archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/net/rras/ras/ppp/raspap/raspap.c

861 lines
22 KiB
Raw Normal View History

Add source files
4 years ago
  1. /* Copyright (c) 1993, Microsoft Corporation, all rights reserved
  2. **
  3. ** raspap.c
  4. ** Remote Access PPP Password Authentication Protocol
  5. ** Core routines
  6. **
  7. ** 11/05/93 Steve Cobb
  8. */
  10. #include <nt.h>
  11. #include <ntrtl.h>
  12. #include <nturtl.h>
  13. #include <ntlsa.h>
  14. #include <ntmsv1_0.h>
  15. #include <crypt.h>
  17. #include <windows.h>
  18. #include <lmcons.h>
  19. #include <string.h>
  20. #include <stdlib.h>
  21. #include <rasman.h>
  22. #include <pppcp.h>
  23. #include <rtutils.h>
  24. #define INCL_PWUTIL
  25. #define INCL_HOSTWIRE
  26. #define INCL_RASAUTHATTRIBUTES
  27. #define INCL_MISC
  28. #include <ppputil.h>
  29. #include <rasauth.h>
  30. #define SDEBUGGLOBALS
  31. #define RASPAPGLOBALS
  32. #include "raspap.h"
  33. #include <raserror.h>
  35. #define TRACE_RASPAP (0x00010000|TRACE_USE_MASK)
  37. #define TRACE(a) TracePrintfExA(g_dwTraceIdPap,TRACE_RASPAP,a )
  38. #define TRACE1(a,b) TracePrintfExA(g_dwTraceIdPap,TRACE_RASPAP,a,b )
  39. #define TRACE2(a,b,c) TracePrintfExA(g_dwTraceIdPap,TRACE_RASPAP,a,b,c )
  40. #define TRACE3(a,b,c,d) TracePrintfExA(g_dwTraceIdPap,TRACE_RASPAP,a,b,c,d )
  42. #define DUMPW(X,Y) TraceDumpExA(g_dwTraceIdPap,1,(LPBYTE)X,Y,4,1,NULL)
  43. #define DUMPB(X,Y) TraceDumpExA(g_dwTraceIdPap,1,(LPBYTE)X,Y,1,1,NULL)
  46. #define REGKEY_Pap \
  47. "SYSTEM\\CurrentControlSet\\Services\\RasMan\\PPP\\ControlProtocols\\BuiltIn"
  48. #define REGVAL_FollowStrictSequencing "FollowStrictSequencing"
  51. /*---------------------------------------------------------------------------
  52. ** External entry points
  53. **---------------------------------------------------------------------------
  54. */
  56. DWORD
  57. PapInit(
  58. BOOL fInitialize)
  60. {
  61. if (fInitialize)
  62. {
  63. HKEY hkey;
  64. DWORD dwType;
  65. DWORD dwValue;
  66. DWORD cb = sizeof(DWORD);
  68. if (RegOpenKey( HKEY_LOCAL_MACHINE, REGKEY_Pap, &hkey ) == 0)
  69. {
  70. if (RegQueryValueEx(
  71. hkey, REGVAL_FollowStrictSequencing, NULL,
  72. &dwType, (LPBYTE )&dwValue, &cb ) == 0
  73. && dwType == REG_DWORD
  74. && cb == sizeof(DWORD)
  75. && dwValue)
  76. {
  77. fFollowStrictSequencing = TRUE;
  78. }
  80. RegCloseKey( hkey );
  81. }
  83. g_dwTraceIdPap = TraceRegisterA( "RASPAP" );
  84. }
  85. else
  86. {
  87. if ( g_dwTraceIdPap != INVALID_TRACEID )
  88. {
  89. TraceDeregisterA( g_dwTraceIdPap );
  90. g_dwTraceIdPap = INVALID_TRACEID;
  91. }
  92. }
  94. return(NO_ERROR);
  95. }
  98. DWORD
  99. PapGetInfo(
  100. IN DWORD dwProtocolId,
  101. OUT PPPCP_INFO* pInfo )
  103. /* PapGetInfo entry point called by the PPP engine. See RasCp
  104. ** interface documentation.
