forked from multiOTP/multiOTPCredentialProvider
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMultiotpProvider.h
187 lines (158 loc) · 6.28 KB
/
MultiotpProvider.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
/**
* BASE CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
* Copyright (c) Microsoft Corporation. All rights reserved.
*
* Extra code provided "as is" for the multiOTP open source project
*
* @author Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
* @version 5.6.1.5
* @date 2019-10-23
* @since 2013
* @copyright (c) 2016-2019 SysCo systemes de communication sa
* @copyright (c) 2015-2016 ArcadeJust ("RDP only" enhancement)
* @copyright (c) 2013-2015 Last Squirrel IT
* @copyright Apache License, Version 2.0
*
*
* Change Log
*
* 2019-10-23 5.6.1.5 SysCo/al FIX: Prefix password parameter was buggy (better handling of parameters in debug mode)
* FIX: swprintf_s problem with special chars (thanks to anekix)
* 2019-01-25 5.4.1.6 SysCo/al FIX: Username with space are now supported
* ENH: Added integrated Visual C++ 2017 Redistributable installation
* 2018-09-14 5.4.0.1 SysCo/al FIX: Better domain name and hostname detection
* FIX: The cache lifetime check process was buggy since 5.3.0.3
* ENH: multiOTP Credential Provider files and objects have been reorganized
* 2018-08-26 5.3.0.3 SysCo/al FIX: Users without 2FA token are now supported
* 2018-08-21 5.3.0.0 SysCo/yj FIX: Save flat domain name in the registry. While offline, use this value instead of asking the DC
* SysCo/al ENH: The multiOTP timeout (how long the Credential Provider wait a response from
* the multiOTP process) is now 60 seconds by default (instead of 10)
* 2018-03-11 5.2.0.0 SysCo/al New implementation from scratch
*
*********************************************************************/
#include "MultiotpHelpers.h"
#include <windows.h>
#include <strsafe.h>
#include <new>
// Add vector support
#include <vector>
#include "MultiotpCredential.h"
#define SHIFTED 0x8000
#pragma once
class MultiotpProvider : public ICredentialProvider,
public ICredentialProviderSetUserArray
{
public:
// IUnknown
IFACEMETHODIMP_(ULONG) AddRef()
{
return ++_cRef;
}
IFACEMETHODIMP_(ULONG) Release()
{
long cRef = --_cRef;
if (!cRef)
{
delete this;
}
return cRef;
}
IFACEMETHODIMP QueryInterface(_In_ REFIID riid, _COM_Outptr_ void **ppv)
{
#pragma warning( push )
#pragma warning( disable : 4838)
static const QITAB qit[] =
{
QITABENT(MultiotpProvider, ICredentialProvider), // IID_ICredentialProvider
QITABENT(MultiotpProvider, ICredentialProviderSetUserArray), // IID_ICredentialProviderSetUserArray
{ static_cast<int>(0) },
};
#pragma warning( pop )
return QISearch(this, qit, riid, ppv);
}
public:
IFACEMETHODIMP SetUsageScenario(CREDENTIAL_PROVIDER_USAGE_SCENARIO cpus, DWORD dwFlags);
IFACEMETHODIMP SetSerialization(_In_ CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION const *pcpcs);
IFACEMETHODIMP Advise(_In_ ICredentialProviderEvents *pcpe, _In_ UINT_PTR upAdviseContext);
IFACEMETHODIMP UnAdvise();
IFACEMETHODIMP GetFieldDescriptorCount(_Out_ DWORD *pdwCount);
IFACEMETHODIMP GetFieldDescriptorAt(DWORD dwIndex, _Outptr_result_nullonfailure_ CREDENTIAL_PROVIDER_FIELD_DESCRIPTOR **ppcpfd);
IFACEMETHODIMP GetCredentialCount(_Out_ DWORD *pdwCount,
_Out_ DWORD *pdwDefault,
_Out_ BOOL *pbAutoLogonWithDefault);
IFACEMETHODIMP GetCredentialAt(DWORD dwIndex,
_Outptr_result_nullonfailure_ ICredentialProviderCredential **ppcpc);
IFACEMETHODIMP SetUserArray(_In_ ICredentialProviderUserArray *users);
friend HRESULT Multiotp_CreateInstance(_In_ REFIID riid, _Outptr_ void** ppv);
protected:
MultiotpProvider();
__override ~MultiotpProvider();
private:
void _ReleaseEnumeratedCredentials();
void _CreateEnumeratedCredentials();
HRESULT _EnumerateEmpty();
HRESULT _EnumerateCredentials();
HRESULT _EnumerateEmptyTileCredential();
private:
long _cRef; // Used for reference counting.
// MultiotpCredential *_pCredential; // MultiotpV2Credential
std::vector<MultiotpCredential*> _pCredential; // MultiotpV2Credential array
bool _fRecreateEnumeratedCredentials;
// KERB_INTERACTIVE_UNLOCK_LOGON * _pkiulSetSerialization; // Experimental
// DWORD _dwCredUIFlags; // Experimental
CREDENTIAL_PROVIDER_USAGE_SCENARIO _cpus;
ICredentialProviderUserArray *_pCredProviderUserArray;
};
// Filtering out the default MS password provider
class CLMSFilter : public ICredentialProviderFilter
{
public:
//This section contains some COM boilerplate code
// IUnknown
STDMETHOD_(ULONG, AddRef)()
{
return _cRef++;
}
STDMETHOD_(ULONG, Release)()
{
LONG cRef = _cRef--;
if (!cRef)
{
delete this;
}
return cRef;
}
STDMETHOD(QueryInterface)(REFIID riid, void** ppv)
{
HRESULT hr;
if (IID_IUnknown == riid || IID_ICredentialProviderFilter == riid)
{
*ppv = this;
reinterpret_cast<IUnknown*>(*ppv)->AddRef();
hr = S_OK;
}
else
{
*ppv = NULL;
hr = E_NOINTERFACE;
}
return hr;
}
#pragma warning(disable:4100)
public:
friend HRESULT CLMSFilter_CreateInstance(REFIID riid, __deref_out void** ppv);
//Implementation of ICredentialProviderFilter
IFACEMETHODIMP Filter(CREDENTIAL_PROVIDER_USAGE_SCENARIO cpus, DWORD
dwFlags, GUID* rgclsidProviders, BOOL* rgbAllow, DWORD cProviders);
IFACEMETHODIMP UpdateRemoteCredential(const CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION *pcpcsIn,
CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION *pcpcsOut);
protected:
CLMSFilter();
__override ~CLMSFilter();
private:
LONG _cRef;
};