Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity
955 Commits 3 Branches 69 Tags
Commit Graph

177 Commits

Author SHA1 Message Date
Simon Rozman
8d42db2f56 TLS: Use protocol version enabled on the system by default 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:58 +01:00
Simon Rozman
4dad574377 Rename StdAfx.h to PCH.h 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:58 +01:00
Simon Rozman
d4c01a5345 config_method_tls: Cleanup 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
6e97a04bfe credentials_tls: Keep thumbprint rather than client certificate 
By storing the client certificate the certificate became detached from
its private key stored in user certificate store. This rendered client
certificates useless for client TLS authentication.

Now, the client certificate thumbprint is stored instead. The client
certificate is looked up in the user certificate store as required.

This breaks profile XML and BLOB backward compatibility. Since the
client certificate support was broken, nobody probably used those in
the settings before.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
75488ba870 credentials: Move user impersonation to peer::get_identity() 
To retrieve user credentials, EapHost provides us the interactive user's
token we can use to impersonate.

By doing the impersonation early in peer::get_identity(), we don't need
to pass the token down the lower methods. This is rather a
simplification than a performance optimization.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
e2eb41e811 credentials_tls: Use WinCrypt to get client certificate name 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
6511d826a0 peer: Move all generic methods upstream from peer_tls_base 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:57 +01:00
Simon Rozman
5b02352f1a Resolve the make_...() methods 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:56 +01:00
Simon Rozman
5195b79eed method_ttls: Reintroduce 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:56 +01:00
Simon Rozman
d400901c52 Rename peer_tls to peer_tls_base 
peer_tls is actually not a complete EAP-TLS implementation.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:38 +01:00
Simon Rozman
570eb83558 peer_tls: Move all applicable methods upstream to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:38 +01:00
Simon Rozman
1d558c939e Rename method_tls_tunnel to method_tls and move upstream 
CRL checking was also moved upstream as method_tls triggers it.

Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:10:37 +01:00
Simon Rozman
5c0299197b method_defrag: Move upstream to make reusable 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-07 13:09:43 +01:00
Simon Rozman
5a7827e85e Make enums scoped 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-06 11:53:38 +01:00
Simon Rozman
059710d83c Update Copyright year 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2020-02-05 11:45:51 +01:00
Simon Rozman
fac33ee0b1 Remove UTF-8 BOM 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2019-11-28 17:04:16 +01:00
Simon Rozman
6fb5cb88d2 Address code analysis warnings 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2019-09-04 13:11:48 +02:00
Simon Rozman
5a82dc2a25 Unify LPCBYTE 
Signed-off-by: Simon Rozman <simon@rozman.si>
 2019-06-14 09:57:48 +02:00
Simon Rozman
4ae048fd9f Auditing of CryptProtectData() enabled 2016-11-07 11:06:20 +01:00
Simon Rozman
b87e30bc9d Some final adjustments to EapHost inner method code before I put it to rest because of RasMan MSCHAPv2 heap corruption :( 2016-11-03 10:11:31 +01:00
Simon Rozman
d234e55ae4 - Doxygen documentation updated 
- Some minor issues stumbled upon fixed
- WIN1250 >> UTF-8
 2016-11-02 01:25:38 +01:00
Simon Rozman
52a428bb5e Various ownTLS leftover clean-up 2016-11-01 05:33:55 +01:00
Simon Rozman
c31e019cef eap::metod thorough redesign: 
- Support for method stacking introduced
- EAP-TLS method has been discontinued
- ownTLS has been discontinued
 2016-10-31 16:58:53 +01:00
Simon Rozman
af56825d39 Code clean-up 2016-10-28 13:50:30 +02:00
Simon Rozman
654c965851 Support for various peer action request extended 2016-10-27 10:00:18 +02:00
Simon Rozman
d87b3d37e5 Discrete output of credentials to event log centralized 2016-10-25 13:37:39 +02:00
Simon Rozman
e7e1a6735d pEapOutput Prefast specifier for process_request_packet() methods changed 2016-10-24 14:55:31 +02:00
Simon Rozman
a1f9a7bab9 ppResult >> pResult 2016-10-24 13:33:01 +02:00
Simon Rozman
7a26128c7b "auto" simplified 2016-10-10 15:00:10 +02:00
Simon Rozman
e94e3bdd60 credentials::combine() methods updated with support for EAPMsg: 
- Additional parameters
- Additional result code
- User impersonation now mounted inside of credentials::combine() when required
 2016-10-10 14:31:23 +02:00
Simon Rozman
e8eec11618 EAP-TTLS inner method no longer needs to have support for configured credentials 2016-10-04 10:13:45 +02:00
Simon Rozman
c53ed21d55 Code clean-up 2016-10-03 14:54:02 +02:00
Simon Rozman
ff4e8c6885 ID 7. Commented out parts of the code from security audit partially resolved 2016-10-03 14:54:02 +02:00
Simon Rozman
f0af016efe ID 4. Possibility of method_tls class initialization list optimization from security audit fixed 2016-10-03 14:54:01 +02:00
Simon Rozman
559ffc5ead ID 3. C style pointer casting from security audit fixed 2016-10-03 14:53:50 +02:00
Simon Rozman
28408fcea7 ID 2. Missing functionality from security audit report partially fixed 2016-10-03 14:52:57 +02:00
Simon Rozman
a1455078e9 Explicit server certificate check introduced 2016-10-03 14:51:45 +02:00
Simon Rozman
b6adb2a850 Common members from config_method_with_cred moved to parent config_method 2016-09-29 11:23:22 +02:00
Simon Rozman
79cc1af86f Clean-up and XML handling enhancement: 
- XML helper functions always return objects by winstd::com_obj or winstd::bstr reference now to ensure proper release by caller
- get_element_value()/put_element_value() can optionally return reference to the XML object if required
- WinStd macros to simplify dplhandle<> and handle<> inherited classes reused by non-copyable classes
 2016-09-23 14:43:31 +02:00
Simon Rozman
0ab18017cd Pre-shared >> Configured credentials, Own >> Stored credentials 2016-09-21 09:43:02 +02:00
Simon Rozman
641c9b6932 Credentials are no longer stored using method name (TLS/PAP/MSCHAPv2) but with level/type identifier 2016-09-06 15:39:41 +02:00
Simon Rozman
c765954c0f "Last Authentication Failed" flag extended to support finer feedback, why last authentication failed 2016-09-06 14:10:02 +02:00
Simon Rozman
b255aa6505 EapPeerMethodResult's fIsSuccess and dwFailureReasonCode management revised to guarantee configuration gets saved 2016-09-06 09:57:34 +02:00
Simon Rozman
d83f5422d7 MSCHAPv2 almost finished... 2016-09-05 16:44:18 +02:00
Simon Rozman
c33c8b551b Clean-up 2016-09-04 17:57:04 +02:00
Simon Rozman
bd7f3f4a38 Still trying to make Schannel resume sessions 2016-09-02 14:05:03 +02:00
Simon Rozman
621669828b Schannel and ownTLS MSK derivation unified 2016-09-02 14:03:34 +02:00
Simon Rozman
00aee5bb78 ownTLS updated 2016-09-02 11:38:28 +02:00
Simon Rozman
198b9a576e Maximum packet size parameter is now optional 2016-09-02 10:19:39 +02:00
Simon Rozman
566785192a Requirement that eap::method processes EAP packets only dropped, work with non-EAP methods simplified 2016-09-02 09:50:21 +02:00