  105. */
  106. {
  107. TRACE(("PAP: PapGetInfo\n"));
  109. ZeroMemory( pInfo, sizeof(*pInfo) );
  111. pInfo->Protocol = (DWORD )PPP_PAP_PROTOCOL;
  112. pInfo->Recognize = MAXPAPCODE + 1;
  113. pInfo->RasCpInit = PapInit;
  114. pInfo->RasCpBegin = PapBegin;
  115. pInfo->RasCpEnd = PapEnd;
  116. pInfo->RasApMakeMessage = PapMakeMessage;
  118. return 0;
  119. }
  122. DWORD
  123. PapBegin(
  124. OUT VOID** ppWorkBuf,
  125. IN VOID* pInfo )
  127. /* RasCpBegin entry point called by the PPP engine thru the passed
  128. ** address. See RasCp interface documentation.
  129. */
  130. {
  131. PPPAP_INPUT* pInput = (PPPAP_INPUT* )pInfo;
  132. PAPWB* pwb;
  134. /* Allocate work buffer.
  135. */
  136. if (!(pwb = (PAPWB* )LocalAlloc( LPTR, sizeof(PAPWB) )))
  137. return ERROR_NOT_ENOUGH_MEMORY;
  139. pwb->fServer = pInput->fServer;
  140. pwb->chSeed = GEN_RAND_ENCODE_SEED;
  142. if (!pwb->fServer)
  143. {
  144. TRACE2("PAP: PapBegin(u=%s,d=%s\n",pInput->pszUserName
  145. ,pInput->pszDomain);
  147. /* Validate credential lengths. The credential strings will never be
  148. ** NULL, but may be "".
  149. **
  150. ** !!! PAP requires the domain\username length to fit in a byte.
  151. ** Currently, UNLEN is defined as 256 and DNLEN is defined as 15.
  152. ** This means that some valid domain\username combinations cannot
  153. ** be validated over PAP, but it's only on *really* long
  154. ** usernames. Likewise, a password of exactly 256 characters
  155. ** cannot be validated.
  156. */
  157. {
  158. DWORD cbUserName = strlen( pInput->pszUserName );
  159. DWORD cbPassword = strlen( pInput->pszPassword );
  160. DWORD cbDomain = strlen( pInput->pszDomain );
  162. if (cbUserName > UNLEN
  163. || cbDomain > DNLEN
  164. || cbDomain + 1 + cbUserName > 255
  165. || cbPassword > max( PWLEN, 255 ))
  166. {
  167. LocalFree( pwb );
  168. return ERROR_INVALID_PARAMETER;
  169. }
  170. }
  172. /* "Account" refers to the domain\username format. When domain is "",
  173. ** no "\" is sent (to facilitate connecting to foreign systems which
  174. ** use a simple string identifier). Otherwise when username is "",
  175. ** the "\" is sent, i.e. "domain\". This form will currently fail,
  176. ** but could be mapped to some sort of "guest" access in the future.
  177. */
  178. if (*(pInput->pszDomain) != '\0')
  179. {
  180. strcpy( pwb->szAccount, pInput->pszDomain );
  181. strcat( pwb->szAccount, "\\" );
  182. }
  183. strcat( pwb->szAccount, pInput->pszUserName );
  184. strcpy( pwb->szPassword, pInput->pszPassword );
  185. EncodePw( pwb->chSeed, pwb->szPassword );
  186. }
  187. else
  188. {
  189. pwb->hPort = pInput->hPort;
  190. }
  192. pwb->state = PS_Initial;
  194. /* Register work buffer with engine.
  195. */
  196. *ppWorkBuf = pwb;
  197. return 0;
  198. }
  201. DWORD
  202. PapEnd(
  203. IN VOID* pWorkBuf )
  205. /* RasCpEnd entry point called by the PPP engine thru the passed address.
  206. ** See RasCp interface documentation.
