// Bridging thread
void BrBridgeThread(THREAD *thread, void *param)
{
BRIDGE *b;
CONNECTION *c;
SESSION *s;
HUB *h;
char name[MAX_SIZE];
// Validate arguments
if (thread == NULL || param == NULL)
{
return;
}
b = (BRIDGE *)param;
// Create a connection object
c = NewServerConnection(b->Cedar, NULL, thread);
c->Protocol = CONNECTION_HUB_BRIDGE;
// Create a session object
s = NewServerSession(b->Cedar, c, b->Hub, BRIDGE_USER_NAME, b->Policy);
HLog(b->Hub, "LH_START_BRIDGE", b->Name, s->Name);
StrCpy(name, sizeof(name), b->Name);
h = b->Hub;
AddRef(h->ref);
s->BridgeMode = true;
s->Bridge = b;
c->Session = s;
ReleaseConnection(c);
// Dummy user name for local-bridge
s->Username = CopyStr(BRIDGE_USER_NAME_PRINT);
b->Session = s;
AddRef(s->ref);
// Notify completion
NoticeThreadInit(thread);
// Main procedure of the session
Debug("Bridge %s Start.\n", b->Name);
SessionMain(s);
Debug("Bridge %s Stop.\n", b->Name);
HLog(h, "LH_STOP_BRIDGE", name);
ReleaseHub(h);
ReleaseSession(s);
}
// Link server thread
void LinkServerSessionThread(THREAD *t, void *param)
{
LINK *k = (LINK *)param;
CONNECTION *c;
SESSION *s;
POLICY *policy;
wchar_t name[MAX_SIZE];
// Validate arguments
if (t == NULL || param == NULL)
{
return;
}
// Create a server connection
c = NewServerConnection(k->Cedar, NULL, t);
c->Protocol = CONNECTION_HUB_LINK_SERVER;
// Create a policy
policy = ZeroMalloc(sizeof(POLICY));
Copy(policy, k->Policy, sizeof(POLICY));
// Create a server session
s = NewServerSession(k->Cedar, c, k->Hub, LINK_USER_NAME, policy);
s->LinkModeServer = true;
s->Link = k;
c->Session = s;
ReleaseConnection(c);
// User name
s->Username = CopyStr(LINK_USER_NAME_PRINT);
k->ServerSession = s;
AddRef(k->ServerSession->ref);
// Notify the initialization completion
NoticeThreadInit(t);
UniStrCpy(name, sizeof(name), k->Option->AccountName);
HLog(s->Hub, "LH_LINK_START", name, s->Name);
// Main function of session
SessionMain(s);
HLog(s->Hub, "LH_LINK_STOP", name);
ReleaseSession(s);
}
// リンクサーバースレッド
void LinkServerSessionThread(THREAD *t, void *param)
{
LINK *k = (LINK *)param;
CONNECTION *c;
SESSION *s;
POLICY *policy;
wchar_t name[MAX_SIZE];
// 引数チェック
if (t == NULL || param == NULL)
{
return;
}
// サーバーコネクションの作成
c = NewServerConnection(k->Cedar, NULL, t);
c->Protocol = CONNECTION_HUB_LINK_SERVER;
// ポリシーの作成
policy = ZeroMalloc(sizeof(POLICY));
Copy(policy, k->Policy, sizeof(POLICY));
// サーバーセッションの作成
s = NewServerSession(k->Cedar, c, k->Hub, LINK_USER_NAME, policy);
s->LinkModeServer = true;
s->Link = k;
c->Session = s;
ReleaseConnection(c);
// ユーザー名
s->Username = CopyStr(LINK_USER_NAME_PRINT);
k->ServerSession = s;
AddRef(k->ServerSession->ref);
// 初期化完了を通知
NoticeThreadInit(t);
UniStrCpy(name, sizeof(name), k->Option->AccountName);
HLog(s->Hub, "LH_LINK_START", name, s->Name);
// セッションのメイン関数
SessionMain(s);
HLog(s->Hub, "LH_LINK_STOP", name);
ReleaseSession(s);
}
// Certificate authentication of user
bool SamAuthUserByCert(HUB *h, char *username, X *x)
{
bool b = false;
// Validate arguments
if (h == NULL || username == NULL || x == NULL)
{
return false;
}
if (GetGlobalServerFlag(GSF_DISABLE_CERT_AUTH) != 0)
{
return false;
}
// Check expiration date
