Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity
1,032 Commits 3 Branches 69 Tags
Commit Graph

689 Commits

Author SHA1 Message Date
Simon Rozman
75488ba870 credentials: Move user impersonation to peer::get_identity() 
To retrieve user credentials, EapHost provides us the interactive user's
token we can use to impersonate.

By doing the impersonation early in peer::get_identity(), we don't need
to pass the token down the lower methods. This is rather a
simplification than a performance optimization.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
e2eb41e811 credentials_tls: Use WinCrypt to get client certificate name 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
e8b1e157d9 module: Make make_config() pure virtual 
It is important to implement this method in derived classes. When we
provided default implementation returning NULL, introducing new methods
might leave this method not implemented without a compiler error.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
6511d826a0 peer: Move all generic methods upstream from peer_tls_base 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
33e765adcd Cleanup 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:56 +01:00
Simon Rozman
5b02352f1a Resolve the make_...() methods 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:56 +01:00
Simon Rozman
5195b79eed method_ttls: Reintroduce 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:56 +01:00
Simon Rozman
d400901c52 Rename peer_tls to peer_tls_base 
peer_tls is actually not a complete EAP-TLS implementation.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:38 +01:00
Simon Rozman
570eb83558 peer_tls: Move all applicable methods upstream to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:38 +01:00
Simon Rozman
db056f5150 Cleanup 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:38 +01:00
Simon Rozman
1d558c939e Rename method_tls_tunnel to method_tls and move upstream 
CRL checking was also moved upstream as method_tls triggers it.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:37 +01:00
Simon Rozman
5c0299197b method_defrag: Move upstream to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:43 +01:00
Simon Rozman
383a85c18b method: Merge with method_tunnel 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:43 +01:00
Simon Rozman
c40f71462f ui_context: Merge with ui_context_tls_tunnel 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:43 +01:00
Simon Rozman
bef455e5a6 method_defrag: Check minimum send packet size and revise the calculation 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:43 +01:00
Simon Rozman
737f51b815 method_tls_tunnel: Cleanup 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:43 +01:00
Simon Rozman
7706e54294 method_tls_tunnel: Revise inner response packet generation 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:42 +01:00
Simon Rozman
d2a0c034c1 method_tls_tunnel: Declare authentication success according to EAP 
It is usually the outer EAP-Success/Failure message that confirm the
authentication is gracefully over.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:42 +01:00
Simon Rozman
1290d83b9d method_eapmsg: Let inner method handle EAP-Identity packets 
With EapHost inner method, this is a must.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:42 +01:00
Simon Rozman
b2edd74270 Introduce localization catalog domain name 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:42 +01:00
Simon Rozman
0a280975fb Rename method_ttls => method_tls_tunnel to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:42 +01:00
Simon Rozman
1e9e5a99c3 peer_ttls: Split to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:42 +01:00
Simon Rozman
41c2be77f5 Make EAP method logging dynamic 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:08:28 +01:00
Simon Rozman
4331de8605 wxTTLSConfigPanel: Split to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:08:28 +01:00
Simon Rozman
bacd4fd8d8 Rename wxTTLSConfigPanel and move upstream 
wxTTLSConfigPanel is about anonymizing inner identity and was renamed to
wxEAPIdentityConfigPanel and moved upstream to make reusable.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:08:28 +01:00
Simon Rozman
18184a2762 peer_ui: Move config_xml2blob and config_blob2xml upstream 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:08:28 +01:00
Simon Rozman
fb8ca2de24 Rename ui_context_ttls => ui_context_tls_tunnel to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:08:28 +01:00
Simon Rozman
248e15641a config_method_ttls: Split to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:08:28 +01:00
Simon Rozman
a943a14d0f Rename credentials_ttls => credentials_tls_tunnel to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:08:27 +01:00
Simon Rozman
3e04ca5181 EapHost: Fix EapHostPeerGetSendPacket() call 
The packet buffer returned by EapHostPeerGetSendPacket() shall not be
freed.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:07:53 +01:00
Simon Rozman
017766cb29 EapHost: Disambiguate from native EAP methods 
When eap::config_method_eaphost::get_method_id() returns EAP-MSCHAPv2,
XML-to-BLOB gets confused and picks native EAP-MSCHAPv2 implementation.
Therefore, it was updated to always return unknown EAP type. Outer
method does not need to know the exact method implemented by EapHost
inner method.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:07:53 +01:00
Simon Rozman
213042339b EapHost: Do not reference the Eappprxy.lib when not used 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:07:53 +01:00
Simon Rozman
4da7785490 method_eap: Refactor 
Instead of delayed response packet generation, the
method_eap::process_request_packet() prepares the response packet. This
eliminates the state machine.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:07:53 +01:00
Simon Rozman
7caa4b12a6 method_eap: tolerate empty request packets 
TLS methods call process_request_packet(NULL, 0) to check on the inner
method for the payload to piggyback on the final handshake response.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:07:53 +01:00
Simon Rozman
2282a2c45f Explicitly check buffer length before touching it and unify exception 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:07:53 +01:00
Simon Rozman
9d0e261bbe method_eap: Add EAP Success/Failure support 
Although, EapHost takes care for EAP Success and Failure packets for us,
it does so for the outer-most method only. When using EAP inside a TLS
tunnel, we are responsible for EAP Success and Failure packets ourselves.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:07:53 +01:00
Simon Rozman
e5e5f1c63e method_eap: Support EAP identity exchange 
Although, EapHost takes care for EAP identity exchange for us, it does
so for the outer-most method only. When using EAP inside a TLS tunnel,
we are responsible for EAP identity exchange ourselves.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:07:52 +01:00
Simon Rozman
1c295360fc Double link inner-outer methods 
This allows inner methods to access method_defrag to get negotiated
EAP-TTLS/PEAP protocol version.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:07:00 +01:00
Simon Rozman
0daa0579fe method_defrag: Merge EAP response/request flags 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:07:00 +01:00
Simon Rozman
b908ff3aa9 method_defrag: Add support for version negotiation 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:07:00 +01:00
Simon Rozman
4af1bdc935 method_defrag: Simplify data length calculation 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-06 11:53:42 +01:00
Simon Rozman
a18fb7826c MSCHAPv2: Adopt authentication success from EAP 
It is usually the outer EAP-Success/Failure message that confirm the
authentication is gracefully over.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-06 11:53:42 +01:00
Simon Rozman
d8cc9636b5 MSCHAPv2: Set keying material the proper way 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-06 11:53:42 +01:00
Simon Rozman
f4e8ba88ae Omit "B" from reported sizes 
There should be a space between the number and a unit. Since everything
is always reported in bytes, there is no need to have a unit.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-06 11:53:42 +01:00
Simon Rozman
9e9648c924 Make modules and methods non-copyable & non-movable 
Modules and methods are never duplicated or moved in a memory. Moving
constructors and operators are dead code.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-06 11:53:42 +01:00
Simon Rozman
a75008891b Add ECDHEPHEM and NULL cipher friendly names 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-06 11:53:41 +01:00
Simon Rozman
72398339d3 Update PEAP name 
It's PEAP, not EAP-PEAP.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-06 11:53:41 +01:00
Simon Rozman
6addc49df2 wxInitializerPeer: Move upstream and make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-06 11:53:41 +01:00
Simon Rozman
c4fc8d184a config_method_with_cred: Move anonymous identity upstream 
This might break BLOB backward compatibility.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-06 11:53:41 +01:00
Simon Rozman
a2a4d75745 method: Cleanup get_result() 
fIsSuccess is already set to TRUE by module::get_result().

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-06 11:53:41 +01:00