Leaked source code of windows server 2003

505 lines
14 KiB

  1. /*++
  2. Copyright (c) 1999, Microsoft Corporation
  3. Module Name:
  4. elport.h
  5. Abstract:
  6. This module contains declarations for port management for EAPOL,
  7. r/w to ports
  8. Revision History:
  9. sachins, Apr 23 2000, Created
  10. --*/
  11. #ifndef _EAPOL_PORT_H_
  12. #define _EAPOL_PORT_H_
  13. //
  14. // EAPOL PCB State Flags
  15. //
  16. #define EAPOL_PORT_FLAG_DELETED 0x8000
  17. #define EAPOL_PORT_DELETED(i) \
  18. ((i)->dwFlags & EAPOL_PORT_FLAG_DELETED)
  19. #define EAPOL_PORT_FLAG_ACTIVE 0x4000
  20. #define EAPOL_PORT_ACTIVE(i) \
  21. ((i)->dwFlags & EAPOL_PORT_FLAG_ACTIVE)
  22. #define EAPOL_PORT_FLAG_DISABLED 0x2000
  23. #define EAPOL_PORT_DISABLED(i) \
  24. ((i)->dwFlags & EAPOL_PORT_FLAG_DISABLED)
  25. //
  26. // EAPOL Timer Flags
  27. //
  28. #define EAPOL_AUTH_TIMER 0x8000
  29. #define EAPOL_AUTH_TIMER_SET(i) \
  30. ((i)->dwTimerFlags & EAPOL_AUTH_TIMER)
  31. #define EAPOL_HELD_TIMER 0x4000
  32. #define EAPOL_HELD_TIMER_SET(i) \
  33. ((i)->dwTimerFlags & EAPOL_HELD_TIMER)
  34. #define EAPOL_START_TIMER 0x2000
  35. #define EAPOL_START_TIMER_SET(i) \
  36. ((i)->dwTimerFlags & EAPOL_START_TIMER)
  37. #define EAPOL_TRANSMIT_KEY_TIMER 0x1000
  38. #define EAPOL_TRANSMIT_KEY_TIMER_SET(i) \
  39. ((i)->dwTimerFlags & EAPOL_TRANSMIT_KEY_TIMER)
  40. #define EAPOL_NO_TIMER 0x0000
  41. #define EAPOL_NO_TIMER_SET(i) \
  42. ((i)->dwTimerFlags & EAPOL_NO_TIMER)
  43. #define SET_EAPOL_AUTH_TIMER(i) \
  44. ((i)->dwTimerFlags = EAPOL_AUTH_TIMER)
  45. #define SET_EAPOL_HELD_TIMER(i) \
  46. ((i)->dwTimerFlags = EAPOL_HELD_TIMER)
  47. #define SET_EAPOL_START_TIMER(i) \
  48. ((i)->dwTimerFlags = EAPOL_START_TIMER)
  49. #define SET_TRANSMIT_KEY_TIMER(i) \
  50. ((i)->dwTimerFlags = EAPOL_TRANSMIT_KEY_TIMER)
  51. #define SET_EAPOL_NO_TIMER(i) \
  52. ((i)->dwTimerFlags = EAPOL_NO_TIMER)
  53. #define CHECK_EAPOL_TIMER(i) \
  54. ((i)->dwTimerFlags & (EAPOL_AUTH_TIMER|EAPOL_HELD_TIMER|EAPOL_START_TIMER|EAPOL_TRANSMIT_KEY_TIMER))
  55. //
  56. // Structure: ETH_HEADER
  57. //
  58. typedef struct _ETH_HEADER
  59. {
  60. BYTE bDstAddr[SIZE_MAC_ADDR];
  61. BYTE bSrcAddr[SIZE_MAC_ADDR];
  62. } ETH_HEADER, *PETH_HEADER;
  63. //
  64. // Structure: EAPOL_BUFFER
  65. //
  66. // This structure holds a buffer used for I/O to the ndis uio driver
  67. // EAPOL_BUFFER structure is used in the OVERLAPPED read-write operations.
