archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ias/protocol/radius/packetradius.cpp

2763 lines
73 KiB
Raw Normal View History

Add source files
4 years ago
  1. //#--------------------------------------------------------------
  2. //
  3. // File: packetradius.cpp
  4. //
  5. // Synopsis: Implementation of CPacketRadius class methods
  6. //
  7. //
  8. // History: 9/23/97 MKarki Created
  9. //
  10. // Copyright (C) 1997-2001 Microsoft Corporation
  11. // All rights reserved.
  12. //
  13. //----------------------------------------------------------------
  14. #include "radcommon.h"
  15. #include "iasutil.h"
  16. #include "packetradius.h"
  18. const CHAR NUL = '\0';
  19. const DWORD DEFAULT_ATTRIB_ARRAY_SIZE = 64;
  21. memory_pool<MAX_PACKET_SIZE, task_allocator> CPacketRadius::m_OutBufferPool;
  23. namespace
  24. {
  25. const DWORDLONG UNIX_EPOCH = 116444736000000000ui64;
  26. }
  28. void CPacketRadius::reportMalformed() const throw ()
  29. {
  30. PCWSTR strings[] = { GetClientName() };
  31. IASReportEvent(
  32. RADIUS_E_MALFORMED_PACKET,
  33. 1,
  34. GetInLength(),
  35. strings,
  36. GetInPacket()
  37. );
  38. }
  40. //++--------------------------------------------------------------
  41. //
  42. // Function: CPacketRadius
  43. //
  44. // Synopsis: This is the constructor of the CPacketRadius class
  45. //
  46. // Arguments: NONE
  47. //
  48. // Returns: NONE
  49. //
  50. //
  51. // History: MKarki Created 9/23/97
  52. //
  53. //----------------------------------------------------------------
  54. CPacketRadius::CPacketRadius(
  55. CHashMD5 *pCHashMD5,
  56. CHashHmacMD5 *pCHashHmacMD5,
  57. IIasClient *pIIasClient,
  58. CReportEvent *pCReportEvent,
  59. PBYTE pInBuffer,
  60. DWORD dwInLength,
  61. DWORD dwIPAddress,
  62. WORD wInPort,
  63. SOCKET sock,
  64. PORTTYPE portType
  65. )
  66. : m_wInPort (wInPort),
  67. m_dwInIPaddress (dwIPAddress),
  68. m_socket (sock),
  69. m_porttype (portType),
  70. m_pCProxyInfo (NULL),
  71. m_pCHashMD5 (pCHashMD5),
  72. m_pCHashHmacMD5 (pCHashHmacMD5),
  73. m_pIIasClient (pIIasClient),
  74. m_pCReportEvent (pCReportEvent),
  75. m_pIasAttribPos (NULL),
  76. m_pInPacket (pInBuffer),
  77. m_dwInLength(dwInLength),
  78. m_pOutPacket (NULL),
  79. m_pInSignature (NULL),
  80. m_pOutSignature(NULL),
  81. m_pUserName (NULL),
  82. m_pPasswordAttrib (NULL)
  83. {
  84. _ASSERT (
  85. (NULL != pInBuffer) &&
  86. (NULL != pCHashMD5) &&
  87. (NULL != pCHashHmacMD5) &&
  88. (NULL != pIIasClient)
  89. );
  90. m_pIIasClient->AddRef ();
  92. } // end of CPacketRadius constructor
  94. //++--------------------------------------------------------------
  95. //
  96. // Function: ~CPacketRadius
  97. //
  98. // Synopsis: This is the destructor of the CPacketRadius class
  99. //
  100. // Arguments: NONE
  101. //
  102. // Returns: NONE
  103. //
  104. // History: MKarki Created 9/23/97
  105. //
  106. //----------------------------------------------------------------
  107. CPacketRadius::~CPacketRadius()
  108. {
  109. if (NULL != m_pIasAttribPos)
  110. {
  111. //
  112. // release the attribute
  113. //
  114. for (
  115. DWORD dwCount = 0;
  116. dwCount < (m_dwInAttributeCount + COMPONENT_SPECIFIC_ATTRIBUTE_COUNT);
  117. dwCount++
  118. )
  119. {
  120. ::IASAttributeRelease (m_pIasAttribPos[dwCount].pAttribute);
  121. }
  123. //
  124. // delete the attribute position array now
  125. //
  126. ::CoTaskMemFree (m_pIasAttribPos);
  127. }
  129. //
  130. // release the reference to Client object
  131. //
  132. if (m_pIIasClient) { m_pIIasClient->Release ();}
  134. //
  135. // delete the out-packet buffer
  136. //
  137. if (m_pOutPacket) { m_OutBufferPool.deallocate (m_pOutPacket); }
  139. //
  140. // delete the in packet buffer
  141. //
  142. if (m_pInPacket) { ::CoTaskMemFree (m_pInPacket); }
  144. } // end of CPacketRadius destructor
  146. //+++-------------------------------------------------------------
  147. //
  148. // Function: PrelimVerification
  149. //
  150. // Synopsis: The method starts the verification of the
  151. // buffer passed in this is done only when
  152. // the class objec is created for an inbound
  153. // packet
  154. //
  155. // Arguments:
  156. // [in] CDictionary*
  157. // [in] DWORD - size of the buffer provided
  158. //
  159. // Returns: HRESULT - status
  160. //
  161. // Called By: CPacketReceiver::ReceivePacket class method
  162. //
  163. // History: MKarki Created 9/23/97
  164. //
  165. //----------------------------------------------------------------
  166. HRESULT
  167. CPacketRadius::PrelimVerification (
  168. CDictionary *pCDictionary,
  169. DWORD dwBufferSize
  170. )
  171. {
  172. PRADIUSPACKET pPacket = NULL;
  173. DWORD dwAttribCount = 0;
  174. TCHAR szErrorString [IAS_ERROR_STRING_LENGTH];
  175. HRESULT hr = S_OK;
  177. __try
  178. {
  179. //
  180. // check that the buffer received is atleast big enough to
  181. // accomdate out RADIUSPACKET struct
  182. //
  183. if (dwBufferSize < MIN_PACKET_SIZE)
  184. {
  186. IASTracePrintf (
  187. "Packet received is smaller than minimum Radius packet"
  188. );
  190. reportMalformed();
  192. m_pCReportEvent->Process (
  193. RADIUS_MALFORMED_PACKET,
  194. (AUTH_PORTTYPE == GetPortType ())?
  195. ACCESS_REQUEST:ACCOUNTING_REQUEST,
  196. dwBufferSize,
  197. m_dwInIPaddress,
  198. NULL,
  199. static_cast <LPVOID> (m_pInPacket)
  200. );
  201. hr = RADIUS_E_ERRORS_OCCURRED;
  202. __leave;
  203. }
  205. pPacket = reinterpret_cast <PRADIUSPACKET> (m_pInPacket);
  207. //
  208. // now save values in host byte order
  209. //
  210. m_wInPacketLength = ntohs (pPacket->wLength);
  212. //
  213. // validate the fields of the packet, except the attributes
  214. //
  215. hr = ValidatePacketFields (dwBufferSize);
  216. if (FAILED (hr)) { __leave; }
  218. //
  219. // verify that the attributes are completely formed
  220. //
  221. hr = VerifyAttributes (pCDictionary);
  222. if (FAILED (hr)) { __leave; }
  224. //
  225. // now we have to create the attributes collection
  226. //
  227. hr = CreateAttribCollection (pCDictionary);
  228. if (FAILED (hr)) { __leave; }
  230. //
  231. // success
  232. //
  233. }
  234. __finally
  235. {
  236. }
  238. return (hr);
  240. } // end of CPacketRadius::PrelimVerification method
  242. //+++-------------------------------------------------------------
  243. //
  244. // Function: VerifyAttributes
  245. //
  246. // Synopsis: This is a CPacketRadius class private method used
  247. // verify that the attributes received are well formed
  248. //
  249. // Arguments: none
  250. //
  251. // Returns: HRESULT - status
  252. //
  253. // History: MKarki Created 10/3/97
  254. //
  255. // Called By: CPacketRadius::PrelimVerification method
  256. //
  257. //----------------------------------------------------------------
  258. HRESULT
  259. CPacketRadius::VerifyAttributes (
  260. CDictionary *pCDictionary
  261. )
  262. { PRADIUSPACKET pPacketEnd = NULL;
  263. PRADIUSPACKET pPacketStart = NULL;
  264. PATTRIBUTE pAttrib = NULL;
  265. DWORD dwAttribCount = 0;
  266. TCHAR szErrorString [IAS_ERROR_STRING_LENGTH];
  267. HRESULT hr = S_OK;
  268. BOOL bStatus = FALSE;
  271. _ASSERT (pCDictionary);
  273. __try
  274. {
  275. pPacketStart = reinterpret_cast <PRADIUSPACKET> (m_pInPacket);
  277. //
  278. // get a pointer to the packet end
  279. //
  280. pPacketEnd = reinterpret_cast <PRADIUSPACKET> (
  281. reinterpret_cast <PBYTE> (pPacketStart)
  282. + m_wInPacketLength
  283. );
  284. //
  285. // go through the attributes once, to verify they are of correct
  286. // length
  287. //
  288. pAttrib = reinterpret_cast <PATTRIBUTE> (pPacketStart->AttributeStart);
  290. const DWORD dwMinAttribOffset = sizeof (ATTRIBUTE) - sizeof (BYTE);
  292. while (static_cast <PVOID> (
  293. reinterpret_cast <PBYTE> (pAttrib) +
  294. dwMinAttribOffset
  295. ) <=
  296. static_cast <PVOID> (pPacketEnd)
  297. )
  298. {
  299. //
  300. // verify that the attributes is of correct length
  301. // and in any case not of length 0
  302. // MKarki Fix #147284
  303. // Fix summary - forgot the "__leave"
  304. //
  305. if (pAttrib->byLength < ATTRIBUTE_HEADER_SIZE)
  307. {
  308. reportMalformed();
  310. m_pCReportEvent->Process (
  311. RADIUS_MALFORMED_PACKET,
  312. GetInCode (),
  313. m_wInPacketLength,
  314. m_dwInIPaddress,
  315. NULL,
  316. static_cast <LPVOID> (m_pInPacket)
  317. );
  318. hr = RADIUS_E_ERRORS_OCCURRED;
  319. __leave;
  320. }
  322. //
  323. // move to the next attribute
  324. //
  325. pAttrib = reinterpret_cast <PATTRIBUTE> (
  326. reinterpret_cast <PBYTE> (pAttrib) +
  327. pAttrib->byLength
  328. );
  329. //
  330. // count the attributes
  331. //
  332. dwAttribCount++;
  333. }
  335. //
  336. // if the attributes don't addup to end of packet
  337. //
  338. if (static_cast <PVOID> (pAttrib) != static_cast <PVOID> (pPacketEnd))
  339. {
  341. IASTracePrintf (
  342. "Attributes do not add up to end of Radius packet"
  343. );
  345. reportMalformed();
  347. m_pCReportEvent->Process (
  348. RADIUS_MALFORMED_PACKET,
  349. GetInCode (),
  350. m_wInPacketLength,
  351. m_dwInIPaddress,
  352. NULL,
  353. static_cast <LPVOID> (m_pInPacket)
  354. );
  355. hr = RADIUS_E_ERRORS_OCCURRED;
