Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

m_module is now a pointer instead of reference

Browse Source
This commit is contained in:
Simon Rozman
2016-08-05 11:23:59 +02:00
parent a9ecde86d9
commit 460adb9858
27 changed files with 168 additions and 166 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/TLS/include/Config.h
View File

@@ -60,9 +60,9 @@ namespace eap
///
/// Constructs configuration
///
/// \param[in] mod Reference of the EAP module to use for global services
/// \param[in] mod EAP module to use for global services
///
config_method_tls(_In_ module &mod);
config_method_tls(_In_ module *mod);
///
/// Copies configuration

4
lib/TLS/include/Credentials.h
View File

@@ -46,9 +46,9 @@ namespace eap
///
/// Constructs credentials
///
/// \param[in] mod Reference of the EAP module to use for global services
/// \param[in] mod EAP module to use for global services
///
credentials_tls(_In_ module &mod);
credentials_tls(_In_ module *mod);
///
/// Copies credentials

4
lib/TLS/include/Session.h
View File

@@ -66,9 +66,9 @@ namespace eap
///
/// Constructor
///
/// \param[in] mod Reference of the EAP module to use for global services
/// \param[in] mod EAP module to use for global services
///
session_tls(_In_ module &mod);
session_tls(_In_ module *mod);
///
/// Copies TLS session

18
lib/TLS/src/Config.cpp
View File

@@ -66,7 +66,7 @@ tstring eap::get_cert_title(PCCERT_CONTEXT cert)
// eap::config_method_tls
//////////////////////////////////////////////////////////////////////
eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with_cred<credentials_tls>(mod)
eap::config_method_tls::config_method_tls(_In_ module *mod) : config_method_with_cred<credentials_tls>(mod)
{
}
@@ -133,7 +133,7 @@ bool eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *
// <ServerSideCredential>
com_obj<IXMLDOMElement> pXmlElServerSideCredential;
if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential)) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ServerSideCredential> element."));
*ppEapError = m_module->make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ServerSideCredential> element."));
return false;
}
@@ -141,25 +141,25 @@ bool eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *
// <CA>
com_obj<IXMLDOMElement> pXmlElCA;
if ((dwResult = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA))) {
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <CA> element."));
*ppEapError = m_module->make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <CA> element."));
return false;
}
// <CA>/<format>
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM"))) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <format> element."));
*ppEapError = m_module->make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <format> element."));
return false;
}
// <CA>/<cert-data>
const cert_context &cc = *i;
if ((dwResult = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded)) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <cert-data> element."));
*ppEapError = m_module->make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <cert-data> element."));
return false;
}
if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL))) {
*ppEapError = m_module.make_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending <CA> element."));
*ppEapError = m_module->make_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending <CA> element."));
return false;
}
}
@@ -169,7 +169,7 @@ bool eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *
wstring str;
MultiByteToWideChar(CP_UTF8, 0, i->c_str(), (int)i->length(), str);
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(str))) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ServerName> element."));
*ppEapError = m_module->make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ServerName> element."));
return false;
}
}
@@ -227,7 +227,7 @@ bool eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR
list<tstring> cert_names;
for (std::list<winstd::cert_context>::const_iterator cert = m_trusted_root_ca.cbegin(), cert_end = m_trusted_root_ca.cend(); cert != cert_end; ++cert)
cert_names.push_back(std::move(get_cert_title(*cert)));
m_module.log_config((xpathServerSideCredential + L"/CA").c_str(), cert_names);
m_module->log_config((xpathServerSideCredential + L"/CA").c_str(), cert_names);
}
// <ServerName>
@@ -248,7 +248,7 @@ bool eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR
m_server_names.push_back(str);
}
m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names);
m_module->log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names);
}
}

