archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/net/layer2svc/eapol/service/eloptimize.c

464 lines
15 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 2001, Microsoft Corporation
  5. Module Name:
  7. eloptimize.c
  10. Abstract:
  12. The module deals with functions related to user identity
  13. selection optimization
  16. Revision History:
  18. sachins, July 26 2001, Created
  20. --*/
  23. #include "pcheapol.h"
  24. #pragma hdrstop
  26. //
  27. // ElGetUserIdentityOptimized
  28. //
  29. // Description:
  30. //
  31. // Function called to fetch identity of the user
  32. // If UI is required then send identity request to user module
  33. //
  34. // Arguments:
  35. // pPCB - Current interface context
  36. //
  37. // Return values:
  38. // ERROR_REQUIRE_INTERACTIVE_WORKSTATION - User interaction required
  39. // Other - can send out user identity without user interaction
  40. //
  41. //
  43. DWORD
  44. ElGetUserIdentityOptimized (
  45. IN EAPOL_PCB *pPCB
  46. )
  47. {
  48. DWORD dwIndex = 0;
  49. CHAR *pszIdentity = NULL;
  50. BYTE *pUserDataOut = NULL;
  51. DWORD dwSizeOfUserDataOut = 0;
  52. LPWSTR lpwszIdentity = NULL;
  53. HWND hwndOwner = NULL;
  54. PBYTE pbUserIn = NULL;
  55. DWORD cbData = 0;
  56. DWORD dwInSize = 0;
  57. PBYTE pbAuthData = NULL;
  58. HANDLE hLib = NULL;
  59. RASEAPFREE pFreeFunc = NULL;
  60. RASEAPGETIDENTITY pIdenFunc = NULL;
  61. BYTE *pbSSID = NULL;
  62. DWORD dwSizeOfSSID = 0;
  63. BOOLEAN fVerifyPhase = TRUE;
  64. DWORD dwRetCode1 = NO_ERROR;
  65. DWORD dwRetCode = NO_ERROR;
  67. do
  68. {
  69. if (pPCB->pSSID)
  70. {
  71. pbSSID = pPCB->pSSID->Ssid;
  72. dwSizeOfSSID = pPCB->pSSID->SsidLength;
  73. }
  75. // Get the size of the user blob
  76. if ((dwRetCode = ElGetEapUserInfo (
  77. pPCB->hUserToken,
  78. pPCB->pwszDeviceGUID,
  79. pPCB->dwEapTypeToBeUsed,
  80. dwSizeOfSSID,
  81. pbSSID,
  82. NULL,
  83. &dwInSize
  84. )) != NO_ERROR)
  85. {
  86. if (dwRetCode == ERROR_BUFFER_TOO_SMALL)
  87. {
  88. if (dwInSize <= 0)
  89. {
  90. // No blob stored in the registry
  91. // Continue processing
  92. TRACE0 (USER, "ElGetUserIdentityOptimized: NULL sized user data");
  93. pbUserIn = NULL;
  94. }
  95. else
  96. {
  97. // Allocate memory to hold the blob
  98. pbUserIn = MALLOC (dwInSize);
  99. if (pbUserIn == NULL)
  100. {
  101. dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
  102. TRACE0 (USER, "ElGetUserIdentityOptimized: Error in memory allocation for User data");
  103. break;
  104. }
  105. if ((dwRetCode = ElGetEapUserInfo (
  106. pPCB->hUserToken,
  107. pPCB->pwszDeviceGUID,
  108. pPCB->dwEapTypeToBeUsed,
  109. dwSizeOfSSID,
  110. pbSSID,
  111. pbUserIn,
  112. &dwInSize
  113. )) != NO_ERROR)
  114. {
  115. TRACE1 (USER, "ElGetUserIdentityOptimized: ElGetEapUserInfo failed with %ld",
  116. dwRetCode);
  117. break;
  118. }
  119. }
  120. }
  121. else
  122. {
  123. // User info may not have been created till now
  124. // which is valid condition to proceed
  125. if (dwRetCode != ERROR_FILE_NOT_FOUND)
  126. {
  127. TRACE1 (USER, "ElGetUserIdentityOptimized: ElGetEapUserInfo size estimation failed with error %ld",
