COpenOTPCredential::COpenOTPCredential(): _cRef(1), _pCredProvCredentialEvents(NULL), _openotp_is_challenge_request(false), _user_name(NULL), _domain_name(NULL) { DllAddRef(); ZERO(_rgCredProvFieldDescriptors); ZERO(_rgFieldStatePairs); ZERO(_rgFieldStrings); ZERO(_openotp_server_url); ZERO(_openotp_cert_file); ZERO(_openotp_cert_password); ZERO(_openotp_ca_file); ZERO(_openotp_client_id); ZERO(_openotp_default_domain); ZERO(_openotp_user_settings); ZERO(_openotp_login_text); _openotp_login_request = *openotp_login_req_new(); _openotp_login_response.code = 0; _openotp_login_response.timeout = 0; _openotp_login_response.data = NULL; _openotp_login_response.message = NULL; _openotp_login_response.session = NULL; _openotp_challenge_response.code = 0; _openotp_challenge_response.data = NULL; _openotp_challenge_response.message = NULL; // Read OpenOTP config readRegistryValueString(CONF_SERVER_URL, sizeof(_openotp_server_url), _openotp_server_url); readRegistryValueString(CONF_CERT_FILE, sizeof(_openotp_cert_file), _openotp_cert_file); readRegistryValueString(CONF_CERT_PASSWORD, sizeof(_openotp_cert_password), _openotp_cert_password); readRegistryValueString(CONF_CA_FILE, sizeof(_openotp_ca_file), _openotp_ca_file); readRegistryValueString(CONF_CLIENT_ID, sizeof(_openotp_client_id), _openotp_client_id); readRegistryValueString(CONF_DEFAULT_DOMAIN, sizeof(_openotp_default_domain), _openotp_default_domain); readRegistryValueString(CONF_USER_SETTINGS, sizeof(_openotp_user_settings), _openotp_user_settings); //readRegistryValueString(CONF_LOGIN_TEXT, sizeof(_openotp_login_text), _openotp_login_text); if (readRegistryValueString(CONF_LOGIN_TEXT, sizeof(_openotp_login_text), _openotp_login_text) <= 2) // 2 = size of a wchar_t NULL-terminator in byte strcpy_s(_openotp_login_text, sizeof(_openotp_login_text), OPENOTP_DEFAULT_LOGIN_TEXT); readRegistryValueInteger(CONF_SOAP_TIMEOUT, &_openotp_soap_timeout); // END Read OpenOTP config }
HRESULT CLMSFilter::Filter(CREDENTIAL_PROVIDER_USAGE_SCENARIO cpus, DWORD dwFlags, GUID* rgclsidProviders, BOOL* rgbAllow, DWORD cProviders) { LPOLESTR clsid;//PWSTR int isRDP; int onlyRDP = 0;//Local and RDP if (DEVELOP_MODE) PrintLn("========== MultiotpProvider::Applying CLMSFilter::Filter =========="); isRDP = IsRemoteSession(); if (!isRDP) { if (readRegistryValueInteger(CONF_RDP_ONLY, onlyRDP)) { if (DEVELOP_MODE) PrintLn("MultiotpProvider::CLMSFilter::Filter: Only RDP is OTP protected!!!"); //isRDP = FALSE; return S_OK; } else { if (DEVELOP_MODE) PrintLn("MultiotpProvider::CLMSFilter::Filter: RDP and Local OTP protection"); isRDP = TRUE; } } else if (DEVELOP_MODE) { PrintLn("MultiotpProvider::CLMSFilter::Filter: RDP connection"); } switch (cpus) { case CPUS_LOGON: if (DEVELOP_MODE) PrintLn("MultiotpProvider::CLMSFilter::Filter CPUS_LOGON"); case CPUS_UNLOCK_WORKSTATION: if (DEVELOP_MODE) PrintLn("MultiotpProvider::CLMSFilter::Filter CPUS_UNLOCK_WORKSTATION"); for (DWORD i = 0; i < cProviders; i++) { if (i < dwFlags) {} if (IsEqualGUID(rgclsidProviders[i], CLSID_Multiotp)) { rgbAllow[i] = isRDP;// TRUE; } else { rgbAllow[i] = !isRDP;// FALSE; } if (DEVELOP_MODE) { StringFromCLSID(rgclsidProviders[i], &clsid); if (rgbAllow[i] == FALSE) { PrintLn(L"\t-", clsid); } else { PrintLn(L"\t+", clsid); } CoTaskMemFree(clsid); } } if (DEVELOP_MODE) PrintLn("MultiotpProvider::CLMSFilter::Filter End of CPUS_UNLOCK_WORKSTATION"); return S_OK; case CPUS_CREDUI: //issue #1 if (DEVELOP_MODE) PrintLn("MultiotpProvider::CLMSFilter::Filter CPUS_CREDUI"); case CPUS_CHANGE_PASSWORD: if (DEVELOP_MODE) PrintLn("MultiotpProvider::CLMSFilter::Filter CPUS_CHANGE_PASSWORD"); return E_NOTIMPL; default: if (DEVELOP_MODE) PrintLn("MultiotpProvider::CLMSFilter::Filter default"); return E_INVALIDARG; } }
// Sets pdwCount to the number of tiles that we wish to show at this time. // Sets pdwDefault to the index of the tile which should be used as the default. // The default tile is the tile which will be shown in the zoomed view by default. If // more than one provider specifies a default the last used cred prov gets to pick // the default. If *pbAutoLogonWithDefault is TRUE, LogonUI will immediately call // GetSerialization on the credential you've specified as the default and will submit // that credential for authentication without showing any further UI. HRESULT MultiotpProvider::GetCredentialCount( _Out_ DWORD *pdwCount, _Out_ DWORD *pdwDefault, _Out_ BOOL *pbAutoLogonWithDefault) { if (DEVELOP_MODE) PrintLn("MultiotpProvider::GetCredentialCount"); *pdwDefault = CREDENTIAL_PROVIDER_NO_DEFAULT; *pbAutoLogonWithDefault = FALSE; if (_fRecreateEnumeratedCredentials) { _fRecreateEnumeratedCredentials = false; _ReleaseEnumeratedCredentials(); _CreateEnumeratedCredentials(); } DWORD dwUserCount = 1; HRESULT hr; if (_pCredProviderUserArray != nullptr) { hr = _pCredProviderUserArray->GetCount(&dwUserCount); if (hr == 0) { if (DEVELOP_MODE) PrintLn("MultiotpProvider::UserArrayCount:(%d)", dwUserCount); } else { if (DEVELOP_MODE) PrintLn("MultiotpProvider::UserArray.GetCount Error"); dwUserCount = 1; } } else { if (DEVELOP_MODE) PrintLn("MultiotpProvider::Unassigned UserArray"); dwUserCount = 1; } if ((dwUserCount == 0) || (IsOS(OS_DOMAINMEMBER) == 1)) { dwUserCount += 1;//display additional empty tile if (DEVELOP_MODE) PrintLn("MultiotpProvider::Count +1 (empty tile)"); } if (DEVELOP_MODE) PrintLn("MultiotpProvider::User count:(%d)", dwUserCount); if (IsRemoteSession()) { if (DEVELOP_MODE) PrintLn("MultiotpProvider::GetCredentialCount: RDP connection"); *pdwCount = dwUserCount;//1 //get RDP port from registry int RDPPort = 3389;//default RDPPort // HRESULT hr; RDPPort = readRegistryValueInteger(CONF_RDP_PORT, RDPPort); if (DEVELOP_MODE) PrintLn("MultiotpProvider::RDP connection on port: %d", RDPPort); } else { if (DEVELOP_MODE) PrintLn("MultiotpProvider::Local connection"); //logfile << "Local connection\n"; if (readRegistryValueInteger(CONF_RDP_ONLY, 0)) { if (DEVELOP_MODE) PrintLn("MultiotpProvider::Only RDP is OTP protected!!!"); *pdwCount = 0;//no filtering no OTP tile } else { if (DEVELOP_MODE) PrintLn("MultiotpProvider::RDP and Local OTP protection"); *pdwCount = dwUserCount;//show OTP tile } if (DEVELOP_MODE) { PrintLn("MultiotpProvider::OTP tile always visible"); *pdwCount = dwUserCount;//development - don't force but allow OTP in all scenarios } } return S_OK; }