|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
* ****************************************************************************** |
|
5
|
|
|
* Copyright 2011-2017 DANTE Ltd. and GÉANT on behalf of the GN3, GN3+, GN4-1 |
|
6
|
|
|
* and GN4-2 consortia |
|
7
|
|
|
* |
|
8
|
|
|
* License: see the web/copyright.php file in the file structure |
|
9
|
|
|
* ****************************************************************************** |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
/** |
|
13
|
|
|
* This file creates MS Windows 8 installers |
|
14
|
|
|
* It supports EAP-TLS, TTLS, PEAP and EAP-pwd |
|
15
|
|
|
* @author Tomasz Wolniewicz <[email protected]> |
|
16
|
|
|
* |
|
17
|
|
|
* @package ModuleWriting |
|
18
|
|
|
*/ |
|
19
|
|
|
|
|
20
|
|
|
namespace devices\ms; |
|
21
|
|
|
use \Exception; |
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* |
|
25
|
|
|
* @author Tomasz Wolniewicz <[email protected]> |
|
26
|
|
|
* @package ModuleWriting |
|
27
|
|
|
*/ |
|
28
|
|
|
class Device_W10 extends WindowsCommon { |
|
29
|
|
|
|
|
30
|
|
|
final public function __construct() { |
|
31
|
|
|
parent::__construct(); |
|
32
|
|
|
$this->setSupportedEapMethods([\core\common\EAP::EAPTYPE_TLS, \core\common\EAP::EAPTYPE_PEAP_MSCHAP2, \core\common\EAP::EAPTYPE_TTLS_PAP, \core\common\EAP::EAPTYPE_TTLS_MSCHAP2, \core\common\EAP::EAPTYPE_PWD, \core\common\EAP::EAPTYPE_SILVERBULLET]); |
|
33
|
|
|
$this->specialities['internal:use_anon_outer'][serialize(\core\common\EAP::EAPTYPE_PEAP_MSCHAP2)] = _("Anonymous identities do not use the realm as specified in the profile - it is derived from the suffix of the user's username input instead."); |
|
34
|
|
|
} |
|
35
|
|
|
|
|
36
|
|
|
public function writeInstaller() { |
|
37
|
|
|
$dom = textdomain(NULL); |
|
38
|
|
|
textdomain("devices"); |
|
39
|
|
|
// create certificate files and save their names in $caFiles arrary |
|
40
|
|
|
$caFiles = $this->saveCertificateFiles('der'); |
|
41
|
|
|
$allSSID = $this->attributes['internal:SSID']; |
|
42
|
|
|
$delSSIDs = $this->attributes['internal:remove_SSID']; |
|
43
|
|
|
$this->prepareInstallerLang(); |
|
44
|
|
|
$setWired = isset($this->attributes['media:wired'][0]) && $this->attributes['media:wired'][0] == 'on' ? 1 : 0; |
|
45
|
|
|
// create a list of profiles to be deleted after installation |
|
46
|
|
|
$delProfiles = []; |
|
47
|
|
|
foreach ($delSSIDs as $ssid => $cipher) { |
|
48
|
|
|
if ($cipher == 'DEL') { |
|
49
|
|
|
$delProfiles[] = $ssid; |
|
50
|
|
|
} |
|
51
|
|
|
if ($cipher == 'TKIP') { |
|
52
|
|
|
$delProfiles[] = $ssid . ' (TKIP)'; |
|
53
|
|
|
} |
|
54
|
|
|
} |
|
55
|
|
|
|
|
56
|
|
|
|
|
57
|
|
|
if (in_array($this->selectedEap, [\core\common\EAP::EAPTYPE_TLS, |
|
58
|
|
|
\core\common\EAP::EAPTYPE_PEAP_MSCHAP2, |
|
59
|
|
|
\core\common\EAP::EAPTYPE_TTLS_PAP, |
|
60
|
|
|
\core\common\EAP::EAPTYPE_TTLS_MSCHAP2, |
|
61
|
|
|
\core\common\EAP::EAPTYPE_PWD, |
|
62
|
|
|
\core\common\EAP::EAPTYPE_SILVERBULLET])) { |