  68. // On the OVERLAPPED read/write completion, pvContext is used to
  69. // identity the port on which the I/O occured
  70. //
  71. typedef struct _EAPOL_BUFFER
  72. {
  73. //
  74. // This is the pointer to the EAPOL_PCB structure of the interface on which
  75. // I/O was performed
  76. //
  77. PVOID pvContext;
  78. // Send/Recv data buffer
  79. CHAR pBuffer[MAX_PACKET_SIZE];
  80. //
  81. // Passed as the system context area for any I/O using the buffer
  82. //
  83. OVERLAPPED Overlapped;
  84. //
  85. // Pointer to Completion Routine
  86. //
  87. VOID (CALLBACK *CompletionRoutine)
  88. (DWORD, DWORD, struct _EAPOL_BUFFER *);
  89. // Fields which are filled on IoCompletion
  90. DWORD dwErrorCode;
  91. DWORD dwBytesTransferred;
  92. } EAPOL_BUFFER, *PEAPOL_BUFFER;
  93. //
  94. // Structure: EAPOL_PCB
  95. //
  96. // EAPOL Port Control Block
  97. // This structure holds the operational information for an interface/port
  98. // from the EAPOL protocol standpoint.
  99. // It also maintains state information for EAP protocol.
  100. //
  101. // Each PCB is inserted in a hash bucket list, one for each interface
  102. //
  103. // Synchronization on PCBs is done using a read-write PCB list lock,
  104. // and a per-PCB read-write lock, and a per-port ref count.
  105. // The locks are single-write, multiple-read. Currently, locks are used
  106. // in write mode only
  107. //
  108. // If PCB's are to be added or deleted, the PCB list lock should
  109. // be acquired.
  110. //
  111. // If any PCB needs to be modified, the per-PCB list lock should be acquired
  112. // in write mode.
  113. //
  114. // Acquiring a reference to a port guarantees the PCBs existence;
  115. // acquiring the PCB lock guarantees consistency of the PCB fields
  116. //
  117. //
  118. typedef struct _EAPOL_PCB
  119. {
  120. // Pointer to next PCB in the hash bucket
  121. struct _EAPOL_PCB *pNext;
  122. // Handle to NDIS UIO device
  123. HANDLE hPort;
  124. // Port number on the system Will be an integer value cast
  125. DWORD dwPortIndex;
  126. // Debug Flags
  127. DWORD dwDebugFlags;
  128. // Friendly name of the interface on which this port is opened
  129. WCHAR *pwszFriendlyName;
  130. // GUID string uniquely identifying the interface
  131. WCHAR *pwszDeviceGUID;
  132. // Additional identiifier for a connected port e.g. MSFTWLAN
  133. WCHAR *pwszSSID;
  134. // Additional identiifier for a connected port e.g. MSFTWLAN
  135. NDIS_802_11_SSID *pSSID;
  136. // Version of EAPOL supported on this port
  137. DWORD dwEapolVersion;
  138. // Pointer to EAP Work Buffer for this PCB
  139. PVOID pEapWorkBuffer;
  140. // Per PCB read-write lock
  141. READ_WRITE_LOCK rwLock;
  142. // Number of references made to this port
  143. DWORD dwRefCount;
  144. // Indicates whether port is ACTIVE or DISABLED
  145. DWORD dwFlags;
  146. // Indicates the EAPOL settings
  147. DWORD dwEapFlags;
  148. // EAPOL state
  149. EAPOL_STATE State;
  150. // EAPOL statistics for this port
  151. EAPOL_STATS EapolStats;
  152. // EAPOL configuration parameters for this port
  153. EAPOL_CONFIG EapolConfig;
  154. // Version of EAPOL supported
  155. BYTE bProtocolVersion;
  156. // Handle to EAPOL timer currently running on this machine
  157. HANDLE hTimer;
  158. // Ethertype for this LAN
  159. BYTE bEtherType[SIZE_ETHERNET_TYPE];
  160. // Mac Addr of peer (switch port access point)
  161. BYTE bSrcMacAddr[SIZE_MAC_ADDR];
  162. // Mac Addr of last successfully authenticated peer (access point)
  163. BYTE bPreviousDestMacAddr[SIZE_MAC_ADDR];
  164. // Mac Addr of peer (switch port or access point)
  165. BYTE bDestMacAddr[SIZE_MAC_ADDR];
  166. // Media State
  167. NDIS_MEDIA_STATE MediaState;
  168. // Physical Medium Type
  169. NDIS_PHYSICAL_MEDIUM PhysicalMediumType;
  170. DWORD dwTimerFlags;
  171. // Number of EAPOL_Start messages that have been sent without
  172. // receiving response
  173. ULONG ulStartCount;
  174. // Identifier in the most recently received EAP Request frame
  175. DWORD dwPreviousId;
  176. // Copy of last sent out EAPOL packet
  177. // Used for retransmission
  178. BYTE *pbPreviousEAPOLPkt;
  179. DWORD dwSizeOfPreviousEAPOLPkt;
  180. // Has Identity for the user obtained using RasEapGetIdentity ?
