Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Credentials are no longer stored using method name (TLS/PAP/MSCHAPv2) but with level/type identifier

Browse Source
This commit is contained in:
Simon Rozman 2016-09-06 15:39:41 +02:00
parent b11cb3a5f2
commit 641c9b6932
41 changed files with 226 additions and 604 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
CredWrite/Main.cpp
View File

@ -40,7 +40,7 @@ static int CredWrite()
return -1;
}
eap::credentials_pap cred_pap(g_module);
eap::credentials_pass cred_pass(g_module);
// Prepare identity (user name).
{
@ -50,7 +50,7 @@ static int CredWrite()
bool is_last;
dec.decode(identity_utf8, is_last, pwcArglist[1], (size_t)-1);
MultiByteToWideChar(CP_UTF8, 0, identity_utf8.data(), (int)identity_utf8.size(), cred_pap.m_identity);
MultiByteToWideChar(CP_UTF8, 0, identity_utf8.data(), (int)identity_utf8.size(), cred_pass.m_identity);
}
// Prepare password.
@ -61,7 +61,7 @@ static int CredWrite()
bool is_last;
dec.decode(password_utf8, is_last, pwcArglist[2], (size_t)-1);
MultiByteToWideChar(CP_UTF8, 0, password_utf8.data(), (int)password_utf8.size(), cred_pap.m_password);
MultiByteToWideChar(CP_UTF8, 0, password_utf8.data(), (int)password_utf8.size(), cred_pass.m_password);
}
// Generate target name (aka realm).
@ -71,7 +71,7 @@ static int CredWrite()
target_name = pwcArglist[3];
} else {
// Get the realm from user name.
LPCWSTR _identity = cred_pap.m_identity.c_str(), domain;
LPCWSTR _identity = cred_pass.m_identity.c_str(), domain;
if ((domain = wcschr(_identity, L'@')) != NULL) {
target_name = L"urn:RFC4282:realm:";
target_name += domain + 1;
@ -79,12 +79,22 @@ static int CredWrite()
target_name = L"*";
}
// Determine credential level.
unsigned int level;
if (nArgs > 4) {
// User explicitly set the level.
level = wcstoul(pwcArglist[4], NULL, 10);
} else {
// Set default level.
level = 0;
}
// Write credentials.
#ifdef _DEBUG
{
eap::credentials_pap cred_stored(g_module);
eap::credentials_pass cred_stored(g_module);
try {
cred_stored.retrieve(target_name.c_str());
cred_stored.retrieve(target_name.c_str(), level);
} catch(win_runtime_error &err) {
OutputDebugStr(_T("%hs (error %u)\n"), err.what(), err.number());
} catch(...) {
@ -93,7 +103,7 @@ static int CredWrite()
}
#endif
try {
cred_pap.store(target_name.c_str());
cred_pass.store(target_name.c_str(), level);
} catch(win_runtime_error &err) {
OutputDebugStr(_T("%hs (error %u)\n"), err.what(), err.number());
return 2;
@ -102,18 +112,6 @@ static int CredWrite()
return 2;
}
// Store empty TLS credentials.
eap::credentials_tls cred_tls(g_module);
try {
cred_tls.store(target_name.c_str());
} catch(win_runtime_error &err) {
OutputDebugStr(_T("%hs (error %u)\n"), err.what(), err.number());
return 3;
} catch(...) {
OutputDebugStr(_T("Writing credentials failed.\n"));
return 3;
}
return 0;
}

3
CredWrite/README.md
View File

@ -3,12 +3,13 @@ Imports given credentials to Windows Credential Manager for G
##Usage
```
CredWrite <username> <password> [<realm>]
CredWrite <username> <password> [<realm> [level]]
```
- `username` - Base64 encoded UTF-8 user name (usually of the form user@domain or domain\user)
- `password` - Base64 encoded UTF-8 user password
- `realm` - A realm ID to allow grouping of credentials over different WLAN profiles (optional, default is domain part of `username`)
- `level` - Credential level (0=outer, 1=inner, 2=inner-inner..., default is 0=outer)
The credentials are stored to Windows Credential Manager in invoking user's roaming profile.

3
CredWrite/StdAfx.h
View File

@ -20,8 +20,7 @@
#pragma once
#include "../lib/PAP/include/Credentials.h"
#include "../lib/TLS/include/Credentials.h"
#include "../lib/EAPBase/include/Credentials.h"
#include "../lib/EAPBase/include/Module.h"
#include <WinStd/Common.h>

13
lib/EAPBase/include/Config.h
View File

@ -205,9 +205,10 @@ namespace eap
///
/// Constructs configuration
///
/// \param[in] mod EAP module to use for global services
/// \param[in] mod EAP module to use for global services
/// \param[in] level Config level (0=outer, 1=inner, 2=inner-inner...)
///
config_method(_In_ module &mod);
config_method(_In_ module &mod, _In_ unsigned int level);
///
/// Copies configuration
@ -252,6 +253,9 @@ namespace eap
/// Returns a string identifier of the EAP method type of this configuration
///
virtual const wchar_t* get_method_str() const = 0;
public:
const unsigned int m_level; ///< Config level (0=outer, 1=inner, 2=inner-inner...)
};
@ -264,9 +268,10 @@ namespace eap
///
/// Constructs configuration
///
/// \param[in] mod EAP module to use for global services
/// \param[in] mod EAP module to use for global services
/// \param[in] level Config level (0=outer, 1=inner, 2=inner-inner...)
///
config_method_with_cred(_In_ module &mod);
config_method_with_cred(_In_ module &mod, _In_ unsigned int level);
///
/// Copies configuration

