Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

eap::credentials::m_identity replaced with virtual method get_identity()

Browse Source
This commit is contained in:
Simon Rozman 2016-07-20 09:54:26 +02:00
parent 504ea681a9
commit 4f6943044f
6 changed files with 88 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
lib/EAPBase/include/Credentials.h
View File

@ -234,6 +234,11 @@ namespace eap
/// @}
///
/// Returns credential identity.
///
virtual std::wstring get_identity() const = 0;
protected:
/// \name Storage
/// @{
@ -244,9 +249,6 @@ namespace eap
virtual LPCTSTR target_suffix() const = 0;
/// @}
public:
std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.)
};
@ -361,7 +363,13 @@ namespace eap
/// @}
///
/// Returns credential identity.
///
virtual std::wstring get_identity() const;
public:
std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.)
winstd::sanitizing_wstring m_password; ///< Password
private:
@ -376,25 +384,29 @@ namespace eapserial
{
inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials &val)
{
pack(cursor, val.m_identity);
UNREFERENCED_PARAMETER(cursor);
UNREFERENCED_PARAMETER(val );
}
inline size_t get_pk_size(const eap::credentials &val)
{
return get_pk_size(val.m_identity);
UNREFERENCED_PARAMETER(val);
return 0;
}
inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials &val)
{
unpack(cursor, val.m_identity);
UNREFERENCED_PARAMETER(cursor);
UNREFERENCED_PARAMETER(val );
}
inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials_pass &val)
{
pack(cursor, (const eap::credentials&)val);
pack(cursor, val.m_identity );
pack(cursor, val.m_password );
}
@ -403,6 +415,7 @@ namespace eapserial
{
return
get_pk_size((const eap::credentials&)val) +
get_pk_size(val.m_identity ) +
get_pk_size(val.m_password );
}
@ -410,6 +423,7 @@ namespace eapserial
inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials_pass &val)
{
unpack(cursor, (eap::credentials&)val);
unpack(cursor, val.m_identity );
unpack(cursor, val.m_password );
}
}

