diff --git a/EAPMethods/locale/EAPMethods.pot b/EAPMethods/locale/EAPMethods.pot index 5b2877d..53495bc 100644 --- a/EAPMethods/locale/EAPMethods.pot +++ b/EAPMethods/locale/EAPMethods.pot @@ -2,7 +2,7 @@ msgid "" msgstr "" "Project-Id-Version: EAPMethods\n" -"POT-Creation-Date: 2017-02-02 18:14+0100\n" +"POT-Creation-Date: 2017-02-09 13:15+0100\n" "PO-Revision-Date: 2016-06-02 12:27+0200\n" "Last-Translator: Simon Rozman \n" "Language-Team: Amebis, d. o. o., Kamnik \n" @@ -481,7 +481,7 @@ msgstr "" msgid "Configuring EAP method failed (error %u)." msgstr "" -#: master/lib/GTC_UI/res/wxGTC_UI.cpp:16 master/lib/GTC_UI/include/GTC_UI.h:93 +#: master/lib/GTC_UI/res/wxGTC_UI.cpp:16 master/lib/GTC_UI/include/GTC_UI.h:103 msgid "GTC Challenge" msgstr "" @@ -497,11 +497,23 @@ msgstr "" msgid "Enter your response here" msgstr "" -#: master/lib/GTC_UI/src/GTC_UI.cpp:33 -msgid "GTC User ID" +#: master/lib/GTC_UI/res/wxGTC_UI.cpp:70 +msgid "EAP-GTC authentication &mode:" msgstr "" -#: master/lib/GTC_UI/src/GTC_UI.cpp:69 +#: master/lib/GTC_UI/res/wxGTC_UI.cpp:75 +msgid "Select EAP-GTC authentication mode from the list" +msgstr "" + +#: master/lib/GTC_UI/src/GTC_UI.cpp:39 +msgid "Challenge/Response" +msgstr "" + +#: master/lib/GTC_UI/src/GTC_UI.cpp:41 +msgid "Password" +msgstr "" + +#: master/lib/GTC_UI/src/GTC_UI.cpp:119 #, c-format msgid "%s Challenge" msgstr "" @@ -713,7 +725,7 @@ msgstr "" msgid "Custom outer identity to use" msgstr "" -#: master/lib/TTLS_UI/src/Module.cpp:262 master/lib/TTLS_UI/src/Module.cpp:319 +#: master/lib/TTLS_UI/src/Module.cpp:262 master/lib/TTLS_UI/src/Module.cpp:330 #: ver1.0/lib/TTLS_UI/src/Module.cpp:274 ver1.0/lib/TTLS_UI/src/Module.cpp:284 #: ver1.1/lib/TTLS_UI/src/Module.cpp:262 ver1.1/lib/TTLS_UI/src/Module.cpp:318 #: master/lib/EAPBase_UI/include/EAP_UI.h:785 @@ -723,7 +735,7 @@ msgstr "" msgid "Error writing credentials to Credential Manager: %hs (error %u)" msgstr "" -#: master/lib/TTLS_UI/src/Module.cpp:264 master/lib/TTLS_UI/src/Module.cpp:321 +#: master/lib/TTLS_UI/src/Module.cpp:264 master/lib/TTLS_UI/src/Module.cpp:332 #: ver1.0/lib/TTLS_UI/src/Module.cpp:276 ver1.0/lib/TTLS_UI/src/Module.cpp:286 #: ver1.1/lib/TTLS_UI/src/Module.cpp:264 ver1.1/lib/TTLS_UI/src/Module.cpp:320 #: master/lib/EAPBase_UI/include/EAP_UI.h:788 @@ -732,22 +744,22 @@ msgstr "" msgid "Writing credentials failed." msgstr "" -#: master/lib/TTLS_UI/src/Module.cpp:356 ver1.1/lib/TTLS_UI/src/Module.cpp:355 +#: master/lib/TTLS_UI/src/Module.cpp:367 ver1.1/lib/TTLS_UI/src/Module.cpp:355 #, c-format msgid "Invoking EAP identity UI failed (error %u, %s, %s)." msgstr "" -#: master/lib/TTLS_UI/src/Module.cpp:358 ver1.1/lib/TTLS_UI/src/Module.cpp:357 +#: master/lib/TTLS_UI/src/Module.cpp:369 ver1.1/lib/TTLS_UI/src/Module.cpp:357 #, c-format msgid "Invoking EAP identity UI failed (error %u)." msgstr "" -#: master/lib/TTLS_UI/src/Module.cpp:485 +#: master/lib/TTLS_UI/src/Module.cpp:496 #, c-format msgid "Invoking EAP interactive UI failed (error %u, %s, %s)." msgstr "" -#: master/lib/TTLS_UI/src/Module.cpp:488 +#: master/lib/TTLS_UI/src/Module.cpp:499 #, c-format msgid "Invoking EAP interactive UI failed (error %u)." msgstr "" @@ -884,62 +896,38 @@ msgstr "" msgid "EAP Identity Provider" msgstr "" -#: master/EAPMethods/MSIBuild/en_US.Win32.Debug.Feature-2.idtx:4 #: master/EAPMethods/MSIBuild/en_US.Win32.Release.Feature-2.idtx:4 -#: master/EAPMethods/MSIBuild/en_US.x64.Debug.Feature-2.idtx:4 #: master/EAPMethods/MSIBuild/en_US.x64.Release.Feature-2.idtx:4 -#: ver1.0/EAPMethods/MSIBuild/en_US.Win32.Debug.Feature-2.idtx:4 #: ver1.0/EAPMethods/MSIBuild/en_US.Win32.Release.Feature-2.idtx:4 -#: ver1.0/EAPMethods/MSIBuild/en_US.x64.Debug.Feature-2.idtx:4 #: ver1.0/EAPMethods/MSIBuild/en_US.x64.Release.Feature-2.idtx:4 -#: ver1.1/EAPMethods/MSIBuild/en_US.Win32.Debug.Feature-2.idtx:4 #: ver1.1/EAPMethods/MSIBuild/en_US.Win32.Release.Feature-2.idtx:4 -#: ver1.1/EAPMethods/MSIBuild/en_US.x64.Debug.Feature-2.idtx:4 #: ver1.1/EAPMethods/MSIBuild/en_US.x64.Release.Feature-2.idtx:4 msgid "EAP Methods" msgstr "" -#: master/EAPMethods/MSIBuild/en_US.Win32.Debug.Feature-2.idtx:4 #: master/EAPMethods/MSIBuild/en_US.Win32.Release.Feature-2.idtx:4 -#: master/EAPMethods/MSIBuild/en_US.x64.Debug.Feature-2.idtx:4 #: master/EAPMethods/MSIBuild/en_US.x64.Release.Feature-2.idtx:4 -#: ver1.0/EAPMethods/MSIBuild/en_US.Win32.Debug.Feature-2.idtx:4 #: ver1.0/EAPMethods/MSIBuild/en_US.Win32.Release.Feature-2.idtx:4 -#: ver1.0/EAPMethods/MSIBuild/en_US.x64.Debug.Feature-2.idtx:4 #: ver1.0/EAPMethods/MSIBuild/en_US.x64.Release.Feature-2.idtx:4 -#: ver1.1/EAPMethods/MSIBuild/en_US.Win32.Debug.Feature-2.idtx:4 #: ver1.1/EAPMethods/MSIBuild/en_US.Win32.Release.Feature-2.idtx:4 -#: ver1.1/EAPMethods/MSIBuild/en_US.x64.Debug.Feature-2.idtx:4 #: ver1.1/EAPMethods/MSIBuild/en_US.x64.Release.Feature-2.idtx:4 msgid "Modules to support individual EAP methods" msgstr "" -#: master/EAPMethods/MSIBuild/en_US.Win32.Debug.Feature-2.idtx:5 #: master/EAPMethods/MSIBuild/en_US.Win32.Release.Feature-2.idtx:5 -#: master/EAPMethods/MSIBuild/en_US.x64.Debug.Feature-2.idtx:5 #: master/EAPMethods/MSIBuild/en_US.x64.Release.Feature-2.idtx:5 -#: ver1.0/EAPMethods/MSIBuild/en_US.Win32.Debug.Feature-2.idtx:5 #: ver1.0/EAPMethods/MSIBuild/en_US.Win32.Release.Feature-2.idtx:5 -#: ver1.0/EAPMethods/MSIBuild/en_US.x64.Debug.Feature-2.idtx:5 #: ver1.0/EAPMethods/MSIBuild/en_US.x64.Release.Feature-2.idtx:5 -#: ver1.1/EAPMethods/MSIBuild/en_US.Win32.Debug.Feature-2.idtx:5 #: ver1.1/EAPMethods/MSIBuild/en_US.Win32.Release.Feature-2.idtx:5 -#: ver1.1/EAPMethods/MSIBuild/en_US.x64.Debug.Feature-2.idtx:5 #: ver1.1/EAPMethods/MSIBuild/en_US.x64.Release.Feature-2.idtx:5 msgid "TTLS" msgstr "" -#: master/EAPMethods/MSIBuild/en_US.Win32.Debug.Feature-2.idtx:5 #: master/EAPMethods/MSIBuild/en_US.Win32.Release.Feature-2.idtx:5 -#: master/EAPMethods/MSIBuild/en_US.x64.Debug.Feature-2.idtx:5 #: master/EAPMethods/MSIBuild/en_US.x64.Release.Feature-2.idtx:5 -#: ver1.0/EAPMethods/MSIBuild/en_US.Win32.Debug.Feature-2.idtx:5 #: ver1.0/EAPMethods/MSIBuild/en_US.Win32.Release.Feature-2.idtx:5 -#: ver1.0/EAPMethods/MSIBuild/en_US.x64.Debug.Feature-2.idtx:5 #: ver1.0/EAPMethods/MSIBuild/en_US.x64.Release.Feature-2.idtx:5 -#: ver1.1/EAPMethods/MSIBuild/en_US.Win32.Debug.Feature-2.idtx:5 #: ver1.1/EAPMethods/MSIBuild/en_US.Win32.Release.Feature-2.idtx:5 -#: ver1.1/EAPMethods/MSIBuild/en_US.x64.Debug.Feature-2.idtx:5 #: ver1.1/EAPMethods/MSIBuild/en_US.x64.Release.Feature-2.idtx:5 msgid "Tunneled Transport Layer Security" msgstr "" diff --git a/README.md b/README.md index c9d59b5..c56821b 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Suite of EAP supplicants for Microsoft Windows - IEEE 802.1X plug-ins for enterp - PAP - MSCHAPv2 - EAP-MSCHAPv2 - - EAP-GTC + - EAP-GTC: Challenge/Response and Password