diff --git a/lib/EapHost/include/Config.h b/lib/EapHost/include/Config.h index bd5070a..6fea6a1 100644 --- a/lib/EapHost/include/Config.h +++ b/lib/EapHost/include/Config.h @@ -123,17 +123,10 @@ namespace eap inline void set_type(_In_ const EAP_METHOD_TYPE &type) { m_type = type; - update_type(); } - protected: - /// \cond internal - void update_type(); - /// \endcond - protected: EAP_METHOD_TYPE m_type; ///< EapHost method type: (EAP type, vendor ID, vendor type, author ID) tuple - std::wstring m_type_str; ///< EAP method type as a string public: sanitizing_blob m_cfg_blob; ///< Method configuration BLOB diff --git a/lib/EapHost/src/Config.cpp b/lib/EapHost/src/Config.cpp index 6857915..a535328 100644 --- a/lib/EapHost/src/Config.cpp +++ b/lib/EapHost/src/Config.cpp @@ -29,8 +29,7 @@ using namespace winstd; ////////////////////////////////////////////////////////////////////// eap::config_method_eaphost::config_method_eaphost(_In_ module &mod, _In_ unsigned int level) : - config_method(mod, level), - m_type_str(L"EapHost") + config_method(mod, level) { memset(&m_type, 0, sizeof(EAP_METHOD_TYPE)); } @@ -38,7 +37,6 @@ eap::config_method_eaphost::config_method_eaphost(_In_ module &mod, _In_ unsigne eap::config_method_eaphost::config_method_eaphost(_In_ const config_method_eaphost &other) : m_type (other.m_type ), - m_type_str (other.m_type_str), m_cfg_blob (other.m_cfg_blob), config_method(other ) { @@ -47,7 +45,6 @@ eap::config_method_eaphost::config_method_eaphost(_In_ const config_method_eapho eap::config_method_eaphost::config_method_eaphost(_Inout_ config_method_eaphost &&other) noexcept : m_type (std::move(other.m_type )), - m_type_str (std::move(other.m_type_str)), m_cfg_blob (std::move(other.m_cfg_blob)), config_method(std::move(other )) { @@ -59,7 +56,6 @@ eap::config_method_eaphost& eap::config_method_eaphost::operator=(_In_ const con if (this != &other) { (config_method&)*this = other; m_type = other.m_type; - m_type_str = other.m_type_str; m_cfg_blob = other.m_cfg_blob; } @@ -72,7 +68,6 @@ eap::config_method_eaphost& eap::config_method_eaphost::operator=(_Inout_ config if (this != &other) { (config_method&&)*this = std::move(other ); m_type = std::move(other.m_type ); - m_type_str = std::move(other.m_type_str); m_cfg_blob = std::move(other.m_cfg_blob); } @@ -129,7 +124,6 @@ void eap::config_method_eaphost::load(_In_ IXMLDOMNode *pConfigRoot) eap_error error; DWORD dwResult = EapHostPeerConfigXml2Blob(0, pXmlElEapHostConfig, &cfg_data_size, get_ptr(cfg_data), &m_type, get_ptr(error)); if (dwResult == ERROR_SUCCESS) { - update_type(); LPCBYTE _cfg_data = cfg_data.get(); m_cfg_blob.assign(_cfg_data, _cfg_data + cfg_data_size); } else if (error) @@ -160,20 +154,20 @@ size_t eap::config_method_eaphost::get_pk_size() const void eap::config_method_eaphost::operator>>(_Inout_ cursor_in &cursor) { config_method::operator>>(cursor); - cursor >> m_type ; update_type(); + cursor >> m_type ; cursor >> m_cfg_blob; } eap_type_t eap::config_method_eaphost::get_method_id() const { - return (eap_type_t)m_type.eapType.type; + return eap_type_t::undefined; } const wchar_t* eap::config_method_eaphost::get_method_str() const { - return m_type_str.c_str(); + return L"EapHost"; } @@ -181,31 +175,3 @@ eap::credentials* eap::config_method_eaphost::make_credentials() const { return