|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
* ****************************************************************************** |
|
5
|
|
|
* Copyright 2011-2017 DANTE Ltd. and GÉANT on behalf of the GN3, GN3+, GN4-1 |
|
6
|
|
|
* and GN4-2 consortia |
|
7
|
|
|
* |
|
8
|
|
|
* License: see the web/copyright.php file in the file structure |
|
9
|
|
|
* ****************************************************************************** |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
/** |
|
13
|
|
|
* This file creates MS Windows 8 installers |
|
14
|
|
|
* It supports EAP-TLS, TTLS, PEAP and EAP-pwd |
|
15
|
|
|
* @author Tomasz Wolniewicz <[email protected]> |
|
16
|
|
|
* |
|
17
|
|
|
* @package ModuleWriting |
|
18
|
|
|
*/ |
|
19
|
|
|
|
|
20
|
|
|
namespace devices\ms; |
|
21
|
|
|
use \Exception; |
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* |
|
25
|
|
|
* @author Tomasz Wolniewicz <[email protected]> |
|
26
|
|
|
* @package ModuleWriting |
|
27
|
|
|
*/ |
|
28
|
|
|
class Device_W8_10 extends WindowsCommon { |
|
29
|
|
|
final public function __construct() { |
|
30
|
|
|
parent::__construct(); |
|
31
|
|
|
$this->setSupportedEapMethods( |
|
32
|
|
|
[ |
|
33
|
|
|
\core\common\EAP::EAPTYPE_TLS, |
|
34
|
|
|
\core\common\EAP::EAPTYPE_PEAP_MSCHAP2, |
|
35
|
|
|
\core\common\EAP::EAPTYPE_TTLS_PAP, |
|
36
|
|
|
\core\common\EAP::EAPTYPE_TTLS_MSCHAP2, |
|
37
|
|
|
\core\common\EAP::EAPTYPE_PWD, |
|
38
|
|
|
\core\common\EAP::EAPTYPE_SILVERBULLET |
|
39
|
|
|
]); |
|
40
|
|
|
$this->specialities['internal:use_anon_outer'][serialize(\core\common\EAP::EAPTYPE_PEAP_MSCHAP2)] = _("Anonymous identities do not use the realm as specified in the profile - it is derived from the suffix of the user's username input instead."); |
|
41
|
|
|
} |
|
42
|
|
|
public function writeInstaller() { |
|
43
|
|
|
$dom = textdomain(NULL); |
|
44
|
|
|
textdomain("devices"); |
|
45
|
|
|
// create certificate files and save their names in $caFiles arrary |
|
46
|
|
|
$caFiles = $this->saveCertificateFiles('der'); |
|
47
|
|
|
$this->caArray = $this->attributes['internal:CAs'][0]; |
|
48
|
|
|
$this->useAnon = $this->attributes['internal:use_anon_outer'] [0] === NULL ? FALSE : TRUE; |
|
49
|
|
|
$this->servers = implode(';', $this->attributes['eap:server_name']); |
|
50
|
|
|
$allSSID = $this->attributes['internal:SSID']; |
|
51
|
|
|
$delSSIDs = $this->attributes['internal:remove_SSID']; |
|
52
|
|
|
$this->prepareInstallerLang(); |
|
53
|
|
|
$setWired = isset($this->attributes['media:wired'][0]) && $this->attributes['media:wired'][0] == 'on' ? 1 : 0; |
|
54
|
|
|
// create a list of profiles to be deleted after installation |
|
55
|
|
|
$delProfiles = []; |
|
56
|
|
|
foreach ($delSSIDs as $ssid => $cipher) { |
|
57
|
|
|
if ($cipher == 'DEL') { |
|
58
|
|
|
$delProfiles[] = $ssid; |
|
59
|
|
|
} |
|
60
|
|
|
if ($cipher == 'TKIP') { |
|
61
|
|
|
$delProfiles[] = $ssid . ' (TKIP)'; |
|
62
|
|
|
} |
|
63
|
|
|
} |
|
64
|
|
|
$windowsProfile = []; |
|
65
|
|
|
$eapConfig = $this->prepareEapConfig(); |
|
66
|
|
|
$iterator = 0; |
|
67
|
|
|
foreach ($allSSID as $ssid => $cipher) { |
