From b87e30bc9d4aeda5f0b1f6f6832febcb5f53dc32 Mon Sep 17 00:00:00 2001
From: Simon Rozman <simon@rozman.si>
Date: Thu, 3 Nov 2016 10:11:31 +0100
Subject: [PATCH] Some final adjustments to EapHost inner method code before I
 put it to rest because of RasMan MSCHAPv2 heap corruption :(

---
 lib/EapHost/src/Credentials.cpp | 44 ++++++++++++++++++++++-----------
 lib/TLS/src/Credentials.cpp     |  2 +-
 lib/TTLS_UI/src/Module.cpp      |  2 ++
 3 files changed, 33 insertions(+), 15 deletions(-)

diff --git a/lib/EapHost/src/Credentials.cpp b/lib/EapHost/src/Credentials.cpp
index 1ec4ebd..6871ac7 100644
--- a/lib/EapHost/src/Credentials.cpp
+++ b/lib/EapHost/src/Credentials.cpp
@@ -228,30 +228,46 @@ eap::credentials::source_t eap::credentials_eaphost::combine(
     // When cached credentials are available, EapHost calls EapPeerGetIdentity() anyway.
     // This allows each peer to decide to reuse or drop cached credentials itself.
     // To mimic that behaviour, we do the same:
-    // 1. Retrieve credentials from cache (or store)
+    // 1. Retrieve credentials from cache, store, or configuration
     // 2. Call EapHostPeerGetIdentity()
     source_t src = source_unknown;
 
     if (cred_cached) {
         // Using EAP service cached credentials.
-        *this = *(credentials_eaphost*)cred_cached;
+        *this = *dynamic_cast<const credentials_eaphost*>(cred_cached);
         m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
         src = source_cache;
     }
 
-    //if (src == source_unknown && pszTargetName) {
-    //    try {
-    //        credentials_eaphost cred_loaded(m_module);
-    //        cred_loaded.retrieve(pszTargetName, cfg.m_level);
+    // Note: Currently we do not provide credential storage for EapHost methods within configuration.
+    // EapHost credentials will never get loaded from configuration, since config_method_eaphost is config_method based, not config_method_with_cred.
+    // The code is kept (and maintained) for consistency with another methods, if we choose to provide that feature at a later time.
+    if (src == source_unknown) {
+        auto cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
+        if (cfg_with_cred && cfg_with_cred->m_use_cred) {
+            // Using configured credentials.
+            *this = *dynamic_cast<const credentials_eaphost*>(cfg_with_cred->m_cred.get());
+            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_eaphost::get_name()), event_data(pszTargetName), event_data::blank);
+            src = source_config;
+        }
+    }
 
-    //        // Using stored credentials.
-    //        *this = std::move(cred_loaded);
-    //        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
-    //        src = source_storage;
-    //    } catch (...) {
-    //        // Not actually an error.
-    //    }
-    //}
+    if (src == source_unknown && pszTargetName) {
+        // Switch user context.
+        user_impersonator impersonating(hTokenImpersonateUser);
+
+        try {
+            credentials_eaphost cred_loaded(m_module);
+            cred_loaded.retrieve(pszTargetName, cfg.m_level);
+
+            // Using stored credentials.
+            *this = std::move(cred_loaded);
+            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
+            src = source_storage;
+        } catch (...) {
+            // Not actually an error.
+        }
+    }
 
     auto cfg_eaphost = dynamic_cast<const config_method_eaphost*>(&cfg);
     BOOL fInvokeUI = FALSE;
diff --git a/lib/TLS/src/Credentials.cpp b/lib/TLS/src/Credentials.cpp
index c25899e..5cd1b20 100644
--- a/lib/TLS/src/Credentials.cpp
+++ b/lib/TLS/src/Credentials.cpp
@@ -315,7 +315,7 @@ eap::credentials::source_t eap::credentials_tls::combine(
     }
 
     auto cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
-    if (cfg_with_cred->m_use_cred) {
+    if (cfg_with_cred && cfg_with_cred->m_use_cred) {
         // Using configured credentials.
         *this = *dynamic_cast<const credentials_tls*>(cfg_with_cred->m_cred.get());
         m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
diff --git a/lib/TTLS_UI/src/Module.cpp b/lib/TTLS_UI/src/Module.cpp
index 6f8619c..8769596 100644
--- a/lib/TTLS_UI/src/Module.cpp
+++ b/lib/TTLS_UI/src/Module.cpp
@@ -343,6 +343,8 @@ void eap::peer_ttls_ui::invoke_identity_ui(
                                 cred_inner->m_identity = identity.get();
                                 cred_inner->m_cred_blob.assign(cred_data.get(), cred_data.get() + cred_data_size);
                                 SecureZeroMemory(cred_data.get(), cred_data_size);
+
+                                // TODO: If we ever choose to store EapHost credentials to Windows Credential Manager, add a "Save credentials? Yes/No" prompt here and write them to Credential Manager.
                             } else if (dwResult == ERROR_CANCELLED) {
                                 // Not really an error.
                                 result = wxID_CANCEL;