|
|
/*++
Copyright (c) 2000, Microsoft Corporation
Module Name: eapolutil.c
Abstract:
Tools and ends
Revision History:
sachins, Apr 23 2000, Created
--*/
#include "pcheapol.h"
#pragma hdrstop
//
// Definitions used to read/write to registry
//
#define MAX_REGISTRY_VALUE_LENGTH ((64*1024) - 1)
// Location of User blob
#define cszEapKeyEapolUser "Software\\Microsoft\\EAPOL\\UserEapInfo"
// Location of Connection blob
#define cszEapKeyEapolConn "Software\\Microsoft\\EAPOL\\Parameters\\Interfaces"
// Location of EAPOL Parameters Service
#define cszEapKeyEapolServiceParams "Software\\Microsoft\\EAPOL\\Parameters\\General"
// Location of EAPOL Global state machine params
#define cszEAPOLGlobalParams "Software\\Microsoft\\EAPOL\\Parameters\\General\\Global"
// Location of EAPOL Global Workspace
#define cszEAPOLWorkspace "Software\\Microsoft\\EAPOL\\Parameters\\General\\Workspace"
#define cszDefault "Default"
#define cszDefault "Default"
#define cszEapolEnabled "EapolEnabled"
#define cszDefaultEAPType "DefaultEAPType"
#define cszLastUsedSSID "LastUsedSSID"
#define cszInterfaceList "InterfaceList"
#define cszAuthPeriod "authPeriod"
#define cszHeldPeriod "heldPeriod"
#define cszStartPeriod "startPeriod"
#define cszMaxStart "maxStart"
#define cszLastModifiedGUID "LastModifiedGUID"
//
// Definitions and structures used in creating default EAP-TLS connection
// blob in the registry
//
#define EAPTLS_CONN_FLAG_REGISTRY 0x00000001
#define EAPTLS_CONN_FLAG_NO_VALIDATE_CERT 0x00000002
#define EAPTLS_CONN_FLAG_NO_VALIDATE_NAME 0x00000004
typedef struct _EAPTLS_CONN_PROPERTIES{ DWORD dwVersion; DWORD dwSize; DWORD fFlags; //EAPTLS_HASH Hash;
DWORD cbHash; BYTE pbHash[20]; // MAX_HASH_SIZE = 20
WCHAR awszServerName[1];} EAPTLS_CONN_PROPERTIES, *PEAPTLS_CONN_PROPERTIES;
#define PASSWORDMAGIC 0xA5
//
// HostToWireFormat16
//
// Description:
//
// Will convert a 16 bit integer from host format to wire format
//
VOIDHostToWireFormat16 ( IN WORD wHostFormat, IN OUT PBYTE pWireFormat ){ *((PBYTE)(pWireFormat)+0) = (BYTE) ((DWORD)(wHostFormat) >> 8); *((PBYTE)(pWireFormat)+1) = (BYTE) (wHostFormat);}
//
// WireToHostFormat16
//
// Description:
//
// Will convert a 16 bit integer from wire format to host format
//
WORDWireToHostFormat16 ( IN PBYTE pWireFormat ){ WORD wHostFormat = ((*((PBYTE)(pWireFormat)+0) << 8) + (*((PBYTE)(pWireFormat)+1)));
return( wHostFormat );}
//
// HostToWireFormat32
//
// Description:
//
// Will convert a 32 bit integer from host format to wire format
//
VOIDHostToWireFormat32 ( IN DWORD dwHostFormat, IN OUT PBYTE pWireFormat ){ *((PBYTE)(pWireFormat)+0) = (BYTE) ((DWORD)(dwHostFormat) >> 24); *((PBYTE)(pWireFormat)+1) = (BYTE) ((DWORD)(dwHostFormat) >> 16); *((PBYTE)(pWireFormat)+2) = (BYTE) ((DWORD)(dwHostFormat) >> 8); *((PBYTE)(pWireFormat)+3) = (BYTE) (dwHostFormat);}
//
// WireToHostFormat32
//
// Description:
//
// Will convert a 32 bit integer from wire format to host format
//
DWORDWireToHostFormat32 ( IN PBYTE pWireFormat ){ DWORD dwHostFormat = ((*((PBYTE)(pWireFormat)+0) << 24) + (*((PBYTE)(pWireFormat)+1) << 16) + (*((PBYTE)(pWireFormat)+2) << 8) + (*((PBYTE)(pWireFormat)+3) ));
return( dwHostFormat );}
//
// ElSetCustomAuthData
//
// Description:
//
// Function called to set the connection data for an interface for a specific
// EAP type and SSID (if any). Data will be stored in the HKLM hive
//
// Arguments:
// pszGUID - pointer to GUID string for the interface
// dwEapTypeId - EAP type for which connection data is to be stored
// pszSSID - Special identifier, if any, for the EAP blob
// pbConnInfo - pointer to EAP connection data blob
// dwInfoSize - Size of EAP connection blob
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
// ISSUE:
// Can we optimize the key openings??? Only open 1 key somehow?
DWORDElSetCustomAuthData ( IN CHAR *pszGUID, IN DWORD dwEapTypeId, IN CHAR *pszSSID, IN PBYTE pbConnInfo, IN DWORD dwInfoSize ){ HKEY hkey = NULL; HKEY hkey1 = NULL; HKEY hkey2 = NULL; DWORD dwDisposition; CHAR szEapTypeId[4]; // EapTypeId can be max 256 + 1 for null char
LONG lError = ERROR_SUCCESS; DWORD dwRetCode = ERROR_SUCCESS;
do { // Validate input params
if (pszGUID == NULL) { TRACE0 (ANY, "ElSetCustomAuthData: GUID = NULL"); break; } if (dwEapTypeId == 0) { TRACE0 (ANY, "ElSetCustomAuthData: GUID = NULL"); break; } if ((pbConnInfo == NULL) || (dwInfoSize <= 0)) { TRACE0 (ANY, "ElSetCustomAuthData: Invalid blob data"); break; }
// Get handle to HKLM\Software\Microsoft\EAPOL\Parameters\Interfaces
if ((lError = RegCreateKeyExA ( HKEY_LOCAL_MACHINE, cszEapKeyEapolConn, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hkey, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetCustomAuthData: Error in RegCreateKeyExA for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Get handle to HKLM\Software\...\Interfaces\<GUID>
if ((lError = RegCreateKeyExA ( hkey, pszGUID, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hkey1, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetCustomAuthData: Error in RegCreateKeyExA for GUID, %ld", lError); dwRetCode = (DWORD)lError; break; }
_ltoa(dwEapTypeId, szEapTypeId, 10);
// Get handle to HKLM\Software\...\Interfaces\<GUID>\<EapTypeId>
if ((lError = RegCreateKeyExA ( hkey1, szEapTypeId, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hkey2, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetCustomAuthData: Error in RegCreateKeyExA for EapTypeId, %ld", lError); dwRetCode = (DWORD)lError; break; }
// If no SSID is supplied, set the blob as value for "Default"
if (pszSSID == NULL) { pszSSID = cszDefault; }
//
// Set the value of ..\Interfaces\GUID\<EAPTypeId>\(<SSID> or default)
// key
if ((lError = RegSetValueExA ( hkey2, pszSSID, 0, REG_BINARY, pbConnInfo, dwInfoSize)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetCustomAuthData: Error in RegSetValueExA for SSID, %ld", lError); dwRetCode = (DWORD)lError; break; }
TRACE0 (ANY, "ElSetCustomAuthData: Set value succeeded");
} while (FALSE);
if (hkey != NULL) { RegCloseKey (hkey); } if (hkey1 != NULL) { RegCloseKey (hkey1); } if (hkey2 != NULL) { RegCloseKey (hkey2); } return dwRetCode;}
//
// ElGetCustomAuthData
//
// Description:
//
// Function called to retrieve the connection data for an interface for a
// specific EAP type and SSID (if any). Data is retrieved from the HKLM hive
//
// Arguments:
//
// pszGUID - pointer to GUID string for the interface
// dwEapTypeId - EAP type for which connection data is to be retrieved
// pszSSID - Special identifier if any for the EAP blob
// pbUserInfo - output: pointer to EAP connection data blob
// dwInfoSize - output: pointer to size of EAP connection blob
//
// Return values:
//
// NO_ERROR - success
// non-zero - error
//
DWORDElGetCustomAuthData ( IN CHAR *pszGUID, IN DWORD dwEapTypeId, IN CHAR *pszSSID, IN OUT BYTE *pbConnInfo, IN OUT DWORD *pdwInfoSize ){ HKEY hkey = NULL; HKEY hkey1 = NULL; HKEY hkey2 = NULL; PBYTE pbInfo = NULL; DWORD dwInfoSize = 0; DWORD dwType = 0; CHAR szEapTypeId[4]; // EapTypeId can be max 256 + 1 for null char
LONG lError = ERROR_SUCCESS; DWORD dwRetCode = ERROR_SUCCESS;
do { // Validate input params
if (pszGUID == NULL) { TRACE0 (ANY, "ElGetCustomAuthData: GUID = NULL"); break; } if (dwEapTypeId == 0) { TRACE0 (ANY, "ElGetCustomAuthData: GUID = NULL"); break; }
// Get handle to HKLM\Software\Microsoft\EAPOL\Parameters\Interfaces
if ((lError = RegOpenKeyExA ( HKEY_LOCAL_MACHINE, cszEapKeyEapolConn, 0, KEY_READ, &hkey )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetCustomAuthData: Error in RegOpenKeyExA for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Get handle to HKLM\Software\...\Interfaces\<GUID>
if ((lError = RegOpenKeyExA ( hkey, pszGUID, 0, KEY_READ, &hkey1 )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetCustomAuthData: Error in RegOpenKeyExA for GUID, %ld", lError); dwRetCode = (DWORD)lError; break; }
_ltoa(dwEapTypeId, szEapTypeId, 10);
// Get handle to HKLM\Software\...\Interfaces\<GUID>\<EapTypeId>
if ((lError = RegOpenKeyExA ( hkey1, szEapTypeId, 0, KEY_READ, &hkey2 )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetCustomAuthData: Error in RegOpenKeyExA for EapTypeId, %ld", lError); dwRetCode = (DWORD)lError; break; }
// If no SSID is supplied, set the blob as value for "Default"
if (pszSSID == NULL) { pszSSID = cszDefault; }
// Get the value of ..\Interfaces\GUID\<EAPType>\(<SSID> or default)
// key
if ((lError = RegQueryValueExA ( hkey2, pszSSID, 0, &dwType, NULL, &dwInfoSize)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetCustomAuthData: Error in RegQueryValueExA for size estimation for SSID, %ld", lError);
// If pszSSID is "Default" and we cannot read the value for
// the key, bail out
if (!strcmp(pszSSID, cszDefault)) { dwRetCode = (DWORD)lError; break; } else { // Second try with pszSSID = cszDefault
TRACE0 (ANY, "ElGetCustomAuthData: Second try for size estimation with SSID = Default"); pszSSID = cszDefault; if ((lError = RegQueryValueExA ( hkey2, pszSSID, 0, &dwType, NULL, &dwInfoSize)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetCustomAuthData: Error in RegQueryValueExA for SSID=Default, 2nd try , %ld", lError);
dwRetCode = (DWORD)lError; break; } } }
// Data can be read
pbInfo = MALLOC (dwInfoSize); if (pbInfo == NULL) { TRACE0 (ANY, "ElGetCustomAuthData: Error in memory allocation"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
if ((lError = RegQueryValueExA ( hkey2, pszSSID, 0, &dwType, pbInfo, &dwInfoSize)) != ERROR_SUCCESS) { TRACE2 (ANY, "ElGetCustomAuthData: Error in RegQueryValueExA for SSID = %s, %ld", pszSSID, lError); dwRetCode = (DWORD)lError; break; }
TRACE1 (ANY, "ElGetCustomAuthData: Succeeded: Data size = %ld", dwInfoSize);
} while (FALSE);
if (hkey != NULL) { RegCloseKey (hkey); } if (hkey1 != NULL) { RegCloseKey (hkey1); } if (hkey2 != NULL) { RegCloseKey (hkey2); }
// check if caller has allocated enough memory
// to hold the info
if ((pbConnInfo != NULL) && (*pdwInfoSize >= dwInfoSize)) { memcpy ((VOID *)pbConnInfo, (VOID *)pbInfo, dwInfoSize); } else { dwRetCode = ERROR_BUFFER_TOO_SMALL; }
*pdwInfoSize = dwInfoSize; // Free the memory allocated for holding blob
if (pbInfo != NULL) { FREE (pbInfo); pbInfo = NULL; } return dwRetCode;}
//
// ElSetEapUserInfo
//
// Description:
//
// Function called to store the user data for an interface for a
// specific EAP type and SSID (if any). Data is stored in the HKCU hive.
// In case of EAP-TLS, this data will be the hash blob of the certificate
// chosen for the last successful authentication.
