Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Make enums scoped

Browse Source 
Signed-off-by: Simon Rozman <simon@rozman.si>
This commit is contained in:
Simon Rozman 2020-01-04 12:17:16 +01:00
parent 6db816cd60
commit 5a7827e85e
35 changed files with 254 additions and 254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/Common.props
View File

@ -42,6 +42,7 @@
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<StringPooling>true</StringPooling>
<EnablePREfast>true</EnablePREfast>
<DisableSpecificWarnings>26812</DisableSpecificWarnings>
</ClCompile>
<Link>
<GenerateDebugInformation>true</GenerateDebugInformation>

24
lib/EAPBase/include/Config.h
View File

@ -150,20 +150,20 @@ namespace eap
///
/// Authentication attempt status
///
enum status_t {
status_success = 0, ///< Authentication succeeded
status_auth_failed, ///< Authentication failed
status_cred_invalid, ///< Invalid credentials
status_cred_expired, ///< Credentials expired
status_cred_changing, ///< Credentials are being changed
status_account_disabled, ///< Account is disabled
status_account_logon_hours, ///< Restricted account logon hours
status_account_denied, ///< Account access is denied
status_server_compromised, ///< Authentication server might have been compromised (CRL)
enum class status_t {
success = 0, ///< Authentication succeeded
auth_failed, ///< Authentication failed
cred_invalid, ///< Invalid credentials
cred_expired, ///< Credentials expired
cred_changing, ///< Credentials are being changed
account_disabled, ///< Account is disabled
account_logon_hours, ///< Restricted account logon hours
account_denied, ///< Account access is denied
server_compromised, ///< Authentication server might have been compromised (CRL)
// Meta statuses
status_cred_begin = status_cred_invalid, ///< First credential related problem
status_cred_end = status_cred_changing + 1, ///< First problem, that is not credential related any more
cred_begin = cred_invalid, ///< First credential related problem
cred_end = cred_changing + 1, ///< First problem, that is not credential related any more
};
public:

40
lib/EAPBase/include/Credentials.h
View File

@ -57,12 +57,12 @@ namespace eap
///
/// Credential source when combined
///
enum source_t {
source_unknown = -1, ///< Unknown source
source_cache = 0, ///< Credentials were obtained from EapHost cache
source_config, ///< Credentials were set by method configuration
source_storage, ///< Credentials were loaded from Windows Credential Manager
source_lower, ///< Credentials were set by lower EAP method
enum class source_t {
unknown = -1, ///< Unknown source
cache = 0, ///< Credentials were obtained from EapHost cache
config, ///< Credentials were set by method configuration
storage, ///< Credentials were loaded from Windows Credential Manager
lower, ///< Credentials were set by lower EAP method
};
@ -210,9 +210,9 @@ namespace eap
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c source_cache Credentials were obtained from EapHost cache
/// - \c source_config Credentials were set by method configuration
/// - \c source_storage Credentials were loaded from Windows Credential Manager
/// - \c source_t::cache Credentials were obtained from EapHost cache
/// - \c source_t::config Credentials were set by method configuration
/// - \c source_t::storage Credentials were loaded from Windows Credential Manager
///
virtual source_t combine(
_In_ DWORD dwFlags,
@ -305,9 +305,9 @@ namespace eap
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c source_cache Credentials were obtained from EapHost cache
/// - \c source_config Credentials were set by method configuration
/// - \c source_storage Credentials were loaded from Windows Credential Manager
/// - \c source_t::cache Credentials were obtained from EapHost cache
/// - \c source_t::config Credentials were set by method configuration
/// - \c source_t::storage Credentials were loaded from Windows Credential Manager
///
virtual source_t combine(
_In_ DWORD dwFlags,
@ -327,11 +327,11 @@ namespace eap
///
/// Password encryption method when loaded/saved to profile configuration XML
///
enum enc_alg_t {
enc_alg_unknown = -1, ///< Unknown encryption
enc_alg_none = 0, ///< Unencrypted
enc_alg_geantlink, ///< GÉANTLink module encryption
enc_alg_kph, ///< KPH encryption
enum class enc_alg_t {
unknown = -1, ///< Unknown encryption
none = 0, ///< Unencrypted
native, ///< native module encryption
kph, ///< KPH encryption
};
public:
@ -417,9 +417,9 @@ namespace eap
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c source_cache Credentials were obtained from EapHost cache
/// - \c source_config Credentials were set by method configuration
/// - \c source_storage Credentials were loaded from Windows Credential Manager
/// - \c source_t::cache Credentials were obtained from EapHost cache
/// - \c source_t::config Credentials were set by method configuration
/// - \c source_t::storage Credentials were loaded from Windows Credential Manager
///
virtual source_t combine(
_In_ DWORD dwFlags,

2
lib/EAPBase/include/Module.h
View File

@ -65,7 +65,7 @@ namespace eap
///
/// \param[in] eap_method EAP method type ID
///
module(_In_ winstd::eap_type_t eap_method = winstd::eap_type_undefined);
module(_In_ winstd::eap_type_t eap_method = winstd::eap_type_t::undefined);
///
/// Destructs the module

4
lib/EAPBase/src/Config.cpp
View File

@ -87,7 +87,7 @@ const bstr eap::config::namespace_eapmetadata(L"urn:ietf:params:xml:ns:yang:ietf
eap::config_method::config_method(_In_ module &mod, _In_ unsigned int level) :
m_level (level),
m_allow_save (true),
m_last_status(status_success),
m_last_status(status_t::success),
config (mod)
{
}
@ -179,7 +179,7 @@ void eap::config_method::load(_In_ IXMLDOMNode *pConfigRoot)
m_module.log_config((xpath + L"/allow-save").c_str(), m_allow_save);
}
m_last_status = status_success;
m_last_status = status_t::success;
m_last_msg.clear();
}

26
lib/EAPBase/src/Credentials.cpp
View File

@ -308,7 +308,7 @@ eap::credentials::source_t eap::credentials_identity::combine(
// Using EAP service cached credentials.
*this = *dynamic_cast<const credentials_identity*>(cred_cached);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_identity::get_name()), event_data(pszTargetName), event_data::blank);
return source_cache;
return source_t::cache;
}
auto cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
@ -316,7 +316,7 @@ eap::credentials::source_t eap::credentials_identity::combine(
// Using configured credentials.
*this = *dynamic_cast<const credentials_identity*>(cfg_with_cred->m_cred.get());
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_identity::get_name()), event_data(pszTargetName), event_data::blank);
return source_config;
return source_t::config;
}
if (pszTargetName) {
@ -330,13 +330,13 @@ eap::credentials::source_t eap::credentials_identity::combine(
// Using stored credentials.
*this = std::move(cred_loaded);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_identity::get_name()), event_data(pszTargetName), event_data::blank);
return source_storage;
return source_t::storage;
} catch (...) {
// Not actually an error.
}
}
return source_unknown;
return source_t::unknown;
}
@ -345,7 +345,7 @@ eap::credentials::source_t eap::credentials_identity::combine(
//////////////////////////////////////////////////////////////////////
eap::credentials_pass::credentials_pass(_In_ module &mod) :
m_enc_alg(enc_alg_geantlink),
m_enc_alg(enc_alg_t::native),
credentials(mod)
{
}
@ -426,7 +426,7 @@ void eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p
// <Password>
switch (m_enc_alg) {
case enc_alg_kph: {
case enc_alg_t::kph: {
sanitizing_string password_utf8;
WideCharToMultiByte(CP_UTF8, 0, m_password, password_utf8, NULL, NULL);
wstring password_enc(std::move(kph_encrypt<wchar_t, char_traits<wchar_t>, allocator<wchar_t> >(cp, password_utf8.c_str())));
@ -481,18 +481,18 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
throw win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
m_password = m_module.decrypt_str_md5<char_traits<wchar_t>, sanitizing_allocator<wchar_t> >(cp, password_enc.data(), password_enc.size());
m_enc_alg = enc_alg_geantlink;
m_enc_alg = enc_alg_t::native;
} else if (encryption && CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, encryption, encryption.length(), _L("KPH"), -1, NULL, NULL, 0) == CSTR_EQUAL) {
// Decrypt password.
sanitizing_string password_utf8(std::move(kph_decrypt<OLECHAR>(password)));
MultiByteToWideChar(CP_UTF8, 0, password_utf8, m_password);
m_enc_alg = enc_alg_kph;
m_enc_alg = enc_alg_t::kph;
} else if (encryption && encryption[0]) {
// Encryption is defined but unrecognized.
throw invalid_argument(string_printf(__FUNCTION__ " Unsupported <Password> encryption method (encryption: %ls).", (BSTR)encryption));
} else {
m_password = password;
m_enc_alg = enc_alg_none;
m_enc_alg = enc_alg_t::none;
SecureZeroMemory((BSTR)password, sizeof(OLECHAR)*password.length());
}
@ -614,7 +614,7 @@ eap::credentials::source_t eap::credentials_pass::combine(
// Using EAP service cached credentials.
*this = *dynamic_cast<const credentials_pass*>(cred_cached);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data(pszTargetName), event_data::blank);
return source_cache;
return source_t::cache;
}
auto cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
@ -622,7 +622,7 @@ eap::credentials::source_t eap::credentials_pass::combine(
// Using configured credentials.
*this = *dynamic_cast<const credentials_pass*>(cfg_with_cred->m_cred.get());
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data(pszTargetName), event_data::blank);
return source_config;
return source_t::config;
}
if (pszTargetName) {
@ -636,13 +636,13 @@ eap::credentials::source_t eap::credentials_pass::combine(
// Using stored credentials.
*this = std::move(cred_loaded);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data(pszTargetName), event_data::blank);
return source_storage;
return source_t::storage;
} catch (...) {
// Not actually an error.
}
}
return source_unknown;
return source_t::unknown;
}

