Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

EapHost: Disambiguate from native EAP methods

Browse Source 
When eap::config_method_eaphost::get_method_id() returns EAP-MSCHAPv2,
XML-to-BLOB gets confused and picks native EAP-MSCHAPv2 implementation.
Therefore, it was updated to always return unknown EAP type. Outer
method does not need to know the exact method implemented by EapHost
inner method.

Signed-off-by: Simon Rozman <simon@rozman.si>
This commit is contained in:
Simon Rozman
2020-01-29 09:18:42 +01:00
parent 213042339b
commit 017766cb29
6 changed files with 105 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

132
lib/TTLS_UI/src/Module.cpp
View File

@@ -272,7 +272,43 @@ void eap::peer_ttls_ui::invoke_identity_ui(
// Prompt for inner credentials.
#if EAP_INNER_EAPHOST
auto cfg_inner_eaphost = dynamic_cast<config_method_eaphost*>(cfg_method->m_inner.get());
if (!cfg_inner_eaphost)
if (cfg_inner_eaphost) {
// EapHost inner method
auto cred_inner = dynamic_cast<eap::credentials_eaphost*>(cred->m_inner.get());
DWORD cred_data_size = 0;
winstd::eap_blob cred_data;
unique_ptr<WCHAR[], EapHostPeerFreeMemory_delete> identity;
winstd::eap_error error;
DWORD dwResult = EapHostPeerInvokeIdentityUI(
0,
cfg_inner_eaphost->get_type(),
dwFlags,
hwndParent,
(DWORD)cfg_inner_eaphost->m_cfg_blob.size(), cfg_inner_eaphost->m_cfg_blob.data(),
(DWORD)cred_inner->m_cred_blob.size(), cred_inner->m_cred_blob.data(),
&cred_data_size, get_ptr(cred_data),
get_ptr(identity),
get_ptr(error),
NULL);
if (dwResult == ERROR_SUCCESS) {
// Inner EAP method provided credentials.
cred_inner->m_identity = identity.get();
BYTE *_cred_data = cred_data.get();
cred_inner->m_cred_blob.assign(_cred_data, _cred_data + cred_data_size);
SecureZeroMemory(_cred_data, cred_data_size);
// TODO: If we ever choose to store EapHost credentials to Windows Credential Manager, add a "Save credentials? Yes/No" prompt here and write them to Credential Manager.
} else if (dwResult == ERROR_CANCELLED) {
// Not really an error.
throw win_runtime_error(ERROR_CANCELLED, __FUNCTION__ " Cancelled.");
} else if (error) {
wxLogError(_("Invoking EAP identity UI failed (error %u, %s, %s)."), error->dwWinError, error->pRootCauseString, error->pRepairString);
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerInvokeIdentityUI failed.");
} else {
wxLogError(_("Invoking EAP identity UI failed (error %u)."), dwResult);
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerInvokeIdentityUI failed.");
}
} else
#endif
{
// Native inner methods. Build dialog to prompt for inner credentials.
@@ -328,45 +364,6 @@ void eap::peer_ttls_ui::invoke_identity_ui(
}
}
}
#if EAP_INNER_EAPHOST
else {
// EapHost inner method
auto cred_inner = dynamic_cast<eap::credentials_eaphost*>(cred->m_inner.get());
DWORD cred_data_size = 0;
winstd::eap_blob cred_data;
unique_ptr<WCHAR[], EapHostPeerFreeMemory_delete> identity;
winstd::eap_error error;
DWORD dwResult = EapHostPeerInvokeIdentityUI(
0,
cfg_inner_eaphost->get_type(),
dwFlags,
hwndParent,
(DWORD)cfg_inner_eaphost->m_cfg_blob.size(), cfg_inner_eaphost->m_cfg_blob.data(),
(DWORD)cred_inner->m_cred_blob.size(), cred_inner->m_cred_blob.data(),
&cred_data_size, get_ptr(cred_data),
get_ptr(identity),
get_ptr(error),
NULL);
if (dwResult == ERROR_SUCCESS) {
// Inner EAP method provided credentials.
cred_inner->m_identity = identity.get();
BYTE *_cred_data = cred_data.get();
cred_inner->m_cred_blob.assign(_cred_data, _cred_data + cred_data_size);
