diff --git a/lib/EAPBase/include/Config.h b/lib/EAPBase/include/Config.h index 1dd8c44..3f4cbbe 100644 --- a/lib/EAPBase/include/Config.h +++ b/lib/EAPBase/include/Config.h @@ -201,6 +201,25 @@ namespace eap class config_method : public config { + public: + /// + /// Authentication attempt status + /// + enum status_t { + status_success = 0, ///< Authentication succeeded + status_auth_failed, ///< Authentication failed + status_cred_invalid, ///< Invalid credentials + status_cred_expired, ///< Credentials expired + status_cred_changing, ///< Credentials are being changed + status_account_disabled, ///< Account is disabled + status_account_logon_hours, ///< Restricted account logon hours + status_account_denied, ///< Account access is denied + + // Meta statuses + status_cred_begin = status_cred_invalid, ///< First credential related problem + status_cred_end = status_cred_changing + 1, ///< First problem, that is not credential related any more + }; + public: /// /// Constructs configuration @@ -242,6 +261,52 @@ namespace eap /// config_method& operator=(_Inout_ config_method &&other); + /// \name XML configuration management + /// @{ + + /// + /// Save to XML document + /// + /// \param[in] pDoc XML document + /// \param[in] pConfigRoot Suggested root element for saving + /// + virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const; + + /// + /// Load from XML document + /// + /// \param[in] pConfigRoot Root element for loading + /// + virtual void load(_In_ IXMLDOMNode *pConfigRoot); + + /// @} + + /// \name BLOB management + /// @{ + + /// + /// Packs a configuration + /// + /// \param[inout] cursor Memory cursor + /// + virtual void operator<<(_Inout_ cursor_out &cursor) const; + + /// + /// Returns packed size of a configuration + /// + /// \returns Size of data when packed (in bytes) + /// + virtual size_t get_pk_size() const; + + /// + /// Unpacks a configuration + /// + /// \param[inout] cursor Memory cursor + /// + virtual void operator>>(_Inout_ cursor_in &cursor); + + /// @} + /// /// Returns EAP method type of this configuration /// @@ -256,6 +321,9 @@ namespace eap public: const unsigned int m_level; ///< Config level (0=outer, 1=inner, 2=inner-inner...) + bool m_allow_save; ///< Are credentials allowed to be saved to Windows Credential Manager? + status_t m_last_status; ///< Status of authentication the last time + std::wstring m_last_msg; ///< Server message at the last authentication }; @@ -264,25 +332,6 @@ namespace eap class config_method_with_cred : public config_method { - public: - /// - /// Authentication attempt status - /// - enum status_t { - status_success = 0, ///< Authentication succeeded - status_auth_failed, ///< Authentication failed - status_cred_invalid, ///< Invalid credentials - status_cred_expired, ///< Credentials expired - status_cred_changing, ///< Credentials are being changed - status_account_disabled, ///< Account is disabled - status_account_logon_hours, ///< Restricted account logon hours - status_account_denied, ///< Account access is denied - - // Meta statuses - status_cred_begin = status_cred_invalid, ///< First credential related problem - status_cred_end = status_cred_changing + 1, ///< First problem, that is not credential related any more - }; - public: /// /// Constructs configuration @@ -376,11 +425,8 @@ namespace eap virtual credentials* make_credentials() const = 0; public: - bool m_allow_save; ///< Are credentials allowed to be saved to Windows Credential Manager? - bool m_use_cred; ///< Use configured credentials - std::unique_ptr m_cred; ///< Configured credentials - status_t m_last_status; ///< Status of authentication the last time - std::wstring m_last_msg; ///< Server message at the last authentication + bool m_use_cred; ///< Use configured credentials + std::unique_ptr m_cred; ///< Configured