EapHost: Disambiguate from native EAP methods

When eap::config_method_eaphost::get_method_id() returns EAP-MSCHAPv2,
XML-to-BLOB gets confused and picks native EAP-MSCHAPv2 implementation.
Therefore, it was updated to always return unknown EAP type. Outer
method does not need to know the exact method implemented by EapHost
inner method.

Signed-off-by: Simon Rozman <simon@rozman.si>
This commit is contained in:
2020-01-29 09:18:42 +01:00
parent 213042339b
commit 017766cb29
6 changed files with 105 additions and 160 deletions

View File

@@ -272,7 +272,43 @@ void eap::peer_ttls_ui::invoke_identity_ui(
// Prompt for inner credentials.
#if EAP_INNER_EAPHOST
auto cfg_inner_eaphost = dynamic_cast<config_method_eaphost*>(cfg_method->m_inner.get());
if (!cfg_inner_eaphost)
if (cfg_inner_eaphost) {
// EapHost inner method
auto cred_inner = dynamic_cast<eap::credentials_eaphost*>(cred->m_inner.get());
DWORD cred_data_size = 0;
winstd::eap_blob cred_data;
unique_ptr<WCHAR[], EapHostPeerFreeMemory_delete> identity;
winstd::eap_error error;
DWORD dwResult = EapHostPeerInvokeIdentityUI(
0,
cfg_inner_eaphost->get_type(),
dwFlags,
hwndParent,
(DWORD)cfg_inner_eaphost->m_cfg_blob.size(), cfg_inner_eaphost->m_cfg_blob.data(),
(DWORD)cred_inner->m_cred_blob.size(), cred_inner->m_cred_blob.data(),
&cred_data_size, get_ptr(cred_data),
get_ptr(identity),
get_ptr(error),
NULL);
if (dwResult == ERROR_SUCCESS) {
// Inner EAP method provided credentials.
cred_inner->m_identity = identity.get();
BYTE *_cred_data = cred_data.get();
cred_inner->m_cred_blob.assign(_cred_data, _cred_data + cred_data_size);
SecureZeroMemory(_cred_data, cred_data_size);
// TODO: If we ever choose to store EapHost credentials to Windows Credential Manager, add a "Save credentials? Yes/No" prompt here and write them to Credential Manager.
} else if (dwResult == ERROR_CANCELLED) {
// Not really an error.
throw win_runtime_error(ERROR_CANCELLED, __FUNCTION__ " Cancelled.");
} else if (error) {
wxLogError(_("Invoking EAP identity UI failed (error %u, %s, %s)."), error->dwWinError, error->pRootCauseString, error->pRepairString);
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerInvokeIdentityUI failed.");
} else {
wxLogError(_("Invoking EAP identity UI failed (error %u)."), dwResult);
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerInvokeIdentityUI failed.");
}
} else
#endif
{
// Native inner methods. Build dialog to prompt for inner credentials.
@@ -328,45 +364,6 @@ void eap::peer_ttls_ui::invoke_identity_ui(
}
}
}
#if EAP_INNER_EAPHOST
else {
// EapHost inner method
auto cred_inner = dynamic_cast<eap::credentials_eaphost*>(cred->m_inner.get());
DWORD cred_data_size = 0;
winstd::eap_blob cred_data;
unique_ptr<WCHAR[], EapHostPeerFreeMemory_delete> identity;
winstd::eap_error error;
DWORD dwResult = EapHostPeerInvokeIdentityUI(
0,
cfg_inner_eaphost->get_type(),
dwFlags,
hwndParent,
(DWORD)cfg_inner_eaphost->m_cfg_blob.size(), cfg_inner_eaphost->m_cfg_blob.data(),
(DWORD)cred_inner->m_cred_blob.size(), cred_inner->m_cred_blob.data(),
&cred_data_size, get_ptr(cred_data),
get_ptr(identity),
get_ptr(error),
NULL);
if (dwResult == ERROR_SUCCESS) {
// Inner EAP method provided credentials.
cred_inner->m_identity = identity.get();
BYTE *_cred_data = cred_data.get();
cred_inner->m_cred_blob.assign(_cred_data, _cred_data + cred_data_size);
SecureZeroMemory(_cred_data, cred_data_size);