  181. BOOL fGotUserIdentity;
  182. // Is the port on a authenticated network i.e. is the remote end
  183. // EAPOL aware
  184. BOOL fIsRemoteEndEAPOLAware;
  185. // Flag set based on the supplicant mode
  186. BOOL fEAPOLTransmissionFlag;
  187. //
  188. // EAP related variables
  189. //
  190. BOOL fEapInitialized;
  191. BOOL fLogon;
  192. BOOL fUserLoggedIn;
  193. // Authentication identity using RasGetUserIdentity or other means
  194. CHAR *pszIdentity;
  195. // User Password for EAP MD5 CHAP
  196. DATA_BLOB PasswordBlob;
  197. // Token for interactively logged-on user obtained using
  198. // GetCurrentUserToken
  199. HANDLE hUserToken;
  200. // EAP configuration blob stored for each GUID
  201. EAPOL_CUSTOM_AUTH_DATA *pCustomAuthConnData;
  202. // User blob stored for GUID
  203. EAPOL_CUSTOM_AUTH_DATA *pCustomAuthUserData;
  204. // Data obtained using RasEapInvokeInteractiveUI
  205. EAPOL_EAP_UI_DATA EapUIData;
  206. // Interactive data received from InvokeInteractiveUI
  207. BOOL fEapUIDataReceived;
  208. // EAP type for the connection
  209. DWORD dwEapTypeToBeUsed;
  210. // Index for current EAP type in index table
  211. DWORD dwEapIndex;
  212. // Current EAP identifier working with
  213. BYTE bCurrentEAPId;
  214. // Unique identifier for UI invocation
  215. DWORD dwUIInvocationId;
  216. // Interactive dialog allowed?
  217. BOOL fNonInteractive;
  218. // EAP state for the port
  219. EAPSTATE EapState;
  220. // EAP UI state for the port
  221. EAPUISTATE EapUIState;
  222. // Work space for EAP implementation DLL
  223. // PCB just holds the pointer, the memory allocation is done by the EAP DLL
  224. // during RasEapBegin and should be passed to RasEapEnd for cleanup
  225. LPVOID lpEapDllWorkBuffer;
  226. // Notification message
  227. WCHAR *pwszEapReplyMessage;
  228. // Master secrets used in decrypting EAPOL-Key messages
  229. DATA_BLOB MasterSecretSend;
  230. DATA_BLOB MasterSecretRecv;
  231. // Copies of the MPPE Keys obtained from EAP authentication
  232. DATA_BLOB MPPESendKey;
  233. DATA_BLOB MPPERecvKey;
  234. // Last replay counter. Used to guard against security attacks
  235. ULONGLONG ullLastReplayCounter;
  236. // EAPOL to run on this port or not
  237. DWORD dwEapolEnabled;
  238. // Has EAPOL_Logoff packet been sent out on this port?
  239. DWORD dwLogoffSent;
  240. // Authentication type last performed - Used with MACHINE_AUTH
  241. EAPOL_AUTHENTICATION_TYPE PreviousAuthenticationType;
  242. // Number of current authentication failures for the port - MACHINE_AUTH
  243. DWORD dwAuthFailCount;
  244. // Is authentication being done on a new AP/Switch/Network?
