//
// Description:
//
// Callback function called by Zero-Config on media events
//
// Arguments:
// dwHandle - unique transaction id
// pwzcDeviceNotif - media specific identifier
// ndSSID - SSID of network currently associated to
// prdUserData - 802.1X data stored with zero-config
//
// Return values:
// NO_ERROR - Success
// non-zero - Error
//
DWORDElZeroConfigEvent ( IN DWORD dwHandle, IN WCHAR *pwszGuid, IN NDIS_802_11_SSID ndSSID, IN PRAW_DATA prdUserData ){ WCHAR *pDummyPtr = NULL; WCHAR cwsDummyBuffer[256]; DWORD dwEapTypeToBeUsed = DEFAULT_EAP_TYPE; DWORD dwEapolEnabled = DEFAULT_EAPOL_STATE; EAPOL_ZC_INTF ZCData, *pZCData = NULL; DWORD dwEventStatus = 0; EAPOL_INTF_PARAMS EapolIntfParams; DWORD dwRetCode = NO_ERROR;
do { if (g_hEventTerminateEAPOL == NULL) { break; } if (!(g_dwModulesStarted & ALL_MODULES_STARTED)) { TRACE0 (DEVICE, "ElZeroConfigEvent: Received notification before module started"); break; } if (( dwEventStatus = WaitForSingleObject ( g_hEventTerminateEAPOL, 0)) == WAIT_FAILED) { dwRetCode = GetLastError (); TRACE1 (ANY, "ElZeroConfigEvent: WaitForSingleObject failed with error %ld, Terminating !!!", dwRetCode); break; } if (dwEventStatus == WAIT_OBJECT_0) { dwRetCode = NO_ERROR; TRACE0 (ANY, "ElZeroConfigEvent: g_hEventTerminateEAPOL already signaled, returning"); break; }
// Verify if 802.1X can start on this interface
ZeroMemory ((BYTE *)&EapolIntfParams, sizeof(EAPOL_INTF_PARAMS)); if (prdUserData != NULL) { if ((prdUserData->dwDataLen >= sizeof (EAPOL_ZC_INTF)) && (prdUserData->pData != NULL)) { // Extract information stored with Zero-Config
pZCData = (EAPOL_ZC_INTF *)prdUserData->pData; } } memcpy (EapolIntfParams.bSSID, ndSSID.Ssid, ndSSID.SsidLength); EapolIntfParams.dwSizeOfSSID = ndSSID.SsidLength; EapolIntfParams.dwEapFlags = DEFAULT_EAP_STATE; if ((dwRetCode = ElGetInterfaceParams ( pwszGuid, &EapolIntfParams )) != NO_ERROR) { TRACE2 (DEVICE, "ElZeroConfigEvent: ElGetInterfaceParams failed with error %ld for interface %ws", dwRetCode, pwszGuid);
if (dwRetCode == ERROR_FILE_NOT_FOUND) { EapolIntfParams.dwEapFlags = DEFAULT_EAP_STATE; EapolIntfParams.dwEapType = DEFAULT_EAP_TYPE; } else { break; } }
// Start 802.1X state machine
if ((dwRetCode = ElEnumAndOpenInterfaces ( 0, pwszGuid, dwHandle, prdUserData )) != NO_ERROR) { TRACE1 (DEVICE, "ElZeroConfigEvent: ElEnumAndOpenInterfaces failed with error %ld", dwRetCode); break; }
if (!IS_EAPOL_ENABLED(EapolIntfParams.dwEapFlags)) { dwRetCode = ERROR_CAN_NOT_COMPLETE; break; } } while (FALSE);
// If not possible send RpcCmdInterface - WZCCMD_AUTH_DISABLED to
// Zero Config
if (dwRetCode != NO_ERROR) { ZeroMemory ((PVOID)&ZCData, sizeof(EAPOL_ZC_INTF)); ElZeroConfigNotify ( dwHandle, WZCCMD_CFG_NOOP, pwszGuid, &ZCData ); }
return dwRetCode;}
//
// ElZeroConfigNotify
//
// Description:
//
// Function called to notify Zero-Config about 802.1X events
//
// Arguments:
// dwHandle - unique transaction id
// dwCmdCode -
// pwszGuid - Interface GUID
// pZCData - Data to be stored with ZC for next retry
//
// Return values:
// NO_ERROR - Success
// non-zero - Error
//
DWORDElZeroConfigNotify ( IN DWORD dwHandle, IN DWORD dwCmdCode, IN WCHAR *pwszGuid, IN EAPOL_ZC_INTF *pZCData ){ RAW_DATA rdUserData; DWORD dwRetCode = NO_ERROR;