credentials }; @@ -631,19 +677,19 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config &val) } -inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::config_method_with_cred::status_t &val) +inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::config_method::status_t &val) { cursor << (unsigned char)val; } -inline size_t pksizeof(_In_ const eap::config_method_with_cred::status_t &val) +inline size_t pksizeof(_In_ const eap::config_method::status_t &val) { return pksizeof((unsigned char)val); } -inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config_method_with_cred::status_t &val) +inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config_method::status_t &val) { cursor >> (unsigned char&)val; } diff --git a/lib/EAPBase/include/Method.h b/lib/EAPBase/include/Method.h index 1eef7df..21d1e6d 100644 --- a/lib/EAPBase/include/Method.h +++ b/lib/EAPBase/include/Method.h @@ -61,7 +61,7 @@ namespace eap /// \param[in] cfg Method configuration /// \param[in] cred User credentials /// - method(_In_ module &module, _In_ config_method_with_cred &cfg, _In_ credentials &cred); + method(_In_ module &module, _In_ config_method &cfg, _In_ credentials &cred); /// /// Moves an EAP method @@ -132,7 +132,7 @@ namespace eap public: module &m_module; ///< EAP module - config_method_with_cred &m_cfg; ///< Connection configuration + config_method &m_cfg; ///< Connection configuration credentials &m_cred; ///< User credentials std::vector m_eap_attr; ///< EAP attributes }; @@ -150,7 +150,7 @@ namespace eap /// \param[in] cfg Method configuration /// \param[in] cred User credentials /// - method_noneap(_In_ module &module, _In_ config_method_with_cred &cfg, _In_ credentials &cred); + method_noneap(_In_ module &module, _In_ config_method &cfg, _In_ credentials &cred); /// /// Moves an EAP method diff --git a/lib/EAPBase/src/Config.cpp b/lib/EAPBase/src/Config.cpp index 9bb69bc..017156c 100644 --- a/lib/EAPBase/src/Config.cpp +++ b/lib/EAPBase/src/Config.cpp @@ -103,22 +103,30 @@ const bstr eap::config::namespace_eapmetadata(L"urn:ietf:params:xml:ns:yang:ietf ////////////////////////////////////////////////////////////////////// eap::config_method::config_method(_In_ module &mod, _In_ unsigned int level) : - m_level(level), - config(mod) + m_level (level), + m_allow_save (true), + m_last_status(status_success), + config (mod) { } eap::config_method::config_method(_In_ const config_method &other) : - m_level(other.m_level), - config(other) + m_level (other.m_level ), + m_allow_save (other.m_allow_save ), + m_last_status(other.m_last_status), + m_last_msg (other.m_last_msg ), + config (other ) { } eap::config_method::config_method(_Inout_ config_method &&other) : - m_level(other.m_level), - config(std::move(other)) + m_level (std::move(other.m_level )), + m_allow_save (std::move(other.m_allow_save )), + m_last_status(std::move(other.m_last_status)), + m_last_msg (std::move(other.m_last_msg )), + config (std::move(other )) { } @@ -128,6 +136,9 @@ eap::config_method& eap::config_method::operator=(_In_ const config_method &othe if (this != &other) { assert(m_level == other.m_level); // Allow copy within same configuration level only. (config&)*this = other; + m_allow_save = other.m_allow_save; + m_last_status = other.m_last_status; + m_last_msg = other.m_last_msg; } return *this; @@ -138,83 +149,23 @@ eap::config_method& eap::config_method::operator=(_Inout_ config_method &&other) { if (this != &other) { assert(m_level == other.m_level); // Allow move within same configuration level only. - (config&&)*this = std::move(other); + (config&&)*this = std::move(other ); + m_allow_save = std::move(other.m_allow_save ); + m_last_status = std::move(other.m_last_status); + m_last_msg = std::move(other.m_last_msg ); } return *this; } -////////////////////////////////////////////////////////////////////// -// eap::config_method_with_cred -////////////////////////////////////////////////////////////////////// - -eap::config_method_with_cred::config_method_with_cred(_In_ module &mod, _In_ unsigned int level) : - m_allow_save (true), - m_use_cred (false), - m_last_status(status_success), - config_method(mod, level) -{ -} - - -eap::config_method_with_cred::config_method_with_cred(_In_ const config_method_with_cred &other) : - m_allow_save (other.m_allow_save ), - m_use_cred (other.m_use_cred ), - m_cred (other.m_cred ? (credentials*)other.m_cred->clone() : nullptr), - m_last_status(other.m_last_status ), - m_last_msg (other.m_last_msg ), - config_method(other ) -{ -} - - -eap::config_method_with_cred::config_method_with_cred(_Inout_ config_method_with_cred &&other) : - m_allow_save (std::move(other.m_allow_save )), - m_use_cred (std::move(other.m_use_cred )), - m_cred (std::move(other.m_cred )), - m_last_status(std::move(other.m_last_status)), - m_last_msg (std::move(other.m_last_msg )), - config_method(std::move(other )) -{ -} - - -eap::config_method_with_cred& eap::config_method_with_cred::operator=(_In_ const config_method_with_cred &other) -{ - if (this != &other) { - (config_method&)*this = other; - m_allow_save = other.m_allow_save; - m_use_cred = other.m_use_cred; - m_cred.reset(other.m_cred ? (credentials*)other.m_cred->clone() : nullptr); - m_last_status = other.m_last_status; - m_last_msg = other.m_last_msg; - } - - return *this; -} - - -eap::config_method_with_cred& eap::config_method_with_cred::operator=(_Inout_ config_method_with_cred &&other) -{ - if (this != &other) { - (config_method&)*this = std::move(other ); - m_allow_save = std::move(other.m_allow_save ); - m_use_cred = std::move(other.m_use_cred ); - m_cred = std::move(other.m_cred ); - m_last_status = std::move(other.m_last_status); - m_last_msg = std::move(other.m_last_msg ); - } - - return *this; -} - - -void eap::config_method_with_cred::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const +void eap::config_method::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const { assert(pDoc); assert(pConfigRoot); + config::save(pDoc, pConfigRoot); + HRESULT hr; // @@ -225,19 +176,16 @@ void eap::config_method_with_cred::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOM // / if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, winstd::bstr(L"allow-save"), namespace_eapmetadata, m_allow_save))) throw com_runtime_error(hr, __FUNCTION__ " Error creating element."); - - if (m_use_cred) - m_cred->save(pDoc, pXmlElClientSideCredential); } -void eap::config_method_with_cred::load(_In_ IXMLDOMNode *pConfigRoot) +void eap::config_method::load(_In_ IXMLDOMNode *pConfigRoot) { assert(pConfigRoot); + config::load(pConfigRoot); + m_allow_save = true; - m_use_cred = false; - m_cred->clear(); // winstd::com_obj pXmlElClientSideCredential; @@ -247,6 +195,125 @@ void eap::config_method_with_cred::load(_In_ IXMLDOMNode *pConfigRoot) // eapxml::get_element_value(pXmlElClientSideCredential, winstd::bstr(L"eap-metadata:allow-save"), m_allow_save); m_module.log_config((xpath + L"/allow-save").c_str(), m_allow_save); + } + + m_last_status = status_success; + m_last_msg.clear(); +} + + +void eap::config_method::operator<<(_Inout_ cursor_out &cursor) const +{ + config::operator<<(cursor); + cursor << m_allow_save; + cursor << m_last_status; + cursor << m_last_msg; +} + + +size_t eap::config_method::get_pk_size() const +{ + return + config::get_pk_size() + + pksizeof(m_allow_save ) + + pksizeof(m_last_status) + + pksizeof(m_last_msg ); +} + + +void eap::config_method::operator>>(_Inout_ cursor_in &cursor) +{ + config::operator>>(cursor); + cursor >> m_allow_save; + cursor >> m_last_status; + cursor >> m_last_msg; +} + + +////////////////////////////////////////////////////////////////////// +// eap::config_method_with_cred +////////////////////////////////////////////////////////////////////// + +eap::config_method_with_cred::config_method_with_cred(_In_ module &mod, _In_ unsigned int level) : + m_use_cred (false), + config_method(mod, level) +{ +} + + +eap::config_method_with_cred::config_method_with_cred(_In_ const config_method_with_cred &other) : + m_use_cred (other.m_use_cred ), + m_cred (other.m_cred ? (credentials*)other.m_cred->clone() : nullptr), + config_method(other ) +{ +} + + +eap::config_method_with_cred::config_method_with_cred(_Inout_ config_method_with_cred &&other) : + m_use_cred (std::move(other.m_use_cred)), + m_cred (std::move(other.m_cred )), + config_method(std::move(other )) +{ +} + + +eap::config_method_with_cred& eap::config_method_with_cred::operator=(_In_ const config_method_with_cred &other) +{ + if (this != &other) { + (config_method&)*this = other; + m_use_cred = other.m_use_cred; + m_cred.reset(other.m_cred ? (credentials*)other.m_cred->clone() : nullptr); + } + + return *this; +} + + +eap::config_method_with_cred& eap::config_method_with_cred::operator=(_Inout_ config_method_with_cred &&other) +{ + if (this != &other) { + (config_method&)*this = std::move(other ); + m_use_cred = std::move(other.m_use_cred); + m_cred = std::move(other.m_cred ); + } + + return *this; +} + + +void eap::config_method_with_cred::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const +{ + assert(pDoc); + assert(pConfigRoot); + + config_method::save(pDoc, pConfigRoot); + + HRESULT hr; + + if (m_use_cred) { + // + winstd::com_obj pXmlElClientSideCredential; + if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, winstd::bstr(L"eap-metadata:ClientSideCredential"), winstd::bstr(L"ClientSideCredential"), namespace_eapmetadata, pXmlElClientSideCredential))) + throw com_runtime_error(hr, __FUNCTION__ " Error creating element."); + + m_cred->save(pDoc, pXmlElClientSideCredential); + } +} + + +void eap::config_method_with_cred::load(_In_ IXMLDOMNode *pConfigRoot) +{ + assert(pConfigRoot); + + config_method::load(pConfigRoot); + + m_use_cred = false; + m_cred->clear(); + + // + winstd::com_obj pXmlElClientSideCredential; + if (SUCCEEDED(eapxml::select_element(pConfigRoot, winstd::bstr(L"eap-metadata:ClientSideCredential"), pXmlElClientSideCredential))) { + std::wstring xpath(eapxml::get_xpath(pXmlElClientSideCredential)); try { m_cred->load(pXmlElClientSideCredential); @@ -255,20 +322,14 @@ void eap::config_method_with_cred::load(_In_ IXMLDOMNode *pConfigRoot) // This is not really an error - merely an indication configured credentials are unavailable. } } - - m_last_status = status_success; - m_last_msg.clear(); } void eap::config_method_with_cred::operator<<(_Inout_ cursor_out &cursor) const { config_method::operator<<(cursor); - cursor << m_allow_save; cursor << m_use_cred; cursor << *m_cred; - cursor << m_last_status; - cursor << m_last_msg; } @@ -276,22 +337,16 @@ size_t eap::config_method_with_cred::get_pk_size() const { return config_method::get_pk_size() + - pksizeof(m_allow_save ) + - pksizeof(m_use_cred ) + - pksizeof(*m_cred ) + - pksizeof(m_last_status) + - pksizeof(m_last_msg ); + pksizeof(m_use_cred) + + pksizeof(*m_cred ); } void eap::config_method_with_cred::operator>>(_Inout_ cursor_in &cursor) { config_method::operator>>(cursor); - cursor >> m_allow_save; cursor >> m_use_cred; cursor >> *m_cred; - cursor >> m_last_status; - cursor >> m_last_msg; } diff --git a/lib/EAPBase/src/Method.cpp b/lib/EAPBase/src/Method.cpp index 3604fc4..c963bac 100644 --- a/lib/EAPBase/src/Method.cpp +++ b/lib/EAPBase/src/Method.cpp @@ -28,7 +28,7 @@ using namespace winstd; // eap::method ////////////////////////////////////////////////////////////////////// -eap::method::method(_In_ module &module, _In_ config_method_with_cred &cfg, _In_ credentials &cred) : +eap::method::method(_In_ module &module, _In_ config_method &cfg, _In_ credentials &cred) : m_module(module), m_cfg(cfg), m_cred(cred) @@ -71,7 +71,7 @@ void eap::method::begin_session( // Presume authentication will fail with generic protocol failure. (Pesimist!!!) // We will reset once we get get_result(Success) call. - m_cfg.m_last_status = config_method_with_cred::status_auth_failed; + m_cfg.m_last_status = config_method::status_auth_failed; m_cfg.m_last_msg.clear(); } @@ -90,7 +90,7 @@ void eap::method::get_result( switch (reason) { case EapPeerMethodResultSuccess: { m_module.log_event(&EAPMETHOD_METHOD_SUCCESS, event_data((unsigned int)m_cfg.get_method_id()), event_data::blank); - m_cfg.m_last_status = config_method_with_cred::status_success; + m_cfg.m_last_status = config_method::status_success; break; } @@ -113,7 +113,7 @@ void eap::method::get_result( // eap::method_noneap ////////////////////////////////////////////////////////////////////// -eap::method_noneap::method_noneap(_In_ module &module, _In_ config_method_with_cred &cfg, _In_ credentials &cred) : method(module, cfg, cred) +eap::method_noneap::method_noneap(_In_ module &module, _In_ config_method &cfg, _In_ credentials &cred) : method(module, cfg, cred) { } diff --git a/lib/EAPBase_UI/include/EAP_UI.h b/lib/EAPBase_UI/include/EAP_UI.h index 601c3cd..ed4026f 100644 --- a/lib/EAPBase_UI/include/EAP_UI.h +++ b/lib/EAPBase_UI/include/EAP_UI.h @@ -436,7 +436,7 @@ public: /// /// Constructs a notice pannel and set the title text /// - wxEAPCredentialWarningPanel(const eap::config_provider &prov, eap::config_method_with_cred::status_t status, wxWindow* parent); + wxEAPCredentialWarningPanel(const eap::config_provider &prov, eap::config_method::status_t status, wxWindow* parent); }; diff --git a/lib/EAPBase_UI/src/EAP_UI.cpp b/lib/EAPBase_UI/src/EAP_UI.cpp index 8ac6c2e..7a18485 100644 --- a/lib/EAPBase_UI/src/EAP_UI.cpp +++ b/lib/EAPBase_UI/src/EAP_UI.cpp @@ -238,7 +238,7 @@ wxEAPProviderLockedPanel::wxEAPProviderLockedPanel(const eap::config_provider &p // wxEAPCredentialWarningPanel ////////////////////////////////////////////////////////////////////// -wxEAPCredentialWarningPanel::wxEAPCredentialWarningPanel(const eap::config_provider &prov, eap::config_method_with_cred::status_t status, wxWindow* parent) : wxEAPNotePanel(parent) +wxEAPCredentialWarningPanel::wxEAPCredentialWarningPanel(const eap::config_provider &prov, eap::config_method::status_t status, wxWindow* parent) : wxEAPNotePanel(parent) { // Load and set icon. winstd::library lib_shell32; @@ -246,10 +246,10 @@ wxEAPCredentialWarningPanel::wxEAPCredentialWarningPanel(const eap::config_provi m_note_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(161))); m_note_label->SetLabel(( - status == eap::config_method_with_cred::status_cred_invalid ? _("Previous attempt to connect reported invalid credentials.") : - status == eap::config_method_with_cred::status_cred_expired ? _("Previous attempt to connect reported your credentials expired.") : - status == eap::config_method_with_cred::status_cred_changing ? _("Previous attempt to connect reported your credentials are being changed.") : - _("Previous attempt to connect failed.")) + " " + + status == eap::config_method::status_cred_invalid ? _("Previous attempt to connect reported invalid credentials.") : + status == eap::config_method::status_cred_expired ? _("Previous attempt to connect reported your credentials expired.") : + status == eap::config_method::status_cred_changing ? _("Previous attempt to connect reported your credentials are being changed.") : + _("Previous attempt to connect failed.")) + " " + _("Please, make sure your credentials are correct, or try again later.")); m_note_label->Wrap(449); diff --git a/lib/MSCHAPv2/src/Method.cpp