<Password> element is stored encrypted now in profile configuration XML
(closes #18)
This commit is contained in:
parent
bb8e766db7
commit
27ea8802e0
@ -106,7 +106,7 @@ void eap::credentials::load(_In_ IXMLDOMNode *pConfigRoot)
|
|||||||
|
|
||||||
config::load(pConfigRoot);
|
config::load(pConfigRoot);
|
||||||
|
|
||||||
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
|
wstring xpath(eapxml::get_xpath(pConfigRoot));
|
||||||
|
|
||||||
if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)))
|
if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)))
|
||||||
m_identity.clear();
|
m_identity.clear();
|
||||||
@ -225,12 +225,18 @@ void eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p
|
|||||||
|
|
||||||
HRESULT hr;
|
HRESULT hr;
|
||||||
|
|
||||||
|
// Prepare cryptographics provider.
|
||||||
|
crypt_prov cp;
|
||||||
|
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
|
||||||
|
throw win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
|
||||||
|
|
||||||
// <Password>
|
// <Password>
|
||||||
bstr pass(m_password);
|
vector<unsigned char> password_enc(std::move(m_module.encrypt_md5(cp, m_password)));
|
||||||
hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), namespace_eapmetadata, pass);
|
com_obj<IXMLDOMElement> pXmlElPassword;
|
||||||
SecureZeroMemory((BSTR)pass, sizeof(OLECHAR)*pass.length());
|
if (FAILED(hr = eapxml::put_element_base64(pDoc, pConfigRoot, bstr(L"Password"), namespace_eapmetadata, password_enc.data(), password_enc.size(), std::addressof(pXmlElPassword))))
|
||||||
if (FAILED(hr))
|
|
||||||
throw com_runtime_error(hr, __FUNCTION__ " Error creating <Password> element.");
|
throw com_runtime_error(hr, __FUNCTION__ " Error creating <Password> element.");
|
||||||
|
|
||||||
|
pXmlElPassword->setAttribute(bstr(L"encryption"), variant(_L(PRODUCT_NAME_STR)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -241,13 +247,35 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
|
|||||||
|
|
||||||
credentials::load(pConfigRoot);
|
credentials::load(pConfigRoot);
|
||||||
|
|
||||||
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
|
wstring xpath(eapxml::get_xpath(pConfigRoot));
|
||||||
|
|
||||||
bstr pass;
|
// <Password>
|
||||||
if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), pass)))
|
bstr password, encryption;
|
||||||
|
com_obj<IXMLDOMElement> pXmlElPassword;
|
||||||
|
if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), password, std::addressof(pXmlElPassword))))
|
||||||
throw com_runtime_error(hr, __FUNCTION__ " Error reading <Password> element.");
|
throw com_runtime_error(hr, __FUNCTION__ " Error reading <Password> element.");
|
||||||
m_password = pass;
|
|
||||||
SecureZeroMemory((BSTR)pass, sizeof(OLECHAR)*pass.length());
|
if (SUCCEEDED(eapxml::get_attrib_value(pXmlElPassword, bstr(L"encryption"), encryption)) &&
|
||||||
|
CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, encryption, encryption.length(), _L(PRODUCT_NAME_STR), -1, NULL, NULL, 0) == CSTR_EQUAL)
|
||||||
|
{
|
||||||
|
// Decrypt password.
|
||||||
|
|
||||||
|
// Decode Base64.
|
||||||
|
winstd::base64_dec dec;
|
||||||
|
bool is_last;
|
||||||
|
std::vector<unsigned char> password_enc;
|
||||||
|
dec.decode(password_enc, is_last, (BSTR)password, password.length());
|
||||||
|
|
||||||
|
// Prepare cryptographics provider.
|
||||||
|
crypt_prov cp;
|
||||||
|
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
|
||||||
|
throw win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
|
||||||
|
|
||||||
|
m_password = m_module.decrypt_str_md5<std::char_traits<wchar_t>, sanitizing_allocator<wchar_t> >(cp, password_enc.data(), password_enc.size());
|
||||||
|
} else {
|
||||||
|
m_password = password;
|
||||||
|
SecureZeroMemory((BSTR)password, sizeof(OLECHAR)*password.length());
|
||||||
|
}
|
||||||
|
|
||||||
m_module.log_config((xpath + L"/Password").c_str(),
|
m_module.log_config((xpath + L"/Password").c_str(),
|
||||||
#ifdef _DEBUG
|
#ifdef _DEBUG
|
||||||
@ -567,11 +595,11 @@ void eap::credentials_connection::load(_In_ IXMLDOMNode *pConfigRoot)
|
|||||||
config::load(pConfigRoot);
|
config::load(pConfigRoot);
|
||||||
|
|
||||||
// <EAPIdentityProvider>
|
// <EAPIdentityProvider>
|
||||||
winstd::com_obj<IXMLDOMElement> pXmlElClientSideCredential;
|
com_obj<IXMLDOMElement> pXmlElClientSideCredential;
|
||||||
if (FAILED(hr = eapxml::select_element(pConfigRoot, winstd::bstr(L"eap-metadata:EAPIdentityProvider"), pXmlElClientSideCredential)))
|
if (FAILED(hr = eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProvider"), pXmlElClientSideCredential)))
|
||||||
throw com_runtime_error(hr, __FUNCTION__ " Error loading <EAPIdentityProvider> element.");
|
throw com_runtime_error(hr, __FUNCTION__ " Error loading <EAPIdentityProvider> element.");
|
||||||
|
|
||||||
std::wstring xpath(eapxml::get_xpath(pXmlElClientSideCredential));
|
wstring xpath(eapxml::get_xpath(pXmlElClientSideCredential));
|
||||||
|
|
||||||
// namespace
|
// namespace
|
||||||
m_namespace.clear();
|
m_namespace.clear();
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user