Credentials are no longer stored using method name (TLS/PAP/MSCHAPv2) but with level/type identifier

2016-09-06 15:39:41 +02:00
parent b11cb3a5f2
commit 641c9b6932
41 changed files with 226 additions and 604 deletions
--- a/lib/TTLS/include/Config.h
+++ b/lib/TTLS/include/Config.h
@@ -47,9 +47,10 @@ namespace eap {
        ///
        /// Constructs configuration
        ///
-        /// \param[in] mod  EAP module to use for global services
+        /// \param[in] mod    EAP module to use for global services
+        /// \param[in] level  Config level (0=outer, 1=inner, 2=inner-inner...)
        ///
-        config_method_ttls(_In_ module &mod);
+        config_method_ttls(_In_ module &mod, _In_ unsigned int level);

        ///
        /// Copies configuration
--- a/lib/TTLS/include/Credentials.h
+++ b/lib/TTLS/include/Credentials.h
@@ -149,15 +149,17 @@ namespace eap
        /// Save credentials to Windows Credential Manager
        ///
        /// \param[in]  pszTargetName  The name in Windows Credential Manager to store credentials as
+        /// \param[in]  level          Credential level (0=outer, 1=inner, 2=inner-inner...)
        ///
-        virtual void store(_In_z_ LPCTSTR pszTargetName) const;
+        virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const;

        ///
        /// Retrieve credentials from Windows Credential Manager
        ///
        /// \param[in]  pszTargetName  The name in Windows Credential Manager to retrieve credentials from
+        /// \param[in]  level          Credential level (0=outer, 1=inner, 2=inner-inner...)
        ///
-        virtual void retrieve(_In_z_ LPCTSTR pszTargetName);
+        virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level);

        ///
        /// Returns credential identity.
--- a/lib/TTLS/src/Config.cpp
+++ b/lib/TTLS/src/Config.cpp
@@ -28,9 +28,9 @@ using namespace winstd;
 // eap::config_method_ttls
 //////////////////////////////////////////////////////////////////////

-eap::config_method_ttls::config_method_ttls(_In_ module &mod) :
-    m_inner(new config_method_pap(mod)),
-    config_method_tls(mod)
+eap::config_method_ttls::config_method_ttls(_In_ module &mod, _In_ unsigned int level) :
+    m_inner(new config_method_pap(mod, level + 1)),
+    config_method_tls(mod, level)
 {
    // TTLS is using blank pre-shared credentials per default.
    m_use_preshared = true;
@@ -265,10 +265,10 @@ eap::credentials* eap::config_method_ttls::make_credentials() const
 eap::config_method_with_cred* eap::config_method_ttls::make_config_method(_In_ winstd::eap_type_t eap_type) const
 {
    switch (eap_type) {
-    case eap_type_tls            : return new config_method_tls     (m_module);
-    case eap_type_ttls           : return new config_method_ttls    (m_module);
-    case eap_type_legacy_pap     : return new config_method_pap     (m_module);
-    case eap_type_legacy_mschapv2: return new config_method_mschapv2(m_module);
+    case eap_type_tls            : return new config_method_tls     (m_module, m_level + 1);
+    case eap_type_ttls           : return new config_method_ttls    (m_module, m_level + 1);
+    case eap_type_legacy_pap     : return new config_method_pap     (m_module, m_level + 1);
+    case eap_type_legacy_mschapv2: return new config_method_mschapv2(m_module, m_level + 1);
    default                      : throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method.");
    }
 }
@@ -276,10 +276,10 @@ eap::config_method_with_cred* eap::config_method_ttls::make_config_method(_In_ w