57
lib/EAPBase/include/Credentials.h
View File

@ -179,28 +179,40 @@ namespace eap
/// Save credentials to Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
virtual void store(_In_z_ LPCTSTR pszTargetName) const = 0;
virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const = 0;
///
/// Retrieve credentials from Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
virtual void retrieve(_In_z_ LPCTSTR pszTargetName) = 0;
virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) = 0;
///
/// Returns target name for Windows Credential Manager credential name
///
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
/// \returns Final target name to store/retrieve credentials in Windows Credential Manager
///
inline winstd::tstring target_name(_In_z_ LPCTSTR pszTargetName) const
inline winstd::tstring target_name(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const
{
// Start with product name and given target name (identity provider usually).
winstd::tstring target_name(_T(PRODUCT_NAME_STR) _T("/"));
target_name += pszTargetName;
target_name += _T('/');
// Append level of credentials.
TCHAR buf[20];
_ultot_s(level, buf, _countof(buf), 10);
target_name += buf;
target_name += _T('/');
// Append credential type.
target_name += target_suffix();
assert(target_name.length() < CRED_MAX_GENERIC_TARGET_NAME_LENGTH);
return target_name;
@ -291,6 +303,13 @@ namespace eap
///
credentials_pass& operator=(_Inout_ credentials_pass &&other);
///
/// Clones credentials
///
/// \returns Pointer to cloned credentials
///
virtual config* clone() const;
///
/// Resets credentials
///
@ -358,18 +377,46 @@ namespace eap
/// Save credentials to Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
virtual void store(_In_z_ LPCTSTR pszTargetName) const;
virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const;
///
/// Retrieve credentials from Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
virtual void retrieve(_In_z_ LPCTSTR pszTargetName);
virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level);
///
/// Return target suffix for Windows Credential Manager credential name
///
virtual LPCTSTR target_suffix() const;
/// @}
///
/// Combine credentials in the following order:
///
/// 1. Cached credentials
/// 2. Pre-configured credentials
/// 3. Stored credentials
///
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_pass* type)
/// \param[in] cfg Method configuration (must be config_method_pap type)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c source_cache Credentials were obtained from EapHost cache
/// - \c source_preshared Credentials were set by method configuration
/// - \c source_storage Credentials were loaded from Windows Credential Manager
///
virtual source_t combine(
_In_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName);
public:
winstd::sanitizing_wstring m_password; ///< Password

24
lib/EAPBase/src/Config.cpp
View File

@ -102,25 +102,33 @@ const bstr eap::config::namespace_eapmetadata(L"urn:ietf:params:xml:ns:yang:ietf
// eap::config_method
//////////////////////////////////////////////////////////////////////
eap::config_method::config_method(_In_ module &mod) : config(mod)
eap::config_method::config_method(_In_ module &mod, _In_ unsigned int level) :
m_level(level),
config(mod)
{
}
eap::config_method::config_method(_In_ const config_method &other) : config(other)
eap::config_method::config_method(_In_ const config_method &other) :
m_level(other.m_level),
config(other)
{
}
eap::config_method::config_method(_Inout_ config_method &&other) : config(std::move(other))
eap::config_method::config_method(_Inout_ config_method &&other) :
m_level(other.m_level),
config(std::move(other))
{
}
eap::config_method& eap::config_method::operator=(_In_ const config_method &other)
{
if (this != &other)
if (this != &other) {
assert(m_level == other.m_level); // Allow copy within same configuration level only.
(config&)*this = other;
}
return *this;
}
@ -128,8 +136,10 @@ eap::config_method& eap::config_method::operator=(_In_ const config_method &othe
eap::config_method& eap::config_method::operator=(_Inout_ config_method &&other)
{
if (this != &other)
if (this != &other) {
assert(m_level == other.m_level); // Allow move within same configuration level only.
(config&&)*this = std::move(other);
}
return *this;
}
@ -139,11 +149,11 @@ eap::config_method& eap::config_method::operator=(_Inout_ config_method &&other)
// eap::config_method_with_cred
//////////////////////////////////////////////////////////////////////
eap::config_method_with_cred::config_method_with_cred(_In_ module &mod) :
eap::config_method_with_cred::config_method_with_cred(_In_ module &mod, _In_ unsigned int level) :
m_allow_save(true),
m_use_preshared(false),
m_last_status(status_success),
config_method(mod)
config_method(mod, level)
{
}

57
lib/EAPBase/src/Credentials.cpp
View File

@ -197,6 +197,12 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass
}
eap::config* eap::credentials_pass::clone() const
{
return new credentials_pass(*this);
}
void eap::credentials_pass::clear()
{
credentials::clear();
@ -275,7 +281,7 @@ void eap::credentials_pass::operator>>(_Inout_ cursor_in &cursor)
}
void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName) const
void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const
{
assert(pszTargetName);
@ -290,7 +296,7 @@ void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName) const
if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc))
throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
tstring target(target_name(pszTargetName));
tstring target(target_name(pszTargetName, level));
// Write credentials.
assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
@ -314,13 +320,13 @@ void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName) const
}
void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName)
void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level)
{
assert(pszTargetName);
// Read credentials.
unique_ptr<CREDENTIAL, CredFree_delete<CREDENTIAL> > cred;
if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred))
if (!CredRead(target_name(pszTargetName, level).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred))
throw win_runtime_error(__FUNCTION__ " CredRead failed.");
// Decrypt the password using user's key.
@ -351,6 +357,49 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName)
}
LPCTSTR eap::credentials_pass::target_suffix() const
{
return _T("pass");
}
eap::credentials::source_t eap::credentials_pass::combine(
_In_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName)
{
if (cred_cached) {
// Using EAP service cached credentials.
*this = *(credentials_pass*)cred_cached;
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank);
return source_cache;
}
if (cfg.m_use_preshared) {
// Using preshared credentials.
*this = *(credentials_pass*)cfg.m_preshared.get();
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank);
return source_preshared;
}
if (pszTargetName) {
try {
credentials_pass cred_loaded(m_module);
cred_loaded.retrieve(pszTargetName, cfg.m_level);
// Using stored credentials.
*this = std::move(cred_loaded);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank);
return source_storage;
} catch (...) {
// Not actually an error.
}
}
return source_unknown;
}
const unsigned char eap::credentials_pass::s_entropy[1024] = {
0x40, 0x88, 0xd3, 0x13, 0x81, 0x8a, 0xf6, 0x74, 0x55, 0x8e, 0xcc, 0x73, 0x2c, 0xf8, 0x93, 0x37,
0x4f, 0xeb, 0x1d, 0x66, 0xb7, 0xfb, 0x47, 0x75, 0xb4, 0xfd, 0x07, 0xbb, 0xf6, 0xb3, 0x05, 0x30,

