archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ias/protocol/radius/valaccess.cpp

267 lines
6.8 KiB
Raw Normal View History

Add source files
4 years ago
  1. //#--------------------------------------------------------------
  2. //
  3. // File: valaccess.cpp
  4. //
  5. // Synopsis: Implementation of CValAccess class methods
  6. //
  7. //
  8. // History: 9/23/97 MKarki Created
  9. //
  10. // Copyright (C) 1997-98 Microsoft Corporation
  11. // All rights reserved.
  12. //
  13. //----------------------------------------------------------------
  14. #include "radcommon.h"
  15. #include "valaccess.h"
  17. //+++--------------------------------------------------------------
  18. //
  19. // Function: CValAccess
  20. //
  21. // Synopsis: This is the constructor of the CValAccess
  22. // class
  23. //
  24. // Arguments: NONE
  25. //
  26. // Returns: NONE
  27. //
  28. //
  29. // History: MKarki Created 9/28/97
  30. //
  31. //----------------------------------------------------------------
  32. CValAccess::CValAccess(
  33. VOID
  34. )
  35. {
  36. } // end of CValAccess constructor
  38. //+++--------------------------------------------------------------
  39. //
  40. // Function: ~CValAccess
  41. //
  42. // Synopsis: This is the destructor of the CValAccess
  43. // class
  44. //
  45. // Arguments: NONE
  46. //
  47. // Returns: NONE
  48. //
  49. //
  50. // History: MKarki Created 9/28/97
  51. //
  52. //----------------------------------------------------------------
  53. CValAccess::~CValAccess(
  54. VOID
  55. )
  56. {
  57. } // end of CValAccess destructor
  60. //+++--------------------------------------------------------------
  61. //
  62. // Function: ValidateInPacket
  63. //
  64. // Synopsis: This is CValAccess class public method
  65. // that validates inbound Access Request packet
  66. //
  67. // Arguments:
  68. // [in] - CPacketRadius*
  69. //
  70. // Returns: HRESULT - status
  71. //
  72. //
  73. // History: MKarki Created 9/28/97
  74. //
  75. // Calleed By: CPreValidator::StartInValidation class method
  76. //
  77. //----------------------------------------------------------------
  78. HRESULT
  79. CValAccess::ValidateInPacket(
  80. CPacketRadius * pCPacketRadius
  81. )
  82. {
  83. HRESULT hr = S_OK;
  84. DWORD dwClientAddress = 0;
  85. CClient *pCClient = NULL;
  87. _ASSERT (pCPacketRadius);
  89. __try
  90. {
  91. //
  92. // validate the attributes
  93. //
  94. hr = m_pCValAttributes->Validate (pCPacketRadius);
  95. if (FAILED (hr)) { __leave; }
  97. //
  98. // validate the Signature present in the packet
  99. // if no signature is present this call will return
  100. // success
  101. //
  102. hr = ValidateSignature (pCPacketRadius);
  103. if (FAILED (hr)) { __leave; }
  105. //
  106. // now give the packet for processing
  107. //
  108. hr = m_pCPreProcessor->StartInProcessing (pCPacketRadius);
  109. if (FAILED (hr)) { __leave; }
  110. }
  111. __finally
  112. {
  113. }
  115. return (hr);
  117. } // end of CValAccess::ValidateInPacket method
  119. //+++-------------------------------------------------------------
  120. //
  121. // Function: ValidateSignature
  122. //
  123. // Synopsis: This is CValAccesss class private method
  124. // that carries out validation provided in an
  125. // inbound RADIUS access request which has a
  126. // signature attribute
