Skip to content

PKU2U protocol implementation #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 39 commits into from
Nov 9, 2022
Merged

PKU2U protocol implementation #61

merged 39 commits into from
Nov 9, 2022

Conversation

RRRadicalEdward
Copy link
Collaborator

@RRRadicalEdward RRRadicalEdward commented Nov 1, 2022
edited
Loading

This PR adds an implementation of the PKU2U authorization protocol in the sspi-rs and updated FFI-bindings to support this protocol.
Also, I've improved the Negotiate module: now if a user will try to log in under the AzureAD domain then it automatically will switch to the PKU2U.

Important note: for the PKU2U Azure AD certificate is needed with the corresponding private key. The current implementation will try to extract them from the Windows Certificate Store using WinAPI bindings. Requirements for the certificate:

  • It has to be installed in the current user certificate store in the personal folder
  • It has to have the corresponding private key that is marked as exportable;
  • An issuer CN has to start with the MS-Organization-P2P-Access like MS-Organization-P2P-Access [2021] or MS-Organization-P2P-Access [2022];
  • ClientAuth extended key usage has to be present.

Used Docs & References:

@RRRadicalEdward
sspi: init pku2u module; implement Negotiate state for Pku2u
e564e5c
@RRRadicalEdward
sspi: pku2u: implement Preauthentication state for Pku2u
715b19d
@RRRadicalEdward
sspi: pku2u: improve reply message validation
d5e9dd1
@RRRadicalEdward
sspi: pku2u: implement AsExchange state; improve errors handling and …
96cda99 
…data extraction
@RRRadicalEdward
sspi: pku2u: implement ApExchange state
cef6548
@RRRadicalEdward
sspi: negotiate: add Pku2u protocol support;
ebe50c4 
sspi: pku2u: move config in separate file (module);
@RRRadicalEdward
sspi: Pku2uState::Negotiate works
2c18fb3
@RRRadicalEdward
sspi: pku2u: improve errors handling; refactoring
912966d
@RRRadicalEdward
sspi: pku2u: improve as exchange
7608bf1
@RRRadicalEdward
.
f54234f
@RRRadicalEdward
sspi: pku2u: finally works. needs a refactoring
4c028bb
@RRRadicalEdward
sspi: pku2u: irefactoring; add more validation
94ac25a
@RRRadicalEdward
sspi: pku2u: refactoring; add more validation
f249e11
@RRRadicalEdward
sspi: pku2u: refactoring; replace hardcoded data;
dc3f351 
sspi: negotiate: improve negotiation algorithm;
@RRRadicalEdward
sspi: pku2u: improve cert_utils and Pku2uConfig;
72355ba 
ffi: add Pku2u package support;
@RRRadicalEdward
sspi: format code; fix cargo clippy;
d247cc6 
ffi: format code;
@RRRadicalEdward
sspi: remove unused dependencies
630f4b8
@RRRadicalEdward
sspi: small refactoring
435e6a8
@RRRadicalEdward
sspi: pku2u & kerberos & negotiate: refactoring
739c5e2
@RRRadicalEdward
sspi: pku2u: replace hardcoded as req username with generated one fro…
f1a9a16 
…m the certificate; remove hardcoded authenticator checksum
@RRRadicalEdward
sspi: small refactoring
cdc2c41
@RRRadicalEdward
sspi: negotiate: improve negotiate config and module refactoring
0e29e8d
@RRRadicalEdward
sspi: negotiate: add comment about negotiation algorithm; fixed compi…
7748f46 
…lation with the feature
@RRRadicalEdward
sspi: negotiate: rename config trait
d2c989b
@RRRadicalEdward
sspi: negotiate: remove useless clippy macro
b7db9d5
@RRRadicalEdward
sspi: pku2u: certi_utils fixes
dac8f0f
@RRRadicalEdward
sspi: pku2u: fix certificates extraction;
e092cd1 
sspi: credssp: fix negotokens on pub key auth stage;
@RRRadicalEdward
sspi: pku2u: split cert_utils into two separat submodules; fix compil…
20c043e 
…ation on Linus OS;

ffi: fix compilation on Linux OS;
@RRRadicalEdward
Merge branch 'master' into pku2u:
f4a5da6 
sspi: fix merge conflicts; improve negotiate module; fix compilation without features;
ffi: fix merge conflicts;
@RRRadicalEdward
sspi: pku2u: cert_utils: extraction: improve error messages
df85de4
@RRRadicalEdward RRRadicalEdward force-pushed the pku2u branch 2 times, most recently from e69cfe6 to a61031a Compare November 1, 2022 17:05
RRRadicalEdward
RRRadicalEdward commented Nov 1, 2022
View reviewed changes
@CBenoit CBenoit self-requested a review November 1, 2022 18:12
CBenoit
CBenoit reviewed Nov 4, 2022
View reviewed changes
Copy link
Member

@CBenoit CBenoit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good work! 👍

CBenoit
CBenoit approved these changes Nov 9, 2022
View reviewed changes
Copy link
Member

@CBenoit CBenoit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you Alex! 🙂

@CBenoit CBenoit merged commit 26d6287 into master Nov 9, 2022
@CBenoit CBenoit deleted the pku2u branch November 9, 2022 18:23
@RRRadicalEdward RRRadicalEdward mentioned this pull request Nov 10, 2022
Merged
@TheBestTvarynka TheBestTvarynka mentioned this pull request Oct 10, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CBenoit CBenoit CBenoit approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RRRadicalEdward @CBenoit