if (CheckXDateNow(x) == false)
{
return false;
}
// Check the Certification Revocation List
if (IsValidCertInHub(h, x) == false)
{
// Bad
wchar_t tmp[MAX_SIZE * 2];
// Log the contents of the certificate
GetAllNameFromX(tmp, sizeof(tmp), x);
HLog(h, "LH_AUTH_NG_CERT", username, tmp);
return false;
}
AcLock(h);
{
USER *u;
u = AcGetUser(h, username);
if (u)
{
Lock(u->lock);
{
if (u->AuthType == AUTHTYPE_USERCERT)
{
// Check whether to matche with the registered certificate
AUTHUSERCERT *auth = (AUTHUSERCERT *)u->AuthData;
if (CompareX(auth->UserX, x))
{
b = true;
}
}
else if (u->AuthType == AUTHTYPE_ROOTCERT)
{
// Check whether the certificate has been signed by the root certificate
AUTHROOTCERT *auth = (AUTHROOTCERT *)u->AuthData;
if (h->HubDb != NULL)
{
LockList(h->HubDb->RootCertList);
{
X *root_cert;
root_cert = GetIssuerFromList(h->HubDb->RootCertList, x);
if (root_cert != NULL)
{
b = true;
if (auth->CommonName != NULL && UniIsEmptyStr(auth->CommonName) == false)
{
// Compare the CN
if (UniStrCmpi(x->subject_name->CommonName, auth->CommonName) != 0)
{
b = false;
}
}
if (auth->Serial != NULL && auth->Serial->size >= 1)
{
// Compare the serial number
if (CompareXSerial(x->serial, auth->Serial) == false)
{
b = false;
}
}
}
}
UnlockList(h->HubDb->RootCertList);
}
}
}
Unlock(u->lock);
ReleaseUser(u);
}
}
AcUnlock(h);
if (b)
{
wchar_t tmp[MAX_SIZE * 2];
// Log the contents of the certificate
GetAllNameFromX(tmp, sizeof(tmp), x);
HLog(h, "LH_AUTH_OK_CERT", username, tmp);
}
return b;
}
// Plaintext password authentication of user
bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *password, bool ast, UCHAR *mschap_v2_server_response_20, RADIUS_LOGIN_OPTION *opt)
{
bool b = false;
wchar_t *name = NULL;
bool auth_by_nt = false;
HUB *h;
// Validate arguments
if (hub == NULL || c == NULL || username == NULL)
{
return false;
}
if (GetGlobalServerFlag(GSF_DISABLE_RADIUS_AUTH) != 0)
{
return false;
}
h = hub;
AddRef(h->ref);
// Get the user name on authentication system
AcLock(hub);
{
USER *u;
u = AcGetUser(hub, ast == false ? username : "******");
if (u)
{
Lock(u->lock);
{
if (u->AuthType == AUTHTYPE_RADIUS)
{
// Radius authentication
AUTHRADIUS *auth = (AUTHRADIUS *)u->AuthData;
if (ast || auth->RadiusUsername == NULL || UniStrLen(auth->RadiusUsername) == 0)
{
name = CopyStrToUni(username);
}
else
{
name = CopyUniStr(auth->RadiusUsername);
}
auth_by_nt = false;
}
else if (u->AuthType == AUTHTYPE_NT)
{
// NT authentication
AUTHNT *auth = (AUTHNT *)u->AuthData;
if (ast || auth->NtUsername == NULL || UniStrLen(auth->NtUsername) == 0)
{
name = CopyStrToUni(username);
}
else
{
name = CopyUniStr(auth->NtUsername);
}
auth_by_nt = true;
}
}
Unlock(u->lock);
ReleaseUser(u);
}
}
AcUnlock(hub);
if (name != NULL)
{
if (auth_by_nt == false)
{
// Radius authentication
char radius_server_addr[MAX_SIZE];
UINT radius_server_port;
char radius_secret[MAX_SIZE];
char suffix_filter[MAX_SIZE];
wchar_t suffix_filter_w[MAX_SIZE];
UINT interval;
Zero(suffix_filter, sizeof(suffix_filter));
Zero(suffix_filter_w, sizeof(suffix_filter_w));
// Get the Radius server information
