archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ias/providers/ntuser/eap/eap.cpp

321 lines
8.3 KiB
Raw Normal View History

Add source files
4 years ago
  1. /////////////////////////////////////////////////////////////////////////////// //
  2. // FILE
  3. //
  4. // EAP.cpp
  5. //
  6. // SYNOPSIS
  7. //
  8. // This file implements the class EAP.
  9. //
  10. // MODIFICATION HISTORY
  11. //
  12. // 02/12/1998 Original version.
  13. // 05/08/1998 Do not delete sessions when they're done. Let everything
  14. // age out of the session table.
  15. // 05/15/1998 Pass received packet to EAPSession constructor.
  16. // 06/12/1998 Changed put_Response to SetResponse.
  17. // 07/06/1998 Only RAS is allowed to use EAP-TLS.
  18. // 02/09/1998 Allow EAP-TLS over RADIUS.
  19. // 05/20/1999 Identity is now a Unicode string.
  20. //
  21. ///////////////////////////////////////////////////////////////////////////////
  23. #include <ias.h>
  24. #include <iaslsa.h>
  25. #include <iastlutl.h>
  27. #include <eap.h>
  28. #include <eapdnary.h>
  29. #include <eapstate.h>
  30. #include <eaptypes.h>
  32. //////////
  33. // Define static members.
  34. //////////
  35. EAPTypes EAP::theTypes;
  37. STDMETHODIMP EAP::Initialize()
  38. {
  39. HRESULT hr;
  41. // Initialize the LSA API.
  42. DWORD error = IASLsaInitialize();
  43. if (error)
  44. {
  45. hr = HRESULT_FROM_WIN32(error);
  46. goto lsa_failed;
  47. }
  49. // Initialize the sessions.
  50. hr = EAPSession::initialize();
  51. if (FAILED(hr))
  52. {
  53. goto sessions_failed;
  54. }
  56. // Initialize the IAS <--> RAS translator.
  57. hr = EAPTranslator::initialize();
  58. if (FAILED(hr))
  59. {
  60. goto translator_failed;
  61. }
  63. // The rest can't fail.
  64. EAPState::initialize();
  65. theTypes.initialize();
  67. // Everything succeeded, so we're done.
  68. return S_OK;
  70. translator_failed:
  71. EAPSession::finalize();
  73. sessions_failed:
  74. IASLsaUninitialize();
  76. lsa_failed:
  77. return hr;
  78. }
  80. STDMETHODIMP EAP::Shutdown()
  81. {
  82. // Clear out any remaining sessions.
  83. sessions.clear();
  85. // Shutdown our sub-systems.
  86. theTypes.finalize();
  87. EAPTranslator::finalize();
  88. EAPSession::finalize();
  89. IASLsaUninitialize();
  91. return S_OK;
  92. }
  94. STDMETHODIMP EAP::PutProperty(LONG Id, VARIANT* pValue)
  95. {
  96. if (pValue == NULL) { return E_INVALIDARG; }
  98. switch (Id)
  99. {
  100. case PROPERTY_EAP_SESSION_TIMEOUT:
  101. {
  102. if (V_VT(pValue) != VT_I4) { return DISP_E_TYPEMISMATCH; }
  103. if (V_I4(pValue) <= 0) { return E_INVALIDARG; }
  105. IASTracePrintf("Setting EAP session timeout to %ld msec.", V_I4(pValue));
  107. sessions.setSessionTimeout(V_I4(pValue));
  108. break;
  109. }
  111. case PROPERTY_EAP_MAX_SESSIONS:
  112. {
  113. if (V_VT(pValue) != VT_I4) { return DISP_E_TYPEMISMATCH; }
  114. if (V_I4(pValue) <= 0) { return E_INVALIDARG; }
  116. IASTracePrintf("Setting max. EAP sessions to %ld.", V_I4(pValue));
  118. sessions.setMaxSessions(V_I4(pValue));
  119. break;
  120. }
  122. default:
  123. {
  124. return DISP_E_MEMBERNOTFOUND;
  125. }
  126. }
  128. return S_OK;
  129. }
  131. ///////////////////////////////////////////////////////////////////////////////
  132. //
  133. // METHOD
  134. //
  135. // EAP::onSyncRequest
  136. //
  137. // DESCRIPTION
  138. //
  139. // Processes a request. Note that this method does only enough work to
  140. // retrieve or create a session object. Once this has been accomplished
  141. // the main processing logic takes place inside EAPSession (q.v.).
  142. //
  143. ///////////////////////////////////////////////////////////////////////////////
  144. IASREQUESTSTATUS EAP::onSyncRequest(IRequest* pRequest) throw ()
  145. {
  146. EAPSession* session = NULL;
  148. try
  149. {
  150. IASRequest request(pRequest);
  152. //////////
  153. // Does the request contain an EAP-Message?
  154. //////////
  156. DWORD attrID = RADIUS_ATTRIBUTE_EAP_MESSAGE;
  157. IASAttributeVectorWithBuffer<16> eapMessage;
  158. if (!eapMessage.load(request, 1, &attrID))
  159. {
  160. // If not, we're not interested.
  161. return IAS_REQUEST_STATUS_CONTINUE;
  162. }
  164. IASTraceString("NT-SAM EAP handler received request.");
  166. //////////
  167. // Concatenate the RADIUS EAP-Message attributes into a single packet.