b/lib/MSCHAPv2/src/Method.cpp index 96f5d5f..d3794b8 100644 --- a/lib/MSCHAPv2/src/Method.cpp +++ b/lib/MSCHAPv2/src/Method.cpp @@ -129,7 +129,7 @@ void eap::method_mschapv2::process_request_packet( append_avp(25, 311, diameter_avp_flag_mandatory, response.data() , (unsigned int)response.size() ); m_phase = phase_challenge_server; - m_cfg.m_last_status = config_method_with_cred::status_cred_invalid; // Blame credentials if we fail beyond this point. + m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point. break; } @@ -236,12 +236,12 @@ void eap::method_mschapv2::process_error(_In_ const list &argv) DWORD dwResult = strtoul(val.data() + 2, NULL, 10); m_module.log_event(&EAPMETHOD_METHOD_FAILURE_ERROR, event_data((unsigned int)eap_type_legacy_mschapv2), event_data(dwResult), event_data::blank); switch (dwResult) { - case ERROR_ACCT_DISABLED : m_cfg.m_last_status = config_method_with_cred::status_account_disabled ; break; - case ERROR_RESTRICTED_LOGON_HOURS: m_cfg.m_last_status = config_method_with_cred::status_account_logon_hours; break; - case ERROR_NO_DIALIN_PERMISSION : m_cfg.m_last_status = config_method_with_cred::status_account_denied ; break; - case ERROR_PASSWD_EXPIRED : m_cfg.m_last_status = config_method_with_cred::status_cred_expired ; break; - case ERROR_CHANGING_PASSWORD : m_cfg.m_last_status = config_method_with_cred::status_cred_changing ; break; - default : m_cfg.m_last_status = config_method_with_cred::status_cred_invalid ; + case ERROR_ACCT_DISABLED : m_cfg.m_last_status = config_method::status_account_disabled ; break; + case ERROR_RESTRICTED_LOGON_HOURS: m_cfg.m_last_status = config_method::status_account_logon_hours; break; + case ERROR_NO_DIALIN_PERMISSION : m_cfg.m_last_status = config_method::status_account_denied ; break; + case ERROR_PASSWD_EXPIRED : m_cfg.m_last_status = config_method::status_cred_expired ; break; + case ERROR_CHANGING_PASSWORD : m_cfg.m_last_status = config_method::status_cred_changing ; break; + default : m_cfg.m_last_status = config_method::status_cred_invalid ; } } else if ((val[0] == 'C' || val[0] == 'c') && val[1] == '=') { hex_dec dec; diff --git a/lib/PAP/include/Method.h b/lib/PAP/include/Method.h index 213af06..8a9bf11 100644 --- a/lib/PAP/include/Method.h +++ b/lib/PAP/include/Method.h @@ -93,7 +93,7 @@ namespace eap /// @} protected: - credentials_pass &m_cred; ///< Method user credentials + credentials_pass &m_cred; ///< Method user credentials enum { phase_unknown = -1, ///< Unknown phase diff --git a/lib/PAP/src/Method.cpp b/lib/PAP/src/Method.cpp index d52cf8d..8d197d6 100644 --- a/lib/PAP/src/Method.cpp +++ b/lib/PAP/src/Method.cpp @@ -98,7 +98,7 @@ void eap::method_pap::process_request_packet( append_avp(2, diameter_avp_flag_mandatory, password_utf8.data(), (unsigned int)password_utf8.size()); m_phase = phase_finished; - m_cfg.m_last_status = config_method_with_cred::status_cred_invalid; // Blame credentials if we fail beyond this point. + m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point. break; } diff --git a/lib/TLS/src/Method.cpp b/lib/TLS/src/Method.cpp index b48b207..800457c 100644 --- a/lib/TLS/src/Method.cpp +++ b/lib/TLS/src/Method.cpp @@ -443,7 +443,7 @@ void eap::method_tls::process_request_packet( } else { m_session_resumed = false; m_phase = phase_change_cipher_spec; - m_cfg.m_last_status = config_method_with_cred::status_cred_invalid; // Blame credentials if we fail beyond this point. + m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point. } break; } @@ -1208,7 +1208,7 @@ void eap::method_tls::process_handshake() process_application_data(m_sc_queue.data(), m_sc_queue.size()); } else { m_phase = phase_handshake_cont; - m_cfg.m_last_status = config_method_with_cred::status_cred_invalid; // Blame credentials if we fail beyond this