Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

EAP-TTLS inner method no longer needs to have support for configured credentials

Browse Source
This commit is contained in:
Simon Rozman 2016-10-04 10:13:45 +02:00
parent 03d6823241
commit e8eec11618
11 changed files with 78 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lib/EAPBase/include/Credentials.h
View File

@ -239,7 +239,7 @@ namespace eap
/// Combine credentials in the following order: /// Combine credentials in the following order:
/// ///
/// 1. Cached credentials /// 1. Cached credentials
/// 2. Pre-configured credentials /// 2. Configured credentials (if \p cfg is derived from config_method_with_cred)
/// 3. Stored credentials /// 3. Stored credentials
/// ///
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be the same type of credentials as `this`) /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be the same type of credentials as `this`)
@ -252,9 +252,9 @@ namespace eap
/// - \c source_storage Credentials were loaded from Windows Credential Manager /// - \c source_storage Credentials were loaded from Windows Credential Manager
/// ///
virtual source_t combine( virtual source_t combine(
_In_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName) = 0; _In_opt_z_ LPCTSTR pszTargetName) = 0;
public: public:
std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.) std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.)
@ -411,11 +411,11 @@ namespace eap
/// Combine credentials in the following order: /// Combine credentials in the following order:
/// ///
/// 1. Cached credentials /// 1. Cached credentials
/// 2. Pre-configured credentials /// 2. Configured credentials (if \p cfg is derived from config_method_with_cred)
/// 3. Stored credentials /// 3. Stored credentials
/// ///
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_pass* type) /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_pass* type)
/// \param[in] cfg Method configuration (must be config_method_pap type) /// \param[in] cfg Method configuration (optional, can be \c NULL, must be config_method_pap type)
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL) /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
/// ///
/// \returns /// \returns
@ -424,9 +424,9 @@ namespace eap
/// - \c source_storage Credentials were loaded from Windows Credential Manager /// - \c source_storage Credentials were loaded from Windows Credential Manager
/// ///
virtual source_t combine( virtual source_t combine(
_In_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);
public: public:
winstd::sanitizing_wstring m_password; ///< Password winstd::sanitizing_wstring m_password; ///< Password

11
lib/EAPBase/src/Credentials.cpp
View File

@ -437,9 +437,9 @@ LPCTSTR eap::credentials_pass::target_suffix() const
eap::credentials::source_t eap::credentials_pass::combine( eap::credentials::source_t eap::credentials_pass::combine(
_In_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
{ {
if (cred_cached) { if (cred_cached) {
// Using EAP service cached credentials. // Using EAP service cached credentials.
@ -448,9 +448,10 @@ eap::credentials::source_t eap::credentials_pass::combine(
return source_cache; return source_cache;
} }
if (cfg.m_use_cred) { auto const *cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
if (cfg_with_cred && cfg_with_cred->m_use_cred) {
// Using configured credentials. // Using configured credentials.
*this = *dynamic_cast<const credentials_pass*>(cfg.m_cred.get()); *this = *dynamic_cast<const credentials_pass*>(cfg_with_cred->m_cred.get());
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank);
return source_config; return source_config;
} }

8
lib/EAPMsg/include/Credentials.h
View File

@ -186,7 +186,7 @@ namespace eap
/// Combine credentials in the following order: /// Combine credentials in the following order:
/// ///
/// 1. Cached credentials /// 1. Cached credentials
/// 2. Pre-configured credentials /// 2. Configured credentials (if \p cfg is derived from config_method_with_cred)
/// 3. Stored credentials /// 3. Stored credentials
/// ///
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_eapmsg* type) /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_eapmsg* type)
@ -199,9 +199,9 @@ namespace eap
/// - \c source_storage Credentials were loaded from Windows Credential Manager /// - \c source_storage Credentials were loaded from Windows Credential Manager
/// ///
virtual source_t combine( virtual source_t combine(
_In_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);
public: public:
sanitizing_blob m_cred; ///< Client credentials sanitizing_blob m_cred; ///< Client credentials

