Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Compare commits

base: Amebis:1.0-alpha12
Branches Tags
Amebis:master Amebis:ver1.0 Amebis:ver1.1
Amebis:1.3g Amebis:1.3f Amebis:1.3e Amebis:1.3d Amebis:1.3c Amebis:1.3b Amebis:1.3a Amebis:1.3 Amebis:1.2g Amebis:1.2f Amebis:1.1h Amebis:1.0i Amebis:1.2e Amebis:1.1g Amebis:1.0h Amebis:1.2d Amebis:1.1f Amebis:1.0g Amebis:1.2c Amebis:1.1e Amebis:1.0f Amebis:1.2b Amebis:1.1d Amebis:1.0e Amebis:1.2a Amebis:1.1c Amebis:1.0d Amebis:1.2 Amebis:1.1b Amebis:1.0c Amebis:1.2-beta2 Amebis:1.2-beta1 Amebis:1.2-beta Amebis:1.1a Amebis:1.0b Amebis:1.1 Amebis:1.1-beta2 Amebis:1.1-beta1 Amebis:1.0a Amebis:1.1-beta Amebis:1.0 Amebis:1.0-beta8 Amebis:1.0-beta7 Amebis:1.0-beta6 Amebis:1.0-beta5 Amebis:1.0-beta4 Amebis:1.0-beta3 Amebis:1.0-beta2 Amebis:1.0-beta1 Amebis:1.0-beta Amebis:1.0-alpha17 Amebis:1.0-alpha16 Amebis:1.0-alpha15 Amebis:1.0-alpha14 Amebis:1.0-alpha13 Amebis:1.0-alpha12 Amebis:1.0-alpha11 Amebis:1.0-alpha10 Amebis:1.0-alpha10-owntls Amebis:1.0-alpha9 Amebis:1.0-alpha8 Amebis:1.0-alpha7 Amebis:1.0-alpha6 Amebis:1.0-alpha5 Amebis:1.0-alpha4 Amebis:1.0-alpha3 Amebis:1.0-alpha2 Amebis:1.0-alpha1 Amebis:1.0-alpha0
..
compare: Amebis:1.0-alpha10-owntls
Branches Tags
Amebis:master Amebis:ver1.0 Amebis:ver1.1
Amebis:1.3g Amebis:1.3f Amebis:1.3e Amebis:1.3d Amebis:1.3c Amebis:1.3b Amebis:1.3a Amebis:1.3 Amebis:1.2g Amebis:1.2f Amebis:1.1h Amebis:1.0i Amebis:1.2e Amebis:1.1g Amebis:1.0h Amebis:1.2d Amebis:1.1f Amebis:1.0g Amebis:1.2c Amebis:1.1e Amebis:1.0f Amebis:1.2b Amebis:1.1d Amebis:1.0e Amebis:1.2a Amebis:1.1c Amebis:1.0d Amebis:1.2 Amebis:1.1b Amebis:1.0c Amebis:1.2-beta2 Amebis:1.2-beta1 Amebis:1.2-beta Amebis:1.1a Amebis:1.0b Amebis:1.1 Amebis:1.1-beta2 Amebis:1.1-beta1 Amebis:1.0a Amebis:1.1-beta Amebis:1.0 Amebis:1.0-beta8 Amebis:1.0-beta7 Amebis:1.0-beta6 Amebis:1.0-beta5 Amebis:1.0-beta4 Amebis:1.0-beta3 Amebis:1.0-beta2 Amebis:1.0-beta1 Amebis:1.0-beta Amebis:1.0-alpha17 Amebis:1.0-alpha16 Amebis:1.0-alpha15 Amebis:1.0-alpha14 Amebis:1.0-alpha13 Amebis:1.0-alpha12 Amebis:1.0-alpha11 Amebis:1.0-alpha10 Amebis:1.0-alpha10-owntls Amebis:1.0-alpha9 Amebis:1.0-alpha8 Amebis:1.0-alpha7 Amebis:1.0-alpha6 Amebis:1.0-alpha5 Amebis:1.0-alpha4 Amebis:1.0-alpha3 Amebis:1.0-alpha2 Amebis:1.0-alpha1 Amebis:1.0-alpha0

7 Commits
1.0-alpha1 ... 1.0-alpha1

Author SHA1 Message Date
Simon Rozman
e4c3f5cbd8 Version set to 1.0-alpha10-owntls 2016-08-23 14:52:26 +02:00
Simon Rozman
1df98af5a1 Event descriptors updated 2016-08-23 14:48:47 +02:00
Simon Rozman
3cbd749966 Sub-module update 2016-08-23 14:46:06 +02:00
Simon Rozman
2125679385 Server certificate name check extended to search for the name in the subjectAltName(2) extension first; only when none present, compares against Common Name 2016-08-23 14:43:07 +02:00
Simon Rozman
fb5d969c2b Support for the wild-char certificate names dropped 2016-08-23 14:42:43 +02:00
Simon Rozman
f39cb94ee5 Server names can be Unicode now 2016-08-23 14:42:11 +02:00
Simon Rozman
59768e8097 Cipher suite list size is now in number of elements, not bytes 2016-08-23 14:41:25 +02:00
45 changed files with 5123 additions and 6595 deletions
Expand all files Collapse all files

BIN
EAPMethods/MSIBuild/Makefile
View File

Binary file not shown.

319
EAPMethods/locale/EAPMethods.pot
View File

@@ -2,7 +2,7 @@
msgid "" msgid ""
msgstr "" msgstr ""
"Project-Id-Version: EAPMethods\n" "Project-Id-Version: EAPMethods\n"
"POT-Creation-Date: 2016-08-25 10:43+0200\n" "POT-Creation-Date: 2016-06-10 12:06+0200\n"
"PO-Revision-Date: 2016-06-02 12:27+0200\n" "PO-Revision-Date: 2016-06-02 12:27+0200\n"
"Last-Translator: Simon Rozman <simon.rozman@amebis.si>\n" "Last-Translator: Simon Rozman <simon.rozman@amebis.si>\n"
"Language-Team: Amebis, d. o. o., Kamnik <info@amebis.si>\n" "Language-Team: Amebis, d. o. o., Kamnik <info@amebis.si>\n"
@@ -11,6 +11,8 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n" "Content-Transfer-Encoding: 8bit\n"
"X-Generator: Poedit 1.8.8\n" "X-Generator: Poedit 1.8.8\n"
"X-Poedit-Basepath: ../..\n" "X-Poedit-Basepath: ../..\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
"Language: en_US\n"
"X-Poedit-SourceCharset: UTF-8\n" "X-Poedit-SourceCharset: UTF-8\n"
"X-Poedit-KeywordsList: _\n" "X-Poedit-KeywordsList: _\n"
"X-Poedit-SearchPath-0: lib/EAPBase_UI\n" "X-Poedit-SearchPath-0: lib/EAPBase_UI\n"
@@ -19,203 +21,70 @@ msgstr ""
"X-Poedit-SearchPath-3: lib/TTLS_UI\n" "X-Poedit-SearchPath-3: lib/TTLS_UI\n"
"X-Poedit-SearchPath-4: EAPMethods\n" "X-Poedit-SearchPath-4: EAPMethods\n"
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:37 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:123 lib/EAPBase_UI/res/wxEAP_UI.cpp:200
msgid "Advanced..."
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:38
msgid "Opens dialog with provider settings"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:174 lib/EAPBase_UI/res/wxEAP_UI.cpp:296
msgid "Client Credentials" msgid "Client Credentials"
msgstr "" msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:185 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:134
msgid "Manage credentials used to connect." msgid "Manage your credentials stored in Windows Credential Manager."
msgstr "" msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:198 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:144
msgid "Use &own credentials:" msgid "Identity:"
msgstr "" msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:199 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:149
msgid "Select this option if you have your unique credentials to connect" msgid "Enter your user name here (user@domain.org, DOMAINUser, etc.)"
msgstr "" msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:204 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:159
msgid "Your credentials loaded from Windows Credential Manager" msgid "&Set Credentials..."
msgstr "" msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:214 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:160
msgid "Click here to set or modify your credentials"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:164
msgid "&Clear Credentials" msgid "&Clear Credentials"
msgstr "" msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:215 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:165
msgid "" msgid ""
"Click to clear your credentials from Credential Manager.\n" "Click to clear your credentials from Credential Manager.\n"
"Note: You will be prompted to enter credentials when connecting." "Note: You will be prompted to enter credentials when connecting."
msgstr "" msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:219 lib/EAPBase_UI/res/wxEAP_UI.cpp:252 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:211
msgid "&Set Credentials..."
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:220 lib/EAPBase_UI/res/wxEAP_UI.cpp:253
msgid "Click here to set or modify your credentials"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:236
msgid "Use &pre-shared credentials:"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:237
msgid "Select this options if all clients connect using the same credentials"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:242
msgid "Common (pre-shared) credentials"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:307
msgid "Please provide your user ID and password." msgid "Please provide your user ID and password."
msgstr "" msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:317 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:221
msgid "User ID:" msgid "User ID:"
msgstr "" msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:322 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:226
msgid "Enter your user name here (user@domain.org, DOMAIN\\User, etc.)" msgid "Enter your user name here (user@domain.org, DOMAIN\\User, etc.)"
msgstr "" msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:326 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:230
msgid "Password:" msgid "Password:"
msgstr "" msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:331 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:235
msgid "Enter your password here" msgid "Enter your password here"
msgstr "" msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:338 lib/TLS_UI/res/wxTLS_UI.cpp:183 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:242 lib/TLS_UI/res/wxTLS_UI.cpp:164
msgid "&Remember" msgid "&Remember"
msgstr "" msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:339 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:243
msgid "Check if you would like to save username and password" msgid "Check if you would like to save username and password"
msgstr "" msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:361 #: lib/PAP_UI/src/PAP_UI.cpp:41
msgid "Your Organization" msgid "This method requires no additional settings."
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:372
msgid "Describe your organization to customize user prompts. When organization is introduced, end-users find program messages easier to understand and act."
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:379
msgid "Your organization &name:"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:384
msgid "Your organization name as it will appear on helpdesk contact notifications"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:388
msgid "(Keep it short, please)"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:398
msgid "Helpdesk contact &information:"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:408
msgid "¶"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:415
msgid "Your helpdesk website address"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:419
msgid "*"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:426
msgid "Your helpdesk e-mail address"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:430
msgid ")"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:437
msgid "Your helpdesk phone number"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:471
msgid "Configuration Lock"
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:482
msgid "Your configuration can be locked to prevent accidental modification by end-users. Users will only be allowed to enter credentials."
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:489
msgid "&Lock this configuration and prevent any further modification via user interface."
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.cpp:492
msgid "(Warning: Once locked, you can not revert using this dialog!)"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:88
#, c-format
msgid "%s Credentials"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:118
#, c-format
msgid "For additional help and instructions, please contact %s at:"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:120
#, c-format
msgid "your %ls provider"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:120
msgid "your provider"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:139
msgid "Open the default web browser"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:150
msgid "Open your e-mail program"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:161
msgid "Dial the phone number"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:180
#, c-format
msgid "%s has pre-set parts of this configuration. Those parts are locked to prevent accidental modification."
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:182
#, c-format
msgid "Your %ls provider"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:182
msgid "Your provider"
msgstr ""
#: lib/EAPBase_UI/src/EAP_UI.cpp:201
msgid "Previous attempt to connect failed. Please, make sure your credentials are correct, or try again later."
msgstr "" msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:17 #: lib/TLS_UI/res/wxTLS_UI.cpp:17
@@ -263,11 +132,11 @@ msgid "Acceptable server &names:"
msgstr "" msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:77 #: lib/TLS_UI/res/wxTLS_UI.cpp:77
msgid "A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed" msgid "A semicolon delimited list of acceptable server FQDN names; blank to skip name check; \"*\" wildchar allowed"
msgstr "" msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:81 #: lib/TLS_UI/res/wxTLS_UI.cpp:81
msgid "(Example: foo.bar.com;server2.bar.com)" msgid "(Example: foo.bar.com;*.domain.org)"
msgstr "" msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:120 #: lib/TLS_UI/res/wxTLS_UI.cpp:120
@@ -298,59 +167,48 @@ msgstr ""
msgid "Client certificate to use for authentication" msgid "Client certificate to use for authentication"
msgstr "" msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:167 #: lib/TLS_UI/res/wxTLS_UI.cpp:165
msgid "Custom &identity:"
msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:172
msgid "Your identity (username@domain) to override one from certificate; or blank to use one provided in certificate"
msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:176
msgid "(Example: user@contoso.com)"
msgstr ""
#: lib/TLS_UI/res/wxTLS_UI.cpp:184
msgid "Check if you would like to save certificate selection" msgid "Check if you would like to save certificate selection"
msgstr "" msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:118 #: lib/TLS_UI/src/TLS_UI.cpp:199
#, c-format #, c-format
msgid "Invalid character in host name found: %c" msgid "Invalid character in host name found: %c"
msgstr "" msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:118 #: lib/TLS_UI/src/TLS_UI.cpp:199
msgid "Validation conflict" msgid "Validation conflict"
msgstr "" msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:514 #: lib/TLS_UI/src/TLS_UI.cpp:551
msgid "Add Certificate" msgid "Add Certificate"
msgstr "" msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:515 #: lib/TLS_UI/src/TLS_UI.cpp:552
msgid "Certificate Files (*.cer;*.crt;*.der;*.p7b;*.pem)" msgid "Certificate Files (*.cer;*.crt;*.der;*.p7b;*.pem)"
msgstr "" msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:516 #: lib/TLS_UI/src/TLS_UI.cpp:553
msgid "X.509 Certificate Files (*.cer;*.crt;*.der;*.pem)" msgid "X.509 Certificate Files (*.cer;*.crt;*.der;*.pem)"
msgstr "" msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:517 #: lib/TLS_UI/src/TLS_UI.cpp:554
msgid "PKCS #7 Certificate Files (*.p7b)" msgid "PKCS #7 Certificate Files (*.p7b)"
msgstr "" msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:518 #: lib/TLS_UI/src/TLS_UI.cpp:555
msgid "All Files (*.*)" msgid "All Files (*.*)"
msgstr "" msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:534 #: lib/TLS_UI/src/TLS_UI.cpp:571
#, c-format #, c-format
msgid "Invalid or unsupported certificate file %s" msgid "Invalid or unsupported certificate file %s"
msgstr "" msgstr ""
#: lib/TLS_UI/src/TLS_UI.cpp:534 #: lib/TLS_UI/src/TLS_UI.cpp:571
#, fuzzy
msgid "Error" msgid "Error"
msgstr "" msgstr "Napaka pri nalaganju knjižnice MSI.DLL (%1!ld!)."
#: lib/TTLS_UI/res/wxTTLS_UI.cpp:17 #: lib/TTLS_UI/res/wxTTLS_UI.cpp:17
msgid "Outer Identity" msgid "Outer Identity"
@@ -361,7 +219,7 @@ msgid "Select the user ID supplicant introduces itself as to authenticator:"
msgstr "" msgstr ""
#: lib/TTLS_UI/res/wxTTLS_UI.cpp:35 #: lib/TTLS_UI/res/wxTTLS_UI.cpp:35
msgid "&True identity" msgid "&Same as inner identity"
msgstr "" msgstr ""
#: lib/TTLS_UI/res/wxTTLS_UI.cpp:36 #: lib/TTLS_UI/res/wxTTLS_UI.cpp:36
@@ -388,93 +246,96 @@ msgstr ""
msgid "Custom outer identity to use" msgid "Custom outer identity to use"
msgstr "" msgstr ""
#: lib/TTLS_UI/src/Module.cpp:231 lib/TTLS_UI/src/Module.cpp:241 #: lib/TTLS_UI/src/TTLS_UI.cpp:92
#: lib/EAPBase_UI/include/EAP_UI.h:582
#, c-format
msgid "Error writing credentials to Credential Manager: %hs (error %u)"
msgstr ""
#: lib/TTLS_UI/src/Module.cpp:233 lib/TTLS_UI/src/Module.cpp:243
#: lib/EAPBase_UI/include/EAP_UI.h:584
msgid "Writing credentials failed."
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:108 lib/TTLS_UI/src/TTLS_UI.cpp:215
msgid "Inner Authentication"
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:114
msgid "Select inner authentication method from the list"
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:116
msgid "PAP"
msgstr ""
#: lib/TTLS_UI/src/TTLS_UI.cpp:121 lib/TTLS_UI/src/TTLS_UI.cpp:236
msgid "Outer Authentication" msgid "Outer Authentication"
msgstr "" msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:253 #: lib/TTLS_UI/src/TTLS_UI.cpp:105
msgid "EAP Credentials" msgid "Inner Authentication"
msgstr "" msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:422 #: lib/TTLS_UI/src/TTLS_UI.cpp:111
msgid "Provider Settings" msgid "Select inner authentication method from the list"
msgstr "" msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:502 lib/EAPBase_UI/include/EAP_UI.h:529 #: lib/TTLS_UI/src/TTLS_UI.cpp:112
msgid "PAP"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:217
msgid "<blank>" msgid "<blank>"
msgstr "" msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:508 #: lib/EAPBase_UI/include/EAP_UI.h:223
#, c-format #, c-format
msgid "<error %u>" msgid "<error %u>"
msgstr "" msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:568 #: lib/EAPBase_UI/include/EAP_UI.h:246
#, c-format
msgid "Error reading credentials from Credential Manager: %hs (error %u)"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:570
msgid "Reading credentials failed."
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:595
#, c-format #, c-format
msgid "Deleting credentials failed (error %u)." msgid "Deleting credentials failed (error %u)."
msgstr "" msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:817 #: lib/EAPBase_UI/include/EAP_UI.h:300
msgid "<Your Organization>" #, c-format
msgid "Error reading credentials from Credential Manager: %ls (error %u)"
msgstr "" msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.h:60 #: lib/EAPBase_UI/include/EAP_UI.h:303
#, c-format
msgid "Reading credentials failed (error %u)."
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:318
#, c-format
msgid "Error writing credentials to Credential Manager: %ls (error %u)"
msgstr ""
#: lib/EAPBase_UI/include/EAP_UI.h:321
#, c-format
msgid "Writing credentials failed (error %u)."
msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.h:56
msgid "EAP Method Configuration" msgid "EAP Method Configuration"
msgstr "" msgstr ""
#: lib/EAPBase_UI/res/wxEAP_UI.h:81
msgid "EAP Credentials"
msgstr ""
#: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:3
#: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:3 #: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:3
#: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:3
#: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:3 #: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:3
#, fuzzy
msgid "1252" msgid "1252"
msgstr "" msgstr "1250"
#: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:4
#: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:4 #: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:4
#: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:4
#: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:4 #: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:4
msgid "EAP Methods" msgid "EAP Peer Methods"
msgstr "" msgstr ""
#: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:4
#: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:4 #: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:4
#: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:4
#: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:4 #: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:4
msgid "Modules to support individual EAP methods" msgid "Modules to support individual EAP methods"
msgstr "" msgstr ""
#: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:5
#: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:5 #: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:5
#: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:5
#: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:5 #: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:5
msgid "TTLS" msgid "TTLS"
msgstr "" msgstr ""
#: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:5
#: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:5 #: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:5
#: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:5
#: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:5 #: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:5
msgid "Tunneled Transport Layer Security" msgid "Tunneled Transport Layer Security"
msgstr "" msgstr ""

