|
|
/*++
Copyright (c) 2000, Microsoft Corporation
Module Name: eluser.c
Abstract:
The module deals with functions related to user interaction, user logon
Revision History:
sachins, Apr 23 2000, Created
--*/
#include "pcheapol.h"
#pragma hdrstop
#define cszEapKeyRas TEXT("Software\\Microsoft\\RAS EAP\\UserEapInfo")
#define cszEapValue TEXT("EapInfo")
#ifndef EAPOL_SERVICE
#define cszModuleName TEXT("wzcsvc.dll")
#else
#define cszModuleName TEXT("eapol.exe")
#endif
//
// ElSessionChangeHandler
//
// Description:
//
// Function called to handle user session login/logoff/user-switching
//
// Arguments:
// pEventData - SCM event data
// dwEventType - SCM event type
//
VOID ElSessionChangeHandler ( PVOID pEventData, DWORD dwEventType ) { DWORD dwEventStatus = 0; BOOLEAN fDecrWorkerThreadCount = FALSE; LPTHREAD_START_ROUTINE pUserRoutine = NULL; PVOID pvBuffer = NULL; EAPOL_ZC_INTF ZCData; DWORD dwRetCode = NO_ERROR;
do { if (g_hEventTerminateEAPOL == NULL) { dwRetCode = NO_ERROR; break; } if (( dwEventStatus = WaitForSingleObject ( g_hEventTerminateEAPOL, 0)) == WAIT_FAILED) { dwRetCode = GetLastError (); break; } if (dwEventStatus == WAIT_OBJECT_0) { dwRetCode = NO_ERROR; break; } if (!(g_dwModulesStarted & LOGON_MODULE_STARTED)) { break; }
InterlockedIncrement (&g_lWorkerThreads);
fDecrWorkerThreadCount = TRUE;
if (pEventData) { WTSSESSION_NOTIFICATION* pswtsi = (WTSSESSION_NOTIFICATION*)pEventData; DWORD dwSessionId = pswtsi->dwSessionId; switch (dwEventType) { case WTS_CONSOLE_CONNECT: case WTS_REMOTE_CONNECT: { TRACE1 (USER,"ElSessionChangeHandler: CONNECT for session = (%ld)\n", dwSessionId); pUserRoutine = ElUserLogonCallback; break; } case WTS_CONSOLE_DISCONNECT: case WTS_REMOTE_DISCONNECT: { TRACE1 (USER,"ElSessionChangeHandler: DISCONNECT for session = (%ld)\n", dwSessionId); pUserRoutine = ElUserLogoffCallback; break; } case WTS_SESSION_LOGON: { TRACE1 (USER,"ElSessionChangeHandler: LOGON for session = (%ld)", dwSessionId); pUserRoutine = ElUserLogonCallback; break; } case WTS_SESSION_LOGOFF: { TRACE1 (USER,"ElSessionChangeHandler: LOGOFF for session=(%ld)", dwSessionId); pUserRoutine = ElUserLogoffCallback; break; } default: break; }
if (pUserRoutine == NULL) { break; }
if ((pvBuffer = MALLOC (sizeof(DWORD))) == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
*((DWORD *)pvBuffer) = dwSessionId;
if (!QueueUserWorkItem ( (LPTHREAD_START_ROUTINE)pUserRoutine, pvBuffer, WT_EXECUTELONGFUNCTION)) { dwRetCode = GetLastError(); TRACE1 (DEVICE, "ElSessionChangeHandler: QueueUserWorkItem failed with error %ld", dwRetCode); break; } else { fDecrWorkerThreadCount = FALSE; }
} } while (FALSE);
if (fDecrWorkerThreadCount) { InterlockedDecrement (&g_lWorkerThreads); }
if (dwRetCode != NO_ERROR) { if (pvBuffer != NULL) { FREE (pvBuffer); } } }
//
// ElUserLogonCallback
//
// Description:
//
// Callback function invoked whenever a user logs in
// Will initiate authentication process on all ports of LAN class
// Credentials for the user in case of EAP-TLS can be obtained by
// acquiring user token
// For EAP-CHAP, WinLogon cerdentials will need to be supplied
//
// Arguments:
// None.
//
DWORD WINAPI ElUserLogonCallback ( IN PVOID pvContext ) {
DWORD dwIndex = 0; EAPOL_PCB *pPCB = NULL; BOOL fSetCONNECTINGState = FALSE; EAPOL_ZC_INTF ZCData; DWORD dwRetCode = NO_ERROR;
TRACE1 (USER, "ElUserLogonCallback: UserloggedOn = %ld", g_fUserLoggedOn);
do { if (g_fUserLoggedOn) { TRACE0 (USER, "ElUserLogonCallback: User logon already detected, returning without processing"); break; }
if (pvContext == NULL) { break; }
if (*((DWORD *)pvContext) != USER_SHARED_DATA->ActiveConsoleId) { TRACE1 (USER, "ElUserLogonCallback: Not active console id (%ld)", *((DWORD *)pvContext)); break; }
// Check if UserModule is ready for notifications
if (!g_fTrayIconReady) { if ((dwRetCode = ElCheckUserModuleReady ()) != NO_ERROR) { TRACE1 (USER, "ElUserLogonCallback: ElCheckUserModuleReady failed with error %ld", dwRetCode); if (dwRetCode == ERROR_BAD_IMPERSONATION_LEVEL) { break; } } }
// Set global flag to indicate the user logged on
g_fUserLoggedOn = TRUE; g_dwCurrentSessionId = *((DWORD *)pvContext);
ACQUIRE_WRITE_LOCK (&(g_PCBLock));
for (dwIndex = 0; dwIndex < PORT_TABLE_BUCKETS; dwIndex++) { for (pPCB = g_PCBTable.pPCBBuckets[dwIndex].pPorts; pPCB != NULL; pPCB = pPCB->pNext) { fSetCONNECTINGState = FALSE; ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
switch (pPCB->dwEAPOLAuthMode) { case EAPOL_AUTH_MODE_0:
if (pPCB->State == EAPOLSTATE_AUTHENTICATED) { if (pPCB->PreviousAuthenticationType == EAPOL_UNAUTHENTICATED_ACCESS) { fSetCONNECTINGState = TRUE; } } else { (VOID) ElEapEnd (pPCB); fSetCONNECTINGState = TRUE; }
break;
case EAPOL_AUTH_MODE_1:
(VOID) ElEapEnd (pPCB); fSetCONNECTINGState = TRUE;
break;
case EAPOL_AUTH_MODE_2:
// Do nothing
break; }
if (!EAPOL_PORT_ACTIVE(pPCB)) { TRACE1 (USER, "ElUserLogonCallback: Port %ws not active", pPCB->pwszDeviceGUID); fSetCONNECTINGState = FALSE; }
// Set port to EAPOLSTATE_CONNECTING
if (fSetCONNECTINGState) { DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB, EAPOL_USER_LOGON, pPCB->pwszFriendlyName);
// First send out EAPOL_Logoff message
if ((dwRetCode = FSMLogoff (pPCB, NULL)) != NO_ERROR) { TRACE1 (USER, "ElUserLogonCallback: Error in FSMLogoff = %ld", dwRetCode); dwRetCode = NO_ERROR; }
pPCB->dwAuthFailCount = 0;
// With unauthenticated access flag set, port will always
// reauthenticate for logged on user
pPCB->PreviousAuthenticationType = EAPOL_UNAUTHENTICATED_ACCESS;
RELEASE_WRITE_LOCK (&(pPCB->rwLock));
// Restart authentication on the port
if ((dwRetCode = ElReStartPort (pPCB, 0, NULL)) != NO_ERROR) { TRACE1 (USER, "ElUserLogonCallback: MachineAuth: Error in ElReStartPort = %ld", dwRetCode); continue; } } else { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); continue; } } } RELEASE_WRITE_LOCK (&(g_PCBLock)); if (dwRetCode != NO_ERROR) { break; } } while (FALSE);
TRACE1 (USER, "ElUserLogonCallback: completed with error %ld", dwRetCode); if (pvContext != NULL) { FREE (pvContext); }
InterlockedDecrement (&g_lWorkerThreads);
return 0; }
//
// ElUserLogoffCallback
//
// Description:
//
// Callback function invoked whenever a user logs off
// Will logoff from all ports which have authentication enabled
//
// Arguments:
// None.
