diff --git a/lib/EAPBase/include/Config.h b/lib/EAPBase/include/Config.h index e5b2e17..84a1bb5 100644 --- a/lib/EAPBase/include/Config.h +++ b/lib/EAPBase/include/Config.h @@ -304,9 +304,15 @@ namespace eap virtual void operator>>(_Inout_ cursor_in &cursor); /// @} + /// + /// Generates public identity using current configuration and given credentials + /// + std::wstring get_public_identity(const credentials &cred) const; + public: bool m_use_cred; ///< Use configured credentials std::unique_ptr m_cred; ///< Configured credentials + std::wstring m_anonymous_identity; ///< Public identity override }; diff --git a/lib/EAPBase/src/Config.cpp b/lib/EAPBase/src/Config.cpp index 47ef5d4..f2f75ec 100644 --- a/lib/EAPBase/src/Config.cpp +++ b/lib/EAPBase/src/Config.cpp @@ -151,12 +151,12 @@ void eap::config_method::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCon HRESULT hr; // - winstd::com_obj pXmlElClientSideCredential; - if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, winstd::bstr(L"eap-metadata:ClientSideCredential"), winstd::bstr(L"ClientSideCredential"), namespace_eapmetadata, pXmlElClientSideCredential))) + com_obj pXmlElClientSideCredential; + if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), bstr(L"ClientSideCredential"), namespace_eapmetadata, pXmlElClientSideCredential))) throw com_runtime_error(hr, __FUNCTION__ " Error creating element."); // / - if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, winstd::bstr(L"allow-save"), namespace_eapmetadata, m_allow_save))) + if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, bstr(L"allow-save"), namespace_eapmetadata, m_allow_save))) throw com_runtime_error(hr, __FUNCTION__ " Error creating element."); } @@ -170,12 +170,12 @@ void eap::config_method::load(_In_ IXMLDOMNode *pConfigRoot) m_allow_save = true; // - winstd::com_obj pXmlElClientSideCredential; - if (SUCCEEDED(eapxml::select_element(pConfigRoot, winstd::bstr(L"eap-metadata:ClientSideCredential"), pXmlElClientSideCredential))) { - std::wstring xpath(eapxml::get_xpath(pXmlElClientSideCredential)); + com_obj pXmlElClientSideCredential; + if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), pXmlElClientSideCredential))) { + wstring xpath(eapxml::get_xpath(pXmlElClientSideCredential)); // - eapxml::get_element_value(pXmlElClientSideCredential, winstd::bstr(L"eap-metadata:allow-save"), m_allow_save); + eapxml::get_element_value(pXmlElClientSideCredential, bstr(L"eap-metadata:allow-save"), m_allow_save); m_module.log_config((xpath + L"/allow-save").c_str(), m_allow_save); } @@ -224,17 +224,19 @@ eap::config_method_with_cred::config_method_with_cred(_In_ module &mod, _In_ uns eap::config_method_with_cred::config_method_with_cred(_In_ const config_method_with_cred &other) : - m_use_cred (other.m_use_cred ), - m_cred (other.m_cred ? dynamic_cast(other.m_cred->clone()) : nullptr), - config_method(other ) + m_use_cred (other.m_use_cred ), + m_cred (other.m_cred ? dynamic_cast(other.m_cred->clone()) : nullptr), + m_anonymous_identity(other.m_anonymous_identity ), + config_method (other ) { } eap::config_method_with_cred::config_method_with_cred(_Inout_ config_method_with_cred &&other) noexcept : - m_use_cred (std::move(other.m_use_cred)), - m_cred (std::move(other.m_cred )), - config_method(std::move(other )) + m_use_cred (std::move(other.m_use_cred )), + m_cred (std::move(other.m_cred )), + m_anonymous_identity(std::move(other.m_anonymous_identity)), + config_method (std::move(other )) { } @@ -245,6 +247,7 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_In_ const (config_method&)*this = other; m_use_cred = other.m_use_cred; m_cred.reset(other.m_cred ? dynamic_cast(other.m_cred->clone()) : nullptr); + m_anonymous_identity = other.m_anonymous_identity; } return *this; @@ -254,9 +257,10 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_In_ const eap::config_method_with_cred& eap::config_method_with_cred::operator=(_Inout_ config_method_with_cred &&other) noexcept { if (this != &other) { - (config_method&)*this = std::move(other ); - m_use_cred = std::move(other.m_use_cred); - m_cred = std::move(other.m_cred ); + (config_method&)*this = std::move(other ); + m_use_cred = std::move(other.m_use_cred ); + m_cred = std::move(other.m_cred ); + m_anonymous_identity = std::move(other.m_anonymous_identity); } return *this; @@ -272,14 +276,18 @@ void eap::config_method_with_cred::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOM HRESULT hr; - if (m_use_cred) { - // - winstd::com_obj pXmlElClientSideCredential; - if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, winstd::bstr(L"eap-metadata:ClientSideCredential"), winstd::bstr(L"ClientSideCredential"), namespace_eapmetadata, pXmlElClientSideCredential))) - throw com_runtime_error(hr, __FUNCTION__ " Error creating element."); + // + com_obj pXmlElClientSideCredential; + if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), bstr(L"ClientSideCredential"), namespace_eapmetadata, pXmlElClientSideCredential))) + throw com_runtime_error(hr, __FUNCTION__ " Error creating element."); + if (m_use_cred) m_cred->save(pDoc, pXmlElClientSideCredential); - } + + // / + if (!m_anonymous_identity.empty()) + if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, bstr(L"AnonymousIdentity"), namespace_eapmetadata, bstr(m_anonymous_identity)))) + throw com_runtime_error(hr, __FUNCTION__ " Error creating element."); } @@ -289,13 +297,14 @@ void eap::config_method_with_cred::load(_In_ IXMLDOMNode *pConfigRoot) config_method::load(pConfigRoot); - m_use_cred = false; + m_use_cred = false; m_cred->clear(); + m_anonymous_identity.clear(); // - winstd::com_obj pXmlElClientSideCredential; - if (SUCCEEDED(eapxml::select_element(pConfigRoot, winstd::bstr(L"eap-metadata:ClientSideCredential"), pXmlElClientSideCredential))) { - std::wstring xpath(eapxml::get_xpath(pXmlElClientSideCredential)); + com_obj pXmlElClientSideCredential; + if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), pXmlElClientSideCredential))) { + wstring xpath(eapxml::get_xpath(pXmlElClientSideCredential)); try { m_cred->load(pXmlElClientSideCredential); @@ -303,6 +312,10 @@ void eap::config_method_with_cred::load(_In_ IXMLDOMNode *pConfigRoot) } catch (...) { // This is not really an error - merely an indication configured credentials are unavailable. } + + // + eapxml::get_element_value(pXmlElClientSideCredential, bstr(L"eap-metadata:AnonymousIdentity"), m_anonymous_identity); + m_module.log_config((xpath + L"/AnonymousIdentity").c_str(), m_anonymous_identity.c_str()); } } @@ -312,6 +325,7 @@ void eap::config_method_with_cred::operator<<(_Inout_ cursor_out &cursor) const config_method::operator<<(cursor); cursor << m_use_cred; cursor << *m_cred; + cursor << m_anonymous_identity; } @@ -319,8 +333,9 @@ size_t eap::config_method_with_cred::get_pk_size() const { return config_method::get_pk_size() + - pksizeof(m_use_cred) + - pksizeof(*m_cred ); + pksizeof(m_use_cred ) + + pksizeof(*m_cred ) + + pksizeof(m_anonymous_identity); } @@ -329,6 +344,25 @@ void eap::config_method_with_cred::operator>>(_Inout_ cursor_in &cursor) config_method::operator>>(cursor); cursor >> m_use_cred; cursor >> *m_cred; + cursor >> m_anonymous_identity; +} + + +wstring eap::config_method_with_cred::get_public_identity(const credentials &cred) const +{ + if (m_anonymous_identity.empty()) { + // Use the true identity. + return cred.get_identity(); + } else if (m_anonymous_identity.compare(L"@") == 0) { + // Strip username part from identity. + wstring identity(std::move(cred.get_identity())); + auto offset = identity.find(L'@'); + if (offset != wstring::npos) identity.erase(0, offset); + return identity; + } else { + // Use configured identity. + return m_anonymous_identity; + } } diff --git a/lib/TTLS/include/Config.h b/lib/TTLS/include/Config.h index 8aa02f1..76db22c 100644 --- a/lib/TTLS/include/Config.h +++ b/lib/TTLS/include/Config.h @@ -140,14 +140,8 @@ namespace eap /// config_method* make_config_method(_In_ const wchar_t *eap_type) const; - /// - /// Generates public identity using current configuration and given credentials - /// - std::wstring get_public_identity(const credentials_ttls &cred) const; - public: std::unique_ptr m_inner; ///< Inner authentication configuration - std::wstring m_anonymous_identity; ///< Anonymous identity }; /// @} diff --git a/lib/TTLS/src/Config.cpp b/lib/TTLS/src/Config.cpp index 280b677..38f072c 100644 --- a/lib/TTLS/src/Config.cpp +++ b/lib/TTLS/src/Config.cpp @@ -39,7 +39,6 @@ eap::config_method_ttls::config_method_ttls(_In_ module &mod, _In_ unsigned int eap::config_method_ttls::config_method_ttls(const _In_ config_method_ttls &other) : m_inner(other.m_inner ? dynamic_cast(other.m_inner->clone()) : nullptr), - m_anonymous_identity(other.m_anonymous_identity), config_method_tls(other) { } @@ -47,7 +46,6 @@ eap::config_method_ttls::config_method_ttls(const _In_ config_method_ttls &other eap::config_method_ttls::config_method_ttls(_Inout_ config_method_ttls &&other) noexcept : m_inner(std::move(other.m_inner)), - m_anonymous_identity(std::move(other.m_anonymous_identity)), config_method_tls(std::move(other)) { } @@ -58,7 +56,6 @@ eap::config_method_ttls& eap::config_method_ttls::operator=(const _In_ config_me if (this != &other) { (config_method_tls&)*this = other; m_inner.reset(other.m_inner ? dynamic_cast(other.m_inner->clone()) : nullptr); - m_anonymous_identity = other.m_anonymous_identity; } return *this; @@ -70,7 +67,6 @@ eap::config_method_ttls& eap::config_method_ttls::operator=(_Inout_ config_metho if (this != &other) { (config_method_tls&&)*this = std::move(other); m_inner = std::move(other.m_inner); - m_anonymous_identity = std::move(other.m_anonymous_identity); } return *this; @@ -92,18 +88,6 @@ void eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode HRESULT hr; - { - // - com_obj pXmlElClientSideCredential; - if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), bstr(L"ClientSideCredential"), namespace_eapmetadata, pXmlElClientSideCredential))) - throw com_runtime_error(hr, __FUNCTION__ " Error creating element."); - - // / - if (!m_anonymous_identity.empty()) - if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, bstr(L"AnonymousIdentity"), namespace_eapmetadata, bstr(m_anonymous_identity)))) - throw com_runtime_error(hr, __FUNCTION__ " Error creating element."); - } - // com_obj pXmlElInnerAuthenticationMethod; if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), bstr(L"InnerAuthenticationMethod"), namespace_eapmetadata, pXmlElInnerAuthenticationMethod))) @@ -178,20 +162,6 @@ void eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot) std::wstring xpath(eapxml::get_xpath(pConfigRoot)); - m_anonymous_identity.clear(); - - { - // - com_obj pXmlElClientSideCredential; - if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), pXmlElClientSideCredential))) { - wstring xpathClientSideCredential(xpath + L"/ClientSideCredential"); - - // - eapxml::get_element_value(pXmlElClientSideCredential, bstr(L"eap-metadata:AnonymousIdentity"), m_anonymous_identity); - m_module.log_config((xpathClientSideCredential + L"/AnonymousIdentity").c_str(), m_anonymous_identity.c_str()); - } - } - // com_obj pXmlElInnerAuthenticationMethod; if (FAILED(hr = eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), pXmlElInnerAuthenticationMethod))) @@ -220,7 +190,6 @@ void eap::config_method_ttls::operator<<(_Inout_ cursor_out &cursor) const config_method_tls::operator<<(cursor); cursor << m_inner->get_method_id(); cursor << *m_inner; - cursor << m_anonymous_identity; } @@ -229,8 +198,7 @@ size_t eap::config_method_ttls::get_pk_size() const return config_method_tls::get_pk_size() + pksizeof(m_inner->get_method_id()) + - pksizeof(*m_inner) + - pksizeof(m_anonymous_identity); + pksizeof(*m_inner); } @@ -242,7 +210,6 @@ void eap::config_method_ttls::operator>>(_Inout_ cursor_in &cursor) cursor >> eap_type; m_inner.reset(make_config_method(eap_type)); cursor >> *m_inner; - cursor >> m_anonymous_identity; } @@ -293,21 +260,3 @@ eap::config_method* eap::config_method_ttls::make_config_method(_In_ const wchar #endif else throw invalid_argument(string_printf(__FUNCTION__ " Unsupported inner authentication method (%ls).", eap_type)); } - - -wstring eap::config_method_ttls::get_public_identity(const credentials_ttls &cred) const -{ - if (m_anonymous_identity.empty()) { - // Use the true identity. - return cred.get_identity(); - } else if (m_anonymous_identity.compare(L"@") == 0) { - // Strip username part from identity. - wstring identity(std::move(cred.get_identity())); - auto offset = identity.find(L'@'); - if (offset != wstring::npos) identity.erase(0, offset); - return identity; - } else { - // Use configured identity. - return m_anonymous_identity; - } -} diff --git a/lib/TTLS_UI/src/Module.cpp b/lib/TTLS_UI/src/Module.cpp index 9db2e1e..94e1c34 100644 --- a/lib/TTLS_UI/src/Module.cpp +++ b/lib/TTLS_UI/src/Module.cpp @@ -396,7 +396,7 @@ void eap::peer_ttls_ui::invoke_identity_ui( } // Build our identity. ;) - wstring identity(std::move(cfg_method->get_public_identity(*dynamic_cast(cred_out.m_cred.get())))); + wstring identity(std::move(cfg_method->get_public_identity(*cred_out.m_cred.get()))); log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_t::ttls), event_data(identity), event_data::blank); size_t size = sizeof(WCHAR)*(identity.length() + 1); *ppwszIdentity = (WCHAR*)alloc_memory(size);