6e97a04bfe
credentials_tls: Keep thumbprint rather than client certificate
...
By storing the client certificate the certificate became detached from
its private key stored in user certificate store. This rendered client
certificates useless for client TLS authentication.
Now, the client certificate thumbprint is stored instead. The client
certificate is looked up in the user certificate store as required.
This breaks profile XML and BLOB backward compatibility. Since the
client certificate support was broken, nobody probably used those in
the settings before.
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:10:57 +01:00
75488ba870
credentials: Move user impersonation to peer::get_identity()
...
To retrieve user credentials, EapHost provides us the interactive user's
token we can use to impersonate.
By doing the impersonation early in peer::get_identity(), we don't need
to pass the token down the lower methods. This is rather a
simplification than a performance optimization.
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:10:57 +01:00
5a7827e85e
Make enums scoped
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-06 11:53:38 +01:00
059710d83c
Update Copyright year
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-05 11:45:51 +01:00
fac33ee0b1
Remove UTF-8 BOM
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2019-11-28 17:04:16 +01:00
6fb5cb88d2
Address code analysis warnings
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2019-09-04 13:11:48 +02:00
d234e55ae4
- Doxygen documentation updated
...
- Some minor issues stumbled upon fixed
- WIN1250 >> UTF-8
2016-11-02 01:25:38 +01:00
abf54ad342
Doxygen documentation update
2016-10-25 08:51:04 +02:00
e94e3bdd60
credentials::combine() methods updated with support for EAPMsg:
...
- Additional parameters
- Additional result code
- User impersonation now mounted inside of credentials::combine() when required
2016-10-10 14:31:23 +02:00
e8eec11618
EAP-TTLS inner method no longer needs to have support for configured credentials
2016-10-04 10:13:45 +02:00
0ab18017cd
Pre-shared >> Configured credentials, Own >> Stored credentials
2016-09-21 09:43:02 +02:00
641c9b6932
Credentials are no longer stored using method name (TLS/PAP/MSCHAPv2) but with level/type identifier
2016-09-06 15:39:41 +02:00
fc5e54db05
Inner configuration/credential management virtualized to reduce cluttering code
2016-08-28 17:20:24 +02:00
6835f5279c
Certificate (TLS) credentials support custom identity now
2016-08-24 11:03:18 +02:00
df1d431bd0
- TLS revised (again)
...
- TLS Session resumption issues resolved
- Credential prompt has "Remember" checkbox initially selected when credentials originate from Windows Credential Manager
- Last authentication attempt failure notice is more general and no longer insinuate user credentials are the likely cause of the failure
- Additional log messages added
2016-08-17 11:50:34 +02:00
d8ccf7cbc0
Credential management revised
2016-08-15 17:33:10 +02:00
e34d2ba275
Prefast declaration update
2016-08-15 15:10:42 +02:00
b71e30f642
EAP_ERROR replaced with C++ exceptions for increased code readability
2016-08-08 22:59:17 +02:00
2aa4bce8cc
eap::config::m_module reference again
2016-08-06 07:01:12 +02:00
2711425677
Documentation update
2016-08-05 15:52:27 +02:00
460adb9858
m_module is now a pointer instead of reference
2016-08-05 11:23:59 +02:00
ee8410bdb9
credentials::target_suffix() is public now, as it can be reused to provide GUI method identifier
2016-07-21 12:33:32 +02:00
627b20aabc
pack() => operator <<, unpack() => operator >>, get_pk_size() => pksizeof()
2016-07-21 09:20:09 +02:00
51428d290f
Memory overflow detection when packing/unpacking BLOB added
2016-07-20 19:29:21 +02:00
2f4425f38c
EAPSerial.h merged into EAP.h
2016-07-20 18:17:25 +02:00
ce0bbc5b45
config_method::m_preshared moved to heap, which in turn required shift to virtual methods for packing/unpacking BLOBs
2016-07-20 14:59:12 +02:00
a92cafea36
eap::credentials::get_name() method introduced to allow more detailed display of certificate names
2016-07-20 10:05:36 +02:00
4f6943044f
eap::credentials::m_identity replaced with virtual method get_identity()
2016-07-20 09:54:26 +02:00
4630b32f77
target_suffix() method is private now
2016-07-19 13:39:41 +02:00
922d0ac3d0
Additional RSA credential encryption replaced with product-specific entropy in user-specific encryption pass, to circumvent RSA data length limitation
2016-06-22 23:32:28 +02:00
d430b63829
(Pre-shared) client certificates are no longer maintained by hash only
2016-06-16 00:29:56 +02:00
ec0b283540
Functions using EAP_ERROR descriptor return bool now for code simplicity
2016-06-15 22:59:52 +02:00
df2fee4cef
Virtual method implementations moved to .cpp files
...
get_method_id() now const
2016-06-15 11:26:51 +02:00
9cf80108b5
Credential saving to XML introduced to support pre-shared credentials
2016-06-15 11:05:32 +02:00
cf7ca9c8e9
EAP modules divided to libraries
2016-06-10 12:24:49 +02:00
