From 248e15641ab3b087e04550436ac3df071b690f8b Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Tue, 14 Jan 2020 15:30:14 +0100 Subject: [PATCH] config_method_ttls: Split to make reusable Signed-off-by: Simon Rozman --- lib/TTLS/include/Config.h | 117 ++++++++++++++++++++++------- lib/TTLS/include/Credentials.h | 2 +- lib/TTLS/include/Method.h | 6 +- lib/TTLS/src/Config.cpp | 132 +++++++++++++++++++++------------ lib/TTLS/src/Credentials.cpp | 2 +- lib/TTLS/src/Method.cpp | 2 +- lib/TTLS/src/Module.cpp | 2 +- lib/TTLS_UI/include/TTLS_UI.h | 4 +- lib/TTLS_UI/src/Module.cpp | 8 +- lib/TTLS_UI/src/TTLS_UI.cpp | 8 +- 10 files changed, 195 insertions(+), 88 deletions(-) diff --git a/lib/TTLS/include/Config.h b/lib/TTLS/include/Config.h index dc05d62..d37717b 100644 --- a/lib/TTLS/include/Config.h +++ b/lib/TTLS/include/Config.h @@ -22,6 +22,7 @@ namespace eap { + class config_method_tls_tunnel; class config_method_ttls; } @@ -44,9 +45,91 @@ namespace eap /// @{ /// - /// TTLS configuration + /// TLS tunnel configuration /// - class config_method_ttls : public config_method_tls + class config_method_tls_tunnel : public config_method_tls + { + public: + /// + /// Constructs configuration + /// + /// \param[in] mod EAP module to use for global services + /// \param[in] level Config level (0=outer, 1=inner, 2=inner-inner...) + /// + config_method_tls_tunnel(_In_ module &mod, _In_ unsigned int level); + + /// + /// Copies configuration + /// + /// \param[in] other Configuration to copy from + /// + config_method_tls_tunnel(const _In_ config_method_tls_tunnel &other); + + /// + /// Moves configuration + /// + /// \param[in] other Configuration to move from + /// + config_method_tls_tunnel(_Inout_ config_method_tls_tunnel &&other) noexcept; + + /// + /// Copies configuration + /// + /// \param[in] other Configuration to copy from + /// + /// \returns Reference to this object + /// + config_method_tls_tunnel& operator=(const _In_ config_method_tls_tunnel &other); + + /// + /// Moves configuration + /// + /// \param[in] other Configuration to move from + /// + /// \returns Reference to this object + /// + config_method_tls_tunnel& operator=(_Inout_ config_method_tls_tunnel &&other) noexcept; + + /// \name BLOB management + /// @{ + virtual void operator<<(_Inout_ cursor_out &cursor) const; + virtual size_t get_pk_size() const; + virtual void operator>>(_Inout_ cursor_in &cursor); + /// @} + + /// + /// @copydoc eap::config_method::make_credentials() + /// \returns This implementation always returns `eap::credentials_tls_tunnel` type of credentials + /// + virtual credentials* make_credentials() const; + + /// + /// Makes a new inner method config + /// + /// \param[in] eap_type EAP type + /// + /// \returns A new inner method config of given type + /// + virtual config_method* make_config_method(_In_ winstd::eap_type_t eap_type) const = 0; + + /// + /// Makes a new inner method config + /// + /// \param[in] eap_type EAP type + /// + /// \returns A new inner method config of given type + /// + virtual config_method* make_config_method(_In_ const wchar_t *eap_type) const = 0; + + public: + std::unique_ptr m_inner; ///< Inner authentication configuration + }; + + + /// + /// EAP-TTLS configuration + /// + class config_method_ttls : public config_method_tls_tunnel { public: /// @@ -97,13 +180,6 @@ namespace eap virtual void load(_In_ IXMLDOMNode *pConfigRoot); /// @} - /// \name BLOB management - /// @{ - virtual void operator<<(_Inout_ cursor_out &cursor) const; - virtual size_t get_pk_size() const; - virtual void operator>>(_Inout_ cursor_in &cursor); - /// @} - /// /// @copydoc