  356. __leave;
  357. }
  359. //
  360. // verified
  361. //
  362. m_dwInAttributeCount = dwAttribCount;
  363. }
  364. __finally
  365. {
  366. }
  368. return (hr);
  370. } // end of CPacketRadius::VerifyAttributes method
  372. //+++-------------------------------------------------------------
  373. //
  374. // Function: CreateAttribCollection
  375. //
  376. // Synopsis: This is a CPacketRadius class private method used
  377. // to put the RADIUS attributes into the CAttributes
  378. // collection
  379. //
  380. // Arguments: none
  381. //
  382. // Returns: HRESULT - status
  383. //
  384. // History: MKarki Created 9/23/97
  385. //
  386. // Called By: CPacketRadius::Init method
  387. //
  388. //----------------------------------------------------------------
  389. HRESULT
  390. CPacketRadius::CreateAttribCollection(
  391. CDictionary *pCDictionary
  392. )
  393. {
  394. HRESULT hr = S_OK;
  395. PATTRIBUTE pAttrib = NULL;
  396. DWORD dwAttribType = 0;
  397. DWORD dwCount = 0;
  398. DWORD dwRetVal = ERROR_NOT_ENOUGH_MEMORY;
  399. PIASATTRIBUTE AttributePtrArray[DEFAULT_ATTRIB_ARRAY_SIZE];
  400. PIASATTRIBUTE *ppAttribArray = NULL;
  401. PRADIUSPACKET pPacketStart = reinterpret_cast <PRADIUSPACKET>
  402. (m_pInPacket);
  404. const DWORD dwTotalAttribCount = m_dwInAttributeCount +
  405. COMPONENT_SPECIFIC_ATTRIBUTE_COUNT;
  408. _ASSERT (pCDictionary);
  410. //
  411. // allocate an ATTRIBUTEPOSITION array to carry the attribute
  412. // around
  413. //
  414. m_pIasAttribPos = reinterpret_cast <PATTRIBUTEPOSITION> (
  415. ::CoTaskMemAlloc (
  416. sizeof (ATTRIBUTEPOSITION)*dwTotalAttribCount
  417. ));
  418. if (NULL == m_pIasAttribPos)
  419. {
  420. IASTracePrintf (
  421. "Unable to allocate memory for Attribute position array "
  422. "while creating attribute collection"
  423. );
  424. hr = E_OUTOFMEMORY;
  425. goto Cleanup;
  426. }
  429. if (dwTotalAttribCount > DEFAULT_ATTRIB_ARRAY_SIZE)
  430. {
  431. //
  432. // allocate array to store the attributes in
  433. //
  434. ppAttribArray = reinterpret_cast <PIASATTRIBUTE*> (
  435. ::CoTaskMemAlloc (
  436. sizeof (PIASATTRIBUTE)*dwTotalAttribCount
  437. ));
  438. if (NULL == ppAttribArray)
  439. {
  440. IASTracePrintf (
  441. "Unable to allocate memory for Attribute array "
  442. "while creating attribute collection"
  443. );
  444. hr = E_OUTOFMEMORY;
  445. goto Cleanup;
  446. }
  447. }
  448. else
  449. {
  450. //
  451. // the default array is big enough
  452. //
  453. ppAttribArray = AttributePtrArray;
  454. }
  457. //
  458. // create a bunch of new blank attributes to fill up the positions
  459. //
  460. dwRetVal = ::IASAttributeAlloc (dwTotalAttribCount, ppAttribArray);
  461. if (0 != dwRetVal)
  462. {
  463. IASTracePrintf (
  464. "Unable to allocate IAS attribute while creating attribute "
  465. "collection"
  466. );
  467. hr = HRESULT_FROM_WIN32 (dwRetVal);
  468. goto Cleanup;
  469. }
  471. //
  472. // go through the attributes storing them in the collection
  473. //
  474. pAttrib = reinterpret_cast <PATTRIBUTE> (pPacketStart->AttributeStart);
  476. //
  477. // now initialize the IASATTRIBUTE value structs with the values
  478. // in the packet
  479. //
  480. for (dwCount = 0; dwCount < m_dwInAttributeCount; dwCount++)
  481. {
  482. hr = FillInAttributeInfo (
  483. pCDictionary,
  484. static_cast <PACKETTYPE> (pPacketStart->byCode),
  485. ppAttribArray[dwCount],
  486. pAttrib
  487. );
  488. if (FAILED (hr)) { goto Cleanup; }
  490. //
  491. // now put this in the attribute position structure
  492. //
  493. m_pIasAttribPos[dwCount].pAttribute = ppAttribArray[dwCount];
  495. //
  496. // now store a reference to the attribute here if its
  497. // a User-Password attribute, because we know we will
  498. // access it later and don't want to have to search for
  499. // it
  500. // TODO - do the same kind of stuff for ProxyState
  501. // as we would need the proxystate too.
  502. //
  503. if (USER_PASSWORD_ATTRIB == pAttrib->byType)
  504. {
  505. m_pPasswordAttrib = ppAttribArray[dwCount];
  506. }
  507. else if (SIGNATURE_ATTRIB == pAttrib->byType)
  508. {
  509. //
  510. // for Signature we want its position in the
  511. // raw input buffer
  512. //
  513. m_pInSignature = pAttrib;
  514. }
  515. else if (USER_NAME_ATTRIB == pAttrib->byType)
  516. {
  517. //
  518. // for UserName we want its position in the
  519. // raw input buffer
  520. //
  521. m_pUserName = pAttrib;
  522. }
  524. //
  525. // move to the next attribute now
  526. //
  527. pAttrib = reinterpret_cast <PATTRIBUTE> (
  528. reinterpret_cast <PBYTE> (pAttrib) +
  529. pAttrib->byLength
  530. );
  532. } // end of for loop
  535. //
  536. // put in Client IP address in an attribute
  537. //
  538. hr = FillClientIPInfo (ppAttribArray[m_dwInAttributeCount]);
  539. if (FAILED (hr)) { goto Cleanup; }
  541. m_pIasAttribPos[m_dwInAttributeCount].pAttribute =
  542. ppAttribArray[m_dwInAttributeCount];
  544. //
  545. // put in Client Port number in the attribute
  546. //
  547. hr = FillClientPortInfo (ppAttribArray[m_dwInAttributeCount +1]);
  548. if (FAILED (hr)) { goto Cleanup; }
  550. m_pIasAttribPos[m_dwInAttributeCount +1].pAttribute =
  551. ppAttribArray[m_dwInAttributeCount +1];
  553. //
  554. // put in the packet header information
  555. //
  556. hr = FillPacketHeaderInfo (ppAttribArray[m_dwInAttributeCount +2]);
  557. if (FAILED (hr)) { goto Cleanup; }
  559. m_pIasAttribPos[m_dwInAttributeCount +2].pAttribute =
  560. ppAttribArray[m_dwInAttributeCount +2];
  562. //
  563. // put in the Shared Secret
  564. //
  565. hr = FillSharedSecretInfo (ppAttribArray[m_dwInAttributeCount +3]);
  566. if (FAILED (hr)) { goto Cleanup; }
  568. m_pIasAttribPos[m_dwInAttributeCount +3].pAttribute =
  569. ppAttribArray[m_dwInAttributeCount +3];
  570. //
  571. // put in the Client Vendor Type
  572. //
  573. hr = FillClientVendorType (ppAttribArray[m_dwInAttributeCount +4]);
  574. if (FAILED (hr)) { goto Cleanup; }
  576. m_pIasAttribPos[m_dwInAttributeCount +4].pAttribute =
  577. ppAttribArray[m_dwInAttributeCount +4];
  579. //
  580. // put in the Client Name
  581. //
  582. hr = FillClientName (ppAttribArray[m_dwInAttributeCount +5]);
  583. if (FAILED (hr)) { goto Cleanup; }
  585. m_pIasAttribPos[m_dwInAttributeCount +5].pAttribute =
  586. ppAttribArray[m_dwInAttributeCount +5];
  589. //
  590. // successfully collected attributes
  591. //
  593. Cleanup:
  595. if (FAILED (hr))
  596. {
  598. if (0 == dwRetVal)
  599. {
  600. //
  601. // release the attribute
  602. //
  603. for (dwCount = 0; dwCount < m_dwInAttributeCount; dwCount++)
  604. {
  605. ::IASAttributeRelease (ppAttribArray[dwCount]);
  606. }
  607. }
  609. if (NULL != m_pIasAttribPos)
  610. {
  611. ::CoTaskMemFree (m_pIasAttribPos);
  612. m_pIasAttribPos = NULL;
  613. }
  614. }
  616. //
  617. // the attribute array is always freed
  618. //
  619. if (
  620. (NULL != ppAttribArray) &&
  621. (dwTotalAttribCount > DEFAULT_ATTRIB_ARRAY_SIZE)
  622. )
  623. {
  624. ::CoTaskMemFree (ppAttribArray);
  625. }
  627. return (hr);
  629. } // end of CPacketRadius::CreateAttribCollection method
  631. //+++-------------------------------------------------------------
  632. //
  633. // Function: ValidatePacketFields
  634. //
  635. // Synopsis: This is a CPacketRadius class private method used
  636. // to validate the fields of the RADIUS packet, execpt
  637. // the attributes
  638. //
  639. // Arguments: [in] DWORD - buffer size
  640. //
  641. //
  642. // Returns: HRESULT - status
  643. //
  644. //
  645. // History: MKarki Created 9/23/97
  646. //
  647. // Called By: CPacketRadius::PrelimVerification method
  648. //
  649. //----------------------------------------------------------------
  650. HRESULT
  651. CPacketRadius::ValidatePacketFields(
  652. DWORD dwBufferSize
  653. )
  654. {
  655. HRESULT hr = S_OK;
  656. TCHAR szErrorString [IAS_ERROR_STRING_LENGTH];
  657. PRADIUSPACKET pPacket =
  658. reinterpret_cast <PRADIUSPACKET> (m_pInPacket);
  660. __try
  661. {
  662. //
  663. // check that we have received the complete packet
  664. //
  665. if (m_wInPacketLength > dwBufferSize)
  666. {
  667. //
  668. // log error and generate audit event
  669. //
  670. IASTracePrintf (
  671. "Packet length:%d is greater than received buffer:%d",
  672. m_wInPacketLength,
  673. dwBufferSize
  674. );
  676. reportMalformed();
  678. m_pCReportEvent->Process (
  679. RADIUS_MALFORMED_PACKET,
  680. (AUTH_PORTTYPE== GetPortType ())?
  681. ACCESS_REQUEST:ACCOUNTING_REQUEST,
  682. dwBufferSize,
  683. m_dwInIPaddress,
  684. NULL,
  685. static_cast <LPVOID> (m_pInPacket)
  686. );
  687. hr = RADIUS_E_ERRORS_OCCURRED;
  688. __leave;
  689. }
  691. //
  692. // verify that the packet is of correct lenth;
  693. // i.e between 20 to 4096 octets
  694. //
  695. if (
  696. (m_wInPacketLength < MIN_PACKET_SIZE) ||
  697. (m_wInPacketLength > MAX_PACKET_SIZE)
  698. )
  699. {
  700. //
  701. // Log Error and Audit Event
  702. //
  703. IASTracePrintf (
  704. "Incorrect received packet size:%d",
  705. m_wInPacketLength
  706. );
  708. reportMalformed();
  710. m_pCReportEvent->Process (
  711. RADIUS_MALFORMED_PACKET,
  712. (AUTH_PORTTYPE == GetPortType ())?
