mirror of https://github.com/UMSKT/xpmgr.git
441 lines
19 KiB
C
441 lines
19 KiB
C
///////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Copyright (c) Microsoft Corporation
|
|
//
|
|
// SYNOPSIS
|
|
//
|
|
// Declares datastructures that are needed by eap methods on the Peer.
|
|
//
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
#ifndef EAP_METHOD_AUTHENTICATOR_APIS_H
|
|
#define EAP_METHOD_AUTHENTICATOR_APIS_H
|
|
#pragma once
|
|
|
|
#ifndef __eapauthenticatortypes_h__
|
|
#include "EapAuthenticatorTypes.h"
|
|
#endif
|
|
|
|
#ifndef EAPAUTHENTICATORACTIONDEFINE_H
|
|
#include "EapAuthenticatorActionDefine.h"
|
|
#endif
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
//
|
|
// Defines used for installation of EAP DLL
|
|
// HKLM\System\CCS\Services\Eaphost\Methods\[AuthorId]\[EapTypeId])
|
|
//
|
|
// Custom EAP DLL registry installation example:
|
|
// Name = Sample.dll,
|
|
// AuthorId = 311(Microsoft),
|
|
// EapTypeId = (decimal 40)
|
|
// HKLM\System\CCS\Services\Eaphost\Methods\311\40
|
|
//
|
|
// AuthenticatorDllPath (REG_EXPAND_SZ) %SystemRoot%\system32\sample.dll
|
|
// AuthenticatorFriendlyName (REG_SZ) Sample EAP Protocol
|
|
|
|
//
|
|
// Defines used for installation of EAP DLL
|
|
// HKLM\System\CCS\Services\Eaphost\Methods\[AuthorId]\254\[VendorId]\[EapTypeId])
|
|
//
|
|
// Custom Expanded EAP DLL registry installation example:
|
|
// Name = Sample.dll,
|
|
// AuthorId = 311(Microsoft),
|
|
// VendorId = 311(Microsoft),
|
|
// EapTypeId = (decimal 40)
|
|
// HKLM\System\CCS\Services\Eaphost\Methods\311\254\311\40
|
|
//
|
|
// AuthenticatorDllPath (REG_EXPAND_SZ) %SystemRoot%\system32\sample.dll
|
|
// AuthenticatorFriendlyName (REG_SZ) Sample EAP Protocol
|
|
|
|
|
|
// ConfigCLSID (REG_SZ) {0000031A-0000-0000-C000-000000000046}
|
|
// StandaloneSupported (REG_DWORD) 1
|
|
//
|
|
|
|
|
|
#define EAP_REGISTRY_LOCATION \
|
|
TEXT("System\\CurrentControlSet\\Services\\EapHost\\Methods")
|
|
|
|
#define EAP_AUTHENTICATOR_VALUENAME_DLL_PATH TEXT("AuthenticatorDllPath")
|
|
#define EAP_AUTHENTICATOR_VALUENAME_FRIENDLY_NAME TEXT("AuthenticatorFriendlyName")
|
|
#define EAP_AUTHENTICATOR_VALUENAME_PROPERTIES TEXT("Properties")
|
|
#define EAP_AUTHENTICATOR_VALUENAME_CONFIGUI TEXT("AuthenticatorConfigUIPath")
|
|
|
|
//For authenticator
|
|
// Are these needed any more? Or are we going to define better ways of
|
|
// encapsulating them.
|
|
//#define EAP_AUTHENTICATOR_VALUENAME_CONFIG_CLSID TEXT("ConfigCLSID")
|
|
//#define EAP_AUTHENTICATOR_VALUENAME_PER_POLICY_CONFIG TEXT("PerPolicyConfig")
|
|
|
|
|
|
// Structures used by EAP methods on the peer to communicate with the host.
|
|
|
|
// List of functions corresponding to the particular EAP method
|
|
typedef struct _EAP_AUTHENTICATOR_METHOD_ROUTINES
|
|
{
|
|
// FIXME: Why is the size needed?
