multiOTP Credential Provider 5.3.0.0

FIX: Save flat domain name in the registry. While offline, use this value instead of asking the DC
ENH: Enigma Virtual Box updated to version 9.00 (to create the special all-in-one-file)
ENH: PHP 7.2.8 used in the one single file
ENH: The multiOTP timeout (how long the Credential Provider wait a response from the multiOTP process) is now 60 seconds by default (instead of 10)

@multiOTPCredentialProvider.iss

@@ -1,7 +1,7 @@
 ; SEE THE DOCUMENTATION FOR DETAILS ON CREATING INNO SETUP SCRIPT FILES!
 
 #define MyAppName "multiOTP Credential Provider"
-#define MyAppVersion "5.1.0.8"
+#define MyAppVersion "5.3.0.0"
 #define MyAppShortName "multiOTP"
 #define MyAppPublisher "SysCo systemes de communication sa"
 #define MyAppURL "https://github.com/multiOTP/multiOTPCredentialProvider"
@@ -27,9 +27,9 @@ DefaultDirName={pf32}\{#MyAppShortName}
 DefaultGroupName={#MyAppName}
 UninstallDisplayIcon={app}\multiotp.exe
 DisableProgramGroupPage=yes
-OutputDir=D:\Data\projects\multiotp\multiOTPCredentialProvider\installer
-OutputBaseFilename=multiOTPCredentialProvider-5.1.0.8
-SetupIconFile=D:\Data\projects\multiotp\ico\multiOTP.ico
+OutputDir=C:\Data\projects\multiotp\multiOTPCredentialProvider\installer
+OutputBaseFilename=multiOTPCredentialProvider-5.3.0.0
+SetupIconFile=C:\Data\projects\multiotp\ico\multiOTP.ico
 WizardImageFile=..\bmp\multiOTP-wizard-164x314.bmp
 WizardSmallImageFile=..\bmp\multiOTP-wizard-55x58.bmp
 Compression=lzma
@@ -945,7 +945,7 @@ begin
   multiOTPSharedSecret := 'ClientServerSecret';
   multiOTPCacheEnabled := 1;
   multiOTPRDPOnly := 1;
-  multiOTPTimeout := 10;
+  multiOTPTimeout := 60;
   multiOTPPrefixPass := 0;
   multiOTPDisplaySmsLink := 0;
   multiOTPUPNFormat := 0;

CSampleCredential.cpp

@@ -137,7 +137,7 @@ HRESULT CSampleCredential::call_multiotp(_In_ PCWSTR username, _In_ PCWSTR PREV_
 
 	si.cb = sizeof(si);
 
-	if (readRegistryValueString(CONF_PATH, &path, L"c:\\multiotp\\")) {
+	if (readRegistryValueString(CONF_PATH, &path, L"c:\\multiotp\\") > 1) {
 		DWORD timeout = 60;
 
 		timeout = readRegistryValueInteger(CONF_TIMEOUT, timeout);
@@ -161,13 +161,13 @@ HRESULT CSampleCredential::call_multiotp(_In_ PCWSTR username, _In_ PCWSTR PREV_
 		wcscat_s(options, 2048, server_cache_level_string);
 		wcscat_s(options, 2048, L" ");
 
-		if (readRegistryValueString(CONF_SERVERS, &servers, L"")) {
+		if (readRegistryValueString(CONF_SERVERS, &servers, L"") > 1) {
 			wcscat_s(options, 2048, L"-server-url=");
 			wcscat_s(options, 2048, servers);
 			wcscat_s(options, 2048, L" ");
 		}
 
-		if (readRegistryValueString(CONF_SHARED_SECRET, &shared_secret, L"ClientServerSecret")) {
+		if (readRegistryValueString(CONF_SHARED_SECRET, &shared_secret, L"ClientServerSecret") > 1) {
 			wcscat_s(options, 2048, L"-server-secret=");
 			wcscat_s(options, 2048, shared_secret);
 			wcscat_s(options, 2048, L" ");
@@ -290,17 +290,17 @@ HRESULT CSampleCredential::Initialize(CREDENTIAL_PROVIDER_USAGE_SCENARIO cpus,
 	PWSTR pszDomain, pszHostname, pszLoginTitle;
 	wchar_t szDomainInfo[1024], szLoginTitle[1024];
 