8
lib/EAPBase/src/Method.cpp
View File

@ -299,7 +299,7 @@ EapPeerMethodResponseAction eap::method_eap::process_request_packet(
// Save request packet ID to make matching response packet in get_response_packet() later.
m_id = hdr->Id;
if (hdr->Data[0] != m_eap_method) {
if ((eap_type_t)hdr->Data[0] != m_eap_method) {
// Unsupported EAP method. Respond with Legacy Nak.
m_send_nak = true;
return EapPeerMethodResponseActionSend;
@ -324,7 +324,7 @@ void eap::method_eap::get_response_packet(
hdr.Id = m_id;
if (!m_send_nak) {
hdr.Data[0] = m_eap_method;
hdr.Data[0] = (BYTE)m_eap_method;
packet.reserve(size_max); // To avoid reallocation when inserting EAP packet header later.
@ -332,7 +332,7 @@ void eap::method_eap::get_response_packet(
method_tunnel::get_response_packet(packet, size_max - sizeof(EapPacket));
} else {
// Respond with Legacy Nak suggesting our EAP method to continue.
hdr.Data[0] = eap_type_nak;
hdr.Data[0] = (BYTE)eap_type_t::nak;
// Check packet size. We will suggest one EAP method alone, so we need one byte for data.
size_t size_packet = sizeof(EapPacket) + 1;
@ -341,7 +341,7 @@ void eap::method_eap::get_response_packet(
packet.reserve(size_packet); // To avoid reallocation when inserting EAP packet header later.
// Data of Legacy Nak packet is a list of supported EAP types: our method alone.
packet.assign(1, m_eap_method);
packet.assign(1, (unsigned char)m_eap_method);
}
size_t size_packet = packet.size() + sizeof(EapPacket);

8
lib/EAPBase_UI/src/EAP_UI.cpp
View File

@ -222,10 +222,10 @@ wxEAPCredentialWarningPanel::wxEAPCredentialWarningPanel(const eap::config_provi
m_note_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(161)));
m_note_label->SetLabel((
status == eap::config_method::status_cred_invalid ? _("Previous attempt to connect reported invalid credentials.") :
status == eap::config_method::status_cred_expired ? _("Previous attempt to connect reported your credentials expired.") :
status == eap::config_method::status_cred_changing ? _("Previous attempt to connect reported your credentials are being changed.") :
_("Previous attempt to connect failed.")) + " " +
status == eap::config_method::status_t::cred_invalid ? _("Previous attempt to connect reported invalid credentials.") :
status == eap::config_method::status_t::cred_expired ? _("Previous attempt to connect reported your credentials expired.") :
status == eap::config_method::status_t::cred_changing ? _("Previous attempt to connect reported your credentials are being changed.") :
_("Previous attempt to connect failed.")) + " " +
_("Please, make sure your credentials are correct, or try again later."));
m_note_label->Wrap(FromDIP(449));

6
lib/EapHost/include/Credentials.h
View File

@ -130,9 +130,9 @@ namespace eap
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c source_cache Credentials were obtained from EapHost cache
/// - \c source_config Credentials were set by method configuration
/// - \c source_storage Credentials were loaded from Windows Credential Manager
/// - \c source_t::cache Credentials were obtained from EapHost cache
/// - \c source_t::config Credentials were set by method configuration
/// - \c source_t::storage Credentials were loaded from Windows Credential Manager
///
virtual source_t combine(
_In_ DWORD dwFlags,

18
lib/EapHost/src/Credentials.cpp
View File

@ -230,29 +230,29 @@ eap::credentials::source_t eap::credentials_eaphost::combine(
// To mimic that behaviour, we do the same:
// 1. Retrieve credentials from cache, store, or configuration
// 2. Call EapHostPeerGetIdentity()
source_t src = source_unknown;
source_t src = source_t::unknown;
if (cred_cached) {
// Using EAP service cached credentials.
*this = *dynamic_cast<const credentials_eaphost*>(cred_cached);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
src = source_cache;
src = source_t::cache;
}
// Note: Currently we do not provide credential storage for EapHost methods within configuration.
// EapHost credentials will never get loaded from configuration, since config_method_eaphost is config_method based, not config_method_with_cred.
// The code is kept (and maintained) for consistency with another methods, if we choose to provide that feature at a later time.
if (src == source_unknown) {
if (src == source_t::unknown) {
auto cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
if (cfg_with_cred && cfg_with_cred->m_use_cred) {
// Using configured credentials.
*this = *dynamic_cast<const credentials_eaphost*>(cfg_with_cred->m_cred.get());
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_eaphost::get_name()), event_data(pszTargetName), event_data::blank);
src = source_config;
src = source_t::config;
}
}
if (src == source_unknown && pszTargetName) {
if (src == source_t::unknown && pszTargetName) {
// Switch user context.
user_impersonator impersonating(hTokenImpersonateUser);
@ -263,7 +263,7 @@ eap::credentials::source_t eap::credentials_eaphost::combine(
// Using stored credentials.
*this = std::move(cred_loaded);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
src = source_storage;
src = source_t::storage;
} catch (...) {
// Not actually an error.
}
@ -280,7 +280,7 @@ eap::credentials::source_t eap::credentials_eaphost::combine(
dwFlags,
cfg_eaphost->get_type(),
(DWORD)cfg_eaphost->m_cfg_blob.size(), cfg_eaphost->m_cfg_blob.data(),
src != source_unknown ? (DWORD)m_cred_blob.size() : 0, src != source_unknown ? m_cred_blob.data() : NULL,
src != source_t::unknown ? (DWORD)m_cred_blob.size() : 0, src != source_t::unknown ? m_cred_blob.data() : NULL,
hTokenImpersonateUser,
&fInvokeUI,
&cred_data_size, get_ptr(cred_data),
@ -295,7 +295,7 @@ eap::credentials::source_t eap::credentials_eaphost::combine(
m_cred_blob.assign(_cred_data, _cred_data + cred_data_size);
SecureZeroMemory(_cred_data, cred_data_size);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_EAPHOST, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
return source_lower;
return source_t::lower;
} else
SecureZeroMemory(cred_data.get(), cred_data_size);
} else if (error) {
@ -306,7 +306,7 @@ eap::credentials::source_t eap::credentials_eaphost::combine(
m_module.log_event(&EAPMETHOD_TRACE_EVT_WIN_ERROR, event_data((unsigned int)dwResult), event_data(__FUNCTION__ " EapHostPeerGetIdentity failed."), event_data::blank);
}
return source_unknown;
return source_t::unknown;
}

4
lib/EapHost/src/Method.cpp
View File

@ -69,7 +69,7 @@ void eap::method_eaphost::begin_session(
// Presume authentication will fail with generic protocol failure. (Pesimist!!!)
// We will reset once we get get_result(Success) call.
m_cfg.m_last_status = config_method::status_auth_failed;
m_cfg.m_last_status = config_method::status_t::auth_failed;
m_cfg.m_last_msg.clear();
// Create EapHost peer session using available connection data (m_cfg) and user data (m_cred).
@ -197,7 +197,7 @@ void eap::method_eaphost::get_result(
}
if (reason == EapPeerMethodResultSuccess)
m_cfg.m_last_status = config_method::status_success;
m_cfg.m_last_status = config_method::status_t::success;
// Always ask EAP host to save the connection data. And it will save it *only* when we report "success".
// Don't worry. EapHost is well aware of failed authentication condition.