 eap::config_method_with_cred* eap::config_method_ttls::make_config_method(_In_ const wchar_t *eap_type) const
 {
-         if (_wcsicmp(eap_type, L"EAP-TLS" ) == 0) return new config_method_tls     (m_module);
-    else if (_wcsicmp(eap_type, L"EAP-TTLS") == 0) return new config_method_ttls    (m_module);
-    else if (_wcsicmp(eap_type, L"PAP"     ) == 0) return new config_method_pap     (m_module);
-    else if (_wcsicmp(eap_type, L"MSCHAPv2") == 0) return new config_method_mschapv2(m_module);
+         if (_wcsicmp(eap_type, L"EAP-TLS" ) == 0) return new config_method_tls     (m_module, m_level + 1);
+    else if (_wcsicmp(eap_type, L"EAP-TTLS") == 0) return new config_method_ttls    (m_module, m_level + 1);
+    else if (_wcsicmp(eap_type, L"PAP"     ) == 0) return new config_method_pap     (m_module, m_level + 1);
+    else if (_wcsicmp(eap_type, L"MSCHAPv2") == 0) return new config_method_mschapv2(m_module, m_level + 1);
    else                                           throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method.");
 }

--- a/lib/TTLS/src/Credentials.cpp
+++ b/lib/TTLS/src/Credentials.cpp
@@ -146,23 +146,23 @@ void eap::credentials_ttls::operator>>(_Inout_ cursor_in &cursor)
 }


-void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName) const
+void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const
 {
    assert(0); // Not that we would ever store inner&outer credentials to Windows Credential Manager joined, but for completness sake... Here we go:

-    credentials_tls::store(pszTargetName);
+    credentials_tls::store(pszTargetName, level);

-    m_inner->store(pszTargetName);
+    m_inner->store(pszTargetName, level + 1);
 }


-void eap::credentials_ttls::retrieve(_In_z_ LPCTSTR pszTargetName)
+void eap::credentials_ttls::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level)
 {
    assert(0); // Not that we would ever retrieve inner&outer credentials to Windows Credential Manager joined, but for completness sake... Here we go:

-    credentials_tls::retrieve(pszTargetName);
+    credentials_tls::retrieve(pszTargetName, level);

-    m_inner->retrieve(pszTargetName);
+    m_inner->retrieve(pszTargetName, level + 1);
 }


--- a/lib/TTLS/src/Method.cpp
+++ b/lib/TTLS/src/Method.cpp
@@ -69,8 +69,8 @@ void eap::method_ttls::begin_session(

    // Initialize inner method.
    switch (m_cfg.m_inner->get_method_id()) {
-    case eap_type_legacy_pap     : m_inner.reset(new method_pap     (m_module, (config_method_pap     &)*m_cfg.m_inner, (credentials_pap     &)*m_cred.m_inner.get())); break;
-    case eap_type_legacy_mschapv2: m_inner.reset(new method_mschapv2(m_module, (config_method_mschapv2&)*m_cfg.m_inner, (credentials_mschapv2&)*m_cred.m_inner.get())); break;
+    case eap_type_legacy_pap     : m_inner.reset(new method_pap     (m_module, (config_method_pap     &)*m_cfg.m_inner, (credentials_pass     &)*m_cred.m_inner.get())); break;
+    case eap_type_legacy_mschapv2: m_inner.reset(new method_mschapv2(m_module, (config_method_mschapv2&)*m_cfg.m_inner, (credentials_pass&)*m_cred.m_inner.get())); break;
    default: throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method.");
    }
    m_inner->begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, MAXDWORD);
--- a/lib/TTLS/src/Module.cpp
+++ b/lib/TTLS/src/Module.cpp
@@ -35,7 +35,7 @@ eap::peer_ttls::peer_ttls() : peer(eap_type_ttls)

 eap::config_method* eap::peer_ttls::make_config_method()
 {
-    return new config_method_ttls(*this);
+    return new config_method_ttls(*this, 0);
 }


--- a/lib/TTLS/src/StdAfx.h
+++ b/lib/TTLS/src/StdAfx.h
@@ -27,11 +27,9 @@
 #include "../include/TTLS.h"

 #include "../../PAP/include/Config.h"
-#include "../../PAP/include/Credentials.h"
 #include "../../PAP/include/Method.h"

 #include "../../MSCHAPv2/include/Config.h"
-#include "../../MSCHAPv2/include/Credentials.h"
 #include "../../MSCHAPv2/include/Method.h"
 #include "../../MSCHAPv2/include/MSCHAPv2.h"