Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

248 lines
6.5 KiB

  1. //#--------------------------------------------------------------
  2. //
  3. // File: valacct.cpp
  4. //
  5. // Synopsis: Implementation of CValAccounting class methods
  6. //
  7. //
  8. // History: 10/20/97 MKarki Created
  9. //
  10. // Copyright (C) 1997-98 Microsoft Corporation
  11. // All rights reserved.
  12. //
  13. //----------------------------------------------------------------
  14. #include "radcommon.h"
  15. #include "valacct.h"
  16. namespace {
  17. BYTE NULL_AUTHENTICATOR[AUTHENTICATOR_SIZE];
  18. }
  19. //++--------------------------------------------------------------
  20. //
  21. // Function: CValAccounting
  22. //
  23. // Synopsis: This is CValAccounting class constructor
  24. //
  25. // Arguments: NONE
  26. //
  27. // Returns: NONE
  28. //
  29. //
  30. // History: MKarki Created 10/20/97
  31. //
  32. //----------------------------------------------------------------
  33. CValAccounting::CValAccounting()
  34. {
  35. } // end of CValAccounting class constructor
  36. //++--------------------------------------------------------------
  37. //
  38. // Function: CValAccounting
  39. //
  40. // Synopsis: This is CValAccounting class destructor
  41. //
  42. // Arguments: NONE
  43. //
  44. // Returns: NONE
  45. //
  46. //
  47. // History: MKarki Created 10/20/97
  48. //
  49. //----------------------------------------------------------------
  50. CValAccounting::~CValAccounting()
  51. {
  52. } // end of CValAccounting class destructor
  53. //++--------------------------------------------------------------
  54. //
  55. // Function: ValidateInPacket
  56. //
  57. // Synopsis: This is CValAccounting class public method
  58. // which carries out the validation of an inbound
  59. // RADIUS accounting packet
  60. //
  61. // Arguments:
  62. // [in] CPacketRadius*
  63. //
  64. // Returns: HRESULT - status
  65. //
  66. // History: MKarki Created 10/20/97
  67. //
  68. // Called By: CPreValidator::StartInValidation class method
  69. //
  70. //++--------------------------------------------------------------
  71. HRESULT
  72. CValAccounting::ValidateInPacket (
  73. CPacketRadius *pCPacketRadius
  74. )
  75. {
  76. HRESULT hr = S_OK;
  77. DWORD dwClientAddress = 0;
  78. CClient *pCClient = NULL;
  79. _ASSERT (pCPacketRadius);
  80. __try
  81. {
  82. //
  83. // get the packet authenticated
  84. //
  85. hr = AuthenticatePacket (pCPacketRadius);
  86. if (FAILED (hr)) {__leave; }
  87. //
  88. // validate the attributes
  89. //
  90. hr = m_pCValAttributes->Validate (pCPacketRadius);
  91. if (FAILED (hr)) { __leave; }
  92. //
  93. // now give the packet for processing
  94. //
  95. hr = m_pCPreProcessor->StartInProcessing (pCPacketRadius);
  96. if (FAILED (hr)) { __leave; }
  97. //
  98. // we have successfully done the processing here
  99. //
  100. }
  101. __finally
  102. {
  103. }
  104. return (hr);
  105. } // end of CValAccounting::ValidateInPacket method
  106. //++--------------------------------------------------------------
  107. //
  108. // Function: AuthenticatePacket
  109. //
  110. // Synopsis: This is CValAccounting class private method
  111. // that authenticates the packet, by generating a
  112. // request authenticator with the packet and then
  113. // comparing it with the authenticator in the packet
  114. //
  115. // Arguments: [in] - CPacketRadius*
  116. //
  117. // Returns: HRESULT - status
  118. //
  119. // History: MKarki Created 10/21/97
  120. //
  121. // Called By: CValAccounting::ProcessInPacket method
  122. //
  123. //----------------------------------------------------------------
  124. HRESULT
  125. CValAccounting::AuthenticatePacket (
  126. CPacketRadius *pCPacketRadius
  127. )
  128. {
  129. BYTE InAuthenticator [AUTHENTICATOR_SIZE];
  130. BYTE OutAuthenticator[AUTHENTICATOR_SIZE];
  131. BOOL bStatus = FALSE;
  132. HRESULT hr = S_OK;
  133. _ASSERT (pCPacketRadius);
  134. __try
  135. {
  136. //
  137. // the request authenticator is all zero's for calculating
  138. // the actual authenticator
  139. //
  140. ZeroMemory (InAuthenticator, AUTHENTICATOR_SIZE);
  141. //
  142. // now calculate the request authenticator
  143. //
  144. bStatus = pCPacketRadius->GenerateInAuthenticator (
  145. reinterpret_cast <PBYTE> (&InAuthenticator),
  146. reinterpret_cast <PBYTE> (&OutAuthenticator)
  147. );
  148. if (FALSE == bStatus)
  149. {
  150. hr = E_FAIL;
  151. __leave;
  152. }
  153. //
  154. // get the request authenticator from the packet
  155. //
  156. DWORD dwBufSize = AUTHENTICATOR_SIZE;
  157. hr = pCPacketRadius->GetInAuthenticator (
  158. reinterpret_cast <PBYTE> (InAuthenticator),
  159. &dwBufSize
  160. );
  161. if (FAILED (hr)) { __leave; }
  162. //
  163. // now compare the authenticator we just generated with the
  164. // the one sent in the packet
  165. //
  166. if (memcmp (InAuthenticator,OutAuthenticator,AUTHENTICATOR_SIZE) != 0)
  167. {
  168. // Is the authenticator all zeros?
  169. if (!memcmp(
  170. InAuthenticator,
  171. NULL_AUTHENTICATOR,
  172. AUTHENTICATOR_SIZE
  173. ))
  174. {
  175. // Yes, so check for a zero length shared secret.
  176. IIasClient* client;
  177. hr = pCPacketRadius->GetClient(&client);
  178. if (SUCCEEDED(hr))
  179. {
  180. DWORD secretSize = 0;
  181. hr = client->GetSecret(NULL, &secretSize);
  182. client->Release();
  183. if (SUCCEEDED(hr) && secretSize == 0)
  184. {
  185. // Zero-length shared secret AND all zero authenticator.
  186. __leave;
  187. }
  188. }
  189. }
  190. IASTracePrintf (
  191. "In correct authenticator in the accounting packet..."
  192. );
  193. //
  194. // generate an Audit event
  195. //
  196. PCWSTR strings[] = { pCPacketRadius->GetClientName() };
  197. IASReportEvent(
  198. RADIUS_E_BAD_AUTHENTICATOR,
  199. 1,
  200. 0,
  201. strings,
  202. NULL
  203. );
  204. m_pCReportEvent->Process (
  205. RADIUS_BAD_AUTHENTICATOR,
  206. pCPacketRadius->GetInCode (),
  207. pCPacketRadius->GetInLength (),
  208. pCPacketRadius->GetInAddress (),
  209. NULL,
  210. static_cast <LPVOID> (pCPacketRadius->GetInPacket())
  211. );
  212. hr = RADIUS_E_ERRORS_OCCURRED;
  213. __leave;
  214. }
  215. //
  216. // success
  217. //
  218. }
  219. __finally
  220. {
  221. }
  222. return (hr);
  223. } // end of CValAccounting::AuthenticatePacket method