Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

credentials: Move user impersonation to peer::get_identity()

Browse Source 
To retrieve user credentials, EapHost provides us the interactive user's
token we can use to impersonate.

By doing the impersonation early in peer::get_identity(), we don't need
to pass the token down the lower methods. This is rather a
simplification than a performance optimization.

Signed-off-by: Simon Rozman <simon@rozman.si>
This commit is contained in:
Simon Rozman 2020-02-06 09:39:57 +01:00
parent e2eb41e811
commit 75488ba870
14 changed files with 42 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/EAPBase/include/Config.h
View File

@ -308,6 +308,8 @@ namespace eap
/// ///
/// Generates public identity using current configuration and given credentials /// Generates public identity using current configuration and given credentials
/// ///
/// Must be called in the connecting user context.
///
std::wstring get_public_identity(const credentials &cred) const; std::wstring get_public_identity(const credentials &cred) const;
public: public:

36
lib/EAPBase/include/Credentials.h
View File

@ -202,13 +202,12 @@ namespace eap
/// ///
/// 1. Cached credentials /// 1. Cached credentials
/// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`) /// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`)
/// 3. Stored credentials /// 3. Stored credentials (must be called in the connecting user context)
/// ///
/// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior /// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior
/// \param[in] hTokenImpersonateUser Impersonation token for a logged-on user to collect user-related information /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be the same type of credentials as `this`)
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be the same type of credentials as `this`) /// \param[in] cfg Method configuration (must be the same type of configuration as `this` credentials belong to)
/// \param[in] cfg Method configuration (must be the same type of configuration as `this` credentials belong to) /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// ///
/// \returns /// \returns
/// - \c source_t::cache Credentials were obtained from EapHost cache /// - \c source_t::cache Credentials were obtained from EapHost cache
@ -217,7 +216,6 @@ namespace eap
/// ///
virtual source_t combine( virtual source_t combine(
_In_ DWORD dwFlags, _In_ DWORD dwFlags,
_In_opt_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName) = 0; _In_opt_z_ LPCTSTR pszTargetName) = 0;
@ -297,13 +295,12 @@ namespace eap
/// ///
/// 1. Cached credentials /// 1. Cached credentials
/// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`) /// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`)
/// 3. Stored credentials /// 3. Stored credentials (must be called in the connecting user context)
/// ///
/// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior /// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior
/// \param[in] hTokenImpersonateUser Impersonation token for a logged-on user to collect user-related information /// \param[in] cred_cached Cached credentials (optional, can be \c NULL)
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL) /// \param[in] cfg Method configuration (when derived from `config_method_with_cred`, metod attempt to load credentials from \p cfg)
/// \param[in] cfg Method configuration (when derived from `config_method_with_cred`, metod attempt to load credentials from \p cfg) /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// ///
/// \returns /// \returns
/// - \c source_t::cache Credentials were obtained from EapHost cache /// - \c source_t::cache Credentials were obtained from EapHost cache
@ -312,7 +309,6 @@ namespace eap
/// ///
virtual source_t combine( virtual source_t combine(
_In_ DWORD dwFlags, _In_ DWORD dwFlags,
_In_opt_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);
@ -409,13 +405,12 @@ namespace eap
/// ///
/// 1. Cached credentials /// 1. Cached credentials
/// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`) /// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`)
/// 3. Stored credentials /// 3. Stored credentials (must be called in the connecting user context)
/// ///
/// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior /// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior
/// \param[in] hTokenImpersonateUser Impersonation token for a logged-on user to collect user-related information /// \param[in] cred_cached Cached credentials (optional, can be \c NULL)
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL) /// \param[in] cfg Method configuration (when derived from `config_method_with_cred`, metod attempt to load credentials from \p cfg)
/// \param[in] cfg Method configuration (when derived from `config_method_with_cred`, metod attempt to load credentials from \p cfg) /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// ///
/// \returns /// \returns
/// - \c source_t::cache Credentials were obtained from EapHost cache /// - \c source_t::cache Credentials were obtained from EapHost cache
@ -424,7 +419,6 @@ namespace eap
/// ///
virtual source_t combine( virtual source_t combine(
_In_ DWORD dwFlags, _In_ DWORD dwFlags,
_In_opt_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);

