/*++ Copyright (c) 1999, Microsoft Corporation Module Name: elport.c Abstract: This module deals with the port management for EAPOL, r/w to ports Revision History: sachins, Apr 28 2000, Created --*/ #include "pcheapol.h" #pragma hdrstop #include "intfhdl.h" BYTE g_bDefaultGroupMacAddr[]={0x01, 0x80, 0xc2, 0x00, 0x00, 0x03}; BYTE g_bEtherType8021X[SIZE_ETHERNET_TYPE]={0x88, 0x8E}; BYTE DEFAULT_8021X_VERSION=0x01; // // ElReadPerPortRegistryParams // // Description: // // Function called to read per port interface parameters from the registry // // Arguments: // pwszDeviceGUID - GUID-string for the port // pPCB - Pointer to PCB for the port // // Return values: // NO_ERROR - success // NON-zero - error // DWORD ElReadPerPortRegistryParams ( IN WCHAR *pwszDeviceGUID, IN EAPOL_PCB *pPCB ) { EAPOL_INTF_PARAMS EapolIntfParams; EAPOL_POLICY_PARAMS EAPOLPolicyParams = {0}; DWORD dwSizeOfAuthData = 0; BYTE *pbAuthData = NULL; DWORD dwRetCode = NO_ERROR; do { // Set the Auth Mode and the Supplicant mode for the context pPCB->dwEAPOLAuthMode = g_dwEAPOLAuthMode; pPCB->dwSupplicantMode = g_dwSupplicantMode; // Read EAP type and default EAPOL state ZeroMemory ((BYTE *)&EapolIntfParams, sizeof(EAPOL_INTF_PARAMS)); EapolIntfParams.dwVersion = EAPOL_CURRENT_VERSION; EapolIntfParams.dwEapFlags = DEFAULT_EAP_STATE; EapolIntfParams.dwEapType = DEFAULT_EAP_TYPE; if (pPCB->pSSID != NULL) { memcpy (EapolIntfParams.bSSID, pPCB->pSSID->Ssid, pPCB->pSSID->SsidLength); EapolIntfParams.dwSizeOfSSID = pPCB->pSSID->SsidLength; } if ((dwRetCode = ElGetInterfaceParams ( pwszDeviceGUID, &EapolIntfParams )) != NO_ERROR) { TRACE1 (PORT, "ElReadPerPortRegistryParams: ElGetInterfaceParams failed with error %ld", dwRetCode); if (dwRetCode == ERROR_FILE_NOT_FOUND) { dwRetCode = NO_ERROR; } else { break; } } // Do version check here // If registry blob has a version not equal to latest version, // modify parameters to reflect default settings for current version if ((EapolIntfParams.dwVersion != EAPOL_CURRENT_VERSION) && (EapolIntfParams.dwEapType == EAP_TYPE_TLS)) { EapolIntfParams.dwVersion = EAPOL_CURRENT_VERSION; EapolIntfParams.dwEapFlags |= DEFAULT_MACHINE_AUTH_STATE; EapolIntfParams.dwEapFlags &= ~EAPOL_GUEST_AUTH_ENABLED; if ((dwRetCode = ElSetInterfaceParams ( pwszDeviceGUID, &EapolIntfParams )) != NO_ERROR) { TRACE1 (PORT, "ElReadPerPortRegistryParams: ElSetInterfaceParams failed with error %ld, continuing", dwRetCode); dwRetCode = NO_ERROR; } } if ((pPCB->PhysicalMediumType == NdisPhysicalMediumWirelessLan) && (EapolIntfParams.dwEapType == EAP_TYPE_MD5)) { EapolIntfParams.dwEapType = EAP_TYPE_TLS; if ((dwRetCode = ElSetInterfaceParams ( pwszDeviceGUID, &EapolIntfParams )) != NO_ERROR) { TRACE1 (PORT, "ElReadPerPortRegistryParams: ElSetInterfaceParams for TLS failed with error %ld, continuing", dwRetCode); dwRetCode = NO_ERROR; } } pPCB->dwEapFlags = EapolIntfParams.dwEapFlags; pPCB->dwEapTypeToBeUsed = EapolIntfParams.dwEapType; // // Query with zero-config and see if it is enabled on the interface // or not. If zero-config is disabled on the interface, 802.1x should // also be disabled // { DWORD dwErr = 0; INTF_ENTRY ZCIntfEntry = {0}; ZCIntfEntry.wszGuid = pwszDeviceGUID; if ((dwErr = LstQueryInterface ( INTF_ENABLED, &ZCIntfEntry, NULL )) == NO_ERROR) { if (!(ZCIntfEntry.dwCtlFlags & INTFCTL_ENABLED)) { // TRACE0 (ANY, "LstQueryInterface returned Zero-configuration is disabled on network"); pPCB->dwEapFlags &= ~EAPOL_ENABLED; } else { // TRACE0 (ANY, "LstQueryInterface returned Zero-configuration is enabled on network"); } } else { if (dwErr != ERROR_FILE_NOT_FOUND) { TRACE1 (ANY, "LstQueryInterface failed with error (%ld)", dwErr); } } } // Get the size of the EAP blob if ((dwRetCode = ElGetCustomAuthData ( pwszDeviceGUID, pPCB->dwEapTypeToBeUsed, (pPCB->pSSID)?pPCB->pSSID->SsidLength:0, (pPCB->pSSID)?pPCB->pSSID->Ssid:NULL, NULL, &dwSizeOfAuthData )) != NO_ERROR) { if (dwRetCode == ERROR_BUFFER_TOO_SMALL) { if (dwSizeOfAuthData <= 0) { // No EAP blob stored in the registry // Port can have NULL EAP blob pbAuthData = NULL; dwRetCode = NO_ERROR; } else { // Allocate memory to hold the blob pbAuthData = MALLOC (dwSizeOfAuthData); if (pbAuthData == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElReadPerPortRegistryParams: Error in memory allocation for EAP blob"); break; } if ((dwRetCode = ElGetCustomAuthData ( pwszDeviceGUID, pPCB->dwEapTypeToBeUsed, (pPCB->pSSID)?pPCB->pSSID->SsidLength:0, (pPCB->pSSID)?pPCB->pSSID->Ssid:NULL, pbAuthData, &dwSizeOfAuthData )) != NO_ERROR) { TRACE1 (USER, "ElReadPerPortRegistryParams: ElGetCustomAuthData failed with %ld", dwRetCode); break; } } if (pPCB->pCustomAuthConnData != NULL) { FREE (pPCB->pCustomAuthConnData); pPCB->pCustomAuthConnData = NULL; } pPCB->pCustomAuthConnData = MALLOC (dwSizeOfAuthData + sizeof (DWORD)); if (pPCB->pCustomAuthConnData == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (EAPOL, "ElReadPerPortRegistryParams: MALLOC failed for pCustomAuthConnData"); break; } pPCB->pCustomAuthConnData->dwSizeOfCustomAuthData = dwSizeOfAuthData; if ((dwSizeOfAuthData != 0) && (pbAuthData != NULL)) { memcpy ((BYTE *)pPCB->pCustomAuthConnData->pbCustomAuthData, (BYTE *)pbAuthData, dwSizeOfAuthData); } } else { TRACE1 (USER, "ElReadPerPortRegistryParams: ElGetCustomAuthData size estimation failed with error %ld", dwRetCode); break; } } // Initialize Policy parameters not in EAPOL_INTF_PARAMS if ((dwRetCode = ElGetPolicyInterfaceParams ( EapolIntfParams.dwSizeOfSSID, EapolIntfParams.bSSID, &EAPOLPolicyParams )) == NO_ERROR) { pPCB->dwEAPOLAuthMode = EAPOLPolicyParams.dwEAPOLAuthMode; pPCB->dwSupplicantMode = EAPOLPolicyParams.dwSupplicantMode; pPCB->EapolConfig.dwheldPeriod = EAPOLPolicyParams.dwheldPeriod; pPCB->EapolConfig.dwauthPeriod = EAPOLPolicyParams.dwauthPeriod; pPCB->EapolConfig.dwstartPeriod = EAPOLPolicyParams.dwstartPeriod; pPCB->EapolConfig.dwmaxStart = EAPOLPolicyParams.dwmaxStart; } else { if (dwRetCode != ERROR_FILE_NOT_FOUND) { TRACE1 (USER, "ElReadPerPortRegistryParams: ElGetPolicyInterfaceParams failed with error (%ld)", dwRetCode); } dwRetCode = NO_ERROR; } // Determine maximum fail count possible before being parked into failure // state (DISCONNECTED) switch (pPCB->dwEAPOLAuthMode) { case EAPOL_AUTH_MODE_0: case EAPOL_AUTH_MODE_1: if (g_fUserLoggedOn) { // When user is logged in, only user and guest will be tried pPCB->dwTotalMaxAuthFailCount = EAPOL_MAX_AUTH_FAIL_COUNT; pPCB->dwTotalMaxAuthFailCount += ((IS_GUEST_AUTH_ENABLED(pPCB->dwEapFlags))?1:0)*EAPOL_MAX_AUTH_FAIL_COUNT; } else { // When user is logged out, only machine and guest will be tried pPCB->dwTotalMaxAuthFailCount = ((IS_GUEST_AUTH_ENABLED(pPCB->dwEapFlags))?1:0)*EAPOL_MAX_AUTH_FAIL_COUNT; pPCB->dwTotalMaxAuthFailCount += ((IS_MACHINE_AUTH_ENABLED(pPCB->dwEapFlags))?1:0)*EAPOL_MAX_AUTH_FAIL_COUNT; } break; case EAPOL_AUTH_MODE_2: // In Mode 2, only machine and guest will be tried pPCB->dwTotalMaxAuthFailCount = ((IS_GUEST_AUTH_ENABLED(pPCB->dwEapFlags))?1:0)*EAPOL_MAX_AUTH_FAIL_COUNT; pPCB->dwTotalMaxAuthFailCount += ((IS_MACHINE_AUTH_ENABLED(pPCB->dwEapFlags))?1:0)*EAPOL_MAX_AUTH_FAIL_COUNT; break; } TRACE1 (PORT, "ElReadPerPortRegistryParams: dwTotalMaxAuthFailCount = (%ld)", pPCB->dwTotalMaxAuthFailCount); memcpy(pPCB->bEtherType, &g_bEtherType8021X[0], SIZE_ETHERNET_TYPE); pPCB->bProtocolVersion = DEFAULT_8021X_VERSION; } while (FALSE); if (pbAuthData != NULL) { FREE (pbAuthData); } return dwRetCode; } // // ElHashPortToBucket // // Description: // // Function called to convert Device GUID into PCB hash table index. // // Arguments: // pwszDeviceGUID - GUID-string for the port // // Return values: // PCB hash table index from 0 to PORT_TABLE_BUCKETS-1 // DWORD ElHashPortToBucket ( IN WCHAR *pwszDeviceGUID ) { return ((DWORD)((_wtol(pwszDeviceGUID)) % PORT_TABLE_BUCKETS)); } // // ElRemovePCBFromTable // // Description: // // Function called to remove a PCB from the Hash Bucket table // Delink it from the hash table, but do not free up the memory // // Arguments: // pPCB - Pointer to PCB entry to be removed // // Return values: // VOID ElRemovePCBFromTable ( IN EAPOL_PCB *pPCB ) { DWORD dwIndex; EAPOL_PCB *pPCBWalker = NULL; EAPOL_PCB *pPCBTemp = NULL; if (pPCB == NULL) { TRACE0 (PORT, "ElRemovePCBFromTable: Deleting NULL PCB, returning"); return; } dwIndex = ElHashPortToBucket (pPCB->pwszDeviceGUID); pPCBWalker = g_PCBTable.pPCBBuckets[dwIndex].pPorts; pPCBTemp = pPCBWalker; while (pPCBTemp != NULL) { if (wcsncmp (pPCBTemp->pwszDeviceGUID, pPCB->pwszDeviceGUID, wcslen (pPCB->pwszDeviceGUID)) == 0) { // Entry is at head of list in table if (pPCBTemp == g_PCBTable.pPCBBuckets[dwIndex].pPorts) { g_PCBTable.pPCBBuckets[dwIndex].pPorts = pPCBTemp->pNext; } else { // Entry in inside list in table pPCBWalker->pNext = pPCBTemp->pNext; } break; } pPCBWalker = pPCBTemp; pPCBTemp = pPCBWalker->pNext; } return; } // // ElGetPCBPointerFromPortGUID // // Description: // // Function called to convert interface GUID to PCB pointer for the entry in // the PCB hash table // // Arguments: // pwszDeviceGUID - Identifier of the form GUID-String // // Return values: // PEAPOL_PCB ElGetPCBPointerFromPortGUID ( IN WCHAR *pwszDeviceGUID ) { EAPOL_PCB *pPCBWalker = NULL; DWORD dwIndex; // TRACE1 (PORT, "ElGetPCBPointerFromPortGUID: GUID %ws", pwszDeviceGUID); dwIndex = ElHashPortToBucket (pwszDeviceGUID); // TRACE1 (PORT, "ElGetPCBPointerFromPortGUID: Index %d", dwIndex); for (pPCBWalker = g_PCBTable.pPCBBuckets[dwIndex].pPorts; pPCBWalker != NULL; pPCBWalker = pPCBWalker->pNext ) { if (wcslen(pPCBWalker->pwszDeviceGUID) == wcslen(pwszDeviceGUID)) { if (wcsncmp (pPCBWalker->pwszDeviceGUID, pwszDeviceGUID, wcslen (pwszDeviceGUID)) == 0) { return pPCBWalker; } } } return (NULL); } // // ElInitializeEAPOL // // Description: // // Function to initialize EAPOL protocol module. // Global EAPOL parameters are read from the registry. // PCB hash table is initialized. // EAP protocol is intialized. // // Arguments: // // Return values: // NO_ERROR - success // non-zero - error // DWORD ElInitializeEAPOL ( ) { DWORD dwIndex; HANDLE hLocalTimerQueue = NULL; DWORD dwRetCode = NO_ERROR; do { // Initialize global config locks if (dwRetCode = CREATE_READ_WRITE_LOCK(&(g_EAPOLConfig), "CFG") != NO_ERROR) { TRACE1(PORT, "ElInitializeEAPOL: Error %d creating g_EAPOLConfig read-write-lock", dwRetCode); // LOG break; } // Read parameters stored in registry if ((dwRetCode = ElReadGlobalRegistryParams ()) != NO_ERROR) { TRACE1 (PORT, "ElInitializeEAPOL: ElReadGlobalRegistryParams failed with error = %ld", dwRetCode); dwRetCode = NO_ERROR; // Don't exit, since default values will be used } // Initialize Hash Bucket Table g_PCBTable.pPCBBuckets = (PCB_BUCKET *) MALLOC ( PORT_TABLE_BUCKETS * sizeof (PCB_BUCKET)); if (g_PCBTable.pPCBBuckets == NULL) { TRACE0 (PORT, "ElInitializeEAPOL: Error in allocating memory for PCB buckets"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } g_PCBTable.dwNumPCBBuckets = PORT_TABLE_BUCKETS; for (dwIndex=0; dwIndex < PORT_TABLE_BUCKETS; dwIndex++) { g_PCBTable.pPCBBuckets[dwIndex].pPorts=NULL; } // Initialize global locks if (dwRetCode = CREATE_READ_WRITE_LOCK(&(g_PCBLock), "PCB") != NO_ERROR) { TRACE1(PORT, "ElInitializeEAPOL: Error %d creating g_PCBLock read-write-lock", dwRetCode); // LOG break; } // Create global timer queue for the various EAPOL state machines if ((g_hTimerQueue = CreateTimerQueue()) == NULL) { dwRetCode = GetLastError(); TRACE1(PORT, "ElInitializeEAPOL: Error %d creating timer queue", dwRetCode); break; } // Initialize EAP if ((dwRetCode = ElEapInit(TRUE)) != NO_ERROR) { TRACE1 (PORT, "ElInitializeEAPOL: Error in ElEapInit= %ld", dwRetCode); break; } } while (FALSE); if (dwRetCode != NO_ERROR) { if (g_PCBTable.pPCBBuckets != NULL) { FREE (g_PCBTable.pPCBBuckets); g_PCBTable.pPCBBuckets = NULL; } if (READ_WRITE_LOCK_CREATED(&(g_PCBLock))) { DELETE_READ_WRITE_LOCK(&(g_PCBLock)); } if (READ_WRITE_LOCK_CREATED(&(g_EAPOLConfig))) { DELETE_READ_WRITE_LOCK(&(g_EAPOLConfig)); } if (g_hTimerQueue != NULL) { hLocalTimerQueue = g_hTimerQueue; g_hTimerQueue = NULL; if (!DeleteTimerQueueEx( hLocalTimerQueue, INVALID_HANDLE_VALUE )) { dwRetCode = GetLastError(); TRACE1 (PORT, "ElInitializeEAPOL: Error in DeleteTimerQueueEx = %d", dwRetCode); } } // DeInit EAP ElEapInit(FALSE); } TRACE1 (PORT, "ElInitializeEAPOL: Completed, RetCode = %ld", dwRetCode); return dwRetCode; } // // ElCreatePort // // Description: // // Function to initialize Port Control Block for a port and start EAPOL // on it. If the PCB already exists for the GUID, EAPOL state machine // is restarted for that port. // // Arguments: // hDevice - Handle to open NDISUIO driver on the interface // pwszGUID - Pointer to GUID-String for the interface // pwszFriendlyName - Friendly name of the interface // // Return values: // NO_ERROR - success // non-zero - error // DWORD ElCreatePort ( IN HANDLE hDevice, IN WCHAR *pwszGUID, IN WCHAR *pwszFriendlyName, IN DWORD dwZeroConfigId, IN PRAW_DATA prdUserData ) { EAPOL_PCB *pNewPCB; BOOL fPortToBeReStarted = FALSE; BOOL fPCBCreated = FALSE; DWORD dwIndex = 0; DWORD dwSizeofMacAddr = 0; DWORD dwSizeofSSID = 0; DWORD ulOidDataLength = 0; NIC_STATISTICS NicStatistics; EAPOL_ZC_INTF *pZCData = NULL; NDIS_802_11_NETWORK_INFRASTRUCTURE InfrastructureMode = Ndis802_11InfrastructureMax; DWORD dwSizeOfInfrastructureMode = 0; DWORD dwRetCode = NO_ERROR; do { TRACE5 (PORT, "ElCreatePort: Entered for