From 641c9b693260891195dafa5980422df4994621ea Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Tue, 6 Sep 2016 15:39:41 +0200 Subject: [PATCH] Credentials are no longer stored using method name (TLS/PAP/MSCHAPv2) but with level/type identifier --- CredWrite/Main.cpp | 36 +++--- CredWrite/README.md | 3 +- CredWrite/StdAfx.h | 3 +- lib/EAPBase/include/Config.h | 13 ++- lib/EAPBase/include/Credentials.h | 57 ++++++++- lib/EAPBase/src/Config.cpp | 24 ++-- lib/EAPBase/src/Credentials.cpp | 57 ++++++++- lib/EAPBase_UI/include/EAP_UI.h | 7 +- lib/MSCHAPv2/build/MSCHAPv2.vcxproj | 2 - lib/MSCHAPv2/build/MSCHAPv2.vcxproj.filters | 6 - lib/MSCHAPv2/include/Config.h | 6 +- lib/MSCHAPv2/include/Credentials.h | 122 -------------------- lib/MSCHAPv2/include/Method.h | 5 +- lib/MSCHAPv2/src/Config.cpp | 6 +- lib/MSCHAPv2/src/Credentials.cpp | 112 ------------------ lib/MSCHAPv2/src/Method.cpp | 2 +- lib/MSCHAPv2/src/StdAfx.h | 1 - lib/MSCHAPv2_UI/include/MSCHAPv2_UI.h | 5 +- lib/PAP/build/PAP.vcxproj | 2 - lib/PAP/build/PAP.vcxproj.filters | 6 - lib/PAP/include/Config.h | 6 +- lib/PAP/include/Credentials.h | 122 -------------------- lib/PAP/include/Method.h | 5 +- lib/PAP/src/Config.cpp | 6 +- lib/PAP/src/Credentials.cpp | 112 ------------------ lib/PAP/src/Method.cpp | 2 +- lib/PAP/src/StdAfx.h | 1 - lib/PAP_UI/include/PAP_UI.h | 5 +- lib/TLS/include/Config.h | 5 +- lib/TLS/include/Credentials.h | 6 +- lib/TLS/src/Config.cpp | 2 +- lib/TLS/src/Credentials.cpp | 12 +- lib/TTLS/include/Config.h | 5 +- lib/TTLS/include/Credentials.h | 6 +- lib/TTLS/src/Config.cpp | 22 ++-- lib/TTLS/src/Credentials.cpp | 12 +- lib/TTLS/src/Method.cpp | 4 +- lib/TTLS/src/Module.cpp | 2 +- lib/TTLS/src/StdAfx.h | 2 - lib/TTLS_UI/src/Module.cpp | 6 +- lib/TTLS_UI/src/TTLS_UI.cpp | 12 +- 41 files changed, 226 insertions(+), 604 deletions(-) delete mode 100644 lib/MSCHAPv2/include/Credentials.h delete mode 100644 lib/MSCHAPv2/src/Credentials.cpp delete mode 100644 lib/PAP/include/Credentials.h delete mode 100644 lib/PAP/src/Credentials.cpp diff --git a/CredWrite/Main.cpp b/CredWrite/Main.cpp index e6e3917..66d121c 100644 --- a/CredWrite/Main.cpp +++ b/CredWrite/Main.cpp @@ -40,7 +40,7 @@ static int CredWrite() return -1; } - eap::credentials_pap cred_pap(g_module); + eap::credentials_pass cred_pass(g_module); // Prepare identity (user name). { @@ -50,7 +50,7 @@ static int CredWrite() bool is_last; dec.decode(identity_utf8, is_last, pwcArglist[1], (size_t)-1); - MultiByteToWideChar(CP_UTF8, 0, identity_utf8.data(), (int)identity_utf8.size(), cred_pap.m_identity); + MultiByteToWideChar(CP_UTF8, 0, identity_utf8.data(), (int)identity_utf8.size(), cred_pass.m_identity); } // Prepare password. @@ -61,7 +61,7 @@ static int CredWrite() bool is_last; dec.decode(password_utf8, is_last, pwcArglist[2], (size_t)-1); - MultiByteToWideChar(CP_UTF8, 0, password_utf8.data(), (int)password_utf8.size(), cred_pap.m_password); + MultiByteToWideChar(CP_UTF8, 0, password_utf8.data(), (int)password_utf8.size(), cred_pass.m_password); } // Generate target name (aka realm). @@ -71,7 +71,7 @@ static int CredWrite() target_name = pwcArglist[3]; } else { // Get the realm from user name. - LPCWSTR _identity = cred_pap.m_identity.c_str(), domain; + LPCWSTR _identity = cred_pass.m_identity.c_str(), domain; if ((domain = wcschr(_identity, L'@')) != NULL) { target_name = L"urn:RFC4282:realm:"; target_name += domain + 1; @@ -79,12 +79,22 @@ static int CredWrite() target_name = L"*"; } + // Determine credential level. + unsigned int level; + if (nArgs > 4) { + // User explicitly set the level. + level = wcstoul(pwcArglist[4], NULL, 10); + } else { + // Set default level. + level = 0; + } + // Write credentials. #ifdef _DEBUG { - eap::credentials_pap cred_stored(g_module); + eap::credentials_pass cred_stored(g_module); try { - cred_stored.retrieve(target_name.c_str()); + cred_stored.retrieve(target_name.c_str(), level); } catch(win_runtime_error &err) { OutputDebugStr(_T("%hs (error %u)\n"), err.what(), err.number()); } catch(...) { @@ -93,7 +103,7 @@ static int CredWrite() } #endif try { - cred_pap.store(target_name.c_str()); + cred_pass.store(target_name.c_str(), level); } catch(win_runtime_error &err) { OutputDebugStr(_T("%hs (error %u)\n"), err.what(), err.number()); return 2; @@ -102,18 +112,6 @@ static int CredWrite() return 2; } - // Store empty TLS credentials. - eap::credentials_tls cred_tls(g_module); - try { - cred_tls.store(target_name.c_str()); - } catch(win_runtime_error &err) { - OutputDebugStr(_T("%hs (error %u)\n"), err.what(), err.number()); - return 3; - } catch(...) { - OutputDebugStr(_T("Writing credentials failed.\n")); - return 3; - } - return 0; } diff --git a/CredWrite/README.md b/CredWrite/README.md index b5ff61b..8f56d7e 100644 --- a/CredWrite/README.md +++ b/CredWrite/README.md @@ -3,12 +3,13 @@ Imports given credentials to Windows Credential Manager for G ##Usage ``` -CredWrite [] +CredWrite [ [level]] ``` - `username` - Base64 encoded UTF-8 user name (usually of the form user@domain or domain\user) - `password` - Base64 encoded UTF-8 user password - `realm` - A realm ID to allow grouping of credentials over different WLAN profiles (optional, default is domain part of `username`) +- `level` - Credential level (0=outer, 1=inner, 2=inner-inner..., default is 0=outer) The credentials are stored to Windows Credential Manager in invoking user's roaming profile. diff --git a/CredWrite/StdAfx.h b/CredWrite/StdAfx.h index 6bfe629..537f298 100644 --- a/CredWrite/StdAfx.h +++ b/CredWrite/StdAfx.h @@ -20,8 +20,7 @@ #pragma once -#include "../lib/PAP/include/Credentials.h" -#include "../lib/TLS/include/Credentials.h" +#include "../lib/EAPBase/include/Credentials.h" #include "../lib/EAPBase/include/Module.h" #include diff --git a/lib/EAPBase/include/Config.h b/lib/EAPBase/include/Config.h index 78ac7c7..04e1f5c 100644 --- a/lib/EAPBase/include/Config.h +++ b/lib/EAPBase/include/Config.h @@ -205,9 +205,10 @@ namespace eap /// /// Constructs configuration /// - /// \param[in] mod EAP module to use for global services + /// \param[in] mod EAP module to use for global services + /// \param[in] level Config level (0=outer, 1=inner, 2=inner-inner...) /// - config_method(_In_ module &mod); + config_method(_In_ module &mod, _In_ unsigned int level); /// /// Copies configuration @@ -252,6 +253,9 @@ namespace eap /// Returns a string identifier of the EAP method type of this configuration /// virtual const wchar_t* get_method_str() const = 0; + + public: + const unsigned int m_level; ///< Config level (0=outer, 1=inner, 2=inner-inner...) }; @@ -264,9 +268,10 @@ namespace eap /// /// Constructs configuration /// - /// \param[in] mod EAP module to use for global services + /// \param[in] mod EAP module to use for global services + /// \param[in] level Config level (0=outer, 1=inner, 2=inner-inner...) /// - config_method_with_cred(_In_ module &mod); + config_method_with_cred(_In_ module &mod, _In_ unsigned int level); /// /// Copies configuration diff --git a/lib/EAPBase/include/Credentials.h b/lib/EAPBase/include/Credentials.h index a976d58..2a08563 100644 --- a/lib/EAPBase/include/Credentials.h +++ b/lib/EAPBase/include/Credentials.h @@ -179,28 +179,40 @@ namespace eap /// Save credentials to Windows Credential Manager /// /// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as + /// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...) /// - virtual void store(_In_z_ LPCTSTR pszTargetName) const = 0; + virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const = 0; /// /// Retrieve credentials from Windows Credential Manager /// /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from + /// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...) /// - virtual void retrieve(_In_z_ LPCTSTR pszTargetName) = 0; + virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) = 0; /// /// Returns target name for Windows Credential Manager credential name /// /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from + /// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...) /// /// \returns Final target name to store/retrieve credentials in Windows Credential Manager /// - inline winstd::tstring target_name(_In_z_ LPCTSTR pszTargetName) const + inline winstd::tstring target_name(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const { + // Start with product name and given target name (identity provider usually). winstd::tstring target_name(_T(PRODUCT_NAME_STR) _T("/")); target_name += pszTargetName; target_name += _T('/'); + + // Append level of credentials. + TCHAR buf[20]; + _ultot_s(level, buf, _countof(buf), 10); + target_name += buf; + target_name += _T('/'); + + // Append credential type. target_name += target_suffix(); assert(target_name.length() < CRED_MAX_GENERIC_TARGET_NAME_LENGTH); return target_name; @@ -291,6 +303,13 @@ namespace eap /// credentials_pass& operator=(_Inout_ credentials_pass &&other); + /// + /// Clones credentials + /// + /// \returns Pointer to cloned credentials + /// + virtual config* clone() const; + /// /// Resets credentials /// @@ -358,18 +377,46 @@ namespace eap /// Save credentials to Windows Credential Manager /// /// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as + /// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...) /// - virtual void store(_In_z_ LPCTSTR pszTargetName) const; + virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const; /// /// Retrieve credentials from Windows Credential Manager /// /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from + /// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...) /// - virtual void retrieve(_In_z_ LPCTSTR pszTargetName); + virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level); + + /// + /// Return target suffix for Windows Credential Manager credential name + /// + virtual LPCTSTR target_suffix() const; /// @} + /// + /// Combine credentials in the following order: + /// + /// 1. Cached credentials + /// 2. Pre-configured credentials + /// 3. Stored credentials + /// + /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_pass* type) + /// \param[in] cfg Method configuration (must be config_method_pap type) + /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL) + /// + /// \returns + /// - \c source_cache Credentials were obtained from EapHost cache + /// - \c source_preshared Credentials were set by method configuration + /// - \c source_storage Credentials were loaded from Windows Credential Manager + /// + virtual source_t combine( + _In_ const credentials *cred_cached, + _In_ const config_method_with_cred &cfg, + _In_opt_z_ LPCTSTR pszTargetName); + public: winstd::sanitizing_wstring m_password; ///< Password diff --git a/lib/EAPBase/src/Config.cpp b/lib/EAPBase/src/Config.cpp index ceb4df9..d90c06f 100644 --- a/lib/EAPBase/src/Config.cpp +++ b/lib/EAPBase/src/Config.cpp @@ -102,25 +102,33 @@ const bstr eap::config::namespace_eapmetadata(L"urn:ietf:params:xml:ns:yang:ietf // eap::config_method ////////////////////////////////////////////////////////////////////// -eap::config_method::config_method(_In_ module &mod) : config(mod) +eap::config_method::config_method(_In_ module &mod, _In_ unsigned int level) : + m_level(level), + config(mod) { } -eap::config_method::config_method(_In_ const config_method &other) : config(other) +eap::config_method::config_method(_In_ const config_method &other) : + m_level(other.m_level), + config(other) { } -eap::config_method::config_method(_Inout_ config_method &&other) : config(std::move(other)) +eap::config_method::config_method(_Inout_ config_method &&other) : + m_level(other.m_level), + config(std::move(other)) { } eap::config_method& eap::config_method::operator=(_In_ const config_method &other) { - if (this != &other) + if (this != &other) { + assert(m_level == other.m_level); // Allow copy within same configuration level only. (config&)*this = other; + } return *this; } @@ -128,8 +136,10 @@ eap::config_method& eap::config_method::operator=(_In_ const config_method &othe eap::config_method& eap::config_method::operator=(_Inout_ config_method &&other) { - if (this != &other) + if (this != &other) { + assert(m_level == other.m_level); // Allow move within same configuration level only. (config&&)*this = std::move(other); + } return *this; } @@ -139,11 +149,11 @@ eap::config_method& eap::config_method::operator=(_Inout_ config_method &&other) // eap::config_method_with_cred ////////////////////////////////////////////////////////////////////// -eap::config_method_with_cred::config_method_with_cred(_In_ module &mod) : +eap::config_method_with_cred::config_method_with_cred(_In_ module &mod, _In_ unsigned int level) : m_allow_save(true), m_use_preshared(false), m_last_status(status_success), - config_method(mod) + config_method(mod, level) { } diff --git a/lib/EAPBase/src/Credentials.cpp b/lib/EAPBase/src/Credentials.cpp index 85e7cd8..c8ccff2 100644 --- a/lib/EAPBase/src/Credentials.cpp +++ b/lib/EAPBase/src/Credentials.cpp @@ -197,6 +197,12 