Rename method_ttls => method_tls_tunnel to make reusable
Signed-off-by: Simon Rozman <simon@rozman.si>
This commit is contained in:
parent
1e9e5a99c3
commit
0a280975fb
@ -22,7 +22,7 @@ namespace eap
|
|||||||
{
|
{
|
||||||
class method_defrag;
|
class method_defrag;
|
||||||
class method_eapmsg;
|
class method_eapmsg;
|
||||||
class method_ttls;
|
class method_tls_tunnel;
|
||||||
}
|
}
|
||||||
|
|
||||||
#pragma once
|
#pragma once
|
||||||
@ -177,20 +177,21 @@ namespace eap
|
|||||||
|
|
||||||
|
|
||||||
///
|
///
|
||||||
/// TTLS method
|
/// TLS tunnel method
|
||||||
///
|
///
|
||||||
class method_ttls : public method_tunnel
|
class method_tls_tunnel : public method_tunnel
|
||||||
{
|
{
|
||||||
public:
|
public:
|
||||||
///
|
///
|
||||||
/// Constructs an TTLS method
|
/// Constructs a TLS tunnel method
|
||||||
///
|
///
|
||||||
/// \param[in] mod EAP module to use for global services
|
/// \param[in] mod EAP module to use for global services
|
||||||
|
/// \param[in] eap_method EAP method type ID
|
||||||
/// \param[in] cfg Method configuration
|
/// \param[in] cfg Method configuration
|
||||||
/// \param[in] cred User credentials
|
/// \param[in] cred User credentials
|
||||||
/// \param[in] inner Inner method
|
/// \param[in] inner Inner method
|
||||||
///
|
///
|
||||||
method_ttls(_In_ module &mod, _In_ config_method_tls_tunnel &cfg, _In_ credentials_tls_tunnel &cred, _In_ method *inner);
|
method_tls_tunnel(_In_ module &mod, _In_ winstd::eap_type_t eap_method, _In_ config_method_tls_tunnel &cfg, _In_ credentials_tls_tunnel &cred, _In_ method *inner);
|
||||||
|
|
||||||
/// \name Session management
|
/// \name Session management
|
||||||
/// @{
|
/// @{
|
||||||
@ -229,6 +230,7 @@ namespace eap
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
protected:
|
protected:
|
||||||
|
const winstd::eap_type_t m_eap_method; ///< EAP method type
|
||||||
config_method_tls_tunnel &m_cfg; ///< Method configuration
|
config_method_tls_tunnel &m_cfg; ///< Method configuration
|
||||||
credentials_tls_tunnel &m_cred; ///< Method user credentials
|
credentials_tls_tunnel &m_cred; ///< Method user credentials
|
||||||
HANDLE m_user_ctx; ///< Handle to user context
|
HANDLE m_user_ctx; ///< Handle to user context
|
||||||
|
|||||||
@ -301,10 +301,11 @@ void eap::method_eapmsg::get_response_packet(
|
|||||||
|
|
||||||
|
|
||||||
//////////////////////////////////////////////////////////////////////
|
//////////////////////////////////////////////////////////////////////
|
||||||
// eap::method_ttls
|
// eap::method_tls_tunnel
|
||||||
//////////////////////////////////////////////////////////////////////
|
//////////////////////////////////////////////////////////////////////
|
||||||
|
|
||||||
eap::method_ttls::method_ttls(_In_ module &mod, _In_ config_method_tls_tunnel &cfg, _In_ credentials_tls_tunnel &cred, _In_ method *inner) :
|
eap::method_tls_tunnel::method_tls_tunnel(_In_ module &mod, _In_ eap_type_t eap_method, _In_ config_method_tls_tunnel &cfg, _In_ credentials_tls_tunnel &cred, _In_ method *inner) :
|
||||||
|
m_eap_method(eap_method),
|
||||||
m_cfg(cfg),
|
m_cfg(cfg),
|
||||||
m_cred(cred),
|
m_cred(cred),
|
||||||
m_user_ctx(NULL),
|
m_user_ctx(NULL),
|
||||||
@ -317,7 +318,7 @@ eap::method_ttls::method_ttls(_In_ module &mod, _In_ config_method_tls_tunnel &c
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void eap::method_ttls::begin_session(
|
void eap::method_tls_tunnel::begin_session(
|
||||||
_In_ DWORD dwFlags,
|
_In_ DWORD dwFlags,
|
||||||
_In_ const EapAttributes *pAttributeArray,
|
_In_ const EapAttributes *pAttributeArray,
|
||||||
_In_ HANDLE hTokenImpersonateUser,
|
_In_ HANDLE hTokenImpersonateUser,
|
||||||
@ -386,7 +387,7 @@ void eap::method_ttls::begin_session(
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
|
EapPeerMethodResponseAction eap::method_tls_tunnel::process_request_packet(
|
||||||
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
|
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
|
||||||
_In_ DWORD dwReceivedPacketSize)
|
_In_ DWORD dwReceivedPacketSize)
|
||||||
{
|
{
|
||||||
@ -396,7 +397,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
|
|||||||
|
|
||||||
switch (m_phase) {
|
switch (m_phase) {
|
||||||
case phase_t::handshake_init: {
|
case phase_t::handshake_init: {
|
||||||
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_t::ttls), event_data::blank);
|
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)m_eap_method), event_data::blank);
|
||||||
|
|
||||||
// Prepare input buffer(s).
|
// Prepare input buffer(s).
