|
|
/*++
Copyright (c) 2000, Microsoft Corporation
Module Name: eluser.c
Abstract:
The module deals with functions related to user interaction, user logon
Revision History:
sachins, Apr 23 2000, Created
--*/
#include "pcheapol.h"
#pragma hdrstop
//
// Test code declarations for EAP-MD5CHAP
//
// This function is not defined in any header file. Located in
// $(SDK_LIB_PATH)\irnotif.lib
extern HANDLEGetCurrentUserTokenW ( WCHAR Winsta[], DWORD DesiredAccess );
extern BOOLGetWinStationUserToken(ULONG, PHANDLE);
extern ULONGGetClientLogonId ();
#define cszEapKeyRas TEXT("Software\\Microsoft\\RAS EAP\\UserEapInfo")
#define cszEapValue TEXT("EapInfo")
#ifndef EAPOL_SERVICE
#define cszModuleName TEXT("netman.dll")
#else
#define cszModuleName TEXT("eapol.exe")
#endif
//
// ElGetUserIdentity
//
// Description:
//
// Function called to initiate and get user identity on a particular
// interface. The RasEapGetIdentity in the appropriate DLL is called
// with the necessary arguments.
//
// Arguments:
// pPCB - Pointer to PCB for the specific port/interface
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElGetUserIdentity ( IN EAPOL_PCB *pPCB ){ HANDLE hUserToken; HANDLE hLib = NULL; EAPOLEAPFREE pFreeFunc = NULL; EAPOLEAPGETIDENTITY pIdenFunc = NULL; DWORD dwIndex = -1; DWORD cbData = 0; PBYTE pbAuthData = NULL; PBYTE pbUserIn = NULL; DWORD dwInSize = 0; BYTE *pUserDataOut; DWORD dwSizeOfUserDataOut; LPWSTR lpwszIdentity = NULL; HWND hwndOwner = NULL; HWINSTA hwinstaSave; HDESK hdeskSave; HWINSTA hwinstaUser; HDESK hdeskUser; DWORD dwThreadId; UNICODE_STRING IdentityUnicodeString; ANSI_STRING IdentityAnsiString; CHAR Buffer[256]; WCHAR wszFriendlyName[256]; // Friendly name max 255 char
CHAR *pszUserName = NULL; DWORD dwFlags = 0; DWORD dwRetCode = NO_ERROR;
do { // If machine auth not enabled
TRACE0 (USER, "ElGetUserIdentity entered");
//
// NOTE:
// Optimize pPCB->rwLock lock holding time
//
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
if (pPCB->PreviousAuthenticationType != EAPOL_MACHINE_AUTHENTICATION) {
if (!EAPOL_PORT_ACTIVE(pPCB)) { TRACE1 (PORT, "ElGetUserIdentity: Port %s not active", pPCB->pszDeviceGUID);
// Port is not active, cannot do further processing on this port
break; }
//
// Get Access Token for user logged on interactively
//
// Call Terminal Services API
if (GetWinStationUserToken (GetClientLogonId(), &hUserToken) != NO_ERROR) { TRACE0 (USER, "ElGetUserIdentity: Terminal Services API GetWinStationUserToken failed !!! ");
// Call private API
hUserToken = GetCurrentUserTokenW (L"WinSta0", TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY); if (hUserToken == NULL) { dwRetCode = GetLastError (); TRACE1 (USER, "ElGetUserIdentity: Error in GetCurrentUserTokenW = %ld", dwRetCode); dwRetCode = ERROR_NO_TOKEN; break; } } if (hUserToken == NULL) { dwRetCode = GetLastError (); TRACE0 (USER, "ElGetUserIdentity: Error in getting current user token"); dwRetCode = ERROR_NO_TOKEN; break; }
pPCB->hUserToken = hUserToken;
// Get the size of the user blob
if ((dwRetCode = ElGetEapUserInfo ( pPCB->hUserToken, pPCB->pszDeviceGUID, pPCB->dwEapTypeToBeUsed, pPCB->pszSSID, NULL, &dwInSize )) != NO_ERROR) { if (dwRetCode == ERROR_BUFFER_TOO_SMALL) { if (dwInSize <= 0) { // No blob stored in the registry
// Continue processing
TRACE0 (USER, "ElGetUserIdentity: NULL sized user data"); pbUserIn = NULL; } else { // Allocate memory to hold the blob
pbUserIn = MALLOC (dwInSize); if (pbUserIn == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElGetUserIdentity: Error in memory allocation for User data"); break; } if ((dwRetCode = ElGetEapUserInfo ( pPCB->hUserToken, pPCB->pszDeviceGUID, pPCB->dwEapTypeToBeUsed, pPCB->pszSSID, pbUserIn, &dwInSize )) != NO_ERROR) { TRACE1 (USER, "ElGetUserIdentity: ElGetEapUserInfo failed with %ld", dwRetCode); break; } } } else { // User info may not have been created till now
// which is valid condition to proceed
if (dwRetCode != ERROR_FILE_NOT_FOUND) { TRACE1 (USER, "ElGetUserIdentity: ElGetEapUserInfo size estimation failed with error %ld", dwRetCode); break; } } }
// The EAP dll will have already been loaded by the state machine
// Retrieve the handle to the dll from the global EAP table
if ((dwIndex = ElGetEapTypeIndex (pPCB->dwEapTypeToBeUsed)) == -1) { TRACE1 (USER, "ElGetUserIdentity: ElGetEapTypeIndex finds no dll for EAP index %ld", pPCB->dwEapTypeToBeUsed); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
hLib = g_pEapTable[dwIndex].hInstance;
pIdenFunc = (EAPOLEAPGETIDENTITY)GetProcAddress(hLib, "RasEapGetIdentity"); pFreeFunc = (EAPOLEAPFREE)GetProcAddress(hLib, "RasEapFreeMemory");
if ((pFreeFunc == NULL) || (pIdenFunc == NULL)) { TRACE0 (USER, "ElGetUserIdentity: pIdenFunc or pFreeFunc does not exist in the EAP implementation"); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
// Get the size of the EAP blob
if ((dwRetCode = ElGetCustomAuthData ( pPCB->pszDeviceGUID, pPCB->dwEapTypeToBeUsed, pPCB->pszSSID, NULL, &cbData )) != NO_ERROR) { if (dwRetCode == ERROR_BUFFER_TOO_SMALL) { if (cbData <= 0) { // No EAP blob stored in the registry
TRACE0 (USER, "ElGetUserIdentity: NULL sized EAP blob, cannot continue"); pbAuthData = NULL; // Every port should have connection data !!!