TRACE3 (ANY, "ElZeroConfigNotify: Handle=(%ld), failcount=(%ld), lastauthtype=(%ld)", dwHandle, pZCData->dwAuthFailCount, pZCData->PreviousAuthenticationType);
do { ZeroMemory ((PVOID)&rdUserData, sizeof (RAW_DATA)); rdUserData.dwDataLen = sizeof (EAPOL_ZC_INTF); rdUserData.pData = MALLOC (rdUserData.dwDataLen); if (rdUserData.pData == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElZeroConfigNotify: MALLOC failed for rdUserData.pData"); break; }
memcpy (rdUserData.pData, (BYTE *)pZCData, sizeof (EAPOL_ZC_INTF));
if ((dwRetCode = RpcCmdInterface ( dwHandle, dwCmdCode, pwszGuid, &rdUserData )) != NO_ERROR) { TRACE1 (ANY, "ElZeroConfigNotify: RpcCmdInterface failed with error %ld", dwRetCode); break; } } while (FALSE);
if (rdUserData.pData != NULL) { FREE (rdUserData.pData); }
return dwRetCode;}
#endif // ZEROCONFIG_LINKED
//
// ElNetmanNotify
//
// Description:
//
// Function to update status and display balloon with netman
//
// Arguments:
// pPCB - Pointer to PCB
//
// Return values:
// NO_ERROR - Success
// non-zero - Error
//
DWORDElNetmanNotify ( IN EAPOL_PCB *pPCB, IN EAPOL_NCS_STATUS Status, IN WCHAR *pwszDisplayMessage ){ GUID DeviceGuid; WCHAR wcszDummy[]=L"EAPOL"; WCHAR * pwszBalloonMessage = NULL; BSTR pwszDummy = NULL; NETCON_STATUS ncsStatus = 0; EAPOL_EAP_UI_CONTEXT *pEAPUIContext = NULL; HRESULT hr = S_OK; DWORD dwRetCode = NO_ERROR;
do { ElStringToGuid (pPCB->pwszDeviceGUID, &DeviceGuid);
if ((Status == EAPOL_NCS_NOTIFICATION) || (Status == EAPOL_NCS_AUTHENTICATION_FAILED)) { if (Status == EAPOL_NCS_NOTIFICATION) { pwszBalloonMessage = pPCB->pwszEapReplyMessage; }
pEAPUIContext = MALLOC (sizeof(EAPOL_EAP_UI_CONTEXT)); if (pEAPUIContext == NULL) { TRACE0 (USER, "ElNetmanNotify: MALLOC failed for pEAPUIContext"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
if (Status == EAPOL_NCS_NOTIFICATION) { pEAPUIContext->dwEAPOLUIMsgType = EAPOLUI_EAP_NOTIFICATION; } else { pEAPUIContext->dwEAPOLUIMsgType = EAPOLUI_CREATEBALLOON; } wcsncpy (pEAPUIContext->wszGUID, pPCB->pwszDeviceGUID, sizeof(pEAPUIContext->wszGUID)/sizeof(pEAPUIContext->wszGUID[0])); // Do not increment invocation id, since these are notification
// balloons
pEAPUIContext->dwSessionId = g_dwCurrentSessionId; pEAPUIContext->dwContextId = pPCB->dwUIInvocationId; pEAPUIContext->dwEapId = pPCB->bCurrentEAPId; pEAPUIContext->dwEapTypeId = pPCB->dwEapTypeToBeUsed; if (pPCB->pwszSSID) { wcscpy (pEAPUIContext->wszSSID, pPCB->pwszSSID); } if (pPCB->pSSID) { pEAPUIContext->dwSizeOfSSID = pPCB->pSSID->SsidLength; memcpy ((BYTE *)pEAPUIContext->bSSID, (BYTE *)pPCB->pSSID->Ssid, NDIS_802_11_SSID_LEN-sizeof(ULONG)); }
// Post the message to netman
if ((dwRetCode = ElPostShowBalloonMessage ( pPCB, sizeof(EAPOL_EAP_UI_CONTEXT), (BYTE *)pEAPUIContext, pwszBalloonMessage?(wcslen(pwszBalloonMessage)*sizeof(WCHAR)):0, pwszBalloonMessage )) != NO_ERROR) { TRACE1 (USER, "ElGetUserIdentity: ElPostShowBalloonMessage failed with error %ld", dwRetCode); break; }
}
hr = S_OK;
if (Status != EAPOL_NCS_NOTIFICATION) { switch (pPCB->State) { case EAPOLSTATE_LOGOFF: hr = S_FALSE; break; case EAPOLSTATE_DISCONNECTED: hr = S_FALSE; break; case EAPOLSTATE_CONNECTING: hr = S_FALSE; break; case EAPOLSTATE_ACQUIRED: ncsStatus = NCS_CREDENTIALS_REQUIRED; break; case EAPOLSTATE_AUTHENTICATING: ncsStatus = NCS_AUTHENTICATING; break; case EAPOLSTATE_HELD: ncsStatus = NCS_AUTHENTICATION_FAILED; break; case EAPOLSTATE_AUTHENTICATED: ncsStatus = NCS_AUTHENTICATION_SUCCEEDED; break; default: hr = S_FALSE; break; }