26
lib/TLS/src/Credentials.cpp
View File

@@ -28,7 +28,7 @@ using namespace winstd;
// eap::credentials_tls
//////////////////////////////////////////////////////////////////////
eap::credentials_tls::credentials_tls(_In_ module &mod) : credentials(mod)
eap::credentials_tls::credentials_tls(_In_ module *mod) : credentials(mod)
{
}
@@ -104,26 +104,26 @@ bool eap::credentials_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pC
// <ClientCertificate>
com_obj<IXMLDOMElement> pXmlElClientCertificate;
if ((dwResult = eapxml::create_element(pDoc, bstr(L"ClientCertificate"), bstrNamespace, &pXmlElClientCertificate))) {
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ClientCertificate> element."));
*ppEapError = m_module->make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ClientCertificate> element."));
return false;
}
if (m_cert) {
// <ClientCertificate>/<format>
if ((dwResult = eapxml::put_element_value(pDoc, pXmlElClientCertificate, bstr(L"format"), bstrNamespace, bstr(L"PEM"))) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <format> element."));
*ppEapError = m_module->make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <format> element."));
return false;
}
// <ClientCertificate>/<cert-data>
if ((dwResult = eapxml::put_element_base64(pDoc, pXmlElClientCertificate, bstr(L"cert-data"), bstrNamespace, m_cert->pbCertEncoded, m_cert->cbCertEncoded)) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <cert-data> element."));
*ppEapError = m_module->make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <cert-data> element."));
return false;
}
}
if (FAILED(hr = pConfigRoot->appendChild(pXmlElClientCertificate, NULL))) {
*ppEapError = m_module.make_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending <ClientCertificate> element."));
*ppEapError = m_module->make_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending <ClientCertificate> element."));
return false;
}
@@ -147,7 +147,7 @@ bool eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR *
// <ClientCertificate>
com_obj<IXMLDOMElement> pXmlElClientCertificate;
if ((dwResult = eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ClientCertificate"), &pXmlElClientCertificate)) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading <ClientCertificate> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
*ppEapError = m_module->make_error(dwResult, _T(__FUNCTION__) _T(" Error reading <ClientCertificate> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
return false;
}
@@ -161,7 +161,7 @@ bool eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR *
m_cert.create(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size());
}
}
m_module.log_config((xpath + L"/ClientCertificate").c_str(), get_name().c_str());
m_module->log_config((xpath + L"/ClientCertificate").c_str(), get_name().c_str());
return true;
}
@@ -199,7 +199,7 @@ bool eap::credentials_tls::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **p
DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy };
data_blob cred_enc;
if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc)) {
*ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptProtectData failed."));
*ppEapError = m_module->make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptProtectData failed."));
return false;
}
@@ -224,7 +224,7 @@ bool eap::credentials_tls::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **p
(LPTSTR)name.c_str() // UserName
};
if (!CredWrite(&cred, 0)) {
*ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CredWrite failed."));
*ppEapError = m_module->make_error(GetLastError(), _T(__FUNCTION__) _T(" CredWrite failed."));
return false;
}
@@ -239,7 +239,7 @@ bool eap::credentials_tls::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR
// Read credentials.
unique_ptr<CREDENTIAL, CredFree_delete<CREDENTIAL> > cred;
if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred)) {
*ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CredRead failed."));
*ppEapError = m_module->make_error(GetLastError(), _T(__FUNCTION__) _T(" CredRead failed."));
return false;
}
@@ -248,18 +248,18 @@ bool eap::credentials_tls::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR
DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy };
data_blob cred_int;
if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int)) {
*ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptUnprotectData failed."));
*ppEapError = m_module->make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptUnprotectData failed."));
return false;
}
bool bResult = m_cert.create(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cred_int.pbData, cred_int.cbData);
SecureZeroMemory(cred_int.pbData, cred_int.cbData);
if (!bResult) {
*ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error loading certificate."));
*ppEapError = m_module->make_error(GetLastError(), _T(__FUNCTION__) _T(" Error loading certificate."));
return false;
}
m_module.log_config((wstring(pszTargetName) + L"/Certificate").c_str(), get_name().c_str());
m_module->log_config((wstring(pszTargetName) + L"/Certificate").c_str(), get_name().c_str());
return true;
}