authentication modes - System-installed EAP method chaining (experimental) ### Security diff --git a/lib/GTC/include/Config.h b/lib/GTC/include/Config.h index 54c819d..adfd1c2 100644 --- a/lib/GTC/include/Config.h +++ b/lib/GTC/include/Config.h @@ -44,6 +44,15 @@ namespace eap /// class config_method_eapgtc : public config_method_with_cred { + public: + /// + /// Authentication mode + /// + enum auth_mode_t { + auth_mode_response = 0, ///< Challenge/Response + auth_mode_password, ///< Password + }; + public: /// /// Constructs configuration @@ -87,6 +96,19 @@ namespace eap virtual config* clone() const; + /// \name XML management + /// @{ + virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const; + virtual void load(_In_ IXMLDOMNode *pConfigRoot); + /// @} + + /// \name BLOB management + /// @{ + virtual void operator<<(_Inout_ cursor_out &cursor) const; + virtual size_t get_pk_size() const; + virtual void operator>>(_Inout_ cursor_in &cursor); + /// @} + /// /// @copydoc eap::config_method::get_method_id() /// \returns This implementation always returns `winstd::eap_type_gtc` @@ -101,10 +123,53 @@ namespace eap /// /// @copydoc eap::config_method::make_credentials() - /// \returns This implementation always returns `eap::credentials_identity` type of credentials + /// \returns This implementation returns `eap::credentials_identity` or `eap::credentials_pass` type of credentials, depending on authentication mode. /// virtual credentials* make_credentials() const; }; /// @} } + + +/// \addtogroup EAPBaseStream +/// @{ + +/// +/// Packs an EAP-GTC method authentication mode +/// +/// \param[inout] cursor Memory cursor +/// \param[in] val Authentication mode to pack +/// +inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::config_method_eapgtc::auth_mode_t &val) +{ + cursor << (unsigned char)val; +} + + +/// +/// Returns packed size of an EAP-GTC method authentication mode +/// +/// \param[in] val Authentication mode to pack +/// +/// \returns Size of data when packed (in bytes) +/// +inline size_t pksizeof(_In_ const eap::config_method_eapgtc::auth_mode_t &val) +{ + return pksizeof((unsigned char)val); +} + + +/// +/// Unpacks an EAP-GTC method authentication mode +/// +/// \param[inout] cursor Memory cursor +/// \param[out] val Authentication mode to unpack to +/// +inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config_method_eapgtc::auth_mode_t &val) +{ + val = (eap::config_method_eapgtc::auth_mode_t)0; // Reset higher bytes to zero before reading to lower byte. + cursor >> (unsigned char&)val; +} + +/// @} diff --git a/lib/GTC/include/Method.h b/lib/GTC/include/Method.h index 3208ca8..673dd59 100644 --- a/lib/GTC/include/Method.h +++ b/lib/GTC/include/Method.h @@ -50,7 +50,7 @@ namespace eap /// \param[in] cfg Method configuration /// \param[in] cred User credentials /// - method_gtc(_In_ module &mod, _In_ config_method_eapgtc &cfg, _In_ credentials_identity &cred); + method_gtc(_In_ module &mod, _In_ config_method_eapgtc &cfg, _In_ credentials &cred); /// /// Moves a GTC method @@ -109,7 +109,7 @@ namespace eap protected: config_method_eapgtc &m_cfg; ///< Method configuration - credentials_identity &m_cred; ///< Method user credentials + credentials &m_cred; ///< Method user credentials winstd::sanitizing_wstring m_challenge; ///< GTC challenge winstd::sanitizing_wstring m_response; ///< GTC response }; diff --git a/lib/GTC/src/Config.cpp