new credentials_eaphost(m_module); } - - -/// \cond internal -void eap::config_method_eaphost::update_type() -{ - // Query registry for EAP method name and save it to m_type_str. - // get_method_str() can return pointer to static string only, therefore we need to have the method name ready in advance. - reg_key key; - if (key.open(HKEY_LOCAL_MACHINE, - m_type.dwAuthorId == 0 ? tstring_printf(_T("SYSTEM\\CurrentControlSet\\services\\RasMan\\PPP\\EAP\\%u" ), m_type.eapType.type ).c_str() : // Legacy EAP method (RasMan) - m_type.eapType.type == 254 ? tstring_printf(_T("SYSTEM\\CurrentControlSet\\services\\EapHost\\Methods\\%u\\%u\\%u\\%u"), m_type.dwAuthorId, m_type.eapType.type, m_type.eapType.dwVendorId, m_type.eapType.dwVendorType).c_str() : // EapHost Expanded Type Peer - tstring_printf(_T("SYSTEM\\CurrentControlSet\\services\\EapHost\\Methods\\%u\\%u" ), m_type.dwAuthorId, m_type.eapType.type ).c_str(), // EapHost Peer - 0, - KEY_READ) && - RegLoadMUIStringW(key, - m_type.dwAuthorId == 0 ? L"FriendlyName" : - L"PeerFriendlyName", - m_type_str, - 0, - NULL) == ERROR_SUCCESS) - return; - - // Query failed. Provide generic name. - if (m_type.dwAuthorId == 0 ) sprintf(m_type_str, L"RasMan-%u" , m_type.eapType.type ); - else if (m_type.eapType.type == 254) sprintf(m_type_str, L"EapHost-%u-%u-%u-%u", m_type.dwAuthorId, m_type.eapType.type, m_type.eapType.dwVendorId, m_type.eapType.dwVendorType); - else sprintf(m_type_str, L"EapHost-%u-%u" , m_type.dwAuthorId, m_type.eapType.type ); -} -/// \endcond diff --git a/lib/TTLS/src/Config.cpp b/lib/TTLS/src/Config.cpp index 38f072c..9799564 100644 --- a/lib/TTLS/src/Config.cpp +++ b/lib/TTLS/src/Config.cpp @@ -171,7 +171,11 @@ void eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot) DWORD dwMethod; bstr bstrMethod; if (SUCCEEDED(eapxml::get_element_value(pXmlElInnerAuthenticationMethod, bstr(L"eap-metadata:EAPMethod"), dwMethod)) && - eap_type_t::start <= (eap_type_t)dwMethod && (eap_type_t)dwMethod < eap_type_t::end) + (eap_type_t::start <= (eap_type_t)dwMethod && (eap_type_t)dwMethod < eap_type_t::end +#if EAP_INNER_EAPHOST + || (eap_type_t)dwMethod == eap_type_t::undefined +#endif + )) { m_inner.reset(make_config_method((eap_type_t)dwMethod)); m_module.log_config((xpath + L"/EAPMethod").c_str(), m_inner->get_method_str()); @@ -241,10 +245,9 @@ eap::config_method* eap::config_method_ttls::make_config_method(_In_ winstd::eap case eap_type_t::mschapv2 : return new config_method_eapmschapv2(m_module, m_level + 1); case eap_type_t::gtc : return new config_method_eapgtc (m_module, m_level + 1); #if EAP_INNER_EAPHOST - default : return new config_method_eaphost (m_module, m_level + 1); // EapHost peer method handles all other method types -#else - default : throw invalid_argument(string_printf(__FUNCTION__ " Unsupported inner authentication method (%d).", eap_type)); + case eap_type_t::undefined : return new config_method_eaphost (m_module, m_level + 1); #endif + default : throw invalid_argument(string_printf(__FUNCTION__ " Unsupported inner authentication method (%d).", eap_type)); } } diff --git a/lib/TTLS/src/Module.cpp b/lib/TTLS/src/Module.cpp index c218f8b..d1dbc4e 100644 --- a/lib/TTLS/src/Module.cpp +++ b/lib/TTLS/src/Module.cpp @@ -252,9 +252,14 @@ EAP_SESSION_HANDLE eap::peer_ttls::begin_session( auto cred_inner = dynamic_cast(s->m_cred.m_cred.get())->m_inner.get(); #if EAP_INNER_EAPHOST auto cfg_inner_eaphost = dynamic_cast(cfg_inner); - if (!cfg_inner_eaphost) + if (cfg_inner_eaphost) { + // EapHost inner method + meth_inner.reset( + new method_eapmsg (*this, cred_inner->get_identity().c_str(), + new method_eaphost(*this, *cfg_inner_eaphost, dynamic_cast(*cred_inner)))); + } else #endif - { + if (cfg_inner) { // Native inner methods switch (cfg_inner->get_method_id()) { case eap_type_t::legacy_pap : meth_inner.reset(new method_pap_diameter (*this, dynamic_cast(*cfg_inner), dynamic_cast(*cred_inner))); break; @@ -270,14 +275,6 @@ EAP_SESSION_HANDLE eap::peer_ttls::begin_session( default: throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method."); } } -#if EAP_INNER_EAPHOST - else { - // EapHost inner method - meth_inner.reset( - new method_eapmsg (*this, cred_inner->get_identity().c_str(), - new method_eaphost(*this, *cfg_inner_eaphost, dynamic_cast(*cred_inner)))); - } -#endif s->m_method.reset( new method_eap (*this, eap_type_t::ttls, *s->m_cred.m_cred, new method_defrag(*this, 0, /* Schannel supports retrieving keying material for EAP-TTLSv0 only. */ diff --git a/lib/TTLS_UI/src/Module.cpp b/lib/TTLS_UI/src/Module.cpp index 4cc2c52..160e058 100644 --- a/lib/TTLS_UI/src/Module.cpp +++ b/lib/TTLS_UI/src/Module.cpp @@ -272,7 +272,43 @@ void eap::peer_ttls_ui::invoke_identity_ui( // Prompt for inner credentials. #if EAP_INNER_EAPHOST auto cfg_inner_eaphost = dynamic_cast(cfg_method->m_inner.get()); - if (!cfg_inner_eaphost) + if (cfg_inner_eaphost) { + // EapHost inner method + auto cred_inner = dynamic_cast(cred->m_inner.get()); + DWORD cred_data_size = 0; + winstd::eap_blob cred_data; + unique_ptr identity; + winstd::eap_error error; + DWORD dwResult = EapHostPeerInvokeIdentityUI( + 0, + cfg_inner_eaphost->get_type(), + dwFlags, + hwndParent, + (DWORD)cfg_inner_eaphost->m_cfg_blob.size(), cfg_inner_eaphost->m_cfg_blob.data(), + (DWORD)cred_inner->m_cred_blob.size(), cred_inner->m_cred_blob.data(), + &cred_data_size, get_ptr(cred_data), + get_ptr(identity), + get_ptr(error), + NULL); + if (dwResult == ERROR_SUCCESS) { + // Inner EAP method provided credentials. + cred_inner->m_identity = identity.get(); + BYTE *_cred_data = cred_data.get(); + cred_inner->m_cred_blob.assign(_cred_data, _cred_data + cred_data_size); + SecureZeroMemory(_cred_data, cred_data_size); + + // TODO: If we ever choose to store EapHost credentials to Windows Credential Manager, add a "Save credentials? Yes/No" prompt here and write them to Credential Manager. + } else if (dwResult == ERROR_CANCELLED) { + // Not really an error. + throw win_runtime_error(ERROR_CANCELLED, __FUNCTION__ " Cancelled."); + } else if (error) { + wxLogError(_("Invoking EAP identity UI failed (error %u, %s, %s)."), error->dwWinError, error->pRootCauseString, error->pRepairString); + throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerInvokeIdentityUI failed."); + } else { + wxLogError(_("Invoking EAP identity UI failed (error %u)."), dwResult); + throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerInvokeIdentityUI failed."); + } + } else #endif { // Native inner methods. Build dialog to prompt for inner credentials. @@ -328,45 +364,6 @@ void eap::peer_ttls_ui::invoke_identity_ui( } } } -#if