Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

2329 lines
71 KiB

/*++
Copyright (c) 2000, Microsoft Corporation
Module Name:
eluser.c
Abstract:
The module deals with functions related to user interaction, user logon
Revision History:
sachins, Apr 23 2000, Created
--*/
#include "pcheapol.h"
#pragma hdrstop
#define cszEapKeyRas TEXT("Software\\Microsoft\\RAS EAP\\UserEapInfo")
#define cszEapValue TEXT("EapInfo")
#ifndef EAPOL_SERVICE
#define cszModuleName TEXT("wzcsvc.dll")
#else
#define cszModuleName TEXT("eapol.exe")
#endif
//
// ElSessionChangeHandler
//
// Description:
//
// Function called to handle user session login/logoff/user-switching
//
// Arguments:
// pEventData - SCM event data
// dwEventType - SCM event type
//
VOID
ElSessionChangeHandler (
PVOID pEventData,
DWORD dwEventType
)
{
DWORD dwEventStatus = 0;
BOOLEAN fDecrWorkerThreadCount = FALSE;
LPTHREAD_START_ROUTINE pUserRoutine = NULL;
PVOID pvBuffer = NULL;
EAPOL_ZC_INTF ZCData;
DWORD dwRetCode = NO_ERROR;
do
{
if (g_hEventTerminateEAPOL == NULL)
{
dwRetCode = NO_ERROR;
break;
}
if (( dwEventStatus = WaitForSingleObject (
g_hEventTerminateEAPOL,
0)) == WAIT_FAILED)
{
dwRetCode = GetLastError ();
break;
}
if (dwEventStatus == WAIT_OBJECT_0)
{
dwRetCode = NO_ERROR;
break;
}
if (!(g_dwModulesStarted & LOGON_MODULE_STARTED))
{
break;
}
InterlockedIncrement (&g_lWorkerThreads);
fDecrWorkerThreadCount = TRUE;
if (pEventData)
{
WTSSESSION_NOTIFICATION* pswtsi = (WTSSESSION_NOTIFICATION*)pEventData;
DWORD dwSessionId = pswtsi->dwSessionId;
switch (dwEventType)
{
case WTS_CONSOLE_CONNECT:
case WTS_REMOTE_CONNECT:
{
TRACE1 (USER,"ElSessionChangeHandler: CONNECT for session = (%ld)\n",
dwSessionId);
pUserRoutine = ElUserLogonCallback;
break;
}
case WTS_CONSOLE_DISCONNECT:
case WTS_REMOTE_DISCONNECT:
{
TRACE1 (USER,"ElSessionChangeHandler: DISCONNECT for session = (%ld)\n",
dwSessionId);
pUserRoutine = ElUserLogoffCallback;
break;
}
case WTS_SESSION_LOGON:
{
TRACE1 (USER,"ElSessionChangeHandler: LOGON for session = (%ld)",
dwSessionId);
pUserRoutine = ElUserLogonCallback;
break;
}
case WTS_SESSION_LOGOFF:
{
TRACE1 (USER,"ElSessionChangeHandler: LOGOFF for session=(%ld)",
dwSessionId);
pUserRoutine = ElUserLogoffCallback;
break;
}
default:
break;
}
if (pUserRoutine == NULL)
{
break;
}
if ((pvBuffer = MALLOC (sizeof(DWORD))) == NULL)
{
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
break;
}
*((DWORD *)pvBuffer) = dwSessionId;
if (!QueueUserWorkItem (
(LPTHREAD_START_ROUTINE)pUserRoutine,
pvBuffer,
WT_EXECUTELONGFUNCTION))
{
dwRetCode = GetLastError();
TRACE1 (DEVICE, "ElSessionChangeHandler: QueueUserWorkItem failed with error %ld",
dwRetCode);
break;
}
else
{
fDecrWorkerThreadCount = FALSE;
}
}
}
while (FALSE);
if (fDecrWorkerThreadCount)
{
InterlockedDecrement (&g_lWorkerThreads);
}
if (dwRetCode != NO_ERROR)
{
if (pvBuffer != NULL)
{
FREE (pvBuffer);
}
}
}
//
// ElUserLogonCallback
//
// Description:
//
// Callback function invoked whenever a user logs in
// Will initiate authentication process on all ports of LAN class
// Credentials for the user in case of EAP-TLS can be obtained by
// acquiring user token
// For EAP-CHAP, WinLogon cerdentials will need to be supplied
//
// Arguments:
// None.
//
DWORD
WINAPI
ElUserLogonCallback (
IN PVOID pvContext
)
{
DWORD dwIndex = 0;
EAPOL_PCB *pPCB = NULL;
BOOL fSetCONNECTINGState = FALSE;
EAPOL_ZC_INTF ZCData;
DWORD dwRetCode = NO_ERROR;
TRACE1 (USER, "ElUserLogonCallback: UserloggedOn = %ld",
g_fUserLoggedOn);
do
{
if (g_fUserLoggedOn)
{
TRACE0 (USER, "ElUserLogonCallback: User logon already detected, returning without processing");
break;
}
if (pvContext == NULL)
{
break;
}
if (*((DWORD *)pvContext) != USER_SHARED_DATA->ActiveConsoleId)
{
TRACE1 (USER, "ElUserLogonCallback: Not active console id (%ld)",
*((DWORD *)pvContext));
break;
}
// Check if UserModule is ready for notifications
if (!g_fTrayIconReady)
{
if ((dwRetCode = ElCheckUserModuleReady ()) != NO_ERROR)
{
TRACE1 (USER, "ElUserLogonCallback: ElCheckUserModuleReady failed with error %ld",
dwRetCode);
if (dwRetCode == ERROR_BAD_IMPERSONATION_LEVEL)
{
break;
}
}
}
// Set global flag to indicate the user logged on
g_fUserLoggedOn = TRUE;
g_dwCurrentSessionId = *((DWORD *)pvContext);
ACQUIRE_WRITE_LOCK (&(g_PCBLock));
for (dwIndex = 0; dwIndex < PORT_TABLE_BUCKETS; dwIndex++)
{
for (pPCB = g_PCBTable.pPCBBuckets[dwIndex].pPorts;
pPCB != NULL;
pPCB = pPCB->pNext)
{
fSetCONNECTINGState = FALSE;
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
switch (pPCB->dwEAPOLAuthMode)
{
case EAPOL_AUTH_MODE_0:
if (pPCB->State == EAPOLSTATE_AUTHENTICATED)
{
if (pPCB->PreviousAuthenticationType ==
EAPOL_UNAUTHENTICATED_ACCESS)
{
fSetCONNECTINGState = TRUE;
}
}
else
{
(VOID) ElEapEnd (pPCB);
fSetCONNECTINGState = TRUE;
}
break;
case EAPOL_AUTH_MODE_1:
(VOID) ElEapEnd (pPCB);
fSetCONNECTINGState = TRUE;
break;
case EAPOL_AUTH_MODE_2:
// Do nothing
break;
}
if (!EAPOL_PORT_ACTIVE(pPCB))
{
TRACE1 (USER, "ElUserLogonCallback: Port %ws not active",
pPCB->pwszDeviceGUID);
fSetCONNECTINGState = FALSE;
}
// Set port to EAPOLSTATE_CONNECTING
if (fSetCONNECTINGState)
{
DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB, EAPOL_USER_LOGON, pPCB->pwszFriendlyName);
// First send out EAPOL_Logoff message
if ((dwRetCode = FSMLogoff (pPCB, NULL))
!= NO_ERROR)
{
TRACE1 (USER, "ElUserLogonCallback: Error in FSMLogoff = %ld",
dwRetCode);
dwRetCode = NO_ERROR;
}
pPCB->dwAuthFailCount = 0;
// With unauthenticated access flag set, port will always
// reauthenticate for logged on user
pPCB->PreviousAuthenticationType =
EAPOL_UNAUTHENTICATED_ACCESS;
RELEASE_WRITE_LOCK (&(pPCB->rwLock));
// Restart authentication on the port
if ((dwRetCode = ElReStartPort (pPCB, 0, NULL)) != NO_ERROR)
{
TRACE1 (USER, "ElUserLogonCallback: MachineAuth: Error in ElReStartPort = %ld",
dwRetCode);
continue;
}
}
else
{
RELEASE_WRITE_LOCK (&(pPCB->rwLock));
continue;
}
}
}
RELEASE_WRITE_LOCK (&(g_PCBLock));
if (dwRetCode != NO_ERROR)
{
break;
}
} while (FALSE);
TRACE1 (USER, "ElUserLogonCallback: completed with error %ld", dwRetCode);
if (pvContext != NULL)
{
FREE (pvContext);
}
InterlockedDecrement (&g_lWorkerThreads);
return 0;
}
//
// ElUserLogoffCallback
//
// Description:
//
// Callback function invoked whenever a user logs off
// Will logoff from all ports which have authentication enabled
//
// Arguments:
// None.