Handle=(%p), GUID=(%ws), Name=(%ws), ZCId=(%ld), UserData=(%p)", hDevice, pwszGUID, pwszFriendlyName, dwZeroConfigId, prdUserData); // See if the port already exists // If yes, initialize the state machine // Else, create a new port ACQUIRE_WRITE_LOCK (&g_PCBLock); pNewPCB = ElGetPCBPointerFromPortGUID (pwszGUID); if (pNewPCB != NULL) { // PCB found, restart EAPOL STATE machine fPortToBeReStarted = TRUE; } else { // PCB not found, create new PCB and initialize it TRACE1 (PORT, "ElCreatePort: No PCB found for %ws", pwszGUID); // Allocate and initialize a new PCB pNewPCB = (PEAPOL_PCB) MALLOC (sizeof(EAPOL_PCB)); if (pNewPCB == NULL) { RELEASE_WRITE_LOCK (&g_PCBLock); TRACE0(PORT, "ElCreatePort: Error in memory allocation using MALLOC"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; return dwRetCode; } } // Get Media Statistics for the interface ZeroMemory ((PVOID)&NicStatistics, sizeof(NIC_STATISTICS)); if ((dwRetCode = ElGetInterfaceNdisStatistics ( pwszGUID, &NicStatistics )) != NO_ERROR) { RELEASE_WRITE_LOCK (&g_PCBLock); TRACE1(PORT, "ElCreatePort: ElGetInterfaceNdisStatistics failed with error %ld", dwRetCode); break; } if (fPortToBeReStarted) { if (NicStatistics.MediaState != MEDIA_STATE_CONNECTED) { RELEASE_WRITE_LOCK (&g_PCBLock); dwRetCode = ERROR_INVALID_STATE; TRACE1(PORT, "ElCreatePort: Invalid media status for port to be restarted = (%ld)", NicStatistics.MediaState); break; } } else { if ((NicStatistics.MediaState != MEDIA_STATE_CONNECTED) && (NicStatistics.MediaState != MEDIA_STATE_DISCONNECTED)) { RELEASE_WRITE_LOCK (&g_PCBLock); dwRetCode = ERROR_INVALID_STATE; TRACE1(PORT, "ElCreatePort: Invalid media status for port = (%ld)", NicStatistics.MediaState); break; } } pNewPCB->MediaState = NicStatistics.MediaState; pNewPCB->PhysicalMediumType = NicStatistics.PhysicalMediaType; if (fPortToBeReStarted) { // Only port state will be changed to CONNECTING // No read requests will be cancelled // Hence no new read request will be posted TRACE1 (PORT, "ElCreatePort: PCB found for %ws", pwszGUID); if ((dwRetCode = ElReStartPort ( pNewPCB, dwZeroConfigId, prdUserData)) != NO_ERROR) { TRACE1 (PORT, "ElCreatePort: Error in ElReStartPort = %d", dwRetCode); } RELEASE_WRITE_LOCK (&g_PCBLock); break; } else { // New Port Control Block created // PCB creation reference count pNewPCB->dwRefCount = 1; pNewPCB->hPort = hDevice; // Mark the port as active pNewPCB->dwFlags = EAPOL_PORT_FLAG_ACTIVE; if (wcslen(pwszGUID) > (GUID_STRING_LEN_WITH_TERM-1)) { RELEASE_WRITE_LOCK (&g_PCBLock); TRACE0(PORT, "ElCreatePort: Invalid GUID for port"); break; } pNewPCB->pwszDeviceGUID = (PWCHAR) MALLOC ((wcslen(pwszGUID) + 1)*sizeof(WCHAR)); if (pNewPCB->pwszDeviceGUID == NULL) { RELEASE_WRITE_LOCK (&g_PCBLock); TRACE0(PORT, "ElCreatePort: Error in memory allocation for GUID"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } wcscpy (pNewPCB->pwszDeviceGUID, pwszGUID); pNewPCB->pwszFriendlyName = (PWCHAR) MALLOC ((wcslen(pwszFriendlyName) + 1)*sizeof(WCHAR)); if (pNewPCB->pwszFriendlyName == NULL) { RELEASE_WRITE_LOCK (&g_PCBLock); TRACE0(PORT, "ElCreatePort: Error in memory allocation for Friendly Name"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } wcscpy (pNewPCB->pwszFriendlyName, pwszFriendlyName); // Get the Local Current Mac address dwSizeofMacAddr = SIZE_MAC_ADDR; if (dwRetCode = ElNdisuioQueryOIDValue ( pNewPCB->hPort, OID_802_3_CURRENT_ADDRESS, pNewPCB->bSrcMacAddr, &dwSizeofMacAddr ) != NO_ERROR) { RELEASE_WRITE_LOCK (&g_PCBLock); TRACE1 (PORT, "ElCreatePort: ElNdisuioQueryOIDValue for OID_802_3_CURRENT_ADDRESS failed with error %ld", dwRetCode); break; } else { TRACE0 (PORT, "ElCreatePort: ElNdisuioQueryOIDValue for OID_802_3_CURRENT_ADDRESS successful"); EAPOL_DUMPBA (pNewPCB->bSrcMacAddr, dwSizeofMacAddr); } if (pNewPCB->PhysicalMediumType == NdisPhysicalMediumWirelessLan) { // Query the BSSID and SSID if media_connect if (pNewPCB->MediaState == MEDIA_STATE_CONNECTED) { dwSizeOfInfrastructureMode = sizeof (InfrastructureMode); // Get the infrastructure mode // 802.1x cannot work on Adhoc networks if (dwRetCode = ElNdisuioQueryOIDValue ( pNewPCB->hPort, OID_802_11_INFRASTRUCTURE_MODE, (BYTE *)&InfrastructureMode, &dwSizeOfInfrastructureMode ) != NO_ERROR) { RELEASE_WRITE_LOCK (&g_PCBLock); TRACE1 (PORT, "ElCreatePort: ElNdisuioQueryOIDValue for OID_802_11_INFRASTRUCTURE_MODE failed with error %ld", dwRetCode); break; } else { TRACE1 (PORT, "ElCreatePort: ElNdisuioQueryOIDValue for OID_802_11_INFRASTRUCTURE_MODE successful, Mode = (%ld)", InfrastructureMode); } if (InfrastructureMode != Ndis802_11Infrastructure) { dwRetCode = ERROR_NOT_SUPPORTED; RELEASE_WRITE_LOCK (&g_PCBLock); TRACE0 (PORT, "ElCreatePort: 802.1x cannot work on non-infrastructure networks"); break; } // Get the Remote MAC address if possible dwSizeofMacAddr = SIZE_MAC_ADDR; if (dwRetCode = ElNdisuioQueryOIDValue ( pNewPCB->hPort, OID_802_11_BSSID, pNewPCB->bDestMacAddr, &dwSizeofMacAddr ) != NO_ERROR) { RELEASE_WRITE_LOCK (&g_PCBLock); TRACE1 (PORT, "ElCreatePort: ElNdisuioQueryOIDValue for OID_802_11_BSSID failed with error %ld", dwRetCode); break; } else { TRACE0 (PORT, "ElCreatePort: ElNdisuioQueryOIDValue for OID_802_11_BSSID successful"); EAPOL_DUMPBA (pNewPCB->bDestMacAddr, dwSizeofMacAddr); } if ((pNewPCB->pSSID = MALLOC (NDIS_802_11_SSID_LEN)) == NULL) { RELEASE_WRITE_LOCK (&g_PCBLock); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (PORT, "ElCreatePort: MALLOC failed for pSSID"); break; } dwSizeofSSID = NDIS_802_11_SSID_LEN; if (dwRetCode = ElNdisuioQueryOIDValue ( pNewPCB->hPort, OID_802_11_SSID, (BYTE *)pNewPCB->pSSID, &dwSizeofSSID ) != NO_ERROR) { RELEASE_WRITE_LOCK (&g_PCBLock); TRACE1 (PORT, "ElCreatePort: ElNdisuioQueryOIDValue for OID_802_11_SSID failed with error %ld", dwRetCode); break; } else { if (pNewPCB->pSSID->SsidLength > MAX_SSID_LEN) { RELEASE_WRITE_LOCK (&g_PCBLock); dwRetCode = ERROR_INVALID_PARAMETER; TRACE0 (PORT, "ElCreatePort: ElNdisuioQueryOIDValue OID_802_11_SSID returned invalid SSID"); break; } TRACE0 (PORT, "ElCreatePort: ElNdisuioQueryOIDValue for OID_802_11_SSID successful"); EAPOL_DUMPBA (pNewPCB->pSSID->Ssid, pNewPCB->pSSID->SsidLength); } } } else { // Wired Lan // Copy default destination Mac address value memcpy(pNewPCB->bDestMacAddr, &g_bDefaultGroupMacAddr[0], SIZE_MAC_ADDR); // If destination MacAddress is going to be multicast // inform the driver to accept the packets to this address if ((dwRetCode = ElNdisuioSetOIDValue ( pNewPCB->hPort, OID_802_3_MULTICAST_LIST, (BYTE *)&g_bDefaultGroupMacAddr[0], SIZE_MAC_ADDR)) != NO_ERROR) { RELEASE_WRITE_LOCK (&g_PCBLock); TRACE1 (PORT, "ElCreatePort: ElNdisuioSetOIDValue for OID_802_3_MULTICAST_LIST failed with error %ld", dwRetCode); break; } else { TRACE0 (PORT, "ElCreatePort: ElNdisuioSetOIDValue for OID_802_3_MULTICAST_LIST successful"); } } // Identity related initialization pNewPCB->PreviousAuthenticationType = EAPOL_UNAUTHENTICATED_ACCESS; pNewPCB->fGotUserIdentity = FALSE; if (prdUserData != NULL) { if ((prdUserData->dwDataLen >= sizeof (EAPOL_ZC_INTF)) && (prdUserData->pData != NULL)) { // Extract information stored with Zero-Config pZCData = (PEAPOL_ZC_INTF) prdUserData->pData; pNewPCB->dwAuthFailCount = pZCData->dwAuthFailCount; pNewPCB->PreviousAuthenticationType = pZCData->PreviousAuthenticationType; TRACE2 (PORT, "ElCreatePort: prdUserData: Authfailcount = %ld, PreviousAuthType = %ld", pZCData->dwAuthFailCount, pZCData->PreviousAuthenticationType); } else { // Reset for zeroed out prdUserData pNewPCB->dwAuthFailCount = 0; TRACE0 (PORT, "ElCreatePort: prdUserData not valid"); } } pNewPCB->dwTotalMaxAuthFailCount = EAPOL_TOTAL_MAX_AUTH_FAIL_COUNT; pNewPCB->dwZeroConfigId = dwZeroConfigId; // Not yet received 802.1X packet from remote end pNewPCB->fIsRemoteEndEAPOLAware = FALSE; // EAPOL state machine variables pNewPCB->State = EAPOLSTATE_LOGOFF; // Create timer with very high due time and infinite period // Timer will be deleted when the port is deleted CREATE_TIMER (&(pNewPCB->hTimer), ElTimeoutCallbackRoutine, (PVOID)pNewPCB, INFINITE_SECONDS, "PCB", &dwRetCode); if (dwRetCode != NO_ERROR) { RELEASE_WRITE_LOCK (&g_PCBLock); TRACE1 (PORT, "ElCreatePort: Error in CREATE_TIMER %ld", dwRetCode); break; } // EAPOL_Start s that have been sent out pNewPCB->ulStartCount = 0; // Last received Id from the remote end pNewPCB->dwPreviousId = 256; ACQUIRE_WRITE_LOCK (&g_EAPOLConfig); pNewPCB->EapolConfig.dwheldPeriod = g_dwheldPeriod; pNewPCB->EapolConfig.dwauthPeriod = g_dwauthPeriod; pNewPCB->EapolConfig.dwstartPeriod = g_dwstartPeriod; pNewPCB->EapolConfig.dwmaxStart = g_dwmaxStart; RELEASE_WRITE_LOCK (&g_EAPOLConfig); // Initialize read-write lock if (dwRetCode = CREATE_READ_WRITE_LOCK(&(pNewPCB->rwLock), "EPL") != NO_ERROR) { RELEASE_WRITE_LOCK (&g_PCBLock); TRACE1(PORT, "ElCreatePort: Error %d creating read-write-lock", dwRetCode); // LOG break; } // Initialize registry connection auth data for this port // If connection data is not present for EAP-TLS and SSID="Default" // create the blob if ((dwRetCode = ElInitRegPortData ( pNewPCB->pwszDeviceGUID )) != NO_ERROR) { RELEASE_WRITE_LOCK (&g_PCBLock); TRACE1 (PORT, "ElCreatePort: Error in ElInitRegPortData = %d", dwRetCode); break; } // Initialize per port information from registry if ((dwRetCode = ElReadPerPortRegistryParams(pwszGUID, pNewPCB)) != NO_ERROR) { RELEASE_WRITE_LOCK (&g_PCBLock); TRACE1(PORT, "ElCreatePort: ElReadPerPortRegistryParams failed with error %ld", dwRetCode); break; } switch (pNewPCB->dwSupplicantMode) { case SUPPLICANT_MODE_0: case SUPPLICANT_MODE_1: case SUPPLICANT_MODE_2: pNewPCB->fEAPOLTransmissionFlag = FALSE; break; case SUPPLICANT_MODE_3: pNewPCB->fEAPOLTransmissionFlag = TRUE; break; } // Unicast mode, can talk with peer without broadcast messages if (pNewPCB->PhysicalMediumType == NdisPhysicalMediumWirelessLan) { pNewPCB->fEAPOLTransmissionFlag = TRUE; } if ((!IS_EAPOL_ENABLED(pNewPCB->dwEapFlags)) || (pNewPCB->dwSupplicantMode == SUPPLICANT_MODE_0)) { TRACE0 (PORT, "ElCreatePort: Marking port as disabled"); pNewPCB->dwFlags &= ~EAPOL_PORT_FLAG_ACTIVE; pNewPCB->dwFlags |= EAPOL_PORT_FLAG_DISABLED; } // Add one more for local access pNewPCB->dwRefCount += 1; // Insert NewPCB into PCB hash table dwIndex = ElHashPortToBucket (pwszGUID); pNewPCB->pNext = g_PCBTable.pPCBBuckets[dwIndex].pPorts; g_PCBTable.pPCBBuckets[dwIndex].pPorts = pNewPCB; pNewPCB->dwPortIndex = dwIndex; fPCBCreated = TRUE; RELEASE_WRITE_LOCK (&g_PCBLock); ACQUIRE_WRITE_LOCK (&(pNewPCB->rwLock)); // // Post a read request on the port // // Initiate read operation on the port, since it is now active if (dwRetCode = ElReadFromPort ( pNewPCB, NULL, 0 ) != NO_ERROR) { RELEASE_WRITE_LOCK (&(pNewPCB->rwLock)); TRACE1 (PORT, "ElCreatePort: Error in ElReadFromPort = %d", dwRetCode); break; } // // Kick off EAPOL state machine // if ((pNewPCB->MediaState == MEDIA_STATE_CONNECTED) && EAPOL_PORT_ACTIVE(pNewPCB)) { // Set port to EAPOLSTATE_CONNECTING State // Send out EAPOL_Start Packets to detect if it is a secure // or non-secure LAN based on response received from remote end if ((dwRetCode = FSMConnecting (pNewPCB, NULL)) != NO_ERROR) { RELEASE_WRITE_LOCK (&(pNewPCB->rwLock)); TRACE1 (PORT, "ElCreatePort: FSMConnecting failed with error %ld", dwRetCode); break; } } else { // Set port to EAPOLSTATE_DISCONNECTED State if ((dwRetCode = FSMDisconnected (pNewPCB, NULL)) != NO_ERROR) { RELEASE_WRITE_LOCK (&(pNewPCB->rwLock)); TRACE1 (PORT, "ElCreatePort: FSMDisconnected failed with error %ld", dwRetCode); break; } } RELEASE_WRITE_LOCK (&(pNewPCB->rwLock)); TRACE2 (PORT, "ElCreatePort: Completed for GUID= %ws, Name = %ws", pNewPCB->pwszDeviceGUID, pNewPCB->pwszFriendlyName); } } while (FALSE); // Remove the local access reference if (fPCBCreated) { EAPOL_DEREFERENCE_PORT(pNewPCB); } if (dwRetCode != NO_ERROR) { // If PCB was not being restarted if (!fPortToBeReStarted) { // If PCB was created if (fPCBCreated) { HANDLE hTempDevice; // Mark the Port as deleted. Cleanup if possible // Don't worry about return code ElDeletePort ( pNewPCB->pwszDeviceGUID, &hDevice ); } else { // Remove all partial traces of port creation if (pNewPCB->hTimer != NULL) { if (InterlockedCompareExchangePointer ( &g_hTimerQueue, NULL, NULL )) { DWORD dwTmpRetCode = NO_ERROR; TRACE2 (PORT, "ElCreatePort: DeleteTimer (%p), queue (%p)", pNewPCB->hTimer, g_hTimerQueue); DELETE_TIMER (pNewPCB->hTimer, INVALID_HANDLE_VALUE, &dwTmpRetCode); if (dwTmpRetCode != NO_ERROR) { TRACE1 (PORT, "ElCreatePort: DeleteTimer failed with error %ld", dwTmpRetCode); } } } if (READ_WRITE_LOCK_CREATED(&(pNewPCB->rwLock))) { DELETE_READ_WRITE_LOCK(&(pNewPCB->rwLock)); } if (pNewPCB->pwszDeviceGUID != NULL) { FREE(pNewPCB->pwszDeviceGUID); pNewPCB->pwszDeviceGUID = NULL; } if (pNewPCB->pwszFriendlyName != NULL) { FREE(pNewPCB->pwszFriendlyName); pNewPCB->pwszFriendlyName = NULL; } if (pNewPCB != NULL) { ZeroMemory ((PVOID)pNewPCB, sizeof (EAPOL_PCB)); FREE (pNewPCB); pNewPCB = NULL; } } } } return dwRetCode; } // // ElDeletePort // // Description: // // Function to stop EAPOL and delete PCB for a port. // Returns back pointer to handle opened on the interface so that // the handle can be closed by the interface management module. // // Input arguments: // pwszDeviceGUID - GUID-String of the interface whose PCB needs to be // deleted // pHandle - Output: Handle to NDISUIO driver for this port // // Return values: // NO_ERROR - success // non-zero - error // DWORD