if (SUCCEEDED (hr)) { hr = WZCNetmanConnectionStatusChanged ( &DeviceGuid, ncsStatus); }
if (FAILED (hr)) { dwRetCode = ERROR_CAN_NOT_COMPLETE; break; } } } while (FALSE);
if (pwszDummy != NULL) { SysFreeString (pwszDummy); }
if (pEAPUIContext != NULL) { FREE (pEAPUIContext); }
return dwRetCode;}
//
// ElPostShowBalloonMessage
//
// Description:
//
// Function to display balloon on tray icon
//
// Arguments:
// pPCB - Pointer to PCB
// cbCookieLen - Cookie Length
// pbCookie - Pointer to cookie
// cbMessageLen - Message Length
// pbMessage - Pointer to message
//
// Return values:
// NO_ERROR - Success
// non-zero - Error
//
DWORDElPostShowBalloonMessage ( IN EAPOL_PCB *pPCB, IN DWORD cbCookieLen, IN BYTE *pbCookie, IN DWORD cbMessageLen, IN WCHAR *pwszMessage ){ GUID DeviceGuid; BSTR pwszBalloonMessage = NULL; WCHAR wcszDummy[] = L"Dummy"; BSTR pwszCookie = NULL; HRESULT hr = S_OK; DWORD dwRetCode = NO_ERROR;
do { ElStringToGuid (pPCB->pwszDeviceGUID, &DeviceGuid);
pwszCookie = SysAllocStringByteLen (pbCookie, cbCookieLen); if (pwszCookie == NULL) { dwRetCode = ERROR_CAN_NOT_COMPLETE; break; } if (cbMessageLen != 0) { pwszBalloonMessage = SysAllocString (pwszMessage); } else { pwszBalloonMessage = SysAllocString (wcszDummy); } if (pwszBalloonMessage == NULL) { dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
hr = WZCNetmanShowBalloon ( &DeviceGuid, pwszCookie, pwszBalloonMessage);
if (FAILED (hr)) { dwRetCode = ERROR_CAN_NOT_COMPLETE; break; } } while (FALSE);
if (pwszBalloonMessage != NULL) { SysFreeString (pwszBalloonMessage); }
if (pwszCookie != NULL) { SysFreeString (pwszCookie); }
return dwRetCode;}
//
// ElProcessReauthResponse
//
// Description:
//
// Function to handle UI response for initiating re-auth
//
// Arguments:
//
// Return values:
//
//
DWORDElProcessReauthResponse ( IN EAPOL_EAP_UI_CONTEXT EapolUIContext, IN EAPOLUI_RESP EapolUIResp ){ DWORD dwRetCode = NO_ERROR;
do { } while (FALSE);
return dwRetCode;}
//
// ElIPPnpWorker
//
// Description:
//
// Function to renew address on a particular interface
//
// Arguments:
// pvContext - GUID string for the intended interface
//
// Return values:
//
//
DWORDWINAPIElIPPnPWorker ( IN PVOID pvContext ){ DHCP_PNP_CHANGE DhcpPnpChange; WCHAR *pwszGUID = NULL; DWORD dwRetCode = NO_ERROR;
do { if (pvContext == NULL) { break; }
pwszGUID = (WCHAR *)pvContext;
// Call DHCP to do PnP
ZeroMemory(&DhcpPnpChange, sizeof(DHCP_PNP_CHANGE)); DhcpPnpChange.Version = DHCP_PNP_CHANGE_VERSION_0; if ((dwRetCode = DhcpHandlePnPEvent( 0, DHCP_CALLER_TCPUI, pwszGUID, &DhcpPnpChange, NULL)) != NO_ERROR) { TRACE1 (ANY, "ElIPPnPWorker: DHCPHandlePnPEvent returned error %ld", dwRetCode); // Ignore DHCP error, it's outside 802.1X logic
dwRetCode = NO_ERROR; } else { TRACE0 (EAPOL, "ElIPPnPWorker: DHCPHandlePnPEvent successful"); }
// Call IPv6 to renew this interface
dwRetCode = Ip6RenewInterface(pwszGUID); if (dwRetCode != NO_ERROR) { TRACE1(EAPOL, "ElIPPnPWorker: Ip6RenewInterface returned error %ld", dwRetCode); // Failure not fatal! Stack might be uninstalled.