|
68
|
|
|
if ($cipher == 'TKIP') { |
|
69
|
|
|
$windowsProfile[$iterator] = $this->writeWLANprofile($ssid . ' (TKIP)', $ssid, 'WPA', 'TKIP', $eapConfig, $iterator); |
|
70
|
|
|
$iterator++; |
|
71
|
|
|
} |
|
72
|
|
|
$windowsProfile[$iterator] = $this->writeWLANprofile($ssid, $ssid, 'WPA2', 'AES', $eapConfig, $iterator); |
|
73
|
|
|
$iterator++; |
|
74
|
|
|
} |
|
75
|
|
|
if ($setWired) { |
|
76
|
|
|
$this->writeLANprofile($eapConfig); |
|
77
|
|
|
} |
|
78
|
|
|
$this->loggerInstance->debug(4, "windowsProfile"); |
|
79
|
|
|
$this->loggerInstance->debug(4, print_r($windowsProfile, true)); |
|
80
|
|
|
|
|
81
|
|
|
$this->writeProfilesNSH($windowsProfile, $caFiles); |
|
82
|
|
|
$this->writeAdditionalDeletes($delProfiles); |
|
83
|
|
|
if ($this->selectedEap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
|
84
|
|
|
$this->writeClientP12File(); |
|
85
|
|
|
} |
|
86
|
|
|
$this->copyFiles($this->selectedEap); |
|
87
|
|
|
$fedLogo = $this->attributes['fed:logo_file'] ?? NULL; |
|
88
|
|
|
$idpLogo = $this->attributes['internal:logo_file'] ?? NULL; |
|
89
|
|
|
$this->combineLogo($idpLogo, $fedLogo); |
|
90
|
|
|
$this->writeMainNSH($this->selectedEap, $this->attributes); |
|
91
|
|
|
$this->compileNSIS(); |
|
92
|
|
|
$installerPath = $this->signInstaller(); |
|
93
|
|
|
textdomain($dom); |
|
94
|
|
|
return($installerPath); |
|
95
|
|
|
} |
|
96
|
|
|
|
|
97
|
|
|
private function setAuthorId() { |
|
98
|
|
|
if ($this->selectedEap['OUTER'] === \core\common\EAP::TTLS) { |
|
99
|
|
|
if ($this->useGeantLink) { |
|
100
|
|
|
$authorId = "67532"; |
|
101
|
|
|
} else { |
|
102
|
|
|
$authorId = "311"; |
|
103
|
|
|
} |
|
104
|
|
|
} else { |
|
105
|
|
|
$authorId = 0; |
|
106
|
|
|
} |
|
107
|
|
|
return($authorId); |
|
108
|
|
|
} |
|
109
|
|
|
|
|
110
|
|
|
private function eapConfigHeader() { |
|
111
|
|
|
$authorId = $this->setAuthorId(); |
|
112
|
|
|
$profileFileCont = '<EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
|
113
|
|
|
<EapMethod> |
|
114
|
|
|
'; |
|
115
|
|
|
$profileFileCont .= '<Type xmlns="http://www.microsoft.com/provisioning/EapCommon">' . |
|
116
|
|
|
$this->selectedEap["OUTER"] . '</Type> |
|
117
|
|
|
<VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId> |
|
118
|
|
|
<VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType> |
|
119
|
|
|
<AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">' . $authorId . '</AuthorId> |
|
120
|
|
|
</EapMethod> |
|
121
|
|
|
'; |
|
122
|
|
|
return($profileFileCont); |
|
123
|
|
|
} |
|
124
|
|
|
|
|
125
|
|
View Code Duplication |
private function tlsServerValidation() { |
|
|
|
|
|
|
126
|
|
|
$profileFileCont = ' |
|
127
|
|
|
<eapTls:ServerValidation> |
|
128
|
|
|
<eapTls:DisableUserPromptForServerValidation>true</eapTls:DisableUserPromptForServerValidation> |
|
129
|
|
|
'; |
|
130
|
|
|
$profileFileCont .= '<eapTls:ServerNames>' . $this->servers . '</eapTls:ServerNames>'; |
|
131
|
|
|
foreach ($this->caArray as $certAuthority) { |
|
132
|
|
|
if ($certAuthority['root']) { |
|
133
|
|
|
$profileFileCont .= "<eapTls:TrustedRootCA>" . $certAuthority['sha1'] . "</eapTls:TrustedRootCA>\n"; |