ElDeletePort ( IN WCHAR *pwszDeviceGUID, OUT HANDLE *pHandle ) { EAPOL_PCB *pPCB = NULL; HANDLE hTimer = NULL; DWORD dwRetCode = NO_ERROR; ACQUIRE_WRITE_LOCK (&(g_PCBLock)); // Verify if PCB exists for this GUID TRACE1 (PORT, "ElDeletePort entered for GUID %ws", pwszDeviceGUID); pPCB = ElGetPCBPointerFromPortGUID (pwszDeviceGUID); if (pPCB == NULL) { RELEASE_WRITE_LOCK (&(g_PCBLock)); TRACE1 (PORT, "ElDeletePort: PCB not found entered for Port %s", pwszDeviceGUID); return ERROR_NO_SUCH_INTERFACE; } ACQUIRE_WRITE_LOCK (&(pPCB->rwLock)); // Make sure it isn't already deleted if (EAPOL_PORT_DELETED(pPCB)) { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); RELEASE_WRITE_LOCK (&(g_PCBLock)); TRACE1 (PORT, "ElDeletePort: PCB already marked deleted for Port %ws", pwszDeviceGUID); return ERROR_NO_SUCH_INTERFACE; } InterlockedIncrement (&g_lPCBContextsAlive); // Retain handle to NDISUIO device *pHandle = pPCB->hPort; // Mark the PCB as deleted and remove it from the hash bucket pPCB->dwFlags = EAPOL_PORT_FLAG_DELETED; ElRemovePCBFromTable(pPCB); // Shutdown EAP // Will always return NO_ERROR, so no check on return value ElEapEnd (pPCB); // Delete timer since PCB is not longer to be used hTimer = pPCB->hTimer; TRACE1 (PORT, "ElDeletePort: RefCount for port = %ld", pPCB->dwRefCount); RELEASE_WRITE_LOCK (&(pPCB->rwLock)); if (InterlockedCompareExchangePointer ( &g_hTimerQueue, NULL, NULL )) { TRACE2 (PORT, "ElDeletePort: DeleteTimer (%p), queue (%p)", hTimer, g_hTimerQueue); DELETE_TIMER (hTimer, INVALID_HANDLE_VALUE, &dwRetCode); if (dwRetCode != NO_ERROR) { TRACE1 (PORT, "ElDeletePort: DeleteTimer failed with error %ld", dwRetCode); } } // If reference count is zero, perform final cleanup EAPOL_DEREFERENCE_PORT (pPCB); RELEASE_WRITE_LOCK (&(g_PCBLock)); return NO_ERROR; } // // ElCleanupPort // // Description: // // Function called when the very last reference to a PCB // is released. The PCB memory is released and zeroed out // // Arguments: // pPCB - Pointer to port control block to be destroyed // // VOID ElCleanupPort ( IN PEAPOL_PCB pPCB ) { DWORD dwRetCode = NO_ERROR; TRACE1 (PORT, "ElCleanupPort entered for %ws", pPCB->pwszDeviceGUID); if (pPCB->pwszDeviceGUID != NULL) { FREE (pPCB->pwszDeviceGUID); } if (pPCB->pwszFriendlyName) { FREE (pPCB->pwszFriendlyName); } if (pPCB->pwszEapReplyMessage != NULL) { FREE (pPCB->pwszEapReplyMessage); } if (pPCB->pwszSSID != NULL) { FREE (pPCB->pwszSSID); } if (pPCB->pSSID != NULL) { FREE (pPCB->pSSID); } if (pPCB->EapUIData.pEapUIData != NULL) { FREE (pPCB->EapUIData.pEapUIData); } if (pPCB->MasterSecretSend.cbData != 0) { FREE (pPCB->MasterSecretSend.pbData); pPCB->MasterSecretSend.cbData = 0; pPCB->MasterSecretSend.pbData = NULL; } if (pPCB->MasterSecretRecv.cbData != 0) { FREE (pPCB->MasterSecretRecv.pbData); pPCB->MasterSecretRecv.cbData = 0; pPCB->MasterSecretRecv.pbData = NULL; } if (pPCB->MPPESendKey.cbData != 0) { FREE (pPCB->MPPESendKey.pbData); pPCB->MPPESendKey.cbData = 0; pPCB->MPPESendKey.pbData = NULL; } if (pPCB->MPPERecvKey.cbData != 0) { FREE (pPCB->MPPERecvKey.pbData); pPCB->MPPERecvKey.cbData = 0; pPCB->MPPERecvKey.pbData = NULL; } if (pPCB->hUserToken != NULL) { if (!CloseHandle (pPCB->hUserToken)) { dwRetCode = GetLastError (); TRACE1 (PORT, "ElCleanupPort: CloseHandle failed with error %ld", dwRetCode); dwRetCode = NO_ERROR; } } pPCB->hUserToken = NULL; if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); } if (pPCB->PasswordBlob.pbData != NULL) { FREE (pPCB->PasswordBlob.pbData); } if (pPCB->pCustomAuthUserData != NULL) { FREE (pPCB->pCustomAuthUserData); } if (pPCB->pCustomAuthConnData != NULL) { FREE (pPCB->pCustomAuthConnData); } if (pPCB->pbPreviousEAPOLPkt != NULL) { FREE (pPCB->pbPreviousEAPOLPkt); } if (READ_WRITE_LOCK_CREATED(&(pPCB->rwLock))) { DELETE_READ_WRITE_LOCK(&(pPCB->rwLock)); } ZeroMemory ((PVOID)pPCB, sizeof(EAPOL_PCB)); FREE (pPCB); pPCB = NULL; InterlockedDecrement (&g_lPCBContextsAlive); TRACE0 (PORT, "ElCleanupPort completed"); return; } // // ElReStartPort // // Description: // // Function called to reset the EAPOL state machine to Connecting state // This may be called due to: // 1. From ElCreatePort, for an existing PCB // 2. Configuration parameters may have changed. Initialization // is required to allow new values to take effect. // Initialization will take the EAPOL state to CONNECTING // // Arguments: // pPCB - Pointer to port control block to be initialized // // Return values: // NO_ERROR - success // non-zero - error // DWORD ElReStartPort ( IN EAPOL_PCB *pPCB, IN DWORD dwZeroConfigId, IN PRAW_DATA prdUserData ) { DWORD dwSizeofSSID = 0; DWORD dwSizeofMacAddr = 0; DWORD dwCurrenTickCount = 0; EAPOL_ZC_INTF *pZCData = NULL; NIC_STATISTICS NicStatistics; NDIS_802_11_SSID PreviousSSID; BOOLEAN fResetCredentials = TRUE; BYTE bTmpDestMacAddr[SIZE_MAC_ADDR]; NDIS_802_11_NETWORK_INFRASTRUCTURE InfrastructureMode = Ndis802_11InfrastructureMax; DWORD dwSizeOfInfrastructureMode = 0; DWORD dwRetCode = NO_ERROR; TRACE1 (PORT, "ElReStartPort: Entered: Refcnt = %ld", pPCB->dwRefCount); do { ACQUIRE_WRITE_LOCK (&pPCB->rwLock); if (EAPOL_PORT_DELETED(pPCB)) { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); TRACE1 (PORT, "ElReStartPort: PCB already marked deleted for Port %ws", pPCB->pwszDeviceGUID); break; } pPCB->dwFlags = EAPOL_PORT_FLAG_ACTIVE; // Set current authentication mode, based on administrative setting pPCB->PreviousAuthenticationType = EAPOL_UNAUTHENTICATED_ACCESS; if (prdUserData != NULL) { if ((prdUserData->dwDataLen >= sizeof (EAPOL_ZC_INTF)) && (prdUserData->pData != NULL)) { // Extract information stored with Zero-Config pZCData = (PEAPOL_ZC_INTF) prdUserData->pData; pPCB->dwAuthFailCount = pZCData->dwAuthFailCount; pPCB->PreviousAuthenticationType = pZCData->PreviousAuthenticationType; TRACE2 (PORT, "ElReStartPort: prdUserData: Authfailcount = %ld, PreviousAuthType = %ld", pZCData->dwAuthFailCount, pZCData->PreviousAuthenticationType); } else { // Reset for zeroed out prdUserData pPCB->dwAuthFailCount = 0; TRACE0 (PORT, "ElReStartPort: prdUserData not valid"); } } pPCB->EapUIState = 0; pPCB->dwTotalMaxAuthFailCount = EAPOL_TOTAL_MAX_AUTH_FAIL_COUNT; pPCB->dwZeroConfigId = dwZeroConfigId; pPCB->ulStartCount = 0; pPCB->dwPreviousId = 256; pPCB->dwLogoffSent = 0; pPCB->ullLastReplayCounter = 0; pPCB->fAuthenticationOnNewNetwork = FALSE; // Clean out CustomAuthData since EAP type may have changed // During authentication, CustomAuthData for the connection will be // picked up again if (pPCB->pCustomAuthConnData != NULL) { FREE (pPCB->pCustomAuthConnData); pPCB->pCustomAuthConnData = NULL; } // Parameters initialization memcpy(pPCB->bEtherType, &g_bEtherType8021X[0], SIZE_ETHERNET_TYPE); pPCB->bProtocolVersion = DEFAULT_8021X_VERSION; // Not yet received 802.1X packet from remote end pPCB->fIsRemoteEndEAPOLAware = FALSE; // Set EAPOL timeout values ACQUIRE_WRITE_LOCK (&g_EAPOLConfig); pPCB->EapolConfig.dwheldPeriod = g_dwheldPeriod; pPCB->EapolConfig.dwauthPeriod = g_dwauthPeriod; pPCB->EapolConfig.dwstartPeriod = g_dwstartPeriod; pPCB->EapolConfig.dwmaxStart = g_dwmaxStart; RELEASE_WRITE_LOCK (&g_EAPOLConfig); ZeroMemory ((PVOID)&NicStatistics, sizeof(NIC_STATISTICS)); if ((dwRetCode = ElGetInterfaceNdisStatistics ( pPCB->pwszDeviceGUID, &NicStatistics )) != NO_ERROR) { RELEASE_WRITE_LOCK (&pPCB->rwLock); TRACE1(PORT, "ElReStartPort: ElGetInterfaceNdisStatistics failed with error %ld", dwRetCode); break; } pPCB->MediaState = NicStatistics.MediaState; ZeroMemory ((BYTE *)&PreviousSSID, sizeof(NDIS_802_11_SSID)); if (pPCB->pSSID != NULL) { memcpy ((BYTE *)&PreviousSSID, (BYTE *)pPCB->pSSID, sizeof(NDIS_802_11_SSID)); } // Get the Remote Mac address if possible, since we may have roamed if (pPCB->PhysicalMediumType == NdisPhysicalMediumWirelessLan) { // Since authentication is to be restarted, flag that transmit // key was not received pPCB->fTransmitKeyReceived = FALSE; dwSizeOfInfrastructureMode = sizeof (InfrastructureMode); // Get the infrastructure mode // 802.1x cannot work on Adhoc networks if (dwRetCode = ElNdisuioQueryOIDValue ( pPCB->hPort, OID_802_11_INFRASTRUCTURE_MODE, (BYTE *)&InfrastructureMode, &dwSizeOfInfrastructureMode ) != NO_ERROR) { RELEASE_WRITE_LOCK (&pPCB->rwLock); TRACE1 (PORT, "ElReStartPort: ElNdisuioQueryOIDValue for OID_802_11_INFRASTRUCTURE_MODE failed with error %ld", dwRetCode); break; } else { TRACE1 (PORT, "ElReStartPort: ElNdisuioQueryOIDValue for OID_802_11_INFRASTRUCTURE_MODE successful, Mode = (%ld)", InfrastructureMode); } if (InfrastructureMode != Ndis802_11Infrastructure) { dwRetCode = ERROR_NOT_SUPPORTED; RELEASE_WRITE_LOCK (&pPCB->rwLock); TRACE0 (PORT, "ElReStartPort: 802.1x cannot work on non-infrastructure networks"); break; } ZeroMemory (bTmpDestMacAddr, SIZE_MAC_ADDR); dwSizeofMacAddr = SIZE_MAC_ADDR; if (dwRetCode = ElNdisuioQueryOIDValue ( pPCB->hPort, OID_802_11_BSSID, bTmpDestMacAddr, &dwSizeofMacAddr ) != NO_ERROR) { RELEASE_WRITE_LOCK (&pPCB->rwLock); TRACE1 (PORT, "ElReStartPort: ElNdisuioQueryOIDValue for OID_802_11_BSSID failed with error %ld", dwRetCode); break; } else { TRACE0 (PORT, "ElReStartPort: ElNdisuioQueryOIDValue for OID_802_11_BSSID successful"); EAPOL_DUMPBA (bTmpDestMacAddr, dwSizeofMacAddr); } memcpy (pPCB->bDestMacAddr, bTmpDestMacAddr, SIZE_MAC_ADDR); // Query the SSID if media_connect if (pPCB->pSSID != NULL) { FREE (pPCB->pSSID); pPCB->pSSID = NULL; } if ((pPCB->pSSID = MALLOC (NDIS_802_11_SSID_LEN)) == NULL) { RELEASE_WRITE_LOCK (&pPCB->rwLock); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (PORT, "ElReStartPort: MALLOC failed for pSSID"); break; } dwSizeofSSID = NDIS_802_11_SSID_LEN; if (dwRetCode = ElNdisuioQueryOIDValue ( pPCB->hPort, OID_802_11_SSID, (BYTE *)pPCB->pSSID, &dwSizeofSSID ) != NO_ERROR) { RELEASE_WRITE_LOCK (&pPCB->rwLock); TRACE1 (PORT, "ElReStartPort: ElNdisuioQueryOIDValue for OID_802_11_SSID failed with error %ld", dwRetCode); break; } else { if (pPCB->pSSID->SsidLength > MAX_SSID_LEN) { RELEASE_WRITE_LOCK (&pPCB->rwLock); dwRetCode = ERROR_INVALID_PARAMETER; TRACE0 (PORT, "ElReStartPort: ElNdisuioQueryOIDValue OID_802_11_SSID returned invalid SSID"); break; } TRACE0 (PORT, "ElReStartPort: ElNdisuioQueryOIDValue for OID_802_11_SSID successful"); EAPOL_DUMPBA (pPCB->pSSID->Ssid, pPCB->pSSID->SsidLength); } } // Retain credentials if on same network if (pPCB->pSSID != NULL) { if (!memcmp ((BYTE *)pPCB->pSSID, (BYTE *)&PreviousSSID, sizeof(NDIS_802_11_SSID))) { fResetCredentials = FALSE; } } if (fResetCredentials) { pPCB->fGotUserIdentity = FALSE; if (pPCB->PasswordBlob.pbData != NULL) { FREE (pPCB->PasswordBlob.pbData); pPCB->PasswordBlob.pbData = NULL; pPCB->PasswordBlob.cbData = 0; } if (pPCB->hUserToken != NULL) { if (!CloseHandle (pPCB->hUserToken)) { dwRetCode = GetLastError (); TRACE1 (PORT, "ElReStartPort: CloseHandle failed with error %ld", dwRetCode); dwRetCode = NO_ERROR; } } pPCB->hUserToken = NULL; } else { // If this is the same SSID refresh the Master Secret with the // last copy of MPPE Keys. If re-keying has stomped on keys, this // will ensure that with the new AP with IAPP, the keys will // be same on the supplicant too if ((dwRetCode = ElReloadMasterSecrets (pPCB)) != NO_ERROR) { RELEASE_WRITE_LOCK (&pPCB->rwLock); TRACE1 (PORT, "ElReStartPort: ElReloadMasterSecret failed with error %ld", dwRetCode); break; } } // Initialize per port information from registry if ((dwRetCode = ElReadPerPortRegistryParams(pPCB->pwszDeviceGUID, pPCB)) != NO_ERROR) { RELEASE_WRITE_LOCK (&pPCB->rwLock); TRACE1(PORT, "ElReStartPort: ElReadPerPortRegistryParams failed with error %ld", dwRetCode); break; } // Set correct supplicant mode switch (pPCB->dwSupplicantMode) { case SUPPLICANT_MODE_0: case SUPPLICANT_MODE_1: case SUPPLICANT_MODE_2: pPCB->fEAPOLTransmissionFlag = FALSE; break; case SUPPLICANT_MODE_3: pPCB->fEAPOLTransmissionFlag = TRUE; break; } // Unicast mode, can talk with peer without broadcast messages if (pPCB->PhysicalMediumType == NdisPhysicalMediumWirelessLan) { pPCB->fEAPOLTransmissionFlag = TRUE; } if ((!IS_EAPOL_ENABLED(pPCB->dwEapFlags)) || (pPCB->dwSupplicantMode == SUPPLICANT_MODE_0)) { TRACE0 (PORT, "ElReStartPort: Marking port as disabled"); pPCB->dwFlags &= ~EAPOL_PORT_FLAG_ACTIVE; pPCB->dwFlags |= EAPOL_PORT_FLAG_DISABLED; } if ((pPCB->MediaState == MEDIA_STATE_CONNECTED) && EAPOL_PORT_ACTIVE(pPCB)) { // Set port to EAPOLSTATE_CONNECTING State // Send out EAPOL_Start Packets to detect if it is a secure // or non-secure LAN based on response received from remote end if ((dwRetCode = FSMConnecting (pPCB, NULL)) != NO_ERROR) { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); TRACE1 (PORT, "ElReStartPort: FSMConnecting failed with error %ld", dwRetCode); break; } } else { // Set port to EAPOLSTATE_DISCONNECTED State if ((dwRetCode = FSMDisconnected (pPCB, NULL)) != NO_ERROR) { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); TRACE1 (PORT, "ElReStartPort: FSMDisconnected failed with error %ld", dwRetCode); break; } } RELEASE_WRITE_LOCK (&pPCB->rwLock); } while (FALSE); return dwRetCode; } // // ElEAPOLDeInit // // Description: // // Function called to shutdown EAPOL module // Shutdown EAP. // Cleanup all used memory // // Arguments: // // Return values: // NO_ERROR - success // non-zero - error // // DWORD ElEAPOLDeInit ( ) { EAPOL_PCB *pPCBWalker = NULL; EAPOL_PCB *pPCB = NULL; DWORD dwIndex = 0; HANDLE hLocalTimerQueue = NULL; HANDLE hNULL = NULL; HANDLE hTimer = NULL; DWORD