5
lib/EAPBase/include/Module.h
View File

@ -1074,13 +1074,14 @@ namespace eap
/// ///
/// Checks all configured providers and tries to combine credentials. /// Checks all configured providers and tries to combine credentials.
/// ///
/// Must be called in the connecting user context.
///
_Success_(return != 0) virtual const config_method_with_cred* combine_credentials( _Success_(return != 0) virtual const config_method_with_cred* combine_credentials(
_In_ DWORD dwFlags, _In_ DWORD dwFlags,
_In_ const config_connection &cfg, _In_ const config_connection &cfg,
_In_count_(dwUserDataSize) const BYTE *pUserData, _In_count_(dwUserDataSize) const BYTE *pUserData,
_In_ DWORD dwUserDataSize, _In_ DWORD dwUserDataSize,
_Inout_ credentials_connection& cred_out, _Inout_ credentials_connection& cred_out) = 0;
_In_ HANDLE hTokenImpersonateUser) = 0;
protected: protected:
/// ///

8
lib/EAPBase/src/Credentials.cpp
View File

@ -297,7 +297,6 @@ LPCTSTR eap::credentials_identity::target_suffix() const
eap::credentials::source_t eap::credentials_identity::combine( eap::credentials::source_t eap::credentials_identity::combine(
_In_ DWORD dwFlags, _In_ DWORD dwFlags,
_In_opt_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
@ -320,9 +319,6 @@ eap::credentials::source_t eap::credentials_identity::combine(
} }
if (pszTargetName) { if (pszTargetName) {
// Switch user context.
user_impersonator impersonating(hTokenImpersonateUser);
try { try {
credentials_identity cred_loaded(m_module); credentials_identity cred_loaded(m_module);
cred_loaded.retrieve(pszTargetName, cfg.m_level); cred_loaded.retrieve(pszTargetName, cfg.m_level);
@ -603,7 +599,6 @@ LPCTSTR eap::credentials_pass::target_suffix() const
eap::credentials::source_t eap::credentials_pass::combine( eap::credentials::source_t eap::credentials_pass::combine(
_In_ DWORD dwFlags, _In_ DWORD dwFlags,
_In_opt_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
@ -626,9 +621,6 @@ eap::credentials::source_t eap::credentials_pass::combine(
} }
if (pszTargetName) { if (pszTargetName) {
// Switch user context.
user_impersonator impersonating(hTokenImpersonateUser);
try { try {
credentials_pass cred_loaded(m_module); credentials_pass cred_loaded(m_module);
cred_loaded.retrieve(pszTargetName, cfg.m_level); cred_loaded.retrieve(pszTargetName, cfg.m_level);

5
lib/EAPBase/src/Module.cpp
View File

@ -367,9 +367,12 @@ void eap::peer::get_identity(
config_connection cfg(*this); config_connection cfg(*this);
unpack(cfg, pConnectionData, dwConnectionDataSize); unpack(cfg, pConnectionData, dwConnectionDataSize);
// Switch user context.
user_impersonator impersonating(hTokenImpersonateUser);
// Combine credentials. // Combine credentials.
credentials_connection cred_out(*this, cfg); credentials_connection cred_out(*this, cfg);
auto cfg_method = combine_credentials(dwFlags, cfg, pUserData, dwUserDataSize, cred_out, hTokenImpersonateUser); auto cfg_method = combine_credentials(dwFlags, cfg, pUserData, dwUserDataSize, cred_out);
if (cfg_method) { if (cfg_method) {
// No UI will be necessary. // No UI will be necessary.

