GEANTLink

Author	SHA1	Message	Date
Simon Rozman	dedaee0693	UI: Upgrade wxFromBuilder Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:59 +01:00
Simon Rozman	fdb1340b9d	EAP-GTC UI: Prevent wxChoicebook from stretching pages Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:59 +01:00
Simon Rozman	f98996c13d	UI: Reorder outer and inner configuration panels This follows the natural workflow. Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:58 +01:00
Simon Rozman	0aab5f2e94	UI touch-up Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:58 +01:00
Simon Rozman	8d42db2f56	TLS: Use protocol version enabled on the system by default Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:58 +01:00
Simon Rozman	4dad574377	Rename StdAfx.h to PCH.h Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:58 +01:00
Simon Rozman	cd0a99c518	wxUICanceller: Move upstream and make reusable Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:58 +01:00
Simon Rozman	3bd2d1fd09	credentials_tls: Update documentation Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:57 +01:00
Simon Rozman	d4c01a5345	config_method_tls: Cleanup Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:57 +01:00
Simon Rozman	6e97a04bfe	credentials_tls: Keep thumbprint rather than client certificate By storing the client certificate the certificate became detached from its private key stored in user certificate store. This rendered client certificates useless for client TLS authentication. Now, the client certificate thumbprint is stored instead. The client certificate is looked up in the user certificate store as required. This breaks profile XML and BLOB backward compatibility. Since the client certificate support was broken, nobody probably used those in the settings before. Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:57 +01:00
Simon Rozman	75488ba870	credentials: Move user impersonation to peer::get_identity() To retrieve user credentials, EapHost provides us the interactive user's token we can use to impersonate. By doing the impersonation early in peer::get_identity(), we don't need to pass the token down the lower methods. This is rather a simplification than a performance optimization. Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:57 +01:00
Simon Rozman	e2eb41e811	credentials_tls: Use WinCrypt to get client certificate name Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:57 +01:00
Simon Rozman	e8b1e157d9	module: Make make_config() pure virtual It is important to implement this method in derived classes. When we provided default implementation returning NULL, introducing new methods might leave this method not implemented without a compiler error. Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:57 +01:00
Simon Rozman	6511d826a0	peer: Move all generic methods upstream from peer_tls_base Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:57 +01:00
Simon Rozman	33e765adcd	Cleanup Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:56 +01:00
Simon Rozman	5b02352f1a	Resolve the make_...() methods Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:56 +01:00
Simon Rozman	5195b79eed	method_ttls: Reintroduce Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:56 +01:00
Simon Rozman	d400901c52	Rename peer_tls to peer_tls_base peer_tls is actually not a complete EAP-TLS implementation. Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:38 +01:00
Simon Rozman	570eb83558	peer_tls: Move all applicable methods upstream to make reusable Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:38 +01:00
Simon Rozman	db056f5150	Cleanup Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:38 +01:00
Simon Rozman	1d558c939e	Rename method_tls_tunnel to method_tls and move upstream CRL checking was also moved upstream as method_tls triggers it. Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:10:37 +01:00
Simon Rozman	5c0299197b	method_defrag: Move upstream to make reusable Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:09:43 +01:00
Simon Rozman	383a85c18b	method: Merge with method_tunnel Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:09:43 +01:00
Simon Rozman	3fa48c3650	MSIBuild: Bump Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:09:43 +01:00
Simon Rozman	c40f71462f	ui_context: Merge with ui_context_tls_tunnel Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:09:43 +01:00
Simon Rozman	bef455e5a6	method_defrag: Check minimum send packet size and revise the calculation Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:09:43 +01:00
Simon Rozman	737f51b815	method_tls_tunnel: Cleanup Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:09:43 +01:00