dwRetCode = NO_ERROR; TRACE0 (PORT, "ElEAPOLDeInit entered"); do { // Walk the hash table // Mark PCBs as deleted. Free PCBs which we can ACQUIRE_WRITE_LOCK (&(g_PCBLock)); for (dwIndex = 0; dwIndex < PORT_TABLE_BUCKETS; dwIndex++) { pPCBWalker = g_PCBTable.pPCBBuckets[dwIndex].pPorts; while (pPCBWalker != NULL) { pPCB = pPCBWalker; pPCBWalker = pPCB->pNext; ACQUIRE_WRITE_LOCK (&(pPCB->rwLock)); // Send out Logoff Packet so that no one else can // ride on the connection // If the mode does not allow EAPOL_Logoff packet to sent // out, there is not much that can be done to break the // connection FSMLogoff (pPCB, NULL); // Mark the PCB as deleted and remove it from the hash bucket pPCB->dwFlags = EAPOL_PORT_FLAG_DELETED; ElRemovePCBFromTable(pPCB); // Shutdown EAP ElEapEnd (pPCB); hTimer = pPCB->hTimer; RELEASE_WRITE_LOCK (&(pPCB->rwLock)); if (InterlockedCompareExchangePointer ( &g_hTimerQueue, NULL, NULL )) { TRACE2 (PORT, "ElEAPOLDeInit: DeleteTimer (%p), queue (%p)", hTimer, g_hTimerQueue); DELETE_TIMER (hTimer, INVALID_HANDLE_VALUE, &dwRetCode); if (dwRetCode != NO_ERROR) { TRACE1 (PORT, "ElEAPOLDeInit: DeleteTimer 1 failed with error %ld", dwRetCode); } } ACQUIRE_WRITE_LOCK (&(pPCB->rwLock)); // Close the handle to the NDISUIO driver if ((dwRetCode = ElCloseInterfaceHandle ( pPCB->hPort, pPCB->pwszDeviceGUID)) != NO_ERROR) { TRACE1 (DEVICE, "ElEAPOLDeInit: Error in ElCloseInterfaceHandle %d", dwRetCode); } RELEASE_WRITE_LOCK (&(pPCB->rwLock)); InterlockedIncrement (&g_lPCBContextsAlive); EAPOL_DEREFERENCE_PORT (pPCB); } } RELEASE_WRITE_LOCK (&(g_PCBLock)); do { TRACE1 (PORT, "ElEAPOLDeInit: Waiting for %ld PCB contexts to terminate ...", g_lPCBContextsAlive); Sleep (1000); } while (g_lPCBContextsAlive != 0); // Delete EAPOL config lock if (READ_WRITE_LOCK_CREATED(&(g_EAPOLConfig))) { DELETE_READ_WRITE_LOCK(&(g_EAPOLConfig)); } // Delete global PCB table lock if (READ_WRITE_LOCK_CREATED(&(g_PCBLock))) { DELETE_READ_WRITE_LOCK(&(g_PCBLock)); } if (g_PCBTable.pPCBBuckets != NULL) { FREE (g_PCBTable.pPCBBuckets); g_PCBTable.pPCBBuckets = NULL; } // Delete global timer queue if (g_hTimerQueue != NULL) { hLocalTimerQueue = InterlockedExchangePointer ( &g_hTimerQueue, hNULL ); if (!DeleteTimerQueueEx( hLocalTimerQueue, INVALID_HANDLE_VALUE // Wait for ALL timer callbacks to complete )) { dwRetCode = GetLastError(); TRACE1 (PORT, "ElEAPOLDeInit: Error in DeleteTimerQueueEx = %d", dwRetCode); } } // Un-initialize EAP if ((dwRetCode = ElEapInit(FALSE)) != NO_ERROR) { TRACE1 (PORT, "ElEAPOLDeInit: Error in ElEapInit(FALSE) = %ld", dwRetCode); break; } } while (FALSE); TRACE1 (PORT, "ElEAPOLDeInit completed, RetCode = %d", dwRetCode); return dwRetCode; } // // Currently Unsupported // Read EAPOL statistics for the port // VOID ElReadPortStatistics ( IN WCHAR *pwszDeviceGUID, OUT PEAPOL_STATS pEapolStats ) { } // // Currently Unsupported // Read EAPOL Port Configuration for the mentioned port // VOID ElReadPortConfiguration ( IN WCHAR *pwszDeviceGUID, OUT PEAPOL_CONFIG pEapolConfig ) { } // // Currently Unsupported // Set EAPOL Port Configuration for the mentioned port // DWORD ElSetPortConfiguration ( IN WCHAR *pwszDeviceGUID, IN PEAPOL_CONFIG pEapolConfig ) { DWORD dwRetCode = NO_ERROR; return dwRetCode; } // // ElReadCompletionRoutine // // Description: // // This routine is invoked upon completion of an OVERLAPPED read operation // on an interface on which EAPOL is running // // The message read is validated and processed, and if necessary, // a reply is generated and sent out // // Arguments: // dwError - Win32 status code for the I/O operation // // dwBytesTransferred - number of bytes in 'pEapolBuffer' // // pEapolBuffer - holds data read from the datagram socket // // Notes: // A reference to the component will have been made on our behalf // by ElReadPort(). Hence g_PCBLock, will not be required // to be taken since current PCB existence is guaranteed // VOID CALLBACK ElReadCompletionRoutine ( DWORD dwError, DWORD dwBytesReceived, EAPOL_BUFFER *pEapolBuffer ) { EAPOL_PCB *pPCB; DWORD dwRetCode; pPCB = (EAPOL_PCB *)pEapolBuffer->pvContext; TRACE1 (PORT, "ElReadCompletionRoutine entered, %ld bytes recvd", dwBytesReceived); do { if (dwError) { // Error in read request TRACE2 (PORT, "ElReadCompletionRoutine: Error %d on port %ws", dwError, pPCB->pwszDeviceGUID); // Having a ref count from the read posted, guarantees existence // of PCB. Hence no need to acquire g_PCBLock ACQUIRE_WRITE_LOCK (&(pPCB->rwLock)); if (EAPOL_PORT_DELETED(pPCB)) { TRACE1 (PORT, "ElReadCompletionRoutine: Port %ws not active", pPCB->pwszDeviceGUID); // Port is not active, release Context buffer RELEASE_WRITE_LOCK (&(pPCB->rwLock)); FREE (pEapolBuffer); } else { TRACE1 (PORT, "ElReadCompletionRoutine: Reposting buffer on port %ws", pPCB->pwszDeviceGUID); // Repost buffer for another read operation // Free the current buffer, ElReadFromPort creates a new // buffer FREE(pEapolBuffer); if ((dwRetCode = ElReadFromPort ( pPCB, NULL, 0 )) != NO_ERROR) { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); TRACE1 (PORT, "ElReadCompletionRoutine: ElReadFromPort 1 error %d", dwRetCode); break; } RELEASE_WRITE_LOCK (&(pPCB->rwLock)); } break; } // Successful read completion ACQUIRE_WRITE_LOCK (&(pPCB->rwLock)); if (EAPOL_PORT_DELETED(pPCB)) { // Port is not active RELEASE_WRITE_LOCK (&(pPCB->rwLock)); FREE (pEapolBuffer); TRACE1 (PORT, "ElReadCompletionRoutine: Port %ws is inactive", pPCB->pwszDeviceGUID); break; } RELEASE_WRITE_LOCK (&(pPCB->rwLock)); // Queue a work item to the Thread Pool to execute in the // I/O component. Callbacks from BindIoCompletionCallback do not // guarantee to be running in I/O component. So, on a non I/O // component thread may die while requests are pending. // (Refer to Jeffrey Richter, pg 416, Programming Applications for // Microsoft Windows, Fourth Edition // pEapolBuffer will be the context for the function // since it stores all relevant information for processing // i.e. pBuffer, dwBytesTransferred, pContext => pPCB InterlockedIncrement (&g_lWorkerThreads); if (!QueueUserWorkItem ( (LPTHREAD_START_ROUTINE)ElProcessReceivedPacket, (PVOID)pEapolBuffer, WT_EXECUTELONGFUNCTION )) { InterlockedDecrement (&g_lWorkerThreads); FREE (pEapolBuffer); dwRetCode = GetLastError(); TRACE1 (PORT, "ElReadCompletionRoutine: Critical error: QueueUserWorkItem failed with error %ld", dwRetCode); break; } else { //TRACE1 (PORT, "ElReadCompletionRoutine: QueueUserWorkItem work item queued for port %p", //pPCB); // The received packet has still not been processed. // The ref count cannot be decrement, yet return; } } while (FALSE); TRACE2 (PORT, "ElReadCompletionRoutine: pPCB= %p, RefCnt = %ld", pPCB, pPCB->dwRefCount); // Decrement