12
EventMonitor/App.cpp
View File

@@ -66,12 +66,12 @@ bool wxEventMonitorApp::OnInit()
#ifdef __WXMSW__ #ifdef __WXMSW__
// Find EventMonitor window if already running. // Find EventMonitor window if already running.
HWND hWnd = ::FindWindow(_T("wxWindowNR"), _("Event Monitor")); HWND okno = ::FindWindow(_T("wxWindowNR"), _("Event Monitor"));
if (hWnd) { if (okno) {
if (::IsIconic(hWnd)) if (::IsIconic(okno))
::SendMessage(hWnd, WM_SYSCOMMAND, SC_RESTORE, 0); ::SendMessage(okno, WM_SYSCOMMAND, SC_RESTORE, 0);
::SetActiveWindow(hWnd); ::SetActiveWindow(okno);
::SetForegroundWindow(hWnd); ::SetForegroundWindow(okno);
// Not an error condition actually; Just nothing else to do... // Not an error condition actually; Just nothing else to do...
return false; return false;

BIN
Makefile
View File

Binary file not shown.

2
include/Common.props
View File

@@ -32,7 +32,7 @@
<ItemDefinitionGroup> <ItemDefinitionGroup>
<ClCompile> <ClCompile>
<WarningLevel>Level4</WarningLevel> <WarningLevel>Level4</WarningLevel>
<PreprocessorDefinitions>_WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;SECURITY_WIN32;CERT_CHAIN_PARA_HAS_EXTRA_FIELDS;EAP_TLS=1;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>_WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;CERT_CHAIN_PARA_HAS_EXTRA_FIELDS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PrecompiledHeader>Use</PrecompiledHeader> <PrecompiledHeader>Use</PrecompiledHeader>
<PrecompiledHeaderFile>StdAfx.h</PrecompiledHeaderFile> <PrecompiledHeaderFile>StdAfx.h</PrecompiledHeaderFile>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat> <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>

10
include/Version.h
View File

@@ -29,7 +29,7 @@
// Product version as a single DWORD // Product version as a single DWORD
// Note: Used for version comparison within C/C++ code. // Note: Used for version comparison within C/C++ code.
// //
#define PRODUCT_VERSION 0x00ff0c00 #define PRODUCT_VERSION 0x00ff0a00
// //
// Product version by components // Product version by components
@@ -39,26 +39,26 @@
// //
#define PRODUCT_VERSION_MAJ 0 #define PRODUCT_VERSION_MAJ 0
#define PRODUCT_VERSION_MIN 255 #define PRODUCT_VERSION_MIN 255
#define PRODUCT_VERSION_REV 12 #define PRODUCT_VERSION_REV 10
#define PRODUCT_VERSION_BUILD 0 #define PRODUCT_VERSION_BUILD 0
// //
// Human readable product version and build year for UI // Human readable product version and build year for UI
// //
#define PRODUCT_VERSION_STR "1.0-alpha12" #define PRODUCT_VERSION_STR "1.0-alpha10-owntls"
#define PRODUCT_BUILD_YEAR_STR "2016" #define PRODUCT_BUILD_YEAR_STR "2016"
// //
// Numerical version presentation for ProductVersion propery in // Numerical version presentation for ProductVersion propery in
// MSI packages (syntax: N.N[.N[.N]]) // MSI packages (syntax: N.N[.N[.N]])
// //
#define PRODUCT_VERSION_INST "0.255.12" #define PRODUCT_VERSION_INST "0.255.10"
// //
// The product code for ProductCode property in MSI packages // The product code for ProductCode property in MSI packages
// Replace with new on every version change, regardless how minor it is. // Replace with new on every version change, regardless how minor it is.
// //
#define PRODUCT_VERSION_GUID "{6F5B0B97-B6BB-4D3E-9FEC-41E6CDC3868F}" #define PRODUCT_VERSION_GUID "{C3675615-0D70-47C7-9BCB-B683A77C6ED6}"
// //
// Since the product name is not finally confirmed at the time of // Since the product name is not finally confirmed at the time of

18
lib/EAPBase/include/Config.h
View File

@@ -40,14 +40,14 @@ namespace eap
class config_method_with_cred; class config_method_with_cred;
/// ///
/// Provider configuration storage /// Base class for single provider configuration storage
/// ///
class config_provider; class config_provider;
/// ///
/// Connection configuration storage /// Base class for the list of providers configuration storage
/// ///
class config_connection; class config_provider_list;
} }
/// ///
@@ -454,7 +454,7 @@ namespace eap
}; };
class config_connection : public config class config_provider_list : public config
{ {
public: public:
/// ///
@@ -462,21 +462,21 @@ namespace eap
/// ///
/// \param[in] mod EAP module to use for global services /// \param[in] mod EAP module to use for global services
/// ///
config_connection(_In_ module &mod); config_provider_list(_In_ module &mod);
/// ///
/// Copies configuration /// Copies configuration
/// ///
/// \param[in] other Configuration to copy from /// \param[in] other Configuration to copy from
/// ///
config_connection(_In_ const config_connection &other); config_provider_list(_In_ const config_provider_list &other);
/// ///
/// Moves configuration /// Moves configuration
/// ///
/// \param[in] other Configuration to move from /// \param[in] other Configuration to move from
/// ///
config_connection(_Inout_ config_connection &&other); config_provider_list(_Inout_ config_provider_list &&other);
/// ///
/// Copies configuration /// Copies configuration
@@ -485,7 +485,7 @@ namespace eap
/// ///
/// \returns Reference to this object /// \returns Reference to this object
/// ///
config_connection& operator=(_In_ const config_connection &other); config_provider_list& operator=(_In_ const config_provider_list &other);
/// ///
/// Moves configuration /// Moves configuration
@@ -494,7 +494,7 @@ namespace eap
/// ///
/// \returns Reference to this object /// \returns Reference to this object
/// ///
config_connection& operator=(_Inout_ config_connection &&other); config_provider_list& operator=(_Inout_ config_provider_list &&other);
/// ///
/// Clones configuration /// Clones configuration

57
lib/EAPBase/include/Credentials.h
View File

@@ -120,52 +120,6 @@ namespace eap
/// ///
virtual bool empty() const; virtual bool empty() const;
/// \name XML configuration management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
/// \name Storage /// \name Storage
/// @{ /// @{
@@ -210,15 +164,12 @@ namespace eap
/// ///
/// Returns credential identity. /// Returns credential identity.
/// ///
virtual std::wstring get_identity() const; virtual std::wstring get_identity() const = 0;
/// ///
/// Returns credential name (for GUI display). /// Returns credential name (for GUI display).
/// ///
virtual winstd::tstring get_name() const; virtual winstd::tstring get_name() const;
public:
std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.)
}; };
@@ -343,7 +294,13 @@ namespace eap
/// @} /// @}
///
/// Returns credential identity.
///
virtual std::wstring get_identity() const;
public: public:
std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.)
winstd::sanitizing_wstring m_password; ///< Password winstd::sanitizing_wstring m_password; ///< Password
private: private:

50
lib/EAPBase/include/EAP.h
View File

@@ -391,31 +391,6 @@ template<size_t N> inline size_t pksizeof(_In_ const eap::sanitizing_blob_f<N> &
/// ///
template<size_t N> inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::sanitizing_blob_f<N> &val); template<size_t N> inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::sanitizing_blob_f<N> &val);
///
/// Packs a GUID
///
/// \param[inout] cursor Memory cursor
/// \param[in] val Variable with data to pack
///
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const GUID &val);
///
/// Returns packed size of a GUID
///
/// \param[in] val Data to pack
///
/// \returns Size of data when packed (in bytes)
///
inline size_t pksizeof(_In_ const GUID &val);
///
/// Unpacks a GUID
///
/// \param[inout] cursor Memory cursor
/// \param[out] val Variable to receive unpacked value
///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ GUID &val);
#ifndef htonll #ifndef htonll
/// ///
/// Convert host converts an unsigned __int64 from host to TCP/IP network byte order. /// Convert host converts an unsigned __int64 from host to TCP/IP network byte order.
@@ -1000,31 +975,6 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::sanitizing_blo
} }
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const GUID &val)
{
eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(GUID);
assert(ptr_end <= cursor.ptr_end);
memcpy(cursor.ptr, &val, sizeof(GUID));
cursor.ptr = ptr_end;
}
inline size_t pksizeof(_In_ const GUID &val)
{
UNREFERENCED_PARAMETER(val);
return sizeof(GUID);
}
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ GUID &val)
{
eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(GUID);
assert(ptr_end <= cursor.ptr_end);
memcpy(&val, cursor.ptr, sizeof(GUID));
cursor.ptr = ptr_end;
}
#ifndef htonll #ifndef htonll
inline unsigned __int64 htonll(unsigned __int64 val) inline unsigned __int64 htonll(unsigned __int64 val)

10
lib/EAPBase/include/Method.h
View File

@@ -51,10 +51,10 @@ namespace eap
/// Constructs an EAP method /// Constructs an EAP method
/// ///
/// \param[in] mod EAP module to use for global services /// \param[in] mod EAP module to use for global services
/// \param[in] cfg Connection configuration /// \param[in] cfg Providers configuration
/// \param[in] cred User credentials /// \param[in] cred User credentials
/// ///
method(_In_ module &module, _In_ config_connection &cfg, _In_ credentials &cred); method(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials &cred);
/// ///
@@ -130,8 +130,8 @@ namespace eap
method& operator=(_In_ const method &other); method& operator=(_In_ const method &other);
public: public:
module &m_module; ///< EAP module module &m_module; ///< EAP module
config_connection &m_cfg; ///< Connection configuration config_provider_list &m_cfg; ///< Providers configuration
credentials &m_cred; ///< User credentials credentials &m_cred; ///< User credentials
}; };
} }

28
lib/EAPBase/src/Config.cpp
View File

@@ -609,40 +609,40 @@ void eap::config_provider::operator>>(_Inout_ cursor_in &cursor)
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// eap::config_connection // eap::config_provider_list
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::config_connection::config_connection(_In_ module &mod) : config(mod) eap::config_provider_list::config_provider_list(_In_ module &mod) : config(mod)
{ {
} }
eap::config_connection::config_connection(_In_ const config_connection &other) : eap::config_provider_list::config_provider_list(_In_ const config_provider_list &other) :
m_providers(other.m_providers), m_providers(other.m_providers),
config(other) config(other)
{ {
} }
eap::config_connection::config_connection(_Inout_ config_connection &&other) : eap::config_provider_list::config_provider_list(_Inout_ config_provider_list &&other) :
m_providers(std::move(other.m_providers)), m_providers(std::move(other.m_providers)),
config(std::move(other)) config(std::move(other))
{ {
} }
eap::config_connection& eap::config_connection::operator=(_In_ const config_connection &other) eap::config_provider_list& eap::config_provider_list::operator=(_In_ const config_provider_list &other)
{ {
if (this != &other) { if (this != &other) {
(config&)*this = other; (config&)*this = other;
m_providers = other.m_providers; m_providers = other.m_providers;
} }
return *this; return *this;
} }
eap::config_connection& eap::config_connection::operator=(_Inout_ config_connection &&other) eap::config_provider_list& eap::config_provider_list::operator=(_Inout_ config_provider_list &&other)
{ {
if (this != &other) { if (this != &other) {
(config&&)*this = std::move(other); (config&&)*this = std::move(other);
@@ -653,13 +653,13 @@ eap::config_connection& eap::config_connection::operator=(_Inout_ config_connect
} }
eap::config* eap::config_connection::clone() const eap::config* eap::config_provider_list::clone() const
{ {
return new config_connection(*this); return new config_provider_list(*this);
} }
void eap::config_connection::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const void eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{ {
config::save(pDoc, pConfigRoot); config::save(pDoc, pConfigRoot);
@@ -686,7 +686,7 @@ void eap::config_connection::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *
} }
void eap::config_connection::load(_In_ IXMLDOMNode *pConfigRoot) void eap::config_provider_list::load(_In_ IXMLDOMNode *pConfigRoot)
{ {
assert(pConfigRoot); assert(pConfigRoot);
HRESULT hr; HRESULT hr;
@@ -714,14 +714,14 @@ void eap::config_connection::load(_In_ IXMLDOMNode *pConfigRoot)
} }
void eap::config_connection::operator<<(_Inout_ cursor_out &cursor) const void eap::config_provider_list::operator<<(_Inout_ cursor_out &cursor) const
{ {
config::operator<<(cursor); config::operator<<(cursor);
cursor << m_providers; cursor << m_providers;
} }
size_t eap::config_connection::get_pk_size() const size_t eap::config_provider_list::get_pk_size() const
{ {
return return
config::get_pk_size() + config::get_pk_size() +
@@ -729,7 +729,7 @@ size_t eap::config_connection::get_pk_size() const
} }
void eap::config_connection::operator>>(_Inout_ cursor_in &cursor) void eap::config_provider_list::operator>>(_Inout_ cursor_in &cursor)
{ {
config::operator>>(cursor); config::operator>>(cursor);