  713. ACCESS_REQUEST:ACCOUNTING_REQUEST,
  714. dwBufferSize,
  715. m_dwInIPaddress,
  716. NULL,
  717. static_cast <LPVOID> (m_pInPacket)
  718. );
  719. hr = RADIUS_E_ERRORS_OCCURRED;
  720. __leave;
  721. }
  723. //
  724. // verify that the PACKET code is correct
  725. //
  726. if (
  727. ((ACCESS_REQUEST == static_cast <PACKETTYPE> (pPacket->byCode)) &&
  728. (AUTH_PORTTYPE != GetPortType ()))
  729. ||
  730. ((ACCOUNTING_REQUEST == static_cast<PACKETTYPE>(pPacket->byCode)) &&
  731. (ACCT_PORTTYPE != GetPortType ()))
  732. ||
  733. (((ACCESS_REQUEST != static_cast<PACKETTYPE>(pPacket->byCode))) &&
  734. ((ACCOUNTING_REQUEST != static_cast<PACKETTYPE>(pPacket->byCode))))
  735. )
  736. {
  738. //
  739. // log error and generate audit event
  740. //
  741. IASTracePrintf (
  742. "UnSupported Packet type:%d on this port",
  743. static_cast <INT> (pPacket->byCode)
  744. );
  746. WCHAR packetCode[11];
  747. _ultow(pPacket->byCode, packetCode, 10);
  749. sockaddr_in sin;
  750. int namelen = sizeof(sin);
  751. getsockname(GetSocket(), (sockaddr*)&sin, &namelen);
  752. WCHAR dstPort[11];
  753. _ultow(ntohs(sin.sin_port), dstPort, 10);
  755. PCWSTR strings[] = { packetCode, dstPort, GetClientName() };
  757. IASReportEvent(
  758. RADIUS_E_INVALID_PACKET_TYPE,
  759. 3,
  760. 0,
  761. strings,
  762. NULL
  763. );
  765. m_pCReportEvent->Process (
  766. RADIUS_UNKNOWN_TYPE,
  767. (AUTH_PORTTYPE == GetPortType ())?
  768. ACCESS_REQUEST:ACCOUNTING_REQUEST,
  769. dwBufferSize,
  770. m_dwInIPaddress,
  771. NULL,
  772. static_cast <LPVOID> (m_pInPacket)
  773. );
  774. hr = RADIUS_E_ERRORS_OCCURRED;
  775. __leave;
  776. }
  778. }
  779. __finally
  780. {
  781. }
  783. return (hr);
  785. } // end of CPacketRadius::ValidatePacketFields method
  787. //+++-------------------------------------------------------------
  788. //
  789. // Function: SetPassword
  790. //
  791. // Synopsis: Thie is a CPacketRadius class public method used to
  792. // store the user password.
  793. //
  794. // Arguments: [in] PBYTE - buffer to return password
  795. // [in] PDWORD - holds the buffer size
  796. //
  797. //
  798. // Returns: HRESULT - status
  799. //
  800. // History: MKarki Created 9/23/97
  801. //
  802. //----------------------------------------------------------------
  803. HRESULT
  804. CPacketRadius::SetPassword (
  805. PBYTE pPassword,
  806. DWORD dwSize
  807. )
  808. {
  810. if (dwSize > MAX_ATTRIBUTE_LENGTH)
  811. {
  812. IASTracePrintf (
  813. "Password length is greater than max attribute value size"
  814. );
  815. return (E_INVALIDARG);
  816. }
  818. //
  819. // delete the dynamically allocated memory if its not big enough
  820. //
  821. if (dwSize > m_pPasswordAttrib->Value.OctetString.dwLength)
  822. {
  823. if (NULL != m_pPasswordAttrib->Value.OctetString.lpValue)
  824. {
  825. ::CoTaskMemFree (m_pPasswordAttrib->Value.OctetString.lpValue);
  826. }
  828. //
  829. // allocate memory for OctetString
  830. //
  831. m_pPasswordAttrib->Value.OctetString.lpValue =
  832. reinterpret_cast <PBYTE> (::CoTaskMemAlloc (dwSize));
  833. if (NULL == m_pPasswordAttrib->Value.OctetString.lpValue)
  834. {
  835. IASTracePrintf (
  836. "Unable to allocate memory for password attribute "
  837. "during packet processing"
  838. );
  839. return (E_OUTOFMEMORY);
  840. }
  841. }
  843. //
  844. // copy the value now
  845. //
  846. CopyMemory (
  847. m_pPasswordAttrib->Value.OctetString.lpValue,
  848. pPassword,
  849. dwSize
  850. );
  852. m_pPasswordAttrib->Value.OctetString.dwLength = dwSize;
  854. return (S_OK);
  856. } // end of CPacketRadius::SetPassword method
  858. //+++-------------------------------------------------------------
  859. //
  860. // Function: GetPassword
  861. //
  862. // Synopsis: Thie is a CPacketRadius class public method used to
  863. // return the RADIUS password.
  864. //
  865. // Arguments: [in] PBYTE - buffer to return the password in
  866. // [in/out] PDWORD - holds the buffer size
  867. //
  868. // Returns: HRESULT - status
  869. //
  870. // History: MKarki Created 9/23/97
  871. //
  872. //----------------------------------------------------------------
  873. HRESULT
  874. CPacketRadius :: GetPassword (
  875. PBYTE pbyPassword,
  876. PDWORD pdwBufferSize
  877. )
  878. {
  879. HRESULT hr = S_OK;
  881. _ASSERT ((pbyPassword) && (pdwBufferSize));
  883. if (*pdwBufferSize < m_pPasswordAttrib->Value.OctetString.dwLength)
  884. {
  885. IASTracePrintf (
  886. "Password BufferSize is less than length of password"
  887. );
  888. hr = E_INVALIDARG;
  889. }
  890. else
  891. {
  892. //
  893. // copy the password into the out buffer
  894. //
  895. CopyMemory (
  896. pbyPassword,
  897. m_pPasswordAttrib->Value.OctetString.lpValue,
  898. m_pPasswordAttrib->Value.OctetString.dwLength
  899. );
  900. }
  902. *pdwBufferSize = m_pPasswordAttrib->Value.OctetString.dwLength;
  903. return (hr);
  905. } // end of CPacketRadius::GetPassword method
  907. //++--------------------------------------------------------------
  908. //
  909. // Function: GetUserName
  910. //
  911. // Synopsis: Thie is a CPacketRadius class public method used to
  912. // return the RADIUS UserName
  913. //
  914. // Arguments: [in] PBYTE - buffer to return the password in
  915. // [in/out] PDWORD - holds the buffer size
  916. //
  917. // Returns: BOOL - status
  918. //
  919. // History: MKarki Created 9/23/97
  920. //
  921. //----------------------------------------------------------------
  922. BOOL
  923. CPacketRadius :: GetUserName (
  924. PBYTE pbyUserName,
  925. PDWORD pdwBufferSize
  926. )
  927. {
  928. _ASSERT ((pbyUserName) && (pdwBufferSize));
  930. if (NULL == m_pUserName)
  931. {
  932. IASTracePrintf (
  933. "No User-Name attribute found during packet processing"
  934. );
  935. return (FALSE);
  936. }
  938. DWORD dwNameLength = m_pUserName->byLength - ATTRIBUTE_HEADER_SIZE;
  939. if (*pdwBufferSize < dwNameLength)
  940. {
  941. IASTracePrintf (
  942. "User-Name Buffer Size is less than length of attribute value"
  943. );
  944. return (FALSE);
  945. }
  947. //
  948. // copy the password into the out buffer
  949. //
  950. CopyMemory (pbyUserName, m_pUserName->ValueStart, dwNameLength);
  951. *pdwBufferSize = dwNameLength;
  953. return (TRUE);
  955. } // end of CPacketRadius::GetPassword method
  958. //++--------------------------------------------------------------
  959. //
  960. // Function: IsProxyStatePresent
  961. //
  962. // Synopsis: Thie is a CPacketRadius class public method used to
  963. // check if the RADIUS packet has a proxy state present.
  964. //
  965. //
  966. // Arguments: none
  967. //
  968. //
  969. // Returns: BOOL - status
  970. //
  971. //
  972. // History: MKarki Created 9/23/97
  973. //
  974. //----------------------------------------------------------------
  975. BOOL
  976. CPacketRadius::IsProxyStatePresent (
  977. VOID
  978. )
  979. {
  980. return (NULL != m_pCProxyInfo);
  982. } // end of CPacketRadius::IsProxyStatePresent method
  984. //++--------------------------------------------------------------
  985. //
  986. // Function: GetInAuthenticator
  987. //
  988. // Synopsis: Thie is a CPacketRadius class public method used
  989. // to get the inbound RADIUS packet authenticator
  990. // field.
  991. //
  992. //
  993. // Arguments: [out] PBYTE - buffer to hold authenticator
  994. //
  995. //
  996. // Returns: BOOL - status
  997. //
  998. // History: MKarki Created 9/23/97
  999. //
  1000. //----------------------------------------------------------------
  1001. HRESULT
  1002. CPacketRadius::GetInAuthenticator (
  1003. PBYTE pbyAuthenticator,
  1004. PDWORD pdwBufSize
  1005. )
  1006. {
  1007. HRESULT hr = S_OK;
  1008. PRADIUSPACKET pPacket = reinterpret_cast <PRADIUSPACKET>(m_pInPacket);
  1011. _ASSERT ((pbyAuthenticator) && (pdwBufSize) && (pPacket));
  1013. if (*pdwBufSize < AUTHENTICATOR_SIZE)
  1014. {
  1015. hr = E_INVALIDARG;
  1016. }
  1017. else
  1018. {
  1019. CopyMemory (
  1020. pbyAuthenticator,
  1021. pPacket->Authenticator,
  1022. AUTHENTICATOR_SIZE
  1023. );
  1024. }
  1026. *pdwBufSize = AUTHENTICATOR_SIZE;
  1027. return hr;
  1028. } // end of CPacketRadius::GetInAuthenticator method
  1030. //++--------------------------------------------------------------
  1031. //
  1032. // Function: SetOutAuthenticator
  1033. //
  1034. // Synopsis: Thie is a CPacketRadius class public method used
  1035. // to set the RADIUS authenticator field in the outbound
  1036. // packet
  1037. //
  1038. //
  1039. // Arguments: [in] PBYTE - buffer hold authenticator
  1040. //
  1041. //
  1042. // Returns: BOOL - status
  1043. //
  1044. //
  1045. // History: MKarki Created 11/11/97
  1046. //
  1047. //----------------------------------------------------------------
  1048. BOOL
  1049. CPacketRadius::SetOutAuthenticator (
  1050. PBYTE pbyAuthenticator
  1051. )
  1052. {
  1053. PRADIUSPACKET pPacket = reinterpret_cast <PRADIUSPACKET> (m_pOutPacket);
  1055. _ASSERT ((pbyAuthenticator) && (pPacket));
  1057. CopyMemory (
  1058. pPacket->Authenticator,
  1059. pbyAuthenticator,
  1060. AUTHENTICATOR_SIZE
  1061. );
  1063. return (TRUE);
  1065. } // end of CPacketRadius::SetOutAuthenticator method
  1067. //++--------------------------------------------------------------
  1068. //
  1069. // Function: SetOutSignature
  1070. //
  1071. // Synopsis: Thie is a CPacketRadius class public method used
  1072. // to set the RADIUS Signature attribute value in the
  1073. // outbound packet
  1074. //
  1075. //
  1076. // Arguments: [in] PBYTE - buffer holds signature
  1077. //
  1078. //
  1079. // Returns: BOOL - status
  1080. //
  1081. //
  1082. // History: MKarki Created 11/18/98
  1083. //
  1084. //----------------------------------------------------------------
  1085. HRESULT
  1086. CPacketRadius::SetOutSignature (
  1087. PBYTE pbySignature
  1088. )
  1089. {
  1090. _ASSERT (pbySignature && m_pOutPacket && m_pOutSignature);
  1092. CopyMemory (
  1093. m_pOutSignature->ValueStart,
  1094. pbySignature,
  1095. SIGNATURE_SIZE
  1096. );
  1098. return (S_OK);
  1100. } // end of CPacketRadius::SetOutSignature method
  1102. //+++-------------------------------------------------------------
  1103. //
  1104. // Function: GetInCode
  1105. //
  1106. // Synopsis: Thie is a CPacketRadius class public method used
  1107. // to get the inbound RADIUS packet code field.