EAP_INNER_EAPHOST - else { - // EapHost inner method - auto cred_inner = dynamic_cast(cred->m_inner.get()); - DWORD cred_data_size = 0; - winstd::eap_blob cred_data; - unique_ptr identity; - winstd::eap_error error; - DWORD dwResult = EapHostPeerInvokeIdentityUI( - 0, - cfg_inner_eaphost->get_type(), - dwFlags, - hwndParent, - (DWORD)cfg_inner_eaphost->m_cfg_blob.size(), cfg_inner_eaphost->m_cfg_blob.data(), - (DWORD)cred_inner->m_cred_blob.size(), cred_inner->m_cred_blob.data(), - &cred_data_size, get_ptr(cred_data), - get_ptr(identity), - get_ptr(error), - NULL); - if (dwResult == ERROR_SUCCESS) { - // Inner EAP method provided credentials. - cred_inner->m_identity = identity.get(); - BYTE *_cred_data = cred_data.get(); - cred_inner->m_cred_blob.assign(_cred_data, _cred_data + cred_data_size); - SecureZeroMemory(_cred_data, cred_data_size); - - // TODO: If we ever choose to store EapHost credentials to Windows Credential Manager, add a "Save credentials? Yes/No" prompt here and write them to Credential Manager. - } else if (dwResult == ERROR_CANCELLED) { - // Not really an error. - throw win_runtime_error(ERROR_CANCELLED, __FUNCTION__ " Cancelled."); - } else if (error) { - wxLogError(_("Invoking EAP identity UI failed (error %u, %s, %s)."), error->dwWinError, error->pRootCauseString, error->pRepairString); - throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerInvokeIdentityUI failed."); - } else { - wxLogError(_("Invoking EAP identity UI failed (error %u)."), dwResult); - throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerInvokeIdentityUI failed."); - } - } -#endif } // Build our identity. ;) @@ -413,7 +410,32 @@ void eap::peer_ttls_ui::invoke_interactive_ui( #if EAP_INNER_EAPHOST auto cfg_inner_eaphost = dynamic_cast(cfg_method->m_inner.get()); - if (!cfg_inner_eaphost) + if (cfg_inner_eaphost) { + // EapHost inner method + DWORD dwSizeofDataFromInteractiveUI; + BYTE *pDataFromInteractiveUI; + winstd::eap_error error; + DWORD dwResult = EapHostPeerInvokeInteractiveUI( + hwndParent, + (DWORD)ctx.m_data.size(), + ctx.m_data.data(), + &dwSizeofDataFromInteractiveUI, + &pDataFromInteractiveUI, + get_ptr(error)); + if (dwResult == ERROR_SUCCESS) { + // Inner EAP method provided response. + ctx.m_data.assign(pDataFromInteractiveUI, pDataFromInteractiveUI + dwSizeofDataFromInteractiveUI); + } else if (dwResult == ERROR_CANCELLED) { + // Not really an error. + throw win_runtime_error(ERROR_CANCELLED, __FUNCTION__ " Cancelled."); + } else if (error) { + wxLogError(_("Invoking EAP interactive UI failed (error %u, %s, %s)."), error->dwWinError, error->pRootCauseString, error->pRepairString); + throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerInvokeInteractiveUI failed."); + } else { + wxLogError(_("Invoking EAP interactive UI failed (error %u)."), dwResult); + throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerInvokeInteractiveUI failed."); + } + } else #endif { // Initialize application. @@ -446,34 +468,6 @@ void eap::peer_ttls_ui::invoke_interactive_ui( reinterpret_cast(response.data() ), reinterpret_cast(response.data() + response.length())); } -#if EAP_INNER_EAPHOST - else { - // EapHost inner method - DWORD dwSizeofDataFromInteractiveUI; - BYTE *pDataFromInteractiveUI; - winstd::eap_error error; - DWORD dwResult = EapHostPeerInvokeInteractiveUI( - hwndParent, - (DWORD)ctx.m_data.size(), - ctx.m_data.data(), - &dwSizeofDataFromInteractiveUI, - &pDataFromInteractiveUI, - get_ptr(error)); - if (dwResult == ERROR_SUCCESS) { - // Inner EAP method provided response. - ctx.m_data.assign(pDataFromInteractiveUI, pDataFromInteractiveUI + dwSizeofDataFromInteractiveUI); - } else if (dwResult == ERROR_CANCELLED) { - // Not really an error. - throw win_runtime_error(ERROR_CANCELLED, __FUNCTION__ " Cancelled."); - } else if (error) { - wxLogError(_("Invoking EAP interactive UI failed (error %u, %s, %s)."), error->dwWinError, error->pRootCauseString, error->pRepairString); - throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerInvokeInteractiveUI failed."); - } else { - wxLogError(_("Invoking EAP interactive UI failed (error %u)."), dwResult); - throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerInvokeInteractiveUI failed."); - } - } -#endif // Pack output data. pack(ctx.m_data, ppDataFromInteractiveUI, pdwDataFromInteractiveUISize); diff --git a/lib/TTLS_UI/src/TTLS_UI.cpp b/lib/TTLS_UI/src/TTLS_UI.cpp index f3266fa..cfd79c1 100644 --- a/lib/TTLS_UI/src/TTLS_UI.cpp +++ b/lib/TTLS_UI/src/TTLS_UI.cpp @@ -179,44 +179,36 @@ bool wxTTLSConfigWindow::TransferDataToWindow() { auto &cfg_ttls = dynamic_cast(m_cfg); -#if EAP_INNER_EAPHOST - auto cfg_inner_eaphost = dynamic_cast(cfg_ttls.m_inner.get()); - if (!cfg_inner_eaphost) -#endif - { - // Native inner methods - switch (cfg_ttls.m_inner->get_method_id()) { - case winstd::eap_type_t::legacy_pap: - m_cfg_pap = dynamic_cast(*cfg_ttls.m_inner); - m_inner_type->SetSelection(0); // 0=PAP - break; + // Native inner methods + switch (cfg_ttls.m_inner->get_method_id()) { + case winstd::eap_type_t::legacy_pap: + m_cfg_pap = dynamic_cast(*cfg_ttls.m_inner); + m_inner_type->SetSelection(0); // 0=PAP + break; - case winstd::eap_type_t::legacy_mschapv2: - m_cfg_mschapv2 = dynamic_cast(*cfg_ttls.m_inner); - m_inner_type->SetSelection(1); // 1=MSCHAPv2 - break; + case winstd::eap_type_t::legacy_mschapv2: + m_cfg_mschapv2 = dynamic_cast(*cfg_ttls.m_inner); + m_inner_type->SetSelection(1); // 1=MSCHAPv2 + break; - case winstd::eap_type_t::mschapv2: - m_cfg_eapmschapv2 = dynamic_cast(*cfg_ttls.m_inner); - m_inner_type->SetSelection(2); // 2=EAP-MSCHAPv2 - break; + case winstd::eap_type_t::mschapv2: + m_cfg_eapmschapv2 = dynamic_cast(*cfg_ttls.m_inner); + m_inner_type->SetSelection(2); // 2=EAP-MSCHAPv2 + break; - case winstd::eap_type_t::gtc: - m_cfg_eapgtc = dynamic_cast(*cfg_ttls.m_inner); - m_inner_type->SetSelection(3); // 3=EAP-GTC - break; + case winstd::eap_type_t::gtc: + m_cfg_eapgtc = dynamic_cast(*cfg_ttls.m_inner); + m_inner_type->SetSelection(3); // 3=EAP-GTC + break; - default: - wxFAIL_MSG(wxT("Unsupported inner authentication method type.")); - } - } -#if EAP_INNER_EAPHOST - else { - // EapHost inner method - m_cfg_eaphost = *cfg_inner_eaphost; + case winstd::eap_type_t::undefined: + m_cfg_eaphost = dynamic_cast(*cfg_ttls.m_inner); m_inner_type->SetSelection(4); // 4=EapHost + break; + + default: + wxFAIL_MSG(wxT("Unsupported inner authentication method type.")); } -#endif // Do not invoke inherited TransferDataToWindow(), as it will call others TransferDataToWindow(). // This will handle wxTTLSConfigWindow::OnInitDialog() via wxEVT_INIT_DIALOG forwarding.