//
DWORD WINAPI ElUserLogoffCallback ( IN PVOID pvContext ) { DWORD dwIndex = 0; EAPOL_PCB *pPCB = NULL; BOOL fSetCONNECTINGState = FALSE; EAPOL_ZC_INTF ZCData; DWORD dwRetCode = NO_ERROR;
do { if (!g_fUserLoggedOn) { TRACE0 (USER, "ElUserLogoffCallback: User logoff already called, returning without processing"); break; }
if (pvContext == NULL) { break; }
if (g_dwCurrentSessionId != *((DWORD *)pvContext)) { TRACE1 (USER, "ElUserLogoffCallback: Not active console id (%ld)", *((DWORD *)pvContext)); break; }
// Reset global flag to indicate the user logged off
g_fUserLoggedOn = FALSE; g_dwCurrentSessionId = 0xffffffff;
// Reset User Module ready flag
g_fTrayIconReady = FALSE; TRACE1 (USER, "ElUserLogoffCallback: UserloggedOff = %ld", g_fUserLoggedOn);
ACQUIRE_WRITE_LOCK (&(g_PCBLock));
for (dwIndex = 0; dwIndex < PORT_TABLE_BUCKETS; dwIndex++) { for (pPCB = g_PCBTable.pPCBBuckets[dwIndex].pPorts; pPCB != NULL; pPCB = pPCB->pNext) { fSetCONNECTINGState = FALSE; ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
switch (pPCB->dwEAPOLAuthMode) { case EAPOL_AUTH_MODE_0:
if (pPCB->State == EAPOLSTATE_AUTHENTICATED) { if (pPCB->PreviousAuthenticationType != EAPOL_MACHINE_AUTHENTICATION) { fSetCONNECTINGState = TRUE; } } else { (VOID) ElEapEnd (pPCB); fSetCONNECTINGState = TRUE; }
break;
case EAPOL_AUTH_MODE_1:
(VOID) ElEapEnd (pPCB); fSetCONNECTINGState = TRUE;
break;
case EAPOL_AUTH_MODE_2:
// Do nothing
break; }
if (!EAPOL_PORT_ACTIVE(pPCB)) { TRACE1 (USER, "ElUserLogoffCallback: Port %ws not active", pPCB->pwszDeviceGUID); fSetCONNECTINGState = FALSE; }
// Set port to EAPOLSTATE_CONNECTING
if (fSetCONNECTINGState) { DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB, EAPOL_USER_LOGOFF, pPCB->pwszFriendlyName);
// First send out EAPOL_Logoff message
if ((dwRetCode = FSMLogoff (pPCB, NULL)) != NO_ERROR) { TRACE1 (USER, "ElUserLogoffCallback: Error in FSMLogoff = %ld", dwRetCode); dwRetCode = NO_ERROR; }
pPCB->dwAuthFailCount = 0;
// With Unauthenticated_access, port will always
// reauthenticate
pPCB->PreviousAuthenticationType = EAPOL_UNAUTHENTICATED_ACCESS;
RELEASE_WRITE_LOCK (&(pPCB->rwLock));
// Restart authentication on the port
if ((dwRetCode = ElReStartPort (pPCB, 0, NULL)) != NO_ERROR) { TRACE1 (USER, "ElUserLogoffCallback: Error in ElReStartPort = %ld", dwRetCode); continue; } } else { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); continue; } } } RELEASE_WRITE_LOCK (&(g_PCBLock)); } while (FALSE); TRACE0 (USER, "ElUserLogoffCallback: completed");
if (pvContext != NULL) { FREE (pvContext); }
InterlockedDecrement (&g_lWorkerThreads); return 0; }
//
// ElGetUserIdentity
//
// Description:
//
// Function called to initiate and get user identity on a particular
// interface. The RasEapGetIdentity in the appropriate DLL is called
// with the necessary arguments.
//
// Arguments:
// pPCB - Pointer to PCB for the specific port/interface
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORD ElGetUserIdentity ( IN EAPOL_PCB *pPCB ) { HANDLE hLib = NULL; RASEAPFREE pFreeFunc = NULL; RASEAPGETIDENTITY pIdenFunc = NULL; DWORD dwIndex = -1; DWORD cbData = 0; PBYTE pbAuthData = NULL; PBYTE pbUserIn = NULL; DWORD dwInSize = 0; BYTE *pUserDataOut; DWORD dwSizeOfUserDataOut; LPWSTR lpwszIdentity = NULL; CHAR *pszIdentity = NULL; HWND hwndOwner = NULL; DWORD dwFlags = 0; BYTE *pbSSID = NULL; DWORD dwSizeOfSSID = 0; EAPOL_STATE TmpEAPOLState; EAPOL_EAP_UI_CONTEXT *pEAPUIContext = NULL; DWORD dwRetCode = NO_ERROR;
do { TRACE0 (USER, "ElGetUserIdentity entered");
if (!EAPOL_PORT_ACTIVE(pPCB)) { TRACE1 (PORT, "ElGetUserIdentity: Port %ws not active", pPCB->pwszDeviceGUID); // Port is not active, cannot do further processing on this port
break; }
if (pPCB->PreviousAuthenticationType != EAPOL_MACHINE_AUTHENTICATION) { // Get Access Token for user logged on interactively
if (pPCB->hUserToken != NULL) { if (!CloseHandle (pPCB->hUserToken)) { dwRetCode = GetLastError (); TRACE1 (USER, "ElGetUserIdentity: CloseHandle failed with error %ld", dwRetCode); break; } } pPCB->hUserToken = NULL;
if ((dwRetCode = ElGetWinStationUserToken (g_dwCurrentSessionId, &pPCB->hUserToken)) != NO_ERROR) { TRACE1 (USER, "ElGetUserIdentity: ElGetWinStationUserToken failed with error (%ld)", dwRetCode); dwRetCode = ERROR_NO_TOKEN; break; }
//
// Try to fetch user identity without sending request to
// user module. If not possible, send request to user module
//
if ((dwRetCode = ElGetUserIdentityOptimized (pPCB)) != ERROR_REQUIRES_INTERACTIVE_WINDOWSTATION) { TRACE0 (USER, "ElGetUserIdentity: ElGetUserIdentityOptimized got identity without user module intervention"); break; }
if (!g_fTrayIconReady) { if ((dwRetCode = ElCheckUserModuleReady ()) != NO_ERROR) { TRACE1 (USER, "ElGetUserIdentity: ElCheckUserModuleReady failed with error %ld", dwRetCode); break; } }
if (!g_fTrayIconReady) { DbLogPCBEvent (DBLOG_CATEG_WARN, pPCB, EAPOL_WAITING_FOR_DESKTOP_LOAD); dwRetCode = ERROR_IO_PENDING; TRACE0 (USER, "ElGetUserIdentity: TrayIcon NOT ready"); break; }
//
// Call GetUserIdentityDlgWorker
//
pEAPUIContext = MALLOC (sizeof(EAPOL_EAP_UI_CONTEXT)); if (pEAPUIContext == NULL) { TRACE0 (USER, "ElGetUserIdentity: MALLOC failed for pEAPUIContext"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
pEAPUIContext->dwEAPOLUIMsgType = EAPOLUI_GET_USERIDENTITY; wcscpy (pEAPUIContext->wszGUID, pPCB->pwszDeviceGUID); pPCB->dwUIInvocationId = InterlockedIncrement(&(g_dwEAPUIInvocationId)); pEAPUIContext->dwSessionId = g_dwCurrentSessionId; pEAPUIContext->dwContextId = pPCB->dwUIInvocationId; pEAPUIContext->dwEapId = pPCB->bCurrentEAPId; pEAPUIContext->dwEapTypeId = pPCB->dwEapTypeToBeUsed; pEAPUIContext->dwEapFlags = pPCB->dwEapFlags; if (pPCB->pwszSSID) { wcscpy (pEAPUIContext->wszSSID, pPCB->pwszSSID); } if (pPCB->pSSID) { pEAPUIContext->dwSizeOfSSID = pPCB->pSSID->SsidLength; memcpy ((BYTE *)pEAPUIContext->bSSID, (BYTE *)pPCB->pSSID->Ssid, NDIS_802_11_SSID_LEN-sizeof(ULONG)); }