8
lib/GTC/include/Config.h
View File

@ -48,9 +48,9 @@ namespace eap
///
/// Authentication mode
///
enum auth_mode_t {
auth_mode_response = 0, ///< Challenge/Response
auth_mode_password, ///< Password
enum class auth_mode_t {
response = 0, ///< Challenge/Response
password, ///< Password
};
public:
@ -111,7 +111,7 @@ namespace eap
///
/// @copydoc eap::config_method::get_method_id()
/// \returns This implementation always returns `winstd::eap_type_gtc`
/// \returns This implementation always returns `winstd::eap_type_t::gtc`
///
virtual winstd::eap_type_t get_method_id() const;

16
lib/GTC/src/Config.cpp
View File

@ -119,9 +119,9 @@ void eap::config_method_eapgtc::operator<<(_Inout_ cursor_out &cursor) const
{
// Save authentication mode first, as credential loading will require this information.
if (dynamic_cast<credentials_identity*>(m_cred.get()))
cursor << auth_mode_response;
cursor << auth_mode_t::response;
else if (dynamic_cast<credentials_pass*>(m_cred.get()))
cursor << auth_mode_password;
cursor << auth_mode_t::password;
else
throw invalid_argument(__FUNCTION__ " Unsupported authentication mode.");
@ -133,9 +133,9 @@ size_t eap::config_method_eapgtc::get_pk_size() const
{
auth_mode_t auth_mode;
if (dynamic_cast<credentials_identity*>(m_cred.get()))
auth_mode = auth_mode_response;
auth_mode = auth_mode_t::response;
else if (dynamic_cast<credentials_pass*>(m_cred.get()))
auth_mode = auth_mode_password;
auth_mode = auth_mode_t::password;
else
throw invalid_argument(__FUNCTION__ " Unsupported authentication mode.");
@ -151,9 +151,9 @@ void eap::config_method_eapgtc::operator>>(_Inout_ cursor_in &cursor)
auth_mode_t auth_mode;
cursor >> auth_mode;
switch (auth_mode) {
case auth_mode_response: m_cred.reset(new eap::credentials_identity(m_module)); break;
case auth_mode_password: m_cred.reset(new eap::credentials_pass (m_module)); break;
default : throw invalid_argument(string_printf(__FUNCTION__ " Unsupported authentication mode (%u).", auth_mode));
case auth_mode_t::response: m_cred.reset(new eap::credentials_identity(m_module)); break;
case auth_mode_t::password: m_cred.reset(new eap::credentials_pass (m_module)); break;
default : throw invalid_argument(string_printf(__FUNCTION__ " Unsupported authentication mode (%u).", auth_mode));
}
config_method_with_cred::operator>>(cursor);
@ -162,7 +162,7 @@ void eap::config_method_eapgtc::operator>>(_Inout_ cursor_in &cursor)
eap_type_t eap::config_method_eapgtc::get_method_id() const
{
return eap_type_gtc;
return eap_type_t::gtc;
}

14
lib/GTC/src/Method.cpp
View File

@ -70,7 +70,7 @@ void eap::method_gtc::begin_session(
// Presume authentication will fail with generic protocol failure. (Pesimist!!!)
// We will reset once we get get_result(Success) call.
m_cfg.m_last_status = config_method::status_auth_failed;
m_cfg.m_last_status = config_method::status_t::auth_failed;
m_cfg.m_last_msg.clear();
}
@ -81,14 +81,14 @@ EapPeerMethodResponseAction eap::method_gtc::process_request_packet(
{
assert(pReceivedPacket || dwReceivedPacketSize == 0);
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_gtc), event_data::blank);
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_t::gtc), event_data::blank);
credentials_pass *cred_pass;
if (dynamic_cast<credentials_identity*>(&m_cred)) {
// Read authenticator challenge as UTF-8 encoded string.
MultiByteToWideChar(CP_UTF8, 0, (LPCSTR)pReceivedPacket, dwReceivedPacketSize, m_challenge);
m_module.log_event(&EAPMETHOD_GTC_RESPONSE_REQ, event_data((unsigned int)eap_type_gtc), event_data::blank);
m_module.log_event(&EAPMETHOD_GTC_RESPONSE_REQ, event_data((unsigned int)eap_type_t::gtc), event_data::blank);
// User must respond to the challenge.
return EapPeerMethodResponseActionInvokeUI;
@ -97,7 +97,7 @@ EapPeerMethodResponseAction eap::method_gtc::process_request_packet(
m_response = cred_pass->m_password;
// Send the response.
m_cfg.m_last_status = config_method::status_cred_invalid; // Blame "credentials" if we fail beyond this point.
m_cfg.m_last_status = config_method::status_t::cred_invalid; // Blame "credentials" if we fail beyond this point.
return EapPeerMethodResponseActionSend;
} else
throw invalid_argument(__FUNCTION__ " Unsupported authentication mode.");
@ -128,7 +128,7 @@ void eap::method_gtc::get_result(
method::get_result(reason, pResult);
if (reason == EapPeerMethodResultSuccess)
m_cfg.m_last_status = config_method::status_success;
m_cfg.m_last_status = config_method::status_t::success;
// Always ask EAP host to save the connection data. And it will save it *only* when we report "success".
// Don't worry. EapHost is well aware of failed authentication condition.
@ -150,7 +150,7 @@ EapPeerMethodResponseAction eap::method_gtc::set_ui_context(
_In_count_(dwUIContextDataSize) const BYTE *pUIContextData,
_In_ DWORD dwUIContextDataSize)
{
m_module.log_event(&EAPMETHOD_GTC_RESPONSE, event_data((unsigned int)eap_type_gtc), event_data::blank);
m_module.log_event(&EAPMETHOD_GTC_RESPONSE, event_data((unsigned int)eap_type_t::gtc), event_data::blank);
// Save GTC response.
m_response.assign(
@ -158,6 +158,6 @@ EapPeerMethodResponseAction eap::method_gtc::set_ui_context(
reinterpret_cast<sanitizing_wstring::const_pointer>(pUIContextData + dwUIContextDataSize));
// Send the response.
m_cfg.m_last_status = config_method::status_cred_invalid; // Blame "credentials" if we fail beyond this point.
m_cfg.m_last_status = config_method::status_t::cred_invalid; // Blame "credentials" if we fail beyond this point.
return EapPeerMethodResponseActionSend;
}

4
lib/MSCHAPv2/include/Config.h
View File

@ -90,7 +90,7 @@ namespace eap
///
/// @copydoc eap::config_method::get_method_id()
/// \returns This implementation always returns `winstd::eap_type_legacy_mschapv2`
/// \returns This implementation always returns `winstd::eap_type_t::legacy_mschapv2`
///
virtual winstd::eap_type_t get_method_id() const;
@ -158,7 +158,7 @@ namespace eap
///
/// @copydoc eap::config_method::get_method_id()
/// \returns This implementation always returns `winstd::eap_type_mschapv2`
/// \returns This implementation always returns `winstd::eap_type_t::mschapv2`
///
virtual winstd::eap_type_t get_method_id() const;

15
lib/MSCHAPv2/include/MSCHAPv2.h
View File

@ -23,7 +23,7 @@
namespace eap
{
enum chap_packet_code_t : unsigned char;
enum class chap_packet_code_t : unsigned char;
struct WINSTD_NOVTABLE chap_header;
struct WINSTD_NOVTABLE challenge_mschapv2;
struct WINSTD_NOVTABLE challenge_hash;
@ -65,13 +65,12 @@ namespace eap
/// CHAP packet codes
///
#pragma warning(suppress: 4480)
enum chap_packet_code_t : unsigned char {
chap_packet_code_challenge = 1, ///< Challenge
chap_packet_code_response = 2, ///< Response
chap_packet_code_success = 3, ///< Success
chap_packet_code_failure = 4, ///< Failure
mschapv2_packet_code_change_password = 7, ///< Change password
enum class chap_packet_code_t : unsigned char {
challenge = 1, ///< Challenge
response = 2, ///< Response
success = 3, ///< Success
failure = 4, ///< Failure
change_password = 7, ///< Change password
};

12
lib/MSCHAPv2/include/Method.h
View File

@ -254,12 +254,12 @@ namespace eap
///
/// Communication phase
///
enum {
phase_unknown = -1, ///< Unknown phase
phase_init = 0, ///< Send client challenge
phase_challenge_server, ///< Verify server challenge
phase_finished, ///< Connection shut down
} m_phase; ///< What phase is our communication at?
enum class phase_t {
unknown = -1, ///< Unknown phase
init = 0, ///< Send client challenge
challenge_server, ///< Verify server challenge
finished, ///< Connection shut down
} m_phase; ///< What phase is our communication at?
};
/// @}

4
lib/MSCHAPv2/src/Config.cpp
View File

@ -72,7 +72,7 @@ eap::config* eap::config_method_mschapv2::clone() const
eap_type_t eap::config_method_mschapv2::get_method_id() const
{
return eap_type_legacy_mschapv2;
return eap_type_t::legacy_mschapv2;
}
@ -135,7 +135,7 @@ eap::config* eap::config_method_eapmschapv2::clone() const
eap_type_t eap::config_method_eapmschapv2::get_method_id() const
{
return eap_type_mschapv2;
return eap_type_t::mschapv2;
}