64
lib/EAPBase/src/Credentials.cpp
View File

@ -36,14 +36,12 @@ eap::credentials::credentials(_In_ module &mod) : config(mod)
eap::credentials::credentials(_In_ const credentials &other) :
m_identity(other.m_identity),
config(other)
{
}
eap::credentials::credentials(_Inout_ credentials &&other) :
m_identity(std::move(other.m_identity)),
config(std::move(other))
{
}
@ -51,10 +49,8 @@ eap::credentials::credentials(_Inout_ credentials &&other) :
eap::credentials& eap::credentials::operator=(_In_ const credentials &other)
{
if (this != &other) {
if (this != &other)
(config&)*this = other;
m_identity = other.m_identity;
}
return *this;
}
@ -62,10 +58,8 @@ eap::credentials& eap::credentials::operator=(_In_ const credentials &other)
eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other)
{
if (this != &other) {
if (this != &other)
(config&)*this = std::move(other);
m_identity = std::move(other.m_identity);
}
return *this;
}
@ -73,26 +67,21 @@ eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other)
void eap::credentials::clear()
{
m_identity.clear();
}
bool eap::credentials::empty() const
{
return m_identity.empty();
// Base class always report empty credentials.
return true;
}
bool eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
{
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
DWORD dwResult;
// <UserName>
if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <UserName> element."));
return false;
}
UNREFERENCED_PARAMETER(pDoc);
UNREFERENCED_PARAMETER(pConfigRoot);
UNREFERENCED_PARAMETER(ppEapError);
return true;
}
@ -100,17 +89,8 @@ bool eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfi
bool eap::credentials::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
{
assert(pConfigRoot);
DWORD dwResult;
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading <UserName> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
return false;
}
m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
UNREFERENCED_PARAMETER(pConfigRoot);
UNREFERENCED_PARAMETER(ppEapError);
return true;
}
@ -126,6 +106,7 @@ eap::credentials_pass::credentials_pass(_In_ module &mod) : credentials(mod)
eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) :
m_identity(other.m_identity),
m_password(other.m_password),
credentials(other)
{
@ -133,6 +114,7 @@ eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) :
eap::credentials_pass::credentials_pass(_Inout_ credentials_pass &&other) :
m_identity(std::move(other.m_identity)),
m_password(std::move(other.m_password)),
credentials(std::move(other))
{
@ -143,6 +125,7 @@ eap::credentials_pass& eap::credentials_pass::operator=(_In_ const credentials_p
{
if (this != &other) {
(credentials&)*this = other;
m_identity = other.m_identity;
m_password = other.m_password;
}
@ -154,6 +137,7 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass
{
if (this != &other) {
(credentials&)*this = std::move(other);
m_identity = std::move(other.m_identity);
m_password = std::move(other.m_password);
}
@ -164,13 +148,14 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass
void eap::credentials_pass::clear()
{
credentials::clear();
m_identity.clear();
m_password.clear();
}
bool eap::credentials_pass::empty() const
{
return credentials::empty() && m_password.empty();
return credentials::empty() && m_identity.empty() && m_password.empty();
}
@ -182,6 +167,12 @@ bool eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p
if (!credentials::save(pDoc, pConfigRoot, ppEapError))
return false;
// <UserName>
if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <UserName> element."));
return false;
}
// <Password>
bstr pass(m_password);
dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass);
@ -205,6 +196,13 @@ bool eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading <UserName> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
return false;
}
m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
bstr pass;
if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)) != ERROR_SUCCESS) {
*ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading <Password> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
@ -314,6 +312,12 @@ bool eap::credentials_pass::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR
}
std::wstring eap::credentials_pass::get_identity() const
{
return m_identity;
}
const unsigned char eap::credentials_pass::s_entropy[1024] = {
0x40, 0x88, 0xd3, 0x13, 0x81, 0x8a, 0xf6, 0x74, 0x55, 0x8e, 0xcc, 0x73, 0x2c, 0xf8, 0x93, 0x37,
0x4f, 0xeb, 0x1d, 0x66, 0xb7, 0xfb, 0x47, 0x75, 0xb4, 0xfd, 0x07, 0xbb, 0xf6, 0xb3, 0x05, 0x30,

2
lib/EAPBase_UI/include/EAP_UI.h
View File

@ -432,7 +432,7 @@ protected:
m_own_clear ->Enable(false);
}
m_preshared_identity->SetValue(!m_cred.empty() ? m_cred.m_identity : _("<blank>"));
m_preshared_identity->SetValue(!m_cred.empty() ? m_cred.get_identity() : _("<blank>"));
if (!m_prov.m_read_only) {
// This is not a provider-locked configuration. Selectively enable/disable controls.

19
lib/TLS/include/Credentials.h
View File

@ -187,6 +187,11 @@ namespace eap
/// @}
///
/// Returns credential identity.
///
virtual std::wstring get_identity() const;
protected:
/// \name Storage
/// @{
@ -213,8 +218,7 @@ namespace eapserial
{
inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials_tls &val)
{
// Don't save m_identity. We rebuild it on every load.
//pack(cursor, (const eap::credentials&)val);
pack(cursor, (const eap::credentials&)val);
pack(cursor, val.m_cert );
}
@ -222,21 +226,14 @@ namespace eapserial
inline size_t get_pk_size(const eap::credentials_tls &val)
{
return
// Don't save m_identity. We rebuild it on every load.
//get_pk_size((const eap::credentials&)val) +
get_pk_size((const eap::credentials&)val) +
get_pk_size(val.m_cert );
}
inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials_tls &val)
{
// Don't load m_identity. We rebuild it on load.
//unpack(cursor, (eap::credentials&)val);
unpack(cursor, (eap::credentials&)val);
unpack(cursor, val.m_cert );
if (val.m_cert) {
// Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username).
CertGetNameString(val.m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, val.m_identity);
}
}
}