// Have to notify state change before we post balloon
TmpEAPOLState = pPCB->State; pPCB->State = EAPOLSTATE_ACQUIRED; ElNetmanNotify (pPCB, EAPOL_NCS_CRED_REQUIRED, NULL); // State is changed only in FSMAcquired
// Revert to original
pPCB->State = TmpEAPOLState;
// Post the message to netman
if ((dwRetCode = ElPostShowBalloonMessage ( pPCB, sizeof(EAPOL_EAP_UI_CONTEXT), (BYTE *)pEAPUIContext, 0, NULL )) != NO_ERROR) { TRACE1 (USER, "ElGetUserIdentity: ElPostShowBalloonMessage failed with error %ld", dwRetCode); break; }
// Restart PCB timer since UI may take longer time than required
RESTART_TIMER (pPCB->hTimer, INFINITE_SECONDS, "PCB", &dwRetCode); if (dwRetCode != NO_ERROR) { break; }
pPCB->EapUIState = EAPUISTATE_WAITING_FOR_IDENTITY; DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB, EAPOL_WAITING_FOR_DESKTOP_IDENTITY);
// Return error code as pending, since credentials have still not
// been acquired
dwRetCode = ERROR_IO_PENDING;
} else // MACHINE_AUTHENTICATION
{
pPCB->hUserToken = NULL;
// The EAP dll will have already been loaded by the state machine
// Retrieve the handle to the dll from the global EAP table
if ((dwIndex = ElGetEapTypeIndex (pPCB->dwEapTypeToBeUsed)) == -1) { TRACE1 (USER, "ElGetUserIdentity: ElGetEapTypeIndex finds no dll for EAP index %ld", pPCB->dwEapTypeToBeUsed); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
hLib = g_pEapTable[dwIndex].hInstance;
pIdenFunc = (RASEAPGETIDENTITY)GetProcAddress(hLib, "RasEapGetIdentity"); pFreeFunc = (RASEAPFREE)GetProcAddress(hLib, "RasEapFreeMemory");
if ((pFreeFunc == NULL) || (pIdenFunc == NULL)) { TRACE0 (USER, "ElGetUserIdentity: pIdenFunc or pFreeFunc does not exist in the EAP implementation"); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
if (pPCB->pSSID) { pbSSID = pPCB->pSSID->Ssid; dwSizeOfSSID = pPCB->pSSID->SsidLength; }
// Get the size of the EAP blob
if ((dwRetCode = ElGetCustomAuthData ( pPCB->pwszDeviceGUID, pPCB->dwEapTypeToBeUsed, dwSizeOfSSID, pbSSID, NULL, &cbData )) != NO_ERROR) { if (dwRetCode == ERROR_BUFFER_TOO_SMALL) { if (cbData <= 0) { // No EAP blob stored in the registry
TRACE0 (USER, "ElGetUserIdentity: NULL sized EAP blob: continue"); pbAuthData = NULL; // Every port should have connection data !!!
dwRetCode = NO_ERROR; } else { // Allocate memory to hold the blob
pbAuthData = MALLOC (cbData); if (pbAuthData == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElGetUserIdentity: Error in memory allocation for EAP blob"); break; } if ((dwRetCode = ElGetCustomAuthData ( pPCB->pwszDeviceGUID, pPCB->dwEapTypeToBeUsed, dwSizeOfSSID, pbSSID, pbAuthData, &cbData )) != NO_ERROR) { TRACE1 (USER, "ElGetUserIdentity: ElGetCustomAuthData failed with %ld", dwRetCode); break; } } } else { // CustomAuthData for "Default" is always created for an
// interface when EAPOL starts up
TRACE1 (USER, "ElGetUserIdentity: ElGetCustomAuthData size estimation failed with error %ld", dwRetCode); break; } }
if (pIdenFunc) if ((dwRetCode = (*(pIdenFunc))( pPCB->dwEapTypeToBeUsed, hwndOwner, // hwndOwner
RAS_EAP_FLAG_MACHINE_AUTH, // dwFlags
NULL, // lpszPhonebook
pPCB->pwszFriendlyName, // lpszEntry
pbAuthData, // Connection data
cbData, // Count of pbAuthData
pbUserIn, // User data for port
dwInSize, // Size of user data
&pUserDataOut, &dwSizeOfUserDataOut, &lpwszIdentity )) != NO_ERROR) { if (dwRetCode == ERROR_NO_EAPTLS_CERTIFICATE) { DbLogPCBEvent (DBLOG_CATEG_ERR, pPCB, EAPOL_NO_CERTIFICATE_MACHINE); } else { DbLogPCBEvent (DBLOG_CATEG_ERR, pPCB, EAPOL_ERROR_GET_IDENTITY, EAPOLAuthTypes[EAPOL_MACHINE_AUTHENTICATION], dwRetCode); } TRACE1 (USER, "ElGetUserIdentity: Error in calling GetIdentity = %ld", dwRetCode); break; }
// Fill in the returned information into the PCB fields for
// later authentication
if (pPCB->pCustomAuthUserData != NULL) { FREE (pPCB->pCustomAuthUserData); pPCB->pCustomAuthUserData = NULL; }
pPCB->pCustomAuthUserData = MALLOC (dwSizeOfUserDataOut + sizeof (DWORD)); if (pPCB->pCustomAuthUserData == NULL) { TRACE1 (USER, "ElGetUserIdentity: Error in allocating memory for UserInfo = %ld", dwRetCode); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
pPCB->pCustomAuthUserData->dwSizeOfCustomAuthData = dwSizeOfUserDataOut;
if ((dwSizeOfUserDataOut != 0) && (pUserDataOut != NULL)) { memcpy ((BYTE *)pPCB->pCustomAuthUserData->pbCustomAuthData, (BYTE *)pUserDataOut, dwSizeOfUserDataOut); }
if (lpwszIdentity != NULL) { pszIdentity = MALLOC (wcslen(lpwszIdentity)*sizeof(CHAR) + sizeof(CHAR)); if (pszIdentity == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElGetUserIdentity: MALLOC failed for pszIdentity"); break; }
if (0 == WideCharToMultiByte ( CP_ACP, 0, lpwszIdentity, -1, pszIdentity, wcslen(lpwszIdentity)*sizeof(CHAR)+sizeof(CHAR), NULL, NULL )) { dwRetCode = GetLastError(); TRACE2 (USER, "ElGetUserIdentity: WideCharToMultiByte (%ws) failed: %ld", lpwszIdentity, dwRetCode); break; }
TRACE1 (USER, "ElGetUserIdentity: Got identity = %s", pszIdentity);
if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; } pPCB->pszIdentity = MALLOC (strlen(pszIdentity) + sizeof(CHAR)); if (pPCB->pszIdentity == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElGetUserIdentity: MALLOC failed for pPCB->pszIdentity"); break; } memcpy (pPCB->pszIdentity, pszIdentity, strlen (pszIdentity)); pPCB->pszIdentity[strlen(pszIdentity)] = '\0'; }
if (pPCB->pCustomAuthConnData != NULL) { FREE (pPCB->pCustomAuthConnData); pPCB->pCustomAuthConnData = NULL; }
pPCB->pCustomAuthConnData = MALLOC (cbData + sizeof (DWORD)); if (pPCB->pCustomAuthConnData == NULL) { TRACE1 (USER, "ElGetUserIdentity: Error in allocating memory for AuthInfo = %ld", dwRetCode); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
pPCB->pCustomAuthConnData->dwSizeOfCustomAuthData = cbData;
if ((cbData != 0) && (pbAuthData != NULL)) { memcpy ((BYTE *)pPCB->pCustomAuthConnData->pbCustomAuthData, (BYTE *)pbAuthData, cbData); }
// Mark the identity has been obtained for this PCB
pPCB->fGotUserIdentity = TRUE;
}
} while (FALSE);
