Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Compare commits

base: Amebis:1.0-alpha6
Branches Tags
Amebis:master Amebis:ver1.0 Amebis:ver1.1
Amebis:1.3g Amebis:1.3f Amebis:1.3e Amebis:1.3d Amebis:1.3c Amebis:1.3b Amebis:1.3a Amebis:1.3 Amebis:1.2g Amebis:1.2f Amebis:1.1h Amebis:1.0i Amebis:1.2e Amebis:1.1g Amebis:1.0h Amebis:1.2d Amebis:1.1f Amebis:1.0g Amebis:1.2c Amebis:1.1e Amebis:1.0f Amebis:1.2b Amebis:1.1d Amebis:1.0e Amebis:1.2a Amebis:1.1c Amebis:1.0d Amebis:1.2 Amebis:1.1b Amebis:1.0c Amebis:1.2-beta2 Amebis:1.2-beta1 Amebis:1.2-beta Amebis:1.1a Amebis:1.0b Amebis:1.1 Amebis:1.1-beta2 Amebis:1.1-beta1 Amebis:1.0a Amebis:1.1-beta Amebis:1.0 Amebis:1.0-beta8 Amebis:1.0-beta7 Amebis:1.0-beta6 Amebis:1.0-beta5 Amebis:1.0-beta4 Amebis:1.0-beta3 Amebis:1.0-beta2 Amebis:1.0-beta1 Amebis:1.0-beta Amebis:1.0-alpha17 Amebis:1.0-alpha16 Amebis:1.0-alpha15 Amebis:1.0-alpha14 Amebis:1.0-alpha13 Amebis:1.0-alpha12 Amebis:1.0-alpha11 Amebis:1.0-alpha10 Amebis:1.0-alpha10-owntls Amebis:1.0-alpha9 Amebis:1.0-alpha8 Amebis:1.0-alpha7 Amebis:1.0-alpha6 Amebis:1.0-alpha5 Amebis:1.0-alpha4 Amebis:1.0-alpha3 Amebis:1.0-alpha2 Amebis:1.0-alpha1 Amebis:1.0-alpha0
..
compare: Amebis:1.0-alpha11
Branches Tags
Amebis:master Amebis:ver1.0 Amebis:ver1.1
Amebis:1.3g Amebis:1.3f Amebis:1.3e Amebis:1.3d Amebis:1.3c Amebis:1.3b Amebis:1.3a Amebis:1.3 Amebis:1.2g Amebis:1.2f Amebis:1.1h Amebis:1.0i Amebis:1.2e Amebis:1.1g Amebis:1.0h Amebis:1.2d Amebis:1.1f Amebis:1.0g Amebis:1.2c Amebis:1.1e Amebis:1.0f Amebis:1.2b Amebis:1.1d Amebis:1.0e Amebis:1.2a Amebis:1.1c Amebis:1.0d Amebis:1.2 Amebis:1.1b Amebis:1.0c Amebis:1.2-beta2 Amebis:1.2-beta1 Amebis:1.2-beta Amebis:1.1a Amebis:1.0b Amebis:1.1 Amebis:1.1-beta2 Amebis:1.1-beta1 Amebis:1.0a Amebis:1.1-beta Amebis:1.0 Amebis:1.0-beta8 Amebis:1.0-beta7 Amebis:1.0-beta6 Amebis:1.0-beta5 Amebis:1.0-beta4 Amebis:1.0-beta3 Amebis:1.0-beta2 Amebis:1.0-beta1 Amebis:1.0-beta Amebis:1.0-alpha17 Amebis:1.0-alpha16 Amebis:1.0-alpha15 Amebis:1.0-alpha14 Amebis:1.0-alpha13 Amebis:1.0-alpha12 Amebis:1.0-alpha11 Amebis:1.0-alpha10 Amebis:1.0-alpha10-owntls Amebis:1.0-alpha9 Amebis:1.0-alpha8 Amebis:1.0-alpha7 Amebis:1.0-alpha6 Amebis:1.0-alpha5 Amebis:1.0-alpha4 Amebis:1.0-alpha3 Amebis:1.0-alpha2 Amebis:1.0-alpha1 Amebis:1.0-alpha0

41 Commits
1.0-alpha6 ... 1.0-alpha1

Author SHA1 Message Date
Simon Rozman
352d546da1 Version set to 1.0-alpha11 2016-08-24 18:48:10 +02:00
Simon Rozman
d2ff78a613 Credential prompt sometimes displayed in background issue fixed now 2016-08-24 18:39:15 +02:00
Simon Rozman
10807fad18 Variable renamed from Slovenian to English 2016-08-24 18:36:51 +02:00
Simon Rozman
c6d53cd13c eap::monitor_ui class to prevent multiple launches introduced 2016-08-24 17:45:31 +02:00
Simon Rozman
6f25e4c0ad wxEAPGeneralDialog constructor parameters extended 2016-08-24 17:43:02 +02:00
Simon Rozman
edac93e115 Custom TLS identity is correctly enabled/disabled now. 2016-08-24 15:30:27 +02:00
Simon Rozman
d1c24efcf0 config_method_with_cred renamed to config_connection to describe it better 2016-08-24 11:39:37 +02:00
Simon Rozman
1cb6ca5adb Connection configuration is equipped with GUID now for multiple credential prompt disambiguation later 2016-08-24 11:34:30 +02:00
Simon Rozman
38e1443276 Logging of handshake progress introduced 2016-08-24 11:04:04 +02:00
Simon Rozman
6835f5279c Certificate (TLS) credentials support custom identity now 2016-08-24 11:03:18 +02:00
Simon Rozman
eb9c8a5f7c If configured trusted root CA certificate list is empty, that really means "Trust no one!" now 2016-08-23 23:40:07 +02:00
Simon Rozman
5332b538aa Our own TLS merged back to master and compiles conditionally 2016-08-23 22:46:00 +02:00
Simon Rozman
a9baa07227 Error type detection fixed 2016-08-23 22:41:12 +02:00
Simon Rozman
387a12ab5e Additional cases of invalid certificate caught 2016-08-23 17:41:20 +02:00
Simon Rozman
7b3251a758 Error throwing clean-up 2016-08-23 17:20:04 +02:00
Simon Rozman
894f19a81e Binary publishing updated 2016-08-23 16:45:16 +02:00
Simon Rozman
318ad7f355 Version set to 1.0-alpha10 2016-08-23 14:53:27 +02:00
Simon Rozman
ef2042253c When server certificate has no subjectAltName(2), compare host name against Common Name 2016-08-23 14:29:47 +02:00
Simon Rozman
9b997408a1 Switched to Schannel to do the TLS 2016-08-23 13:53:23 +02:00
Simon Rozman
5720524abe Version set to 1.0-alpha9 2016-08-18 06:33:02 +02:00
Simon Rozman
1f1b9b1084 GUI boots with a predefined configuration on new profiles now 
(closes #10)
 2016-08-18 06:31:16 +02:00
Simon Rozman
076c6b77d7 GUI updated to show "<Your Provider>" when provider ID is blank 2016-08-18 06:30:02 +02:00
Simon Rozman
92460c571f Initial focus changed to the first non-mouse-wheel-capturing control to allow initial scrolling of the configuration dialog using mouse wheel 2016-08-17 16:42:19 +02:00
Simon Rozman
b79a2f26f6 Support for read-only lock added to GUI 2016-08-17 16:27:43 +02:00
Simon Rozman
373c83dbbe Provider identity and help-desk is configurable via GUI now 2016-08-17 15:56:11 +02:00
Simon Rozman
543dada025 Provider and method lists are arrays now, to allow random access for configuration dialog coming-up 2016-08-17 14:47:15 +02:00
Simon Rozman
ce22ec3bfa wxEAPCredentialsPanelPassBase >> wxEAPCredentialsPassPanelBase 2016-08-17 13:48:14 +02:00
Simon Rozman
a04647b7b5 Version set to 1.0-alpha8 2016-08-17 11:51:36 +02:00
Simon Rozman
df1d431bd0 - TLS revised (again) 
- TLS Session resumption issues resolved
- Credential prompt has "Remember" checkbox initially selected when credentials originate from Windows Credential Manager
- Last authentication attempt failure notice is more general and no longer insinuate user credentials are the likely cause of the failure
- Additional log messages added
 2016-08-17 11:50:34 +02:00
Simon Rozman
16527c8124 Client explicitly refuses to accept change cipher spec if no or NULL cipher was proposed now 2016-08-17 09:32:43 +02:00
Simon Rozman
69e6b775f8 Hello requests are no longer included in the handshake hashing (as per RFC) 2016-08-17 09:29:55 +02:00
Simon Rozman
c69316071f Support for encrypted change cipher spec messages added 2016-08-17 09:26:46 +02:00
Simon Rozman
a02d1e7094 Explicit checks on server certificate chain added: 
- Certificate can not be self-signed: Cannot check trust against configured root CAs when server certificate is self-signed
- Server can provide full certificate chain up-to and including root CA. Importing root CA to the store for certificate chain validation would implicitly trust this certificate chain. Thus, we skip all self-signed certificates on import.
 2016-08-17 09:22:38 +02:00
Simon Rozman
078636eb14 make_change_chiper_spec() removed as this message can simply be created using make_message() 2016-08-17 09:09:42 +02:00
Simon Rozman
cabae26e0b Flags describing handshake messages received assembled in a boolean table of flags 2016-08-17 09:01:11 +02:00
Simon Rozman
7376693838 Additional constants 2016-08-17 08:34:25 +02:00
Simon Rozman
a5b3914a09 Comments and some minor clean-up 2016-08-16 22:27:30 +02:00
Simon Rozman
8beb7bd27a Version set to 1.0-alpha7 2016-08-16 16:59:03 +02:00
Simon Rozman
00dd1277c5 Switched to the new key import method, as the old one had issues with PROV_RSA_AES crystallographic provider 2016-08-16 16:55:18 +02:00
Simon Rozman
e9839706b6 TLS clean-up 2016-08-16 16:44:19 +02:00
Simon Rozman
f5b03bc0bf Annotation update 2016-08-16 10:39:42 +02:00
50 changed files with 5056 additions and 1410 deletions
Expand all files Collapse all files

12
EventMonitor/App.cpp
View File

@@ -66,12 +66,12 @@ bool wxEventMonitorApp::OnInit()
#ifdef __WXMSW__ #ifdef __WXMSW__
// Find EventMonitor window if already running. // Find EventMonitor window if already running.
HWND okno = ::FindWindow(_T("wxWindowNR"), _("Event Monitor")); HWND hWnd = ::FindWindow(_T("wxWindowNR"), _("Event Monitor"));
if (okno) { if (hWnd) {
if (::IsIconic(okno)) if (::IsIconic(hWnd))
::SendMessage(okno, WM_SYSCOMMAND, SC_RESTORE, 0); ::SendMessage(hWnd, WM_SYSCOMMAND, SC_RESTORE, 0);
::SetActiveWindow(okno); ::SetActiveWindow(hWnd);
::SetForegroundWindow(okno); ::SetForegroundWindow(hWnd);
// Not an error condition actually; Just nothing else to do... // Not an error condition actually; Just nothing else to do...
return false; return false;

BIN
Makefile
View File

Binary file not shown.

2
include/Common.props
View File

@@ -32,7 +32,7 @@
<ItemDefinitionGroup> <ItemDefinitionGroup>
<ClCompile> <ClCompile>
<WarningLevel>Level4</WarningLevel> <WarningLevel>Level4</WarningLevel>
<PreprocessorDefinitions>_WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;CERT_CHAIN_PARA_HAS_EXTRA_FIELDS;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>_WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;SECURITY_WIN32;CERT_CHAIN_PARA_HAS_EXTRA_FIELDS;EAP_TLS=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PrecompiledHeader>Use</PrecompiledHeader> <PrecompiledHeader>Use</PrecompiledHeader>
<PrecompiledHeaderFile>StdAfx.h</PrecompiledHeaderFile> <PrecompiledHeaderFile>StdAfx.h</PrecompiledHeaderFile>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat> <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>

10
include/Version.h
View File

@@ -29,7 +29,7 @@
// Product version as a single DWORD // Product version as a single DWORD
// Note: Used for version comparison within C/C++ code. // Note: Used for version comparison within C/C++ code.
// //
#define PRODUCT_VERSION 0x00ff0600 #define PRODUCT_VERSION 0x00ff0b00
// //
// Product version by components // Product version by components
@@ -39,26 +39,26 @@
// //
#define PRODUCT_VERSION_MAJ 0 #define PRODUCT_VERSION_MAJ 0
#define PRODUCT_VERSION_MIN 255 #define PRODUCT_VERSION_MIN 255
#define PRODUCT_VERSION_REV 6 #define PRODUCT_VERSION_REV 11
#define PRODUCT_VERSION_BUILD 0 #define PRODUCT_VERSION_BUILD 0
// //
// Human readable product version and build year for UI // Human readable product version and build year for UI
// //
#define PRODUCT_VERSION_STR "1.0-alpha6" #define PRODUCT_VERSION_STR "1.0-alpha11"
#define PRODUCT_BUILD_YEAR_STR "2016" #define PRODUCT_BUILD_YEAR_STR "2016"
// //
// Numerical version presentation for ProductVersion propery in // Numerical version presentation for ProductVersion propery in
// MSI packages (syntax: N.N[.N[.N]]) // MSI packages (syntax: N.N[.N[.N]])
// //
#define PRODUCT_VERSION_INST "0.255.6" #define PRODUCT_VERSION_INST "0.255.11"
// //
// The product code for ProductCode property in MSI packages // The product code for ProductCode property in MSI packages
// Replace with new on every version change, regardless how minor it is. // Replace with new on every version change, regardless how minor it is.
// //
#define PRODUCT_VERSION_GUID "{BC83D8A6-59FB-4DD9-87F7-CCA4822EE432}" #define PRODUCT_VERSION_GUID "{C6CA6AA8-33A4-4867-BB0A-B5F82655D611}"
// //
// Since the product name is not finally confirmed at the time of // Since the product name is not finally confirmed at the time of

26
lib/EAPBase/include/Config.h
View File

@@ -40,14 +40,14 @@ namespace eap
class config_method_with_cred; class config_method_with_cred;
/// ///
/// Base class for single provider configuration storage /// Provider configuration storage
/// ///
class config_provider; class config_provider;
/// ///
/// Base class for the list of providers configuration storage /// Connection configuration storage
/// ///
class config_provider_list; class config_connection;
} }
/// ///
@@ -89,7 +89,6 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config &val);
#include <eaptypes.h> // Must include after <Windows.h> #include <eaptypes.h> // Must include after <Windows.h>
#include <tchar.h> #include <tchar.h>
#include <list>
#include <string> #include <string>
#include <memory> #include <memory>
@@ -342,7 +341,7 @@ namespace eap
bool m_allow_save; ///< Are credentials allowed to be saved to Windows Credential Manager? bool m_allow_save; ///< Are credentials allowed to be saved to Windows Credential Manager?
bool m_use_preshared; ///< Use pre-shared credentials bool m_use_preshared; ///< Use pre-shared credentials
std::unique_ptr<credentials> m_preshared; ///< Pre-shared credentials std::unique_ptr<credentials> m_preshared; ///< Pre-shared credentials
bool m_cred_failed; ///< Did credential fail last time? bool m_auth_failed; ///< Did credential fail last time?
}; };
@@ -451,11 +450,11 @@ namespace eap
winstd::tstring m_lbl_alt_credential; ///< Alternative label for credential prompt winstd::tstring m_lbl_alt_credential; ///< Alternative label for credential prompt
winstd::tstring m_lbl_alt_identity; ///< Alternative label for identity prompt winstd::tstring m_lbl_alt_identity; ///< Alternative label for identity prompt
winstd::tstring m_lbl_alt_password; ///< Alternative label for password prompt winstd::tstring m_lbl_alt_password; ///< Alternative label for password prompt
std::list<std::unique_ptr<config_method> > m_methods; ///< List of method configurations std::vector<std::unique_ptr<config_method> > m_methods; ///< Array of method configurations
}; };
class config_provider_list : public config class config_connection : public config
{ {
public: public:
/// ///
@@ -463,21 +462,21 @@ namespace eap
/// ///
/// \param[in] mod EAP module to use for global services /// \param[in] mod EAP module to use for global services
/// ///
config_provider_list(_In_ module &mod); config_connection(_In_ module &mod);
/// ///
/// Copies configuration /// Copies configuration
/// ///
/// \param[in] other Configuration to copy from /// \param[in] other Configuration to copy from
/// ///
config_provider_list(_In_ const config_provider_list &other); config_connection(_In_ const config_connection &other);
/// ///
/// Moves configuration /// Moves configuration
/// ///
/// \param[in] other Configuration to move from /// \param[in] other Configuration to move from
/// ///
config_provider_list(_Inout_ config_provider_list &&other); config_connection(_Inout_ config_connection &&other);
/// ///
/// Copies configuration /// Copies configuration
@@ -486,7 +485,7 @@ namespace eap
/// ///
/// \returns Reference to this object /// \returns Reference to this object
/// ///
config_provider_list& operator=(_In_ const config_provider_list &other); config_connection& operator=(_In_ const config_connection &other);
/// ///
/// Moves configuration /// Moves configuration
@@ -495,7 +494,7 @@ namespace eap
/// ///
/// \returns Reference to this object /// \returns Reference to this object
/// ///
config_provider_list& operator=(_Inout_ config_provider_list &&other); config_connection& operator=(_Inout_ config_connection &&other);
/// ///
/// Clones configuration /// Clones configuration
@@ -551,7 +550,8 @@ namespace eap
/// @} /// @}
public: public:
std::list<eap::config_provider> m_providers; ///< List of provider configurations GUID m_connection_id; ///< Unique connection ID
std::vector<eap::config_provider> m_providers; ///< Array of provider configurations
}; };
} }

87
lib/EAPBase/include/Credentials.h
View File

@@ -54,6 +54,18 @@ namespace eap
{ {
class credentials : public config class credentials : public config
{ {
public:
///
/// Credential source when combined
///
enum source_t {
source_unknown = -1, ///< Unknown source
source_cache = 0, ///< Credentials were obtained from EAPHost cache
source_preshared, ///< Credentials were set by method configuration
source_storage ///< Credentials were loaded from Windows Credential Manager
};
public: public:
/// ///
/// Constructs credentials /// Constructs credentials
@@ -108,6 +120,52 @@ namespace eap
/// ///
virtual bool empty() const; virtual bool empty() const;
/// \name XML configuration management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
/// \name Storage /// \name Storage
/// @{ /// @{
@@ -152,32 +210,15 @@ namespace eap
/// ///
/// Returns credential identity. /// Returns credential identity.
/// ///
virtual std::wstring get_identity() const = 0; virtual std::wstring get_identity() const;
/// ///
/// Returns credential name (for GUI display). /// Returns credential name (for GUI display).
/// ///
virtual winstd::tstring get_name() const; virtual winstd::tstring get_name() const;
/// public:
/// Combine credentials in the following order: std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.)
///
/// 1. Cached credentials
/// 2. Pre-configured credentials
/// 3. Stored credentials
///
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL)
/// \param[in] cfg Method configuration
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c true if credentials were set;
/// - \c false otherwise
///
virtual bool combine(
_In_ const credentials *cred_cached,
_In_ config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName);
}; };
@@ -302,13 +343,7 @@ namespace eap
/// @} /// @}
///
/// Returns credential identity.
///
virtual std::wstring get_identity() const;
public: public:
std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.)
winstd::sanitizing_wstring m_password; ///< Password winstd::sanitizing_wstring m_password; ///< Password
private: private:

283
lib/EAPBase/include/EAP.h
View File

@@ -57,6 +57,25 @@ namespace eap
/// ///
typedef std::vector<unsigned char, winstd::sanitizing_allocator<unsigned char> > sanitizing_blob; typedef std::vector<unsigned char, winstd::sanitizing_allocator<unsigned char> > sanitizing_blob;
///
/// Sanitizing BLOB of fixed size
///
template<size_t N> struct sanitizing_blob_f;
///
/// Sanitizing BLOB of fixed size (zero initialized)
///
template<size_t N> struct sanitizing_blob_zf;
///
/// Sanitizing BLOB of fixed size (zero initialized in _DEBUG version)
///
#ifdef _DEBUG
#define sanitizing_blob_xf sanitizing_blob_zf
#else
#define sanitizing_blob_xf sanitizing_blob_f
#endif
/// ///
/// Diameter AVP flags /// Diameter AVP flags
/// ///
@@ -347,6 +366,56 @@ inline size_t pksizeof(const winstd::eap_type_t &val);
/// ///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ winstd::eap_type_t &val); inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ winstd::eap_type_t &val);
///
/// Packs a BLOB
///
/// \param[inout] cursor Memory cursor
/// \param[in] val Variable with data to pack
///
template<size_t N> inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::sanitizing_blob_f<N> &val);
///
/// Returns packed size of a BLOB
///
/// \param[in] val Data to pack
///
/// \returns Size of data when packed (in bytes)
///
template<size_t N> inline size_t pksizeof(_In_ const eap::sanitizing_blob_f<N> &val);
///
/// Unpacks a BLOB
///
/// \param[inout] cursor Memory cursor
/// \param[out] val Variable to receive unpacked value
///
template<size_t N> inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::sanitizing_blob_f<N> &val);
///
/// Packs a GUID
///
/// \param[inout] cursor Memory cursor
/// \param[in] val Variable with data to pack
///
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const GUID &val);
///
/// Returns packed size of a GUID
///
/// \param[in] val Data to pack
///
/// \returns Size of data when packed (in bytes)
///
inline size_t pksizeof(_In_ const GUID &val);
///
/// Unpacks a GUID
///
/// \param[inout] cursor Memory cursor
/// \param[out] val Variable to receive unpacked value
///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ GUID &val);
#ifndef htonll #ifndef htonll
/// ///
/// Convert host converts an unsigned __int64 from host to TCP/IP network byte order. /// Convert host converts an unsigned __int64 from host to TCP/IP network byte order.
@@ -381,6 +450,167 @@ namespace eap
}; };
#pragma pack(push)
#pragma pack(1)
template<size_t N>
struct __declspec(novtable) sanitizing_blob_f<N>
{
unsigned char data[N]; ///< BLOB data
///
/// Constructor
///
inline sanitizing_blob_f()
{
}
///
/// Copies a BLOB
///
/// \param[in] other BLOB to copy from
///
inline sanitizing_blob_f(_In_ const sanitizing_blob_f<N> &other)
{
memcpy(data, other.data, N);
}
///
/// Moves the BLOB
///
/// \param[inout] other Zero-initialized BLOB to move from
///
inline sanitizing_blob_f(_Inout_ sanitizing_blob_zf<N> &&other)
{
memcpy(data, other.data, N);
memset(other.data, 0, N);
}
///
/// Destructor
///
inline ~sanitizing_blob_f()
{
SecureZeroMemory(data, N);
}
///
/// Copies a BLOB
///
/// \param[in] other BLOB to copy from
///
/// \returns Reference to this object
///
inline sanitizing_blob_f& operator=(_In_ const sanitizing_blob_f<N> &other)
{
if (this != std::addressof(other))
memcpy(data, other.data, N);
return *this;
}
///
/// Moves the BLOB
///
/// \param[inout] other Zero-initialized BLOB to copy from
///
/// \returns Reference to this object
///
inline sanitizing_blob_f& operator=(_Inout_ sanitizing_blob_zf<N> &&other)
{
if (this != std::addressof(other)) {
memcpy(data, other.data, N);
memset(other.data, 0, N);
}
return *this;
}
///
/// Is BLOB not equal to?
///
/// \param[in] other BLOB to compare against
///
/// \returns
/// - \c true when BLOBs are not equal;
/// - \c false otherwise
///
inline bool operator!=(_In_ const sanitizing_blob_f<N> &other) const
{
return !operator==(other);
}
///
/// Is BLOB equal to?
///
/// \param[in] other BLOB to compare against
///
/// \returns
/// - \c true when BLOBs are equal;
/// - \c false otherwise
///
inline bool operator==(_In_ const sanitizing_blob_f<N> &other) const
{
for (size_t i = 0; i < N; i++)
if (data[i] != other.data[i]) return false;
return true;
}
///
/// Is BLOB empty?
///
/// \returns
/// - \c true when BLOB is all-zero;
/// - \c false otherwise
///
inline bool empty() const
{
for (size_t i = 0; i < N; i++)
if (data[i]) return false;
return true;
}
///
/// Zero the BLOB
///
inline void clear()
{
memset(data, 0, N);
}
};
template<size_t N>
struct __declspec(novtable) sanitizing_blob_zf<N> : sanitizing_blob_f<N>
{
///
/// Constructor
///
inline sanitizing_blob_zf() : sanitizing_blob_f<N>()
{
memset(data, 0, N);
}
///
/// Copies a BLOB
///
/// \param[in] other BLOB to copy from
///
inline sanitizing_blob_zf(_In_ const sanitizing_blob_f<N> &other) :
sanitizing_blob_f<N>(other)
{
}
///
/// Moves the BLOB
///
/// \param[inout] other Zero-initialized BLOB to move from
///
inline sanitizing_blob_zf(_Inout_ sanitizing_blob_zf<N> &&other) :
sanitizing_blob_f<N>(std::move(other))
{
}
};
#pragma pack(pop)
#pragma warning(suppress: 4480) #pragma warning(suppress: 4480)
enum diameter_avp_flags_t : unsigned char { enum diameter_avp_flags_t : unsigned char {
diameter_avp_flag_vendor = 0x80, ///< Vendor-ID present diameter_avp_flag_vendor = 0x80, ///< Vendor-ID present
@@ -742,6 +972,59 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ winstd::eap_type_t
} }
template<size_t N>
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::sanitizing_blob_f<N> &val)
{
eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(eap::sanitizing_blob_f<N>);
assert(ptr_end <= cursor.ptr_end);
memcpy(cursor.ptr, val.data, sizeof(eap::sanitizing_blob_f<N>));
cursor.ptr = ptr_end;
}
template<size_t N>
inline size_t pksizeof(_In_ const eap::sanitizing_blob_f<N> &val)
{
UNREFERENCED_PARAMETER(val);
return sizeof(eap::sanitizing_blob_f<N>);
}
template<size_t N>
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::sanitizing_blob_f<N> &val)
{
eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(eap::sanitizing_blob_f<N>);
assert(ptr_end <= cursor.ptr_end);
memcpy(val.data, cursor.ptr, sizeof(eap::sanitizing_blob_f<N>));
cursor.ptr = ptr_end;
}
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const GUID &val)
{
eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(GUID);
assert(ptr_end <= cursor.ptr_end);
memcpy(cursor.ptr, &val, sizeof(GUID));
cursor.ptr = ptr_end;
}
inline size_t pksizeof(_In_ const GUID &val)
{
UNREFERENCED_PARAMETER(val);
return sizeof(GUID);
}
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ GUID &val)
{
eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(GUID);
assert(ptr_end <= cursor.ptr_end);
memcpy(&val, cursor.ptr, sizeof(GUID));
cursor.ptr = ptr_end;
}
#ifndef htonll #ifndef htonll
inline unsigned __int64 htonll(unsigned __int64 val) inline unsigned __int64 htonll(unsigned __int64 val)