  207. */
  208. {
  209. TRACE("PAP: PapEnd\n");
  211. if ( pWorkBuf != NULL )
  212. {
  213. PAPWB* pwb = (PAPWB* )pWorkBuf;
  215. if ( pwb->pUserAttributes != NULL )
  216. {
  217. RasAuthAttributeDestroy( pwb->pUserAttributes );
  219. pwb->pUserAttributes = NULL;
  220. }
  222. ZeroMemory( pWorkBuf, sizeof(PAPWB) );
  224. LocalFree( (HLOCAL )pWorkBuf );
  225. }
  227. return 0;
  228. }
  231. DWORD
  232. PapMakeMessage(
  233. IN VOID* pWorkBuf,
  234. IN PPP_CONFIG* pReceiveBuf,
  235. OUT PPP_CONFIG* pSendBuf,
  236. IN DWORD cbSendBuf,
  237. OUT PPPAP_RESULT* pResult,
  238. IN PPPAP_INPUT* pInput )
  240. /* RasApMakeMessage entry point called by the PPP engine thru the passed
  241. ** address. See RasCp interface documentation.
  242. */
  243. {
  244. PAPWB* pwb = (PAPWB* )pWorkBuf;
  246. TRACE1("PAP: PapMakeMessage,RBuf=%p\n",pReceiveBuf);
  248. (void )pInput;
  250. return
  251. (pwb->fServer)
  252. ? PapSMakeMessage(pwb, pReceiveBuf, pSendBuf, cbSendBuf, pInput,
  253. pResult)
  254. : PapCMakeMessage( pwb, pReceiveBuf, pSendBuf, cbSendBuf, pResult );
  255. }
  258. /*---------------------------------------------------------------------------
  259. ** Internal routines (alphabetically)
  260. **---------------------------------------------------------------------------
  261. */
  263. DWORD
  264. PapCMakeMessage(
  265. IN PAPWB* pwb,
  266. IN PPP_CONFIG* pReceiveBuf,
  267. OUT PPP_CONFIG* pSendBuf,
  268. IN DWORD cbSendBuf,
  269. OUT PPPAP_RESULT* pResult )
  271. /* Client side "make message" entry point. See RasCp interface
  272. ** documentation.
  273. */
  274. {
  275. /* Start over if timeout waiting for a reply.
  276. */
  277. if (!pReceiveBuf && pwb->state != PS_Initial)
  278. pwb->state = PS_Initial;
  280. switch (pwb->state)
  281. {
  282. case PS_Initial:
  283. {
  284. /* Send an Authenticate-Req packet, then wait for the reply.
  285. */
  286. pResult->bIdExpected = BNextIdPap;
  287. PapMakeRequestMessage( pwb, pSendBuf, cbSendBuf );
  288. pResult->Action = APA_SendWithTimeout;
  289. pwb->state = PS_RequestSent;
  291. break;
  292. }
  294. case PS_RequestSent:
  295. {
  296. if (pReceiveBuf->Id != pwb->bIdSent)
  297. {
  298. //
  299. // See bug # 22508
  300. //
  302. if ( fFollowStrictSequencing )
  303. {
  304. /* Received a packet out of sequence. Silently discard it.
  305. */
  306. pResult->Action = APA_NoAction;
  307. break;
  308. }
  309. }
  311. pResult->fRetry = FALSE;
  313. PapExtractMessage( pReceiveBuf, pResult );
  315. if (pReceiveBuf->Code == PAPCODE_Ack)
  316. {
  317. /* Passed authentication.
  318. */
  319. pResult->Action = APA_Done;
  320. pResult->dwError = 0;
  321. pwb->state = PS_Done;
  322. }
  323. else if (pReceiveBuf->Code == PAPCODE_Nak)
  324. {
  325. /* Failed authentication.
  326. */
  327. pResult->Action = APA_Done;
  328. pResult->dwError = GetErrorFromNak( pReceiveBuf );
  329. pwb->state = PS_Done;
  330. }
  331. else
  332. {
  333. /* Received an Authenticate-Req packet. The engine filters
  334. ** all others. Shouldn't happen, but silently discard it.
  335. */
  336. RTASSERT(!"Bogus pReceiveBuf->Code");
  337. pResult->Action = APA_NoAction;
  338. break;
  339. }
  341. break;
  342. }
  343. }
  345. return 0;
  346. }
  349. DWORD
  350. GetCredentialsFromRequest(
  351. IN PPP_CONFIG* pReceiveBuf,
  352. OUT CHAR* pszIdentity,
  353. OUT CHAR* pszPassword
  354. )
  356. /* Fill caller's 'pszIdentity' and 'pszPassword' buffers
  357. ** with the username and password in the request packet.