// Ignore IPv6 error, it's outside the 802.1x logic.
dwRetCode = NO_ERROR; } else { TRACE0(EAPOL, "ElIPPnPWorker: Ip6RenewInterface successful"); } } while (FALSE);
if (pvContext != NULL) { FREE (pvContext); }
InterlockedDecrement (&g_lWorkerThreads);
return dwRetCode;}
//
// ElUpdateRegistry
//
// Description:
//
// Function to modify keys left behind in earlier versions
//
// Arguments:
// None
//
// Return values:
// NO_ERROR - success
// !NO_ERROR - error
//
DWORDElUpdateRegistry ( ){ DWORD dwRetCode = NO_ERROR;
do { if ((dwRetCode = ElRegistryUpdateXPBeta2 ()) != NO_ERROR) { TRACE1 (ANY, "ElUpdateRegistry: ElRegistryUpdateXPBeta2 failed with error %ld", dwRetCode); dwRetCode = NO_ERROR; }
if ((dwRetCode = ElRegistryUpdateXPSP1 ()) != NO_ERROR) { TRACE1 (ANY, "ElUpdateRegistry: ElRegistryUpdateXPSP1 failed with error %ld", dwRetCode); dwRetCode = NO_ERROR; } } while (FALSE);
return dwRetCode;}
//
// ElRegistryUpdateXPBeta2
//
// Description:
//
// Function to cleanup keys left behind prior 2 Beta2
//
// Arguments:
// None
//
// Return values:
// NO_ERROR - success
// !NO_ERROR - error
//
DWORDElRegistryUpdateXPBeta2 ( ){ HKEY hkey = NULL; HKEY hkey1 = NULL; DWORD dwDisposition; DWORD dwNumValues = 0, dwMaxValueNameLen = 0, dwMaxValueLen = 0; DWORD dwNumSubKeys = 0, dwMaxSubKeyLen = 0; DWORD dwMaxValueName = 0; DWORD dwNumValues1 = 0, dwMaxValueNameLen1 = 0, dwMaxValueLen1 = 0; DWORD dwNumSubKeys1 = 0, dwMaxSubKeyLen1 = 0; DWORD dwMaxValueName1 = 0; LONG lIndex = 0, lIndex1 = 0; BYTE *pbKeyBuf = NULL; DWORD dwKeyBufLen = 0; BYTE *pbKeyBuf1 = NULL; DWORD dwKeyBufLen1 = 0; WCHAR *pwszValueName = NULL; LONG lError = ERROR_SUCCESS; DWORD dwRetCode = ERROR_SUCCESS;
do { // Delete keys in HKLM\Software\Microsoft\EAPOL\Parameters\Interfaces
// with no "{"
// Get handle to HKLM\Software\Microsoft\EAPOL\Parameters\Interfaces
if ((lError = RegOpenKeyEx ( HKEY_LOCAL_MACHINE, cwszEapKeyEapolConn, 0, KEY_ALL_ACCESS, &hkey )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElRegistryUpdateXPBeta2: Error in RegOpenKeyEx for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
if ((lError = RegQueryInfoKey ( hkey, NULL, NULL, NULL, &dwNumSubKeys, &dwMaxSubKeyLen, NULL, NULL, NULL, NULL, NULL, NULL )) != NO_ERROR) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElRegistryUpdateXPBeta2: RegQueryInfoKey failed with error %ld", dwRetCode); break; }
dwMaxSubKeyLen++; if ((pbKeyBuf = MALLOC (dwMaxSubKeyLen*sizeof(WCHAR))) == NULL) { TRACE0 (ANY, "ElRegistryUpdateXPBeta2: MALLOC failed for dwMaxSubKeyLen"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
for (lIndex = (dwNumSubKeys-1); lIndex >= 0, dwNumSubKeys > 0; lIndex--) { dwKeyBufLen = dwMaxSubKeyLen; ZeroMemory (pbKeyBuf, dwMaxSubKeyLen*sizeof(WCHAR)); if ((lError = RegEnumKey ( hkey, lIndex, (WCHAR *)pbKeyBuf, dwKeyBufLen )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElRegistryUpdateXPBeta2: RegEnumValue failed with error %ld", lError); break; }
// If the first character in the key is not a '{' delete it
if (wcsncmp ((WCHAR *)pbKeyBuf, L"{", 1)) { if ((dwRetCode = SHDeleteKey ( hkey, (WCHAR *)pbKeyBuf )) != ERROR_SUCCESS) { TRACE2 (ANY, "ElRegistryUpdateXPBeta2: RegDelete of (%ws) failed with error %ld", (WCHAR *)pbKeyBuf, dwRetCode); dwRetCode = ERROR_SUCCESS; }
continue; }
// This is a "{GUID}" type key
// Delete all sub-keys under this
if ((lError = RegOpenKeyEx ( hkey, (WCHAR *)pbKeyBuf, 0, KEY_ALL_ACCESS, &hkey1 )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElRegistryUpdateXPBeta2: Error in RegOpenKeyEx for hkey1, %ld", lError); dwRetCode = (DWORD)lError; break; }