|
134
|
|
|
} |
|
135
|
|
|
} |
|
136
|
|
|
$profileFileCont .= '</eapTls:ServerValidation> |
|
137
|
|
|
'; |
|
138
|
|
|
return($profileFileCont); |
|
139
|
|
|
} |
|
140
|
|
|
|
|
141
|
|
View Code Duplication |
private function msTtlsServerValidation() { |
|
|
|
|
|
|
142
|
|
|
$profileFileCont = ' |
|
143
|
|
|
<ServerValidation> |
|
144
|
|
|
'; |
|
145
|
|
|
$profileFileCont .= '<ServerNames>' . $this->servers . '</ServerNames> '; |
|
146
|
|
|
foreach ($this->caArray as $certAuthority) { |
|
147
|
|
|
if ($certAuthority['root']) { |
|
148
|
|
|
$profileFileCont .= "<TrustedRootCAHash>" . chunk_split($certAuthority['sha1'], 2, ' ') . "</TrustedRootCAHash>\n"; |
|
149
|
|
|
} |
|
150
|
|
|
} |
|
151
|
|
|
$profileFileCont .= '<DisablePrompt>true</DisablePrompt> |
|
152
|
|
|
</ServerValidation> |
|
153
|
|
|
'; |
|
154
|
|
|
return($profileFileCont); |
|
155
|
|
|
} |
|
156
|
|
|
|
|
157
|
|
|
private function glTtlsServerValidation() { |
|
158
|
|
|
$servers = implode('</ServerName><ServerName>', $this->attributes['eap:server_name']); |
|
159
|
|
|
$profileFileCont = ' |
|
160
|
|
|
<ServerSideCredential> |
|
161
|
|
|
'; |
|
162
|
|
|
foreach ($this->caArray as $ca) { |
|
163
|
|
|
$profileFileCont .= '<CA><format>PEM</format><cert-data>'; |
|
164
|
|
|
$profileFileCont .= base64_encode($ca['der']); |
|
165
|
|
|
$profileFileCont .= '</cert-data></CA> |
|
166
|
|
|
'; |
|
167
|
|
|
} |
|
168
|
|
|
$profileFileCont .= "<ServerName>$servers</ServerName>\n"; |
|
169
|
|
|
|
|
170
|
|
|
$profileFileCont .= ' |
|
171
|
|
|
</ServerSideCredential> |
|
172
|
|
|
'; |
|
173
|
|
|
return($profileFileCont); |
|
174
|
|
|
} |
|
175
|
|
|
|
|
176
|
|
|
private function peapServerValidation() { |
|
177
|
|
|
$profileFileCont = ' |
|
178
|
|
|
<ServerValidation> |
|
179
|
|
|
<DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation> |
|
180
|
|
|
<ServerNames>' . $this->servers . '</ServerNames>'; |
|
181
|
|
|
foreach ($this->caArray as $certAuthority) { |
|
182
|
|
|
if ($certAuthority['root']) { |
|
183
|
|
|
$profileFileCont .= "<TrustedRootCA>" . $certAuthority['sha1'] . "</TrustedRootCA>\n"; |
|
184
|
|
|
} |
|
185
|
|
|
} |
|
186
|
|
|
$profileFileCont .= '</ServerValidation> |
|
187
|
|
|
'; |
|
188
|
|
|
return($profileFileCont); |
|
189
|
|
|
} |
|
190
|
|
|
|
|
191
|
|
|
private function tlsConfig() { |
|
192
|
|
|
$profileFileCont = ' |
|
193
|
|
|
<Config xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1" |
|
194
|
|
|
xmlns:eapTls="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1"> |
|
195
|
|
|
<baseEap:Eap> |
|
196
|
|
|
<baseEap:Type>13</baseEap:Type> |
|
197
|
|
|
<eapTls:EapType> |
|
198
|
|
|
<eapTls:CredentialsSource> |
|
199
|
|
|
<eapTls:CertificateStore /> |
|
200
|
|
|
</eapTls:CredentialsSource> |
|
201
|
|
|
'; |
|
202
|
|
|
$profileFileCont .= $this->tlsServerValidation(); |
|
203
|
|
|
if (\core\common\Entity::getAttributeValue($this->attributes, 'eap-specific:tls_use_other_id', 0) === 'on') { |
|
204
|
|
|
$profileFileCont .= '<eapTls:DifferentUsername>true</eapTls:DifferentUsername>'; |
|
205
|
|
|
$this->tlsOtherUsername = 1; |