26
lib/EAPBase/include/Method.h
View File

@@ -51,17 +51,11 @@ namespace eap
/// Constructs an EAP method /// Constructs an EAP method
/// ///
/// \param[in] mod EAP module to use for global services /// \param[in] mod EAP module to use for global services
/// \param[in] cfg Providers configuration /// \param[in] cfg Connection configuration
/// \param[in] cred User credentials /// \param[in] cred User credentials
/// ///
method(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials &cred); method(_In_ module &module, _In_ config_connection &cfg, _In_ credentials &cred);
///
/// Copies an EAP method
///
/// \param[in] other EAP method to copy from
///
method(_In_ const method &other);
/// ///
/// Moves an EAP method /// Moves an EAP method
@@ -70,15 +64,6 @@ namespace eap
/// ///
method(_Inout_ method &&other); method(_Inout_ method &&other);
///
/// Copies an EAP method
///
/// \param[in] other EAP method to copy from
///
/// \returns Reference to this object
///
method& operator=(_In_ const method &other);
/// ///
/// Moves an EAP method /// Moves an EAP method
/// ///
@@ -139,9 +124,14 @@ namespace eap
/// @} /// @}
private:
// This class is noncopyable.
method(_In_ const method &other);
method& operator=(_In_ const method &other);
public: public:
module &m_module; ///< EAP module module &m_module; ///< EAP module
config_provider_list &m_cfg; ///< Providers configuration config_connection &m_cfg; ///< Connection configuration
credentials &m_cred; ///< User credentials credentials &m_cred; ///< User credentials
}; };
} }

64
lib/EAPBase/src/Config.cpp
View File

@@ -139,7 +139,7 @@ eap::config_method& eap::config_method::operator=(_Inout_ config_method &&other)
eap::config_method_with_cred::config_method_with_cred(_In_ module &mod) : eap::config_method_with_cred::config_method_with_cred(_In_ module &mod) :
m_allow_save(true), m_allow_save(true),
m_use_preshared(false), m_use_preshared(false),
m_cred_failed(false), m_auth_failed(false),
config_method(mod) config_method(mod)
{ {
} }
@@ -149,7 +149,7 @@ eap::config_method_with_cred::config_method_with_cred(_In_ const config_method_w
m_allow_save(other.m_allow_save), m_allow_save(other.m_allow_save),
m_use_preshared(other.m_use_preshared), m_use_preshared(other.m_use_preshared),
m_preshared(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr), m_preshared(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr),
m_cred_failed(other.m_cred_failed), m_auth_failed(other.m_auth_failed),
config_method(other) config_method(other)
{ {
} }
@@ -159,7 +159,7 @@ eap::config_method_with_cred::config_method_with_cred(_Inout_ config_method_with
m_allow_save(std::move(other.m_allow_save)), m_allow_save(std::move(other.m_allow_save)),
m_use_preshared(std::move(other.m_use_preshared)), m_use_preshared(std::move(other.m_use_preshared)),
m_preshared(std::move(other.m_preshared)), m_preshared(std::move(other.m_preshared)),
m_cred_failed(std::move(other.m_cred_failed)), m_auth_failed(std::move(other.m_auth_failed)),
config_method(std::move(other)) config_method(std::move(other))
{ {
} }
@@ -172,7 +172,7 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_In_ const
m_allow_save = other.m_allow_save; m_allow_save = other.m_allow_save;
m_use_preshared = other.m_use_preshared; m_use_preshared = other.m_use_preshared;
m_preshared.reset(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr); m_preshared.reset(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr);
m_cred_failed = other.m_cred_failed; m_auth_failed = other.m_auth_failed;
} }
return *this; return *this;
@@ -186,7 +186,7 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_Inout_ co
m_allow_save = std::move(other.m_allow_save ); m_allow_save = std::move(other.m_allow_save );
m_use_preshared = std::move(other.m_use_preshared); m_use_preshared = std::move(other.m_use_preshared);
m_preshared = std::move(other.m_preshared ); m_preshared = std::move(other.m_preshared );
m_cred_failed = std::move(other.m_cred_failed ); m_auth_failed = std::move(other.m_auth_failed );
} }
return *this; return *this;
@@ -248,7 +248,7 @@ void eap::config_method_with_cred::operator<<(_Inout_ cursor_out &cursor) const
cursor << m_allow_save; cursor << m_allow_save;
cursor << m_use_preshared; cursor << m_use_preshared;
cursor << *m_preshared; cursor << *m_preshared;
cursor << m_cred_failed; cursor << m_auth_failed;
} }
@@ -259,7 +259,7 @@ size_t eap::config_method_with_cred::get_pk_size() const
pksizeof(m_allow_save ) + pksizeof(m_allow_save ) +
pksizeof(m_use_preshared) + pksizeof(m_use_preshared) +
pksizeof(*m_preshared ) + pksizeof(*m_preshared ) +
pksizeof(m_cred_failed ); pksizeof(m_auth_failed );
} }
@@ -269,7 +269,7 @@ void eap::config_method_with_cred::operator>>(_Inout_ cursor_in &cursor)
cursor >> m_allow_save; cursor >> m_allow_save;
cursor >> m_use_preshared; cursor >> m_use_preshared;
cursor >> *m_preshared; cursor >> *m_preshared;
cursor >> m_cred_failed; cursor >> m_auth_failed;
} }
@@ -296,7 +296,8 @@ eap::config_provider::config_provider(_In_ const config_provider &other) :
m_lbl_alt_password(other.m_lbl_alt_password), m_lbl_alt_password(other.m_lbl_alt_password),
config(other) config(other)
{ {
for (list<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method) m_methods.reserve(other.m_methods.size());
for (vector<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr))); m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr)));
} }
@@ -332,7 +333,8 @@ eap::config_provider& eap::config_provider::operator=(_In_ const config_provider
m_lbl_alt_password = other.m_lbl_alt_password; m_lbl_alt_password = other.m_lbl_alt_password;
m_methods.clear(); m_methods.clear();
for (list<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method) m_methods.reserve(other.m_methods.size());
for (vector<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr))); m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr)));
} }
@@ -432,7 +434,7 @@ void eap::config_provider::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pC
if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods"), bstr(L"AuthenticationMethods"), bstrNamespace, &pXmlElAuthenticationMethods))) if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods"), bstr(L"AuthenticationMethods"), bstrNamespace, &pXmlElAuthenticationMethods)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <AuthenticationMethods> element."); throw com_runtime_error(hr, __FUNCTION__ " Error creating <AuthenticationMethods> element.");
for (list<unique_ptr<config_method> >::const_iterator method = m_methods.cbegin(), method_end = m_methods.cend(); method != method_end; ++method) { for (vector<unique_ptr<config_method> >::const_iterator method = m_methods.cbegin(), method_end = m_methods.cend(); method != method_end; ++method) {
// <AuthenticationMethod> // <AuthenticationMethod>
com_obj<IXMLDOMElement> pXmlElAuthenticationMethod; com_obj<IXMLDOMElement> pXmlElAuthenticationMethod;
if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"AuthenticationMethod"), bstrNamespace, &pXmlElAuthenticationMethod))) if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"AuthenticationMethod"), bstrNamespace, &pXmlElAuthenticationMethod)))
@@ -607,32 +609,36 @@ void eap::config_provider::operator>>(_Inout_ cursor_in &cursor)
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// eap::config_provider_list // eap::config_connection
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::config_provider_list::config_provider_list(_In_ module &mod) : config(mod) eap::config_connection::config_connection(_In_ module &mod) : config(mod)
{ {
memset(&m_connection_id, 0, sizeof(m_connection_id));
} }
eap::config_provider_list::config_provider_list(_In_ const config_provider_list &other) : eap::config_connection::config_connection(_In_ const config_connection &other) :
m_connection_id(other.m_connection_id),
m_providers(other.m_providers), m_providers(other.m_providers),
config(other) config(other)
{ {
} }
eap::config_provider_list::config_provider_list(_Inout_ config_provider_list &&other) : eap::config_connection::config_connection(_Inout_ config_connection &&other) :
m_connection_id(std::move(other.m_connection_id)),
m_providers(std::move(other.m_providers)), m_providers(std::move(other.m_providers)),
config(std::move(other)) config(std::move(other))
{ {
} }
eap::config_provider_list& eap::config_provider_list::operator=(_In_ const config_provider_list &other) eap::config_connection& eap::config_connection::operator=(_In_ const config_connection &other)
{ {
if (this != &other) { if (this != &other) {
(config&)*this = other; (config&)*this = other;
m_connection_id = other.m_connection_id;
m_providers = other.m_providers; m_providers = other.m_providers;
} }
@@ -640,10 +646,11 @@ eap::config_provider_list& eap::config_provider_list::operator=(_In_ const confi
} }
eap::config_provider_list& eap::config_provider_list::operator=(_Inout_ config_provider_list &&other) eap::config_connection& eap::config_connection::operator=(_Inout_ config_connection &&other)
{ {
if (this != &other) { if (this != &other) {
(config&&)*this = std::move(other); (config&&)*this = std::move(other);
m_connection_id = std::move(other.m_connection_id);
m_providers = std::move(other.m_providers); m_providers = std::move(other.m_providers);
} }
@@ -651,13 +658,13 @@ eap::config_provider_list& eap::config_provider_list::operator=(_Inout_ config_p
} }
eap::config* eap::config_provider_list::clone() const eap::config* eap::config_connection::clone() const
{ {
return new config_provider_list(*this); return new config_connection(*this);
} }
void eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const void eap::config_connection::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{ {
config::save(pDoc, pConfigRoot); config::save(pDoc, pConfigRoot);
@@ -669,7 +676,7 @@ void eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNod
if (FAILED(hr = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList"), &pXmlElIdentityProviderList))) if (FAILED(hr = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList"), &pXmlElIdentityProviderList)))
throw com_runtime_error(hr, __FUNCTION__ " Error selecting <EAPIdentityProviderList> element."); throw com_runtime_error(hr, __FUNCTION__ " Error selecting <EAPIdentityProviderList> element.");
for (list<config_provider>::const_iterator provider = m_providers.cbegin(), provider_end = m_providers.cend(); provider != provider_end; ++provider) { for (vector<config_provider>::const_iterator provider = m_providers.cbegin(), provider_end = m_providers.cend(); provider != provider_end; ++provider) {
// <EAPIdentityProvider> // <EAPIdentityProvider>
com_obj<IXMLDOMElement> pXmlElIdentityProvider; com_obj<IXMLDOMElement> pXmlElIdentityProvider;
if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"EAPIdentityProvider"), bstrNamespace, &pXmlElIdentityProvider))) if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"EAPIdentityProvider"), bstrNamespace, &pXmlElIdentityProvider)))
@@ -684,13 +691,16 @@ void eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNod
} }
void eap::config_provider_list::load(_In_ IXMLDOMNode *pConfigRoot) void eap::config_connection::load(_In_ IXMLDOMNode *pConfigRoot)
{ {
assert(pConfigRoot); assert(pConfigRoot);
HRESULT hr; HRESULT hr;
config::load(pConfigRoot); config::load(pConfigRoot);
// On each configuration import reset ID.
CoCreateGuid(&m_connection_id);
// Iterate authentication providers (<EAPIdentityProvider>). // Iterate authentication providers (<EAPIdentityProvider>).
com_obj<IXMLDOMNodeList> pXmlListProviders; com_obj<IXMLDOMNodeList> pXmlListProviders;
if (FAILED(hr = eapxml::select_nodes(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList/eap-metadata:EAPIdentityProvider"), &pXmlListProviders))) if (FAILED(hr = eapxml::select_nodes(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList/eap-metadata:EAPIdentityProvider"), &pXmlListProviders)))
@@ -712,25 +722,29 @@ void eap::config_provider_list::load(_In_ IXMLDOMNode *pConfigRoot)
} }
void eap::config_provider_list::operator<<(_Inout_ cursor_out &cursor) const void eap::config_connection::operator<<(_Inout_ cursor_out &cursor) const
{ {
config::operator<<(cursor); config::operator<<(cursor);
cursor << m_connection_id;
cursor << m_providers; cursor << m_providers;
} }
size_t eap::config_provider_list::get_pk_size() const size_t eap::config_connection::get_pk_size() const
{ {
return return
config::get_pk_size() + config::get_pk_size() +
pksizeof(m_connection_id) +
pksizeof(m_providers ); pksizeof(m_providers );
} }
void eap::config_provider_list::operator>>(_Inout_ cursor_in &cursor) void eap::config_connection::operator>>(_Inout_ cursor_in &cursor)
{ {
config::operator>>(cursor); config::operator>>(cursor);
cursor >> m_connection_id;
list<config_provider>::size_type count; list<config_provider>::size_type count;
cursor >> count; cursor >> count;
m_providers.clear(); m_providers.clear();

114
lib/EAPBase/src/Credentials.cpp
View File

@@ -36,12 +36,14 @@ eap::credentials::credentials(_In_ module &mod) : config(mod)
eap::credentials::credentials(_In_ const credentials &other) : eap::credentials::credentials(_In_ const credentials &other) :
m_identity(other.m_identity),
config(other) config(other)
{ {
} }
eap::credentials::credentials(_Inout_ credentials &&other) : eap::credentials::credentials(_Inout_ credentials &&other) :
m_identity(std::move(other.m_identity)),
config(std::move(other)) config(std::move(other))
{ {
} }
@@ -49,8 +51,10 @@ eap::credentials::credentials(_Inout_ credentials &&other) :
eap::credentials& eap::credentials::operator=(_In_ const credentials &other) eap::credentials& eap::credentials::operator=(_In_ const credentials &other)
{ {
if (this != &other) if (this != &other) {
(config&)*this = other; (config&)*this = other;
m_identity = other.m_identity;
}
return *this; return *this;
} }
@@ -58,8 +62,10 @@ eap::credentials& eap::credentials::operator=(_In_ const credentials &other)
eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other) eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other)
{ {
if (this != &other) if (this != &other) {
(config&)*this = std::move(other); (config&)*this = std::move(other);
m_identity = std::move(other.m_identity);
}
return *this; return *this;
} }
@@ -67,13 +73,73 @@ eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other)
void eap::credentials::clear() void eap::credentials::clear()
{ {
m_identity.clear();
} }
bool eap::credentials::empty() const bool eap::credentials::empty() const
{ {
// Base class always report empty credentials. return m_identity.empty();
return true; }
void eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{
assert(pDoc);
assert(pConfigRoot);
config::save(pDoc, pConfigRoot);
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
HRESULT hr;
// <UserName>
if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <UserName> element.");
}
void eap::credentials::load(_In_ IXMLDOMNode *pConfigRoot)
{
assert(pConfigRoot);
HRESULT hr;
config::load(pConfigRoot);
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)))
throw com_runtime_error(hr, __FUNCTION__ " Error reading <UserName> element.");
m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
}
void eap::credentials::operator<<(_Inout_ cursor_out &cursor) const
{
config::operator<<(cursor);
cursor << m_identity;
}
size_t eap::credentials::get_pk_size() const
{
return
config::get_pk_size() +
pksizeof(m_identity);
}
void eap::credentials::operator>>(_Inout_ cursor_in &cursor)
{
config::operator>>(cursor);
cursor >> m_identity;
}
wstring eap::credentials::get_identity() const
{
return m_identity;
} }
@@ -83,19 +149,6 @@ tstring eap::credentials::get_name() const
} }
bool eap::credentials::combine(
_In_ const credentials *cred_cached,
_In_ config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName)
{
UNREFERENCED_PARAMETER(cred_cached);
UNREFERENCED_PARAMETER(cfg);
UNREFERENCED_PARAMETER(pszTargetName);
// When there's nothing to combine...
return true;
}
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// eap::credentials_pass // eap::credentials_pass
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
@@ -106,7 +159,6 @@ eap::credentials_pass::credentials_pass(_In_ module &mod) : credentials(mod)
eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) : eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) :
m_identity(other.m_identity),
m_password(other.m_password), m_password(other.m_password),
credentials(other) credentials(other)
{ {
@@ -114,7 +166,6 @@ eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) :
eap::credentials_pass::credentials_pass(_Inout_ credentials_pass &&other) : eap::credentials_pass::credentials_pass(_Inout_ credentials_pass &&other) :
m_identity(std::move(other.m_identity)),
m_password(std::move(other.m_password)), m_password(std::move(other.m_password)),
credentials(std::move(other)) credentials(std::move(other))
{ {
@@ -125,7 +176,6 @@ eap::credentials_pass& eap::credentials_pass::operator=(_In_ const credentials_p
{ {
if (this != &other) { if (this != &other) {
(credentials&)*this = other; (credentials&)*this = other;
m_identity = other.m_identity;
m_password = other.m_password; m_password = other.m_password;
} }
@@ -137,7 +187,6 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass
{ {
if (this != &other) { if (this != &other) {
(credentials&)*this = std::move(other); (credentials&)*this = std::move(other);
m_identity = std::move(other.m_identity);
m_password = std::move(other.m_password); m_password = std::move(other.m_password);
} }
@@ -148,14 +197,13 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass
void eap::credentials_pass::clear() void eap::credentials_pass::clear()
{ {
credentials::clear(); credentials::clear();
m_identity.clear();
m_password.clear(); m_password.clear();
} }
bool eap::credentials_pass::empty() const bool eap::credentials_pass::empty() const
{ {
return credentials::empty() && m_identity.empty() && m_password.empty(); return credentials::empty() && m_password.empty();
} }
@@ -169,10 +217,6 @@ void eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata"); const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
HRESULT hr; HRESULT hr;
// <UserName>
if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <UserName> element.");
// <Password> // <Password>
bstr pass(m_password); bstr pass(m_password);
hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass); hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass);
@@ -191,11 +235,6 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
std::wstring xpath(eapxml::get_xpath(pConfigRoot)); std::wstring xpath(eapxml::get_xpath(pConfigRoot));
if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)))
throw com_runtime_error(hr, __FUNCTION__ " Error reading <UserName> element.");
m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
bstr pass; bstr pass;
if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass))) if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)))
throw com_runtime_error(hr, __FUNCTION__ " Error reading <Password> element."); throw com_runtime_error(hr, __FUNCTION__ " Error reading <Password> element.");
@@ -215,7 +254,6 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
void eap::credentials_pass::operator<<(_Inout_ cursor_out &cursor) const void eap::credentials_pass::operator<<(_Inout_ cursor_out &cursor) const
{ {
credentials::operator<<(cursor); credentials::operator<<(cursor);
cursor << m_identity;
cursor << m_password; cursor << m_password;
} }
@@ -224,7 +262,6 @@ size_t eap::credentials_pass::get_pk_size() const
{ {
return return
credentials::get_pk_size() + credentials::get_pk_size() +
pksizeof(m_identity) +
pksizeof(m_password); pksizeof(m_password);
} }
@@ -232,7 +269,6 @@ size_t eap::credentials_pass::get_pk_size() const
void eap::credentials_pass::operator>>(_Inout_ cursor_in &cursor) void eap::credentials_pass::operator>>(_Inout_ cursor_in &cursor)
{ {
credentials::operator>>(cursor); credentials::operator>>(cursor);
cursor >> m_identity;
cursor >> m_password; cursor >> m_password;
} }
@@ -302,7 +338,7 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName)
m_identity.clear(); m_identity.clear();
wstring xpath(pszTargetName); wstring xpath(pszTargetName);
m_module.log_config((xpath + L"/Username").c_str(), m_identity.c_str()); m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
m_module.log_config((xpath + L"/Password").c_str(), m_module.log_config((xpath + L"/Password").c_str(),
#ifdef _DEBUG #ifdef _DEBUG
m_password.c_str() m_password.c_str()
@@ -313,12 +349,6 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName)
} }
std::wstring eap::credentials_pass::get_identity() const
{
return m_identity;
}
const unsigned char eap::credentials_pass::s_entropy[1024] = { const unsigned char eap::credentials_pass::s_entropy[1024] = {
0x40, 0x88, 0xd3, 0x13, 0x81, 0x8a, 0xf6, 0x74, 0x55, 0x8e, 0xcc, 0x73, 0x2c, 0xf8, 0x93, 0x37, 0x40, 0x88, 0xd3, 0x13, 0x81, 0x8a, 0xf6, 0x74, 0x55, 0x8e, 0xcc, 0x73, 0x2c, 0xf8, 0x93, 0x37,
0x4f, 0xeb, 0x1d, 0x66, 0xb7, 0xfb, 0x47, 0x75, 0xb4, 0xfd, 0x07, 0xbb, 0xf6, 0xb3, 0x05, 0x30, 0x4f, 0xeb, 0x1d, 0x66, 0xb7, 0xfb, 0x47, 0x75, 0xb4, 0xfd, 0x07, 0xbb, 0xf6, 0xb3, 0x05, 0x30,

22
lib/EAPBase/src/Method.cpp
View File

@@ -28,7 +28,7 @@ using namespace winstd;
// eap::method // eap::method
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::method::method(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials &cred) : eap::method::method(_In_ module &module, _In_ config_connection &cfg, _In_ credentials &cred) :
m_module(module), m_module(module),
m_cfg(cfg), m_cfg(cfg),
m_cred(cred) m_cred(cred)
@@ -36,14 +36,6 @@ eap::method::method(_In_ module &module, _In_ config_provider_list &cfg, _In_ cr
} }
eap::method::method(_In_ const method &other) :
m_module(other.m_module),
m_cfg(other.m_cfg),
m_cred(other.m_cred)
{
}
eap::method::method(_Inout_ method &&other) : eap::method::method(_Inout_ method &&other) :
m_module(other.m_module), m_module(other.m_module),
m_cfg(other.m_cfg), m_cfg(other.m_cfg),
@@ -52,18 +44,6 @@ eap::method::method(_Inout_ method &&other) :
} }
eap::method& eap::method::operator=(_In_ const method &other)
{
if (this != std::addressof(other)) {
assert(std::addressof(m_module) == std::addressof(other.m_module)); // Copy method within same module only!
assert(std::addressof(m_cfg ) == std::addressof(other.m_cfg )); // Copy method with same configuration only!
assert(std::addressof(m_cred ) == std::addressof(other.m_cred )); // Copy method with same credentials only!
}
return *this;
}
eap::method& eap::method::operator=(_Inout_ method &&other) eap::method& eap::method::operator=(_Inout_ method &&other)
{ {
if (this != std::addressof(other)) { if (this != std::addressof(other)) {

22
lib/EAPBase/src/Module.cpp
View File

@@ -91,20 +91,26 @@ EAP_ERROR* eap::module::make_error(_In_ std::exception &err) const
MultiByteToWideChar(CP_ACP, 0, err.what(), -1, what); MultiByteToWideChar(CP_ACP, 0, err.what(), -1, what);
{ {
win_runtime_error &e(dynamic_cast<win_runtime_error&>(err)); win_runtime_error *e = dynamic_cast<win_runtime_error*>(&err);
if (&e) if (e)
return make_error(e.number(), what.c_str()); return make_error(e->number(), what.c_str());
} }
{ {
com_runtime_error &e(dynamic_cast<com_runtime_error&>(err)); com_runtime_error *e = dynamic_cast<com_runtime_error*>(&err);
if (&e) if (e)
return make_error(HRESULT_CODE(e.number()), what.c_str()); return make_error(HRESULT_CODE(e->number()), what.c_str());
} }
{ {
invalid_argument &e(dynamic_cast<invalid_argument&>(err)); sec_runtime_error *e = dynamic_cast<sec_runtime_error*>(&err);
if (&e) if (e)
return make_error(SCODE_CODE(e->number()), what.c_str());
}
{
invalid_argument *e = dynamic_cast<invalid_argument*>(&err);
if (e)
return make_error(ERROR_INVALID_PARAMETER, what.c_str()); return make_error(ERROR_INVALID_PARAMETER, what.c_str());
} }

1
lib/EAPBase/src/StdAfx.h
View File

@@ -30,5 +30,6 @@
#include <WinStd/Cred.h> #include <WinStd/Cred.h>
#include <WinStd/ETW.h> #include <WinStd/ETW.h>
#include <WinStd/Sec.h>
#include <EventsETW.h> #include <EventsETW.h>