do {
if ((lError = RegQueryInfoKey ( hkey1, NULL, NULL, NULL, &dwNumSubKeys1, &dwMaxSubKeyLen1, NULL, &dwNumValues1, &dwMaxValueNameLen1, &dwMaxValueLen1, NULL, NULL )) != NO_ERROR) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElRegistryUpdateXPBeta2: RegQueryInfoKey failed with error %ld", dwRetCode); break; }
dwMaxSubKeyLen1++; if ((pbKeyBuf1 = MALLOC (dwMaxSubKeyLen1*sizeof(WCHAR))) == NULL) { TRACE0 (ANY, "ElRegistryUpdateXPBeta2: MALLOC failed for dwMaxSubKeyLen"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } for (lIndex1 = (dwNumSubKeys1-1); lIndex1 >= 0, dwNumSubKeys1 > 0; lIndex1--) { dwKeyBufLen1 = dwMaxSubKeyLen1; ZeroMemory (pbKeyBuf1, dwMaxSubKeyLen1*sizeof(WCHAR)); if ((lError = RegEnumKey ( hkey1, lIndex1, (WCHAR *)pbKeyBuf1, dwKeyBufLen1 )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElRegistryUpdateXPBeta2: RegEnumValue failed with error %ld", lError); break; } // Delete all sub-keys
if ((dwRetCode = SHDeleteKey ( hkey1, (WCHAR *)pbKeyBuf1 )) != ERROR_SUCCESS) { TRACE2 (ANY, "ElRegistryUpdateXPBeta2: RegDelete of (%ws) failed with error %ld", (WCHAR *)pbKeyBuf1, dwRetCode); dwRetCode = ERROR_SUCCESS; } } if (pbKeyBuf1 != NULL) { FREE (pbKeyBuf1); pbKeyBuf1 = NULL; } if ((lError != ERROR_SUCCESS) && (lError != ERROR_NO_MORE_ITEMS)) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElRegistryUpdateXPBeta2: RegEnumKey failed with error %ld", dwRetCode); break; } else { lError = ERROR_SUCCESS; }
// Delete all values with names "DefaultEapType", "EapolEnabled",
// "LastModifiedSSID"
dwMaxValueNameLen1++; if ((pwszValueName = MALLOC (dwMaxValueNameLen1*sizeof(WCHAR))) == NULL) { TRACE0 (ANY, "ElRegistryUpdateXPBeta2: MALLOC failed for pwszValueName"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } for (lIndex1 = (dwNumValues1-1); lIndex1 >= 0, dwNumValues1 > 0; lIndex1--) { dwMaxValueNameLen = dwMaxValueNameLen1; ZeroMemory (pwszValueName, dwMaxValueNameLen1*sizeof(WCHAR)); if ((lError = RegEnumValue ( hkey1, lIndex1, pwszValueName, &dwMaxValueNameLen, NULL, NULL, NULL, NULL )) != ERROR_SUCCESS) { if (lError != ERROR_MORE_DATA) { break; } lError = ERROR_SUCCESS; }
if ((!wcscmp (pwszValueName, cwszDefaultEAPType)) || (!wcscmp (pwszValueName, cwszEapolEnabled)) || (!wcscmp (pwszValueName, cwszLastUsedSSID))) { if ((lError = RegDeleteValue ( hkey1, pwszValueName )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElRegistryUpdateXPBeta2: RegDeleteValue failed with error %ld", lError); lError = ERROR_SUCCESS; } } } if (pwszValueName != NULL) { FREE (pwszValueName); pwszValueName = NULL; } if ((lError != ERROR_SUCCESS) && (lError != ERROR_NO_MORE_ITEMS)) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElRegistryUpdateXPBeta2: RegEnumValue failed with error %ld", dwRetCode); break; } else { lError = ERROR_SUCCESS; }
} while (FALSE);
if (hkey1 != NULL) { RegCloseKey (hkey1); hkey1 = NULL; } } if ((lError != ERROR_SUCCESS) && (lError != ERROR_NO_MORE_ITEMS)) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElRegistryUpdateXPBeta2: RegQueryInfoKey failed with error %ld", dwRetCode); break; } else { lError = ERROR_SUCCESS; }
} while (FALSE);
if (hkey != NULL) { RegCloseKey (hkey); } if (hkey1 != NULL) { RegCloseKey (hkey1); } if (pbKeyBuf != NULL) { FREE (pbKeyBuf); }
return dwRetCode;}
BOOLEANIsSSIDPresentInWZCList ( PEAPOL_INTF_PARAMS pIntfParams, PWZC_802_11_CONFIG_LIST pwzcCfgList ){ DWORD dwIndex = 0; BOOLEAN fFound = FALSE; do { for (dwIndex=0; dwIndex<pwzcCfgList->NumberOfItems; dwIndex++) { if (pwzcCfgList->Config[dwIndex].Ssid.SsidLength == pIntfParams->dwSizeOfSSID) { if (memcmp(pwzcCfgList->Config[dwIndex].Ssid.Ssid, pIntfParams->bSSID, pIntfParams->dwSizeOfSSID) == 0) { fFound = TRUE; break; } } } } while (FALSE);