  128. dwRetCode);
  129. break;
  130. }
  131. else
  132. {
  133. dwRetCode = NO_ERROR;
  134. }
  135. }
  136. }
  138. // The EAP dll has already been loaded by the state machine
  139. // Retrieve the handle to the dll from the global EAP table
  141. if ((dwIndex = ElGetEapTypeIndex (pPCB->dwEapTypeToBeUsed)) == -1)
  142. {
  143. TRACE1 (USER, "ElGetUserIdentityOptimized: ElGetEapTypeIndex finds no dll for EAP index %ld",
  144. pPCB->dwEapTypeToBeUsed);
  145. dwRetCode = ERROR_CAN_NOT_COMPLETE;
  146. break;
  147. }
  149. hLib = g_pEapTable[dwIndex].hInstance;
  151. pIdenFunc = (RASEAPGETIDENTITY)GetProcAddress(hLib,
  152. "RasEapGetIdentity");
  153. pFreeFunc = (RASEAPFREE)GetProcAddress(hLib, "RasEapFreeMemory");
  155. if ((pFreeFunc == NULL) || (pIdenFunc == NULL))
  156. {
  157. TRACE0 (USER, "ElGetUserIdentityOptimized: pIdenFunc or pFreeFunc does not exist in the EAP implementation");
  158. dwRetCode = ERROR_CAN_NOT_COMPLETE;
  159. break;
  160. }
  162. // Get the size of the EAP blob
  163. if ((dwRetCode = ElGetCustomAuthData (
  164. pPCB->pwszDeviceGUID,
  165. pPCB->dwEapTypeToBeUsed,
  166. dwSizeOfSSID,
  167. pbSSID,
  168. NULL,
  169. &cbData
  170. )) != NO_ERROR)
  171. {
  172. if (dwRetCode == ERROR_BUFFER_TOO_SMALL)
  173. {
  174. if (cbData == 0)
  175. {
  176. // No EAP blob stored in the registry
  177. TRACE0 (USER, "ElGetUserIdentityOptimized: NULL sized EAP blob");
  178. pbAuthData = NULL;
  179. }
  180. else
  181. {
  182. // Allocate memory to hold the blob
  183. pbAuthData = MALLOC (cbData);
  184. if (pbAuthData == NULL)
  185. {
  186. dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
  187. TRACE0 (USER, "ElGetUserIdentityOptimized: Error in memory allocation for EAP blob");
  188. break;
  189. }
  190. if ((dwRetCode = ElGetCustomAuthData (
  191. pPCB->pwszDeviceGUID,
  192. pPCB->dwEapTypeToBeUsed,
  193. dwSizeOfSSID,
  194. pbSSID,
  195. pbAuthData,
  196. &cbData
  197. )) != NO_ERROR)
  198. {
  199. TRACE1 (USER, "ElGetUserIdentityOptimized: ElGetCustomAuthData failed with %ld",
  200. dwRetCode);
  201. break;
  202. }
  203. }
  204. }
  205. else
  206. {
  207. // CustomAuthData for "Default" is always created for an
  208. // interface when EAPOL starts up
  209. TRACE1 (USER, "ElGetUserIdentityOptimized: ElGetCustomAuthData size estimation failed with error %ld",
  210. dwRetCode);
  211. break;
  212. }
  213. }
  215. if (!ImpersonateLoggedOnUser (pPCB->hUserToken))
  216. {
  217. dwRetCode = GetLastError();
  218. TRACE1 (USER, "ElGetUserIdentityOptimized: ImpersonateLoggedOnUser failed with error %ld",
  219. dwRetCode);
  220. break;
  221. }
  223. if (pIdenFunc)
  224. if ((dwRetCode = (*(pIdenFunc))(
  225. pPCB->dwEapTypeToBeUsed,
  226. fVerifyPhase?NULL:hwndOwner, // hwndOwner
  227. ((fVerifyPhase?RAS_EAP_FLAG_NON_INTERACTIVE:0) | RAS_EAP_FLAG_8021X_AUTH), // dwFlags
  228. NULL, // lpszPhonebook
  229. pPCB->pwszFriendlyName, // lpszEntry
  230. pbAuthData, // Connection data
  231. cbData, // Count of pbAuthData
  232. pbUserIn, // User data for port
  233. dwInSize, // Size of user data
  234. &pUserDataOut,
  235. &dwSizeOfUserDataOut,