271
lib/EAPBase_UI/include/EAP_UI.h
View File

@@ -20,6 +20,7 @@
#include <wx/hyperlink.h> #include <wx/hyperlink.h>
#include <wx/icon.h> #include <wx/icon.h>
#include <wx/scrolwin.h>
#include <wx/statbmp.h> #include <wx/statbmp.h>
#include <Windows.h> #include <Windows.h>
@@ -34,18 +35,21 @@ class wxEAPBannerPanel;
/// ///
template <class _wxT> class wxEAPConfigDialog; template <class _wxT> class wxEAPConfigDialog;
///
/// EAP general-use dialog
///
class wxEAPGeneralDialog;
/// ///
/// EAP top-most credential dialog /// EAP top-most credential dialog
/// ///
class wxEAPCredentialsDialog; class wxEAPCredentialsDialog;
/// ///
/// EAP general note /// EAP general note
/// ///
class wxEAPNotePanel; class wxEAPNotePanel;
/// ///
/// EAP provider-locked congifuration note /// EAP provider-locked congifuration note
/// ///
@@ -56,6 +60,21 @@ class wxEAPProviderLockedPanel;
/// ///
class wxEAPCredentialWarningPanel; class wxEAPCredentialWarningPanel;
///
/// EAP Configuration window
///
class wxEAPConfigWindow;
///
/// EAP provider identity config panel
///
class wxEAPProviderIdentityPanel;
///
/// EAP provider configuration dialog
///
class wxEAPConfigProvider;
/// ///
/// Base template for credential configuration panel /// Base template for credential configuration panel
/// ///
@@ -76,6 +95,19 @@ template <class _Tcred, class _Tbase> class wxPasswordCredentialsPanel;
/// ///
inline bool wxSetIconFromResource(wxStaticBitmap *bmp, wxIcon &icon, HINSTANCE hinst, PCWSTR pszName); inline bool wxSetIconFromResource(wxStaticBitmap *bmp, wxIcon &icon, HINSTANCE hinst, PCWSTR pszName);
///
/// Returns GUI displayable provider name
///
inline wxString wxEAPGetProviderName(const std::wstring &id);
namespace eap
{
///
/// Base class to prevent multiple instances of the same dialog
///
class monitor_ui;
}
#pragma once #pragma once
#include <wx/msw/winundef.h> // Fixes `CreateDialog` name collision #include <wx/msw/winundef.h> // Fixes `CreateDialog` name collision
@@ -118,20 +150,20 @@ public:
/// ///
/// Constructs a configuration dialog /// Constructs a configuration dialog
/// ///
/// \param[inout] cfg Providers configuration data /// \param[inout] cfg Connection configuration
/// \param[in] parent Parent window /// \param[in] parent Parent window
/// ///
wxEAPConfigDialog(eap::config_provider_list &cfg, wxWindow* parent) : wxEAPConfigDialog(eap::config_connection &cfg, wxWindow* parent) :
m_cfg(cfg), m_cfg(cfg),
wxEAPConfigDialogBase(parent) wxEAPConfigDialogBase(parent)
{ {
// Set extra style here, as wxFormBuilder overrides all default flags. // Set extra style here, as wxFormBuilder overrides all default flags.
this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY); this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY);
for (std::list<eap::config_provider>::iterator provider = m_cfg.m_providers.begin(), provider_end = m_cfg.m_providers.end(); provider != provider_end; ++provider) { for (std::vector<eap::config_provider>::iterator provider = m_cfg.m_providers.begin(), provider_end = m_cfg.m_providers.end(); provider != provider_end; ++provider) {
bool is_single = provider->m_methods.size() == 1; bool is_single = provider->m_methods.size() == 1;
std::list<std::unique_ptr<eap::config_method> >::size_type count = 0; std::vector<std::unique_ptr<eap::config_method> >::size_type count = 0;
std::list<std::unique_ptr<eap::config_method> >::iterator method = provider->m_methods.begin(), method_end = provider->m_methods.end(); std::vector<std::unique_ptr<eap::config_method> >::iterator method = provider->m_methods.begin(), method_end = provider->m_methods.end();
for (; method != method_end; ++method, count++) for (; method != method_end; ++method, count++)
m_providers->AddPage( m_providers->AddPage(
new _wxT( new _wxT(
@@ -139,7 +171,9 @@ public:
*method->get(), *method->get(),
provider->m_id.c_str(), provider->m_id.c_str(),
m_providers), m_providers),
is_single ? provider->m_id : winstd::tstring_printf(_T("%s (%u)"), provider->m_id.c_str(), count)); is_single ?
wxEAPGetProviderName(provider->m_id) :
winstd::tstring_printf(_T("%s (%u)"), wxEAPGetProviderName(provider->m_id), count));
} }
this->Layout(); this->Layout();
@@ -151,6 +185,7 @@ public:
protected: protected:
/// \cond internal /// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event) virtual void OnInitDialog(wxInitDialogEvent& event)
{ {
// Forward the event to child panels. // Forward the event to child panels.
@@ -160,26 +195,47 @@ protected:
prov->GetEventHandler()->ProcessEvent(event); prov->GetEventHandler()->ProcessEvent(event);
} }
} }
virtual void OnUpdateUI(wxUpdateUIEvent& event)
{
UNREFERENCED_PARAMETER(event);
m_advanced->Enable(!m_cfg.m_providers.at(m_providers->GetSelection()).m_read_only);
}
virtual void OnAdvanced(wxCommandEvent& event)
{
UNREFERENCED_PARAMETER(event);
wxEAPConfigProvider dlg(m_cfg.m_providers.at(m_providers->GetSelection()), this);
dlg.ShowModal();
}
/// \endcond /// \endcond
protected: protected:
eap::config_provider_list &m_cfg; ///< EAP providers configuration eap::config_connection &m_cfg; ///< Connection configuration
}; };
class wxEAPCredentialsDialog : public wxEAPCredentialsDialogBase class wxEAPGeneralDialog : public wxEAPGeneralDialogBase
{ {
public: public:
/// ///
/// Constructs a credential dialog /// Constructs a dialog
/// ///
wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent); wxEAPGeneralDialog(wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = wxEmptyString, const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
/// ///
/// Adds panels to the dialog /// Adds panels to the dialog
/// ///
void AddContents(wxPanel **contents, size_t content_count); void AddContent(wxPanel **contents, size_t content_count);
///
/// Adds single panel to the dialog
///
void AddContent(wxPanel *content);
protected: protected:
/// \cond internal /// \cond internal
@@ -188,6 +244,16 @@ protected:
}; };
class wxEAPCredentialsDialog : public wxEAPGeneralDialog
{
public:
///
/// Constructs a credential dialog
///
wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = _("EAP Credentials"), const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
};
class wxEAPNotePanel : public wxEAPNotePanelBase class wxEAPNotePanel : public wxEAPNotePanelBase
{ {
public: public:
@@ -265,6 +331,103 @@ protected:
}; };
class wxEAPConfigWindow : public wxScrolledWindow
{
public:
///
/// Constructs a configuration window
///
/// \param[in] prov Provider configuration data
/// \param[inout] cfg Configuration data
/// \param[in] parent Parent window
///
wxEAPConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, wxWindow* parent);
///
/// Destructs the configuration window
///
virtual ~wxEAPConfigWindow();
protected:
/// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event);
virtual void OnUpdateUI(wxUpdateUIEvent& event);
/// \endcond
protected:
const eap::config_provider &m_prov; ///< EAP provider
eap::config_method &m_cfg; ///< Method configuration
};
class wxEAPProviderIdentityPanel : public wxEAPProviderIdentityPanelBase
{
public:
///
/// Constructs a provider identity pannel
///
/// \param[inout] prov Provider configuration data
/// \param[in] parent Parent window
///
wxEAPProviderIdentityPanel(eap::config_provider &prov, wxWindow* parent);
friend class wxEAPConfigProvider; // Allows direct setting of keyboard focus
protected:
/// \cond internal
virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow();
/// \endcond
protected:
eap::config_provider &m_prov; ///< EAP method configuration
winstd::library m_shell32; ///< shell32.dll resource library reference
wxIcon m_icon; ///< Panel icon
};
class wxEAPProviderLockPanel : public wxEAPProviderLockPanelBase
{
public:
///
/// Constructs a provider lock pannel
///
/// \param[inout] prov Provider configuration data
/// \param[in] parent Parent window
///
wxEAPProviderLockPanel(eap::config_provider &prov, wxWindow* parent);
protected:
/// \cond internal
virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow();
/// \endcond
protected:
eap::config_provider &m_prov; ///< EAP method configuration
winstd::library m_shell32; ///< shell32.dll resource library reference
wxIcon m_icon; ///< Panel icon
};
class wxEAPConfigProvider : public wxEAPGeneralDialog
{
public:
///
/// Constructs a provider config dialog
///
/// \param[inout] prov Provider configuration data
/// \param[in] parent Parent window
///
wxEAPConfigProvider(eap::config_provider &prov, wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = _("Provider Settings"), const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
protected:
eap::config_provider &m_prov; ///< EAP method configuration
wxEAPProviderIdentityPanel *m_identity; ///< Provider identity panel
wxEAPProviderLockPanel *m_lock; ///< Provider lock panel
};
template <class _Tcred, class _wxT> template <class _Tcred, class _wxT>
class wxEAPCredentialsConfigPanel : public wxEAPCredentialsConfigPanelBase class wxEAPCredentialsConfigPanel : public wxEAPCredentialsConfigPanelBase
{ {
@@ -289,6 +452,14 @@ public:
wxSetIconFromResource(m_credentials_icon, m_icon, m_shell32, MAKEINTRESOURCE(/*16770*/269)); wxSetIconFromResource(m_credentials_icon, m_icon, m_shell32, MAKEINTRESOURCE(/*16770*/269));
} }
///
/// Sets keyboard focus to the first control that do not capture mouse wheel
///
inline void SetFocusFromKbd()
{
m_own->SetFocusFromKbd();
}
protected: protected:
/// \cond internal /// \cond internal
@@ -402,7 +573,7 @@ protected:
// Display credential prompt. // Display credential prompt.
wxEAPCredentialsDialog dlg(m_prov, this); wxEAPCredentialsDialog dlg(m_prov, this);
_wxT *panel = new _wxT(m_prov, m_cfg, cred, m_target.c_str(), &dlg, true); _wxT *panel = new _wxT(m_prov, m_cfg, cred, m_target.c_str(), &dlg, true);
dlg.AddContents((wxPanel**)&panel, 1); dlg.AddContent(panel);
if (dlg.ShowModal() == wxID_OK && panel->GetRememberValue()) { if (dlg.ShowModal() == wxID_OK && panel->GetRememberValue()) {
// Write credentials to credential manager. // Write credentials to credential manager.
try { try {
@@ -433,7 +604,7 @@ protected:
_wxT *panel = new _wxT(m_prov, m_cfg, m_cred, _T(""), &dlg, true); _wxT *panel = new _wxT(m_prov, m_cfg, m_cred, _T(""), &dlg, true);
dlg.AddContents((wxPanel**)&panel, 1); dlg.AddContent(panel);
dlg.ShowModal(); dlg.ShowModal();
} }
@@ -486,6 +657,11 @@ public:
this->Disconnect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(_Tthis::OnUpdateUI)); this->Disconnect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(_Tthis::OnUpdateUI));
} }
inline void SetRememberValue(bool val)
{
return m_remember->SetValue(val);
}
inline bool GetRememberValue() const inline bool GetRememberValue() const
{ {
return m_remember->GetValue(); return m_remember->GetValue();
@@ -576,12 +752,12 @@ protected:
m_identity->SetSelection(0, -1); m_identity->SetSelection(0, -1);
m_password->SetValue(m_cred.m_password.empty() ? wxEmptyString : s_dummy_password); m_password->SetValue(m_cred.m_password.empty() ? wxEmptyString : s_dummy_password);
return wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPanelPassBase>::TransferDataToWindow(); return wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPassPanelBase>::TransferDataToWindow();
} }
virtual bool TransferDataFromWindow() virtual bool TransferDataFromWindow()
{ {
if (!wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPanelPassBase>::TransferDataFromWindow()) if (!wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPassPanelBase>::TransferDataFromWindow())
return false; return false;
m_cred.m_identity = m_identity->GetValue(); m_cred.m_identity = m_identity->GetValue();
@@ -604,7 +780,7 @@ protected:
m_password ->Enable(false); m_password ->Enable(false);
} }
wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPanelPassBase>::OnUpdateUI(event); wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPassPanelBase>::OnUpdateUI(event);
} }
/// \endcond /// \endcond
@@ -633,3 +809,62 @@ inline bool wxSetIconFromResource(wxStaticBitmap *bmp, wxIcon &icon, HINSTANCE h
} else } else
return false; return false;
} }
inline wxString wxEAPGetProviderName(const std::wstring &id)
{
return
!id.empty() ? id : _("<Your Organization>");
}
namespace eap
{
class monitor_ui
{
public:
monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid);
virtual ~monitor_ui();
void set_popup(_In_ HWND hwnd);
void release_slaves(_In_bytecount_(size) const void *data, _In_ size_t size) const;
inline bool is_master() const
{
return m_is_master;
}
inline bool is_slave() const
{
return !is_master();
}
inline const std::vector<unsigned char>& master_data() const
{
return m_data;
}
protected:
virtual LRESULT winproc(
_In_ UINT msg,
_In_ WPARAM wparam,
_In_ LPARAM lparam);
static LRESULT CALLBACK winproc(
_In_ HWND hwnd,
_In_ UINT msg,
_In_ WPARAM wparam,
_In_ LPARAM lparam);
protected:
bool m_is_master; ///< Is this monitor master?
HWND m_hwnd; ///< Message window handle
std::list<HWND> m_slaves; ///< List of slaves to notify on finish
HWND m_hwnd_popup; ///< Pop-up window handle
std::vector<unsigned char> m_data; ///< Data master sent
// Custom window messages
static const UINT s_msg_attach; ///< Slave sends this message to attach to master
static const UINT s_msg_finish; ///< Master sends this message to slaves to notify them it has finished (wparam has size, lparam has data)
};
}

207
lib/EAPBase_UI/res/wxEAP_UI.cpp
View File

@@ -28,6 +28,20 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
sb_content->Add( m_providers, 1, wxEXPAND|wxALL, 10 ); sb_content->Add( m_providers, 1, wxEXPAND|wxALL, 10 );
wxBoxSizer* sb_bottom_horiz;
sb_bottom_horiz = new wxBoxSizer( wxHORIZONTAL );
wxBoxSizer* sb_bottom_horiz_inner;
sb_bottom_horiz_inner = new wxBoxSizer( wxHORIZONTAL );
m_advanced = new wxButton( this, wxID_ANY, _("Advanced..."), wxDefaultPosition, wxDefaultSize, 0 );
m_advanced->SetToolTip( _("Opens dialog with provider settings") );
sb_bottom_horiz_inner->Add( m_advanced, 0, wxALL, 5 );
sb_bottom_horiz->Add( sb_bottom_horiz_inner, 1, wxEXPAND, 5 );
m_buttons = new wxStdDialogButtonSizer(); m_buttons = new wxStdDialogButtonSizer();
m_buttonsOK = new wxButton( this, wxID_OK ); m_buttonsOK = new wxButton( this, wxID_OK );
m_buttons->AddButton( m_buttonsOK ); m_buttons->AddButton( m_buttonsOK );
@@ -35,7 +49,10 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
m_buttons->AddButton( m_buttonsCancel ); m_buttons->AddButton( m_buttonsCancel );
m_buttons->Realize(); m_buttons->Realize();
sb_content->Add( m_buttons, 0, wxEXPAND|wxALL, 5 ); sb_bottom_horiz->Add( m_buttons, 0, wxEXPAND|wxALL, 5 );
sb_content->Add( sb_bottom_horiz, 0, wxEXPAND, 5 );
this->SetSizer( sb_content ); this->SetSizer( sb_content );
@@ -44,16 +61,20 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
// Connect Events // Connect Events
this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPConfigDialogBase::OnInitDialog ) ); this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPConfigDialogBase::OnInitDialog ) );
this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPConfigDialogBase::OnUpdateUI ) );
m_advanced->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnAdvanced ), NULL, this );
} }
wxEAPConfigDialogBase::~wxEAPConfigDialogBase() wxEAPConfigDialogBase::~wxEAPConfigDialogBase()
{ {
// Disconnect Events // Disconnect Events
this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPConfigDialogBase::OnInitDialog ) ); this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPConfigDialogBase::OnInitDialog ) );
this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPConfigDialogBase::OnUpdateUI ) );
m_advanced->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnAdvanced ), NULL, this );
} }
wxEAPCredentialsDialogBase::wxEAPCredentialsDialogBase( wxWindow* parent, wxWindowID id, const wxString& title, const wxPoint& pos, const wxSize& size, long style ) : wxDialog( parent, id, title, pos, size, style ) wxEAPGeneralDialogBase::wxEAPGeneralDialogBase( wxWindow* parent, wxWindowID id, const wxString& title, const wxPoint& pos, const wxSize& size, long style ) : wxDialog( parent, id, title, pos, size, style )
{ {
this->SetSizeHints( wxDefaultSize, wxDefaultSize ); this->SetSizeHints( wxDefaultSize, wxDefaultSize );
@@ -84,13 +105,13 @@ wxEAPCredentialsDialogBase::wxEAPCredentialsDialogBase( wxWindow* parent, wxWind
sb_content->Fit( this ); sb_content->Fit( this );
// Connect Events // Connect Events
this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPCredentialsDialogBase::OnInitDialog ) ); this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPGeneralDialogBase::OnInitDialog ) );
} }
wxEAPCredentialsDialogBase::~wxEAPCredentialsDialogBase() wxEAPGeneralDialogBase::~wxEAPGeneralDialogBase()
{ {
// Disconnect Events // Disconnect Events
this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPCredentialsDialogBase::OnInitDialog ) ); this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPGeneralDialogBase::OnInitDialog ) );
} }
@@ -99,20 +120,20 @@ wxEAPBannerPanelBase::wxEAPBannerPanelBase( wxWindow* parent, wxWindowID id, con
this->SetBackgroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_HIGHLIGHT ) ); this->SetBackgroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_HIGHLIGHT ) );
this->SetMinSize( wxSize( -1,48 ) ); this->SetMinSize( wxSize( -1,48 ) );
wxBoxSizer* sc_content; wxBoxSizer* sb_content;
sc_content = new wxBoxSizer( wxVERTICAL ); sb_content = new wxBoxSizer( wxVERTICAL );
m_title = new wxStaticText( this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, wxALIGN_RIGHT ); m_title = new wxStaticText( this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, wxALIGN_RIGHT );
m_title->Wrap( -1 ); m_title->Wrap( -1 );
m_title->SetFont( wxFont( 18, 70, 90, 90, false, wxEmptyString ) ); m_title->SetFont( wxFont( 18, 70, 90, 90, false, wxEmptyString ) );
m_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_HIGHLIGHTTEXT ) ); m_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_HIGHLIGHTTEXT ) );
sc_content->Add( m_title, 0, wxALL|wxEXPAND, 5 ); sb_content->Add( m_title, 0, wxALL|wxEXPAND, 5 );
this->SetSizer( sc_content ); this->SetSizer( sb_content );
this->Layout(); this->Layout();
sc_content->Fit( this ); sb_content->Fit( this );
} }
wxEAPBannerPanelBase::~wxEAPBannerPanelBase() wxEAPBannerPanelBase::~wxEAPBannerPanelBase()
@@ -269,7 +290,7 @@ wxEAPCredentialsConfigPanelBase::~wxEAPCredentialsConfigPanelBase()
} }
wxEAPCredentialsPanelPassBase::wxEAPCredentialsPanelPassBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style ) wxEAPCredentialsPassPanelBase::wxEAPCredentialsPassPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{ {
wxStaticBoxSizer* sb_credentials; wxStaticBoxSizer* sb_credentials;
sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Client Credentials") ), wxVERTICAL ); sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Client Credentials") ), wxVERTICAL );
@@ -330,6 +351,168 @@ wxEAPCredentialsPanelPassBase::wxEAPCredentialsPanelPassBase( wxWindow* parent,
this->Layout(); this->Layout();
} }
wxEAPCredentialsPanelPassBase::~wxEAPCredentialsPanelPassBase() wxEAPCredentialsPassPanelBase::~wxEAPCredentialsPassPanelBase()
{ {
} }
wxEAPProviderIdentityPanelBase::wxEAPProviderIdentityPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{
wxStaticBoxSizer* sb_provider_id;
sb_provider_id = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Your Organization") ), wxVERTICAL );
wxBoxSizer* sb_provider_id_horiz;
sb_provider_id_horiz = new wxBoxSizer( wxHORIZONTAL );
m_provider_id_icon = new wxStaticBitmap( sb_provider_id->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_provider_id_horiz->Add( m_provider_id_icon, 0, wxALL, 5 );
wxBoxSizer* sb_provider_id_vert;
sb_provider_id_vert = new wxBoxSizer( wxVERTICAL );
m_provider_id_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Describe your organization to customize user prompts. When organization is introduced, end-users find program messages easier to understand and act."), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_id_label->Wrap( 446 );
sb_provider_id_vert->Add( m_provider_id_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_provider_name;
sb_provider_name = new wxBoxSizer( wxVERTICAL );
m_provider_name_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Your organization &name:"), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_name_label->Wrap( -1 );
sb_provider_name->Add( m_provider_name_label, 0, wxBOTTOM, 5 );
m_provider_name = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_provider_name->SetToolTip( _("Your organization name as it will appear on helpdesk contact notifications") );
sb_provider_name->Add( m_provider_name, 0, wxEXPAND|wxBOTTOM, 5 );
m_provider_name_note = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("(Keep it short, please)"), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_name_note->Wrap( -1 );
sb_provider_name->Add( m_provider_name_note, 0, wxALIGN_RIGHT, 5 );
sb_provider_id_vert->Add( sb_provider_name, 0, wxEXPAND|wxALL, 5 );
wxBoxSizer* sb_provider_helpdesk;
sb_provider_helpdesk = new wxBoxSizer( wxVERTICAL );
m_provider_helpdesk_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Helpdesk contact &information:"), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_helpdesk_label->Wrap( -1 );
sb_provider_helpdesk->Add( m_provider_helpdesk_label, 0, wxBOTTOM, 5 );
wxFlexGridSizer* sb_provider_helpdesk_inner;
sb_provider_helpdesk_inner = new wxFlexGridSizer( 0, 2, 0, 0 );
sb_provider_helpdesk_inner->AddGrowableCol( 1 );
sb_provider_helpdesk_inner->SetFlexibleDirection( wxBOTH );
sb_provider_helpdesk_inner->SetNonFlexibleGrowMode( wxFLEX_GROWMODE_SPECIFIED );
m_provider_web_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _(""), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_web_icon->Wrap( -1 );
m_provider_web_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
sb_provider_helpdesk_inner->Add( m_provider_web_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
m_provider_web = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_provider_web->SetToolTip( _("Your helpdesk website") );
sb_provider_helpdesk_inner->Add( m_provider_web, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );
m_provider_email_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("*"), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_email_icon->Wrap( -1 );
m_provider_email_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
sb_provider_helpdesk_inner->Add( m_provider_email_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
m_provider_email = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_provider_email->SetToolTip( _("Your helpdesk e-mail address") );
sb_provider_helpdesk_inner->Add( m_provider_email, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );
m_provider_phone_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _(")"), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_phone_icon->Wrap( -1 );
m_provider_phone_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
sb_provider_helpdesk_inner->Add( m_provider_phone_icon, 0, wxALIGN_CENTER_VERTICAL|wxRIGHT, 5 );
m_provider_phone = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_provider_phone->SetToolTip( _("Your helpdesk phone number") );
sb_provider_helpdesk_inner->Add( m_provider_phone, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL, 5 );
sb_provider_helpdesk->Add( sb_provider_helpdesk_inner, 1, wxEXPAND, 5 );
sb_provider_id_vert->Add( sb_provider_helpdesk, 1, wxEXPAND, 5 );
sb_provider_id_horiz->Add( sb_provider_id_vert, 1, wxEXPAND, 5 );
sb_provider_id->Add( sb_provider_id_horiz, 1, wxEXPAND, 5 );
this->SetSizer( sb_provider_id );
this->Layout();
// Connect Events
this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderIdentityPanelBase::OnUpdateUI ) );
}
wxEAPProviderIdentityPanelBase::~wxEAPProviderIdentityPanelBase()
{
// Disconnect Events
this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderIdentityPanelBase::OnUpdateUI ) );
}
wxEAPProviderLockPanelBase::wxEAPProviderLockPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{
wxStaticBoxSizer* sb_provider_lock;
sb_provider_lock = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Configuration Lock") ), wxVERTICAL );
wxBoxSizer* sb_provider_lock_horiz;
sb_provider_lock_horiz = new wxBoxSizer( wxHORIZONTAL );
m_provider_lock_icon = new wxStaticBitmap( sb_provider_lock->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_provider_lock_horiz->Add( m_provider_lock_icon, 0, wxALL, 5 );
wxBoxSizer* sb_provider_lock_vert;
sb_provider_lock_vert = new wxBoxSizer( wxVERTICAL );
m_provider_lock_label = new wxStaticText( sb_provider_lock->GetStaticBox(), wxID_ANY, _("Your configuration can be locked to prevent accidental modification by end-users. Users will only be allowed to enter credentials."), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_lock_label->Wrap( 446 );
sb_provider_lock_vert->Add( m_provider_lock_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_provider_name;
sb_provider_name = new wxBoxSizer( wxVERTICAL );
m_provider_lock = new wxCheckBox( sb_provider_lock->GetStaticBox(), wxID_ANY, _("&Lock this configuration and prevent any further modification via user interface."), wxDefaultPosition, wxDefaultSize, 0 );
sb_provider_name->Add( m_provider_lock, 0, wxEXPAND|wxBOTTOM, 5 );
m_provider_lock_note = new wxStaticText( sb_provider_lock->GetStaticBox(), wxID_ANY, _("(Warning: Once locked, you can not revert using this dialog!)"), wxDefaultPosition, wxDefaultSize, 0 );
m_provider_lock_note->Wrap( -1 );
sb_provider_name->Add( m_provider_lock_note, 0, wxALIGN_RIGHT, 5 );
sb_provider_lock_vert->Add( sb_provider_name, 0, wxEXPAND|wxALL, 5 );
sb_provider_lock_horiz->Add( sb_provider_lock_vert, 1, wxEXPAND, 5 );
sb_provider_lock->Add( sb_provider_lock_horiz, 1, wxEXPAND, 5 );
this->SetSizer( sb_provider_lock );
this->Layout();
// Connect Events
this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderLockPanelBase::OnUpdateUI ) );
}
wxEAPProviderLockPanelBase::~wxEAPProviderLockPanelBase()
{
// Disconnect Events
this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderLockPanelBase::OnUpdateUI ) );
}