|
|
DWORD dwSizeInBytes;
|
|
EAP_METHOD_TYPE* pEapType;
|
|
|
|
|
|
DWORD (APIENTRY * EapMethodAuthenticatorInitialize) (
|
|
IN EAP_METHOD_TYPE* pEapType,
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
DWORD (APIENTRY * EapMethodAuthenticatorBeginSession) (
|
|
// Flags to qualify the authentication process.
|
|
IN DWORD dwFlags,
|
|
// Identity of the user being authenticated
|
|
IN LPCWSTR pwszIdentity,
|
|
// Pointer to an array of attributes. This array contains attributes that
|
|
// describe the entity being authenticated.
|
|
IN const EapAttributes* const pAttributeArray,
|
|
// Specifies the size in bytes of the data pointed to by pConnectionData.
|
|
// If pConnectionData is NULL, this member is zero.
|
|
IN DWORD dwSizeofConnectionData,
|
|
// Pointer to connection data received from the authentication protocol's
|
|
// configuration user interface.
|
|
IN const BYTE* const pConnectionData,
|
|
// This is the maximum size of an eap packet that the authenticator can send.
|
|
IN DWORD dwMaxSendPacketSize,
|
|
// The session handle that identifies the current authentication session.
|
|
OUT EAP_SESSION_HANDLE* pSessionHandle,
|
|
// On an unsuccessful call, this will contain any error information about
|
|
// the failure. This will be null on a successful call.
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
DWORD (APIENTRY * EapMethodAuthenticatorUpdateInnerMethodParams)(
|
|
// context handle as returned from a successful call to
|
|
// EapAuthenticatorBeginSession
|
|
IN EAP_SESSION_HANDLE sessionHandle,
|
|
IN DWORD dwFlags,
|
|
IN CONST WCHAR* pwszIdentity,
|
|
// Pointer to an array of attributes. This array contains attributes that
|
|
// describe the entity being authenticated.
|
|
IN const EapAttributes* const pAttributeArray,
|
|
// On an unsuccessful call, this will contain any error information about
|
|
// the failure. This will be null on a successful call.
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
// The authenticator calls this any time it receives a packet that the eaphost
|
|
// needs to process. This should be called only after a successful call to
|
|
// EapAuthenticatorBeginSession.
|
|
DWORD (APIENTRY * EapMethodAuthenticatorReceivePacket) (
|
|
// context handle as returned from a successful call to
|
|
// EapAuthenticatorBeginSession
|
|
IN EAP_SESSION_HANDLE sessionHandle,
|
|
// Specifies the size, in bytes, of the buffer pointed to by
|
|
// pReceivePacket
|
|
IN DWORD cbReceivePacket,
|
|
// Pointer to a buffer that contains the incoming EAP data received by
|
|
// the supplicant.
|
|
IN const EapPacket* const pReceivePacket,
|
|
// This enumeration tells the supplicant to take an appropriate action.
|
|
// The supplicant will typically look at this action and either call
|
|
// another method on eaphost or do something else on its own.
|
|
OUT EAP_METHOD_AUTHENTICATOR_RESPONSE_ACTION* pEapOutput,
|
|
// On an unsuccessful call, this will contain any error information about
|
|
// the failure. This will be null on a successful call.
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
|
|
DWORD (APIENTRY * EapMethodAuthenticatorSendPacket) (
|
|
// context handle as returned from a successful call to
|
|
// EapHostAuthenticatorBeginSession
|
|
IN EAP_SESSION_HANDLE sessionHandle,
|
|
// Id to use when constructing the SendPacket
|
|
IN BYTE bPacketId,
|
|
// Specifies the limit on the size, in bytes, on the packet generated
|
|
// by eaphost. On a successful return, this will contain the size of the
|
|
// data added by the eap module.
|
|
OUT DWORD* pcbSendPacket,
|
|
// Pointer to a buffer that is allocated by the client and populated
|
|
// by the eap module. The value of the incoming buffer is ignored and
|
|
// the method populates it from the beginning of the buffer.
|
|
OUT EapPacket* pSendPacket,
|
|
// Timeout option for sending the packet
|
|
OUT EAP_AUTHENTICATOR_SEND_TIMEOUT* pTimeout,
|
|
// On an unsuccessful call, this will contain any error information about
|
|
// the failure. This will be null on a successful call.