12
lib/EapHost/include/Credentials.h
View File

@ -121,13 +121,12 @@ namespace eap
/// ///
/// 1. Cached credentials /// 1. Cached credentials
/// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`) /// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`)
/// 3. Stored credentials /// 3. Stored credentials (must be called in the connecting user context)
/// ///
/// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior /// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior
/// \param[in] hTokenImpersonateUser Impersonation token for a logged-on user to collect user-related information /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be `credentials_eaphost*` type)
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be `credentials_eaphost*` type) /// \param[in] cfg Method configuration (unused, as must be as config_method_eaphost is not derived from `config_method_with_cred`)
/// \param[in] cfg Method configuration (unused, as must be as config_method_eaphost is not derived from `config_method_with_cred`) /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// ///
/// \returns /// \returns
/// - \c source_t::cache Credentials were obtained from EapHost cache /// - \c source_t::cache Credentials were obtained from EapHost cache
@ -136,7 +135,6 @@ namespace eap
/// ///
virtual source_t combine( virtual source_t combine(
_In_ DWORD dwFlags, _In_ DWORD dwFlags,
_In_opt_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);

6
lib/EapHost/src/Credentials.cpp
View File

@ -220,7 +220,6 @@ LPCTSTR eap::credentials_eaphost::target_suffix() const
eap::credentials::source_t eap::credentials_eaphost::combine( eap::credentials::source_t eap::credentials_eaphost::combine(
_In_ DWORD dwFlags, _In_ DWORD dwFlags,
_In_opt_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
@ -253,9 +252,6 @@ eap::credentials::source_t eap::credentials_eaphost::combine(
} }
if (src == source_t::unknown && pszTargetName) { if (src == source_t::unknown && pszTargetName) {
// Switch user context.
user_impersonator impersonating(hTokenImpersonateUser);
try { try {
credentials_eaphost cred_loaded(m_module); credentials_eaphost cred_loaded(m_module);
cred_loaded.retrieve(pszTargetName, cfg.m_level); cred_loaded.retrieve(pszTargetName, cfg.m_level);
@ -281,7 +277,7 @@ eap::credentials::source_t eap::credentials_eaphost::combine(
cfg_eaphost->get_type(), cfg_eaphost->get_type(),
(DWORD)cfg_eaphost->m_cfg_blob.size(), cfg_eaphost->m_cfg_blob.data(), (DWORD)cfg_eaphost->m_cfg_blob.size(), cfg_eaphost->m_cfg_blob.data(),
src != source_t::unknown ? (DWORD)m_cred_blob.size() : 0, src != source_t::unknown ? m_cred_blob.data() : NULL, src != source_t::unknown ? (DWORD)m_cred_blob.size() : 0, src != source_t::unknown ? m_cred_blob.data() : NULL,
hTokenImpersonateUser, NULL,
&fInvokeUI, &fInvokeUI,
&cred_data_size, get_ptr(cred_data), &cred_data_size, get_ptr(cred_data),
get_ptr(identity), get_ptr(identity),

12
lib/TLS/include/Credentials.h
View File

@ -123,13 +123,12 @@ namespace eap
/// ///
/// 1. Cached credentials /// 1. Cached credentials
/// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`) /// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`)
/// 3. Stored credentials /// 3. Stored credentials (must be called in the connecting user context)
/// ///
/// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior /// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior
/// \param[in] hTokenImpersonateUser Impersonation token for a logged-on user to collect user-related information /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be `credentials_tls*` type)
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be `credentials_tls*` type) /// \param[in] cfg Method configuration (unused, as must be as config_method_tls is not derived from `config_method_with_cred`)
/// \param[in] cfg Method configuration (unused, as must be as config_method_tls is not derived from `config_method_with_cred`) /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// ///
/// \returns /// \returns
/// - \c source_t::cache Credentials were obtained from EapHost cache /// - \c source_t::cache Credentials were obtained from EapHost cache
@ -138,7 +137,6 @@ namespace eap
/// ///
virtual source_t combine( virtual source_t combine(
_In_ DWORD dwFlags, _In_ DWORD dwFlags,
_In_opt_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);