// Cleanup
if ((dwRetCode != NO_ERROR) && (dwRetCode != ERROR_IO_PENDING)) { if (pPCB->pCustomAuthUserData != NULL) { FREE (pPCB->pCustomAuthUserData); pPCB->pCustomAuthUserData = NULL; }
if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; } }
if (pEAPUIContext != NULL) { FREE (pEAPUIContext); }
if (pbUserIn != NULL) { FREE (pbUserIn); }
if (pbAuthData != NULL) { FREE (pbAuthData); }
if (pFreeFunc != NULL) { if (lpwszIdentity != NULL) { if (( dwRetCode = (*(pFreeFunc)) ((BYTE *)lpwszIdentity)) != NO_ERROR) { TRACE1 (USER, "ElGetUserIdentity: Error in pFreeFunc = %ld", dwRetCode); } } if (pUserDataOut != NULL) { if (( dwRetCode = (*(pFreeFunc)) ((BYTE *)pUserDataOut)) != NO_ERROR) { TRACE1 (USER, "ElGetUserIdentity: Error in pFreeFunc = %ld", dwRetCode); } } }
TRACE1 (USER, "ElGetUserIdentity completed with error %ld", dwRetCode);
return dwRetCode;
}
//
// ElProcessUserIdentityResponse
//
// Description:
//
// Function to handle UI response for ElGetUserIdentityResponse
//
// Arguments:
//
// Return values:
//
//
DWORD ElProcessUserIdentityResponse ( IN EAPOL_EAP_UI_CONTEXT EapolUIContext, IN EAPOLUI_RESP EapolUIResp ) { DWORD dwSizeOfIdentity = 0; BYTE *pbIdentity = NULL; DWORD dwSizeOfUserData = 0; BYTE *pbUserData = NULL; DWORD dwSizeofConnData = 0; BYTE *pbConnData = NULL; EAPOL_PCB *pPCB = NULL; EAPOL_EAP_UI_CONTEXT *pEAPUIContext = NULL; BOOLEAN fPortReferenced = FALSE; BOOLEAN fPCBLocked = FALSE; BOOLEAN fBlobCopyIncomplete = FALSE; DWORD dwRetCode = NO_ERROR;
do { pEAPUIContext = (EAPOL_EAP_UI_CONTEXT *)&EapolUIContext;
ACQUIRE_WRITE_LOCK (&g_PCBLock);
if ((pPCB = ElGetPCBPointerFromPortGUID (pEAPUIContext->wszGUID)) != NULL) { if (EAPOL_REFERENCE_PORT (pPCB)) { fPortReferenced = TRUE; } else { pPCB = NULL; } }
RELEASE_WRITE_LOCK (&g_PCBLock);
if (pPCB == NULL) { break; }
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
fPCBLocked = TRUE;
if (!EAPOL_PORT_ACTIVE(pPCB)) { TRACE1 (USER, "ElProcessUserIdentityResponse: Port %ws not active", pPCB->pwszDeviceGUID);
// Port is not active, cannot do further processing on this port
break; }
if (pEAPUIContext->dwRetCode != NO_ERROR) { DbLogPCBEvent (DBLOG_CATEG_ERR, pPCB, EAPOL_ERROR_DESKTOP_IDENTITY, dwRetCode); TRACE1 (USER, "ElProcessUserIdentityResponse: Error in Dialog function (%ld)", pEAPUIContext->dwRetCode); break; }
if (pPCB->EapUIState != EAPUISTATE_WAITING_FOR_IDENTITY) { TRACE2 (USER, "ElProcessUserIdentityResponse: PCB EapUIState has changed to (%ld), expected = (%ld)", pPCB->EapUIState, EAPUISTATE_WAITING_FOR_IDENTITY); break; }
if (pPCB->dwUIInvocationId != pEAPUIContext->dwContextId) { TRACE2 (USER, "ElProcessUserIdentityResponse: PCB UI Id has changed to (%ld), expected = (%ld)", pPCB->dwUIInvocationId, pEAPUIContext->dwContextId); // break;
}
if (pPCB->bCurrentEAPId != pEAPUIContext->dwEapId) { TRACE2 (USER, "ElProcessUserIdentityResponse: PCB EAP Id has changed to (%ld), expected = (%ld)", pPCB->bCurrentEAPId, pEAPUIContext->dwEapId); // break;
}
// Since the PCB context is right, restart PCB timer to timeout
// in authPeriod seconds
RESTART_TIMER (pPCB->hTimer, pPCB->EapolConfig.dwauthPeriod, "PCB", &dwRetCode); if (dwRetCode != NO_ERROR) { TRACE1 (USER, "ElProcessUserIdentityResponse: Error in RESTART_TIMER %ld", dwRetCode); break; }
DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB, EAPOL_PROCESSING_DESKTOP_RESPONSE);
if ((EapolUIResp.rdData0.dwDataLen != 0) && (EapolUIResp.rdData0.pData != NULL)) { dwSizeOfIdentity = EapolUIResp.rdData0.dwDataLen; pbIdentity = EapolUIResp.rdData0.pData; }
if ((EapolUIResp.rdData1.dwDataLen != 0) && (EapolUIResp.rdData1.pData != NULL)) { dwSizeOfUserData = EapolUIResp.rdData1.dwDataLen; pbUserData = EapolUIResp.rdData1.pData; }
if ((EapolUIResp.rdData2.dwDataLen != 0) && (EapolUIResp.rdData2.pData != NULL)) { dwSizeofConnData = EapolUIResp.rdData2.dwDataLen; pbConnData = EapolUIResp.rdData2.pData; }
fBlobCopyIncomplete = TRUE;
if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; } if (pbIdentity != NULL) { pPCB->pszIdentity = MALLOC (dwSizeOfIdentity + sizeof(CHAR)); if (pPCB->pszIdentity == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElProcessUserIdentityResponse: MALLOC failed for pPCB->pszIdentity"); break; } memcpy (pPCB->pszIdentity, pbIdentity, dwSizeOfIdentity); pPCB->pszIdentity[dwSizeOfIdentity] = '\0'; TRACE1 (USER, "ElProcessUserIdentityResponse: Got username = %s", pPCB->pszIdentity); }
if (pPCB->pCustomAuthUserData != NULL) { FREE (pPCB->pCustomAuthUserData); pPCB->pCustomAuthUserData = NULL; } pPCB->pCustomAuthUserData = MALLOC (dwSizeOfUserData + sizeof (DWORD)); if (pPCB->pCustomAuthUserData == NULL) { TRACE1 (USER, "ElProcessUserIdentityResponse: Error in allocating memory for UserInfo = %ld", dwRetCode); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } pPCB->pCustomAuthUserData->dwSizeOfCustomAuthData = dwSizeOfUserData; if ((dwSizeOfUserData != 0) && (pbUserData != NULL)) { memcpy ((BYTE *)pPCB->pCustomAuthUserData->pbCustomAuthData, (BYTE *)pbUserData, dwSizeOfUserData); }
if (pPCB->pCustomAuthConnData != NULL) { FREE (pPCB->pCustomAuthConnData); pPCB->pCustomAuthConnData = NULL; } pPCB->pCustomAuthConnData = MALLOC (dwSizeofConnData + sizeof (DWORD)); if (pPCB->pCustomAuthConnData == NULL) { TRACE1 (USER, "ElProcessUserIdentityResponse: Error in allocating memory for AuthInfo = %ld", dwRetCode); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } pPCB->pCustomAuthConnData->dwSizeOfCustomAuthData = dwSizeofConnData; if ((dwSizeofConnData != 0) && (pbConnData != NULL)) { memcpy ((BYTE *)pPCB->pCustomAuthConnData->pbCustomAuthData, (BYTE *)pbConnData, dwSizeofConnData); }
fBlobCopyIncomplete = FALSE;
if ((dwRetCode = ElCreateAndSendIdentityResponse ( pPCB, pEAPUIContext)) != NO_ERROR) { TRACE1 (USER, "ElProcessUserIdentityResponse: ElCreateAndSendIdentityResponse failed with error %ld", dwRetCode); break; }
// Mark the identity has been obtained for this PCB
pPCB->fGotUserIdentity = TRUE;