return fFound;}
DWORDElWZCCfgUpdateSettings ( IN LPWSTR pwszGUID, PWZC_802_11_CONFIG_LIST pwzcCfgList, HKEY hRootKey ){ HKEY hkey = NULL; HKEY hkey1 = NULL; HKEY hHKCUkey = NULL; HANDLE hToken = NULL; DWORD dwNumValues = 0, dwMaxValueNameLen = 0, dwMaxValueLen = 0; WCHAR *pwszValueName = NULL; BYTE *pbValueBuf = NULL; LONG lError = ERROR_SUCCESS; LONG lIndex = 0; DWORD dwValueData = 0; EAPOL_INTF_PARAMS *pRegParams = NULL; DWORD dwTempValueNameLen = 0; BOOLEAN fFreeWZCCfgList = FALSE; DWORD dwRetCode = NO_ERROR;
do { // Enumerate registry blobs
// Get handle to HKLM\Software\Microsoft\EAPOL\Parameters\Interfaces or
// HKCU\Software\Microsoft\EAPOL\UserEapInfo
// Get handle to HKCU
if (hRootKey == HKEY_CURRENT_USER) { if (dwRetCode = ElGetWinStationUserToken (g_dwCurrentSessionId, &hToken) != NO_ERROR) { TRACE1 (ANY, "ElWZCCfgUpdateSettings: ElGetWinStationUserToken failed with error %ld", dwRetCode); break; } if ((dwRetCode = ElGetEapKeyFromToken ( hToken, &hHKCUkey)) != NO_ERROR) { TRACE1 (ANY, "ElWZCCfgUpdateSettings: Error in ElGetEapKeyFromToken %ld", dwRetCode); break; } hRootKey = hHKCUkey; }
if ((lError = RegOpenKeyEx ( hRootKey, (hRootKey == HKEY_LOCAL_MACHINE)?cwszEapKeyEapolConn:cwszEapKeyEapolUser, 0, KEY_ALL_ACCESS, &hkey )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWZCCfgUpdateSettings: Error in RegOpenKeyEx for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
if ((lError = RegOpenKeyEx ( hkey, pwszGUID, 0, KEY_ALL_ACCESS, &hkey1 )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWZCCfgUpdateSettings: Error in RegOpenKeyEx for GUID, %ld", lError); dwRetCode = (DWORD)lError; break; }
if ((lError = RegQueryInfoKey ( hkey1, NULL, NULL, NULL, NULL, NULL, NULL, &dwNumValues, &dwMaxValueNameLen, &dwMaxValueLen, NULL, NULL )) != NO_ERROR) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElWZCCfgUpdateSettings: RegQueryInfoKey failed with error %ld", dwRetCode); break; }
if ((pwszValueName = MALLOC ((dwMaxValueNameLen + 1) * sizeof (WCHAR))) == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElWZCCfgUpdateSettings: MALLOC failed for pwszValueName"); break; } dwMaxValueNameLen++; if ((pbValueBuf = MALLOC (dwMaxValueLen)) == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElWZCCfgUpdateSettings: MALLOC failed for pbValueBuf"); break; }
for (lIndex = (dwNumValues-1); lIndex >= 0, dwNumValues > 0; lIndex--) { dwValueData = dwMaxValueLen; dwTempValueNameLen = dwMaxValueNameLen; if ((lError = RegEnumValue ( hkey1, lIndex, pwszValueName, &dwTempValueNameLen, NULL, NULL, pbValueBuf, &dwValueData )) != ERROR_SUCCESS) { break; }
if (dwValueData < sizeof (EAPOL_INTF_PARAMS)) { TRACE0 (ANY, "ElWZCCfgUpdateSettings: dwValueData < sizeof (EAPOL_INTF_PARAMS)"); lError = ERROR_INVALID_DATA; break; } pRegParams = (EAPOL_INTF_PARAMS *)pbValueBuf;
// Ignore default setting since this is needed
if ((memcmp (pRegParams->bSSID, g_bDefaultSSID, MAX_SSID_LEN)) == 0) { continue; }
// If SSID corresponding to registry blob is not found in
// WZC list, delete it
if (!IsSSIDPresentInWZCList (pRegParams, pwzcCfgList )) { // Delete Registry Value
if ((lError = RegDeleteValue ( hkey1, pwszValueName )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWZCCfgUpdateSettings: RegDeleteValue failed with error (%ld)", lError); lError = ERROR_SUCCESS; } } } if ((lError != ERROR_SUCCESS) && (lError != ERROR_NO_MORE_ITEMS)) { dwRetCode = (DWORD)lError; break; } else { lError = ERROR_SUCCESS; } } while (FALSE);