|
206
|
|
|
} else { |
|
207
|
|
|
$profileFileCont .= '<eapTls:DifferentUsername>false</eapTls:DifferentUsername>'; |
|
208
|
|
|
} |
|
209
|
|
|
$profileFileCont .= ' |
|
210
|
|
|
</eapTls:EapType> |
|
211
|
|
|
</baseEap:Eap> |
|
212
|
|
|
</Config> |
|
213
|
|
|
'; |
|
214
|
|
|
return($profileFileCont); |
|
215
|
|
|
} |
|
216
|
|
|
|
|
217
|
|
|
private function msTtlsConfig() { |
|
218
|
|
|
$profileFileCont = '<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
|
219
|
|
|
<EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1"> |
|
220
|
|
|
'; |
|
221
|
|
|
$profileFileCont .= $this->msTtlsServerValidation(); |
|
222
|
|
|
$profileFileCont .= '<Phase2Authentication> |
|
223
|
|
|
'; |
|
224
|
|
|
if ($this->selectedEap == \core\common\EAP::EAPTYPE_TTLS_PAP) { |
|
225
|
|
|
$profileFileCont .= '<PAPAuthentication /> '; |
|
226
|
|
|
} |
|
227
|
|
|
if ($this->selectedEap == \core\common\EAP::EAPTYPE_TTLS_MSCHAP2) { |
|
228
|
|
|
$profileFileCont .= '<MSCHAPv2Authentication> |
|
229
|
|
|
<UseWinlogonCredentials>false</UseWinlogonCredentials> |
|
230
|
|
|
</MSCHAPv2Authentication> |
|
231
|
|
|
'; |
|
232
|
|
|
} |
|
233
|
|
|
$profileFileCont .= '</Phase2Authentication> |
|
234
|
|
|
<Phase1Identity> |
|
235
|
|
|
'; |
|
236
|
|
|
if ($this->useAnon) { |
|
237
|
|
|
$profileFileCont .= '<IdentityPrivacy>true</IdentityPrivacy> |
|
238
|
|
|
'; |
|
239
|
|
|
if (isset($outerId) && $outerId) { |
|
|
|
|
|
|
240
|
|
|
$profileFileCont .= '<AnonymousIdentity>' . $outerId . '</AnonymousIdentity> |
|
241
|
|
|
'; |
|
242
|
|
|
} else { |
|
243
|
|
|
$profileFileCont .= '<AnonymousIdentity/> |
|
244
|
|
|
'; |
|
245
|
|
|
} |
|
246
|
|
|
} else { |
|
247
|
|
|
$profileFileCont .= '<IdentityPrivacy>false</IdentityPrivacy> |
|
248
|
|
|
'; |
|
249
|
|
|
} |
|
250
|
|
|
$profileFileCont .= '</Phase1Identity> |
|
251
|
|
|
</EapTtls> |
|
252
|
|
|
</Config> |
|
253
|
|
|
'; |
|
254
|
|
|
return($profileFileCont); |
|
255
|
|
|
} |
|
256
|
|
|
|
|
257
|
|
|
private function glTtlsConfig() { |
|
258
|
|
|
$profileFileCont = ' |
|
259
|
|
|
<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
|
260
|
|
|
<EAPIdentityProviderList xmlns="urn:ietf:params:xml:ns:yang:ietf-eap-metadata"> |
|
261
|
|
|
<EAPIdentityProvider ID="' . $this->deviceUUID . '" namespace="urn:UUID"> |
|
262
|
|
|
|
|
263
|
|
|
<ProviderInfo> |
|
264
|
|
|
<DisplayName>' . $this->translateString($this->attributes['general:instname'][0], $this->codePage) . '</DisplayName> |
|
265
|
|
|
</ProviderInfo> |
|
266
|
|
|
<AuthenticationMethods> |
|
267
|
|
|
<AuthenticationMethod> |
|
268
|
|
|
<EAPMethod>21</EAPMethod> |
|
269
|
|
|
<ClientSideCredential> |
|
270
|
|
|
<allow-save>true</allow-save> |
|
271
|
|
|
'; |
|
272
|
|
View Code Duplication |
if ($this->useAnon) { |
|
|
|
|
|
|
273
|
|
|
if ($this->outerUser == '') { |
|
274
|
|
|
$profileFileCont .= '<AnonymousIdentity>@</AnonymousIdentity>'; |
|
275
|
|
|
} else { |
|
276
|
|
|
$profileFileCont .= '<AnonymousIdentity>' . $this->outerId . '</AnonymousIdentity>'; |
|
277
|
|
|
} |
|
278
|
|
|
} |
|
279
|
|
|
$profileFileCont .= '</ClientSideCredential> |