// Reset the state if identity was obtained, else port will
// recover by itself
pPCB->EapUIState &= ~EAPUISTATE_WAITING_FOR_IDENTITY;
} while (FALSE);
// Cleanup
if (dwRetCode != NO_ERROR) { if (fPCBLocked && fBlobCopyIncomplete) { if (pPCB->pCustomAuthUserData != NULL) { FREE (pPCB->pCustomAuthUserData); pPCB->pCustomAuthUserData = NULL; }
if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; } } }
if (fPCBLocked) { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); }
if (fPortReferenced) { EAPOL_DEREFERENCE_PORT (pPCB); }
return dwRetCode; }
//
// ElGetUserNamePassword
//
// Description:
//
// Function called to get username, domain (if any) and password using
// an interactive dialog. Called if EAP-type is MD5
//
// Arguments:
// pPCB - Pointer to PCB for the port/interface on which credentials
// are to be obtained
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORD ElGetUserNamePassword ( IN EAPOL_PCB *pPCB ) { EAPOL_EAP_UI_CONTEXT *pEAPUIContext = NULL; DWORD dwRetCode = NO_ERROR;
do { TRACE0 (USER, "ElGetUserNamePassword entered");
if (!EAPOL_PORT_ACTIVE(pPCB)) { TRACE1 (PORT, "ElGetUserNamePassword: Port %ws not active", pPCB->pwszDeviceGUID); // Port is not active, cannot do further processing on this port
break; }
// Get Access Token for user logged on interactively
if (pPCB->hUserToken != NULL) { if (!CloseHandle (pPCB->hUserToken)) { dwRetCode = GetLastError (); TRACE1 (USER, "ElGetUserNamePassword: CloseHandle failed with error %ld", dwRetCode); break; } } pPCB->hUserToken = NULL;
if ((dwRetCode = ElGetWinStationUserToken (g_dwCurrentSessionId, &pPCB->hUserToken)) != NO_ERROR) { TRACE1 (USER, "ElGetUserNamePassword: ElGetWinStationUserToken failed with error (%ld)", dwRetCode); dwRetCode = ERROR_NO_TOKEN; break; }
if (!g_fTrayIconReady) { if ((dwRetCode = ElCheckUserModuleReady ()) != NO_ERROR) { TRACE1 (USER, "ElGetUserNamePassword: ElCheckUserModuleReady failed with error %ld", dwRetCode); break; } }
if (!g_fTrayIconReady) { DbLogPCBEvent (DBLOG_CATEG_WARN, pPCB, EAPOL_WAITING_FOR_DESKTOP_LOAD); dwRetCode = ERROR_IO_PENDING; TRACE0 (USER, "ElGetUserNamePassword: TrayIcon NOT ready"); break; }
//
// Call ElGetUserNamePasswordDlgWorker
//
pEAPUIContext = MALLOC (sizeof(EAPOL_EAP_UI_CONTEXT)); if (pEAPUIContext == NULL) { TRACE0 (USER, "ElGetUserNamePassword: MALLOC failed for pEAPUIContext"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
pEAPUIContext->dwEAPOLUIMsgType = EAPOLUI_GET_USERNAMEPASSWORD; wcscpy (pEAPUIContext->wszGUID, pPCB->pwszDeviceGUID); pPCB->dwUIInvocationId = InterlockedIncrement(&(g_dwEAPUIInvocationId)); pEAPUIContext->dwSessionId = g_dwCurrentSessionId; pEAPUIContext->dwContextId = pPCB->dwUIInvocationId; pEAPUIContext->dwEapId = pPCB->bCurrentEAPId; pEAPUIContext->dwEapTypeId = pPCB->dwEapTypeToBeUsed; pEAPUIContext->dwEapFlags = pPCB->dwEapFlags; if (pPCB->pSSID) { memcpy ((BYTE *)pEAPUIContext->bSSID, (BYTE *)pPCB->pSSID->Ssid, NDIS_802_11_SSID_LEN-sizeof(ULONG)); pEAPUIContext->dwSizeOfSSID = pPCB->pSSID->SsidLength; } if (pPCB->pwszSSID) { wcscpy (pEAPUIContext->wszSSID, pPCB->pwszSSID); }
// Post the message to netman
if ((dwRetCode = ElPostShowBalloonMessage ( pPCB, sizeof(EAPOL_EAP_UI_CONTEXT), (BYTE *)pEAPUIContext, 0, NULL )) != NO_ERROR) { TRACE1 (USER, "ElGetUserNamePassword: ElPostShowBalloonMessage failed with error %ld", dwRetCode); break; }
// Restart PCB timer since UI may take longer time than required
RESTART_TIMER (pPCB->hTimer, INFINITE_SECONDS, "PCB", &dwRetCode); if (dwRetCode != NO_ERROR) { break; }
pPCB->EapUIState = EAPUISTATE_WAITING_FOR_IDENTITY; DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB, EAPOL_WAITING_FOR_DESKTOP_IDENTITY);
// Return error code as pending, since credentials have still not
// been acquired
dwRetCode = ERROR_IO_PENDING;
} while (FALSE);
if ((dwRetCode != NO_ERROR) && (dwRetCode != ERROR_IO_PENDING)) { }
if (pEAPUIContext) { FREE (pEAPUIContext); }
TRACE1 (USER, "ElGetUserNamePassword completed with error %ld", dwRetCode);
return dwRetCode; }
//
// ElProcessUserNamePasswordResponse
//
// Description:
//
// UI Response handler function for ElGetUserNamePassword
//
// Arguments:
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORD ElProcessUserNamePasswordResponse ( IN EAPOL_EAP_UI_CONTEXT EapolUIContext, IN EAPOLUI_RESP EapolUIResp ) { DWORD dwSizeOfIdentity = 0; BYTE *pbIdentity = NULL; DWORD dwSizeOfPassword = 0; BYTE *pbPassword = NULL; HWND hwndOwner = NULL; BOOLEAN fPCBLocked = FALSE; BOOLEAN fPortReferenced = FALSE; BOOLEAN fBlobCopyIncomplete = FALSE; EAPOL_PCB *pPCB = NULL; EAPOL_EAP_UI_CONTEXT *pEAPUIContext = NULL; DWORD dwRetCode = NO_ERROR;
do { TRACE0 (USER, "ElProcessUserNamePasswordResponse entered");
pEAPUIContext = (EAPOL_EAP_UI_CONTEXT *)&EapolUIContext;
ACQUIRE_WRITE_LOCK (&g_PCBLock);
if ((pPCB = ElGetPCBPointerFromPortGUID (pEAPUIContext->wszGUID)) != NULL) { if (EAPOL_REFERENCE_PORT (pPCB)) { fPortReferenced = TRUE; } else { pPCB = NULL; } }
RELEASE_WRITE_LOCK (&g_PCBLock);
if (pPCB == NULL) { break; }
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
fPCBLocked = TRUE;
if (!EAPOL_PORT_ACTIVE(pPCB)) { TRACE1 (PORT, "ElProcessUserNamePasswordResponse: Port %ws not active", pPCB->pwszDeviceGUID); // Port is not active, cannot do further processing on this port
break; } if (pEAPUIContext->dwRetCode != NO_ERROR) { DbLogPCBEvent (DBLOG_CATEG_ERR, pPCB, EAPOL_ERROR_DESKTOP_IDENTITY, dwRetCode); TRACE1 (USER, "ElProcessUserNamePasswordResponse: Error in Dialog function (%ld)", pEAPUIContext->dwRetCode); break; }
if (pPCB->EapUIState != EAPUISTATE_WAITING_FOR_IDENTITY) { TRACE2 (USER, "ElProcessUserNamePasswordResponse: PCB EapUIState has changed to (%ld), expected = (%ld)", pPCB->EapUIState, EAPUISTATE_WAITING_FOR_IDENTITY); break; }
if (pPCB->dwUIInvocationId != pEAPUIContext->dwContextId) { TRACE2 (USER, "ElProcessUserNamePasswordResponse: PCB UI Id has changed to (%ld), expected = (%ld)", pPCB->dwUIInvocationId, pEAPUIContext->dwContextId); // break;