1700
lib/EAPBase_UI/res/wxEAP_UI.fbp
View File

File diff suppressed because it is too large Load Diff

77
lib/EAPBase_UI/res/wxEAP_UI.h
View File

@@ -18,8 +18,8 @@ class wxEAPBannerPanel;
#include <wx/settings.h> #include <wx/settings.h>
#include <wx/string.h> #include <wx/string.h>
#include <wx/notebook.h> #include <wx/notebook.h>
#include <wx/sizer.h>
#include <wx/button.h> #include <wx/button.h>
#include <wx/sizer.h>
#include <wx/dialog.h> #include <wx/dialog.h>
#include <wx/stattext.h> #include <wx/stattext.h>
#include <wx/panel.h> #include <wx/panel.h>
@@ -44,12 +44,15 @@ class wxEAPConfigDialogBase : public wxDialog
protected: protected:
wxEAPBannerPanel *m_banner; wxEAPBannerPanel *m_banner;
wxNotebook* m_providers; wxNotebook* m_providers;
wxButton* m_advanced;
wxStdDialogButtonSizer* m_buttons; wxStdDialogButtonSizer* m_buttons;
wxButton* m_buttonsOK; wxButton* m_buttonsOK;
wxButton* m_buttonsCancel; wxButton* m_buttonsCancel;
// Virtual event handlers, overide them in your derived class // Virtual event handlers, overide them in your derived class
virtual void OnInitDialog( wxInitDialogEvent& event ) { event.Skip(); } virtual void OnInitDialog( wxInitDialogEvent& event ) { event.Skip(); }
virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
virtual void OnAdvanced( wxCommandEvent& event ) { event.Skip(); }
public: public:
@@ -60,9 +63,9 @@ class wxEAPConfigDialogBase : public wxDialog
}; };
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
/// Class wxEAPCredentialsDialogBase /// Class wxEAPGeneralDialogBase
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
class wxEAPCredentialsDialogBase : public wxDialog class wxEAPGeneralDialogBase : public wxDialog
{ {
private: private:
@@ -79,8 +82,8 @@ class wxEAPCredentialsDialogBase : public wxDialog
public: public:
wxEAPCredentialsDialogBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxString& title = _("EAP Credentials"), const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE ); wxEAPGeneralDialogBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxString& title = wxEmptyString, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE );
~wxEAPCredentialsDialogBase(); ~wxEAPGeneralDialogBase();
}; };
@@ -153,9 +156,9 @@ class wxEAPCredentialsConfigPanelBase : public wxPanel
}; };
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
/// Class wxEAPCredentialsPanelPassBase /// Class wxEAPCredentialsPassPanelBase
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
class wxEAPCredentialsPanelPassBase : public wxPanel class wxEAPCredentialsPassPanelBase : public wxPanel
{ {
private: private:
@@ -170,8 +173,64 @@ class wxEAPCredentialsPanelPassBase : public wxPanel
public: public:
wxEAPCredentialsPanelPassBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); wxEAPCredentialsPassPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL );
~wxEAPCredentialsPanelPassBase(); ~wxEAPCredentialsPassPanelBase();
};
///////////////////////////////////////////////////////////////////////////////
/// Class wxEAPProviderIdentityPanelBase
///////////////////////////////////////////////////////////////////////////////
class wxEAPProviderIdentityPanelBase : public wxPanel
{
private:
protected:
wxStaticBitmap* m_provider_id_icon;
wxStaticText* m_provider_id_label;
wxStaticText* m_provider_name_label;
wxTextCtrl* m_provider_name;
wxStaticText* m_provider_name_note;
wxStaticText* m_provider_helpdesk_label;
wxStaticText* m_provider_web_icon;
wxTextCtrl* m_provider_web;
wxStaticText* m_provider_email_icon;
wxTextCtrl* m_provider_email;
wxStaticText* m_provider_phone_icon;
wxTextCtrl* m_provider_phone;
// Virtual event handlers, overide them in your derived class
virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
public:
wxEAPProviderIdentityPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL );
~wxEAPProviderIdentityPanelBase();
};
///////////////////////////////////////////////////////////////////////////////
/// Class wxEAPProviderLockPanelBase
///////////////////////////////////////////////////////////////////////////////
class wxEAPProviderLockPanelBase : public wxPanel
{
private:
protected:
wxStaticBitmap* m_provider_lock_icon;
wxStaticText* m_provider_lock_label;
wxCheckBox* m_provider_lock;
wxStaticText* m_provider_lock_note;
// Virtual event handlers, overide them in your derived class
virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
public:
wxEAPProviderLockPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL );
~wxEAPProviderLockPanelBase();
}; };

365
lib/EAPBase_UI/src/EAP_UI.cpp
View File

@@ -38,22 +38,20 @@ bool wxEAPBannerPanel::AcceptsFocusFromKeyboard() const
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// wxEAPCredentialsDialog // wxEAPGeneralDialog
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent) : wxEAPCredentialsDialogBase(parent) wxEAPGeneralDialog::wxEAPGeneralDialog(wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
wxEAPGeneralDialogBase(parent, id, title, pos, size, style)
{ {
// Set extra style here, as wxFormBuilder overrides all default flags. // Set extra style here, as wxFormBuilder overrides all default flags.
this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY); this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY);
// Set banner title.
m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), prov.m_id.c_str()));
m_buttonsOK->SetDefault(); m_buttonsOK->SetDefault();
} }
void wxEAPCredentialsDialog::AddContents(wxPanel **contents, size_t content_count) void wxEAPGeneralDialog::AddContent(wxPanel **contents, size_t content_count)
{ {
if (content_count) { if (content_count) {
for (size_t i = 0; i < content_count; i++) for (size_t i = 0; i < content_count; i++)
@@ -66,13 +64,31 @@ void wxEAPCredentialsDialog::AddContents(wxPanel **contents, size_t content_coun
} }
void wxEAPCredentialsDialog::OnInitDialog(wxInitDialogEvent& event) void wxEAPGeneralDialog::AddContent(wxPanel *content)
{
AddContent(&content, 1);
}
void wxEAPGeneralDialog::OnInitDialog(wxInitDialogEvent& event)
{ {
for (wxSizerItemList::compatibility_iterator panel = m_panels->GetChildren().GetFirst(); panel; panel = panel->GetNext()) for (wxSizerItemList::compatibility_iterator panel = m_panels->GetChildren().GetFirst(); panel; panel = panel->GetNext())
panel->GetData()->GetWindow()->GetEventHandler()->ProcessEvent(event); panel->GetData()->GetWindow()->GetEventHandler()->ProcessEvent(event);
} }
//////////////////////////////////////////////////////////////////////
// wxEAPCredentialsDialog
//////////////////////////////////////////////////////////////////////
wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
wxEAPGeneralDialog(parent, id, title, pos, size, style)
{
// Set banner title.
m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), wxEAPGetProviderName(prov.m_id).c_str()));
}
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// wxEAPNotePanel // wxEAPNotePanel
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
@@ -182,10 +198,343 @@ wxEAPCredentialWarningPanel::wxEAPCredentialWarningPanel(const eap::config_provi
if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE)) if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
wxSetIconFromResource(m_note_icon, m_icon, m_shell32, MAKEINTRESOURCE(161)); wxSetIconFromResource(m_note_icon, m_icon, m_shell32, MAKEINTRESOURCE(161));
m_note_label->SetLabel(_("Previous attempt to connect using provided credentials failed. Please, make sure your credentials are correct, or try again later.")); m_note_label->SetLabel(_("Previous attempt to connect failed. Please, make sure your credentials are correct, or try again later."));
m_note_label->Wrap(449); m_note_label->Wrap(449);
CreateContactFields(prov); CreateContactFields(prov);
this->Layout(); this->Layout();
} }
//////////////////////////////////////////////////////////////////////
// wxEAPConfigWindow
//////////////////////////////////////////////////////////////////////
wxEAPConfigWindow::wxEAPConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, wxWindow* parent) :
m_prov(prov),
m_cfg(cfg),
wxScrolledWindow(parent, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxVSCROLL)
{
this->SetScrollRate(5, 5);
// Connect Events
this->Connect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxEAPConfigWindow::OnInitDialog));
this->Connect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(wxEAPConfigWindow::OnUpdateUI));
}
wxEAPConfigWindow::~wxEAPConfigWindow()
{
// Disconnect Events
this->Disconnect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(wxEAPConfigWindow::OnUpdateUI));
this->Disconnect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxEAPConfigWindow::OnInitDialog));
}
void wxEAPConfigWindow::OnInitDialog(wxInitDialogEvent& event)
{
UNREFERENCED_PARAMETER(event);
// Call TransferDataToWindow() manually, as wxScrolledWindow somehow skips that.
TransferDataToWindow();
}
void wxEAPConfigWindow::OnUpdateUI(wxUpdateUIEvent& event)
{
UNREFERENCED_PARAMETER(event);
if (m_parent && m_parent->IsKindOf(wxCLASSINFO(wxNotebook))) {
// We're a notebook page. Set the ID of our provider as our page label.
wxNotebook *notebook = (wxNotebook*)m_parent;
int idx = notebook->FindPage(this);
if (idx != wxNOT_FOUND)
notebook->SetPageText(idx, wxEAPGetProviderName(m_prov.m_id));
} else
this->SetLabel(wxEAPGetProviderName(m_prov.m_id));
}
//////////////////////////////////////////////////////////////////////
// wxEAPProviderIdentityPanel
//////////////////////////////////////////////////////////////////////
wxEAPProviderIdentityPanel::wxEAPProviderIdentityPanel(eap::config_provider &prov, wxWindow* parent) :
m_prov(prov),
wxEAPProviderIdentityPanelBase(parent)
{
// Load and set icon.
if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
wxSetIconFromResource(m_provider_id_icon, m_icon, m_shell32, MAKEINTRESOURCE(259));
}
bool wxEAPProviderIdentityPanel::TransferDataToWindow()
{
m_provider_name ->SetValue(m_prov.m_id );
m_provider_web ->SetValue(m_prov.m_help_web );
m_provider_email->SetValue(m_prov.m_help_email);
m_provider_phone->SetValue(m_prov.m_help_phone);
return wxEAPProviderIdentityPanelBase::TransferDataToWindow();
}
bool wxEAPProviderIdentityPanel::TransferDataFromWindow()
{
wxCHECK(wxEAPProviderIdentityPanelBase::TransferDataFromWindow(), false);
m_prov.m_id = m_provider_name ->GetValue();
m_prov.m_help_web = m_provider_web ->GetValue();
m_prov.m_help_email = m_provider_email->GetValue();
m_prov.m_help_phone = m_provider_phone->GetValue();
return true;
}
//////////////////////////////////////////////////////////////////////
// wxEAPProviderLockPanel
//////////////////////////////////////////////////////////////////////
wxEAPProviderLockPanel::wxEAPProviderLockPanel(eap::config_provider &prov, wxWindow* parent) :
m_prov(prov),
wxEAPProviderLockPanelBase(parent)
{
// Load and set icon.
if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
wxSetIconFromResource(m_provider_lock_icon, m_icon, m_shell32, MAKEINTRESOURCE(1003));
}
bool wxEAPProviderLockPanel::TransferDataToWindow()
{
m_provider_lock->SetValue(m_prov.m_read_only);
return wxEAPProviderLockPanelBase::TransferDataToWindow();
}
bool wxEAPProviderLockPanel::TransferDataFromWindow()
{
wxCHECK(wxEAPProviderLockPanelBase::TransferDataFromWindow(), false);
m_prov.m_read_only = m_provider_lock->GetValue();
return true;
}
//////////////////////////////////////////////////////////////////////
// wxEAPConfigProvider
//////////////////////////////////////////////////////////////////////
wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
m_prov(prov),
wxEAPGeneralDialog(parent, id, title, pos, size, style)
{
// Set banner title.
m_banner->m_title->SetLabel(title);
m_identity = new wxEAPProviderIdentityPanel(prov, this);
AddContent(m_identity);
m_lock = new wxEAPProviderLockPanel(prov, this);
AddContent(m_lock);
m_identity->m_provider_name->SetFocusFromKbd();
}
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::monitor_ui
//////////////////////////////////////////////////////////////////////
eap::monitor_ui::monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid) :
m_hwnd_popup(NULL)
{
// Verify if the monitor is already running.
const WNDCLASSEX wnd_class_desc = {
sizeof(WNDCLASSEX), // cbSize
0, // style
winproc, // lpfnWndProc
0, // cbClsExtra
0, // cbWndExtra
module, // hInstance
NULL, // hIcon
NULL, // hCursor
NULL, // hbrBackground
NULL, // lpszMenuName
_T(__FUNCTION__), // lpszClassName
NULL // hIconSm
};
ATOM wnd_class = RegisterClassEx(&wnd_class_desc);
if (!wnd_class)
throw win_runtime_error(__FUNCTION__ " Error registering master monitor window class.");
tstring_guid guid_str(guid);
HWND hwnd_master = FindWindowEx(HWND_MESSAGE, NULL, (LPCTSTR)wnd_class, guid_str.c_str());
if (hwnd_master) {
// Another monitor is already running.
m_is_master = false;
// Register slave windows class slightly different, not to include slaves in FindWindowEx().
const WNDCLASSEX wnd_class_desc = {
sizeof(WNDCLASSEX), // cbSize
0, // style
winproc, // lpfnWndProc
0, // cbClsExtra
0, // cbWndExtra
module, // hInstance
NULL, // hIcon
NULL, // hCursor
NULL, // hbrBackground
NULL, // lpszMenuName
_T(__FUNCTION__) _T("-Slave"), // lpszClassName
NULL // hIconSm
};
wnd_class = RegisterClassEx(&wnd_class_desc);
if (!wnd_class)
throw win_runtime_error(__FUNCTION__ " Error registering slave monitor window class.");
} else {
// This is a fresh monitor.
m_is_master = true;
}
m_hwnd = CreateWindowEx(
0, // dwExStyle
(LPCTSTR)wnd_class, // lpClassName
guid_str.c_str(), // lpWindowName
0, // dwStyle
0, // x
0, // y
0, // nWidth
0, // nHeight
HWND_MESSAGE, // hWndParent
NULL, // hMenu
module, // hInstance
this); // lpParam
if (!m_is_master) {
// Notify master we are waiting him.
SendMessage(hwnd_master, s_msg_attach, 0, (LPARAM)m_hwnd);
// Slaves must pump message queue until finished.
MSG msg;
while (GetMessage(&msg, NULL, 0, 0) > 0) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
}
eap::monitor_ui::~monitor_ui()
{
if (m_hwnd)
DestroyWindow(m_hwnd);
}
void eap::monitor_ui::set_popup(_In_ HWND hwnd)
{
m_hwnd_popup = hwnd;
}
void eap::monitor_ui::release_slaves(_In_bytecount_(size) const void *data, _In_ size_t size) const
{
assert(!size || data);
for (list<HWND>::const_iterator slave = m_slaves.begin(), slave_end = m_slaves.end(); slave != slave_end; ++slave) {
// Get slave's PID.
DWORD pid_slave;
GetWindowThreadProcessId(*slave, &pid_slave);
// Get slave's process handle.
process proc_slave;
if (!proc_slave.open(PROCESS_VM_OPERATION | PROCESS_VM_WRITE, 0, pid_slave))
continue;
// Allocate memory in slave's virtual memory space and save data to it.
vmemory mem_slave;
if (!mem_slave.alloc(proc_slave, NULL, size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE))
continue;
if (!WriteProcessMemory(proc_slave, mem_slave, data, size, NULL))
continue;
// Notify slave. Use SendMessage(), not PostMessage(), as memory will get cleaned up.
SendMessage(*slave, s_msg_finish, (WPARAM)size, (LPARAM)(LPVOID)mem_slave);
}
}
LRESULT eap::monitor_ui::winproc(
_In_ UINT msg,
_In_ WPARAM wparam,
_In_ LPARAM lparam)
{
UNREFERENCED_PARAMETER(wparam);
if (msg == s_msg_attach) {
// Attach a new slave.
assert(m_is_master);
m_slaves.push_back((HWND)lparam);
if (m_hwnd_popup) {
// Bring pop-up window up.
if (::IsIconic(m_hwnd_popup))
::SendMessage(m_hwnd_popup, WM_SYSCOMMAND, SC_RESTORE, 0);
::SetActiveWindow(m_hwnd_popup);
::SetForegroundWindow(m_hwnd_popup);
}
return TRUE;
} else if (msg == s_msg_finish) {
// Master finished.
assert(!m_is_master);
m_data.assign((const unsigned char*)lparam, (const unsigned char*)lparam + wparam);
// Finish slave too.
DestroyWindow(m_hwnd);
return TRUE;
} else if (msg == WM_DESTROY) {
// Stop the message pump.
PostQuitMessage(0);
return 0;
}
return DefWindowProc(m_hwnd, msg, wparam, lparam);
}
LRESULT CALLBACK eap::monitor_ui::winproc(
_In_ HWND hwnd,
_In_ UINT msg,
_In_ WPARAM wparam,
_In_ LPARAM lparam)
{
if (msg == WM_CREATE) {
// Set window's user data to "this" pointer.
const CREATESTRUCT *cs = (CREATESTRUCT*)lparam;
SetWindowLongPtr(hwnd, GWLP_USERDATA, (LONG_PTR)cs->lpCreateParams);
// Forward to our handler.
return ((eap::monitor_ui*)cs->lpCreateParams)->winproc(msg, wparam, lparam);
} else {
// Get "this" pointer from window's user data.
eap::monitor_ui *_this = (eap::monitor_ui*)GetWindowLongPtr(hwnd, GWLP_USERDATA);
if (_this) {
// Forward to our handler.
return _this->winproc(msg, wparam, lparam);
} else
return DefWindowProc(hwnd, msg, wparam, lparam);
}
}
const UINT eap::monitor_ui::s_msg_attach = RegisterWindowMessage(_T(PRODUCT_NAME_STR) _T("-Attach"));
const UINT eap::monitor_ui::s_msg_finish = RegisterWindowMessage(_T(PRODUCT_NAME_STR) _T("-Finish"));

BIN
lib/Events/res/EventsETW.man
View File

Binary file not shown.

2
lib/PAP/include/Credentials.h
View File

@@ -113,7 +113,7 @@ namespace eap
/// - \c true if credentials were set; /// - \c true if credentials were set;
/// - \c false otherwise /// - \c false otherwise
/// ///
bool combine( source_t combine(
_In_ const credentials_pap *cred_cached, _In_ const credentials_pap *cred_cached,
_In_ const config_method_pap &cfg, _In_ const config_method_pap &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);

10
lib/PAP/src/Credentials.cpp
View File

@@ -75,7 +75,7 @@ LPCTSTR eap::credentials_pap::target_suffix() const
} }
bool eap::credentials_pap::combine( eap::credentials::source_t eap::credentials_pap::combine(
_In_ const credentials_pap *cred_cached, _In_ const credentials_pap *cred_cached,
_In_ const config_method_pap &cfg, _In_ const config_method_pap &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
@@ -84,14 +84,14 @@ bool eap::credentials_pap::combine(
// Using EAP service cached credentials. // Using EAP service cached credentials.
*this = *cred_cached; *this = *cred_cached;
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
return true; return source_cache;
} }
if (cfg.m_use_preshared) { if (cfg.m_use_preshared) {
// Using preshared credentials. // Using preshared credentials.
*this = *(credentials_pap*)cfg.m_preshared.get(); *this = *(credentials_pap*)cfg.m_preshared.get();
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
return true; return source_preshared;
} }
if (pszTargetName) { if (pszTargetName) {
@@ -102,11 +102,11 @@ bool eap::credentials_pap::combine(
// Using stored credentials. // Using stored credentials.
*this = std::move(cred_loaded); *this = std::move(cred_loaded);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
return true; return source_storage;
} catch (...) { } catch (...) {
// Not actually an error. // Not actually an error.
} }
} }
return false; return source_unknown;
} }

4
lib/PAP_UI/include/PAP_UI.h
View File

@@ -25,7 +25,7 @@
/// ///
/// PAP credential configuration panel /// PAP credential configuration panel
/// ///
typedef wxEAPCredentialsConfigPanel<eap::credentials_pap, wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPanelPassBase> > wxPAPCredentialsConfigPanel; typedef wxEAPCredentialsConfigPanel<eap::credentials_pap, wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPassPanelBase> > wxPAPCredentialsConfigPanel;
/// ///
/// PAP configuration panel /// PAP configuration panel
@@ -35,7 +35,7 @@ class wxPAPConfigPanel;
/// ///
/// PAP credential entry panel /// PAP credential entry panel
/// ///
typedef wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPanelPassBase> wxPAPCredentialsPanel; typedef wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPassPanelBase> wxPAPCredentialsPanel;
#pragma once #pragma once

8
lib/TLS/include/Config.h
View File

@@ -25,6 +25,10 @@
#include <sal.h> #include <sal.h>
#define EAP_TLS_OWN 0 ///< We do the TLS ourself
#define EAP_TLS_SCHANNEL 1 ///< TLS is done by Schannel, but server certificate check is done ourself
#define EAP_TLS_SCHANNEL_FULL 2 ///< TLS is fully done by Schannel
namespace eap namespace eap
{ {
/// ///
@@ -167,10 +171,12 @@ namespace eap
public: public:
std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs
std::list<std::string> m_server_names; ///< Acceptable authenticating server names std::list<std::wstring> m_server_names; ///< Acceptable authenticating server names
#if EAP_TLS < EAP_TLS_SCHANNEL
// Following members are used for session resumptions. They are not exported/imported to XML. // Following members are used for session resumptions. They are not exported/imported to XML.
sanitizing_blob m_session_id; ///< TLS session ID sanitizing_blob m_session_id; ///< TLS session ID
tls_master_secret m_master_secret; ///< TLS master secret tls_master_secret m_master_secret; ///< TLS master secret
#endif
}; };
} }

7
lib/TLS/include/Credentials.h
View File

@@ -180,11 +180,6 @@ namespace eap
/// ///
virtual std::wstring get_identity() const; virtual std::wstring get_identity() const;
///
/// Returns credential name (for GUI display).
///
virtual winstd::tstring get_name() const;
/// ///
/// Combine credentials in the following order: /// Combine credentials in the following order:
/// ///
@@ -200,7 +195,7 @@ namespace eap
/// - \c true if credentials were set; /// - \c true if credentials were set;
/// - \c false otherwise /// - \c false otherwise
/// ///
bool combine( source_t combine(
_In_ const credentials_tls *cred_cached, _In_ const credentials_tls *cred_cached,
_In_ const config_method_tls &cfg, _In_ const config_method_tls &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);