if (hToken != NULL) { CloseHandle (hToken); } if (hHKCUkey != NULL) { RegCloseKey (hHKCUkey); } if (hkey != NULL) { RegCloseKey (hkey); } if (hkey1 != NULL) { RegCloseKey (hkey1); } if (pbValueBuf != NULL) { FREE (pbValueBuf); } if (pwszValueName != NULL) { FREE (pwszValueName); }
return dwRetCode;}
DWORDElWZCCfgChangeHandler ( IN LPWSTR pwszGUID, PWZC_802_11_CONFIG_LIST pwzcCfgList ){ HKEY hkey = NULL; HKEY hkey1 = NULL; DWORD dwNumValues = 0, dwMaxValueNameLen = 0, dwMaxValueLen = 0; WCHAR *pwszValueName = NULL; BYTE *pbValueBuf = NULL; LONG lError = ERROR_SUCCESS; LONG lIndex = 0; DWORD dwValueData = 0; EAPOL_INTF_PARAMS *pRegParams = NULL; DWORD dwTempValueNameLen = 0; BOOLEAN fFreeWZCCfgList = FALSE; DWORD dwRetCode = NO_ERROR;
do { // Enumerate registry blobs
if (pwzcCfgList == NULL) { // Create structure with zero items in list
pwzcCfgList = (PWZC_802_11_CONFIG_LIST) MALLOC (sizeof(WZC_802_11_CONFIG_LIST)); if (pwzcCfgList == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElWZCCfgChangeHandler: pwzcCfgList = NULL"); break; } else { fFreeWZCCfgList = TRUE; } }
// Delete 802.1x setting blob, for Connection properties and current
// user-settings
if ((dwRetCode = ElWZCCfgUpdateSettings ( pwszGUID, pwzcCfgList, HKEY_LOCAL_MACHINE)) != NO_ERROR) { TRACE1 (ANY, "ElWZCCfgChangeHandler: ElWZCCfgUpdateSettings HKLM failed with error (%ld)", dwRetCode); dwRetCode = NO_ERROR; }
if ((dwRetCode = ElWZCCfgUpdateSettings ( pwszGUID, pwzcCfgList, HKEY_CURRENT_USER)) != NO_ERROR) { TRACE1 (ANY, "ElWZCCfgChangeHandler: ElWZCCfgUpdateSettings HKCU failed with error (%ld)", dwRetCode); dwRetCode = NO_ERROR; } } while (FALSE);
if (fFreeWZCCfgList) { FREE (pwzcCfgList); }
return dwRetCode;}
//
// ElRegistryUpdateXPSP1
//
// Description:
//
// Function to modify 802.1X settings created prior to SP1. This will disable
// 802.1x on all existing configurations. 802.1x, if required, will have to
// be enabled by the user on the existing connection.
//
// Arguments:
// None
//
// Return values:
// NO_ERROR - success
// !NO_ERROR - error
//
DWORDElRegistryUpdateXPSP1 ( ){ HKEY hkey = NULL; HKEY hkey1 = NULL; DWORD dwNumValues=0, dwMaxValueNameLen=0, dwMaxValueLen=0; WCHAR *pwszValueName=NULL; WCHAR wszGUID[GUID_STRING_LEN_WITH_TERM]; WCHAR *pwszGUID = NULL; DWORD dwSubKeys=0, dwSubKeyLen = 0; BYTE *pbValueBuf = NULL; LONG lError = ERROR_SUCCESS; LONG lKey=0, lIndex=0; DWORD dwValueData=0; EAPOL_INTF_PARAMS *pRegParams = NULL; DWORD dwTempValueNameLen=0; DWORD dwRetCode = NO_ERROR;
do { // Enumerate registry blobs
// Get handle to HKLM\Software\Microsoft\EAPOL\Parameters\Interfaces
if ((lError = RegOpenKeyEx ( HKEY_LOCAL_MACHINE, cwszEapKeyEapolConn, 0, KEY_ALL_ACCESS, &hkey )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElRegistryUpdateXPSP1: Error in RegOpenKeyEx for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
if ((lError = RegQueryInfoKey ( hkey, NULL, NULL, NULL, &dwSubKeys, &dwSubKeyLen, NULL, NULL, NULL, NULL, NULL, NULL )) != NO_ERROR) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElRegistryUpdateXPSP1: RegQueryInfoKey hkey failed with error %ld", dwRetCode); break; }
for (lKey = (dwSubKeys-1); lKey >= 0, dwSubKeys > 0; lKey--) { ZeroMemory (&wszGUID[0], GUID_STRING_LEN_WITH_TERM*sizeof(WCHAR)); pwszGUID = &wszGUID[0]; dwSubKeyLen = GUID_STRING_LEN_WITH_TERM; if ((lError = RegEnumKeyEx ( hkey, lKey, pwszGUID, &dwSubKeyLen, NULL, NULL, NULL, NULL )) != ERROR_SUCCESS) { break; }