if (GetRadiusServerEx2(hub, radius_server_addr, sizeof(radius_server_addr), &radius_server_port, radius_secret, sizeof(radius_secret), &interval, suffix_filter, sizeof(suffix_filter)))
{
Unlock(hub->lock);
StrToUni(suffix_filter_w, sizeof(suffix_filter_w), suffix_filter);
if (UniIsEmptyStr(suffix_filter_w) || UniEndWith(name, suffix_filter_w))
{
// Attempt to login
b = RadiusLogin(c, radius_server_addr, radius_server_port,
radius_secret, StrLen(radius_secret),
name, password, interval, mschap_v2_server_response_20, opt);
}
Lock(hub->lock);
}
else
{
HLog(hub, "LH_NO_RADIUS_SETTING", name);
}
}
else
{
// NT authentication (Not available for non-Win32)
#ifdef OS_WIN32
IPC_MSCHAP_V2_AUTHINFO mschap;
Unlock(hub->lock);
if (ParseAndExtractMsChapV2InfoFromPassword(&mschap, password) == false)
{
// Plaintext password authentication
b = MsCheckLogon(name, password);
}
else
{
UCHAR challenge8[8];
UCHAR nt_pw_hash_hash[16];
char nt_name[MAX_SIZE];
UniToStr(nt_name, sizeof(nt_name), name);
// MS-CHAPv2 authentication
MsChapV2_GenerateChallenge8(challenge8, mschap.MsChapV2_ClientChallenge,
mschap.MsChapV2_ServerChallenge,
mschap.MsChapV2_PPPUsername);
Debug("MsChapV2_PPPUsername = %s, nt_name = %s\n", mschap.MsChapV2_PPPUsername, nt_name);
b = MsPerformMsChapV2AuthByLsa(nt_name, challenge8, mschap.MsChapV2_ClientResponse, nt_pw_hash_hash);
if (b)
{
if (mschap_v2_server_response_20 != NULL)
{
MsChapV2Server_GenerateResponse(mschap_v2_server_response_20, nt_pw_hash_hash,
mschap.MsChapV2_ClientResponse, challenge8);
}
}
}
Lock(hub->lock);
#else // OS_WIN32
// Nothing to do other than Win32
#endif // OS_WIN32
}
// Memory release
Free(name);
}
ReleaseHub(h);
return b;
}
// SecureNAT server-side thread
void SnSecureNATThread(THREAD *t, void *param)
{
SNAT *s;
CONNECTION *c;
SESSION *se;
POLICY *policy;
HUB *h;
// Validate arguments
if (t == NULL || param == NULL)
{
return;
}
s = (SNAT *)param;
// Create a server connection
c = NewServerConnection(s->Cedar, NULL, t);
c->Protocol = CONNECTION_HUB_SECURE_NAT;
// Apply the default policy
policy = ClonePolicy(GetDefaultPolicy());
// Not to limit the number of broadcast
policy->NoBroadcastLimiter = true;
h = s->Hub;
AddRef(h->ref);
// create a server session
se = NewServerSession(s->Cedar, c, s->Hub, SNAT_USER_NAME, policy);
se->SecureNATMode = true;
se->SecureNAT = s;
c->Session = se;
ReleaseConnection(c);
HLog(se->Hub, "LH_NAT_START", se->Name);
// User name
se->Username = CopyStr(SNAT_USER_NAME_PRINT);
s->Session = se;
AddRef(se->ref);
// Notification initialization completion
NoticeThreadInit(t);
ReleaseCancel(s->Nat->Virtual->Cancel);
s->Nat->Virtual->Cancel = se->Cancel1;
AddRef(se->Cancel1->ref);
if (s->Nat->Virtual->NativeNat != NULL)
{
CANCEL *old_cancel = NULL;
Lock(s->Nat->Virtual->NativeNat->CancelLock);
{
if (s->Nat->Virtual->NativeNat->Cancel != NULL)
{
old_cancel = s->Nat->Virtual->NativeNat->Cancel;
s->Nat->Virtual->NativeNat->Cancel = se->Cancel1;
AddRef(se->Cancel1->ref);
}
}
Unlock(s->Nat->Virtual->NativeNat->CancelLock);
if (old_cancel != NULL)
{
ReleaseCancel(old_cancel);
}
}
// Main function of the session
Debug("SecureNAT Start.\n");
SessionMain(se);
Debug("SecureNAT Stop.\n");
HLog(se->Hub, "LH_NAT_STOP");
ReleaseHub(h);
ReleaseSession(se);
}