|
63
|
|
|
$windowsProfile = []; |
|
64
|
|
|
$eapConfig = $this->prepareEapConfig($this->attributes); |
|
65
|
|
|
$iterator = 0; |
|
66
|
|
|
foreach ($allSSID as $ssid => $cipher) { |
|
67
|
|
|
if ($cipher == 'TKIP') { |
|
68
|
|
|
$windowsProfile[$iterator] = $this->writeWLANprofile($ssid . ' (TKIP)', $ssid, 'WPA', 'TKIP', $eapConfig, $iterator); |
|
69
|
|
|
$iterator++; |
|
70
|
|
|
} |
|
71
|
|
|
$windowsProfile[$iterator] = $this->writeWLANprofile($ssid, $ssid, 'WPA2', 'AES', $eapConfig, $iterator); |
|
72
|
|
|
$iterator++; |
|
73
|
|
|
} |
|
74
|
|
|
if ($setWired) { |
|
75
|
|
|
$this->writeLANprofile($eapConfig); |
|
76
|
|
|
} |
|
77
|
|
|
} else { |
|
78
|
|
|
print(" this EAP type is not handled yet.\n"); |
|
79
|
|
|
return; |
|
80
|
|
|
} |
|
81
|
|
|
$this->loggerInstance->debug(4, "windowsProfile"); |
|
82
|
|
|
$this->loggerInstance->debug(4, print_r($windowsProfile, true)); |
|
83
|
|
|
|
|
84
|
|
|
$this->writeProfilesNSH($windowsProfile, $caFiles, $setWired); |
|
85
|
|
|
$this->writeAdditionalDeletes($delProfiles); |
|
86
|
|
|
if ($this->selectedEap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
|
87
|
|
|
$this->writeClientP12File(); |
|
88
|
|
|
} |
|
89
|
|
|
$this->copyFiles($this->selectedEap); |
|
90
|
|
|
$fedLogo = $this->attributes['fed:logo_file'] ?? NULL; |
|
91
|
|
|
$idpLogo = $this->attributes['internal:logo_file'] ?? NULL; |
|
92
|
|
|
$this->combineLogo($idpLogo, $fedLogo); |
|
93
|
|
|
$this->writeMainNSH($this->selectedEap, $this->attributes); |
|
94
|
|
|
$this->compileNSIS(); |
|
95
|
|
|
$installerPath = $this->signInstaller(); |
|
96
|
|
|
|
|
97
|
|
|
textdomain($dom); |
|
98
|
|
|
return($installerPath); |
|
99
|
|
|
} |
|
100
|
|
|
|
|
101
|
|
|
private function prepareEapConfig($attr) { |
|
102
|
|
|
$outerUser = ''; |
|
103
|
|
|
$outerId = ''; |
|
104
|
|
|
$eap = $this->selectedEap; |
|
105
|
|
|
$w10Ext = ''; |
|
106
|
|
|
// there is only one caller to this function, and it will always call |
|
107
|
|
|
// with exactly one of exactly the EAP types below. Let's assert() that |
|
108
|
|
|
// rather than returning void, otherwise this is a condition that needs |
|
109
|
|
|
// to be caught later on. |
|
110
|
|
|
assert(in_array($eap, [\core\common\EAP::EAPTYPE_TLS, |
|
111
|
|
|
\core\common\EAP::EAPTYPE_PEAP_MSCHAP2, |
|
112
|
|
|
\core\common\EAP::EAPTYPE_PWD, |
|
113
|
|
|
\core\common\EAP::EAPTYPE_TTLS_PAP, |
|
114
|
|
|
\core\common\EAP::EAPTYPE_TTLS_MSCHAP2, |
|
115
|
|
|
\core\common\EAP::EAPTYPE_SILVERBULLET]), new Exception("prepareEapConfig called for an EAP type it cannot handle!")); |
|
116
|
|
|
|
|
117
|
|
|
$useAnon = $attr['internal:use_anon_outer'] [0]; |
|
118
|
|
View Code Duplication |
if ($useAnon) { |
|
|
|
|
|
|
119
|
|
|
$outerUser = $attr['internal:anon_local_value'][0]; |
|
120
|
|
|
$outerId = $outerUser . '@' . $attr['internal:realm'][0]; |
|
121
|
|
|
} |
|
122
|
|
|
// $servers = preg_quote(implode(';',$attr['eap:server_name'])); |