  1108. //
  1109. //
  1110. // Arguments: none
  1111. //
  1112. //
  1113. // Returns: PACKETTYPE
  1114. //
  1115. //
  1116. // History: MKarki Created 9/23/97
  1117. //
  1118. //----------------------------------------------------------------
  1119. PACKETTYPE
  1120. CPacketRadius::GetInCode (
  1121. VOID
  1122. )
  1123. {
  1124. PRADIUSPACKET pPacket = reinterpret_cast <PRADIUSPACKET>
  1125. (m_pInPacket);
  1127. return (static_cast <PACKETTYPE> (pPacket->byCode));
  1129. } // end of CPacketRadius::GetInCode method
  1131. //++--------------------------------------------------------------
  1132. //
  1133. // Function: GetOutCode
  1134. //
  1135. // Synopsis: Thie is a CPacketRadius class public method used
  1136. // to get the outbound RADIUS packet code field.
  1137. //
  1138. //
  1139. // Arguments: NONE
  1140. //
  1141. //
  1142. // Returns: PACKETTYPE
  1143. //
  1144. //
  1145. // History: MKarki Created 9/23/97
  1146. //
  1147. //----------------------------------------------------------------
  1148. PACKETTYPE
  1149. CPacketRadius::GetOutCode (
  1150. VOID
  1151. )
  1152. {
  1153. PRADIUSPACKET pPacket = reinterpret_cast <PRADIUSPACKET> (m_pOutPacket);
  1155. return (static_cast <PACKETTYPE> (pPacket->byCode));
  1157. } // end of CPacketRadius::GetOutCode method
  1159. //++--------------------------------------------------------------
  1160. //
  1161. // Function: GetOutLength
  1162. //
  1163. // Synopsis: Thie is a CPacketRadius class public method used
  1164. // to get the outbound RADIUS packet length.
  1165. //
  1166. //
  1167. // Arguments: none
  1168. //
  1169. //
  1170. // Returns: WORD - RADIUS in packet length
  1171. //
  1172. //
  1173. // History: MKarki Created 9/23/97
  1174. //
  1175. //----------------------------------------------------------------
  1176. WORD
  1177. CPacketRadius::GetOutLength (
  1178. VOID
  1179. )
  1180. {
  1181. PRADIUSPACKET pPacket = reinterpret_cast <PRADIUSPACKET>
  1182. (m_pOutPacket);
  1184. return (ntohs (pPacket->wLength));
  1186. } // end of CPacketRadius::GetOutLength method
  1189. //++--------------------------------------------------------------
  1190. //
  1191. // Function: SetProxyState
  1192. //
  1193. // Synopsis: Thie is a CPacketRadius class public method used
  1194. // to set the proxy state to TRUE
  1195. //
  1196. // Arguments: none
  1197. //
  1198. // Returns: BOOL - status
  1199. //
  1200. // History: MKarki Created 10/2/97
  1201. //
  1202. //----------------------------------------------------------------
  1203. VOID
  1204. CPacketRadius::SetProxyState (
  1205. VOID
  1206. )
  1207. {
  1208. return;
  1210. } // end of CPacketRadius::SetProxyState method
  1212. //++--------------------------------------------------------------
  1213. //
  1214. // Function: SetProxyInfo
  1215. //
  1216. // Synopsis: Thie is a CPacketRadius class public method used
  1217. // to set the proxy state information for the packet
  1218. //
  1219. // Arguments: [in] CProxyInfo*
  1220. //
  1221. // Returns: BOOL - status
  1222. //
  1223. // History: MKarki Created 10/2/97
  1224. //
  1225. //----------------------------------------------------------------
  1226. BOOL
  1227. CPacketRadius::SetProxyInfo (
  1228. CProxyInfo *pCProxyInfo
  1229. )
  1230. {
  1231. BOOL bRetVal = FALSE;
  1233. _ASSERT (pCProxyInfo);
  1235. m_pCProxyInfo = pCProxyInfo;
  1237. return (TRUE);
  1239. } // end of CPacketRadius::SetProxyInfo method
  1241. //++--------------------------------------------------------------
  1242. //
  1243. // Function: BuildOutPacket
  1244. //
  1245. // Synopsis: This is a CPacketRadius class public method used
  1246. // to build the outbound packet
  1247. //
  1248. // Arguments:
  1249. // [in] PACKETTYPE - out packet type
  1250. // [in] PATTRIBUTEPOSITION - out attributes array
  1251. // [in] DWORD - Attributes Count
  1252. //
  1253. // Returns: HRESULT - status
  1254. //
  1255. // History: MKarki Created 10/22/97
  1256. //
  1257. //----------------------------------------------------------------
  1258. HRESULT
  1259. CPacketRadius::BuildOutPacket (
  1260. PACKETTYPE ePacketType,
  1261. PATTRIBUTEPOSITION pAttribPos,
  1262. DWORD dwTotalAttributes
  1263. )
  1264. {
  1265. BOOL bRetVal = FALSE;
  1266. PRADIUSPACKET pOutPacket = NULL;
  1267. PRADIUSPACKET pInPacket = reinterpret_cast <PRADIUSPACKET> (m_pInPacket);
  1268. PATTRIBUTE pCurrent = NULL;
  1269. PATTRIBUTE pAttribStart = NULL;
  1270. PBYTE pPacketEnd = NULL;
  1271. WORD wAttributeLength = 0;
  1272. DWORD dwPacketLength = 0;
  1273. DWORD dwMaxPossibleAttribLength = 0;
  1274. HRESULT hr = S_OK;
  1276. __try
  1277. {
  1278. dwPacketLength =
  1279. PACKET_HEADER_SIZE +
  1280. dwTotalAttributes*(MAX_ATTRIBUTE_LENGTH + ATTRIBUTE_HEADER_SIZE);
  1282. //
  1283. // limit the packet size to max UDP packet size
  1284. //
  1285. dwPacketLength = (dwPacketLength > MAX_PACKET_SIZE)
  1286. ? MAX_PACKET_SIZE
  1287. : dwPacketLength;
  1289. m_pOutPacket = reinterpret_cast <PBYTE> (m_OutBufferPool.allocate ());
  1290. if (NULL == m_pOutPacket)
  1291. {
  1292. IASTracePrintf (
  1293. "Unable to allocate memory for pool for out-bound packet"
  1294. );
  1295. hr = E_OUTOFMEMORY;
  1296. __leave;
  1297. }
  1299. pOutPacket = reinterpret_cast <PRADIUSPACKET> (m_pOutPacket);
  1301. //
  1302. // put the packet type
  1303. //
  1304. pOutPacket->byCode = ePacketType;
  1306. //
  1307. // put the packet ID
  1308. //
  1309. pOutPacket->byIdentifier = pInPacket->byIdentifier;
  1311. //
  1312. // now fill in the current packet length
  1313. //
  1314. pOutPacket->wLength = htons (PACKET_HEADER_SIZE);
  1316. //
  1317. // get the end of buffer
  1318. //
  1319. pPacketEnd = (reinterpret_cast <PBYTE> (pOutPacket)) + dwPacketLength;
  1321. //
  1322. // goto start of attributes
  1323. //
  1324. pAttribStart = reinterpret_cast <PATTRIBUTE>
  1325. (pOutPacket->AttributeStart);
  1327. //
  1328. // Fix for Bug #190523 - 06/26/98 - MKarki
  1329. // we shouldn't be taking diff of PUNINTs
  1330. //
  1331. dwMaxPossibleAttribLength = static_cast <DWORD> (
  1332. reinterpret_cast<PBYTE> (pPacketEnd) -
  1333. reinterpret_cast<PBYTE> (pAttribStart)
  1334. );
  1336. //
  1337. // filled the attributes now
  1338. //
  1339. for (
  1340. DWORD dwAttribCount = 0;
  1341. dwAttribCount < dwTotalAttributes;
  1342. dwAttribCount++
  1343. )
  1344. {
  1345. if (IsOutBoundAttribute (
  1346. ePacketType,
  1347. pAttribPos[dwAttribCount].pAttribute
  1348. ))
  1349. {
  1350. //
  1351. // fill the attribute in the packet buffer
  1352. //
  1353. hr = FillOutAttributeInfo (
  1354. pAttribStart,
  1355. pAttribPos[dwAttribCount].pAttribute,
  1356. &wAttributeLength,
  1357. dwMaxPossibleAttribLength
  1358. );
  1359. if (FAILED (hr)) { __leave; }
  1361. dwMaxPossibleAttribLength -= wAttributeLength;
  1363. //
  1364. // go to the next attribute start
  1365. //
  1366. PBYTE pTemp = reinterpret_cast <PBYTE> (pAttribStart) +
  1367. wAttributeLength;
  1368. pAttribStart = reinterpret_cast <PATTRIBUTE> (pTemp);
  1370. if ((reinterpret_cast <PBYTE> (pAttribStart)) > pPacketEnd)
  1371. {
  1372. //
  1373. // log error
  1374. //
  1375. IASTracePrintf (
  1376. "Attributes can not fit in out-bound packet"
  1377. );
  1378. hr = RADIUS_E_PACKET_OVERFLOW;
  1379. __leave;
  1380. }
  1381. } // end of if
  1383. } // end of for loop
  1385. m_wOutPort = m_wInPort;
  1386. m_dwOutIPaddress = m_dwInIPaddress;
  1388. //
  1389. // now update the length of the packet
  1390. //
  1391. pOutPacket->wLength = htons (
  1392. (reinterpret_cast <PBYTE> (pAttribStart)) -
  1393. (reinterpret_cast <PBYTE> (pOutPacket))
  1394. );
  1395. //
  1396. // success
  1397. //
  1398. }
  1399. __finally
  1400. {
  1401. }
  1403. if (hr == RADIUS_E_PACKET_OVERFLOW)
  1404. {
  1405. IASReportEvent(
  1406. RADIUS_E_PACKET_OVERFLOW,
  1407. 0,
  1408. 0,
  1409. NULL,
  1410. NULL
  1411. );
  1412. hr = RADIUS_E_ERRORS_OCCURRED;
  1413. }
  1415. return (hr);
  1417. } // end of CPacketRadius::BuildOutPacket method
  1419. //++--------------------------------------------------------------
  1420. //
  1421. // Function: GetInSignature
  1422. //
  1423. // Synopsis: This is CPacketARadius class public method
  1424. // that returns the Signature attribute present
  1425. // in the in bound request
  1426. //
  1427. // Arguments:
  1428. // [out] PBYTE - signature
  1429. //
  1430. // Returns: BOOL - status
  1431. //
  1432. // History: MKarki Created 1/6/98
  1433. //
  1434. //----------------------------------------------------------------
  1435. BOOL
  1436. CPacketRadius::GetInSignature (
  1437. PBYTE pSignatureValue
  1438. )
  1439. {
  1440. BOOL bRetVal = TRUE;
  1442. _ASSERT (pSignatureValue);
  1444. //
  1445. // assuming that the caller provides a buffer of 16 bytes
  1446. // as this the signature size ALWAYS