if (dwSubKeyLen < (GUID_STRING_LEN_WITH_TERM - 1)) { TRACE0 (ANY, "ElRegistryUpdateXPSP1: dwValueData < sizeof (EAPOL_INTF_PARAMS)"); lError = ERROR_INVALID_DATA; break; } if (hkey1) { RegCloseKey (hkey1); hkey1 = NULL; }
// Get handle to HKLM\Software\...\Interfaces\<GUID>
if ((lError = RegOpenKeyEx ( hkey, pwszGUID, 0, KEY_ALL_ACCESS, &hkey1 )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElRegistryUpdateXPSP1: Error in RegOpenKeyEx for GUID, %ld", lError); break; }
dwNumValues = 0; dwMaxValueNameLen = 0; if ((lError = RegQueryInfoKey ( hkey1, NULL, NULL, NULL, NULL, NULL, NULL, &dwNumValues, &dwMaxValueNameLen, &dwMaxValueLen, NULL, NULL )) != NO_ERROR) { TRACE1 (ANY, "ElRegistryUpdateXPSP1: RegQueryInfoKey failed with error %ld", lError); break; }
if (pwszValueName) { FREE (pwszValueName); pwszValueName = NULL; } if (pbValueBuf) { FREE (pbValueBuf); pbValueBuf = NULL; } if ((pwszValueName = MALLOC ((dwMaxValueNameLen + 1) * sizeof (WCHAR))) == NULL) { lError = dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElRegistryUpdateXPSP1: MALLOC failed for pwszValueName"); break; } dwMaxValueNameLen++; if ((pbValueBuf = MALLOC (dwMaxValueLen)) == NULL) { lError = dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElRegistryUpdateXPSP1: MALLOC failed for pbValueBuf"); break; } for (lIndex = (dwNumValues-1); lIndex >= 0, dwNumValues > 0; lIndex--) { dwValueData = dwMaxValueLen; dwTempValueNameLen = dwMaxValueNameLen; if ((lError = RegEnumValue ( hkey1, lIndex, pwszValueName, &dwTempValueNameLen, NULL, NULL, pbValueBuf, &dwValueData )) != ERROR_SUCCESS) { break; } if (dwValueData < sizeof (EAPOL_INTF_PARAMS)) { TRACE0 (ANY, "ElRegistryUpdateXPSP1: dwValueData < sizeof (EAPOL_INTF_PARAMS)"); lError = ERROR_INVALID_DATA; break; } pRegParams = (EAPOL_INTF_PARAMS *)pbValueBuf; if (pRegParams->dwVersion != EAPOL_CURRENT_VERSION) { pRegParams->dwVersion = EAPOL_CURRENT_VERSION; if ((dwRetCode = ElSetInterfaceParams ( pwszGUID, pRegParams )) != NO_ERROR) { TRACE1 (PORT, "ElRegistryUpdateXPSP1: ElSetInterfaceParams failed with error %ld, continuing", dwRetCode); dwRetCode = NO_ERROR; } } } if ((lError != ERROR_SUCCESS) && (lError != ERROR_NO_MORE_ITEMS)) { TRACE1 (ANY, "ElRegistryUpdateXPSP1: RegEnumValue hkey1 failed with error (%ld)", lError); dwRetCode = (DWORD)lError; break; } else { lError = ERROR_SUCCESS; } } if ((lError != ERROR_SUCCESS) && (lError != ERROR_NO_MORE_ITEMS)) { dwRetCode = (DWORD)lError; break; } else { lError = ERROR_SUCCESS; } } while (FALSE);
if (hkey != NULL) { RegCloseKey (hkey); } if (hkey1 != NULL) { RegCloseKey (hkey1); } if (pbValueBuf != NULL) { FREE (pbValueBuf); } if (pwszValueName != NULL) { FREE (pwszValueName); }
return dwRetCode;}
//
// ElValidateCustomAuthData
//
// Description:
//
// Function to verify the validity of the concatenated blob containing
// EAP blob for each EAP-Type configured on the network
//
// Arguments:
// dwAuthData - Size of concatenated blob
// pbAuthData - Pointer to concatenated blob
//
// Return values:
// NO_ERROR - success
// !NO_ERROR - error
//
DWORDElValidateCustomAuthData ( IN DWORD dwAuthData, IN PBYTE pbAuthData ){ UNALIGNED EAPOL_AUTH_DATA *pCustomData = NULL; DWORD cbOffset = 0; DWORD dwRetCode = NO_ERROR;
do { // Align to start of EAP blob
cbOffset = sizeof(EAPOL_INTF_PARAMS);
// Sum total of all EAP blobs should be the total blob length
while (cbOffset < dwAuthData) { pCustomData = (EAPOL_AUTH_DATA *) ((PBYTE) pbAuthData + cbOffset);
cbOffset += sizeof (EAPOL_AUTH_DATA) + pCustomData->dwSize; } if (cbOffset != dwAuthData) { dwRetCode = ERROR_INVALID_DATA; break; } } while (FALSE);
return dwRetCode;}
|