}
if (pPCB->bCurrentEAPId != pEAPUIContext->dwEapId) { TRACE2 (USER, "ElProcessUserNamePasswordResponse: PCB EAP Id has changed to (%ld), expected = (%ld)", pPCB->bCurrentEAPId, pEAPUIContext->dwEapId); // break;
}
// Since the PCB context is right, restart PCB timer to timeout
// in authPeriod seconds
RESTART_TIMER (pPCB->hTimer, pPCB->EapolConfig.dwauthPeriod, "PCB", &dwRetCode); if (dwRetCode != NO_ERROR) { TRACE1 (USER, "ElProcessUserNamePasswordResponse: Error in RESTART_TIMER %ld", dwRetCode); break; }
DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB, EAPOL_PROCESSING_DESKTOP_RESPONSE);
if ((EapolUIResp.rdData0.dwDataLen != 0) && (EapolUIResp.rdData0.pData != NULL)) { dwSizeOfIdentity = EapolUIResp.rdData0.dwDataLen; pbIdentity = EapolUIResp.rdData0.pData; }
if ((EapolUIResp.rdData1.dwDataLen != 0) && (EapolUIResp.rdData1.pData != NULL)) { dwSizeOfPassword = EapolUIResp.rdData1.dwDataLen; pbPassword = EapolUIResp.rdData1.pData; }
fBlobCopyIncomplete = TRUE;
if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; }
if (pPCB->PasswordBlob.pbData != NULL) { FREE (pPCB->PasswordBlob.pbData); pPCB->PasswordBlob.pbData = NULL; pPCB->PasswordBlob.cbData = 0; }
if (pbIdentity != NULL) { pPCB->pszIdentity = MALLOC (dwSizeOfIdentity + sizeof(CHAR)); if (pPCB->pszIdentity == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElProcessUserNamePasswordResponse: MALLOC failed for pPCB->pszIdentity"); break; } memcpy (pPCB->pszIdentity, pbIdentity, dwSizeOfIdentity); pPCB->pszIdentity[dwSizeOfIdentity] = '\0'; TRACE1 (USER, "ElProcessUserNamePasswordResponse: Got username = %s", pPCB->pszIdentity); }
if (pbPassword != 0) { if ((pPCB->PasswordBlob.pbData = MALLOC (dwSizeOfPassword)) == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } memcpy (pPCB->PasswordBlob.pbData, pbPassword, dwSizeOfPassword); pPCB->PasswordBlob.cbData = dwSizeOfPassword; }
fBlobCopyIncomplete = FALSE;
if ((dwRetCode = ElCreateAndSendIdentityResponse ( pPCB, pEAPUIContext)) != NO_ERROR) { TRACE1 (USER, "ElProcessUserNamePasswordResponse: ElCreateAndSendIdentityResponse failed with error %ld", dwRetCode); break; }
// Mark the identity has been obtained for this PCB
pPCB->fGotUserIdentity = TRUE;
// Reset the state if identity was obtained, else the port will recover
// by itself
pPCB->EapUIState &= ~EAPUISTATE_WAITING_FOR_IDENTITY; } while (FALSE);
if (dwRetCode != NO_ERROR) { if (fPCBLocked && fBlobCopyIncomplete) { if (pPCB->pszIdentity) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; } if (pPCB->PasswordBlob.pbData) { FREE (pPCB->PasswordBlob.pbData); pPCB->PasswordBlob.pbData = NULL; pPCB->PasswordBlob.cbData = 0; } } }
if (fPCBLocked) { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); }
if (fPortReferenced) { EAPOL_DEREFERENCE_PORT (pPCB); }
TRACE1 (USER, "ElProcessUserNamePasswordResponse completed with error %ld", dwRetCode);
return dwRetCode; }
//
// ElInvokeInteractiveUI
//
// Description:
//
// Function called to invoke RasEapInvokeInteractiveUI for an EAP on a
// particular interface
//
// Arguments:
// pPCB - Pointer to PCB for the specific interface
// pInvokeEapUIIn - Data to be supplied to the InvokeInteractiveUI entrypoint
// provided by the EAP dll through PPP_EAP_OUTPUT structure
//
DWORD ElInvokeInteractiveUI ( IN EAPOL_PCB *pPCB, IN ELEAP_INVOKE_EAP_UI *pInvokeEapUIIn ) { EAPOL_EAP_UI_CONTEXT *pEAPUIContext = NULL; DWORD dwRetCode = NO_ERROR;
do { if (pInvokeEapUIIn == NULL) { dwRetCode = ERROR_INVALID_PARAMETER; return dwRetCode; }
if (pPCB->PreviousAuthenticationType == EAPOL_MACHINE_AUTHENTICATION) { TRACE0 (USER, "ElInvokeInteractiveUI: Cannot popup UI during machine authentication"); DbLogPCBEvent (DBLOG_CATEG_ERR, pPCB, EAPOL_CANNOT_DESKTOP_MACHINE_AUTH); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; } if (!g_fTrayIconReady) { if ((dwRetCode = ElCheckUserModuleReady ()) != NO_ERROR) { TRACE1 (USER, "ElInvokeInteractiveUI: ElCheckUserModuleReady failed with error %ld", dwRetCode); break; } }
if (!g_fTrayIconReady) { DbLogPCBEvent (DBLOG_CATEG_WARN, pPCB, EAPOL_WAITING_FOR_DESKTOP_LOAD); dwRetCode = ERROR_IO_PENDING; TRACE0 (USER, "ElInvokeInteractiveUI: TrayIcon NOT ready"); break; }
TRACE0 (USER, "ElInvokeInteractiveUI entered");
//
// Call ElInvokeInteractiveUIDlgWorker
//
pEAPUIContext = MALLOC (sizeof(EAPOL_EAP_UI_CONTEXT) + pInvokeEapUIIn->dwSizeOfUIContextData); if (pEAPUIContext == NULL) { TRACE0 (USER, "ElInvokeInteractiveUI: MALLOC failed for pEAPUIContext"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
pEAPUIContext->dwEAPOLUIMsgType = EAPOLUI_INVOKEINTERACTIVEUI; wcscpy (pEAPUIContext->wszGUID, pPCB->pwszDeviceGUID); pPCB->dwUIInvocationId = InterlockedIncrement(&(g_dwEAPUIInvocationId)); pEAPUIContext->dwSessionId = g_dwCurrentSessionId; pEAPUIContext->dwContextId = pPCB->dwUIInvocationId; pEAPUIContext->dwEapId = pPCB->bCurrentEAPId; pEAPUIContext->dwEapTypeId = pPCB->dwEapTypeToBeUsed; pEAPUIContext->dwEapFlags = pPCB->dwEapFlags; if (pPCB->pSSID) { pEAPUIContext->dwSizeOfSSID = pPCB->pSSID->SsidLength; memcpy ((BYTE *)pEAPUIContext->bSSID, (BYTE *)pPCB->pSSID->Ssid, NDIS_802_11_SSID_LEN-sizeof(ULONG)); } if (pPCB->pwszSSID) { wcscpy (pEAPUIContext->wszSSID, pPCB->pwszSSID); } pEAPUIContext->dwSizeOfEapUIData = pInvokeEapUIIn->dwSizeOfUIContextData; memcpy (pEAPUIContext->bEapUIData, pInvokeEapUIIn->pbUIContextData, pInvokeEapUIIn->dwSizeOfUIContextData);
// Post the message to netman
if ((dwRetCode = ElPostShowBalloonMessage ( pPCB, sizeof(EAPOL_EAP_UI_CONTEXT)+pInvokeEapUIIn->dwSizeOfUIContextData, (BYTE *)pEAPUIContext, 0, NULL )) != NO_ERROR) { TRACE1 (USER, "ElInvokeInteractiveUI: ElPostShowBalloonMessage failed with error %ld", dwRetCode); break; }
// Restart PCB timer since UI may take longer time than required
RESTART_TIMER (pPCB->hTimer, INFINITE_SECONDS, "PCB", &dwRetCode); if (dwRetCode != NO_ERROR) { break; }
pPCB->EapUIState = EAPUISTATE_WAITING_FOR_UI_RESPONSE; DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB, EAPOL_WAITING_FOR_DESKTOP_LOGON);