-	if (readRegistryValueString(CONF_DOMAIN_NAME, &pszDomain, L"") > 0) {
+	if (readRegistryValueString(CONF_DOMAIN_NAME, &pszDomain, L"") > 1) {
 		StringCchPrintf(szDomainInfo, ARRAYSIZE(szDomainInfo), L"Domain: %s", pszDomain);
 	}
-	else if (readRegistryValueString(CONF_HOST_NAME, &pszHostname, L"") > 0) {
+	else if (readRegistryValueString(CONF_HOST_NAME, &pszHostname, L"") > 1) {
 		StringCchPrintf(szDomainInfo, ARRAYSIZE(szDomainInfo), L"Computer: %s", pszHostname);
 	}
 	else {
 		StringCchPrintf(szDomainInfo, ARRAYSIZE(szDomainInfo), L" ");
 	}
 
-	if (readRegistryValueString(CONF_LOGIN_TITLE, &pszLoginTitle, L"") > 0) {
+	if (readRegistryValueString(CONF_LOGIN_TITLE, &pszLoginTitle, L"") > 1) {
 		StringCchPrintf(szLoginTitle, ARRAYSIZE(szLoginTitle), pszLoginTitle);
 	}
 	else {
@@ -676,7 +676,7 @@ HRESULT CSampleCredential::GetBitmapValue(DWORD dwFieldID, _Outptr_result_nullon
     if ((SFI_TILEIMAGE == dwFieldID))
     {
 		HBITMAP hbmp = nullptr;
-        if (readRegistryValueString(CONF_PATH, &path, L"c:\\multiotp\\")) {
+        if (readRegistryValueString(CONF_PATH, &path, L"c:\\multiotp\\") > 1) {
             wchar_t bitmap_path[1024];
             wcscpy_s(bitmap_path, 1024, path);
             size_t npath = wcslen(bitmap_path);
@@ -792,7 +792,6 @@ HRESULT CSampleCredential::SetStringValue(DWORD dwFieldID, _In_ PCWSTR pwz)
         wchar_t szDomainInfo[1024];
 
         DWORD dwDomainSize = 0;
-        DWORD dwHostnameSize = 0;
 
         hr_sfi = SHStrDupW(L"", &pszUsername);
         hr_sfi = SHStrDupW(_rgFieldStrings[SFI_LOGIN_NAME], &pszQualifiedUserName);
@@ -807,16 +806,16 @@ HRESULT CSampleCredential::SetStringValue(DWORD dwFieldID, _In_ PCWSTR pwz)
           if (SUCCEEDED(hr_sfi)) {
             StringCchPrintf(szDomainInfo, ARRAYSIZE(szDomainInfo), L"Domain: %s", pszDomain);
             if (wcscmp(pszDomain, L".") == 0) {
-              dwHostnameSize = readRegistryValueString(CONF_HOST_NAME, &pszHostname, L"");
+              readRegistryValueString(CONF_HOST_NAME, &pszHostname, L"");
               StringCchPrintf(szDomainInfo, ARRAYSIZE(szDomainInfo), L"Computer: %s", pszHostname);
             }
           }
         }
         else {
-          if (readRegistryValueString(CONF_DOMAIN_NAME, &pszDomain, L"") > 0) {
+          if (readRegistryValueString(CONF_DOMAIN_NAME, &pszDomain, L"") > 1) {
             StringCchPrintf(szDomainInfo, ARRAYSIZE(szDomainInfo), L"Domain: %s", pszDomain);
           }
-          else if (readRegistryValueString(CONF_HOST_NAME, &pszHostname, L"") > 0) {
+          else if (readRegistryValueString(CONF_HOST_NAME, &pszHostname, L"") > 1) {
             StringCchPrintf(szDomainInfo, ARRAYSIZE(szDomainInfo), L"Computer: %s", pszHostname);
           }
           else {
@@ -961,7 +960,7 @@ HRESULT CSampleCredential::CommandLinkClicked(DWORD dwFieldID)
 	PWSTR pszLoginTitle;
 	wchar_t szLoginTitle[1024];
 
