4dad574377
Rename StdAfx.h to PCH.h
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:10:58 +01:00
6e97a04bfe
credentials_tls: Keep thumbprint rather than client certificate
...
By storing the client certificate the certificate became detached from
its private key stored in user certificate store. This rendered client
certificates useless for client TLS authentication.
Now, the client certificate thumbprint is stored instead. The client
certificate is looked up in the user certificate store as required.
This breaks profile XML and BLOB backward compatibility. Since the
client certificate support was broken, nobody probably used those in
the settings before.
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:10:57 +01:00
75488ba870
credentials: Move user impersonation to peer::get_identity()
...
To retrieve user credentials, EapHost provides us the interactive user's
token we can use to impersonate.
By doing the impersonation early in peer::get_identity(), we don't need
to pass the token down the lower methods. This is rather a
simplification than a performance optimization.
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:10:57 +01:00
e2eb41e811
credentials_tls: Use WinCrypt to get client certificate name
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:10:57 +01:00
5a7827e85e
Make enums scoped
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-06 11:53:38 +01:00
059710d83c
Update Copyright year
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-05 11:45:51 +01:00
fac33ee0b1
Remove UTF-8 BOM
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2019-11-28 17:04:16 +01:00
6fb5cb88d2
Address code analysis warnings
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2019-09-04 13:11:48 +02:00
4ae048fd9f
Auditing of CryptProtectData() enabled
2016-11-07 11:06:20 +01:00
b87e30bc9d
Some final adjustments to EapHost inner method code before I put it to rest because of RasMan MSCHAPv2 heap corruption :(
2016-11-03 10:11:31 +01:00
d234e55ae4
- Doxygen documentation updated
...
- Some minor issues stumbled upon fixed
- WIN1250 >> UTF-8
2016-11-02 01:25:38 +01:00
d87b3d37e5
Discrete output of credentials to event log centralized
2016-10-25 13:37:39 +02:00
7a26128c7b
"auto" simplified
2016-10-10 15:00:10 +02:00
e94e3bdd60
credentials::combine() methods updated with support for EAPMsg:
...
- Additional parameters
- Additional result code
- User impersonation now mounted inside of credentials::combine() when required
2016-10-10 14:31:23 +02:00
e8eec11618
EAP-TTLS inner method no longer needs to have support for configured credentials
2016-10-04 10:13:45 +02:00
559ffc5ead
ID 3. C style pointer casting from security audit fixed
2016-10-03 14:53:50 +02:00
79cc1af86f
Clean-up and XML handling enhancement:
...
- XML helper functions always return objects by winstd::com_obj or winstd::bstr reference now to ensure proper release by caller
- get_element_value()/put_element_value() can optionally return reference to the XML object if required
- WinStd macros to simplify dplhandle<> and handle<> inherited classes reused by non-copyable classes
2016-09-23 14:43:31 +02:00
0ab18017cd
Pre-shared >> Configured credentials, Own >> Stored credentials
2016-09-21 09:43:02 +02:00
641c9b6932
Credentials are no longer stored using method name (TLS/PAP/MSCHAPv2) but with level/type identifier
2016-09-06 15:39:41 +02:00
c9be6f4f7b
Support for multiple identity providers of draft-winter-opsawg-eap-metadata XML configuration added
2016-08-31 14:39:27 +02:00
452fa4b9dc
Inserting single-occurrence XML elements with children simplified
2016-08-31 09:48:11 +02:00
68aec5dfb4
Namespace name is static member now
2016-08-31 08:43:03 +02:00
b6ae394eaf
User identity derived from certificate is using sAN2 and sAN extensions only now
2016-08-29 13:51:19 +02:00
df680e74f6
TLS credentials are considered empty regardless the state of custom identity setting now
2016-08-28 20:05:41 +02:00
fc5e54db05
Inner configuration/credential management virtualized to reduce cluttering code
2016-08-28 17:20:24 +02:00
6835f5279c
Certificate (TLS) credentials support custom identity now
2016-08-24 11:03:18 +02:00
df1d431bd0
- TLS revised (again)
...
- TLS Session resumption issues resolved
- Credential prompt has "Remember" checkbox initially selected when credentials originate from Windows Credential Manager
- Last authentication attempt failure notice is more general and no longer insinuate user credentials are the likely cause of the failure
- Additional log messages added
2016-08-17 11:50:34 +02:00
d8ccf7cbc0
Credential management revised
2016-08-15 17:33:10 +02:00
e34d2ba275
Prefast declaration update
2016-08-15 15:10:42 +02:00
1bf51fda25
win_runtime_error moved to WinStd; eapxml functions return HRESULT now
2016-08-09 01:05:00 +02:00
b71e30f642
EAP_ERROR replaced with C++ exceptions for increased code readability
2016-08-08 22:59:17 +02:00
2aa4bce8cc
eap::config::m_module reference again
2016-08-06 07:01:12 +02:00
460adb9858
m_module is now a pointer instead of reference
2016-08-05 11:23:59 +02:00
35034789d2
String typing fixed
2016-07-21 12:34:49 +02:00
ee8410bdb9
credentials::target_suffix() is public now, as it can be reused to provide GUI method identifier
2016-07-21 12:33:32 +02:00
627b20aabc
pack() => operator <<, unpack() => operator >>, get_pk_size() => pksizeof()
2016-07-21 09:20:09 +02:00
51428d290f
Memory overflow detection when packing/unpacking BLOB added
2016-07-20 19:29:21 +02:00
ce0bbc5b45
config_method::m_preshared moved to heap, which in turn required shift to virtual methods for packing/unpacking BLOBs
2016-07-20 14:59:12 +02:00
3e82e988d4
Identity of digital certificates is correctly resolved now
2016-07-20 12:59:58 +02:00
512f46f014
pack/unpack & load/save nesting arranged all the way up to eap::config
2016-07-20 10:31:34 +02:00
a92cafea36
eap::credentials::get_name() method introduced to allow more detailed display of certificate names
2016-07-20 10:05:36 +02:00
4f6943044f
eap::credentials::m_identity replaced with virtual method get_identity()
2016-07-20 09:54:26 +02:00
4630b32f77
target_suffix() method is private now
2016-07-19 13:39:41 +02:00
4acabbca4e
Configuration and credentials logging introduced
2016-07-19 12:53:54 +02:00
922d0ac3d0
Additional RSA credential encryption replaced with product-specific entropy in user-specific encryption pass, to circumvent RSA data length limitation
2016-06-22 23:32:28 +02:00
a2ca2fd850
Logging and error reporting simplified
2016-06-21 13:15:50 +02:00
0c8492ccd1
CredProtect() replaced with CryptProtectData() << the former didn't work between normal and UAC-elevated processes: stored credentials are no longer valid and should be reentered
2016-06-20 16:37:48 +02:00
d430b63829
(Pre-shared) client certificates are no longer maintained by hash only
2016-06-16 00:29:56 +02:00
ec0b283540
Functions using EAP_ERROR descriptor return bool now for code simplicity
2016-06-15 22:59:52 +02:00
a9fdd1d71d
Support for pre-shared credentials introduced
2016-06-15 20:00:04 +02:00