//
DWORD
WINAPI
ElUserLogoffCallback (
IN PVOID pvContext
)
{
DWORD dwIndex = 0;
EAPOL_PCB *pPCB = NULL;
BOOL fSetCONNECTINGState = FALSE;
EAPOL_ZC_INTF ZCData;
DWORD dwRetCode = NO_ERROR;
do
{
if (!g_fUserLoggedOn)
{
TRACE0 (USER, "ElUserLogoffCallback: User logoff already called, returning without processing");
break;
}
if (pvContext == NULL)
{
break;
}
if (g_dwCurrentSessionId != *((DWORD *)pvContext))
{
TRACE1 (USER, "ElUserLogoffCallback: Not active console id (%ld)",
*((DWORD *)pvContext));
break;
}
// Reset global flag to indicate the user logged off
g_fUserLoggedOn = FALSE;
g_dwCurrentSessionId = 0xffffffff;
// Reset User Module ready flag
g_fTrayIconReady = FALSE;
TRACE1 (USER, "ElUserLogoffCallback: UserloggedOff = %ld",
g_fUserLoggedOn);
ACQUIRE_WRITE_LOCK (&(g_PCBLock));
for (dwIndex = 0; dwIndex < PORT_TABLE_BUCKETS; dwIndex++)
{
for (pPCB = g_PCBTable.pPCBBuckets[dwIndex].pPorts;
pPCB != NULL;
pPCB = pPCB->pNext)
{
fSetCONNECTINGState = FALSE;
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
switch (pPCB->dwEAPOLAuthMode)
{
case EAPOL_AUTH_MODE_0:
if (pPCB->State == EAPOLSTATE_AUTHENTICATED)
{
if (pPCB->PreviousAuthenticationType !=
EAPOL_MACHINE_AUTHENTICATION)
{
fSetCONNECTINGState = TRUE;
}
}
else
{
(VOID) ElEapEnd (pPCB);
fSetCONNECTINGState = TRUE;
}
break;
case EAPOL_AUTH_MODE_1:
(VOID) ElEapEnd (pPCB);
fSetCONNECTINGState = TRUE;
break;
case EAPOL_AUTH_MODE_2:
// Do nothing
break;
}
if (!EAPOL_PORT_ACTIVE(pPCB))
{
TRACE1 (USER, "ElUserLogoffCallback: Port %ws not active",
pPCB->pwszDeviceGUID);
fSetCONNECTINGState = FALSE;
}
// Set port to EAPOLSTATE_CONNECTING
if (fSetCONNECTINGState)
{
DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB,
EAPOL_USER_LOGOFF, pPCB->pwszFriendlyName);
// First send out EAPOL_Logoff message
if ((dwRetCode = FSMLogoff (pPCB, NULL))
!= NO_ERROR)
{
TRACE1 (USER, "ElUserLogoffCallback: Error in FSMLogoff = %ld",
dwRetCode);
dwRetCode = NO_ERROR;
}
pPCB->dwAuthFailCount = 0;
// With Unauthenticated_access, port will always
// reauthenticate
pPCB->PreviousAuthenticationType =
EAPOL_UNAUTHENTICATED_ACCESS;
RELEASE_WRITE_LOCK (&(pPCB->rwLock));
// Restart authentication on the port
if ((dwRetCode = ElReStartPort (pPCB, 0, NULL))
!= NO_ERROR)
{
TRACE1 (USER, "ElUserLogoffCallback: Error in ElReStartPort = %ld",
dwRetCode);
continue;
}
}
else
{
RELEASE_WRITE_LOCK (&(pPCB->rwLock));
continue;
}
}
}
RELEASE_WRITE_LOCK (&(g_PCBLock));
}
while (FALSE);
TRACE0 (USER, "ElUserLogoffCallback: completed");
if (pvContext != NULL)
{
FREE (pvContext);
}
InterlockedDecrement (&g_lWorkerThreads);
return 0;
}
//
// ElGetUserIdentity
//
// Description:
//
// Function called to initiate and get user identity on a particular
// interface. The RasEapGetIdentity in the appropriate DLL is called
// with the necessary arguments.
//
// Arguments:
// pPCB - Pointer to PCB for the specific port/interface
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORD
ElGetUserIdentity (
IN EAPOL_PCB *pPCB
)
{
HANDLE hLib = NULL;
RASEAPFREE pFreeFunc = NULL;
RASEAPGETIDENTITY pIdenFunc = NULL;
DWORD dwIndex = -1;
DWORD cbData = 0;
PBYTE pbAuthData = NULL;
PBYTE pbUserIn = NULL;
DWORD dwInSize = 0;
BYTE *pUserDataOut;
DWORD dwSizeOfUserDataOut;
LPWSTR lpwszIdentity = NULL;
CHAR *pszIdentity = NULL;
HWND hwndOwner = NULL;
DWORD dwFlags = 0;
BYTE *pbSSID = NULL;
DWORD dwSizeOfSSID = 0;
EAPOL_STATE TmpEAPOLState;
EAPOL_EAP_UI_CONTEXT *pEAPUIContext = NULL;
DWORD dwRetCode = NO_ERROR;
do
{
TRACE0 (USER, "ElGetUserIdentity entered");
if (!EAPOL_PORT_ACTIVE(pPCB))
{
TRACE1 (PORT, "ElGetUserIdentity: Port %ws not active",
pPCB->pwszDeviceGUID);
// Port is not active, cannot do further processing on this port
break;
}
if (pPCB->PreviousAuthenticationType != EAPOL_MACHINE_AUTHENTICATION)
{
// Get Access Token for user logged on interactively
if (pPCB->hUserToken != NULL)
{
if (!CloseHandle (pPCB->hUserToken))
{
dwRetCode = GetLastError ();
TRACE1 (USER, "ElGetUserIdentity: CloseHandle failed with error %ld",
dwRetCode);
break;
}
}
pPCB->hUserToken = NULL;
if ((dwRetCode = ElGetWinStationUserToken (g_dwCurrentSessionId, &pPCB->hUserToken)) != NO_ERROR)
{
TRACE1 (USER, "ElGetUserIdentity: ElGetWinStationUserToken failed with error (%ld)",
dwRetCode);
dwRetCode = ERROR_NO_TOKEN;
break;
}
//
// Try to fetch user identity without sending request to
// user module. If not possible, send request to user module
//
if ((dwRetCode = ElGetUserIdentityOptimized (pPCB))
!= ERROR_REQUIRES_INTERACTIVE_WINDOWSTATION)
{
TRACE0 (USER, "ElGetUserIdentity: ElGetUserIdentityOptimized got identity without user module intervention");
break;
}
if (!g_fTrayIconReady)
{
if ((dwRetCode = ElCheckUserModuleReady ()) != NO_ERROR)
{
TRACE1 (USER, "ElGetUserIdentity: ElCheckUserModuleReady failed with error %ld",
dwRetCode);
break;
}
}
if (!g_fTrayIconReady)
{
DbLogPCBEvent (DBLOG_CATEG_WARN, pPCB, EAPOL_WAITING_FOR_DESKTOP_LOAD);
dwRetCode = ERROR_IO_PENDING;
TRACE0 (USER, "ElGetUserIdentity: TrayIcon NOT ready");
break;
}
//
// Call GetUserIdentityDlgWorker
//
pEAPUIContext = MALLOC (sizeof(EAPOL_EAP_UI_CONTEXT));
if (pEAPUIContext == NULL)
{
TRACE0 (USER, "ElGetUserIdentity: MALLOC failed for pEAPUIContext");
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
break;
}
pEAPUIContext->dwEAPOLUIMsgType = EAPOLUI_GET_USERIDENTITY;
wcscpy (pEAPUIContext->wszGUID, pPCB->pwszDeviceGUID);
pPCB->dwUIInvocationId =
InterlockedIncrement(&(g_dwEAPUIInvocationId));
pEAPUIContext->dwSessionId = g_dwCurrentSessionId;
pEAPUIContext->dwContextId = pPCB->dwUIInvocationId;
pEAPUIContext->dwEapId = pPCB->bCurrentEAPId;
pEAPUIContext->dwEapTypeId = pPCB->dwEapTypeToBeUsed;
pEAPUIContext->dwEapFlags = pPCB->dwEapFlags;
if (pPCB->pwszSSID)
{
wcscpy (pEAPUIContext->wszSSID, pPCB->pwszSSID);
}
if (pPCB->pSSID)
{
pEAPUIContext->dwSizeOfSSID = pPCB->pSSID->SsidLength;
memcpy ((BYTE *)pEAPUIContext->bSSID, (BYTE *)pPCB->pSSID->Ssid,
NDIS_802_11_SSID_LEN-sizeof(ULONG));
}
// Have to notify state change before we post balloon
TmpEAPOLState = pPCB->State;