64
lib/MSCHAPv2/src/Method.cpp
View File

@ -79,7 +79,7 @@ void eap::method_mschapv2_base::begin_session(
// Presume authentication will fail with generic protocol failure. (Pesimist!!!)
// We will reset once we get get_result(Success) call.
m_cfg.m_last_status = config_method::status_auth_failed;
m_cfg.m_last_status = config_method::status_t::auth_failed;
m_cfg.m_last_msg.clear();
// Create cryptographics provider for support needs (client challenge ...).
@ -108,7 +108,7 @@ void eap::method_mschapv2_base::get_result(
method::get_result(reason, pResult);
if (reason == EapPeerMethodResultSuccess)
m_cfg.m_last_status = config_method::status_success;
m_cfg.m_last_status = config_method::status_t::success;
// Always ask EAP host to save the connection data. And it will save it *only* when we report "success".
// Don't worry. EapHost is well aware of failed authentication condition.
@ -119,7 +119,7 @@ void eap::method_mschapv2_base::get_result(
void eap::method_mschapv2_base::process_success(_In_ const list<string> &argv)
{
assert(m_cfg.m_last_status != config_method::status_success);
assert(m_cfg.m_last_status != config_method::status_t::success);
for (auto arg = argv.cbegin(), arg_end = argv.cend(); arg != arg_end; ++arg) {
const string &val = *arg;
@ -140,11 +140,11 @@ void eap::method_mschapv2_base::process_success(_In_ const list<string> &argv)
throw invalid_argument(__FUNCTION__ " MS-CHAP2-Success authentication response string failed.");
m_module.log_event(&EAPMETHOD_METHOD_SUCCESS, event_data((unsigned int)m_cfg.get_method_id()), event_data::blank);
m_cfg.m_last_status = config_method::status_success;
m_cfg.m_last_status = config_method::status_t::success;
}
}
if (m_cfg.m_last_status != config_method::status_success)
if (m_cfg.m_last_status != config_method::status_t::success)
throw invalid_argument(__FUNCTION__ " MS-CHAP2-Success authentication response string not found.");
}
@ -157,12 +157,12 @@ void eap::method_mschapv2_base::process_error(_In_ const list<string> &argv)
DWORD dwResult = strtoul(val.data() + 2, NULL, 10);
m_module.log_event(&EAPMETHOD_METHOD_FAILURE_ERROR, event_data((unsigned int)m_cfg.get_method_id()), event_data(dwResult), event_data::blank);
switch (dwResult) {
case ERROR_ACCT_DISABLED : m_cfg.m_last_status = config_method::status_account_disabled ; break;
case ERROR_RESTRICTED_LOGON_HOURS: m_cfg.m_last_status = config_method::status_account_logon_hours; break;
case ERROR_NO_DIALIN_PERMISSION : m_cfg.m_last_status = config_method::status_account_denied ; break;
case ERROR_PASSWD_EXPIRED : m_cfg.m_last_status = config_method::status_cred_expired ; break;
case ERROR_CHANGING_PASSWORD : m_cfg.m_last_status = config_method::status_cred_changing ; break;
default : m_cfg.m_last_status = config_method::status_cred_invalid ;
case ERROR_ACCT_DISABLED : m_cfg.m_last_status = config_method::status_t::account_disabled ; break;
case ERROR_RESTRICTED_LOGON_HOURS: m_cfg.m_last_status = config_method::status_t::account_logon_hours; break;
case ERROR_NO_DIALIN_PERMISSION : m_cfg.m_last_status = config_method::status_t::account_denied ; break;
case ERROR_PASSWD_EXPIRED : m_cfg.m_last_status = config_method::status_t::cred_expired ; break;
case ERROR_CHANGING_PASSWORD : m_cfg.m_last_status = config_method::status_t::cred_changing ; break;
default : m_cfg.m_last_status = config_method::status_t::cred_invalid ;
}
} else if ((val[0] == 'C' || val[0] == 'c') && val[1] == '=') {
hex_dec dec;
@ -247,8 +247,8 @@ EapPeerMethodResponseAction eap::method_mschapv2::process_request_packet(
m_ident = hdr->ident;
switch (hdr->code) {
case chap_packet_code_challenge: {
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_mschapv2), event_data::blank);
case chap_packet_code_t::challenge: {
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_t::mschapv2), event_data::blank);
if (msg + 1 > msg_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete CHAP challenge packet.");
@ -279,7 +279,7 @@ EapPeerMethodResponseAction eap::method_mschapv2::process_request_packet(
value.push_back(0); // Flags
chap_header hdr_resp;
hdr_resp.code = chap_packet_code_response;
hdr_resp.code = chap_packet_code_t::response;
hdr_resp.ident = m_ident;
size_t size_value = value.size();
*reinterpret_cast<unsigned short*>(hdr_resp.length) = htons((unsigned short)(sizeof(chap_header) + 1 + size_value + identity_utf8.length()));
@ -291,21 +291,21 @@ EapPeerMethodResponseAction eap::method_mschapv2::process_request_packet(
m_packet_res.insert(m_packet_res.end(), value.begin(), value.end());
m_packet_res.insert(m_packet_res.end(), identity_utf8.begin(), identity_utf8.end());
m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point.
m_cfg.m_last_status = config_method::status_t::cred_invalid; // Blame credentials if we fail beyond this point.
return EapPeerMethodResponseActionSend;
}
case chap_packet_code_success:
case chap_packet_code_t::success:
process_success(parse_response(reinterpret_cast<const char*>(msg), reinterpret_cast<const char*>(msg_end) - reinterpret_cast<const char*>(msg)));
if (m_cfg.m_last_status == config_method::status_success) {
// Acknowledge the authentication by sending a "3" (chap_packet_code_success).
m_packet_res.assign(1, chap_packet_code_success);
m_cfg.m_last_status = config_method::status_auth_failed; // Blame protocol if we fail beyond this point.
if (m_cfg.m_last_status == config_method::status_t::success) {
// Acknowledge the authentication by sending a "3" (chap_packet_code_t::success).
m_packet_res.assign(1, (unsigned char)chap_packet_code_t::success);
m_cfg.m_last_status = config_method::status_t::auth_failed; // Blame protocol if we fail beyond this point.
return EapPeerMethodResponseActionSend;
} else
return EapPeerMethodResponseActionDiscard;
case chap_packet_code_failure:
case chap_packet_code_t::failure:
process_error(parse_response(reinterpret_cast<const char*>(msg), reinterpret_cast<const char*>(msg_end) - reinterpret_cast<const char*>(msg)));
return EapPeerMethodResponseActionDiscard;
}
@ -322,7 +322,7 @@ EapPeerMethodResponseAction eap::method_mschapv2::process_request_packet(
//////////////////////////////////////////////////////////////////////
eap::method_mschapv2_diameter::method_mschapv2_diameter(_In_ module &mod, _In_ config_method_mschapv2 &cfg, _In_ credentials_pass &cred) :
m_phase(phase_unknown),
m_phase(phase_t::unknown),
method_mschapv2_base(mod, cfg, cred)
{
}
@ -354,7 +354,7 @@ void eap::method_mschapv2_diameter::begin_session(
{
method_mschapv2_base::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
m_phase = phase_init;
m_phase = phase_t::init;
}
@ -365,8 +365,8 @@ EapPeerMethodResponseAction eap::method_mschapv2_diameter::process_request_packe
assert(pReceivedPacket || dwReceivedPacketSize == 0);
switch (m_phase) {
case phase_init: {
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_legacy_mschapv2), event_data::blank);
case phase_t::init: {
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_t::legacy_mschapv2), event_data::blank);
// Randomize Peer-Challenge.
m_challenge_client.randomize(m_cp);
@ -396,25 +396,25 @@ EapPeerMethodResponseAction eap::method_mschapv2_diameter::process_request_packe
diameter_avp_append(11, 311, diameter_avp_flag_mandatory, m_challenge_server.data(), (unsigned int)m_challenge_server.size(), m_packet_res);
diameter_avp_append(25, 311, diameter_avp_flag_mandatory, response .data(), (unsigned int)response .size(), m_packet_res);
m_phase = phase_challenge_server;
m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point.
m_phase = phase_t::challenge_server;
m_cfg.m_last_status = config_method::status_t::cred_invalid; // Blame credentials if we fail beyond this point.
return EapPeerMethodResponseActionSend;
}
case phase_challenge_server: {
case phase_t::challenge_server: {
process_packet(pReceivedPacket, dwReceivedPacketSize);
if (m_cfg.m_last_status == config_method::status_success) {
m_phase = phase_finished;
if (m_cfg.m_last_status == config_method::status_t::success) {
m_phase = phase_t::finished;
// Acknowledge the authentication by sending an empty response packet.
m_packet_res.clear();
m_cfg.m_last_status = config_method::status_auth_failed; // Blame protocol if we fail beyond this point.
m_cfg.m_last_status = config_method::status_t::auth_failed; // Blame protocol if we fail beyond this point.
return EapPeerMethodResponseActionSend;
} else
return EapPeerMethodResponseActionDiscard;
}
case phase_finished:
case phase_t::finished:
return EapPeerMethodResponseActionNone;
default:

2
lib/PAP/include/Config.h
View File

@ -89,7 +89,7 @@ namespace eap
///
/// @copydoc eap::config_method::get_method_id()
/// \returns This implementation always returns `winstd::eap_type_legacy_pap`
/// \returns This implementation always returns `winstd::eap_type_t::legacy_pap`
///
virtual winstd::eap_type_t get_method_id() const;

8
lib/PAP/include/Method.h
View File

@ -104,10 +104,10 @@ namespace eap
///
/// Communication phase
///
enum {
phase_unknown = -1, ///< Unknown phase
phase_init = 0, ///< Handshake initialize
phase_finished, ///< Connection shut down
enum class phase_t {
unknown = -1, ///< Unknown phase
init = 0, ///< Handshake initialize
finished, ///< Connection shut down
} m_phase; ///< What phase is our communication at?
sanitizing_blob m_packet_res; ///< Response packet

2
lib/PAP/src/Config.cpp
View File

@ -72,7 +72,7 @@ eap::config* eap::config_method_pap::clone() const
eap_type_t eap::config_method_pap::get_method_id() const
{
return eap_type_legacy_pap;
return eap_type_t::legacy_pap;
}

18
lib/PAP/src/Method.cpp
View File

@ -31,7 +31,7 @@ using namespace winstd;
eap::method_pap_diameter::method_pap_diameter(_In_ module &mod, _In_ config_method_pap &cfg, _In_ credentials_pass &cred) :
m_cfg(cfg),
m_cred(cred),
m_phase(phase_unknown),
m_phase(phase_t::unknown),
method(mod)
{
}
@ -71,10 +71,10 @@ void eap::method_pap_diameter::begin_session(
// Presume authentication will fail with generic protocol failure. (Pesimist!!!)
// We will reset once we get get_result(Success) call.
m_cfg.m_last_status = config_method::status_auth_failed;
m_cfg.m_last_status = config_method::status_t::auth_failed;
m_cfg.m_last_msg.clear();
m_phase = phase_init;
m_phase = phase_t::init;
}
@ -86,8 +86,8 @@ EapPeerMethodResponseAction eap::method_pap_diameter::process_request_packet(
UNREFERENCED_PARAMETER(dwReceivedPacketSize);
switch (m_phase) {
case phase_init: {
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_legacy_pap), event_data::blank);
case phase_t::init: {
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_t::legacy_pap), event_data::blank);
// Convert username and password to UTF-8.
sanitizing_string identity_utf8, password_utf8;
@ -103,12 +103,12 @@ EapPeerMethodResponseAction eap::method_pap_diameter::process_request_packet(
diameter_avp_append(1, diameter_avp_flag_mandatory, identity_utf8.data(), (unsigned int)identity_utf8.size(), m_packet_res);
diameter_avp_append(2, diameter_avp_flag_mandatory, password_utf8.data(), (unsigned int)password_utf8.size(), m_packet_res);
m_phase = phase_finished;
m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point.
m_phase = phase_t::finished;
m_cfg.m_last_status = config_method::status_t::cred_invalid; // Blame credentials if we fail beyond this point.
return EapPeerMethodResponseActionSend;
}
case phase_finished:
case phase_t::finished:
return EapPeerMethodResponseActionNone;
default:
@ -137,7 +137,7 @@ void eap::method_pap_diameter::get_result(
method::get_result(reason, pResult);
if (reason == EapPeerMethodResultSuccess)
m_cfg.m_last_status = config_method::status_success;
m_cfg.m_last_status = config_method::status_t::success;
// Always ask EAP host to save the connection data. And it will save it *only* when we report "success".
// Don't worry. EapHost is well aware of failed authentication condition.

2
lib/TLS/include/Config.h
View File

@ -126,7 +126,7 @@ namespace eap
///
/// @copydoc eap::config_method::get_method_id()
/// \returns This implementation always returns `winstd::eap_type_tls`
/// \returns This implementation always returns `winstd::eap_type_t::tls`
///
virtual winstd::eap_type_t get_method_id() const;

6
lib/TLS/include/Credentials.h
View File

@ -132,9 +132,9 @@ namespace eap
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c source_cache Credentials were obtained from EapHost cache
/// - \c source_config Credentials were set by method configuration
/// - \c source_storage Credentials were loaded from Windows Credential Manager
/// - \c source_t::cache Credentials were obtained from EapHost cache
/// - \c source_t::config Credentials were set by method configuration
/// - \c source_t::storage Credentials were loaded from Windows Credential Manager
///
virtual source_t combine(
_In_ DWORD dwFlags,

2
lib/TLS/src/Config.cpp
View File

@ -256,7 +256,7 @@ void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor)
eap_type_t eap::config_method_tls::get_method_id() const
{
return eap_type_tls;
return eap_type_t::tls;
}

14
lib/TLS/src/Credentials.cpp
View File

@ -310,16 +310,16 @@ eap::credentials::source_t eap::credentials_tls::combine(
if (cred_cached) {
// Using EAP service cached credentials.
*this = *dynamic_cast<const credentials_tls*>(cred_cached);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
return source_cache;
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)eap_type_t::tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
return source_t::cache;
}
auto cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
if (cfg_with_cred && cfg_with_cred->m_use_cred) {
// Using configured credentials.
*this = *dynamic_cast<const credentials_tls*>(cfg_with_cred->m_cred.get());
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
return source_config;
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)eap_type_t::tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
return source_t::config;
}
if (pszTargetName) {
@ -332,14 +332,14 @@ eap::credentials::source_t eap::credentials_tls::combine(
// Using stored credentials.
*this = std::move(cred_loaded);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
return source_storage;
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)eap_type_t::tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
return source_t::storage;
} catch (...) {
// Not actually an error.
}
}
return source_unknown;
return source_t::unknown;
}

2
lib/TTLS/include/Config.h
View File

@ -106,7 +106,7 @@ namespace eap
///
/// @copydoc eap::config_method::get_method_id()
/// \returns This implementation always returns `winstd::eap_type_ttls`
/// \returns This implementation always returns `winstd::eap_type_t::ttls`
///
virtual winstd::eap_type_t get_method_id() const;

6
lib/TTLS/include/Credentials.h
View File

@ -121,9 +121,9 @@ namespace eap
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c source_cache Credentials were obtained from EapHost cache
/// - \c source_config Credentials were set by method configuration
/// - \c source_storage Credentials were loaded from Windows Credential Manager
/// - \c source_t::cache Credentials were obtained from EapHost cache
/// - \c source_t::config Credentials were set by method configuration
/// - \c source_t::storage Credentials were loaded from Windows Credential Manager
///
virtual source_t combine(
_In_ DWORD dwFlags,

18
lib/TTLS/include/Method.h
View File

@ -196,10 +196,10 @@ namespace eap
///
/// Communication phase
///
enum {
phase_unknown = -1, ///< Unknown phase
phase_identity = 0, ///< Send identity
phase_finished, ///< Connection shut down
enum class phase_t {
unknown = -1, ///< Unknown phase
identity = 0, ///< Send identity
finished, ///< Connection shut down
} m_phase; ///< What phase is our communication at?
sanitizing_blob m_packet_res; ///< Response packet
@ -289,11 +289,11 @@ namespace eap
///
/// Communication phase
///
enum {
phase_unknown = -1, ///< Unknown phase
phase_handshake_init = 0, ///< Handshake initialize
phase_handshake_cont, ///< Handshake continue
phase_finished, ///< Exchange application data
enum class phase_t {
unknown = -1, ///< Unknown phase
handshake_init = 0, ///< Handshake initialize
handshake_cont, ///< Handshake continue
finished, ///< Exchange application data
} m_phase; ///< What phase is our communication at?
sanitizing_blob m_packet_res; ///< Response packet