eap::config_method::get_method_id() /// \returns This implementation always returns `winstd::eap_type_t::ttls` @@ -117,10 +193,13 @@ namespace eap virtual const wchar_t* get_method_str() const; /// - /// @copydoc eap::config_method::make_credentials() - /// \returns This implementation always returns `eap::credentials_tls_tunnel` type of credentials + /// Makes a new inner method config /// - virtual credentials* make_credentials() const; + /// \param[in] eap_type EAP type + /// + /// \returns A new inner method config of given type + /// + virtual config_method* make_config_method(_In_ winstd::eap_type_t eap_type) const; /// /// Makes a new inner method config @@ -129,19 +208,7 @@ namespace eap /// /// \returns A new inner method config of given type /// - config_method* make_config_method(_In_ winstd::eap_type_t eap_type) const; - - /// - /// Makes a new inner method config - /// - /// \param[in] eap_type EAP type - /// - /// \returns A new inner method config of given type - /// - config_method* make_config_method(_In_ const wchar_t *eap_type) const; - - public: - std::unique_ptr m_inner; ///< Inner authentication configuration + virtual config_method* make_config_method(_In_ const wchar_t *eap_type) const; }; /// @} diff --git a/lib/TTLS/include/Credentials.h b/lib/TTLS/include/Credentials.h index c9a51a1..e7c6010 100644 --- a/lib/TTLS/include/Credentials.h +++ b/lib/TTLS/include/Credentials.h @@ -117,7 +117,7 @@ namespace eap /// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior /// \param[in] hTokenImpersonateUser Impersonation token for a logged-on user to collect user-related information /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be `credentials_tls_tunnel*` type) - /// \param[in] cfg Method configuration (unused, as must be as config_method_ttls is not derived from `config_method_with_cred`) + /// \param[in] cfg Method configuration (unused, as must be as config_method_tls_tunnel is not derived from `config_method_with_cred`) /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL) /// /// \returns diff --git a/lib/TTLS/include/Method.h b/lib/TTLS/include/Method.h index 1d940d3..fd9f5bb 100644 --- a/lib/TTLS/include/Method.h +++ b/lib/TTLS/include/Method.h @@ -190,7 +190,7 @@ namespace eap /// \param[in] cred User credentials /// \param[in] inner Inner method /// - method_ttls(_In_ module &mod, _In_ config_method_ttls &cfg, _In_ credentials_tls_tunnel &cred, _In_ method *inner); + method_ttls(_In_ module &mod, _In_ config_method_tls_tunnel &cfg, _In_ credentials_tls_tunnel &cred, _In_ method *inner); /// \name Session management /// @{ @@ -229,8 +229,8 @@ namespace eap #endif protected: - config_method_ttls &m_cfg; ///< Method configuration - credentials_tls_tunnel &m_cred; ///< Method user credentials + config_method_tls_tunnel &m_cfg; ///< Method configuration + credentials_tls_tunnel &m_cred; ///< Method user credentials HANDLE m_user_ctx; ///< Handle to user context winstd::tstring m_sc_target_name; ///< Schannel target name winstd::sec_credentials m_sc_cred; ///< Schannel client credentials diff --git a/lib/TTLS/src/Config.cpp b/lib/TTLS/src/Config.cpp index 3312245..b9cd4a7 100644 --- a/lib/TTLS/src/Config.cpp +++ b/lib/TTLS/src/Config.cpp @@ -25,33 +25,32 @@ using namespace winstd; ////////////////////////////////////////////////////////////////////// -// eap::config_method_ttls +// eap::config_method_tls_tunnel ////////////////////////////////////////////////////////////////////// -eap::config_method_ttls::config_method_ttls(_In_ module &mod, _In_ unsigned int level) : - m_inner(new config_method_pap(mod, level + 