  168. //////////
  170. IASAttributeVector::iterator it;
  171. DWORD pktlen = 0;
  172. for (it = eapMessage.begin(); it != eapMessage.end(); ++it)
  173. {
  174. pktlen += it->pAttribute->Value.OctetString.dwLength;
  175. }
  177. PBYTE p = (PBYTE)_alloca(pktlen);
  178. PPPP_EAP_PACKET recvPkt = (PPPP_EAP_PACKET)p;
  179. for (it = eapMessage.begin(); it != eapMessage.end(); ++it)
  180. {
  181. memcpy(p,
  182. it->pAttribute->Value.OctetString.lpValue,
  183. it->pAttribute->Value.OctetString.dwLength);
  184. p += it->pAttribute->Value.OctetString.dwLength;
  185. }
  187. //////////
  188. // Ensure that the packet is valid.
  189. //////////
  191. if (pktlen < 5 || IASExtractWORD(recvPkt->Length) != pktlen)
  192. {
  193. IASTraceString("Assembled EAP-Message has invalid length.");
  195. request.SetResponse(IAS_RESPONSE_DISCARD_PACKET,
  196. IAS_MALFORMED_REQUEST);
  197. return IAS_REQUEST_STATUS_ABORT;
  198. }
  200. //////////
  201. // Get a session object to handle this request.
  202. //////////
  204. IASREQUESTSTATUS retval;
  205. IASAttribute state;
  206. if (state.load(request, RADIUS_ATTRIBUTE_STATE, IASTYPE_OCTET_STRING))
  207. {
  208. //////////
  209. // If the State attribute exists, this is an ongoing session.
  210. //////////
  212. EAPState& s = (EAPState&)(state->Value.OctetString);
  214. if (!s.isValid())
  215. {
  216. IASTraceString("State attribute is present, but unrecognized.");
  218. // We don't recognize this state attribute, so it must belong
  219. // to someone else.
  220. return IAS_REQUEST_STATUS_CONTINUE;
  221. }
  223. // Retrieve the object for this session ID.
  224. session = sessions.remove(s.getSessionID());
  226. if (!session)
  227. {
  228. IASTraceString("Session timed-out. Discarding packet.");
  230. // The session is already complete.
  231. request.SetResponse(IAS_RESPONSE_DISCARD_PACKET,
  232. IAS_SESSION_TIMEOUT);
  233. return IAS_REQUEST_STATUS_ABORT;
  234. }
  236. IASTracePrintf("Successfully retrieved session state for user %S.",
  237. session->getAccountName());
  239. retval = session->process(request, recvPkt);
  240. }
  241. else
  242. {
  243. IASTraceString("No State attribute present. Creating new session.");
  245. //////////
  246. // No state attribute, so this is a new session.
  247. // Does the request contain an NT4-Account-Name ?
  248. //////////
  250. IASAttribute identity;
  251. if (!identity.load(request,
  252. IAS_ATTRIBUTE_NT4_ACCOUNT_NAME,
  253. IASTYPE_STRING))
  254. {
  255. IASTraceString("SAM account name not found.");
  257. // We only handle SAM users.
  258. return IAS_REQUEST_STATUS_CONTINUE;
  259. }
  261. //////////
  262. // Find out which EAP provider to use.
  263. //////////
  265. IASAttribute eapType;
  266. if (!eapType.load(request, IAS_ATTRIBUTE_NP_ALLOWED_EAP_TYPE))
  267. {
  268. IASTraceString("EAP not authorized for this user.");
  270. // Since we don't have an EAP-Type attribute, the user is not
  271. // allowed to use EAP.
  272. request.SetResponse(IAS_RESPONSE_ACCESS_REJECT,
  273. IAS_INVALID_AUTH_TYPE);
  274. return IAS_REQUEST_STATUS_HANDLED;
  275. }
  277. //////////
  278. // Retrieve the provider for this EAP type.
  279. //////////
  281. EAPType* provider = theTypes[(BYTE)(eapType->Value.Enumerator)];
  283. if (!provider)
  284. {
  285. // We can't handle this EAP type, so reject.
  286. request.SetResponse(IAS_RESPONSE_ACCESS_REJECT,
  287. IAS_UNSUPPORTED_AUTH_TYPE);
  288. return IAS_REQUEST_STATUS_HANDLED;
  289. }
  291. session = new EAPSession(identity, *provider);
  293. IASTracePrintf("Successfully created new session for user %S.",
  294. session->getAccountName());
  296. retval = session->begin(request, recvPkt);
  297. }
  299. // Save it for later.
  300. sessions.insert(session);
  302. return retval;
  303. }
  304. catch (const _com_error& ce)
  305. {
  306. IASTraceExcept();
  308. pRequest->SetResponse(IAS_RESPONSE_DISCARD_PACKET, ce.Error());
  309. }
  310. catch (const std::bad_alloc&)
  311. {
  312. IASTraceExcept();
  314. pRequest->SetResponse(IAS_RESPONSE_DISCARD_PACKET, E_OUTOFMEMORY);
  315. }
  317. // If we have any errors, we'll delete the session.
  318. delete session;
  320. return IAS_REQUEST_STATUS_ABORT;
  321. }