archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ias/protocol/radius/tunnelpassword.cpp

330 lines
9.3 KiB
Raw Normal View History

Add source files
4 years ago
  1. //#--------------------------------------------------------------
  2. //
  3. // File: tunnelpassword.cpp
  4. //
  5. // Synopsis: Implementation of CTunnelPassword class methods
  6. //
  7. //
  8. // History: 04/16/98 MKarki Created
  9. //
  10. // Copyright (C) 1997-98 Microsoft Corporation
  11. // All rights reserved.
  12. //
  13. //----------------------------------------------------------------
  14. #include "radcommon.h"
  15. #include "tunnelpassword.h"
  16. #include "align.h"
  17. #include "iastlutl.h"
  18. using namespace IASTL;
  20. const DWORD MAX_TUNNELPASSWORD_LENGTH =
  21. (MAX_ATTRIBUTE_LENGTH/AUTHENTICATOR_SIZE)*AUTHENTICATOR_SIZE;
  24. //////////
  25. // Extracts the Vendor-Type field from a Microsoft VSA. Returns zero if the
  26. // attribute is not a valid Microsoft VSA.
  27. //////////
  28. BYTE
  29. WINAPI
  30. ExtractMicrosoftVendorType(
  31. const IASATTRIBUTE& attr
  32. ) throw ()
  33. {
  34. if (attr.Value.itType == IASTYPE_OCTET_STRING &&
  35. attr.Value.OctetString.dwLength > 6 &&
  36. !memcmp(attr.Value.OctetString.lpValue, "\x00\x00\x01\x37", 4))
  37. {
  38. return *(attr.Value.OctetString.lpValue + 4);
  39. }
  41. return (BYTE)0;
  42. }
  44. //////////
  45. // Encrypts the MPPE key attributes in a request.
  46. //////////
  47. HRESULT EncryptMPPEKeys(
  48. const CPacketRadius& packet,
  49. IAttributesRaw* request
  50. ) throw ()
  51. {
  52. try
  53. {
  54. IASAttributeVectorWithBuffer<16> attrs;
  55. attrs.load(request, RADIUS_ATTRIBUTE_VENDOR_SPECIFIC);
  57. for (IASAttributeVector::iterator i = attrs.begin();
  58. i != attrs.end();
  59. ++i)
  60. {
  61. switch (ExtractMicrosoftVendorType(*(i->pAttribute)))
  62. {
  63. case 12: // MS_ATTRIBUTE_CHAP_MPPE_KEYS
  64. {
  65. packet.cryptBuffer(
  66. TRUE,
  67. FALSE,
  68. i->pAttribute->Value.OctetString.lpValue + 6,
  69. i->pAttribute->Value.OctetString.dwLength - 6
  70. );
  71. break;
  72. }
  74. case 16: // MS_ATTRIBUTE_MPPE_SEND_KEY
  75. case 17: // MS_ATTRIBUTE_MPPE_RECV_KEY
  76. {
  77. packet.cryptBuffer(
  78. TRUE,
  79. TRUE,
  80. i->pAttribute->Value.OctetString.lpValue + 6,
  81. i->pAttribute->Value.OctetString.dwLength - 6
  82. );
  83. break;
  84. }
  85. }
  86. }
  87. }
  88. catch (const _com_error& ce)
  89. {
  90. return ce.Error();
  91. }
  93. return S_OK;
  94. }
  96. //++--------------------------------------------------------------
  97. //
  98. // Function: Process
  99. //
  100. // Synopsis: This is the CTunnelPassword class public method
  101. // responsible for encrypting the Tunnel Passwords
  102. // present in an out-bound RADIUS packet
  103. //
  104. // Arguments:
  105. // PACKETTYPE - Radius packet type
  106. // IAttributesRaw*
  107. // CPacketRadius*
  108. //
  109. // Returns: HRESULT - status
  110. //
  111. // History: MKarki Created 04/16/98
  112. //
  113. //----------------------------------------------------------------
  114. HRESULT
  115. CTunnelPassword::Process (
  116. PACKETTYPE ePacketType,
  117. IAttributesRaw *pIAttributesRaw,
  118. CPacketRadius *pCPacketRadius
  119. )
  120. {
  121. HRESULT hr = S_OK;
  122. DWORD dwCount = 0;
  123. DWORD dwAttributeCount = 0;
  124. DWORD dwTunnelAttributeCount = 0;
  125. static DWORD dwTunnelPasswordType = TUNNEL_PASSWORD_ATTRIB;
  126. PATTRIBUTE pAttribute = NULL;
  127. PATTRIBUTEPOSITION pAttribPos = NULL;
  129. _ASSERT (pIAttributesRaw && pCPacketRadius);
  131. __try
  132. {
  133. //
  134. // the tunnel-password attribute only goes
  135. // into an access-accept packet
  136. //
  137. if (ACCESS_ACCEPT != ePacketType) { __leave; }
  139. // Encrypt the MPPE keys.