101
lib/EAPBase/src/Credentials.cpp
View File

@@ -36,14 +36,12 @@ eap::credentials::credentials(_In_ module &mod) : config(mod)
eap::credentials::credentials(_In_ const credentials &other) : eap::credentials::credentials(_In_ const credentials &other) :
m_identity(other.m_identity),
config(other) config(other)
{ {
} }
eap::credentials::credentials(_Inout_ credentials &&other) : eap::credentials::credentials(_Inout_ credentials &&other) :
m_identity(std::move(other.m_identity)),
config(std::move(other)) config(std::move(other))
{ {
} }
@@ -51,10 +49,8 @@ eap::credentials::credentials(_Inout_ credentials &&other) :
eap::credentials& eap::credentials::operator=(_In_ const credentials &other) eap::credentials& eap::credentials::operator=(_In_ const credentials &other)
{ {
if (this != &other) { if (this != &other)
(config&)*this = other; (config&)*this = other;
m_identity = other.m_identity;
}
return *this; return *this;
} }
@@ -62,10 +58,8 @@ eap::credentials& eap::credentials::operator=(_In_ const credentials &other)
eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other) eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other)
{ {
if (this != &other) { if (this != &other)
(config&)*this = std::move(other); (config&)*this = std::move(other);
m_identity = std::move(other.m_identity);
}
return *this; return *this;
} }
@@ -73,73 +67,13 @@ eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other)
void eap::credentials::clear() void eap::credentials::clear()
{ {
m_identity.clear();
} }
bool eap::credentials::empty() const bool eap::credentials::empty() const
{ {
return m_identity.empty(); // Base class always report empty credentials.
} return true;
void eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{
assert(pDoc);
assert(pConfigRoot);
config::save(pDoc, pConfigRoot);
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
HRESULT hr;
// <UserName>
if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <UserName> element.");
}
void eap::credentials::load(_In_ IXMLDOMNode *pConfigRoot)
{
assert(pConfigRoot);
HRESULT hr;
config::load(pConfigRoot);
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)))
throw com_runtime_error(hr, __FUNCTION__ " Error reading <UserName> element.");
m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
}
void eap::credentials::operator<<(_Inout_ cursor_out &cursor) const
{
config::operator<<(cursor);
cursor << m_identity;
}
size_t eap::credentials::get_pk_size() const
{
return
config::get_pk_size() +
pksizeof(m_identity);
}
void eap::credentials::operator>>(_Inout_ cursor_in &cursor)
{
config::operator>>(cursor);
cursor >> m_identity;
}
wstring eap::credentials::get_identity() const
{
return m_identity;
} }
@@ -159,6 +93,7 @@ eap::credentials_pass::credentials_pass(_In_ module &mod) : credentials(mod)
eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) : eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) :
m_identity(other.m_identity),
m_password(other.m_password), m_password(other.m_password),
credentials(other) credentials(other)
{ {
@@ -166,6 +101,7 @@ eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) :
eap::credentials_pass::credentials_pass(_Inout_ credentials_pass &&other) : eap::credentials_pass::credentials_pass(_Inout_ credentials_pass &&other) :
m_identity(std::move(other.m_identity)),
m_password(std::move(other.m_password)), m_password(std::move(other.m_password)),
credentials(std::move(other)) credentials(std::move(other))
{ {
@@ -176,6 +112,7 @@ eap::credentials_pass& eap::credentials_pass::operator=(_In_ const credentials_p
{ {
if (this != &other) { if (this != &other) {
(credentials&)*this = other; (credentials&)*this = other;
m_identity = other.m_identity;
m_password = other.m_password; m_password = other.m_password;
} }
@@ -187,6 +124,7 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass
{ {
if (this != &other) { if (this != &other) {
(credentials&)*this = std::move(other); (credentials&)*this = std::move(other);
m_identity = std::move(other.m_identity);
m_password = std::move(other.m_password); m_password = std::move(other.m_password);
} }
@@ -197,13 +135,14 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass
void eap::credentials_pass::clear() void eap::credentials_pass::clear()
{ {
credentials::clear(); credentials::clear();
m_identity.clear();
m_password.clear(); m_password.clear();
} }
bool eap::credentials_pass::empty() const bool eap::credentials_pass::empty() const
{ {
return credentials::empty() && m_password.empty(); return credentials::empty() && m_identity.empty() && m_password.empty();
} }
@@ -217,6 +156,10 @@ void eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata"); const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
HRESULT hr; HRESULT hr;
// <UserName>
if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <UserName> element.");
// <Password> // <Password>
bstr pass(m_password); bstr pass(m_password);
hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass); hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass);
@@ -235,6 +178,11 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
std::wstring xpath(eapxml::get_xpath(pConfigRoot)); std::wstring xpath(eapxml::get_xpath(pConfigRoot));
if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)))
throw com_runtime_error(hr, __FUNCTION__ " Error reading <UserName> element.");
m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
bstr pass; bstr pass;
if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass))) if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)))
throw com_runtime_error(hr, __FUNCTION__ " Error reading <Password> element."); throw com_runtime_error(hr, __FUNCTION__ " Error reading <Password> element.");
@@ -254,6 +202,7 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
void eap::credentials_pass::operator<<(_Inout_ cursor_out &cursor) const void eap::credentials_pass::operator<<(_Inout_ cursor_out &cursor) const
{ {
credentials::operator<<(cursor); credentials::operator<<(cursor);
cursor << m_identity;
cursor << m_password; cursor << m_password;
} }
@@ -262,6 +211,7 @@ size_t eap::credentials_pass::get_pk_size() const
{ {
return return
credentials::get_pk_size() + credentials::get_pk_size() +
pksizeof(m_identity) +
pksizeof(m_password); pksizeof(m_password);
} }
@@ -269,6 +219,7 @@ size_t eap::credentials_pass::get_pk_size() const
void eap::credentials_pass::operator>>(_Inout_ cursor_in &cursor) void eap::credentials_pass::operator>>(_Inout_ cursor_in &cursor)
{ {
credentials::operator>>(cursor); credentials::operator>>(cursor);
cursor >> m_identity;
cursor >> m_password; cursor >> m_password;
} }
@@ -338,7 +289,7 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName)
m_identity.clear(); m_identity.clear();
wstring xpath(pszTargetName); wstring xpath(pszTargetName);
m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str()); m_module.log_config((xpath + L"/Username").c_str(), m_identity.c_str());
m_module.log_config((xpath + L"/Password").c_str(), m_module.log_config((xpath + L"/Password").c_str(),
#ifdef _DEBUG #ifdef _DEBUG
m_password.c_str() m_password.c_str()
@@ -349,6 +300,12 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName)
} }
std::wstring eap::credentials_pass::get_identity() const
{
return m_identity;
}
const unsigned char eap::credentials_pass::s_entropy[1024] = { const unsigned char eap::credentials_pass::s_entropy[1024] = {
0x40, 0x88, 0xd3, 0x13, 0x81, 0x8a, 0xf6, 0x74, 0x55, 0x8e, 0xcc, 0x73, 0x2c, 0xf8, 0x93, 0x37, 0x40, 0x88, 0xd3, 0x13, 0x81, 0x8a, 0xf6, 0x74, 0x55, 0x8e, 0xcc, 0x73, 0x2c, 0xf8, 0x93, 0x37,
0x4f, 0xeb, 0x1d, 0x66, 0xb7, 0xfb, 0x47, 0x75, 0xb4, 0xfd, 0x07, 0xbb, 0xf6, 0xb3, 0x05, 0x30, 0x4f, 0xeb, 0x1d, 0x66, 0xb7, 0xfb, 0x47, 0x75, 0xb4, 0xfd, 0x07, 0xbb, 0xf6, 0xb3, 0x05, 0x30,

2
lib/EAPBase/src/Method.cpp
View File

@@ -28,7 +28,7 @@ using namespace winstd;
// eap::method // eap::method
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::method::method(_In_ module &module, _In_ config_connection &cfg, _In_ credentials &cred) : eap::method::method(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials &cred) :
m_module(module), m_module(module),
m_cfg(cfg), m_cfg(cfg),
m_cred(cred) m_cred(cred)

22
lib/EAPBase/src/Module.cpp
View File

@@ -91,26 +91,20 @@ EAP_ERROR* eap::module::make_error(_In_ std::exception &err) const
MultiByteToWideChar(CP_ACP, 0, err.what(), -1, what); MultiByteToWideChar(CP_ACP, 0, err.what(), -1, what);
{ {
win_runtime_error *e = dynamic_cast<win_runtime_error*>(&err); win_runtime_error &e(dynamic_cast<win_runtime_error&>(err));
if (e) if (&e)
return make_error(e->number(), what.c_str()); return make_error(e.number(), what.c_str());
} }
{ {
com_runtime_error *e = dynamic_cast<com_runtime_error*>(&err); com_runtime_error &e(dynamic_cast<com_runtime_error&>(err));
if (e) if (&e)
return make_error(HRESULT_CODE(e->number()), what.c_str()); return make_error(HRESULT_CODE(e.number()), what.c_str());
} }
{ {
sec_runtime_error *e = dynamic_cast<sec_runtime_error*>(&err); invalid_argument &e(dynamic_cast<invalid_argument&>(err));
if (e) if (&e)
return make_error(SCODE_CODE(e->number()), what.c_str());
}
{
invalid_argument *e = dynamic_cast<invalid_argument*>(&err);
if (e)
return make_error(ERROR_INVALID_PARAMETER, what.c_str()); return make_error(ERROR_INVALID_PARAMETER, what.c_str());
} }

1
lib/EAPBase/src/StdAfx.h
View File

@@ -30,6 +30,5 @@
#include <WinStd/Cred.h> #include <WinStd/Cred.h>
#include <WinStd/ETW.h> #include <WinStd/ETW.h>
#include <WinStd/Sec.h>
#include <EventsETW.h> #include <EventsETW.h>

72
lib/EAPBase_UI/include/EAP_UI.h
View File

@@ -100,14 +100,6 @@ inline bool wxSetIconFromResource(wxStaticBitmap *bmp, wxIcon &icon, HINSTANCE h
/// ///
inline wxString wxEAPGetProviderName(const std::wstring &id); inline wxString wxEAPGetProviderName(const std::wstring &id);
namespace eap
{
///
/// Base class to prevent multiple instances of the same dialog
///
class monitor_ui;
}
#pragma once #pragma once
#include <wx/msw/winundef.h> // Fixes `CreateDialog` name collision #include <wx/msw/winundef.h> // Fixes `CreateDialog` name collision
@@ -150,10 +142,10 @@ public:
/// ///
/// Constructs a configuration dialog /// Constructs a configuration dialog
/// ///
/// \param[inout] cfg Connection configuration /// \param[inout] cfg Providers configuration data
/// \param[in] parent Parent window /// \param[in] parent Parent window
/// ///
wxEAPConfigDialog(eap::config_connection &cfg, wxWindow* parent) : wxEAPConfigDialog(eap::config_provider_list &cfg, wxWindow* parent) :
m_cfg(cfg), m_cfg(cfg),
wxEAPConfigDialogBase(parent) wxEAPConfigDialogBase(parent)
{ {
@@ -215,7 +207,7 @@ protected:
protected: protected:
eap::config_connection &m_cfg; ///< Connection configuration eap::config_provider_list &m_cfg; ///< EAP providers configuration
}; };
@@ -225,7 +217,7 @@ public:
/// ///
/// Constructs a dialog /// Constructs a dialog
/// ///
wxEAPGeneralDialog(wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = wxEmptyString, const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE); wxEAPGeneralDialog(wxWindow* parent, const wxString& title = wxEmptyString);
/// ///
/// Adds panels to the dialog /// Adds panels to the dialog
@@ -250,7 +242,7 @@ public:
/// ///
/// Constructs a credential dialog /// Constructs a credential dialog
/// ///
wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = _("EAP Credentials"), const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE); wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent);
}; };
@@ -419,7 +411,7 @@ public:
/// \param[inout] prov Provider configuration data /// \param[inout] prov Provider configuration data
/// \param[in] parent Parent window /// \param[in] parent Parent window
/// ///
wxEAPConfigProvider(eap::config_provider &prov, wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = _("Provider Settings"), const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE); wxEAPConfigProvider(eap::config_provider &prov, wxWindow* parent);
protected: protected:
eap::config_provider &m_prov; ///< EAP method configuration eap::config_provider &m_prov; ///< EAP method configuration
@@ -816,55 +808,3 @@ inline wxString wxEAPGetProviderName(const std::wstring &id)
return return
!id.empty() ? id : _("<Your Organization>"); !id.empty() ? id : _("<Your Organization>");
} }
namespace eap
{
class monitor_ui
{
public:
monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid);
virtual ~monitor_ui();
void set_popup(_In_ HWND hwnd);
void release_slaves(_In_bytecount_(size) const void *data, _In_ size_t size) const;
inline bool is_master() const
{
return m_is_master;
}
inline bool is_slave() const
{
return !is_master();
}
inline const std::vector<unsigned char>& master_data() const
{
return m_data;
}
protected:
virtual LRESULT winproc(
_In_ UINT msg,
_In_ WPARAM wparam,
_In_ LPARAM lparam);
static LRESULT CALLBACK winproc(
_In_ HWND hwnd,
_In_ UINT msg,
_In_ WPARAM wparam,
_In_ LPARAM lparam);
protected:
bool m_is_master; ///< Is this monitor master?
HWND m_hwnd; ///< Message window handle
std::list<HWND> m_slaves; ///< List of slaves to notify on finish
HWND m_hwnd_popup; ///< Pop-up window handle
std::vector<unsigned char> m_data; ///< Data master sent
// Custom window messages
static const UINT s_msg_attach; ///< Slave sends this message to attach to master
static const UINT s_msg_finish; ///< Master sends this message to slaves to notify them it has finished (wparam has size, lparam has data)
};
}

2
lib/EAPBase_UI/res/wxEAP_UI.cpp
View File

@@ -412,7 +412,7 @@ wxEAPProviderIdentityPanelBase::wxEAPProviderIdentityPanelBase( wxWindow* parent
sb_provider_helpdesk_inner->Add( m_provider_web_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 ); sb_provider_helpdesk_inner->Add( m_provider_web_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
m_provider_web = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 ); m_provider_web = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_provider_web->SetToolTip( _("Your helpdesk website address") ); m_provider_web->SetToolTip( _("Your helpdesk website") );
sb_provider_helpdesk_inner->Add( m_provider_web, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 ); sb_provider_helpdesk_inner->Add( m_provider_web, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );

2
lib/EAPBase_UI/res/wxEAP_UI.fbp
View File

@@ -3370,7 +3370,7 @@
<property name="style"></property> <property name="style"></property>
<property name="subclass"></property> <property name="subclass"></property>
<property name="toolbar_pane">0</property> <property name="toolbar_pane">0</property>
<property name="tooltip">Your helpdesk website address</property> <property name="tooltip">Your helpdesk website</property>
<property name="validator_data_type"></property> <property name="validator_data_type"></property>
<property name="validator_style">wxFILTER_NONE</property> <property name="validator_style">wxFILTER_NONE</property>
<property name="validator_type">wxDefaultValidator</property> <property name="validator_type">wxDefaultValidator</property>