  236. &lpwszIdentity
  237. )) != NO_ERROR)
  238. {
  239. TRACE1 (USER, "ElGetUserIdentityOptimized: Error in calling GetIdentity = %ld",
  240. dwRetCode);
  242. if (!RevertToSelf())
  243. {
  244. dwRetCode = GetLastError();
  245. TRACE1 (USER, "ElGetUserIdentity: Error in RevertToSelf = %ld",
  246. dwRetCode);
  247. dwRetCode = ERROR_BAD_IMPERSONATION_LEVEL;
  248. break;
  249. }
  251. if (fVerifyPhase)
  252. {
  253. if (dwRetCode == ERROR_NO_EAPTLS_CERTIFICATE)
  254. {
  255. DbLogPCBEvent (DBLOG_CATEG_ERR, pPCB, EAPOL_NO_CERTIFICATE_USER);
  256. }
  257. if (dwRetCode == ERROR_INTERACTIVE_MODE)
  258. {
  259. DbLogPCBEvent (DBLOG_CATEG_INFO, pPCB, EAPOL_DESKTOP_REQUIRED_IDENTITY);
  260. }
  262. // If interactive mode is required, return error accordingly
  263. if ((dwRetCode == ERROR_INTERACTIVE_MODE) ||
  264. (dwRetCode == ERROR_NO_EAPTLS_CERTIFICATE) ||
  265. (dwRetCode == ERROR_NO_SMART_CARD_READER))
  266. {
  267. dwRetCode = ERROR_REQUIRES_INTERACTIVE_WINDOWSTATION;
  268. break;
  269. }
  271. DbLogPCBEvent (DBLOG_CATEG_ERR, pPCB, EAPOL_ERROR_GET_IDENTITY,
  272. EAPOLAuthTypes[EAPOL_USER_AUTHENTICATION], dwRetCode);
  273. }
  274. break;
  275. }
  277. if (!RevertToSelf())
  278. {
  279. dwRetCode = GetLastError();
  280. TRACE1 (USER, "ElGetUserIdentityOptimized: Error in RevertToSelf = %ld",
  281. dwRetCode);
  282. dwRetCode = ERROR_BAD_IMPERSONATION_LEVEL;
  283. break;
  284. }
  286. // Fill in the returned information into the PCB fields for
  287. // later authentication
  289. if (pPCB->pCustomAuthUserData != NULL)
  290. {
  291. FREE (pPCB->pCustomAuthUserData);
  292. pPCB->pCustomAuthUserData = NULL;
  293. }
  295. pPCB->pCustomAuthUserData = MALLOC (dwSizeOfUserDataOut + sizeof (DWORD));
  296. if (pPCB->pCustomAuthUserData == NULL)
  297. {
  298. TRACE1 (USER, "ElGetUserIdentityOptimized: Error in allocating memory for UserInfo = %ld",
  299. dwRetCode);
  300. dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
  301. break;
  302. }
  304. pPCB->pCustomAuthUserData->dwSizeOfCustomAuthData = dwSizeOfUserDataOut;
  306. if ((dwSizeOfUserDataOut != 0) && (pUserDataOut != NULL))
  307. {
  308. memcpy ((BYTE *)pPCB->pCustomAuthUserData->pbCustomAuthData,
  309. (BYTE *)pUserDataOut,
  310. dwSizeOfUserDataOut);
  311. }
  313. if (lpwszIdentity != NULL)
  314. {
  315. pszIdentity = MALLOC (wcslen(lpwszIdentity)*sizeof(CHAR) + sizeof(CHAR));
  316. if (pszIdentity == NULL)
  317. {
  318. dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
  319. TRACE0 (USER, "ElGetUserIdentityOptimized: MALLOC failed for pszIdentity");
  320. break;
  321. }
  323. if (0 == WideCharToMultiByte (
  324. CP_ACP,
  325. 0,
  326. lpwszIdentity,
  327. -1,
  328. pszIdentity,
  329. wcslen(lpwszIdentity)*sizeof(CHAR)+sizeof(CHAR),
  330. NULL,
  331. NULL ))
  332. {
  333. dwRetCode = GetLastError();
  334. TRACE2 (USER, "ElGetUserIdentityOptimized: WideCharToMultiByte (%ws) failed: %ld",
  335. lpwszIdentity, dwRetCode);
  336. break;
  337. }
  339. TRACE1 (USER, "ElGetUserIdentityOptimized: Got identity = %s",
  340. pszIdentity);
  342. if (pPCB->pszIdentity != NULL)
  343. {
  344. FREE (pPCB->pszIdentity);