//
// Arguments:
//
// hToken - Handle to token for the logged on user
// pszGUID - pointer to GUID string for the interface
// dwEapTypeId - EAP type for which user data is to be stored
// pszSSID - Special identifier if any for the EAP user blob
// pbUserInfo - pointer to EAP user data blob
// dwInfoSize - Size of EAP user blob
//
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElSetEapUserInfo ( IN HANDLE hToken, IN CHAR *pszGUID, IN DWORD dwEapTypeId, IN CHAR *pszSSID, IN PBYTE pbUserInfo, IN DWORD dwInfoSize ){ HKEY hkey = NULL; HKEY hkey1 = NULL; HKEY hkey2 = NULL; HKEY hkey3 = NULL; DWORD dwDisposition; CHAR szEapTypeId[4]; // EapTypeId can be max 256 + 1 for null char
LONG lError = ERROR_SUCCESS; DWORD dwRetCode = ERROR_SUCCESS;
do { // Validate input params
if (hToken == NULL) { TRACE0 (ANY, "ElSetEapUserInfo: User Token = NULL"); break; } if (pszGUID == NULL) { TRACE0 (ANY, "ElSetEapUserInfo: GUID = NULL"); break; } if (dwEapTypeId == 0) { TRACE0 (ANY, "ElSetEapUserInfo: GUID = NULL"); break; } if ((pbUserInfo == NULL) || (dwInfoSize <= 0)) { TRACE0 (ANY, "ElSetEapUserInfo: Invalid blob data"); break; }
// Get handle to HKCU
if ((dwRetCode = ElGetEapKeyFromToken ( hToken, &hkey)) != NO_ERROR) { TRACE1 (ANY, "ElSetEapUserInfo: Error in ElGetEapKeyFromToken %ld", dwRetCode); break; }
if ((lError = RegCreateKeyExA ( hkey, cszEapKeyEapolUser, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hkey1, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetEapUserInfo: Error in RegCreateKeyExA for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Get handle to HKCU\Software\...\UserEapInfo\<GUID>
if ((lError = RegCreateKeyExA ( hkey1, pszGUID, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hkey2, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetEapUserInfo: Error in RegCreateKeyExA for GUID, %ld", lError); dwRetCode = (DWORD)lError; break; }
_ltoa(dwEapTypeId, szEapTypeId, 10);
// Get handle to HKCU\Software\...\UserEapInfo\<GUID>\<EAPTypeId>
if ((lError = RegCreateKeyExA ( hkey2, szEapTypeId, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hkey3, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetEapUserInfo: Error in RegCreateKeyExA for EapTypeId, %ld", lError); dwRetCode = (DWORD)lError; break; }
// If no SSID is supplied, set the blob as value for "Default"
if (pszSSID == NULL) { pszSSID = cszDefault; }
// Set value of ...\UserEapInfo\<GUID>\<EAPTypeId>\(<SSID> or default)
// key
if ((lError = RegSetValueExA ( hkey3, pszSSID, 0, REG_BINARY, pbUserInfo, dwInfoSize)) != ERROR_SUCCESS) { TRACE2 (ANY, "ElSetEapUserInfo: Error in RegSetValueExA for SSID = %s, %ld", pszSSID, lError); dwRetCode = (DWORD)lError; break; }
TRACE0 (ANY, "ElSetEapUserInfo: Set value succeeded");
} while (FALSE);
if (hkey != NULL) { RegCloseKey (hkey); } if (hkey1 != NULL) { RegCloseKey (hkey1); } if (hkey2 != NULL) { RegCloseKey (hkey2); } if (hkey3 != NULL) { RegCloseKey (hkey3); } return dwRetCode;}
//
// ElGetEapUserInfo
//
// Description:
//
// Function called to retrieve the user data for an interface for a
// specific EAP type and SSID (if any). Data is retrieved from the HKCU hive
//
// Arguments:
// hToken - Handle to token for the logged on user
// pszGUID - pointer to GUID string for the interface
// dwEapTypeId - EAP type for which user data is to be stored
// pszSSID - Special identifier if any for the EAP user blob
// pbUserInfo - output: pointer to EAP user data blob
// dwInfoSize - output: pointer to size of EAP user blob
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElGetEapUserInfo ( IN HANDLE hToken, IN CHAR *pszGUID, IN DWORD dwEapTypeId, IN CHAR *pszSSID, IN OUT PBYTE pbUserInfo, IN OUT DWORD *pdwInfoSize ){ HKEY hkey = NULL; HKEY hkey1 = NULL; HKEY hkey2 = NULL; HKEY hkey3 = NULL; PBYTE pbInfo = NULL; DWORD dwInfoSize = 0; DWORD dwType = 0; CHAR szEapTypeId[4]; // EapTypeId can be max 256 + 1 for null char
LONG lError = ERROR_SUCCESS; DWORD dwRetCode = ERROR_SUCCESS;
do { // Validate input params
if (pszGUID == NULL) { TRACE0 (ANY, "ElGetEapUserInfo: GUID = NULL"); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; } if (dwEapTypeId == 0) { TRACE0 (ANY, "ElGetEapUserInfo: GUID = NULL"); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
// Get handle to HKCU
if ((dwRetCode = ElGetEapKeyFromToken ( hToken, &hkey)) != NO_ERROR) { TRACE1 (ANY, "ElGetEapUserInfo: Error in ElGetEapKeyFromToken %ld", dwRetCode); break; }
// Get handle to HKCU\Software\...\UserEapInfo\<GUID>
if ((lError = RegOpenKeyExA ( hkey, cszEapKeyEapolUser, 0, KEY_READ, &hkey1 )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetEapUserInfo: Error in RegOpenKeyExA for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Get handle to HKCU\Software\...\UserEapInfo\<GUID>
if ((lError = RegOpenKeyExA ( hkey1, pszGUID, 0, KEY_READ, &hkey2 )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetEapUserInfo: Error in RegOpenKeyExA for GUID, %ld", lError); dwRetCode = (DWORD)lError; break; }
_ltoa(dwEapTypeId, szEapTypeId, 10);
// Get handle to HKCU\Software\...\UserEapInfo\<GUID>\<EAPTypeId>
if ((lError = RegOpenKeyExA ( hkey2, szEapTypeId, 0, KEY_READ, &hkey3 )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetEapUserInfo: Error in RegOpenKeyExA for EapTypeId, %ld", lError); dwRetCode = (DWORD)lError; break; }
// If no SSID is supplied, set the blob as value for "Default"
if (pszSSID == NULL) { pszSSID = cszDefault; }
// Get value of ...\UserEapInfo\<GUID>\<EAPTypeId>\(<SSID> or default)
// key
if ((lError = RegQueryValueExA ( hkey3, pszSSID, 0, &dwType, NULL, &dwInfoSize)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetEapUserInfo: Error in RegQueryValueExA for size estimation for SSID, %ld", lError);
// If pszSSID is "Default" and we cannot read the value for
// the key, bail out
if (!strcmp(pszSSID, cszDefault)) { dwRetCode = (DWORD)lError; break; } else { // Second try with pszSSID = cszDefault
TRACE0 (ANY, "ElGetEapUserInfo: Second try for size estimation with SSID = Default"); pszSSID = cszDefault; if ((lError = RegQueryValueExA ( hkey3, pszSSID, 0, &dwType, NULL, &dwInfoSize)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetEapUserInfo: Error in RegOpenKeyExA for SSID=Default in 2nd try , %ld", lError);
dwRetCode = (DWORD)lError; break; } } }
// Data can be read
pbInfo = MALLOC (dwInfoSize); if (pbInfo == NULL) { TRACE0 (ANY, "ElGetEapUserInfo: Error in memory allocation"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
if ((lError = RegQueryValueExA ( hkey3, pszSSID, 0, &dwType, pbInfo, &dwInfoSize)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetEapUserInfo: Error in RegQueryValueExA, %ld", lError); dwRetCode = (DWORD)lError; break; }
TRACE0 (ANY, "ElGetEapUserInfo: Get value succeeded");
} while (FALSE);
// Close all the open registry keys
if (hkey != NULL) { RegCloseKey (hkey); } if (hkey1 != NULL) { RegCloseKey (hkey1); } if (hkey2 != NULL) { RegCloseKey (hkey2); } if (hkey3 != NULL) { RegCloseKey (hkey3); }
if (dwRetCode == ERROR_SUCCESS) {
// check if caller has allocated enough memory
// to hold the info
if ((pbUserInfo != NULL) && (*pdwInfoSize >= dwInfoSize)) { memcpy ((VOID *)pbUserInfo, (VOID *)pbInfo, dwInfoSize); } else { // Else just return the size of the blob but not the blob
dwRetCode = ERROR_BUFFER_TOO_SMALL; }
*pdwInfoSize = dwInfoSize;
} // Free the memory allocated for holding blob
if (pbInfo != NULL) { FREE (pbInfo); } return dwRetCode;}
//
// ElGetInterfaceParams
//
// Description:
//
// Function called to retrieve the EAPOL parameters for an interface, stored
// in the HKLM hive.
//
// Arguments:
//
// pszGUID - pointer to GUID string for the interface
// pdwDefaultEAPType - output: Pointer to default EAP type for interface
// pszLastUsedSSID - output: Pointer to last used SSID for the interface
// pdwEapolEnabled - output: Is EAPOL enabled for the interface?
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElGetInterfaceParams ( IN CHAR *pszGUID, IN OUT DWORD *pdwDefaultEAPType, IN OUT CHAR *pszLastUsedSSID, IN OUT DWORD *pdwEapolEnabled ){ HKEY hkey = NULL; HKEY hkey1 = NULL; DWORD dwInfoSize = 0; DWORD dwType = 0; BYTE bValueBuffer[256]; LONG lError = ERROR_SUCCESS; DWORD dwRetCode = ERROR_SUCCESS;
do { // Validate input params
if (pszGUID == NULL) { TRACE0 (ANY, "ElGetInterfaceParams: GUID = NULL"); break; }
TRACE1 (ANY, "ElGetInterfaceParams: Getting stuff from registry for %s", pszGUID);
// Get handle to HKLM\Software\Microsoft\EAPOL\Parameters\Interfaces
if ((lError = RegOpenKeyExA ( HKEY_LOCAL_MACHINE, cszEapKeyEapolConn, 0, KEY_READ, &hkey )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetInterfaceParams: Error in RegOpenKeyExA for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Get handle to HKLM\Software\...\Interfaces\<GUID>
if ((lError = RegOpenKeyExA ( hkey, pszGUID, 0, KEY_READ, &hkey1 )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetInterfaceParams: Error in RegOpenKeyExA for GUID, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Get the value of ..\Interfaces\GUID\EapolEnabled
dwInfoSize = sizeof(DWORD); if ((lError = RegQueryValueExA ( hkey1, cszEapolEnabled, 0, &dwType, (BYTE *)pdwEapolEnabled, &dwInfoSize)) != ERROR_SUCCESS) { TRACE2 (ANY, "ElGetInterfaceParams: Error in RegQueryValueExA for EapolEnabled, %ld, InfoSize=%ld", lError, dwInfoSize); *pdwEapolEnabled = DEFAULT_EAPOL_STATE; }
TRACE1 (ANY, "ElGetInterfaceParams: Got EapolEnabled = %ld", *pdwEapolEnabled);
// Get the value of ..\Interfaces\GUID\DefaultEAPType
dwInfoSize = sizeof(DWORD); if ((lError = RegQueryValueExA ( hkey1, cszDefaultEAPType, 0, &dwType, (BYTE *)pdwDefaultEAPType, &dwInfoSize)) != ERROR_SUCCESS) { TRACE2 (ANY, "ElGetInterfaceParams: Error in RegQueryValueExA for DefaultEAPType, %ld, InfoSize=%ld", lError, dwInfoSize); *pdwDefaultEAPType = DEFAULT_EAP_TYPE; }
TRACE1 (ANY, "ElGetInterfaceParams: Got DefaultEAPType = %ld", *pdwDefaultEAPType);
// Get the value of ..\Interfaces\GUID\LastUsedSSID
dwInfoSize = 256; if ((lError = RegQueryValueExA ( hkey1, cszLastUsedSSID, 0, &dwType, (PUCHAR)pszLastUsedSSID, &dwInfoSize)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetInterfaceParams: Error in RegQueryValueExA for LastUsedSSID, %ld", lError); pszLastUsedSSID = NULL; }
} while (FALSE);
if (hkey != NULL) { RegCloseKey (hkey); } if (hkey1 != NULL) { RegCloseKey (hkey1); }
return dwRetCode;
}
//
// ElSetInterfaceParams
//
// Description:
//
// Function called to set the EAPOL parameters for an interface, in the HKLM
// hive
//
// Arguments:
//
// pszGUID - Pointer to GUID string for the interface
// pdwDefaultEAPType - default EAP type for interface
// pszLastUsedSSID - SSID that was received in the last EAP-Request/Identity
// packet
// pdwEapolEnabled - Is EAPOL enabled for the interface
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
//