b/lib/GTC/src/Config.cpp index 96c445e..fa450bb 100644 --- a/lib/GTC/src/Config.cpp +++ b/lib/GTC/src/Config.cpp @@ -30,6 +30,7 @@ using namespace winstd; eap::config_method_eapgtc::config_method_eapgtc(_In_ module &mod, _In_ unsigned int level) : config_method_with_cred(mod, level) { + // Default to Challenge/Response authentication mode. m_cred.reset(new credentials_identity(mod)); } @@ -70,6 +71,95 @@ eap::config* eap::config_method_eapgtc::clone() const } +void eap::config_method_eapgtc::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const +{ + assert(pDoc); + assert(pConfigRoot); + + config_method_with_cred::save(pDoc, pConfigRoot); + + HRESULT hr; + + if (dynamic_cast(m_cred.get())) + hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"AuthMode"), namespace_eapmetadata, bstr(L"Challenge/Response")); + else if (dynamic_cast(m_cred.get())) + hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"AuthMode"), namespace_eapmetadata, bstr(L"Password")); + else + throw invalid_argument(__FUNCTION__ " Unsupported authentication mode."); + if (FAILED(hr)) + throw com_runtime_error(hr, __FUNCTION__ " Error creating element."); +} + + +void eap::config_method_eapgtc::load(_In_ IXMLDOMNode *pConfigRoot) +{ + assert(pConfigRoot); + HRESULT hr; + wstring xpath(eapxml::get_xpath(pConfigRoot)); + + // Load authentication mode first, then (re)create credentials to match the authentication mode. + bstr auth_mode; + if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:AuthMode"), auth_mode)) || + CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, auth_mode, auth_mode.length(), _L("Challenge/Response"), -1, NULL, NULL, 0) == CSTR_EQUAL) + { + m_cred.reset(new eap::credentials_identity(m_module)); + } else if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, auth_mode, auth_mode.length(), _L("Password"), -1, NULL, NULL, 0) == CSTR_EQUAL) { + m_cred.reset(new eap::credentials_pass(m_module)); + } else + throw invalid_argument(string_printf(__FUNCTION__ " Unsupported authentication mode (%ls).", (BSTR)auth_mode)); + + // Load method configuration. + config_method_with_cred::load(pConfigRoot); + + m_module.log_config((xpath + L"/AuthMode").c_str(), auth_mode); +} + + +void eap::config_method_eapgtc::operator<<(_Inout_ cursor_out &cursor) const +{ + // Save authentication mode first, as credential loading will require this information. + if (dynamic_cast(m_cred.get())) + cursor << auth_mode_response; + else if (dynamic_cast(m_cred.get())) + cursor << auth_mode_password; + else + throw invalid_argument(__FUNCTION__ " Unsupported authentication mode."); + + config_method_with_cred::operator<<(cursor); +} + + +size_t eap::config_method_eapgtc::get_pk_size() const +{ + auth_mode_t auth_mode; + if (dynamic_cast(m_cred.get())) + auth_mode = auth_mode_response; + else if (dynamic_cast(m_cred.get())) + auth_mode = auth_mode_password; + else + throw invalid_argument(__FUNCTION__ " Unsupported authentication mode."); + + return + pksizeof(auth_mode) + + config_method_with_cred::get_pk_size(); +} + + +void eap::config_method_eapgtc::operator>>(_Inout_ cursor_in &cursor) +{ + // (Re)create credentials to match the authentication mode. + auth_mode_t auth_mode; + cursor >> auth_mode; + switch (auth_mode) { + case auth_mode_response: m_cred.reset(new eap::credentials_identity(m_module)); break; + case auth_mode_password: m_cred.reset(new eap::credentials_pass (m_module)); break; + default : throw invalid_argument(string_printf(__FUNCTION__ " Unsupported authentication mode (%u).", auth_mode)); + } + + config_method_with_cred::operator>>(cursor); +} + + eap_type_t eap::config_method_eapgtc::get_method_id() const { return eap_type_gtc; @@ -84,5 +174,10 @@ const wchar_t* eap::config_method_eapgtc::get_method_str() const eap::credentials* eap::config_method_eapgtc::make_credentials() const { - return new eap::credentials_identity(m_module); + if (dynamic_cast(m_cred.get())) + return new eap::credentials_identity(m_module); + else if (dynamic_cast(m_cred.get())) + return new eap::credentials_pass (m_module); + else + throw invalid_argument(__FUNCTION__ " Unsupported authentication mode."); } diff --git a/lib/GTC/src/Method.cpp b/lib/GTC/src/Method.cpp index 38ea975..3695b1e 100644 --- a/lib/GTC/src/Method.cpp +++ b/lib/GTC/src/Method.cpp @@ -28,7 +28,7 @@ using namespace winstd; // eap::method_gtc ////////////////////////////////////////////////////////////////////// -eap::method_gtc::method_gtc(_In_ module &mod, _In_ config_method_eapgtc &cfg, _In_ credentials_identity &cred) : +eap::method_gtc::method_gtc(_In_ module &mod, _In_ config_method_eapgtc &cfg, _In_ credentials &cred) : m_cfg(cfg), m_cred(cred), method(mod) @@ -83,13 +83,24 @@ EapPeerMethodResponseAction eap::method_gtc::process_request_packet( m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_gtc), event_data::blank); - // Read authenticator challenge as UTF-8 encoded string. - MultiByteToWideChar(CP_UTF8, 0, (LPCSTR)pReceivedPacket, dwReceivedPacketSize, m_challenge); + credentials_pass *cred_pass; + if (dynamic_cast(&m_cred)) { + // Read authenticator challenge as UTF-8 encoded string. + MultiByteToWideChar(CP_UTF8, 0, (LPCSTR)pReceivedPacket, dwReceivedPacketSize, m_challenge); - m_module.log_event(&EAPMETHOD_GTC_RESPONSE_REQ, event_data((unsigned int)eap_type_gtc), event_data::blank); + m_module.log_event(&EAPMETHOD_GTC_RESPONSE_REQ, event_data((unsigned int)eap_type_gtc), event_data::blank); - // User must respond to the challenge. - return EapPeerMethodResponseActionInvokeUI; + // User must respond to the challenge. + return EapPeerMethodResponseActionInvokeUI; + } else if ((cred_pass = dynamic_cast(&m_cred)) != NULL) { + // Ignore authenticator challenge and save password as GTC response. + m_response = cred_pass->m_password; + + // Send the response. + m_cfg.m_last_status = config_method::status_cred_invalid; // Blame "credentials" if we fail beyond this point. + return EapPeerMethodResponseActionSend; + } else + throw invalid_argument(__FUNCTION__ " Unsupported authentication mode."); } @@ -98,13 +109,13 @@ void eap::method_gtc::get_response_packet( _In_opt_ DWORD size_max) { // Encode GTC response as UTF-8. - sanitizing_string reply_utf8; - WideCharToMultiByte(CP_UTF8, 0, m_response, reply_utf8, NULL, NULL); + sanitizing_string response_utf8; + WideCharToMultiByte(CP_UTF8, 0, m_response, response_utf8, NULL, NULL); - if (sizeof(sanitizing_string::value_type)*reply_utf8.length() > size_max) - throw invalid_argument(string_printf(__FUNCTION__ " This method does not support packet fragmentation, but the data size is too big to fit in one packet (packet: %u, maximum: %u).", sizeof(sanitizing_string::value_type)*reply_utf8.length(), size_max)); + if (sizeof(sanitizing_string::value_type)*response_utf8.length() > size_max) + throw