  127. //
  128. // Arguments:
  129. // [in] CPacketRadius*
  130. //
  131. // Returns: HRESULT - status
  132. //
  133. // History: MKarki Created 1/6/98
  134. //
  135. //----------------------------------------------------------------
  136. HRESULT
  137. CValAccess::ValidateSignature (
  138. CPacketRadius *pCPacketRadius
  139. )
  140. {
  141. HRESULT hr = S_OK;
  142. BOOL bCheckRequired = FALSE;
  143. BOOL bStatus = FALSE;
  144. PBYTE InPacketSignature[SIGNATURE_SIZE];
  145. PBYTE GeneratedSignature [SIGNATURE_SIZE];
  146. TCHAR szErrorString [IAS_ERROR_STRING_LENGTH];
  147. IIasClient *pIIasClient = NULL;
  149. __try
  150. {
  152. //
  153. // get the CClient class object
  154. //
  155. hr = pCPacketRadius->GetClient (&pIIasClient);
  156. if (FAILED (hr)) { __leave; }
  158. //
  159. // get the signature attribute value from the inbound
  160. // packet
  161. //
  162. if (FALSE == pCPacketRadius->GetInSignature (
  163. reinterpret_cast <PBYTE> (InPacketSignature)
  164. ))
  165. {
  166. //
  167. // check if signature check is required
  168. //
  169. HRESULT hr1 = pIIasClient->NeedSignatureCheck (&bCheckRequired);
  171. _ASSERT (SUCCEEDED (hr1));
  173. if (FALSE == bCheckRequired)
  174. {
  175. __leave;
  176. }
  177. else
  178. {
  179. IASTracePrintf (
  180. "In-Bound request does not have does not have "
  181. "Signature attribute which is required for this client"
  182. );
  184. //
  185. // this is an error, need to silenty discard the
  186. // packet
  187. //
  189. PCWSTR strings[] = { pCPacketRadius->GetClientName() };
  190. IASReportEvent (
  191. RADIUS_E_SIGNATURE_REQUIRED,
  192. 1,
  193. 0,
  194. strings,
  195. NULL
  196. );
  198. m_pCReportEvent->Process (
  199. RADIUS_MALFORMED_PACKET,
  200. pCPacketRadius->GetInCode (),
  201. pCPacketRadius->GetInLength(),
  202. pCPacketRadius->GetInAddress(),
  203. NULL,
  204. static_cast <LPVOID> (pCPacketRadius->GetInPacket())
  205. );
  206. hr = RADIUS_E_ERRORS_OCCURRED;
  207. __leave;
  208. }
  209. }
  211. //
  212. // generate the signature
  213. //
  214. DWORD dwBufSize = SIGNATURE_SIZE;
  215. hr = pCPacketRadius->GenerateInSignature (
  216. reinterpret_cast <PBYTE> (GeneratedSignature),
  217. &dwBufSize
  218. );
  219. if (FAILED (hr)) { __leave; }
  221. //
  222. // compare the signature attribute value in packet with
  223. // the one present
  224. //
  225. if (memcmp(InPacketSignature,GeneratedSignature,SIGNATURE_SIZE))
  226. {
  227. //
  228. // log error and generate audit event
  229. //
  230. IASTracePrintf (
  231. "Signatures in request packet does not match the "
  232. "signature generated by the server"
  233. );
  235. PCWSTR strings[] = { pCPacketRadius->GetClientName() };
  236. IASReportEvent (
  237. RADIUS_E_INVALID_SIGNATURE,
  238. 1,
  239. 0,
  240. strings,
  241. NULL
  242. );
  244. m_pCReportEvent->Process (
  245. RADIUS_MALFORMED_PACKET,
  246. pCPacketRadius->GetInCode (),
  247. pCPacketRadius->GetInLength(),
  248. pCPacketRadius->GetInAddress(),
  249. NULL,
  250. static_cast <LPVOID> (pCPacketRadius->GetInPacket())
  251. );
  252. hr = RADIUS_E_ERRORS_OCCURRED;
  253. __leave;
  254. }
  256. //
  257. // success
  258. //
  259. }
  260. __finally
  261. {
  262. if (pIIasClient) { pIIasClient->Release (); }
  263. }
  265. return (hr);
  267. } // end of CValAccess::ValidateSignature method