170
lib/TLS/include/Method.h
View File

@@ -36,6 +36,7 @@ namespace eap
#include "../../EAPBase/include/Method.h" #include "../../EAPBase/include/Method.h"
#include <WinStd/Crypt.h> #include <WinStd/Crypt.h>
#include <WinStd/Sec.h>
#include <list> #include <list>
#include <vector> #include <vector>
@@ -145,17 +146,10 @@ namespace eap
/// Constructs an EAP method /// Constructs an EAP method
/// ///
/// \param[in] mod EAP module to use for global services /// \param[in] mod EAP module to use for global services
/// \param[in] cfg Providers configuration /// \param[in] cfg Connection configuration
/// \param[in] cred User credentials /// \param[in] cred User credentials
/// ///
method_tls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_tls &cred); method_tls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_tls &cred);
///
/// Copies an EAP method
///
/// \param[in] other EAP method to copy from
///
method_tls(_In_ const method_tls &other);
/// ///
/// Moves an EAP method /// Moves an EAP method
@@ -169,15 +163,6 @@ namespace eap
/// ///
virtual ~method_tls(); virtual ~method_tls();
///
/// Copies an EAP method
///
/// \param[in] other EAP method to copy from
///
/// \returns Reference to this object
///
method_tls& operator=(_In_ const method_tls &other);
/// ///
/// Moves an EAP method /// Moves an EAP method
/// ///
@@ -232,6 +217,7 @@ namespace eap
/// @} /// @}
protected: protected:
#if EAP_TLS < EAP_TLS_SCHANNEL
/// \name Client handshake message generation /// \name Client handshake message generation
/// @{ /// @{
@@ -242,7 +228,7 @@ namespace eap
/// ///
/// \returns Client hello message /// \returns Client hello message
/// ///
sanitizing_blob make_client_hello() const; sanitizing_blob make_client_hello();
/// ///
/// Makes a TLS client certificate message /// Makes a TLS client certificate message
@@ -264,15 +250,6 @@ namespace eap
/// ///
sanitizing_blob make_client_key_exchange(_In_ const tls_master_secret &pms) const; sanitizing_blob make_client_key_exchange(_In_ const tls_master_secret &pms) const;
///
/// Makes a TLS change cipher spec message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
///
/// \returns Change cipher spec
///
eap::sanitizing_blob make_change_chiper_spec() const;
/// ///
/// Makes a TLS finished message /// Makes a TLS finished message
/// ///
@@ -324,25 +301,17 @@ namespace eap
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1) /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
/// ///
/// \param[in] type Message type /// \param[in] type Message type
/// \param[in] data Message data contents /// \param[inout] data Message data contents
/// \param[in] encrypt Should \p data get encrypted?
/// ///
/// \returns TLS message message /// \returns TLS message message
/// ///
eap::sanitizing_blob make_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &data, _In_ bool encrypt); eap::sanitizing_blob make_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &&data);
/// @} /// @}
/// \name Key derivation /// \name Key derivation
/// @{ /// @{
///
/// Generates keys required by current connection state
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 6.3. Key Calculation)](https://tools.ietf.org/html/rfc5246#section-6.3)
///
void derive_keys();
/// ///
/// Generates master session key /// Generates master session key
/// ///
@@ -393,6 +362,18 @@ namespace eap
/// ///
virtual void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); virtual void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
#else
///
/// Process handshake
///
void process_handshake();
///
/// Process application data
///
void process_application_data();
#endif
/// ///
/// Processes a TLS application_data message /// Processes a TLS application_data message
/// ///
@@ -403,24 +384,16 @@ namespace eap
/// ///
virtual void process_application_data(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); virtual void process_application_data(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
/////
///// Processes a vendor-specific TLS message
/////
///// \note Please see `m_cipher_spec` member if the message data came encrypted.
/////
///// \param[in] type TLS message type
///// \param[in] msg TLS message data
///// \param[in] msg_size TLS message data size
/////
//virtual void process_vendor_data(_In_ tls_message_type_t type, _In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
/// @} /// @}
#if EAP_TLS < EAP_TLS_SCHANNEL_FULL
/// ///
/// Verifies server's certificate if trusted by configuration /// Verifies server's certificate if trusted by configuration
/// ///
void verify_server_trust() const; void verify_server_trust() const;
#endif
#if EAP_TLS < EAP_TLS_SCHANNEL
/// \name Encryption /// \name Encryption
/// @{ /// @{
@@ -468,28 +441,6 @@ namespace eap
_In_ size_t size_seed, _In_ size_t size_seed,
_In_ size_t size); _In_ size_t size);
///
/// Calculates pseudo-random P_hash data defined in RFC 5246
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5)
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5)
///
/// \param[in] secret Hashing secret key
/// \param[in] seed Random seed
/// \param[in] size_seed \p seed size
/// \param[in] size Number of bytes of pseudo-random data required
///
/// \returns Generated pseudo-random data (\p size bytes)
///
inline sanitizing_blob prf(
_In_ const tls_master_secret &secret,
_In_bytecount_(size_seed) const void *seed,
_In_ size_t size_seed,
_In_ size_t size) const
{
return prf(m_cp, m_state.m_alg_prf, secret, seed, size_seed, size);
}
/// ///
/// Calculates pseudo-random P_hash data defined in RFC 5246 /// Calculates pseudo-random P_hash data defined in RFC 5246
/// ///
@@ -515,27 +466,6 @@ namespace eap
return prf(cp, alg, secret, seed.data(), seed.size() * sizeof(_Ty), size); return prf(cp, alg, secret, seed.data(), seed.size() * sizeof(_Ty), size);
} }
///
/// Calculates pseudo-random P_hash data defined in RFC 5246
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5)
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5)
///
/// \param[in] secret Hashing secret key
/// \param[in] seed Random seed
/// \param[in] size Number of bytes of pseudo-random data required
///
/// \returns Generated pseudo-random data (\p size bytes)
///
template<class _Ty, class _Ax>
inline sanitizing_blob prf(
_In_ const tls_master_secret &secret,
_In_ const std::vector<_Ty, _Ax> &seed,
_In_ size_t size) const
{
return prf(m_cp, m_state.m_alg_prf, secret, seed.data(), seed.size() * sizeof(_Ty), size);
}
/// @} /// @}
/// ///
@@ -543,6 +473,7 @@ namespace eap
/// ///
/// \sa [How to export and import plain text session keys by using CryptoAPI](https://support.microsoft.com/en-us/kb/228786) /// \sa [How to export and import plain text session keys by using CryptoAPI](https://support.microsoft.com/en-us/kb/228786)
/// ///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Key algorithm /// \param[in] alg Key algorithm
/// \param[in] key Key that decrypts \p secret /// \param[in] key Key that decrypts \p secret
/// \param[in] secret Key data /// \param[in] secret Key data
@@ -551,27 +482,37 @@ namespace eap
/// \returns Key /// \returns Key
/// ///
HCRYPTKEY create_key( HCRYPTKEY create_key(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg, _In_ ALG_ID alg,
_In_ HCRYPTKEY key, _In_ HCRYPTKEY key,
_In_bytecount_(size_secret) const void *secret, _In_bytecount_(size_secret) const void *secret,
_In_ size_t size_secret); _In_ size_t size_secret);
#endif
protected: protected:
credentials_tls &m_cred; ///< EAP-TLS user credentials credentials_tls &m_cred; ///< EAP-TLS user credentials
HANDLE m_user_ctx; ///< Handle to user context
packet m_packet_req; ///< Request packet packet m_packet_req; ///< Request packet
packet m_packet_res; ///< Response packet packet m_packet_res; ///< Response packet
winstd::crypt_prov m_cp; ///< Cryptography provider #if EAP_TLS < EAP_TLS_SCHANNEL
winstd::crypt_prov m_cp; ///< Cryptography provider for general services
winstd::crypt_prov m_cp_enc_client; ///< Cryptography provider for encryption
winstd::crypt_prov m_cp_enc_server; ///< Cryptography provider for encryption
winstd::crypt_key m_key_exp1; ///< Key for importing derived keys
tls_version m_tls_version; ///< TLS version in use tls_version m_tls_version; ///< TLS version in use
ALG_ID m_alg_prf; ///< Pseudo-random function algorithm in use
tls_conn_state m_state; ///< TLS connection state for fast reconnect tls_conn_state m_state_client; ///< Client TLS connection state
tls_conn_state m_state_client_pending; ///< Client TLS connection state (pending)
tls_conn_state m_state_server; ///< Server TLS connection state
tls_conn_state m_state_server_pending; ///< Server TLS connection state (pending)
sanitizing_blob m_padding_hmac_client; ///< Padding (key) for client side HMAC calculation tls_master_secret m_master_secret; ///< TLS master secret
sanitizing_blob m_padding_hmac_server; ///< Padding (key) for server side HMAC calculation tls_random m_random_client; ///< Client random
winstd::crypt_key m_key_client; ///< Key for encrypting messages tls_random m_random_server; ///< Server random
winstd::crypt_key m_key_server; ///< Key for decrypting messages
tls_random m_key_mppe_client; ///< MS-MPPE-Recv-Key tls_random m_key_mppe_client; ///< MS-MPPE-Recv-Key
tls_random m_key_mppe_server; ///< MS-MPPE-Send-Key tls_random m_key_mppe_server; ///< MS-MPPE-Send-Key
@@ -580,17 +521,36 @@ namespace eap
std::list<winstd::cert_context> m_server_cert_chain; ///< Server certificate chain std::list<winstd::cert_context> m_server_cert_chain; ///< Server certificate chain
winstd::crypt_hash m_hash_handshake_msgs_md5; ///< Running MD5 hash of handshake messages sent winstd::crypt_hash m_hash_handshake_msgs_md5; ///< Running MD5 hash of handshake messages
winstd::crypt_hash m_hash_handshake_msgs_sha1; ///< Running SHA-1 hash of handshake messages sent winstd::crypt_hash m_hash_handshake_msgs_sha1; ///< Running SHA-1 hash of handshake messages
winstd::crypt_hash m_hash_handshake_msgs_sha256; ///< Running SHA-256 hash of handshake messages sent winstd::crypt_hash m_hash_handshake_msgs_sha256; ///< Running SHA-256 hash of handshake messages
bool m_certificate_req; ///< Did server request client certificate? bool m_handshake[tls_handshake_type_max]; ///< Handshake flags (map od handshake messages received)
bool m_server_hello_done; ///< Is server hello done?
bool m_cipher_spec; ///< Did server specify cipher? enum {
bool m_server_finished; ///< Did server send a valid finish message? phase_unknown = -1, ///< Unknown phase
phase_client_hello = 0, ///< Send client hello
phase_server_hello, ///< Wait for server hello
phase_change_cipher_spec, ///< Wait for change cipher spec
phase_application_data ///< Exchange application data
} m_phase; ///< What phase is our communication at?
unsigned __int64 m_seq_num_client; ///< Sequence number for encrypting unsigned __int64 m_seq_num_client; ///< Sequence number for encrypting
unsigned __int64 m_seq_num_server; ///< Sequence number for decrypting unsigned __int64 m_seq_num_server; ///< Sequence number for decrypting
#else
winstd::tstring m_sc_target_name; ///< Schannel target name
winstd::sec_credentials m_sc_cred; ///< Schannel client credentials
std::vector<unsigned char> m_sc_queue; ///< TLS data queue
winstd::sec_context m_sc_ctx; ///< Schannel context
enum {
phase_unknown = -1, ///< Unknown phase
phase_handshake_init = 0, ///< Handshake initialize
phase_handshake_cont, ///< Handshake continue
phase_application_data, ///< Exchange application data
phase_shutdown, ///< Connection shut down
} m_phase; ///< What phase is our communication at?
#endif
// The following members are required to avoid memory leakage in get_result() // The following members are required to avoid memory leakage in get_result()
EAP_ATTRIBUTES m_eap_attr_desc; ///< EAP Radius attributes descriptor EAP_ATTRIBUTES m_eap_attr_desc; ///< EAP Radius attributes descriptor

410
lib/TLS/include/TLS.h
View File

@@ -59,7 +59,7 @@ namespace eap
extern const tls_version tls_version_1_2; extern const tls_version tls_version_1_2;
/// ///
/// TLS client/server tls_random /// TLS client/server random
/// ///
struct tls_random; struct tls_random;
@@ -71,11 +71,11 @@ namespace eap
struct tls_master_secret; struct tls_master_secret;
/// ///
/// TLS client connection state /// HMAC padding
/// ///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 6.1. Connection States)](https://tools.ietf.org/html/rfc5246#section-6.1) /// \sa [HMAC: Keyed-Hashing for Message Authentication](https://tools.ietf.org/html/rfc2104)
/// ///
class tls_conn_state; struct hmac_padding;
/// ///
/// Our own implementation of HMAC hashing /// Our own implementation of HMAC hashing
@@ -83,83 +83,40 @@ namespace eap
/// ///
/// \sa [HMAC: Keyed-Hashing for Message Authentication](https://tools.ietf.org/html/rfc2104) /// \sa [HMAC: Keyed-Hashing for Message Authentication](https://tools.ietf.org/html/rfc2104)
/// ///
class hash_hmac; class hmac_hash;
///
/// TLS client connection state
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 6.1. Connection States)](https://tools.ietf.org/html/rfc5246#section-6.1)
///
class tls_conn_state;
} }
/// /////
/// Packs a TLS tls_random ///// Packs a TLS connection state
/// /////
/// \param[inout] cursor Memory cursor ///// \param[inout] cursor Memory cursor
/// \param[in] val Variable with data to pack ///// \param[in] val Variable with data to pack
/// /////
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_random &val); //inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_conn_state &val);
//
/// /////
/// Returns packed size of TLS tls_random ///// Returns packed size of TLS connection state
/// /////
/// \param[in] val Data to pack ///// \param[in] val Data to pack
/// /////
/// \returns Size of data when packed (in bytes) ///// \returns Size of data when packed (in bytes)
/// /////
inline size_t pksizeof(_In_ const eap::tls_random &val); //inline size_t pksizeof(_In_ const eap::tls_conn_state &val);
//
/// /////
/// Unpacks a TLS tls_random ///// Unpacks a TLS connection state
/// /////
/// \param[inout] cursor Memory cursor ///// \param[inout] cursor Memory cursor
/// \param[out] val Variable to receive unpacked value ///// \param[out] val Variable to receive unpacked value
/// /////
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_random &val); //inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_conn_state &val);
///
/// Packs a TLS master secret
///
/// \param[inout] cursor Memory cursor
/// \param[in] val Variable with data to pack
///
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_master_secret &val);
///
/// Returns packed size of TLS master secret
///
/// \param[in] val Data to pack
///
/// \returns Size of data when packed (in bytes)
///
inline size_t pksizeof(_In_ const eap::tls_master_secret &val);
///
/// Unpacks a TLS master secret
///
/// \param[inout] cursor Memory cursor
/// \param[out] val Variable to receive unpacked value
///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_master_secret &val);
///
/// Packs a TLS connection state
///
/// \param[inout] cursor Memory cursor
/// \param[in] val Variable with data to pack
///
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_conn_state &val);
///
/// Returns packed size of TLS connection state
///
/// \param[in] val Data to pack
///
/// \returns Size of data when packed (in bytes)
///
inline size_t pksizeof(_In_ const eap::tls_conn_state &val);
///
/// Unpacks a TLS connection state
///
/// \param[inout] cursor Memory cursor
/// \param[out] val Variable to receive unpacked value
///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_conn_state &val);
#pragma once #pragma once
@@ -191,7 +148,10 @@ namespace eap
tls_handshake_type_server_hello_done = 14, tls_handshake_type_server_hello_done = 14,
tls_handshake_type_certificate_verify = 15, tls_handshake_type_certificate_verify = 15,
tls_handshake_type_client_key_exchange = 16, tls_handshake_type_client_key_exchange = 16,
tls_handshake_type_finished = 20 tls_handshake_type_finished = 20,
tls_handshake_type_min = 0, ///< First existing handshake message
tls_handshake_type_max = 21 ///< First non-existing (officially) handshake message
}; };
@@ -343,59 +303,24 @@ namespace eap
#pragma pack(push) #pragma pack(push)
#pragma pack(1) #pragma pack(1)
struct __declspec(novtable) tls_random struct __declspec(novtable) tls_random : public sanitizing_blob_xf<32>
{ {
unsigned char data[32]; ///< Randomness
/// ///
/// Constructs a all-zero tls_random /// Generate TLS random
///
tls_random();
///
/// Copies a tls_random
///
/// \param[in] other Random to copy from
///
tls_random(_In_ const tls_random &other);
///
/// Destructor
///
~tls_random();
///
/// Copies a tls_random
///
/// \param[in] other Random to copy from
///
/// \returns Reference to this object
///
tls_random& operator=(_In_ const tls_random &other);
///
/// Empty the tls_random
///
void clear();
///
/// Generate tls_random
/// ///
/// \param[in] cp Handle of the cryptographics provider /// \param[in] cp Handle of the cryptographics provider
/// ///
void reset(_In_ HCRYPTPROV cp); void randomize(_In_ HCRYPTPROV cp);
}; };
#pragma pack(pop) #pragma pack(pop)
#pragma pack(push) #pragma pack(push)
#pragma pack(1) #pragma pack(1)
struct __declspec(novtable) tls_master_secret struct __declspec(novtable) tls_master_secret : public sanitizing_blob_xf<48>
{ {
unsigned char data[48];
/// ///
/// Constructs a all-zero master secret /// Constructor
/// ///
tls_master_secret(); tls_master_secret();
@@ -412,92 +337,68 @@ namespace eap
/// ///
/// Copies a master secret /// Copies a master secret
/// ///
/// \param[in] other Random to copy from /// \param[in] other Master secret to copy from
/// ///
tls_master_secret(_In_ const tls_master_secret &other); tls_master_secret(_In_ const sanitizing_blob_f<48> &other);
#ifdef _DEBUG
/// ///
/// Destructor /// Moves the master secret
/// ///
~tls_master_secret(); /// \param[inout] other Master secret to move from
/// ///
/// Copies a master secret tls_master_secret(_Inout_ sanitizing_blob_zf<48> &&other);
/// #endif
/// \param[in] other Random to copy from
///
/// \returns Reference to this object
///
tls_master_secret& operator=(_In_ const tls_master_secret &other);
///
/// Empty the master secret
///
void clear();
}; };
#pragma pack(pop) #pragma pack(pop)
class tls_conn_state #pragma pack(push)
#pragma pack(1)
struct __declspec(novtable) hmac_padding : public sanitizing_blob_xf<64>
{ {
public:
/// ///
/// Constructs a connection state /// Constructor
/// ///
tls_conn_state(); hmac_padding();
/// ///
/// Copies a connection state /// Derive padding from secret
/// ///
/// \param[in] other Connection state to copy from /// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Hashing algorithm
/// \param[in] secret HMAC secret
/// \param[in] size_secret \p secret size
/// \param[in] pad Padding value to XOR with (0x36=inner, 0x5c=outer...)
/// ///
tls_conn_state(_In_ const tls_conn_state &other); hmac_padding(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret,
_In_opt_ unsigned char pad = 0x36);
/// ///
/// Moves a connection state /// Copies a padding
/// ///
/// \param[in] other Connection state to move from /// \param[in] other Master secret to copy from
/// ///
tls_conn_state(_Inout_ tls_conn_state &&other); hmac_padding(_In_ const sanitizing_blob_f<64> &other);
#ifdef _DEBUG
/// ///
/// Copies a connection state /// Moves the padding
/// ///
/// \param[in] other Connection state to copy from /// \param[inout] other Padding to move from
/// ///
/// \returns Reference to this object hmac_padding(_Inout_ sanitizing_blob_zf<64> &&other);
/// #endif
tls_conn_state& operator=(_In_ const tls_conn_state &other);
///
/// Moves a connection state
///
/// \param[in] other Connection state to move from
///
/// \returns Reference to this object
///
tls_conn_state& operator=(_Inout_ tls_conn_state &&other);
public:
ALG_ID m_alg_prf; ///> Pseudo-tls_random function algorithm
ALG_ID m_alg_encrypt; ///> Bulk encryption algorithm
size_t m_size_enc_key; ///> Encryption key size in bytes (has to comply with `m_alg_encrypt`)
size_t m_size_enc_iv; ///> Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`)
size_t m_size_enc_block; ///> Encryption block size in bytes (has to comply with `m_alg_encrypt`)
ALG_ID m_alg_mac; ///> Message authenticy check algorithm
size_t m_size_mac_key; ///> Message authenticy check algorithm key size (has to comply with `m_alg_mac`)
size_t m_size_mac_hash; ///> Message authenticy check algorithm result size (has to comply with `m_alg_mac`)
tls_master_secret m_master_secret; ///< TLS master secret
tls_random m_random_client; ///< Client tls_random
tls_random m_random_server; ///< Server tls_random
}; };
#pragma pack(pop)
class hash_hmac class hmac_hash
{ {
public:
typedef unsigned char padding_t[64];
public: public:
/// ///
/// Construct new HMAC hashing object /// Construct new HMAC hashing object
@@ -507,7 +408,7 @@ namespace eap
/// \param[in] secret HMAC secret /// \param[in] secret HMAC secret
/// \param[in] size_secret \p secret size /// \param[in] size_secret \p secret size
/// ///
hash_hmac( hmac_hash(
_In_ HCRYPTPROV cp, _In_ HCRYPTPROV cp,
_In_ ALG_ID alg, _In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret, _In_bytecount_(size_secret ) const void *secret,
@@ -520,10 +421,10 @@ namespace eap
/// \param[in] alg Hashing algorithm /// \param[in] alg Hashing algorithm
/// \param[in] padding HMAC secret XOR inner padding /// \param[in] padding HMAC secret XOR inner padding
/// ///
hash_hmac( hmac_hash(
_In_ HCRYPTPROV cp, _In_ HCRYPTPROV cp,
_In_ ALG_ID alg, _In_ ALG_ID alg,
_In_ const padding_t padding); _In_ const hmac_padding &padding);
/// ///
/// Provides access to inner hash object to hash data at will. /// Provides access to inner hash object to hash data at will.
@@ -556,99 +457,70 @@ namespace eap
throw win_runtime_error(__FUNCTION__ " Error calculating outer hash."); throw win_runtime_error(__FUNCTION__ " Error calculating outer hash.");
} }
///
/// Helper method to pre-derive inner padding for frequent reuse
///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Hashing algorithm
/// \param[in] secret HMAC secret
/// \param[in] size_secret \p secret size
/// \param[out] padding HMAC secret XOR inner padding
///
static void inner_padding(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret,
_Out_ padding_t padding);
protected: protected:
winstd::crypt_hash m_hash_inner; ///< Inner hashing object winstd::crypt_hash m_hash_inner; ///< Inner hashing object
winstd::crypt_hash m_hash_outer; ///< Outer hashing object winstd::crypt_hash m_hash_outer; ///< Outer hashing object
}; };
}
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_random &val) class tls_conn_state
{ {
eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(eap::tls_random); public:
assert(ptr_end <= cursor.ptr_end); ///
memcpy(cursor.ptr, val.data, sizeof(eap::tls_random)); /// Constructs a connection state
cursor.ptr = ptr_end; ///
} tls_conn_state();
///
inline size_t pksizeof(_In_ const eap::tls_random &val) /// Copy a connection state
{ ///
UNREFERENCED_PARAMETER(val); /// \param[in] other Connection state to copy from
return sizeof(eap::tls_random); ///
} tls_conn_state(_In_ const tls_conn_state &other);
///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_random &val) /// Moves a connection state
{ ///
eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(eap::tls_random); /// \param[inout] other Connection state to move from
assert(ptr_end <= cursor.ptr_end); ///
memcpy(val.data, cursor.ptr, sizeof(eap::tls_random)); tls_conn_state(_Inout_ tls_conn_state &&other);
cursor.ptr = ptr_end;
} ///
/// Copy a connection state
///
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_master_secret &val) /// \param[inout] other Connection state to copy from
{ ///
eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(eap::tls_master_secret); /// \returns Reference to this object
assert(ptr_end <= cursor.ptr_end); ///
memcpy(cursor.ptr, val.data, sizeof(eap::tls_master_secret)); tls_conn_state& operator=(_In_ const tls_conn_state &other);
cursor.ptr = ptr_end;
} ///
/// Moves a connection state
///
inline size_t pksizeof(_In_ const eap::tls_master_secret &val) /// \param[in] other Connection state to move from
{ ///
UNREFERENCED_PARAMETER(val); /// \returns Reference to this object
return sizeof(eap::tls_master_secret); ///
} tls_conn_state& operator=(_Inout_ tls_conn_state &&other);
///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_master_secret &val) /// Configures state according to given cipher
{ ///
eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(eap::tls_master_secret); /// \param[in] cipher Cipher ID
assert(ptr_end <= cursor.ptr_end); ///
memcpy(val.data, cursor.ptr, sizeof(eap::tls_master_secret)); void set_cipher(_In_ const unsigned char cipher[2]);
cursor.ptr = ptr_end;
} public:
LPCTSTR m_prov_name; ///< Cryptography provider name
DWORD m_prov_type; ///< Cryptography provider type
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_conn_state &val) ALG_ID m_alg_encrypt; ///< Bulk encryption algorithm
{ size_t m_size_enc_key; ///< Encryption key size in bytes (has to comply with `m_alg_encrypt`)
cursor << val.m_master_secret; size_t m_size_enc_iv; ///< Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`)
cursor << val.m_random_client; size_t m_size_enc_block; ///< Encryption block size in bytes (has to comply with `m_alg_encrypt`)
cursor << val.m_random_server; winstd::crypt_key m_key; ///< Key for encrypting messages
} ALG_ID m_alg_mac; ///< Message authenticy check algorithm
size_t m_size_mac_key; ///< Message authenticy check algorithm key size (has to comply with `m_alg_mac`)
size_t m_size_mac_hash; ///< Message authenticy check algorithm result size (has to comply with `m_alg_mac`)
inline size_t pksizeof(_In_ const eap::tls_conn_state &val) hmac_padding m_padding_hmac; ///< Padding (key) for HMAC calculation
{ };
return
pksizeof(val.m_master_secret) +
pksizeof(val.m_random_client) +
pksizeof(val.m_random_server);
}
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_conn_state &val)
{
cursor >> val.m_master_secret;
cursor >> val.m_random_client;
cursor >> val.m_random_server;
} }

32
lib/TLS/src/Config.cpp
View File

@@ -75,8 +75,10 @@ eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with
eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) : eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
m_trusted_root_ca(other.m_trusted_root_ca), m_trusted_root_ca(other.m_trusted_root_ca),
m_server_names(other.m_server_names), m_server_names(other.m_server_names),
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id(other.m_session_id), m_session_id(other.m_session_id),
m_master_secret(other.m_master_secret), m_master_secret(other.m_master_secret),
#endif
config_method_with_cred(other) config_method_with_cred(other)
{ {
} }
@@ -85,8 +87,10 @@ eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) : eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) :
m_trusted_root_ca(std::move(other.m_trusted_root_ca)), m_trusted_root_ca(std::move(other.m_trusted_root_ca)),
m_server_names(std::move(other.m_server_names)), m_server_names(std::move(other.m_server_names)),
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id(std::move(other.m_session_id)), m_session_id(std::move(other.m_session_id)),
m_master_secret(std::move(other.m_master_secret)), m_master_secret(std::move(other.m_master_secret)),
#endif
config_method_with_cred(std::move(other)) config_method_with_cred(std::move(other))
{ {
} }
@@ -98,8 +102,10 @@ eap::config_method_tls& eap::config_method_tls::operator=(_In_ const config_meth
(config_method_with_cred&)*this = other; (config_method_with_cred&)*this = other;
m_trusted_root_ca = other.m_trusted_root_ca; m_trusted_root_ca = other.m_trusted_root_ca;
m_server_names = other.m_server_names; m_server_names = other.m_server_names;
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id = other.m_session_id; m_session_id = other.m_session_id;
m_master_secret = other.m_master_secret; m_master_secret = other.m_master_secret;
#endif
} }
return *this; return *this;
@@ -112,8 +118,10 @@ eap::config_method_tls& eap::config_method_tls::operator=(_Inout_ config_method_
(config_method_with_cred&&)*this = std::move(other); (config_method_with_cred&&)*this = std::move(other);
m_trusted_root_ca = std::move(other.m_trusted_root_ca); m_trusted_root_ca = std::move(other.m_trusted_root_ca);
m_server_names = std::move(other.m_server_names); m_server_names = std::move(other.m_server_names);
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id = std::move(other.m_session_id); m_session_id = std::move(other.m_session_id);
m_master_secret = std::move(other.m_master_secret); m_master_secret = std::move(other.m_master_secret);
#endif
} }
return *this; return *this;
@@ -161,10 +169,8 @@ void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *
} }
// <ServerName> // <ServerName>
for (list<string>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) { for (list<wstring>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
wstring str; if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(*i))))
MultiByteToWideChar(CP_UTF8, 0, i->c_str(), (int)i->length(), str);
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(str))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element."); throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element.");
} }
} }
@@ -231,12 +237,7 @@ void eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot)
pXmlListServerIDs->get_item(j, &pXmlElServerID); pXmlListServerIDs->get_item(j, &pXmlElServerID);
bstr bstrServerID; bstr bstrServerID;
pXmlElServerID->get_text(&bstrServerID); pXmlElServerID->get_text(&bstrServerID);
m_server_names.push_back(wstring(bstrServerID));
// Server names (FQDNs) are always ASCII. Hopefully. Convert them to UTF-8 anyway for consistent comparison. CP_ANSI varies.
string str;
WideCharToMultiByte(CP_UTF8, 0, bstrServerID, bstrServerID.length(), str, NULL, NULL);
m_server_names.push_back(str);
} }
m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names); m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names);
@@ -250,8 +251,10 @@ void eap::config_method_tls::operator<<(_Inout_ cursor_out &cursor) const
config_method_with_cred::operator<<(cursor); config_method_with_cred::operator<<(cursor);
cursor << m_trusted_root_ca; cursor << m_trusted_root_ca;
cursor << m_server_names ; cursor << m_server_names ;
#if EAP_TLS < EAP_TLS_SCHANNEL
cursor << m_session_id ; cursor << m_session_id ;
cursor << m_master_secret ; cursor << m_master_secret ;
#endif
} }
@@ -260,9 +263,14 @@ size_t eap::config_method_tls::get_pk_size() const
return return
config_method_with_cred::get_pk_size() + config_method_with_cred::get_pk_size() +
pksizeof(m_trusted_root_ca) + pksizeof(m_trusted_root_ca) +
pksizeof(m_server_names ) + pksizeof(m_server_names )
#if EAP_TLS < EAP_TLS_SCHANNEL
+
pksizeof(m_session_id ) + pksizeof(m_session_id ) +
pksizeof(m_master_secret ); pksizeof(m_master_secret );
#else
;
#endif
} }
@@ -271,8 +279,10 @@ void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor)
config_method_with_cred::operator>>(cursor); config_method_with_cred::operator>>(cursor);
cursor >> m_trusted_root_ca; cursor >> m_trusted_root_ca;
cursor >> m_server_names ; cursor >> m_server_names ;
#if EAP_TLS < EAP_TLS_SCHANNEL
cursor >> m_session_id ; cursor >> m_session_id ;
cursor >> m_master_secret ; cursor >> m_master_secret ;
#endif
} }