SecureZeroMemory(_cred_data, cred_data_size);
// TODO: If we ever choose to store EapHost credentials to Windows Credential Manager, add a "Save credentials? Yes/No" prompt here and write them to Credential Manager.
} else if (dwResult == ERROR_CANCELLED) {
// Not really an error.
throw win_runtime_error(ERROR_CANCELLED, __FUNCTION__ " Cancelled.");
} else if (error) {
wxLogError(_("Invoking EAP identity UI failed (error %u, %s, %s)."), error->dwWinError, error->pRootCauseString, error->pRepairString);
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerInvokeIdentityUI failed.");
} else {
wxLogError(_("Invoking EAP identity UI failed (error %u)."), dwResult);
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerInvokeIdentityUI failed.");
}
}
#endif
}
// Build our identity. ;)
@@ -413,7 +410,32 @@ void eap::peer_ttls_ui::invoke_interactive_ui(
#if EAP_INNER_EAPHOST
auto cfg_inner_eaphost = dynamic_cast<config_method_eaphost*>(cfg_method->m_inner.get());
if (!cfg_inner_eaphost)
if (cfg_inner_eaphost) {
// EapHost inner method
DWORD dwSizeofDataFromInteractiveUI;
BYTE *pDataFromInteractiveUI;
winstd::eap_error error;
DWORD dwResult = EapHostPeerInvokeInteractiveUI(
hwndParent,
(DWORD)ctx.m_data.size(),
ctx.m_data.data(),
&dwSizeofDataFromInteractiveUI,
&pDataFromInteractiveUI,
get_ptr(error));
if (dwResult == ERROR_SUCCESS) {
// Inner EAP method provided response.
ctx.m_data.assign(pDataFromInteractiveUI, pDataFromInteractiveUI + dwSizeofDataFromInteractiveUI);
} else if (dwResult == ERROR_CANCELLED) {
// Not really an error.
throw win_runtime_error(ERROR_CANCELLED, __FUNCTION__ " Cancelled.");
} else if (error) {
wxLogError(_("Invoking EAP interactive UI failed (error %u, %s, %s)."), error->dwWinError, error->pRootCauseString, error->pRepairString);
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerInvokeInteractiveUI failed.");
} else {
wxLogError(_("Invoking EAP interactive UI failed (error %u)."), dwResult);
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerInvokeInteractiveUI failed.");
}
} else
#endif
{
// Initialize application.
@@ -446,34 +468,6 @@ void eap::peer_ttls_ui::invoke_interactive_ui(
reinterpret_cast<sanitizing_blob::const_pointer>(response.data() ),
reinterpret_cast<sanitizing_blob::const_pointer>(response.data() + response.length()));
}
#if EAP_INNER_EAPHOST
else {
// EapHost inner method
DWORD dwSizeofDataFromInteractiveUI;
BYTE *pDataFromInteractiveUI;
winstd::eap_error error;
DWORD dwResult = EapHostPeerInvokeInteractiveUI(
hwndParent,
(DWORD)ctx.m_data.size(),
ctx.m_data.data(),
&dwSizeofDataFromInteractiveUI,
&pDataFromInteractiveUI,
get_ptr(error));
if (dwResult == ERROR_SUCCESS) {
// Inner EAP method provided response.
ctx.m_data.assign(pDataFromInteractiveUI, pDataFromInteractiveUI + dwSizeofDataFromInteractiveUI);
} else if (dwResult == ERROR_CANCELLED) {
// Not really an error.
throw win_runtime_error(ERROR_CANCELLED, __FUNCTION__ " Cancelled.");
} else if (error) {
wxLogError(_("Invoking EAP interactive UI failed (error %u, %s, %s)."), error->dwWinError, error->pRootCauseString, error->pRepairString);
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerInvokeInteractiveUI failed.");
} else {
wxLogError(_("Invoking EAP interactive UI failed (error %u)."), dwResult);
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerInvokeInteractiveUI failed.");
}
}
#endif
// Pack output data.
pack(ctx.m_data, ppDataFromInteractiveUI, pdwDataFromInteractiveUISize);