4
lib/TLS/src/Credentials.cpp
View File

@ -267,7 +267,6 @@ std::wstring eap::credentials_tls::get_identity() const
eap::credentials::source_t eap::credentials_tls::combine( eap::credentials::source_t eap::credentials_tls::combine(
_In_ DWORD dwFlags, _In_ DWORD dwFlags,
_In_opt_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
@ -290,9 +289,6 @@ eap::credentials::source_t eap::credentials_tls::combine(
} }
if (pszTargetName) { if (pszTargetName) {
// Switch user context.
user_impersonator impersonating(hTokenImpersonateUser);
try { try {
credentials_tls cred_loaded(m_module); credentials_tls cred_loaded(m_module);
cred_loaded.retrieve(pszTargetName, cfg.m_level); cred_loaded.retrieve(pszTargetName, cfg.m_level);

12
lib/TTLS/include/Credentials.h
View File

@ -112,13 +112,12 @@ namespace eap
/// ///
/// 1. Cached credentials /// 1. Cached credentials
/// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`) /// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`)
/// 3. Stored credentials /// 3. Stored credentials (must be called in the connecting user context)
/// ///
/// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior /// \param[in] dwFlags A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior
/// \param[in] hTokenImpersonateUser Impersonation token for a logged-on user to collect user-related information /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be `credentials_tls_tunnel*` type)
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be `credentials_tls_tunnel*` type) /// \param[in] cfg Method configuration (unused, as must be as config_method_tls_tunnel is not derived from `config_method_with_cred`)
/// \param[in] cfg Method configuration (unused, as must be as config_method_tls_tunnel is not derived from `config_method_with_cred`) /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// ///
/// \returns /// \returns
/// - \c source_t::cache Credentials were obtained from EapHost cache /// - \c source_t::cache Credentials were obtained from EapHost cache
@ -127,7 +126,6 @@ namespace eap
/// ///
virtual source_t combine( virtual source_t combine(
_In_ DWORD dwFlags, _In_ DWORD dwFlags,
_In_opt_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);

3
lib/TTLS/include/Module.h
View File

@ -64,8 +64,7 @@ namespace eap
_In_ const config_connection &cfg, _In_ const config_connection &cfg,
_In_count_(dwUserDataSize) const BYTE *pUserData, _In_count_(dwUserDataSize) const BYTE *pUserData,
_In_ DWORD dwUserDataSize, _In_ DWORD dwUserDataSize,
_Inout_ credentials_connection& cred_out, _Inout_ credentials_connection& cred_out);
_In_ HANDLE hTokenImpersonateUser);
}; };

3
lib/TTLS/src/Credentials.cpp
View File

@ -180,7 +180,6 @@ wstring eap::credentials_tls_tunnel::get_identity() const
eap::credentials::source_t eap::credentials_tls_tunnel::combine( eap::credentials::source_t eap::credentials_tls_tunnel::combine(
_In_ DWORD dwFlags, _In_ DWORD dwFlags,
_In_opt_ HANDLE hTokenImpersonateUser,
_In_opt_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
@ -188,7 +187,6 @@ eap::credentials::source_t eap::credentials_tls_tunnel::combine(
// Combine outer credentials. // Combine outer credentials.
source_t src_outer = credentials_tls::combine( source_t src_outer = credentials_tls::combine(
dwFlags, dwFlags,
hTokenImpersonateUser,
cred_cached, cred_cached,
cfg, cfg,
pszTargetName); pszTargetName);
@ -196,7 +194,6 @@ eap::credentials::source_t eap::credentials_tls_tunnel::combine(
// Combine inner credentials. // Combine inner credentials.
source_t src_inner = m_inner->combine( source_t src_inner = m_inner->combine(
dwFlags, dwFlags,
hTokenImpersonateUser,
cred_cached ? dynamic_cast<const credentials_tls_tunnel*>(cred_cached)->m_inner.get() : NULL, cred_cached ? dynamic_cast<const credentials_tls_tunnel*>(cred_cached)->m_inner.get() : NULL,
*dynamic_cast<const config_method_tls_tunnel&>(cfg).m_inner, *dynamic_cast<const config_method_tls_tunnel&>(cfg).m_inner,
pszTargetName); pszTargetName);