// TODO: If we ever choose to store EapHost credentials to Windows Credential Manager, add a "Save credentials? Yes/No" prompt here and write them to Credential Manager.
} else if (dwResult == ERROR_CANCELLED) {
// Not really an error.
throw win_runtime_error(ERROR_CANCELLED, __FUNCTION__ " Cancelled.");
} else if (error) {
wxLogError(_("Invoking EAP identity UI failed (error %u, %s, %s)."), error->dwWinError, error->pRootCauseString, error->pRepairString);
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerInvokeIdentityUI failed.");
} else {
wxLogError(_("Invoking EAP identity UI failed (error %u)."), dwResult);
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerInvokeIdentityUI failed.");
}
}
#endif
}
// Build our identity. ;)
@@ -413,7 +410,32 @@ void eap::peer_ttls_ui::invoke_interactive_ui(
#if EAP_INNER_EAPHOST
auto cfg_inner_eaphost = dynamic_cast<config_method_eaphost*>(cfg_method->m_inner.get());
if (!cfg_inner_eaphost)
if (cfg_inner_eaphost) {
// EapHost inner method
DWORD dwSizeofDataFromInteractiveUI;
BYTE *pDataFromInteractiveUI;
winstd::eap_error error;
DWORD dwResult = EapHostPeerInvokeInteractiveUI(
hwndParent,
(DWORD)ctx.m_data.size(),
ctx.m_data.data(),
&dwSizeofDataFromInteractiveUI,
&pDataFromInteractiveUI,
get_ptr(error));
if (dwResult == ERROR_SUCCESS) {
// Inner EAP method provided response.
ctx.m_data.assign(pDataFromInteractiveUI, pDataFromInteractiveUI + dwSizeofDataFromInteractiveUI);
} else if (dwResult == ERROR_CANCELLED) {
// Not really an error.
throw win_runtime_error(ERROR_CANCELLED, __FUNCTION__ " Cancelled.");
} else if (error) {
wxLogError(_("Invoking EAP interactive UI failed (error %u, %s, %s)."), error->dwWinError, error->pRootCauseString, error->pRepairString);
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerInvokeInteractiveUI failed.");
} else {
wxLogError(_("Invoking EAP interactive UI failed (error %u)."), dwResult);
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerInvokeInteractiveUI failed.");
}
} else
#endif
{
// Initialize application.
@@ -446,34 +468,6 @@ void eap::peer_ttls_ui::invoke_interactive_ui(
reinterpret_cast<sanitizing_blob::const_pointer>(response.data() ),
reinterpret_cast<sanitizing_blob::const_pointer>(response.data() + response.length()));
}
#if EAP_INNER_EAPHOST
else {
// EapHost inner method
DWORD dwSizeofDataFromInteractiveUI;
BYTE *pDataFromInteractiveUI;
winstd::eap_error error;
DWORD dwResult = EapHostPeerInvokeInteractiveUI(
hwndParent,
(DWORD)ctx.m_data.size(),
ctx.m_data.data(),
&dwSizeofDataFromInteractiveUI,
&pDataFromInteractiveUI,
get_ptr(error));
if (dwResult == ERROR_SUCCESS) {
// Inner EAP method provided response.
ctx.m_data.assign(pDataFromInteractiveUI, pDataFromInteractiveUI + dwSizeofDataFromInteractiveUI);
} else if (dwResult == ERROR_CANCELLED) {
// Not really an error.
throw win_runtime_error(ERROR_CANCELLED, __FUNCTION__ " Cancelled.");
} else if (error) {
wxLogError(_("Invoking EAP interactive UI failed (error %u, %s, %s)."), error->dwWinError, error->pRootCauseString, error->pRepairString);
throw eap_runtime_error(*error , __FUNCTION__ " EapHostPeerInvokeInteractiveUI failed.");
} else {
wxLogError(_("Invoking EAP interactive UI failed (error %u)."), dwResult);
throw win_runtime_error(dwResult, __FUNCTION__ " EapHostPeerInvokeInteractiveUI failed.");
}
}
#endif
// Pack output data.
pack(ctx.m_data, ppDataFromInteractiveUI, pdwDataFromInteractiveUISize);