Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Some final adjustments to EapHost inner method code before I put it to rest because of RasMan MSCHAPv2 heap corruption :(

Browse Source
This commit is contained in:
Simon Rozman 2016-11-03 10:11:31 +01:00
parent 60aa513375
commit b87e30bc9d
3 changed files with 33 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
lib/EapHost/src/Credentials.cpp
View File

@ -228,30 +228,46 @@ eap::credentials::source_t eap::credentials_eaphost::combine(
// When cached credentials are available, EapHost calls EapPeerGetIdentity() anyway.
// This allows each peer to decide to reuse or drop cached credentials itself.
// To mimic that behaviour, we do the same:
// 1. Retrieve credentials from cache (or store)
// 1. Retrieve credentials from cache, store, or configuration
// 2. Call EapHostPeerGetIdentity()
source_t src = source_unknown;
if (cred_cached) {
// Using EAP service cached credentials.
*this = *(credentials_eaphost*)cred_cached;
*this = *dynamic_cast<const credentials_eaphost*>(cred_cached);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
src = source_cache;
}
//if (src == source_unknown && pszTargetName) {
// try {
// credentials_eaphost cred_loaded(m_module);
// cred_loaded.retrieve(pszTargetName, cfg.m_level);
// Note: Currently we do not provide credential storage for EapHost methods within configuration.
// EapHost credentials will never get loaded from configuration, since config_method_eaphost is config_method based, not config_method_with_cred.
// The code is kept (and maintained) for consistency with another methods, if we choose to provide that feature at a later time.
if (src == source_unknown) {
auto cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
if (cfg_with_cred && cfg_with_cred->m_use_cred) {
// Using configured credentials.
*this = *dynamic_cast<const credentials_eaphost*>(cfg_with_cred->m_cred.get());
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_eaphost::get_name()), event_data(pszTargetName), event_data::blank);
src = source_config;
}
}
// // Using stored credentials.
// *this = std::move(cred_loaded);
// m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
// src = source_storage;
// } catch (...) {
// // Not actually an error.
// }
//}
if (src == source_unknown && pszTargetName) {
// Switch user context.
user_impersonator impersonating(hTokenImpersonateUser);
try {
credentials_eaphost cred_loaded(m_module);
cred_loaded.retrieve(pszTargetName, cfg.m_level);
// Using stored credentials.
*this = std::move(cred_loaded);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
src = source_storage;
} catch (...) {
// Not actually an error.
}
}
auto cfg_eaphost = dynamic_cast<const config_method_eaphost*>(&cfg);
BOOL fInvokeUI = FALSE;

2
lib/TLS/src/Credentials.cpp
View File

@ -315,7 +315,7 @@ eap::credentials::source_t eap::credentials_tls::combine(
}
auto cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
if (cfg_with_cred->m_use_cred) {
if (cfg_with_cred && cfg_with_cred->m_use_cred) {
// Using configured credentials.
*this = *dynamic_cast<const credentials_tls*>(cfg_with_cred->m_cred.get());
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);

2
lib/TTLS_UI/src/Module.cpp
View File

@ -343,6 +343,8 @@ void eap::peer_ttls_ui::invoke_identity_ui(
cred_inner->m_identity = identity.get();
cred_inner->m_cred_blob.assign(cred_data.get(), cred_data.get() + cred_data_size);
SecureZeroMemory(cred_data.get(), cred_data_size);
// TODO: If we ever choose to store EapHost credentials to Windows Credential Manager, add a "Save credentials? Yes/No" prompt here and write them to Credential Manager.
} else if (dwResult == ERROR_CANCELLED) {
// Not really an error.
result = wxID_CANCEL;