invalid_argument(string_printf(__FUNCTION__ " This method does not support packet fragmentation, but the data size is too big to fit in one packet (packet: %u, maximum: %u).", sizeof(sanitizing_string::value_type)*response_utf8.length(), size_max)); - packet.assign(reply_utf8.begin(), reply_utf8.end()); + packet.assign(response_utf8.begin(), response_utf8.end()); } diff --git a/lib/GTC_UI/include/GTC_UI.h b/lib/GTC_UI/include/GTC_UI.h index 5505aae..799f1df 100644 --- a/lib/GTC_UI/include/GTC_UI.h +++ b/lib/GTC_UI/include/GTC_UI.h @@ -29,14 +29,24 @@ class wxGTCResponsePanel; /// @{ /// -/// GTC credential entry panel +/// GTC challenge/response credential entry panel /// -typedef wxIdentityCredentialsPanel wxGTCCredentialsPanel; +typedef wxIdentityCredentialsPanel wxGTCResponseCredentialsPanel; /// -/// GTC credential configuration panel +/// GTC challenge/response credential configuration panel /// -typedef wxEAPCredentialsConfigPanel wxGTCCredentialsConfigPanel; +typedef wxEAPCredentialsConfigPanel wxGTCResponseCredentialsConfigPanel; + +/// +/// GTC password credential entry panel +/// +typedef wxPasswordCredentialsPanel wxGTCPasswordCredentialsPanel; + +/// +/// GTC password credential configuration panel +/// +typedef wxEAPCredentialsConfigPanel wxGTCPasswordCredentialsConfigPanel; /// @} @@ -44,11 +54,6 @@ typedef wxEAPCredentialsConfigPanel -#include - -#include - #include @@ -58,7 +63,7 @@ typedef wxEAPCredentialsConfigPanelWrap( -1 ); + sb_vertical->Add( m_auth_mode_label, 0, wxBOTTOM, 5 ); + + m_auth_mode = new wxChoicebook( this, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxCHB_DEFAULT ); + m_auth_mode->SetToolTip( _("Select EAP-GTC authentication mode from the list") ); + + sb_vertical->Add( m_auth_mode, 1, wxEXPAND, 5 ); + + + this->SetSizer( sb_vertical ); + this->Layout(); + + // Connect Events + this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxGTCConfigPanelBase::OnUpdateUI ) ); +} + +wxGTCConfigPanelBase::~wxGTCConfigPanelBase() +{ + // Disconnect Events + this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxGTCConfigPanelBase::OnUpdateUI ) ); + +} diff --git a/lib/GTC_UI/res/wxGTC_UI.fbp b/lib/GTC_UI/res/wxGTC_UI.fbp index e8127c5..e956093 100644 --- a/lib/GTC_UI/res/wxGTC_UI.fbp +++ b/lib/GTC_UI/res/wxGTC_UI.fbp @@ -466,5 +466,230 @@ + + 0 + wxAUI_MGR_DEFAULT + + + 1 + 1 + impl_virtual + + + 0 + wxID_ANY + + + wxGTCConfigPanelBase + + 500,-1 + + + + + wxTAB_TRAVERSAL + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + OnUpdateUI + + + sb_vertical + wxVERTICAL + none + + 5 + wxBOTTOM + 0 + + 1 + 1 + 1 + 1 + + + + + + + + 1 + 0 + 1 + + 1 + 0 + Dock + 0 + Left + 1 + + 1 + + 0 + 0 + wxID_ANY + EAP-GTC authentication &mode: + + 0 + + + 0 + + 1 + m_auth_mode_label + 1 + + + protected + 1 + + Resizable + 1 + + + + 0 + + + + + -1 + + + + + + + + + + + + + + + + + + + + + + + + + + + 5 + wxEXPAND + 1 + + 1 + 1 + 1 + 1 + + + + + + + + 1 + 0 + 1 + + 1 + 0 + Dock + 0 + Left + 1 + + 1 + + 0 + 0 + wxID_ANY + + 0 + + + 0 + + 1 + m_auth_mode + 1 + + + protected + 1 + + Resizable + 1 + + wxCHB_DEFAULT + + 0 + Select EAP-GTC authentication mode from the list + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/lib/GTC_UI/res/wxGTC_UI.h b/lib/GTC_UI/res/wxGTC_UI.h index b0dc9a7..039dadf 100644 --- a/lib/GTC_UI/res/wxGTC_UI.h +++ b/lib/GTC_UI/res/wxGTC_UI.h @@ -25,6 +25,7 @@ #include #include #include +#include /////////////////////////////////////////////////////////////////////////// @@ -50,4 +51,26 @@ class wxGTCResponsePanelBase : public wxPanel }; +/////////////////////////////////////////////////////////////////////////////// +/// Class wxGTCConfigPanelBase +/////////////////////////////////////////////////////////////////////////////// +class wxGTCConfigPanelBase : public wxPanel +{ + private: + + protected: + wxStaticText* m_auth_mode_label; + wxChoicebook* m_auth_mode; + + // Virtual event handlers, overide them in your derived class + virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); } + + + public: + + wxGTCConfigPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); + ~wxGTCConfigPanelBase(); + +}; + #endif //__WXGTC_UI_H__ diff --git a/lib/GTC_UI/src/GTC_UI.cpp b/lib/GTC_UI/src/GTC_UI.cpp index cf80f93..a1f7ef5 100644 --- a/lib/GTC_UI/src/GTC_UI.cpp +++ b/lib/GTC_UI/src/GTC_UI.cpp @@ -25,36 +25,86 @@ // wxGTCConfigPanel ////////////////////////////////////////////////////////////////////// -wxGTCConfigPanel::wxGTCConfigPanel(const eap::config_provider &prov, eap::config_method_eapgtc &cfg, wxWindow* parent) : wxPanel(parent) +wxGTCConfigPanel::wxGTCConfigPanel(const eap::config_provider &prov, eap::config_method_eapgtc &cfg, wxWindow* parent) : + m_prov (prov ), + m_cfg (cfg ), + m_cfg_resp(cfg.m_module, cfg.m_level), + m_cfg_pass(cfg.m_module, cfg.m_level), + wxGTCConfigPanelBase(parent) { - wxBoxSizer* sb_content; - sb_content = new wxBoxSizer( wxVERTICAL ); + // Initialize Password authentication mode properly. Challenge/Response mode does not require initialization, since it is initialized so by default. + m_cfg_pass.m_cred.reset(new eap::credentials_pass(m_cfg.m_module)); - m_credentials = new wxGTCCredentialsConfigPanel(prov, cfg, this, _("GTC User ID")); - sb_content->Add(m_credentials, 0, wxEXPAND, 5); - - this->SetSizer(sb_content); - this->Layout(); - - // Connect Events - this->Connect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxGTCConfigPanel::OnInitDialog)); -} - - -wxGTCConfigPanel::~wxGTCConfigPanel() -{ - // Disconnect Events - this->Disconnect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxGTCConfigPanel::OnInitDialog)); + m_credentials_resp = new wxGTCResponseCredentialsConfigPanel(m_prov, m_cfg_resp, m_auth_mode); + m_auth_mode->AddPage(m_credentials_resp, _("Challenge/Response")); + m_credentials_pass = new wxGTCPasswordCredentialsConfigPanel(m_prov, m_cfg_pass, m_auth_mode); + m_auth_mode->AddPage(m_credentials_pass, _("Password")); } /// \cond internal -void wxGTCConfigPanel::OnInitDialog(wxInitDialogEvent& event) + +bool wxGTCConfigPanel::TransferDataToWindow() { - // Forward the event to child panels. - if (m_credentials) - m_credentials->GetEventHandler()->ProcessEvent(event); + eap::credentials_identity *cred_resp; + eap::credentials_pass *cred_pass; + + if ((cred_resp = dynamic_cast(m_cfg.m_cred.get())) != NULL) { + m_cfg_resp = m_cfg; + m_auth_mode->SetSelection(0); // 0=Challenge/Response + } else if ((cred_pass = dynamic_cast(m_cfg.m_cred.get())) != NULL) { + m_cfg_pass = m_cfg; + m_auth_mode->SetSelection(1); // 1=Password + } else + wxFAIL_MSG(wxT("Unsupported authentication mode.")); + + return wxGTCConfigPanelBase::TransferDataToWindow(); } + + +bool wxGTCConfigPanel::TransferDataFromWindow() +{ + wxCHECK(wxGTCConfigPanelBase::TransferDataFromWindow(), false); + + if (!m_prov.m_read_only) { + // This is not a provider-locked