|
|
|
|
|
|
123
|
|
|
$servers = implode(';', $attr['eap:server_name']); |
|
124
|
|
|
$caArray = $attr['internal:CAs'][0]; |
|
125
|
|
|
$authorId = "0"; |
|
126
|
|
|
if ($eap == \core\common\EAP::EAPTYPE_TTLS_PAP || $eap == \core\common\EAP::EAPTYPE_TTLS_MSCHAP2) { |
|
127
|
|
|
if ($this->useGeantLink) { |
|
128
|
|
|
$authorId = "67532"; |
|
129
|
|
|
$servers = implode('</ServerName><ServerName>', $attr['eap:server_name']); |
|
130
|
|
|
} else { |
|
131
|
|
|
$authorId = "311"; |
|
132
|
|
|
} |
|
133
|
|
|
} |
|
134
|
|
|
|
|
135
|
|
|
$profileFileCont = '<EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
|
136
|
|
|
<EapMethod> |
|
137
|
|
|
'; |
|
138
|
|
|
|
|
139
|
|
|
$profileFileCont .= '<Type xmlns="http://www.microsoft.com/provisioning/EapCommon">' . |
|
140
|
|
|
$this->selectedEap["OUTER"] . '</Type> |
|
141
|
|
|
<VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId> |
|
142
|
|
|
<VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType> |
|
143
|
|
|
<AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">' . $authorId . '</AuthorId> |
|
144
|
|
|
</EapMethod> |
|
145
|
|
|
'; |
|
146
|
|
|
if ($eap == \core\common\EAP::EAPTYPE_TLS || $eap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
|
147
|
|
|
$profileFileCont .= ' |
|
148
|
|
|
|
|
149
|
|
|
<Config xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1" |
|
150
|
|
|
xmlns:eapTls="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1"> |
|
151
|
|
|
<baseEap:Eap> |
|
152
|
|
|
<baseEap:Type>13</baseEap:Type> |
|
153
|
|
|
<eapTls:EapType> |
|
154
|
|
|
<eapTls:CredentialsSource> |
|
155
|
|
|
<eapTls:CertificateStore /> |
|
156
|
|
|
</eapTls:CredentialsSource> |
|
157
|
|
|
<eapTls:ServerValidation> |
|
158
|
|
|
<eapTls:DisableUserPromptForServerValidation>true</eapTls:DisableUserPromptForServerValidation> |
|
159
|
|
|
<eapTls:ServerNames>' . $servers . '</eapTls:ServerNames>'; |
|
160
|
|
View Code Duplication |
if ($caArray) { |
|
|
|
|
|
|
161
|
|
|
foreach ($caArray as $certAuthority) { |
|
162
|
|
|
if ($certAuthority['root']) { |
|
163
|
|
|
$profileFileCont .= "<eapTls:TrustedRootCA>" . $certAuthority['sha1'] . "</eapTls:TrustedRootCA>\n"; |
|
164
|
|
|
} |
|
165
|
|
|
} |
|
166
|
|
|
} |
|
167
|
|
|
$profileFileCont .= '</eapTls:ServerValidation> |
|
168
|
|
|
'; |
|
169
|
|
View Code Duplication |
if (isset($attr['eap-specific:tls_use_other_id']) && $attr['eap-specific:tls_use_other_id'][0] == 'on') { |
|
|
|
|
|
|
170
|
|
|
$profileFileCont .= '<eapTls:DifferentUsername>true</eapTls:DifferentUsername>'; |
|
171
|
|
|
$this->tlsOtherUsername = 1; |
|
172
|
|
|
} else { |
|
173
|
|
|
$profileFileCont .= '<eapTls:DifferentUsername>false</eapTls:DifferentUsername>'; |
|
174
|
|
|
} |
|
175
|
|
|
$profileFileCont .= ' |
|
176
|
|
|
</eapTls:EapType> |
|
177
|
|
|
</baseEap:Eap> |
|
178
|
|
|
</Config> |
|
179
|
|
|
'; |
|
180
|
|
View Code Duplication |
} elseif ($eap == \core\common\EAP::EAPTYPE_PEAP_MSCHAP2) { |