Simon Rozman	7706e54294	method_tls_tunnel: Revise inner response packet generation Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:09:42 +01:00
Simon Rozman	d2a0c034c1	method_tls_tunnel: Declare authentication success according to EAP It is usually the outer EAP-Success/Failure message that confirm the authentication is gracefully over. Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:09:42 +01:00
Simon Rozman	1290d83b9d	method_eapmsg: Let inner method handle EAP-Identity packets With EapHost inner method, this is a must. Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:09:42 +01:00
Simon Rozman	b2edd74270	Introduce localization catalog domain name Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:09:42 +01:00
Simon Rozman	0a280975fb	Rename method_ttls => method_tls_tunnel to make reusable Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:09:42 +01:00
Simon Rozman	1e9e5a99c3	peer_ttls: Split to make reusable Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:09:42 +01:00
Simon Rozman	41c2be77f5	Make EAP method logging dynamic Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:08:28 +01:00
Simon Rozman	4331de8605	wxTTLSConfigPanel: Split to make reusable Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:08:28 +01:00
Simon Rozman	bacd4fd8d8	Rename wxTTLSConfigPanel and move upstream wxTTLSConfigPanel is about anonymizing inner identity and was renamed to wxEAPIdentityConfigPanel and moved upstream to make reusable. Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:08:28 +01:00
Simon Rozman	18184a2762	peer_ui: Move config_xml2blob and config_blob2xml upstream Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:08:28 +01:00
Simon Rozman	fb8ca2de24	Rename ui_context_ttls => ui_context_tls_tunnel to make reusable Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:08:28 +01:00
Simon Rozman	248e15641a	config_method_ttls: Split to make reusable Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:08:28 +01:00
Simon Rozman	a943a14d0f	Rename credentials_ttls => credentials_tls_tunnel to make reusable Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:08:27 +01:00
Simon Rozman	04e6b7064f	EapHost: Enable inner methods Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:07:53 +01:00
Simon Rozman	3e04ca5181	EapHost: Fix EapHostPeerGetSendPacket() call The packet buffer returned by EapHostPeerGetSendPacket() shall not be freed. Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:07:53 +01:00
Simon Rozman	017766cb29	EapHost: Disambiguate from native EAP methods When eap::config_method_eaphost::get_method_id() returns EAP-MSCHAPv2, XML-to-BLOB gets confused and picks native EAP-MSCHAPv2 implementation. Therefore, it was updated to always return unknown EAP type. Outer method does not need to know the exact method implemented by EapHost inner method. Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:07:53 +01:00
Simon Rozman	213042339b	EapHost: Do not reference the Eappprxy.lib when not used Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:07:53 +01:00
Simon Rozman	4da7785490	method_eap: Refactor Instead of delayed response packet generation, the method_eap::process_request_packet() prepares the response packet. This eliminates the state machine. Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:07:53 +01:00
Simon Rozman	7caa4b12a6	method_eap: tolerate empty request packets TLS methods call process_request_packet(NULL, 0) to check on the inner method for the payload to piggyback on the final handshake response. Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:07:53 +01:00
Simon Rozman	2282a2c45f	Explicitly check buffer length before touching it and unify exception Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:07:53 +01:00
Simon Rozman	9d0e261bbe	method_eap: Add EAP Success/Failure support Although, EapHost takes care for EAP Success and Failure packets for us, it does so for the outer-most method only. When using EAP inside a TLS tunnel, we are responsible for EAP Success and Failure packets ourselves. Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:07:53 +01:00
Simon Rozman	e5e5f1c63e	method_eap: Support EAP identity exchange Although, EapHost takes care for EAP identity exchange for us, it does so for the outer-most method only. When using EAP inside a TLS tunnel, we are responsible for EAP identity exchange ourselves. Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:07:52 +01:00
Simon Rozman	1c295360fc	Double link inner-outer methods This allows inner methods to access method_defrag to get negotiated EAP-TTLS/PEAP protocol version. Signed-off-by: Simon Rozman <simon@rozman.si>	2020-02-07 13:07:00 +01:00

1 2 3 4 5 ...

955 Commits