34
lib/TLS/src/Credentials.cpp
View File

@@ -182,11 +182,10 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
throw win_runtime_error(__FUNCTION__ " CryptProtectData failed."); throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
tstring target(target_name(pszTargetName)); tstring target(target_name(pszTargetName));
wstring name(std::move(get_name()));
// Write credentials. // Write credentials.
assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE); assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
assert(name.length() < CRED_MAX_USERNAME_LENGTH ); assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH );
CREDENTIAL cred = { CREDENTIAL cred = {
0, // Flags 0, // Flags
CRED_TYPE_GENERIC, // Type CRED_TYPE_GENERIC, // Type
@@ -199,7 +198,7 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
0, // AttributeCount 0, // AttributeCount
NULL, // Attributes NULL, // Attributes
NULL, // TargetAlias NULL, // TargetAlias
(LPTSTR)name.c_str() // UserName (LPTSTR)m_identity.c_str() // UserName
}; };
if (!CredWrite(&cred, 0)) if (!CredWrite(&cred, 0))
throw win_runtime_error(__FUNCTION__ " CredWrite failed."); throw win_runtime_error(__FUNCTION__ " CredWrite failed.");
@@ -227,7 +226,14 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName)
if (!bResult) if (!bResult)
throw win_runtime_error(__FUNCTION__ " Error loading certificate."); throw win_runtime_error(__FUNCTION__ " Error loading certificate.");
m_module.log_config((wstring(pszTargetName) + L"/Certificate").c_str(), get_name().c_str()); if (cred->UserName)
m_identity = cred->UserName;
else
m_identity.clear();
wstring xpath(pszTargetName);
m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
m_module.log_config((xpath + L"/Certificate").c_str(), get_name().c_str());
} }
@@ -239,7 +245,9 @@ LPCTSTR eap::credentials_tls::target_suffix() const
std::wstring eap::credentials_tls::get_identity() const std::wstring eap::credentials_tls::get_identity() const
{ {
if (m_cert) { if (!m_identity.empty()) {
return m_identity;
} else if (m_cert) {
wstring identity; wstring identity;
CertGetNameString(m_cert, CERT_NAME_EMAIL_TYPE, 0, NULL, identity); CertGetNameString(m_cert, CERT_NAME_EMAIL_TYPE, 0, NULL, identity);
return identity; return identity;
@@ -248,13 +256,7 @@ std::wstring eap::credentials_tls::get_identity() const
} }
tstring eap::credentials_tls::get_name() const eap::credentials::source_t eap::credentials_tls::combine(
{
return m_cert ? std::move(get_cert_title(m_cert)) : _T("<blank>");
}
bool eap::credentials_tls::combine(
_In_ const credentials_tls *cred_cached, _In_ const credentials_tls *cred_cached,
_In_ const config_method_tls &cfg, _In_ const config_method_tls &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
@@ -263,14 +265,14 @@ bool eap::credentials_tls::combine(
// Using EAP service cached credentials. // Using EAP service cached credentials.
*this = *cred_cached; *this = *cred_cached;
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
return true; return source_cache;
} }
if (cfg.m_use_preshared) { if (cfg.m_use_preshared) {
// Using preshared credentials. // Using preshared credentials.
*this = *(credentials_tls*)cfg.m_preshared.get(); *this = *(credentials_tls*)cfg.m_preshared.get();
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
return true; return source_preshared;
} }
if (pszTargetName) { if (pszTargetName) {
@@ -281,13 +283,13 @@ bool eap::credentials_tls::combine(
// Using stored credentials. // Using stored credentials.
*this = std::move(cred_loaded); *this = std::move(cred_loaded);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
return true; return source_storage;
} catch (...) { } catch (...) {
// Not actually an error. // Not actually an error.
} }
} }
return false; return source_unknown;
} }

1131
lib/TLS/src/Method.cpp
View File

File diff suppressed because it is too large Load Diff

1
lib/TLS/src/StdAfx.h
View File

@@ -31,6 +31,7 @@
#include <WinStd/EAP.h> #include <WinStd/EAP.h>
#include <EapHostError.h> #include <EapHostError.h>
#include <schnlsp.h>
#include <time.h> #include <time.h>
#include <algorithm> #include <algorithm>

433
lib/TLS/src/TLS.cpp
View File

@@ -37,40 +37,7 @@ const eap::tls_version eap::tls_version_1_2 = { 3, 3 };
// eap::tls_random // eap::tls_random
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::tls_random::tls_random() void eap::tls_random::randomize(_In_ HCRYPTPROV cp)
{
memset(data, 0, sizeof(data));
}
eap::tls_random::tls_random(_In_ const tls_random &other)
{
memcpy(data, other.data, sizeof(data));
}
eap::tls_random::~tls_random()
{
SecureZeroMemory(data, sizeof(data));
}
eap::tls_random& eap::tls_random::operator=(_In_ const tls_random &other)
{
if (this != std::addressof(other))
memcpy(data, other.data, sizeof(data));
return *this;
}
void eap::tls_random::clear()
{
memset(data, 0, sizeof(data));
}
void eap::tls_random::reset(_In_ HCRYPTPROV cp)
{ {
_time32((__time32_t*)data); _time32((__time32_t*)data);
if (!CryptGenRandom(cp, sizeof(data) - sizeof(__time32_t), data + sizeof(__time32_t))) if (!CryptGenRandom(cp, sizeof(data) - sizeof(__time32_t), data + sizeof(__time32_t)))
@@ -84,7 +51,6 @@ void eap::tls_random::reset(_In_ HCRYPTPROV cp)
eap::tls_master_secret::tls_master_secret() eap::tls_master_secret::tls_master_secret()
{ {
memset(data, 0, sizeof(data));
} }
@@ -98,30 +64,113 @@ eap::tls_master_secret::tls_master_secret(_In_ HCRYPTPROV cp, _In_ tls_version v
} }
eap::tls_master_secret::tls_master_secret(_In_ const tls_master_secret &other) eap::tls_master_secret::tls_master_secret(_In_ const sanitizing_blob_f<48> &other) :
sanitizing_blob_xf<48>(other)
{ {
memcpy(data, other.data, sizeof(data));
} }
eap::tls_master_secret::~tls_master_secret() #ifdef _DEBUG
eap::tls_master_secret::tls_master_secret(_Inout_ sanitizing_blob_zf<48> &&other) :
sanitizing_blob_xf<48>(std::move(other))
{
}
#endif
//////////////////////////////////////////////////////////////////////
// eap::hmac_padding
//////////////////////////////////////////////////////////////////////
eap::hmac_padding::hmac_padding()
{ {
SecureZeroMemory(data, sizeof(data));
} }
eap::tls_master_secret& eap::tls_master_secret::operator=(_In_ const tls_master_secret &other) eap::hmac_padding::hmac_padding(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret,
_In_opt_ unsigned char pad)
{ {
if (this != std::addressof(other)) if (size_secret > sizeof(hmac_padding)) {
memcpy(data, other.data, sizeof(data)); // If the secret is longer than padding, use secret's hash instead.
crypt_hash hash;
return *this; if (!hash.create(cp, alg))
throw win_runtime_error(__FUNCTION__ " Error creating hash.");
if (!CryptHashData(hash, (const BYTE*)secret, (DWORD)size_secret, 0))
throw win_runtime_error(__FUNCTION__ " Error hashing.");
DWORD size_hash = sizeof(hmac_padding);
if (!CryptGetHashParam(hash, HP_HASHVAL, data, &size_hash, 0))
throw win_runtime_error(__FUNCTION__ " Error finishing hash.");
size_secret = size_hash;
} else
memcpy(data, secret, size_secret);
for (size_t i = 0; i < size_secret; i++)
data[i] ^= pad;
memset(data + size_secret, pad, sizeof(hmac_padding) - size_secret);
} }
void eap::tls_master_secret::clear() eap::hmac_padding::hmac_padding(_In_ const sanitizing_blob_f<64> &other) :
sanitizing_blob_xf<64>(other)
{ {
memset(data, 0, sizeof(data)); }
#ifdef _DEBUG
eap::hmac_padding::hmac_padding(_Inout_ sanitizing_blob_zf<64> &&other) :
sanitizing_blob_xf<64>(std::move(other))
{
}
#endif
//////////////////////////////////////////////////////////////////////
// eap::hmac_hash
//////////////////////////////////////////////////////////////////////
eap::hmac_hash::hmac_hash(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret)
{
// Prepare inner padding and forward to the other constructor.
this->hmac_hash::hmac_hash(cp, alg, hmac_padding(cp, alg, secret, size_secret));
}
eap::hmac_hash::hmac_hash(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_ const hmac_padding &padding)
{
// Create inner hash.
if (!m_hash_inner.create(cp, alg))
throw win_runtime_error(__FUNCTION__ " Error creating inner hash.");
// Initialize it with the inner padding.
if (!CryptHashData(m_hash_inner, padding.data, sizeof(hmac_padding), 0))
throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
// Convert inner padding to outer padding for final calculation.
hmac_padding padding_out;
for (size_t i = 0; i < sizeof(hmac_padding); i++)
padding_out.data[i] = padding.data[i] ^ (0x36 ^ 0x5c);
// Create outer hash.
if (!m_hash_outer.create(cp, alg))
throw win_runtime_error(__FUNCTION__ " Error creating outer hash.");
// Initialize it with the outer padding.
if (!CryptHashData(m_hash_outer, padding_out.data, sizeof(hmac_padding), 0))
throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
} }
@@ -129,8 +178,12 @@ void eap::tls_master_secret::clear()
// eap::tls_conn_state // eap::tls_conn_state
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::tls_conn_state::tls_conn_state() : eap::tls_conn_state::tls_conn_state()
m_alg_prf (0), #ifdef _DEBUG
// Initialize state primitive members for diagnostic purposes.
:
m_prov_name (NULL),
m_prov_type (0),
m_alg_encrypt (0), m_alg_encrypt (0),
m_size_enc_key (0), m_size_enc_key (0),
m_size_enc_iv (0), m_size_enc_iv (0),
@@ -138,32 +191,69 @@ eap::tls_conn_state::tls_conn_state() :
m_alg_mac (0), m_alg_mac (0),
m_size_mac_key (0), m_size_mac_key (0),
m_size_mac_hash (0) m_size_mac_hash (0)
#endif
{ {
} }
eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) : eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) :
m_master_secret(other.m_master_secret), m_prov_name (other.m_prov_name ),
m_random_client(other.m_random_client), m_prov_type (other.m_prov_type ),
m_random_server(other.m_random_server) m_alg_encrypt (other.m_alg_encrypt ),
m_size_enc_key (other.m_size_enc_key ),
m_size_enc_iv (other.m_size_enc_iv ),
m_size_enc_block(other.m_size_enc_block),
m_key (other.m_key ),
m_alg_mac (other.m_alg_mac ),
m_size_mac_key (other.m_size_mac_key ),
m_size_mac_hash (other.m_size_mac_hash ),
m_padding_hmac (other.m_padding_hmac )
{ {
} }
eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) : eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
m_master_secret(std::move(other.m_master_secret)), m_prov_name (std::move(other.m_prov_name )),
m_random_client(std::move(other.m_random_client)), m_prov_type (std::move(other.m_prov_type )),
m_random_server(std::move(other.m_random_server)) m_alg_encrypt (std::move(other.m_alg_encrypt )),
m_size_enc_key (std::move(other.m_size_enc_key )),
m_size_enc_iv (std::move(other.m_size_enc_iv )),
m_size_enc_block(std::move(other.m_size_enc_block)),
m_key (std::move(other.m_key )),
m_alg_mac (std::move(other.m_alg_mac )),
m_size_mac_key (std::move(other.m_size_mac_key )),
m_size_mac_hash (std::move(other.m_size_mac_hash )),
m_padding_hmac (std::move(other.m_padding_hmac ))
{ {
#ifdef _DEBUG
// Reinitialize other state primitive members for diagnostic purposes.
other.m_prov_name = NULL;
other.m_prov_type = 0;
other.m_alg_encrypt = 0;
other.m_size_enc_key = 0;
other.m_size_enc_iv = 0;
other.m_size_enc_block = 0;
other.m_alg_mac = 0;
other.m_size_mac_key = 0;
other.m_size_mac_hash = 0;
#endif
} }
eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &other) eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &other)
{ {
if (this != std::addressof(other)) { if (this != std::addressof(other)) {
m_master_secret = other.m_master_secret; m_prov_name = other.m_prov_name ;
m_random_client = other.m_random_client; m_prov_type = other.m_prov_type ;
m_random_server = other.m_random_server; m_alg_encrypt = other.m_alg_encrypt ;
m_size_enc_key = other.m_size_enc_key ;
m_size_enc_iv = other.m_size_enc_iv ;
m_size_enc_block = other.m_size_enc_block;
m_key = other.m_key ;
m_alg_mac = other.m_alg_mac ;
m_size_mac_key = other.m_size_mac_key ;
m_size_mac_hash = other.m_size_mac_hash ;
m_padding_hmac = other.m_padding_hmac ;
} }
return *this; return *this;
@@ -173,83 +263,170 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &o
eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&other) eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&other)
{ {
if (this != std::addressof(other)) { if (this != std::addressof(other)) {
m_master_secret = std::move(other.m_master_secret); m_prov_name = std::move(other.m_prov_name );
m_random_client = std::move(other.m_random_client); m_prov_type = std::move(other.m_prov_type );
m_random_server = std::move(other.m_random_server); m_alg_encrypt = std::move(other.m_alg_encrypt );
m_size_enc_key = std::move(other.m_size_enc_key );
m_size_enc_iv = std::move(other.m_size_enc_iv );
m_size_enc_block = std::move(other.m_size_enc_block);
m_key = std::move(other.m_key );
m_alg_mac = std::move(other.m_alg_mac );
m_size_mac_key = std::move(other.m_size_mac_key );
m_size_mac_hash = std::move(other.m_size_mac_hash );
m_padding_hmac = std::move(other.m_padding_hmac );
#ifdef _DEBUG
// Reinitialize other state primitive members for diagnostic purposes.
other.m_prov_name = NULL;
other.m_prov_type = 0;
other.m_alg_encrypt = 0;
other.m_size_enc_key = 0;
other.m_size_enc_iv = 0;
other.m_size_enc_block = 0;
other.m_alg_mac = 0;
other.m_size_mac_key = 0;
other.m_size_mac_hash = 0;
#endif
} }
return *this; return *this;
} }
////////////////////////////////////////////////////////////////////// void eap::tls_conn_state::set_cipher(_In_ const unsigned char cipher[2])
// eap::hash_hmac
//////////////////////////////////////////////////////////////////////
eap::hash_hmac::hash_hmac(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret)
{ {
// Prepare padding. if (cipher[0] == 0x00 && cipher[1] == 0x0a) {
sanitizing_blob padding(sizeof(padding_t)); // TLS_RSA_WITH_3DES_EDE_CBC_SHA
inner_padding(cp, alg, secret, size_secret, padding.data()); m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
// Continue with the other constructor. m_alg_encrypt = CALG_3DES;
this->hash_hmac::hash_hmac(cp, alg, padding.data()); m_size_enc_key = 192/8; // 3DES 192bits
} m_size_enc_iv = 64/8; // 3DES 64bits
m_size_enc_block = 64/8; // 3DES 64bits
m_alg_mac = CALG_SHA1;
eap::hash_hmac::hash_hmac( m_size_mac_key = 160/8; // SHA-1
_In_ HCRYPTPROV cp, m_size_mac_hash = 160/8; // SHA-1
_In_ ALG_ID alg, } else if (cipher[0] == 0x00 && cipher[1] == 0x2f) {
_In_ const padding_t padding) // TLS_RSA_WITH_AES_128_CBC_SHA
{ m_prov_name = NULL;
// Create inner hash. m_prov_type = PROV_RSA_AES;
if (!m_hash_inner.create(cp, alg)) m_alg_encrypt = CALG_AES_128;
throw win_runtime_error(__FUNCTION__ " Error creating inner hash."); m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
// Initialize it with the inner padding. m_size_enc_block = 128/8; // AES-128
if (!CryptHashData(m_hash_inner, padding, sizeof(padding_t), 0)) m_alg_mac = CALG_SHA1;
throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding."); m_size_mac_key = 160/8; // SHA-1
m_size_mac_hash = 160/8; // SHA-1
// Convert inner padding to outer padding for final calculation. } else if (cipher[0] == 0x00 && cipher[1] == 0x3c) {
padding_t padding_out; // AES128-SHA256
for (size_t i = 0; i < sizeof(padding_t); i++) m_prov_name = NULL;
padding_out[i] = padding[i] ^ (0x36 ^ 0x5c); m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_128;
// Create outer hash. m_size_enc_key = 128/8; // AES-128
if (!m_hash_outer.create(cp, alg)) m_size_enc_iv = 128/8; // AES-128
throw win_runtime_error(__FUNCTION__ " Error creating outer hash."); m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
// Initialize it with the outer padding. m_size_mac_key = 256/8; // SHA-256
if (!CryptHashData(m_hash_outer, padding_out, sizeof(padding_t), 0)) m_size_mac_hash = 256/8; // SHA-256
throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding."); } else if (cipher[0] == 0x00 && cipher[1] == 0x3d) {
} // AES256-SHA256
m_prov_name = MS_ENH_RSA_AES_PROV;
m_prov_type = PROV_RSA_AES;
void eap::hash_hmac::inner_padding( m_alg_encrypt = CALG_AES_256;
_In_ HCRYPTPROV cp, m_size_enc_key = 256/8; // AES-256
_In_ ALG_ID alg, m_size_enc_iv = 128/8; // AES-256
_In_bytecount_(size_secret ) const void *secret, m_size_enc_block = 128/8; // AES-256
_In_ size_t size_secret, m_alg_mac = CALG_SHA_256;
_Out_ padding_t padding) m_size_mac_key = 256/8; // SHA-256
{ m_size_mac_hash = 256/8; // SHA-256
if (size_secret > sizeof(padding_t)) { } else if (cipher[0] == 0x00 && cipher[1] == 0x40) {
// If the secret is longer than padding, use secret's hash instead. // DHE-DSS-AES128-SHA256
crypt_hash hash; m_prov_name = MS_ENH_DSS_DH_PROV;
if (!hash.create(cp, alg)) m_prov_type = PROV_DSS_DH;
throw win_runtime_error(__FUNCTION__ " Error creating hash."); m_alg_encrypt = CALG_AES_128;
if (!CryptHashData(hash, (const BYTE*)secret, (DWORD)size_secret, 0)) m_size_enc_key = 128/8; // AES-128
throw win_runtime_error(__FUNCTION__ " Error hashing."); m_size_enc_iv = 128/8; // AES-128
DWORD size_hash = sizeof(padding_t); m_size_enc_block = 128/8; // AES-128
if (!CryptGetHashParam(hash, HP_HASHVAL, padding, &size_hash, 0)) m_alg_mac = CALG_SHA_256;
throw win_runtime_error(__FUNCTION__ " Error finishing hash."); m_size_mac_key = 256/8; // SHA-256
size_secret = size_hash; m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x67) {
// DHE-RSA-AES128-SHA256
m_prov_name = MS_DEF_DH_SCHANNEL_PROV;
m_prov_type = PROV_DH_SCHANNEL;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x6a) {
// DHE-DSS-AES256-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x6b) {
// DHE-RSA-AES256-SHA256
m_prov_name = MS_DEF_DH_SCHANNEL_PROV;
m_prov_type = PROV_DH_SCHANNEL;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x23) {
// ECDHE-ECDSA-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x24) {
// ECDHE-ECDSA-AES256-SHA384
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_384;
m_size_mac_key = 384/8; // SHA-384
m_size_mac_hash = 384/8; // SHA-384
} else if (cipher[0] == 0xc0 && cipher[1] == 0x27) {
// ECDHE-RSA-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x28) {
// ECDHE-RSA-AES256-SHA384
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_384;
m_size_mac_key = 384/8; // SHA-384
m_size_mac_hash = 384/8; // SHA-384
} else } else
memcpy(padding, secret, size_secret); throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Unknown cipher (received 0x%02x%02x).", cipher[0], cipher[1]));
for (size_t i = 0; i < size_secret; i++)
padding[i] ^= 0x36;
memset(padding + size_secret, 0x36, sizeof(padding_t) - size_secret);
} }

22
lib/TLS_UI/include/TLS_UI.h
View File

@@ -119,7 +119,7 @@ public:
/// ///
/// Construct the validator with a value to store data /// Construct the validator with a value to store data
/// ///
wxHostNameValidator(std::string *val = NULL); wxHostNameValidator(std::wstring *val = NULL);
/// ///
/// Copy constructor /// Copy constructor
@@ -149,10 +149,10 @@ public:
/// ///
/// Parses FQDN value /// Parses FQDN value
/// ///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out = NULL); static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected: protected:
std::string *m_val; ///< Pointer to variable to receive control's parsed value std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
}; };
@@ -165,7 +165,7 @@ public:
/// ///
/// Construct the validator with a value to store data /// Construct the validator with a value to store data
/// ///
wxFQDNValidator(std::string *val = NULL); wxFQDNValidator(std::wstring *val = NULL);
/// ///
/// Copy constructor /// Copy constructor
@@ -195,10 +195,10 @@ public:
/// ///
/// Parses FQDN value /// Parses FQDN value
/// ///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out = NULL); static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected: protected:
std::string *m_val; ///< Pointer to variable to receive control's parsed value std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
}; };
@@ -211,7 +211,7 @@ public:
/// ///
/// Construct the validator with a value to store data /// Construct the validator with a value to store data
/// ///
wxFQDNListValidator(std::list<std::string> *val = NULL); wxFQDNListValidator(std::list<std::wstring> *val = NULL);
/// ///
/// Copy constructor /// Copy constructor
@@ -241,10 +241,10 @@ public:
/// ///
/// Parses FQDN list value /// Parses FQDN list value
/// ///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::string> *val_out = NULL); static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out = NULL);
protected: protected:
std::list<std::string> *m_val; ///< Pointer to variable to receive control's parsed value std::list<std::wstring> *m_val; ///< Pointer to variable to receive control's parsed value
}; };
@@ -311,7 +311,7 @@ protected:
eap::config_method_tls &m_cfg; ///< TLS configuration eap::config_method_tls &m_cfg; ///< TLS configuration
winstd::library m_certmgr; ///< certmgr.dll resource library reference winstd::library m_certmgr; ///< certmgr.dll resource library reference
wxIcon m_icon; ///< Panel icon wxIcon m_icon; ///< Panel icon
std::list<std::string> m_server_names_val; ///< Acceptable authenticating server names std::list<std::wstring> m_server_names_val; ///< Acceptable authenticating server names
}; };
@@ -331,7 +331,9 @@ public:
protected: protected:
/// \cond internal /// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event); virtual void OnInitDialog(wxInitDialogEvent& event);
#if EAP_TLS < EAP_TLS_SCHANNEL
virtual bool TransferDataFromWindow(); virtual bool TransferDataFromWindow();
#endif
/// \endcond /// \endcond
protected: protected:

23
lib/TLS_UI/res/wxTLS_UI.cpp
View File

@@ -74,11 +74,11 @@ wxEAPTLSServerTrustConfigPanelBase::wxEAPTLSServerTrustConfigPanelBase( wxWindow
sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 ); sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 );
m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 ); m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; \"*\" wildchar allowed") ); m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed") );
sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 ); sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 );
m_server_names_note = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("(Example: foo.bar.com;*.domain.org)"), wxDefaultPosition, wxDefaultSize, 0 ); m_server_names_note = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("(Example: foo.bar.com;server2.bar.com)"), wxDefaultPosition, wxDefaultSize, 0 );
m_server_names_note->Wrap( -1 ); m_server_names_note->Wrap( -1 );
sb_server_names->Add( m_server_names_note, 0, wxALIGN_RIGHT, 5 ); sb_server_names->Add( m_server_names_note, 0, wxALIGN_RIGHT, 5 );
@@ -161,6 +161,25 @@ wxTLSCredentialsPanelBase::wxTLSCredentialsPanelBase( wxWindow* parent, wxWindow
sb_credentials_vert->Add( sb_cert_radio, 0, wxEXPAND|wxALL, 5 ); sb_credentials_vert->Add( sb_cert_radio, 0, wxEXPAND|wxALL, 5 );
wxBoxSizer* sb_identity;
sb_identity = new wxBoxSizer( wxVERTICAL );
m_identity_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Custom &identity:"), wxDefaultPosition, wxDefaultSize, 0 );
m_identity_label->Wrap( -1 );
sb_identity->Add( m_identity_label, 0, wxBOTTOM, 5 );
m_identity = new wxTextCtrl( sb_credentials->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_identity->SetToolTip( _("Your identity (username@domain) to override one from certificate; or blank to use one provided in certificate") );
sb_identity->Add( m_identity, 0, wxEXPAND|wxBOTTOM, 5 );
m_identity_note = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("(Example: user@contoso.com)"), wxDefaultPosition, wxDefaultSize, 0 );
m_identity_note->Wrap( -1 );
sb_identity->Add( m_identity_note, 0, wxALIGN_RIGHT, 5 );
sb_credentials_vert->Add( sb_identity, 1, wxEXPAND|wxALL, 5 );
m_remember = new wxCheckBox( sb_credentials->GetStaticBox(), wxID_ANY, _("&Remember"), wxDefaultPosition, wxDefaultSize, 0 ); m_remember = new wxCheckBox( sb_credentials->GetStaticBox(), wxID_ANY, _("&Remember"), wxDefaultPosition, wxDefaultSize, 0 );
m_remember->SetHelpText( _("Check if you would like to save certificate selection") ); m_remember->SetHelpText( _("Check if you would like to save certificate selection") );