  1447. //
  1448. if (NULL == m_pInSignature)
  1449. {
  1450. //
  1451. // no signature attribute received
  1452. //
  1453. bRetVal = FALSE;
  1454. }
  1455. else
  1456. {
  1457. CopyMemory (
  1458. pSignatureValue,
  1459. m_pInSignature->ValueStart,
  1460. SIGNATURE_SIZE
  1461. );
  1462. }
  1464. return (bRetVal);
  1466. } // end of CPacketRadius::GetInSignature method
  1468. //++--------------------------------------------------------------
  1469. //
  1470. // Function: GenerateInAuthenticator
  1471. //
  1472. // Synopsis: This is CPacketARadius class public method
  1473. // that generates the authenticator from the
  1474. // input packet
  1475. //
  1476. // Arguments:
  1477. // [in] PBYTE - Inbound Authenticator
  1478. // [out] PBYTE - Outbound Authenticator
  1479. //
  1480. // Returns: BOOL - status
  1481. //
  1482. // History: MKarki Created 12/8/97
  1483. //
  1484. //
  1485. //----------------------------------------------------------------
  1486. BOOL
  1487. CPacketRadius::GenerateInAuthenticator (
  1488. PBYTE pInAuthenticator,
  1489. PBYTE pOutAuthenticator
  1490. )
  1491. {
  1493. PRADIUSPACKET pPacket = reinterpret_cast <PRADIUSPACKET> (m_pInPacket);
  1495. _ASSERT ((pOutAuthenticator) && (pInAuthenticator) && (pPacket));
  1497. return (InternalGenerator (
  1498. pInAuthenticator,
  1499. pOutAuthenticator,
  1500. pPacket
  1501. ));
  1503. } // end of CPacketRadius::GenerateInAuthenticator
  1505. //++--------------------------------------------------------------
  1506. //
  1507. // Function: GenerateOutAuthenticator
  1508. //
  1509. // Synopsis: This is CPacketARadius class public method
  1510. // that generates the authenticator from the
  1511. // outbound packet
  1512. //
  1513. // Arguments:
  1514. // [in] PBYTE - Inbound authenticator
  1515. // [out] PBYTE - Outbound authenticator
  1516. //
  1517. // Returns: BOOL - status
  1518. //
  1519. // History: MKarki Created 12/8/97
  1520. //
  1521. //
  1522. //----------------------------------------------------------------
  1523. BOOL
  1524. CPacketRadius::GenerateOutAuthenticator()
  1525. {
  1526. PRADIUSPACKET pPacket = reinterpret_cast <PRADIUSPACKET> (m_pOutPacket);
  1528. _ASSERT ((pOutAuthenticator) && (pInAuthenticator) && (pPacket));
  1530. return (InternalGenerator (
  1531. m_pInPacket + 4,
  1532. pPacket->Authenticator,
  1533. pPacket
  1534. ));
  1536. } // end of CPacketRadius::GenerateOutAuthenticator method
  1538. //++--------------------------------------------------------------
  1539. //
  1540. // Function: InternalGenerator
  1541. //
  1542. // Synopsis: This is CPacketARadius class private method
  1543. // that generates the response authenticator for the
  1544. // packet provided
  1545. //
  1546. // Arguments:
  1547. // [in] PBYTE - InAuthenticator
  1548. // [out] PBYTE - OutAuthenticator
  1549. // [in] PPACKETRADIUS
  1550. //
  1551. // Returns: BOOL - status
  1552. //
  1553. // History: MKarki Created 12/8/97
  1554. //
  1555. //
  1556. //----------------------------------------------------------------
  1557. BOOL
  1558. CPacketRadius::InternalGenerator(
  1559. PBYTE pInAuthenticator,
  1560. PBYTE pOutAuthenticator,
  1561. PRADIUSPACKET pPacket
  1562. )
  1563. {
  1564. BOOL bStatus = TRUE;
  1565. DWORD dwPacketHeaderSize = 0;
  1566. DWORD dwAttributesLength = 0;
  1567. BYTE bySecret[MAX_SECRET_SIZE];
  1568. DWORD dwSecretSize = MAX_SECRET_SIZE;
  1570. _ASSERT ((pInAuthenticator) && (pOutAuthenticator) && (pPacket));
  1572. __try
  1573. {
  1575. //
  1576. // get the size of the packet without the attributes and
  1577. // request authenticator
  1578. //
  1579. dwPacketHeaderSize = sizeof (RADIUSPACKET)
  1580. - sizeof (BYTE)
  1581. - AUTHENTICATOR_SIZE;
  1583. //
  1584. // get the total attributes length now
  1585. //
  1586. dwAttributesLength = ntohs (pPacket->wLength)
  1587. - (dwPacketHeaderSize + AUTHENTICATOR_SIZE);
  1590. //
  1591. // get the shared secret
  1592. //
  1593. HRESULT hr = m_pIIasClient->GetSecret (bySecret, &dwSecretSize);
  1594. if (FAILED (hr))
  1595. {
  1596. bStatus = FALSE;
  1597. __leave;
  1598. }
  1601. //
  1602. // do the hashing here
  1603. //
  1604. m_pCHashMD5->HashIt (
  1605. pOutAuthenticator,
  1606. NULL,
  1607. 0,
  1608. reinterpret_cast <PBYTE> (pPacket),
  1609. dwPacketHeaderSize,
  1610. pInAuthenticator,
  1611. AUTHENTICATOR_SIZE,
  1612. pPacket->AttributeStart,
  1613. dwAttributesLength,
  1614. reinterpret_cast <PBYTE> (bySecret),
  1615. dwSecretSize,
  1616. 0,
  1617. 0
  1618. );
  1620. //
  1621. // we have successfully got the outbound authenticator
  1622. //
  1624. }
  1625. __finally
  1626. {
  1627. }
  1629. return (bStatus);
  1631. } // end of CPacketRadius::InternalGenerator method
  1633. //++--------------------------------------------------------------
  1634. //
  1635. // Function: FillInAttributeInfo
  1636. //
  1637. // Synopsis: This is CPacketARadius class private method
  1638. // that fills up the attribute information into
  1639. // the IASATTRIBUTE struct from the raw RADIUS
  1640. // packet
  1641. //
  1642. // Arguments:
  1643. // [in] PACKETTYPE
  1644. // [in] PIASATTRIBUTE
  1645. // [in] PATTRIBUTE
  1646. //
  1647. // Returns: HRESULT - status
  1648. //
  1649. // History: MKarki Created 12/31/97
  1650. //
  1651. //---------------------------------------------------------------
  1652. HRESULT
  1653. CPacketRadius::FillInAttributeInfo (
  1654. CDictionary *pCDictionary,
  1655. PACKETTYPE ePacketType,
  1656. PIASATTRIBUTE pIasAttrib,
  1657. PATTRIBUTE pRadiusAttrib
  1658. )
  1659. {
  1660. HRESULT hr = S_OK;
  1662. _ASSERT ((pCDictionary) && (pIasAttrib) && (pRadiusAttrib));
  1664. __try
  1665. {
  1666. // IAS IDs always match the RADIUS ID.
  1667. pIasAttrib->dwId = pRadiusAttrib->byType;
  1669. // Get the IAS syntax from the dictionary.
  1670. pIasAttrib->Value.itType =
  1671. pCDictionary->getAttributeType(pRadiusAttrib->byType);
  1673. //
  1674. // get the length of the value
  1675. //
  1676. DWORD dwValueLength = static_cast <DWORD>
  1677. (pRadiusAttrib->byLength - ATTRIBUTE_HEADER_SIZE);
  1679. //
  1680. // Set Value now
  1681. //
  1682. switch (pIasAttrib->Value.itType)
  1683. {
  1684. case IASTYPE_BOOLEAN:
  1686. if (sizeof (DWORD) != dwValueLength)
  1687. {
  1688. hr = RADIUS_E_MALFORMED_PACKET;
  1689. __leave;
  1690. }
  1691. pIasAttrib->Value.Boolean = IASExtractDWORD(
  1692. pRadiusAttrib->ValueStart
  1693. );
  1695. break;
  1697. case IASTYPE_INTEGER:
  1698. if (sizeof (DWORD) != dwValueLength)
  1699. {
  1700. hr = RADIUS_E_MALFORMED_PACKET;
  1701. __leave;
  1702. }
  1703. pIasAttrib->Value.Integer = IASExtractDWORD(
  1704. pRadiusAttrib->ValueStart
  1705. );
  1706. break;
  1708. case IASTYPE_ENUM:
  1709. if (sizeof (DWORD) != dwValueLength)
  1710. {
  1711. hr = RADIUS_E_MALFORMED_PACKET;
  1712. __leave;
  1713. }
  1714. pIasAttrib->Value.Enumerator = IASExtractDWORD(
  1715. pRadiusAttrib->ValueStart
  1716. );
  1717. break;
  1719. case IASTYPE_INET_ADDR:
  1720. if (sizeof (DWORD) != dwValueLength)
  1721. {
  1722. hr = RADIUS_E_MALFORMED_PACKET;
  1723. __leave;
  1724. }
  1725. pIasAttrib->Value.InetAddr = IASExtractDWORD(
  1726. pRadiusAttrib->ValueStart
  1727. );
  1728. break;
  1730. case IASTYPE_STRING:
  1731. //
  1732. // allocate memory for string + ending NUL
  1733. //
  1734. if(0 == dwValueLength)
  1735. {
  1736. pIasAttrib->Value.String.pszAnsi = NULL;
  1737. }
  1738. else
  1739. {
  1740. pIasAttrib->Value.String.pszAnsi =
  1741. reinterpret_cast <PCHAR>
  1742. (::CoTaskMemAlloc (dwValueLength + 1));
  1743. if (NULL == pIasAttrib->Value.String.pszAnsi)
  1744. {
  1745. hr = E_OUTOFMEMORY;
  1746. __leave;
  1747. }
  1748. CopyMemory (
  1749. pIasAttrib->Value.String.pszAnsi,
  1750. pRadiusAttrib->ValueStart,
  1751. dwValueLength
  1752. );
  1753. pIasAttrib->Value.String.pszAnsi[dwValueLength] = NUL;
  1754. }
  1755. pIasAttrib->Value.String.pszWide = NUL;
  1756. break;
  1758. case IASTYPE_OCTET_STRING:
  1760. pIasAttrib->Value.OctetString.dwLength = dwValueLength;
  1761. //
  1762. // here dwValueLength == 0
  1763. //
  1764. if(0 == dwValueLength)
  1765. {
  1766. pIasAttrib->Value.OctetString.lpValue = NULL;
  1767. }
  1768. else
  1769. {
  1771. pIasAttrib->Value.OctetString.lpValue =
  1772. reinterpret_cast <PBYTE> (::CoTaskMemAlloc (dwValueLength));
  1773. if (NULL == pIasAttrib->Value.OctetString.lpValue)
  1774. {
  1775. hr = E_OUTOFMEMORY;
  1776. __leave;
  1777. }
  1778. CopyMemory (
  1779. pIasAttrib->Value.OctetString.lpValue,
  1780. pRadiusAttrib->ValueStart,
  1781. dwValueLength
  1782. );
  1783. }
  1784. break;
  1786. case IASTYPE_UTC_TIME:
  1787. {
  1788. if (dwValueLength != 4)
  1789. {
  1790. hr = RADIUS_E_MALFORMED_PACKET;
  1791. __leave;
  1792. }
  1794. DWORDLONG val;
  1796. // Extract the UNIX time.