205
lib/EAPBase_UI/src/EAP_UI.cpp
View File

@@ -41,8 +41,7 @@ bool wxEAPBannerPanel::AcceptsFocusFromKeyboard() const
// wxEAPGeneralDialog // wxEAPGeneralDialog
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
wxEAPGeneralDialog::wxEAPGeneralDialog(wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) : wxEAPGeneralDialog::wxEAPGeneralDialog(wxWindow* parent, const wxString& title) : wxEAPGeneralDialogBase(parent, wxID_ANY, title)
wxEAPGeneralDialogBase(parent, id, title, pos, size, style)
{ {
// Set extra style here, as wxFormBuilder overrides all default flags. // Set extra style here, as wxFormBuilder overrides all default flags.
this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY); this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY);
@@ -81,8 +80,7 @@ void wxEAPGeneralDialog::OnInitDialog(wxInitDialogEvent& event)
// wxEAPCredentialsDialog // wxEAPCredentialsDialog
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) : wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent) : wxEAPGeneralDialog(parent, _("EAP Credentials"))
wxEAPGeneralDialog(parent, id, title, pos, size, style)
{ {
// Set banner title. // Set banner title.
m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), wxEAPGetProviderName(prov.m_id).c_str())); m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), wxEAPGetProviderName(prov.m_id).c_str()));
@@ -330,12 +328,12 @@ bool wxEAPProviderLockPanel::TransferDataFromWindow()
// wxEAPConfigProvider // wxEAPConfigProvider
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) : wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow* parent) :
m_prov(prov), m_prov(prov),
wxEAPGeneralDialog(parent, id, title, pos, size, style) wxEAPGeneralDialog(parent, _("Provider Settings"))
{ {
// Set banner title. // Set banner title.
m_banner->m_title->SetLabel(title); m_banner->m_title->SetLabel(_("Provider Settings"));
m_identity = new wxEAPProviderIdentityPanel(prov, this); m_identity = new wxEAPProviderIdentityPanel(prov, this);
AddContent(m_identity); AddContent(m_identity);
@@ -345,196 +343,3 @@ wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow *p
m_identity->m_provider_name->SetFocusFromKbd(); m_identity->m_provider_name->SetFocusFromKbd();
} }
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::monitor_ui
//////////////////////////////////////////////////////////////////////
eap::monitor_ui::monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid) :
m_hwnd_popup(NULL)
{
// Verify if the monitor is already running.
const WNDCLASSEX wnd_class_desc = {
sizeof(WNDCLASSEX), // cbSize
0, // style
winproc, // lpfnWndProc
0, // cbClsExtra
0, // cbWndExtra
module, // hInstance
NULL, // hIcon
NULL, // hCursor
NULL, // hbrBackground
NULL, // lpszMenuName
_T(__FUNCTION__), // lpszClassName
NULL // hIconSm
};
ATOM wnd_class = RegisterClassEx(&wnd_class_desc);
if (!wnd_class)
throw win_runtime_error(__FUNCTION__ " Error registering master monitor window class.");
tstring_guid guid_str(guid);
HWND hwnd_master = FindWindowEx(HWND_MESSAGE, NULL, (LPCTSTR)wnd_class, guid_str.c_str());
if (hwnd_master) {
// Another monitor is already running.
m_is_master = false;
// Register slave windows class slightly different, not to include slaves in FindWindowEx().
const WNDCLASSEX wnd_class_desc = {
sizeof(WNDCLASSEX), // cbSize
0, // style
winproc, // lpfnWndProc
0, // cbClsExtra
0, // cbWndExtra
module, // hInstance
NULL, // hIcon
NULL, // hCursor
NULL, // hbrBackground
NULL, // lpszMenuName
_T(__FUNCTION__) _T("-Slave"), // lpszClassName
NULL // hIconSm
};
wnd_class = RegisterClassEx(&wnd_class_desc);
if (!wnd_class)
throw win_runtime_error(__FUNCTION__ " Error registering slave monitor window class.");
} else {
// This is a fresh monitor.
m_is_master = true;
}
m_hwnd = CreateWindowEx(
0, // dwExStyle
(LPCTSTR)wnd_class, // lpClassName
guid_str.c_str(), // lpWindowName
0, // dwStyle
0, // x
0, // y
0, // nWidth
0, // nHeight
HWND_MESSAGE, // hWndParent
NULL, // hMenu
module, // hInstance
this); // lpParam
if (!m_is_master) {
// Notify master we are waiting him.
SendMessage(hwnd_master, s_msg_attach, 0, (LPARAM)m_hwnd);
// Slaves must pump message queue until finished.
MSG msg;
while (GetMessage(&msg, NULL, 0, 0) > 0) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
}
eap::monitor_ui::~monitor_ui()
{
if (m_hwnd)
DestroyWindow(m_hwnd);
}
void eap::monitor_ui::set_popup(_In_ HWND hwnd)
{
m_hwnd_popup = hwnd;
}
void eap::monitor_ui::release_slaves(_In_bytecount_(size) const void *data, _In_ size_t size) const
{
assert(!size || data);
for (list<HWND>::const_iterator slave = m_slaves.begin(), slave_end = m_slaves.end(); slave != slave_end; ++slave) {
// Get slave's PID.
DWORD pid_slave;
GetWindowThreadProcessId(*slave, &pid_slave);
// Get slave's process handle.
process proc_slave;
if (!proc_slave.open(PROCESS_VM_OPERATION | PROCESS_VM_WRITE, 0, pid_slave))
continue;
// Allocate memory in slave's virtual memory space and save data to it.
vmemory mem_slave;
if (!mem_slave.alloc(proc_slave, NULL, size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE))
continue;
if (!WriteProcessMemory(proc_slave, mem_slave, data, size, NULL))
continue;
// Notify slave. Use SendMessage(), not PostMessage(), as memory will get cleaned up.
SendMessage(*slave, s_msg_finish, (WPARAM)size, (LPARAM)(LPVOID)mem_slave);
}
}
LRESULT eap::monitor_ui::winproc(
_In_ UINT msg,
_In_ WPARAM wparam,
_In_ LPARAM lparam)
{
UNREFERENCED_PARAMETER(wparam);
if (msg == s_msg_attach) {
// Attach a new slave.
assert(m_is_master);
m_slaves.push_back((HWND)lparam);
if (m_hwnd_popup) {
// Bring pop-up window up.
if (::IsIconic(m_hwnd_popup))
::SendMessage(m_hwnd_popup, WM_SYSCOMMAND, SC_RESTORE, 0);
::SetActiveWindow(m_hwnd_popup);
::SetForegroundWindow(m_hwnd_popup);
}
return TRUE;
} else if (msg == s_msg_finish) {
// Master finished.
assert(!m_is_master);
m_data.assign((const unsigned char*)lparam, (const unsigned char*)lparam + wparam);
// Finish slave too.
DestroyWindow(m_hwnd);
return TRUE;
} else if (msg == WM_DESTROY) {
// Stop the message pump.
PostQuitMessage(0);
return 0;
}
return DefWindowProc(m_hwnd, msg, wparam, lparam);
}
LRESULT CALLBACK eap::monitor_ui::winproc(
_In_ HWND hwnd,
_In_ UINT msg,
_In_ WPARAM wparam,
_In_ LPARAM lparam)
{
if (msg == WM_CREATE) {
// Set window's user data to "this" pointer.
const CREATESTRUCT *cs = (CREATESTRUCT*)lparam;
SetWindowLongPtr(hwnd, GWLP_USERDATA, (LONG_PTR)cs->lpCreateParams);
// Forward to our handler.
return ((eap::monitor_ui*)cs->lpCreateParams)->winproc(msg, wparam, lparam);
} else {
// Get "this" pointer from window's user data.
eap::monitor_ui *_this = (eap::monitor_ui*)GetWindowLongPtr(hwnd, GWLP_USERDATA);
if (_this) {
// Forward to our handler.
return _this->winproc(msg, wparam, lparam);
} else
return DefWindowProc(hwnd, msg, wparam, lparam);
}
}
const UINT eap::monitor_ui::s_msg_attach = RegisterWindowMessage(_T(PRODUCT_NAME_STR) _T("-Attach"));
const UINT eap::monitor_ui::s_msg_finish = RegisterWindowMessage(_T(PRODUCT_NAME_STR) _T("-Finish"));

BIN
lib/Events/res/EventsETW.man
View File

Binary file not shown.

358
lib/TLS/include/Config.h
View File

@@ -1,182 +1,176 @@
/* /*
Copyright 2015-2016 Amebis Copyright 2015-2016 Amebis
Copyright 2016 GÉANT Copyright 2016 GÉANT
This file is part of GÉANTLink. This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or the Free Software Foundation, either version 3 of the License, or
(at your option) any later version. (at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>. along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include <WinStd/Common.h> #include <WinStd/Common.h>
#include <Windows.h> #include <Windows.h>
#include <WinCrypt.h> // Must include after <Windows.h> #include <WinCrypt.h> // Must include after <Windows.h>
#include <sal.h> #include <sal.h>
#define EAP_TLS_OWN 0 ///< We do the TLS ourself namespace eap
#define EAP_TLS_SCHANNEL 1 ///< TLS is done by Schannel, but server certificate check is done ourself {
#define EAP_TLS_SCHANNEL_FULL 2 ///< TLS is fully done by Schannel ///
/// TLS configuration
namespace eap ///
{ class config_method_tls;
///
/// TLS configuration ///
/// /// Helper function to compile human-readable certificate name for UI display
class config_method_tls; ///
winstd::tstring get_cert_title(PCCERT_CONTEXT cert);
/// }
/// Helper function to compile human-readable certificate name for UI display
/// #pragma once
winstd::tstring get_cert_title(PCCERT_CONTEXT cert);
} #include "Credentials.h"
#include "Method.h"
#pragma once #include "TLS.h"
#include "Credentials.h" #include "../../EAPBase/include/Config.h"
#include "Method.h"
#include "TLS.h" #include <WinStd/Crypt.h>
#include "../../EAPBase/include/Config.h" #include <Windows.h>
#include <WinStd/Crypt.h> #include <list>
#include <string>
#include <Windows.h>
#include <list> namespace eap
#include <string> {
class config_method_tls : public config_method_with_cred
{
namespace eap public:
{ ///
class config_method_tls : public config_method_with_cred /// Constructs configuration
{ ///
public: /// \param[in] mod EAP module to use for global services
/// ///
/// Constructs configuration config_method_tls(_In_ module &mod);
///
/// \param[in] mod EAP module to use for global services ///
/// /// Copies configuration
config_method_tls(_In_ module &mod); ///
/// \param[in] other Configuration to copy from
/// ///
/// Copies configuration config_method_tls(_In_ const config_method_tls &other);
///
/// \param[in] other Configuration to copy from ///
/// /// Moves configuration
config_method_tls(_In_ const config_method_tls &other); ///
/// \param[in] other Configuration to move from
/// ///
/// Moves configuration config_method_tls(_Inout_ config_method_tls &&other);
///
/// \param[in] other Configuration to move from ///
/// /// Copies configuration
config_method_tls(_Inout_ config_method_tls &&other); ///
/// \param[in] other Configuration to copy from
/// ///
/// Copies configuration /// \returns Reference to this object
/// ///
/// \param[in] other Configuration to copy from config_method_tls& operator=(_In_ const config_method_tls &other);
///
/// \returns Reference to this object ///
/// /// Moves configuration
config_method_tls& operator=(_In_ const config_method_tls &other); ///
/// \param[in] other Configuration to move from
/// ///
/// Moves configuration /// \returns Reference to this object
/// ///
/// \param[in] other Configuration to move from config_method_tls& operator=(_Inout_ config_method_tls &&other);
///
/// \returns Reference to this object ///
/// /// Clones configuration
config_method_tls& operator=(_Inout_ config_method_tls &&other); ///
/// \returns Pointer to cloned configuration
/// ///
/// Clones configuration virtual config* clone() const;
///
/// \returns Pointer to cloned configuration /// \name XML configuration management
/// /// @{
virtual config* clone() const;
///
/// \name XML configuration management /// Save to XML document
/// @{ ///
/// \param[in] pDoc XML document
/// /// \param[in] pConfigRoot Suggested root element for saving
/// Save to XML document ///
/// virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving ///
/// /// Load from XML document
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const; ///
/// \param[in] pConfigRoot Root element for loading
/// ///
/// Load from XML document virtual void load(_In_ IXMLDOMNode *pConfigRoot);
///
/// \param[in] pConfigRoot Root element for loading /// @}
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot); /// \name BLOB management
/// @{
/// @}
///
/// \name BLOB management /// Packs a configuration
/// @{ ///
/// \param[inout] cursor Memory cursor
/// ///
/// Packs a configuration virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// \param[inout] cursor Memory cursor ///
/// /// Returns packed size of a configuration
virtual void operator<<(_Inout_ cursor_out &cursor) const; ///
/// \returns Size of data when packed (in bytes)
/// ///
/// Returns packed size of a configuration virtual size_t get_pk_size() const;
///
/// \returns Size of data when packed (in bytes) ///
/// /// Unpacks a configuration
virtual size_t get_pk_size() const; ///
/// \param[inout] cursor Memory cursor
/// ///
/// Unpacks a configuration virtual void operator>>(_Inout_ cursor_in &cursor);
///
/// \param[inout] cursor Memory cursor /// @}
///
virtual void operator>>(_Inout_ cursor_in &cursor); ///
/// Returns EAP method type of this configuration
/// @} ///
/// \returns `eap::type_tls`
/// ///
/// Returns EAP method type of this configuration virtual winstd::eap_type_t get_method_id() const;
///
/// \returns `eap::type_tls` ///
/// /// Adds CA to the list of trusted root CA's
virtual winstd::eap_type_t get_method_id() const; ///
/// \sa [CertCreateCertificateContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376033.aspx)
/// ///
/// Adds CA to the list of trusted root CA's bool add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded);
///
/// \sa [CertCreateCertificateContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376033.aspx) public:
/// std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs
bool add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded); std::list<std::wstring> m_server_names; ///< Acceptable authenticating server names
public: // Following members are used for session resumptions. They are not exported/imported to XML.
std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs sanitizing_blob m_session_id; ///< TLS session ID
std::list<std::wstring> m_server_names; ///< Acceptable authenticating server names tls_master_secret m_master_secret; ///< TLS master secret
};
#if EAP_TLS < EAP_TLS_SCHANNEL }
// Following members are used for session resumptions. They are not exported/imported to XML.
sanitizing_blob m_session_id; ///< TLS session ID
tls_master_secret m_master_secret; ///< TLS master secret
#endif
};
}

5
lib/TLS/include/Credentials.h
View File

@@ -180,6 +180,11 @@ namespace eap
/// ///
virtual std::wstring get_identity() const; virtual std::wstring get_identity() const;
///
/// Returns credential name (for GUI display).
///
virtual winstd::tstring get_name() const;
/// ///
/// Combine credentials in the following order: /// Combine credentials in the following order:
/// ///

49
lib/TLS/include/Method.h
View File

@@ -36,7 +36,6 @@ namespace eap
#include "../../EAPBase/include/Method.h" #include "../../EAPBase/include/Method.h"
#include <WinStd/Crypt.h> #include <WinStd/Crypt.h>
#include <WinStd/Sec.h>
#include <list> #include <list>
#include <vector> #include <vector>
@@ -146,10 +145,10 @@ namespace eap
/// Constructs an EAP method /// Constructs an EAP method
/// ///
/// \param[in] mod EAP module to use for global services /// \param[in] mod EAP module to use for global services
/// \param[in] cfg Connection configuration /// \param[in] cfg Providers configuration
/// \param[in] cred User credentials /// \param[in] cred User credentials
/// ///
method_tls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_tls &cred); method_tls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_tls &cred);
/// ///
/// Moves an EAP method /// Moves an EAP method
@@ -217,7 +216,6 @@ namespace eap
/// @} /// @}
protected: protected:
#if EAP_TLS < EAP_TLS_SCHANNEL
/// \name Client handshake message generation /// \name Client handshake message generation
/// @{ /// @{
@@ -362,18 +360,6 @@ namespace eap
/// ///
virtual void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); virtual void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
#else
///
/// Process handshake
///
void process_handshake();
///
/// Process application data
///
void process_application_data();
#endif
/// ///
/// Processes a TLS application_data message /// Processes a TLS application_data message
/// ///
@@ -384,16 +370,24 @@ namespace eap
/// ///
virtual void process_application_data(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); virtual void process_application_data(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
/////
///// Processes a vendor-specific TLS message
/////
///// \note Please see `m_cipher_spec` member if the message data came encrypted.
/////
///// \param[in] type TLS message type
///// \param[in] msg TLS message data
///// \param[in] msg_size TLS message data size
/////
//virtual void process_vendor_data(_In_ tls_message_type_t type, _In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
/// @} /// @}
#if EAP_TLS < EAP_TLS_SCHANNEL_FULL
/// ///
/// Verifies server's certificate if trusted by configuration /// Verifies server's certificate if trusted by configuration
/// ///
void verify_server_trust() const; void verify_server_trust() const;
#endif
#if EAP_TLS < EAP_TLS_SCHANNEL
/// \name Encryption /// \name Encryption
/// @{ /// @{
@@ -487,16 +481,13 @@ namespace eap
_In_ HCRYPTKEY key, _In_ HCRYPTKEY key,
_In_bytecount_(size_secret) const void *secret, _In_bytecount_(size_secret) const void *secret,
_In_ size_t size_secret); _In_ size_t size_secret);
#endif
protected: protected:
credentials_tls &m_cred; ///< EAP-TLS user credentials credentials_tls &m_cred; ///< EAP-TLS user credentials
HANDLE m_user_ctx; ///< Handle to user context
packet m_packet_req; ///< Request packet packet m_packet_req; ///< Request packet
packet m_packet_res; ///< Response packet packet m_packet_res; ///< Response packet
#if EAP_TLS < EAP_TLS_SCHANNEL
winstd::crypt_prov m_cp; ///< Cryptography provider for general services winstd::crypt_prov m_cp; ///< Cryptography provider for general services
winstd::crypt_prov m_cp_enc_client; ///< Cryptography provider for encryption winstd::crypt_prov m_cp_enc_client; ///< Cryptography provider for encryption
winstd::crypt_prov m_cp_enc_server; ///< Cryptography provider for encryption winstd::crypt_prov m_cp_enc_server; ///< Cryptography provider for encryption
@@ -537,20 +528,6 @@ namespace eap
unsigned __int64 m_seq_num_client; ///< Sequence number for encrypting unsigned __int64 m_seq_num_client; ///< Sequence number for encrypting
unsigned __int64 m_seq_num_server; ///< Sequence number for decrypting unsigned __int64 m_seq_num_server; ///< Sequence number for decrypting
#else
winstd::tstring m_sc_target_name; ///< Schannel target name
winstd::sec_credentials m_sc_cred; ///< Schannel client credentials
std::vector<unsigned char> m_sc_queue; ///< TLS data queue
winstd::sec_context m_sc_ctx; ///< Schannel context
enum {
phase_unknown = -1, ///< Unknown phase
phase_handshake_init = 0, ///< Handshake initialize
phase_handshake_cont, ///< Handshake continue
phase_application_data, ///< Exchange application data
phase_shutdown, ///< Connection shut down
} m_phase, m_phase_prev; ///< What phase is our communication at?
#endif
// The following members are required to avoid memory leakage in get_result() // The following members are required to avoid memory leakage in get_result()
EAP_ATTRIBUTES m_eap_attr_desc; ///< EAP Radius attributes descriptor EAP_ATTRIBUTES m_eap_attr_desc; ///< EAP Radius attributes descriptor

9
lib/TLS/include/TLS.h
View File

@@ -503,16 +503,7 @@ namespace eap
/// ///
tls_conn_state& operator=(_Inout_ tls_conn_state &&other); tls_conn_state& operator=(_Inout_ tls_conn_state &&other);
///
/// Configures state according to given cipher
///
/// \param[in] cipher Cipher ID
///
void set_cipher(_In_ const unsigned char cipher[2]);
public: public:
LPCTSTR m_prov_name; ///< Cryptography provider name
DWORD m_prov_type; ///< Cryptography provider type
ALG_ID m_alg_encrypt; ///< Bulk encryption algorithm ALG_ID m_alg_encrypt; ///< Bulk encryption algorithm
size_t m_size_enc_key; ///< Encryption key size in bytes (has to comply with `m_alg_encrypt`) size_t m_size_enc_key; ///< Encryption key size in bytes (has to comply with `m_alg_encrypt`)
size_t m_size_enc_iv; ///< Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`) size_t m_size_enc_iv; ///< Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`)