DWORDElSetInterfaceParams ( IN CHAR *pszGUID, IN DWORD *pdwDefaultEAPType, IN CHAR *pszLastUsedSSID, IN DWORD *pdwEapolEnabled ){ HKEY hkey = NULL; HKEY hkey1 = NULL; DWORD dwInfoSize = 0; DWORD dwType = 0; LONG lError = ERROR_SUCCESS; DWORD dwRetCode = ERROR_SUCCESS;
do { // Validate input params
if (pszGUID == NULL) { TRACE0 (ANY, "ElSetInterfaceParams: GUID = NULL"); break; }
TRACE1 (ANY, "Setting stuff from registry for %s", pszGUID);
// Get handle to HKLM\Software\Microsoft\EAPOL\Parameters\Interfaces
if ((lError = RegOpenKeyExA ( HKEY_LOCAL_MACHINE, cszEapKeyEapolConn, 0, KEY_WRITE, &hkey )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetInterfaceParams: Error in RegOpenKeyExA for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Get handle to HKLM\Software\...\Interfaces\<GUID>
if ((lError = RegOpenKeyExA ( hkey, pszGUID, 0, KEY_WRITE, &hkey1 )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetInterfaceParams: Error in RegOpenKeyExA for GUID, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Set the value of ..\Interfaces\GUID\EapolEnabled
if ((lError = RegSetValueExA ( hkey1, cszEapolEnabled, 0, REG_DWORD, (BYTE *)pdwEapolEnabled, sizeof(DWORD))) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetInterfaceParams: Error in RegSetValueExA for EapolEnabled, %ld", lError); }
// Set the value of ..\Interfaces\GUID\DefaultEAPType
if ((lError = RegSetValueExA ( hkey1, cszDefaultEAPType, 0, REG_DWORD, (BYTE *)pdwDefaultEAPType, sizeof(DWORD))) != ERROR_SUCCESS) { TRACE1 (ANY, "ElSetInterfaceParams: Error in RegSetValueExA for DefaultEAPType, %ld", lError); }
// Set the value of ..\Interfaces\GUID\LastUsedSSID
if ((lError = RegSetValueExA ( hkey1, cszLastUsedSSID, 0, REG_SZ, pszLastUsedSSID, strlen(pszLastUsedSSID))) != ERROR_SUCCESS) { TRACE1 (ANY, "ElGetInterfaceParams: Error in RegSetValueExA for LastUsedSSID, %ld", lError); }
} while (FALSE);
if (hkey != NULL) { RegCloseKey (hkey); } if (hkey1 != NULL) { RegCloseKey (hkey1); }
return dwRetCode;
}
//
// ElGetEapKeyFromToken
//
// Description:
//
// Function to get handle to User hive from User Token
//
// Arguments:
// hUserToken - handle to user token
// phkey - output: pointer to handle to user hive
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElGetEapKeyFromToken ( IN HANDLE hUserToken, OUT HKEY *phkey ){ DWORD dwSizeNeeded; TOKEN_USER *pTokenData = NULL; UNICODE_STRING UnicodeSidString; WCHAR wsUnicodeBuffer[256]; HKEY hUserKey; HKEY hkeyEap; DWORD dwDisposition; NTSTATUS Status = STATUS_SUCCESS; PBYTE pbInfo = NULL; CHAR *pszInfo = NULL; DWORD dwType; DWORD dwInfoSize = 0; LONG lRetVal; EAPOL_PCB *pPCB; DWORD i; LONG lError = ERROR_SUCCESS; DWORD dwRetCode = NO_ERROR;
do { if (hUserToken != NULL) { if (!GetTokenInformation(hUserToken, TokenUser, 0, 0, &dwSizeNeeded)) { if ((dwRetCode = GetLastError()) == ERROR_INSUFFICIENT_BUFFER) { pTokenData = (TOKEN_USER *) MALLOC (dwSizeNeeded);
if (pTokenData == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY,"ElGetEapKeyFromToken: Allocation for TokenData failed"); break; } // Reset error code since we are continuing processing
// This was a valid scenario
dwRetCode = NO_ERROR; } else { TRACE1 (ANY,"ElGetEapKeyFromToken: Error in GetTokenInformation = %ld", dwRetCode); break; }
if (!GetTokenInformation (hUserToken, TokenUser, pTokenData, dwSizeNeeded, &dwSizeNeeded)) { dwRetCode = GetLastError (); TRACE1 (ANY,"ElGetEapKeyFromToken: GetTokenInformation failed with error %ld", dwRetCode); break; }
UnicodeSidString.Buffer = wsUnicodeBuffer; UnicodeSidString.Length = 0; UnicodeSidString.MaximumLength = sizeof(wsUnicodeBuffer);
Status = RtlConvertSidToUnicodeString ( &UnicodeSidString, pTokenData->User.Sid, FALSE);
if (!NT_SUCCESS(Status)) { dwRetCode = GetLastError (); TRACE1 (ANY, "ElGetEapKeyFromToken: RtlconvertSidToUnicodeString failed with error %ld", dwRetCode); break; }
UnicodeSidString.Buffer[UnicodeSidString.Length] = 0;
// Open the user's key
if ((lError = RegOpenKeyEx(HKEY_USERS, UnicodeSidString.Buffer, 0, KEY_ALL_ACCESS, &hUserKey)) != ERROR_SUCCESS) { dwRetCode = (DWORD)lError; TRACE1 (USER, "ElGetEapKeyFromToken: RegOpenKeyExA failed with error %ld", dwRetCode); break; } else { TRACE0 (ANY, "ElGetEapKeyFromToken: RegOpenKeyExA succeeded"); }
} else { TRACE0 (ANY,"ElGetEapKeyFromToken: GetTokenInformation succeeded when it should have failed"); break; } } else { TRACE0 (ANY, "ElGetEapKeyFromToken: Error, hUserToken == NULL "); break; }
*phkey = hUserKey;
} while (FALSE);
if (pTokenData != NULL) { FREE (pTokenData); }
return dwRetCode;}
//
// ElInitRegPortData
//
// Description:
//
// Function to verify existence of connection data for the port
// If no data exists, initialize with default values
// For EAP-TLS, default settings are no server certificate authentication,
// registry certificates
//
// Arguments:
// pszDeviceGUID - Pointer to GUID string for the port for which data is being
// initialized
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElInitRegPortData ( CHAR *pszDeviceGUID ){ PBYTE pbInfo = NULL; DWORD dwInfoSize = 0; EAPTLS_CONN_PROPERTIES *pConnProp = NULL; DWORD dwRetCode = NO_ERROR;
do { // Get the size of the Eap data first
if ((dwRetCode = ElGetCustomAuthData ( pszDeviceGUID, EAPCFG_DefaultKey, NULL, // SSID
NULL, // pbInfo
&dwInfoSize )) != NO_ERROR) { TRACE1 (ANY, "ElInitRegPortData: ElGetCustomAuthData returned error %ld", dwRetCode);
if ((dwRetCode == ERROR_BUFFER_TOO_SMALL) && (dwInfoSize != 0)) { // There is valid data in the default key in the registry
dwRetCode = NO_ERROR; TRACE1 (ANY, "ElInitRegPortData: ElGetCustomAuthData returned blob size = %ld", dwInfoSize); break; }
// Initialize port place with default data
pConnProp = MALLOC (sizeof (EAPTLS_CONN_PROPERTIES)); if (pConnProp == NULL) { TRACE0 (ANY, "ElInitRegPortData: Failed allocation for Conn Prop"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
// Registry certs, No server cert validation, No server name
// comparison
pConnProp->fFlags = (EAPTLS_CONN_FLAG_REGISTRY | EAPTLS_CONN_FLAG_NO_VALIDATE_CERT | EAPTLS_CONN_FLAG_NO_VALIDATE_NAME);#if REG_CERT_VALIDATE
pConnProp->fFlags = EAPTLS_CONN_FLAG_REGISTRY; pConnProp->fFlags &= ~EAPTLS_CONN_FLAG_NO_VALIDATE_CERT; pConnProp->fFlags &= ~EAPTLS_CONN_FLAG_NO_VALIDATE_NAME;#endif
pConnProp->dwSize = sizeof (EAPTLS_CONN_PROPERTIES);
// Set this blob into the registry for the port
if ((dwRetCode = ElSetCustomAuthData ( pszDeviceGUID, EAPCFG_DefaultKey, NULL, (BYTE *)pConnProp, pConnProp->dwSize )) != NO_ERROR) { TRACE1 (ANY, "ElInitRegPortData: ElSetCustomAuthData failed with %ld", dwRetCode); break; } }
} while (FALSE);
if (pConnProp != NULL) { FREE (pConnProp); pConnProp = NULL; }
TRACE1 (ANY, "ElInitRegPortData: completed with error %ld", dwRetCode);
return dwRetCode;}
//
// ElAuthAttributeGetVendorSpecific
//
//
// Description:
// Helper function used to extract MPPE Key out of Attrribute.
//
RAS_AUTH_ATTRIBUTE *ElAuthAttributeGetVendorSpecific ( IN DWORD dwVendorId, IN DWORD dwVendorType, IN RAS_AUTH_ATTRIBUTE * pAttributes ){ HANDLE hAttribute; RAS_AUTH_ATTRIBUTE * pAttribute;
//
// First search for the vendor specific attribute
//
pAttribute = ElAuthAttributeGetFirst ( raatVendorSpecific, pAttributes, &hAttribute );
while ( pAttribute != NULL ) { //
// If this attribute is of at least size to hold vendor Id/Type
//
if ( pAttribute->dwLength >= 8 ) { //
// Does this have the correct VendorId
//
if (WireToHostFormat32( (PBYTE)(pAttribute->Value) ) == dwVendorId) { //
// Does this have the correct Vendor Type
//
if ( *(((PBYTE)(pAttribute->Value))+4) == dwVendorType ) { return( pAttribute ); } } }
pAttribute = ElAuthAttributeGetNext ( &hAttribute, raatVendorSpecific ); }
return( NULL );}
//
// ElAuthAttributeGetFirst
//
// Description:
// Helper function used to extract MPPE Key out of Attrribute.
//
RAS_AUTH_ATTRIBUTE *ElAuthAttributeGetFirst ( IN RAS_AUTH_ATTRIBUTE_TYPE raaType, IN RAS_AUTH_ATTRIBUTE * pAttributes, OUT HANDLE * phAttribute ){ DWORD dwIndex; RAS_AUTH_ATTRIBUTE * pRequiredAttribute;
pRequiredAttribute = ElAuthAttributeGet ( raaType, pAttributes );
if ( pRequiredAttribute == NULL ) { *phAttribute = NULL;
return( NULL ); }
*phAttribute = pRequiredAttribute;
return( pRequiredAttribute );}
//
// ElAuthAttributeGetNext
//
// Description:
// Helper function used to extract MPPE Key out of Attrribute.
//
RAS_AUTH_ATTRIBUTE *ElAuthAttributeGetNext ( IN OUT HANDLE * phAttribute, IN RAS_AUTH_ATTRIBUTE_TYPE raaType ){ DWORD dwIndex; RAS_AUTH_ATTRIBUTE * pAttributes = (RAS_AUTH_ATTRIBUTE *)*phAttribute;
if ( pAttributes == NULL ) { return( NULL ); }
pAttributes++;
while( pAttributes->raaType != raatMinimum ) { if ( pAttributes->raaType == raaType ) { *phAttribute = pAttributes; return( pAttributes ); }
pAttributes++; }
*phAttribute = NULL; return( NULL );}
//
// ElAuthAttributeGet
//
// Description:
// Helper function used to extract MPPE Key out of Attrribute.
//
RAS_AUTH_ATTRIBUTE *ElAuthAttributeGet ( IN RAS_AUTH_ATTRIBUTE_TYPE raaType, IN RAS_AUTH_ATTRIBUTE * pAttributes ){ DWORD dwIndex;
if ( pAttributes == NULL ) { return( NULL ); }
for( dwIndex = 0; pAttributes[dwIndex].raaType != raatMinimum; dwIndex++ ) { if ( pAttributes[dwIndex].raaType == raaType ) { return( &(pAttributes[dwIndex]) ); } }
return( NULL );}
//
// ElReverseString
//
// Description:
// Reverses order of characters in 'psz'
//
VOIDElReverseString ( CHAR* psz ){ CHAR* pszBegin; CHAR* pszEnd;
for (pszBegin = psz, pszEnd = psz + strlen( psz ) - 1; pszBegin < pszEnd; ++pszBegin, --pszEnd) { CHAR ch = *pszBegin; *pszBegin = *pszEnd; *pszEnd = ch; }}
//
// ElEncodePw
//
// Description:
//
// Obfuscate 'pszPassword' in place to foil memory scans for passwords.
// Returns the address of 'pszPassword'.
//
CHAR*ElEncodePw ( IN OUT CHAR* pszPassword ){ if (pszPassword) { CHAR* psz;
ElReverseString (pszPassword);
for (psz = pszPassword; *psz != '\0'; ++psz) { if (*psz != (CHAR)PASSWORDMAGIC) *psz ^= PASSWORDMAGIC; } }
return pszPassword;}
//
// ElDecodePw
//
// Description:
//
// Un-obfuscate 'pszPassword' in place.
// Returns the address of 'pszPassword'.
//
CHAR*ElDecodePw ( IN OUT CHAR* pszPassword ){ return ElEncodePw (pszPassword);}
//
// Call: ElEncryptKeyUsingMD5
//
// Description:
// Given a secret, encrypt a given blob
//
//
//
VOIDElEncryptBlockUsingMD5 ( IN BYTE *pbSecret, IN ULONG ulSecretLen, IN OUT BYTE *pbBuf, IN ULONG ulBufLen ){ MD5_CTX MD5Context; BYTE bcipherText[MD5DIGESTLEN]; BYTE *pbWork = NULL, *pbEnd = NULL; BYTE *pbEndBlock = NULL, *pbSrc = NULL;
//
// Compute the beginning and end of the data to be crypted
//
pbWork = pbBuf; pbEnd = pbBuf + ulBufLen;
//
// Loop through the buffer
//
while (pbWork < pbEnd) { // Compute the digest
MD5Init (&MD5Context); MD5Update (&MD5Context, pbSecret, ulSecretLen); MD5Final (&MD5Context);
// Find the end of the block to be decrypted
pbEndBlock = pbWork + MD5DIGESTLEN; if (pbEndBlock >= pbEnd) { // We've reached the end of the buffer
pbEndBlock = pbEnd; } else { // ISSUE: Save the ciphertext for the next pass?
