archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/net/ias/protocol/radius/valaccess.cpp

263 lines
7.1 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //#--------------------------------------------------------------
  2. //
  3. // File: valaccess.cpp
  4. //
  5. // Synopsis: Implementation of CValAccess class methods
  6. //
  7. //
  8. // History: 9/23/97 MKarki Created
  9. //
  10. // Copyright (C) Microsoft Corporation
  11. // All rights reserved.
  12. //
  13. //----------------------------------------------------------------
  14. #include "radcommon.h"
  15. #include "valaccess.h"
  17. //+++--------------------------------------------------------------
  18. //
  19. // Function: CValAccess
  20. //
  21. // Synopsis: This is the constructor of the CValAccess
  22. // class
  23. //
  24. // Arguments: NONE
  25. //
  26. // Returns: NONE
  27. //
  28. //
  29. // History: MKarki Created 9/28/97
  30. //
  31. //----------------------------------------------------------------
  32. CValAccess::CValAccess(
  33. VOID
  34. )
  35. {
  36. } // end of CValAccess constructor
  38. //+++--------------------------------------------------------------
  39. //
  40. // Function: ~CValAccess
  41. //
  42. // Synopsis: This is the destructor of the CValAccess
  43. // class
  44. //
  45. // Arguments: NONE
  46. //
  47. // Returns: NONE
  48. //
  49. //
  50. // History: MKarki Created 9/28/97
  51. //
  52. //----------------------------------------------------------------
  53. CValAccess::~CValAccess(
  54. VOID
  55. )
  56. {
  57. } // end of CValAccess destructor
  60. //+++--------------------------------------------------------------
  61. //
  62. // Function: ValidateInPacket
  63. //
  64. // Synopsis: This is CValAccess class public method
  65. // that validates inbound Access Request packet
  66. //
  67. // Arguments:
  68. // [in] - CPacketRadius*
  69. //
  70. // Returns: HRESULT - status
  71. //
  72. //
  73. // History: MKarki Created 9/28/97
  74. //
  75. // Calleed By: CPreValidator::StartInValidation class method
  76. //
  77. //----------------------------------------------------------------
  78. HRESULT
  79. CValAccess::ValidateInPacket(
  80. CPacketRadius * pCPacketRadius
  81. )
  82. {
  83. HRESULT hr = S_OK;
  84. DWORD dwClientAddress = 0;
  85. CClient *pCClient = NULL;
  87. _ASSERT (pCPacketRadius);
  89. __try
  90. {
  91. //
  92. // validate the attributes
  93. //
  94. hr = m_pCValAttributes->Validate (pCPacketRadius);
  95. if (FAILED (hr)) { __leave; }
  97. //
  98. // validate the Signature present in the packet
  99. // if no signature is present this call will return
  100. // success
  101. //
  102. hr = ValidateSignature (pCPacketRadius);
  103. if (FAILED (hr)) { __leave; }
  105. //
  106. // now give the packet for processing
  107. //
  108. hr = m_pCPreProcessor->StartInProcessing (pCPacketRadius);
  109. if (FAILED (hr)) { __leave; }
  110. }
  111. __finally
  112. {
  113. }
  115. return (hr);
  117. } // end of CValAccess::ValidateInPacket method
  119. //+++-------------------------------------------------------------
  120. //
  121. // Function: ValidateSignature
  122. //
  123. // Synopsis: This is CValAccesss class private method
  124. // that carries out validation provided in an
  125. // inbound RADIUS access request which has a
  126. // signature attribute
  127. //
  128. // Arguments:
  129. // [in] CPacketRadius*
  130. //
  131. // Returns: HRESULT - status
  132. //
  133. // History: MKarki Created 1/6/98
  134. //
  135. //----------------------------------------------------------------
  136. HRESULT
  137. CValAccess::ValidateSignature (
  138. CPacketRadius *pCPacketRadius
  139. )
  140. {
  141. HRESULT hr = S_OK;
  142. BOOL bStatus = FALSE;
  143. PBYTE InPacketSignature[SIGNATURE_SIZE];
  144. PBYTE GeneratedSignature [SIGNATURE_SIZE];
  145. TCHAR szErrorString [IAS_ERROR_STRING_LENGTH];
  146. IIasClient *pIIasClient = NULL;
  148. __try
  149. {
  151. //
  152. // get the CClient class object
  153. //
  154. hr = pCPacketRadius->GetClient (&pIIasClient);
  155. if (FAILED (hr)) { __leave; }
  157. //
  158. // get the signature attribute value from the inbound
  159. // packet
  160. //
  161. if (FALSE == pCPacketRadius->GetInSignature (
  162. reinterpret_cast <PBYTE> (InPacketSignature)
  163. ))
  164. {
  165. //
  166. // check if signature check is required
  167. //
  168. BOOL bCheckRequired = pIIasClient->NeedSignatureCheck ();
  169. if (!bCheckRequired)
  170. {
  171. __leave;
  172. }
  173. else
  174. {
  175. IASTracePrintf (
  176. "In-Bound request does not have does not have "
  177. "Message Authenticator attribute which is required for this client"
  178. );
  180. //
  181. // this is an error, need to silenty discard the
  182. // packet
  183. //
  185. PCWSTR strings[] = { pCPacketRadius->GetClientName() };
  186. IASReportEvent (
  187. RADIUS_E_SIGNATURE_REQUIRED,
  188. 1,
  189. 0,
  190. strings,
  191. NULL
  192. );
  194. m_pCReportEvent->Process (
  195. RADIUS_BAD_AUTHENTICATOR,
  196. pCPacketRadius->GetInCode (),
  197. pCPacketRadius->GetInLength(),
  198. pCPacketRadius->GetInAddress(),
  199. NULL,
  200. static_cast <LPVOID> (pCPacketRadius->GetInPacket())
  201. );
  202. hr = RADIUS_E_ERRORS_OCCURRED;
  203. __leave;
  204. }
  205. }
  207. //
  208. // generate the signature
  209. //
  210. DWORD dwBufSize = SIGNATURE_SIZE;
  211. hr = pCPacketRadius->GenerateInSignature (
  212. reinterpret_cast <PBYTE> (GeneratedSignature),
  213. &dwBufSize
  214. );
  215. if (FAILED (hr)) { __leave; }
  217. //
  218. // compare the signature attribute value in packet with
  219. // the one present
  220. //
  221. if (memcmp(InPacketSignature,GeneratedSignature,SIGNATURE_SIZE))
  222. {
  223. //
  224. // log error and generate audit event
  225. //
  226. IASTracePrintf (
  227. "Message Authenticator in request packet does not match the "
  228. "Message Authenticator generated by the server"
  229. );
  231. PCWSTR strings[] = { pCPacketRadius->GetClientName() };
  232. IASReportEvent (
  233. RADIUS_E_INVALID_SIGNATURE,
  234. 1,
  235. 0,
  236. strings,
  237. NULL
  238. );
  240. m_pCReportEvent->Process (
  241. RADIUS_BAD_AUTHENTICATOR,
  242. pCPacketRadius->GetInCode (),
  243. pCPacketRadius->GetInLength(),
  244. pCPacketRadius->GetInAddress(),
  245. NULL,
  246. static_cast <LPVOID> (pCPacketRadius->GetInPacket())
  247. );
  248. hr = RADIUS_E_ERRORS_OCCURRED;
  249. __leave;
  250. }
  252. //
  253. // success
  254. //
  255. }
  256. __finally
  257. {
  258. if (pIIasClient) { pIIasClient->Release (); }
  259. }
  261. return (hr);
  263. } // end of CValAccess::ValidateSignature method