dwRetCode = ERROR_CAN_NOT_COMPLETE; break; } else { // Allocate memory to hold the blob
pbAuthData = MALLOC (cbData); if (pbAuthData == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElGetUserIdentity: Error in memory allocation for EAP blob"); break; } if ((dwRetCode = ElGetCustomAuthData ( pPCB->pszDeviceGUID, pPCB->dwEapTypeToBeUsed, pPCB->pszSSID, pbAuthData, &cbData )) != NO_ERROR) { TRACE1 (USER, "ElGetUserIdentity: ElGetCustomAuthData failed with %ld", dwRetCode); break; } } } else { // CustomAuthData for "Default" is always created for an
// interface when EAPOL starts up
TRACE1 (USER, "ElGetUserIdentity: ElGetCustomAuthData size estimation failed with error %ld", dwRetCode); break; } }
// Save handles to service window
hwinstaSave = GetProcessWindowStation(); if (hwinstaSave == NULL) { dwRetCode = GetLastError (); TRACE1 (USER, "OpenWindowStation: GetProcessWindowStation failed with error %ld", dwRetCode); break; }
dwThreadId = GetCurrentThreadId ();
hdeskSave = GetThreadDesktop (dwThreadId); if (hdeskSave == NULL) { dwRetCode = GetLastError (); TRACE1 (USER, "OpenWindowStation: GetThreadDesktop failed with error %ld", dwRetCode); break; }
if (!ImpersonateLoggedOnUser (pPCB->hUserToken)) { dwRetCode = GetLastError(); TRACE1 (USER, "ElGetUserIdentity: ImpersonateLoggedOnUse failed with error %ld", dwRetCode); break; }
// Impersonate the client and connect to the User's window station
// and desktop. This will be the interactively logged-on user
hwinstaUser = OpenWindowStation (L"WinSta0", FALSE, MAXIMUM_ALLOWED); if (hwinstaUser == NULL) { dwRetCode = GetLastError (); TRACE1 (USER, "OpenWindowStation: OpenWindowStation failed with error %ld", dwRetCode); break; }
if (!SetProcessWindowStation(hwinstaUser)) TRACE1 (USER, "ElGetUserIdentity: SetProcessWindowStation failed with error = %ld", (dwRetCode = GetLastError())); hdeskUser = OpenDesktop (L"Default", 0, FALSE, MAXIMUM_ALLOWED); if (hdeskUser == NULL) { if (!SetProcessWindowStation (hwinstaSave)) TRACE1 (USER, "ElGetUserIdentity: SetProcessWindowStation failed with error = %ld", (dwRetCode = GetLastError())); if (!CloseWindowStation (hwinstaUser)) TRACE1 (USER, "ElGetUserIdentity: CloseWindowStation failed with error = %ld", (dwRetCode = GetLastError())); dwRetCode = ERROR_INVALID_WORKSTATION; break; }
if (!SetThreadDesktop (hdeskUser)) TRACE1 (USER, "ElGetUserIdentity: SetThreadDesktop failed with error = %ld", (dwRetCode = GetLastError()));
// Get handle to desktop window
hwndOwner = GetDesktopWindow ();
ZeroMemory (wszFriendlyName, 256*sizeof(WCHAR));
// Convert the friendly name of the adapter to a display ready
// form
if (pPCB->pszFriendlyName) { if (0 == MultiByteToWideChar( CP_ACP, 0, pPCB->pszFriendlyName, -1, wszFriendlyName, 256 ) ) { dwRetCode = GetLastError();
TRACE2 (USER, "ElGetUserIdentity: MultiByteToWideChar(%s) failed: %d", pPCB->pszFriendlyName, dwRetCode); break; } }
if (pIdenFunc) if ((dwRetCode = (*(pIdenFunc))( pPCB->dwEapTypeToBeUsed, hwndOwner, // hwndOwner
0, // dwFlags
NULL, // lpszPhonebook
wszFriendlyName, // lpszEntry
pbAuthData, // Connection data
cbData, // Count of pbAuthData
pbUserIn, // User data for port
dwInSize, // Size of user data
&pUserDataOut, &dwSizeOfUserDataOut, &lpwszIdentity )) != NO_ERROR) { TRACE1 (USER, "ElGetUserIdentity: Error in calling GetIdentity = %ld", dwRetCode); // Revert impersonation
if (!RevertToSelf()) { dwRetCode = GetLastError(); TRACE1 (USER, "ElGetUserIdentity: Error in RevertToSelf = %ld", dwRetCode); }
// Restore window station and desktop
if (!SetThreadDesktop (hdeskSave)) TRACE1 (USER, "ElGetUserIdentity: SetThreadDesktop failed with error = %ld", (dwRetCode = GetLastError())); if (!SetProcessWindowStation (hwinstaSave)) TRACE1 (USER, "ElGetUserIdentity: SetProcessWindowStation failed with error = %ld", (dwRetCode = GetLastError())); if (!CloseDesktop(hdeskUser)) TRACE1 (USER, "ElGetUserIdentity: CloseDesktop failed with error = %ld", (dwRetCode = GetLastError())); if (!CloseWindowStation(hwinstaUser)) TRACE1 (USER, "ElGetUserIdentity: CloseWindowStation failed with error = %ld", (dwRetCode = GetLastError()));
break; }
// Revert impersonation
if (!RevertToSelf()) { dwRetCode = GetLastError(); TRACE1 (USER, "ElGetUserIdentity: Error in RevertToSelf = %ld", dwRetCode); // Restore window station and desktop
if (!SetThreadDesktop (hdeskSave)) TRACE1 (USER, "ElGetUserIdentity: SetThreadDesktop failed with error = %ld", (dwRetCode = GetLastError())); if (!SetProcessWindowStation (hwinstaSave)) TRACE1 (USER, "ElGetUserIdentity: SetProcessWindowStation failed with error = %ld", (dwRetCode = GetLastError())); if (!CloseDesktop(hdeskUser)) TRACE1 (USER, "ElGetUserIdentity: CloseDesktop failed with error = %ld", (dwRetCode = GetLastError())); if (!CloseWindowStation(hwinstaUser)) TRACE1 (USER, "ElGetUserIdentity: CloseWindowStation failed with error = %ld", (dwRetCode = GetLastError())); break; }
// Restore window station and desktop settings
if (!SetThreadDesktop (hdeskSave)) TRACE1 (USER, "ElGetUserIdentity: SetThreadDesktop failed with error = %ld", (dwRetCode = GetLastError())); if (!SetProcessWindowStation (hwinstaSave)) TRACE1 (USER, "ElGetUserIdentity: SetProcessWindowStation failed with error = %ld", (dwRetCode = GetLastError())); if (!CloseDesktop(hdeskUser)) TRACE1 (USER, "ElGetUserIdentity: CloseDesktop failed with error = %ld", (dwRetCode = GetLastError())); if (!CloseWindowStation(hwinstaUser)) TRACE1 (USER, "ElGetUserIdentity: CloseWindowStation failed with error = %ld", (dwRetCode = GetLastError())); // Fill in the returned information into the PCB fields for
// later authentication
if (pPCB->pCustomAuthUserData != NULL) { FREE (pPCB->pCustomAuthUserData); pPCB->pCustomAuthUserData = NULL; }
pPCB->pCustomAuthUserData = MALLOC (dwSizeOfUserDataOut + sizeof (DWORD)); if (pPCB->pCustomAuthUserData == NULL) { TRACE1 (USER, "ElGetUserIdentity: Error in allocating memory for UserInfo = %ld", dwRetCode); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
pPCB->pCustomAuthUserData->dwSizeOfCustomAuthData = dwSizeOfUserDataOut;