} // Crypt the block
for (pbSrc = MD5Context.digest; pbWork < pbEndBlock; ++pbWork, ++pbSrc) { *pbWork ^= *pbSrc; } }}
//
// ElDecryptKeyUsingMD5
//
// Description:
// Given a secret, decrypt a given blob
//
//
//
VOIDElDecryptBlockUsingMD5 ( IN BYTE *pbSecret, IN ULONG ulSecretLen, IN OUT BYTE *pbBuf, IN ULONG ulBufLen ){ MD5_CTX MD5Context; BYTE bcipherText[MD5DIGESTLEN]; BYTE *pbWork = NULL, *pbEnd = NULL; BYTE *pbEndBlock = NULL, *pbSrc = NULL; DWORD dwNumBlocks = 0; DWORD dwBlock = 0; DWORD dwIndex = 0;
dwNumBlocks = ( ulBufLen - 2 ) / MD5DIGESTLEN;
//
// Walk through the blocks
//
for (dwBlock = 0; dwBlock < dwNumBlocks; dwBlock++ ) { MD5Init ( &MD5Context); MD5Update ( &MD5Context, (PBYTE)pbSecret, ulSecretLen);
//
// ISSUE:
// Do we use any part of the ciphertext at all to generate
// the digest
//
MD5Final ( &MD5Context);
for ( dwIndex = 0; dwIndex < MD5DIGESTLEN; dwIndex++ ) { *pbBuf ^= MD5Context.digest[dwIndex]; pbBuf++; } }
}
//
// ElGetHMACMD5Digest
//
// Description:
//
// Given a secret, generate a MD5 digest
//
// Arguments:
// pbBuf - pointer to data stream
// dwBufLen - length of data stream
// pbKey - pointer to authentication key
// dwKeyLen - length of authentication key
// pvDigest - caller digest to be filled in
//
// Return values:
// None
//
VOIDElGetHMACMD5Digest ( IN BYTE *pbBuf, IN DWORD dwBufLen, IN BYTE *pbKey, IN DWORD dwKeyLen, IN OUT VOID *pvDigest ){ MD5_CTX MD5context; UCHAR k_ipad[65]; /* inner padding - key XORd with ipad */ UCHAR k_opad[65]; /* outer padding - key XORd with opad */ UCHAR tk[16]; DWORD dwIndex = 0; //
// the HMAC_MD5 transform looks like:
//
// MD5(K XOR opad, MD5(K XOR ipad, text))
//
// where K is an n byte key
// ipad is the byte 0x36 repeated 64 times
// opad is the byte 0x5c repeated 64 times
// and text is the data being protected
//
// start out by storing key in pads
ZeroMemory ( k_ipad, sizeof k_ipad); ZeroMemory ( k_opad, sizeof k_opad); memcpy ( k_ipad, pbKey, dwKeyLen); memcpy ( k_opad, pbKey, dwKeyLen);
// XOR key with ipad and opad values
for (dwIndex=0; dwIndex<64; dwIndex++) { k_ipad[dwIndex] ^= 0x36; k_opad[dwIndex] ^= 0x5c; }
//
// perform inner MD5
//
// init context for 1st pass
MD5Init(&MD5context); // start with inner pad
MD5Update(&MD5context, k_ipad, 64); // then text of datagram
MD5Update(&MD5context, pbBuf, dwBufLen); // finish up 1st pass
MD5Final(&MD5context); memcpy (pvDigest, MD5context.digest, MD5DIGESTLEN);
//
// perform outer MD5
//
// init context for 2nd pass
MD5Init(&MD5context); // start with outer pad
MD5Update(&MD5context, k_opad, 64); // then results of 1st hash
MD5Update(&MD5context, pvDigest, 16); // finish up 2nd pass
MD5Final(&MD5context); memcpy (pvDigest, MD5context.digest, MD5DIGESTLEN);}
//
// ElWmiGetValue
//
// Description:
//
// Get a value for a GUID instance through WMI
//
// Arguments:
// pGuid - Pointer to guid for which value is to be fetched
// pszInstanceName - Friendly name for the interface
// pbInputBuffer - Pointer to data
// dwInputBufferSize - Size of data
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElWmiGetValue ( IN GUID *pGuid, IN CHAR *pszInstanceName, IN OUT BYTE *pbOutputBuffer, IN OUT DWORD *pdwOutputBufferSize ){ WMIHANDLE WmiHandle = NULL; PWNODE_SINGLE_INSTANCE pWnode; ULONG ulBufferSize = 0; WCHAR *pwszInstanceName = NULL; BYTE *pbLocalBuffer = NULL; DWORD dwLocalBufferSize = 0; LONG lStatus = ERROR_SUCCESS;
do {
if ((pwszInstanceName = MALLOC ((strlen(pszInstanceName)+1) * sizeof (WCHAR))) == NULL) { TRACE2 (ANY, "ElWmiGetValue: MALLOC failed for pwszInstanceName, Friendlyname =%s, len= %ld", pszInstanceName, strlen(pszInstanceName)); lStatus = ERROR_NOT_ENOUGH_MEMORY; break; }
if (0 == MultiByteToWideChar( CP_ACP, 0, pszInstanceName, -1, pwszInstanceName, strlen(pszInstanceName)+1 ) ) { lStatus = GetLastError(); TRACE2 (ANY, "ElWmiGetValue: MultiByteToWideChar(%s) failed: %ld", pszInstanceName, lStatus); break; } pwszInstanceName[strlen(pszInstanceName)] = L'\0'; TRACE1 (ANY, "ElWmiGetValue: MultiByteToWideChar succeeded: %S", pwszInstanceName);
if ((lStatus = WmiOpenBlock (pGuid, 0, &WmiHandle)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWmiGetValue: WmiOpenBlock failed with error %ld", lStatus); break; }
if ((lStatus = WmiQuerySingleInstance (WmiHandle, pwszInstanceName, &dwLocalBufferSize, NULL)) != ERROR_SUCCESS) {
if (lStatus == ERROR_INSUFFICIENT_BUFFER) { TRACE1 (ANY, "ElWmiGetValue: Size Required = %ld", dwLocalBufferSize);
if ((pbLocalBuffer = MALLOC (dwLocalBufferSize)) == NULL) { TRACE0 (ANY, "ElWmiGetValue: MALLOC failed for pbLocalBuffer"); lStatus = ERROR_NOT_ENOUGH_MEMORY; break; }
if ((lStatus = WmiQuerySingleInstance (WmiHandle, pwszInstanceName, &dwLocalBufferSize, pbLocalBuffer)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWmiGetValue: WmiQuerySingleInstance failed with error %ld", lStatus); break; }
pWnode = (PWNODE_SINGLE_INSTANCE)pbLocalBuffer;
// If enough space in the output buffer, copy the data block
if (*pdwOutputBufferSize >= pWnode->SizeDataBlock) { memcpy (pbOutputBuffer, (PBYTE)((BYTE *)pWnode + pWnode->DataBlockOffset), pWnode->SizeDataBlock ); } else { lStatus = ERROR_INSUFFICIENT_BUFFER; TRACE0 (ANY, "ElWmiGetValue: Not sufficient space to copy DataBlock"); *pdwOutputBufferSize = pWnode->SizeDataBlock; break; } *pdwOutputBufferSize = pWnode->SizeDataBlock; TRACE0 (ANY, "ElWmiGetValue: Got values from Wmi"); TRACE1 (ANY, "SizeofDataBlock = %ld", pWnode->SizeDataBlock); EAPOL_DUMPBA (pbOutputBuffer, *pdwOutputBufferSize); } else { TRACE1 (ANY, "ElWmiGetValue: WmiQuerySingleInstance failed with error %ld", lStatus); break; }
}
} while (FALSE);
if (WmiHandle != NULL) { if ((lStatus = WmiCloseBlock (WmiHandle)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWmiGetValue: WmiOpenBlock failed with error %ld", lStatus); } }
if (pbLocalBuffer != NULL) { FREE (pbLocalBuffer); }
if (pwszInstanceName != NULL) { FREE (pwszInstanceName); }
return (DWORD)lStatus;
}
//
// ElWmiSetValue
//
// Description:
//
// Set a value for a GUID instance through WMI
//
// Arguments:
// pGuid - Pointer to guid for which value is to be set
// pszInstanceName - Friendly name for the interface
// pbInputBuffer - Pointer to data
// dwInputBufferSize - Size of data
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElWmiSetValue ( IN GUID *pGuid, IN CHAR *pszInstanceName, IN BYTE *pbInputBuffer, IN DWORD dwInputBufferSize ){ WMIHANDLE WmiHandle = NULL; PWNODE_SINGLE_INSTANCE pWnode; ULONG ulBufferSize = 0; WCHAR *pwszInstanceName = NULL; BYTE bBuffer[4096];
LONG lStatus = ERROR_SUCCESS;
do {
if ((pwszInstanceName = MALLOC ((strlen(pszInstanceName)+1) * sizeof (WCHAR))) == NULL) { TRACE0 (ANY, "ElWmiSetValue: MALLOC failed for pwszInstanceName"); lStatus = ERROR_NOT_ENOUGH_MEMORY; break; }
if (0 == MultiByteToWideChar ( CP_ACP, 0, pszInstanceName, -1, pwszInstanceName, strlen(pszInstanceName)+1 ) ) { lStatus = GetLastError(); TRACE2 (ANY, "ElWmiSetValue: MultiByteToWideChar(%s) failed: %d", pszInstanceName, lStatus); break; } pwszInstanceName[strlen(pszInstanceName)] = L'\0'; if ((lStatus = WmiOpenBlock (pGuid, 0, &WmiHandle)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWmiSetValue: WmiOpenBlock failed with error %ld", lStatus); break; }
if ((lStatus = WmiSetSingleInstance (WmiHandle, pwszInstanceName, 1, dwInputBufferSize, pbInputBuffer)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWmiSetValue: WmiSetSingleInstance failed with error %ld", lStatus); break; }
TRACE0 (ANY, "ElWmiSetValue: Successful !!!");
} while (FALSE);
if (WmiHandle != NULL) { if ((lStatus = WmiCloseBlock (WmiHandle)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWmiSetValue: WmiOpenBlock failed with error %ld", lStatus); } }
if (pwszInstanceName != NULL) { FREE (pwszInstanceName); }
return (DWORD)lStatus;
}
//
// ElNdisuioSetOIDValue
//
// Description:
//
// Set a value for an OID for an interface using Ndisuio
//
// Arguments:
// hInterface - Ndisuio handle to interface
// Oid - Oid for which value needs to be set
// pbOidData - Pointer to Oid data
// ulOidDataLength - Oid data length
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElNdisuioSetOIDValue ( IN HANDLE hInterface, IN NDIS_OID Oid, IN BYTE *pbOidData, IN ULONG ulOidDataLength ){ PNDISUIO_SET_OID pSetOid = NULL; DWORD BytesReturned = 0; BOOLEAN fSuccess = TRUE; DWORD dwRetCode = NO_ERROR;
do { pSetOid = (PNDISUIO_SET_OID) MALLOC (ulOidDataLength + sizeof(NDISUIO_SET_OID));
if (pSetOid == NULL) { TRACE0 (ANY, "ElNdisuioSetOIDValue: MALLOC failed for pSetOid"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } pSetOid->Oid = Oid; memcpy(&pSetOid->Data[0], pbOidData, ulOidDataLength);
fSuccess = (BOOLEAN) DeviceIoControl ( hInterface, IOCTL_NDISUIO_SET_OID_VALUE, (LPVOID)pSetOid, FIELD_OFFSET(NDISUIO_SET_OID, Data) + ulOidDataLength, (LPVOID)pSetOid, 0, &BytesReturned, NULL); if (!fSuccess) { TRACE1 (ANY, "ElNdisuioSetOIDValue: DeviceIoControl failed with error %ld", (dwRetCode = GetLastError())); break; } else { TRACE0 (ANY, "ElNdisuioSetOIDValue: DeviceIoControl succeeded"); }
} while (FALSE);
if (pSetOid != NULL) { FREE (pSetOid); }
return dwRetCode;}
//
// ElNdisuioQueryOIDValue
//
// Description:
//
// Query the value for an OID for an interface using Ndisuio
//
// Arguments:
// hInterface - Ndisuio handle to interface
// Oid - Oid for which value needs to be set
// pbOidValue - Pointer to Oid value
// pulOidDataLength - Pointer to Oid data length
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElNdisuioQueryOIDValue ( IN HANDLE hInterface, IN NDIS_OID Oid, IN BYTE *pbOidData, IN ULONG *pulOidDataLength ){ PNDISUIO_QUERY_OID pQueryOid = NULL; DWORD BytesReturned = 0; BOOLEAN fSuccess = TRUE; DWORD dwRetCode = NO_ERROR;
do { pQueryOid = (PNDISUIO_QUERY_OID) MALLOC (*pulOidDataLength + sizeof(NDISUIO_QUERY_OID));
if (pQueryOid == NULL) { TRACE0 (ANY, "ElNdisuioQueryOIDValue: MALLOC failed for pQueryOid"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } pQueryOid->Oid = Oid;