TRACE0 (USER, "ElInvokeInteractiveUI: ElEapWork completed successfully");
} while (FALSE);
if (pInvokeEapUIIn->pbUIContextData != NULL) { FREE (pInvokeEapUIIn->pbUIContextData); pInvokeEapUIIn->pbUIContextData = NULL; pInvokeEapUIIn->dwSizeOfUIContextData = 0; }
if (pEAPUIContext != NULL) { FREE (pEAPUIContext); }
TRACE1 (USER, "ElInvokeInteractiveUI completed with error %ld", dwRetCode);
return dwRetCode; }
//
// ElProcessInvokeInteractiveUIResponse
//
// Description:
//
// Worker function for ElInvokeInteractiveUI
//
// Arguments:
//
DWORD ElProcessInvokeInteractiveUIResponse ( IN EAPOL_EAP_UI_CONTEXT EapolUIContext, IN EAPOLUI_RESP EapolUIResp ) { BYTE *pbUIData = NULL; DWORD dwSizeOfUIData = 0; EAPOL_PCB *pPCB = NULL; EAPOL_EAP_UI_CONTEXT *pEAPUIContext = NULL; BOOLEAN fPortReferenced = FALSE; BOOLEAN fPCBLocked = FALSE; DWORD dwRetCode = NO_ERROR;
do { TRACE0 (USER, "ElProcessInvokeInteractiveUIResponse entered");
pEAPUIContext = (EAPOL_EAP_UI_CONTEXT *)&EapolUIContext;
ACQUIRE_WRITE_LOCK (&g_PCBLock);
if ((pPCB = ElGetPCBPointerFromPortGUID (pEAPUIContext->wszGUID)) != NULL) { if (EAPOL_REFERENCE_PORT (pPCB)) { fPortReferenced = TRUE; } else { pPCB = NULL; } }
RELEASE_WRITE_LOCK (&g_PCBLock);
if (pPCB == NULL) { break; }
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
fPCBLocked = TRUE;
if (!EAPOL_PORT_ACTIVE(pPCB)) { TRACE1 (PORT, "ElProcessInvokeInteractiveUIResponse: Port %ws not active", pPCB->pwszDeviceGUID); break; }
if (pEAPUIContext->dwRetCode != NO_ERROR) { DbLogPCBEvent (DBLOG_CATEG_ERR, pPCB, EAPOL_ERROR_DESKTOP_LOGON, dwRetCode); TRACE1 (USER, "ElProcessInvokeInteractiveUIResponse: Error in Dialog function (%ld)", pEAPUIContext->dwRetCode); break; }
if (pPCB->EapUIState != EAPUISTATE_WAITING_FOR_UI_RESPONSE) { TRACE2 (USER, "ElProcessInvokeInteractiveUIResponse: PCB EapUIState has changed to (%ld), expected = (%ld)", pPCB->EapUIState, EAPUISTATE_WAITING_FOR_UI_RESPONSE); break; }
if (pPCB->dwUIInvocationId != pEAPUIContext->dwContextId) { TRACE2 (USER, "ElProcessInvokeInteractiveUIResponse: PCB UI Id has changed to (%ld), expected = (%ld)", pPCB->dwUIInvocationId, pEAPUIContext->dwContextId); // break;
}
if (pPCB->bCurrentEAPId != pEAPUIContext->dwEapId) { TRACE2 (USER, "ElProcessInvokeInteractiveUIResponse: PCB EAP Id has changed to (%ld), expected = (%ld)", pPCB->bCurrentEAPId, pEAPUIContext->dwEapId); // break;
}
// Since the PCB context is right, restart PCB timer to timeout
// in authPeriod seconds
RESTART_TIMER (pPCB->hTimer, pPCB->EapolConfig.dwauthPeriod, "PCB", &dwRetCode); if (dwRetCode != NO_ERROR) { TRACE1 (USER, "ElProcessInvokeInteractiveUIResponse: Error in RESTART_TIMER %ld", dwRetCode); break; }
DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB, EAPOL_PROCESSING_DESKTOP_RESPONSE);
if ((EapolUIResp.rdData0.dwDataLen != 0) && (EapolUIResp.rdData0.pData != NULL)) { dwSizeOfUIData = EapolUIResp.rdData0.dwDataLen; pbUIData = EapolUIResp.rdData0.pData; }
if (pPCB->EapUIData.pEapUIData != NULL) { FREE (pPCB->EapUIData.pEapUIData); pPCB->EapUIData.pEapUIData = NULL; pPCB->EapUIData.dwSizeOfEapUIData = 0; } pPCB->EapUIData.pEapUIData = MALLOC (dwSizeOfUIData); if (pPCB->EapUIData.pEapUIData == NULL) { TRACE1 (USER, "ElProcessInvokeInteractiveUIResponse: Error in allocating memory for UIData = %ld", dwRetCode); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
pPCB->EapUIData.dwSizeOfEapUIData = dwSizeOfUIData; if ((dwSizeOfUIData != 0) && (pbUIData != NULL)) { memcpy ((BYTE *)pPCB->EapUIData.pEapUIData, (BYTE *)pbUIData, dwSizeOfUIData); }
pPCB->EapUIData.dwContextId = pPCB->dwUIInvocationId;
pPCB->fEapUIDataReceived = TRUE;
TRACE0 (USER, "ElProcessInvokeInteractiveUIResponse: Calling ElEapWork");
// Provide UI data to EAP Dll for processing
// EAP will send out response if required
if ((dwRetCode = ElEapWork ( pPCB, NULL)) != NO_ERROR) { TRACE1 (USER, "ElProcessInvokeInteractiveUIResponse: ElEapWork failed with error = %ld", dwRetCode); break; } // Reset the state
pPCB->EapUIState &= ~EAPUISTATE_WAITING_FOR_UI_RESPONSE;
TRACE0 (USER, "ElProcessInvokeInteractiveUIResponse: ElEapWork completed successfully");
} while (FALSE);
// Cleanup
if (dwRetCode != NO_ERROR) { if (pPCB->EapUIData.pEapUIData != NULL) { FREE (pPCB->EapUIData.pEapUIData); pPCB->EapUIData.pEapUIData = NULL; pPCB->EapUIData.dwSizeOfEapUIData = 0; } }
if (fPCBLocked) { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); }
if (fPortReferenced) { EAPOL_DEREFERENCE_PORT (pPCB); }
TRACE1 (USER, "ElProcessInvokeInteractiveUIResponse completed with error %ld", dwRetCode);
return dwRetCode; }
//
// ElCreateAndSendIdentityResponse
//
// Description:
//
// Function called send out Identity Response packet
//
// Arguments:
// pPCB - Port Control Block for appropriate interface
// pEAPUIContext - UI context blob
//
// Return values:
// NO_ERROR - success
// !NO_ERROR - error
//
//
DWORD ElCreateAndSendIdentityResponse ( IN EAPOL_PCB *pPCB, IN EAPOL_EAP_UI_CONTEXT *pEAPUIContext ) { PPP_EAP_PACKET *pSendBuf = NULL; EAPOL_PACKET *pEapolPkt = NULL; WORD wSizeOfEapPkt = 0; DWORD dwIdentityLength = 0; DWORD dwRetCode = NO_ERROR;
do { // Create buffer for EAPOL + EAP and pass pointer to EAP header
pEapolPkt = (EAPOL_PACKET *) MALLOC (MAX_EAPOL_BUFFER_SIZE);
TRACE1 (EAPOL, "ElCreateAndSendIdResp: EapolPkt created at %p", pEapolPkt);
if (pEapolPkt == NULL) { TRACE0 (EAPOL, "ElCreateAndSendIdResp: Error allocating EAP buffer"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
// Point to EAP header
pSendBuf = (PPP_EAP_PACKET *)((PBYTE)pEapolPkt + sizeof (EAPOL_PACKET) - 1);
pSendBuf->Code = EAPCODE_Response; pSendBuf->Id = (BYTE)pPCB->bCurrentEAPId;
if (pPCB->pszIdentity != NULL) { dwIdentityLength = strlen (pPCB->pszIdentity); } else { dwIdentityLength = 0; }
HostToWireFormat16 ( (WORD)(PPP_EAP_PACKET_HDR_LEN+1+dwIdentityLength), pSendBuf->Length );
strncpy ((CHAR *)pSendBuf->Data+1, (CHAR *)pPCB->pszIdentity, dwIdentityLength);