613
lib/TLS/src/Config.cpp
View File

@@ -1,315 +1,298 @@
/* /*
Copyright 2015-2016 Amebis Copyright 2015-2016 Amebis
Copyright 2016 GÉANT Copyright 2016 GÉANT
This file is part of GÉANTLink. This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or the Free Software Foundation, either version 3 of the License, or
(at your option) any later version. (at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>. along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include "StdAfx.h" #include "StdAfx.h"
#pragma comment(lib, "Cryptui.lib") #pragma comment(lib, "Cryptui.lib")
using namespace std; using namespace std;
using namespace winstd; using namespace winstd;
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// eap::get_cert_title // eap::get_cert_title
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
tstring eap::get_cert_title(PCCERT_CONTEXT cert) tstring eap::get_cert_title(PCCERT_CONTEXT cert)
{ {
tstring name, str, issuer, title; tstring name, str, issuer, title;
FILETIME ft; FILETIME ft;
SYSTEMTIME st; SYSTEMTIME st;
// Prepare certificate information // Prepare certificate information
CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, name); CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, name);
title += name; title += name;
FileTimeToLocalFileTime(&(cert->pCertInfo->NotBefore), &ft); FileTimeToLocalFileTime(&(cert->pCertInfo->NotBefore), &ft);
FileTimeToSystemTime(&ft, &st); FileTimeToSystemTime(&ft, &st);
GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str); GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
title += _T(", "); title += _T(", ");
title += str; title += str;
FileTimeToLocalFileTime(&(cert->pCertInfo->NotAfter ), &ft); FileTimeToLocalFileTime(&(cert->pCertInfo->NotAfter ), &ft);
FileTimeToSystemTime(&ft, &st); FileTimeToSystemTime(&ft, &st);
GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str); GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
title += _T('-'); title += _T('-');
title += str; title += str;
CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_ISSUER_FLAG, NULL, issuer); CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_ISSUER_FLAG, NULL, issuer);
if (name != issuer) { if (name != issuer) {
title += _T(", "); title += _T(", ");
title += issuer; title += issuer;
} }
return title; return title;
} }
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// eap::config_method_tls // eap::config_method_tls
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with_cred(mod) eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with_cred(mod)
{ {
m_preshared.reset(new credentials_tls(mod)); m_preshared.reset(new credentials_tls(mod));
} }
eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) : eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
m_trusted_root_ca(other.m_trusted_root_ca), m_trusted_root_ca(other.m_trusted_root_ca),
m_server_names(other.m_server_names), m_server_names(other.m_server_names),
#if EAP_TLS < EAP_TLS_SCHANNEL m_session_id(other.m_session_id),
m_session_id(other.m_session_id), m_master_secret(other.m_master_secret),
m_master_secret(other.m_master_secret), config_method_with_cred(other)
#endif {
config_method_with_cred(other) }
{
}
eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) :
m_trusted_root_ca(std::move(other.m_trusted_root_ca)),
eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) : m_server_names(std::move(other.m_server_names)),
m_trusted_root_ca(std::move(other.m_trusted_root_ca)), m_session_id(std::move(other.m_session_id)),
m_server_names(std::move(other.m_server_names)), m_master_secret(std::move(other.m_master_secret)),
#if EAP_TLS < EAP_TLS_SCHANNEL config_method_with_cred(std::move(other))
m_session_id(std::move(other.m_session_id)), {
m_master_secret(std::move(other.m_master_secret)), }
#endif
config_method_with_cred(std::move(other))
{ eap::config_method_tls& eap::config_method_tls::operator=(_In_ const config_method_tls &other)
} {
if (this != &other) {
(config_method_with_cred&)*this = other;
eap::config_method_tls& eap::config_method_tls::operator=(_In_ const config_method_tls &other) m_trusted_root_ca = other.m_trusted_root_ca;
{ m_server_names = other.m_server_names;
if (this != &other) { m_session_id = other.m_session_id;
(config_method_with_cred&)*this = other; m_master_secret = other.m_master_secret;
m_trusted_root_ca = other.m_trusted_root_ca; }
m_server_names = other.m_server_names;
#if EAP_TLS < EAP_TLS_SCHANNEL return *this;
m_session_id = other.m_session_id; }
m_master_secret = other.m_master_secret;
#endif
} eap::config_method_tls& eap::config_method_tls::operator=(_Inout_ config_method_tls &&other)
{
return *this; if (this != &other) {
} (config_method_with_cred&&)*this = std::move(other);
m_trusted_root_ca = std::move(other.m_trusted_root_ca);
m_server_names = std::move(other.m_server_names);
eap::config_method_tls& eap::config_method_tls::operator=(_Inout_ config_method_tls &&other) m_session_id = std::move(other.m_session_id);
{ m_master_secret = std::move(other.m_master_secret);
if (this != &other) { }
(config_method_with_cred&&)*this = std::move(other);
m_trusted_root_ca = std::move(other.m_trusted_root_ca); return *this;
m_server_names = std::move(other.m_server_names); }
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id = std::move(other.m_session_id);
m_master_secret = std::move(other.m_master_secret); eap::config* eap::config_method_tls::clone() const
#endif {
} return new config_method_tls(*this);
}
return *this;
}
void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{
eap::config* eap::config_method_tls::clone() const assert(pDoc);
{ assert(pConfigRoot);
return new config_method_tls(*this);
} config_method_with_cred::save(pDoc, pConfigRoot);
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const HRESULT hr;
{
assert(pDoc); // <ServerSideCredential>
assert(pConfigRoot); com_obj<IXMLDOMElement> pXmlElServerSideCredential;
if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential)))
config_method_with_cred::save(pDoc, pConfigRoot); throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerSideCredential> element.");
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata"); for (list<cert_context>::const_iterator i = m_trusted_root_ca.begin(), i_end = m_trusted_root_ca.end(); i != i_end; ++i) {
HRESULT hr; // <CA>
com_obj<IXMLDOMElement> pXmlElCA;
// <ServerSideCredential> if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA)))
com_obj<IXMLDOMElement> pXmlElServerSideCredential; throw com_runtime_error(hr, __FUNCTION__ " Error creating <CA> element.");
if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerSideCredential> element."); // <CA>/<format>
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM"))))
for (list<cert_context>::const_iterator i = m_trusted_root_ca.begin(), i_end = m_trusted_root_ca.end(); i != i_end; ++i) { throw com_runtime_error(hr, __FUNCTION__ " Error creating <format> element.");
// <CA>
com_obj<IXMLDOMElement> pXmlElCA; // <CA>/<cert-data>
if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA))) const cert_context &cc = *i;
throw com_runtime_error(hr, __FUNCTION__ " Error creating <CA> element."); if (FAILED(hr = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <cert-data> element.");
// <CA>/<format>
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM")))) if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <format> element."); throw com_runtime_error(hr, __FUNCTION__ " Error appending <CA> element.");
}
// <CA>/<cert-data>
const cert_context &cc = *i; // <ServerName>
if (FAILED(hr = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded))) for (list<wstring>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
throw com_runtime_error(hr, __FUNCTION__ " Error creating <cert-data> element."); if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(*i))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element.");
if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL))) }
throw com_runtime_error(hr, __FUNCTION__ " Error appending <CA> element."); }
}
// <ServerName> void eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot)
for (list<wstring>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) { {
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(*i)))) assert(pConfigRoot);
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element.");
} config_method_with_cred::load(pConfigRoot);
}
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
void eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot) m_trusted_root_ca.clear();
{ m_server_names.clear();
assert(pConfigRoot);
// <ServerSideCredential>
config_method_with_cred::load(pConfigRoot); com_obj<IXMLDOMElement> pXmlElServerSideCredential;
if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), &pXmlElServerSideCredential))) {
std::wstring xpath(eapxml::get_xpath(pConfigRoot)); std::wstring xpathServerSideCredential(xpath + L"/ServerSideCredential");
m_trusted_root_ca.clear(); // <CA>
m_server_names.clear(); com_obj<IXMLDOMNodeList> pXmlListCAs;
long lCACount = 0;
// <ServerSideCredential> if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:CA"), &pXmlListCAs)) && SUCCEEDED(pXmlListCAs->get_length(&lCACount))) {
com_obj<IXMLDOMElement> pXmlElServerSideCredential; for (long j = 0; j < lCACount; j++) {
if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), &pXmlElServerSideCredential))) { // Load CA certificate.
std::wstring xpathServerSideCredential(xpath + L"/ServerSideCredential"); com_obj<IXMLDOMNode> pXmlElCA;
pXmlListCAs->get_item(j, &pXmlElCA);
// <CA> bstr bstrFormat;
com_obj<IXMLDOMNodeList> pXmlListCAs; if (FAILED(eapxml::get_element_value(pXmlElCA, bstr(L"eap-metadata:format"), &bstrFormat))) {
long lCACount = 0; // <format> not specified.
if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:CA"), &pXmlListCAs)) && SUCCEEDED(pXmlListCAs->get_length(&lCACount))) { continue;
for (long j = 0; j < lCACount; j++) { }
// Load CA certificate.
com_obj<IXMLDOMNode> pXmlElCA; if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrFormat, bstrFormat.length(), L"PEM", -1, NULL, NULL, 0) != CSTR_EQUAL) {
pXmlListCAs->get_item(j, &pXmlElCA); // Certificate must be PEM encoded.
bstr bstrFormat; continue;
if (FAILED(eapxml::get_element_value(pXmlElCA, bstr(L"eap-metadata:format"), &bstrFormat))) { }
// <format> not specified.
continue; vector<unsigned char> aData;
} if (FAILED(eapxml::get_element_base64(pXmlElCA, bstr(L"eap-metadata:cert-data"), aData))) {
// Error reading <cert-data> element.
if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrFormat, bstrFormat.length(), L"PEM", -1, NULL, NULL, 0) != CSTR_EQUAL) { continue;
// Certificate must be PEM encoded. }
continue;
} add_trusted_ca(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size());
}
vector<unsigned char> aData;
if (FAILED(eapxml::get_element_base64(pXmlElCA, bstr(L"eap-metadata:cert-data"), aData))) { // Log loaded CA certificates.
// Error reading <cert-data> element. list<tstring> cert_names;
continue; for (std::list<winstd::cert_context>::const_iterator cert = m_trusted_root_ca.cbegin(), cert_end = m_trusted_root_ca.cend(); cert != cert_end; ++cert)
} cert_names.push_back(std::move(get_cert_title(*cert)));
m_module.log_config((xpathServerSideCredential + L"/CA").c_str(), cert_names);
add_trusted_ca(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size()); }
}
// <ServerName>
// Log loaded CA certificates. com_obj<IXMLDOMNodeList> pXmlListServerIDs;
list<tstring> cert_names; long lServerIDCount = 0;
for (std::list<winstd::cert_context>::const_iterator cert = m_trusted_root_ca.cbegin(), cert_end = m_trusted_root_ca.cend(); cert != cert_end; ++cert) if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:ServerName"), &pXmlListServerIDs)) && SUCCEEDED(pXmlListServerIDs->get_length(&lServerIDCount))) {
cert_names.push_back(std::move(get_cert_title(*cert))); for (long j = 0; j < lServerIDCount; j++) {
m_module.log_config((xpathServerSideCredential + L"/CA").c_str(), cert_names); // Load server name (<ServerName>).
} com_obj<IXMLDOMNode> pXmlElServerID;
pXmlListServerIDs->get_item(j, &pXmlElServerID);
// <ServerName> bstr bstrServerID;
com_obj<IXMLDOMNodeList> pXmlListServerIDs; pXmlElServerID->get_text(&bstrServerID);
long lServerIDCount = 0; m_server_names.push_back(wstring(bstrServerID));
if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:ServerName"), &pXmlListServerIDs)) && SUCCEEDED(pXmlListServerIDs->get_length(&lServerIDCount))) { }
for (long j = 0; j < lServerIDCount; j++) {
// Load server name (<ServerName>). m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names);
com_obj<IXMLDOMNode> pXmlElServerID; }
pXmlListServerIDs->get_item(j, &pXmlElServerID); }
bstr bstrServerID; }
pXmlElServerID->get_text(&bstrServerID);
m_server_names.push_back(wstring(bstrServerID));
} void eap::config_method_tls::operator<<(_Inout_ cursor_out &cursor) const
{
m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names); config_method_with_cred::operator<<(cursor);
} cursor << m_trusted_root_ca;
} cursor << m_server_names ;
} cursor << m_session_id ;
cursor << m_master_secret ;
}
void eap::config_method_tls::operator<<(_Inout_ cursor_out &cursor) const
{
config_method_with_cred::operator<<(cursor); size_t eap::config_method_tls::get_pk_size() const
cursor << m_trusted_root_ca; {
cursor << m_server_names ; return
#if EAP_TLS < EAP_TLS_SCHANNEL config_method_with_cred::get_pk_size() +
cursor << m_session_id ; pksizeof(m_trusted_root_ca) +
cursor << m_master_secret ; pksizeof(m_server_names ) +
#endif pksizeof(m_session_id ) +
} pksizeof(m_master_secret );
}
size_t eap::config_method_tls::get_pk_size() const
{ void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor)
return {
config_method_with_cred::get_pk_size() + config_method_with_cred::operator>>(cursor);
pksizeof(m_trusted_root_ca) + cursor >> m_trusted_root_ca;
pksizeof(m_server_names ) cursor >> m_server_names ;
#if EAP_TLS < EAP_TLS_SCHANNEL cursor >> m_session_id ;
+ cursor >> m_master_secret ;
pksizeof(m_session_id ) + }
pksizeof(m_master_secret );
#else
; eap_type_t eap::config_method_tls::get_method_id() const
#endif {
} return eap_type_tls;
}
void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor)
{ bool eap::config_method_tls::add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded)
config_method_with_cred::operator>>(cursor); {
cursor >> m_trusted_root_ca; cert_context cert;
cursor >> m_server_names ; if (!cert.create(dwCertEncodingType, pbCertEncoded, cbCertEncoded)) {
#if EAP_TLS < EAP_TLS_SCHANNEL // Invalid or unsupported certificate.
cursor >> m_session_id ; return false;
cursor >> m_master_secret ; }
#endif
} for (list<cert_context>::const_iterator i = m_trusted_root_ca.cbegin(), i_end = m_trusted_root_ca.cend();; ++i) {
if (i != i_end) {
if (*i == cert) {
eap_type_t eap::config_method_tls::get_method_id() const // This certificate is already on the list.
{ return false;
return eap_type_tls; }
} } else {
// End of list reached. Append certificate.
m_trusted_root_ca.push_back(std::move(cert));
bool eap::config_method_tls::add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded) return true;
{ }
cert_context cert; }
if (!cert.create(dwCertEncodingType, pbCertEncoded, cbCertEncoded)) { }
// Invalid or unsupported certificate.
return false;
}
for (list<cert_context>::const_iterator i = m_trusted_root_ca.cbegin(), i_end = m_trusted_root_ca.cend();; ++i) {
if (i != i_end) {
if (*i == cert) {
// This certificate is already on the list.
return false;
}
} else {
// End of list reached. Append certificate.
m_trusted_root_ca.push_back(std::move(cert));
return true;
}
}
}

26
lib/TLS/src/Credentials.cpp
View File

@@ -182,10 +182,11 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
throw win_runtime_error(__FUNCTION__ " CryptProtectData failed."); throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
tstring target(target_name(pszTargetName)); tstring target(target_name(pszTargetName));
wstring name(std::move(get_name()));
// Write credentials. // Write credentials.
assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE); assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH ); assert(name.length() < CRED_MAX_USERNAME_LENGTH );
CREDENTIAL cred = { CREDENTIAL cred = {
0, // Flags 0, // Flags
CRED_TYPE_GENERIC, // Type CRED_TYPE_GENERIC, // Type
@@ -198,7 +199,7 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
0, // AttributeCount 0, // AttributeCount
NULL, // Attributes NULL, // Attributes
NULL, // TargetAlias NULL, // TargetAlias
(LPTSTR)m_identity.c_str() // UserName (LPTSTR)name.c_str() // UserName
}; };
if (!CredWrite(&cred, 0)) if (!CredWrite(&cred, 0))
throw win_runtime_error(__FUNCTION__ " CredWrite failed."); throw win_runtime_error(__FUNCTION__ " CredWrite failed.");
@@ -226,14 +227,7 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName)
if (!bResult) if (!bResult)
throw win_runtime_error(__FUNCTION__ " Error loading certificate."); throw win_runtime_error(__FUNCTION__ " Error loading certificate.");
if (cred->UserName) m_module.log_config((wstring(pszTargetName) + L"/Certificate").c_str(), get_name().c_str());
m_identity = cred->UserName;
else
m_identity.clear();
wstring xpath(pszTargetName);
m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
m_module.log_config((xpath + L"/Certificate").c_str(), get_name().c_str());
} }
@@ -245,9 +239,7 @@ LPCTSTR eap::credentials_tls::target_suffix() const
std::wstring eap::credentials_tls::get_identity() const std::wstring eap::credentials_tls::get_identity() const
{ {
if (!m_identity.empty()) { if (m_cert) {
return m_identity;
} else if (m_cert) {
wstring identity; wstring identity;
CertGetNameString(m_cert, CERT_NAME_EMAIL_TYPE, 0, NULL, identity); CertGetNameString(m_cert, CERT_NAME_EMAIL_TYPE, 0, NULL, identity);
return identity; return identity;
@@ -256,6 +248,12 @@ std::wstring eap::credentials_tls::get_identity() const
} }
tstring eap::credentials_tls::get_name() const
{
return m_cert ? std::move(get_cert_title(m_cert)) : _T("<blank>");
}
eap::credentials::source_t eap::credentials_tls::combine( eap::credentials::source_t eap::credentials_tls::combine(
_In_ const credentials_tls *cred_cached, _In_ const credentials_tls *cred_cached,
_In_ const config_method_tls &cfg, _In_ const config_method_tls &cfg,

