Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

credentials: Move user impersonation to peer::get_identity()

Browse Source 
To retrieve user credentials, EapHost provides us the interactive user's
token we can use to impersonate.

By doing the impersonation early in peer::get_identity(), we don't need
to pass the token down the lower methods. This is rather a
simplification than a performance optimization.

Signed-off-by: Simon Rozman <simon@rozman.si>
This commit is contained in:
Simon Rozman
2020-02-06 09:39:57 +01:00
parent e2eb41e811
commit 75488ba870
14 changed files with 42 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/EAPBase/src/Credentials.cpp
View File

@@ -297,7 +297,6 @@ LPCTSTR eap::credentials_identity::target_suffix() const
eap::credentials::source_t eap::credentials_identity::combine(
_In_ DWORD dwFlags,
_In_opt_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName)
@@ -320,9 +319,6 @@ eap::credentials::source_t eap::credentials_identity::combine(
}
if (pszTargetName) {
// Switch user context.
user_impersonator impersonating(hTokenImpersonateUser);
try {
credentials_identity cred_loaded(m_module);
cred_loaded.retrieve(pszTargetName, cfg.m_level);
@@ -603,7 +599,6 @@ LPCTSTR eap::credentials_pass::target_suffix() const
eap::credentials::source_t eap::credentials_pass::combine(
_In_ DWORD dwFlags,
_In_opt_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName)
@@ -626,9 +621,6 @@ eap::credentials::source_t eap::credentials_pass::combine(
}
if (pszTargetName) {
// Switch user context.
user_impersonator impersonating(hTokenImpersonateUser);
try {
credentials_pass cred_loaded(m_module);
cred_loaded.retrieve(pszTargetName, cfg.m_level);

5
lib/EAPBase/src/Module.cpp
View File

@@ -367,9 +367,12 @@ void eap::peer::get_identity(
config_connection cfg(*this);
unpack(cfg, pConnectionData, dwConnectionDataSize);
// Switch user context.
user_impersonator impersonating(hTokenImpersonateUser);
// Combine credentials.
credentials_connection cred_out(*this, cfg);
auto cfg_method = combine_credentials(dwFlags, cfg, pUserData, dwUserDataSize, cred_out, hTokenImpersonateUser);
auto cfg_method = combine_credentials(dwFlags, cfg, pUserData, dwUserDataSize, cred_out);
if (cfg_method) {
// No UI will be necessary.