refcount for error cases EAPOL_DEREFERENCE_PORT(pPCB); } // // ElWriteCompletionRoutine // // Description: // // This routine is invoked upon completion of an OVERLAPPED write operation // on an interface on which EAPOL is running. // // // Arguments: // dwError - Win32 status code for the I/O operation // // dwBytesTransferred - number of bytes sent out // // pEapolBuffer - buffer sent to the WriteFile command // // Notes: // The reference count for the write operation is removed. // VOID CALLBACK ElWriteCompletionRoutine ( DWORD dwError, DWORD dwBytesSent, EAPOL_BUFFER *pEapolBuffer ) { PEAPOL_PCB pPCB = (PEAPOL_PCB)pEapolBuffer->pvContext; TRACE2 (DEVICE, "ElWriteCompletionRoutine sent out %d bytes with error %d", dwBytesSent, dwError); // No need to acquire locks, since PCB existence is guaranteed // by reference made when write was posted EAPOL_DEREFERENCE_PORT(pPCB); TRACE2 (PORT, "ElWriteCompletionRoutine: pPCB= %p, RefCnt = %ld", pPCB, pPCB->dwRefCount); FREE(pEapolBuffer); return; // Free Read/Write buffer area, if it is dynamically allocated // We have static Read-write buffer for now } // // ElIoCompletionRoutine // // Description: // // Callback function defined to BindIoCompletionCallback // This routine is invoked by the I/O system upon completion of a read/write // operation // This routine in turn calls ElReadCompletionRoutine or // ElWriteCompletionRoutine depending on what command invoked the // I/O operation i.e. ReadFile or WriteFile // // Input arguments: // dwError - system-supplied error code // dwBytesTransferred - system-supplied byte-count // lpOverlapped - called-supplied context area // // Return values: // VOID CALLBACK ElIoCompletionRoutine ( DWORD dwError, DWORD dwBytesTransferred, LPOVERLAPPED lpOverlapped ) { PEAPOL_BUFFER pBuffer = CONTAINING_RECORD (lpOverlapped, EAPOL_BUFFER, Overlapped); TRACE1 (DEVICE, "ElIoCompletionRoutine called, %ld bytes xferred", dwBytesTransferred); pBuffer->dwErrorCode = dwError; pBuffer->dwBytesTransferred = dwBytesTransferred; pBuffer->CompletionRoutine ( pBuffer->dwErrorCode, pBuffer->dwBytesTransferred, pBuffer ); return; } // // ElReadFromPort // // Description: // // Function to read EAPOL packets from a port // // Arguments: // pPCB - Pointer to PCB for port on which read is to be performed // pBuffer - unused // dwBufferLength - unused // // Return values: // // Locks: // pPCB->rw_Lock should be acquired before calling this function // DWORD ElReadFromPort ( IN PEAPOL_PCB pPCB, IN PCHAR pBuffer, IN DWORD dwBufferLength ) { PEAPOL_BUFFER pEapolBuffer; DWORD dwRetCode = NO_ERROR; TRACE0 (PORT, "ElReadFromPort entered"); // Allocate Context buffer if ((pEapolBuffer = (PEAPOL_BUFFER) MALLOC (sizeof(EAPOL_BUFFER))) == NULL) { TRACE0 (PORT, "ElReadFromPort: Error in memory allocation"); return ERROR_NOT_ENOUGH_MEMORY; } // Initialize Context data used in Overlapped operations pEapolBuffer->pvContext = (PVOID)pPCB; pEapolBuffer->CompletionRoutine = ElReadCompletionRoutine; // Make a reference to the port // this reference is released in the completion routine if (!EAPOL_REFERENCE_PORT(pPCB)) { //RELEASE_WRITE_LOCK (&(g_PCBLock)); TRACE0 (PORT, "ElReadFromPort: Unable to obtain reference to port"); FREE (pEapolBuffer); return ERROR_CAN_NOT_COMPLETE; } TRACE2 (DEVICE, "ElReadFromPort: pPCB = %p, RefCnt = %ld", pPCB, pPCB->dwRefCount); // Read from the NDISUIO interface corresponding to this port if ((dwRetCode = ElReadFromInterface( pPCB->hPort, pEapolBuffer, MAX_PACKET_SIZE - SIZE_ETHERNET_CRC // read the maximum data possible )) != NO_ERROR) { TRACE1 (DEVICE, "ElReadFromPort: Error in ElReadFromInterface = %d", dwRetCode); FREE(pEapolBuffer); // Decrement refcount just incremented, since it will not be // decremented in ReadCompletionRoutine which is not called EAPOL_DEREFERENCE_PORT(pPCB); TRACE2 (PORT, "ElReadFromPort: pPCB= %p, RefCnt = %ld", pPCB, pPCB->dwRefCount); } return dwRetCode; } // // ElWriteToPort // // Description: // // Function to write EAPOL packets to a port // // Input arguments: // pPCB - Pointer to PCB for port on which write is to be performed // pBuffer - Pointer to data to be sent out // dwBufferLength - Number of bytes to be sent out // // Return values: // // Locks: // pPCB->rw_Lock should be acquired before calling this function // DWORD ElWriteToPort ( IN PEAPOL_PCB pPCB, IN PCHAR pBuffer, IN DWORD dwBufferLength ) { PEAPOL_BUFFER pEapolBuffer; PETH_HEADER pEthHeader; DWORD dwTotalBytes = 0; DWORD dwRetCode = NO_ERROR; TRACE1 (PORT, "ElWriteToPort entered: Pkt Length = %ld", dwBufferLength); if ((pEapolBuffer = (PEAPOL_BUFFER) MALLOC (sizeof(EAPOL_BUFFER))) == NULL) { TRACE0 (PORT, "ElWriteToPort: Error in memory allocation"); return ERROR_NOT_ENOUGH_MEMORY; } // Initialize Context data used in Overlapped operations pEapolBuffer->pvContext = (PVOID)pPCB; pEapolBuffer->CompletionRoutine = ElWriteCompletionRoutine; pEthHeader = (PETH_HEADER)pEapolBuffer->pBuffer; // Copy the source MAC address and the destination MAC address memcpy ((PBYTE)pEthHeader->bDstAddr, (PBYTE)pPCB->bDestMacAddr, SIZE_MAC_ADDR); memcpy ((PBYTE)pEthHeader->bSrcAddr, (PBYTE)pPCB->bSrcMacAddr, SIZE_MAC_ADDR); // Validate packet length if ((dwBufferLength + sizeof(ETH_HEADER)) > (MAX_PACKET_SIZE - SIZE_ETHERNET_CRC)) { TRACE2 (PORT, "ElWriteToPort: Packetsize %d greater than maximum allowed", dwBufferLength, (MAX_PACKET_SIZE - SIZE_ETHERNET_CRC - sizeof(ETH_HEADER))); FREE (pEapolBuffer); return ERROR_BAD_LENGTH; } // Copy the EAPOL packet and body if (pBuffer != NULL) { memcpy ((PBYTE)((PBYTE)pEapolBuffer->pBuffer+sizeof(ETH_HEADER)), (PBYTE)pBuffer, dwBufferLength); } dwTotalBytes = dwBufferLength + sizeof(ETH_HEADER); ElParsePacket (pPCB, pEapolBuffer->pBuffer, dwTotalBytes, FALSE); // Buffer will be released by calling function // Write to the NDISUIO interface corresponding to this port // Make a reference to the port // this reference is released in the completion routine if (!EAPOL_REFERENCE_PORT(pPCB)) { TRACE0 (PORT, "ElWriteToPort: Unable to obtain reference to port"); FREE (pEapolBuffer); return ERROR_CAN_NOT_COMPLETE; } else { TRACE2 (DEVICE, "ElWriteToPort: pPCB = %p, RefCnt = %ld", pPCB, pPCB->dwRefCount); if ((dwRetCode = ElWriteToInterface ( pPCB->hPort, pEapolBuffer, dwTotalBytes )) != NO_ERROR) { FREE (pEapolBuffer); TRACE1 (PORT, "ElWriteToPort: Error %d", dwRetCode); // Decrement refcount incremented in this function, // since it will not be decremented in WriteCompletionRoutine // as it will never be called. EAPOL_DEREFERENCE_PORT(pPCB); TRACE2 (PORT, "ElWriteToPort: pPCB= %p, RefCnt = %ld", pPCB, pPCB->dwRefCount); return dwRetCode; } } //TRACE1 (PORT, "ElWriteToPort completed, dwRetCode =%d", dwRetCode); return dwRetCode; }