|
|
|
|
|
|
181
|
|
|
if (isset($attr['eap:enable_nea']) && $attr['eap:enable_nea'][0] == 'on') { |
|
182
|
|
|
$nea = 'true'; |
|
183
|
|
|
} else { |
|
184
|
|
|
$nea = 'false'; |
|
185
|
|
|
} |
|
186
|
|
|
$w10Ext = '<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
|
187
|
|
|
<Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> |
|
188
|
|
|
<Type>25</Type> |
|
189
|
|
|
<EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"> |
|
190
|
|
|
<ServerValidation> |
|
191
|
|
|
<DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation> |
|
192
|
|
|
<ServerNames>' . $servers . '</ServerNames>'; |
|
193
|
|
|
if ($caArray) { |
|
194
|
|
|
foreach ($caArray as $certAuthority) { |
|
195
|
|
|
if ($certAuthority['root']) { |
|
196
|
|
|
$w10Ext .= "<TrustedRootCA>" . $certAuthority['sha1'] . "</TrustedRootCA>\n"; |
|
197
|
|
|
} |
|
198
|
|
|
} |
|
199
|
|
|
} |
|
200
|
|
|
$w10Ext .= '</ServerValidation> |
|
201
|
|
|
<FastReconnect>true</FastReconnect> |
|
202
|
|
|
<InnerEapOptional>false</InnerEapOptional> |
|
203
|
|
|
<Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> |
|
204
|
|
|
<Type>26</Type> |
|
205
|
|
|
<EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"> |
|
206
|
|
|
<UseWinLogonCredentials>false</UseWinLogonCredentials> |
|
207
|
|
|
</EapType> |
|
208
|
|
|
</Eap> |
|
209
|
|
|
<EnableQuarantineChecks>' . $nea . '</EnableQuarantineChecks> |
|
210
|
|
|
<RequireCryptoBinding>false</RequireCryptoBinding> |
|
211
|
|
|
'; |
|
212
|
|
|
if ($useAnon == 1) { |
|
213
|
|
|
$w10Ext .= '<PeapExtensions> |
|
214
|
|
|
<IdentityPrivacy xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2"> |
|
215
|
|
|
<EnableIdentityPrivacy>true</EnableIdentityPrivacy> |
|
216
|
|
|
'; |
|
217
|
|
|
if ($outerUser) { |
|
218
|
|
|
$w10Ext .= '<AnonymousUserName>' . $outerUser . '</AnonymousUserName> |
|
219
|
|
|
'; |
|
220
|
|
|
} else { |
|
221
|
|
|
$w10Ext .= '<AnonymousUserName/> |
|
222
|
|
|
'; |
|
223
|
|
|
} |
|
224
|
|
|
$w10Ext .= '</IdentityPrivacy> |
|
225
|
|
|
</PeapExtensions> |
|
226
|
|
|
'; |
|
227
|
|
|
} |
|
228
|
|
|
$w10Ext .= '</EapType> |
|
229
|
|
|
</Eap> |
|
230
|
|
|
</Config> |
|
231
|
|
|
'; |
|
232
|
|
|
} elseif ($eap == \core\common\EAP::EAPTYPE_TTLS_PAP || $eap == \core\common\EAP::EAPTYPE_TTLS_MSCHAP2) { |
|
233
|
|
|
if ($this->useGeantLink) { |
|
234
|
|
|
$innerMethod = 'MSCHAPv2'; |
|
235
|
|
|
if ($eap == \core\common\EAP::EAPTYPE_TTLS_PAP) { |
|
236
|
|
|
$innerMethod = 'PAP'; |
|
237
|
|
|
} |
|
238
|
|
|
$profileFileCont .= ' |
|
239
|
|
|
<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
|
240
|
|
|
<EAPIdentityProviderList xmlns="urn:ietf:params:xml:ns:yang:ietf-eap-metadata"> |
|
241
|
|
|
<EAPIdentityProvider ID="' . $this->deviceUUID . '" namespace="urn:UUID"> |
|
242
|
|
|
|
|
243
|
|
|
<ProviderInfo> |
|
244
|
|
|
<DisplayName>' . $this->translateString($attr['general:instname'][0], $this->codePage) . '</DisplayName> |
|
245
|
|
|
</ProviderInfo> |
|