if ((dwSizeOfUserDataOut != 0) && (pUserDataOut != NULL)) { memcpy ((BYTE *)pPCB->pCustomAuthUserData->pbCustomAuthData, (BYTE *)pUserDataOut, dwSizeOfUserDataOut); }
if (lpwszIdentity != NULL) { // NOTE:
// Assuming 256 character identity maximum
// Convert wchar Identity to char string
RtlInitUnicodeString (&IdentityUnicodeString, lpwszIdentity); IdentityAnsiString.MaximumLength = sizeof(Buffer); IdentityAnsiString.Buffer = Buffer; IdentityAnsiString.Length = 0; if ((dwRetCode = RtlUnicodeStringToAnsiString ( &IdentityAnsiString, &IdentityUnicodeString, FALSE)) != NO_ERROR) { TRACE1 (USER, "ElGetUserIdentity: Error in RtlConvertUnicodeStringToAnsiString = %ld", dwRetCode); break; }
pszUserName = MALLOC (IdentityAnsiString.Length + 1); if (pszUserName == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElGetUserIdentity: MALLOC failed for pszUserName"); break; }
memcpy (pszUserName, IdentityAnsiString.Buffer, IdentityAnsiString.Length); pszUserName[IdentityAnsiString.Length] = '\0';
if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; }
pPCB->pszIdentity = MALLOC (IdentityAnsiString.Length + 1); if (pPCB->pszIdentity == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElGetUserIdentity: MALLOC failed for pPCB->pszIdentity"); break; }
memcpy (pPCB->pszIdentity, IdentityAnsiString.Buffer, IdentityAnsiString.Length); pPCB->pszIdentity[IdentityAnsiString.Length] = '\0';
TRACE1 (USER, "ElGetUserIdentity: Got username = %s", pszUserName); }
if (pPCB->pCustomAuthConnData != NULL) { FREE (pPCB->pCustomAuthConnData); pPCB->pCustomAuthConnData = NULL; }
// Memory for pCustomAuthConnData and pCustomAuthUserData
// is released from the PCB when user logs off and during
// port deletion
pPCB->pCustomAuthConnData = MALLOC (cbData + sizeof (DWORD)); if (pPCB->pCustomAuthConnData == NULL) { TRACE1 (USER, "ElGetUserIdentity: Error in allocating memory for AuthInfo = %ld", dwRetCode); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
pPCB->pCustomAuthConnData->dwSizeOfCustomAuthData = cbData;
if ((cbData != 0) && (pbAuthData != NULL)) { memcpy ((BYTE *)pPCB->pCustomAuthConnData->pbCustomAuthData, (BYTE *)pbAuthData, cbData); }
// Mark the identity has been obtained for this PCB
pPCB->fGotUserIdentity = TRUE;
} else // MACHINE_AUTHENTICATION
{
TRACE0 (USER, "ElGetUserIdentity entered");
if (!EAPOL_PORT_ACTIVE(pPCB)) { TRACE1 (PORT, "ElGetUserIdentity: Port %s not active", pPCB->pszDeviceGUID);
// Port is not active, cannot do further processing on this port
break; }
// The EAP dll will have already been loaded by the state machine
// Retrieve the handle to the dll from the global EAP table
if ((dwIndex = ElGetEapTypeIndex (pPCB->dwEapTypeToBeUsed)) == -1) { TRACE1 (USER, "ElGetUserIdentity: ElGetEapTypeIndex finds no dll for EAP index %ld", pPCB->dwEapTypeToBeUsed); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
hLib = g_pEapTable[dwIndex].hInstance;
pIdenFunc = (EAPOLEAPGETIDENTITY)GetProcAddress(hLib, "RasEapGetIdentity"); pFreeFunc = (EAPOLEAPFREE)GetProcAddress(hLib, "RasEapFreeMemory");
if ((pFreeFunc == NULL) || (pIdenFunc == NULL)) { TRACE0 (USER, "ElGetUserIdentity: pIdenFunc or pFreeFunc does not exist in the EAP implementation"); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
// Get the size of the EAP blob
if ((dwRetCode = ElGetCustomAuthData ( pPCB->pszDeviceGUID, pPCB->dwEapTypeToBeUsed, pPCB->pszSSID, NULL, &cbData )) != NO_ERROR) { if (dwRetCode == ERROR_BUFFER_TOO_SMALL) { if (cbData <= 0) { // No EAP blob stored in the registry
TRACE0 (USER, "ElGetUserIdentity: NULL sized EAP blob, cannot continue"); pbAuthData = NULL; // Every port should have connection data !!!
dwRetCode = ERROR_CAN_NOT_COMPLETE; break; } else { // Allocate memory to hold the blob
pbAuthData = MALLOC (cbData); if (pbAuthData == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElGetUserIdentity: Error in memory allocation for EAP blob"); break; } if ((dwRetCode = ElGetCustomAuthData ( pPCB->pszDeviceGUID, pPCB->dwEapTypeToBeUsed, pPCB->pszSSID, pbAuthData, &cbData )) != NO_ERROR) { TRACE1 (USER, "ElGetUserIdentity: ElGetCustomAuthData failed with %ld", dwRetCode); break; } } } else { // CustomAuthData for "Default" is always created for an
// interface when EAPOL starts up
TRACE1 (USER, "ElGetUserIdentity: ElGetCustomAuthData size estimation failed with error %ld", dwRetCode); break; } }
if (pIdenFunc) if ((dwRetCode = (*(pIdenFunc))( pPCB->dwEapTypeToBeUsed, hwndOwner, // hwndOwner
RAS_EAP_FLAG_MACHINE_AUTH, // dwFlags
NULL, // lpszPhonebook
wszFriendlyName, // lpszEntry
pbAuthData, // Connection data
cbData, // Count of pbAuthData
pbUserIn, // User data for port
dwInSize, // Size of user data
&pUserDataOut, &dwSizeOfUserDataOut, &lpwszIdentity )) != NO_ERROR) { TRACE1 (USER, "ElGetUserIdentity: Error in calling GetIdentity = %ld", dwRetCode); break; }
// Fill in the returned information into the PCB fields for
// later authentication
if (pPCB->pCustomAuthUserData != NULL) { FREE (pPCB->pCustomAuthUserData); pPCB->pCustomAuthUserData = NULL; }
pPCB->pCustomAuthUserData = MALLOC (dwSizeOfUserDataOut + sizeof (DWORD)); if (pPCB->pCustomAuthUserData == NULL) { TRACE1 (USER, "ElGetUserIdentity: Error in allocating memory for UserInfo = %ld", dwRetCode); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
pPCB->pCustomAuthUserData->dwSizeOfCustomAuthData = dwSizeOfUserDataOut;
if ((dwSizeOfUserDataOut != 0) && (pUserDataOut != NULL)) { memcpy ((BYTE *)pPCB->pCustomAuthUserData->pbCustomAuthData, (BYTE *)pUserDataOut, dwSizeOfUserDataOut); }
if (lpwszIdentity != NULL) { // NOTE:
// Assuming 256 character identity maximum
// Convert wchar Identity to char string
RtlInitUnicodeString (&IdentityUnicodeString, lpwszIdentity); IdentityAnsiString.MaximumLength = sizeof(Buffer); IdentityAnsiString.Buffer = Buffer; IdentityAnsiString.Length = 0; if ((dwRetCode = RtlUnicodeStringToAnsiString ( &IdentityAnsiString, &IdentityUnicodeString, FALSE)) != NO_ERROR) { TRACE1 (USER, "ElGetUserIdentity: Error in RtlConvertUnicodeStringToAnsiString = %ld", dwRetCode); break; }