43
lib/TLS/src/Credentials.cpp
View File

@ -94,9 +94,8 @@ bool eap::credentials_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pC
DWORD dwResult;
HRESULT hr;
// Don't save m_identity. We rebuild it on every load.
//if (!credentials::save(pDoc, pConfigRoot, ppEapError))
// return false;
if (!credentials::save(pDoc, pConfigRoot, ppEapError))
return false;
// <ClientCertificate>
com_obj<IXMLDOMElement> pXmlElClientCertificate;
@ -133,13 +132,11 @@ bool eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR *
assert(pConfigRoot);
DWORD dwResult;
// Don't load m_identity. We rebuild it on load.
//if (!credentials::load(pConfigRoot, ppEapError))
// return false;
if (!credentials::load(pConfigRoot, ppEapError))
return false;
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
m_identity.clear();
m_cert.free();
// <ClientCertificate>
@ -155,12 +152,8 @@ bool eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR *
if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrFormat, bstrFormat.length(), L"PEM", -1, NULL, NULL, 0) == CSTR_EQUAL) {
// <ClientCertificate>/<cert-data>
vector<unsigned char> aData;
if ((dwResult = eapxml::get_element_base64(pXmlElClientCertificate, bstr(L"eap-metadata:cert-data"), aData)) == ERROR_SUCCESS) {
if (m_cert.create(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size())) {
// Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username).
CertGetNameString(m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, m_identity);
}
}
if ((dwResult = eapxml::get_element_base64(pXmlElClientCertificate, bstr(L"eap-metadata:cert-data"), aData)) == ERROR_SUCCESS)
m_cert.create(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size());
}
}
m_module.log_config((xpath + L"/ClientCertificate").c_str(), m_cert ? eap::get_cert_title(m_cert).c_str() : L"<blank>");
@ -184,10 +177,11 @@ bool eap::credentials_tls::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **p
}
tstring target(target_name(pszTargetName));
wstring identity(std::move(get_identity()));
// Write credentials.
assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH );
assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
assert(identity.length() < CRED_MAX_USERNAME_LENGTH );
CREDENTIAL cred = {
0, // Flags
CRED_TYPE_GENERIC, // Type
@ -200,7 +194,7 @@ bool eap::credentials_tls::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **p
0, // AttributeCount
NULL, // Attributes
NULL, // TargetAlias
(LPTSTR)m_identity.c_str() // UserName
(LPTSTR)identity.c_str() // UserName
};
if (!CredWrite(&cred, 0)) {
*ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CredWrite failed."));
@ -238,15 +232,24 @@ bool eap::credentials_tls::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR
return false;
}
// Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username).
CertGetNameString(m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, m_identity);
m_module.log_config((wstring(pszTargetName) + L"/Certificate").c_str(), m_identity.c_str());
m_module.log_config((wstring(pszTargetName) + L"/Certificate").c_str(), m_cert ? eap::get_cert_title(m_cert).c_str() : L"<blank>");
return true;
}
std::wstring eap::credentials_tls::get_identity() const
{
if (m_cert) {
// Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username).
wstring identity;
CertGetNameString(m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, identity);
return identity;
} else
return L"";
}
LPCTSTR eap::credentials_tls::target_suffix() const
{
return _T("TLS");

7
lib/TLS_UI/include/TLS_UI.h
View File

@ -318,12 +318,9 @@ protected:
m_cred.clear();
else {
const wxCertificateClientData *data = dynamic_cast<const wxCertificateClientData*>(m_cert_select_val->GetClientObject(m_cert_select_val->GetSelection()));
if (data) {
if (data)
m_cred.m_cert.attach_duplicated(data->m_cert);
// Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username).
CertGetNameString(m_cred.m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, m_cred.m_identity);
} else
else
m_cred.clear();
}