From 4f6943044f251e5b4f2e897f4cb4478e33a7b092 Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Wed, 20 Jul 2016 09:54:26 +0200 Subject: [PATCH] eap::credentials::m_identity replaced with virtual method get_identity() --- lib/EAPBase/include/Credentials.h | 26 ++++++++++--- lib/EAPBase/src/Credentials.cpp | 64 ++++++++++++++++--------------- lib/EAPBase_UI/include/EAP_UI.h | 2 +- lib/TLS/include/Credentials.h | 19 ++++----- lib/TLS/src/Credentials.cpp | 43 +++++++++++---------- lib/TLS_UI/include/TLS_UI.h | 7 +--- 6 files changed, 88 insertions(+), 73 deletions(-) diff --git a/lib/EAPBase/include/Credentials.h b/lib/EAPBase/include/Credentials.h index a7fb9fa..cca38ca 100644 --- a/lib/EAPBase/include/Credentials.h +++ b/lib/EAPBase/include/Credentials.h @@ -234,6 +234,11 @@ namespace eap /// @} + /// + /// Returns credential identity. + /// + virtual std::wstring get_identity() const = 0; + protected: /// \name Storage /// @{ @@ -244,9 +249,6 @@ namespace eap virtual LPCTSTR target_suffix() const = 0; /// @} - - public: - std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.) }; @@ -361,7 +363,13 @@ namespace eap /// @} + /// + /// Returns credential identity. + /// + virtual std::wstring get_identity() const; + public: + std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.) winstd::sanitizing_wstring m_password; ///< Password private: @@ -376,25 +384,29 @@ namespace eapserial { inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials &val) { - pack(cursor, val.m_identity); + UNREFERENCED_PARAMETER(cursor); + UNREFERENCED_PARAMETER(val ); } inline size_t get_pk_size(const eap::credentials &val) { - return get_pk_size(val.m_identity); + UNREFERENCED_PARAMETER(val); + return 0; } inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials &val) { - unpack(cursor, val.m_identity); + UNREFERENCED_PARAMETER(cursor); + UNREFERENCED_PARAMETER(val ); } inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials_pass &val) { pack(cursor, (const eap::credentials&)val); + pack(cursor, val.m_identity ); pack(cursor, val.m_password ); } @@ -403,6 +415,7 @@ namespace eapserial { return get_pk_size((const eap::credentials&)val) + + get_pk_size(val.m_identity ) + get_pk_size(val.m_password ); } @@ -410,6 +423,7 @@ namespace eapserial inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials_pass &val) { unpack(cursor, (eap::credentials&)val); + unpack(cursor, val.m_identity ); unpack(cursor, val.m_password ); } } diff --git a/lib/EAPBase/src/Credentials.cpp b/lib/EAPBase/src/Credentials.cpp index 157f86b..c6c35cb 100644 --- a/lib/EAPBase/src/Credentials.cpp +++ b/lib/EAPBase/src/Credentials.cpp @@ -36,14 +36,12 @@ eap::credentials::credentials(_In_ module &mod) : config(mod) eap::credentials::credentials(_In_ const credentials &other) : - m_identity(other.m_identity), config(other) { } eap::credentials::credentials(_Inout_ credentials &&other) : - m_identity(std::move(other.m_identity)), config(std::move(other)) { } @@ -51,10 +49,8 @@ eap::credentials::credentials(_Inout_ credentials &&other) : eap::credentials& eap::credentials::operator=(_In_ const credentials &other) { - if (this != &other) { + if (this != &other) (config&)*this = other; - m_identity = other.m_identity; - } return *this; } @@ -62,10 +58,8 @@ eap::credentials& eap::credentials::operator=(_In_ const credentials &other) eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other) { - if (this != &other) { + if (this != &other) (config&)*this = std::move(other); - m_identity = std::move(other.m_identity); - } return *this; } @@ -73,26 +67,21 @@ eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other) void eap::credentials::clear() { - m_identity.clear(); } bool eap::credentials::empty() const { - return m_identity.empty(); + // Base class always report empty credentials. + return true; } bool eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const { - const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata"); - DWORD dwResult; - - // - if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + UNREFERENCED_PARAMETER(pDoc); + UNREFERENCED_PARAMETER(pConfigRoot); + UNREFERENCED_PARAMETER(ppEapError); return true; } @@ -100,17 +89,8 @@ bool eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfi bool eap::credentials::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) { - assert(pConfigRoot); - DWORD dwResult; - - std::wstring xpath(eapxml::get_xpath(pConfigRoot)); - - if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document.")); - return