pPCB->State = EAPOLSTATE_ACQUIRED;
ElNetmanNotify (pPCB, EAPOL_NCS_CRED_REQUIRED, NULL);
// State is changed only in FSMAcquired
// Revert to original
pPCB->State = TmpEAPOLState;
// Post the message to netman
if ((dwRetCode = ElPostShowBalloonMessage (
pPCB,
sizeof(EAPOL_EAP_UI_CONTEXT),
(BYTE *)pEAPUIContext,
0,
NULL
)) != NO_ERROR)
{
TRACE1 (USER, "ElGetUserIdentity: ElPostShowBalloonMessage failed with error %ld",
dwRetCode);
break;
}
// Restart PCB timer since UI may take longer time than required
RESTART_TIMER (pPCB->hTimer,
INFINITE_SECONDS,
"PCB",
&dwRetCode);
if (dwRetCode != NO_ERROR)
{
break;
}
pPCB->EapUIState = EAPUISTATE_WAITING_FOR_IDENTITY;
DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB, EAPOL_WAITING_FOR_DESKTOP_IDENTITY);
// Return error code as pending, since credentials have still not
// been acquired
dwRetCode = ERROR_IO_PENDING;
}
else // MACHINE_AUTHENTICATION
{
pPCB->hUserToken = NULL;
// The EAP dll will have already been loaded by the state machine
// Retrieve the handle to the dll from the global EAP table
if ((dwIndex = ElGetEapTypeIndex (pPCB->dwEapTypeToBeUsed)) == -1)
{
TRACE1 (USER, "ElGetUserIdentity: ElGetEapTypeIndex finds no dll for EAP index %ld",
pPCB->dwEapTypeToBeUsed);
dwRetCode = ERROR_CAN_NOT_COMPLETE;
break;
}
hLib = g_pEapTable[dwIndex].hInstance;
pIdenFunc = (RASEAPGETIDENTITY)GetProcAddress(hLib,
"RasEapGetIdentity");
pFreeFunc = (RASEAPFREE)GetProcAddress(hLib, "RasEapFreeMemory");
if ((pFreeFunc == NULL) || (pIdenFunc == NULL))
{
TRACE0 (USER, "ElGetUserIdentity: pIdenFunc or pFreeFunc does not exist in the EAP implementation");
dwRetCode = ERROR_CAN_NOT_COMPLETE;
break;
}
if (pPCB->pSSID)
{
pbSSID = pPCB->pSSID->Ssid;
dwSizeOfSSID = pPCB->pSSID->SsidLength;
}
// Get the size of the EAP blob
if ((dwRetCode = ElGetCustomAuthData (
pPCB->pwszDeviceGUID,
pPCB->dwEapTypeToBeUsed,
dwSizeOfSSID,
pbSSID,
NULL,
&cbData
)) != NO_ERROR)
{
if (dwRetCode == ERROR_BUFFER_TOO_SMALL)
{
if (cbData <= 0)
{
// No EAP blob stored in the registry
TRACE0 (USER, "ElGetUserIdentity: NULL sized EAP blob: continue");
pbAuthData = NULL;
// Every port should have connection data !!!
dwRetCode = NO_ERROR;
}
else
{
// Allocate memory to hold the blob
pbAuthData = MALLOC (cbData);
if (pbAuthData == NULL)
{
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
TRACE0 (USER, "ElGetUserIdentity: Error in memory allocation for EAP blob");
break;
}
if ((dwRetCode = ElGetCustomAuthData (
pPCB->pwszDeviceGUID,
pPCB->dwEapTypeToBeUsed,
dwSizeOfSSID,
pbSSID,
pbAuthData,
&cbData
)) != NO_ERROR)
{
TRACE1 (USER, "ElGetUserIdentity: ElGetCustomAuthData failed with %ld",
dwRetCode);
break;
}
}
}
else
{
// CustomAuthData for "Default" is always created for an
// interface when EAPOL starts up
TRACE1 (USER, "ElGetUserIdentity: ElGetCustomAuthData size estimation failed with error %ld",
dwRetCode);
break;
}
}
if (pIdenFunc)
if ((dwRetCode = (*(pIdenFunc))(
pPCB->dwEapTypeToBeUsed,
hwndOwner, // hwndOwner
RAS_EAP_FLAG_MACHINE_AUTH, // dwFlags
NULL, // lpszPhonebook
pPCB->pwszFriendlyName, // lpszEntry
pbAuthData, // Connection data
cbData, // Count of pbAuthData
pbUserIn, // User data for port
dwInSize, // Size of user data
&pUserDataOut,
&dwSizeOfUserDataOut,
&lpwszIdentity
)) != NO_ERROR)
{
if (dwRetCode == ERROR_NO_EAPTLS_CERTIFICATE)
{
DbLogPCBEvent (DBLOG_CATEG_ERR, pPCB, EAPOL_NO_CERTIFICATE_MACHINE);
}
else
{
DbLogPCBEvent (DBLOG_CATEG_ERR, pPCB, EAPOL_ERROR_GET_IDENTITY, EAPOLAuthTypes[EAPOL_MACHINE_AUTHENTICATION], dwRetCode);
}
TRACE1 (USER, "ElGetUserIdentity: Error in calling GetIdentity = %ld",
dwRetCode);
break;
}
// Fill in the returned information into the PCB fields for
// later authentication
if (pPCB->pCustomAuthUserData != NULL)
{
FREE (pPCB->pCustomAuthUserData);
pPCB->pCustomAuthUserData = NULL;
}
pPCB->pCustomAuthUserData = MALLOC (dwSizeOfUserDataOut + sizeof (DWORD));
if (pPCB->pCustomAuthUserData == NULL)
{
TRACE1 (USER, "ElGetUserIdentity: Error in allocating memory for UserInfo = %ld",
dwRetCode);
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
break;
}
pPCB->pCustomAuthUserData->dwSizeOfCustomAuthData = dwSizeOfUserDataOut;
if ((dwSizeOfUserDataOut != 0) && (pUserDataOut != NULL))
{
memcpy ((BYTE *)pPCB->pCustomAuthUserData->pbCustomAuthData,
(BYTE *)pUserDataOut,
dwSizeOfUserDataOut);
}
if (lpwszIdentity != NULL)
{
pszIdentity = MALLOC (wcslen(lpwszIdentity)*sizeof(CHAR) + sizeof(CHAR));
if (pszIdentity == NULL)
{
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
TRACE0 (USER, "ElGetUserIdentity: MALLOC failed for pszIdentity");
break;
}
if (0 == WideCharToMultiByte (
CP_ACP,
0,
lpwszIdentity,
-1,
pszIdentity,
wcslen(lpwszIdentity)*sizeof(CHAR)+sizeof(CHAR),
NULL,
NULL ))
{
dwRetCode = GetLastError();
TRACE2 (USER, "ElGetUserIdentity: WideCharToMultiByte (%ws) failed: %ld",
lpwszIdentity, dwRetCode);
break;
}
TRACE1 (USER, "ElGetUserIdentity: Got identity = %s",
pszIdentity);
if (pPCB->pszIdentity != NULL)
{
FREE (pPCB->pszIdentity);
pPCB->pszIdentity = NULL;
}
pPCB->pszIdentity = MALLOC (strlen(pszIdentity) + sizeof(CHAR));
if (pPCB->pszIdentity == NULL)
{
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
TRACE0 (USER, "ElGetUserIdentity: MALLOC failed for pPCB->pszIdentity");
break;
}
memcpy (pPCB->pszIdentity, pszIdentity, strlen (pszIdentity));
pPCB->pszIdentity[strlen(pszIdentity)] = '\0';
}
if (pPCB->pCustomAuthConnData != NULL)
{
FREE (pPCB->pCustomAuthConnData);
pPCB->pCustomAuthConnData = NULL;
}
pPCB->pCustomAuthConnData = MALLOC (cbData + sizeof (DWORD));
if (pPCB->pCustomAuthConnData == NULL)
{
TRACE1 (USER, "ElGetUserIdentity: Error in allocating memory for AuthInfo = %ld",
dwRetCode);
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
break;
}
pPCB->pCustomAuthConnData->dwSizeOfCustomAuthData = cbData;
if ((cbData != 0) && (pbAuthData != NULL))
{
memcpy ((BYTE *)pPCB->pCustomAuthConnData->pbCustomAuthData,
(BYTE *)pbAuthData,
cbData);
}
// Mark the identity has been obtained for this PCB
pPCB->fGotUserIdentity = TRUE;
}
} while (FALSE);