3622
lib/TLS/src/Method.cpp
View File

File diff suppressed because it is too large Load Diff

1
lib/TLS/src/StdAfx.h
View File

@@ -31,7 +31,6 @@
#include <WinStd/EAP.h> #include <WinStd/EAP.h>
#include <EapHostError.h> #include <EapHostError.h>
#include <schnlsp.h>
#include <time.h> #include <time.h>
#include <algorithm> #include <algorithm>

153
lib/TLS/src/TLS.cpp
View File

@@ -182,8 +182,6 @@ eap::tls_conn_state::tls_conn_state()
#ifdef _DEBUG #ifdef _DEBUG
// Initialize state primitive members for diagnostic purposes. // Initialize state primitive members for diagnostic purposes.
: :
m_prov_name (NULL),
m_prov_type (0),
m_alg_encrypt (0), m_alg_encrypt (0),
m_size_enc_key (0), m_size_enc_key (0),
m_size_enc_iv (0), m_size_enc_iv (0),
@@ -197,8 +195,6 @@ eap::tls_conn_state::tls_conn_state()
eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) : eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) :
m_prov_name (other.m_prov_name ),
m_prov_type (other.m_prov_type ),
m_alg_encrypt (other.m_alg_encrypt ), m_alg_encrypt (other.m_alg_encrypt ),
m_size_enc_key (other.m_size_enc_key ), m_size_enc_key (other.m_size_enc_key ),
m_size_enc_iv (other.m_size_enc_iv ), m_size_enc_iv (other.m_size_enc_iv ),
@@ -213,8 +209,6 @@ eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) :
eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) : eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
m_prov_name (std::move(other.m_prov_name )),
m_prov_type (std::move(other.m_prov_type )),
m_alg_encrypt (std::move(other.m_alg_encrypt )), m_alg_encrypt (std::move(other.m_alg_encrypt )),
m_size_enc_key (std::move(other.m_size_enc_key )), m_size_enc_key (std::move(other.m_size_enc_key )),
m_size_enc_iv (std::move(other.m_size_enc_iv )), m_size_enc_iv (std::move(other.m_size_enc_iv )),
@@ -227,8 +221,6 @@ eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
{ {
#ifdef _DEBUG #ifdef _DEBUG
// Reinitialize other state primitive members for diagnostic purposes. // Reinitialize other state primitive members for diagnostic purposes.
other.m_prov_name = NULL;
other.m_prov_type = 0;
other.m_alg_encrypt = 0; other.m_alg_encrypt = 0;
other.m_size_enc_key = 0; other.m_size_enc_key = 0;
other.m_size_enc_iv = 0; other.m_size_enc_iv = 0;
@@ -243,8 +235,6 @@ eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &other) eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &other)
{ {
if (this != std::addressof(other)) { if (this != std::addressof(other)) {
m_prov_name = other.m_prov_name ;
m_prov_type = other.m_prov_type ;
m_alg_encrypt = other.m_alg_encrypt ; m_alg_encrypt = other.m_alg_encrypt ;
m_size_enc_key = other.m_size_enc_key ; m_size_enc_key = other.m_size_enc_key ;
m_size_enc_iv = other.m_size_enc_iv ; m_size_enc_iv = other.m_size_enc_iv ;
@@ -263,8 +253,6 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &o
eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&other) eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&other)
{ {
if (this != std::addressof(other)) { if (this != std::addressof(other)) {
m_prov_name = std::move(other.m_prov_name );
m_prov_type = std::move(other.m_prov_type );
m_alg_encrypt = std::move(other.m_alg_encrypt ); m_alg_encrypt = std::move(other.m_alg_encrypt );
m_size_enc_key = std::move(other.m_size_enc_key ); m_size_enc_key = std::move(other.m_size_enc_key );
m_size_enc_iv = std::move(other.m_size_enc_iv ); m_size_enc_iv = std::move(other.m_size_enc_iv );
@@ -277,8 +265,6 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&oth
#ifdef _DEBUG #ifdef _DEBUG
// Reinitialize other state primitive members for diagnostic purposes. // Reinitialize other state primitive members for diagnostic purposes.
other.m_prov_name = NULL;
other.m_prov_type = 0;
other.m_alg_encrypt = 0; other.m_alg_encrypt = 0;
other.m_size_enc_key = 0; other.m_size_enc_key = 0;
other.m_size_enc_iv = 0; other.m_size_enc_iv = 0;
@@ -291,142 +277,3 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&oth
return *this; return *this;
} }
void eap::tls_conn_state::set_cipher(_In_ const unsigned char cipher[2])
{
if (cipher[0] == 0x00 && cipher[1] == 0x0a) {
// TLS_RSA_WITH_3DES_EDE_CBC_SHA
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_3DES;
m_size_enc_key = 192/8; // 3DES 192bits
m_size_enc_iv = 64/8; // 3DES 64bits
m_size_enc_block = 64/8; // 3DES 64bits
m_alg_mac = CALG_SHA1;
m_size_mac_key = 160/8; // SHA-1
m_size_mac_hash = 160/8; // SHA-1
} else if (cipher[0] == 0x00 && cipher[1] == 0x2f) {
// TLS_RSA_WITH_AES_128_CBC_SHA
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA1;
m_size_mac_key = 160/8; // SHA-1
m_size_mac_hash = 160/8; // SHA-1
} else if (cipher[0] == 0x00 && cipher[1] == 0x3c) {
// AES128-SHA256
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x3d) {
// AES256-SHA256
m_prov_name = MS_ENH_RSA_AES_PROV;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x40) {
// DHE-DSS-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x67) {
// DHE-RSA-AES128-SHA256
m_prov_name = MS_DEF_DH_SCHANNEL_PROV;
m_prov_type = PROV_DH_SCHANNEL;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x6a) {
// DHE-DSS-AES256-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x6b) {
// DHE-RSA-AES256-SHA256
m_prov_name = MS_DEF_DH_SCHANNEL_PROV;
m_prov_type = PROV_DH_SCHANNEL;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x23) {
// ECDHE-ECDSA-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x24) {
// ECDHE-ECDSA-AES256-SHA384
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_384;
m_size_mac_key = 384/8; // SHA-384
m_size_mac_hash = 384/8; // SHA-384
} else if (cipher[0] == 0xc0 && cipher[1] == 0x27) {
// ECDHE-RSA-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x28) {
// ECDHE-RSA-AES256-SHA384
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_384;
m_size_mac_key = 384/8; // SHA-384
m_size_mac_hash = 384/8; // SHA-384
} else
throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Unknown cipher (received 0x%02x%02x).", cipher[0], cipher[1]));
}

686
lib/TLS_UI/include/TLS_UI.h
View File

@@ -1,344 +1,342 @@
/* /*
Copyright 2015-2016 Amebis Copyright 2015-2016 Amebis
Copyright 2016 GÉANT Copyright 2016 GÉANT
This file is part of GÉANTLink. This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or the Free Software Foundation, either version 3 of the License, or
(at your option) any later version. (at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>. along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include "../../EAPBase_UI/include/EAP_UI.h" #include "../../EAPBase_UI/include/EAP_UI.h"
#include "../../TLS/include/Config.h" #include "../../TLS/include/Config.h"
#include "../../TLS/include/Credentials.h" #include "../../TLS/include/Credentials.h"
#include <WinStd/Common.h> #include <WinStd/Common.h>
#include <wx/filedlg.h> #include <wx/filedlg.h>
#include <wx/msgdlg.h> #include <wx/msgdlg.h>
#include <Windows.h> #include <Windows.h>
#include <cryptuiapi.h> #include <cryptuiapi.h>
#include <WinCrypt.h> // Must include after <Windows.h> #include <WinCrypt.h> // Must include after <Windows.h>
#include <list> #include <list>
#include <string> #include <string>
/// ///
/// Helper class for auto-destroyable certificates used in wxWidget's item containers /// Helper class for auto-destroyable certificates used in wxWidget's item containers
/// ///
class wxCertificateClientData; class wxCertificateClientData;
/// ///
/// Validator for host name /// Validator for host name
/// ///
class wxHostNameValidator; class wxHostNameValidator;
/// ///
/// Validator for FQDN /// Validator for FQDN
/// ///
class wxFQDNValidator; class wxFQDNValidator;
/// ///
/// Validator for FQDN lists /// Validator for FQDN lists
/// ///
class wxFQDNListValidator; class wxFQDNListValidator;
/// ///
/// TLS credential panel /// TLS credential panel
/// ///
class wxTLSCredentialsPanel; class wxTLSCredentialsPanel;
/// ///
/// TLS server trust configuration panel /// TLS server trust configuration panel
/// ///
class wxTLSServerTrustPanel; class wxTLSServerTrustPanel;
/// ///
/// TLS credentials configuration panel /// TLS credentials configuration panel
/// ///
typedef wxEAPCredentialsConfigPanel<eap::credentials_tls, wxTLSCredentialsPanel> wxTLSCredentialsConfigPanel; typedef wxEAPCredentialsConfigPanel<eap::credentials_tls, wxTLSCredentialsPanel> wxTLSCredentialsConfigPanel;
/// ///
/// TLS configuration panel /// TLS configuration panel
/// ///
class wxTLSConfigPanel; class wxTLSConfigPanel;
#pragma once #pragma once
#include "../res/wxTLS_UI.h" #include "../res/wxTLS_UI.h"
#include <WinStd/Win.h> #include <WinStd/Win.h>
#include <wx/clntdata.h> #include <wx/clntdata.h>
#include <wx/icon.h> #include <wx/icon.h>
#include <wx/panel.h> #include <wx/panel.h>
#include <wx/textctrl.h> #include <wx/textctrl.h>
#include <wx/validate.h> #include <wx/validate.h>
#include <list> #include <list>
#include <string> #include <string>
#include <vector> #include <vector>
class wxCertificateClientData : public wxClientData class wxCertificateClientData : public wxClientData
{ {
public: public:
/// ///
/// Constructs client data object with existing handle /// Constructs client data object with existing handle
/// ///
wxCertificateClientData(PCCERT_CONTEXT cert); wxCertificateClientData(PCCERT_CONTEXT cert);
/// ///
/// Releases certificate handle and destructs the object /// Releases certificate handle and destructs the object
/// ///
virtual ~wxCertificateClientData(); virtual ~wxCertificateClientData();
public: public:
PCCERT_CONTEXT m_cert; ///< Certificate PCCERT_CONTEXT m_cert; ///< Certificate
}; };
class wxHostNameValidator : public wxValidator class wxHostNameValidator : public wxValidator
{ {
wxDECLARE_DYNAMIC_CLASS(wxHostNameValidator); wxDECLARE_DYNAMIC_CLASS(wxHostNameValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxHostNameValidator); wxDECLARE_NO_ASSIGN_CLASS(wxHostNameValidator);
public: public:
/// ///
/// Construct the validator with a value to store data /// Construct the validator with a value to store data
/// ///
wxHostNameValidator(std::wstring *val = NULL); wxHostNameValidator(std::wstring *val = NULL);
/// ///
/// Copy constructor /// Copy constructor
/// ///
wxHostNameValidator(const wxHostNameValidator &other); wxHostNameValidator(const wxHostNameValidator &other);
/// ///
/// Copies this validator /// Copies this validator
/// ///
virtual wxObject* Clone() const; virtual wxObject* Clone() const;
/// ///
/// Validates the value /// Validates the value
/// ///
virtual bool Validate(wxWindow *parent); virtual bool Validate(wxWindow *parent);
/// ///
/// Transfers the value to the window /// Transfers the value to the window
/// ///
virtual bool TransferToWindow(); virtual bool TransferToWindow();
/// ///
/// Transfers the value from the window /// Transfers the value from the window
/// ///
virtual bool TransferFromWindow(); virtual bool TransferFromWindow();
/// ///
/// Parses FQDN value /// Parses FQDN value
/// ///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL); static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected: protected:
std::wstring *m_val; ///< Pointer to variable to receive control's parsed value std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
}; };
class wxFQDNValidator : public wxValidator class wxFQDNValidator : public wxValidator
{ {
wxDECLARE_DYNAMIC_CLASS(wxFQDNValidator); wxDECLARE_DYNAMIC_CLASS(wxFQDNValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxFQDNValidator); wxDECLARE_NO_ASSIGN_CLASS(wxFQDNValidator);
public: public:
/// ///
/// Construct the validator with a value to store data /// Construct the validator with a value to store data
/// ///
wxFQDNValidator(std::wstring *val = NULL); wxFQDNValidator(std::wstring *val = NULL);
/// ///
/// Copy constructor /// Copy constructor
/// ///
wxFQDNValidator(const wxFQDNValidator &other); wxFQDNValidator(const wxFQDNValidator &other);
/// ///
/// Copies this validator /// Copies this validator
/// ///
virtual wxObject* Clone() const; virtual wxObject* Clone() const;
/// ///
/// Validates the value /// Validates the value
/// ///
virtual bool Validate(wxWindow *parent); virtual bool Validate(wxWindow *parent);
/// ///
/// Transfers the value to the window /// Transfers the value to the window
/// ///
virtual bool TransferToWindow(); virtual bool TransferToWindow();
/// ///
/// Transfers the value from the window /// Transfers the value from the window
/// ///
virtual bool TransferFromWindow(); virtual bool TransferFromWindow();
/// ///
/// Parses FQDN value /// Parses FQDN value
/// ///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL); static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected: protected:
std::wstring *m_val; ///< Pointer to variable to receive control's parsed value std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
}; };
class wxFQDNListValidator : public wxValidator class wxFQDNListValidator : public wxValidator
{ {
wxDECLARE_DYNAMIC_CLASS(wxFQDNListValidator); wxDECLARE_DYNAMIC_CLASS(wxFQDNListValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxFQDNListValidator); wxDECLARE_NO_ASSIGN_CLASS(wxFQDNListValidator);
public: public:
/// ///
/// Construct the validator with a value to store data /// Construct the validator with a value to store data
/// ///
wxFQDNListValidator(std::list<std::wstring> *val = NULL); wxFQDNListValidator(std::list<std::wstring> *val = NULL);
/// ///
/// Copy constructor /// Copy constructor
/// ///
wxFQDNListValidator(const wxFQDNListValidator &other); wxFQDNListValidator(const wxFQDNListValidator &other);
/// ///
/// Copies this validator /// Copies this validator
/// ///
virtual wxObject* Clone() const; virtual wxObject* Clone() const;
/// ///
/// Validates the value /// Validates the value
/// ///
virtual bool Validate(wxWindow *parent); virtual bool Validate(wxWindow *parent);
/// ///
/// Transfers the value to the window /// Transfers the value to the window
/// ///
virtual bool TransferToWindow(); virtual bool TransferToWindow();
/// ///
/// Transfers the value from the window /// Transfers the value from the window
/// ///
virtual bool TransferFromWindow(); virtual bool TransferFromWindow();
/// ///
/// Parses FQDN list value /// Parses FQDN list value
/// ///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out = NULL); static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out = NULL);
protected: protected:
std::list<std::wstring> *m_val; ///< Pointer to variable to receive control's parsed value std::list<std::wstring> *m_val; ///< Pointer to variable to receive control's parsed value
}; };
class wxTLSCredentialsPanel : public wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase> class wxTLSCredentialsPanel : public wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>
{ {
public: public:
/// ///
/// Constructs a configuration panel /// Constructs a configuration panel
/// ///
/// \param[in] prov Provider configuration data /// \param[in] prov Provider configuration data
/// \param[in] cfg Configuration data /// \param[in] cfg Configuration data
/// \param[inout] cred Credentials data /// \param[inout] cred Credentials data
/// \param[in] pszCredTarget Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name. /// \param[in] pszCredTarget Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name.
/// \param[in] parent Parent window /// \param[in] parent Parent window
/// \param[in] is_config Is this panel used to pre-enter credentials? When \c true, the "Remember" checkbox is always selected and disabled. /// \param[in] is_config Is this panel used to pre-enter credentials? When \c true, the "Remember" checkbox is always selected and disabled.
/// ///
wxTLSCredentialsPanel(const eap::config_provider &prov, const eap::config_method_with_cred &cfg, eap::credentials_tls &cred, LPCTSTR pszCredTarget, wxWindow* parent, bool is_config = false); wxTLSCredentialsPanel(const eap::config_provider &prov, const eap::config_method_with_cred &cfg, eap::credentials_tls &cred, LPCTSTR pszCredTarget, wxWindow* parent, bool is_config = false);
protected: protected:
/// \cond internal /// \cond internal
virtual bool TransferDataToWindow(); virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow(); virtual bool TransferDataFromWindow();
virtual void OnUpdateUI(wxUpdateUIEvent& event); virtual void OnUpdateUI(wxUpdateUIEvent& event);
/// \endcond /// \endcond
protected: protected:
winstd::library m_shell32; ///< shell32.dll resource library reference winstd::library m_shell32; ///< shell32.dll resource library reference
wxIcon m_icon; ///< Panel icon wxIcon m_icon; ///< Panel icon
}; };
class wxTLSServerTrustPanel : public wxEAPTLSServerTrustConfigPanelBase class wxTLSServerTrustPanel : public wxEAPTLSServerTrustConfigPanelBase
{ {
public: public:
/// ///
/// Constructs a configuration panel /// Constructs a configuration panel
/// ///
wxTLSServerTrustPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, wxWindow* parent); wxTLSServerTrustPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, wxWindow* parent);
protected: protected:
/// \cond internal /// \cond internal
virtual bool TransferDataToWindow(); virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow(); virtual bool TransferDataFromWindow();
virtual void OnUpdateUI(wxUpdateUIEvent& event); virtual void OnUpdateUI(wxUpdateUIEvent& event);
virtual void OnRootCADClick(wxCommandEvent& event); virtual void OnRootCADClick(wxCommandEvent& event);
virtual void OnRootCAAddStore(wxCommandEvent& event); virtual void OnRootCAAddStore(wxCommandEvent& event);
virtual void OnRootCAAddFile(wxCommandEvent& event); virtual void OnRootCAAddFile(wxCommandEvent& event);
virtual void OnRootCARemove(wxCommandEvent& event); virtual void OnRootCARemove(wxCommandEvent& event);
/// \endcond /// \endcond
/// ///
/// Adds a certificate to the list of trusted root CA list /// Adds a certificate to the list of trusted root CA list
/// ///
/// \param[in] cert Certificate /// \param[in] cert Certificate
/// ///
/// \returns /// \returns
/// - \c true if certificate was added; /// - \c true if certificate was added;
/// - \c false if duplicate found or an error occured. /// - \c false if duplicate found or an error occured.
/// ///
bool AddRootCA(PCCERT_CONTEXT cert); bool AddRootCA(PCCERT_CONTEXT cert);
protected: protected:
const eap::config_provider &m_prov; ///< EAP provider const eap::config_provider &m_prov; ///< EAP provider
eap::config_method_tls &m_cfg; ///< TLS configuration eap::config_method_tls &m_cfg; ///< TLS configuration
winstd::library m_certmgr; ///< certmgr.dll resource library reference winstd::library m_certmgr; ///< certmgr.dll resource library reference
wxIcon m_icon; ///< Panel icon wxIcon m_icon; ///< Panel icon
std::list<std::wstring> m_server_names_val; ///< Acceptable authenticating server names std::list<std::wstring> m_server_names_val; ///< Acceptable authenticating server names
}; };
class wxTLSConfigPanel : public wxPanel class wxTLSConfigPanel : public wxPanel
{ {
public: public:
/// ///
/// Constructs a configuration panel /// Constructs a configuration panel
/// ///
wxTLSConfigPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, LPCTSTR pszCredTarget, wxWindow* parent); wxTLSConfigPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, LPCTSTR pszCredTarget, wxWindow* parent);
/// ///
/// Destructs the configuration panel /// Destructs the configuration panel
/// ///
virtual ~wxTLSConfigPanel(); virtual ~wxTLSConfigPanel();
protected: protected:
/// \cond internal /// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event); virtual void OnInitDialog(wxInitDialogEvent& event);
#if EAP_TLS < EAP_TLS_SCHANNEL virtual bool TransferDataFromWindow();
virtual bool TransferDataFromWindow(); /// \endcond
#endif
/// \endcond protected:
const eap::config_provider &m_prov; ///< EAP provider
protected: eap::config_method_tls &m_cfg; ///< TLS configuration
const eap::config_provider &m_prov; ///< EAP provider wxTLSServerTrustPanel *m_server_trust; ///< Server trust configuration panel
eap::config_method_tls &m_cfg; ///< TLS configuration wxTLSCredentialsConfigPanel *m_credentials; ///< Credentials configuration panel
wxTLSServerTrustPanel *m_server_trust; ///< Server trust configuration panel };
wxTLSCredentialsConfigPanel *m_credentials; ///< Credentials configuration panel
};