  140. hr = EncryptMPPEKeys(*pCPacketRadius, pIAttributesRaw);
  141. if (FAILED(hr)) { __leave; }
  143. //
  144. // get the count of the total attributes in the collection
  145. //
  146. hr = pIAttributesRaw->GetAttributeCount (&dwAttributeCount);
  147. if (FAILED (hr))
  148. {
  149. IASTracePrintf (
  150. "Unable to obtain attribute count in request "
  151. "while processing tunnel-password"
  152. );
  153. __leave;
  154. }
  155. else if (0 == dwAttributeCount)
  156. {
  157. __leave;
  158. }
  160. //
  161. // allocate memory for the ATTRIBUTEPOSITION array
  162. //
  163. pAttribPos = reinterpret_cast <PATTRIBUTEPOSITION> (
  164. ::CoTaskMemAlloc (
  165. sizeof (ATTRIBUTEPOSITION)*dwAttributeCount));
  166. if (NULL == pAttribPos)
  167. {
  168. IASTracePrintf (
  169. "Unable to allocate memory for attribute position array "
  170. "while processing tunnel-password"
  171. );
  172. hr = E_OUTOFMEMORY;
  173. __leave;
  174. }
  176. //
  177. // get the Tunnel-Password attributes from
  178. // the collection
  179. //
  180. dwTunnelAttributeCount = dwAttributeCount;
  181. hr = pIAttributesRaw->GetAttributes (
  182. &dwTunnelAttributeCount,
  183. pAttribPos,
  184. 1,
  185. &dwTunnelPasswordType
  186. );
  187. if (FAILED (hr))
  188. {
  189. IASTracePrintf (
  190. "Unable to get attributes from request "
  191. "while processing tunnel-password"
  192. );
  193. __leave;
  194. }
  195. else if (0 == dwTunnelAttributeCount)
  196. {
  197. __leave;
  198. }
  201. //
  202. // remove the Tunnel-Password attributes from the collection
  203. //
  204. hr = pIAttributesRaw->RemoveAttributes (
  205. dwTunnelAttributeCount,
  206. pAttribPos
  207. );
  208. if (FAILED (hr))
  209. {
  210. IASTracePrintf (
  211. "Unable to remove attributes from request "
  212. "while processing tunnel-password"
  213. );
  214. __leave;
  215. }
  217. //
  218. // now process the Tunnel-Password attributes
  220. for (DWORD i = 0; i < dwTunnelAttributeCount; ++i)
  221. {
  222. hr = EncryptTunnelPassword (
  223. pCPacketRadius,
  224. pIAttributesRaw,
  225. pAttribPos[i].pAttribute
  226. );
  227. if (FAILED (hr)) { __leave; }
  228. }
  230. }
  231. __finally
  232. {
  233. //
  234. // release all the Tunnel Attributes now
  235. //
  236. for (dwCount = 0; dwCount < dwTunnelAttributeCount; dwCount++)
  237. {
  238. ::IASAttributeRelease (pAttribPos[dwCount].pAttribute);
  239. }
  241. //
  242. // free the dynamically allocated memory
  243. //
  244. if (pAttribPos) { ::CoTaskMemFree (pAttribPos); }
  245. }
  247. return (hr);
  249. } // end of CRecvFromPipe::TunnelPasswordSupport method
  251. //++--------------------------------------------------------------
  252. //
  253. // Function: EncryptPassword
  254. //
  255. // Synopsis: This is the CTunnelPassword class private method
  256. // responsible for encrypting the Tunnel Password
  257. // present in an out-bound RADIUS packet. The Encrypted
  258. // password is put in an IAS attribute which is added
  259. // to the attribute collection of the outbound request.
  260. //
  261. // Arguments:
  262. // CPacketRadius*
  263. // IAttributesRaw*
  264. // PIASATTRIBUTE
  265. //
  266. // Returns: HRESULT - status
  267. //
  268. // History: MKarki Created 04/16/98
  269. //
  270. //----------------------------------------------------------------
  271. HRESULT
  272. CTunnelPassword::EncryptTunnelPassword (
  273. CPacketRadius *pCPacketRadius,
  274. IAttributesRaw *pIAttributesRaw,
  275. PIASATTRIBUTE plaintext
  276. )
  277. {
  278. // Extract the password.
  279. const IAS_OCTET_STRING& pwd = plaintext->Value.OctetString;
  281. // We must have at least 4 bytes.
  282. if (pwd.dwLength < 4) { return E_INVALIDARG; }
  284. // How many bytes do we need including padding.
  285. ULONG nbyte = ROUND_UP_COUNT(pwd.dwLength - 3, 16) + 3;
  286. if (nbyte > 253) { return E_INVALIDARG; }
  288. // Create a new IASATTRIBUTE for the encrypted value.
  289. PIASATTRIBUTE encrypted;
  290. if (IASAttributeAlloc(1, &encrypted)) { return E_OUTOFMEMORY; }
  291. encrypted->dwId = RADIUS_ATTRIBUTE_TUNNEL_PASSWORD;
  292. encrypted->dwFlags = plaintext->dwFlags;
  293. encrypted->Value.itType = IASTYPE_OCTET_STRING;
  294. encrypted->Value.OctetString.dwLength = nbyte;
  295. encrypted->Value.OctetString.lpValue = (PBYTE)CoTaskMemAlloc(nbyte);
  297. HRESULT hr;
  298. PBYTE val = encrypted->Value.OctetString.lpValue;
  299. if (val)
  300. {
  301. // Copy in the value.
  302. memcpy(val, pwd.lpValue, pwd.dwLength);
  304. // Zero out the padding.
  305. memset(val + pwd.dwLength, 0, nbyte - pwd.dwLength);
  307. // Encrypt the password.
  308. pCPacketRadius->cryptBuffer(
  309. TRUE,
  310. TRUE,
  311. val + 1,
  312. nbyte - 1
  313. );
  315. // Add the encrypted attribute to the request.
  316. ATTRIBUTEPOSITION pos;
  317. pos.pAttribute = encrypted;
  318. hr = pIAttributesRaw->AddAttributes(1, &pos);
  319. }
  320. else
  321. {
  322. hr = E_OUTOFMEMORY;
  323. }
  325. // Release the encrypted password.
  326. IASAttributeRelease(encrypted);
  328. return hr;
  329. }