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass } +eap::config* eap::credentials_pass::clone() const +{ + return new credentials_pass(*this); +} + + void eap::credentials_pass::clear() { credentials::clear(); @@ -275,7 +281,7 @@ void eap::credentials_pass::operator>>(_Inout_ cursor_in &cursor) } -void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName) const +void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const { assert(pszTargetName); @@ -290,7 +296,7 @@ void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName) const if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc)) throw win_runtime_error(__FUNCTION__ " CryptProtectData failed."); - tstring target(target_name(pszTargetName)); + tstring target(target_name(pszTargetName, level)); // Write credentials. assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE); @@ -314,13 +320,13 @@ void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName) const } -void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName) +void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) { assert(pszTargetName); // Read credentials. unique_ptr > cred; - if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred)) + if (!CredRead(target_name(pszTargetName, level).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred)) throw win_runtime_error(__FUNCTION__ " CredRead failed."); // Decrypt the password using user's key. @@ -351,6 +357,49 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName) } +LPCTSTR eap::credentials_pass::target_suffix() const +{ + return _T("pass"); +} + + +eap::credentials::source_t eap::credentials_pass::combine( + _In_ const credentials *cred_cached, + _In_ const config_method_with_cred &cfg, + _In_opt_z_ LPCTSTR pszTargetName) +{ + if (cred_cached) { + // Using EAP service cached credentials. + *this = *(credentials_pass*)cred_cached; + m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank); + return source_cache; + } + + if (cfg.m_use_preshared) { + // Using preshared credentials. + *this = *(credentials_pass*)cfg.m_preshared.get(); + m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank); + return source_preshared; + } + + if (pszTargetName) { + try { + credentials_pass cred_loaded(m_module); + cred_loaded.retrieve(pszTargetName, cfg.m_level); + + // Using stored credentials. + *this = std::move(cred_loaded); + m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank); + return source_storage; + } catch (...) { + // Not actually an error. + } + } + + return source_unknown; +} + + const unsigned char eap::credentials_pass::s_entropy[1024] = { 0x40, 0x88, 0xd3, 0x13, 0x81, 0x8a, 0xf6, 0x74, 0x55, 0x8e, 0xcc, 0x73, 0x2c, 0xf8, 0x93, 0x37, 0x4f, 0xeb, 0x1d, 0x66, 0xb7, 0xfb, 0x47, 0x75, 0xb4, 0xfd, 0x07, 0xbb, 0xf6, 0xb3, 0x05, 0x30, diff --git a/lib/EAPBase_UI/include/EAP_UI.h b/lib/EAPBase_UI/include/EAP_UI.h index 6f32392..5da9024 100644 --- a/lib/EAPBase_UI/include/EAP_UI.h +++ b/lib/EAPBase_UI/include/EAP_UI.h @@ -199,7 +199,6 @@ public: this->SetIcon(wxIcon(wxICON(product.ico))); #endif - wstring target_name; for (eap::config_connection::provider_list::iterator provider = m_cfg.m_providers.begin(), provider_end = m_cfg.m_providers.end(); provider != provider_end; ++provider) { bool is_single = provider->m_methods.size() == 1; std::vector >::size_type count = 0; @@ -682,7 +681,7 @@ protected: if (dlg.ShowModal() == wxID_OK && panel->GetRemember()) { // Write credentials to credential manager. try { - m_cred_own.store(m_prov.get_id().c_str()); + m_cred_own.store(m_prov.get_id().c_str(), m_cfg.m_level); m_has_own = TRUE; UpdateOwnIdentity(); } catch (winstd::win_runtime_error &err) { @@ -698,7 +697,7 @@ protected: virtual void OnClearOwn(wxCommandEvent& /*event*/) { - if (CredDelete(m_cred_own.target_name(m_prov.get_id().c_str()).c_str(), CRED_TYPE_GENERIC, 0)) { + if (CredDelete(m_cred_own.target_name(m_prov.get_id().c_str(), m_cfg.m_level).c_str(), CRED_TYPE_GENERIC, 0)) { m_own_identity->Clear(); m_has_own = false; } else @@ -728,7 +727,7 @@ protected: void RetrieveOwnCredentials() { try { - m_cred_own.retrieve(m_prov.get_id().c_str()); + m_cred_own.retrieve(m_prov.get_id().c_str(), m_cfg.m_level); m_has_own = true; UpdateOwnIdentity(); } catch (winstd::win_runtime_error &err) { diff --git a/lib/MSCHAPv2/build/MSCHAPv2.vcxproj b/lib/MSCHAPv2/build/MSCHAPv2.vcxproj index 5807437..9ce7e84 100644 --- a/lib/MSCHAPv2/build/MSCHAPv2.vcxproj +++ b/lib/MSCHAPv2/build/MSCHAPv2.vcxproj @@ -80,14 +80,12 @@ - - diff --git a/lib/MSCHAPv2/build/MSCHAPv2.vcxproj.filters b/lib/MSCHAPv2/build/MSCHAPv2.vcxproj.filters index 8e98b26..b4c2101 100644 --- a/lib/MSCHAPv2/build/MSCHAPv2.vcxproj.filters +++ b/lib/MSCHAPv2/build/MSCHAPv2.vcxproj.filters @@ -17,9 +17,6 @@ Header Files - - Header Files - Header Files @@ -34,9 +31,6 @@ Source Files - - Source Files - Source Files diff --git a/lib/MSCHAPv2/include/Config.h b/lib/MSCHAPv2/include/Config.h index ff4c4ae..c4ed48c 100644 --- a/lib/MSCHAPv2/include/Config.h +++ b/lib/MSCHAPv2/include/Config.h @@ -30,7 +30,6 @@ namespace eap #pragma once -#include "Credentials.h" #include "../../EAPBase/include/Config.h" #include @@ -46,9 +45,10 @@ namespace eap /// /// Constructs configuration /// - /// \param[in] mod EAP module to use for global services + /// \param[in] mod EAP module to use for global services + /// \param[in] level Config level (0=outer, 1=inner, 2=inner-inner...) /// - config_method_mschapv2(_In_ module &mod); + config_method_mschapv2(_In_ module &mod, _In_ unsigned int level); /// /// Copies configuration diff --git a/lib/MSCHAPv2/include/Credentials.h b/lib/MSCHAPv2/include/Credentials.h deleted file mode 100644 index 7f1fbee..0000000 --- a/lib/MSCHAPv2/include/Credentials.h +++ /dev/null @@ -1,122 +0,0 @@ -/* - Copyright 2015-2016 Amebis - Copyright 2016 GÉANT - - This file is part of GÉANTLink. - - GÉANTLink is free software: you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - GÉANTLink is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GÉANTLink. If not, see . -*/ - -namespace eap -{ - /// - /// MSCHAPv2 credentials - /// - class credentials_mschapv2; -} - -#pragma once - -#include "Config.h" - -#include "../../EAPBase/include/Credentials.h" - -#include -#include -#include - - -namespace eap -{ - class credentials_mschapv2 : public credentials_pass - { - public: - /// - /// Constructs credentials - /// - /// \param[in] mod EAP module to use for global services - /// - credentials_mschapv2(_In_ module &mod); - - /// - /// Copies credentials - /// - /// \param[in] other Credentials to copy from - /// - credentials_mschapv2(_In_ const credentials_mschapv2 &other); - - /// - /// Moves credentials - /// - /// \param[in] other Credentials to move from - /// - credentials_mschapv2(_Inout_ credentials_mschapv2 &&other); - - /// - /// Copies credentials - /// - /// \param[in] other Credentials to copy from - /// - /// \returns Reference to this object - /// - credentials_mschapv2& operator=(_In_ const credentials_mschapv2 &other); - - /// - /// Moves credentials - /// - /// \param[in] other Credentials to move from - /// - /// \returns Reference to this object - /// - credentials_mschapv2& operator=(_Inout_ credentials_mschapv2 &&other); - - /// - /// Clones credentials - /// - /// \returns Pointer to cloned credentials - /// - virtual config* clone() const; - - /// \name Storage - /// @{ - - /// - /// Return target suffix for Windows Credential Manager credential name - /// - virtual LPCTSTR target_suffix() const; - - /// @} - - /// - /// Combine credentials in the following order: - /// - /// 1. Cached credentials - /// 2. Pre-configured credentials - /// 3. Stored credentials - /// - /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_mschapv2* type) - /// \param[in] cfg Method configuration (must be config_method_mschapv2 type) - /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL) - /// - /// \returns - /// - \c source_cache Credentials were obtained from EapHost cache - /// - \c source_preshared Credentials were set by method configuration - /// - \c source_storage Credentials were loaded from Windows Credential Manager - /// - virtual source_t combine( - _In_ const credentials *cred_cached, - _In_ const config_method_with_cred &cfg, - _In_opt_z_ LPCTSTR pszTargetName); - }; -} diff --git a/lib/MSCHAPv2/include/Method.h b/lib/MSCHAPv2/include/Method.h index 8f8cc73..2293226 100644 --- a/lib/MSCHAPv2/include/Method.h +++ b/lib/MSCHAPv2/include/Method.h @@ -29,7 +29,6 @@ namespace eap #pragma once #include "Config.h" -#include "Credentials.h" #include "MSCHAPv2.h" #include "../../EAPBase/include/Method.h" @@ -49,7 +48,7 @@ namespace eap /// \param[in] cfg Method configuration /// \param[in] cred User credentials /// - method_mschapv2(_In_ module &module, _In_ config_method_mschapv2 &cfg, _In_ credentials_mschapv2 &cred); + method_mschapv2(_In_ module &module, _In_ config_method_mschapv2 &cfg, _In_ credentials_pass &cred); /// /// Moves an EAP method @@ -133,7 +132,7 @@ namespace eap static std::list parse_response(_In_count_(count) const char *resp, _In_ size_t count); protected: - credentials_mschapv2 &m_cred; ///< EAP-TLS user credentials + credentials_pass &m_cred; ///< EAP-TLS user credentials winstd::crypt_prov m_cp; ///< Cryptography provider for general services challenge_mschapv2 m_challenge_server; ///< MSCHAP server challenge diff --git a/lib/MSCHAPv2/src/Config.cpp b/lib/MSCHAPv2/src/Config.cpp index 632fd37..87f271a 100644 --- a/lib/MSCHAPv2/src/Config.cpp +++ b/lib/MSCHAPv2/src/Config.cpp @@ -28,9 +28,9 @@ using namespace winstd; // eap::config_method_mschapv2 ////////////////////////////////////////////////////////////////////// -eap::config_method_mschapv2::config_method_mschapv2(_In_ module &mod) : config_method_with_cred(mod) +eap::config_method_mschapv2::config_method_mschapv2(_In_ module &mod, _In_ unsigned int level) : config_method_with_cred(mod, level) { - m_preshared.reset(new credentials_mschapv2(mod)); + m_preshared.reset(new credentials_pass(mod)); } @@ -84,5 +84,5 @@ const wchar_t* eap::config_method_mschapv2::get_method_str() const eap::credentials* eap::config_method_mschapv2::make_credentials() const { - return new credentials_mschapv2(m_module); + return new credentials_pass(m_module); } diff --git a/lib/MSCHAPv2/src/Credentials.cpp b/lib/MSCHAPv2/src/Credentials.cpp deleted file mode 100644 index 6b4c0b4..0000000 --- a/lib/MSCHAPv2/src/Credentials.cpp +++ /dev/null @@ -1,112 +0,0 @@ -/* - Copyright 2015-2016 Amebis - Copyright 2016 GÉANT - - This file is part of GÉANTLink. - - GÉANTLink is free software: you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - GÉANTLink is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GÉANTLink. If not, see . -*/ - -#include "StdAfx.h" - -using namespace std; -using namespace winstd; - - -////////////////////////////////////////////////////////////////////// -// eap::credentials_mschapv2 -////////////////////////////////////////////////////////////////////// - -eap::credentials_mschapv2::credentials_mschapv2(_In_ module &mod) : credentials_pass(mod) -{ -} - - -eap::credentials_mschapv2::credentials_mschapv2(_In_ const credentials_mschapv2 &other) : - credentials_pass(other) -{ -} - - -eap::credentials_mschapv2::credentials_mschapv2(_Inout_ credentials_mschapv2 &&other) : - credentials_pass(std::move(other)) -{ -} - - -eap::credentials_mschapv2& eap::credentials_mschapv2::operator=(_In_ const credentials_mschapv2 &other) -{ - if (this != &other) - (credentials_pass&)*this = other; - - return *this; -} - - -eap::credentials_mschapv2& eap::credentials_mschapv2::operator=(_Inout_ credentials_mschapv2 &&other) -{ - if (this != &other) - (credentials_pass&&)*this = std::move(other); - - return *this; -} - - -eap::config* eap::credentials_mschapv2::clone() const -{ - return new credentials_mschapv2(*this); -} - - -LPCTSTR eap::credentials_mschapv2::target_suffix() const -{ - return _T("MSCHAPv2"); -} - - -eap::credentials::source_t eap::credentials_mschapv2::combine( - _In_ const credentials *cred_cached, - _In_ const config_method_with_cred &cfg, - _In_opt_z_ LPCTSTR pszTargetName) -{ - if (cred_cached) { - // Using EAP service cached credentials. - *this = *(credentials_mschapv2*)cred_cached; - m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_legacy_mschapv2), event_data(credentials_mschapv2::get_name()), event_data::blank); - return source_cache; - } - - if (cfg.m_use_preshared) { - // Using preshared credentials. - *this = *(credentials_mschapv2*)cfg.m_preshared.get(); - m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_legacy_mschapv2), event_data(credentials_mschapv2::get_name()), event_data::blank); - return source_preshared; - } - - if (pszTargetName) { - try { - credentials_mschapv2 cred_loaded(m_module); - cred_loaded.retrieve(pszTargetName); - - // Using stored credentials. - *this = std::move(cred_loaded); - m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_legacy_mschapv2), event_data(credentials_mschapv2::get_name()), event_data::blank); - return source_storage; - } catch (...) { - // Not actually an error. - } - } - - return source_unknown; -} diff --git a/lib/MSCHAPv2/src/Method.cpp b/lib/MSCHAPv2/src/Method.cpp index f5af445..96f5d5f 100644 --- a/lib/MSCHAPv2/src/Method.cpp +++ b/lib/MSCHAPv2/src/Method.cpp @@ -28,7 +28,7 @@ using namespace winstd; // eap::method_mschapv2 ////////////////////////////////////////////////////////////////////// -eap::method_mschapv2::method_mschapv2(_In_ module &module, _In_ config_method_mschapv2 &cfg, _In_ credentials_mschapv2 &cred) : +eap::method_mschapv2::method_mschapv2(_In_ module &module, _In_ config_method_mschapv2 &cfg, _In_ credentials_pass &cred) : m_cred(cred), m_ident(0), m_success(false), diff --git a/lib/MSCHAPv2/src/StdAfx.h b/lib/MSCHAPv2/src/StdAfx.h index f26626f..a4f1934 100644 --- a/lib/MSCHAPv2/src/StdAfx.h +++ b/lib/MSCHAPv2/src/StdAfx.h @@ -21,7 +21,6 @@ #pragma once #include "../include/Config.h" -#include "../include/Credentials.h" #include "../include/Method.h" #include "../include/MSCHAPv2.h" diff --git a/lib/MSCHAPv2_UI/include/MSCHAPv2_UI.h b/lib/MSCHAPv2_UI/include/MSCHAPv2_UI.h index 3ae1204..be228ee 100644 --- a/lib/MSCHAPv2_UI/include/MSCHAPv2_UI.h +++ b/lib/MSCHAPv2_UI/include/MSCHAPv2_UI.h @@ -20,12 +20,11 @@ #include "../../EAPBase_UI/include/EAP_UI.h" #include "../../MSCHAPv2/include/Config.h" -#include "../../MSCHAPv2/include/Credentials.h" /// /// MSCHAPv2 credential configuration panel /// -typedef wxEAPCredentialsConfigPanel > wxMSCHAPv2CredentialsConfigPanel; +typedef wxEAPCredentialsConfigPanel > wxMSCHAPv2CredentialsConfigPanel; /// /// MSCHAPv2 configuration panel @@ -35,7 +34,7 @@ class wxMSCHAPv2ConfigPanel; /// /// MSCHAPv2 credential entry panel /// -typedef wxPasswordCredentialsPanel wxMSCHAPv2CredentialsPanel; +typedef wxPasswordCredentialsPanel wxMSCHAPv2CredentialsPanel; #pragma once diff --git a/lib/PAP/build/PAP.vcxproj b/lib/PAP/build/PAP.vcxproj index 094c02e..da6dfe2 100644 --- a/lib/PAP/build/PAP.vcxproj +++ b/lib/PAP/build/PAP.vcxproj @@ -80,13 +80,11 @@ - - Create diff --git a/lib/PAP/build/PAP.vcxproj.filters b/lib/PAP/build/PAP.vcxproj.filters index 8c96e75..8b77249 100644 --- a/lib/PAP/build/PAP.vcxproj.filters +++ b/lib/PAP/build/PAP.vcxproj.filters @@ -17,9 +17,6 @@ Header Files - - Header Files - Header Files @@ -31,9 +28,6 @@ Source Files - - Source Files - Source Files diff --git a/lib/PAP/include/Config.h b/lib/PAP/include/Config.h index 348f141..aef3bd0 100644 --- a/lib/PAP/include/Config.h +++ b/lib/PAP/include/Config.h @@ -30,7 +30,6 @@ namespace eap #pragma once -#include "Credentials.h" #include "../../EAPBase/include/Config.h" #include @@ -46,9 +45,10 @@ namespace eap /// /// Constructs configuration /// - /// \param[in] mod EAP module to use for global services + /// \param[in] mod EAP module to use for global services + /// \param[in] level Config level (0=outer, 1=inner, 2=inner-inner...) /// - config_method_pap(_In_ module &mod); + config_method_pap(_In_ module &mod, _In_ unsigned int level); /// /// Copies configuration diff --git a/lib/PAP/include/Credentials.h b/lib/PAP/include/Credentials.h deleted file mode 100644 index f0f4cd8..0000000 --- a/lib/PAP/include/Credentials.h +++ /dev/null @@ -1,122 +0,0 @@ -/* - Copyright 2015-2016 Amebis - Copyright 2016 GÉANT - - This file is part of GÉANTLink. - - GÉANTLink is free software: you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - GÉANTLink is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GÉANTLink. If not, see . -*/ - -namespace eap -{ - /// - /// PAP credentials - /// - class credentials_pap; -} - -#pragma once - -#include "Config.h" - -#include "../../EAPBase/include/Credentials.h" - -#include -#include -#include - - -namespace eap -{ - class credentials_pap : public credentials_pass - { - public: - /// - /// Constructs credentials - /// - /// \param[in] mod EAP module to use for global services - /// - credentials_pap(_In_ module &mod); - - /// - /// Copies credentials - /// - /// \param[in] other Credentials to copy from - /// - credentials_pap(_In_ const credentials_pap &other); - - /// - /// Moves credentials - /// - /// \param[in] other Credentials to move from - /// - credentials_pap(_Inout_ credentials_pap &&other); - - /// - /// Copies credentials - /// - /// \param[in] other Credentials to copy from - /// - /// \returns Reference to this object - /// - credentials_pap& operator=(_In_ const credentials_pap &other); - - /// - /// Moves credentials - /// - /// \param[in] other Credentials to move from - /// - /// \returns Reference to this object - /// - credentials_pap& operator=(_Inout_ credentials_pap &&other); - - /// - /// Clones credentials - /// - /// \returns Pointer to cloned credentials - /// - virtual config* clone() const; - - /// \name Storage - /// @{ - - /// - /// Return target suffix for Windows Credential Manager credential name - /// - virtual LPCTSTR target_suffix() const; - - /// @} - - /// - /// Combine credentials in the following order: - /// - /// 1. Cached credentials - /// 2. Pre-configured credentials - /// 3. Stored credentials - /// - /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_pap* type) - /// \param[in] cfg Method configuration (must be config_method_pap type) - /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL) - /// - /// \returns - /// - \c source_cache Credentials were obtained from EapHost cache - /// - \c source_preshared Credentials were set by method configuration - /// - \c source_storage Credentials were loaded from Windows Credential Manager - /// - virtual source_t combine( - _In_ const credentials *cred_cached, - _In_ const config_method_with_cred &cfg, - _In_opt_z_ LPCTSTR pszTargetName); - }; -} diff --git a/lib/PAP/include/Method.h b/lib/PAP/include/Method.h index f86c120..cc02c33 100644 --- a/lib/PAP/include/Method.h +++ b/lib/PAP/include/Method.h @@ -30,7 +30,6 @@ namespace eap #pragma once #include "Config.h" -#include "Credentials.h" #include "../../EAPBase/include/Method.h" @@ -47,7 +46,7 @@ namespace eap /// \param[in] cfg Method configuration /// \param[in] cred User credentials /// - method_pap(_In_ module &module, _In_ config_method_pap &cfg, _In_ credentials_pap &cred); + method_pap(_In_ module &module, _In_ config_method_pap &cfg, _In_ credentials_pass &cred); /// /// Moves an EAP method @@ -92,7 +91,7 @@ namespace eap /// @} protected: - credentials_pap &m_cred; ///< EAP-TLS user credentials + credentials_pass &m_cred; ///< EAP-TLS user credentials enum { phase_unknown = -1, ///< Unknown phase diff --git a/lib/PAP/src/Config.cpp b/lib/PAP/src/Config.cpp index 5ea7537..36a95de 100644 --- a/lib/PAP/src/Config.cpp +++ b/lib/PAP/src/Config.cpp @@ -28,9 +28,9 @@ using namespace winstd; // eap::config_method_pap ////////////////////////////////////////////////////////////////////// -eap::config_method_pap::config_method_pap(_In_ module &mod) : config_method_with_cred(mod) +eap::config_method_pap::config_method_pap(_In_ module &mod, _In_ unsigned int level) : config_method_with_cred(mod, level) { - m_preshared.reset(new credentials_pap(mod)); + m_preshared.reset(new credentials_pass(mod)); } @@ -84,5 +84,5 @@ const wchar_t* eap::config_method_pap::get_method_str() const eap::credentials* eap::config_method_pap::make_credentials() const { - return new credentials_pap(m_module); + return new credentials_pass(m_module); } diff --git a/lib/PAP/src/Credentials.cpp b/lib/PAP/src/Credentials.cpp deleted file mode 100644 index cd4e69e..0000000 --- a/lib/PAP/src/Credentials.cpp +++ /dev/null @@ -1,112 +0,0 @@ -/* - Copyright 2015-2016 Amebis - Copyright 2016 GÉANT - - This file is part of GÉANTLink. - - GÉANTLink is free software: you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - GÉANTLink is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GÉANTLink. If not, see . -*/ - -#include "StdAfx.h" - -using namespace std; -using namespace winstd; - - -////////////////////////////////////////////////////////////////////// -// eap::credentials_pap -////////////////////////////////////////////////////////////////////// - -eap::credentials_pap::credentials_pap(_In_ module &mod) : credentials_pass(mod) -{ -} - - -eap::credentials_pap::credentials_pap(_In_ const credentials_pap &other) : - credentials_pass(other) -{ -} - - -eap::credentials_pap::credentials_pap(_Inout_ credentials_pap &&other) : - credentials_pass(std::move(other)) -{ -} - - -eap::credentials_pap& eap::credentials_pap::operator=(_In_ const credentials_pap &other) -{ - if (this != &other) - (credentials_pass&)*this = other; - - return *this; -} - - -eap::credentials_pap& eap::credentials_pap::operator=(_Inout_ credentials_pap &&other) -{ - if (this != &other) - (credentials_pass&&)*this = std::move(other); - - return *this; -} - - -eap::config* eap::credentials_pap::clone() const -{ - return new credentials_pap(*this); -} - - -LPCTSTR eap::credentials_pap::target_suffix() const -{ - return _T("PAP"); -} - - -eap::credentials::source_t eap::credentials_pap::combine( - _In_ const credentials *cred_cached, - _In_ const config_method_with_cred &cfg, - _In_opt_z_ LPCTSTR pszTargetName) -{ - if (cred_cached) { - // Using EAP service cached credentials. - *this = *(credentials_pap*)cred_cached; - m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_legacy_pap), event_data(credentials_pap::get_name()), event_data::blank); - return source_cache; - } - - if (cfg.m_use_preshared) { - // Using preshared credentials. - *this = *(credentials_pap*)cfg.m_preshared.get(); - m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_legacy_pap), event_data(credentials_pap::get_name()), event_data::blank); - return source_preshared; - } - - if (pszTargetName) { - try { - credentials_pap cred_loaded(m_module); - cred_loaded.retrieve(pszTargetName); - - // Using stored credentials. - *this = std::move(cred_loaded); - m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_legacy_pap), event_data(credentials_pap::get_name()), event_data::blank); - return source_storage; - } catch (...) { - // Not actually an error. - } - } - - return source_unknown; -} diff --git a/lib/PAP/src/Method.cpp b/lib/PAP/src/Method.cpp index b0ff75a..bf838fa 100644 --- a/lib/PAP/src/Method.cpp +++ b/lib/PAP/src/Method.cpp @@ -28,7 +28,7 @@ using namespace winstd; // eap::method_pap ////////////////////////////////////////////////////////////////////// -eap::method_pap::method_pap(_In_ module &module, _In_ config_method_pap &cfg, _In_ credentials_pap &cred) : +eap::method_pap::method_pap(_In_ module &module, _In_ config_method_pap &cfg, _In_ credentials_pass &cred) : m_cred(cred), m_phase(phase_unknown), method_noneap(module, cfg, cred) diff --git a/lib/PAP/src/StdAfx.h b/lib/PAP/src/StdAfx.h index cc1d372..4a59206 100644 --- a/lib/PAP/src/StdAfx.h +++ b/lib/PAP/src/StdAfx.h @@ -21,7 +21,6 @@ #pragma once #include "../include/Config.h" -#include "../include/Credentials.h" #include "../include/Method.h" #include diff --git a/lib/PAP_UI/include/PAP_UI.h b/lib/PAP_UI/include/PAP_UI.h index 3747855..c41ac3b 100644 --- a/lib/PAP_UI/include/PAP_UI.h +++ b/lib/PAP_UI/include/PAP_UI.h @@ -20,12 +20,11 @@ #include "../../EAPBase_UI/include/EAP_UI.h" #include "../../PAP/include/Config.h" -#include "../../PAP/include/Credentials.h" /// /// PAP credential configuration panel /// -typedef wxEAPCredentialsConfigPanel > wxPAPCredentialsConfigPanel; +typedef wxEAPCredentialsConfigPanel > wxPAPCredentialsConfigPanel; /// /// PAP configuration panel @@ -35,7 +34,7 @@ class wxPAPConfigPanel; /// /// PAP credential entry panel /// -typedef wxPasswordCredentialsPanel wxPAPCredentialsPanel; +typedef wxPasswordCredentialsPanel wxPAPCredentialsPanel; #pragma once diff --git a/lib/TLS/include/Config.h b/lib/TLS/include/Config.h index 5154d02..4d95a0f 100644 --- a/lib/TLS/include/Config.h +++ b/lib/TLS/include/Config.h @@ -66,9 +66,10 @@ namespace eap /// /// Constructs configuration /// - /// \param[in] mod EAP module to use for global services + /// \param[in] mod EAP module to use for global services + /// \param[in] level Config level (0=outer, 1=inner, 2=inner-inner...) /// - config_method_tls(_In_ module &mod); + config_method_tls(_In_ module &mod, _In_ unsigned int level); /// /// Copies configuration diff --git a/lib/TLS/include/Credentials.h b/lib/TLS/include/Credentials.h index 4554698..6413eef 100644 --- a/lib/TLS/include/Credentials.h +++ b/lib/TLS/include/Credentials.h @@ -158,15 +158,17 @@ namespace eap /// Save credentials to Windows Credential Manager /// /// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as + /// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...) /// - virtual void store(_In_z_ LPCTSTR pszTargetName) const; + virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const; /// /// Retrieve credentials from Windows Credential Manager /// /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from + /// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...) /// - virtual void retrieve(_In_z_ LPCTSTR pszTargetName); + virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level); /// /// Return