  358. ** Caller's buffers should be at least UNLEN+DNLEN+1 and PWLEN bytes long,
  359. ** respectively.
  360. **
  361. ** Returns 0 if successful, or ERRORBADPACKET if the packet is
  362. ** misformatted in any way.
  363. */
  364. {
  365. BYTE* pcbPeerId;
  366. CHAR* pchPeerId;
  367. BYTE* pcbPassword;
  368. CHAR* pchPassword;
  369. WORD cbPacket;
  371. cbPacket = WireToHostFormat16( pReceiveBuf->Length );
  373. /* Parse out username and domain from the peer ID (domain\username or
  374. ** username format).
  375. */
  376. if (cbPacket < PPP_CONFIG_HDR_LEN + 1)
  377. return ERRORBADPACKET;
  379. pcbPeerId = pReceiveBuf->Data;
  380. pchPeerId = pcbPeerId + 1;
  382. if (cbPacket < PPP_CONFIG_HDR_LEN + 1 + *pcbPeerId)
  383. {
  384. return ERRORBADPACKET;
  385. }
  387. /* Extract the username.
  388. */
  389. RTASSERT(*pcbPeerId <= (UNLEN+DNLEN+1));
  390. CopyMemory( pszIdentity, pchPeerId, *pcbPeerId );
  391. pszIdentity[ *pcbPeerId ] = '\0';
  393. /* Extract the password.
  394. */
  395. if (cbPacket < PPP_CONFIG_HDR_LEN + 1 + *pcbPeerId + 1)
  396. return ERRORBADPACKET;
  398. pcbPassword = pchPeerId + *pcbPeerId;
  399. pchPassword = pcbPassword + 1;
  400. RTASSERT(*pcbPassword<=PWLEN);
  402. if (cbPacket < PPP_CONFIG_HDR_LEN + 1 + *pcbPeerId + 1 + *pcbPassword)
  403. return ERRORBADPACKET;
  405. CopyMemory( pszPassword, pchPassword, *pcbPassword );
  406. pszPassword[ *pcbPassword ] = '\0';
  408. return 0;
  409. }
  412. DWORD
  413. GetErrorFromNak(
  414. IN PPP_CONFIG* pReceiveBuf )
  416. /* Returns the RAS error number out of the Message portion of the
  417. ** Authenticate-Nak message buffer 'pReceiveBuf' or 0 if none.
  418. */
  419. {
  420. DWORD dwError = 0;
  421. CHAR szBuf[ 255 + 1 ];
  422. BYTE* pcbMsg = pReceiveBuf->Data;
  423. WORD cbPacket = WireToHostFormat16( pReceiveBuf->Length );
  425. TRACE("PAP: GetErrorFromNak...\n");
  427. if (cbPacket > PPP_CONFIG_HDR_LEN && *pcbMsg)
  428. {
  429. CHAR* pchBuf = szBuf;
  430. CHAR* pchMsg = pcbMsg + 1;
  431. BYTE i;
  433. if (*pcbMsg > 2 && pchMsg[ 0 ] == 'E' || pchMsg[ 1 ] == '=')
  434. {
  435. for (i = 2; i < *pcbMsg; ++i)
  436. {
  437. if (pchMsg[ i ] < '0' || pchMsg[ i ] > '9')
  438. break;
  440. *pchBuf++ = pchMsg[ i ];
  441. }
  443. *pchBuf = '\0';
  444. dwError = (DWORD )atol( szBuf );
  445. }
  446. }
  448. if (dwError == 0)
  449. {
  450. TRACE("PAP: Error code not found.\n");
  451. dwError = ERROR_AUTHENTICATION_FAILURE;
  452. }
  454. TRACE1("PAP: GetErrorFromNak done(%d)\n",dwError);
  455. return dwError;
  456. }
  459. VOID
  460. PapMakeRequestMessage(
  461. IN PAPWB* pwb,
  462. OUT PPP_CONFIG* pSendBuf,
  463. IN DWORD cbSendBuf )
  465. /* Builds a request packet in caller's 'pSendBuf' buffer. 'cbSendBuf' is
  466. ** the length of caller's buffer. 'pwb' is the address of the work
  467. ** buffer associated with the port.