TRACE1 (USER, "lpwszIdentity = %ws", lpwszIdentity);
pszUserName = MALLOC (IdentityAnsiString.Length + 1); if (pszUserName == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElGetUserIdentity: MALLOC failed for pszUserName"); break; }
memcpy (pszUserName, IdentityAnsiString.Buffer, IdentityAnsiString.Length); pszUserName[IdentityAnsiString.Length] = '\0';
TRACE1 (USER, "pszUserName = %s", pszUserName);
if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; }
pPCB->pszIdentity = MALLOC (IdentityAnsiString.Length + 1); if (pPCB->pszIdentity == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElGetUserIdentity: MALLOC failed for pPCB->pszIdentity"); break; }
memcpy (pPCB->pszIdentity, IdentityAnsiString.Buffer, IdentityAnsiString.Length); pPCB->pszIdentity[IdentityAnsiString.Length] = '\0';
TRACE1 (USER, "ElGetUserIdentity: Got username = %s", pszUserName); }
if (pPCB->pCustomAuthConnData != NULL) { FREE (pPCB->pCustomAuthConnData); pPCB->pCustomAuthConnData = NULL; }
// Memory for pCustomAuthConnData and pCustomAuthUserData
// is released from the PCB when user logs off and during
// port deletion
pPCB->pCustomAuthConnData = MALLOC (cbData + sizeof (DWORD)); if (pPCB->pCustomAuthConnData == NULL) { TRACE1 (USER, "ElGetUserIdentity: Error in allocating memory for AuthInfo = %ld", dwRetCode); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
pPCB->pCustomAuthConnData->dwSizeOfCustomAuthData = cbData;
if ((cbData != 0) && (pbAuthData != NULL)) { memcpy ((BYTE *)pPCB->pCustomAuthConnData->pbCustomAuthData, (BYTE *)pbAuthData, cbData); }
// Mark the identity has been obtained for this PCB
pPCB->fGotUserIdentity = TRUE;
}
// Release the per-interface lock
RELEASE_WRITE_LOCK (&(pPCB->rwLock));
} while (FALSE);
// Cleanup
if (dwRetCode != NO_ERROR) { // Release the per-interface lock
RELEASE_WRITE_LOCK (&(pPCB->rwLock));
if (pPCB->pCustomAuthUserData != NULL) { FREE (pPCB->pCustomAuthUserData); pPCB->pCustomAuthUserData = NULL; }
if (pPCB->pCustomAuthConnData != NULL) { FREE (pPCB->pCustomAuthConnData); pPCB->pCustomAuthConnData = NULL; }
if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; }
}
if (pbUserIn != NULL) { FREE (pbUserIn); }
if (pbAuthData != NULL) { FREE (pbAuthData); }
if (pszUserName != NULL) { FREE (pszUserName); }
if (pFreeFunc != NULL) { if (lpwszIdentity != NULL) { if (( dwRetCode = (*(pFreeFunc)) ((BYTE *)lpwszIdentity)) != NO_ERROR) { TRACE1 (USER, "ElGetUserIdentity: Error in pFreeFunc = %ld", dwRetCode); } } if (pUserDataOut != NULL) { if (( dwRetCode = (*(pFreeFunc)) ((BYTE *)pUserDataOut)) != NO_ERROR) { TRACE1 (USER, "ElGetUserIdentity: Error in pFreeFunc = %ld", dwRetCode); } } }
TRACE1 (USER, "ElGetUserIdentity completed with error %ld", dwRetCode);
return dwRetCode;
}
//
// ElUserLogonCallback
//
// Description:
//
// Callback function invoked whenever a user logs in
// Will initiate authentication process on all ports of LAN class
// Credentials for the user in case of EAP-TLS can be obtained by
// acquiring user token
// For EAP-CHAP, WinLogon cerdentials will need to be supplied
//
// Arguments:
// None.
//
VOIDElUserLogonCallback ( PVOID pvContext, BOOLEAN fTimerOfWaitFired ){
DWORD dwIndex = 0; EAPOL_PCB *pPCB = NULL; BOOL fSetCONNECTINGState = FALSE; DWORD dwRetCode = NO_ERROR;
// Set global flag to indicate the user logged on
TRACE1 (USER, "ElUserLogonCallback: UserloggedOn = %ld", g_fUserLoggedOn);
g_fUserLoggedOn = InterlockedIncrement (&(g_fUserLoggedOn));
do { ACQUIRE_WRITE_LOCK (&(g_PCBLock));
for (dwIndex = 0; dwIndex < PORT_TABLE_BUCKETS; dwIndex++) { for (pPCB = g_PCBTable.pPCBBuckets[dwIndex].pPorts; pPCB != NULL; pPCB = pPCB->pNext) {
#ifdef DRAFT7
if (g_dwMachineAuthEnabled) {#endif
fSetCONNECTINGState = FALSE;
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
switch (pPCB->State) { case EAPOLSTATE_CONNECTING: case EAPOLSTATE_ACQUIRED: case EAPOLSTATE_AUTHENTICATING:
// Reset AuthFailCount conditionally
pPCB->dwAuthFailCount = 0; // fall through
case EAPOLSTATE_HELD:
// End EAP session
(VOID) ElEapEnd (pPCB);
fSetCONNECTINGState = TRUE;
break;
case EAPOLSTATE_AUTHENTICATED: if (pPCB->PreviousAuthenticationType == EAPOL_UNAUTHENTICATED_ACCESS) { // Reset AuthFailCount
pPCB->dwAuthFailCount = 0; fSetCONNECTINGState = TRUE; }
break;
default: break;
}
if (!EAPOL_PORT_ACTIVE(pPCB)) { TRACE1 (USER, "ElUserLogonCallback: Port %s not active", pPCB->pszDeviceGUID); fSetCONNECTINGState = FALSE; }
// Set port to EAPOLSTATE_CONNECTING
if (fSetCONNECTINGState) { pPCB->dwAuthFailCount = 0;
// With unauthenticated access flag set, port will always
// reauthenticate for logged on user
pPCB->PreviousAuthenticationType = EAPOL_UNAUTHENTICATED_ACCESS; RELEASE_WRITE_LOCK (&(pPCB->rwLock));
// Restart authentication on the port
if ((dwRetCode = ElReStartPort (pPCB)) != NO_ERROR) { TRACE1 (USER, "ElUserLogonCallback: MachineAuth: Error in ElReStartPort = %ld", dwRetCode); continue; } } else { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); continue; }
#ifdef DRAFT7
} else { ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
// If the port is already authenticated due to non-secure
// LAN, authentication can be skipped for this port
if (pPCB->State == EAPOLSTATE_AUTHENTICATED) { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); TRACE0 (USER, "ElUserLogonCallback: Port already authenticated, continuing with next port"); continue; } RELEASE_WRITE_LOCK (&(pPCB->rwLock)); // Restart authentication on the port
if ((dwRetCode = ElReStartPort (pPCB)) != NO_ERROR) { TRACE1 (USER, "ElUserLogonCallback: Error in ElReStartPort = %ld", dwRetCode); break; } TRACE1 (USER, "ElUserLogonCallback: = Authentication restarted on port %p", pPCB);
} // g_dwMachineAuthEnabled
#endif
} } RELEASE_WRITE_LOCK (&(g_PCBLock)); if (dwRetCode != NO_ERROR) { break; } } while (FALSE); TRACE1 (USER, "ElUserLogonCallback: completed with error %ld", dwRetCode); return;
}
//
// ElUserLogoffCallback
//
// Description:
//
// Callback function invoked whenever a user logs off
// Will logoff from all ports which have authentication enabled
//
// Arguments:
// None.