7
lib/EAPBase_UI/include/EAP_UI.h
View File

@ -199,7 +199,6 @@ public:
this->SetIcon(wxIcon(wxICON(product.ico)));
#endif
wstring target_name;
for (eap::config_connection::provider_list::iterator provider = m_cfg.m_providers.begin(), provider_end = m_cfg.m_providers.end(); provider != provider_end; ++provider) {
bool is_single = provider->m_methods.size() == 1;
std::vector<std::unique_ptr<eap::config_method> >::size_type count = 0;
@ -682,7 +681,7 @@ protected:
if (dlg.ShowModal() == wxID_OK && panel->GetRemember()) {
// Write credentials to credential manager.
try {
m_cred_own.store(m_prov.get_id().c_str());
m_cred_own.store(m_prov.get_id().c_str(), m_cfg.m_level);
m_has_own = TRUE;
UpdateOwnIdentity();
} catch (winstd::win_runtime_error &err) {
@ -698,7 +697,7 @@ protected:
virtual void OnClearOwn(wxCommandEvent& /*event*/)
{
if (CredDelete(m_cred_own.target_name(m_prov.get_id().c_str()).c_str(), CRED_TYPE_GENERIC, 0)) {
if (CredDelete(m_cred_own.target_name(m_prov.get_id().c_str(), m_cfg.m_level).c_str(), CRED_TYPE_GENERIC, 0)) {
m_own_identity->Clear();
m_has_own = false;
} else
@ -728,7 +727,7 @@ protected:
void RetrieveOwnCredentials()
{
try {
m_cred_own.retrieve(m_prov.get_id().c_str());
m_cred_own.retrieve(m_prov.get_id().c_str(), m_cfg.m_level);
m_has_own = true;
UpdateOwnIdentity();
} catch (winstd::win_runtime_error &err) {

2
lib/MSCHAPv2/build/MSCHAPv2.vcxproj
View File

@ -80,14 +80,12 @@
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
<ItemGroup>
<ClInclude Include="..\include\Config.h" />
<ClInclude Include="..\include\Credentials.h" />
<ClInclude Include="..\include\Method.h" />
<ClInclude Include="..\include\MSCHAPv2.h" />
<ClInclude Include="..\src\StdAfx.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\src\Config.cpp" />
<ClCompile Include="..\src\Credentials.cpp" />
<ClCompile Include="..\src\Method.cpp" />
<ClCompile Include="..\src\MSCHAPv2.cpp" />
<ClCompile Include="..\src\StdAfx.cpp">

6
lib/MSCHAPv2/build/MSCHAPv2.vcxproj.filters
View File

@ -17,9 +17,6 @@
<ClInclude Include="..\include\Config.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\Credentials.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\Method.h">
<Filter>Header Files</Filter>
</ClInclude>
@ -34,9 +31,6 @@
<ClCompile Include="..\src\Config.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\src\Credentials.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\src\Method.cpp">
<Filter>Source Files</Filter>
</ClCompile>

6
lib/MSCHAPv2/include/Config.h
View File

@ -30,7 +30,6 @@ namespace eap
#pragma once
#include "Credentials.h"
#include "../../EAPBase/include/Config.h"
#include <Windows.h>
@ -46,9 +45,10 @@ namespace eap
///
/// Constructs configuration
///
/// \param[in] mod EAP module to use for global services
/// \param[in] mod EAP module to use for global services
/// \param[in] level Config level (0=outer, 1=inner, 2=inner-inner...)
///
config_method_mschapv2(_In_ module &mod);
config_method_mschapv2(_In_ module &mod, _In_ unsigned int level);
///
/// Copies configuration

122
lib/MSCHAPv2/include/Credentials.h
View File

@ -1,122 +0,0 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
namespace eap
{
///
/// MSCHAPv2 credentials
///
class credentials_mschapv2;
}
#pragma once
#include "Config.h"
#include "../../EAPBase/include/Credentials.h"
#include <Windows.h>
#include <sal.h>
#include <tchar.h>
namespace eap
{
class credentials_mschapv2 : public credentials_pass
{
public:
///
/// Constructs credentials
///
/// \param[in] mod EAP module to use for global services
///
credentials_mschapv2(_In_ module &mod);
///
/// Copies credentials
///
/// \param[in] other Credentials to copy from
///
credentials_mschapv2(_In_ const credentials_mschapv2 &other);
///
/// Moves credentials
///
/// \param[in] other Credentials to move from
///
credentials_mschapv2(_Inout_ credentials_mschapv2 &&other);
///
/// Copies credentials
///
/// \param[in] other Credentials to copy from
///
/// \returns Reference to this object
///
credentials_mschapv2& operator=(_In_ const credentials_mschapv2 &other);
///
/// Moves credentials
///
/// \param[in] other Credentials to move from
///
/// \returns Reference to this object
///
credentials_mschapv2& operator=(_Inout_ credentials_mschapv2 &&other);
///
/// Clones credentials
///
/// \returns Pointer to cloned credentials
///
virtual config* clone() const;
/// \name Storage
/// @{
///
/// Return target suffix for Windows Credential Manager credential name
///
virtual LPCTSTR target_suffix() const;
/// @}
///
/// Combine credentials in the following order:
///
/// 1. Cached credentials
/// 2. Pre-configured credentials
/// 3. Stored credentials
///
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_mschapv2* type)
/// \param[in] cfg Method configuration (must be config_method_mschapv2 type)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c source_cache Credentials were obtained from EapHost cache
/// - \c source_preshared Credentials were set by method configuration
/// - \c source_storage Credentials were loaded from Windows Credential Manager
///
virtual source_t combine(
_In_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName);
};
}