272
lib/TLS_UI/res/wxTLS_UI.fbp
View File

@@ -870,7 +870,7 @@
<property name="style"></property> <property name="style"></property>
<property name="subclass"></property> <property name="subclass"></property>
<property name="toolbar_pane">0</property> <property name="toolbar_pane">0</property>
<property name="tooltip">A semicolon delimited list of acceptable server FQDN names; blank to skip name check; &quot;*&quot; wildchar allowed</property> <property name="tooltip">A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed</property>
<property name="validator_data_type"></property> <property name="validator_data_type"></property>
<property name="validator_style">wxFILTER_NONE</property> <property name="validator_style">wxFILTER_NONE</property>
<property name="validator_type">wxDefaultValidator</property> <property name="validator_type">wxDefaultValidator</property>
@@ -940,7 +940,7 @@
<property name="gripper">0</property> <property name="gripper">0</property>
<property name="hidden">0</property> <property name="hidden">0</property>
<property name="id">wxID_ANY</property> <property name="id">wxID_ANY</property>
<property name="label">(Example: foo.bar.com;*.domain.org)</property> <property name="label">(Example: foo.bar.com;server2.bar.com)</property>
<property name="max_size"></property> <property name="max_size"></property>
<property name="maximize_button">0</property> <property name="maximize_button">0</property>
<property name="maximum_size"></property> <property name="maximum_size"></property>
@@ -1527,6 +1527,274 @@
</object> </object>
</object> </object>
</object> </object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
<property name="flag">wxEXPAND|wxALL</property>
<property name="proportion">1</property>
<object class="wxBoxSizer" expanded="1">
<property name="minimum_size"></property>
<property name="name">sb_identity</property>
<property name="orient">wxVERTICAL</property>
<property name="permission">none</property>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
<property name="flag">wxBOTTOM</property>
<property name="proportion">0</property>
<object class="wxStaticText" expanded="1">
<property name="BottomDockable">1</property>
<property name="LeftDockable">1</property>
<property name="RightDockable">1</property>
<property name="TopDockable">1</property>
<property name="aui_layer"></property>
<property name="aui_name"></property>
<property name="aui_position"></property>
<property name="aui_row"></property>
<property name="best_size"></property>
<property name="bg"></property>
<property name="caption"></property>
<property name="caption_visible">1</property>
<property name="center_pane">0</property>
<property name="close_button">1</property>
<property name="context_help"></property>
<property name="context_menu">1</property>
<property name="default_pane">0</property>
<property name="dock">Dock</property>
<property name="dock_fixed">0</property>
<property name="docking">Left</property>
<property name="enabled">1</property>
<property name="fg"></property>
<property name="floatable">1</property>
<property name="font"></property>
<property name="gripper">0</property>
<property name="hidden">0</property>
<property name="id">wxID_ANY</property>
<property name="label">Custom &amp;identity:</property>
<property name="max_size"></property>
<property name="maximize_button">0</property>
<property name="maximum_size"></property>
<property name="min_size"></property>
<property name="minimize_button">0</property>
<property name="minimum_size"></property>
<property name="moveable">1</property>
<property name="name">m_identity_label</property>
<property name="pane_border">1</property>
<property name="pane_position"></property>
<property name="pane_size"></property>
<property name="permission">protected</property>
<property name="pin_button">1</property>
<property name="pos"></property>
<property name="resize">Resizable</property>
<property name="show">1</property>
<property name="size"></property>
<property name="style"></property>
<property name="subclass"></property>
<property name="toolbar_pane">0</property>
<property name="tooltip"></property>
<property name="window_extra_style"></property>
<property name="window_name"></property>
<property name="window_style"></property>
<property name="wrap">-1</property>
<event name="OnChar"></event>
<event name="OnEnterWindow"></event>
<event name="OnEraseBackground"></event>
<event name="OnKeyDown"></event>
<event name="OnKeyUp"></event>
<event name="OnKillFocus"></event>
<event name="OnLeaveWindow"></event>
<event name="OnLeftDClick"></event>
<event name="OnLeftDown"></event>
<event name="OnLeftUp"></event>
<event name="OnMiddleDClick"></event>
<event name="OnMiddleDown"></event>
<event name="OnMiddleUp"></event>
<event name="OnMotion"></event>
<event name="OnMouseEvents"></event>
<event name="OnMouseWheel"></event>
<event name="OnPaint"></event>
<event name="OnRightDClick"></event>
<event name="OnRightDown"></event>
<event name="OnRightUp"></event>
<event name="OnSetFocus"></event>
<event name="OnSize"></event>
<event name="OnUpdateUI"></event>
</object>
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
<property name="flag">wxEXPAND|wxBOTTOM</property>
<property name="proportion">0</property>
<object class="wxTextCtrl" expanded="1">
<property name="BottomDockable">1</property>
<property name="LeftDockable">1</property>
<property name="RightDockable">1</property>
<property name="TopDockable">1</property>
<property name="aui_layer"></property>
<property name="aui_name"></property>
<property name="aui_position"></property>
<property name="aui_row"></property>
<property name="best_size"></property>
<property name="bg"></property>
<property name="caption"></property>
<property name="caption_visible">1</property>
<property name="center_pane">0</property>
<property name="close_button">1</property>
<property name="context_help"></property>
<property name="context_menu">1</property>
<property name="default_pane">0</property>
<property name="dock">Dock</property>
<property name="dock_fixed">0</property>
<property name="docking">Left</property>
<property name="enabled">1</property>
<property name="fg"></property>
<property name="floatable">1</property>
<property name="font"></property>
<property name="gripper">0</property>
<property name="hidden">0</property>
<property name="id">wxID_ANY</property>
<property name="max_size"></property>
<property name="maximize_button">0</property>
<property name="maximum_size"></property>
<property name="maxlength"></property>
<property name="min_size"></property>
<property name="minimize_button">0</property>
<property name="minimum_size"></property>
<property name="moveable">1</property>
<property name="name">m_identity</property>
<property name="pane_border">1</property>
<property name="pane_position"></property>
<property name="pane_size"></property>
<property name="permission">protected</property>
<property name="pin_button">1</property>
<property name="pos"></property>
<property name="resize">Resizable</property>
<property name="show">1</property>
<property name="size"></property>
<property name="style"></property>
<property name="subclass"></property>
<property name="toolbar_pane">0</property>
<property name="tooltip">Your identity (username@domain) to override one from certificate; or blank to use one provided in certificate</property>
<property name="validator_data_type"></property>
<property name="validator_style">wxFILTER_NONE</property>
<property name="validator_type">wxDefaultValidator</property>
<property name="validator_variable"></property>
<property name="value"></property>
<property name="window_extra_style"></property>
<property name="window_name"></property>
<property name="window_style"></property>
<event name="OnChar"></event>
<event name="OnEnterWindow"></event>
<event name="OnEraseBackground"></event>
<event name="OnKeyDown"></event>
<event name="OnKeyUp"></event>
<event name="OnKillFocus"></event>
<event name="OnLeaveWindow"></event>
<event name="OnLeftDClick"></event>
<event name="OnLeftDown"></event>
<event name="OnLeftUp"></event>
<event name="OnMiddleDClick"></event>
<event name="OnMiddleDown"></event>
<event name="OnMiddleUp"></event>
<event name="OnMotion"></event>
<event name="OnMouseEvents"></event>
<event name="OnMouseWheel"></event>
<event name="OnPaint"></event>
<event name="OnRightDClick"></event>
<event name="OnRightDown"></event>
<event name="OnRightUp"></event>
<event name="OnSetFocus"></event>
<event name="OnSize"></event>
<event name="OnText"></event>
<event name="OnTextEnter"></event>
<event name="OnTextMaxLen"></event>
<event name="OnTextURL"></event>
<event name="OnUpdateUI"></event>
</object>
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
<property name="flag">wxALIGN_RIGHT</property>
<property name="proportion">0</property>
<object class="wxStaticText" expanded="1">
<property name="BottomDockable">1</property>
<property name="LeftDockable">1</property>
<property name="RightDockable">1</property>
<property name="TopDockable">1</property>
<property name="aui_layer"></property>
<property name="aui_name"></property>
<property name="aui_position"></property>
<property name="aui_row"></property>
<property name="best_size"></property>
<property name="bg"></property>
<property name="caption"></property>
<property name="caption_visible">1</property>
<property name="center_pane">0</property>
<property name="close_button">1</property>
<property name="context_help"></property>
<property name="context_menu">1</property>
<property name="default_pane">0</property>
<property name="dock">Dock</property>
<property name="dock_fixed">0</property>
<property name="docking">Left</property>
<property name="enabled">1</property>
<property name="fg"></property>
<property name="floatable">1</property>
<property name="font"></property>
<property name="gripper">0</property>
<property name="hidden">0</property>
<property name="id">wxID_ANY</property>
<property name="label">(Example: user@contoso.com)</property>
<property name="max_size"></property>
<property name="maximize_button">0</property>
<property name="maximum_size"></property>
<property name="min_size"></property>
<property name="minimize_button">0</property>
<property name="minimum_size"></property>
<property name="moveable">1</property>
<property name="name">m_identity_note</property>
<property name="pane_border">1</property>
<property name="pane_position"></property>
<property name="pane_size"></property>
<property name="permission">protected</property>
<property name="pin_button">1</property>
<property name="pos"></property>
<property name="resize">Resizable</property>
<property name="show">1</property>
<property name="size"></property>
<property name="style"></property>
<property name="subclass"></property>
<property name="toolbar_pane">0</property>
<property name="tooltip"></property>
<property name="window_extra_style"></property>
<property name="window_name"></property>
<property name="window_style"></property>
<property name="wrap">-1</property>
<event name="OnChar"></event>
<event name="OnEnterWindow"></event>
<event name="OnEraseBackground"></event>
<event name="OnKeyDown"></event>
<event name="OnKeyUp"></event>
<event name="OnKillFocus"></event>
<event name="OnLeaveWindow"></event>
<event name="OnLeftDClick"></event>
<event name="OnLeftDown"></event>
<event name="OnLeftUp"></event>
<event name="OnMiddleDClick"></event>
<event name="OnMiddleDown"></event>
<event name="OnMiddleUp"></event>
<event name="OnMotion"></event>
<event name="OnMouseEvents"></event>
<event name="OnMouseWheel"></event>
<event name="OnPaint"></event>
<event name="OnRightDClick"></event>
<event name="OnRightDown"></event>
<event name="OnRightUp"></event>
<event name="OnSetFocus"></event>
<event name="OnSize"></event>
<event name="OnUpdateUI"></event>
</object>
</object>
</object>
</object>
<object class="sizeritem" expanded="1"> <object class="sizeritem" expanded="1">
<property name="border">5</property> <property name="border">5</property>
<property name="flag">wxALL|wxEXPAND</property> <property name="flag">wxALL|wxEXPAND</property>

3
lib/TLS_UI/res/wxTLS_UI.h
View File

@@ -80,6 +80,9 @@ class wxTLSCredentialsPanelBase : public wxPanel
wxRadioButton* m_cert_none; wxRadioButton* m_cert_none;
wxRadioButton* m_cert_select; wxRadioButton* m_cert_select;
wxChoice* m_cert_select_val; wxChoice* m_cert_select_val;
wxStaticText* m_identity_label;
wxTextCtrl* m_identity;
wxStaticText* m_identity_note;
wxCheckBox* m_remember; wxCheckBox* m_remember;
public: public:

49
lib/TLS_UI/src/TLS_UI.cpp
View File

@@ -46,7 +46,7 @@ wxCertificateClientData::~wxCertificateClientData()
wxIMPLEMENT_DYNAMIC_CLASS(wxHostNameValidator, wxValidator); wxIMPLEMENT_DYNAMIC_CLASS(wxHostNameValidator, wxValidator);
wxHostNameValidator::wxHostNameValidator(std::string *val) : wxHostNameValidator::wxHostNameValidator(std::wstring *val) :
m_val(val), m_val(val),
wxValidator() wxValidator()
{ {
@@ -98,7 +98,7 @@ bool wxHostNameValidator::TransferFromWindow()
} }
bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out) bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out)
{ {
const wxStringCharType *buf = val_in; const wxStringCharType *buf = val_in;
@@ -108,7 +108,7 @@ bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i
// End of host name found. // End of host name found.
if (val_out) val_out->assign(val_in.c_str() + i_start, i - i_start); if (val_out) val_out->assign(val_in.c_str() + i_start, i - i_start);
return true; return true;
} else if (_tcschr(wxT("abcdefghijklmnopqrstuvwxyz0123456789-*"), buf[i])) { } else if (buf[i] == _T('-') || buf[i] == _T('_') || _istalnum(buf[i])) {
// Valid character found. // Valid character found.
i++; i++;
} else { } else {
@@ -129,7 +129,7 @@ bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i
wxIMPLEMENT_DYNAMIC_CLASS(wxFQDNValidator, wxValidator); wxIMPLEMENT_DYNAMIC_CLASS(wxFQDNValidator, wxValidator);
wxFQDNValidator::wxFQDNValidator(std::string *val) : wxFQDNValidator::wxFQDNValidator(std::wstring *val) :
m_val(val), m_val(val),
wxValidator() wxValidator()
{ {
@@ -181,7 +181,7 @@ bool wxFQDNValidator::TransferFromWindow()
} }
bool wxFQDNValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out) bool wxFQDNValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out)
{ {
const wxStringCharType *buf = val_in; const wxStringCharType *buf = val_in;
@@ -210,7 +210,7 @@ bool wxFQDNValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end
wxIMPLEMENT_DYNAMIC_CLASS(wxFQDNListValidator, wxValidator); wxIMPLEMENT_DYNAMIC_CLASS(wxFQDNListValidator, wxValidator);
wxFQDNListValidator::wxFQDNListValidator(std::list<std::string> *val) : wxFQDNListValidator::wxFQDNListValidator(std::list<std::wstring> *val) :
m_val(val), m_val(val),
wxValidator() wxValidator()
{ {
@@ -246,7 +246,7 @@ bool wxFQDNListValidator::TransferToWindow()
if (m_val) { if (m_val) {
wxString str; wxString str;
for (std::list<std::string>::const_iterator name = m_val->cbegin(), name_end = m_val->cend(); name != name_end; ++name) { for (std::list<std::wstring>::const_iterator name = m_val->cbegin(), name_end = m_val->cend(); name != name_end; ++name) {
if (!str.IsEmpty()) str += wxT("; "); if (!str.IsEmpty()) str += wxT("; ");
str += *name; str += *name;
} }
@@ -267,11 +267,11 @@ bool wxFQDNListValidator::TransferFromWindow()
} }
bool wxFQDNListValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::string> *val_out) bool wxFQDNListValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out)
{ {
const wxStringCharType *buf = val_in; const wxStringCharType *buf = val_in;
std::string _fqdn, *fqdn = val_out ? &_fqdn : NULL; std::wstring _fqdn, *fqdn = val_out ? &_fqdn : NULL;
std::list<std::string> _val_out; std::list<std::wstring> _val_out;
size_t i = i_start; size_t i = i_start;
for (;;) { for (;;) {
@@ -358,6 +358,8 @@ bool wxTLSCredentialsPanel::TransferDataToWindow()
m_cert_select_val->SetSelection(0); m_cert_select_val->SetSelection(0);
} }
m_identity->SetValue(m_cred.m_identity);
return wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>::TransferDataToWindow(); return wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>::TransferDataToWindow();
} }
@@ -374,6 +376,8 @@ bool wxTLSCredentialsPanel::TransferDataFromWindow()
m_cred.m_cert.free(); m_cred.m_cert.free();
} }
m_cred.m_identity = m_identity->GetValue();
// Inherited TransferDataFromWindow() calls m_cred.store(). // Inherited TransferDataFromWindow() calls m_cred.store().
// Therefore, call it only now, that m_cred is set. // Therefore, call it only now, that m_cred is set.
return wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>::TransferDataFromWindow(); return wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>::TransferDataFromWindow();
@@ -393,9 +397,11 @@ void wxTLSCredentialsPanel::OnUpdateUI(wxUpdateUIEvent& event)
m_cert_select->Enable(false); m_cert_select->Enable(false);
} }
m_cert_select_val->Enable(false); m_cert_select_val->Enable(false);
m_identity->Enable(false);
} else { } else {
// Configuration mode or using own credentials. Selectively enable/disable controls. // Configuration mode or using own credentials. Selectively enable/disable controls.
m_cert_select_val->Enable(m_cert_select->GetValue()); m_cert_select_val->Enable(m_cert_select->GetValue());
m_identity->Enable(true);
} }
wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>::OnUpdateUI(event); wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>::OnUpdateUI(event);
@@ -423,14 +429,6 @@ wxTLSServerTrustPanel::wxTLSServerTrustPanel(const eap::config_provider &prov, e
bool wxTLSServerTrustPanel::TransferDataToWindow() bool wxTLSServerTrustPanel::TransferDataToWindow()
{ {
if (m_prov.m_read_only) {
// This is provider-locked configuration. Disable controls.
m_root_ca_add_store->Enable(false);
m_root_ca_add_file ->Enable(false);
m_root_ca_remove ->Enable(false);
m_server_names ->Enable(false);
}
// Populate trusted CA list. // Populate trusted CA list.
for (std::list<winstd::cert_context>::const_iterator cert = m_cfg.m_trusted_root_ca.cbegin(), cert_end = m_cfg.m_trusted_root_ca.cend(); cert != cert_end; ++cert) for (std::list<winstd::cert_context>::const_iterator cert = m_cfg.m_trusted_root_ca.cbegin(), cert_end = m_cfg.m_trusted_root_ca.cend(); cert != cert_end; ++cert)
m_root_ca->Append(wxString(eap::get_cert_title(*cert)), new wxCertificateClientData(cert->duplicate())); m_root_ca->Append(wxString(eap::get_cert_title(*cert)), new wxCertificateClientData(cert->duplicate()));
@@ -469,10 +467,19 @@ void wxTLSServerTrustPanel::OnUpdateUI(wxUpdateUIEvent& event)
{ {
UNREFERENCED_PARAMETER(event); UNREFERENCED_PARAMETER(event);
if (!m_prov.m_read_only) { if (m_prov.m_read_only) {
// This is provider-locked configuration. Disable controls.
m_root_ca_add_store->Enable(false);
m_root_ca_add_file ->Enable(false);
m_root_ca_remove ->Enable(false);
m_server_names ->Enable(false);
} else {
// This is not a provider-locked configuration. Selectively enable/disable controls. // This is not a provider-locked configuration. Selectively enable/disable controls.
m_root_ca_add_store->Enable(true);
m_root_ca_add_file ->Enable(true);
wxArrayInt selections; wxArrayInt selections;
m_root_ca_remove->Enable(m_root_ca->GetSelections(selections) ? true : false); m_root_ca_remove->Enable(m_root_ca->GetSelections(selections) ? true : false);
m_server_names ->Enable(true);
} }
} }
@@ -604,6 +611,8 @@ void wxTLSConfigPanel::OnInitDialog(wxInitDialogEvent& event)
} }
#if EAP_TLS < EAP_TLS_SCHANNEL
bool wxTLSConfigPanel::TransferDataFromWindow() bool wxTLSConfigPanel::TransferDataFromWindow()
{ {
wxCHECK(wxPanel::TransferDataFromWindow(), false); wxCHECK(wxPanel::TransferDataFromWindow(), false);
@@ -619,4 +628,4 @@ bool wxTLSConfigPanel::TransferDataFromWindow()
return true; return true;
} }
#endif

3
lib/TTLS/include/Credentials.h
View File

@@ -32,6 +32,7 @@ namespace eap
#include "../../PAP/include/Credentials.h" #include "../../PAP/include/Credentials.h"
#include <memory> #include <memory>
#include <utility>
namespace eap namespace eap
@@ -187,7 +188,7 @@ namespace eap
/// - \c true if credentials were set; /// - \c true if credentials were set;
/// - \c false otherwise /// - \c false otherwise
/// ///
bool combine( std::pair<source_t, source_t> combine(
_In_ const credentials_ttls *cred_cached, _In_ const credentials_ttls *cred_cached,
_In_ const config_method_ttls &cfg, _In_ const config_method_ttls &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);

36
lib/TTLS/include/Method.h
View File

@@ -58,17 +58,10 @@ namespace eap
/// Constructs an EAP method /// Constructs an EAP method
/// ///
/// \param[in] mod EAP module to use for global services /// \param[in] mod EAP module to use for global services
/// \param[in] cfg Providers configuration /// \param[in] cfg Connection configuration
/// \param[in] cred User credentials /// \param[in] cred User credentials
/// ///
method_ttls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_ttls &cred); method_ttls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_ttls &cred);
///
/// Copies an EAP method
///
/// \param[in] other EAP method to copy from
///
method_ttls(_In_ const method_ttls &other);
/// ///
/// Moves an EAP method /// Moves an EAP method
@@ -77,15 +70,6 @@ namespace eap
/// ///
method_ttls(_Inout_ method_ttls &&other); method_ttls(_Inout_ method_ttls &&other);
///
/// Copies an EAP method
///
/// \param[in] other EAP method to copy from
///
/// \returns Reference to this object
///
method_ttls& operator=(_In_ const method_ttls &other);
/// ///
/// Moves an EAP method /// Moves an EAP method
/// ///
@@ -128,6 +112,9 @@ namespace eap
/// @} /// @}
protected:
#if EAP_TLS < EAP_TLS_SCHANNEL
/// ///
/// Generates master session key /// Generates master session key
/// ///
@@ -135,7 +122,18 @@ namespace eap
/// ///
virtual void derive_msk(); virtual void derive_msk();
protected: #else
///
/// Processes an application message
///
/// \param[in] msg Application message data
/// \param[in] size_msg Application message data size
///
virtual void process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg);
#endif
/// ///
/// Makes a PAP client message /// Makes a PAP client message
/// ///

2
lib/TTLS/include/Module.h
View File

@@ -221,7 +221,7 @@ namespace eap
{} {}
public: public:
config_provider_list m_cfg; ///< Providers configuration config_connection m_cfg; ///< Connection configuration
credentials_ttls m_cred; ///< User credentials credentials_ttls m_cred; ///< User credentials
method_ttls m_method; ///< EAP-TTLS method method_ttls m_method; ///< EAP-TTLS method
}; };

15
lib/TTLS/src/Credentials.cpp
View File

@@ -189,6 +189,8 @@ void eap::credentials_ttls::operator>>(_Inout_ cursor_in &cursor)
void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName) const void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName) const
{ {
assert(0); // Not that we would ever store inner&outer credentials to Windows Credential Manager joined, but for completness sake... Here we go:
credentials_tls::store(pszTargetName); credentials_tls::store(pszTargetName);
if (m_inner) if (m_inner)
@@ -198,6 +200,8 @@ void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName) const
void eap::credentials_ttls::retrieve(_In_z_ LPCTSTR pszTargetName) void eap::credentials_ttls::retrieve(_In_z_ LPCTSTR pszTargetName)
{ {
assert(0); // Not that we would ever retrieve inner&outer credentials to Windows Credential Manager joined, but for completness sake... Here we go:
credentials_tls::retrieve(pszTargetName); credentials_tls::retrieve(pszTargetName);
if (m_inner) if (m_inner)
@@ -226,15 +230,12 @@ std::wstring eap::credentials_ttls::get_identity() const
} }
bool eap::credentials_ttls::combine( pair<eap::credentials::source_t, eap::credentials::source_t> eap::credentials_ttls::combine(
_In_ const credentials_ttls *cred_cached, _In_ const credentials_ttls *cred_cached,
_In_ const config_method_ttls &cfg, _In_ const config_method_ttls &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
{ {
bool return pair<source_t, source_t>(
is_outer_set = credentials_tls::combine(cred_cached, cfg, pszTargetName), credentials_tls::combine(cred_cached, cfg, pszTargetName),
is_inner_set = dynamic_cast<const credentials_pap*>(m_inner.get()) ? ((credentials_pap*)m_inner.get())->combine(cred_cached ? (credentials_pap*)cred_cached->m_inner.get() : NULL, (const config_method_pap&)*cfg.m_inner, pszTargetName) : source_unknown);
dynamic_cast<const credentials_pap*>(m_inner.get()) ? ((credentials_pap*)m_inner.get())->combine(cred_cached ? (credentials_pap*)cred_cached->m_inner.get() : NULL, (const config_method_pap&)*cfg.m_inner, pszTargetName) : false;
return is_outer_set && is_inner_set;
} }