  1797. val = IASExtractDWORD(pRadiusAttrib->ValueStart);
  1799. // Convert from seconds to 100 nsec intervals.
  1800. val *= 10000000;
  1802. // Shift to the NT epoch.
  1803. val += UNIX_EPOCH;
  1805. // Split into the high and low DWORDs.
  1806. pIasAttrib->Value.UTCTime.dwLowDateTime = (DWORD)val;
  1807. pIasAttrib->Value.UTCTime.dwHighDateTime = (DWORD)(val >> 32);
  1808. }
  1810. break;
  1812. case IASTYPE_INVALID:
  1813. case IASTYPE_PROV_SPECIFIC:
  1814. default:
  1815. hr = E_FAIL;
  1816. __leave;
  1817. }
  1819. //
  1820. // sign the attribute that the Protocol component created it
  1821. //
  1822. pIasAttrib->dwFlags |= (IAS_RECVD_FROM_CLIENT | IAS_RECVD_FROM_PROTOCOL);
  1824. //
  1825. // also if this is a proxy state attribute also send
  1826. // it out on the wire
  1827. //
  1828. if (PROXY_STATE_ATTRIB == pIasAttrib->dwId)
  1829. {
  1830. pIasAttrib->dwFlags |= IAS_INCLUDE_IN_RESPONSE;
  1831. }
  1833. //
  1834. // success
  1835. //
  1836. }
  1837. __finally
  1838. {
  1839. if (hr == RADIUS_E_MALFORMED_PACKET)
  1840. {
  1841. IASTracePrintf (
  1842. "Incorrect attribute:%d in packet",
  1843. static_cast <DWORD> (pRadiusAttrib->byType)
  1844. );
  1846. reportMalformed();
  1848. m_pCReportEvent->Process (
  1849. RADIUS_MALFORMED_PACKET,
  1850. GetInCode (),
  1851. m_wInPacketLength,
  1852. m_dwInIPaddress,
  1853. NULL,
  1854. static_cast <LPVOID> (m_pInPacket)
  1855. );
  1857. hr = RADIUS_E_ERRORS_OCCURRED;
  1858. }
  1859. }
  1861. return (hr);
  1863. } // end of CPacketRadius::FillInAttributeInfo method
  1866. //++--------------------------------------------------------------
  1867. //
  1868. // Function: FillOutAttributeInfo
  1869. //
  1870. // Synopsis: This is CPacketARadius class private method
  1871. // that fills up the attribute information into
  1872. // the outbound RADIUS packet from the IASATTRIBUTE
  1873. // struct
  1874. //
  1875. // Arguments:
  1876. // [in] PATTRIBUTE
  1877. // [in] PIASATTRIBUTE
  1878. // [out] PWORD - return attribute length
  1879. // [in] DWORD - Max possible attribute length
  1880. //
  1881. // Returns: HRESULT - status
  1882. //
  1883. // History: MKarki Created 1/3/97
  1884. //
  1885. //----------------------------------------------------------------
  1886. HRESULT
  1887. CPacketRadius::FillOutAttributeInfo (
  1888. PATTRIBUTE pRadiusAttrib,
  1889. PIASATTRIBUTE pIasAttrib,
  1890. PWORD pwAttributeLength,
  1891. DWORD dwMaxPossibleAttribSize
  1892. )
  1893. {
  1894. DWORD dwAttributeLength = 0;
  1895. IAS_BOOLEAN iasBoolean = 0;
  1896. IAS_INTEGER iasInteger = 0;
  1897. IAS_ENUM iasEnum = 0;
  1898. IAS_INET_ADDR iasAddr = 0;
  1899. HRESULT hr = S_OK;
  1901. _ASSERT ((pRadiusAttrib) && (pIasAttrib) && (pwAttributeLength));
  1903. __try
  1904. {
  1905. //
  1906. // now put the value into the buffer
  1907. //
  1908. switch (pIasAttrib->Value.itType)
  1909. {
  1910. case IASTYPE_BOOLEAN:
  1912. iasBoolean = htonl (pIasAttrib->Value.Boolean);
  1913. dwAttributeLength =
  1914. ATTRIBUTE_HEADER_SIZE + sizeof (IAS_BOOLEAN);
  1916. if (dwMaxPossibleAttribSize >= dwAttributeLength)
  1917. {
  1918. CopyMemory (
  1919. pRadiusAttrib->ValueStart,
  1920. &iasBoolean,
  1921. sizeof (IAS_BOOLEAN)
  1922. );
  1923. }
  1924. else
  1925. {
  1926. hr = RADIUS_E_PACKET_OVERFLOW;
  1927. __leave;
  1928. }
  1929. break;
  1931. case IASTYPE_INTEGER:
  1933. iasInteger = htonl (pIasAttrib->Value.Integer);
  1934. dwAttributeLength =
  1935. ATTRIBUTE_HEADER_SIZE + sizeof (IAS_INTEGER);
  1937. if (dwMaxPossibleAttribSize >= dwAttributeLength)
  1938. {
  1939. CopyMemory (
  1940. pRadiusAttrib->ValueStart,
  1941. &iasInteger,
  1942. sizeof (IAS_INTEGER)
  1943. );
  1944. }
  1945. else
  1946. {
  1947. hr = RADIUS_E_PACKET_OVERFLOW;
  1948. __leave;
  1949. }
  1950. break;
  1952. case IASTYPE_ENUM:
  1954. iasEnum = htonl (pIasAttrib->Value.Enumerator);
  1955. dwAttributeLength =
  1956. ATTRIBUTE_HEADER_SIZE + sizeof (IAS_ENUM);
  1958. if (dwMaxPossibleAttribSize >= dwAttributeLength)
  1959. {
  1960. CopyMemory (
  1961. pRadiusAttrib->ValueStart,
  1962. &iasEnum,
  1963. sizeof (IAS_ENUM)
  1964. );
  1965. }
  1966. else
  1967. {
  1968. hr = RADIUS_E_PACKET_OVERFLOW;
  1969. __leave;
  1970. }
  1971. break;
  1973. case IASTYPE_INET_ADDR:
  1975. iasAddr = htonl (pIasAttrib->Value.InetAddr);
  1976. dwAttributeLength = ATTRIBUTE_HEADER_SIZE +
  1977. sizeof (IAS_INET_ADDR);
  1979. if (dwMaxPossibleAttribSize >= dwAttributeLength)
  1980. {
  1981. CopyMemory (
  1982. pRadiusAttrib->ValueStart,
  1983. &iasAddr,
  1984. sizeof (IAS_INET_ADDR)
  1985. );
  1986. }
  1987. else
  1988. {
  1989. hr = RADIUS_E_PACKET_OVERFLOW;
  1990. __leave;
  1991. }
  1992. break;
  1994. case IASTYPE_STRING:
  1995. //
  1996. // for RADIUS protocol always ANSI
  1997. //
  1998. IASAttributeAnsiAlloc (pIasAttrib);
  2000. dwAttributeLength = ATTRIBUTE_HEADER_SIZE +
  2001. strlen (pIasAttrib->Value.String.pszAnsi);
  2003. if (dwMaxPossibleAttribSize >= dwAttributeLength)
  2004. {
  2005. CopyMemory (
  2006. pRadiusAttrib->ValueStart,
  2007. reinterpret_cast <PBYTE>
  2008. (pIasAttrib->Value.String.pszAnsi),
  2009. strlen (pIasAttrib->Value.String.pszAnsi)
  2010. );
  2011. }
  2012. else
  2013. {
  2014. hr = RADIUS_E_PACKET_OVERFLOW;
  2015. __leave;
  2016. }
  2017. break;
  2019. case IASTYPE_OCTET_STRING:
  2021. dwAttributeLength =
  2022. ATTRIBUTE_HEADER_SIZE +
  2023. pIasAttrib->Value.OctetString.dwLength;
  2025. if (dwMaxPossibleAttribSize >= dwAttributeLength)
  2026. {
  2027. CopyMemory (
  2028. pRadiusAttrib->ValueStart,
  2029. static_cast <PBYTE>
  2030. (pIasAttrib->Value.OctetString.lpValue),
  2031. pIasAttrib->Value.OctetString.dwLength
  2032. );
  2033. }
  2034. else
  2035. {
  2036. hr = RADIUS_E_PACKET_OVERFLOW;
  2037. __leave;
  2038. }
  2039. break;
  2041. case IASTYPE_UTC_TIME:
  2042. {
  2043. dwAttributeLength = ATTRIBUTE_HEADER_SIZE + 4;
  2044. if (dwAttributeLength <= dwMaxPossibleAttribSize)
  2045. {
  2046. DWORDLONG val;
  2048. // Move in the high DWORD.
  2049. val = pIasAttrib->Value.UTCTime.dwHighDateTime;
  2050. val <<= 32;
  2052. // Move in the low DWORD.
  2053. val |= pIasAttrib->Value.UTCTime.dwLowDateTime;
  2055. // Convert to the UNIX epoch.
  2056. val -= UNIX_EPOCH;
  2058. // Convert to seconds.