22
lib/TLS/src/Session.cpp
View File

@@ -28,7 +28,7 @@ using namespace winstd;
// eap::session_tls
//////////////////////////////////////////////////////////////////////
eap::session_tls::session_tls(_In_ module &mod) :
eap::session_tls::session_tls(_In_ module *mod) :
m_phase(phase_handshake_start),
session<config_method_tls, credentials_tls, bool, bool>(mod)
{
@@ -152,7 +152,7 @@ bool eap::session_tls::begin(
_Out_ EAP_ERROR **ppEapError)
{
if (dwMaxSendPacketSize <= 10) {
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, wstring_printf(_T(__FUNCTION__) _T(" Maximum send packet size too small (expected: >%u, received: %u)."), 10, dwMaxSendPacketSize).c_str());
*ppEapError = m_module->make_error(ERROR_NOT_SUPPORTED, wstring_printf(_T(__FUNCTION__) _T(" Maximum send packet size too small (expected: >%u, received: %u)."), 10, dwMaxSendPacketSize).c_str());
return false;
}
@@ -176,10 +176,10 @@ bool eap::session_tls::process_request_packet(
// Is this a valid EAP-TLS packet?
if (dwReceivedPacketSize < 6) {
*ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Packet is too small. EAP-%s packets should be at least 6B."));
*ppEapError = m_module->make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Packet is too small. EAP-%s packets should be at least 6B."));
return false;
}/* else if (pReceivedPacket->Data[0] != eap_type_tls) {
*ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Packet is not EAP-TLS (expected: %u, received: %u)."), eap_type_tls, pReceivedPacket->Data[0]).c_str());
*ppEapError = m_module->make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Packet is not EAP-TLS (expected: %u, received: %u)."), eap_type_tls, pReceivedPacket->Data[0]).c_str());
return false;
}*/
@@ -187,7 +187,7 @@ bool eap::session_tls::process_request_packet(
if (pReceivedPacket->Data[1] & tls_flags_length_incl) {
// First fragment received.
if (dwReceivedPacketSize < 10) {
*ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Packet is too small. EAP-TLS first fragmented packet should be at least 10B."));
*ppEapError = m_module->make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Packet is too small. EAP-TLS first fragmented packet should be at least 10B."));
return false;
}
@@ -232,17 +232,17 @@ bool eap::session_tls::process_request_packet(
case phase_handshake_start: {
// Is this an EAP-TLS Start packet?
if (m_packet_req.m_code != EapCodeRequest) {
*ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Packet is not a request (expected: %x, received: %x)."), EapCodeRequest, m_packet_req.m_code).c_str());
*ppEapError = m_module->make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Packet is not a request (expected: %x, received: %x)."), EapCodeRequest, m_packet_req.m_code).c_str());
return false;
} else if (!(m_packet_req.m_flags & tls_flags_start)) {
*ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Packet is not EAP-TLS Start (expected: %x, received: %x)."), tls_flags_start, m_packet_req.m_flags).c_str());
*ppEapError = m_module->make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Packet is not EAP-TLS Start (expected: %x, received: %x)."), tls_flags_start, m_packet_req.m_flags).c_str());
return false;
}
//// Determine minimum EAP-TLS version supported by server and us.
//version_t ver_remote = (version_t)(m_packet_req.m_flags & tls_flags_ver_mask);
//m_version = std::min<version_t>(ver_remote, version_0);
//m_module.log_event(&EAPMETHOD_HANDSHAKE_START, event_data(m_cred.target_suffix()), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank);
//m_module->log_event(&EAPMETHOD_HANDSHAKE_START, event_data(m_cred.target_suffix()), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank);
// Build response packet.
m_packet_res.m_code = EapCodeResponse;
@@ -251,14 +251,14 @@ bool eap::session_tls::process_request_packet(
//if (!m_packet_res.create(EapCodeResponse, pReceivedPacket->Id, eap_type_tls, (BYTE)m_version)) {
// *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error creating packet."));
// *ppEapError = m_module->make_error(GetLastError(), _T(__FUNCTION__) _T(" Error creating packet."));
// return false;
//}
break;
}
default:
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
*ppEapError = m_module->make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
return false;
}
@@ -330,6 +330,6 @@ bool eap::session_tls::get_result(
UNREFERENCED_PARAMETER(ppResult);
assert(ppEapError);
*ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
*ppEapError = m_module->make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
return false;
}