18
lib/TTLS/src/Config.cpp
View File

@ -110,7 +110,7 @@ void eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode
throw com_runtime_error(hr, __FUNCTION__ " Error creating <InnerAuthenticationMethod> element.");
eap_type_t eap_type = m_inner->get_method_id();
if (eap_type_noneap_start <= eap_type && eap_type < eap_type_noneap_end) {
if (eap_type_t::noneap_start <= eap_type && eap_type < eap_type_t::noneap_end) {
// <InnerAuthenticationMethod>/<NonEAPAuthMethod>
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElInnerAuthenticationMethod, bstr(L"NonEAPAuthMethod"), namespace_eapmetadata, bstr(m_inner->get_method_str()))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <NonEAPAuthMethod> element.");
@ -201,7 +201,7 @@ void eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot)
DWORD dwMethod;
bstr bstrMethod;
if (SUCCEEDED(eapxml::get_element_value(pXmlElInnerAuthenticationMethod, bstr(L"eap-metadata:EAPMethod"), dwMethod)) &&
eap_type_start <= dwMethod && dwMethod < eap_type_end)
eap_type_t::start <= (eap_type_t)dwMethod && (eap_type_t)dwMethod < eap_type_t::end)
{
m_inner.reset(make_config_method((eap_type_t)dwMethod));
m_module.log_config((xpath + L"/EAPMethod").c_str(), m_inner->get_method_str());
@ -248,7 +248,7 @@ void eap::config_method_ttls::operator>>(_Inout_ cursor_in &cursor)
eap_type_t eap::config_method_ttls::get_method_id() const
{
return eap_type_ttls;
return eap_type_t::ttls;
}
@ -269,14 +269,14 @@ eap::credentials* eap::config_method_ttls::make_credentials() const
eap::config_method* eap::config_method_ttls::make_config_method(_In_ winstd::eap_type_t eap_type) const
{
switch (eap_type) {
case eap_type_legacy_pap : return new config_method_pap (m_module, m_level + 1);
case eap_type_legacy_mschapv2: return new config_method_mschapv2 (m_module, m_level + 1);
case eap_type_mschapv2 : return new config_method_eapmschapv2(m_module, m_level + 1);
case eap_type_gtc : return new config_method_eapgtc (m_module, m_level + 1);
case eap_type_t::legacy_pap : return new config_method_pap (m_module, m_level + 1);
case eap_type_t::legacy_mschapv2: return new config_method_mschapv2 (m_module, m_level + 1);
case eap_type_t::mschapv2 : return new config_method_eapmschapv2(m_module, m_level + 1);
case eap_type_t::gtc : return new config_method_eapgtc (m_module, m_level + 1);
#if EAP_INNER_EAPHOST
default : return new config_method_eaphost (m_module, m_level + 1); // EapHost peer method handles all other method types
default : return new config_method_eaphost (m_module, m_level + 1); // EapHost peer method handles all other method types
#else
default : throw invalid_argument(string_printf(__FUNCTION__ " Unsupported inner authentication method (%d).", eap_type));
default : throw invalid_argument(string_printf(__FUNCTION__ " Unsupported inner authentication method (%d).", eap_type));
#endif
}
}

48
lib/TTLS/src/Method.cpp
View File

@ -175,7 +175,7 @@ void eap::method_defrag::get_response_packet(
eap::method_eapmsg::method_eapmsg(_In_ module &mod, _In_ const wchar_t *identity, _In_ method *inner) :
m_identity(identity),
m_phase(phase_unknown),
m_phase(phase_t::unknown),
method_tunnel(mod, inner)
{
}
@ -219,7 +219,7 @@ void eap::method_eapmsg::begin_session(
assert(m_inner);
m_inner->begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, std::min<DWORD>(dwMaxSendPacketSize, 0xffffff) - sizeof(diameter_avp_header));
m_phase = phase_identity;
m_phase = phase_t::identity;
}
@ -228,7 +228,7 @@ EapPeerMethodResponseAction eap::method_eapmsg::process_request_packet(
_In_ DWORD dwReceivedPacketSize)
{
switch (m_phase) {
case phase_identity: {
case phase_t::identity: {
// Convert identity to UTF-8.
sanitizing_string identity_utf8;
WideCharToMultiByte(CP_UTF8, 0, m_identity, identity_utf8, NULL, NULL);
@ -239,18 +239,18 @@ EapPeerMethodResponseAction eap::method_eapmsg::process_request_packet(
eap_packet pck;
if (!pck.create(EapCodeResponse, 0, (WORD)size_packet))
throw win_runtime_error(__FUNCTION__ " EapPacket creation failed.");
pck->Data[0] = eap_type_identity;
pck->Data[0] = (BYTE)eap_type_t::identity;
memcpy(pck->Data + 1, identity_utf8.data(), size_identity);
// Diameter AVP (EAP-Message=79)
m_packet_res.clear();
diameter_avp_append(79, diameter_avp_flag_mandatory, (const EapPacket*)pck, (unsigned int)size_packet, m_packet_res);
m_phase = phase_finished;
m_phase = phase_t::finished;
return EapPeerMethodResponseActionSend;
}
case phase_finished: {
case phase_t::finished: {
EapPeerMethodResponseAction action = EapPeerMethodResponseActionNone;
bool eap_message_found = false;
@ -340,7 +340,7 @@ eap::method_ttls::method_ttls(_In_ module &mod, _In_ config_method_ttls &cfg, _I
m_cfg(cfg),
m_cred(cred),
m_user_ctx(NULL),
m_phase(phase_unknown),
m_phase(phase_t::unknown),
m_packet_res_inner(false),
method_tunnel(mod, inner)
{
@ -404,7 +404,7 @@ void eap::method_ttls::begin_session(
// Presume authentication will fail with generic protocol failure. (Pesimist!!!)
// We will reset once we get get_result(Success) call.
m_cfg.m_last_status = config_method::status_auth_failed;
m_cfg.m_last_status = config_method::status_t::auth_failed;
m_cfg.m_last_msg.clear();
m_user_ctx = hTokenImpersonateUser;
@ -456,7 +456,7 @@ void eap::method_ttls::begin_session(
if (FAILED(stat))
throw sec_runtime_error(stat, __FUNCTION__ " Error acquiring Schannel credentials handle.");
m_phase = phase_handshake_init;
m_phase = phase_t::handshake_init;
}
@ -469,8 +469,8 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
user_impersonator impersonating(m_user_ctx);
switch (m_phase) {
case phase_handshake_init: {
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_ttls), event_data::blank);
case phase_t::handshake_init: {
m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_t::ttls), event_data::blank);
// Prepare input buffer(s).
SecBuffer buf_in[] = {
@ -512,7 +512,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
} else
m_sc_queue.clear();
m_phase = phase_handshake_cont;
m_phase = phase_t::handshake_cont;
m_packet_res_inner = false;
return EapPeerMethodResponseActionSend;
} else if (FAILED(status)) {
@ -529,7 +529,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
throw sec_runtime_error(status, __FUNCTION__ " Unexpected Schannel result.");
}
case phase_handshake_cont: {
case phase_t::handshake_cont: {
m_sc_queue.insert(m_sc_queue.end(), reinterpret_cast<const unsigned char*>(pReceivedPacket), reinterpret_cast<const unsigned char*>(pReceivedPacket) + dwReceivedPacketSize);
// Prepare input buffer(s).
@ -577,7 +577,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
enc.encode(hash_unicode, hash.data(), hash.size());
if (RegQueryValueExW(key, hash_unicode.c_str(), NULL, NULL, subj) == ERROR_SUCCESS) {
// A certificate in the chain is found to be revoked as compromised.
m_cfg.m_last_status = config_method::status_server_compromised;
m_cfg.m_last_status = config_method::status_t::server_compromised;
throw com_runtime_error(CRYPT_E_REVOKED, __FUNCTION__ " Server certificate or one of its issuer's certificate has been found revoked as compromised. Your credentials were probably sent to this server during previous connection attempts, thus changing your credentials (in a safe manner) is strongly advised. Please, contact your helpdesk immediately.");
}
}
@ -607,7 +607,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
if (status == SEC_I_CONTINUE_NEEDED) {
// Blame credentials if we fail beyond this point.
m_cfg.m_last_status = config_method::status_cred_invalid;
m_cfg.m_last_status = config_method::status_t::cred_invalid;
m_packet_res_inner = false;
} else {
SecPkgContext_Authority auth;
@ -619,7 +619,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
SecPkgContext_ConnectionInfo info;
if (SUCCEEDED(status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_CONNECTION_INFO, &info)))
m_module.log_event(&EAPMETHOD_TLS_HANDSHAKE_FINISHED,
event_data((unsigned int)eap_type_ttls),
event_data((unsigned int)eap_type_t::ttls),
event_data(auth.sAuthorityName),
event_data(info.dwProtocol),
event_data(info.aiCipher),
@ -632,8 +632,8 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
else
m_module.log_event(&EAPMETHOD_TLS_QUERY_FAILED, event_data((unsigned int)SECPKG_ATTR_CONNECTION_INFO), event_data(status), event_data::blank);
m_phase = phase_finished;
m_cfg.m_last_status = config_method::status_success;
m_phase = phase_t::finished;
m_cfg.m_last_status = config_method::status_t::success;
method_mschapv2_diameter *inner_mschapv2 = dynamic_cast<method_mschapv2_diameter*>(m_inner.get());
if (inner_mschapv2) {
@ -712,7 +712,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
throw sec_runtime_error(status, __FUNCTION__ " Unexpected Schannel result.");
}
case phase_finished: {
case phase_t::finished: {
m_packet_res.clear();
m_sc_queue.insert(m_sc_queue.end(), reinterpret_cast<const unsigned char*>(pReceivedPacket), reinterpret_cast<const unsigned char*>(pReceivedPacket) + dwReceivedPacketSize);
@ -867,7 +867,7 @@ void eap::method_ttls::get_result(
m_eap_attr_desc.pAttribs = m_eap_attr.data();
pResult->pAttribArray = &m_eap_attr_desc;
m_cfg.m_last_status = config_method::status_success;
m_cfg.m_last_status = config_method::status_t::success;
// Spawn certificate revocation verify thread.
dynamic_cast<peer_ttls&>(m_module).spawn_crl_check(std::move(m_sc_cert));
@ -889,7 +889,7 @@ void eap::method_ttls::verify_server_trust() const
memcmp(m_sc_cert->pbCertEncoded, (*c)->pbCertEncoded, m_sc_cert->cbCertEncoded) == 0)
{
// Server certificate found directly on the trusted root CA list.
m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED_EX1, event_data((unsigned int)eap_type_ttls), event_data::blank);
m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED_EX1, event_data((unsigned int)eap_type_t::ttls), event_data::blank);
return;
}
}
@ -938,7 +938,7 @@ void eap::method_ttls::verify_server_trust() const
if (san_info->rgAltEntry[idx_entry].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME &&
_wcsicmp(s->c_str(), san_info->rgAltEntry[idx_entry].pwszDNSName) == 0)
{
m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)eap_type_ttls), event_data(san_info->rgAltEntry[idx_entry].pwszDNSName), event_data::blank);
m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)eap_type_t::ttls), event_data(san_info->rgAltEntry[idx_entry].pwszDNSName), event_data::blank);
found = true;
}
}
@ -953,7 +953,7 @@ void eap::method_ttls::verify_server_trust() const
for (auto s = m_cfg.m_server_names.cbegin(), s_end = m_cfg.m_server_names.cend(); !found && s != s_end; ++s) {
if (_wcsicmp(s->c_str(), subj.c_str()) == 0) {
m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data::blank);
m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)eap_type_t::ttls), event_data(subj), event_data::blank);
found = true;
}
}
@ -1043,7 +1043,7 @@ void eap::method_ttls::verify_server_trust() const
}
}
m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED1, event_data((unsigned int)eap_type_ttls), event_data::blank);
m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED1, event_data((unsigned int)eap_type_t::ttls), event_data::blank);
}
#endif

48
lib/TTLS/src/Module.cpp
View File

@ -30,7 +30,7 @@ using namespace winstd;
// eap::peer_ttls
//////////////////////////////////////////////////////////////////////
eap::peer_ttls::peer_ttls() : peer(eap_type_ttls)
eap::peer_ttls::peer_ttls() : peer(eap_type_t::ttls)
{
}
@ -126,7 +126,7 @@ void eap::peer_ttls::get_identity(
// Build our identity. ;)
wstring identity(std::move(cfg_method->get_public_identity(*dynamic_cast<const credentials_ttls*>(cred_out.m_cred.get()))));
log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_ttls), event_data(identity), event_data::blank);
log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_t::ttls), event_data(identity), event_data::blank);
size_t size = sizeof(WCHAR)*(identity.length() + 1);
*ppwszIdentity = (WCHAR*)alloc_memory(size);
memcpy(*ppwszIdentity, identity.c_str(), size);
@ -255,16 +255,16 @@ EAP_SESSION_HANDLE eap::peer_ttls::begin_session(
{
// Native inner methods
switch (cfg_inner->get_method_id()) {
case eap_type_legacy_pap : meth_inner.reset(new method_pap_diameter (*this, dynamic_cast<config_method_pap &>(*cfg_inner), dynamic_cast<credentials_pass&>(*cred_inner))); break;
case eap_type_legacy_mschapv2: meth_inner.reset(new method_mschapv2_diameter(*this, dynamic_cast<config_method_mschapv2&>(*cfg_inner), dynamic_cast<credentials_pass&>(*cred_inner))); break;
case eap_type_mschapv2 : meth_inner.reset(
new method_eapmsg (*this, cred_inner->get_identity().c_str(),
new method_eap (*this, eap_type_mschapv2,
new method_mschapv2(*this, dynamic_cast<config_method_mschapv2&>(*cfg_inner), dynamic_cast<credentials_pass&>(*cred_inner))))); break;
case eap_type_gtc : meth_inner.reset(
new method_eapmsg (*this, cred_inner->get_identity().c_str(),
new method_eap (*this, eap_type_gtc,
new method_gtc (*this, dynamic_cast<config_method_eapgtc&>(*cfg_inner), dynamic_cast<credentials&>(*cred_inner))))); break;
case eap_type_t::legacy_pap : meth_inner.reset(new method_pap_diameter (*this, dynamic_cast<config_method_pap &>(*cfg_inner), dynamic_cast<credentials_pass&>(*cred_inner))); break;
case eap_type_t::legacy_mschapv2: meth_inner.reset(new method_mschapv2_diameter(*this, dynamic_cast<config_method_mschapv2&>(*cfg_inner), dynamic_cast<credentials_pass&>(*cred_inner))); break;
case eap_type_t::mschapv2 : meth_inner.reset(
new method_eapmsg (*this, cred_inner->get_identity().c_str(),
new method_eap (*this, eap_type_t::mschapv2,
new method_mschapv2(*this, dynamic_cast<config_method_mschapv2&>(*cfg_inner), dynamic_cast<credentials_pass&>(*cred_inner))))); break;
case eap_type_t::gtc : meth_inner.reset(
new method_eapmsg (*this, cred_inner->get_identity().c_str(),
new method_eap (*this, eap_type_t::gtc,
new method_gtc (*this, dynamic_cast<config_method_eapgtc&>(*cfg_inner), dynamic_cast<credentials&>(*cred_inner))))); break;
default: throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method.");
}
}
@ -277,7 +277,7 @@ EAP_SESSION_HANDLE eap::peer_ttls::begin_session(
}
#endif
s->m_method.reset(
new method_eap (*this, eap_type_ttls,
new method_eap (*this, eap_type_t::ttls,
new method_defrag(*this,
new method_ttls (*this, *cfg_method, *dynamic_cast<credentials_ttls*>(s->m_cred.m_cred.get()), meth_inner.release()))));
@ -476,8 +476,8 @@ _Success_(return != 0) const eap::config_method_ttls* eap::peer_ttls::combine_cr
#endif
*cfg_method,
cfg_method->m_allow_save ? _target_name : NULL);
if (src_outer == eap::credentials::source_unknown) {
log_event(&EAPMETHOD_TRACE_EVT_CRED_UNKNOWN3, event_data(target_name), event_data((unsigned int)eap_type_tls), event_data::blank);
if (src_outer == eap::credentials::source_t::unknown) {
log_event(&EAPMETHOD_TRACE_EVT_CRED_UNKNOWN3, event_data(target_name), event_data((unsigned int)eap_type_t::tls), event_data::blank);
continue;
}
@ -492,7 +492,7 @@ _Success_(return != 0) const eap::config_method_ttls* eap::peer_ttls::combine_cr
#endif
*cfg_method->m_inner,
cfg_method->m_inner->m_allow_save ? _target_name : NULL);
if (src_inner == eap::credentials::source_unknown) {
if (src_inner == eap::credentials::source_t::unknown) {
log_event(&EAPMETHOD_TRACE_EVT_CRED_UNKNOWN3, event_data(target_name), event_data((unsigned int)cfg_method->m_inner->get_method_id()), event_data::blank);
continue;
}
@ -500,13 +500,13 @@ _Success_(return != 0) const eap::config_method_ttls* eap::peer_ttls::combine_cr
// If we got here, we have all credentials we need. But, wait!
if ((dwFlags & EAP_FLAG_MACHINE_AUTH) == 0) {
if (config_method::status_cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < config_method::status_cred_end) {
if (config_method::status_t::cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < config_method::status_t::cred_end) {
// Outer: Credentials failed on last connection attempt.
log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM2, event_data(target_name), event_data((unsigned int)eap_type_tls), event_data((unsigned int)cfg_method->m_last_status), event_data::blank);
log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM2, event_data(target_name), event_data((unsigned int)eap_type_t::tls), event_data((unsigned int)cfg_method->m_last_status), event_data::blank);
continue;
}
if (config_method::status_cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < config_method::status_cred_end) {
if (config_method::status_t::cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < config_method::status_t::cred_end) {
// Inner: Credentials failed on last connection attempt.
log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM2, event_data(target_name), event_data((unsigned int)cfg_method->m_inner->get_method_id()), event_data((unsigned int)cfg_method->m_inner->m_last_status), event_data::blank);
continue;
@ -637,7 +637,7 @@ DWORD WINAPI eap::peer_ttls::crl_checker::verify(_In_ crl_checker *obj)
// This "error" is expected for the root CA certificate.
} else {
// This really was an error, as it appeared before the root CA cerficate in the chain.
obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_SKIPPED, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data::blank);
obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_SKIPPED, event_data((unsigned int)eap_type_t::ttls), event_data(subj), event_data::blank);
}
break;
@ -649,12 +649,12 @@ DWORD WINAPI eap::peer_ttls::crl_checker::verify(_In_ crl_checker *obj)
case CRL_REASON_CESSATION_OF_OPERATION:
case CRL_REASON_CERTIFICATE_HOLD:
// The revocation was of administrative nature. No need to black-list.
obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKED1, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data(status_rev.dwReason), event_data::blank);
obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKED1, event_data((unsigned int)eap_type_t::ttls), event_data(subj), event_data(status_rev.dwReason), event_data::blank);
break;
default: {
// One of the certificates in the chain was revoked as compromised. Black-list it.
obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKED, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data(status_rev.dwReason), event_data::blank);
obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKED, event_data((unsigned int)eap_type_t::ttls), event_data(subj), event_data(status_rev.dwReason), event_data::blank);
reg_key key;
if (key.create(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\") _T(VENDOR_NAME_STR) _T("\\") _T(PRODUCT_NAME_STR) _T("\\TLSCRL"), NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE)) {
vector<unsigned char> hash;
@ -678,7 +678,7 @@ DWORD WINAPI eap::peer_ttls::crl_checker::verify(_In_ crl_checker *obj)
default:
// Checking one of the certificates in the chain for revocation failed. Resume checking the rest.
obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_FAILED, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data(status_rev.dwError), event_data::blank);
obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_FAILED, event_data((unsigned int)eap_type_t::ttls), event_data(subj), event_data(status_rev.dwError), event_data::blank);
c += (size_t)status_rev.dwIndex + 1;
}
} else {
@ -688,6 +688,6 @@ DWORD WINAPI eap::peer_ttls::crl_checker::verify(_In_ crl_checker *obj)
}
// Revocation check succeeded.
obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_FINISHED, event_data((unsigned int)eap_type_ttls), event_data::blank);
obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_FINISHED, event_data((unsigned int)eap_type_t::ttls), event_data::blank);
return 0;
}