fSuccess = (BOOLEAN) DeviceIoControl ( hInterface, IOCTL_NDISUIO_QUERY_OID_VALUE, (LPVOID)pQueryOid, FIELD_OFFSET(NDISUIO_QUERY_OID, Data) + *pulOidDataLength, (LPVOID)pQueryOid, FIELD_OFFSET(NDISUIO_QUERY_OID, Data) + *pulOidDataLength, &BytesReturned, NULL); if (!fSuccess) { dwRetCode = GetLastError(); TRACE2 (ANY, "ElNdisuioQueryOIDValue: DeviceIoControl failed with error %ld, BytesReturned = %ld", dwRetCode, BytesReturned); *pulOidDataLength = BytesReturned; break; } else { TRACE0 (ANY, "ElNdisuioQueryOIDValue: DeviceIoControl succeeded");
if (BytesReturned >= *pulOidDataLength) { TRACE2 (ANY, "ElNdisuioQueryOIDValue: BytesRet (%ld) >= SizeofInput (%ld); truncating data", BytesReturned, *pulOidDataLength); BytesReturned = *pulOidDataLength; } else { dwRetCode = ERROR_INVALID_DATA; TRACE2 (ANY, "ElNdisuioQueryOIDValue: BytesRet (%ld) < SizeofInput (%ld)", BytesReturned, *pulOidDataLength); *pulOidDataLength = BytesReturned; }
memcpy(pbOidData, &pQueryOid->Data[0], BytesReturned); }
} while (FALSE);
if (pQueryOid != NULL) { FREE (pQueryOid); }
return dwRetCode;}
#if 0
//
// ElGuidFromString
//
// Description:
//
// Convert a GUID-string to GUID
//
// Arguments:
// pGuid - pointer to GUID
// pszGuidString - pointer to string version of GUID
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORD ElGuidFromString ( IN OUT GUID *pGuid, IN CHAR *pszGuidString ){ DWORD dwGuidLen = 0; WCHAR wszGuidString[64]; LPWSTR lpwszWithBraces = NULL; DWORD dwRetCode = NO_ERROR;
do {
if (pszGuidString == NULL) { break; }
ZeroMemory (pGuid, sizeof(GUID));
dwGuidLen = strlen (pszGuidString); if (dwGuidLen != 36) { TRACE0 (ANY, "GuidFromString: Guid Length != required 36"); break; } if (0 == MultiByteToWideChar( CP_ACP, 0, pszGuidString, -1, wszGuidString, dwGuidLen ) ) { dwRetCode = GetLastError();
TRACE2 (ANY, "GuidFromString: MultiByteToWideChar(%s) failed: %d", pszGuidString, dwRetCode); break; } wszGuidString[dwGuidLen] = L'\0';
// add the braces
lpwszWithBraces = (LPWSTR) MALLOC ((dwGuidLen + 1 + 2) * sizeof(WCHAR));
wsprintf (lpwszWithBraces, L"{%s}", wszGuidString);
CLSIDFromString (lpwszWithBraces, pGuid);
} while (FALSE);
return dwRetCode;}
#endif
//
// ElGetLoggedOnUserName
//
// Description:
//
// Get the Username and Domain of the currently logged in user
//
// Arguments:
// pPCB - Pointer to port on which logged-on user's name is to be
// obtained
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
//
DWORDElGetLoggedOnUserName ( IN EAPOL_PCB *pPCB ){ HANDLE hUserToken; WCHAR *pwszUserNameBuffer = NULL; DWORD dwBufferSize = 0; BOOL fNeedToRevertToSelf = FALSE; DWORD dwRetCode = NO_ERROR;
do { hUserToken = pPCB->hUserToken;
if (hUserToken != NULL) { if (!ImpersonateLoggedOnUser (hUserToken)) { dwRetCode = GetLastError(); TRACE1 (USER, "ElGetLoggedOnUserName: ImpersonateLoggedOnUser failed with error %ld", dwRetCode); break; }
fNeedToRevertToSelf = TRUE;
dwBufferSize = 0; if (!GetUserNameEx (NameSamCompatible, NULL, &dwBufferSize)) { dwRetCode = GetLastError (); if (dwRetCode == ERROR_MORE_DATA) { if ((pwszUserNameBuffer = MALLOC (dwBufferSize*sizeof(WCHAR))) == NULL) { TRACE0 (ANY, "ElGetLoggedOnUserName: MALLOC failed for pwszUserNameBuffer"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; } if (!GetUserNameEx (NameSamCompatible, pwszUserNameBuffer, &dwBufferSize)) { dwRetCode = GetLastError (); TRACE1 (ANY, "ElGetLoggedOnUserName: GetUserNameEx failed with error %ld", dwRetCode); break; } pwszUserNameBuffer[dwBufferSize]=L'\0'; TRACE1 (ANY, "ElGetLoggedOnUserName: Got User Name %S", pwszUserNameBuffer); } else { TRACE1 (ANY, "ElGetLoggedOnUserName: GetUserNameEx failed with error %ld", dwRetCode); break; } } } else { TRACE0 (ANY, "ElGetLoggedOnUserName: UserToken is NULL"); break; }
} while (FALSE);
if (pwszUserNameBuffer != NULL) { FREE (pwszUserNameBuffer); }
// Revert impersonation
if (fNeedToRevertToSelf) { if (!RevertToSelf()) { dwRetCode = GetLastError(); TRACE1 (USER, "ElGetLoggedOnUserName: Error in RevertToSelf = %ld", dwRetCode); } }
return dwRetCode;
}
//
// ElGetMachineName
//
// Description:
//
// Get the machine name of the computer the service is currently running on
//
// Arguments:
// pPCB - Pointer to PCB for the port on which machine name is to
// to be obtained
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
//
DWORDElGetMachineName ( IN EAPOL_PCB *pPCB ){ WCHAR *pwszComputerNameBuffer = NULL; CHAR *pszComputerNameBuffer = NULL; WCHAR *pwszComputerDomainBuffer = NULL; CHAR *pszComputerDomainBuffer = NULL; DWORD dwBufferSize = 0; DWORD dwRetCode = NO_ERROR;
do { dwBufferSize = 0; if (!GetComputerNameEx (ComputerNamePhysicalNetBIOS, NULL, &dwBufferSize)) { dwRetCode = GetLastError (); if (dwRetCode == ERROR_MORE_DATA) { // Reset error
dwRetCode = NO_ERROR; if ((pwszComputerNameBuffer = MALLOC (dwBufferSize*sizeof(WCHAR))) == NULL) { TRACE0 (ANY, "ElGetMachineName: MALLOC failed for pwszComputerNameBuffer"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
if (!GetComputerNameEx (ComputerNamePhysicalNetBIOS, pwszComputerNameBuffer, &dwBufferSize)) { dwRetCode = GetLastError (); TRACE1 (ANY, "ElGetMachineName: GetComputerNameEx failed with error %ld", dwRetCode); break; }
TRACE1 (ANY, "ElGetMachineName: Got Computer Name %S", pwszComputerNameBuffer);
pszComputerNameBuffer = MALLOC (wcslen(pwszComputerNameBuffer) + 1); if (pszComputerNameBuffer == NULL) { TRACE0 (ANY, "ElGetMachineName: MALLOC failed for pszComputerNameBuffer"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
if (0 == WideCharToMultiByte ( CP_ACP, 0, pwszComputerNameBuffer, -1, pszComputerNameBuffer, wcslen(pwszComputerNameBuffer)+1, NULL, NULL )) { dwRetCode = GetLastError(); TRACE2 (ANY, "ElGetMachineName: WideCharToMultiByte (%ws) failed: %ld", pwszComputerNameBuffer, dwRetCode); break; }
pszComputerNameBuffer[wcslen(pwszComputerNameBuffer)] = L'\0';
} else { TRACE1 (ANY, "ElGetMachineName: GetComputerNameEx failed with error %ld", dwRetCode); break; } }
dwBufferSize = 0; if (!GetComputerNameEx (ComputerNamePhysicalDnsDomain, NULL, &dwBufferSize)) { dwRetCode = GetLastError (); if (dwRetCode == ERROR_MORE_DATA) { // Reset error
dwRetCode = NO_ERROR; if ((pwszComputerDomainBuffer = MALLOC (dwBufferSize*sizeof(WCHAR))) == NULL) { TRACE0 (ANY, "ElGetMachineName: MALLOC failed for pwszComputerDomainBuffer"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
if (!GetComputerNameEx (ComputerNamePhysicalDnsDomain, pwszComputerDomainBuffer, &dwBufferSize)) { dwRetCode = GetLastError (); TRACE1 (ANY, "ElGetMachineName: GetComputerNameEx Domain failed with error %ld", dwRetCode); break; }
TRACE1 (ANY, "ElGetMachineName: Got Computer Domain %S", pwszComputerDomainBuffer);
pszComputerDomainBuffer = MALLOC (wcslen(pwszComputerDomainBuffer) + 1); if (pszComputerDomainBuffer == NULL) { TRACE0 (ANY, "ElGetMachineName: MALLOC failed for pszComputerDomainBuffer"); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
if (0 == WideCharToMultiByte ( CP_ACP, 0, pwszComputerDomainBuffer, -1, pszComputerDomainBuffer, wcslen(pwszComputerDomainBuffer)+1, NULL, NULL )) { dwRetCode = GetLastError(); TRACE2 (ANY, "ElGetMachineName: WideCharToMultiByte (%ws) failed: %ld", pwszComputerDomainBuffer, dwRetCode); break; }
pszComputerDomainBuffer[wcslen(pwszComputerDomainBuffer)] = L'\0'; *(strrchr (pszComputerDomainBuffer, '.')) = '\0';
if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; }
pPCB->pszIdentity = MALLOC (strlen(pszComputerDomainBuffer) + strlen(pszComputerNameBuffer) + 3);
if (pPCB->pszIdentity == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElGetMachineName: MALLOC failed for pPCB->pszIdentity"); break; } memcpy (pPCB->pszIdentity, pszComputerDomainBuffer, strlen(pszComputerDomainBuffer)); pPCB->pszIdentity[strlen(pszComputerDomainBuffer)] = '\\'; memcpy (&pPCB->pszIdentity[strlen(pszComputerDomainBuffer)+1], pszComputerNameBuffer, strlen(pszComputerNameBuffer));
pPCB->pszIdentity[strlen(pszComputerDomainBuffer)+1+strlen(pszComputerNameBuffer)] = '$'; pPCB->pszIdentity[strlen(pszComputerDomainBuffer)+1+strlen(pszComputerNameBuffer)+1] = '\0';
} else { TRACE1 (ANY, "ElGetMachineName: GetComputerNameEx failed with error %ld", dwRetCode); break; } }
} while (FALSE);
if (pwszComputerNameBuffer != NULL) { FREE (pwszComputerNameBuffer); }
if (pszComputerNameBuffer != NULL) { FREE (pszComputerNameBuffer); }
if (pwszComputerDomainBuffer != NULL) { FREE (pwszComputerDomainBuffer); }
if (pszComputerDomainBuffer != NULL) { FREE (pszComputerDomainBuffer); }
return dwRetCode;
}
//
// ElUpdateRegistryInterfaceList
//
// Description:
//
// Write the interface list to which NDISUIO is bound to, to the registry
//
// Arguments:
// Interfaces - Interface list containing Device Name and Description
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
//
DWORDElUpdateRegistryInterfaceList ( IN PNDIS_ENUM_INTF Interfaces ){ CHAR *pszRegInterfaceList = NULL; HKEY hkey = NULL; DWORD dwDisposition = 0; LONG lError = ERROR_SUCCESS;
DWORD dwRetCode = NO_ERROR;
do { ANSI_STRING InterfaceName; UCHAR ucBuffer[256]; DWORD i; DWORD dwSizeOfList = 0;
// Determine the number of bytes in the list
for (i=0; i < Interfaces->TotalInterfaces; i++) { ZeroMemory (ucBuffer, 256); InterfaceName.Length = 0; InterfaceName.MaximumLength = 256; InterfaceName.Buffer = ucBuffer;
if (Interfaces->Interface[i].DeviceName.Buffer != NULL) { if (RtlUnicodeStringToAnsiString(&InterfaceName, &(Interfaces->Interface[i].DeviceName), FALSE) != STATUS_SUCCESS) { TRACE1 (ANY, "ElUpdateRegistryInterfaceList: Error in RtlUnicodeStringToAnsiString for DeviceName %ws", Interfaces->Interface[i].DeviceName.Buffer); }
InterfaceName.Buffer[InterfaceName.Length] = '\0';
dwSizeOfList += (strlen(InterfaceName.Buffer) + 1); } else { TRACE0(INIT, "ElUpdateRegistryInterfaceList: Device Name was NULL"); continue; }
TRACE1(INIT, "Device: %s", InterfaceName.Buffer);
}
// One extra char for terminating NULL char
pszRegInterfaceList = (CHAR *) MALLOC ( dwSizeOfList + 1 );
if ( pszRegInterfaceList == NULL ) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElUpdateRegistryInterfaceList: MALLOC failed for pszRegInterfaceList"); break; }