9
lib/EAPMsg/src/Credentials.cpp
View File

@ -242,9 +242,9 @@ std::wstring eap::credentials_eapmsg::get_identity() const
eap::credentials::source_t eap::credentials_eapmsg::combine( eap::credentials::source_t eap::credentials_eapmsg::combine(
_In_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
{ {
UNREFERENCED_PARAMETER(cfg); UNREFERENCED_PARAMETER(cfg);
@ -255,6 +255,9 @@ eap::credentials::source_t eap::credentials_eapmsg::combine(
return source_cache; return source_cache;
} }
// We do not store inner EAP method credentials inside configuration.
// Therefore, we skip configured credentials.
if (pszTargetName) { if (pszTargetName) {
try { try {
credentials_eapmsg cred_loaded(m_module); credentials_eapmsg cred_loaded(m_module);

8
lib/TLS/include/Credentials.h
View File

@ -186,7 +186,7 @@ namespace eap
/// Combine credentials in the following order: /// Combine credentials in the following order:
/// ///
/// 1. Cached credentials /// 1. Cached credentials
/// 2. Pre-configured credentials /// 2. Configured credentials (if \p cfg is derived from config_method_with_cred)
/// 3. Stored credentials /// 3. Stored credentials
/// ///
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_tls* type) /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_tls* type)
@ -199,9 +199,9 @@ namespace eap
/// - \c source_storage Credentials were loaded from Windows Credential Manager /// - \c source_storage Credentials were loaded from Windows Credential Manager
/// ///
virtual source_t combine( virtual source_t combine(
_In_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);
public: public:
winstd::cert_context m_cert; ///< Client certificate winstd::cert_context m_cert; ///< Client certificate

11
lib/TLS/src/Credentials.cpp
View File

@ -292,9 +292,9 @@ std::wstring eap::credentials_tls::get_identity() const
eap::credentials::source_t eap::credentials_tls::combine( eap::credentials::source_t eap::credentials_tls::combine(
_In_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
{ {
if (cred_cached) { if (cred_cached) {
// Using EAP service cached credentials. // Using EAP service cached credentials.
@ -303,9 +303,10 @@ eap::credentials::source_t eap::credentials_tls::combine(
return source_cache; return source_cache;
} }
if (cfg.m_use_cred) { auto const *cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
if (cfg_with_cred->m_use_cred) {
// Using configured credentials. // Using configured credentials.
*this = *dynamic_cast<const credentials_tls*>(cfg.m_cred.get()); *this = *dynamic_cast<const credentials_tls*>(cfg_with_cred->m_cred.get());
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
return source_config; return source_config;
} }

4
lib/TTLS/include/Config.h
View File

@ -172,7 +172,7 @@ namespace eap {
std::wstring get_public_identity(const credentials_ttls &cred) const; std::wstring get_public_identity(const credentials_ttls &cred) const;
public: public:
std::unique_ptr<config_method_with_cred> m_inner; ///< Inner authentication configuration std::unique_ptr<config_method> m_inner; ///< Inner authentication configuration
std::wstring m_anonymous_identity; ///< Anonymous identity std::wstring m_anonymous_identity; ///< Anonymous identity
}; };
} }

8
lib/TTLS/include/Credentials.h
View File

@ -172,7 +172,7 @@ namespace eap
/// Combine credentials in the following order: /// Combine credentials in the following order:
/// ///
/// 1. Cached credentials /// 1. Cached credentials
/// 2. Pre-configured credentials /// 2. Configured credentials (if \p cfg is derived from config_method_with_cred)
/// 3. Stored credentials /// 3. Stored credentials
/// ///
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_ttls* type) /// \param[in] cred_cached Cached credentials (optional, can be \c NULL, must be credentials_ttls* type)
@ -185,9 +185,9 @@ namespace eap
/// - \c source_storage Credentials were loaded from Windows Credential Manager /// - \c source_storage Credentials were loaded from Windows Credential Manager
/// ///
virtual source_t combine( virtual source_t combine(
_In_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);
public: public:
std::unique_ptr<credentials> m_inner; ///< Inner credentials std::unique_ptr<credentials> m_inner; ///< Inner credentials