|
280
|
|
|
'; |
|
281
|
|
|
$profileFileCont .= $this->glTtlsServerValidation(); |
|
282
|
|
|
$profileFileCont .= ' |
|
283
|
|
|
<InnerAuthenticationMethod> |
|
284
|
|
|
<NonEAPAuthMethod>' . \core\common\EAP::eapDisplayName($this->selectedEap)['INNER'] . '</NonEAPAuthMethod> |
|
285
|
|
|
</InnerAuthenticationMethod> |
|
286
|
|
|
<VendorSpecific> |
|
287
|
|
|
<SessionResumption>false</SessionResumption> |
|
288
|
|
|
</VendorSpecific> |
|
289
|
|
|
</AuthenticationMethod> |
|
290
|
|
|
</AuthenticationMethods> |
|
291
|
|
|
</EAPIdentityProvider> |
|
292
|
|
|
</EAPIdentityProviderList> |
|
293
|
|
|
</Config> |
|
294
|
|
|
'; |
|
295
|
|
|
return($profileFileCont); |
|
296
|
|
|
} |
|
297
|
|
|
|
|
298
|
|
|
private function peapConfig() { |
|
299
|
|
|
$nea = (\core\common\Entity::getAttributeValue($this->attributes, 'media:wired', 0) == 'on') ? 'true' : 'false'; |
|
300
|
|
|
$profileFileCont = '<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
|
301
|
|
|
<Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> |
|
302
|
|
|
<Type>25</Type> |
|
303
|
|
|
<EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"> |
|
304
|
|
|
'; |
|
305
|
|
|
$profileFileCont .= $this->peapServerValidation(); |
|
306
|
|
|
$profileFileCont .= ' |
|
307
|
|
|
<FastReconnect>true</FastReconnect> |
|
308
|
|
|
<InnerEapOptional>false</InnerEapOptional> |
|
309
|
|
|
<Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> |
|
310
|
|
|
<Type>26</Type> |
|
311
|
|
|
<EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"> |
|
312
|
|
|
<UseWinLogonCredentials>false</UseWinLogonCredentials> |
|
313
|
|
|
</EapType> |
|
314
|
|
|
</Eap> |
|
315
|
|
|
<EnableQuarantineChecks>' . $nea . '</EnableQuarantineChecks> |
|
316
|
|
|
<RequireCryptoBinding>false</RequireCryptoBinding> |
|
317
|
|
|
'; |
|
318
|
|
|
if ($this->useAnon) { |
|
319
|
|
|
$profileFileCont .= '<PeapExtensions> |
|
320
|
|
|
<IdentityPrivacy xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2"> |
|
321
|
|
|
<EnableIdentityPrivacy>true</EnableIdentityPrivacy> |
|
322
|
|
|
'; |
|
323
|
|
View Code Duplication |
if ($this->outerUser == '') { |
|
|
|
|
|
|
324
|
|
|
$profileFileCont .= '<AnonymousUserName/> |
|
325
|
|
|
'; |
|
326
|
|
|
} else { |
|
327
|
|
|
$profileFileCont .= '<AnonymousUserName>' . $this->outerUser . '</AnonymousUserName> |
|
328
|
|
|
'; |
|
329
|
|
|
} |
|
330
|
|
|
$profileFileCont .= '</IdentityPrivacy> |
|
331
|
|
|
</PeapExtensions> |
|
332
|
|
|
'; |
|
333
|
|
|
} |
|
334
|
|
|
$profileFileCont .= '</EapType> |
|
335
|
|
|
</Eap> |
|
336
|
|
|
</Config> |
|
337
|
|
|
'; |
|
338
|
|
|
return($profileFileCont); |
|
339
|
|
|
} |
|
340
|
|
|
|
|
341
|
|
|
private function pwdConfig() { |
|
342
|
|
|
return('<ConfigBlob></ConfigBlob>'); |
|
343
|
|
|
} |
|
344
|
|
|
|
|
345
|
|
|
private function prepareEapConfig() { |
|
346
|
|
|
if ($this->useAnon) { |
|
347
|
|
|
$this->outerUser = $this->attributes['internal:anon_local_value'][0]; |
|
348
|
|
|
$this->outerId = $this->outerUser . '@' . $this->attributes['internal:realm'][0]; |
|
349
|
|
|
} |
|
350
|
|
|
if (isset($this->options['args']) && $this->options['args'] == 'gl') { |