246
|
|
|
<AuthenticationMethods> |
|
247
|
|
|
<AuthenticationMethod> |
|
248
|
|
|
<EAPMethod>21</EAPMethod> |
|
249
|
|
|
<ClientSideCredential> |
|
250
|
|
|
<allow-save>true</allow-save> |
|
251
|
|
|
'; |
|
252
|
|
|
if ($useAnon == 1) { |
|
253
|
|
|
if ($outerUser == '') { |
|
254
|
|
|
$profileFileCont .= '<AnonymousIdentity>@</AnonymousIdentity>'; |
|
255
|
|
|
} else { |
|
256
|
|
|
$profileFileCont .= '<AnonymousIdentity>' . $outerId . '</AnonymousIdentity>'; |
|
257
|
|
|
} |
|
258
|
|
|
} |
|
259
|
|
|
$profileFileCont .= '</ClientSideCredential> |
|
260
|
|
|
<ServerSideCredential> |
|
261
|
|
|
'; |
|
262
|
|
|
|
|
263
|
|
View Code Duplication |
foreach ($caArray as $ca) { |
|
|
|
|
|
|
264
|
|
|
$profileFileCont .= '<CA><format>PEM</format><cert-data>'; |
|
265
|
|
|
$profileFileCont .= base64_encode($ca['der']); |
|
266
|
|
|
$profileFileCont .= '</cert-data></CA> |
|
267
|
|
|
'; |
|
268
|
|
|
} |
|
269
|
|
|
$profileFileCont .= "<ServerName>$servers</ServerName>\n"; |
|
270
|
|
|
|
|
271
|
|
|
$profileFileCont .= ' |
|
272
|
|
|
</ServerSideCredential> |
|
273
|
|
|
<InnerAuthenticationMethod> |
|
274
|
|
|
<NonEAPAuthMethod>' . $innerMethod . '</NonEAPAuthMethod> |
|
275
|
|
|
</InnerAuthenticationMethod> |
|
276
|
|
|
<VendorSpecific> |
|
277
|
|
|
<SessionResumption>false</SessionResumption> |
|
278
|
|
|
</VendorSpecific> |
|
279
|
|
|
</AuthenticationMethod> |
|
280
|
|
|
</AuthenticationMethods> |
|
281
|
|
|
</EAPIdentityProvider> |
|
282
|
|
|
</EAPIdentityProviderList> |
|
283
|
|
|
</Config> |
|
284
|
|
|
'; |
|
285
|
|
|
} else { |
|
286
|
|
|
$w10Ext = '<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
|
287
|
|
|
<EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1"> |
|
288
|
|
|
<ServerValidation> |
|
289
|
|
|
<ServerNames>' . $servers . '</ServerNames> '; |
|
290
|
|
|
if ($caArray) { |
|
291
|
|
|
foreach ($caArray as $certAuthority) { |
|
292
|
|
|
if ($certAuthority['root']) { |
|
293
|
|
|
$w10Ext .= "<TrustedRootCAHash>" . chunk_split($certAuthority['sha1'], 2, ' ') . "</TrustedRootCAHash>\n"; |
|
294
|
|
|
} |
|
295
|
|
|
} |
|
296
|
|
|
} |
|
297
|
|
|
$w10Ext .= '<DisablePrompt>true</DisablePrompt> |
|
298
|
|
|
</ServerValidation> |
|
299
|
|
|
<Phase2Authentication> |
|
300
|
|
|
'; |
|
301
|
|
|
if ($eap == \core\common\EAP::EAPTYPE_TTLS_PAP) { |
|
302
|
|
|
$w10Ext .= '<PAPAuthentication /> '; |
|
303
|
|
|
} |
|
304
|
|
|
if ($eap == \core\common\EAP::EAPTYPE_TTLS_MSCHAP2) { |
|
305
|
|
|
$w10Ext .= '<MSCHAPv2Authentication> |
|
306
|
|
|
<UseWinlogonCredentials>false</UseWinlogonCredentials> |
|
307
|
|
|
</MSCHAPv2Authentication> |
|
308
|
|
|
'; |
|
309
|
|
|
} |
|
310
|
|
|
$w10Ext .= '</Phase2Authentication> |
|
311
|
|
|
<Phase1Identity> |
|
312
|
|
|
'; |
|
313
|
|
|
if ($useAnon == 1) { |
|
314
|
|
|
$w10Ext .= '<IdentityPrivacy>true</IdentityPrivacy> |
|
315
|
|
|
'; |
|
316
|
|
|
if (isset($outerId) && $outerId) { |
|
317
|
|
|