// Cleanup
if ((dwRetCode != NO_ERROR) && (dwRetCode != ERROR_IO_PENDING))
{
if (pPCB->pCustomAuthUserData != NULL)
{
FREE (pPCB->pCustomAuthUserData);
pPCB->pCustomAuthUserData = NULL;
}
if (pPCB->pszIdentity != NULL)
{
FREE (pPCB->pszIdentity);
pPCB->pszIdentity = NULL;
}
}
if (pEAPUIContext != NULL)
{
FREE (pEAPUIContext);
}
if (pbUserIn != NULL)
{
FREE (pbUserIn);
}
if (pbAuthData != NULL)
{
FREE (pbAuthData);
}
if (pFreeFunc != NULL)
{
if (lpwszIdentity != NULL)
{
if (( dwRetCode = (*(pFreeFunc)) ((BYTE *)lpwszIdentity)) != NO_ERROR)
{
TRACE1 (USER, "ElGetUserIdentity: Error in pFreeFunc = %ld",
dwRetCode);
}
}
if (pUserDataOut != NULL)
{
if (( dwRetCode = (*(pFreeFunc)) ((BYTE *)pUserDataOut)) != NO_ERROR)
{
TRACE1 (USER, "ElGetUserIdentity: Error in pFreeFunc = %ld",
dwRetCode);
}
}
}
TRACE1 (USER, "ElGetUserIdentity completed with error %ld", dwRetCode);
return dwRetCode;
}
//
// ElProcessUserIdentityResponse
//
// Description:
//
// Function to handle UI response for ElGetUserIdentityResponse
//
// Arguments:
//
// Return values:
//
//
DWORD
ElProcessUserIdentityResponse (
IN EAPOL_EAP_UI_CONTEXT EapolUIContext,
IN EAPOLUI_RESP EapolUIResp
)
{
DWORD dwSizeOfIdentity = 0;
BYTE *pbIdentity = NULL;
DWORD dwSizeOfUserData = 0;
BYTE *pbUserData = NULL;
DWORD dwSizeofConnData = 0;
BYTE *pbConnData = NULL;
EAPOL_PCB *pPCB = NULL;
EAPOL_EAP_UI_CONTEXT *pEAPUIContext = NULL;
BOOLEAN fPortReferenced = FALSE;
BOOLEAN fPCBLocked = FALSE;
BOOLEAN fBlobCopyIncomplete = FALSE;
DWORD dwRetCode = NO_ERROR;
do
{
pEAPUIContext = (EAPOL_EAP_UI_CONTEXT *)&EapolUIContext;
ACQUIRE_WRITE_LOCK (&g_PCBLock);
if ((pPCB = ElGetPCBPointerFromPortGUID (pEAPUIContext->wszGUID)) != NULL)
{
if (EAPOL_REFERENCE_PORT (pPCB))
{
fPortReferenced = TRUE;
}
else
{
pPCB = NULL;
}
}
RELEASE_WRITE_LOCK (&g_PCBLock);
if (pPCB == NULL)
{
break;
}
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
fPCBLocked = TRUE;
if (!EAPOL_PORT_ACTIVE(pPCB))
{
TRACE1 (USER, "ElProcessUserIdentityResponse: Port %ws not active",
pPCB->pwszDeviceGUID);
// Port is not active, cannot do further processing on this port
break;
}
if (pEAPUIContext->dwRetCode != NO_ERROR)
{
DbLogPCBEvent (DBLOG_CATEG_ERR, pPCB,
EAPOL_ERROR_DESKTOP_IDENTITY, dwRetCode);
TRACE1 (USER, "ElProcessUserIdentityResponse: Error in Dialog function (%ld)",
pEAPUIContext->dwRetCode);
break;
}
if (pPCB->EapUIState != EAPUISTATE_WAITING_FOR_IDENTITY)
{
TRACE2 (USER, "ElProcessUserIdentityResponse: PCB EapUIState has changed to (%ld), expected = (%ld)",
pPCB->EapUIState, EAPUISTATE_WAITING_FOR_IDENTITY);
break;
}
if (pPCB->dwUIInvocationId != pEAPUIContext->dwContextId)
{
TRACE2 (USER, "ElProcessUserIdentityResponse: PCB UI Id has changed to (%ld), expected = (%ld)",
pPCB->dwUIInvocationId, pEAPUIContext->dwContextId);
// break;
}
if (pPCB->bCurrentEAPId != pEAPUIContext->dwEapId)
{
TRACE2 (USER, "ElProcessUserIdentityResponse: PCB EAP Id has changed to (%ld), expected = (%ld)",
pPCB->bCurrentEAPId, pEAPUIContext->dwEapId);
// break;
}
// Since the PCB context is right, restart PCB timer to timeout
// in authPeriod seconds
RESTART_TIMER (pPCB->hTimer,
pPCB->EapolConfig.dwauthPeriod,
"PCB",
&dwRetCode);
if (dwRetCode != NO_ERROR)
{
TRACE1 (USER, "ElProcessUserIdentityResponse: Error in RESTART_TIMER %ld",
dwRetCode);
break;
}
DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB, EAPOL_PROCESSING_DESKTOP_RESPONSE);
if ((EapolUIResp.rdData0.dwDataLen != 0) && (EapolUIResp.rdData0.pData != NULL))
{
dwSizeOfIdentity = EapolUIResp.rdData0.dwDataLen;
pbIdentity = EapolUIResp.rdData0.pData;
}
if ((EapolUIResp.rdData1.dwDataLen != 0) && (EapolUIResp.rdData1.pData != NULL))
{
dwSizeOfUserData = EapolUIResp.rdData1.dwDataLen;
pbUserData = EapolUIResp.rdData1.pData;
}
if ((EapolUIResp.rdData2.dwDataLen != 0) && (EapolUIResp.rdData2.pData != NULL))
{
dwSizeofConnData = EapolUIResp.rdData2.dwDataLen;
pbConnData = EapolUIResp.rdData2.pData;
}
fBlobCopyIncomplete = TRUE;
if (pPCB->pszIdentity != NULL)
{
FREE (pPCB->pszIdentity);
pPCB->pszIdentity = NULL;
}
if (pbIdentity != NULL)
{
pPCB->pszIdentity = MALLOC (dwSizeOfIdentity + sizeof(CHAR));
if (pPCB->pszIdentity == NULL)
{
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
TRACE0 (USER, "ElProcessUserIdentityResponse: MALLOC failed for pPCB->pszIdentity");
break;
}
memcpy (pPCB->pszIdentity, pbIdentity, dwSizeOfIdentity);
pPCB->pszIdentity[dwSizeOfIdentity] = '\0';
TRACE1 (USER, "ElProcessUserIdentityResponse: Got username = %s",
pPCB->pszIdentity);
}
if (pPCB->pCustomAuthUserData != NULL)
{
FREE (pPCB->pCustomAuthUserData);
pPCB->pCustomAuthUserData = NULL;
}
pPCB->pCustomAuthUserData = MALLOC (dwSizeOfUserData + sizeof (DWORD));
if (pPCB->pCustomAuthUserData == NULL)
{
TRACE1 (USER, "ElProcessUserIdentityResponse: Error in allocating memory for UserInfo = %ld",
dwRetCode);
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
break;
}
pPCB->pCustomAuthUserData->dwSizeOfCustomAuthData = dwSizeOfUserData;
if ((dwSizeOfUserData != 0) && (pbUserData != NULL))
{
memcpy ((BYTE *)pPCB->pCustomAuthUserData->pbCustomAuthData,
(BYTE *)pbUserData,
dwSizeOfUserData);
}
if (pPCB->pCustomAuthConnData != NULL)
{
FREE (pPCB->pCustomAuthConnData);
pPCB->pCustomAuthConnData = NULL;
}
pPCB->pCustomAuthConnData = MALLOC (dwSizeofConnData + sizeof (DWORD));
if (pPCB->pCustomAuthConnData == NULL)
{
TRACE1 (USER, "ElProcessUserIdentityResponse: Error in allocating memory for AuthInfo = %ld",
dwRetCode);
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
break;
}
pPCB->pCustomAuthConnData->dwSizeOfCustomAuthData = dwSizeofConnData;
if ((dwSizeofConnData != 0) && (pbConnData != NULL))
{
memcpy ((BYTE *)pPCB->pCustomAuthConnData->pbCustomAuthData,
(BYTE *)pbConnData,
dwSizeofConnData);
}
fBlobCopyIncomplete = FALSE;
if ((dwRetCode = ElCreateAndSendIdentityResponse (
pPCB, pEAPUIContext)) != NO_ERROR)
{
TRACE1 (USER, "ElProcessUserIdentityResponse: ElCreateAndSendIdentityResponse failed with error %ld",
dwRetCode);
break;
}
// Mark the identity has been obtained for this PCB