//
VOIDElUserLogoffCallback ( PVOID pvContext, BOOLEAN fTimerOfWaitFired ){ DWORD dwIndex = 0; EAPOL_PCB *pPCB = NULL; BOOL fSetCONNECTINGState = FALSE; DWORD dwRetCode = NO_ERROR;
// Reset global flag to indicate the user logged on
g_fUserLoggedOn = 0;
TRACE1 (USER, "ElUserLogoffCallback: UserloggedOff = %ld", g_fUserLoggedOn);
ACQUIRE_WRITE_LOCK (&(g_PCBLock));
for (dwIndex = 0; dwIndex < PORT_TABLE_BUCKETS; dwIndex++) { for (pPCB = g_PCBTable.pPCBBuckets[dwIndex].pPorts; pPCB != NULL; pPCB = pPCB->pNext) {
#ifdef DRAFT7
if (g_dwMachineAuthEnabled) {#endif
fSetCONNECTINGState = FALSE;
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
switch (pPCB->State) { case EAPOLSTATE_CONNECTING: case EAPOLSTATE_ACQUIRED: case EAPOLSTATE_AUTHENTICATING: // Reset AuthFailCount conditionally
pPCB->dwAuthFailCount = 0;
// fall through
case EAPOLSTATE_HELD:
// End EAP session
(VOID) ElEapEnd (pPCB);
fSetCONNECTINGState = TRUE;
break;
case EAPOLSTATE_AUTHENTICATED: if (pPCB->PreviousAuthenticationType == EAPOL_USER_AUTHENTICATION) { // Reset AuthFailCount
pPCB->dwAuthFailCount = 0; fSetCONNECTINGState = TRUE; } break;
default: break;
}
// Set port to EAPOLSTATE_CONNECTING
if (fSetCONNECTINGState) { pPCB->dwAuthFailCount = 0;
// With Unauthenticated_access, port will always
// reauthenticate
pPCB->PreviousAuthenticationType = EAPOL_UNAUTHENTICATED_ACCESS; RELEASE_WRITE_LOCK (&(pPCB->rwLock));
// Restart authentication on the port
if ((dwRetCode = ElReStartPort (pPCB)) != NO_ERROR) { TRACE1 (USER, "ElUserLogoffCallback: MachineAuth: Error in ElReStartPort = %ld", dwRetCode); continue; } } else { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); continue; }
#ifdef DRAFT7
} else {
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
// If remote end has sent responses earlier and if EAPOL_Logoff
// was not sent out on this port, send out EAPOL_Logoff
if ((pPCB->fIsRemoteEndEAPOLAware) && (!(pPCB->dwLogoffSent))) {
// End EAP session
// Will always return NO_ERROR, so no check on return value
(VOID) ElEapEnd (pPCB);
// Send out EAPOL_Logoff on the port
if ((dwRetCode = FSMLogoff (pPCB)) != NO_ERROR) { RELEASE_WRITE_LOCK (&(pPCB->rwLock)); TRACE1 (USER, "ElUserLogoffCallback: Error in FSMLogoff = %ld", dwRetCode); continue; }
}
RELEASE_WRITE_LOCK (&(pPCB->rwLock)); TRACE1 (USER, "ElUserLogoffCallback: = Logoff sent out on port %p", pPCB);
} // g_dwMachineAuthEnabled
#endif
} }
RELEASE_WRITE_LOCK (&(g_PCBLock));
TRACE0 (USER, "ElUserLogonCallback: completed");
return;}
//
// ElGetUserNamePassword
//
// Description:
//
// Function called to get username, domain (if any) and password using
// an interactive dialog. Called if EAP-type is MD5
//
// Arguments:
// pPCB - Pointer to PCB for the port/interface on which credentials
// are to be obtained
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
//
// NOTE: Could be done in a better way. Require EAP config structures
// as in ..\ras\ui\rasdlg\dial.c
//
DWORDElGetUserNamePassword ( IN EAPOL_PCB *pPCB ){ HANDLE hUserToken; DWORD dwIndex = -1; DWORD dwInSize = 0; HWND hwndOwner = NULL; HWINSTA hwinstaSave; HDESK hdeskSave; HWINSTA hwinstaUser; HDESK hdeskUser; DWORD dwThreadId; DWORD dwRetCode = NO_ERROR;
do { TRACE0 (USER, "ElGetUserNamePassword entered");
//
// NOTE:
// Optimize pPCB->rwLock lock holding time
//
ACQUIRE_WRITE_LOCK (&(pPCB->rwLock));
if (!EAPOL_PORT_ACTIVE(pPCB)) { TRACE1 (PORT, "ElGetUserNamePassword: Port %s not active", pPCB->pszDeviceGUID); // Port is not active, cannot do further processing on this port
break; }
//
// Get Access Token for user logged on interactively
//
// Call Terminal Services API
if (GetWinStationUserToken (GetClientLogonId(), &hUserToken) != NO_ERROR) { TRACE0 (USER, "ElGetUserNamePassword: Terminal Services API GetWinStationUserToken failed !!! "); // Call private API
hUserToken = GetCurrentUserTokenW (L"WinSta0", TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY); if (hUserToken == NULL) { dwRetCode = GetLastError (); TRACE1 (USER, "ElGetUserNamePassword: Error in GetCurrentUserTokenW = %ld", dwRetCode); dwRetCode = ERROR_NO_TOKEN; break; } } if (hUserToken == NULL) { dwRetCode = GetLastError (); TRACE0 (USER, "ElGetUserNamePassword: Error in getting current user token"); dwRetCode = ERROR_NO_TOKEN; break; }
pPCB->hUserToken = hUserToken;
// The EAP dll will have already been loaded by the state machine
// Retrieve the handle to the dll from the global EAP table
if ((dwIndex = ElGetEapTypeIndex (pPCB->dwEapTypeToBeUsed)) == -1) { TRACE1 (USER, "ElGetUserNamePassword: ElGetEapTypeIndex finds no dll for EAP index %ld", pPCB->dwEapTypeToBeUsed); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
// Save handles to service window
hwinstaSave = GetProcessWindowStation(); if (hwinstaSave == NULL) { dwRetCode = GetLastError (); TRACE1 (USER, "ElGetUserNamePassword: GetProcessWindowStation failed with error %ld", dwRetCode); break; }
dwThreadId = GetCurrentThreadId ();
hdeskSave = GetThreadDesktop (dwThreadId); if (hdeskSave == NULL) { dwRetCode = GetLastError (); TRACE1 (USER, "ElGetUserNamePassword: GetThreadDesktop failed with error %ld", dwRetCode); break; }
if (!ImpersonateLoggedOnUser (pPCB->hUserToken)) { dwRetCode = GetLastError(); TRACE1 (USER, "ElGetUserNamePassword: ImpersonateLoggedOnUse failed with error %ld", dwRetCode); break; }
// Impersonate the client and connect to the User's window station
// and desktop. This will be the interactively logged-on user