56
lib/TTLS_UI/src/TTLS_UI.cpp
View File

@@ -179,44 +179,36 @@ bool wxTTLSConfigWindow::TransferDataToWindow()
{
auto &cfg_ttls = dynamic_cast<eap::config_method_ttls&>(m_cfg);
#if EAP_INNER_EAPHOST
auto cfg_inner_eaphost = dynamic_cast<eap::config_method_eaphost*>(cfg_ttls.m_inner.get());
if (!cfg_inner_eaphost)
#endif
{
// Native inner methods
switch (cfg_ttls.m_inner->get_method_id()) {
case winstd::eap_type_t::legacy_pap:
m_cfg_pap = dynamic_cast<eap::config_method_pap&>(*cfg_ttls.m_inner);
m_inner_type->SetSelection(0); // 0=PAP
break;
// Native inner methods
switch (cfg_ttls.m_inner->get_method_id()) {
case winstd::eap_type_t::legacy_pap:
m_cfg_pap = dynamic_cast<eap::config_method_pap&>(*cfg_ttls.m_inner);
m_inner_type->SetSelection(0); // 0=PAP
break;
case winstd::eap_type_t::legacy_mschapv2:
m_cfg_mschapv2 = dynamic_cast<eap::config_method_mschapv2&>(*cfg_ttls.m_inner);
m_inner_type->SetSelection(1); // 1=MSCHAPv2
break;
case winstd::eap_type_t::legacy_mschapv2:
m_cfg_mschapv2 = dynamic_cast<eap::config_method_mschapv2&>(*cfg_ttls.m_inner);
m_inner_type->SetSelection(1); // 1=MSCHAPv2
break;
case winstd::eap_type_t::mschapv2:
m_cfg_eapmschapv2 = dynamic_cast<eap::config_method_eapmschapv2&>(*cfg_ttls.m_inner);
m_inner_type->SetSelection(2); // 2=EAP-MSCHAPv2
break;
case winstd::eap_type_t::mschapv2:
m_cfg_eapmschapv2 = dynamic_cast<eap::config_method_eapmschapv2&>(*cfg_ttls.m_inner);
m_inner_type->SetSelection(2); // 2=EAP-MSCHAPv2
break;
case winstd::eap_type_t::gtc:
m_cfg_eapgtc = dynamic_cast<eap::config_method_eapgtc&>(*cfg_ttls.m_inner);
m_inner_type->SetSelection(3); // 3=EAP-GTC
break;
case winstd::eap_type_t::gtc:
m_cfg_eapgtc = dynamic_cast<eap::config_method_eapgtc&>(*cfg_ttls.m_inner);
m_inner_type->SetSelection(3); // 3=EAP-GTC
break;
default:
wxFAIL_MSG(wxT("Unsupported inner authentication method type."));
}
}
#if EAP_INNER_EAPHOST
else {
// EapHost inner method
m_cfg_eaphost = *cfg_inner_eaphost;
case winstd::eap_type_t::undefined:
m_cfg_eaphost = dynamic_cast<eap::config_method_eaphost&>(*cfg_ttls.m_inner);
m_inner_type->SetSelection(4); // 4=EapHost
break;
default:
wxFAIL_MSG(wxT("Unsupported inner authentication method type."));
}
#endif
// Do not invoke inherited TransferDataToWindow(), as it will call others TransferDataToWindow().
// This will handle wxTTLSConfigWindow::OnInitDialog() via wxEVT_INIT_DIALOG forwarding.