diff --git a/lib/EAPBase/include/Credentials.h b/lib/EAPBase/include/Credentials.h index c7b59a7..a0d16b3 100644 --- a/lib/EAPBase/include/Credentials.h +++ b/lib/EAPBase/include/Credentials.h @@ -239,7 +239,7 @@ namespace eap /// Combine credentials in the following order: /// /// 1. Cached credentials - /// 2. Pre-configured credentials + /// 2. Configured credentials (if \p cfg is derived from config_method_with_cred) /// 3. Stored credentials /// /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be the same type of credentials as `this`) @@ -252,9 +252,9 @@ namespace eap /// - \c source_storage Credentials were loaded from Windows Credential Manager /// virtual source_t combine( - _In_ const credentials *cred_cached, - _In_ const config_method_with_cred &cfg, - _In_opt_z_ LPCTSTR pszTargetName) = 0; + _In_opt_ const credentials *cred_cached, + _In_ const config_method &cfg, + _In_opt_z_ LPCTSTR pszTargetName) = 0; public: std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.) @@ -411,11 +411,11 @@ namespace eap /// Combine credentials in the following order: /// /// 1. Cached credentials - /// 2. Pre-configured credentials + /// 2. Configured credentials (if \p cfg is derived from config_method_with_cred) /// 3. Stored credentials /// /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_pass* type) - /// \param[in] cfg Method configuration (must be config_method_pap type) + /// \param[in] cfg Method configuration (optional, can be \c NULL, must be config_method_pap type) /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL) /// /// \returns @@ -424,9 +424,9 @@ namespace eap /// - \c source_storage Credentials were loaded from Windows Credential Manager /// virtual source_t combine( - _In_ const credentials *cred_cached, - _In_ const config_method_with_cred &cfg, - _In_opt_z_ LPCTSTR pszTargetName); + _In_opt_ const credentials *cred_cached, + _In_ const config_method &cfg, + _In_opt_z_ LPCTSTR pszTargetName); public: winstd::sanitizing_wstring m_password; ///< Password diff --git a/lib/EAPBase/src/Credentials.cpp b/lib/EAPBase/src/Credentials.cpp index 0f36497..687b558 100644 --- a/lib/EAPBase/src/Credentials.cpp +++ b/lib/EAPBase/src/Credentials.cpp @@ -437,9 +437,9 @@ LPCTSTR eap::credentials_pass::target_suffix() const eap::credentials::source_t eap::credentials_pass::combine( - _In_ const credentials *cred_cached, - _In_ const config_method_with_cred &cfg, - _In_opt_z_ LPCTSTR pszTargetName) + _In_opt_ const credentials *cred_cached, + _In_ const config_method &cfg, + _In_opt_z_ LPCTSTR pszTargetName) { if (cred_cached) { // Using EAP service cached credentials. @@ -448,9 +448,10 @@ eap::credentials::source_t eap::credentials_pass::combine( return source_cache; } - if (cfg.m_use_cred) { + auto const *cfg_with_cred = dynamic_cast(&cfg); + if (cfg_with_cred && cfg_with_cred->m_use_cred) { // Using configured credentials. - *this = *dynamic_cast(cfg.m_cred.get()); + *this = *dynamic_cast(cfg_with_cred->m_cred.get()); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank); return source_config; } diff --git a/lib/EAPMsg/include/Credentials.h b/lib/EAPMsg/include/Credentials.h index d3f8162..8dd95f0 100644 --- a/lib/EAPMsg/include/Credentials.h +++ b/lib/EAPMsg/include/Credentials.h @@ -186,7 +186,7 @@ namespace eap /// Combine credentials in the following order: /// /// 1. Cached credentials - /// 2. Pre-configured credentials + /// 2. Configured credentials (if \p cfg is derived from config_method_with_cred) /// 3. Stored credentials /// /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_eapmsg* type) @@ -199,9 +199,9 @@ namespace eap /// - \c source_storage Credentials were loaded from Windows Credential Manager /// virtual source_t combine( - _In_ const credentials *cred_cached, - _In_ const config_method_with_cred &cfg, - _In_opt_z_ LPCTSTR pszTargetName); + _In_opt_ const credentials *cred_cached, + _In_ const config_method &cfg, + _In_opt_z_ LPCTSTR pszTargetName); public: sanitizing_blob m_cred; ///< Client credentials diff --git a/lib/EAPMsg/src/Credentials.cpp b/lib/EAPMsg/src/Credentials.cpp index 7cadd10..94e7865 100644 --- a/lib/EAPMsg/src/Credentials.cpp +++ b/lib/EAPMsg/src/Credentials.cpp @@ -242,9 +242,9 @@ std::wstring eap::credentials_eapmsg::get_identity() const eap::credentials::source_t eap::credentials_eapmsg::combine( - _In_ const credentials *cred_cached, - _In_ const config_method_with_cred &cfg, - _In_opt_z_ LPCTSTR pszTargetName) + _In_opt_ const credentials *cred_cached, + _In_ const config_method &cfg, + _In_opt_z_ LPCTSTR pszTargetName) { UNREFERENCED_PARAMETER(cfg); @@ -255,6 +255,9 @@ eap::credentials::source_t eap::credentials_eapmsg::combine( return source_cache; } + // We do not store inner EAP method credentials inside configuration. + // Therefore, we skip configured credentials. + if (pszTargetName) { try { credentials_eapmsg cred_loaded(m_module); diff --git a/lib/TLS/include/Credentials.h b/lib/TLS/include/Credentials.h index 2dd9644..85d8196 100644 --- a/lib/TLS/include/Credentials.h +++ b/lib/TLS/include/Credentials.h @@ -186,7 +186,7 @@ namespace eap /// Combine credentials in the following order: /// /// 1. Cached credentials - /// 2. Pre-configured credentials + /// 2. Configured credentials (if \p cfg is derived from config_method_with_cred) /// 3. Stored credentials /// /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_tls* type) @@ -199,9 +199,9 @@ namespace eap /// - \c source_storage Credentials were loaded from Windows Credential Manager /// virtual source_t combine( - _In_ const credentials *cred_cached, - _In_ const config_method_with_cred &cfg, - _In_opt_z_ LPCTSTR pszTargetName); + _In_opt_ const credentials *cred_cached, + _In_ const config_method &cfg, + _In_opt_z_ LPCTSTR pszTargetName); public: winstd::cert_context m_cert; ///< Client certificate diff --git a/lib/TLS/src/Credentials.cpp b/lib/TLS/src/Credentials.cpp index 7b76cb8..82ef5bc 100644 --- a/lib/TLS/src/Credentials.cpp +++ b/lib/TLS/src/Credentials.cpp @@ -292,9 +292,9 @@ std::wstring eap::credentials_tls::get_identity() const eap::credentials::source_t eap::credentials_tls::combine( - _In_ const credentials *cred_cached, - _In_ const config_method_with_cred &cfg, - _In_opt_z_ LPCTSTR pszTargetName) + _In_opt_ const credentials *cred_cached, + _In_ const config_method &cfg, + _In_opt_z_ LPCTSTR pszTargetName) { if (cred_cached) { // Using EAP service cached credentials. @@ -303,9 +303,10 @@ eap::credentials::source_t eap::credentials_tls::combine( return