pPCB->fGotUserIdentity = TRUE;
// Reset the state if identity was obtained, else port will
// recover by itself
pPCB->EapUIState &= ~EAPUISTATE_WAITING_FOR_IDENTITY;
}
while (FALSE);
// Cleanup
if (dwRetCode != NO_ERROR)
{
if (fPCBLocked && fBlobCopyIncomplete)
{
if (pPCB->pCustomAuthUserData != NULL)
{
FREE (pPCB->pCustomAuthUserData);
pPCB->pCustomAuthUserData = NULL;
}
if (pPCB->pszIdentity != NULL)
{
FREE (pPCB->pszIdentity);
pPCB->pszIdentity = NULL;
}
}
}
if (fPCBLocked)
{
RELEASE_WRITE_LOCK (&(pPCB->rwLock));
}
if (fPortReferenced)
{
EAPOL_DEREFERENCE_PORT (pPCB);
}
return dwRetCode;
}
//
// ElGetUserNamePassword
//
// Description:
//
// Function called to get username, domain (if any) and password using
// an interactive dialog. Called if EAP-type is MD5
//
// Arguments:
// pPCB - Pointer to PCB for the port/interface on which credentials
// are to be obtained
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORD
ElGetUserNamePassword (
IN EAPOL_PCB *pPCB
)
{
EAPOL_EAP_UI_CONTEXT *pEAPUIContext = NULL;
DWORD dwRetCode = NO_ERROR;
do
{
TRACE0 (USER, "ElGetUserNamePassword entered");
if (!EAPOL_PORT_ACTIVE(pPCB))
{
TRACE1 (PORT, "ElGetUserNamePassword: Port %ws not active",
pPCB->pwszDeviceGUID);
// Port is not active, cannot do further processing on this port
break;
}
// Get Access Token for user logged on interactively
if (pPCB->hUserToken != NULL)
{
if (!CloseHandle (pPCB->hUserToken))
{
dwRetCode = GetLastError ();
TRACE1 (USER, "ElGetUserNamePassword: CloseHandle failed with error %ld",
dwRetCode);
break;
}
}
pPCB->hUserToken = NULL;
if ((dwRetCode = ElGetWinStationUserToken (g_dwCurrentSessionId, &pPCB->hUserToken)) != NO_ERROR)
{
TRACE1 (USER, "ElGetUserNamePassword: ElGetWinStationUserToken failed with error (%ld)",
dwRetCode);
dwRetCode = ERROR_NO_TOKEN;
break;
}
if (!g_fTrayIconReady)
{
if ((dwRetCode = ElCheckUserModuleReady ()) != NO_ERROR)
{
TRACE1 (USER, "ElGetUserNamePassword: ElCheckUserModuleReady failed with error %ld",
dwRetCode);
break;
}
}
if (!g_fTrayIconReady)
{
DbLogPCBEvent (DBLOG_CATEG_WARN, pPCB, EAPOL_WAITING_FOR_DESKTOP_LOAD);
dwRetCode = ERROR_IO_PENDING;
TRACE0 (USER, "ElGetUserNamePassword: TrayIcon NOT ready");
break;
}
//
// Call ElGetUserNamePasswordDlgWorker
//
pEAPUIContext = MALLOC (sizeof(EAPOL_EAP_UI_CONTEXT));
if (pEAPUIContext == NULL)
{
TRACE0 (USER, "ElGetUserNamePassword: MALLOC failed for pEAPUIContext");
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
break;
}
pEAPUIContext->dwEAPOLUIMsgType = EAPOLUI_GET_USERNAMEPASSWORD;
wcscpy (pEAPUIContext->wszGUID, pPCB->pwszDeviceGUID);
pPCB->dwUIInvocationId =
InterlockedIncrement(&(g_dwEAPUIInvocationId));
pEAPUIContext->dwSessionId = g_dwCurrentSessionId;
pEAPUIContext->dwContextId = pPCB->dwUIInvocationId;
pEAPUIContext->dwEapId = pPCB->bCurrentEAPId;
pEAPUIContext->dwEapTypeId = pPCB->dwEapTypeToBeUsed;
pEAPUIContext->dwEapFlags = pPCB->dwEapFlags;
if (pPCB->pSSID)
{
memcpy ((BYTE *)pEAPUIContext->bSSID, (BYTE *)pPCB->pSSID->Ssid,
NDIS_802_11_SSID_LEN-sizeof(ULONG));
pEAPUIContext->dwSizeOfSSID = pPCB->pSSID->SsidLength;
}
if (pPCB->pwszSSID)
{
wcscpy (pEAPUIContext->wszSSID, pPCB->pwszSSID);
}
// Post the message to netman
if ((dwRetCode = ElPostShowBalloonMessage (
pPCB,
sizeof(EAPOL_EAP_UI_CONTEXT),
(BYTE *)pEAPUIContext,
0,
NULL
)) != NO_ERROR)
{
TRACE1 (USER, "ElGetUserNamePassword: ElPostShowBalloonMessage failed with error %ld",
dwRetCode);
break;
}
// Restart PCB timer since UI may take longer time than required
RESTART_TIMER (pPCB->hTimer,
INFINITE_SECONDS,
"PCB",
&dwRetCode);
if (dwRetCode != NO_ERROR)
{
break;
}
pPCB->EapUIState = EAPUISTATE_WAITING_FOR_IDENTITY;
DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB, EAPOL_WAITING_FOR_DESKTOP_IDENTITY);
// Return error code as pending, since credentials have still not
// been acquired
dwRetCode = ERROR_IO_PENDING;
} while (FALSE);
if ((dwRetCode != NO_ERROR) && (dwRetCode != ERROR_IO_PENDING))
{
}
if (pEAPUIContext)
{
FREE (pEAPUIContext);
}
TRACE1 (USER, "ElGetUserNamePassword completed with error %ld", dwRetCode);
return dwRetCode;
}
//
// ElProcessUserNamePasswordResponse
//
// Description:
//
// UI Response handler function for ElGetUserNamePassword
//
// Arguments:
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORD
ElProcessUserNamePasswordResponse (
IN EAPOL_EAP_UI_CONTEXT EapolUIContext,
IN EAPOLUI_RESP EapolUIResp
)
{
DWORD dwSizeOfIdentity = 0;
BYTE *pbIdentity = NULL;
DWORD dwSizeOfPassword = 0;
BYTE *pbPassword = NULL;
HWND hwndOwner = NULL;
BOOLEAN fPCBLocked = FALSE;
BOOLEAN fPortReferenced = FALSE;
BOOLEAN fBlobCopyIncomplete = FALSE;
EAPOL_PCB *pPCB = NULL;
EAPOL_EAP_UI_CONTEXT *pEAPUIContext = NULL;
DWORD dwRetCode = NO_ERROR;
do
{
TRACE0 (USER, "ElProcessUserNamePasswordResponse entered");
pEAPUIContext = (EAPOL_EAP_UI_CONTEXT *)&EapolUIContext;
ACQUIRE_WRITE_LOCK (&g_PCBLock);
if ((pPCB = ElGetPCBPointerFromPortGUID (pEAPUIContext->wszGUID)) != NULL)
{
if (EAPOL_REFERENCE_PORT (pPCB))
{
fPortReferenced = TRUE;
}
else
{
pPCB = NULL;
}
}
RELEASE_WRITE_LOCK (&g_PCBLock);
if (pPCB == NULL)
{
break;
}
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
fPCBLocked = TRUE;
if (!EAPOL_PORT_ACTIVE(pPCB))
{
TRACE1 (PORT, "ElProcessUserNamePasswordResponse: Port %ws not active",
pPCB->pwszDeviceGUID);
// Port is not active, cannot do further processing on this port
break;
}
if (pEAPUIContext->dwRetCode != NO_ERROR)
{
DbLogPCBEvent (DBLOG_CATEG_ERR, pPCB,
EAPOL_ERROR_DESKTOP_IDENTITY, dwRetCode);
TRACE1 (USER, "ElProcessUserNamePasswordResponse: Error in Dialog function (%ld)",
pEAPUIContext->dwRetCode);
break;
}
if (pPCB->EapUIState != EAPUISTATE_WAITING_FOR_IDENTITY)
{
TRACE2 (USER, "ElProcessUserNamePasswordResponse: PCB EapUIState has changed to (%ld), expected = (%ld)",
pPCB->EapUIState, EAPUISTATE_WAITING_FOR_IDENTITY);
break;
}
if (pPCB->dwUIInvocationId != pEAPUIContext->dwContextId)
{
TRACE2 (USER, "ElProcessUserNamePasswordResponse: PCB UI Id has changed to (%ld), expected = (%ld)",