  345. pPCB->pszIdentity = NULL;
  346. }
  347. pPCB->pszIdentity = MALLOC (strlen(pszIdentity) + sizeof(CHAR));
  348. if (pPCB->pszIdentity == NULL)
  349. {
  350. dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
  351. TRACE0 (USER, "ElGetUserIdentityOptimized: MALLOC failed for pPCB->pszIdentity");
  352. break;
  353. }
  354. memcpy (pPCB->pszIdentity, pszIdentity, strlen (pszIdentity));
  355. pPCB->pszIdentity[strlen(pszIdentity)] = '\0';
  356. }
  358. if (pPCB->pCustomAuthConnData != NULL)
  359. {
  360. FREE (pPCB->pCustomAuthConnData);
  361. pPCB->pCustomAuthConnData = NULL;
  362. }
  364. pPCB->pCustomAuthConnData = MALLOC (cbData + sizeof (DWORD));
  365. if (pPCB->pCustomAuthConnData == NULL)
  366. {
  367. TRACE1 (USER, "ElGetUserIdentityOptimized: Error in allocating memory for AuthInfo = %ld",
  368. dwRetCode);
  369. dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
  370. break;
  371. }
  373. pPCB->pCustomAuthConnData->dwSizeOfCustomAuthData = cbData;
  375. if ((cbData != 0) && (pbAuthData != NULL))
  376. {
  377. memcpy ((BYTE *)pPCB->pCustomAuthConnData->pbCustomAuthData,
  378. (BYTE *)pbAuthData,
  379. cbData);
  380. }
  382. // Mark the identity has been obtained for this PCB
  383. pPCB->fGotUserIdentity = TRUE;
  385. }
  386. while (FALSE);
  389. if (dwRetCode != NO_ERROR)
  390. {
  391. if (pPCB->pCustomAuthUserData != NULL)
  392. {
  393. FREE (pPCB->pCustomAuthUserData);
  394. pPCB->pCustomAuthUserData = NULL;
  395. }
  397. if (pPCB->pszIdentity != NULL)
  398. {
  399. FREE (pPCB->pszIdentity);
  400. pPCB->pszIdentity = NULL;
  401. }
  402. }
  404. #if 0
  405. if ((dwRetCode != NO_ERROR) &&
  406. (dwRetCode != ERROR_REQUIRES_INTERACTIVE_WINDOWSTATION))
  407. {
  408. // Delete User Data stored in registry since RasEapGetIdentity
  409. // is failing
  411. if ((dwRetCode = ElDeleteEapUserInfo (
  412. pPCB->hUserToken,
  413. pPCB->pwszDeviceGUID,
  414. pPCB->dwEapTypeToBeUsed,
  415. pPCB->pSSID?pPCB->pSSID->SsidLength:0,
  416. pPCB->pSSID?pPCB->pSSID->Ssid:NULL
  417. )) != NO_ERROR)
  418. {
  419. TRACE1 (EAPOL, "ElGetUserIdentityOptimized: ElDeleteEapUserInfo failed with error %ld",
  420. dwRetCode);
  422. // Mark that identity is not obtained, since it has been cleaned
  423. // up now
  424. pPCB->fGotUserIdentity = FALSE;
  425. dwRetCode = ERROR_INVALID_DATA;
  426. }
  427. }
  428. #endif
  430. if (pbUserIn != NULL)
  431. {
  432. FREE (pbUserIn);
  433. }
  434. if (pbAuthData != NULL)
  435. {
  436. FREE (pbAuthData);
  437. }
  438. if (pszIdentity != NULL)
  439. {
  440. FREE (pszIdentity);
  441. }
  442. if (pFreeFunc != NULL)
  443. {
  444. if (lpwszIdentity != NULL)
  445. {
  446. if (( dwRetCode1 = (*(pFreeFunc)) ((BYTE *)lpwszIdentity)) != NO_ERROR)
  447. {
  448. TRACE1 (USER, "ElGetUserIdentityOptimized: Error in pFreeFunc = %ld",
  449. dwRetCode1);
  450. }
  451. }
  452. if (pUserDataOut != NULL)
  453. {
  454. if (( dwRetCode1 = (*(pFreeFunc)) ((BYTE *)pUserDataOut)) != NO_ERROR)
  455. {
  456. TRACE1 (USER, "ElGetUserIdentityOptimized: Error in pFreeFunc = %ld",
  457. dwRetCode1);
  458. }
  459. }
  460. }
  462. return dwRetCode;
  463. }