target suffix for Windows Credential Manager credential name diff --git a/lib/TLS/src/Config.cpp b/lib/TLS/src/Config.cpp index 8b1627a..cbb27ac 100644 --- a/lib/TLS/src/Config.cpp +++ b/lib/TLS/src/Config.cpp @@ -66,7 +66,7 @@ tstring eap::get_cert_title(PCCERT_CONTEXT cert) // eap::config_method_tls ////////////////////////////////////////////////////////////////////// -eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with_cred(mod) +eap::config_method_tls::config_method_tls(_In_ module &mod, _In_ unsigned int level) : config_method_with_cred(mod, level) { m_preshared.reset(new credentials_tls(mod)); } diff --git a/lib/TLS/src/Credentials.cpp b/lib/TLS/src/Credentials.cpp index 6f8b89f..a7794a1 100644 --- a/lib/TLS/src/Credentials.cpp +++ b/lib/TLS/src/Credentials.cpp @@ -166,7 +166,7 @@ void eap::credentials_tls::operator>>(_Inout_ cursor_in &cursor) } -void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const +void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const { assert(pszTargetName); @@ -179,7 +179,7 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const throw win_runtime_error(__FUNCTION__ " CryptProtectData failed."); } - tstring target(target_name(pszTargetName)); + tstring target(target_name(pszTargetName, level)); // Write credentials. assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE); @@ -203,13 +203,13 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const } -void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName) +void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) { assert(pszTargetName); // Read credentials. unique_ptr > cred; - if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred)) + if (!CredRead(target_name(pszTargetName, level).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred)) throw win_runtime_error(__FUNCTION__ " CredRead failed."); if (cred->CredentialBlobSize) { @@ -240,7 +240,7 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName) LPCTSTR eap::credentials_tls::target_suffix() const { - return _T("TLS"); + return _T("Cert"); } @@ -313,7 +313,7 @@ eap::credentials::source_t eap::credentials_tls::combine( if (pszTargetName) { try { credentials_tls cred_loaded(m_module); - cred_loaded.retrieve(pszTargetName); + cred_loaded.retrieve(pszTargetName, cfg.m_level); // Using stored credentials. *this = std::move(cred_loaded); diff --git a/lib/TTLS/include/Config.h b/lib/TTLS/include/Config.h index 6641b2a..ee69491 100644 --- a/lib/TTLS/include/Config.h +++ b/lib/TTLS/include/Config.h @@ -47,9 +47,10 @@ namespace eap { /// /// Constructs configuration /// - /// \param[in] mod EAP module to use for global services + /// \param[in] mod EAP module to use for global services + /// \param[in] level Config level (0=outer, 1=inner, 2=inner-inner...) /// - config_method_ttls(_In_ module &mod); + config_method_ttls(_In_ module &mod, _In_ unsigned int level); /// /// Copies configuration diff --git a/lib/TTLS/include/Credentials.h b/lib/TTLS/include/Credentials.h index 7060ee7..6301d7c 100644 --- a/lib/TTLS/include/Credentials.h +++ b/lib/TTLS/include/Credentials.h @@ -149,15 +149,17 @@ namespace eap /// Save credentials to Windows Credential Manager /// /// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as + /// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...) /// - virtual void store(_In_z_ LPCTSTR pszTargetName) const; + virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const; /// /// Retrieve credentials from Windows Credential Manager /// /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from + /// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...) /// - virtual void retrieve(_In_z_ LPCTSTR pszTargetName); + virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level); /// /// Returns credential identity. diff --git a/lib/TTLS/src/Config.cpp b/lib/TTLS/src/Config.cpp index 1e7b168..b9f69bb 100644 --- a/lib/TTLS/src/Config.cpp +++ b/lib/TTLS/src/Config.cpp @@ -28,9 +28,9 @@ using namespace winstd; // eap::config_method_ttls ////////////////////////////////////////////////////////////////////// -eap::config_method_ttls::config_method_ttls(_In_ module &mod) : - m_inner(new config_method_pap(mod)), - config_method_tls(mod) +eap::config_method_ttls::config_method_ttls(_In_ module &mod, _In_ unsigned int level) : + m_inner(new config_method_pap(mod, level + 1)), + config_method_tls(mod, level) { // TTLS is using blank pre-shared credentials per default. m_use_preshared = true; @@ -265,10 +265,10 @@ eap::credentials* eap::config_method_ttls::make_credentials() const eap::config_method_with_cred* eap::config_method_ttls::make_config_method(_In_ winstd::eap_type_t eap_type) const { switch (eap_type) { - case eap_type_tls : return new config_method_tls (m_module); - case eap_type_ttls : return new config_method_ttls (m_module); - case eap_type_legacy_pap : return new config_method_pap (m_module); - case eap_type_legacy_mschapv2: return new config_method_mschapv2(m_module); + case eap_type_tls : return new config_method_tls (m_module, m_level + 1); + case eap_type_ttls : return new config_method_ttls (m_module, m_level + 1); + case eap_type_legacy_pap : return new config_method_pap (m_module, m_level + 1); + case eap_type_legacy_mschapv2: return new config_method_mschapv2(m_module, m_level + 1); default : throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method."); } } @@ -276,10 +276,10 @@ eap::config_method_with_cred* eap::config_method_ttls::make_config_method(_In_ w eap::config_method_with_cred* eap::config_method_ttls::make_config_method(_In_ const wchar_t *eap_type) const { - if (_wcsicmp(eap_type, L"EAP-TLS" ) == 0) return new config_method_tls (m_module); - else if (_wcsicmp(eap_type, L"EAP-TTLS") == 0) return new config_method_ttls (m_module); - else if (_wcsicmp(eap_type, L"PAP" ) == 0) return new config_method_pap (m_module); - else if (_wcsicmp(eap_type, L"MSCHAPv2") == 0) return new config_method_mschapv2(m_module); + if (_wcsicmp(eap_type, L"EAP-TLS" ) == 0) return new config_method_tls (m_module, m_level + 1); + else if (_wcsicmp(eap_type, L"EAP-TTLS") == 0) return new config_method_ttls (m_module, m_level + 1); + else if (_wcsicmp(eap_type, L"PAP" ) == 0) return new config_method_pap (m_module, m_level + 1); + else if (_wcsicmp(eap_type, L"MSCHAPv2") == 0) return new config_method_mschapv2(m_module, m_level + 1); else throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method."); } diff --git a/lib/TTLS/src/Credentials.cpp