-	if (readRegistryValueString(CONF_LOGIN_TITLE, &pszLoginTitle, L"") > 0) {
+	if (readRegistryValueString(CONF_LOGIN_TITLE, &pszLoginTitle, L"") > 1) {
 		StringCchPrintf(szLoginTitle, ARRAYSIZE(szLoginTitle), pszLoginTitle);
 	}
 	else {
@@ -1077,13 +1076,25 @@ HRESULT CSampleCredential::CommandLinkClicked(DWORD dwFieldID)
             const wchar_t *pchWhack = wcschr(_pszQualifiedUserName, L'\\');
             const wchar_t *pchWatSign = wcschr(_pszQualifiedUserName, L'@');
 
-            DOMAIN_CONTROLLER_INFO* pDCI;
-            if (DsGetDcNameW(NULL, pszDomain, NULL, NULL, DS_IS_DNS_NAME | DS_RETURN_FLAT_NAME, &pDCI) == ERROR_SUCCESS) {
-              pszNetBiosDomainName = pDCI->DomainName;
-              // NetApiBufferFree(pDCI);
-            }
+			if (dwDomainSize > 1) {
+				DOMAIN_CONTROLLER_INFO* pDCI;
+				if (DsGetDcNameW(NULL, pszDomain, NULL, NULL, DS_IS_DNS_NAME | DS_RETURN_FLAT_NAME, &pDCI) == ERROR_SUCCESS) {
+					pszNetBiosDomainName = pDCI->DomainName;
+
+					if (DEVELOP_MODE) PrintLn(L"Before writing registry with value: ", pszNetBiosDomainName);
+					// Write flat domain name in the internal multiOTP Credential registry cache
+					writeRegistryValueString(CONF_FLAT_DOMAIN, pszNetBiosDomainName);
+
+					// NetApiBufferFree(pDCI);
+				}
+				else {
+					// Read flat domain name from the internal multiOTP Credential registry cache
+					readRegistryValueString(CONF_FLAT_DOMAIN, &pszNetBiosDomainName, L"");
+					if (DEVELOP_MODE) PrintLn(L"Flat domain named retrieved in the registry : ", pszNetBiosDomainName);
+				}
+			}
 
-            if ((dwDomainSize > 0) && (pchWatSign == nullptr) && (pchWhack == nullptr)) {
+            if ((dwDomainSize > 1) && (pchWatSign == nullptr) && (pchWhack == nullptr)) {
               if (DEVELOP_MODE) PrintLn(L"Take the default domain ", pszDomain, L" - ", pszNetBiosDomainName);
               wcscpy_s(fullname, 1024, pszNetBiosDomainName);
               wcscat_s(fullname, 1024, L"\\");
@@ -1193,14 +1204,24 @@ HRESULT CSampleCredential::GetSerialization(_Out_ CREDENTIAL_PROVIDER_GET_SERIAL
 	const wchar_t *pchWhack = wcschr(_pszQualifiedUserName, L'\\');
 	const wchar_t *pchWatSign = wcschr(_pszQualifiedUserName, L'@');
 
+	if (domainSize > 1) {
+		DOMAIN_CONTROLLER_INFO* pDCI;
+		if (DsGetDcNameW(NULL, domain, NULL, NULL, DS_IS_DNS_NAME | DS_RETURN_FLAT_NAME, &pDCI) == ERROR_SUCCESS) {
+			strNetBiosDomainName = pDCI->DomainName;
+			if (DEVELOP_MODE) PrintLn(L"Before writing registry with value: ", strNetBiosDomainName);
+			// Write flat domain name in the internal multiOTP Credential registry cache
+		    writeRegistryValueString(CONF_FLAT_DOMAIN, strNetBiosDomainName);
 
-	DOMAIN_CONTROLLER_INFO* pDCI;
-	if (DsGetDcNameW(NULL, domain, NULL, NULL, DS_IS_DNS_NAME | DS_RETURN_FLAT_NAME, &pDCI) == ERROR_SUCCESS) {
-		strNetBiosDomainName = pDCI->DomainName;
-		// NetApiBufferFree(pDCI);
+			// NetApiBufferFree(pDCI);
+		}
+		else {
+			// Read flat domain name from the internal multiOTP Credential registry cache
+			readRegistryValueString(CONF_FLAT_DOMAIN, &strNetBiosDomainName, L"");
+			if (DEVELOP_MODE) PrintLn(L"Flat domain named retrieved in the registry : ", strNetBiosDomainName);
+		}
 	}
 