|
351
|
|
|
$this->useGeantLink = TRUE; |
|
352
|
|
|
} else { |
|
353
|
|
|
$this->useGeantLink = FALSE; |
|
354
|
|
|
} |
|
355
|
|
|
$profileFileCont = $this->eapConfigHeader(); |
|
356
|
|
|
|
|
357
|
|
|
switch ($this->selectedEap['OUTER']) { |
|
358
|
|
|
case \core\common\EAP::TLS: |
|
359
|
|
|
$profileFileCont .= $this->tlsConfig(); |
|
360
|
|
|
break; |
|
361
|
|
|
case \core\common\EAP::PEAP: |
|
362
|
|
|
$profileFileCont .= $this->peapConfig(); |
|
363
|
|
|
break; |
|
364
|
|
|
case \core\common\EAP::TTLS: |
|
365
|
|
|
if ($this->useGeantLink) { |
|
366
|
|
|
$profileFileCont .= $this->glTtlsConfig(); |
|
367
|
|
|
} else { |
|
368
|
|
|
$profileFileCont .= $this->msTtlsConfig(); |
|
369
|
|
|
} |
|
370
|
|
|
break; |
|
371
|
|
|
case \core\common\EAP::PWD: |
|
372
|
|
|
$profileFileCont .= $this->pwdConfig(); |
|
373
|
|
|
break; |
|
374
|
|
|
default: |
|
375
|
|
|
break; |
|
376
|
|
|
} |
|
377
|
|
|
return(['win' => $profileFileCont . '</EapHostConfig></EAPConfig>']); |
|
378
|
|
|
} |
|
379
|
|
|
|
|
380
|
|
|
/** |
|
381
|
|
|
* produce PEAP, TLS and TTLS configuration files for Windows 8 |
|
382
|
|
|
* |
|
383
|
|
|
* @param string $wlanProfileName |
|
384
|
|
|
* @param string $ssid |
|
385
|
|
|
* @param string $auth can be one of "WPA", "WPA2" |
|
386
|
|
|
* @param string $encryption can be one of: "TKIP", "AES" |
|
387
|
|
|
* @param array $eapConfig XML configuration block with EAP config data |
|
388
|
|
|
* @param int $profileNumber counter, which profile number is this |
|
389
|
|
|
* @return string |
|
390
|
|
|
*/ |
|
391
|
|
|
private function writeWLANprofile($wlanProfileName, $ssid, $auth, $encryption, $eapConfig, $profileNumber) { |
|
392
|
|
|
$profileFileCont = '<?xml version="1.0"?> |
|
393
|
|
|
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"> |
|
394
|
|
|
<name>' . $wlanProfileName . '</name> |
|
395
|
|
|
<SSIDConfig> |
|
396
|
|
|
<SSID> |
|
397
|
|
|
<name>' . $ssid . '</name> |
|
398
|
|
|
</SSID> |
|
399
|
|
|
<nonBroadcast>true</nonBroadcast> |
|
400
|
|
|
</SSIDConfig> |
|
401
|
|
|
<connectionType>ESS</connectionType> |
|
402
|
|
|
<connectionMode>auto</connectionMode> |
|
403
|
|
|
<autoSwitch>false</autoSwitch> |
|
404
|
|
|
<MSM> |
|
405
|
|
|
<security> |
|
406
|
|
|
<authEncryption> |
|
407
|
|
|
<authentication>' . $auth . '</authentication> |
|
408
|
|
|
<encryption>' . $encryption . '</encryption> |
|
409
|
|
|
<useOneX>true</useOneX> |
|
410
|
|
|
</authEncryption> |
|
411
|
|
|
'; |
|
412
|
|
|
if ($auth == 'WPA2') { |
|
413
|
|
|
$profileFileCont .= '<PMKCacheMode>enabled</PMKCacheMode> |
|
414
|
|
|
<PMKCacheTTL>720</PMKCacheTTL> |
|
415
|
|
|
<PMKCacheSize>128</PMKCacheSize> |
|
416
|
|
|
<preAuthMode>disabled</preAuthMode> |
|
417
|
|
|
'; |
|
418
|
|
|
} |
|
419
|
|
|
$profileFileCont .= '<OneX xmlns="http://www.microsoft.com/networking/OneX/v1"> |
|
420
|
|
|
<cacheUserData>true</cacheUserData> |
|
421
|
|
|
<authMode>user</authMode> |
|
422
|
|
|
'; |
|
423
|
|
|
|
|
424
|
|
|
$closing = ' |
|
425
|
|
|
</OneX> |
|
426
|
|
|
</security> |
|
427
|
|
|
</MSM> |
|
428
|