$w10Ext .= '<AnonymousIdentity>' . $outerId . '</AnonymousIdentity> |
|
318
|
|
|
'; |
|
319
|
|
|
} else { |
|
320
|
|
|
$w10Ext .= '<AnonymousIdentity/> |
|
321
|
|
|
'; |
|
322
|
|
|
} |
|
323
|
|
|
} else { |
|
324
|
|
|
$w10Ext .= '<IdentityPrivacy>false</IdentityPrivacy> |
|
325
|
|
|
'; |
|
326
|
|
|
} |
|
327
|
|
|
$w10Ext .= '</Phase1Identity> |
|
328
|
|
|
</EapTtls> |
|
329
|
|
|
</Config> |
|
330
|
|
|
'; |
|
331
|
|
|
} |
|
332
|
|
|
} elseif ($eap == \core\common\EAP::EAPTYPE_PWD) { |
|
333
|
|
|
$profileFileCont .= '<ConfigBlob></ConfigBlob>'; |
|
334
|
|
|
} |
|
335
|
|
|
|
|
336
|
|
|
$profileFileContEnd = '</EapHostConfig></EAPConfig>'; |
|
337
|
|
|
$returnArray = []; |
|
338
|
|
|
$returnArray['w10'] = $profileFileCont . $w10Ext . $profileFileContEnd; |
|
339
|
|
|
return $returnArray; |
|
340
|
|
|
} |
|
341
|
|
|
|
|
342
|
|
|
/** |
|
343
|
|
|
* produce PEAP, TLS and TTLS configuration files for Windows 8 |
|
344
|
|
|
* |
|
345
|
|
|
* @param string $wlanProfileName |
|
346
|
|
|
* @param string $ssid |
|
347
|
|
|
* @param string $auth can be one of "WPA", "WPA2" |
|
348
|
|
|
* @param string $encryption can be one of: "TKIP", "AES" |
|
349
|
|
|
* @param array $eapConfig XML configuration block with EAP config data |
|
350
|
|
|
* @param int $profileNumber counter, which profile number is this |
|
351
|
|
|
* @return string |
|
352
|
|
|
*/ |
|
353
|
|
View Code Duplication |
private function writeWLANprofile($wlanProfileName, $ssid, $auth, $encryption, $eapConfig, $profileNumber) { |
|
|
|
|
|
|
354
|
|
|
$profileFileCont = '<?xml version="1.0"?> |
|
355
|
|
|
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"> |
|
356
|
|
|
<name>' . $wlanProfileName . '</name> |
|
357
|
|
|
<SSIDConfig> |
|
358
|
|
|
<SSID> |
|
359
|
|
|
<name>' . $ssid . '</name> |
|
360
|
|
|
</SSID> |
|
361
|
|
|
<nonBroadcast>true</nonBroadcast> |
|
362
|
|
|
</SSIDConfig> |
|
363
|
|
|
<connectionType>ESS</connectionType> |
|
364
|
|
|
<connectionMode>auto</connectionMode> |
|
365
|
|
|
<autoSwitch>false</autoSwitch> |
|
366
|
|
|
<MSM> |
|
367
|
|
|
<security> |
|
368
|
|
|
<authEncryption> |
|
369
|
|
|
<authentication>' . $auth . '</authentication> |
|
370
|
|
|
<encryption>' . $encryption . '</encryption> |
|
371
|
|
|
<useOneX>true</useOneX> |
|
372
|
|
|
</authEncryption> |
|
373
|
|
|
'; |
|
374
|
|
|
if ($auth == 'WPA2') { |
|
375
|
|
|
$profileFileCont .= '<PMKCacheMode>enabled</PMKCacheMode> |
|
376
|
|
|
<PMKCacheTTL>720</PMKCacheTTL> |
|
377
|
|
|
<PMKCacheSize>128</PMKCacheSize> |
|
378
|
|
|
<preAuthMode>disabled</preAuthMode> |
|
379
|
|
|
'; |
|
380
|
|
|
} |
|
381
|
|
|
$profileFileCont .= '<OneX xmlns="http://www.microsoft.com/networking/OneX/v1"> |
|
382
|
|
|
<cacheUserData>true</cacheUserData> |
|
383
|
|
|
<authMode>user</authMode> |
|
384
|
|
|
'; |
|
385
|
|
|
|
|
386
|
|
|
$closing = ' |
|
387
|
|
|
</OneX> |
|
388
|
|
|
</security> |
|
389
|
|
|
</MSM> |
|
390
|
|
|
</WLANProfile> |
|
391
|
|
|
'; |
|
392
|
|
|
|
|
393
|