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
|
|
// Returns an array of attributes that the caller needs to act on.
|
|
// The supplicant will call this when a call to
|
|
// EapHostAuthenticatorProcessRequestPacket returns EapHostAuthenticatorResponseRespond.
|
|
DWORD (APIENTRY * EapMethodAuthenticatorGetAttributes) (
|
|
// context handle as returned from a successful call to
|
|
// EapHostAuthenticatorBeginSession
|
|
IN EAP_SESSION_HANDLE sessionHandle,
|
|
// Array of attributes that the caller needs to act on.
|
|
OUT EapAttributes* pAttribs,
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
|
|
// Sets an array of attributes that the caller wants the eap method to act
|
|
// on.
|
|
DWORD (APIENTRY * EapMethodAuthenticatorSetAttributes) (
|
|
// context handle as returned from a successful call to
|
|
// EapHostAuthenticatorBeginSession
|
|
IN EAP_SESSION_HANDLE sessionHandle,
|
|
IN const EapAttributes* const pAttribs,
|
|
// This enumeration tells the supplicant to take an appropriate action.
|
|
// The supplicant will typically look at this action and either call
|
|
// another method on eaphost or do something else on its own.
|
|
OUT EAP_METHOD_AUTHENTICATOR_RESPONSE_ACTION* pEapOutput,
|
|
// On an unsuccessful call, this will contain any error information about
|
|
// the failure. This will be null on a successful call.
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
|
|
// The authenticator will call this on completion of an authentication. This
|
|
// can happen in any of the following scenarios:
|
|
// 1. A call to EapHostAuthenticatorReceivePacket returned
|
|
// EAP_HOST_AUTHENTICATOR_RESPONSE_SUCCESS or EAP_HOST_AUTHENTICATOR_RESPONSE_FAILURE
|
|
// Even if the action returned above was a success, the authenticator can choose to call
|
|
// this method with a failure.
|
|
// 2. The server can choose to terminate an authentication with a failure in the middle of
|
|
// an authentication.
|
|
DWORD (APIENTRY * EapMethodAuthenticatorGetResult) (
|
|
// context handle as returned from a successful call to
|
|
// EapHostPeerBeginSession
|
|
IN EAP_SESSION_HANDLE sessionHandle,
|
|
// A structure that indicates the result and any state that the
|
|
// supplicant needs to save for future authentications.
|
|
OUT EAP_METHOD_AUTHENTICATOR_RESULT* pResult,
|
|
// On an unsuccessful call, this will contain any error information about
|
|
// the failure. This will be null on a successful call.
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
|
|
// Ends the authentication session. This cleans up any state that the eap
|
|
// method or eaphost might be keeping.
|
|
DWORD (APIENTRY * EapMethodAuthenticatorEndSession) (
|
|
// context handle as returned from a successful call to
|
|
// EapHostPeerBeginSession. This will be set to NULL on a successful call.
|
|
IN EAP_SESSION_HANDLE sessionHandle,
|
|
// On an unsuccessful call, this will contain any error information about
|
|
// the failure. This will be null on a successful call.
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
|
|
DWORD (APIENTRY * EapMethodAuthenticatorShutdown) (
|
|
IN EAP_METHOD_TYPE* pEapType,
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
} EAP_AUTHENTICATOR_METHOD_ROUTINES, *PEAP_AUTHENTICATOR_METHOD_ROUTINES;
|
|
|
|
|
|
//
|
|
// EAP Functions
|
|
//
|
|
void WINAPI EapMethodAuthenticatorFreeErrorMemory(IN EAP_ERROR* pEapError);
|
|
void WINAPI EapMethodAuthenticatorFreeMemory(
|
|
IN void* pUIContextData
|
|
);
|
|
|
|
DWORD EapMethodAuthenticatorGetInfo(
|
|
IN EAP_METHOD_TYPE* pEapType,
|
|
OUT EAP_AUTHENTICATOR_METHOD_ROUTINES* pEapInfo,
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
DWORD EapMethodAuthenticatorInitialize(
|
|
IN EAP_METHOD_TYPE* pEapType,
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
DWORD EapMethodAuthenticatorBeginSession(
|
|
// Flags to qualify the authentication process.