false; - } - - m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str()); + UNREFERENCED_PARAMETER(pConfigRoot); + UNREFERENCED_PARAMETER(ppEapError); return true; } @@ -126,6 +106,7 @@ eap::credentials_pass::credentials_pass(_In_ module &mod) : credentials(mod) eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) : + m_identity(other.m_identity), m_password(other.m_password), credentials(other) { @@ -133,6 +114,7 @@ eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) : eap::credentials_pass::credentials_pass(_Inout_ credentials_pass &&other) : + m_identity(std::move(other.m_identity)), m_password(std::move(other.m_password)), credentials(std::move(other)) { @@ -143,6 +125,7 @@ eap::credentials_pass& eap::credentials_pass::operator=(_In_ const credentials_p { if (this != &other) { (credentials&)*this = other; + m_identity = other.m_identity; m_password = other.m_password; } @@ -154,6 +137,7 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass { if (this != &other) { (credentials&)*this = std::move(other); + m_identity = std::move(other.m_identity); m_password = std::move(other.m_password); } @@ -164,13 +148,14 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass void eap::credentials_pass::clear() { credentials::clear(); + m_identity.clear(); m_password.clear(); } bool eap::credentials_pass::empty() const { - return credentials::empty() && m_password.empty(); + return credentials::empty() && m_identity.empty() && m_password.empty(); } @@ -182,6 +167,12 @@ bool eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p if (!credentials::save(pDoc, pConfigRoot, ppEapError)) return false; + // + if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))) != ERROR_SUCCESS) { + *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); + return false; + } + // bstr pass(m_password); dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass); @@ -205,6 +196,13 @@ bool eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR std::wstring xpath(eapxml::get_xpath(pConfigRoot)); + if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)) != ERROR_SUCCESS) { + *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document.")); + return false; + } + + m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str()); + bstr pass; if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)) != ERROR_SUCCESS) { *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document.")); @@ -314,6 +312,12 @@ bool eap::credentials_pass::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR } +std::wstring eap::credentials_pass::get_identity() const +{ + return m_identity; +} + + const unsigned char eap::credentials_pass::s_entropy[1024] = { 0x40, 0x88, 0xd3, 0x13, 0x81, 0x8a, 0xf6, 0x74, 0x55, 0x8e, 0xcc, 0x73, 0x2c, 0xf8, 0x93, 0x37, 0x4f, 0xeb, 0x1d, 0x66, 0xb7, 0xfb, 0x47, 0x75, 0xb4, 0xfd, 0x07, 0xbb, 0xf6, 0xb3, 0x05, 0x30, diff --git a/lib/EAPBase_UI/include/EAP_UI.h b/lib/EAPBase_UI/include/EAP_UI.h index 86c9f76..81b3fcf 100644 --- a/lib/EAPBase_UI/include/EAP_UI.h +++ b/lib/EAPBase_UI/include/EAP_UI.h @@ -432,7 +432,7 @@ protected: m_own_clear ->Enable(false); } - m_preshared_identity->SetValue(!m_cred.empty() ? m_cred.m_identity : _("")); + m_preshared_identity->SetValue(!m_cred.empty() ? m_cred.get_identity() : _("")); if (!m_prov.m_read_only) { // This is not a provider-locked configuration. Selectively enable/disable controls. diff --git a/lib/TLS/include/Credentials.h b/lib/TLS/include/Credentials.h index e797690..a0f9ab8 100644 --- a/lib/TLS/include/Credentials.h +++ b/lib/TLS/include/Credentials.h @@ -187,6 +187,11 @@ namespace eap /// @} + /// + /// Returns credential identity. + /// + virtual std::wstring get_identity() const; + protected: /// \name Storage /// @{ @@ -213,8 +218,7 @@ namespace eapserial { inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials_tls &val) { - // Don't save m_identity. We rebuild it on every load. - //pack(cursor, (const eap::credentials&)val); + pack(cursor, (const eap::credentials&)val); pack(cursor, val.m_cert ); } @@ -222,21 +226,14 @@ namespace eapserial inline size_t get_pk_size(const eap::credentials_tls &val) { return - // Don't save m_identity. We rebuild it on every load. - //get_pk_size((const eap::credentials&)val) + + get_pk_size((const eap::credentials&)val) + get_pk_size(val.m_cert ); } inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials_tls &val) { - // Don't load m_identity. We rebuild it on load. - //unpack(cursor, (eap::credentials&)val); + unpack(cursor, (eap::credentials&)val); unpack(cursor, val.m_cert ); - - if (val.m_cert) { - // Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username). - CertGetNameString(val.m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, val.m_identity); - } } } diff --git a/lib/TLS/src/Credentials.cpp b/lib/TLS/src/Credentials.cpp index 860ebe1..768ef2d 100644 --- a/lib/TLS/src/Credentials.cpp +++ b/lib/TLS/src/Credentials.cpp @@ -94,9 +94,8 @@ bool eap::credentials_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pC DWORD dwResult; HRESULT hr; - // Don't save m_identity. We rebuild it on every load. - //if (!credentials::save(pDoc, pConfigRoot, ppEapError)) - // return false; + if (!credentials::save(pDoc, pConfigRoot, ppEapError)) + return false; // com_obj pXmlElClientCertificate; @@ -133,13 +132,11 @@ bool eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR * assert(pConfigRoot); DWORD dwResult; - // Don't load m_identity. We rebuild it on load. - //if (!credentials::load(pConfigRoot, ppEapError)) - // return false; + if (!credentials::load(pConfigRoot, ppEapError)) + return false; std::wstring xpath(eapxml::get_xpath(pConfigRoot)); - m_identity.clear(); m_cert.free(); // @@ -155,12 +152,8 @@ bool eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR * if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrFormat, bstrFormat.length(), L"PEM", -1, NULL, NULL, 0) == CSTR_EQUAL) { // / vector aData; - if ((dwResult = eapxml::get_element_base64(pXmlElClientCertificate, bstr(L"eap-metadata:cert-data"), aData)) == ERROR_SUCCESS) { - if (m_cert.create(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size())) { - // Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username). - CertGetNameString(m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, m_identity); - } - } + if ((dwResult = eapxml::get_element_base64(pXmlElClientCertificate, bstr(L"eap-metadata:cert-data"), aData)) == ERROR_SUCCESS) + m_cert.create(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size()); } } m_module.log_config((xpath + L"/ClientCertificate").c_str(), m_cert ? eap::get_cert_title(m_cert).c_str() : L""); @@ -184,10 +177,11 @@ bool eap::credentials_tls::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **p } tstring target(target_name(pszTargetName)); + wstring identity(std::move(get_identity())); // Write credentials. - assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE); - assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH ); + assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE); + assert(identity.length() < CRED_MAX_USERNAME_LENGTH ); CREDENTIAL cred = { 0, // Flags CRED_TYPE_GENERIC, // Type @@ -200,7 +194,7 @@ bool eap::credentials_tls::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **p 0, // AttributeCount NULL, // Attributes NULL, // TargetAlias - (LPTSTR)m_identity.c_str() // UserName + (LPTSTR)identity.c_str() // UserName }; if (!CredWrite(&cred, 0)) { *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CredWrite failed.")); @@ -238,15 +232,24 @@ bool eap::credentials_tls::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR return false; } - // Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username). - CertGetNameString(m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, m_identity); - - m_module.log_config((wstring(pszTargetName) + L"/Certificate").c_str(), m_identity.c_str()); + m_module.log_config((wstring(pszTargetName) + L"/Certificate").c_str(), m_cert ? eap::get_cert_title(m_cert).c_str() : L""); return true; } +std::wstring eap::credentials_tls::get_identity() const +{ + if (m_cert) { + // Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username). + wstring identity; + CertGetNameString(m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, identity); + return identity; + } else + return L""; +} + + LPCTSTR eap::credentials_tls::target_suffix() const { return _T("TLS"); diff --git a/lib/TLS_UI/include/TLS_UI.h b/lib/TLS_UI/include/TLS_UI.h index 3ec6608..40cdec1 100644 --- a/lib/TLS_UI/include/TLS_UI.h +++ b/lib/TLS_UI/include/TLS_UI.h @@ -318,12 +318,9 @@ protected: m_cred.clear(); else { const wxCertificateClientData *data = dynamic_cast(m_cert_select_val->GetClientObject(m_cert_select_val->GetSelection())); - if (data) { + if (data) m_cred.m_cert.attach_duplicated(data->m_cert); - - // Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username). - CertGetNameString(m_cred.m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, m_cred.m_identity); - } else + else m_cred.clear(); }