|
|
</WLANProfile> |
|
429
|
|
|
'; |
|
430
|
|
|
|
|
431
|
|
|
if (!is_dir('w8')) { |
|
432
|
|
|
mkdir('w8'); |
|
433
|
|
|
} |
|
434
|
|
|
$xmlFname = "w8/wlan_prof-$profileNumber.xml"; |
|
435
|
|
|
file_put_contents($xmlFname, $profileFileCont . $eapConfig['win'] . $closing); |
|
436
|
|
|
$this->loggerInstance->debug(2, "Installer has been written into directory $this->FPATH\n"); |
|
437
|
|
|
$this->loggerInstance->debug(4, "WWWWLAN_Profile:$wlanProfileName:$encryption\n"); |
|
438
|
|
|
return("\"$wlanProfileName\" \"$encryption\""); |
|
439
|
|
|
} |
|
440
|
|
|
|
|
441
|
|
|
private function writeLANprofile($eapConfig) { |
|
442
|
|
|
$profileFileCont = '<?xml version="1.0"?> |
|
443
|
|
|
<LANProfile xmlns="http://www.microsoft.com/networking/LAN/profile/v1"> |
|
444
|
|
|
<MSM> |
|
445
|
|
|
<security> |
|
446
|
|
|
<OneXEnforced>false</OneXEnforced> |
|
447
|
|
|
<OneXEnabled>true</OneXEnabled> |
|
448
|
|
|
<OneX xmlns="http://www.microsoft.com/networking/OneX/v1"> |
|
449
|
|
|
<cacheUserData>true</cacheUserData> |
|
450
|
|
|
<authMode>user</authMode> |
|
451
|
|
|
'; |
|
452
|
|
|
$closing = ' |
|
453
|
|
|
</OneX> |
|
454
|
|
|
</security> |
|
455
|
|
|
</MSM> |
|
456
|
|
|
</LANProfile> |
|
457
|
|
|
'; |
|
458
|
|
|
|
|
459
|
|
|
if (!is_dir('w8')) { |
|
460
|
|
|
mkdir('w8'); |
|
461
|
|
|
} |
|
462
|
|
|
$xmlFname = "w8/lan_prof.xml"; |
|
463
|
|
|
file_put_contents($xmlFname, $profileFileCont . $eapConfig['win'] . $closing); |
|
464
|
|
|
$this->loggerInstance->debug(2, "Installer has been written into directory $this->FPATH\n"); |
|
465
|
|
|
} |
|
466
|
|
|
|
|
467
|
|
View Code Duplication |
private function writeProfilesNSH($wlanProfiles, $caArray) { |
|
|
|
|
|
|
468
|
|
|
$this->loggerInstance->debug(4, "writeProfilesNSH"); |
|
469
|
|
|
$this->loggerInstance->debug(4, $wlanProfiles); |
|
470
|
|
|
$fcontentsProfile = ''; |
|
471
|
|
|
foreach ($wlanProfiles as $wlanProfile) { |
|
472
|
|
|
$fcontentsProfile .= "!insertmacro define_wlan_profile $wlanProfile\n"; |
|
473
|
|
|
} |
|
474
|
|
|
|
|
475
|
|
|
file_put_contents('profiles.nsh', $fcontentsProfile); |
|
476
|
|
|
|
|
477
|
|
|
$fcontentsCerts = ''; |
|
478
|
|
|
$fileHandleCerts = fopen('certs.nsh', 'w'); |
|
479
|
|
|
if ($fileHandleCerts === FALSE) { |
|
480
|
|
|
throw new Exception("Unable to open new certs.nsh file for writing CAs."); |
|
481
|
|
|
} |
|
482
|
|
|
if ($caArray) { |
|
483
|
|
|
foreach ($caArray as $certAuthority) { |
|
484
|
|
|
$store = $certAuthority['root'] ? "root" : "ca"; |
|
485
|
|
|
$fcontentsCerts .= '!insertmacro install_ca_cert "' . $certAuthority['file'] . '" "' . $certAuthority['sha1'] . '" "' . $store . "\"\n"; |
|
486
|
|
|
} |
|
487
|
|
|
fwrite($fileHandleCerts, $fcontentsCerts); |
|
488
|
|
|
} |
|
489
|
|
|
fclose($fileHandleCerts); |
|
490
|
|
|
} |
|
491
|
|
|
|
|
492
|
|
|
private function writeMainNSH($eap, $attr) { |
|
493
|
|
|
$this->loggerInstance->debug(4, "writeMainNSH"); |
|
494
|
|
|
$this->loggerInstance->debug(4, $attr); |
|
495
|
|
|
$this->loggerInstance->debug(4, "Device_id = " . $this->device_id . "\n"); |
|
496
|
|
|
$fcontents = "!define W8\n"; |