5
lib/MSCHAPv2/include/Method.h
View File

@ -29,7 +29,6 @@ namespace eap
#pragma once
#include "Config.h"
#include "Credentials.h"
#include "MSCHAPv2.h"
#include "../../EAPBase/include/Method.h"
@ -49,7 +48,7 @@ namespace eap
/// \param[in] cfg Method configuration
/// \param[in] cred User credentials
///
method_mschapv2(_In_ module &module, _In_ config_method_mschapv2 &cfg, _In_ credentials_mschapv2 &cred);
method_mschapv2(_In_ module &module, _In_ config_method_mschapv2 &cfg, _In_ credentials_pass &cred);
///
/// Moves an EAP method
@ -133,7 +132,7 @@ namespace eap
static std::list<std::string> parse_response(_In_count_(count) const char *resp, _In_ size_t count);
protected:
credentials_mschapv2 &m_cred; ///< EAP-TLS user credentials
credentials_pass &m_cred; ///< EAP-TLS user credentials
winstd::crypt_prov m_cp; ///< Cryptography provider for general services
challenge_mschapv2 m_challenge_server; ///< MSCHAP server challenge

6
lib/MSCHAPv2/src/Config.cpp
View File

@ -28,9 +28,9 @@ using namespace winstd;
// eap::config_method_mschapv2
//////////////////////////////////////////////////////////////////////
eap::config_method_mschapv2::config_method_mschapv2(_In_ module &mod) : config_method_with_cred(mod)
eap::config_method_mschapv2::config_method_mschapv2(_In_ module &mod, _In_ unsigned int level) : config_method_with_cred(mod, level)
{
m_preshared.reset(new credentials_mschapv2(mod));
m_preshared.reset(new credentials_pass(mod));
}
@ -84,5 +84,5 @@ const wchar_t* eap::config_method_mschapv2::get_method_str() const
eap::credentials* eap::config_method_mschapv2::make_credentials() const
{
return new credentials_mschapv2(m_module);
return new credentials_pass(m_module);
}

112
lib/MSCHAPv2/src/Credentials.cpp
View File

@ -1,112 +0,0 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::credentials_mschapv2
//////////////////////////////////////////////////////////////////////
eap::credentials_mschapv2::credentials_mschapv2(_In_ module &mod) : credentials_pass(mod)
{
}
eap::credentials_mschapv2::credentials_mschapv2(_In_ const credentials_mschapv2 &other) :
credentials_pass(other)
{
}
eap::credentials_mschapv2::credentials_mschapv2(_Inout_ credentials_mschapv2 &&other) :
credentials_pass(std::move(other))
{
}
eap::credentials_mschapv2& eap::credentials_mschapv2::operator=(_In_ const credentials_mschapv2 &other)
{
if (this != &other)
(credentials_pass&)*this = other;
return *this;
}
eap::credentials_mschapv2& eap::credentials_mschapv2::operator=(_Inout_ credentials_mschapv2 &&other)
{
if (this != &other)
(credentials_pass&&)*this = std::move(other);
return *this;
}
eap::config* eap::credentials_mschapv2::clone() const
{
return new credentials_mschapv2(*this);
}
LPCTSTR eap::credentials_mschapv2::target_suffix() const
{
return _T("MSCHAPv2");
}
eap::credentials::source_t eap::credentials_mschapv2::combine(
_In_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName)
{
if (cred_cached) {
// Using EAP service cached credentials.
*this = *(credentials_mschapv2*)cred_cached;
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_legacy_mschapv2), event_data(credentials_mschapv2::get_name()), event_data::blank);
return source_cache;
}
if (cfg.m_use_preshared) {
// Using preshared credentials.
*this = *(credentials_mschapv2*)cfg.m_preshared.get();
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_legacy_mschapv2), event_data(credentials_mschapv2::get_name()), event_data::blank);
return source_preshared;
}
if (pszTargetName) {
try {
credentials_mschapv2 cred_loaded(m_module);
cred_loaded.retrieve(pszTargetName);
// Using stored credentials.
*this = std::move(cred_loaded);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_legacy_mschapv2), event_data(credentials_mschapv2::get_name()), event_data::blank);
return source_storage;
} catch (...) {
// Not actually an error.
}
}
return source_unknown;
}

2
lib/MSCHAPv2/src/Method.cpp
View File

@ -28,7 +28,7 @@ using namespace winstd;
// eap::method_mschapv2
//////////////////////////////////////////////////////////////////////
eap::method_mschapv2::method_mschapv2(_In_ module &module, _In_ config_method_mschapv2 &cfg, _In_ credentials_mschapv2 &cred) :
eap::method_mschapv2::method_mschapv2(_In_ module &module, _In_ config_method_mschapv2 &cfg, _In_ credentials_pass &cred) :
m_cred(cred),
m_ident(0),
m_success(false),

1
lib/MSCHAPv2/src/StdAfx.h
View File

@ -21,7 +21,6 @@
#pragma once
#include "../include/Config.h"
#include "../include/Credentials.h"
#include "../include/Method.h"
#include "../include/MSCHAPv2.h"

