archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/net/ias/protocol/radius/valaccess.cpp

263 lines
7.1 KiB
Raw Blame History

//#--------------------------------------------------------------
//
// File: valaccess.cpp
//
// Synopsis: Implementation of CValAccess class methods
//
//
// History: 9/23/97 MKarki Created
//
// Copyright (C) Microsoft Corporation
// All rights reserved.
//
//----------------------------------------------------------------
#include "radcommon.h"
#include "valaccess.h"
//+++--------------------------------------------------------------
//
// Function: CValAccess
//
// Synopsis: This is the constructor of the CValAccess
// class
//
// Arguments: NONE
//
// Returns: NONE
//
//
// History: MKarki Created 9/28/97
//
//----------------------------------------------------------------
CValAccess::CValAccess(
VOID
)
{
} // end of CValAccess constructor
//+++--------------------------------------------------------------
//
// Function: ~CValAccess
//
// Synopsis: This is the destructor of the CValAccess
// class
//
// Arguments: NONE
//
// Returns: NONE
//
//
// History: MKarki Created 9/28/97
//
//----------------------------------------------------------------
CValAccess::~CValAccess(
VOID
)
{
} // end of CValAccess destructor
//+++--------------------------------------------------------------
//
// Function: ValidateInPacket
//
// Synopsis: This is CValAccess class public method
// that validates inbound Access Request packet
//
// Arguments:
// [in] - CPacketRadius*
//
// Returns: HRESULT - status
//
//
// History: MKarki Created 9/28/97
//
// Calleed By: CPreValidator::StartInValidation class method
//
//----------------------------------------------------------------
HRESULT
CValAccess::ValidateInPacket(
CPacketRadius * pCPacketRadius
)
{
HRESULT hr = S_OK;
DWORD dwClientAddress = 0;
CClient *pCClient = NULL;
_ASSERT (pCPacketRadius);
__try
{
//
// validate the attributes
//
hr = m_pCValAttributes->Validate (pCPacketRadius);
if (FAILED (hr)) { __leave; }
//
// validate the Signature present in the packet
// if no signature is present this call will return
// success
//
hr = ValidateSignature (pCPacketRadius);
if (FAILED (hr)) { __leave; }
//
// now give the packet for processing
//
hr = m_pCPreProcessor->StartInProcessing (pCPacketRadius);
if (FAILED (hr)) { __leave; }
}
__finally
{
}
return (hr);
} // end of CValAccess::ValidateInPacket method
//+++-------------------------------------------------------------
//
// Function: ValidateSignature
//
// Synopsis: This is CValAccesss class private method
// that carries out validation provided in an
// inbound RADIUS access request which has a
// signature attribute
//
// Arguments:
// [in] CPacketRadius*
//
// Returns: HRESULT - status
//
// History: MKarki Created 1/6/98
//
//----------------------------------------------------------------
HRESULT
CValAccess::ValidateSignature (
CPacketRadius *pCPacketRadius
)
{
HRESULT hr = S_OK;
BOOL bStatus = FALSE;
PBYTE InPacketSignature[SIGNATURE_SIZE];
PBYTE GeneratedSignature [SIGNATURE_SIZE];
TCHAR szErrorString [IAS_ERROR_STRING_LENGTH];
IIasClient *pIIasClient = NULL;
__try
{
//
// get the CClient class object
//
hr = pCPacketRadius->GetClient (&pIIasClient);
if (FAILED (hr)) { __leave; }
//
// get the signature attribute value from the inbound
// packet
//
if (FALSE == pCPacketRadius->GetInSignature (
reinterpret_cast <PBYTE> (InPacketSignature)
))
{
//
// check if signature check is required
//
BOOL bCheckRequired = pIIasClient->NeedSignatureCheck ();
if (!bCheckRequired)
{
__leave;
}
else
{
IASTracePrintf (
"In-Bound request does not have does not have "
"Message Authenticator attribute which is required for this client"
);
//
// this is an error, need to silenty discard the
// packet
//
PCWSTR strings[] = { pCPacketRadius->GetClientName() };
IASReportEvent (
RADIUS_E_SIGNATURE_REQUIRED,
1,
0,
strings,
NULL
);
m_pCReportEvent->Process (
RADIUS_BAD_AUTHENTICATOR,
pCPacketRadius->GetInCode (),
pCPacketRadius->GetInLength(),
pCPacketRadius->GetInAddress(),
NULL,
static_cast <LPVOID> (pCPacketRadius->GetInPacket())
);
hr = RADIUS_E_ERRORS_OCCURRED;
__leave;
}
}
//
// generate the signature
//
DWORD dwBufSize = SIGNATURE_SIZE;
hr = pCPacketRadius->GenerateInSignature (
reinterpret_cast <PBYTE> (GeneratedSignature),
&dwBufSize
);
if (FAILED (hr)) { __leave; }
//
// compare the signature attribute value in packet with
// the one present
//
if (memcmp(InPacketSignature,GeneratedSignature,SIGNATURE_SIZE))
{
//
// log error and generate audit event
//
IASTracePrintf (
"Message Authenticator in request packet does not match the "
"Message Authenticator generated by the server"
);
PCWSTR strings[] = { pCPacketRadius->GetClientName() };
IASReportEvent (
RADIUS_E_INVALID_SIGNATURE,
1,
0,
strings,
NULL
);
m_pCReportEvent->Process (
RADIUS_BAD_AUTHENTICATOR,
pCPacketRadius->GetInCode (),
pCPacketRadius->GetInLength(),
pCPacketRadius->GetInAddress(),
NULL,
static_cast <LPVOID> (pCPacketRadius->GetInPacket())
);
hr = RADIUS_E_ERRORS_OCCURRED;
__leave;
}
//
// success
//
}
__finally
{
if (pIIasClient) { pIIasClient->Release (); }
}
return (hr);
} // end of CValAccess::ValidateSignature method