134
lib/TTLS/src/Method.cpp
View File

@@ -28,7 +28,7 @@ using namespace winstd;
// eap::method_ttls // eap::method_ttls
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::method_ttls::method_ttls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_ttls &cred) : eap::method_ttls::method_ttls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_ttls &cred) :
m_cred(cred), m_cred(cred),
m_version(version_0), m_version(version_0),
method_tls(module, cfg, cred) method_tls(module, cfg, cred)
@@ -36,14 +36,6 @@ eap::method_ttls::method_ttls(_In_ module &module, _In_ config_provider_list &cf
} }
eap::method_ttls::method_ttls(_In_ const method_ttls &other) :
m_cred(other.m_cred),
m_version(other.m_version),
method_tls(other)
{
}
eap::method_ttls::method_ttls(_Inout_ method_ttls &&other) : eap::method_ttls::method_ttls(_Inout_ method_ttls &&other) :
m_cred(other.m_cred), m_cred(other.m_cred),
m_version(std::move(other.m_version)), m_version(std::move(other.m_version)),
@@ -52,17 +44,6 @@ eap::method_ttls::method_ttls(_Inout_ method_ttls &&other) :
} }
eap::method_ttls& eap::method_ttls::operator=(_In_ const method_ttls &other)
{
if (this != std::addressof(other)) {
(method_tls&)*this = other;
m_version = other.m_version;
}
return *this;
}
eap::method_ttls& eap::method_ttls::operator=(_Inout_ method_ttls &&other) eap::method_ttls& eap::method_ttls::operator=(_Inout_ method_ttls &&other)
{ {
if (this != std::addressof(other)) { if (this != std::addressof(other)) {
@@ -88,29 +69,24 @@ void eap::method_ttls::process_request_packet(
m_module.log_event(&EAPMETHOD_TTLS_HANDSHAKE_START, event_data((unsigned int)eap_type_ttls), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank); m_module.log_event(&EAPMETHOD_TTLS_HANDSHAKE_START, event_data((unsigned int)eap_type_ttls), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank);
} }
if (!m_server_finished) {
// Do the TLS. // Do the TLS.
method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput); method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
if (m_server_finished) { #if EAP_TLS < EAP_TLS_SCHANNEL
// Piggyback inner authentication. if (m_phase == phase_application_data) {
if (!m_cipher_spec) // Send inner authentication.
if (!m_state_client.m_alg_encrypt)
throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted."); throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted.");
m_module.log_event(&EAPMETHOD_TTLS_INNER_CRED, event_data((unsigned int)eap_type_ttls), event_data(m_cred.m_inner->get_name()), event_data::blank);
m_packet_res.m_code = EapCodeResponse; m_packet_res.m_code = EapCodeResponse;
m_packet_res.m_id = m_packet_req.m_id; m_packet_res.m_id = m_packet_req.m_id;
m_packet_res.m_flags = 0; m_packet_res.m_flags = 0;
sanitizing_blob client(make_pap_client()); sanitizing_blob msg_application(make_message(tls_message_type_application_data, make_pap_client()));
sanitizing_blob application(make_message(tls_message_type_application_data, client, m_cipher_spec)); m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_application.begin(), msg_application.end());
m_packet_res.m_data.assign(application.begin(), application.end());
pEapOutput->fAllowNotifications = FALSE;
pEapOutput->action = EapPeerMethodResponseActionSend;
}
} else {
// Do the TLS. Again.
method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
} }
#endif
} }
@@ -131,20 +107,45 @@ void eap::method_ttls::get_result(
_In_ EapPeerMethodResultReason reason, _In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *ppResult) _Inout_ EapPeerMethodResult *ppResult)
{ {
if (!m_server_finished) { if (m_phase != phase_application_data) {
// Do the TLS. // Do the TLS.
method_tls::get_result(reason, ppResult); method_tls::get_result(reason, ppResult);
} else { } else {
// The TLS finished, this is inner authentication's bussines.
config_provider &cfg_prov(m_cfg.m_providers.front()); config_provider &cfg_prov(m_cfg.m_providers.front());
config_method_ttls *cfg_method = dynamic_cast<config_method_ttls*>(cfg_prov.m_methods.front().get()); config_method_ttls *cfg_method = dynamic_cast<config_method_ttls*>(cfg_prov.m_methods.front().get());
assert(cfg_method); assert(cfg_method);
// Mark credentials appropriately, so GUI can re-prompt user. switch (reason) {
cfg_method->m_inner->m_cred_failed = reason == EapPeerMethodResultFailure; case EapPeerMethodResultSuccess: {
m_module.log_event(&EAPMETHOD_TTLS_INNER_SUCCESS, event_data((unsigned int)eap_type_ttls), event_data::blank);
cfg_method->m_inner->m_auth_failed = false;
break;
}
case EapPeerMethodResultFailure:
m_module.log_event(&EAPMETHOD_TTLS_INNER_FAILURE, event_data((unsigned int)eap_type_ttls), event_data::blank);
cfg_method->m_inner->m_auth_failed = true;
break;
default:
throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
}
#if EAP_TLS >= EAP_TLS_SCHANNEL
// EAP-TTLS uses different label in PRF for MSK derivation than EAP-TLS.
static const DWORD s_key_id = 0x01; // EAP-TTLSv0 Keying Material
static const SecPkgContext_EapPrfInfo s_prf_info = { 0, sizeof(s_key_id), (PBYTE)&s_key_id };
SECURITY_STATUS status = SetContextAttributes(m_sc_ctx, SECPKG_ATTR_EAP_PRF_INFO, (void*)&s_prf_info, sizeof(s_prf_info));
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ "Error setting EAP-TTLS PRF in Schannel.");
#endif
// The TLS was OK. // The TLS was OK.
method_tls::get_result(EapPeerMethodResultSuccess, ppResult); method_tls::get_result(EapPeerMethodResultSuccess, ppResult);
// Do not report failure to EAPHost, as it will not save updated configuration then. But we need it to save it, to alert user on next connection attempt.
// EAPHost is well aware of the failed condition.
//if (reason == EapPeerMethodResultFailure) { //if (reason == EapPeerMethodResultFailure) {
// ppResult->fIsSuccess = FALSE; // ppResult->fIsSuccess = FALSE;
// ppResult->dwFailureReasonCode = EAP_E_AUTHENTICATION_FAILED; // ppResult->dwFailureReasonCode = EAP_E_AUTHENTICATION_FAILED;
@@ -153,6 +154,8 @@ void eap::method_ttls::get_result(
} }
#if EAP_TLS < EAP_TLS_SCHANNEL
void eap::method_ttls::derive_msk() void eap::method_ttls::derive_msk()
{ {
// //
@@ -172,9 +175,9 @@ void eap::method_ttls::derive_msk()
// //
static const unsigned char s_label[] = "ttls keying material"; static const unsigned char s_label[] = "ttls keying material";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_state.m_random_client, (const unsigned char*)(&m_state.m_random_client + 1)); seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), (const unsigned char*)&m_state.m_random_server, (const unsigned char*)(&m_state.m_random_server + 1)); seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
sanitizing_blob key_block(prf(m_cp, CALG_TLS1PRF, m_state.m_master_secret, seed, 2*sizeof(tls_random))); sanitizing_blob key_block(prf(m_cp, CALG_TLS1PRF, m_master_secret, seed, 2*sizeof(tls_random)));
const unsigned char *_key_block = key_block.data(); const unsigned char *_key_block = key_block.data();
// MSK: MPPE-Recv-Key // MSK: MPPE-Recv-Key
@@ -186,6 +189,57 @@ void eap::method_ttls::derive_msk()
_key_block += sizeof(tls_random); _key_block += sizeof(tls_random);
} }
#else
void eap::method_ttls::process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg)
{
UNREFERENCED_PARAMETER(msg);
UNREFERENCED_PARAMETER(size_msg);
// Prepare inner authentication.
if (!(m_sc_ctx.m_attrib & ISC_RET_CONFIDENTIALITY))
throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted.");
m_module.log_event(&EAPMETHOD_TTLS_INNER_CRED, event_data((unsigned int)eap_type_ttls), event_data(m_cred.m_inner->get_name()), event_data::blank);
SECURITY_STATUS status;
// Get maximum message sizes.
SecPkgContext_StreamSizes sizes;
status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_STREAM_SIZES, &sizes);
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ " Error getting Schannel required encryption sizes.");
// Make PAP message.
sanitizing_blob msg_pap(make_pap_client());
assert(msg_pap.size() < sizes.cbMaximumMessage);
unsigned long size_data = std::min<unsigned long>(sizes.cbMaximumMessage, (unsigned long)msg_pap.size()); // Truncate
sanitizing_blob data(sizes.cbHeader + size_data + sizes.cbTrailer, 0);
memcpy(data.data() + sizes.cbHeader, msg_pap.data(), size_data);
// Prepare input/output buffer(s).
SecBuffer buf[] = {
{ sizes.cbHeader, SECBUFFER_STREAM_HEADER , data.data() },
{ size_data, SECBUFFER_DATA , data.data() + sizes.cbHeader },
{ sizes.cbTrailer, SECBUFFER_STREAM_TRAILER, data.data() + sizes.cbHeader + size_data },
{ 0, SECBUFFER_EMPTY , NULL },
};
SecBufferDesc buf_desc = {
SECBUFFER_VERSION,
_countof(buf),
buf
};
// Encrypt the message.
status = EncryptMessage(m_sc_ctx, 0, &buf_desc, 0);
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ " Error encrypting message.");
m_packet_res.m_data.insert(m_packet_res.m_data.end(), (const unsigned char*)buf[0].pvBuffer, (const unsigned char*)buf[0].pvBuffer + buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer);
}
#endif
eap::sanitizing_blob eap::method_ttls::make_pap_client() const eap::sanitizing_blob eap::method_ttls::make_pap_client() const
{ {

13
lib/TTLS/src/Module.cpp
View File

@@ -74,7 +74,7 @@ void eap::peer_ttls::get_identity(
assert(ppwszIdentity); assert(ppwszIdentity);
// Unpack configuration. // Unpack configuration.
config_provider_list cfg(*this); config_connection cfg(*this);
unpack(cfg, pConnectionData, dwConnectionDataSize); unpack(cfg, pConnectionData, dwConnectionDataSize);
if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty()) if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty())
throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods."); throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods.");
@@ -109,14 +109,17 @@ void eap::peer_ttls::get_identity(
{ {
// Combine credentials. // Combine credentials.
user_impersonator impersonating(hTokenImpersonateUser); user_impersonator impersonating(hTokenImpersonateUser);
*pfInvokeUI = cred_out.combine( pair<eap::credentials::source_t, eap::credentials::source_t> cred_source(cred_out.combine(
#ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
&cred_in, &cred_in,
#else #else
NULL, NULL,
#endif #endif
*cfg_method, *cfg_method,
(dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL) ? FALSE : TRUE; (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL));
// If either of credentials is unknown, request UI.
*pfInvokeUI = cred_source.first == eap::credentials::source_unknown || cred_source.second == eap::credentials::source_unknown ? TRUE : FALSE;
} }
if (*pfInvokeUI) { if (*pfInvokeUI) {
@@ -132,14 +135,14 @@ void eap::peer_ttls::get_identity(
// If we got here, we have all credentials we need. But, wait! // If we got here, we have all credentials we need. But, wait!
if (cfg_method->m_cred_failed) { if (cfg_method->m_auth_failed) {
// Outer TLS: Credentials failed on last connection attempt. // Outer TLS: Credentials failed on last connection attempt.
log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)eap_type_tls), event_data::blank); log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)eap_type_tls), event_data::blank);
*pfInvokeUI = TRUE; *pfInvokeUI = TRUE;
return; return;
} }
if (cfg_method->m_inner->m_cred_failed) { if (cfg_method->m_inner->m_auth_failed) {
// Inner: Credentials failed on last connection attempt. // Inner: Credentials failed on last connection attempt.
log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)type_inner), event_data::blank); log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)type_inner), event_data::blank);
*pfInvokeUI = TRUE; *pfInvokeUI = TRUE;

1
lib/TTLS/src/StdAfx.h
View File

@@ -30,3 +30,4 @@
#include <WinStd/EAP.h> #include <WinStd/EAP.h>
#include <EapHostError.h> #include <EapHostError.h>
#include <schannel.h>

11
lib/TTLS_UI/include/TTLS_UI.h
View File

@@ -45,7 +45,6 @@ class wxTTLSCredentialsPanel;
#include <wx/choicebk.h> #include <wx/choicebk.h>
#include <wx/icon.h> #include <wx/icon.h>
#include <wx/scrolwin.h>
#include <wx/stattext.h> #include <wx/stattext.h>
#include <Windows.h> #include <Windows.h>
@@ -74,32 +73,28 @@ protected:
}; };
class wxTTLSConfigWindow : public wxScrolledWindow class wxTTLSConfigWindow : public wxEAPConfigWindow
{ {
public: public:
/// ///
/// Constructs a configuration panel /// Constructs a configuration panel
/// ///
/// \param[in] prov Provider configuration data
/// \param[inout] cfg Configuration data /// \param[inout] cfg Configuration data
/// \param[in] pszCredTarget Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name. /// \param[in] pszCredTarget Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name.
/// \param[in] parent Parent window /// \param[in] parent Parent window
/// ///
wxTTLSConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, LPCTSTR pszCredTarget, wxWindow* parent); wxTTLSConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, LPCTSTR pszCredTarget, wxWindow* parent);
///
/// Destructs the configuration panel
///
virtual ~wxTTLSConfigWindow();
protected: protected:
/// \cond internal /// \cond internal
virtual bool TransferDataToWindow(); virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow(); virtual bool TransferDataFromWindow();
virtual void OnInitDialog(wxInitDialogEvent& event); virtual void OnInitDialog(wxInitDialogEvent& event);
virtual void OnUpdateUI(wxUpdateUIEvent& event);
/// \endcond /// \endcond
protected: protected:
const eap::config_provider &m_prov; ///< EAP provider
eap::config_method_ttls &m_cfg; ///< TTLS configuration eap::config_method_ttls &m_cfg; ///< TTLS configuration
wxStaticText *m_outer_title; ///< Outer authentication title wxStaticText *m_outer_title; ///< Outer authentication title
wxTTLSConfigPanel *m_outer_identity; ///< Outer identity configuration panel wxTTLSConfigPanel *m_outer_identity; ///< Outer identity configuration panel

2
lib/TTLS_UI/res/wxTTLS_UI.cpp
View File

@@ -32,7 +32,7 @@ wxTTLSConfigPanelBase::wxTTLSConfigPanelBase( wxWindow* parent, wxWindowID id, c
wxBoxSizer* sb_outer_identity_radio; wxBoxSizer* sb_outer_identity_radio;
sb_outer_identity_radio = new wxBoxSizer( wxVERTICAL ); sb_outer_identity_radio = new wxBoxSizer( wxVERTICAL );
m_outer_identity_same = new wxRadioButton( sb_outer_identity->GetStaticBox(), wxID_ANY, _("&Same as inner identity"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP ); m_outer_identity_same = new wxRadioButton( sb_outer_identity->GetStaticBox(), wxID_ANY, _("&True identity"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP );
m_outer_identity_same->SetToolTip( _("Use my true user name") ); m_outer_identity_same->SetToolTip( _("Use my true user name") );
sb_outer_identity_radio->Add( m_outer_identity_same, 1, wxEXPAND, 5 ); sb_outer_identity_radio->Add( m_outer_identity_same, 1, wxEXPAND, 5 );

2
lib/TTLS_UI/res/wxTTLS_UI.fbp
View File

@@ -309,7 +309,7 @@
<property name="gripper">0</property> <property name="gripper">0</property>
<property name="hidden">0</property> <property name="hidden">0</property>
<property name="id">wxID_ANY</property> <property name="id">wxID_ANY</property>
<property name="label">&amp;Same as inner identity</property> <property name="label">&amp;True identity</property>
<property name="max_size"></property> <property name="max_size"></property>
<property name="maximize_button">0</property> <property name="maximize_button">0</property>
<property name="maximum_size"></property> <property name="maximum_size"></property>

50
lib/TTLS_UI/src/Module.cpp
View File

@@ -48,7 +48,7 @@ void eap::peer_ttls_ui::config_xml2blob(
UNREFERENCED_PARAMETER(dwFlags); UNREFERENCED_PARAMETER(dwFlags);
// Load configuration from XML. // Load configuration from XML.
config_provider_list cfg(*this); config_connection cfg(*this);
cfg.load(pConfigRoot); cfg.load(pConfigRoot);
// Pack configuration. // Pack configuration.
@@ -66,7 +66,7 @@ void eap::peer_ttls_ui::config_blob2xml(
UNREFERENCED_PARAMETER(dwFlags); UNREFERENCED_PARAMETER(dwFlags);
// Unpack configuration. // Unpack configuration.
config_provider_list cfg(*this); config_connection cfg(*this);
unpack(cfg, pConnectionData, dwConnectionDataSize); unpack(cfg, pConnectionData, dwConnectionDataSize);
// Save configuration to XML. // Save configuration to XML.
@@ -82,9 +82,28 @@ void eap::peer_ttls_ui::invoke_config_ui(
_Inout_ DWORD *pdwConnectionDataOutSize) _Inout_ DWORD *pdwConnectionDataOutSize)
{ {
// Unpack configuration. // Unpack configuration.
config_provider_list cfg(*this); config_connection cfg(*this);
if (dwConnectionDataInSize) if (dwConnectionDataInSize) {
// Load existing configuration.
unpack(cfg, pConnectionDataIn, dwConnectionDataInSize); unpack(cfg, pConnectionDataIn, dwConnectionDataInSize);
} else {
// This is a blank network profile. Create default configuraton.
CoCreateGuid(&(cfg.m_connection_id));
// Start with PAP inner configuration.
unique_ptr<config_method_ttls> cfg_method(new config_method_ttls(*this));
cfg_method->m_inner.reset(new config_method_pap(*this));
cfg_method->m_anonymous_identity = L"@";
cfg_method->m_use_preshared = true;
cfg_method->m_preshared.reset(new credentials_tls(*this));
// Start with one method.
config_provider cfg_provider(*this);
cfg_provider.m_methods.push_back(std::move(cfg_method));
// Start with one provider.
cfg.m_providers.push_back(std::move(cfg_provider));
}
// Initialize application. // Initialize application.
new wxApp(); new wxApp();
@@ -94,7 +113,7 @@ void eap::peer_ttls_ui::invoke_config_ui(
{ {
// Create wxWidget-approved parent window. // Create wxWidget-approved parent window.
wxWindow parent; wxWindow parent;
parent.SetHWND((WXHWND)hwndParent); parent.SetHWND((WXHWND)(hwndParent ? hwndParent : GetForegroundWindow()));
parent.AdoptAttributesFromHWND(); parent.AdoptAttributesFromHWND();
wxTopLevelWindows.Append(&parent); wxTopLevelWindows.Append(&parent);
@@ -130,7 +149,7 @@ void eap::peer_ttls_ui::invoke_identity_ui(
assert(ppwszIdentity); assert(ppwszIdentity);
// Unpack configuration. // Unpack configuration.
config_provider_list cfg(*this); config_connection cfg(*this);
unpack(cfg, pConnectionData, dwConnectionDataSize); unpack(cfg, pConnectionData, dwConnectionDataSize);
if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty()) if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty())
throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods."); throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods.");
@@ -163,14 +182,14 @@ void eap::peer_ttls_ui::invoke_identity_ui(
} }
// Combine credentials. // Combine credentials.
cred_out.combine( pair<eap::credentials::source_t, eap::credentials::source_t> cred_source(cred_out.combine(
#ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
&cred_in, &cred_in,
#else #else
NULL, NULL,
#endif #endif
*cfg_method, *cfg_method,
(dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL); (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL));
if (dwFlags & EAP_FLAG_GUEST_ACCESS) { if (dwFlags & EAP_FLAG_GUEST_ACCESS) {
// Disable credential saving for guests. // Disable credential saving for guests.
@@ -186,14 +205,22 @@ void eap::peer_ttls_ui::invoke_identity_ui(
{ {
// Create wxWidget-approved parent window. // Create wxWidget-approved parent window.
wxWindow parent; wxWindow parent;
parent.SetHWND((WXHWND)hwndParent); parent.SetHWND((WXHWND)(hwndParent ? hwndParent : GetForegroundWindow()));
parent.AdoptAttributesFromHWND(); parent.AdoptAttributesFromHWND();
wxTopLevelWindows.Append(&parent); wxTopLevelWindows.Append(&parent);
// Create and launch credentials dialog. // Create credentials dialog.
wxEAPCredentialsDialog dlg(cfg_prov, &parent); wxEAPCredentialsDialog dlg(cfg_prov, &parent);
wxTTLSCredentialsPanel *panel = new wxTTLSCredentialsPanel(cfg_prov, *cfg_method, cred_out, cfg_prov.m_id.c_str(), &dlg); wxTTLSCredentialsPanel *panel = new wxTTLSCredentialsPanel(cfg_prov, *cfg_method, cred_out, cfg_prov.m_id.c_str(), &dlg);
dlg.AddContents((wxPanel**)&panel, 1); dlg.AddContent(panel);
// Set "Remember" checkboxes according to credential source,
panel->m_outer_cred->SetRememberValue(cred_source.first == eap::credentials::source_storage);
wxPAPCredentialsPanel *panel_inner_cred_pap = dynamic_cast<wxPAPCredentialsPanel*>(panel->m_inner_cred);
if (panel_inner_cred_pap)
panel_inner_cred_pap->SetRememberValue(cred_source.second == eap::credentials::source_storage);
// Centre and display dialog.
dlg.Centre(wxBOTH); dlg.Centre(wxBOTH);
result = dlg.ShowModal(); result = dlg.ShowModal();
if (result == wxID_OK) { if (result == wxID_OK) {
@@ -208,7 +235,6 @@ void eap::peer_ttls_ui::invoke_identity_ui(
} }
} }
wxPAPCredentialsPanel *panel_inner_cred_pap = dynamic_cast<wxPAPCredentialsPanel*>(panel->m_inner_cred);
if (panel_inner_cred_pap && panel_inner_cred_pap->GetRememberValue()) { if (panel_inner_cred_pap && panel_inner_cred_pap->GetRememberValue()) {
try { try {
cred_out.m_inner->store(cfg_prov.m_id.c_str()); cred_out.m_inner->store(cfg_prov.m_id.c_str());

59
lib/TTLS_UI/src/TTLS_UI.cpp
View File

@@ -38,14 +38,6 @@ wxTTLSConfigPanel::wxTTLSConfigPanel(const eap::config_provider &prov, eap::conf
bool wxTTLSConfigPanel::TransferDataToWindow() bool wxTTLSConfigPanel::TransferDataToWindow()
{ {
if (m_prov.m_read_only) {
// This is provider-locked configuration. Disable controls.
m_outer_identity_same ->Enable(false);
m_outer_identity_empty ->Enable(false);
m_outer_identity_custom ->Enable(false);
m_outer_identity_custom_val->Enable(false);
}
// Populate identity controls. // Populate identity controls.
if (m_cfg.m_anonymous_identity.empty()) { if (m_cfg.m_anonymous_identity.empty()) {
m_outer_identity_same->SetValue(true); m_outer_identity_same->SetValue(true);
@@ -82,8 +74,17 @@ void wxTTLSConfigPanel::OnUpdateUI(wxUpdateUIEvent& event)
{ {
UNREFERENCED_PARAMETER(event); UNREFERENCED_PARAMETER(event);
if (!m_prov.m_read_only) { if (m_prov.m_read_only) {
// This is provider-locked configuration. Disable controls.
m_outer_identity_same ->Enable(false);
m_outer_identity_empty ->Enable(false);
m_outer_identity_custom ->Enable(false);
m_outer_identity_custom_val->Enable(false);
} else {
// This is not a provider-locked configuration. Selectively enable/disable controls. // This is not a provider-locked configuration. Selectively enable/disable controls.
m_outer_identity_same ->Enable(true);
m_outer_identity_empty ->Enable(true);
m_outer_identity_custom ->Enable(true);
m_outer_identity_custom_val->Enable(m_outer_identity_custom->GetValue()); m_outer_identity_custom_val->Enable(m_outer_identity_custom->GetValue());
} }
} }
@@ -94,10 +95,9 @@ void wxTTLSConfigPanel::OnUpdateUI(wxUpdateUIEvent& event)
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
wxTTLSConfigWindow::wxTTLSConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, LPCTSTR pszCredTarget, wxWindow* parent) : wxTTLSConfigWindow::wxTTLSConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, LPCTSTR pszCredTarget, wxWindow* parent) :
m_prov(prov),
m_cfg((eap::config_method_ttls&)cfg), m_cfg((eap::config_method_ttls&)cfg),
m_cfg_pap(cfg.m_module), m_cfg_pap(cfg.m_module),
wxScrolledWindow(parent, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxVSCROLL) wxEAPConfigWindow(prov, cfg, parent)
{ {
wxBoxSizer* sb_content; wxBoxSizer* sb_content;
sb_content = new wxBoxSizer( wxVERTICAL ); sb_content = new wxBoxSizer( wxVERTICAL );
@@ -112,7 +112,8 @@ wxTTLSConfigWindow::wxTTLSConfigWindow(const eap::config_provider &prov, eap::co
m_inner_type = new wxChoicebook(this, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxCHB_DEFAULT); m_inner_type = new wxChoicebook(this, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxCHB_DEFAULT);
m_inner_type->SetToolTip( _("Select inner authentication method from the list") ); m_inner_type->SetToolTip( _("Select inner authentication method from the list") );
m_inner_type->AddPage(new wxPAPConfigPanel(m_prov, m_cfg_pap, pszCredTarget, m_inner_type), _("PAP")); wxPAPConfigPanel *panel_pap = new wxPAPConfigPanel(m_prov, m_cfg_pap, pszCredTarget, m_inner_type);
m_inner_type->AddPage(panel_pap, _("PAP"));
sb_content->Add(m_inner_type, 0, wxALL|wxEXPAND, 5); sb_content->Add(m_inner_type, 0, wxALL|wxEXPAND, 5);
sb_content->Add(20, 20, 1, wxALL|wxEXPAND, 5); sb_content->Add(20, 20, 1, wxALL|wxEXPAND, 5);
@@ -135,32 +136,17 @@ wxTTLSConfigWindow::wxTTLSConfigWindow(const eap::config_provider &prov, eap::co
size.y = 500; size.y = 500;
} }
this->SetMinSize(size); this->SetMinSize(size);
this->SetScrollRate(5, 5);
this->SetSizer(sb_content); this->SetSizer(sb_content);
this->Layout(); this->Layout();
m_inner_type->SetFocusFromKbd(); // m_inner_type->SetFocusFromKbd(); // This control steals mouse-wheel scrolling for itself
panel_pap->SetFocusFromKbd();
// Connect Events
this->Connect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxTTLSConfigWindow::OnInitDialog));
}
wxTTLSConfigWindow::~wxTTLSConfigWindow()
{
// Disconnect Events
this->Disconnect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxTTLSConfigWindow::OnInitDialog));
} }
bool wxTTLSConfigWindow::TransferDataToWindow() bool wxTTLSConfigWindow::TransferDataToWindow()
{ {
if (m_prov.m_read_only) {
// This is provider-locked configuration. Disable controls.
m_inner_type->GetChoiceCtrl()->Enable(false);
}
eap::config_method_pap *cfg_pap = dynamic_cast<eap::config_method_pap*>(m_cfg.m_inner.get()); eap::config_method_pap *cfg_pap = dynamic_cast<eap::config_method_pap*>(m_cfg.m_inner.get());
if (cfg_pap) { if (cfg_pap) {
m_cfg_pap = *cfg_pap; m_cfg_pap = *cfg_pap;
@@ -196,8 +182,7 @@ bool wxTTLSConfigWindow::TransferDataFromWindow()
void wxTTLSConfigWindow::OnInitDialog(wxInitDialogEvent& event) void wxTTLSConfigWindow::OnInitDialog(wxInitDialogEvent& event)
{ {
// Call TransferDataToWindow() manually, as wxScrolledWindow somehow skips that. wxEAPConfigWindow::OnInitDialog(event);
TransferDataToWindow();
// Forward the event to child panels. // Forward the event to child panels.
m_outer_identity->GetEventHandler()->ProcessEvent(event); m_outer_identity->GetEventHandler()->ProcessEvent(event);
@@ -207,6 +192,14 @@ void wxTTLSConfigWindow::OnInitDialog(wxInitDialogEvent& event)
} }
void wxTTLSConfigWindow::OnUpdateUI(wxUpdateUIEvent& event)
{
wxEAPConfigWindow::OnUpdateUI(event);
m_inner_type->GetChoiceCtrl()->Enable(!m_prov.m_read_only);
}
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// wxTTLSCredentialsPanel // wxTTLSCredentialsPanel
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
@@ -226,7 +219,7 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov,
assert(m_cfg.m_inner); assert(m_cfg.m_inner);
if (m_cfg.m_inner->m_cred_failed) if (m_cfg.m_inner->m_auth_failed)
sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5); sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5);
const eap::config_method_pap *cfg_inner_pap = dynamic_cast<const eap::config_method_pap*>(m_cfg.m_inner.get()); const eap::config_method_pap *cfg_inner_pap = dynamic_cast<const eap::config_method_pap*>(m_cfg.m_inner.get());
@@ -245,7 +238,7 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov,
m_outer_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_INACTIVECAPTION ) ); m_outer_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_INACTIVECAPTION ) );
sb_content->Add(m_outer_title, 0, wxALL|wxALIGN_RIGHT, 5); sb_content->Add(m_outer_title, 0, wxALL|wxALIGN_RIGHT, 5);
if (m_cfg.m_cred_failed) if (m_cfg.m_auth_failed)
sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5); sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5);
m_outer_cred = new wxTLSCredentialsPanel(m_prov, (const eap::config_method_tls&)m_cfg, (eap::credentials_tls&)cred, pszCredTarget, this, is_config); m_outer_cred = new wxTLSCredentialsPanel(m_prov, (const eap::config_method_tls&)m_cfg, (eap::credentials_tls&)cred, pszCredTarget, this, is_config);

2
lib/WinStd

Submodule lib/WinStd updated: dfbe66a826...54ab70b263

2
output/Setup/.gitignore vendored
View File

@@ -1 +1,3 @@
/GEANTLink*.msi /GEANTLink*.msi
/CredWrite.exe
/MsiUseFeature.exe