hwinstaUser = OpenWindowStation (L"WinSta0", FALSE, MAXIMUM_ALLOWED); if (hwinstaUser == NULL) { dwRetCode = GetLastError (); TRACE1 (USER, "ElGetUserNamePassword: OpenWindowStation failed with error %ld", dwRetCode); break; }
SetProcessWindowStation(hwinstaUser); hdeskUser = OpenDesktop (L"Default", 0, FALSE, MAXIMUM_ALLOWED); if (hdeskUser == NULL) { SetProcessWindowStation (hwinstaSave); CloseWindowStation (hwinstaUser); dwRetCode = ERROR_INVALID_WORKSTATION; break; }
SetThreadDesktop (hdeskUser);
// Get handle to desktop window
hwndOwner = GetDesktopWindow ();
//
// Call the user dialog for obtaining the username and password
//
if ((dwRetCode = ElUserDlg (hwndOwner, pPCB)) != NO_ERROR) { TRACE0 (USER, "ElGetUserNamePassword: ElUserDlg failed");
RevertToSelf();
// Restore window station and desktop
SetThreadDesktop (hdeskSave); SetProcessWindowStation (hwinstaSave); CloseDesktop(hdeskUser); CloseWindowStation(hwinstaUser); break; }
// Revert impersonation
if (!RevertToSelf()) { dwRetCode = GetLastError(); TRACE1 (USER, "ElGetUserNamePassword: Error in RevertToSelf = %ld", dwRetCode); // Restore window station and desktop
SetThreadDesktop (hdeskSave); SetProcessWindowStation (hwinstaSave); CloseDesktop(hdeskUser); CloseWindowStation(hwinstaUser); break; }
// Restore window station and desktop settings
SetThreadDesktop (hdeskSave); SetProcessWindowStation (hwinstaSave); CloseDesktop(hdeskUser); CloseWindowStation(hwinstaUser);
// Mark the identity has been obtained for this PCB
pPCB->fGotUserIdentity = TRUE;
// Release the per-interface lock
RELEASE_WRITE_LOCK (&(pPCB->rwLock));
} while (FALSE);
// Cleanup
if (dwRetCode != NO_ERROR) { // Release the per-interface lock
RELEASE_WRITE_LOCK (&(pPCB->rwLock));
if (pPCB->pCustomAuthUserData != NULL) { FREE (pPCB->pCustomAuthUserData); }
if (pPCB->pCustomAuthConnData != NULL) { FREE (pPCB->pCustomAuthConnData); }
}
TRACE1 (USER, "ElGetUserNamePassword completed with error %ld", dwRetCode);
return dwRetCode;}
//
// ElUserDlg
//
// Description:
//
// Function called to pop dialog box to user to enter username, password,
// domainname etc.
//
// Arguments:
// hwndOwner - handle to user desktop
// pPCB - Pointer to PCB for the port/interface on which credentials
// are to be obtained
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
DWORDElUserDlg ( IN HWND hwndOwner, IN EAPOL_PCB *pPCB ){ USERDLGARGS args; DWORD dwRetCode = NO_ERROR;
TRACE0 (USER, "ElUserDlg: Entered");
args.pPCB = pPCB;
if ( DialogBoxParam ( GetModuleHandle(cszModuleName), MAKEINTRESOURCE (DID_DR_DialerUD), hwndOwner, ElUserDlgProc, (LPARAM)&args ) == -1) { dwRetCode = GetLastError (); TRACE1 (USER, "ElUserDlg: DialogBoxParam failed with error %ld", dwRetCode); }
return dwRetCode;}
//
// ElUserDlgProc
//
// Description:
//
// Function handling all events for username/password/... dialog box
//
// Arguments:
// hwnd -
// unMsg -
// wparam -
// lparam -
//
// Return values:
// NO_ERROR - success
// non-zero - error
//
INT_PTRElUserDlgProc ( IN HWND hwnd, IN UINT unMsg, IN WPARAM wparam, IN LPARAM lparam ){ switch (unMsg) { case WM_INITDIALOG: { return ElUserDlgInit( hwnd, (USERDLGARGS* )lparam ); break; } case WM_HELP: case WM_CONTEXTMENU: { break; } case WM_COMMAND: { USERDLGINFO* pInfo = (USERDLGINFO* )GetWindowLongPtr( hwnd, DWLP_USER ); ASSERT( pInfo ); return ElUserDlgCommand ( pInfo, HIWORD(wparam), LOWORD(wparam), (HWND)lparam );
break; } case WM_DESTROY: { USERDLGINFO* pInfo = (USERDLGINFO* )GetWindowLongPtr( hwnd, DWLP_USER ); ElUserDlgTerm (hwnd, pInfo); break; } }
return FALSE;}
BOOLElUserDlgInit ( IN HWND hwndDlg, IN USERDLGARGS *pArgs ){ USERDLGINFO *pInfo = NULL; WCHAR wszFriendlyName[256]; DWORD dwRetCode = NO_ERROR;
TRACE0 (USER, "ElUserDlgInit entered");
do { pInfo = MALLOC (sizeof (USERDLGINFO)); if (pInfo == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElUserDlgInit: MALLOC failed for pInfo"); break; } pInfo->pArgs = pArgs; pInfo->hwndDlg = hwndDlg; SetWindowLongPtr (hwndDlg, DWLP_USER, (ULONG_PTR)pInfo);#if 0
if (!SetWindowLongPtr (hwndDlg, DWLP_USER, (ULONG_PTR)pInfo)) { dwRetCode = GetLastError (); TRACE1 (USER, "ElUserDlgInit: SetWindowLongPtr failed with error %ld", dwRetCode); break; }#endif
TRACE0 (USER, "ElUserDlgInit: Context Set"); //
// Set the title
//
ZeroMemory (wszFriendlyName, 256*sizeof(WCHAR)); // Convert the friendly name of the adapter to a display ready
// form
if (pArgs->pPCB->pszFriendlyName) { if (0 == MultiByteToWideChar( CP_ACP, 0, pArgs->pPCB->pszFriendlyName, -1, wszFriendlyName, 256 ) ) { dwRetCode = GetLastError(); TRACE2 (USER, "ElUserDlgInit: MultiByteToWideChar(%s) failed: %d", pArgs->pPCB->pszFriendlyName, dwRetCode); } if (!SetWindowText (hwndDlg, wszFriendlyName)) { dwRetCode = GetLastError (); TRACE1 (USER, "ElUserDlgInit: SetWindowText failed with error %ld", dwRetCode); break; } } else { if (!SetWindowText (hwndDlg, NULL)) { dwRetCode = GetLastError (); TRACE1 (USER, "ElUserDlgInit: SetWindowText - NULL failed with error %ld", dwRetCode); break; } } pInfo->hwndEbUser = GetDlgItem( hwndDlg, CID_DR_EB_User ); ASSERT (pInfo->hwndEbUser); pInfo->hwndEbPw = GetDlgItem( hwndDlg, CID_DR_EB_Password ); ASSERT (pInfo->hwndEbPw); pInfo->hwndEbDomain = GetDlgItem( hwndDlg, CID_DR_EB_Domain ); ASSERT (pInfo->hwndEbDomain); } while (FALSE);
if (dwRetCode != NO_ERROR) { return FALSE; } else { return TRUE; }}
//
// ElUserDlgCommand
//
// Description:
//
// Function called on WM_COMMAND
// domainname etc.
//
// Arguments:
// PInfo - dialog context
// WNotification - notification code of the command
// wId - control/menu identifier of the command
// HwndCtrl - control window handle the command.
//
// Return values:
// TRUE - success
// FALSE - error
//
BOOLElUserDlgCommand ( IN USERDLGINFO *pInfo, IN WORD wNotification, IN WORD wId, IN HWND hwndCtrl ){ TRACE3 (USER, "ElUserDlgCommand: n=%d, i=%d, c=%x", (DWORD)wNotification, (DWORD)wId, (ULONG_PTR)hwndCtrl);
switch (wId) { case IDOK: case CID_DR_PB_DialConnect: { ElUserDlgSave (pInfo); EndDialog (pInfo->hwndDlg, TRUE); return TRUE; } case IDCANCEL: case CID_DR_PB_Cancel: { EndDialog (pInfo->hwndDlg, TRUE); return TRUE; } default: { TRACE0 (USER, "ElUserDlgCommand: Got something we are not interested in"); break; } }
return FALSE; }
VOIDElUserDlgSave ( IN USERDLGINFO *pInfo ){ EAPOL_PCB *pPCB = NULL; int iError; CHAR szUserName[UNLEN + 1]; CHAR szDomain[DNLEN + 1]; CHAR szPassword[DNLEN + 1]; DWORD dwRetCode = NO_ERROR;
pPCB = (EAPOL_PCB *)pInfo->pArgs->pPCB;
do {
// Username
if ((iError = GetWindowTextA( pInfo->hwndEbUser, &(szUserName[0]), UNLEN + 1 )) == 0) { dwRetCode = GetLastError (); TRACE1 (USER, "ElUserDlgSave: GetWindowText - Username failed with error %ld", dwRetCode); } szUserName[iError] = '\0'; TRACE1 (USER, "ElUserDlgSave: Get Username %s", szUserName); // Password
if ((iError = GetWindowTextA( pInfo->hwndEbPw, &(szPassword[0]), PWLEN + 1 )) == 0) { dwRetCode = GetLastError (); TRACE1 (USER, "ElUserDlgSave: GetWindowText - Password failed with error %ld", dwRetCode); } szPassword[iError] = '\0'; if (pPCB->pszPassword != NULL) { FREE (pPCB->pszPassword); pPCB->pszPassword = NULL; }
pPCB->pszPassword = MALLOC (strlen(szPassword) + 1); if (pPCB->pszPassword == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElUserDlgSave: MALLOC failed for pPCB->pszPassword"); break; }
memcpy (pPCB->pszPassword, szPassword, strlen(szPassword) + 1);
// Uncomment only if absolutely required
// Security issue, since we are writing trace to file
// TRACE1 (USER, "ElUserDlgSave: Got Password %s", pPCB->pszPassword);
// Domain
if ((iError = GetWindowTextA( pInfo->hwndEbDomain, &(szDomain[0]), DNLEN + 1 )) == 0) { dwRetCode = GetLastError (); TRACE1 (USER, "ElUserDlgSave: GetWindowText - Domain failed with error %ld", dwRetCode); } szDomain[iError] = '\0'; TRACE1 (USER, "ElUserDlgSave: Got Domain %s", szDomain); if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; }
if ((szDomain != NULL) && (szDomain[0] != (CHAR)NULL)) { pPCB->pszIdentity = MALLOC (strlen(szDomain)+strlen(szUserName)+2); if (pPCB->pszIdentity == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElUserDlgSave: MALLOC failed for pPCB->pszIdentity 1"); break; }
strcpy (pPCB->pszIdentity, szDomain); strcat( pPCB->pszIdentity, "\\" ); strcat (pPCB->pszIdentity, szUserName); } else { pPCB->pszIdentity = MALLOC (strlen(szUserName)+1); if (pPCB->pszIdentity == NULL) { dwRetCode = ERROR_NOT_ENOUGH_MEMORY; TRACE0 (USER, "ElUserDlgSave: MALLOC failed for pPCB->pszIdentity 2"); break; }
strcpy (pPCB->pszIdentity, szUserName); }
TRACE1 (USER, "ElUserDlgSave: Got identity %s", pPCB->pszIdentity); TRACE1 (USER, "ElUserDlgSave: PCB->GUID = %s", pPCB->pszDeviceGUID);
// Hash-up password while storing locally
ElEncodePw (pPCB->pszPassword);
} while (FALSE);
if (dwRetCode != NO_ERROR) { if (pPCB->pszIdentity != NULL) { FREE (pPCB->pszIdentity); pPCB->pszIdentity = NULL; } if (pPCB->pszPassword != NULL) { FREE (pPCB->pszPassword); pPCB->pszPassword = NULL; } }
return;
}
VOIDElUserDlgTerm ( IN HWND hwndDlg, IN USERDLGINFO *pInfo ){ EndDialog (hwndDlg, TRUE); FREE (pInfo);}
//
// ElInvokeInteractiveUI
//
// Description:
//
// Function called to invoke RasEapInvokeInteractiveUI for an EAP on a
// particular interface
//
// Arguments:
// pPCB - Pointer to PCB for the specific interface
// pInvokeEapUIIn - Data to be supplied to the InvokeInteractiveUI entrypoint
// provided by the EAP dll through PPP_EAP_OUTPUT structure
//
DWORDElInvokeInteractiveUI ( IN EAPOL_PCB *pPCB, IN ELEAP_INVOKE_EAP_UI *pInvokeEapUIIn ){ HANDLE hUserToken = NULL; HANDLE hLib = NULL; EAPOLEAPFREE pFreeFunc = NULL; EAPOLEAPINVOKEINTERACTIVEUI pEapInvokeUI = NULL; DWORD dwIndex = -1; BYTE *pUIDataOut = NULL; DWORD dwSizeOfUIDataOut; HWND hwndOwner = NULL; HWINSTA hwinstaSave = NULL; HDESK hdeskSave = NULL; HWINSTA hwinstaUser = NULL; HDESK hdeskUser = NULL; DWORD dwThreadId = 0; DWORD dwRetCode = NO_ERROR;
do { TRACE0 (USER, "ElInvokeInteractiveUI entered");
// The EAP dll will have already been loaded by the state machine
// Retrieve the handle to the dll from the global EAP table
if ((dwIndex = ElGetEapTypeIndex (pPCB->dwEapTypeToBeUsed)) == -1) { TRACE1 (USER, "ElInvokeInteractiveUI: ElGetEapTypeIndex finds no dll for EAP index %ld", pPCB->dwEapTypeToBeUsed); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
hLib = g_pEapTable[dwIndex].hInstance;
pEapInvokeUI = (EAPOLEAPINVOKEINTERACTIVEUI) GetProcAddress (hLib, "RasEapInvokeInteractiveUI"); pFreeFunc = (EAPOLEAPFREE) GetProcAddress (hLib, "RasEapFreeMemory");
if ((pFreeFunc == NULL) || (pEapInvokeUI == NULL)) { TRACE0 (USER, "ElInvokeInteractiveUI: pEapInvokeUI or pFreeFunc does not exist in the EAP implementation"); dwRetCode = ERROR_CAN_NOT_COMPLETE; break; }
