Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity
977 Commits 3 Branches 69 Tags
Commit Graph

658 Commits

Author SHA1 Message Date
Simon Rozman
a7dc7d2525 Make Wingdings icons non-localizable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-04-17 07:01:11 +02:00
Simon Rozman
fdc1e5cb73 Resolve C5205 warning 
Reference: https://developercommunity.visualstudio.com/content/problem/893960/compiling-atlsecurityh-raises-several-c5205-warnin.html
Reference: https://developercommunity.visualstudio.com/idea/937938/msvc-version-1650-preview-20-introduces-a-new-c-wa.html
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-04-14 08:51:34 +02:00
Simon Rozman
90e21bd6e6 Makefile: Optimize building 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-03-03 13:28:13 +01:00
Simon Rozman
3fc0f89291 wxExtend: Bump 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-28 10:39:48 +01:00
Simon Rozman
96fede14ed Pull translations from Transifex 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-28 10:14:30 +01:00
Simon Rozman
9c50c949b1 wxExtend: Bump 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-28 08:22:21 +01:00
Simon Rozman
61d3ef43ad WinStd: Bump 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-28 08:22:03 +01:00
Simon Rozman
152e3a9176 Unify platform designations 
- .sln uses the same as .vcxproj and Makefile
- Output MSI files use the same as %PROCESSOR_ARCHITECTURE%

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-08 08:23:08 +01:00
Simon Rozman
8c2225992e TLS: Revise Schannel flags 
- SCH_USE_STRONG_CRYPTO is now declared in the Windows SDK included with
  Visual Studio 2019. No need to enter this flag numerically any more.

- m_sc_ctx.initialize() and m_sc_ctx.process() should use same flags.
  They are actually. Rather than copy&paste them, declare them in a
  single place.

- Add ISC_REQ_USE_SUPPLIED_CREDS flag. Use the client certificate we
  supply or none at all.

- Add ISC_REQ_MANUAL_CRED_VALIDATION flag. We validate the server
  certificate.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:59 +01:00
Simon Rozman
dedaee0693 UI: Upgrade wxFromBuilder 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:59 +01:00
Simon Rozman
fdb1340b9d EAP-GTC UI: Prevent wxChoicebook from stretching pages 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:59 +01:00
Simon Rozman
f98996c13d UI: Reorder outer and inner configuration panels 
This follows the natural workflow.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:58 +01:00
Simon Rozman
0aab5f2e94 UI touch-up 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:58 +01:00
Simon Rozman
8d42db2f56 TLS: Use protocol version enabled on the system by default 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:58 +01:00
Simon Rozman
4dad574377 Rename StdAfx.h to PCH.h 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:58 +01:00
Simon Rozman
cd0a99c518 wxUICanceller: Move upstream and make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:58 +01:00
Simon Rozman
3bd2d1fd09 credentials_tls: Update documentation 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
d4c01a5345 config_method_tls: Cleanup 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
6e97a04bfe credentials_tls: Keep thumbprint rather than client certificate 
By storing the client certificate the certificate became detached from
its private key stored in user certificate store. This rendered client
certificates useless for client TLS authentication.

Now, the client certificate thumbprint is stored instead. The client
certificate is looked up in the user certificate store as required.

This breaks profile XML and BLOB backward compatibility. Since the
client certificate support was broken, nobody probably used those in
the settings before.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
75488ba870 credentials: Move user impersonation to peer::get_identity() 
To retrieve user credentials, EapHost provides us the interactive user's
token we can use to impersonate.

By doing the impersonation early in peer::get_identity(), we don't need
to pass the token down the lower methods. This is rather a
simplification than a performance optimization.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
e2eb41e811 credentials_tls: Use WinCrypt to get client certificate name 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
e8b1e157d9 module: Make make_config() pure virtual 
It is important to implement this method in derived classes. When we
provided default implementation returning NULL, introducing new methods
might leave this method not implemented without a compiler error.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
6511d826a0 peer: Move all generic methods upstream from peer_tls_base 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
33e765adcd Cleanup 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:56 +01:00
Simon Rozman
5b02352f1a Resolve the make_...() methods 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:56 +01:00
Simon Rozman
5195b79eed method_ttls: Reintroduce 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:56 +01:00
Simon Rozman
d400901c52 Rename peer_tls to peer_tls_base 
peer_tls is actually not a complete EAP-TLS implementation.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:38 +01:00
Simon Rozman
570eb83558 peer_tls: Move all applicable methods upstream to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:38 +01:00
Simon Rozman
db056f5150 Cleanup 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:38 +01:00
Simon Rozman
1d558c939e Rename method_tls_tunnel to method_tls and move upstream 
CRL checking was also moved upstream as method_tls triggers it.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:37 +01:00
Simon Rozman
5c0299197b method_defrag: Move upstream to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:43 +01:00
Simon Rozman
383a85c18b method: Merge with method_tunnel 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:43 +01:00
Simon Rozman
c40f71462f ui_context: Merge with ui_context_tls_tunnel 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:43 +01:00
Simon Rozman
bef455e5a6 method_defrag: Check minimum send packet size and revise the calculation 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:43 +01:00
Simon Rozman
737f51b815 method_tls_tunnel: Cleanup 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:43 +01:00
Simon Rozman
7706e54294 method_tls_tunnel: Revise inner response packet generation 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:42 +01:00
Simon Rozman
d2a0c034c1 method_tls_tunnel: Declare authentication success according to EAP 
It is usually the outer EAP-Success/Failure message that confirm the
authentication is gracefully over.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:42 +01:00
Simon Rozman
1290d83b9d method_eapmsg: Let inner method handle EAP-Identity packets 
With EapHost inner method, this is a must.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:42 +01:00
Simon Rozman
b2edd74270 Introduce localization catalog domain name 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:42 +01:00
Simon Rozman
0a280975fb Rename method_ttls => method_tls_tunnel to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:42 +01:00
Simon Rozman
1e9e5a99c3 peer_ttls: Split to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:42 +01:00
Simon Rozman
41c2be77f5 Make EAP method logging dynamic 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:08:28 +01:00
Simon Rozman
4331de8605 wxTTLSConfigPanel: Split to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:08:28 +01:00
Simon Rozman
bacd4fd8d8 Rename wxTTLSConfigPanel and move upstream 
wxTTLSConfigPanel is about anonymizing inner identity and was renamed to
wxEAPIdentityConfigPanel and moved upstream to make reusable.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:08:28 +01:00
Simon Rozman
18184a2762 peer_ui: Move config_xml2blob and config_blob2xml upstream 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:08:28 +01:00
Simon Rozman
fb8ca2de24 Rename ui_context_ttls => ui_context_tls_tunnel to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:08:28 +01:00
Simon Rozman
248e15641a config_method_ttls: Split to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:08:28 +01:00
Simon Rozman
a943a14d0f Rename credentials_ttls => credentials_tls_tunnel to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:08:27 +01:00
Simon Rozman
3e04ca5181 EapHost: Fix EapHostPeerGetSendPacket() call 
The packet buffer returned by EapHostPeerGetSendPacket() shall not be
freed.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:07:53 +01:00
Simon Rozman
017766cb29 EapHost: Disambiguate from native EAP methods 
When eap::config_method_eaphost::get_method_id() returns EAP-MSCHAPv2,
XML-to-BLOB gets confused and picks native EAP-MSCHAPv2 implementation.
Therefore, it was updated to always return unknown EAP type. Outer
method does not need to know the exact method implemented by EapHost
inner method.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:07:53 +01:00