383
lib/TLS_UI/res/wxTLS_UI.cpp
View File

@@ -1,201 +1,182 @@
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
// C++ code generated with wxFormBuilder (version Jun 17 2015) // C++ code generated with wxFormBuilder (version Jun 17 2015)
// http://www.wxformbuilder.org/ // http://www.wxformbuilder.org/
// //
// PLEASE DO "NOT" EDIT THIS FILE! // PLEASE DO "NOT" EDIT THIS FILE!
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
#include <StdAfx.h> #include <StdAfx.h>
#include "wxTLS_UI.h" #include "wxTLS_UI.h"
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
wxEAPTLSServerTrustConfigPanelBase::wxEAPTLSServerTrustConfigPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style ) wxEAPTLSServerTrustConfigPanelBase::wxEAPTLSServerTrustConfigPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{ {
wxStaticBoxSizer* sb_server_trust; wxStaticBoxSizer* sb_server_trust;
sb_server_trust = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Server Trust") ), wxVERTICAL ); sb_server_trust = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Server Trust") ), wxVERTICAL );
wxBoxSizer* sb_server_trust_horiz; wxBoxSizer* sb_server_trust_horiz;
sb_server_trust_horiz = new wxBoxSizer( wxHORIZONTAL ); sb_server_trust_horiz = new wxBoxSizer( wxHORIZONTAL );
m_server_trust_icon = new wxStaticBitmap( sb_server_trust->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 ); m_server_trust_icon = new wxStaticBitmap( sb_server_trust->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_server_trust_horiz->Add( m_server_trust_icon, 0, wxALL, 5 ); sb_server_trust_horiz->Add( m_server_trust_icon, 0, wxALL, 5 );
wxBoxSizer* sb_server_trust_vert; wxBoxSizer* sb_server_trust_vert;
sb_server_trust_vert = new wxBoxSizer( wxVERTICAL ); sb_server_trust_vert = new wxBoxSizer( wxVERTICAL );
m_server_trust_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Describe the servers you trust to prevent credential interception in case of man-in-the-middle attacks."), wxDefaultPosition, wxDefaultSize, 0 ); m_server_trust_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Describe the servers you trust to prevent credential interception in case of man-in-the-middle attacks."), wxDefaultPosition, wxDefaultSize, 0 );
m_server_trust_label->Wrap( 446 ); m_server_trust_label->Wrap( 446 );
sb_server_trust_vert->Add( m_server_trust_label, 0, wxALL|wxEXPAND, 5 ); sb_server_trust_vert->Add( m_server_trust_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_root_ca; wxBoxSizer* sb_root_ca;
sb_root_ca = new wxBoxSizer( wxVERTICAL ); sb_root_ca = new wxBoxSizer( wxVERTICAL );
m_root_ca_lbl = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable Certificate Authorities:"), wxDefaultPosition, wxDefaultSize, 0 ); m_root_ca_lbl = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable Certificate Authorities:"), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_lbl->Wrap( -1 ); m_root_ca_lbl->Wrap( -1 );
sb_root_ca->Add( m_root_ca_lbl, 0, wxEXPAND|wxBOTTOM, 5 ); sb_root_ca->Add( m_root_ca_lbl, 0, wxEXPAND|wxBOTTOM, 5 );
m_root_ca = new wxListBox( sb_server_trust->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, 0, NULL, wxLB_SORT ); m_root_ca = new wxListBox( sb_server_trust->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, 0, NULL, wxLB_SORT );
m_root_ca->SetToolTip( _("List of certificate authorities server's certificate must be issued by") ); m_root_ca->SetToolTip( _("List of certificate authorities server's certificate must be issued by") );
sb_root_ca->Add( m_root_ca, 1, wxEXPAND|wxBOTTOM, 5 ); sb_root_ca->Add( m_root_ca, 1, wxEXPAND|wxBOTTOM, 5 );
wxBoxSizer* sb_root_ca_btn; wxBoxSizer* sb_root_ca_btn;
sb_root_ca_btn = new wxBoxSizer( wxHORIZONTAL ); sb_root_ca_btn = new wxBoxSizer( wxHORIZONTAL );
m_root_ca_add_store = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from Store..."), wxDefaultPosition, wxDefaultSize, 0 ); m_root_ca_add_store = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from Store..."), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_add_store->SetToolTip( _("Adds a new certificate authority from the certificate store to the list") ); m_root_ca_add_store->SetToolTip( _("Adds a new certificate authority from the certificate store to the list") );
sb_root_ca_btn->Add( m_root_ca_add_store, 0, wxRIGHT, 5 ); sb_root_ca_btn->Add( m_root_ca_add_store, 0, wxRIGHT, 5 );
m_root_ca_add_file = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from File..."), wxDefaultPosition, wxDefaultSize, 0 ); m_root_ca_add_file = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from File..."), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_add_file->SetToolTip( _("Adds a new certificate authority from the file to the list") ); m_root_ca_add_file->SetToolTip( _("Adds a new certificate authority from the file to the list") );
sb_root_ca_btn->Add( m_root_ca_add_file, 0, wxRIGHT|wxLEFT, 5 ); sb_root_ca_btn->Add( m_root_ca_add_file, 0, wxRIGHT|wxLEFT, 5 );
m_root_ca_remove = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("&Remove CA"), wxDefaultPosition, wxDefaultSize, 0 ); m_root_ca_remove = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("&Remove CA"), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_remove->Enable( false ); m_root_ca_remove->Enable( false );
m_root_ca_remove->SetToolTip( _("Removes selected certificate authorities from the list") ); m_root_ca_remove->SetToolTip( _("Removes selected certificate authorities from the list") );
sb_root_ca_btn->Add( m_root_ca_remove, 0, wxLEFT, 5 ); sb_root_ca_btn->Add( m_root_ca_remove, 0, wxLEFT, 5 );
sb_root_ca->Add( sb_root_ca_btn, 0, wxALIGN_RIGHT, 5 ); sb_root_ca->Add( sb_root_ca_btn, 0, wxALIGN_RIGHT, 5 );
sb_server_trust_vert->Add( sb_root_ca, 1, wxEXPAND|wxALL, 5 ); sb_server_trust_vert->Add( sb_root_ca, 1, wxEXPAND|wxALL, 5 );
wxBoxSizer* sb_server_names; wxBoxSizer* sb_server_names;
sb_server_names = new wxBoxSizer( wxVERTICAL ); sb_server_names = new wxBoxSizer( wxVERTICAL );
m_server_names_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable server &names:"), wxDefaultPosition, wxDefaultSize, 0 ); m_server_names_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable server &names:"), wxDefaultPosition, wxDefaultSize, 0 );
m_server_names_label->Wrap( -1 ); m_server_names_label->Wrap( -1 );
sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 ); sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 );
m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 ); m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed") ); m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed") );
sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 ); sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 );
m_server_names_note = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("(Example: foo.bar.com;server2.bar.com)"), wxDefaultPosition, wxDefaultSize, 0 ); m_server_names_note = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("(Example: foo.bar.com;server2.bar.com)"), wxDefaultPosition, wxDefaultSize, 0 );
m_server_names_note->Wrap( -1 ); m_server_names_note->Wrap( -1 );
sb_server_names->Add( m_server_names_note, 0, wxALIGN_RIGHT, 5 ); sb_server_names->Add( m_server_names_note, 0, wxALIGN_RIGHT, 5 );
sb_server_trust_vert->Add( sb_server_names, 0, wxEXPAND|wxALL, 5 ); sb_server_trust_vert->Add( sb_server_names, 0, wxEXPAND|wxALL, 5 );
sb_server_trust_horiz->Add( sb_server_trust_vert, 1, wxEXPAND, 5 ); sb_server_trust_horiz->Add( sb_server_trust_vert, 1, wxEXPAND, 5 );
sb_server_trust->Add( sb_server_trust_horiz, 1, wxEXPAND, 5 ); sb_server_trust->Add( sb_server_trust_horiz, 1, wxEXPAND, 5 );
this->SetSizer( sb_server_trust ); this->SetSizer( sb_server_trust );
this->Layout(); this->Layout();
// Connect Events // Connect Events
this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) ); this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) );
m_root_ca->Connect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this ); m_root_ca->Connect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this );
m_root_ca_add_store->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this ); m_root_ca_add_store->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this );
m_root_ca_add_file->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this ); m_root_ca_add_file->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this );
m_root_ca_remove->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this ); m_root_ca_remove->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this );
} }
wxEAPTLSServerTrustConfigPanelBase::~wxEAPTLSServerTrustConfigPanelBase() wxEAPTLSServerTrustConfigPanelBase::~wxEAPTLSServerTrustConfigPanelBase()
{ {
// Disconnect Events // Disconnect Events
this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) ); this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) );
m_root_ca->Disconnect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this ); m_root_ca->Disconnect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this );
m_root_ca_add_store->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this ); m_root_ca_add_store->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this );
m_root_ca_add_file->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this ); m_root_ca_add_file->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this );
m_root_ca_remove->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this ); m_root_ca_remove->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this );
} }
wxTLSCredentialsPanelBase::wxTLSCredentialsPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style ) wxTLSCredentialsPanelBase::wxTLSCredentialsPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{ {
wxStaticBoxSizer* sb_credentials; wxStaticBoxSizer* sb_credentials;
sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("TLS Client Certificate") ), wxVERTICAL ); sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("TLS Client Certificate") ), wxVERTICAL );
wxBoxSizer* sb_credentials_horiz; wxBoxSizer* sb_credentials_horiz;
sb_credentials_horiz = new wxBoxSizer( wxHORIZONTAL ); sb_credentials_horiz = new wxBoxSizer( wxHORIZONTAL );
m_credentials_icon = new wxStaticBitmap( sb_credentials->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 ); m_credentials_icon = new wxStaticBitmap( sb_credentials->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_credentials_horiz->Add( m_credentials_icon, 0, wxALL, 5 ); sb_credentials_horiz->Add( m_credentials_icon, 0, wxALL, 5 );
wxBoxSizer* sb_credentials_vert; wxBoxSizer* sb_credentials_vert;
sb_credentials_vert = new wxBoxSizer( wxVERTICAL ); sb_credentials_vert = new wxBoxSizer( wxVERTICAL );
m_credentials_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Please select your client certificate to use for authentication."), wxDefaultPosition, wxDefaultSize, 0 ); m_credentials_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Please select your client certificate to use for authentication."), wxDefaultPosition, wxDefaultSize, 0 );
m_credentials_label->Wrap( 446 ); m_credentials_label->Wrap( 446 );
sb_credentials_vert->Add( m_credentials_label, 0, wxALL|wxEXPAND, 5 ); sb_credentials_vert->Add( m_credentials_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_cert_radio; wxBoxSizer* sb_cert_radio;
sb_cert_radio = new wxBoxSizer( wxVERTICAL ); sb_cert_radio = new wxBoxSizer( wxVERTICAL );
m_cert_none = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Co&nnect without providing a client certificate"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP ); m_cert_none = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Co&nnect without providing a client certificate"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP );
m_cert_none->SetToolTip( _("Select if your server does not require you to provide a client certificate") ); m_cert_none->SetToolTip( _("Select if your server does not require you to provide a client certificate") );
sb_cert_radio->Add( m_cert_none, 1, wxEXPAND, 5 ); sb_cert_radio->Add( m_cert_none, 1, wxEXPAND, 5 );
wxBoxSizer* sb_cert_select; wxBoxSizer* sb_cert_select;
sb_cert_select = new wxBoxSizer( wxHORIZONTAL ); sb_cert_select = new wxBoxSizer( wxHORIZONTAL );
m_cert_select = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Use the following &certificate:"), wxDefaultPosition, wxDefaultSize, 0 ); m_cert_select = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Use the following &certificate:"), wxDefaultPosition, wxDefaultSize, 0 );
m_cert_select->SetToolTip( _("Select if you need to provide a client certificate when connecting") ); m_cert_select->SetToolTip( _("Select if you need to provide a client certificate when connecting") );
sb_cert_select->Add( m_cert_select, 0, wxEXPAND, 5 ); sb_cert_select->Add( m_cert_select, 0, wxEXPAND, 5 );
wxArrayString m_cert_select_valChoices; wxArrayString m_cert_select_valChoices;
m_cert_select_val = new wxChoice( sb_credentials->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, m_cert_select_valChoices, wxCB_SORT ); m_cert_select_val = new wxChoice( sb_credentials->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, m_cert_select_valChoices, wxCB_SORT );
m_cert_select_val->SetSelection( 0 ); m_cert_select_val->SetSelection( 0 );
m_cert_select_val->SetToolTip( _("Client certificate to use for authentication") ); m_cert_select_val->SetToolTip( _("Client certificate to use for authentication") );
sb_cert_select->Add( m_cert_select_val, 1, wxEXPAND, 5 ); sb_cert_select->Add( m_cert_select_val, 1, wxEXPAND, 5 );
sb_cert_radio->Add( sb_cert_select, 1, wxEXPAND, 5 ); sb_cert_radio->Add( sb_cert_select, 1, wxEXPAND, 5 );
sb_credentials_vert->Add( sb_cert_radio, 0, wxEXPAND|wxALL, 5 ); sb_credentials_vert->Add( sb_cert_radio, 0, wxEXPAND|wxALL, 5 );
wxBoxSizer* sb_identity; m_remember = new wxCheckBox( sb_credentials->GetStaticBox(), wxID_ANY, _("&Remember"), wxDefaultPosition, wxDefaultSize, 0 );
sb_identity = new wxBoxSizer( wxVERTICAL ); m_remember->SetHelpText( _("Check if you would like to save certificate selection") );
m_identity_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Custom &identity:"), wxDefaultPosition, wxDefaultSize, 0 ); sb_credentials_vert->Add( m_remember, 0, wxALL|wxEXPAND, 5 );
m_identity_label->Wrap( -1 );
sb_identity->Add( m_identity_label, 0, wxBOTTOM, 5 );
sb_credentials_horiz->Add( sb_credentials_vert, 1, wxEXPAND, 5 );
m_identity = new wxTextCtrl( sb_credentials->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_identity->SetToolTip( _("Your identity (username@domain) to override one from certificate; or blank to use one provided in certificate") );
sb_credentials->Add( sb_credentials_horiz, 0, wxEXPAND, 5 );
sb_identity->Add( m_identity, 0, wxEXPAND|wxBOTTOM, 5 );
m_identity_note = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("(Example: user@contoso.com)"), wxDefaultPosition, wxDefaultSize, 0 ); this->SetSizer( sb_credentials );
m_identity_note->Wrap( -1 ); this->Layout();
sb_identity->Add( m_identity_note, 0, wxALIGN_RIGHT, 5 ); }
wxTLSCredentialsPanelBase::~wxTLSCredentialsPanelBase()
sb_credentials_vert->Add( sb_identity, 1, wxEXPAND|wxALL, 5 ); {
}
m_remember = new wxCheckBox( sb_credentials->GetStaticBox(), wxID_ANY, _("&Remember"), wxDefaultPosition, wxDefaultSize, 0 );
m_remember->SetHelpText( _("Check if you would like to save certificate selection") );
sb_credentials_vert->Add( m_remember, 0, wxALL|wxEXPAND, 5 );
sb_credentials_horiz->Add( sb_credentials_vert, 1, wxEXPAND, 5 );
sb_credentials->Add( sb_credentials_horiz, 0, wxEXPAND, 5 );
this->SetSizer( sb_credentials );
this->Layout();
}
wxTLSCredentialsPanelBase::~wxTLSCredentialsPanelBase()
{
}