  2059. val /= 10000000;
  2061. IASInsertDWORD(pRadiusAttrib->ValueStart, (DWORD)val);
  2062. }
  2063. else
  2064. {
  2065. hr = RADIUS_E_PACKET_OVERFLOW;
  2066. __leave;
  2067. }
  2068. }
  2069. break;
  2071. case IASTYPE_PROV_SPECIFIC:
  2072. case IASTYPE_INVALID:
  2073. default:
  2074. _ASSERT (0);
  2075. //
  2076. // should never reach here
  2077. //
  2078. IASTracePrintf (
  2079. "Unknown IAS Value type :%d encountered "
  2080. "while building out-bound packet",
  2081. static_cast <DWORD> (pIasAttrib->Value.itType)
  2082. );
  2083. __leave;
  2084. hr = E_FAIL;
  2085. break;
  2087. } // end of switch
  2090. //
  2091. // check the size against spec
  2092. //
  2093. if (dwAttributeLength >
  2094. (MAX_ATTRIBUTE_LENGTH + ATTRIBUTE_HEADER_SIZE)
  2095. )
  2096. {
  2097. IASTracePrintf (
  2098. "Attribute Value for:%d is too large to fit "
  2099. "in a Radius attribute",
  2100. pIasAttrib->dwId
  2101. );
  2103. IASReportEvent(
  2104. RADIUS_E_ATTRIBUTE_OVERFLOW,
  2105. 0,
  2106. sizeof(pIasAttrib->dwId),
  2107. NULL,
  2108. &(pIasAttrib->dwId)
  2109. );
  2111. hr = RADIUS_E_ERRORS_OCCURRED;
  2112. __leave;
  2113. }
  2115. //
  2116. // IAS attribute type matches RADIUS attribute type
  2117. //
  2118. pRadiusAttrib->byType = static_cast <BYTE> (pIasAttrib->dwId);
  2120. //
  2121. // hold a reference to the signature attribute for future use
  2122. //
  2123. if (RADIUS_ATTRIBUTE_SIGNATURE == pIasAttrib->dwId)
  2124. {
  2125. m_pOutSignature = pRadiusAttrib;
  2126. }
  2128. //
  2129. // set the length in the packet
  2130. //
  2131. *pwAttributeLength = pRadiusAttrib->byLength = dwAttributeLength;
  2133. //
  2134. // success
  2135. //
  2136. }
  2137. __finally
  2138. {
  2139. }
  2141. return (hr);
  2143. } // end of CPacketRadius::FillOutAttributeInfo method
  2145. //++--------------------------------------------------------------
  2146. //
  2147. // Function: FillClientIPInfo
  2148. //
  2149. // Synopsis: This is CPacketARadius class private method
  2150. // that fills the attribute information for Client
  2151. // IP address
  2152. //
  2153. // Arguments:
  2154. // [in] PIASATTRIBUTE
  2155. //
  2156. // Returns: HRESULT - status
  2157. //
  2158. // History: MKarki Created 1/6/98
  2159. //
  2160. // Called By: CPacketRadius::CreateAttribCollection private method
  2161. //
  2162. //----------------------------------------------------------------
  2163. HRESULT
  2164. CPacketRadius::FillClientIPInfo (
  2165. PIASATTRIBUTE pIasAttrib
  2166. )
  2167. {
  2168. _ASSERT (pIasAttrib);
  2170. //
  2171. // put in the values now
  2172. //
  2173. pIasAttrib->dwId = IAS_ATTRIBUTE_CLIENT_IP_ADDRESS;
  2174. pIasAttrib->Value.itType = IASTYPE_INET_ADDR;
  2175. pIasAttrib->Value.InetAddr = m_dwInIPaddress;
  2176. pIasAttrib->dwFlags = IAS_RECVD_FROM_PROTOCOL;
  2178. return (S_OK);
  2180. } // end of CPacketRadius::FillClientIPInfo method
  2182. //++--------------------------------------------------------------
  2183. //
  2184. // Function: FillClientPortInfo
  2185. //
  2186. // Synopsis: This is CPacketARadius class private method
  2187. // that fills the attribute information for Client
  2188. // UDP port
  2189. //
  2190. // Arguments:
  2191. // [in] PIASATTRIBUTE
  2192. //
  2193. // Returns: HRESULT - status
  2194. //
  2195. // History: MKarki Created 1/6/98
  2196. //
  2197. // Called By: CPacketRadius::CreateAttribCollection private method
  2198. //
  2199. //----------------------------------------------------------------
  2200. HRESULT
  2201. CPacketRadius::FillClientPortInfo (
  2202. PIASATTRIBUTE pIasAttrib
  2203. )
  2204. {
  2205. _ASSERT (pIasAttrib);
  2207. //
  2208. // put in the values now
  2209. //
  2210. pIasAttrib->dwId = IAS_ATTRIBUTE_CLIENT_UDP_PORT;
  2211. pIasAttrib->Value.itType = IASTYPE_INTEGER;
  2212. pIasAttrib->Value.Integer = m_wInPort;
  2213. pIasAttrib->dwFlags = IAS_RECVD_FROM_PROTOCOL;
  2215. return (S_OK);
  2217. } // end of CPacketRadius::FillClientPortInfo method
  2219. //++--------------------------------------------------------------
  2220. //
  2221. // Function: FillPacketHeaderInfo
  2222. //
  2223. // Synopsis: This is CPacketARadius class private method
  2224. // that fills the attribute information for
  2225. // RADIUS packet header
  2226. //
  2227. // Arguments:
  2228. // [in] PIASATTRIBUTE
  2229. //
  2230. // Returns: HRESULT - status
  2231. //
  2232. // History: MKarki Created 1/6/98
  2233. //
  2234. // Called By: CPacketRadius::CreateAttribCollection private method
  2235. //
  2236. //----------------------------------------------------------------
  2237. HRESULT
  2238. CPacketRadius::FillPacketHeaderInfo (
  2239. PIASATTRIBUTE pIasAttrib
  2240. )
  2241. {
  2242. HRESULT hr = S_OK;
  2244. _ASSERT (pIasAttrib);
  2246. //
  2247. // allocate dynamic memory for the packet header
  2248. //
  2249. pIasAttrib->Value.OctetString.lpValue =
  2250. reinterpret_cast <PBYTE> (::CoTaskMemAlloc (PACKET_HEADER_SIZE));
  2251. if (NULL == pIasAttrib->Value.OctetString.lpValue)
  2252. {
  2253. IASTracePrintf (
  2254. "Unable to allocate dynamic memory for packet header info "
  2255. "during in-packet processing"
  2256. );
  2257. hr = E_OUTOFMEMORY;
  2258. }
  2259. else
  2260. {
  2261. //
  2262. // put in the values now
  2263. //
  2264. pIasAttrib->dwId = IAS_ATTRIBUTE_CLIENT_PACKET_HEADER;
  2265. pIasAttrib->Value.itType = IASTYPE_OCTET_STRING;
  2267. CopyMemory (
  2268. pIasAttrib->Value.OctetString.lpValue,
  2269. m_pInPacket,
  2270. PACKET_HEADER_SIZE
  2271. );
  2273. pIasAttrib->Value.OctetString.dwLength = PACKET_HEADER_SIZE;
  2274. pIasAttrib->dwFlags = IAS_RECVD_FROM_PROTOCOL;
  2275. }
  2277. return (hr);
  2279. } // end of CPacketRadius::FillPacketHeaderInfo method
  2281. //++--------------------------------------------------------------
  2282. //
  2283. // Function: FillSharedSecretInfo
  2284. //
  2285. // Synopsis: This is CPacketARadius class private method
  2286. // that fills the shared secret that the server
  2287. // shares with the client from which this request
  2288. // has been received
  2289. //
  2290. // Arguments:
  2291. // [in] PIASATTRIBUTE
  2292. //
  2293. // Returns: HRESULT - status
  2294. //
  2295. // History: MKarki Created 1/6/98
  2296. //
  2297. // Called By: CPacketRadius::CreateAttribCollection private method
  2298. //
  2299. //----------------------------------------------------------------
  2300. HRESULT
  2301. CPacketRadius::FillSharedSecretInfo (
  2302. PIASATTRIBUTE pIasAttrib
  2303. )
  2304. {
  2305. BOOL bStatus = FALSE;
  2306. BYTE SharedSecret[MAX_SECRET_SIZE];
  2307. DWORD dwSecretSize = MAX_SECRET_SIZE;
  2308. HRESULT hr = S_OK;
  2310. _ASSERT ((pIasAttrib) && (m_pIIasClient));
  2312. __try
  2313. {
  2315. //
  2316. // get the client secret
  2317. //
  2318. hr = m_pIIasClient->GetSecret (SharedSecret, &dwSecretSize);
  2319. if (FAILED (hr)) { __leave; }
  2321. //
  2322. // allocate dynamic memory for the client secret
  2323. //
  2324. pIasAttrib->Value.OctetString.lpValue =
  2325. reinterpret_cast <PBYTE> (::CoTaskMemAlloc (dwSecretSize));
  2326. if (NULL == pIasAttrib->Value.OctetString.lpValue)
  2327. {
  2328. IASTracePrintf (
  2329. "Unable to allocate memory for client secret "
  2330. "during in-packet processing"
  2331. );
  2332. hr = E_OUTOFMEMORY;
  2333. __leave;
  2334. }
  2336. //
  2337. // put in the values now
  2338. //
  2339. pIasAttrib->dwId = IAS_ATTRIBUTE_SHARED_SECRET;
  2340. pIasAttrib->Value.itType = IASTYPE_OCTET_STRING;
  2342. CopyMemory (
  2343. pIasAttrib->Value.OctetString.lpValue,
  2344. SharedSecret,
  2345. dwSecretSize
  2346. );
  2348. pIasAttrib->Value.OctetString.dwLength = dwSecretSize;
  2349. pIasAttrib->dwFlags = IAS_RECVD_FROM_PROTOCOL;
  2351. //
  2352. // success
  2353. //
  2354. }
  2355. __finally
  2356. {
  2357. }
  2359. return (hr);
  2361. } // end of CPacketRadius::FillSharedSecretInfo method
  2363. //++--------------------------------------------------------------
  2364. //
  2365. // Function: FillClientVendorType
  2366. //
  2367. // Synopsis: This is CPacketARadius class private method
  2368. // that fills the Client-Vendor-Type information
  2369. //
  2370. // Arguments:
  2371. // [in] PIASATTRIBUTE
  2372. //
  2373. // Returns: HRESULT - status
  2374. //
  2375. // History: MKarki Created 3/16/98
  2376. //
  2377. // Called By: CPacketRadius::CreateAttribCollection private method
  2378. //
  2379. //----------------------------------------------------------------
  2380. HRESULT
  2381. CPacketRadius::FillClientVendorType (
  2382. PIASATTRIBUTE pIasAttrib
  2383. )
  2384. {
  2385. LONG lVendorType = 0;
  2387. _ASSERT ((pIasAttrib) && (m_pIIasClient));
  2389. //
  2390. // put in the values now
  2391. //
  2392. pIasAttrib->dwId = IAS_ATTRIBUTE_CLIENT_VENDOR_TYPE;
  2394. pIasAttrib->Value.itType = IASTYPE_INTEGER;
  2396. pIasAttrib->dwFlags = IAS_RECVD_FROM_PROTOCOL;
  2397. //
  2398. // get the client vendor type
  2399. //
  2400. HRESULT hr = m_pIIasClient->GetVendorType (&lVendorType);
  2402. _ASSERT (SUCCEEDED (hr));
  2404. pIasAttrib->Value.Integer = static_cast <IAS_INTEGER> (lVendorType);
  2406. return (S_OK);
  2408. } // end of CPacketRadius::ClientVendorType method
  2410. //++--------------------------------------------------------------
  2411. //
  2412. // Function: FillClientName
  2413. //
  2414. // Synopsis: This is CPacketARadius class private method
  2415. // that fills the Client-Name information
  2416. //
  2417. // Arguments:
  2418. // [in] PIASATTRIBUTE
  2419. //
  2420. // Returns: HRESULT - status
  2421. //
  2422. // History: MKarki Created 3/30/98
  2423. //
  2424. // Called By: CPacketRadius::CreateAttribCollection private method
  2425. //
  2426. //----------------------------------------------------------------
  2427. HRESULT
  2428. CPacketRadius::FillClientName (
  2429. PIASATTRIBUTE pIasAttrib
  2430. )
  2431. {
  2432. _ASSERT ((pIasAttrib) && (m_pIIasClient));
  2434. // Fill in the attribute fields.
  2435. pIasAttrib->dwId = IAS_ATTRIBUTE_CLIENT_NAME;
  2436. pIasAttrib->Value.itType = IASTYPE_STRING;
  2437. pIasAttrib->dwFlags = IAS_RECVD_FROM_PROTOCOL;
  2438. pIasAttrib->Value.String.pszAnsi = NULL;
  2440. // Get the client name and length.