// Start again
dwSizeOfList = 0;
// Create the string in REG_SZ format
for (i=0; i < Interfaces->TotalInterfaces; i++) { ZeroMemory (ucBuffer, 256); InterfaceName.Length = 0; InterfaceName.MaximumLength = 256; InterfaceName.Buffer = ucBuffer;
if (Interfaces->Interface[i].DeviceName.Buffer != NULL) { if (RtlUnicodeStringToAnsiString(&InterfaceName, &Interfaces->Interface[i].DeviceName, FALSE) != STATUS_SUCCESS) { TRACE0 (ANY, "ElUpdateRegistryInterfaceList: Error in RtlUnicodeStringToAnsiString for DeviceName"); }
InterfaceName.Buffer[InterfaceName.Length] = '\0';
memcpy (&pszRegInterfaceList[dwSizeOfList], InterfaceName.Buffer, (strlen(InterfaceName.Buffer) )); dwSizeOfList += (strlen(InterfaceName.Buffer)); } else { TRACE0(INIT, "ElUpdateRegistryInterfaceList: Device Name was NULL"); continue; } }
// Final NULL character
pszRegInterfaceList[dwSizeOfList++] = '\0';
// Write the string as a REG_SZ value
// Get handle to
// HKLM\Software\Microsoft\EAPOL\Parameters\General
if ((lError = RegCreateKeyExA ( HKEY_LOCAL_MACHINE, cszEapKeyEapolServiceParams, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hkey, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElUpdateRegistryInterfaceList: Error in RegCreateKeyExA for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
//
// Set the value of
// ...\EAPOL\Parameters\General\InterfaceList key
//
if ((lError = RegSetValueExA ( hkey, cszInterfaceList, 0, REG_SZ, pszRegInterfaceList, dwSizeOfList)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElUpdateRegistryInterfaceList: Error in RegSetValueExA for InterfaceList, %ld", lError); dwRetCode = (DWORD)lError; break; }
TRACE0 (ANY, "ElUpdateRegistryInterfaceList: Set value succeeded");
} while (FALSE);
if (hkey != NULL) { RegCloseKey (hkey); }
if (pszRegInterfaceList != NULL) { FREE (pszRegInterfaceList); }
return dwRetCode;}
//
// ElWatchGlobalRegistryParams
//
// Description:
//
// Watch the registry for changes for global params. Update in-memory values
//
// Arguments:
// Unused
//
// Return values:
//
//
VOID ElWatchGlobalRegistryParams ( IN PVOID pvContext ){ HKEY hKey = NULL; HANDLE hRegChangeEvent = NULL; HANDLE hEvents[2]; BOOL fExitThread = FALSE; DWORD dwDisposition = 0; DWORD dwStatus = 0; LONG lError = 0; DWORD dwRetCode = NO_ERROR;
TRACE0 (ANY, "ElWatchGlobalRegistryParams: Entered");
do {
// Get handle to
// HKLM\Software\Microsoft\EAPOL\Parameters\General\Global
if ((lError = RegCreateKeyExA ( HKEY_LOCAL_MACHINE, cszEAPOLGlobalParams, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_READ, NULL, &hKey, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWatchGlobalRegistryParams: Error in RegCreateKeyExA for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Open a handle to a event to perform wait on that event
hRegChangeEvent = CreateEvent (NULL, TRUE, FALSE, NULL);
if (hRegChangeEvent == NULL) { dwRetCode = GetLastError (); TRACE1 (ANY, "ElWatchGlobalRegistryParams: Error in CreateEvent for hRegChangeEvent = %ld", dwRetCode); break; }
// Register to notify change in registry value
if ((lError = RegNotifyChangeKeyValue ( hKey, TRUE, // watch entire sub-tree
REG_NOTIFY_CHANGE_LAST_SET, // detect value add/delete
hRegChangeEvent, TRUE // asynchronous
)) != ERROR_SUCCESS) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElWatchGlobalRegistryParams: RegNotifyChangeKeyValue failed with error %ld", dwRetCode); break; }
do {
// Wait for Registry changes or service termination
hEvents[0] = hRegChangeEvent; hEvents[1] = g_hEventTerminateEAPOL;
if ((dwStatus = WaitForMultipleObjects( 2, hEvents, FALSE, INFINITE )) == WAIT_FAILED) { dwRetCode = GetLastError (); TRACE1 (ANY, "ElWatchGlobalRegistryParams: WaitForMultipleObjects failed with error %ld", dwRetCode); break; } switch (dwStatus) {
case WAIT_OBJECT_0:
// Registry values changed
// Update in-memory values
if ((dwRetCode = ElReadGlobalRegistryParams ()) != NO_ERROR) { TRACE1 (ANY, "ElWatchGlobalRegistryParams: ElReadGlobalRegistryParams failed with error %ld", dwRetCode);
// continue processing since this is not a critical error
dwRetCode = NO_ERROR; }
if (!ResetEvent(hRegChangeEvent)) { dwRetCode = GetLastError (); TRACE1 (ANY, "ElWatchGlobalRegistryParams: ResetEvent failed with error %ld", dwRetCode); break; }
break;
case WAIT_OBJECT_0+1:
// Service shutdown detected
fExitThread = TRUE; break;
default:
TRACE1 (ANY, "ElWatchGlobalRegistryParams: No such event = %ld", dwStatus); break; }
if ((dwRetCode != NO_ERROR) || (fExitThread)) { break; }
} while (TRUE);
} while (FALSE);
TRACE1 (ANY, "ElWatchGlobalRegistryParams: Completed with error %ld", dwRetCode);
if (hKey != NULL) { RegCloseKey(hKey); }
return;
}
//
// ElReadGlobalRegistryParams
//
// Description:
//
// Read registry parameters global to EAPOL state machine
// i.e. maxStart, startPeriod, authPeriod, heldPeriod
//
// Arguments:
// Unused
//
// Return values:
//
// NO_ERROR - success
// non-zero - error
//
DWORDElReadGlobalRegistryParams (){ HKEY hKey = NULL; DWORD dwDisposition = 0; DWORD dwType = 0; DWORD dwInfoSize = 0; DWORD lError = 0; DWORD dwmaxStart=0, dwstartPeriod=0, dwauthPeriod=0, dwheldPeriod=0; DWORD dwRetCode = NO_ERROR;
do {
// Get handle to
// HKLM\Software\Microsoft\EAPOL\Parameters\General\Global
if ((lError = RegCreateKeyExA ( HKEY_LOCAL_MACHINE, cszEAPOLGlobalParams, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_READ, NULL, &hKey, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElReadGlobalRegistryParams: Error in RegCreateKeyExA for base key, %ld", lError); break; }
ACQUIRE_WRITE_LOCK (&g_EAPOLConfig);
// If setting values for the first time, initialize values
if (!(g_dwmaxStart || g_dwstartPeriod || g_dwauthPeriod || g_dwheldPeriod)) { g_dwmaxStart = EAPOL_MAX_START; g_dwstartPeriod = EAPOL_START_PERIOD; g_dwauthPeriod = EAPOL_AUTH_PERIOD; g_dwheldPeriod = EAPOL_HELD_PERIOD; }
RELEASE_WRITE_LOCK (&g_EAPOLConfig);
dwmaxStart = g_dwmaxStart; dwstartPeriod = g_dwstartPeriod; dwauthPeriod = g_dwauthPeriod; dwheldPeriod = g_dwheldPeriod;
// Get the value of ..\General\EAPOLGlobal\authPeriod
dwInfoSize = sizeof(DWORD); if ((lError = RegQueryValueExA ( hKey, cszAuthPeriod, 0, &dwType, (BYTE *)&dwauthPeriod, &dwInfoSize)) != ERROR_SUCCESS) { TRACE2 (ANY, "ElReadGlobalRegistryParams: Error in RegQueryValueExA for cszAuthPeriod, %ld, InfoSize=%ld", lError, dwInfoSize); dwauthPeriod = g_dwauthPeriod; lError = ERROR_SUCCESS; }
// Get the value of ..\General\EAPOLGlobal\heldPeriod
dwInfoSize = sizeof(DWORD); if ((lError = RegQueryValueExA ( hKey, cszHeldPeriod, 0, &dwType, (BYTE *)&dwheldPeriod, &dwInfoSize)) != ERROR_SUCCESS) { TRACE2 (ANY, "ElReadGlobalRegistryParams: Error in RegQueryValueExA for cszHeldPeriod, %ld, InfoSize=%ld", lError, dwInfoSize); dwheldPeriod = g_dwheldPeriod; lError = ERROR_SUCCESS; }
// Get the value of ..\General\EAPOLGlobal\startPeriod
dwInfoSize = sizeof(DWORD); if ((lError = RegQueryValueExA ( hKey, cszStartPeriod, 0, &dwType, (BYTE *)&dwstartPeriod, &dwInfoSize)) != ERROR_SUCCESS) { TRACE2 (ANY, "ElReadGlobalRegistryParams: Error in RegQueryValueExA for cszStartPeriod, %ld, InfoSize=%ld", lError, dwInfoSize); dwstartPeriod = g_dwstartPeriod; lError = ERROR_SUCCESS; }
// Get the value of ..\General\EAPOLGlobal\maxStart
dwInfoSize = sizeof(DWORD); if ((lError = RegQueryValueExA ( hKey, cszMaxStart, 0, &dwType, (BYTE *)&dwmaxStart, &dwInfoSize)) != ERROR_SUCCESS) { TRACE2 (ANY, "ElReadGlobalRegistryParams: Error in RegQueryValueExA for cszMaxStart, %ld, InfoSize=%ld", lError, dwInfoSize); dwmaxStart = g_dwmaxStart; lError = ERROR_SUCCESS; }
// Successful in reading all parameters
ACQUIRE_WRITE_LOCK (&g_EAPOLConfig);
g_dwmaxStart = dwmaxStart; g_dwstartPeriod = dwstartPeriod; g_dwauthPeriod = dwauthPeriod; g_dwheldPeriod = dwheldPeriod;
RELEASE_WRITE_LOCK (&g_EAPOLConfig);
} while (FALSE); dwRetCode = (DWORD)lError; if (dwRetCode != NO_ERROR) { TRACE1 (ANY, "ElReadGlobalRegistryParams: failed with error %ld", dwRetCode); }
if (hKey != NULL) { RegCloseKey(hKey); }
return dwRetCode;
}
//
// ElWatchEapConfigRegistryParams
//
// Description:
//
// Watch the registry for changes in EAP config
// - HKLM - EAP type
// - HKLM - EAPOLEnabled
//
// Restart the state machine if the params change
//
// Arguments:
//
// Return values:
//
//
VOID ElWatchEapConfigRegistryParams ( IN PVOID pvContext ){ HKEY hUserKey = NULL; HKEY hWorkspaceKey = NULL; HKEY hRegChangeKey = NULL; HANDLE hRegChangeEvent = NULL; HANDLE hEvents[2]; HANDLE hUserToken = NULL; DWORD dwDisposition = 0; BOOL fExitThread = FALSE; DWORD dwStatus = 0; LONG lError = 0; DWORD dwRetCode = NO_ERROR;
TRACE0 (ANY, "ElWatchEapConfigRegistryParams: Entered");
do {
// Get handle to
// HKLM\Software\Microsoft\EAPOL\Parameters\Interfaces
if ((lError = RegCreateKeyExA ( HKEY_LOCAL_MACHINE, cszEapKeyEapolConn, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_READ, NULL, &hWorkspaceKey, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElWatchEapConfigRegistryParams: Error in RegCreateKeyExA for cszEapKeyEapolConn, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Open a handle to a event to perform wait on that event
hRegChangeEvent = CreateEvent (NULL, TRUE, FALSE, NULL);
if (hRegChangeEvent == NULL) { dwRetCode = GetLastError (); TRACE1 (ANY, "ElWatchEapConfigRegistryParams: Error in CreateEvent for hRegChangeEvent = %ld", dwRetCode); break; }
do { // Register to notify change in registry value
if ((lError = RegNotifyChangeKeyValue ( hWorkspaceKey, TRUE, // watch entire sub-tree
REG_NOTIFY_CHANGE_LAST_SET, // detect value add/delete
hRegChangeEvent, TRUE // asynchronous
)) != ERROR_SUCCESS) { dwRetCode = (DWORD)lError; TRACE1 (ANY, "ElWatchEapConfigRegistryParams: RegNotifyChangeKeyValue failed with error %ld", dwRetCode); break; }
// Wait for Registry changes, service termination
hEvents[0] = hRegChangeEvent; hEvents[1] = g_hEventTerminateEAPOL;
if ((dwStatus = WaitForMultipleObjects( 2, hEvents, FALSE, INFINITE )) == WAIT_FAILED) { dwRetCode = GetLastError (); TRACE1 (ANY, "ElWatchEapConfigRegistryParams: WaitForMultipleObjects failed with error %ld", dwRetCode); break; } switch (dwStatus) {
