Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

eap::credentials_eaphost now complete

Browse Source
This commit is contained in:
Simon Rozman 2016-10-25 13:39:54 +02:00
parent d87b3d37e5
commit ddd83a74e5
1 changed files with 51 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
lib/EapHost/src/Credentials.cpp
View File

@ -146,81 +146,69 @@ void eap::credentials_eaphost::operator>>(_Inout_ cursor_in &cursor)
void eap::credentials_eaphost::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const void eap::credentials_eaphost::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const
{ {
// TODO: Finish! assert(pszTargetName);
UNREFERENCED_PARAMETER(pszTargetName);
UNREFERENCED_PARAMETER(level);
//assert(pszTargetName); data_blob cred_enc;
if (!m_cred_blob.empty()) {
// Encrypt credentials BLOB using user's key.
DATA_BLOB cred_blob = { (DWORD)m_cred_blob.size(), const_cast<LPBYTE>(m_cred_blob.data()) };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , const_cast<LPBYTE>(s_entropy) };
if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc))
throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
}
//data_blob cred_enc; tstring target(target_name(pszTargetName, level));
//if (m_cred_blob) {
// // Encrypt the certificate using user's key.
// DATA_BLOB cred_blob = { m_cred_blob->cbCertEncoded, m_cred_blob->pbCertEncoded };
// DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy };
// if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc))
// throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
//}
//tstring target(target_name(pszTargetName, level)); // Write credentials.
assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
//// Write credentials. assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH );
//assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE); CREDENTIAL cred = {
//assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH ); 0, // Flags
//CREDENTIAL cred = { CRED_TYPE_GENERIC, // Type
// 0, // Flags const_cast<LPTSTR>(target.c_str()), // TargetName
// CRED_TYPE_GENERIC, // Type _T(""), // Comment
// (LPTSTR)target.c_str(), // TargetName { 0, 0 }, // LastWritten
// _T(""), // Comment cred_enc.cbData, // CredentialBlobSize
// { 0, 0 }, // LastWritten cred_enc.pbData, // CredentialBlob
// cred_enc.cbData, // CredentialBlobSize CRED_PERSIST_ENTERPRISE, // Persist
// cred_enc.pbData, // CredentialBlob 0, // AttributeCount
// CRED_PERSIST_ENTERPRISE, // Persist NULL, // Attributes
// 0, // AttributeCount NULL, // TargetAlias
// NULL, // Attributes const_cast<LPTSTR>(m_identity.c_str()) // UserName
// NULL, // TargetAlias };
// (LPTSTR)m_identity.c_str() // UserName if (!CredWrite(&cred, 0))
//}; throw win_runtime_error(__FUNCTION__ " CredWrite failed.");
//if (!CredWrite(&cred, 0))
// throw win_runtime_error(__FUNCTION__ " CredWrite failed.");
} }
void eap::credentials_eaphost::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) void eap::credentials_eaphost::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level)
{ {
// TODO: Finish! // Read credentials.
UNREFERENCED_PARAMETER(pszTargetName); unique_ptr<CREDENTIAL, CredFree_delete<CREDENTIAL> > cred;
UNREFERENCED_PARAMETER(level); if (!CredRead(target_name(pszTargetName, level).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred))
throw win_runtime_error(__FUNCTION__ " CredRead failed.");
//assert(pszTargetName); if (cred->CredentialBlobSize) {
// Decrypt the credentials BLOB using user's key.
DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , const_cast<LPBYTE>(s_entropy) };
data_blob cred_int;
if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int))
throw win_runtime_error(__FUNCTION__ " CryptUnprotectData failed.");
//// Read credentials. m_cred_blob.assign(cred_int.pbData, cred_int.pbData + cred_int.cbData);
//unique_ptr<CREDENTIAL, CredFree_delete<CREDENTIAL> > cred; SecureZeroMemory(cred_int.pbData, cred_int.cbData);
//if (!CredRead(target_name(pszTargetName, level).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred)) } else
// throw win_runtime_error(__FUNCTION__ " CredRead failed."); m_cred_blob.clear();
//if (cred->CredentialBlobSize) { if (cred->UserName)
// // Decrypt the certificate using user's key. m_identity = cred->UserName;
// DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob }; else
// DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy }; m_identity.clear();
// data_blob cred_int;
// if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int))
// throw win_runtime_error(__FUNCTION__ " CryptUnprotectData failed.");
// bool bResult = m_cred_blob.create(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cred_int.pbData, cred_int.cbData); wstring xpath(pszTargetName);
// SecureZeroMemory(cred_int.pbData, cred_int.cbData); m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
// if (!bResult) m_module.log_config_discrete((xpath + L"/Credentials").c_str(), m_cred_blob.data(), (ULONG)m_cred_blob.size());
// throw win_runtime_error(__FUNCTION__ " Error loading certificate.");
//} else
// m_cred_blob.free();
//if (cred->UserName)
// m_identity = cred->UserName;
//else
// m_identity.clear();
//wstring xpath(pszTargetName);
//m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
//m_module.log_config((xpath + L"/Certificate").c_str(), get_name().c_str());
} }