configuration. Save the data. + switch (m_auth_mode->GetSelection()) { + case 0: // 0=Challenge/Response + m_cfg = m_cfg_resp; + break; + + case 1: // 1=Password + m_cfg = m_cfg_pass; + break; + + default: + wxFAIL_MSG(wxT("Unsupported authentication mode.")); + } + } + + return true; +} + + +void wxGTCConfigPanel::OnUpdateUI(wxUpdateUIEvent& event) +{ + UNREFERENCED_PARAMETER(event); + + if (m_prov.m_read_only) { + // This is provider-locked configuration. Disable controls. + m_auth_mode_label ->Enable(false); + m_auth_mode ->Enable(false); + m_credentials_resp->Enable(false); + m_credentials_pass->Enable(false); + } else { + // This is not a provider-locked configuration. Enable controls. + m_auth_mode_label ->Enable(true); + m_auth_mode ->Enable(true); + m_credentials_resp->Enable(true); + m_credentials_pass ->Enable(true); + } +} + /// \endcond diff --git a/lib/TTLS/src/Module.cpp b/lib/TTLS/src/Module.cpp index 433ef89..5834f03 100644 --- a/lib/TTLS/src/Module.cpp +++ b/lib/TTLS/src/Module.cpp @@ -259,7 +259,7 @@ EAP_SESSION_HANDLE eap::peer_ttls::begin_session( case eap_type_gtc : meth_inner.reset( new method_eapmsg (*this, cred_inner->get_identity().c_str(), new method_eap (*this, eap_type_gtc, - new method_gtc (*this, dynamic_cast(*cfg_inner), dynamic_cast(*cred_inner))))); break; + new method_gtc (*this, dynamic_cast(*cfg_inner), dynamic_cast(*cred_inner))))); break; default: throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method."); } } diff --git a/lib/TTLS_UI/src/Module.cpp b/lib/TTLS_UI/src/Module.cpp index 8ec537d..cd4f6fc 100644 --- a/lib/TTLS_UI/src/Module.cpp +++ b/lib/TTLS_UI/src/Module.cpp @@ -298,7 +298,18 @@ void eap::peer_ttls_ui::invoke_identity_ui( case eap_type_legacy_pap : panel = new wxPAPCredentialsPanel (*cfg_prov, *dynamic_cast(cfg_method->m_inner.get()), *dynamic_cast(cred->m_inner.get()), &dlg, false); break; case eap_type_legacy_mschapv2: panel = new wxMSCHAPv2CredentialsPanel(*cfg_prov, *dynamic_cast(cfg_method->m_inner.get()), *dynamic_cast(cred->m_inner.get()), &dlg, false); break; case eap_type_mschapv2 : panel = new wxMSCHAPv2CredentialsPanel(*cfg_prov, *dynamic_cast(cfg_method->m_inner.get()), *dynamic_cast(cred->m_inner.get()), &dlg, false); break; - case eap_type_gtc : panel = new wxGTCCredentialsPanel (*cfg_prov, *dynamic_cast(cfg_method->m_inner.get()), *dynamic_cast(cred->m_inner.get()), &dlg, false); break; + case eap_type_gtc : { + // EAP-GTC credential prompt differes for "Challenge/Response" and "Password" authentication modes. + eap::credentials_identity *cred_resp; + eap::credentials_pass *cred_pass; + if ((cred_resp = dynamic_cast(cred->m_inner.get())) != NULL) + panel = new wxGTCResponseCredentialsPanel(*cfg_prov, *dynamic_cast(cfg_method->m_inner.get()), *cred_resp, &dlg, false); + else if ((cred_pass = dynamic_cast(cred->m_inner.get())) != NULL) + panel = new wxGTCPasswordCredentialsPanel(*cfg_prov, *dynamic_cast(cfg_method->m_inner.get()), *cred_pass, &dlg, false); + else + wxLogError("Unsupported authentication mode."); + break; + } default : wxLogError("Unsupported inner authentication method."); } panel->SetRemember(src_inner == eap::credentials::source_storage); diff --git a/lib/WinStd b/lib/WinStd index 5ffcb79..905fd06 160000 --- a/lib/WinStd +++ b/lib/WinStd @@ -1 +1 @@ -Subproject commit 5ffcb79306139f20197b6492924bbe12a51d0ac2 +Subproject commit 905fd066dc326c8e020bb62ba40125236071fdda