5
lib/TTLS/src/Module.cpp
View File

@ -66,8 +66,7 @@ _Success_(return != 0) const eap::config_method_with_cred* eap::peer_tls_tunnel:
_In_ const config_connection &cfg, _In_ const config_connection &cfg,
_In_count_(dwUserDataSize) const BYTE *pUserData, _In_count_(dwUserDataSize) const BYTE *pUserData,
_In_ DWORD dwUserDataSize, _In_ DWORD dwUserDataSize,
_Inout_ credentials_connection& cred_out, _Inout_ credentials_connection& cred_out)
_In_ HANDLE hTokenImpersonateUser)
{ {
#if EAP_USE_NATIVE_CREDENTIAL_CACHE #if EAP_USE_NATIVE_CREDENTIAL_CACHE
// Unpack cached credentials. // Unpack cached credentials.
@ -102,7 +101,6 @@ _Success_(return != 0) const eap::config_method_with_cred* eap::peer_tls_tunnel:
LPCTSTR _target_name = (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? target_name.c_str() : NULL; LPCTSTR _target_name = (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? target_name.c_str() : NULL;
eap::credentials::source_t src_outer = cred->credentials_tls::combine( eap::credentials::source_t src_outer = cred->credentials_tls::combine(
dwFlags, dwFlags,
hTokenImpersonateUser,
#if EAP_USE_NATIVE_CREDENTIAL_CACHE #if EAP_USE_NATIVE_CREDENTIAL_CACHE
has_cached ? cred_in.m_cred.get() : NULL, has_cached ? cred_in.m_cred.get() : NULL,
#else #else
@ -118,7 +116,6 @@ _Success_(return != 0) const eap::config_method_with_cred* eap::peer_tls_tunnel:
// Combine inner credentials. // Combine inner credentials.
eap::credentials::source_t src_inner = cred->m_inner->combine( eap::credentials::source_t src_inner = cred->m_inner->combine(
dwFlags, dwFlags,
hTokenImpersonateUser,
#if EAP_USE_NATIVE_CREDENTIAL_CACHE #if EAP_USE_NATIVE_CREDENTIAL_CACHE
has_cached ? dynamic_cast<credentials_tls_tunnel*>(cred_in.m_cred.get())->m_inner.get() : NULL, has_cached ? dynamic_cast<credentials_tls_tunnel*>(cred_in.m_cred.get())->m_inner.get() : NULL,
#else #else

2
lib/TTLS_UI/src/Module.cpp
View File

@ -174,7 +174,6 @@ void eap::peer_ttls_ui::invoke_identity_ui(
wstring target_name(std::move(cfg_prov->get_id())); wstring target_name(std::move(cfg_prov->get_id()));
eap::credentials::source_t src_outer = cred->credentials_tls::combine( eap::credentials::source_t src_outer = cred->credentials_tls::combine(
dwFlags, dwFlags,
NULL,
#if EAP_USE_NATIVE_CREDENTIAL_CACHE #if EAP_USE_NATIVE_CREDENTIAL_CACHE
has_cached ? cred_in.m_cred.get() : NULL, has_cached ? cred_in.m_cred.get() : NULL,
#else #else
@ -222,7 +221,6 @@ void eap::peer_ttls_ui::invoke_identity_ui(
// Combine inner credentials. // Combine inner credentials.
eap::credentials::source_t src_inner = cred->m_inner->combine( eap::credentials::source_t src_inner = cred->m_inner->combine(
dwFlags, dwFlags,
NULL,
#if EAP_USE_NATIVE_CREDENTIAL_CACHE #if EAP_USE_NATIVE_CREDENTIAL_CACHE
has_cached ? dynamic_cast<credentials_tls_tunnel*>(cred_in.m_cred.get())->m_inner.get() : NULL, has_cached ? dynamic_cast<credentials_tls_tunnel*>(cred_in.m_cred.get())->m_inner.get() : NULL,
#else #else