|
|
IN DWORD dwFlags,
|
|
// Initial Id
|
|
IN BYTE bInitialId,
|
|
// Identity of the user being authenticated
|
|
IN LPCWSTR pwszIdentity,
|
|
// Pointer to an array of attributes. This array contains attributes that
|
|
// describe the entity being authenticated.
|
|
IN const EapAttributes* const pAttributeArray,
|
|
// Specifies the size in bytes of the data pointed to by pConnectionData.
|
|
// If pConnectionData is NULL, this member is zero.
|
|
IN DWORD dwSizeofConnectionData,
|
|
// Pointer to connection data received from the authentication protocol's
|
|
// configuration user interface.
|
|
IN const BYTE* const pConnectionData,
|
|
// This is the maximum size of an eap packet that the authenticator can send.
|
|
IN DWORD dwMaxSendPacketSize,
|
|
// The session handle that identifies the current authentication session.
|
|
OUT EAP_SESSION_HANDLE* pSessionHandle,
|
|
// On an unsuccessful call, this will contain any error information about
|
|
// the failure. This will be null on a successful call.
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
DWORD EapMethodAuthenticatorUpdateInnerMethodParams(
|
|
// context handle as returned from a successful call to
|
|
// EapAuthenticatorBeginSession
|
|
IN EAP_SESSION_HANDLE sessionHandle,
|
|
IN DWORD dwFlags,
|
|
IN CONST WCHAR* pwszIdentity,
|
|
// Pointer to an array of attributes. This array contains attributes that
|
|
// describe the entity being authenticated.
|
|
IN const EapAttributes* const pAttributeArray,
|
|
// On an unsuccessful call, this will contain any error information about
|
|
// the failure. This will be null on a successful call.
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
|
|
// The authenticator calls this any time it receives a packet that the eaphost
|
|
// needs to process. This should be called only after a successful call to
|
|
// EapAuthenticatorBeginSession.
|
|
DWORD EapMethodAuthenticatorReceivePacket(
|
|
// context handle as returned from a successful call to
|
|
// EapAuthenticatorBeginSession
|
|
IN EAP_SESSION_HANDLE sessionHandle,
|
|
// Specifies the size, in bytes, of the buffer pointed to by
|
|
// pReceivePacket
|
|
IN DWORD cbReceivePacket,
|
|
// Pointer to a buffer that contains the incoming EAP data received by
|
|
// the supplicant.
|
|
IN const EapPacket* const pReceivePacket,
|
|
// This enumeration tells the supplicant to take an appropriate action.
|
|
// The supplicant will typically look at this action and either call
|
|
// another method on eaphost or do something else on its own.
|
|
OUT EAP_METHOD_AUTHENTICATOR_RESPONSE_ACTION* pEapOutput,
|
|
// On an unsuccessful call, this will contain any error information about
|
|
// the failure. This will be null on a successful call.
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
|
|
DWORD EapMethodAuthenticatorSendPacket(
|
|
// context handle as returned from a successful call to
|
|
// EapHostAuthenticatorBeginSession
|
|
IN EAP_SESSION_HANDLE sessionHandle,
|
|
// Id to use when constructing the SendPacket
|
|
IN BYTE bPacketId,
|
|
// Specifies the limit on the size, in bytes, on the packet generated
|
|
// by eaphost. On a successful return, this will contain the size of the
|
|
// data added by the eap module.
|
|
IN OUT DWORD* pcbSendPacket,
|
|
// Pointer to a buffer that is allocated by the client and populated
|
|
// by the eap module. The value of the incoming buffer is ignored and
|
|
// the method populates it from the beginning of the buffer.
|
|
OUT EapPacket* pSendPacket,
|
|
// Timeout option for sending the packet
|
|
OUT EAP_AUTHENTICATOR_SEND_TIMEOUT* pTimeout,
|
|
// On an unsuccessful call, this will contain any error information about
|
|
// the failure. This will be null on a successful call.