// Get Access Token for user logged on interactively
// Call Terminal Services API
if (GetWinStationUserToken (GetClientLogonId(), &hUserToken) != NO_ERROR) { TRACE0 (USER, "ElInvokeInteractiveUI: Terminal Services API GetWinStationUserToken failed !!! ");
// Call private API
hUserToken = GetCurrentUserTokenW (L"WinSta0", TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY); if (hUserToken == NULL) { dwRetCode = GetLastError (); TRACE1 (USER, "ElInvokeInteractiveUI: Error in GetCurrentUserTokenW = %ld", dwRetCode); dwRetCode = ERROR_NO_TOKEN; break; } } if (hUserToken == NULL) { dwRetCode = GetLastError (); TRACE0 (USER, "ElInvokeInteractiveUI: Error in getting current user token"); dwRetCode = ERROR_NO_TOKEN; break; }
pPCB->hUserToken = hUserToken;
// Save handles to service window
hwinstaSave = GetProcessWindowStation(); if (hwinstaSave == NULL) { dwRetCode = GetLastError (); TRACE1 (USER, "ElInvokeInteractiveUI: GetProcessWindowStation failed with error %ld", dwRetCode); break; }
dwThreadId = GetCurrentThreadId ();
hdeskSave = GetThreadDesktop (dwThreadId); if (hdeskSave == NULL) { dwRetCode = GetLastError (); TRACE1 (USER, "ElInvokeInteractiveUI: GetThreadDesktop failed with error %ld", dwRetCode); break; }
if (!ImpersonateLoggedOnUser (pPCB->hUserToken)) { dwRetCode = GetLastError(); TRACE1 (USER, "ElInvokeInteractiveUI: ImpersonateLoggedOnUse failed with error %ld", dwRetCode); break; }
// Impersonate the client and connect to the User's window station
// and desktop. This will be the interactively logged-on user
hwinstaUser = OpenWindowStation (L"WinSta0", FALSE, MAXIMUM_ALLOWED); if (hwinstaUser == NULL) { dwRetCode = GetLastError (); TRACE1 (USER, "OpenWindowStation: OpenWindowStation failed with error %ld", dwRetCode); break; }
SetProcessWindowStation(hwinstaUser); hdeskUser = OpenDesktop (L"Default", 0, FALSE, MAXIMUM_ALLOWED); if (hdeskUser == NULL) { SetProcessWindowStation (hwinstaSave); CloseWindowStation (hwinstaUser); dwRetCode = ERROR_INVALID_WORKSTATION; break; }
SetThreadDesktop (hdeskUser);
// Get handle to desktop window
hwndOwner = GetDesktopWindow ();
if ((dwRetCode = (*(pEapInvokeUI))( pPCB->dwEapTypeToBeUsed, hwndOwner, // hwndOwner
// Context data from EAP
pInvokeEapUIIn->pbUIContextData, // Size of context data
pInvokeEapUIIn->dwSizeOfUIContextData, &pUIDataOut, &dwSizeOfUIDataOut )) != NO_ERROR) { TRACE1 (USER, "ElInvokeInteractiveUI: Error in calling InvokeInteractiveUI = %ld", dwRetCode); // Revert impersonation
if (!RevertToSelf()) { dwRetCode = GetLastError(); TRACE1 (USER, "ElInvokeInteractiveUI: Error in RevertToSelf = %ld", dwRetCode); }
// Restore window station and desktop
SetThreadDesktop (hdeskSave); SetProcessWindowStation (hwinstaSave); CloseDesktop(hdeskUser); CloseWindowStation(hwinstaUser);
break; }
// Revert impersonation
if (!RevertToSelf()) { dwRetCode = GetLastError(); TRACE1 (USER, "ElInvokeInteractiveUI: Error in RevertToSelf = %ld", dwRetCode); // Restore window station and desktop
SetThreadDesktop (hdeskSave); SetProcessWindowStation (hwinstaSave); CloseDesktop(hdeskUser); CloseWindowStation(hwinstaUser); break; }
// Restore window station and desktop settings
SetThreadDesktop (hdeskSave); SetProcessWindowStation (hwinstaSave); CloseDesktop(hdeskUser); CloseWindowStation(hwinstaUser); // Free the context we passed to the dll
if (pInvokeEapUIIn->pbUIContextData != NULL) { FREE (pInvokeEapUIIn->pbUIContextData); pInvokeEapUIIn->pbUIContextData = NULL; pInvokeEapUIIn->dwSizeOfUIContextData = 0; } // Fill in the returned information into the PCB fields for
// later authentication
if (pPCB->EapUIData.pEapUIData != NULL) { FREE (pPCB->EapUIData.pEapUIData); pPCB->EapUIData.pEapUIData = NULL; pPCB->EapUIData.dwSizeOfEapUIData = 0; }
pPCB->EapUIData.pEapUIData = MALLOC (dwSizeOfUIDataOut + sizeof (DWORD)); if (pPCB->EapUIData.pEapUIData == NULL) { TRACE1 (USER, "ElInvokeInteractiveUI: Error in allocating memory for UIData = %ld", dwRetCode); dwRetCode = ERROR_NOT_ENOUGH_MEMORY; break; }
pPCB->EapUIData.dwSizeOfEapUIData = dwSizeOfUIDataOut;
if ((dwSizeOfUIDataOut != 0) && (pUIDataOut != NULL)) { memcpy ((BYTE *)pPCB->EapUIData.pEapUIData, (BYTE *)pUIDataOut, dwSizeOfUIDataOut); }
pPCB->fEapUIDataReceived = TRUE;
TRACE0 (USER, "ElInvokeInteractiveUI: Calling ElEapWork");
// Provide UI data to EAP Dll for processing
// EAP will send out response if required
if ((dwRetCode = ElEapWork ( pPCB, NULL)) != NO_ERROR) { TRACE1 (USER, "ElInvokeInteractiveUI: ElEapWork failed with error = %ld", dwRetCode); break; } TRACE0 (USER, "ElInvokeInteractiveUI: ElEapWork completed successfully");
} while (FALSE);
// Cleanup
if (dwRetCode != NO_ERROR) { if (pPCB->EapUIData.pEapUIData != NULL) { FREE (pPCB->EapUIData.pEapUIData); pPCB->EapUIData.pEapUIData = NULL; pPCB->EapUIData.dwSizeOfEapUIData = 0; }
}
if (pInvokeEapUIIn->pbUIContextData != NULL) { FREE (pInvokeEapUIIn->pbUIContextData); pInvokeEapUIIn->pbUIContextData = NULL; pInvokeEapUIIn->dwSizeOfUIContextData = 0; }
if (pFreeFunc != NULL) { if (pUIDataOut != NULL) { if (( dwRetCode = (*(pFreeFunc)) ((BYTE *)pUIDataOut)) != NO_ERROR) { TRACE1 (USER, "ElInvokeInteractiveUI: Error in pFreeFunc = %ld", dwRetCode); } } }
TRACE1 (USER, "ElInvokeInteractiveUI completed with error %ld", dwRetCode);
return dwRetCode;}
|