3518
lib/TLS_UI/res/wxTLS_UI.fbp
View File

File diff suppressed because it is too large Load Diff

3
lib/TLS_UI/res/wxTLS_UI.h
View File

@@ -80,9 +80,6 @@ class wxTLSCredentialsPanelBase : public wxPanel
wxRadioButton* m_cert_none; wxRadioButton* m_cert_none;
wxRadioButton* m_cert_select; wxRadioButton* m_cert_select;
wxChoice* m_cert_select_val; wxChoice* m_cert_select_val;
wxStaticText* m_identity_label;
wxTextCtrl* m_identity;
wxStaticText* m_identity_note;
wxCheckBox* m_remember; wxCheckBox* m_remember;
public: public:

1254
lib/TLS_UI/src/TLS_UI.cpp
View File

File diff suppressed because it is too large Load Diff

22
lib/TTLS/include/Method.h
View File

@@ -57,11 +57,11 @@ namespace eap
/// ///
/// Constructs an EAP method /// Constructs an EAP method
/// ///
/// \param[in] mod EAP module to use for global services /// \param[in] mod EAP module to use for global services
/// \param[in] cfg Connection configuration /// \param[in] cfg Providers configuration
/// \param[in] cred User credentials /// \param[in] cred User credentials
/// ///
method_ttls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_ttls &cred); method_ttls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_ttls &cred);
/// ///
/// Moves an EAP method /// Moves an EAP method
@@ -112,9 +112,6 @@ namespace eap
/// @} /// @}
protected:
#if EAP_TLS < EAP_TLS_SCHANNEL
/// ///
/// Generates master session key /// Generates master session key
/// ///
@@ -122,18 +119,7 @@ namespace eap
/// ///
virtual void derive_msk(); virtual void derive_msk();
#else protected:
///
/// Processes an application message
///
/// \param[in] msg Application message data
/// \param[in] size_msg Application message data size
///
virtual void process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg);
#endif
/// ///
/// Makes a PAP client message /// Makes a PAP client message
/// ///

2
lib/TTLS/include/Module.h
View File

@@ -221,7 +221,7 @@ namespace eap
{} {}
public: public:
config_connection m_cfg; ///< Connection configuration config_provider_list m_cfg; ///< Providers configuration
credentials_ttls m_cred; ///< User credentials credentials_ttls m_cred; ///< User credentials
method_ttls m_method; ///< EAP-TTLS method method_ttls m_method; ///< EAP-TTLS method
}; };

4
lib/TTLS/src/Credentials.cpp
View File

@@ -189,8 +189,6 @@ void eap::credentials_ttls::operator>>(_Inout_ cursor_in &cursor)
void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName) const void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName) const
{ {
assert(0); // Not that we would ever store inner&outer credentials to Windows Credential Manager joined, but for completness sake... Here we go:
credentials_tls::store(pszTargetName); credentials_tls::store(pszTargetName);
if (m_inner) if (m_inner)
@@ -200,8 +198,6 @@ void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName) const
void eap::credentials_ttls::retrieve(_In_z_ LPCTSTR pszTargetName) void eap::credentials_ttls::retrieve(_In_z_ LPCTSTR pszTargetName)
{ {
assert(0); // Not that we would ever retrieve inner&outer credentials to Windows Credential Manager joined, but for completness sake... Here we go:
credentials_tls::retrieve(pszTargetName); credentials_tls::retrieve(pszTargetName);
if (m_inner) if (m_inner)

74
lib/TTLS/src/Method.cpp
View File

@@ -28,7 +28,7 @@ using namespace winstd;
// eap::method_ttls // eap::method_ttls
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::method_ttls::method_ttls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_ttls &cred) : eap::method_ttls::method_ttls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_ttls &cred) :
m_cred(cred), m_cred(cred),
m_version(version_0), m_version(version_0),
method_tls(module, cfg, cred) method_tls(module, cfg, cred)
@@ -72,7 +72,6 @@ void eap::method_ttls::process_request_packet(
// Do the TLS. // Do the TLS.
method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput); method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
#if EAP_TLS < EAP_TLS_SCHANNEL
if (m_phase == phase_application_data) { if (m_phase == phase_application_data) {
// Send inner authentication. // Send inner authentication.
if (!m_state_client.m_alg_encrypt) if (!m_state_client.m_alg_encrypt)
@@ -85,8 +84,10 @@ void eap::method_ttls::process_request_packet(
m_packet_res.m_flags = 0; m_packet_res.m_flags = 0;
sanitizing_blob msg_application(make_message(tls_message_type_application_data, make_pap_client())); sanitizing_blob msg_application(make_message(tls_message_type_application_data, make_pap_client()));
m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_application.begin(), msg_application.end()); m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_application.begin(), msg_application.end());
pEapOutput->fAllowNotifications = FALSE;
pEapOutput->action = EapPeerMethodResponseActionSend;
} }
#endif
} }
@@ -125,25 +126,13 @@ void eap::method_ttls::get_result(
case EapPeerMethodResultFailure: case EapPeerMethodResultFailure:
m_module.log_event(&EAPMETHOD_TTLS_INNER_FAILURE, event_data((unsigned int)eap_type_ttls), event_data::blank); m_module.log_event(&EAPMETHOD_TTLS_INNER_FAILURE, event_data((unsigned int)eap_type_ttls), event_data::blank);
cfg_method->m_inner->m_auth_failed = true;
// Mark credentials as failed, so GUI can re-prompt user.
// But be careful: do so only if this happened after transition from handshake to application data phase.
cfg_method->m_inner->m_auth_failed = m_phase_prev < phase_application_data;
break; break;
default: default:
throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported."); throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
} }
#if EAP_TLS >= EAP_TLS_SCHANNEL
// EAP-TTLS uses different label in PRF for MSK derivation than EAP-TLS.
static const DWORD s_key_id = 0x01; // EAP-TTLSv0 Keying Material
static const SecPkgContext_EapPrfInfo s_prf_info = { 0, sizeof(s_key_id), (PBYTE)&s_key_id };
SECURITY_STATUS status = SetContextAttributes(m_sc_ctx, SECPKG_ATTR_EAP_PRF_INFO, (void*)&s_prf_info, sizeof(s_prf_info));
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ "Error setting EAP-TTLS PRF in Schannel.");
#endif
// The TLS was OK. // The TLS was OK.
method_tls::get_result(EapPeerMethodResultSuccess, ppResult); method_tls::get_result(EapPeerMethodResultSuccess, ppResult);
@@ -157,8 +146,6 @@ void eap::method_ttls::get_result(
} }
#if EAP_TLS < EAP_TLS_SCHANNEL
void eap::method_ttls::derive_msk() void eap::method_ttls::derive_msk()
{ {
// //
@@ -192,57 +179,6 @@ void eap::method_ttls::derive_msk()
_key_block += sizeof(tls_random); _key_block += sizeof(tls_random);
} }
#else
void eap::method_ttls::process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg)
{
UNREFERENCED_PARAMETER(msg);
UNREFERENCED_PARAMETER(size_msg);
// Prepare inner authentication.
if (!(m_sc_ctx.m_attrib & ISC_RET_CONFIDENTIALITY))
throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted.");
m_module.log_event(&EAPMETHOD_TTLS_INNER_CRED, event_data((unsigned int)eap_type_ttls), event_data(m_cred.m_inner->get_name()), event_data::blank);
SECURITY_STATUS status;
// Get maximum message sizes.
SecPkgContext_StreamSizes sizes;
status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_STREAM_SIZES, &sizes);
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ " Error getting Schannel required encryption sizes.");
// Make PAP message.
sanitizing_blob msg_pap(make_pap_client());
assert(msg_pap.size() < sizes.cbMaximumMessage);
unsigned long size_data = std::min<unsigned long>(sizes.cbMaximumMessage, (unsigned long)msg_pap.size()); // Truncate
sanitizing_blob data(sizes.cbHeader + size_data + sizes.cbTrailer, 0);
memcpy(data.data() + sizes.cbHeader, msg_pap.data(), size_data);
// Prepare input/output buffer(s).
SecBuffer buf[] = {
{ sizes.cbHeader, SECBUFFER_STREAM_HEADER , data.data() },
{ size_data, SECBUFFER_DATA , data.data() + sizes.cbHeader },
{ sizes.cbTrailer, SECBUFFER_STREAM_TRAILER, data.data() + sizes.cbHeader + size_data },
{ 0, SECBUFFER_EMPTY , NULL },
};
SecBufferDesc buf_desc = {
SECBUFFER_VERSION,
_countof(buf),
buf
};
// Encrypt the message.
status = EncryptMessage(m_sc_ctx, 0, &buf_desc, 0);
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ " Error encrypting message.");
m_packet_res.m_data.insert(m_packet_res.m_data.end(), (const unsigned char*)buf[0].pvBuffer, (const unsigned char*)buf[0].pvBuffer + buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer);
}
#endif
eap::sanitizing_blob eap::method_ttls::make_pap_client() const eap::sanitizing_blob eap::method_ttls::make_pap_client() const
{ {

2
lib/TTLS/src/Module.cpp
View File

@@ -74,7 +74,7 @@ void eap::peer_ttls::get_identity(
assert(ppwszIdentity); assert(ppwszIdentity);
// Unpack configuration. // Unpack configuration.
config_connection cfg(*this); config_provider_list cfg(*this);
unpack(cfg, pConnectionData, dwConnectionDataSize); unpack(cfg, pConnectionData, dwConnectionDataSize);
if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty()) if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty())
throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods."); throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods.");

1
lib/TTLS/src/StdAfx.h
View File

@@ -30,4 +30,3 @@
#include <WinStd/EAP.h> #include <WinStd/EAP.h>
#include <EapHostError.h> #include <EapHostError.h>
#include <schannel.h>

2
lib/TTLS_UI/res/wxTTLS_UI.cpp
View File

@@ -32,7 +32,7 @@ wxTTLSConfigPanelBase::wxTTLSConfigPanelBase( wxWindow* parent, wxWindowID id, c
wxBoxSizer* sb_outer_identity_radio; wxBoxSizer* sb_outer_identity_radio;
sb_outer_identity_radio = new wxBoxSizer( wxVERTICAL ); sb_outer_identity_radio = new wxBoxSizer( wxVERTICAL );
m_outer_identity_same = new wxRadioButton( sb_outer_identity->GetStaticBox(), wxID_ANY, _("&True identity"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP ); m_outer_identity_same = new wxRadioButton( sb_outer_identity->GetStaticBox(), wxID_ANY, _("&Same as inner identity"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP );
m_outer_identity_same->SetToolTip( _("Use my true user name") ); m_outer_identity_same->SetToolTip( _("Use my true user name") );
sb_outer_identity_radio->Add( m_outer_identity_same, 1, wxEXPAND, 5 ); sb_outer_identity_radio->Add( m_outer_identity_same, 1, wxEXPAND, 5 );

2
lib/TTLS_UI/res/wxTTLS_UI.fbp
View File

@@ -309,7 +309,7 @@
<property name="gripper">0</property> <property name="gripper">0</property>
<property name="hidden">0</property> <property name="hidden">0</property>
<property name="id">wxID_ANY</property> <property name="id">wxID_ANY</property>
<property name="label">&amp;True identity</property> <property name="label">&amp;Same as inner identity</property>
<property name="max_size"></property> <property name="max_size"></property>
<property name="maximize_button">0</property> <property name="maximize_button">0</property>
<property name="maximum_size"></property> <property name="maximum_size"></property>

12
lib/TTLS_UI/src/Module.cpp
View File

@@ -48,7 +48,7 @@ void eap::peer_ttls_ui::config_xml2blob(
UNREFERENCED_PARAMETER(dwFlags); UNREFERENCED_PARAMETER(dwFlags);
// Load configuration from XML. // Load configuration from XML.
config_connection cfg(*this); config_provider_list cfg(*this);
cfg.load(pConfigRoot); cfg.load(pConfigRoot);
// Pack configuration. // Pack configuration.
@@ -66,7 +66,7 @@ void eap::peer_ttls_ui::config_blob2xml(
UNREFERENCED_PARAMETER(dwFlags); UNREFERENCED_PARAMETER(dwFlags);
// Unpack configuration. // Unpack configuration.
config_connection cfg(*this); config_provider_list cfg(*this);
unpack(cfg, pConnectionData, dwConnectionDataSize); unpack(cfg, pConnectionData, dwConnectionDataSize);
// Save configuration to XML. // Save configuration to XML.
@@ -82,7 +82,7 @@ void eap::peer_ttls_ui::invoke_config_ui(
_Inout_ DWORD *pdwConnectionDataOutSize) _Inout_ DWORD *pdwConnectionDataOutSize)
{ {
// Unpack configuration. // Unpack configuration.
config_connection cfg(*this); config_provider_list cfg(*this);
if (dwConnectionDataInSize) { if (dwConnectionDataInSize) {
// Load existing configuration. // Load existing configuration.
unpack(cfg, pConnectionDataIn, dwConnectionDataInSize); unpack(cfg, pConnectionDataIn, dwConnectionDataInSize);
@@ -112,7 +112,7 @@ void eap::peer_ttls_ui::invoke_config_ui(
{ {
// Create wxWidget-approved parent window. // Create wxWidget-approved parent window.
wxWindow parent; wxWindow parent;
parent.SetHWND((WXHWND)(hwndParent ? hwndParent : GetForegroundWindow())); parent.SetHWND((WXHWND)hwndParent);
parent.AdoptAttributesFromHWND(); parent.AdoptAttributesFromHWND();
wxTopLevelWindows.Append(&parent); wxTopLevelWindows.Append(&parent);
@@ -148,7 +148,7 @@ void eap::peer_ttls_ui::invoke_identity_ui(
assert(ppwszIdentity); assert(ppwszIdentity);
// Unpack configuration. // Unpack configuration.
config_connection cfg(*this); config_provider_list cfg(*this);
unpack(cfg, pConnectionData, dwConnectionDataSize); unpack(cfg, pConnectionData, dwConnectionDataSize);
if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty()) if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty())
throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods."); throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods.");
@@ -204,7 +204,7 @@ void eap::peer_ttls_ui::invoke_identity_ui(
{ {
// Create wxWidget-approved parent window. // Create wxWidget-approved parent window.
wxWindow parent; wxWindow parent;
parent.SetHWND((WXHWND)(hwndParent ? hwndParent : GetForegroundWindow())); parent.SetHWND((WXHWND)hwndParent);
parent.AdoptAttributesFromHWND(); parent.AdoptAttributesFromHWND();
wxTopLevelWindows.Append(&parent); wxTopLevelWindows.Append(&parent);

2
lib/WinStd

Submodule lib/WinStd updated: 54ab70b263...f94b72379e

2
output/Setup/.gitignore vendored
View File

@@ -1,3 +1 @@
/GEANTLink*.msi /GEANTLink*.msi
/CredWrite.exe
/MsiUseFeature.exe