point. + m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point. } } else if (status == SEC_E_INCOMPLETE_MESSAGE) { // Schannel neeeds more data. Send ACK packet to server to send more. @@ -1289,8 +1289,6 @@ void eap::method_tls::process_application_data(_In_bytecount_(size_msg) const vo { UNREFERENCED_PARAMETER(msg); UNREFERENCED_PARAMETER(size_msg); - - // TODO: Parse application data (Diameter AVP) } diff --git a/lib/TTLS/src/Method.cpp b/lib/TTLS/src/Method.cpp index 65e61fb..437b9fa 100644 --- a/lib/TTLS/src/Method.cpp +++ b/lib/TTLS/src/Method.cpp @@ -130,10 +130,10 @@ void eap::method_ttls::get_result( if (result.fSaveConnectionData) ppResult->fSaveConnectionData = TRUE; - if (m_inner->m_cfg.m_last_status != config_method_with_cred::status_success) { + if (m_inner->m_cfg.m_last_status != config_method::status_success) { // Inner method admitted problems, so autentication must have proceeded to inner authentication already. // Therefore, outer authentication must have been OK. - m_cfg.m_last_status = config_method_with_cred::status_success; + m_cfg.m_last_status = config_method::status_success; } } } diff --git a/lib/TTLS/src/Module.cpp b/lib/TTLS/src/Module.cpp index 6638ff8..5ccbc28 100644 --- a/lib/TTLS/src/Module.cpp +++ b/lib/TTLS/src/Module.cpp @@ -416,13 +416,13 @@ const eap::config_method_ttls* eap::peer_ttls::combine_credentials( // If we got here, we have all credentials we need. But, wait! if ((dwFlags & EAP_FLAG_MACHINE_AUTH) == 0) { - if (config_method_with_cred::status_cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < config_method_with_cred::status_cred_end) { + if (config_method::status_cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < config_method::status_cred_end) { // Outer: Credentials failed on last connection attempt. log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM1, event_data(target_name), event_data((unsigned int)eap_type_tls), event_data::blank); continue; } - if (config_method_with_cred::status_cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < config_method_with_cred::status_cred_end) { + if (config_method::status_cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < config_method::status_cred_end) { // Inner: Credentials failed on last connection attempt. log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM1, event_data(target_name), event_data((unsigned int)cfg_method->m_inner->get_method_id()), event_data::blank); continue; diff --git a/lib/TTLS_UI/src/TTLS_UI.cpp b/lib/TTLS_UI/src/TTLS_UI.cpp index 27c0e7c..27f1eeb 100644 --- a/lib/TTLS_UI/src/TTLS_UI.cpp +++ b/lib/TTLS_UI/src/TTLS_UI.cpp @@ -40,7 +40,7 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov, assert(m_cfg.m_inner); - if (eap::config_method_with_cred::status_cred_begin <= m_cfg.m_inner->m_last_status && m_cfg.m_inner->m_last_status < eap::config_method_with_cred::status_cred_end) + if (eap::config_method::status_cred_begin <= m_cfg.m_inner->m_last_status && m_cfg.m_inner->m_last_status < eap::config_method::status_cred_end) sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, m_cfg.m_inner->m_last_status, this), 0, wxALL|wxEXPAND, 5); const eap::config_method_pap *cfg_inner_pap; @@ -63,7 +63,7 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov, m_outer_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_INACTIVECAPTION ) ); sb_content->Add(m_outer_title, 0, wxALL|wxALIGN_RIGHT, 5); - if (eap::config_method_with_cred::status_cred_begin <= m_cfg.m_last_status && m_cfg.m_last_status < eap::config_method_with_cred::status_cred_end) + if (eap::config_method::status_cred_begin <= m_cfg.m_last_status && m_cfg.m_last_status < eap::config_method::status_cred_end) sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, m_cfg.m_last_status, this), 0, wxALL|wxEXPAND, 5); m_outer_cred = new wxTLSCredentialsPanel(m_prov, m_cfg, cred, this, is_config);