source_cache; } - if (cfg.m_use_cred) { + auto const *cfg_with_cred = dynamic_cast(&cfg); + if (cfg_with_cred->m_use_cred) { // Using configured credentials. - *this = *dynamic_cast(cfg.m_cred.get()); + *this = *dynamic_cast(cfg_with_cred->m_cred.get()); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank); return source_config; } diff --git a/lib/TTLS/include/Config.h b/lib/TTLS/include/Config.h index ee69491..7bdb0ce 100644 --- a/lib/TTLS/include/Config.h +++ b/lib/TTLS/include/Config.h @@ -172,7 +172,7 @@ namespace eap { std::wstring get_public_identity(const credentials_ttls &cred) const; public: - std::unique_ptr m_inner; ///< Inner authentication configuration - std::wstring m_anonymous_identity; ///< Anonymous identity + std::unique_ptr m_inner; ///< Inner authentication configuration + std::wstring m_anonymous_identity; ///< Anonymous identity }; } diff --git a/lib/TTLS/include/Credentials.h b/lib/TTLS/include/Credentials.h index 01766e4..b715be0 100644 --- a/lib/TTLS/include/Credentials.h +++ b/lib/TTLS/include/Credentials.h @@ -172,7 +172,7 @@ namespace eap /// Combine credentials in the following order: /// /// 1. Cached credentials - /// 2. Pre-configured credentials + /// 2. Configured credentials (if \p cfg is derived from config_method_with_cred) /// 3. Stored credentials /// /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_ttls* type) @@ -185,9 +185,9 @@ namespace eap /// - \c source_storage Credentials were loaded from Windows Credential Manager /// virtual source_t combine( - _In_ const credentials *cred_cached, - _In_ const config_method_with_cred &cfg, - _In_opt_z_ LPCTSTR pszTargetName); + _In_opt_ const credentials *cred_cached, + _In_ const config_method &cfg, + _In_opt_z_ LPCTSTR pszTargetName); public: std::unique_ptr m_inner; ///< Inner credentials diff --git a/lib/TTLS/src/Config.cpp b/lib/TTLS/src/Config.cpp index 6ff015a..cbe622f 100644 --- a/lib/TTLS/src/Config.cpp +++ b/lib/TTLS/src/Config.cpp @@ -257,7 +257,8 @@ const wchar_t* eap::config_method_ttls::get_method_str() const eap::credentials* eap::config_method_ttls::make_credentials() const { credentials_ttls *cred = new credentials_ttls(m_module); - cred->m_inner.reset(m_inner->make_credentials()); + auto *cfg_inner = dynamic_cast(m_inner.get()); + cred->m_inner.reset(cfg_inner ? cfg_inner->make_credentials() : nullptr); return cred; } diff --git a/lib/TTLS/src/Credentials.cpp b/lib/TTLS/src/Credentials.cpp index 88dc60c..c303661 100644 --- a/lib/TTLS/src/Credentials.cpp +++ b/lib/TTLS/src/Credentials.cpp @@ -179,9 +179,9 @@ wstring eap::credentials_ttls::get_identity() const eap::credentials::source_t eap::credentials_ttls::combine( - _In_ const credentials *cred_cached, - _In_ const config_method_with_cred &cfg, - _In_opt_z_ LPCTSTR pszTargetName) + _In_opt_ const credentials *cred_cached, + _In_ const config_method &cfg, + _In_opt_z_ LPCTSTR pszTargetName) { // Combine outer credentials. source_t src_outer = credentials_tls::combine( diff --git a/lib/TTLS_UI/src/TTLS_UI.cpp b/lib/TTLS_UI/src/TTLS_UI.cpp index 44ee5ea..687d981 100644 --- a/lib/TTLS_UI/src/TTLS_UI.cpp +++ b/lib/TTLS_UI/src/TTLS_UI.cpp @@ -43,7 +43,7 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov, if (eap::config_method::status_cred_begin <= m_cfg.m_inner->m_last_status && m_cfg.m_inner->m_last_status < eap::config_method::status_cred_end) sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, m_cfg.m_inner->m_last_status, this), 0, wxALL|wxEXPAND, 5); - const eap::config_method_pap *cfg_inner_pap; + const eap::config_method_pap *cfg_inner_pap; const eap::config_method_mschapv2 *cfg_inner_mschapv2; if ((cfg_inner_pap = dynamic_cast(m_cfg.m_inner.get())) != NULL) { if (!cred.m_inner) cred.m_inner.reset(new eap::credentials_pass(cred.m_module)); @@ -169,9 +169,9 @@ void wxTTLSConfigPanel::OnUpdateUI(wxUpdateUIEvent& event) ////////////////////////////////////////////////////////////////////// wxTTLSConfigWindow::wxTTLSConfigWindow(eap::config_provider &prov, eap::config_method &cfg, wxWindow* parent) : - m_cfg_pap(cfg.m_module, cfg.m_level + 1), + m_cfg_pap (cfg.m_module, cfg.m_level + 1), m_cfg_mschapv2(cfg.m_module, cfg.m_level + 1), - m_cfg_eapmsg(cfg.m_module, cfg.m_level + 1), + m_cfg_eapmsg (cfg.m_module, cfg.m_level + 1), wxEAPConfigWindow(prov, cfg, parent) { wxBoxSizer* sb_content; @@ -234,19 +234,29 @@ wxTTLSConfigWindow::~wxTTLSConfigWindow() bool wxTTLSConfigWindow::TransferDataToWindow() { - switch (dynamic_cast(m_cfg).m_inner->get_method_id()) { - case winstd::eap_type_legacy_pap: - m_cfg_pap = *(eap::config_method_pap*)dynamic_cast(m_cfg).m_inner.get(); - m_inner_type->SetSelection(0); // 0=PAP - break; + auto &cfg_ttls = dynamic_cast(m_cfg); - case winstd::eap_type_legacy_mschapv2: - m_cfg_mschapv2 = *(eap::config_method_mschapv2*)dynamic_cast(m_cfg).m_inner.get(); - m_inner_type->SetSelection(1); // 1=MSCHAPv2 - break; + auto *cfg_inner_eapmsg = dynamic_cast(cfg_ttls.m_inner.get()); + if (!cfg_inner_eapmsg) { + // Legacy inner methods + switch (cfg_ttls.m_inner->get_method_id()) { + case winstd::eap_type_legacy_pap: + m_cfg_pap = *(eap::config_method_pap*)cfg_ttls.m_inner.get(); + m_inner_type->SetSelection(0); // 0=PAP + break; - default: - wxFAIL_MSG(wxT("Unsupported inner authentication method type.")); + case winstd::eap_type_legacy_mschapv2: + m_cfg_mschapv2 = *(eap::config_method_mschapv2*)cfg_ttls.m_inner.get(); + m_inner_type->SetSelection(1); // 1=MSCHAPv2 + break; + + default: + wxFAIL_MSG(wxT("Unsupported inner authentication method type.")); + } + } else { + // EAP inner method + m_cfg_eapmsg = *cfg_inner_eapmsg; + m_inner_type->SetSelection(2); // 2=EAP } // Do not invoke inherited TransferDataToWindow(), as it will call others TransferDataToWindow(). @@ -259,15 +269,21 @@ bool wxTTLSConfigWindow::TransferDataFromWindow() { wxCHECK(wxScrolledWindow::TransferDataFromWindow(), false); + auto &cfg_ttls = dynamic_cast(m_cfg); + if (!m_prov.m_read_only) { // This is not a provider-locked configuration. Save the data. switch (m_inner_type->GetSelection()) { case 0: // 0=PAP - dynamic_cast(m_cfg).m_inner.reset(new eap::config_method_pap(m_cfg_pap)); + cfg_ttls.m_inner.reset(new eap::config_method_pap(m_cfg_pap)); break; case 1: // 1=MSCHAPv2 - dynamic_cast(m_cfg).m_inner.reset(new eap::config_method_mschapv2(m_cfg_mschapv2)); + cfg_ttls.m_inner.reset(new eap::config_method_mschapv2(m_cfg_mschapv2)); + break; + + case 2: // 2=EAP + cfg_ttls.m_inner.reset(new eap::config_method_eapmsg(m_cfg_eapmsg)); break; default: