Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity
1,035 Commits 3 Branches 69 Tags
Commit Graph

126 Commits

Author SHA1 Message Date
Simon Rozman
a2cab07a30 WinStd: Update 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2022-03-03 18:02:31 +01:00
Simon Rozman
5e7f55880a Update Copyright and build year 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2022-01-07 11:21:33 +01:00
Simon Rozman
b55ddd7d86 Update Copyright and build year 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2021-11-22 15:31:23 +01:00
Simon Rozman
b96ebfbce4 Switch to SPDX license notice 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2021-11-22 15:20:57 +01:00
Simon Rozman
3bd2d1fd09 credentials_tls: Update documentation 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
d4c01a5345 config_method_tls: Cleanup 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
6e97a04bfe credentials_tls: Keep thumbprint rather than client certificate 
By storing the client certificate the certificate became detached from
its private key stored in user certificate store. This rendered client
certificates useless for client TLS authentication.

Now, the client certificate thumbprint is stored instead. The client
certificate is looked up in the user certificate store as required.

This breaks profile XML and BLOB backward compatibility. Since the
client certificate support was broken, nobody probably used those in
the settings before.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
75488ba870 credentials: Move user impersonation to peer::get_identity() 
To retrieve user credentials, EapHost provides us the interactive user's
token we can use to impersonate.

By doing the impersonation early in peer::get_identity(), we don't need
to pass the token down the lower methods. This is rather a
simplification than a performance optimization.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
6511d826a0 peer: Move all generic methods upstream from peer_tls_base 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
5b02352f1a Resolve the make_...() methods 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:56 +01:00
Simon Rozman
5195b79eed method_ttls: Reintroduce 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:56 +01:00
Simon Rozman
d400901c52 Rename peer_tls to peer_tls_base 
peer_tls is actually not a complete EAP-TLS implementation.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:38 +01:00
Simon Rozman
570eb83558 peer_tls: Move all applicable methods upstream to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:38 +01:00
Simon Rozman
1d558c939e Rename method_tls_tunnel to method_tls and move upstream 
CRL checking was also moved upstream as method_tls triggers it.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:37 +01:00
Simon Rozman
5c0299197b method_defrag: Move upstream to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:43 +01:00
Simon Rozman
5a7827e85e Make enums scoped 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-06 11:53:38 +01:00
Simon Rozman
059710d83c Update Copyright year 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-05 11:45:51 +01:00
Simon Rozman
fac33ee0b1 Remove UTF-8 BOM 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2019-11-28 17:04:16 +01:00
Simon Rozman
6fb5cb88d2 Address code analysis warnings 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2019-09-04 13:11:48 +02:00
Simon Rozman
5a82dc2a25 Unify LPCBYTE 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2019-06-14 09:57:48 +02:00
Simon Rozman
48ba0b3664 Typo in documentation fixed 2016-11-03 11:11:54 +01:00
Simon Rozman
d234e55ae4 - Doxygen documentation updated 
- Some minor issues stumbled upon fixed
- WIN1250 >> UTF-8
 2016-11-02 01:25:38 +01:00
Simon Rozman
52a428bb5e Various ownTLS leftover clean-up 2016-11-01 05:33:55 +01:00
Simon Rozman
c31e019cef eap::metod thorough redesign: 
- Support for method stacking introduced
- EAP-TLS method has been discontinued
- ownTLS has been discontinued
 2016-10-31 16:58:53 +01:00
Simon Rozman
f5a40f7ca8 Doxygen update 2016-10-28 13:47:59 +02:00
Simon Rozman
654c965851 Support for various peer action request extended 2016-10-27 10:00:18 +02:00
Simon Rozman
abf54ad342 Doxygen documentation update 2016-10-25 08:51:04 +02:00
Simon Rozman
e7e1a6735d pEapOutput Prefast specifier for process_request_packet() methods changed 2016-10-24 14:55:31 +02:00
Simon Rozman
a1f9a7bab9 ppResult >> pResult 2016-10-24 13:33:01 +02:00
Simon Rozman
e94e3bdd60 credentials::combine() methods updated with support for EAPMsg: 
- Additional parameters
- Additional result code
- User impersonation now mounted inside of credentials::combine() when required
 2016-10-10 14:31:23 +02:00
Simon Rozman
e8eec11618 EAP-TTLS inner method no longer needs to have support for configured credentials 2016-10-04 10:13:45 +02:00
Simon Rozman
01245d15d9 ID 8. A typo in the comment from security audit resolved 2016-10-03 14:54:02 +02:00
Simon Rozman
f0af016efe ID 4. Possibility of method_tls class initialization list optimization from security audit fixed 2016-10-03 14:54:01 +02:00
Simon Rozman
79cc1af86f Clean-up and XML handling enhancement: 
- XML helper functions always return objects by winstd::com_obj or winstd::bstr reference now to ensure proper release by caller
- get_element_value()/put_element_value() can optionally return reference to the XML object if required
- WinStd macros to simplify dplhandle<> and handle<> inherited classes reused by non-copyable classes
 2016-09-23 14:43:31 +02:00
Simon Rozman
0ab18017cd Pre-shared >> Configured credentials, Own >> Stored credentials 2016-09-21 09:43:02 +02:00
Simon Rozman
641c9b6932 Credentials are no longer stored using method name (TLS/PAP/MSCHAPv2) but with level/type identifier 2016-09-06 15:39:41 +02:00
Simon Rozman
c765954c0f "Last Authentication Failed" flag extended to support finer feedback, why last authentication failed 2016-09-06 14:10:02 +02:00
Simon Rozman
d83f5422d7 MSCHAPv2 almost finished... 2016-09-05 16:44:18 +02:00
Simon Rozman
c33c8b551b Clean-up 2016-09-04 17:57:04 +02:00
Simon Rozman
621669828b Schannel and ownTLS MSK derivation unified 2016-09-02 14:03:34 +02:00
Simon Rozman
00aee5bb78 ownTLS updated 2016-09-02 11:38:28 +02:00
Simon Rozman
198b9a576e Maximum packet size parameter is now optional 2016-09-02 10:19:39 +02:00
Simon Rozman
566785192a Requirement that eap::method processes EAP packets only dropped, work with non-EAP methods simplified 2016-09-02 09:50:21 +02:00
Simon Rozman
1e60d21860 On session reconnect skip inner re-authentication now 2016-09-01 12:49:20 +02:00
Simon Rozman
844b185887 EAP packet classes organized in hierarchy now 2016-09-01 10:25:33 +02:00
Simon Rozman
cafd786e19 Own TLS updated to keep it alive (now that the fuss around outer/inner methods settled) 2016-08-29 20:40:37 +02:00
Simon Rozman
a7c8052ee2 eap::method revised to support nesting, so the PAP method was made a stand-alone method 2016-08-29 20:05:58 +02:00
Simon Rozman
fc5e54db05 Inner configuration/credential management virtualized to reduce cluttering code 2016-08-28 17:20:24 +02:00
Simon Rozman
9daa5b52a4 Incorrect letter case referencing EapHost service fixed 2016-08-27 06:58:57 +02:00
Simon Rozman
6077063599 The credentials are marked "invalid" at transition from handshake to application data phase only to prevent initial handshake problems from popping-up credential prompt when credentials have nothing to do with the connection failure. 2016-08-25 13:08:11 +02:00