  2441. PCWSTR name = m_pIIasClient->GetClientNameW();
  2442. SIZE_T nbyte = (wcslen(name) + 1) * sizeof(WCHAR);
  2444. // Make a copy.
  2445. pIasAttrib->Value.String.pszWide = (PWSTR)CoTaskMemAlloc(nbyte);
  2446. if (!pIasAttrib->Value.String.pszWide) { return E_OUTOFMEMORY; }
  2447. memcpy(pIasAttrib->Value.String.pszWide, name, nbyte);
  2449. return S_OK;
  2450. }
  2453. //+++-------------------------------------------------------------
  2454. //
  2455. // Function: GenerateInSignature
  2456. //
  2457. // Synopsis: This is CPacketARadius class public method
  2458. // that carries out generation of Signature
  2459. // over the in-bound RADIUS packet
  2460. //
  2461. // Arguments:
  2462. // [out] PBYTE - signature
  2463. // [in/out] PDWORD - signature size
  2464. //
  2465. // Returns: BOOL - status
  2466. //
  2467. // History: MKarki Created 1/6/98
  2468. //
  2469. //----------------------------------------------------------------
  2470. HRESULT
  2471. CPacketRadius::GenerateInSignature (
  2472. PBYTE pSignatureValue,
  2473. PDWORD pdwSigSize
  2474. )
  2475. {
  2476. HRESULT hr = S_OK;
  2477. PRADIUSPACKET pPacket = reinterpret_cast <PRADIUSPACKET> (m_pInPacket);
  2478. PATTRIBUTE pSignature = m_pInSignature;
  2480. _ASSERT (pSignatureValue && pdwSigSize && pSignature);
  2482. if (*pdwSigSize >= SIGNATURE_SIZE)
  2483. {
  2484. //
  2485. // generate the signature now
  2486. //
  2487. hr = InternalSignatureGenerator (
  2488. pSignatureValue,
  2489. pdwSigSize,
  2490. pPacket,
  2491. pSignature
  2492. );
  2493. }
  2494. else
  2495. {
  2496. IASTracePrintf (
  2497. "Buffer not large enough to hold generated Signature"
  2498. );
  2499. *pdwSigSize = SIGNATURE_SIZE;
  2500. hr = E_INVALIDARG;
  2501. }
  2503. return (hr);
  2505. } // end of CPacketRadius::GenerateInSignature method
  2507. //+++-------------------------------------------------------------
  2508. //
  2509. // Function: GenerateOutSignature
  2510. //
  2511. // Synopsis: This is CPacketARadius class public method
  2512. // that carries out generation of Signature
  2513. // for the outbound RADIUS packet
  2514. //
  2515. // Arguments:
  2516. // [out] PBYTE - signature
  2517. // [in/out] PDWORD - signature size
  2518. //
  2519. // Returns: BOOL - status
  2520. //
  2521. // History: MKarki Created 11/18/98
  2522. //
  2523. //----------------------------------------------------------------
  2524. HRESULT
  2525. CPacketRadius::GenerateOutSignature (
  2526. PBYTE pSignatureValue,
  2527. PDWORD pdwSigSize
  2528. )
  2529. {
  2530. HRESULT hr = S_OK;
  2531. PRADIUSPACKET pPacket = reinterpret_cast <PRADIUSPACKET> (m_pOutPacket);
  2532. PATTRIBUTE pSignature = m_pOutSignature;
  2534. _ASSERT (pSignatureValue && pdwSigSize && pSignature);
  2536. if (*pdwSigSize >= SIGNATURE_SIZE)
  2537. {
  2538. //
  2539. // generate the signature now
  2540. //
  2541. hr = InternalSignatureGenerator (
  2542. pSignatureValue,
  2543. pdwSigSize,
  2544. pPacket,
  2545. pSignature
  2546. );
  2547. }
  2548. else
  2549. {
  2550. IASTracePrintf (
  2551. "Buffer not large enough to hold generated Signature"
  2552. );
  2553. *pdwSigSize = SIGNATURE_SIZE;
  2554. hr = E_INVALIDARG;
  2555. }
  2557. return (hr);
  2559. } // end of CPacketRadius::GenerateOutSignature method
  2561. //+++-------------------------------------------------------------
  2562. //
  2563. // Function: InternalSignatureGenerator
  2564. //
  2565. // Synopsis: This is CPacketARadius class public method
  2566. // that carries out the HMAC-MD5 hash to give the
  2567. // signature value
  2568. //
  2569. // Arguments:
  2570. // [out] PBYTE - signature
  2571. // [in/out] PDWORD - signature size
  2572. // [in] PRADIUSPACKET
  2573. //
  2574. // Returns: BOOL - status
  2575. //
  2576. // History: MKarki Created 1/6/98
  2577. //
  2578. //----------------------------------------------------------------
  2579. HRESULT
  2580. CPacketRadius::InternalSignatureGenerator (
  2581. PBYTE pSignatureValue,
  2582. PDWORD pdwSigSize,
  2583. PRADIUSPACKET pPacket,
  2584. PATTRIBUTE pSignatureAttr
  2585. )
  2586. {
  2587. BYTE bySecret[MAX_SECRET_SIZE];
  2588. BYTE byAuthenticator[AUTHENTICATOR_SIZE];
  2589. DWORD dwSecretSize = MAX_SECRET_SIZE;
  2590. DWORD dwAuthenticatorSize = AUTHENTICATOR_SIZE;
  2591. HRESULT hr = S_OK;
  2593. _ASSERT (
  2594. (NULL != pSignatureValue) &&
  2595. (NULL != pdwSigSize) &&
  2596. (NULL != pPacket) &&
  2597. (NULL != pSignatureAttr) &&
  2598. (NULL != m_pIIasClient)
  2599. );
  2601. //
  2602. // get the In authenticator
  2603. //
  2604. hr = GetInAuthenticator (byAuthenticator, &dwAuthenticatorSize);
  2605. if (FAILED (hr)) { return (hr); }
  2608. //
  2609. // get the shared secret
  2610. //
  2611. hr = m_pIIasClient->GetSecret (bySecret, &dwSecretSize);
  2612. if (FAILED (hr)) { return (hr); }
  2617. //
  2618. // we will have all zero's in packet for signature generation
  2619. //
  2620. ZeroMemory (pSignatureValue, SIGNATURE_SIZE);
  2622. //
  2623. // Fixing bug #181029 - MKarki
  2624. // Don't prepend secret in case of HMAC-MD5 hash
  2625. //
  2627. //
  2628. // carry out the HmacMD5 hashing now
  2629. //
  2630. m_pCHashHmacMD5->HashIt (
  2631. pSignatureValue,
  2632. bySecret,
  2633. dwSecretSize,
  2634. reinterpret_cast <PBYTE> (pPacket),
  2635. PACKET_HEADER_SIZE - AUTHENTICATOR_SIZE,
  2636. byAuthenticator,
  2637. AUTHENTICATOR_SIZE,
  2638. reinterpret_cast <PBYTE> (pPacket) + PACKET_HEADER_SIZE,
  2639. (reinterpret_cast <PBYTE> (pSignatureAttr) + ATTRIBUTE_HEADER_SIZE) -
  2640. (reinterpret_cast <PBYTE> (pPacket) + PACKET_HEADER_SIZE),
  2641. pSignatureValue,
  2642. SIGNATURE_SIZE,
  2643. reinterpret_cast <PBYTE> (pSignatureAttr) + pSignatureAttr->byLength,
  2644. reinterpret_cast <PBYTE> (reinterpret_cast <PBYTE> (pPacket) +
  2645. ntohs (pPacket->wLength)) -
  2646. reinterpret_cast <PBYTE> (reinterpret_cast <PBYTE>(pSignatureAttr) +
  2647. pSignatureAttr->byLength)
  2648. );
  2650. *pdwSigSize = SIGNATURE_SIZE;
  2651. return (hr);
  2653. } // end of CPacketRadius::GenerateInSignature method
  2655. //++--------------------------------------------------------------
  2656. //
  2657. // Function: IsOutBoundAttribute
  2658. //
  2659. // Synopsis: This is CPacketARadius class private method
  2660. // that checks if this attribute has to be put
  2661. // in the outbound RADIUS packet
  2662. //
  2663. // Arguments:
  2664. // [in] PACKETTYPE
  2665. // [in] PIASATTRIBUTE
  2666. //
  2667. // Returns: BOOL - status
  2668. //
  2669. // History: MKarki Created 1/6/98
  2670. //
  2671. // Called By: CPacketRadius::BuildOutPacket private method
  2672. //
  2673. //----------------------------------------------------------------
  2674. BOOL
  2675. CPacketRadius::IsOutBoundAttribute (
  2676. PACKETTYPE ePacketType,
  2677. PIASATTRIBUTE pIasAttribute
  2678. )
  2679. {
  2680. _ASSERT (pIasAttribute);
  2682. // Ensure this is a RADIUS attribute ...
  2683. if (pIasAttribute->dwId < 1 || pIasAttribute->dwId > 255) { return FALSE; }
  2685. // ... and it's flagged to be sent over the wire.
  2686. switch (ePacketType)
  2687. {
  2688. case ACCESS_ACCEPT:
  2689. return pIasAttribute->dwFlags & IAS_INCLUDE_IN_ACCEPT;
  2691. case ACCESS_REJECT:
  2692. return pIasAttribute->dwFlags & IAS_INCLUDE_IN_REJECT;
  2694. case ACCESS_CHALLENGE:
  2695. return pIasAttribute->dwFlags & IAS_INCLUDE_IN_CHALLENGE;
  2696. }
  2698. // Always return the Proxy-State.
  2699. return pIasAttribute->dwId == PROXY_STATE_ATTRIB;
  2700. }
  2703. HRESULT CPacketRadius::cryptBuffer(
  2704. BOOL encrypt,
  2705. BOOL salted,
  2706. PBYTE buf,
  2707. ULONG buflen
  2708. ) const throw ()
  2709. {
  2710. // Get the shared secret.
  2711. BYTE secret[MAX_SECRET_SIZE];
  2712. ULONG secretLen = sizeof(secret);
  2713. HRESULT hr = m_pIIasClient->GetSecret(secret, &secretLen);
  2714. if (SUCCEEDED(hr))
  2715. {
  2716. // Crypt the buffer.
  2717. IASRadiusCrypt(
  2718. encrypt,
  2719. salted,
  2720. secret,
  2721. secretLen,
  2722. m_pInPacket + 4,
  2723. buf,
  2724. buflen
  2725. );
  2727. }
  2729. return hr;
  2730. }
  2732. //++--------------------------------------------------------------
  2733. //
  2734. // Function: GetClient
  2735. //
  2736. // Synopsis: This is CPacketARadius class public method
  2737. // that returns the the Client object
  2738. //
  2739. //
  2740. // Arguments:
  2741. // [out] IIASClient**
  2742. //
  2743. // Returns: HRESULT - status
  2744. //
  2745. // History: MKarki Created 3/30/98
  2746. //
  2747. // Called By:
  2748. //
  2749. //----------------------------------------------------------------
  2750. HRESULT
  2751. CPacketRadius::GetClient (
  2752. /*[out]*/ IIasClient **ppIasClient
  2753. )
  2754. {
  2755. _ASSERT (ppIasClient);
  2757. m_pIIasClient->AddRef ();
  2759. *ppIasClient = m_pIIasClient;
  2761. return (S_OK);
  2763. } // end of CPacketRadius::GetClient method