Credentials are no longer stored using method name (TLS/PAP/MSCHAPv2) but with level/type identifier

CredWrite/Main.cpp

@@ -40,7 +40,7 @@ static int CredWrite()
         return -1;
     }
 
-    eap::credentials_pap cred_pap(g_module);
+    eap::credentials_pass cred_pass(g_module);
 
     // Prepare identity (user name).
     {
@@ -50,7 +50,7 @@ static int CredWrite()
         bool is_last;
         dec.decode(identity_utf8, is_last, pwcArglist[1], (size_t)-1);
 
-        MultiByteToWideChar(CP_UTF8, 0, identity_utf8.data(), (int)identity_utf8.size(), cred_pap.m_identity);
+        MultiByteToWideChar(CP_UTF8, 0, identity_utf8.data(), (int)identity_utf8.size(), cred_pass.m_identity);
     }
 
     // Prepare password.
@@ -61,7 +61,7 @@ static int CredWrite()
         bool is_last;
         dec.decode(password_utf8, is_last, pwcArglist[2], (size_t)-1);
 
-        MultiByteToWideChar(CP_UTF8, 0, password_utf8.data(), (int)password_utf8.size(), cred_pap.m_password);
+        MultiByteToWideChar(CP_UTF8, 0, password_utf8.data(), (int)password_utf8.size(), cred_pass.m_password);
     }
 
     // Generate target name (aka realm).
@@ -71,7 +71,7 @@ static int CredWrite()
         target_name = pwcArglist[3];
     } else {
         // Get the realm from user name.
-        LPCWSTR _identity = cred_pap.m_identity.c_str(), domain;
+        LPCWSTR _identity = cred_pass.m_identity.c_str(), domain;
         if ((domain = wcschr(_identity, L'@')) != NULL) {
             target_name  = L"urn:RFC4282:realm:";
             target_name += domain + 1;
@@ -79,12 +79,22 @@ static int CredWrite()
             target_name = L"*";
     }
 
+    // Determine credential level.
+    unsigned int level;
+    if (nArgs > 4) {
+        // User explicitly set the level.
+        level = wcstoul(pwcArglist[4], NULL, 10);
+    } else {
+        // Set default level.
+        level = 0;
+    }
+
     // Write credentials.
 #ifdef _DEBUG
     {
-        eap::credentials_pap cred_stored(g_module);
+        eap::credentials_pass cred_stored(g_module);
         try {
-            cred_stored.retrieve(target_name.c_str());
+            cred_stored.retrieve(target_name.c_str(), level);
         } catch(win_runtime_error &err) {
             OutputDebugStr(_T("%hs (error %u)\n"), err.what(), err.number());
         } catch(...) {
@@ -93,7 +103,7 @@ static int CredWrite()
     }
 #endif
     try {
-        cred_pap.store(target_name.c_str());
+        cred_pass.store(target_name.c_str(), level);
     } catch(win_runtime_error &err) {
         OutputDebugStr(_T("%hs (error %u)\n"), err.what(), err.number());
         return 2;
@@ -102,18 +112,6 @@ static int CredWrite()
         return 2;
     }
 
-    // Store empty TLS credentials.
-    eap::credentials_tls cred_tls(g_module);
-    try {
-        cred_tls.store(target_name.c_str());
-    } catch(win_runtime_error &err) {
-        OutputDebugStr(_T("%hs (error %u)\n"), err.what(), err.number());
-        return 3;
-    } catch(...) {
-        OutputDebugStr(_T("Writing credentials failed.\n"));
-        return 3;
-    }
-
     return 0;
 }
 

CredWrite/README.md

@@ -3,12 +3,13 @@ Imports given credentials to Windows Credential Manager for G
 
 ##Usage
 ```
-CredWrite <username> <password> [<realm>]
+CredWrite <username> <password> [<realm> [level]]
 ```
 
 - `username` - Base64 encoded UTF-8 user name (usually of the form user@domain or domain\user)
 - `password` - Base64 encoded UTF-8 user password
 - `realm`    - A realm ID to allow grouping of credentials over different WLAN profiles (optional, default is domain part of `username`)
+- `level`    - Credential level (0=outer, 1=inner, 2=inner-inner..., default is 0=outer)
 
 The credentials are stored to Windows Credential Manager in invoking user's roaming profile.
 

CredWrite/StdAfx.h

@@ -20,8 +20,7 @@
 
 #pragma once
 
-#include "../lib/PAP/include/Credentials.h"
-#include "../lib/TLS/include/Credentials.h"
+#include "../lib/EAPBase/include/Credentials.h"
 #include "../lib/EAPBase/include/Module.h"
 
 #include <WinStd/Common.h>