  245. BOOLEAN fAuthenticationOnNewNetwork;
  246. // Tick count, the last time the port was restart
  247. DWORD dwLastRestartTickCount;
  248. // Zero Config transaction Id
  249. DWORD dwZeroConfigId;
  250. // Total Max Authentication tries (Machine + User + Guest)
  251. DWORD dwTotalMaxAuthFailCount;
  252. // Did EAP on Client-side actually succeed
  253. BOOLEAN fLocalEAPAuthSuccess;
  254. // Client-side auth result code
  255. DWORD dwLocalEAPAuthResult;
  256. // Supplicant-mode
  257. DWORD dwSupplicantMode;
  258. // EAPOL Authentication Mode 0 = XP RTM, 1 = XP SP1, 2 = Machine auth only
  259. DWORD dwEAPOLAuthMode;
  260. // Flag to indicate where the Session Keys which module the session keys
  261. // were last used from
  262. BOOLEAN fLastUsedEAPOLKeys;
  263. // Flag to indicate whether EAPOL-Key packet for transmit key
  264. // was received after getting into AUTHENTICATED state for wireless
  265. // interface
  266. BOOLEAN fTransmitKeyReceived;
  267. } EAPOL_PCB, *PEAPOL_PCB;
  268. //
  269. // Synchronization
  270. //
  271. #define EAPOL_REFERENCE_PORT(PCB) \
  272. (EAPOL_PORT_DELETED(PCB) ? FALSE : (InterlockedIncrement(&(PCB)->dwRefCount), TRUE))
  273. #define EAPOL_DEREFERENCE_PORT(PCB) \
  274. (InterlockedDecrement(&(PCB)->dwRefCount) ? TRUE : (ElCleanupPort(PCB), FALSE))
  275. //
  276. // FUNCTION DECLARATIONS
  277. //
  278. DWORD
  279. ElHashPortToBucket (
  280. IN WCHAR *pwszDeviceGUID
  281. );
  282. VOID
  283. ElRemovePCBFromTable (
  284. IN EAPOL_PCB *pPCB
  285. );
  286. PEAPOL_PCB
  287. ElGetPCBPointerFromPortGUID (
  288. IN WCHAR *pwszDeviceGUID
  289. );
  290. DWORD
  291. ElCreatePort (
  292. IN HANDLE hDevice,
  293. IN WCHAR *pwszGUID,
  294. IN WCHAR *pwszFriendlyName,
  295. IN DWORD dwZeroConfigId,
  296. IN PRAW_DATA prdRawData
  297. );
  298. DWORD
  299. ElDeletePort (
  300. IN WCHAR *pwszDeviceName,
  301. OUT HANDLE *hDevice
  302. );
  303. VOID
  304. ElCleanupPort (
  305. IN EAPOL_PCB *pPCB
  306. );
  307. DWORD
  308. ElReStartPort (
  309. IN PEAPOL_PCB pPCB,
  310. IN DWORD dwZeroConfigId,
  311. IN PRAW_DATA prdUserData
  312. );
  313. DWORD
  314. ElReadFromPort (
  315. IN PEAPOL_PCB pPCB,
  316. IN PCHAR pBuffer,
  317. IN DWORD dwBufferLength
  318. );
  319. DWORD
  320. ElWriteToPort (
  321. IN PEAPOL_PCB pPCB,
  322. IN PCHAR pBuffer,
  323. IN DWORD dwBufferLength
  324. );
  325. DWORD
  326. ElInitializeEAPOL (
  327. );
  328. DWORD
  329. ElEAPOLDeInit (
  330. );
  331. VOID
  332. ElReadPortStatistics (
  333. IN WCHAR *pwszDeviceName,
  334. OUT PEAPOL_STATS pEapolStats
  335. );
  336. VOID
  337. ElReadPortConfiguration (
  338. IN WCHAR *pwszDeviceName,
  339. OUT PEAPOL_CONFIG pEapolConfig
  340. );
  341. ULONG
  342. ElSetPortConfiguration (
  343. IN WCHAR *pwszDeviceName,
  344. IN PEAPOL_CONFIG pEapolConfig
  345. );
  346. VOID CALLBACK
  347. ElReadCompletionRoutine (
  348. IN DWORD dwError,
  349. IN DWORD dwBytesReceived,
  350. IN PEAPOL_BUFFER pEapolBuffer
  351. );
  352. VOID CALLBACK
  353. ElWriteCompletionRoutine (
  354. IN DWORD dwError,
  355. IN DWORD dwBytesSent,
  356. IN PEAPOL_BUFFER pEapolBuffer
  357. );
  358. VOID CALLBACK
  359. ElIoCompletionRoutine (
  360. IN DWORD dwError,
  361. IN DWORD dwBytesTransferred,
  362. IN LPOVERLAPPED lpOverlapped
  363. );
  364. DWORD
  365. ElReadPerPortRegistryParams(
  366. IN WCHAR *pwszDeviceGUID,
  367. IN EAPOL_PCB *pNewPCB
  368. );
  369. #endif // _EAPOL_PORT_H_