5
lib/MSCHAPv2_UI/include/MSCHAPv2_UI.h
View File

@ -20,12 +20,11 @@
#include "../../EAPBase_UI/include/EAP_UI.h"
#include "../../MSCHAPv2/include/Config.h"
#include "../../MSCHAPv2/include/Credentials.h"
///
/// MSCHAPv2 credential configuration panel
///
typedef wxEAPCredentialsConfigPanel<eap::credentials_mschapv2, wxPasswordCredentialsPanel<eap::credentials_mschapv2, wxEAPCredentialsPassPanelBase> > wxMSCHAPv2CredentialsConfigPanel;
typedef wxEAPCredentialsConfigPanel<eap::credentials_pass, wxPasswordCredentialsPanel<eap::credentials_pass, wxEAPCredentialsPassPanelBase> > wxMSCHAPv2CredentialsConfigPanel;
///
/// MSCHAPv2 configuration panel
@ -35,7 +34,7 @@ class wxMSCHAPv2ConfigPanel;
///
/// MSCHAPv2 credential entry panel
///
typedef wxPasswordCredentialsPanel<eap::credentials_mschapv2, wxEAPCredentialsPassPanelBase> wxMSCHAPv2CredentialsPanel;
typedef wxPasswordCredentialsPanel<eap::credentials_pass, wxEAPCredentialsPassPanelBase> wxMSCHAPv2CredentialsPanel;
#pragma once

2
lib/PAP/build/PAP.vcxproj
View File

@ -80,13 +80,11 @@
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
<ItemGroup>
<ClInclude Include="..\include\Config.h" />
<ClInclude Include="..\include\Credentials.h" />
<ClInclude Include="..\include\Method.h" />
<ClInclude Include="..\src\StdAfx.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\src\Config.cpp" />
<ClCompile Include="..\src\Credentials.cpp" />
<ClCompile Include="..\src\Method.cpp" />
<ClCompile Include="..\src\StdAfx.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>

6
lib/PAP/build/PAP.vcxproj.filters
View File

@ -17,9 +17,6 @@
<ClInclude Include="..\include\Config.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\Credentials.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\Method.h">
<Filter>Header Files</Filter>
</ClInclude>
@ -31,9 +28,6 @@
<ClCompile Include="..\src\Config.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\src\Credentials.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\src\Method.cpp">
<Filter>Source Files</Filter>
</ClCompile>

6
lib/PAP/include/Config.h
View File

@ -30,7 +30,6 @@ namespace eap
#pragma once
#include "Credentials.h"
#include "../../EAPBase/include/Config.h"
#include <Windows.h>
@ -46,9 +45,10 @@ namespace eap
///
/// Constructs configuration
///
/// \param[in] mod EAP module to use for global services
/// \param[in] mod EAP module to use for global services
/// \param[in] level Config level (0=outer, 1=inner, 2=inner-inner...)
///
config_method_pap(_In_ module &mod);
config_method_pap(_In_ module &mod, _In_ unsigned int level);
///
/// Copies configuration

122
lib/PAP/include/Credentials.h
View File

@ -1,122 +0,0 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
namespace eap
{
///
/// PAP credentials
///
class credentials_pap;
}
#pragma once
#include "Config.h"
#include "../../EAPBase/include/Credentials.h"
#include <Windows.h>
#include <sal.h>
#include <tchar.h>
namespace eap
{
class credentials_pap : public credentials_pass
{
public:
///
/// Constructs credentials
///
/// \param[in] mod EAP module to use for global services
///
credentials_pap(_In_ module &mod);
///
/// Copies credentials
///
/// \param[in] other Credentials to copy from
///
credentials_pap(_In_ const credentials_pap &other);
///
/// Moves credentials
///
/// \param[in] other Credentials to move from
///
credentials_pap(_Inout_ credentials_pap &&other);
///
/// Copies credentials
///
/// \param[in] other Credentials to copy from
///
/// \returns Reference to this object
///
credentials_pap& operator=(_In_ const credentials_pap &other);
///
/// Moves credentials
///
/// \param[in] other Credentials to move from
///
/// \returns Reference to this object
///
credentials_pap& operator=(_Inout_ credentials_pap &&other);
///
/// Clones credentials
///
/// \returns Pointer to cloned credentials
///
virtual config* clone() const;
/// \name Storage
/// @{
///
/// Return target suffix for Windows Credential Manager credential name
///
virtual LPCTSTR target_suffix() const;
/// @}
///
/// Combine credentials in the following order:
///
/// 1. Cached credentials
/// 2. Pre-configured credentials
/// 3. Stored credentials
///
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_pap* type)
/// \param[in] cfg Method configuration (must be config_method_pap type)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c source_cache Credentials were obtained from EapHost cache
/// - \c source_preshared Credentials were set by method configuration
/// - \c source_storage Credentials were loaded from Windows Credential Manager
///
virtual source_t combine(
_In_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName);
};
}

5
lib/PAP/include/Method.h
View File

@ -30,7 +30,6 @@ namespace eap
#pragma once
#include "Config.h"
#include "Credentials.h"
#include "../../EAPBase/include/Method.h"
@ -47,7 +46,7 @@ namespace eap
/// \param[in] cfg Method configuration
/// \param[in] cred User credentials
///
method_pap(_In_ module &module, _In_ config_method_pap &cfg, _In_ credentials_pap &cred);
method_pap(_In_ module &module, _In_ config_method_pap &cfg, _In_ credentials_pass &cred);
///
/// Moves an EAP method
@ -92,7 +91,7 @@ namespace eap
/// @}
protected:
credentials_pap &m_cred; ///< EAP-TLS user credentials
credentials_pass &m_cred; ///< EAP-TLS user credentials
enum {
phase_unknown = -1, ///< Unknown phase

6
lib/PAP/src/Config.cpp
View File

@ -28,9 +28,9 @@ using namespace winstd;
// eap::config_method_pap
//////////////////////////////////////////////////////////////////////
eap::config_method_pap::config_method_pap(_In_ module &mod) : config_method_with_cred(mod)
eap::config_method_pap::config_method_pap(_In_ module &mod, _In_ unsigned int level) : config_method_with_cred(mod, level)
{
m_preshared.reset(new credentials_pap(mod));
m_preshared.reset(new credentials_pass(mod));
}
@ -84,5 +84,5 @@ const wchar_t* eap::config_method_pap::get_method_str() const
eap::credentials* eap::config_method_pap::make_credentials() const
{
return new credentials_pap(m_module);
return new credentials_pass(m_module);
}