3
lib/TTLS/src/Config.cpp
View File

@ -257,7 +257,8 @@ const wchar_t* eap::config_method_ttls::get_method_str() const
eap::credentials* eap::config_method_ttls::make_credentials() const eap::credentials* eap::config_method_ttls::make_credentials() const
{ {
credentials_ttls *cred = new credentials_ttls(m_module); credentials_ttls *cred = new credentials_ttls(m_module);
cred->m_inner.reset(m_inner->make_credentials()); auto *cfg_inner = dynamic_cast<const config_method_with_cred*>(m_inner.get());
cred->m_inner.reset(cfg_inner ? cfg_inner->make_credentials() : nullptr);
return cred; return cred;
} }

6
lib/TTLS/src/Credentials.cpp
View File

@ -179,9 +179,9 @@ wstring eap::credentials_ttls::get_identity() const
eap::credentials::source_t eap::credentials_ttls::combine( eap::credentials::source_t eap::credentials_ttls::combine(
_In_ const credentials *cred_cached, _In_opt_ const credentials *cred_cached,
_In_ const config_method_with_cred &cfg, _In_ const config_method &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
{ {
// Combine outer credentials. // Combine outer credentials.
source_t src_outer = credentials_tls::combine( source_t src_outer = credentials_tls::combine(