case WAIT_OBJECT_0: TRACE0 (ANY, "ElWatchEapConfigRegistryParams: Got reg change event !!! ");
// Registry values changed
// Update in memory values
if ((dwRetCode = ElProcessEapConfigChange ()) != NO_ERROR) { TRACE1 (ANY, "ElWatchEapConfigRegistryParams: ElProcessEapConfigChange failed with error %ld", dwRetCode);
// log
// continue processing since this is not a critical error
dwRetCode = NO_ERROR; }
if (!ResetEvent(hRegChangeEvent)) { dwRetCode = GetLastError (); TRACE1 (ANY, "ElWatchEapConfigRegistryParams: ResetEvent failed with error %ld", dwRetCode); break; }
break;
case WAIT_OBJECT_0+1:
// Service shutdown detected
fExitThread = TRUE; TRACE0 (ANY, "ElWatchEapConfigRegistryParams: Service shutdonw"); break;
default:
TRACE1 (ANY, "ElWatchEapConfigRegistryParams: No such event = %ld", dwStatus); break; }
if ((dwRetCode != NO_ERROR) || (fExitThread)) { break; }
TRACE0 (ANY, "ElWatchEapConfigRegistryParams: RegNotifyChangeKeyValue being reposted !!!");
} while (TRUE);
} while (FALSE);
TRACE1 (ANY, "ElWatchEapConfigRegistryParams: Completed with error %ld", dwRetCode);
if (hUserKey != NULL) { RegCloseKey(hUserKey); }
if (hWorkspaceKey != NULL) { RegCloseKey(hWorkspaceKey); }
if (!CloseHandle(hRegChangeEvent)) { TRACE1 (ANY, "ElWatchEapConfigRegistryParams: Error in closing event handle", (dwRetCode = GetLastError())); }
return;
}
//
// ElProcessEapConfigChange
//
// Description:
//
// Read EAP config changes made in registry. Restart EAPOL on the particular
// interface or stop EAPOL
//
// Arguments:
//
// Return values:
//
// NO_ERROR - success
// non-zero - error
//
DWORDElProcessEapConfigChange (){ DWORD dwEapolEnabled = 0; DWORD dwDefaultEAPType = 0; CHAR szLastUsedSSID[256]; HKEY hWorkspaceKey = NULL; HKEY hKey = NULL, hKey1 = NULL; DWORD dwType = 0; DWORD dwInfoSize = 0; DWORD dwDisposition = 0; CHAR *pszLastModifiedGUID = NULL; DWORD dwbData = 0; PBYTE pbAuthData = NULL; EAPOL_PCB *pPCB = NULL; BOOL fReStartAuthentication = FALSE; LONG lError = 0; DWORD dwRetCode = NO_ERROR;
do { // Get the GUID for the interface for which EAP config was modified
// Get handle to
// HKLM\Software\Microsoft\EAPOL\Parameters\General\EAPOLGlobal
if ((lError = RegCreateKeyExA ( HKEY_LOCAL_MACHINE, cszEAPOLWorkspace, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_READ, NULL, &hWorkspaceKey, &dwDisposition)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElProcessEapConfigChange: Error in RegCreateKeyExA for cszEAPOLWorkspace key, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Get the value of ..\General\EAPOLGlobal\LastModifiedGUID
dwInfoSize = 0; if ((lError = RegQueryValueExA ( hWorkspaceKey, cszLastModifiedGUID, 0, &dwType, NULL, &dwInfoSize)) == ERROR_SUCCESS) { if ((pszLastModifiedGUID = (CHAR *) MALLOC ( dwInfoSize )) == NULL) { TRACE0 (ANY, "ElProcessEapConfigChange: Error in MALLOC for pszLastModifiedGUID"); lError = (ULONG) ERROR_NOT_ENOUGH_MEMORY; dwRetCode = (DWORD)lError; break; }
if ((lError = RegQueryValueExA ( hWorkspaceKey, cszLastModifiedGUID, 0, &dwType, pszLastModifiedGUID, &dwInfoSize)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElProcessEapConfigChange: RegQueryValueExA failed for pszLastModifiedGUID with error %ld", lError); dwRetCode = (DWORD)lError; break; } } else { TRACE1 (ANY, "ElProcessEapConfigChange: Error in estimating size fo cszLastModifiedGUID = %ld", lError); break; }
// Check the value of EAPOLEnabled for that interface
// Get handle to HKLM\Software\Microsoft\EAPOL\Parameters\Interfaces
if ((lError = RegOpenKeyExA ( HKEY_LOCAL_MACHINE, cszEapKeyEapolConn, 0, KEY_READ, &hKey )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElProcessEapConfigChange: Error in RegOpenKeyExA for base key, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Get handle to HKLM\Software\...\Interfaces\<GUID>
if ((lError = RegOpenKeyExA ( hKey, pszLastModifiedGUID, 0, KEY_READ, &hKey1 )) != ERROR_SUCCESS) { TRACE1 (ANY, "ElProcessEapConfigChange: Error in RegOpenKeyExA for GUID, %ld", lError); dwRetCode = (DWORD)lError; break; }
// Get the value of ..\Interfaces\GUID\EapolEnabled
// This value should exist since it will always be set from UI
dwInfoSize = sizeof(DWORD); if ((lError = RegQueryValueExA ( hKey1, cszEapolEnabled, 0, &dwType, (BYTE *)&dwEapolEnabled, &dwInfoSize)) != ERROR_SUCCESS) { TRACE2 (ANY, "ElProcessEapConfigChange: Error in RegQueryValueExA for EapolEnabled, %ld, InfoSize=%ld", lError, dwInfoSize); dwRetCode = (DWORD)lError; break; }
TRACE1 (ANY, "ElProcessEapConfigChange: Got EapolEnabled = %ld", dwEapolEnabled);
// Get the value of ..\Interfaces\GUID\DefaultEAPType
// This value should exist since it will always be set from UI
dwInfoSize = sizeof(DWORD); if ((lError = RegQueryValueExA ( hKey1, cszDefaultEAPType, 0, &dwType, (BYTE *)&dwDefaultEAPType, &dwInfoSize)) != ERROR_SUCCESS) { TRACE2 (ANY, "ElProcessEapConfigChange: Error in RegQueryValueExA for DefaultEAPType, %ld, InfoSize=%ld", lError, dwInfoSize); dwRetCode = (DWORD)lError; break; }
// Get the value of ..\Interfaces\GUID\LastUsedSSID
dwInfoSize = 256; ZeroMemory ((BYTE *)szLastUsedSSID, 256); if ((lError = RegQueryValueExA ( hKey1, cszLastUsedSSID, 0, &dwType, (PUCHAR)szLastUsedSSID, &dwInfoSize)) != ERROR_SUCCESS) { TRACE1 (ANY, "ElProcessEapConfigChange: Error in RegQueryValueExA for LastUsedSSID, %ld", lError); dwRetCode = (DWORD)lError; if (dwRetCode == ERROR_FILE_NOT_FOUND) { // SSID may not be received as yet from AP/switch
// Changes will be made stored for "Default" SSID
dwRetCode = NO_ERROR; } else { break; } }
// Check existence/absence of PCB i.e. if EAPOL state machine was
// started on the interface, and take appropriate action based on
// EAPOLEnabled value
if (dwEapolEnabled == 0) { ACQUIRE_WRITE_LOCK (&(g_PCBLock));
if ((pPCB = ElGetPCBPointerFromPortGUID (pszLastModifiedGUID)) != NULL) { RELEASE_WRITE_LOCK (&(g_PCBLock));
// Found PCB for interface, where EAPOLEnabled = 0
// Stop EAPOL on the port and remove the port from the module
if ((dwRetCode = ElShutdownInterface (pszLastModifiedGUID)) != NO_ERROR) { TRACE1 (ANY, "ElProcessEapConfigChange: ElShutdownInterface failed with error %ld", dwRetCode); break; } } else { // No PCB found for interface, valid condition,
// continue processing
RELEASE_WRITE_LOCK (&(g_PCBLock)); } } else { ACQUIRE_WRITE_LOCK (&(g_PCBLock));
if ((pPCB = ElGetPCBPointerFromPortGUID (pszLastModifiedGUID)) == NULL) { RELEASE_WRITE_LOCK (&(g_PCBLock));
// Did not find PCB for interface, where EAPOLEnabled = 1
// Start EAPOL on the port
ACQUIRE_WRITE_LOCK (&g_ITFLock);
if ((dwRetCode = ElEnumAndOpenInterfaces (NULL, pszLastModifiedGUID)) != NO_ERROR) { RELEASE_WRITE_LOCK (&g_ITFLock); TRACE1 (ANY, "ElProcessEapConfigChange: ElEnumAndOpenInterfaces returned error %ld", dwRetCode); break; }
RELEASE_WRITE_LOCK (&g_ITFLock); } else { ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
if (pPCB->dwEapTypeToBeUsed != dwDefaultEAPType) {
// Default EAP Type has changed
fReStartAuthentication = TRUE;
} else { // Default EAP Type is the same
// Check if the CustomAuthData is the same
// If not the same, do further processing
// Else, no change occured, same config was reapplied
// Get the size of the EAP blob
if ((dwRetCode = ElGetCustomAuthData ( pszLastModifiedGUID, dwDefaultEAPType, szLastUsedSSID, NULL, &dwbData )) != NO_ERROR) { if (dwRetCode == ERROR_BUFFER_TOO_SMALL) { if (dwbData <= 0) { if (pPCB->pCustomAuthConnData->pbCustomAuthData) { // No EAP blob stored in the registry
RELEASE_WRITE_LOCK (&(pPCB->rwLock)); RELEASE_WRITE_LOCK (&(g_PCBLock)); TRACE0 (ANY, "ElProcessEapConfigChange: NULL sized EAP blob, cannot continue"); pbAuthData = NULL; dwRetCode = ERROR_CAN_NOT_COMPLETE; break; } } else { // Allocate memory to hold the blob
pbAuthData = MALLOC (dwbData); if (pbAuthData == NULL) { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); RELEASE_WRITE_LOCK (&(g_PCBLock)); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElProcessEapConfigChange: Error in memory allocation for EAP blob"); break; } if ((dwRetCode = ElGetCustomAuthData ( pszLastModifiedGUID, dwDefaultEAPType, szLastUsedSSID, pbAuthData, &dwbData )) != NO_ERROR) { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); RELEASE_WRITE_LOCK (&(g_PCBLock)); TRACE1 (ANY, "ElProcessEapConfigChange: ElGetCustomAuthData failed with %ld", dwRetCode); break; } } } else { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); RELEASE_WRITE_LOCK (&(g_PCBLock)); TRACE1 (ANY, "ElProcessEapConfigChange: ElGetCustomAuthData failed in size estimation with error %ld", dwRetCode); break; } }
if (pPCB->pCustomAuthConnData == NULL) { if (dwbData > 0) { fReStartAuthentication = TRUE; } } else { if (pPCB->pCustomAuthConnData->dwSizeOfCustomAuthData != dwbData) { // Same EAP Type, but different lengths
fReStartAuthentication = TRUE; } else { if (memcmp ( pPCB->pCustomAuthConnData->pbCustomAuthData, pbAuthData, dwbData) != 0) { // Same EAP Type, same data length, but
// different contents
fReStartAuthentication = TRUE; } else { // No change in EAP config data for this
// interface
} } }
} RELEASE_WRITE_LOCK (&(pPCB->rwLock));
if (fReStartAuthentication) { if ((dwRetCode = ElReStartPort (pPCB)) != NO_ERROR) { RELEASE_WRITE_LOCK (&(g_PCBLock)); TRACE1 (ANY, "ElProcessEapConfigChange: Error in ElReStartPort = %d", dwRetCode); break; } }
RELEASE_WRITE_LOCK (&(g_PCBLock));
} }
} while (FALSE); if (hWorkspaceKey != NULL) { RegCloseKey(hWorkspaceKey); }
if (hKey != NULL) { RegCloseKey(hKey); }
if (hKey1 != NULL) { RegCloseKey(hKey1); }
if (pszLastModifiedGUID != NULL) { FREE (pszLastModifiedGUID); }
if (pbAuthData != NULL) { FREE (pbAuthData); }
return dwRetCode;}
//
// ElStringToGuid
//
// Description:
//
// Function to convert a Guid-String to a GUID
//
// Arguments:
// psGuid - String-ized Guid
// pGuid - Pointer to Guid
//
// Return values:
// None
//
VOIDElStringToGuid ( IN CHAR * psGuid, OUT LPGUID pGuid ){ CHAR c; DWORD i=0;
//
// If the first character is a '{', skip it.
