a6bdb42ece
Deprecate encrypted BLOB checksum
...
The MD5 checksum was calculated on unencrypted data. This offered a
possibility for a dictionary attack.
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-05-13 08:26:07 +02:00
75488ba870
credentials: Move user impersonation to peer::get_identity()
...
To retrieve user credentials, EapHost provides us the interactive user's
token we can use to impersonate.
By doing the impersonation early in peer::get_identity(), we don't need
to pass the token down the lower methods. This is rather a
simplification than a performance optimization.
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:10:57 +01:00
6511d826a0
peer: Move all generic methods upstream from peer_tls_base
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:10:57 +01:00
5a7827e85e
Make enums scoped
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-06 11:53:38 +01:00
059710d83c
Update Copyright year
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-05 11:45:51 +01:00
fac33ee0b1
Remove UTF-8 BOM
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2019-11-28 17:04:16 +01:00
6fb5cb88d2
Address code analysis warnings
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2019-09-04 13:11:48 +02:00
e7e57abf52
Uninitialized enum higher bytes when reading as unsigned char fixed
2017-02-09 11:38:57 +01:00
6f049d2692
EAP_USE_NATIVE_CREDENTIAL_CACHE is now 0/1 #defined
2017-02-02 13:25:24 +01:00
386d852859
Clean-up
2017-02-01 13:11:27 +01:00
f9083dc300
eap::credentials reverted back to abstract class (25934dd8c70ca399ff4c58fd9a06319de81611f3 undone), and eap::credentials_identity introduced, since identity-only credentials must fail when <UserName> absent
2017-01-31 13:54:27 +01:00
25934dd8c7
eap::credentials no longer pure virtual to allow identity-only credentials (i.e. EAP-GTC).
2017-01-31 10:33:15 +01:00
e7e484c814
Support for EapHost based inner methods has been (temporarily) disabled
2016-11-03 10:23:30 +01:00
d234e55ae4
- Doxygen documentation updated
...
- Some minor issues stumbled upon fixed
- WIN1250 >> UTF-8
2016-11-02 01:25:38 +01:00
65ea47eb4e
EAPMsg >> EapHost
2016-10-25 08:51:13 +02:00
e94e3bdd60
credentials::combine() methods updated with support for EAPMsg:
...
- Additional parameters
- Additional result code
- User impersonation now mounted inside of credentials::combine() when required
2016-10-10 14:31:23 +02:00
e8eec11618
EAP-TTLS inner method no longer needs to have support for configured credentials
2016-10-04 10:13:45 +02:00
832af1b633
Support for KPH password encryption added
2016-09-27 11:44:04 +02:00
0ab18017cd
Pre-shared >> Configured credentials, Own >> Stored credentials
2016-09-21 09:43:02 +02:00
641c9b6932
Credentials are no longer stored using method name (TLS/PAP/MSCHAPv2) but with level/type identifier
2016-09-06 15:39:41 +02:00
0095ebbff6
Provider identity is now coherent to draft-winter-opsawg-eap-metadata-02
2016-09-02 19:24:47 +02:00
c9be6f4f7b
Support for multiple identity providers of draft-winter-opsawg-eap-metadata XML configuration added
2016-08-31 14:39:27 +02:00
e66a7eb9ba
dePAPization continues to pave the road for seamless MSCHAPv2 integration
2016-08-28 20:04:45 +02:00
fc5e54db05
Inner configuration/credential management virtualized to reduce cluttering code
2016-08-28 17:20:24 +02:00
9daa5b52a4
Incorrect letter case referencing EapHost service fixed
2016-08-27 06:58:57 +02:00
6835f5279c
Certificate (TLS) credentials support custom identity now
2016-08-24 11:03:18 +02:00
df1d431bd0
- TLS revised (again)
...
- TLS Session resumption issues resolved
- Credential prompt has "Remember" checkbox initially selected when credentials originate from Windows Credential Manager
- Last authentication attempt failure notice is more general and no longer insinuate user credentials are the likely cause of the failure
- Additional log messages added
2016-08-17 11:50:34 +02:00
d8ccf7cbc0
Credential management revised
2016-08-15 17:33:10 +02:00
e34d2ba275
Prefast declaration update
2016-08-15 15:10:42 +02:00
b71e30f642
EAP_ERROR replaced with C++ exceptions for increased code readability
2016-08-08 22:59:17 +02:00
2aa4bce8cc
eap::config::m_module reference again
2016-08-06 07:01:12 +02:00
2711425677
Documentation update
2016-08-05 15:52:27 +02:00
460adb9858
m_module is now a pointer instead of reference
2016-08-05 11:23:59 +02:00
ee8410bdb9
credentials::target_suffix() is public now, as it can be reused to provide GUI method identifier
2016-07-21 12:33:32 +02:00
627b20aabc
pack() => operator <<, unpack() => operator >>, get_pk_size() => pksizeof()
2016-07-21 09:20:09 +02:00
51428d290f
Memory overflow detection when packing/unpacking BLOB added
2016-07-20 19:29:21 +02:00
2f4425f38c
EAPSerial.h merged into EAP.h
2016-07-20 18:17:25 +02:00
ce0bbc5b45
config_method::m_preshared moved to heap, which in turn required shift to virtual methods for packing/unpacking BLOBs
2016-07-20 14:59:12 +02:00
512f46f014
pack/unpack & load/save nesting arranged all the way up to eap::config
2016-07-20 10:31:34 +02:00
a92cafea36
eap::credentials::get_name() method introduced to allow more detailed display of certificate names
2016-07-20 10:05:36 +02:00
4f6943044f
eap::credentials::m_identity replaced with virtual method get_identity()
2016-07-20 09:54:26 +02:00
4630b32f77
target_suffix() method is private now
2016-07-19 13:39:41 +02:00
922d0ac3d0
Additional RSA credential encryption replaced with product-specific entropy in user-specific encryption pass, to circumvent RSA data length limitation
2016-06-22 23:32:28 +02:00
ec0b283540
Functions using EAP_ERROR descriptor return bool now for code simplicity
2016-06-15 22:59:52 +02:00
a9fdd1d71d
Support for pre-shared credentials introduced
2016-06-15 20:00:04 +02:00
fed1e6052a
Encryption enhanced and moved to module
2016-06-15 14:20:12 +02:00
9cf80108b5
Credential saving to XML introduced to support pre-shared credentials
2016-06-15 11:05:32 +02:00
822852c8b4
Password encryption/decryption moved to standalone methods to make reusable
2016-06-15 10:25:52 +02:00
cf7ca9c8e9
EAP modules divided to libraries
2016-06-10 12:24:49 +02:00