48
lib/TTLS_UI/src/TTLS_UI.cpp
View File

@ -43,7 +43,7 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov,
if (eap::config_method::status_cred_begin <= m_cfg.m_inner->m_last_status && m_cfg.m_inner->m_last_status < eap::config_method::status_cred_end) if (eap::config_method::status_cred_begin <= m_cfg.m_inner->m_last_status && m_cfg.m_inner->m_last_status < eap::config_method::status_cred_end)
sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, m_cfg.m_inner->m_last_status, this), 0, wxALL|wxEXPAND, 5); sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, m_cfg.m_inner->m_last_status, this), 0, wxALL|wxEXPAND, 5);
const eap::config_method_pap *cfg_inner_pap; const eap::config_method_pap *cfg_inner_pap;
const eap::config_method_mschapv2 *cfg_inner_mschapv2; const eap::config_method_mschapv2 *cfg_inner_mschapv2;
if ((cfg_inner_pap = dynamic_cast<const eap::config_method_pap*>(m_cfg.m_inner.get())) != NULL) { if ((cfg_inner_pap = dynamic_cast<const eap::config_method_pap*>(m_cfg.m_inner.get())) != NULL) {
if (!cred.m_inner) cred.m_inner.reset(new eap::credentials_pass(cred.m_module)); if (!cred.m_inner) cred.m_inner.reset(new eap::credentials_pass(cred.m_module));
@ -169,9 +169,9 @@ void wxTTLSConfigPanel::OnUpdateUI(wxUpdateUIEvent& event)
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
wxTTLSConfigWindow::wxTTLSConfigWindow(eap::config_provider &prov, eap::config_method &cfg, wxWindow* parent) : wxTTLSConfigWindow::wxTTLSConfigWindow(eap::config_provider &prov, eap::config_method &cfg, wxWindow* parent) :
m_cfg_pap(cfg.m_module, cfg.m_level + 1), m_cfg_pap (cfg.m_module, cfg.m_level + 1),
m_cfg_mschapv2(cfg.m_module, cfg.m_level + 1), m_cfg_mschapv2(cfg.m_module, cfg.m_level + 1),
m_cfg_eapmsg(cfg.m_module, cfg.m_level + 1), m_cfg_eapmsg (cfg.m_module, cfg.m_level + 1),
wxEAPConfigWindow(prov, cfg, parent) wxEAPConfigWindow(prov, cfg, parent)
{ {
wxBoxSizer* sb_content; wxBoxSizer* sb_content;
@ -234,19 +234,29 @@ wxTTLSConfigWindow::~wxTTLSConfigWindow()
bool wxTTLSConfigWindow::TransferDataToWindow() bool wxTTLSConfigWindow::TransferDataToWindow()
{ {
switch (dynamic_cast<eap::config_method_ttls&>(m_cfg).m_inner->get_method_id()) { auto &cfg_ttls = dynamic_cast<eap::config_method_ttls&>(m_cfg);
case winstd::eap_type_legacy_pap:
m_cfg_pap = *(eap::config_method_pap*)dynamic_cast<eap::config_method_ttls&>(m_cfg).m_inner.get();
m_inner_type->SetSelection(0); // 0=PAP
break;
case winstd::eap_type_legacy_mschapv2: auto *cfg_inner_eapmsg = dynamic_cast<eap::config_method_eapmsg*>(cfg_ttls.m_inner.get());
m_cfg_mschapv2 = *(eap::config_method_mschapv2*)dynamic_cast<eap::config_method_ttls&>(m_cfg).m_inner.get(); if (!cfg_inner_eapmsg) {
m_inner_type->SetSelection(1); // 1=MSCHAPv2 // Legacy inner methods
break; switch (cfg_ttls.m_inner->get_method_id()) {
case winstd::eap_type_legacy_pap:
m_cfg_pap = *(eap::config_method_pap*)cfg_ttls.m_inner.get();
m_inner_type->SetSelection(0); // 0=PAP
break;
default: case winstd::eap_type_legacy_mschapv2:
wxFAIL_MSG(wxT("Unsupported inner authentication method type.")); m_cfg_mschapv2 = *(eap::config_method_mschapv2*)cfg_ttls.m_inner.get();
m_inner_type->SetSelection(1); // 1=MSCHAPv2
break;
default:
wxFAIL_MSG(wxT("Unsupported inner authentication method type."));
}
} else {
// EAP inner method
m_cfg_eapmsg = *cfg_inner_eapmsg;
m_inner_type->SetSelection(2); // 2=EAP
} }
// Do not invoke inherited TransferDataToWindow(), as it will call others TransferDataToWindow(). // Do not invoke inherited TransferDataToWindow(), as it will call others TransferDataToWindow().
@ -259,15 +269,21 @@ bool wxTTLSConfigWindow::TransferDataFromWindow()
{ {
wxCHECK(wxScrolledWindow::TransferDataFromWindow(), false); wxCHECK(wxScrolledWindow::TransferDataFromWindow(), false);
auto &cfg_ttls = dynamic_cast<eap::config_method_ttls&>(m_cfg);
if (!m_prov.m_read_only) { if (!m_prov.m_read_only) {
// This is not a provider-locked configuration. Save the data. // This is not a provider-locked configuration. Save the data.
switch (m_inner_type->GetSelection()) { switch (m_inner_type->GetSelection()) {
case 0: // 0=PAP case 0: // 0=PAP
dynamic_cast<eap::config_method_ttls&>(m_cfg).m_inner.reset(new eap::config_method_pap(m_cfg_pap)); cfg_ttls.m_inner.reset(new eap::config_method_pap(m_cfg_pap));
break; break;
case 1: // 1=MSCHAPv2 case 1: // 1=MSCHAPv2
dynamic_cast<eap::config_method_ttls&>(m_cfg).m_inner.reset(new eap::config_method_mschapv2(m_cfg_mschapv2)); cfg_ttls.m_inner.reset(new eap::config_method_mschapv2(m_cfg_mschapv2));
break;
case 2: // 2=EAP
cfg_ttls.m_inner.reset(new eap::config_method_eapmsg(m_cfg_eapmsg));
break; break;
default: default: