Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Distinguish or merge variables with same names

Browse Source 
...to resolve C4457 warnings.
This commit is contained in:
Simon Rozman
2018-09-04 14:42:40 +02:00
parent 1f61096c3d
commit 59c5fc9d64
4 changed files with 30 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
lib/TTLS/src/Config.cpp
View File

@@ -1,5 +1,5 @@
/*
Copyright 2015-2016 Amebis
Copyright 2015-2018 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
@@ -121,24 +121,19 @@ void eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode
// <InnerAuthenticationMethod>/...
m_inner->save(pDoc, pXmlElInnerAuthenticationMethod);
{
com_obj<IXMLDOMNode> pXmlElClientSideCredential;
if (SUCCEEDED(hr = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), pXmlElClientSideCredential))) {
// Fix 1: Configured outer credentials in draft-winter-opsawg-eap-metadata has some bizarre presence/absence/blank logic for EAP-TTLS methods only.
// To keep our code clean, we do some post-processing, to make draft compliant XML on output, while keeping things simple on the inside.
if (m_use_cred && m_cred->empty()) {
// For empty configured client certificate <ClientCertificate/> must not be present.
com_obj<IXMLDOMNode> pXmlElClientCertificate;
if (SUCCEEDED(hr = eapxml::select_node(pXmlElClientSideCredential, bstr(L"eap-metadata:ClientCertificate"), pXmlElClientCertificate))) {
com_obj<IXMLDOMNode> pXmlElClientCertificateOld;
hr = pXmlElClientSideCredential->removeChild(pXmlElClientCertificate, &pXmlElClientCertificateOld);
}
} else if (!m_use_cred) {
// When not using configured client certificate (user must supply one), add empty <ClientCertificate/>.
com_obj<IXMLDOMElement> pXmlElClientCertificate;
hr = eapxml::create_element(pDoc, pXmlElClientSideCredential, bstr(L"eap-metadata:ClientCertificate"), bstr(L"ClientCertificate"), namespace_eapmetadata, pXmlElClientCertificate);
}
// Fix 1: Configured outer credentials in draft-winter-opsawg-eap-metadata has some bizarre presence/absence/blank logic for EAP-TTLS methods only.
// To keep our code clean, we do some post-processing, to make draft compliant XML on output, while keeping things simple on the inside.
if (m_use_cred && m_cred->empty()) {
// For empty configured client certificate <ClientCertificate/> must not be present.
com_obj<IXMLDOMNode> pXmlElClientCertificate;
if (SUCCEEDED(hr = eapxml::select_node(pXmlElClientSideCredential, bstr(L"eap-metadata:ClientCertificate"), pXmlElClientCertificate))) {
com_obj<IXMLDOMNode> pXmlElClientCertificateOld;
hr = pXmlElClientSideCredential->removeChild(pXmlElClientCertificate, &pXmlElClientCertificateOld);
}
} else if (!m_use_cred) {
// When not using configured client certificate (user must supply one), add empty <ClientCertificate/>.
com_obj<IXMLDOMElement> pXmlElClientCertificate;
hr = eapxml::create_element(pDoc, pXmlElClientSideCredential, bstr(L"eap-metadata:ClientCertificate"), bstr(L"ClientCertificate"), namespace_eapmetadata, pXmlElClientCertificate);
}
}
@@ -165,8 +160,8 @@ void eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot)
}
} else {
// Nonexisting <ClientSideCredential> means: use blank configured credentials.
com_obj<IXMLDOMElement> pXmlElClientCertificate;
hr = eapxml::create_element(pDoc, pXmlElClientSideCredential, bstr(L"eap-metadata:ClientCertificate"), bstr(L"ClientCertificate"), namespace_eapmetadata, pXmlElClientCertificate);
com_obj<IXMLDOMElement> pXmlElClientCertificate_blank;
hr = eapxml::create_element(pDoc, pXmlElClientSideCredential, bstr(L"eap-metadata:ClientCertificate"), bstr(L"ClientCertificate"), namespace_eapmetadata, pXmlElClientCertificate_blank);
}
}
}

13
lib/TTLS/src/Method.cpp
View File

@@ -1,5 +1,5 @@
/*
Copyright 2015-2016 Amebis
Copyright 2015-2018 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
@@ -553,8 +553,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
if (status == SEC_E_OK) {
// Get server certificate.
SECURITY_STATUS status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_REMOTE_CERT_CONTEXT, (PVOID)&m_sc_cert);
if (FAILED(status))
if (FAILED(status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_REMOTE_CERT_CONTEXT, (PVOID)&m_sc_cert)))
throw sec_runtime_error(status, __FUNCTION__ " Error retrieving server certificate from Schannel.");
// Add all trusted root CAs to server certificate's store. This allows CertGetIssuerCertificateFromStore() in the following CRL check to test the root CA for revocation too.
@@ -637,13 +636,11 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
// Push keying material to inner MSCHAPv2 method.
static const DWORD s_key_id = 0x02; // EAP-TTLSv0 Challenge Data
static const SecPkgContext_EapPrfInfo s_prf_info = { 0, sizeof(s_key_id), (PBYTE)&s_key_id };
SECURITY_STATUS status = SetContextAttributes(m_sc_ctx, SECPKG_ATTR_EAP_PRF_INFO, (void*)&s_prf_info, sizeof(s_prf_info));
if (FAILED(status))
if (FAILED(status = SetContextAttributes(m_sc_ctx, SECPKG_ATTR_EAP_PRF_INFO, (void*)&s_prf_info, sizeof(s_prf_info))))
throw sec_runtime_error(status, __FUNCTION__ " Error setting TTLS PRF in Schannel.");
SecPkgContext_EapKeyBlock key_block;
status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_EAP_KEY_BLOCK, &key_block);
if (FAILED(status))
if (FAILED(status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_EAP_KEY_BLOCK, &key_block)))
throw sec_runtime_error(status, __FUNCTION__ " Error generating PRF in Schannel.");
inner_mschapv2->m_challenge_server.assign(key_block.rgbKeys, key_block.rgbKeys + sizeof(challenge_mschapv2));
@@ -671,7 +668,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
{ 0, SECBUFFER_EMPTY, NULL },
};
SecBufferDesc buf_desc = { SECBUFFER_VERSION, _countof(buf), buf };
SECURITY_STATUS status = DecryptMessage(m_sc_ctx, &buf_desc, 0, NULL);
status = DecryptMessage(m_sc_ctx, &buf_desc, 0, NULL);
if (status == SEC_E_OK) {
// Process data (only the first SECBUFFER_DATA found).
for (size_t i = 0; i < _countof(buf); i++)