|
|
if (!is_dir('w8')) { |
|
394
|
|
|
mkdir('w8'); |
|
395
|
|
|
} |
|
396
|
|
|
$xmlFname = "w8/wlan_prof-$profileNumber.xml"; |
|
397
|
|
|
file_put_contents($xmlFname, $profileFileCont . $eapConfig['w10'] . $closing); |
|
398
|
|
|
$this->loggerInstance->debug(2, "Installer has been written into directory $this->FPATH\n"); |
|
399
|
|
|
$this->loggerInstance->debug(4, "WWWWLAN_Profile:$wlanProfileName:$encryption\n"); |
|
400
|
|
|
return("\"$wlanProfileName\" \"$encryption\""); |
|
401
|
|
|
} |
|
402
|
|
|
|
|
403
|
|
View Code Duplication |
private function writeLANprofile($eapConfig) { |
|
|
|
|
|
|
404
|
|
|
$profileFileCont = '<?xml version="1.0"?> |
|
405
|
|
|
<LANProfile xmlns="http://www.microsoft.com/networking/LAN/profile/v1"> |
|
406
|
|
|
<MSM> |
|
407
|
|
|
<security> |
|
408
|
|
|
<OneXEnforced>false</OneXEnforced> |
|
409
|
|
|
<OneXEnabled>true</OneXEnabled> |
|
410
|
|
|
<OneX xmlns="http://www.microsoft.com/networking/OneX/v1"> |
|
411
|
|
|
<cacheUserData>true</cacheUserData> |
|
412
|
|
|
<authMode>user</authMode> |
|
413
|
|
|
'; |
|
414
|
|
|
$closing = ' |
|
415
|
|
|
</OneX> |
|
416
|
|
|
</security> |
|
417
|
|
|
</MSM> |
|
418
|
|
|
</LANProfile> |
|
419
|
|
|
'; |
|
420
|
|
|
|
|
421
|
|
|
if (!is_dir('w8')) { |
|
422
|
|
|
mkdir('w8'); |
|
423
|
|
|
} |
|
424
|
|
|
$xmlFname = "w8/lan_prof.xml"; |
|
425
|
|
|
file_put_contents($xmlFname, $profileFileCont . $eapConfig['w10'] . $closing); |
|
426
|
|
|
$this->loggerInstance->debug(2, "Installer has been written into directory $this->FPATH\n"); |
|
427
|
|
|
} |
|
428
|
|
|
|
|
429
|
|
|
private function writeMainNSH($eap, $attr) { |
|
430
|
|
|
$this->loggerInstance->debug(4, "writeMainNSH"); |
|
431
|
|
|
$this->loggerInstance->debug(4, $attr); |
|
432
|
|
|
$fcontents = "!define W10\n"; |
|
433
|
|
|
$fcontents .= "!define W8\n"; |
|
434
|
|
|
if (CONFIG_CONFASSISTANT['NSIS_VERSION'] >= 3) { |
|
435
|
|
|
$fcontents .= "Unicode true\n"; |
|
436
|
|
|
} |
|
437
|
|
|
|
|
438
|
|
|
$eapOptions = [ |
|
439
|
|
|
\core\common\EAP::PEAP => ['str' => 'PEAP', 'exec' => 'user'], |
|
440
|
|
|
\core\common\EAP::TLS => ['str' => 'TLS', 'exec' => 'user'], |
|
441
|
|
|
\core\common\EAP::TTLS => ['str' => 'TTLS', 'exec' => 'user'], |
|
442
|
|
|
\core\common\EAP::PWD => ['str' => 'PWD', 'exec' => 'user'], |
|
443
|
|
|
]; |
|
444
|
|
|
if (isset($this->options['args']) && $this->options['args'] == 'gl') { |
|
445
|
|
|
$eapOptions[\core\common\EAP::TTLS]['str'] = 'GEANTLink'; |
|
446
|
|
|
} |
|
447
|
|
|
|
|
448
|
|
|
// Uncomment the line below if you want this module to run under XP (only displaying a warning) |
|
449
|
|
|
// $fcontents .= "!define ALLOW_XP\n"; |
|
450
|
|
|
// Uncomment the line below if you want this module to produce debugging messages on the client |
|
451
|
|
|
// $fcontents .= "!define DEBUG_CAT\n"; |
|
452
|
|
|
if ($this->tlsOtherUsername == 1) { |
|
453
|
|
|
$fcontents .= "!define PFX_USERNAME\n"; |
|
454
|
|
|
} |
|
455
|