TRACE1 (EAPOL, "ElCreateAndSendIdResp: Identity sent out = %s", pPCB->pszIdentity);
pSendBuf->Data[0] = EAPTYPE_Identity;
// Indicate to EAPOL what is length of the EAP packet
wSizeOfEapPkt = (WORD)(PPP_EAP_PACKET_HDR_LEN+ 1+dwIdentityLength);
// Send out EAPOL packet
memcpy ((BYTE *)pEapolPkt->EthernetType, (BYTE *)pPCB->bEtherType, SIZE_ETHERNET_TYPE); pEapolPkt->ProtocolVersion = pPCB->bProtocolVersion; pEapolPkt->PacketType = EAP_Packet;
HostToWireFormat16 ((WORD) wSizeOfEapPkt, (BYTE *)pEapolPkt->PacketBodyLength);
// Make a copy of the EAPOL packet in the PCB
// Will be used during retransmission
if (pPCB->pbPreviousEAPOLPkt != NULL) { FREE (pPCB->pbPreviousEAPOLPkt); } pPCB->pbPreviousEAPOLPkt = MALLOC (sizeof (EAPOL_PACKET)+wSizeOfEapPkt-1);
if (pPCB->pbPreviousEAPOLPkt == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
memcpy (pPCB->pbPreviousEAPOLPkt, pEapolPkt, sizeof (EAPOL_PACKET)+wSizeOfEapPkt-1);
pPCB->dwSizeOfPreviousEAPOLPkt = sizeof (EAPOL_PACKET)+wSizeOfEapPkt-1;
pPCB->dwPreviousId = pPCB->bCurrentEAPId;
// Send packet out on the port
dwRetCode = ElWriteToPort (pPCB, (CHAR *)pEapolPkt, sizeof (EAPOL_PACKET)+wSizeOfEapPkt-1); if (dwRetCode != NO_ERROR) { TRACE1 (EAPOL, "ElCreateAndSendIdResp: Error in writing EAP_Packet to port %ld", dwRetCode); break; }
} while (FALSE);
if (pEapolPkt != NULL) { FREE (pEapolPkt); }
return dwRetCode; }
//
// ElSendGuestIdentityResponse
//
// Description:
//
// Function called send out Guest Identity Response packet
//
// Arguments:
// pEAPUIContext - UI context blob
//
// Return values:
// NO_ERROR - success
// !NO_ERROR - failure
//
DWORD ElSendGuestIdentityResponse ( IN EAPOL_EAP_UI_CONTEXT *pEAPUIContext ) { EAPOL_PCB *pPCB = NULL; BOOLEAN fPortReferenced = FALSE; BOOLEAN fPCBLocked = FALSE; DWORD dwRetCode = NO_ERROR;
do { ACQUIRE_WRITE_LOCK (&g_PCBLock);
if ((pPCB = ElGetPCBPointerFromPortGUID (pEAPUIContext->wszGUID)) != NULL) { if (EAPOL_REFERENCE_PORT (pPCB)) { fPortReferenced = TRUE; } else { pPCB = NULL; } }
RELEASE_WRITE_LOCK (&g_PCBLock);
if (pPCB == NULL) { break; }
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
fPCBLocked = TRUE;
// Send the identity out as a EAP-Response packet
if (pPCB->EapUIState != EAPUISTATE_WAITING_FOR_IDENTITY) { TRACE2 (USER, "ElSendGuestIdentityResponse: PCB EapUIState has changed to (%ld), expected = (%ld)", pPCB->EapUIState, EAPUISTATE_WAITING_FOR_IDENTITY); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
if (pPCB->dwUIInvocationId != pEAPUIContext->dwContextId) { TRACE2 (USER, "ElSendGuestIdentityResponse: PCB UI Id has changed to (%ld), expected = (%ld)", pPCB->dwUIInvocationId, pEAPUIContext->dwContextId); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
if (pPCB->bCurrentEAPId != pEAPUIContext->dwEapId) { TRACE2 (USER, "ElSendGuestIdentityResponse: PCB EAP Id has changed to (%ld), expected = (%ld)", pPCB->bCurrentEAPId, pEAPUIContext->dwEapId); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; }
// Do not flag that identity was received
// Reset the UI state though for state machine to proceed
pPCB->EapUIState &= ~EAPUISTATE_WAITING_FOR_IDENTITY; pPCB->PreviousAuthenticationType = EAPOL_UNAUTHENTICATED_ACCESS;
if ((dwRetCode = ElCreateAndSendIdentityResponse ( pPCB, pEAPUIContext)) != NO_ERROR) { TRACE1 (USER, "ElSendGuestIdentityResponse: ElCreateAndSendIdentityResponse failed with error %ld", dwRetCode); break; } } while (FALSE);
if (fPCBLocked) { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); }
if (fPortReferenced) { EAPOL_DEREFERENCE_PORT (pPCB); }
return dwRetCode; }
//
// ElValidateInteractiveRPCClient
//
// Description:
//
// Function called to validate if RPC call is from interactive client
//
// Arguments:
//
// Return values:
// NO_ERROR - success
// !NO_ERROR - failure
//
DWORD ElValidateInteractiveRPCClient ( ) { HANDLE hUserToken = INVALID_HANDLE_VALUE; TOKEN_USER *pUserTokenData = NULL; BOOLEAN fRevertToSelf = FALSE; RPC_STATUS RpcStatus = RPC_S_OK; DWORD dwSizeNeeded = 0; DWORD dwRetCode = NO_ERROR, dwRetCode1 = NO_ERROR; do { if ((RpcStatus = RpcImpersonateClient(0)) != RPC_S_OK) { dwRetCode = ERROR_ACCESS_DENIED; break; } fRevertToSelf = TRUE;
// Get an impersonation token with the client's security context.
if (!OpenThreadToken( GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, &hUserToken )) { dwRetCode = GetLastError (); break; }
if (hUserToken != NULL) { dwSizeNeeded = 0; if (!GetTokenInformation(hUserToken, TokenSessionId, 0, 0, &dwSizeNeeded)) { if ((dwRetCode = GetLastError()) == ERROR_INSUFFICIENT_BUFFER) { pUserTokenData = (TOKEN_USER *) MALLOC (dwSizeNeeded); if (pUserTokenData == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY,"ElValidateInteractiveRPCClient: Allocation for UserTokenData failed"); break; } // Reset error code since we are continuing processing
// This was a valid scenario
dwRetCode = NO_ERROR; } else { TRACE1 (ANY,"ElValidateInteractiveRPCClient: Error in GetTokenInformation = %ld", dwRetCode); break; }
if (!GetTokenInformation (hUserToken, TokenSessionId, pUserTokenData, dwSizeNeeded, &dwSizeNeeded)) { dwRetCode = GetLastError (); TRACE1 (ANY,"ElValidateInteractiveRPCClient: GetTokenInformation failed with error %ld", dwRetCode); break; } } else { TRACE0 (ANY,"ElValidateInteractiveRPCClient: *No* error in GetTokenInformation, when error expected"); dwRetCode = ERROR_ACCESS_DENIED; break; }
if (g_dwCurrentSessionId != *((DWORD *)pUserTokenData)) { TRACE2 (ANY, "ElValidateInteractiveRPCClient: RPC call from invalid user (%ld), valid = (%ld)", *((DWORD *)pUserTokenData), g_dwCurrentSessionId); dwRetCode = ERROR_ACCESS_DENIED; } } else { dwRetCode = ERROR_ACCESS_DENIED; break; } } while (FALSE);
if (hUserToken != INVALID_HANDLE_VALUE) { CloseHandle(hUserToken); } if (fRevertToSelf) { dwRetCode1 = RpcRevertToSelf(); if (dwRetCode1 != NO_ERROR) { dwRetCode = dwRetCode1; } } if (pUserTokenData != NULL) { FREE (pUserTokenData); }
return dwRetCode; }
|