-	if ((domainSize > 0) && (pchWatSign == nullptr) && (pchWhack == nullptr)) {
+	if ((domainSize > 1) && (pchWatSign == nullptr) && (pchWhack == nullptr)) {
 		if (DEVELOP_MODE) PrintLn(L"Take the default domain ", domain, L" - ", strNetBiosDomainName);
 		wcscpy_s(fullname, 1024, strNetBiosDomainName);
 		wcscat_s(fullname, 1024, L"\\");

CSampleProvider.cpp

@@ -584,7 +584,7 @@ HRESULT CLMSFilter::Filter(CREDENTIAL_PROVIDER_USAGE_SCENARIO cpus, DWORD dwFlag
 
 	/*PrintLn("================TEST======================");
 	PWSTR path;
-	if (readRegistryValueString(CONF_PATH, &path)) {
+	if (readRegistryValueString(CONF_PATH, &path) > 1) {
 		PrintLn(path);
 		CoTaskMemFree(path);
 	}

MultiOTPCredentialProvider.vcxproj

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|Win32">
       <Configuration>Debug</Configuration>
@@ -58,31 +58,32 @@
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>multiOTPCredentialProvider</RootNamespace>
     <ProjectName>multiOTPCredentialProvider</ProjectName>
+    <WindowsTargetPlatformVersion>10.0.16299.0</WindowsTargetPlatformVersion>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v140</PlatformToolset>
+    <PlatformToolset>v141</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v140</PlatformToolset>
+    <PlatformToolset>v141</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v140</PlatformToolset>
+    <PlatformToolset>v141</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v140</PlatformToolset>
+    <PlatformToolset>v141</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>

README.md

@@ -6,7 +6,7 @@ multiOTP Credential Provider for multiOTP is a free and open source implementati
 (c) 2015-2016 ArcadeJust ("RDP only" enhancement)  
 (c) 2013-2015 Last Squirrel IT  
 
-Current build: 5.1.0.8 (2018-03-05)
+Current build: 5.3.0.0 (2018-08-21)
 
 Binary download: https://download.multiotp.net/credential-provider/
 
@@ -44,7 +44,43 @@ PREREQUISITES
 
 INSTALLATION
 ============
-- Launch the installer (in the installer directory) and configure the various parameters during the setup. You must have administrator access.
+- Launch the installer (in the installer directory) and configure the various parameters during the detup. You must have administrator access to successfully install the multiOTP Credential Provider.
+
+
+LOCAL ONLY STRONG AUTHENTICATION INSTALLATION
+=============================================
+1) Install the multiOTP Credential Provider, which contains also multiOTP inside.
+2) During the installation, specify the folder on the client where the
+   multiotp.exe file and folders must be installed and configured.
+3) In the wizard, leave the URL of the multiOTP server(s) empty.
+4) You can also choose to require a strong authentication only for RDP.
+5) When you are on the test page, open a command prompt in the folder where
+   multiOTP is now installed and create a new local user. Example:
+   1) *multiotp -fastcreatenopin my_user*
+   2) *multiotp -qrcode my_user my_qrcode.png)*
+6) If the test is successful, the Credential Provider is installed.
+7) To disable the Credential Provider, uninstall it from Windows,
+   or execute multiOTPCredentialProvider-unregister.reg
+
+
+CENTRALIZED STRONG AUTHENTICATION INSTALLATION (with cache support)
+===================================================================
+1) First, install a multiOTP server (commercial or open source edition).
+   (https://www.multiotp.com or https://www.multiotp.net)
+2) On each client, install the multiOTP Credential Provider.
+3) During the installation, specify the folder on the client where the
+   multiotp.exe file and folders must be installed and configured.
+4) In the wizard, type the URL of the multiOTP server(s).
+5) You can also choose to require a strong authentication only for RDP.
+6) On the test page, test your account to be sure that everything works.
+7) If the test is successful, the Credential Provider is installed.
+8) To disable the Credential Provider, uninstall it from Windows,
+   or execute multiOTPCredentialProvider-unregister.reg
+
+
+UNATTENDED INSTALLATION
+=======================
+An MSI file will be available soon to mass deploy the multiOTP Credential Provider.
 