  468. */
  469. {
  470. BYTE* pcbPeerId;
  471. CHAR* pchPeerId;
  472. BYTE* pcbPassword;
  473. CHAR* pchPassword;
  475. RTASSERT(cbSendBuf>=PPP_CONFIG_HDR_LEN+1+UNLEN+1+DNLEN+1+PWLEN);
  476. (void )cbSendBuf;
  478. /* Fill in the peer ID, i.e. the account.
  479. */
  480. pcbPeerId = pSendBuf->Data;
  481. *pcbPeerId = (BYTE )strlen( pwb->szAccount );
  483. pchPeerId = pcbPeerId + 1;
  484. strcpy( pchPeerId, pwb->szAccount );
  486. /* Fill in the password.
  487. */
  488. pcbPassword = pchPeerId + *pcbPeerId;
  489. *pcbPassword = (BYTE )strlen( pwb->szPassword );
  491. pchPassword = pcbPassword + 1;
  492. strcpy( pchPassword, pwb->szPassword );
  493. DecodePw( pwb->chSeed, pchPassword );
  495. /* Fill in the header.
  496. */
  497. pSendBuf->Code = (BYTE )PAPCODE_Req;
  498. pSendBuf->Id = pwb->bIdSent = BNextIdPap++;
  500. {
  501. WORD wLength =
  502. (WORD )(PPP_CONFIG_HDR_LEN + 1 + *pcbPeerId + 1 + *pcbPassword);
  503. HostToWireFormat16( wLength, pSendBuf->Length );
  504. TRACE("PAP: Request...\n");//DUMPB(pSendBuf,(DWORD )wLength);
  505. }
  506. }
  509. VOID
  510. PapMakeResultMessage(
  511. IN DWORD dwError,
  512. IN BYTE bId,
  513. OUT PPP_CONFIG* pSendBuf,
  514. IN DWORD cbSendBuf,
  515. IN RAS_AUTH_ATTRIBUTE* pAttributesFromAuthenticator)
  517. /* Builds a result packet (Ack or Nak) in caller's 'pSendBuf' buffer.
  518. ** 'cbSendBuf' is the length of caller's buffer. 'dwError' indicates
  519. ** whether an Ack (0) or Nak (!0) should be generated, and for Nak the
  520. ** failure code to include. 'bId' is the packet sequence number of the
  521. ** corresponding request packet. pAttributesFromAuthenticator points to
  522. ** attributes returned by the authenticator.
  523. */
  524. {
  525. BYTE* pcbMsg;
  526. BYTE cbMsg;
  527. CHAR* pchMsg;
  528. CHAR* pszReplyMessage = NULL;
  529. DWORD dwNumBytes;
  531. RTASSERT(cbSendBuf>=PPP_CONFIG_HDR_LEN+1+10);
  533. /* Fill in the header and message. If unsuccessful, the message is the
  534. ** decimal RAS error code in ASCII.
  535. */
  536. pSendBuf->Id = bId;
  537. pcbMsg = pSendBuf->Data;
  538. pchMsg = pcbMsg + 1;
  540. if (dwError == 0)
  541. {
  542. pSendBuf->Code = PAPCODE_Ack;
  543. cbMsg = 0;
  544. }
  545. else
  546. {
  547. pSendBuf->Code = PAPCODE_Nak;
  549. strcpy( pchMsg, "E=" );
  550. _ltoa( (long )dwError, (char* )pchMsg + 2, 10 );
  552. cbMsg = (BYTE )strlen( pchMsg );
  553. }
  555. if (pAttributesFromAuthenticator != NULL)
  556. {
  557. pszReplyMessage = RasAuthAttributeGetConcatString(
  558. raatReplyMessage,
  559. pAttributesFromAuthenticator, &dwNumBytes );
  560. }
  562. if (NULL != pszReplyMessage)
  563. {
  564. if (dwNumBytes + cbMsg > 0xFF)
  565. {
  566. dwNumBytes = 0xFF - cbMsg;
  567. }
  569. if (dwNumBytes > cbSendBuf - PPP_CONFIG_HDR_LEN - 1 - cbMsg)
  570. {
  571. dwNumBytes = cbSendBuf - PPP_CONFIG_HDR_LEN - 1 - cbMsg;