|
||||||
SecBuffer buf_in[] = {
|
SecBuffer buf_in[] = {
|
||||||
@ -545,7 +546,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
|
|||||||
SecPkgContext_ConnectionInfo info;
|
SecPkgContext_ConnectionInfo info;
|
||||||
if (SUCCEEDED(status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_CONNECTION_INFO, &info)))
|
if (SUCCEEDED(status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_CONNECTION_INFO, &info)))
|
||||||
m_module.log_event(&EAPMETHOD_TLS_HANDSHAKE_FINISHED,
|
m_module.log_event(&EAPMETHOD_TLS_HANDSHAKE_FINISHED,
|
||||||
event_data((unsigned int)eap_type_t::ttls),
|
event_data((unsigned int)m_eap_method),
|
||||||
event_data(auth.sAuthorityName),
|
event_data(auth.sAuthorityName),
|
||||||
event_data(info.dwProtocol),
|
event_data(info.dwProtocol),
|
||||||
event_data(info.aiCipher),
|
event_data(info.aiCipher),
|
||||||
@ -688,7 +689,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void eap::method_ttls::get_response_packet(
|
void eap::method_tls_tunnel::get_response_packet(
|
||||||
_Out_ sanitizing_blob &packet,
|
_Out_ sanitizing_blob &packet,
|
||||||
_In_opt_ DWORD size_max)
|
_In_opt_ DWORD size_max)
|
||||||
{
|
{
|
||||||
@ -734,7 +735,7 @@ void eap::method_ttls::get_response_packet(
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void eap::method_ttls::get_result(
|
void eap::method_tls_tunnel::get_result(
|
||||||
_In_ EapPeerMethodResultReason reason,
|
_In_ EapPeerMethodResultReason reason,
|
||||||
_Inout_ EapPeerMethodResult *pResult)
|
_Inout_ EapPeerMethodResult *pResult)
|
||||||
{
|
{
|
||||||
@ -805,14 +806,14 @@ void eap::method_ttls::get_result(
|
|||||||
|
|
||||||
#if EAP_TLS < EAP_TLS_SCHANNEL_FULL
|
#if EAP_TLS < EAP_TLS_SCHANNEL_FULL
|
||||||
|
|
||||||
void eap::method_ttls::verify_server_trust() const
|
void eap::method_tls_tunnel::verify_server_trust() const
|
||||||
{
|
{
|
||||||
for (auto c = m_cfg.m_trusted_root_ca.cbegin(), c_end = m_cfg.m_trusted_root_ca.cend(); c != c_end; ++c) {
|
for (auto c = m_cfg.m_trusted_root_ca.cbegin(), c_end = m_cfg.m_trusted_root_ca.cend(); c != c_end; ++c) {
|
||||||
if (m_sc_cert->cbCertEncoded == (*c)->cbCertEncoded &&
|
if (m_sc_cert->cbCertEncoded == (*c)->cbCertEncoded &&
|
||||||
memcmp(m_sc_cert->pbCertEncoded, (*c)->pbCertEncoded, m_sc_cert->cbCertEncoded) == 0)
|
memcmp(m_sc_cert->pbCertEncoded, (*c)->pbCertEncoded, m_sc_cert->cbCertEncoded) == 0)
|
||||||
{
|
{
|
||||||
// Server certificate found directly on the trusted root CA list.
|
// Server certificate found directly on the trusted root CA list.
|
||||||
m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED_EX1, event_data((unsigned int)eap_type_t::ttls), event_data::blank);
|
m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED_EX1, event_data((unsigned int)m_eap_method), event_data::blank);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -861,7 +862,7 @@ void eap::method_ttls::verify_server_trust() const
|
|||||||
if (san_info->rgAltEntry[idx_entry].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME &&
|
if (san_info->rgAltEntry[idx_entry].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME &&
|
||||||
_wcsicmp(s->c_str(), san_info->rgAltEntry[idx_entry].pwszDNSName) == 0)
|
_wcsicmp(s->c_str(), san_info->rgAltEntry[idx_entry].pwszDNSName) == 0)
|
||||||
{
|
{
|
||||||
m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)eap_type_t::ttls), event_data(san_info->rgAltEntry[idx_entry].pwszDNSName), event_data::blank);
|
m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)m_eap_method), event_data(san_info->rgAltEntry[idx_entry].pwszDNSName), event_data::blank);
|
||||||
found = true;
|
found = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -876,7 +877,7 @@ void eap::method_ttls::verify_server_trust() const
|
|||||||
|
|
||||||
for (auto s = m_cfg.m_server_names.cbegin(), s_end = m_cfg.m_server_names.cend(); !found && s != s_end; ++s) {
|
for (auto s = m_cfg.m_server_names.cbegin(), s_end = m_cfg.m_server_names.cend(); !found && s != s_end; ++s) {
|
||||||
if (_wcsicmp(s->c_str(), subj.c_str()) == 0) {
|
if (_wcsicmp(s->c_str(), subj.c_str()) == 0) {
|
||||||
m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)eap_type_t::ttls), event_data(subj), event_data::blank);
|
m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)m_eap_method), event_data(subj), event_data::blank);
|
||||||
found = true;
|
found = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -966,7 +967,7 @@ void eap::method_ttls::verify_server_trust() const
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED1, event_data((unsigned int)eap_type_t::ttls), event_data::blank);
|
m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED1, event_data((unsigned int)m_eap_method), event_data::blank);
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user