1)), +eap::config_method_tls_tunnel::config_method_tls_tunnel(_In_ module &mod, _In_ unsigned int level) : config_method_tls(mod, level) { - // TTLS is using blank configured credentials per default. + // TLS tunnel is using blank configured credentials per default. m_use_cred = true; } -eap::config_method_ttls::config_method_ttls(const _In_ config_method_ttls &other) : +eap::config_method_tls_tunnel::config_method_tls_tunnel(const _In_ config_method_tls_tunnel &other) : m_inner(other.m_inner ? dynamic_cast(other.m_inner->clone()) : nullptr), config_method_tls(other) { } -eap::config_method_ttls::config_method_ttls(_Inout_ config_method_ttls &&other) noexcept : +eap::config_method_tls_tunnel::config_method_tls_tunnel(_Inout_ config_method_tls_tunnel &&other) noexcept : m_inner(std::move(other.m_inner)), config_method_tls(std::move(other)) { } -eap::config_method_ttls& eap::config_method_ttls::operator=(const _In_ config_method_ttls &other) +eap::config_method_tls_tunnel& eap::config_method_tls_tunnel::operator=(const _In_ config_method_tls_tunnel &other) { if (this != &other) { (config_method_tls&)*this = other; @@ -62,7 +61,7 @@ eap::config_method_ttls& eap::config_method_ttls::operator=(const _In_ config_me } -eap::config_method_ttls& eap::config_method_ttls::operator=(_Inout_ config_method_ttls &&other) noexcept +eap::config_method_tls_tunnel& eap::config_method_tls_tunnel::operator=(_Inout_ config_method_tls_tunnel &&other) noexcept { if (this != &other) { (config_method_tls&&)*this = std::move(other); @@ -73,6 +72,83 @@ eap::config_method_ttls& eap::config_method_ttls::operator=(_Inout_ config_metho } +void eap::config_method_tls_tunnel::operator<<(_Inout_ cursor_out &cursor) const +{ + config_method_tls::operator<<(cursor); + cursor << m_inner->get_method_id(); + cursor << *m_inner; +} + + +size_t eap::config_method_tls_tunnel::get_pk_size() const +{ + return + config_method_tls::get_pk_size() + + pksizeof(m_inner->get_method_id()) + + pksizeof(*m_inner); +} + + +void eap::config_method_tls_tunnel::operator>>(_Inout_ cursor_in &cursor) +{ + config_method_tls::operator>>(cursor); + + eap_type_t eap_type; + cursor >> eap_type; + m_inner.reset(make_config_method(eap_type)); + cursor >> *m_inner; +} + + +eap::credentials* eap::config_method_tls_tunnel::make_credentials() const +{ + credentials_tls_tunnel *cred = new credentials_tls_tunnel(m_module); + cred->m_inner.reset(m_inner->make_credentials()); + return cred; +} + + +////////////////////////////////////////////////////////////////////// +// eap::config_method_ttls +////////////////////////////////////////////////////////////////////// + +eap::config_method_ttls::config_method_ttls(_In_ module &mod, _In_ unsigned int level) : + config_method_tls_tunnel(mod, level) +{ + m_inner.reset(new config_method_pap(mod, level + 1)); +} + + +eap::config_method_ttls::config_method_ttls(const _In_ config_method_ttls &other) : + config_method_tls_tunnel(other) +{ +} + + +eap::config_method_ttls::config_method_ttls(_Inout_ config_method_ttls &&other) noexcept : + config_method_tls_tunnel(std::move(other)) +{ +} + + +eap::config_method_ttls& eap::config_method_ttls::operator=(const _In_ config_method_ttls &other) +{ + if (this != &other) + (config_method_tls_tunnel&)*this = other; + + return *this; +} + + +eap::config_method_ttls& eap::config_method_ttls::operator=(_Inout_ config_method_ttls &&other) noexcept +{ + if (this != &other) + (config_method_tls_tunnel&&)*this = std::move(other); + + return *this; +} + + eap::config* eap::config_method_ttls::clone() const { return new config_method_ttls(*this); @@ -84,7 +160,7 @@ void eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode assert(pDoc); assert(pConfigRoot); - config_method_tls::save(pDoc, pConfigRoot); + config_method_tls_tunnel::save(pDoc, pConfigRoot); HRESULT hr; @@ -158,7 +234,7 @@ void eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot) } } - config_method_tls::load(pConfigRoot); + config_method_tls_tunnel::load(pConfigRoot); std::wstring xpath(eapxml::get_xpath(pConfigRoot)); @@ -189,34 +265,6 @@ void eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot) } -void eap::config_method_ttls::operator<<(_Inout_ cursor_out &cursor) const -{ - config_method_tls::operator<<(cursor); - cursor << m_inner->get_method_id(); - cursor << *m_inner; -} - - -size_t eap::config_method_ttls::get_pk_size() const -{ - return - config_method_tls::get_pk_size() + - pksizeof(m_inner->get_method_id()) + - pksizeof(*m_inner); -} - - -void eap::config_method_ttls::operator>>(_Inout_ cursor_in &cursor) -{ - config_method_tls::operator>>(cursor); - - eap_type_t eap_type; - cursor >> eap_type; - m_inner.reset(make_config_method(eap_type)); - cursor >> *m_inner; -} - - eap_type_t eap::config_method_ttls::get_method_id() const { return eap_type_t::ttls; @@ -229,14 +277,6 @@ const wchar_t* eap::config_method_ttls::get_method_str() const } -eap::credentials* eap::config_method_ttls::make_credentials() const -{ - credentials_tls_tunnel *cred = new credentials_tls_tunnel(m_module); - cred->m_inner.reset(m_inner->make_credentials()); - return cred; -} - - eap::config_method* eap::config_method_ttls::make_config_method(_In_ winstd::eap_type_t eap_type) const { switch (eap_type) { diff --git a/lib/TTLS/src/Credentials.cpp b/lib/TTLS/src/Credentials.cpp index ac68b62..722790d 100644 --- a/lib/TTLS/src/Credentials.cpp +++ b/lib/TTLS/src/Credentials.cpp @@ -198,7 +198,7 @@ eap::credentials::source_t eap::credentials_tls_tunnel::combine( dwFlags, hTokenImpersonateUser, cred_cached ? dynamic_cast(cred_cached)->m_inner.get() : NULL, - *dynamic_cast(cfg).m_inner, + *dynamic_cast(cfg).m_inner, pszTargetName); return std::min(src_outer, src_inner); diff --git a/lib/TTLS/src/Method.cpp b/lib/TTLS/src/Method.cpp index 4332e04..b9ccad3 100644 --- a/lib/TTLS/src/Method.cpp +++ b/lib/TTLS/src/Method.cpp @@ -304,7 +304,7 @@ void eap::method_eapmsg::get_response_packet( // eap::method_ttls ////////////////////////////////////////////////////////////////////// -eap::method_ttls::method_ttls(_In_ module &mod, _In_ config_method_ttls &cfg, _In_ credentials_tls_tunnel &cred, _In_ method *inner) : +eap::method_ttls::method_ttls(_In_ module &mod, _In_ config_method_tls_tunnel &cfg, _In_ credentials_tls_tunnel &cred, _In_ method *inner) : m_cfg(cfg), m_cred(cred), m_user_ctx(NULL), diff --git a/lib/TTLS/src/Module.cpp b/lib/TTLS/src/Module.cpp index c6a6b18..b1e6b4a 100644 --- a/lib/TTLS/src/Module.cpp +++ b/lib/TTLS/src/Module.cpp @@ -127,7 +127,7 @@ void eap::peer_ttls::get_identity( } // Build our identity. ;) - wstring identity(std::move(cfg_method->get_public_identity(*dynamic_cast(cred_out.m_cred.get())))); + wstring identity(std::move(cfg_method->get_public_identity(*cred_out.m_cred.get()))); log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_t::ttls), event_data(identity), event_data::blank); size_t size = sizeof(WCHAR)*(identity.length() + 1); *ppwszIdentity = (WCHAR*)alloc_memory(size); diff --git a/lib/TTLS_UI/include/TTLS_UI.h b/lib/TTLS_UI/include/TTLS_UI.h index da4899f..ff90788 100644 --- a/lib/TTLS_UI/include/TTLS_UI.h +++ b/lib/TTLS_UI/include/TTLS_UI.h @@ -54,7 +54,7 @@ public: /// /// Constructs a configuration panel /// - wxTTLSConfigPanel(const eap::config_provider &prov, eap::config_method_ttls &cfg, wxWindow* parent); + wxTTLSConfigPanel(const eap::config_provider &prov, eap::config_method_tls_tunnel &cfg, wxWindow* parent); protected: /// \cond internal @@ -65,7 +65,7 @@ protected: protected: const eap::config_provider &m_prov; ///< EAP provider - eap::config_method_ttls &m_cfg; ///< TTLS configuration + eap::config_method_tls_tunnel &m_cfg; ///< TLS tunnel configuration }; diff --git a/lib/TTLS_UI/src/Module.cpp b/lib/TTLS_UI/src/Module.cpp index 86dbd26..a4ff86b 100644 --- a/lib/TTLS_UI/src/Module.cpp +++ b/lib/TTLS_UI/src/Module.cpp @@ -157,7 +157,7 @@ void eap::peer_ttls_ui::invoke_identity_ui( credentials_connection cred_out(*this, cfg); config_provider *cfg_prov = NULL; - config_method_ttls *cfg_method = NULL; + config_method_tls_tunnel *cfg_method = NULL; // Initialize application. wxInitializerPeer init(m_instance, wxT("EAP-TTLS_UI"), hwndParent); @@ -188,7 +188,7 @@ void eap::peer_ttls_ui::invoke_identity_ui( // The identity provider is selected. assert(cfg_prov); - cfg_method = dynamic_cast(cfg_prov->m_methods.front().get()); + cfg_method = dynamic_cast(cfg_prov->m_methods.front().get()); assert(cfg_method); // Configure output credentials. @@ -393,7 +393,7 @@ void eap::peer_ttls_ui::invoke_interactive_ui( // Look-up the provider. config_provider *cfg_prov; - config_method_ttls *cfg_method; + config_method_tls_tunnel *cfg_method; for (auto _cfg_prov = cfg.m_providers.begin(), cfg_prov_end = cfg.m_providers.end();; ++_cfg_prov) { if (_cfg_prov != cfg_prov_end) { if (cred.match(*_cfg_prov)) { @@ -401,7 +401,7 @@ void eap::peer_ttls_ui::invoke_interactive_ui( if (_cfg_prov->m_methods.empty()) throw invalid_argument(string_printf(__FUNCTION__ " %ls provider has no methods.", _cfg_prov->get_id().c_str())); cfg_prov = &*_cfg_prov; - cfg_method = dynamic_cast(_cfg_prov->m_methods.front().get()); + cfg_method = dynamic_cast(_cfg_prov->m_methods.front().get()); break; } } else diff --git a/lib/TTLS_UI/src/TTLS_UI.cpp b/lib/TTLS_UI/src/TTLS_UI.cpp index cfd79c1..f06794b 100644 --- a/lib/TTLS_UI/src/TTLS_UI.cpp +++ b/lib/TTLS_UI/src/TTLS_UI.cpp @@ -25,7 +25,7 @@ // wxTTLSConfigPanel ////////////////////////////////////////////////////////////////////// -wxTTLSConfigPanel::wxTTLSConfigPanel(const eap::config_provider &prov, eap::config_method_ttls &cfg, wxWindow* parent) : +wxTTLSConfigPanel::wxTTLSConfigPanel(const eap::config_provider &prov, eap::config_method_tls_tunnel &cfg, wxWindow* parent) : m_prov(prov), m_cfg(cfg), wxTTLSConfigPanelBase(parent) @@ -143,7 +143,7 @@ wxTTLSConfigWindow::wxTTLSConfigWindow(eap::config_provider &prov, eap::config_m m_outer_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_INACTIVECAPTION ) ); sb_content->Add(m_outer_title, 0, wxALL|wxALIGN_RIGHT, FromDIP(5)); - m_outer_identity = new wxTTLSConfigPanel(m_prov, dynamic_cast(m_cfg), this); + m_outer_identity = new wxTTLSConfigPanel(m_prov, dynamic_cast(m_cfg), this); sb_content->Add(m_outer_identity, 0, wxALL|wxEXPAND, FromDIP(5)); m_tls = new wxTLSConfigPanel(m_prov, dynamic_cast(m_cfg), this); @@ -177,7 +177,7 @@ wxTTLSConfigWindow::~wxTTLSConfigWindow() bool wxTTLSConfigWindow::TransferDataToWindow() { - auto &cfg_ttls = dynamic_cast(m_cfg); + auto &cfg_ttls = dynamic_cast(m_cfg); // Native inner methods switch (cfg_ttls.m_inner->get_method_id()) { @@ -220,7 +220,7 @@ bool wxTTLSConfigWindow::TransferDataFromWindow() { wxCHECK(wxScrolledWindow::TransferDataFromWindow(), false); - auto &cfg_ttls = dynamic_cast(m_cfg); + auto &cfg_ttls = dynamic_cast(m_cfg); if (!m_prov.m_read_only) { // This is not a provider-locked configuration. Save the data.