  572. }
  574. CopyMemory(pchMsg + cbMsg, pszReplyMessage, dwNumBytes);
  576. cbMsg += (BYTE)dwNumBytes;
  577. }
  579. LocalFree(pszReplyMessage);
  581. {
  582. WORD wLength = (WORD )(PPP_CONFIG_HDR_LEN + 1 + cbMsg);
  583. HostToWireFormat16( wLength, (PBYTE )pSendBuf->Length );
  584. *pcbMsg = cbMsg;
  585. TRACE("PAP: Result...\n");DUMPB(pSendBuf,(DWORD )wLength);
  586. }
  587. }
  590. VOID
  591. PapExtractMessage(
  592. IN PPP_CONFIG* pReceiveBuf,
  593. OUT PPPAP_RESULT* pResult )
  594. {
  595. DWORD dwNumBytes;
  596. CHAR* pszReplyMessage = NULL;
  597. WORD cbPacket;
  599. cbPacket = WireToHostFormat16(pReceiveBuf->Length);
  601. if (PPP_CONFIG_HDR_LEN >= cbPacket)
  602. {
  603. goto LDone;
  604. }
  606. //
  607. // There is one extra byte for Msg-Length
  608. //
  610. dwNumBytes = cbPacket - PPP_CONFIG_HDR_LEN - 1;
  612. //
  613. // One more for the terminating NULL.
  614. //
  616. pszReplyMessage = LocalAlloc(LPTR, dwNumBytes + 1);
  618. if (NULL == pszReplyMessage)
  619. {
  620. TRACE("LocalAlloc failed. Cannot extract server's message.");
  621. goto LDone;
  622. }
  624. CopyMemory(pszReplyMessage, pReceiveBuf->Data + 1, dwNumBytes);
  626. LocalFree(pResult->szReplyMessage);
  628. pResult->szReplyMessage = pszReplyMessage;
  630. pszReplyMessage = NULL;
  632. LDone:
  634. LocalFree(pszReplyMessage);
  636. return;
  637. }
  639. DWORD
  640. PapSMakeMessage(
  641. IN PAPWB* pwb,
  642. IN PPP_CONFIG* pReceiveBuf,
  643. OUT PPP_CONFIG* pSendBuf,
  644. IN DWORD cbSendBuf,
  645. IN PPPAP_INPUT* pInput,
  646. OUT PPPAP_RESULT* pResult )
  648. /* Server side "make message" entry point. See RasCp interface
  649. ** documentation.
  650. */
  651. {
  652. DWORD dwErr;
  654. switch (pwb->state)
  655. {
  656. case PS_Initial:
  657. {
  658. /* Tell engine we're waiting for the client to initiate the
  659. ** conversation.
  660. */
  661. pResult->Action = APA_NoAction;
  662. pwb->state = PS_WaitForRequest;
  663. break;
  664. }
  666. case PS_WaitForRequest:
  667. {
  668. CHAR szIdentity[ UNLEN + DNLEN + 2 ];
  669. CHAR szPassword[ PWLEN + 1 ];
  671. //
  672. // Only process events where we received a packet, igore all other
  673. // events in this state.
  674. //
  676. if ( pReceiveBuf == NULL )
  677. {
  678. pResult->Action = APA_NoAction;
  679. break;
  680. }
  682. if (pReceiveBuf->Code != PAPCODE_Req)
  683. {
  684. /* Silently discard Ack or Nak. Engine catches the one's that
  685. ** aren't even valid codes.
  686. */
  687. RTASSERT(pReceiveBuf->Code!=PAPCODE_Req);
  688. pResult->Action = APA_NoAction;
  689. break;
  690. }
  692. /* Extract user's credentials from received packet.
  693. */
  694. if ((dwErr = GetCredentialsFromRequest(
  695. pReceiveBuf, szIdentity, szPassword )) != 0)
  696. {
  697. if (dwErr == ERRORBADPACKET)
  698. {
  699. /* The packet is corrupt. Silently discard it.