pPCB->dwUIInvocationId, pEAPUIContext->dwContextId);
// break;
}
if (pPCB->bCurrentEAPId != pEAPUIContext->dwEapId)
{
TRACE2 (USER, "ElProcessUserNamePasswordResponse: PCB EAP Id has changed to (%ld), expected = (%ld)",
pPCB->bCurrentEAPId, pEAPUIContext->dwEapId);
// break;
}
// Since the PCB context is right, restart PCB timer to timeout
// in authPeriod seconds
RESTART_TIMER (pPCB->hTimer,
pPCB->EapolConfig.dwauthPeriod,
"PCB",
&dwRetCode);
if (dwRetCode != NO_ERROR)
{
TRACE1 (USER, "ElProcessUserNamePasswordResponse: Error in RESTART_TIMER %ld",
dwRetCode);
break;
}
DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB, EAPOL_PROCESSING_DESKTOP_RESPONSE);
if ((EapolUIResp.rdData0.dwDataLen != 0) && (EapolUIResp.rdData0.pData != NULL))
{
dwSizeOfIdentity = EapolUIResp.rdData0.dwDataLen;
pbIdentity = EapolUIResp.rdData0.pData;
}
if ((EapolUIResp.rdData1.dwDataLen != 0) && (EapolUIResp.rdData1.pData != NULL))
{
dwSizeOfPassword = EapolUIResp.rdData1.dwDataLen;
pbPassword = EapolUIResp.rdData1.pData;
}
fBlobCopyIncomplete = TRUE;
if (pPCB->pszIdentity != NULL)
{
FREE (pPCB->pszIdentity);
pPCB->pszIdentity = NULL;
}
if (pPCB->PasswordBlob.pbData != NULL)
{
FREE (pPCB->PasswordBlob.pbData);
pPCB->PasswordBlob.pbData = NULL;
pPCB->PasswordBlob.cbData = 0;
}
if (pbIdentity != NULL)
{
pPCB->pszIdentity = MALLOC (dwSizeOfIdentity + sizeof(CHAR));
if (pPCB->pszIdentity == NULL)
{
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
TRACE0 (USER, "ElProcessUserNamePasswordResponse: MALLOC failed for pPCB->pszIdentity");
break;
}
memcpy (pPCB->pszIdentity, pbIdentity, dwSizeOfIdentity);
pPCB->pszIdentity[dwSizeOfIdentity] = '\0';
TRACE1 (USER, "ElProcessUserNamePasswordResponse: Got username = %s",
pPCB->pszIdentity);
}
if (pbPassword != 0)
{
if ((pPCB->PasswordBlob.pbData =
MALLOC (dwSizeOfPassword)) == NULL)
{
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
break;
}
memcpy (pPCB->PasswordBlob.pbData, pbPassword, dwSizeOfPassword);
pPCB->PasswordBlob.cbData = dwSizeOfPassword;
}
fBlobCopyIncomplete = FALSE;
if ((dwRetCode = ElCreateAndSendIdentityResponse (
pPCB, pEAPUIContext)) != NO_ERROR)
{
TRACE1 (USER, "ElProcessUserNamePasswordResponse: ElCreateAndSendIdentityResponse failed with error %ld",
dwRetCode);
break;
}
// Mark the identity has been obtained for this PCB
pPCB->fGotUserIdentity = TRUE;
// Reset the state if identity was obtained, else the port will recover
// by itself
pPCB->EapUIState &= ~EAPUISTATE_WAITING_FOR_IDENTITY;
} while (FALSE);
if (dwRetCode != NO_ERROR)
{
if (fPCBLocked && fBlobCopyIncomplete)
{
if (pPCB->pszIdentity)
{
FREE (pPCB->pszIdentity);
pPCB->pszIdentity = NULL;
}
if (pPCB->PasswordBlob.pbData)
{
FREE (pPCB->PasswordBlob.pbData);
pPCB->PasswordBlob.pbData = NULL;
pPCB->PasswordBlob.cbData = 0;
}
}
}
if (fPCBLocked)
{
RELEASE_WRITE_LOCK (&(pPCB->rwLock));
}
if (fPortReferenced)
{
EAPOL_DEREFERENCE_PORT (pPCB);
}
TRACE1 (USER, "ElProcessUserNamePasswordResponse completed with error %ld", dwRetCode);
return dwRetCode;
}
//
// ElInvokeInteractiveUI
//
// Description:
//
// Function called to invoke RasEapInvokeInteractiveUI for an EAP on a
// particular interface
//
// Arguments:
// pPCB - Pointer to PCB for the specific interface
// pInvokeEapUIIn - Data to be supplied to the InvokeInteractiveUI entrypoint
// provided by the EAP dll through PPP_EAP_OUTPUT structure
//
DWORD
ElInvokeInteractiveUI (
IN EAPOL_PCB *pPCB,
IN ELEAP_INVOKE_EAP_UI *pInvokeEapUIIn
)
{
EAPOL_EAP_UI_CONTEXT *pEAPUIContext = NULL;
DWORD dwRetCode = NO_ERROR;
do
{
if (pInvokeEapUIIn == NULL)
{
dwRetCode = ERROR_INVALID_PARAMETER;
return dwRetCode;
}
if (pPCB->PreviousAuthenticationType == EAPOL_MACHINE_AUTHENTICATION)
{
TRACE0 (USER, "ElInvokeInteractiveUI: Cannot popup UI during machine authentication");
DbLogPCBEvent (DBLOG_CATEG_ERR, pPCB, EAPOL_CANNOT_DESKTOP_MACHINE_AUTH);
dwRetCode = ERROR_CAN_NOT_COMPLETE;
break;
}
if (!g_fTrayIconReady)
{
if ((dwRetCode = ElCheckUserModuleReady ()) != NO_ERROR)
{
TRACE1 (USER, "ElInvokeInteractiveUI: ElCheckUserModuleReady failed with error %ld",
dwRetCode);
break;
}
}
if (!g_fTrayIconReady)
{
DbLogPCBEvent (DBLOG_CATEG_WARN, pPCB, EAPOL_WAITING_FOR_DESKTOP_LOAD);
dwRetCode = ERROR_IO_PENDING;
TRACE0 (USER, "ElInvokeInteractiveUI: TrayIcon NOT ready");
break;
}
TRACE0 (USER, "ElInvokeInteractiveUI entered");
//
// Call ElInvokeInteractiveUIDlgWorker
//
pEAPUIContext = MALLOC (sizeof(EAPOL_EAP_UI_CONTEXT) +
pInvokeEapUIIn->dwSizeOfUIContextData);
if (pEAPUIContext == NULL)
{
TRACE0 (USER, "ElInvokeInteractiveUI: MALLOC failed for pEAPUIContext");
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
break;
}
pEAPUIContext->dwEAPOLUIMsgType = EAPOLUI_INVOKEINTERACTIVEUI;
wcscpy (pEAPUIContext->wszGUID, pPCB->pwszDeviceGUID);
pPCB->dwUIInvocationId =
InterlockedIncrement(&(g_dwEAPUIInvocationId));
pEAPUIContext->dwSessionId = g_dwCurrentSessionId;
pEAPUIContext->dwContextId = pPCB->dwUIInvocationId;
pEAPUIContext->dwEapId = pPCB->bCurrentEAPId;
pEAPUIContext->dwEapTypeId = pPCB->dwEapTypeToBeUsed;
pEAPUIContext->dwEapFlags = pPCB->dwEapFlags;
if (pPCB->pSSID)
{
pEAPUIContext->dwSizeOfSSID = pPCB->pSSID->SsidLength;
memcpy ((BYTE *)pEAPUIContext->bSSID, (BYTE *)pPCB->pSSID->Ssid,
NDIS_802_11_SSID_LEN-sizeof(ULONG));
}
if (pPCB->pwszSSID)
{
wcscpy (pEAPUIContext->wszSSID, pPCB->pwszSSID);
}
pEAPUIContext->dwSizeOfEapUIData =
pInvokeEapUIIn->dwSizeOfUIContextData;
memcpy (pEAPUIContext->bEapUIData, pInvokeEapUIIn->pbUIContextData,
pInvokeEapUIIn->dwSizeOfUIContextData);
// Post the message to netman
if ((dwRetCode = ElPostShowBalloonMessage (
pPCB,
sizeof(EAPOL_EAP_UI_CONTEXT)+pInvokeEapUIIn->dwSizeOfUIContextData,
(BYTE *)pEAPUIContext,
0,
NULL
)) != NO_ERROR)
{
TRACE1 (USER, "ElInvokeInteractiveUI: ElPostShowBalloonMessage failed with error %ld",
dwRetCode);
break;
}
// Restart PCB timer since UI may take longer time than required
RESTART_TIMER (pPCB->hTimer,
INFINITE_SECONDS,
"PCB",
&dwRetCode);
if (dwRetCode != NO_ERROR)
{
break;
}
pPCB->EapUIState = EAPUISTATE_WAITING_FOR_UI_RESPONSE;
DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB, EAPOL_WAITING_FOR_DESKTOP_LOGON);
TRACE0 (USER, "ElInvokeInteractiveUI: ElEapWork completed successfully");
} while (FALSE);
if (pInvokeEapUIIn->pbUIContextData != NULL)
{
FREE (pInvokeEapUIIn->pbUIContextData);
pInvokeEapUIIn->pbUIContextData = NULL;
pInvokeEapUIIn->dwSizeOfUIContextData = 0;
}
if (pEAPUIContext != NULL)
{
FREE (pEAPUIContext);
}
TRACE1 (USER, "ElInvokeInteractiveUI completed with error %ld", dwRetCode);
return dwRetCode;
}
//
// ElProcessInvokeInteractiveUIResponse
//
// Description:
//
// Worker function for ElInvokeInteractiveUI
//
// Arguments:
//
DWORD
ElProcessInvokeInteractiveUIResponse (
IN EAPOL_EAP_UI_CONTEXT EapolUIContext,
IN EAPOLUI_RESP EapolUIResp
)
{
BYTE *pbUIData = NULL;
DWORD dwSizeOfUIData = 0;
EAPOL_PCB *pPCB = NULL;
EAPOL_EAP_UI_CONTEXT *pEAPUIContext = NULL;
BOOLEAN fPortReferenced = FALSE;
BOOLEAN fPCBLocked = FALSE;
DWORD dwRetCode = NO_ERROR;
do
{
TRACE0 (USER, "ElProcessInvokeInteractiveUIResponse entered");
pEAPUIContext = (EAPOL_EAP_UI_CONTEXT *)&EapolUIContext;
ACQUIRE_WRITE_LOCK (&g_PCBLock);
if ((pPCB = ElGetPCBPointerFromPortGUID (pEAPUIContext->wszGUID)) != NULL)
{
if (EAPOL_REFERENCE_PORT (pPCB))
{
fPortReferenced = TRUE;
}
else
{
pPCB = NULL;
}
}
RELEASE_WRITE_LOCK (&g_PCBLock);
if (pPCB == NULL)
{
break;
}
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
fPCBLocked = TRUE;
if (!EAPOL_PORT_ACTIVE(pPCB))
{
TRACE1 (PORT, "ElProcessInvokeInteractiveUIResponse: Port %ws not active",
pPCB->pwszDeviceGUID);
break;
}
if (pEAPUIContext->dwRetCode != NO_ERROR)
{
DbLogPCBEvent (DBLOG_CATEG_ERR, pPCB, EAPOL_ERROR_DESKTOP_LOGON, dwRetCode);
TRACE1 (USER, "ElProcessInvokeInteractiveUIResponse: Error in Dialog function (%ld)",
pEAPUIContext->dwRetCode);
break;
}
if (pPCB->EapUIState != EAPUISTATE_WAITING_FOR_UI_RESPONSE)
{
TRACE2 (USER, "ElProcessInvokeInteractiveUIResponse: PCB EapUIState has changed to (%ld), expected = (%ld)",
pPCB->EapUIState, EAPUISTATE_WAITING_FOR_UI_RESPONSE);
break;
}
if (pPCB->dwUIInvocationId != pEAPUIContext->dwContextId)
{
TRACE2 (USER, "ElProcessInvokeInteractiveUIResponse: PCB UI Id has changed to (%ld), expected = (%ld)",
pPCB->dwUIInvocationId, pEAPUIContext->dwContextId);
// break;
}
if (pPCB->bCurrentEAPId != pEAPUIContext->dwEapId)
{
TRACE2 (USER, "ElProcessInvokeInteractiveUIResponse: PCB EAP Id has changed to (%ld), expected = (%ld)",
pPCB->bCurrentEAPId, pEAPUIContext->dwEapId);
// break;
}
// Since the PCB context is right, restart PCB timer to timeout
// in authPeriod seconds
RESTART_TIMER (pPCB->hTimer,
pPCB->EapolConfig.dwauthPeriod,
"PCB",
&dwRetCode);
if (dwRetCode != NO_ERROR)
{
TRACE1 (USER, "ElProcessInvokeInteractiveUIResponse: Error in RESTART_TIMER %ld",
dwRetCode);
break;
}
DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB, EAPOL_PROCESSING_DESKTOP_RESPONSE);
if ((EapolUIResp.rdData0.dwDataLen != 0) && (EapolUIResp.rdData0.pData != NULL))
{
dwSizeOfUIData = EapolUIResp.rdData0.dwDataLen;
pbUIData = EapolUIResp.rdData0.pData;
}
if (pPCB->EapUIData.pEapUIData != NULL)
{
FREE (pPCB->EapUIData.pEapUIData);
pPCB->EapUIData.pEapUIData = NULL;
pPCB->EapUIData.dwSizeOfEapUIData = 0;
}
pPCB->EapUIData.pEapUIData = MALLOC (dwSizeOfUIData);
if (pPCB->EapUIData.pEapUIData == NULL)
{
TRACE1 (USER, "ElProcessInvokeInteractiveUIResponse: Error in allocating memory for UIData = %ld",
dwRetCode);
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
break;
}
pPCB->EapUIData.dwSizeOfEapUIData = dwSizeOfUIData;
if ((dwSizeOfUIData != 0) && (pbUIData != NULL))
{
memcpy ((BYTE *)pPCB->EapUIData.pEapUIData,
(BYTE *)pbUIData,
dwSizeOfUIData);
}
pPCB->EapUIData.dwContextId = pPCB->dwUIInvocationId;
pPCB->fEapUIDataReceived = TRUE;
TRACE0 (USER, "ElProcessInvokeInteractiveUIResponse: Calling ElEapWork");
// Provide UI data to EAP Dll for processing
// EAP will send out response if required
if ((dwRetCode = ElEapWork (
pPCB,
NULL)) != NO_ERROR)
{
TRACE1 (USER, "ElProcessInvokeInteractiveUIResponse: ElEapWork failed with error = %ld",
dwRetCode);
break;
}
// Reset the state
pPCB->EapUIState &= ~EAPUISTATE_WAITING_FOR_UI_RESPONSE;
TRACE0 (USER, "ElProcessInvokeInteractiveUIResponse: ElEapWork completed successfully");
} while (FALSE);
// Cleanup
if (dwRetCode != NO_ERROR)
{
if (pPCB->EapUIData.pEapUIData != NULL)
{
FREE (pPCB->EapUIData.pEapUIData);
pPCB->EapUIData.pEapUIData = NULL;
pPCB->EapUIData.dwSizeOfEapUIData = 0;
}
}
if (fPCBLocked)
{
RELEASE_WRITE_LOCK (&(pPCB->rwLock));
}
if (fPortReferenced)
{
EAPOL_DEREFERENCE_PORT (pPCB);
}
TRACE1 (USER, "ElProcessInvokeInteractiveUIResponse completed with error %ld",
dwRetCode);
return dwRetCode;
}
//
// ElCreateAndSendIdentityResponse
//
// Description:
//
// Function called send out Identity Response packet
//
// Arguments:
// pPCB - Port Control Block for appropriate interface
// pEAPUIContext - UI context blob
//
// Return values:
// NO_ERROR - success
// !NO_ERROR - error
//
//
DWORD
ElCreateAndSendIdentityResponse (
IN EAPOL_PCB *pPCB,
IN EAPOL_EAP_UI_CONTEXT *pEAPUIContext
)
{
PPP_EAP_PACKET *pSendBuf = NULL;
EAPOL_PACKET *pEapolPkt = NULL;
WORD wSizeOfEapPkt = 0;
DWORD dwIdentityLength = 0;
DWORD dwRetCode = NO_ERROR;
do
{
// Create buffer for EAPOL + EAP and pass pointer to EAP header
pEapolPkt = (EAPOL_PACKET *) MALLOC (MAX_EAPOL_BUFFER_SIZE);
TRACE1 (EAPOL, "ElCreateAndSendIdResp: EapolPkt created at %p", pEapolPkt);
if (pEapolPkt == NULL)
{
TRACE0 (EAPOL, "ElCreateAndSendIdResp: Error allocating EAP buffer");
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
break;
}
// Point to EAP header
pSendBuf = (PPP_EAP_PACKET *)((PBYTE)pEapolPkt + sizeof (EAPOL_PACKET) - 1);
pSendBuf->Code = EAPCODE_Response;
pSendBuf->Id = (BYTE)pPCB->bCurrentEAPId;
if (pPCB->pszIdentity != NULL)
{
dwIdentityLength = strlen (pPCB->pszIdentity);
}
else
{
dwIdentityLength = 0;
}
HostToWireFormat16 (
(WORD)(PPP_EAP_PACKET_HDR_LEN+1+dwIdentityLength),
pSendBuf->Length );
strncpy ((CHAR *)pSendBuf->Data+1, (CHAR *)pPCB->pszIdentity,
