Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Rename method_tls_tunnel to method_tls and move upstream

Browse Source 
CRL checking was also moved upstream as method_tls triggers it.

Signed-off-by: Simon Rozman <simon@rozman.si>
This commit is contained in:
Simon Rozman
2020-02-04 14:00:28 +01:00
parent 5c0299197b
commit 1d558c939e
13 changed files with 1078 additions and 954 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
lib/TTLS/include/Method.h
View File

@@ -21,7 +21,6 @@
namespace eap
{
class method_eapmsg;
class method_tls_tunnel;
}
#pragma once
@@ -32,8 +31,6 @@ namespace eap
#include "../../EAPBase/include/Method.h"
#include <WinStd/Sec.h>
namespace eap
{
@@ -91,92 +88,5 @@ namespace eap
sanitizing_blob m_packet_res; ///< Response packet
};
///
/// TLS tunnel method
///
class method_tls_tunnel : public method
{
public:
///
/// Constructs a TLS tunnel method
///
/// \param[in] mod EAP module to use for global services
/// \param[in] eap_method EAP method type ID
/// \param[in] cfg Method configuration
/// \param[in] cred User credentials
/// \param[in] inner Inner method
///
method_tls_tunnel(_In_ module &mod, _In_ winstd::eap_type_t eap_method, _In_ config_method_tls_tunnel &cfg, _In_ credentials_tls_tunnel &cred, _In_ method *inner);
/// \name Session management
/// @{
virtual void begin_session(
_In_ DWORD dwFlags,
_In_ const EapAttributes *pAttributeArray,
_In_ HANDLE hTokenImpersonateUser,
_In_opt_ DWORD dwMaxSendPacketSize = MAXDWORD);
/// @}
/// \name Packet processing
/// @{
virtual EapPeerMethodResponseAction process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize);
virtual void get_response_packet(
_Out_ sanitizing_blob &packet,
_In_opt_ DWORD size_max = MAXDWORD);
/// @}
virtual void get_result(
_In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *pResult);
protected:
///
/// Decrypts data and forwards it to the inner method.
///
EapPeerMethodResponseAction decrypt_request_data();
#if EAP_TLS < EAP_TLS_SCHANNEL_FULL
///
/// Verifies server certificate if trusted by configuration
///
void verify_server_trust() const;
#endif
protected:
const winstd::eap_type_t m_eap_method; ///< EAP method type
config_method_tls_tunnel &m_cfg; ///< Method configuration
credentials_tls_tunnel &m_cred; ///< Method user credentials
HANDLE m_user_ctx; ///< Handle to user context
winstd::tstring m_sc_target_name; ///< Schannel target name
winstd::sec_credentials m_sc_cred; ///< Schannel client credentials
std::vector<unsigned char> m_sc_queue; ///< TLS data queue
winstd::sec_context m_sc_ctx; ///< Schannel context
winstd::cert_context m_sc_cert; ///< Server certificate
///
/// Communication phase
///
enum class phase_t {
unknown = -1, ///< Unknown phase
handshake_init = 0, ///< Handshake initialize
handshake_cont, ///< Handshake continue
finished, ///< Exchange application data
} m_phase; ///< What phase is our communication at?
sanitizing_blob m_packet_res; ///< Response packet
bool m_packet_res_inner; ///< Get and ancrypt data from inner method too?
std::vector<winstd::eap_attr> m_eap_attr; ///< EAP attributes returned by get_result() method
EAP_ATTRIBUTES m_eap_attr_desc; ///< EAP attributes descriptor (required to avoid memory leakage in get_result())
};
/// @}
}

58
lib/TTLS/include/Module.h
View File

@@ -31,6 +31,8 @@ namespace eap
#include "Method.h"
#include "TTLS.h"
#include "..\..\TLS\include\Module.h"
namespace eap
{
@@ -40,7 +42,7 @@ namespace eap
///
/// TLS tunnel peer
///
class peer_tls_tunnel : public peer
class peer_tls_tunnel : public peer_tls
{
public:
///
@@ -151,13 +153,6 @@ namespace eap
/// @}
///
/// Spawns a new certificate revocation check thread
///
/// \param[inout] cert Certificate context to check for revocation. `hCertStore` member should contain all certificates in chain up to and including root CA to test them for revocation too.
///
void spawn_crl_check(_Inout_ winstd::cert_context &&cert);
protected:
///
/// Makes a new inner method
@@ -209,53 +204,6 @@ namespace eap
#endif
BYTE *m_blob_ui_ctx; ///< User Interface context data
};
///
///< Post-festum server certificate revocation verify thread
///
class crl_checker {
public:
///
/// Constructs a thread
///
/// \param[in ] mod EAP module to use for global services
/// \param[inout] cert Certificate context to check for revocation. `hCertStore` member should contain all certificates in chain up to and including root CA to test them for revocation too.
///
crl_checker(_In_ module &mod, _Inout_ winstd::cert_context &&cert);
///
/// Moves a thread
///
/// \param[in] other Thread to move from
///
crl_checker(_Inout_ crl_checker &&other) noexcept;
///
/// Moves a thread
///
/// \param[in] other Thread to move from
///
/// \returns Reference to this object
///
crl_checker& operator=(_Inout_ crl_checker &&other) noexcept;
///
/// Verifies server's certificate if it has been revoked
///
/// \param[in] obj Pointer to the instance of this object
///
/// \returns Thread exit code
///
static DWORD WINAPI verify(_In_ crl_checker *obj);
public:
module &m_module; ///< Module
winstd::win_handle<NULL> m_thread; ///< Thread
winstd::win_handle<NULL> m_abort; ///< Thread abort event
winstd::cert_context m_cert; ///< Server certificate
};
std::list<crl_checker> m_crl_checkers; ///< List of certificate revocation check threads
};