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
|
|
// Returns an array of attributes that the caller needs to act on.
|
|
// The supplicant will call this when a call to
|
|
// EapHostAuthenticatorProcessRequestPacket returns EapHostAuthenticatorResponseRespond.
|
|
DWORD EapMethodAuthenticatorGetAttributes(
|
|
// context handle as returned from a successful call to
|
|
// EapHostAuthenticatorBeginSession
|
|
IN EAP_SESSION_HANDLE sessionHandle,
|
|
// Array of attributes that the caller needs to act on.
|
|
OUT EapAttributes* pAttribs,
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
|
|
|
|
// Sets an array of attributes that the caller wants the eap method to act
|
|
// on.
|
|
DWORD EapMethodAuthenticatorSetAttributes(
|
|
// context handle as returned from a successful call to
|
|
// EapHostAuthenticatorBeginSession
|
|
IN EAP_SESSION_HANDLE sessionHandle,
|
|
IN const EapAttributes* const pAttribs,
|
|
// This enumeration tells the supplicant to take an appropriate action.
|
|
// The supplicant will typically look at this action and either call
|
|
// another method on eaphost or do something else on its own.
|
|
OUT EAP_METHOD_AUTHENTICATOR_RESPONSE_ACTION* pEapOutput,
|
|
// On an unsuccessful call, this will contain any error information about
|
|
// the failure. This will be null on a successful call.
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
|
|
|
|
// The authenticator will call this on completion of an authentication. This
|
|
// can happen in any of the following scenarios:
|
|
// 1. A call to EapHostAuthenticatorReceivePacket returned
|
|
// EAP_HOST_AUTHENTICATOR_RESPONSE_SUCCESS or EAP_HOST_AUTHENTICATOR_RESPONSE_FAILURE
|
|
// Even if the action returned above was a success, the authenticator can choose to call
|
|
// this method with a failure.
|
|
// 2. The server can choose to terminate an authentication with a failure in the middle of
|
|
// an authentication.
|
|
DWORD EapMethodAuthenticatorGetResult(
|
|
// context handle as returned from a successful call to
|
|
// EapHostPeerBeginSession
|
|
IN EAP_SESSION_HANDLE sessionHandle,
|
|
// A structure that indicates the result and any state that the
|
|
// supplicant needs to save for future authentications.
|
|
OUT EAP_METHOD_AUTHENTICATOR_RESULT* pResult,
|
|
// On an unsuccessful call, this will contain any error information about
|
|
// the failure. This will be null on a successful call.
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
|
|
// Ends the authentication session. This cleans up any state that the eap
|
|
// method or eaphost might be keeping.
|
|
DWORD EapMethodAuthenticatorEndSession(
|
|
// context handle as returned from a successful call to
|
|
// EapHostPeerBeginSession. This will be set to NULL on a successful call.
|
|
IN EAP_SESSION_HANDLE sessionHandle,
|
|
// On an unsuccessful call, this will contain any error information about
|
|
// the failure. This will be null on a successful call.
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
|
|
DWORD EapMethodAuthenticatorShutdown(
|
|
IN EAP_METHOD_TYPE* pEapType,
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
|
|
/// Config API
|
|
|
|
#define EAP_METHOD_AUTHENTICATOR_CONFIG_IS_IDENTITY_PRIVACY 0x1
|
|
|
|
DWORD WINAPI EapMethodAuthenticatorInvokeConfigUI(
|
|
IN EAP_METHOD_TYPE* pEapMethodType,
|
|
IN HWND hwndParent,
|
|
IN DWORD dwFlags,
|
|
IN LPCWSTR pwszMachineName,
|
|
IN DWORD dwSizeOfConfigIn,
|
|
IN BYTE* pConfigIn,
|
|
OUT DWORD* pdwSizeOfConfigOut,
|
|
OUT BYTE** ppConfigOut,
|
|
OUT EAP_ERROR** ppEapError
|
|
);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif // EAP_METHOD_AUTHENTICATOR_APIS_H
|
|
|
|
|