|
497
|
|
|
if ($this->device_id == 'w10') { |
|
498
|
|
|
$fcontents .= "!define W10\n"; |
|
499
|
|
|
} |
|
500
|
|
|
if (CONFIG_CONFASSISTANT['NSIS_VERSION'] >= 3) { |
|
501
|
|
|
$fcontents .= "Unicode true\n"; |
|
502
|
|
|
} |
|
503
|
|
|
$eapOptions = [ |
|
504
|
|
|
\core\common\EAP::PEAP => ['str' => 'PEAP', 'exec' => 'user'], |
|
505
|
|
|
\core\common\EAP::TLS => ['str' => 'TLS', 'exec' => 'user'], |
|
506
|
|
|
\core\common\EAP::TTLS => ['str' => 'TTLS', 'exec' => 'user'], |
|
507
|
|
|
\core\common\EAP::PWD => ['str' => 'PWD', 'exec' => 'user'], |
|
508
|
|
|
]; |
|
509
|
|
|
if (isset($this->options['args']) && $this->options['args'] == 'gl') { |
|
510
|
|
|
$eapOptions[\core\common\EAP::TTLS]['str'] = 'GEANTLink'; |
|
511
|
|
|
} |
|
512
|
|
|
|
|
513
|
|
|
// Uncomment the line below if you want this module to run under XP (only displaying a warning) |
|
514
|
|
|
// $fcontents .= "!define ALLOW_XP\n"; |
|
515
|
|
|
// Uncomment the line below if you want this module to produce debugging messages on the client |
|
516
|
|
|
// $fcontents .= "!define DEBUG_CAT\n"; |
|
517
|
|
|
if ($this->tlsOtherUsername == 1) { |
|
518
|
|
|
$fcontents .= "!define PFX_USERNAME\n"; |
|
519
|
|
|
} |
|
520
|
|
|
$execLevel = $eapOptions[$eap["OUTER"]]['exec']; |
|
521
|
|
|
$eapStr = $eapOptions[$eap["OUTER"]]['str']; |
|
522
|
|
|
if ($eap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
|
523
|
|
|
$fcontents .= "!define SILVERBULLET\n"; |
|
524
|
|
|
} |
|
525
|
|
|
$fcontents .= '!define ' . $eapStr; |
|
526
|
|
|
$fcontents .= "\n" . '!define EXECLEVEL "' . $execLevel . '"'; |
|
527
|
|
|
$fcontents .= $this->writeNsisDefines($attr); |
|
528
|
|
|
file_put_contents('main.nsh', $fcontents); |
|
529
|
|
|
} |
|
530
|
|
|
|
|
531
|
|
|
private function copyStandardNsi() { |
|
532
|
|
|
if (!$this->translateFile('eap_w8.inc', 'cat.NSI', $this->codePage)) { |
|
533
|
|
|
throw new Exception("Translating needed file eap_w8.inc failed!"); |
|
534
|
|
|
} |
|
535
|
|
|
} |
|
536
|
|
|
|
|
537
|
|
|
private function copyFiles($eap) { |
|
538
|
|
|
$this->loggerInstance->debug(4, "copyFiles start\n"); |
|
539
|
|
|
$this->copyBasicFiles(); |
|
540
|
|
|
switch ($eap["OUTER"]) { |
|
541
|
|
|
case \core\common\EAP::TTLS: |
|
542
|
|
|
if (isset($this->options['args']) && $this->options['args'] == 'gl') { |
|
543
|
|
|
$this->copyGeantLinkFiles(); |
|
544
|
|
|
} else { |
|
545
|
|
|
$this->copyStandardNsi(); |
|
546
|
|
|
} |
|
547
|
|
|
break; |
|
548
|
|
|
case \core\common\EAP::PWD: |
|
549
|
|
|
$this->copyPwdFiles(); |
|
550
|
|
|
break; |
|
551
|
|
|
default: |
|
552
|
|
|
$this->copyStandardNsi(); |
|
553
|
|
|
} |
|
554
|
|
|
$this->loggerInstance->debug(4, "copyFiles end\n"); |
|
555
|
|
|
return TRUE; |
|
556
|
|
|
} |
|
557
|
|
|
|
|
558
|
|
|
private $tlsOtherUsername = 0; |
|
559
|
|
|
private $caArray; |
|
560
|
|
|
private $useAnon; |
|
561
|
|
|
private $servers; |
|
562
|
|
|
private $outerUser; |
|
563
|
|
|
private $outerId; |
|
564
|
|
|
|
|
565
|
|
|
} |
|
566
|
|
|
|
|
567
|
|
|
|
GEANT /
CAT
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.