112
lib/PAP/src/Credentials.cpp
View File

@ -1,112 +0,0 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::credentials_pap
//////////////////////////////////////////////////////////////////////
eap::credentials_pap::credentials_pap(_In_ module &mod) : credentials_pass(mod)
{
}
eap::credentials_pap::credentials_pap(_In_ const credentials_pap &other) :
credentials_pass(other)
{
}
eap::credentials_pap::credentials_pap(_Inout_ credentials_pap &&other) :
credentials_pass(std::move(other))
{
}
eap::credentials_pap& eap::credentials_pap::operator=(_In_ const credentials_pap &other)
{
if (this != &other)
(credentials_pass&)*this = other;
return *this;
}
eap::credentials_pap& eap::credentials_pap::operator=(_Inout_ credentials_pap &&other)
{
if (this != &other)
(credentials_pass&&)*this = std::move(other);
return *this;
}
eap::config* eap::credentials_pap::clone() const
{
return new credentials_pap(*this);
}
LPCTSTR eap::credentials_pap::target_suffix() const
{
return _T("PAP");
}
eap::credentials::source_t eap::credentials_pap::combine(
_In_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName)
{
if (cred_cached) {
// Using EAP service cached credentials.
*this = *(credentials_pap*)cred_cached;
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_legacy_pap), event_data(credentials_pap::get_name()), event_data::blank);
return source_cache;
}
if (cfg.m_use_preshared) {
// Using preshared credentials.
*this = *(credentials_pap*)cfg.m_preshared.get();
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_legacy_pap), event_data(credentials_pap::get_name()), event_data::blank);
return source_preshared;
}
if (pszTargetName) {
try {
credentials_pap cred_loaded(m_module);
cred_loaded.retrieve(pszTargetName);
// Using stored credentials.
*this = std::move(cred_loaded);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_legacy_pap), event_data(credentials_pap::get_name()), event_data::blank);
return source_storage;
} catch (...) {
// Not actually an error.
}
}
return source_unknown;
}

2
lib/PAP/src/Method.cpp
View File

@ -28,7 +28,7 @@ using namespace winstd;
// eap::method_pap
//////////////////////////////////////////////////////////////////////
eap::method_pap::method_pap(_In_ module &module, _In_ config_method_pap &cfg, _In_ credentials_pap &cred) :
eap::method_pap::method_pap(_In_ module &module, _In_ config_method_pap &cfg, _In_ credentials_pass &cred) :
m_cred(cred),
m_phase(phase_unknown),
method_noneap(module, cfg, cred)

1
lib/PAP/src/StdAfx.h
View File

@ -21,7 +21,6 @@
#pragma once
#include "../include/Config.h"
#include "../include/Credentials.h"
#include "../include/Method.h"
#include <Windows.h>

5
lib/PAP_UI/include/PAP_UI.h
View File

@ -20,12 +20,11 @@
#include "../../EAPBase_UI/include/EAP_UI.h"
#include "../../PAP/include/Config.h"
#include "../../PAP/include/Credentials.h"
///
/// PAP credential configuration panel
///
typedef wxEAPCredentialsConfigPanel<eap::credentials_pap, wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPassPanelBase> > wxPAPCredentialsConfigPanel;
typedef wxEAPCredentialsConfigPanel<eap::credentials_pass, wxPasswordCredentialsPanel<eap::credentials_pass, wxEAPCredentialsPassPanelBase> > wxPAPCredentialsConfigPanel;
///
/// PAP configuration panel
@ -35,7 +34,7 @@ class wxPAPConfigPanel;
///
/// PAP credential entry panel
///
typedef wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPassPanelBase> wxPAPCredentialsPanel;
typedef wxPasswordCredentialsPanel<eap::credentials_pass, wxEAPCredentialsPassPanelBase> wxPAPCredentialsPanel;
#pragma once

5
lib/TLS/include/Config.h
View File

@ -66,9 +66,10 @@ namespace eap
///
/// Constructs configuration
///
/// \param[in] mod EAP module to use for global services
/// \param[in] mod EAP module to use for global services
/// \param[in] level Config level (0=outer, 1=inner, 2=inner-inner...)
///
config_method_tls(_In_ module &mod);
config_method_tls(_In_ module &mod, _In_ unsigned int level);
///
/// Copies configuration

6
lib/TLS/include/Credentials.h
View File

@ -158,15 +158,17 @@ namespace eap
/// Save credentials to Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
virtual void store(_In_z_ LPCTSTR pszTargetName) const;
virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const;
///
/// Retrieve credentials from Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
virtual void retrieve(_In_z_ LPCTSTR pszTargetName);
virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level);
///
/// Return target suffix for Windows Credential Manager credential name

2
lib/TLS/src/Config.cpp
View File

@ -66,7 +66,7 @@ tstring eap::get_cert_title(PCCERT_CONTEXT cert)
// eap::config_method_tls
//////////////////////////////////////////////////////////////////////
eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with_cred(mod)
eap::config_method_tls::config_method_tls(_In_ module &mod, _In_ unsigned int level) : config_method_with_cred(mod, level)
{
m_preshared.reset(new credentials_tls(mod));
}