dwIdentityLength);
TRACE1 (EAPOL, "ElCreateAndSendIdResp: Identity sent out = %s",
pPCB->pszIdentity);
pSendBuf->Data[0] = EAPTYPE_Identity;
// Indicate to EAPOL what is length of the EAP packet
wSizeOfEapPkt = (WORD)(PPP_EAP_PACKET_HDR_LEN+
1+dwIdentityLength);
// Send out EAPOL packet
memcpy ((BYTE *)pEapolPkt->EthernetType,
(BYTE *)pPCB->bEtherType,
SIZE_ETHERNET_TYPE);
pEapolPkt->ProtocolVersion = pPCB->bProtocolVersion;
pEapolPkt->PacketType = EAP_Packet;
HostToWireFormat16 ((WORD) wSizeOfEapPkt,
(BYTE *)pEapolPkt->PacketBodyLength);
// Make a copy of the EAPOL packet in the PCB
// Will be used during retransmission
if (pPCB->pbPreviousEAPOLPkt != NULL)
{
FREE (pPCB->pbPreviousEAPOLPkt);
}
pPCB->pbPreviousEAPOLPkt =
MALLOC (sizeof (EAPOL_PACKET)+wSizeOfEapPkt-1);
if (pPCB->pbPreviousEAPOLPkt == NULL)
{
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
break;
}
memcpy (pPCB->pbPreviousEAPOLPkt, pEapolPkt,
sizeof (EAPOL_PACKET)+wSizeOfEapPkt-1);
pPCB->dwSizeOfPreviousEAPOLPkt =
sizeof (EAPOL_PACKET)+wSizeOfEapPkt-1;
pPCB->dwPreviousId = pPCB->bCurrentEAPId;
// Send packet out on the port
dwRetCode = ElWriteToPort (pPCB,
(CHAR *)pEapolPkt,
sizeof (EAPOL_PACKET)+wSizeOfEapPkt-1);
if (dwRetCode != NO_ERROR)
{
TRACE1 (EAPOL, "ElCreateAndSendIdResp: Error in writing EAP_Packet to port %ld",
dwRetCode);
break;
}
}
while (FALSE);
if (pEapolPkt != NULL)
{
FREE (pEapolPkt);
}
return dwRetCode;
}
//
// ElSendGuestIdentityResponse
//
// Description:
//
// Function called send out Guest Identity Response packet
//
// Arguments:
// pEAPUIContext - UI context blob
//
// Return values:
// NO_ERROR - success
// !NO_ERROR - failure
//
DWORD
ElSendGuestIdentityResponse (
IN EAPOL_EAP_UI_CONTEXT *pEAPUIContext
)
{
EAPOL_PCB *pPCB = NULL;
BOOLEAN fPortReferenced = FALSE;
BOOLEAN fPCBLocked = FALSE;
DWORD dwRetCode = NO_ERROR;
do
{
ACQUIRE_WRITE_LOCK (&g_PCBLock);
if ((pPCB = ElGetPCBPointerFromPortGUID (pEAPUIContext->wszGUID)) != NULL)
{
if (EAPOL_REFERENCE_PORT (pPCB))
{
fPortReferenced = TRUE;
}
else
{
pPCB = NULL;
}
}
RELEASE_WRITE_LOCK (&g_PCBLock);
if (pPCB == NULL)
{
break;
}
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
fPCBLocked = TRUE;
// Send the identity out as a EAP-Response packet
if (pPCB->EapUIState != EAPUISTATE_WAITING_FOR_IDENTITY)
{
TRACE2 (USER, "ElSendGuestIdentityResponse: PCB EapUIState has changed to (%ld), expected = (%ld)",
pPCB->EapUIState, EAPUISTATE_WAITING_FOR_IDENTITY);
dwRetCode = ERROR_CAN_NOT_COMPLETE;
break;
}
if (pPCB->dwUIInvocationId != pEAPUIContext->dwContextId)
{
TRACE2 (USER, "ElSendGuestIdentityResponse: PCB UI Id has changed to (%ld), expected = (%ld)",
pPCB->dwUIInvocationId, pEAPUIContext->dwContextId);
dwRetCode = ERROR_CAN_NOT_COMPLETE;
break;
}
if (pPCB->bCurrentEAPId != pEAPUIContext->dwEapId)
{
TRACE2 (USER, "ElSendGuestIdentityResponse: PCB EAP Id has changed to (%ld), expected = (%ld)",
pPCB->bCurrentEAPId, pEAPUIContext->dwEapId);
dwRetCode = ERROR_CAN_NOT_COMPLETE;
break;
}
if (pPCB->pszIdentity != NULL)
{
FREE (pPCB->pszIdentity);
pPCB->pszIdentity = NULL;
}
// Do not flag that identity was received
// Reset the UI state though for state machine to proceed
pPCB->EapUIState &= ~EAPUISTATE_WAITING_FOR_IDENTITY;
pPCB->PreviousAuthenticationType = EAPOL_UNAUTHENTICATED_ACCESS;
if ((dwRetCode = ElCreateAndSendIdentityResponse (
pPCB, pEAPUIContext)) != NO_ERROR)
{
TRACE1 (USER, "ElSendGuestIdentityResponse: ElCreateAndSendIdentityResponse failed with error %ld",
dwRetCode);
break;
}
}
while (FALSE);
if (fPCBLocked)
{
RELEASE_WRITE_LOCK (&(pPCB->rwLock));
}
if (fPortReferenced)
{
EAPOL_DEREFERENCE_PORT (pPCB);
}
return dwRetCode;
}
//
// ElValidateInteractiveRPCClient
//
// Description:
//
// Function called to validate if RPC call is from interactive client
//
// Arguments:
//
// Return values:
// NO_ERROR - success
// !NO_ERROR - failure
//
DWORD
ElValidateInteractiveRPCClient (
)
{
HANDLE hUserToken = INVALID_HANDLE_VALUE;
TOKEN_USER *pUserTokenData = NULL;
BOOLEAN fRevertToSelf = FALSE;
RPC_STATUS RpcStatus = RPC_S_OK;
DWORD dwSizeNeeded = 0;
DWORD dwRetCode = NO_ERROR, dwRetCode1 = NO_ERROR;
do
{
if ((RpcStatus = RpcImpersonateClient(0)) != RPC_S_OK)
{
dwRetCode = ERROR_ACCESS_DENIED;
break;
}
fRevertToSelf = TRUE;
// Get an impersonation token with the client's security context.
if (!OpenThreadToken( GetCurrentThread(), TOKEN_ALL_ACCESS,
TRUE, &hUserToken ))
{
dwRetCode = GetLastError ();
break;
}
if (hUserToken != NULL)
{
dwSizeNeeded = 0;
if (!GetTokenInformation(hUserToken, TokenSessionId, 0, 0, &dwSizeNeeded))
{
if ((dwRetCode = GetLastError()) == ERROR_INSUFFICIENT_BUFFER)
{
pUserTokenData = (TOKEN_USER *) MALLOC (dwSizeNeeded);
if (pUserTokenData == NULL)
{
dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
TRACE0 (ANY,"ElValidateInteractiveRPCClient: Allocation for UserTokenData failed");
break;
}
// Reset error code since we are continuing processing
// This was a valid scenario
dwRetCode = NO_ERROR;
}
else
{
TRACE1 (ANY,"ElValidateInteractiveRPCClient: Error in GetTokenInformation = %ld",
dwRetCode);
break;
}
if (!GetTokenInformation (hUserToken,
TokenSessionId,
pUserTokenData,
dwSizeNeeded,
&dwSizeNeeded))
{
dwRetCode = GetLastError ();
TRACE1 (ANY,"ElValidateInteractiveRPCClient: GetTokenInformation failed with error %ld",
dwRetCode);
break;
}
}
else
{
TRACE0 (ANY,"ElValidateInteractiveRPCClient: *No* error in GetTokenInformation, when error expected");
dwRetCode = ERROR_ACCESS_DENIED;
break;
}
if (g_dwCurrentSessionId != *((DWORD *)pUserTokenData))
{
TRACE2 (ANY, "ElValidateInteractiveRPCClient: RPC call from invalid user (%ld), valid = (%ld)",
*((DWORD *)pUserTokenData), g_dwCurrentSessionId);
dwRetCode = ERROR_ACCESS_DENIED;
}
}
else
{
dwRetCode = ERROR_ACCESS_DENIED;
break;
}
}
while (FALSE);
if (hUserToken != INVALID_HANDLE_VALUE)
{
CloseHandle(hUserToken);
}
if (fRevertToSelf)
{
dwRetCode1 = RpcRevertToSelf();
if (dwRetCode1 != NO_ERROR)
{
dwRetCode = dwRetCode1;
}
}
if (pUserTokenData != NULL)
{
FREE (pUserTokenData);
}
return dwRetCode;
}