|
|
$execLevel = $eapOptions[$eap["OUTER"]]['exec']; |
|
456
|
|
|
$eapStr = $eapOptions[$eap["OUTER"]]['str']; |
|
457
|
|
|
if ($eap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
|
458
|
|
|
$fcontents .= "!define SILVERBULLET\n"; |
|
459
|
|
|
} |
|
460
|
|
|
$fcontents .= '!define ' . $eapStr; |
|
461
|
|
|
$fcontents .= "\n" . '!define EXECLEVEL "' . $execLevel . '"'; |
|
462
|
|
|
$fcontents .= $this->writeNsisDefines($eap, $attr); |
|
463
|
|
|
file_put_contents('main.nsh', $fcontents); |
|
464
|
|
|
} |
|
465
|
|
|
|
|
466
|
|
View Code Duplication |
private function writeProfilesNSH($wlanProfiles, $caArray, $wired = 0) { |
|
|
|
|
|
|
467
|
|
|
$this->loggerInstance->debug(4, "writeProfilesNSH"); |
|
468
|
|
|
$this->loggerInstance->debug(4, $wlanProfiles); |
|
469
|
|
|
$fcontentsProfile = ''; |
|
470
|
|
|
foreach ($wlanProfiles as $wlanProfile) { |
|
471
|
|
|
$fcontentsProfile .= "!insertmacro define_wlan_profile $wlanProfile\n"; |
|
472
|
|
|
} |
|
473
|
|
|
|
|
474
|
|
|
file_put_contents('profiles.nsh', $fcontentsProfile); |
|
475
|
|
|
|
|
476
|
|
|
$fcontentsCerts = ''; |
|
477
|
|
|
$fileHandleCerts = fopen('certs.nsh', 'w'); |
|
478
|
|
|
if ($fileHandleCerts === FALSE) { |
|
479
|
|
|
throw new Exception("Unable to open new file certs.nsh to write CAs."); |
|
480
|
|
|
} |
|
481
|
|
|
if ($caArray) { |
|
482
|
|
|
foreach ($caArray as $certAuthority) { |
|
483
|
|
|
$store = $certAuthority['root'] ? "root" : "ca"; |
|
484
|
|
|
$fcontentsCerts .= '!insertmacro install_ca_cert "' . $certAuthority['file'] . '" "' . $certAuthority['sha1'] . '" "' . $store . "\"\n"; |
|
485
|
|
|
} |
|
486
|
|
|
fwrite($fileHandleCerts, $fcontentsCerts); |
|
487
|
|
|
} |
|
488
|
|
|
fclose($fileHandleCerts); |
|
489
|
|
|
} |
|
490
|
|
|
|
|
491
|
|
|
|
|
492
|
|
|
private function copyStandardNsi() { |
|
493
|
|
|
if (!$this->translateFile('eap_w8.inc', 'cat.NSI', $this->codePage)) { |
|
494
|
|
|
throw new Exception("Translating needed file eap_w8.inc failed!"); |
|
495
|
|
|
} |
|
496
|
|
|
} |
|
497
|
|
|
|
|
498
|
|
|
private function copyFiles($eap) { |
|
499
|
|
|
$this->loggerInstance->debug(4, "copyFiles start\n"); |
|
500
|
|
|
$this->copyBasicFiles(); |
|
501
|
|
|
switch ($eap["OUTER"]) { |
|
502
|
|
|
case \core\common\EAP::TTLS: |
|
503
|
|
|
if (isset($this->options['args']) && $this->options['args'] == 'gl') { |
|
504
|
|
|
$this->copyGeantLinkFiles(); |
|
505
|
|
|
} else { |
|
506
|
|
|
$this->copyStandardNsi(); |
|
507
|
|
|
} |
|
508
|
|
|
break; |
|
509
|
|
|
case \core\common\EAP::PWD: |
|
510
|
|
|
$this->copyPwdFiles(); |
|
511
|
|
|
break; |
|
512
|
|
|
default: |
|
513
|
|
|
$this->copyStandardNsi(); |
|
514
|
|
|
} |
|
515
|
|
|
$this->loggerInstance->debug(4, "copyFiles end\n"); |
|
516
|
|
|
return TRUE; |
|
517
|
|
|
} |
|
518
|
|
|
|
|
519
|
|
|
private $tlsOtherUsername = 0; |
|
520
|
|
|
|
|
521
|
|
|
} |
|
522
|
|
|
|
GEANT /
CAT
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.