b/lib/TTLS/src/Credentials.cpp index 90a8de6..b9d6598 100644 --- a/lib/TTLS/src/Credentials.cpp +++ b/lib/TTLS/src/Credentials.cpp @@ -146,23 +146,23 @@ void eap::credentials_ttls::operator>>(_Inout_ cursor_in &cursor) } -void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName) const +void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const { assert(0); // Not that we would ever store inner&outer credentials to Windows Credential Manager joined, but for completness sake... Here we go: - credentials_tls::store(pszTargetName); + credentials_tls::store(pszTargetName, level); - m_inner->store(pszTargetName); + m_inner->store(pszTargetName, level + 1); } -void eap::credentials_ttls::retrieve(_In_z_ LPCTSTR pszTargetName) +void eap::credentials_ttls::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) { assert(0); // Not that we would ever retrieve inner&outer credentials to Windows Credential Manager joined, but for completness sake... Here we go: - credentials_tls::retrieve(pszTargetName); + credentials_tls::retrieve(pszTargetName, level); - m_inner->retrieve(pszTargetName); + m_inner->retrieve(pszTargetName, level + 1); } diff --git a/lib/TTLS/src/Method.cpp b/lib/TTLS/src/Method.cpp index 878aa27..65e61fb 100644 --- a/lib/TTLS/src/Method.cpp +++ b/lib/TTLS/src/Method.cpp @@ -69,8 +69,8 @@ void eap::method_ttls::begin_session( // Initialize inner method. switch (m_cfg.m_inner->get_method_id()) { - case eap_type_legacy_pap : m_inner.reset(new method_pap (m_module, (config_method_pap &)*m_cfg.m_inner, (credentials_pap &)*m_cred.m_inner.get())); break; - case eap_type_legacy_mschapv2: m_inner.reset(new method_mschapv2(m_module, (config_method_mschapv2&)*m_cfg.m_inner, (credentials_mschapv2&)*m_cred.m_inner.get())); break; + case eap_type_legacy_pap : m_inner.reset(new method_pap (m_module, (config_method_pap &)*m_cfg.m_inner, (credentials_pass &)*m_cred.m_inner.get())); break; + case eap_type_legacy_mschapv2: m_inner.reset(new method_mschapv2(m_module, (config_method_mschapv2&)*m_cfg.m_inner, (credentials_pass&)*m_cred.m_inner.get())); break; default: throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method."); } m_inner->begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, MAXDWORD); diff --git a/lib/TTLS/src/Module.cpp b/lib/TTLS/src/Module.cpp index 0fdf929..bb732b3 100644 --- a/lib/TTLS/src/Module.cpp +++ b/lib/TTLS/src/Module.cpp @@ -35,7 +35,7 @@ eap::peer_ttls::peer_ttls() : peer(eap_type_ttls) eap::config_method* eap::peer_ttls::make_config_method() { - return new config_method_ttls(*this); + return new config_method_ttls(*this, 0); } diff --git a/lib/TTLS/src/StdAfx.h b/lib/TTLS/src/StdAfx.h index 4dac674..6b73967 100644 --- a/lib/TTLS/src/StdAfx.h +++ b/lib/TTLS/src/StdAfx.h @@ -27,11 +27,9 @@ #include "../include/TTLS.h" #include "../../PAP/include/Config.h" -#include "../../PAP/include/Credentials.h" #include "../../PAP/include/Method.h" #include "../../MSCHAPv2/include/Config.h" -#include "../../MSCHAPv2/include/Credentials.h" #include "../../MSCHAPv2/include/Method.h" #include "../../MSCHAPv2/include/MSCHAPv2.h" diff --git a/lib/TTLS_UI/src/Module.cpp b/lib/TTLS_UI/src/Module.cpp index 74b5269..6933e2f 100644 --- a/lib/TTLS_UI/src/Module.cpp +++ b/lib/TTLS_UI/src/Module.cpp @@ -52,7 +52,7 @@ eap::peer_ttls_ui::peer_ttls_ui() : peer_ui(eap_type_ttls) eap::config_method* eap::peer_ttls_ui::make_config_method() { - return new config_method_ttls(*this); + return new config_method_ttls(*this, 0); } @@ -270,7 +270,7 @@ void eap::peer_ttls_ui::invoke_identity_ui( // Write credentials to credential manager. if (panel->m_outer_cred->GetRemember()) { try { - _cred_out->credentials_tls::store(target_name.c_str()); + _cred_out->credentials_tls::store(target_name.c_str(), 0); } catch (winstd::win_runtime_error &err) { wxLogError(winstd::tstring_printf(_("Error writing credentials to Credential Manager: %hs (error %u)"), err.what(), err.number()).c_str()); } catch (...) { @@ -280,7 +280,7 @@ void eap::peer_ttls_ui::invoke_identity_ui( if (panel->m_inner_cred->GetRemember()) { try { - _cred_out->m_inner->store(target_name.c_str()); + _cred_out->m_inner->store(target_name.c_str(), 1); } catch (winstd::win_runtime_error &err) { wxLogError(winstd::tstring_printf(_("Error writing credentials to Credential Manager: %hs (error %u)"), err.what(), err.number()).c_str()); } catch (...) { diff --git a/lib/TTLS_UI/src/TTLS_UI.cpp b/lib/TTLS_UI/src/TTLS_UI.cpp index 3a01bae..2ea76dd 100644 --- a/lib/TTLS_UI/src/TTLS_UI.cpp +++ b/lib/TTLS_UI/src/TTLS_UI.cpp @@ -95,8 +95,8 @@ void wxTTLSConfigPanel::OnUpdateUI(wxUpdateUIEvent& /*event*/) wxTTLSConfigWindow::wxTTLSConfigWindow(eap::config_provider &prov, eap::config_method &cfg, wxWindow* parent) : m_cfg((eap::config_method_ttls&)cfg), - m_cfg_pap(cfg.m_module), - m_cfg_mschapv2(cfg.m_module), + m_cfg_pap(cfg.m_module, cfg.m_level + 1), + m_cfg_mschapv2(cfg.m_module, cfg.m_level + 1), wxEAPConfigWindow(prov, cfg, parent) { wxBoxSizer* sb_content; @@ -246,13 +246,13 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov, const eap::config_method_mschapv2 *cfg_inner_mschapv2; if ((cfg_inner_pap = dynamic_cast(m_cfg.m_inner.get())) != NULL) { eap::credentials_ttls &cred_ttls = (eap::credentials_ttls&)cred; - if (!cred_ttls.m_inner) cred_ttls.m_inner.reset(new eap::credentials_pap(cred.m_module)); - m_inner_cred = new wxPAPCredentialsPanel(m_prov, *cfg_inner_pap, *(eap::credentials_pap*)cred_ttls.m_inner.get(), this, is_config); + if (!cred_ttls.m_inner) cred_ttls.m_inner.reset(new eap::credentials_pass(cred.m_module)); + m_inner_cred = new wxPAPCredentialsPanel(m_prov, *cfg_inner_pap, *(eap::credentials_pass*)cred_ttls.m_inner.get(), this, is_config); sb_content->Add(m_inner_cred, 0, wxALL|wxEXPAND, 5); } else if ((cfg_inner_mschapv2 = dynamic_cast(m_cfg.m_inner.get())) != NULL) { eap::credentials_ttls &cred_ttls = (eap::credentials_ttls&)cred; - if (!cred_ttls.m_inner) cred_ttls.m_inner.reset(new eap::credentials_mschapv2(cred.m_module)); - m_inner_cred = new wxMSCHAPv2CredentialsPanel(m_prov, *cfg_inner_mschapv2, *(eap::credentials_mschapv2*)cred_ttls.m_inner.get(), this, is_config); + if (!cred_ttls.m_inner) cred_ttls.m_inner.reset(new eap::credentials_pass(cred.m_module)); + m_inner_cred = new wxMSCHAPv2CredentialsPanel(m_prov, *cfg_inner_mschapv2, *(eap::credentials_pass*)cred_ttls.m_inner.get(), this, is_config); sb_content->Add(m_inner_cred, 0, wxALL|wxEXPAND, 5); } else assert(0); // Unsupported inner authentication method type.