//
if ( psGuid[0] == L'{' ) psGuid++;
//
// Convert string to guid
// (since psGuid may be used again below, no permanent modification to
// it may be made)
//
c = psGuid[8]; psGuid[8] = 0; pGuid->Data1 = strtoul ( &psGuid[0], 0, 16 ); psGuid[8] = c; c = psGuid[13]; psGuid[13] = 0; pGuid->Data2 = (USHORT)strtoul ( &psGuid[9], 0, 16 ); psGuid[13] = c; c = psGuid[18]; psGuid[18] = 0; pGuid->Data3 = (USHORT)strtoul ( &psGuid[14], 0, 16 ); psGuid[18] = c;
c = psGuid[21]; psGuid[21] = 0; pGuid->Data4[0] = (unsigned char)strtoul ( &psGuid[19], 0, 16 ); psGuid[21] = c; c = psGuid[23]; psGuid[23] = 0; pGuid->Data4[1] = (unsigned char)strtoul ( &psGuid[21], 0, 16 ); psGuid[23] = c;
for ( i=0; i < 6; i++ ) { c = psGuid[26+i*2]; psGuid[26+i*2] = 0; pGuid->Data4[2+i] = (unsigned char)strtoul ( &psGuid[24+i*2], 0, 16 ); psGuid[26+i*2] = c; }
return;}
//
// ElGetIdentity
//
// Description:
//
// Get the identity depending on the authentication type being used
//
// Arguments:
// pPCB - Pointer to PCB for the port
//
// Return values:
//
// NO_ERROR - success
// non-zero - error
//
DWORDElGetIdentity ( IN EAPOL_PCB *pPCB ){ DWORD dwRetCode = NO_ERROR;
do {
// Get user's identity if it has not been obtained till now
if ((g_fUserLoggedOn) && (pPCB->dwAuthFailCount <= EAPOL_MAX_AUTH_FAIL_COUNT) && (pPCB->PreviousAuthenticationType != EAPOL_MACHINE_AUTHENTICATION)) { TRACE0 (ANY, "ElGetIdentity: Userlogged, <Maxauth, Prev !Machine auth"); if (!(pPCB->fGotUserIdentity)) {
// NOTE: Hardcoding for now
// Needs to be solved
if (pPCB->dwEapTypeToBeUsed == EAP_TYPE_MD5) { TRACE0 (ANY, "ElGetIdentity: Userlogged, <Maxauth, Prev !Machine auth: MD5"); // EAP-MD5CHAP
if ((dwRetCode = ElGetUserNamePassword ( pPCB)) != NO_ERROR) { TRACE1 (ANY, "ElEapMakeMessage: Error in ElGetUserNamePassword %ld", dwRetCode); } } else { TRACE0 (ANY, "ElGetIdentity: Userlogged, <Maxauth, Prev !Machine auth: !MD5"); // All other EAP Types
if ((dwRetCode = ElGetUserIdentity ( pPCB)) != NO_ERROR) { TRACE1 (ANY, "ElEapMakeMessage: Error in ElGetUserIdentity %ld", dwRetCode); } }
if (dwRetCode == NO_ERROR) { TRACE0 (ANY, "ElGetIdentity: Userlogged, <Maxauth, Prev !Machine auth: No Error: User Auth fine"); pPCB->PreviousAuthenticationType = EAPOL_USER_AUTHENTICATION; } else { TRACE0 (ANY, "ElGetIdentity: Userlogged, <Maxauth, Prev !Machine auth: Error");
// No UI required
if ((pPCB->dwEapTypeToBeUsed != EAP_TYPE_MD5) && (g_dwMachineAuthEnabled)) { TRACE0 (ANY, "ElGetIdentity: Userlogged, <Maxauth, Prev !Machine auth: Error: !MD5, Machine Auth");
// Get Machine name
dwRetCode = NO_ERROR; pPCB->PreviousAuthenticationType = EAPOL_MACHINE_AUTHENTICATION; dwRetCode = ElGetUserIdentity (pPCB); if (dwRetCode != NO_ERROR) { TRACE1 (ANY, "ElGetIdentity: ElGetUserIdentity failed with error %ld", dwRetCode); } }
if ((dwRetCode != NO_ERROR) || (!g_dwMachineAuthEnabled) || (pPCB->dwEapTypeToBeUsed == EAP_TYPE_MD5)) { TRACE3 (ANY, "ElGetIdentity: Userlogged, <Maxauth, !Machine auth: Error: Error=%ld, Machauth=%ld, MD5=%ld", dwRetCode?1:0, g_dwMachineAuthEnabled?1:0, (pPCB->dwEapTypeToBeUsed == EAP_TYPE_MD5)?1:0);
if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; }
pPCB->PreviousAuthenticationType = EAPOL_UNAUTHENTICATED_ACCESS; dwRetCode = NO_ERROR; } } } } else { TRACE2 (ANY, "ElGetIdentity: Userlogged=%ld, auth>max, Machine auth=%ld", g_fUserLoggedOn?1:0, (pPCB->PreviousAuthenticationType==EAPOL_MACHINE_AUTHENTICATION)?1:0 );
// No UI required
if ((pPCB->dwEapTypeToBeUsed != EAP_TYPE_MD5) && (g_dwMachineAuthEnabled)) {
TRACE0 (ANY, "ElGetIdentity: !MD5, Machine auth");
pPCB->PreviousAuthenticationType = EAPOL_MACHINE_AUTHENTICATION;
// Get Machine credentials
dwRetCode = ElGetUserIdentity (pPCB);
if (dwRetCode != NO_ERROR) { TRACE1 (ANY, "ElGetIdentity: ElGetUserIdentity failed with error %ld", dwRetCode); } }
if ((dwRetCode != NO_ERROR) || (!g_dwMachineAuthEnabled) || (pPCB->dwEapTypeToBeUsed == EAP_TYPE_MD5)) { TRACE3 (ANY, "ElGetIdentity: Error=%ld, Machine auth=%ld, MD5=%ld", dwRetCode?1:0, g_dwMachineAuthEnabled?1:0, (pPCB->dwEapTypeToBeUsed == EAP_TYPE_MD5)?1:0);
if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; }
pPCB->PreviousAuthenticationType = EAPOL_UNAUTHENTICATED_ACCESS; dwRetCode = NO_ERROR; } }
} while (FALSE);
return dwRetCode;}
//
// ElNLAConnectLPC
//
// Description:
//
// Function called to connect to the LPC port for NLA service
//
// Arguments:
// None
//
// Return values:
// Non-NULL - valid handle
// NULL - error
//
HANDLEElNLAConnectLPC () {
HANDLE h = NULL; LARGE_INTEGER sectionSize; UNICODE_STRING portName; SECURITY_QUALITY_OF_SERVICE dynamicQoS = { sizeof(SECURITY_QUALITY_OF_SERVICE), SecurityAnonymous, SECURITY_DYNAMIC_TRACKING, FALSE }; WSM_LPC_DATA data; ULONG dataLength;
NTSTATUS status = STATUS_SUCCESS;
do { TRACE0 (EAP, "NLAConnectLPC: Entered");
// Create a shared section for passing the large-size LPC messages.
RtlZeroMemory(&g_ClientView, sizeof(g_ClientView)); g_ClientView.Length = sizeof(g_ClientView); g_ClientView.ViewSize = sizeof(LOCATION_802_1X); sectionSize.QuadPart = sizeof(LOCATION_802_1X); status = NtCreateSection (&g_ClientView.SectionHandle, (SECTION_MAP_READ | SECTION_MAP_WRITE), NULL, §ionSize, PAGE_READWRITE, SEC_COMMIT, NULL ); if (!NT_SUCCESS(status)) { h = NULL; TRACE1 (EAP, "NLAConnectLPC: NtCreateSection failed with error", status); break; } // Connect via LPC to the Network Location Awareness (NLA) service.
RtlInitUnicodeString (&portName, WSM_PRIVATE_PORT_NAME); RtlZeroMemory (&data, sizeof (data)); data.signature = WSM_SIGNATURE; data.connect.version.major = WSM_VERSION_MAJOR; data.connect.version.minor = WSM_VERSION_MINOR; dataLength = sizeof (data); status = NtConnectPort (&h, &portName, &dynamicQoS, &g_ClientView, NULL, NULL, &data, &dataLength ); // If NtConnectPort() succeeded, LPC will maintain a reference
// to the section, otherwise we no longer need it.
NtClose (g_ClientView.SectionHandle); g_ClientView.SectionHandle = NULL; if (!NT_SUCCESS(status)) { TRACE1 (EAP, "NLAConnectLPC: NtConnectPort failed with error %ld", status); ASSERT (h == NULL); }
} while (FALSE);
return (h);
}
//
// ElNLACleanupLPC
//
// Description:
//
// Function called to close the LPC port for NLA service
//
// Arguments:
// None
//
// Return values:
// None
//
VOIDElNLACleanupLPC () { if (g_hNLA_LPC_Port != NULL) { NtClose (g_hNLA_LPC_Port); g_hNLA_LPC_Port = NULL; }}
//
// ElNLARegister_802_1X
//
// Description:
//
// Function called to register 802.1X information with NLA
//
// Arguments:
// plocation - Pointer to data needed to be registered with NLA
//
// Return values:
// None
//
VOIDElNLARegister_802_1X ( IN PLOCATION_802_1X plocation ) {
WSM_LPC_MESSAGE message; NTSTATUS status;
ACQUIRE_WRITE_LOCK (&g_NLALock);
do {
TRACE0 (EAP, "NLARegister_802_1X: Entered");
// Connect to the Network Location Awareness (NLA) service if
// necessary.
if (g_hNLA_LPC_Port == NULL) { if ((g_hNLA_LPC_Port = ElNLAConnectLPC ()) == NULL) { RELEASE_WRITE_LOCK (&g_NLALock); return; } }
TRACE0 (EAP, "NLARegister_802_1X: g_hNLA_LPC_Port != NULL");
// Send information to the NLA service.
RtlZeroMemory (&message, sizeof (message)); message.portMsg.u1.s1.TotalLength = sizeof (message); message.portMsg.u1.s1.DataLength = sizeof (message.data); message.data.signature = WSM_SIGNATURE; message.data.request.type = LOCATION_802_1X_REGISTER; __try { RtlCopyMemory (g_ClientView.ViewBase, plocation, sizeof(LOCATION_802_1X)); } __except (EXCEPTION_EXECUTE_HANDLER) { return; }
status = NtRequestWaitReplyPort ( g_hNLA_LPC_Port, (PPORT_MESSAGE)&message, (PPORT_MESSAGE)&message);
if (status != STATUS_SUCCESS) { TRACE1 (EAP, "NLARegister_802_1X: NtWaitReplyPort failed with error", status);
// It's possible the service was stopped and restarted.
// Ditch the old LPC connection.
CloseHandle (g_hNLA_LPC_Port); // Create a new LPC connection.
if ((g_hNLA_LPC_Port = ElNLAConnectLPC ()) == NULL) { RELEASE_WRITE_LOCK (&g_NLALock); TRACE0 (EAP, "NLARegister_802_1X: NLAConnectLPC failed"); return; }
// Try the send one last time.
status = NtRequestWaitReplyPort (g_hNLA_LPC_Port, (PPORT_MESSAGE)&message, (PPORT_MESSAGE)&message); TRACE1 (EAP, "NLARegister_802_1X: NtWaitReplyPort, try 2, failed with error", status);
}
TRACE1 (EAP, "NLARegister_802_1X: Completed with status = %ld", status);
} while (FALSE); RELEASE_WRITE_LOCK (&g_NLALock);
}
//
// ElNLADelete_802_1X
//
// Description:
//
// Function called to de-register 802.1X information registered with NLA
//
// Arguments:
// plocation - Pointer to data to be de-registered from NLA
//
// Return values:
// None
//
VOIDElNLADelete_802_1X ( IN PLOCATION_802_1X plocation ) {
WSM_LPC_MESSAGE message; NTSTATUS status;
ACQUIRE_WRITE_LOCK (&g_NLALock);
do {
// Connect to the NLA service if necessary.
if (g_hNLA_LPC_Port == NULL) { if ((g_hNLA_LPC_Port = ElNLAConnectLPC ()) == NULL) { RELEASE_WRITE_LOCK (&g_NLALock); return; } }
// Send information to the NLA service.
RtlZeroMemory (&message, sizeof(message)); message.portMsg.u1.s1.TotalLength = sizeof (message); message.portMsg.u1.s1.DataLength = sizeof (message.data); message.data.signature = WSM_SIGNATURE; message.data.request.type = LOCATION_802_1X_DELETE; __try { RtlCopyMemory (g_ClientView.ViewBase, plocation, sizeof(plocation->adapterName)); } __except (EXCEPTION_EXECUTE_HANDLER) { return; }
status = NtRequestWaitReplyPort (g_hNLA_LPC_Port, (PPORT_MESSAGE)&message, (PPORT_MESSAGE)&message);
if (status != STATUS_SUCCESS) { // If the service was stopped (and possibly restarted), we don't
// care ... it won't have this information in its list for us
// to bother deleting.
CloseHandle (g_hNLA_LPC_Port); g_hNLA_LPC_Port = NULL; }
} while (FALSE);
RELEASE_WRITE_LOCK (&g_NLALock);
}
//
// ElGetInterfaceNdisStatistics
//
// Function to query NDIS NIC_STATISTICS parameters for an interface
//
// Input arguments:
// pszInterfaceName - Interface Name
//
// Return values:
// pStats - NIC_STATISTICS structure
//
//
DWORDElGetInterfaceNdisStatistics ( IN CHAR *pszInterfaceName, IN OUT NIC_STATISTICS *pStats ){ WCHAR *pwszInterfaceName = NULL; UNICODE_STRING UInterfaceName; DWORD dwRetCode = NO_ERROR;
do { pwszInterfaceName = MALLOC ((strlen (pszInterfaceName)+12)*sizeof(WCHAR)); if (pwszInterfaceName == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (ANY, "ElGetInterfaceNdisStatistics: MALLOC failed for pwszInterfaceName"); break; }
wcscpy (pwszInterfaceName, L"\\Device\\{");
if (0 == MultiByteToWideChar( CP_ACP, 0, pszInterfaceName, -1, &pwszInterfaceName[9], (strlen(pszInterfaceName)+12)*sizeof(WCHAR))) { dwRetCode = GetLastError(); TRACE2 (ANY, "ElGetInterfaceNdisStatistics: MultiByteToWideChar(%s) failed: %ld", pszInterfaceName, dwRetCode); break; }
pwszInterfaceName[strlen(pszInterfaceName) + 9] = L'\0';
wcscat (pwszInterfaceName, L"}");
TRACE1 (ANY, "ElGetInterfaceNdisStatistics: pwszInterfaceName = (%ws)", pwszInterfaceName);
RtlInitUnicodeString (&UInterfaceName, pwszInterfaceName); pStats->Size = sizeof(NIC_STATISTICS); if (NdisQueryStatistics (&UInterfaceName, pStats)) { } else { dwRetCode = GetLastError (); TRACE2 (ANY, "ElGetInterfaceNdisStatistics: NdisQueryStatistics failed with error (%ld), Interface=%ws", dwRetCode, UInterfaceName.Buffer); } } while (FALSE);
if (pwszInterfaceName != NULL) { FREE (pwszInterfaceName); }
return dwRetCode;}
|