12
lib/TLS/src/Credentials.cpp
View File

@ -166,7 +166,7 @@ void eap::credentials_tls::operator>>(_Inout_ cursor_in &cursor)
}
void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const
{
assert(pszTargetName);
@ -179,7 +179,7 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
}
tstring target(target_name(pszTargetName));
tstring target(target_name(pszTargetName, level));
// Write credentials.
assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
@ -203,13 +203,13 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
}
void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName)
void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level)
{
assert(pszTargetName);
// Read credentials.
unique_ptr<CREDENTIAL, CredFree_delete<CREDENTIAL> > cred;
if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred))
if (!CredRead(target_name(pszTargetName, level).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred))
throw win_runtime_error(__FUNCTION__ " CredRead failed.");
if (cred->CredentialBlobSize) {
@ -240,7 +240,7 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName)
LPCTSTR eap::credentials_tls::target_suffix() const
{
return _T("TLS");
return _T("Cert");
}
@ -313,7 +313,7 @@ eap::credentials::source_t eap::credentials_tls::combine(
if (pszTargetName) {
try {
credentials_tls cred_loaded(m_module);
cred_loaded.retrieve(pszTargetName);
cred_loaded.retrieve(pszTargetName, cfg.m_level);
// Using stored credentials.
*this = std::move(cred_loaded);

5
lib/TTLS/include/Config.h
View File

@ -47,9 +47,10 @@ namespace eap {
///
/// Constructs configuration
///
/// \param[in] mod EAP module to use for global services
/// \param[in] mod EAP module to use for global services
/// \param[in] level Config level (0=outer, 1=inner, 2=inner-inner...)
///
config_method_ttls(_In_ module &mod);
config_method_ttls(_In_ module &mod, _In_ unsigned int level);
///
/// Copies configuration

6
lib/TTLS/include/Credentials.h
View File

@ -149,15 +149,17 @@ namespace eap
/// Save credentials to Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
virtual void store(_In_z_ LPCTSTR pszTargetName) const;
virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const;
///
/// Retrieve credentials from Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
virtual void retrieve(_In_z_ LPCTSTR pszTargetName);
virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level);
///
/// Returns credential identity.

22
lib/TTLS/src/Config.cpp
View File

@ -28,9 +28,9 @@ using namespace winstd;
// eap::config_method_ttls
//////////////////////////////////////////////////////////////////////
eap::config_method_ttls::config_method_ttls(_In_ module &mod) :
m_inner(new config_method_pap(mod)),
config_method_tls(mod)
eap::config_method_ttls::config_method_ttls(_In_ module &mod, _In_ unsigned int level) :
m_inner(new config_method_pap(mod, level + 1)),
config_method_tls(mod, level)
{
// TTLS is using blank pre-shared credentials per default.
m_use_preshared = true;
@ -265,10 +265,10 @@ eap::credentials* eap::config_method_ttls::make_credentials() const
eap::config_method_with_cred* eap::config_method_ttls::make_config_method(_In_ winstd::eap_type_t eap_type) const
{
switch (eap_type) {
case eap_type_tls : return new config_method_tls (m_module);
case eap_type_ttls : return new config_method_ttls (m_module);
case eap_type_legacy_pap : return new config_method_pap (m_module);
case eap_type_legacy_mschapv2: return new config_method_mschapv2(m_module);
case eap_type_tls : return new config_method_tls (m_module, m_level + 1);
case eap_type_ttls : return new config_method_ttls (m_module, m_level + 1);
case eap_type_legacy_pap : return new config_method_pap (m_module, m_level + 1);
case eap_type_legacy_mschapv2: return new config_method_mschapv2(m_module, m_level + 1);
default : throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method.");
}
}
@ -276,10 +276,10 @@ eap::config_method_with_cred* eap::config_method_ttls::make_config_method(_In_ w
eap::config_method_with_cred* eap::config_method_ttls::make_config_method(_In_ const wchar_t *eap_type) const
{
if (_wcsicmp(eap_type, L"EAP-TLS" ) == 0) return new config_method_tls (m_module);
else if (_wcsicmp(eap_type, L"EAP-TTLS") == 0) return new config_method_ttls (m_module);
else if (_wcsicmp(eap_type, L"PAP" ) == 0) return new config_method_pap (m_module);
else if (_wcsicmp(eap_type, L"MSCHAPv2") == 0) return new config_method_mschapv2(m_module);
if (_wcsicmp(eap_type, L"EAP-TLS" ) == 0) return new config_method_tls (m_module, m_level + 1);
else if (_wcsicmp(eap_type, L"EAP-TTLS") == 0) return new config_method_ttls (m_module, m_level + 1);
else if (_wcsicmp(eap_type, L"PAP" ) == 0) return new config_method_pap (m_module, m_level + 1);
else if (_wcsicmp(eap_type, L"MSCHAPv2") == 0) return new config_method_mschapv2(m_module, m_level + 1);
else throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method.");
}

12
lib/TTLS/src/Credentials.cpp
View File

@ -146,23 +146,23 @@ void eap::credentials_ttls::operator>>(_Inout_ cursor_in &cursor)
}
void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName) const
void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const
{
assert(0); // Not that we would ever store inner&outer credentials to Windows Credential Manager joined, but for completness sake... Here we go:
credentials_tls::store(pszTargetName);
credentials_tls::store(pszTargetName, level);
m_inner->store(pszTargetName);
m_inner->store(pszTargetName, level + 1);
}
void eap::credentials_ttls::retrieve(_In_z_ LPCTSTR pszTargetName)
void eap::credentials_ttls::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level)
{
assert(0); // Not that we would ever retrieve inner&outer credentials to Windows Credential Manager joined, but for completness sake... Here we go:
credentials_tls::retrieve(pszTargetName);
credentials_tls::retrieve(pszTargetName, level);
m_inner->retrieve(pszTargetName);
m_inner->retrieve(pszTargetName, level + 1);
}

