Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Credentials are no longer stored using method name (TLS/PAP/MSCHAPv2) but with level/type identifier

Browse Source
This commit is contained in:
Simon Rozman
2016-09-06 15:39:41 +02:00
parent b11cb3a5f2
commit 641c9b6932
41 changed files with 226 additions and 604 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/TLS/include/Config.h
View File

@@ -66,9 +66,10 @@ namespace eap
///
/// Constructs configuration
///
/// \param[in] mod EAP module to use for global services
/// \param[in] mod EAP module to use for global services
/// \param[in] level Config level (0=outer, 1=inner, 2=inner-inner...)
///
config_method_tls(_In_ module &mod);
config_method_tls(_In_ module &mod, _In_ unsigned int level);
///
/// Copies configuration

6
lib/TLS/include/Credentials.h
View File

@@ -158,15 +158,17 @@ namespace eap
/// Save credentials to Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
virtual void store(_In_z_ LPCTSTR pszTargetName) const;
virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const;
///
/// Retrieve credentials from Windows Credential Manager
///
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from
/// \param[in] level Credential level (0=outer, 1=inner, 2=inner-inner...)
///
virtual void retrieve(_In_z_ LPCTSTR pszTargetName);
virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level);
///
/// Return target suffix for Windows Credential Manager credential name

2
lib/TLS/src/Config.cpp
View File

@@ -66,7 +66,7 @@ tstring eap::get_cert_title(PCCERT_CONTEXT cert)
// eap::config_method_tls
//////////////////////////////////////////////////////////////////////
eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with_cred(mod)
eap::config_method_tls::config_method_tls(_In_ module &mod, _In_ unsigned int level) : config_method_with_cred(mod, level)
{
m_preshared.reset(new credentials_tls(mod));
}

12
lib/TLS/src/Credentials.cpp
View File

@@ -166,7 +166,7 @@ void eap::credentials_tls::operator>>(_Inout_ cursor_in &cursor)
}
void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const
{
assert(pszTargetName);
@@ -179,7 +179,7 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
}
tstring target(target_name(pszTargetName));
tstring target(target_name(pszTargetName, level));
// Write credentials.
assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
@@ -203,13 +203,13 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
}
void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName)
void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level)
{
assert(pszTargetName);
// Read credentials.
unique_ptr<CREDENTIAL, CredFree_delete<CREDENTIAL> > cred;
if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred))
if (!CredRead(target_name(pszTargetName, level).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred))
throw win_runtime_error(__FUNCTION__ " CredRead failed.");
if (cred->CredentialBlobSize) {
@@ -240,7 +240,7 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName)
LPCTSTR eap::credentials_tls::target_suffix() const
{
return _T("TLS");
return _T("Cert");
}
@@ -313,7 +313,7 @@ eap::credentials::source_t eap::credentials_tls::combine(
if (pszTargetName) {
try {
credentials_tls cred_loaded(m_module);
cred_loaded.retrieve(pszTargetName);
cred_loaded.retrieve(pszTargetName, cfg.m_level);
// Using stored credentials.
*this = std::move(cred_loaded);