 
 UNINSTALLATION
@@ -58,15 +94,14 @@ TECHNICAL DETAILS
 - the credential provider options are stored in the following registry key (registry entries have priority over multiotp.ini file entries): HKEY_CLASSES_ROOT\CLSID\{FCEFDFAB-B0A1-4C4D-8B2B-4FF4E0A3D978}
   - multiOTPCacheEnabled : [1|0], used directly by multiOTP
   - multiOTPDisplaySmsLink : [0|1]
-  - multiOTPLoginTitle : [Login title, default is '', which displays multiOTP Login]
-  - multiOTPOptions : [additional configuration options used directly by multiOTP, tab separated, default is '']
+  - multiOTPLoginTitle : [Login title, default is '', which displays 'multiOTP Login']
   - multiOTPPath : [X:\Path\to\multiotp\folder]
   - multiOTPPrefixPass : [0|1]
   - multiOTPRDPOnly : [0|1]
   - multiOTPServers : [multiOTP server(s) to contact, default is 'https://192.168.1.88'], used directly by multiOTP
   - multiOTPServerTimeout : [timeout in seconds before switching to the next server, default is 5], used directly by multiOTP
   - multiOTPSharedSecret : [secret to connect this client to the server, default is 'ClientServerSecret'], used directly by multiOTP
-  - multiOTPTimeout : [timeout in seconds, default is 10]
+  - multiOTPTimeout : [timeout in seconds, default is 60]
   - multiOTPUPNFormat : [0|1]
 - if the tile file [multiOTPPath]\multiotp.bmp exists, it will replace the default 128x128 tile image
 
@@ -83,7 +118,12 @@ Report if you have any problems or questions regarding this app.
 CHANGE LOG OF RELEASED VERSIONS
 ===============================
 ```
-2018-03-05 5.1.0.8 SysCo/al FIX: Enigma Virtual Box updated to version 8.10 (to create the special all-in-one-file)
+2018-08-21 5.3.0.0 SysCo/yj FIX: Save flat domain name in the registry. While offline, use this value instead of asking the DC
+                   SysCo/al ENH: Enigma Virtual Box updated to version 9.00 (to create the special all-in-one-file)
+                            ENH: PHP 7.2.8 used in the one single file
+                            ENH: The multiOTP timeout (how long the Credential Provider wait a response from
+                                 the multiOTP process) is now 60 seconds by default (instead of 10)
+2018-03-05 5.1.0.8 SysCo/al ENH: Enigma Virtual Box updated to version 8.10 (to create the special all-in-one-file)
 2018-02-27 5.1.0.7 SysCo/al FIX: [Receive an OTP by SMS] link is now fixed for Windows 10
 2018-02-26 5.1.0.6 SysCo/al ENH: Credential Provider registry entries are now always used when calling multiOTP.exe
 2018-02-21 5.1.0.5 SysCo/al FIX: To avoid virus false positive alert, multiOTP.exe is NO more packaged in one single file
@@ -98,9 +138,9 @@ CHANGE LOG OF RELEASED VERSIONS
 2017-12-11 5.0.6.2 SysCo/al ENH: [Receive an OTP by SMS] link can be displayed or not (option during installation)
                             ENH: UPN username format can be sent to the multiOTP server (by default, legacy username)
                             ENH: Better documentation
-2017-12-04 5.0.6.1 SysCo/al ENH: Default domain name support
+2017-12-04 5.0.6.1 SysCo/al FIX: [Synchronize OTP] link removed (useless, synchronization is done automatically by typing OTP1 + [space] + OTP2)
+                            ENH: Default domain name support
                             ENH: User can request an SMS code using a command link
-                            FIX: [Synchronize OTP] link removed (useless, synchronization is done automatically by typing OTP1 + [space] + OTP2)
 2017-11-10 5.0.6.0 SysCo/al ENH: Specific Credential Provider mode in the CLI version
 2017-11-05 5.0.5.9 SysCo/al ENH: Full support for [email protected] UPN notation (AD/LDAP should be synchronized using the userPrincipalName instead of sAMAccountName identifier)
 2017-11-04 5.0.5.6 SysCo/al FIX: Removed digit OTP only check for the OTP field