4
lib/TTLS/src/Method.cpp
View File

@ -69,8 +69,8 @@ void eap::method_ttls::begin_session(
// Initialize inner method.
switch (m_cfg.m_inner->get_method_id()) {
case eap_type_legacy_pap : m_inner.reset(new method_pap (m_module, (config_method_pap &)*m_cfg.m_inner, (credentials_pap &)*m_cred.m_inner.get())); break;
case eap_type_legacy_mschapv2: m_inner.reset(new method_mschapv2(m_module, (config_method_mschapv2&)*m_cfg.m_inner, (credentials_mschapv2&)*m_cred.m_inner.get())); break;
case eap_type_legacy_pap : m_inner.reset(new method_pap (m_module, (config_method_pap &)*m_cfg.m_inner, (credentials_pass &)*m_cred.m_inner.get())); break;
case eap_type_legacy_mschapv2: m_inner.reset(new method_mschapv2(m_module, (config_method_mschapv2&)*m_cfg.m_inner, (credentials_pass&)*m_cred.m_inner.get())); break;
default: throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method.");
}
m_inner->begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, MAXDWORD);

2
lib/TTLS/src/Module.cpp
View File

@ -35,7 +35,7 @@ eap::peer_ttls::peer_ttls() : peer(eap_type_ttls)
eap::config_method* eap::peer_ttls::make_config_method()
{
return new config_method_ttls(*this);
return new config_method_ttls(*this, 0);
}

2
lib/TTLS/src/StdAfx.h
View File

@ -27,11 +27,9 @@
#include "../include/TTLS.h"
#include "../../PAP/include/Config.h"
#include "../../PAP/include/Credentials.h"
#include "../../PAP/include/Method.h"
#include "../../MSCHAPv2/include/Config.h"
#include "../../MSCHAPv2/include/Credentials.h"
#include "../../MSCHAPv2/include/Method.h"
#include "../../MSCHAPv2/include/MSCHAPv2.h"

6
lib/TTLS_UI/src/Module.cpp
View File

@ -52,7 +52,7 @@ eap::peer_ttls_ui::peer_ttls_ui() : peer_ui(eap_type_ttls)
eap::config_method* eap::peer_ttls_ui::make_config_method()
{
return new config_method_ttls(*this);
return new config_method_ttls(*this, 0);
}
@ -270,7 +270,7 @@ void eap::peer_ttls_ui::invoke_identity_ui(
// Write credentials to credential manager.
if (panel->m_outer_cred->GetRemember()) {
try {
_cred_out->credentials_tls::store(target_name.c_str());
_cred_out->credentials_tls::store(target_name.c_str(), 0);
} catch (winstd::win_runtime_error &err) {
wxLogError(winstd::tstring_printf(_("Error writing credentials to Credential Manager: %hs (error %u)"), err.what(), err.number()).c_str());
} catch (...) {
@ -280,7 +280,7 @@ void eap::peer_ttls_ui::invoke_identity_ui(
if (panel->m_inner_cred->GetRemember()) {
try {
_cred_out->m_inner->store(target_name.c_str());
_cred_out->m_inner->store(target_name.c_str(), 1);
} catch (winstd::win_runtime_error &err) {
wxLogError(winstd::tstring_printf(_("Error writing credentials to Credential Manager: %hs (error %u)"), err.what(), err.number()).c_str());
} catch (...) {

12
lib/TTLS_UI/src/TTLS_UI.cpp
View File

@ -95,8 +95,8 @@ void wxTTLSConfigPanel::OnUpdateUI(wxUpdateUIEvent& /*event*/)
wxTTLSConfigWindow::wxTTLSConfigWindow(eap::config_provider &prov, eap::config_method &cfg, wxWindow* parent) :
m_cfg((eap::config_method_ttls&)cfg),
m_cfg_pap(cfg.m_module),
m_cfg_mschapv2(cfg.m_module),
m_cfg_pap(cfg.m_module, cfg.m_level + 1),
m_cfg_mschapv2(cfg.m_module, cfg.m_level + 1),
wxEAPConfigWindow(prov, cfg, parent)
{
wxBoxSizer* sb_content;
@ -246,13 +246,13 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov,
const eap::config_method_mschapv2 *cfg_inner_mschapv2;
if ((cfg_inner_pap = dynamic_cast<const eap::config_method_pap*>(m_cfg.m_inner.get())) != NULL) {
eap::credentials_ttls &cred_ttls = (eap::credentials_ttls&)cred;
if (!cred_ttls.m_inner) cred_ttls.m_inner.reset(new eap::credentials_pap(cred.m_module));
m_inner_cred = new wxPAPCredentialsPanel(m_prov, *cfg_inner_pap, *(eap::credentials_pap*)cred_ttls.m_inner.get(), this, is_config);
if (!cred_ttls.m_inner) cred_ttls.m_inner.reset(new eap::credentials_pass(cred.m_module));
m_inner_cred = new wxPAPCredentialsPanel(m_prov, *cfg_inner_pap, *(eap::credentials_pass*)cred_ttls.m_inner.get(), this, is_config);
sb_content->Add(m_inner_cred, 0, wxALL|wxEXPAND, 5);
} else if ((cfg_inner_mschapv2 = dynamic_cast<const eap::config_method_mschapv2*>(m_cfg.m_inner.get())) != NULL) {
eap::credentials_ttls &cred_ttls = (eap::credentials_ttls&)cred;
if (!cred_ttls.m_inner) cred_ttls.m_inner.reset(new eap::credentials_mschapv2(cred.m_module));
m_inner_cred = new wxMSCHAPv2CredentialsPanel(m_prov, *cfg_inner_mschapv2, *(eap::credentials_mschapv2*)cred_ttls.m_inner.get(), this, is_config);
if (!cred_ttls.m_inner) cred_ttls.m_inner.reset(new eap::credentials_pass(cred.m_module));
m_inner_cred = new wxMSCHAPv2CredentialsPanel(m_prov, *cfg_inner_mschapv2, *(eap::credentials_pass*)cred_ttls.m_inner.get(), this, is_config);
sb_content->Add(m_inner_cred, 0, wxALL|wxEXPAND, 5);
} else
assert(0); // Unsupported inner authentication method type.