  700. */
  701. RTASSERT(dwErr!=ERRORBADPACKET);
  702. pResult->Action = APA_NoAction;
  703. break;
  704. }
  706. return dwErr;
  707. }
  709. pwb->bLastIdReceived = pReceiveBuf->Id;
  711. //
  712. // Make credentials attributes that will be used to authenticate
  713. // the client.
  714. //
  716. if ( pwb->pUserAttributes != NULL )
  717. {
  718. RasAuthAttributeDestroy( pwb->pUserAttributes );
  720. pwb->pUserAttributes = NULL;
  721. }
  723. if (( pwb->pUserAttributes = RasAuthAttributeCreate( 2 ) ) == NULL)
  724. {
  725. return( GetLastError() );
  726. }
  728. dwErr = RasAuthAttributeInsert( 0,
  729. pwb->pUserAttributes,
  730. raatUserName,
  731. FALSE,
  732. strlen( szIdentity ),
  733. szIdentity );
  735. if ( dwErr != NO_ERROR )
  736. {
  737. RasAuthAttributeDestroy( pwb->pUserAttributes );
  739. pwb->pUserAttributes = NULL;
  741. return( dwErr );
  742. }
  744. dwErr = RasAuthAttributeInsert( 1,
  745. pwb->pUserAttributes,
  746. raatUserPassword,
  747. FALSE,
  748. strlen( szPassword ),
  749. szPassword );
  751. if ( dwErr != NO_ERROR )
  752. {
  753. RasAuthAttributeDestroy( pwb->pUserAttributes );
  755. pwb->pUserAttributes = NULL;
  757. return( dwErr );
  758. }
  760. //
  761. // Start authentication with back-end module
  762. //
  764. strcpy( pwb->result.szUserName, szIdentity );
  766. pResult->pUserAttributes = pwb->pUserAttributes;
  768. pResult->Action = APA_Authenticate;
  770. pwb->state = PS_WaitForAuthenticationToComplete;
  772. break;
  773. }
  775. case PS_WaitForAuthenticationToComplete:
  776. {
  777. if ( pInput != NULL )
  778. {
  779. if ( pInput->fAuthenticationComplete )
  780. {
  781. strcpy( pResult->szUserName, pwb->result.szUserName );
  783. if ( pInput->dwAuthError != NO_ERROR )
  784. {
  785. return( pInput->dwAuthError );
  786. }
  788. if ( pInput->dwAuthResultCode != NO_ERROR )
  789. {
  790. pwb->result.dwError = pInput->dwAuthResultCode;
  791. }
  793. pwb->result.Action = APA_SendAndDone;
  794. pwb->state = PS_Done;
  796. /* ...fall thru...
  797. */
  798. }
  799. }
  801. if ( ( pInput == NULL ) || ( !pInput->fAuthenticationComplete ) )
  802. {
  803. //
  804. // Ignore everything if authentication is not complete
  805. //
  807. if ( pReceiveBuf != NULL )
  808. {
  809. pwb->bLastIdReceived = pReceiveBuf->Id;
  810. }
  812. pResult->Action = APA_NoAction;
  814. break;
  815. }
  816. }
  818. case PS_Done:
  819. {
  820. //
  821. // If we received a packet or the back-end authenticator completed
  822. //
  824. if ( ( pReceiveBuf != NULL ) ||
  825. ( ( pInput != NULL ) && ( pInput->fAuthenticationComplete ) ) )
  826. {
  827. //
  828. // Build the Ack or Nak packet. The same packet sent in
  829. // response to the first Authenticate-Req packet is sent in
  830. // response to all subsequent Authenticate-Req packets
  831. // regardless of credentials (per PAP spec).
  832. //
  834. if ( pReceiveBuf != NULL )
  835. {
  836. pwb->bLastIdReceived = pReceiveBuf->Id;
  837. }
  839. PapMakeResultMessage( pwb->result.dwError,
  840. pwb->bLastIdReceived,
  841. pSendBuf,
  842. cbSendBuf,
  843. (pInput != NULL) ?
  844. pInput->pAttributesFromAuthenticator :
  845. NULL );
  847. CopyMemory( pResult, &pwb->result, sizeof(*pResult) );
  848. }
  849. else
  850. {
  851. pResult->Action = APA_NoAction;
  853. break;
  854. }
  856. break;
  857. }
  858. }
  860. return 0;
  861. }