Leaked source code of windows server 2003
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
///////////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 2000, Microsoft Corp. All rights reserved.
//
// FILE
//
// mschaperror.cpp
//
// SYNOPSIS
//
// Defines the class MSChapErrorReporter.
//
///////////////////////////////////////////////////////////////////////////////
#include <ias.h>
#include <blob.h>
#include <mschaperror.h>
/////////
// Returns the PPP CHAP Identifier for the request.
/////////
BYTEWINAPIGetMSChapIdent( IAttributesRaw* request ) throw (){ PIASATTRIBUTE attr;
/////////
// Check the attributes in decreasing order of probability.
/////////
attr = IASPeekAttribute( request, MS_ATTRIBUTE_CHAP_RESPONSE, IASTYPE_OCTET_STRING ); if (attr && attr->Value.OctetString.dwLength > 0) { return *(attr->Value.OctetString.lpValue); }
attr = IASPeekAttribute( request, MS_ATTRIBUTE_CHAP_CPW2, IASTYPE_OCTET_STRING ); if (attr && attr->Value.OctetString.dwLength > 1) { return *(attr->Value.OctetString.lpValue + 1); }
attr = IASPeekAttribute( request, MS_ATTRIBUTE_CHAP_CPW1, IASTYPE_OCTET_STRING ); if (attr && attr->Value.OctetString.dwLength > 1) { return *(attr->Value.OctetString.lpValue + 1); }
// If we can't read the identifier, we'll just use zero.
return (BYTE)0;}
IASREQUESTSTATUS MSChapErrorReporter::onSyncRequest( IRequest* pRequest ) throw (){ try { IASRequest request(pRequest);
PIASATTRIBUTE attr;
// If it doesn't have an MS-CHAP-Challenge then we're not interested.
attr = IASPeekAttribute( request, MS_ATTRIBUTE_CHAP_CHALLENGE, IASTYPE_OCTET_STRING ); if (!attr) { return IAS_REQUEST_STATUS_CONTINUE; }
// If it already has an MS-CHAP-Error, then there's nothing to do.
attr = IASPeekAttribute( request, MS_ATTRIBUTE_CHAP_ERROR, IASTYPE_OCTET_STRING ); if (attr) { return IAS_REQUEST_STATUS_CONTINUE; }
// Map the reason code to an MS-CHAP error code.
DWORD errorCode; switch (request.get_Reason()) { case IAS_INVALID_LOGON_HOURS: errorCode = 646; // ERROR_RESTRICTED_LOGON_HOURS
break;
case IAS_ACCOUNT_DISABLED: errorCode = 647; // ERROR_ACCT_DISABLED
break;
case IAS_PASSWORD_MUST_CHANGE: errorCode = 648; // ERROR_PASSWD_EXPIRED
break;
case IAS_LM_NOT_ALLOWED: case IAS_NO_POLICY_MATCH: case IAS_DIALIN_LOCKED_OUT: case IAS_DIALIN_DISABLED: case IAS_INVALID_AUTH_TYPE: case IAS_INVALID_CALLING_STATION: case IAS_INVALID_DIALIN_HOURS: case IAS_INVALID_CALLED_STATION: case IAS_INVALID_PORT_TYPE: case IAS_DIALIN_RESTRICTION: case IAS_CPW_NOT_ALLOWED: errorCode = 649; // ERROR_NO_DIALIN_PERMISSION
break;
case IAS_CHANGE_PASSWORD_FAILURE: errorCode = 709; // ERROR_CHANGING_PASSWORD;
break;
default: errorCode = 691; // ERROR_AUTHENTICATION_FAILURE
}
// Insert the MS-CHAP-Error VSA.
MSChapError::insert(request, GetMSChapIdent(request), errorCode); } catch (const _com_error& ce) { IASTraceExcept();
// If we can't populate the MS-CHAP-Error VSA, then we can't send a
// compliant response, so we should abort.
pRequest->SetResponse(IAS_RESPONSE_DISCARD_PACKET, ce.Error()); }
return IAS_REQUEST_STATUS_CONTINUE;}
|