28
lib/TTLS_UI/src/Module.cpp
View File

@ -54,7 +54,7 @@ protected:
// eap::peer_ttls_ui
//////////////////////////////////////////////////////////////////////
eap::peer_ttls_ui::peer_ttls_ui() : peer_ui(eap_type_ttls)
eap::peer_ttls_ui::peer_ttls_ui() : peer_ui(eap_type_t::ttls)
{
}
@ -244,16 +244,16 @@ void eap::peer_ttls_ui::invoke_identity_ui(
#endif
*cfg_method,
cfg_method->m_allow_save ? target_name.c_str() : NULL);
if (src_outer == eap::credentials::source_unknown ||
src_outer != eap::credentials::source_config && eap::config_method::status_cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < eap::config_method::status_cred_end)
if (src_outer == eap::credentials::source_t::unknown ||
src_outer != eap::credentials::source_t::config && eap::config_method::status_t::cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < eap::config_method::status_t::cred_end)
{
// Build dialog to prompt for outer credentials.
wxEAPCredentialsDialog dlg(*cfg_prov, init.m_parent);
ui_canceller lock(dlg.GetHWND());
if (eap::config_method::status_cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < eap::config_method::status_cred_end)
if (eap::config_method::status_t::cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < eap::config_method::status_t::cred_end)
dlg.AddContent(new wxEAPCredentialWarningPanel(*cfg_prov, cfg_method->m_last_status, &dlg));
auto panel = new wxTLSCredentialsPanel(*cfg_prov, *cfg_method, *cred, &dlg, false);
panel->SetRemember(src_outer == eap::credentials::source_storage);
panel->SetRemember(src_outer == eap::credentials::source_t::storage);
dlg.AddContent(panel);
// Update dialog layout.
@ -292,8 +292,8 @@ void eap::peer_ttls_ui::invoke_identity_ui(
#endif
*cfg_method->m_inner,
cfg_method->m_inner->m_allow_save ? target_name.c_str() : NULL);
if (src_inner == eap::credentials::source_unknown ||
src_inner != eap::credentials::source_config && eap::config_method::status_cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < eap::config_method::status_cred_end)
if (src_inner == eap::credentials::source_t::unknown ||
src_inner != eap::credentials::source_t::config && eap::config_method::status_t::cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < eap::config_method::status_t::cred_end)
{
// Prompt for inner credentials.
#if EAP_INNER_EAPHOST
@ -304,14 +304,14 @@ void eap::peer_ttls_ui::invoke_identity_ui(
// Native inner methods. Build dialog to prompt for inner credentials.
wxEAPCredentialsDialog dlg(*cfg_prov, init.m_parent);
ui_canceller lock(dlg.GetHWND());
if (eap::config_method::status_cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < eap::config_method::status_cred_end)
if (eap::config_method::status_t::cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < eap::config_method::status_t::cred_end)
dlg.AddContent(new wxEAPCredentialWarningPanel(*cfg_prov, cfg_method->m_inner->m_last_status, &dlg));
wxEAPCredentialsPanelBase *panel = NULL;
switch (cfg_method->m_inner->get_method_id()) {
case eap_type_legacy_pap : panel = new wxPAPCredentialsPanel (*cfg_prov, *dynamic_cast<const eap::config_method_pap *>(cfg_method->m_inner.get()), *dynamic_cast<eap::credentials_pass *>(cred->m_inner.get()), &dlg, false); break;
case eap_type_legacy_mschapv2: panel = new wxMSCHAPv2CredentialsPanel(*cfg_prov, *dynamic_cast<const eap::config_method_mschapv2 *>(cfg_method->m_inner.get()), *dynamic_cast<eap::credentials_pass *>(cred->m_inner.get()), &dlg, false); break;
case eap_type_mschapv2 : panel = new wxMSCHAPv2CredentialsPanel(*cfg_prov, *dynamic_cast<const eap::config_method_eapmschapv2*>(cfg_method->m_inner.get()), *dynamic_cast<eap::credentials_pass *>(cred->m_inner.get()), &dlg, false); break;
case eap_type_gtc : {
case eap_type_t::legacy_pap : panel = new wxPAPCredentialsPanel (*cfg_prov, *dynamic_cast<const eap::config_method_pap *>(cfg_method->m_inner.get()), *dynamic_cast<eap::credentials_pass *>(cred->m_inner.get()), &dlg, false); break;
case eap_type_t::legacy_mschapv2: panel = new wxMSCHAPv2CredentialsPanel(*cfg_prov, *dynamic_cast<const eap::config_method_mschapv2 *>(cfg_method->m_inner.get()), *dynamic_cast<eap::credentials_pass *>(cred->m_inner.get()), &dlg, false); break;
case eap_type_t::mschapv2 : panel = new wxMSCHAPv2CredentialsPanel(*cfg_prov, *dynamic_cast<const eap::config_method_eapmschapv2*>(cfg_method->m_inner.get()), *dynamic_cast<eap::credentials_pass *>(cred->m_inner.get()), &dlg, false); break;
case eap_type_t::gtc : {
// EAP-GTC credential prompt differes for "Challenge/Response" and "Password" authentication modes.
eap::credentials_identity *cred_resp;
eap::credentials_pass *cred_pass;
@ -327,7 +327,7 @@ void eap::peer_ttls_ui::invoke_identity_ui(
}
if (!panel)
throw invalid_argument("Invalid authentication mode");
panel->SetRemember(src_inner == eap::credentials::source_storage);
panel->SetRemember(src_inner == eap::credentials::source_t::storage);
dlg.AddContent(panel);
// Update dialog layout.
@ -397,7 +397,7 @@ void eap::peer_ttls_ui::invoke_identity_ui(
// Build our identity. ;)
wstring identity(std::move(cfg_method->get_public_identity(*dynamic_cast<const credentials_ttls*>(cred_out.m_cred.get()))));
log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_ttls), event_data(identity), event_data::blank);
log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_t::ttls), event_data(identity), event_data::blank);
size_t size = sizeof(WCHAR)*(identity.length() + 1);
*ppwszIdentity = (WCHAR*)alloc_memory(size);
memcpy(*ppwszIdentity, identity.c_str(), size);

8
lib/TTLS_UI/src/TTLS_UI.cpp
View File

@ -186,22 +186,22 @@ bool wxTTLSConfigWindow::TransferDataToWindow()
{
// Native inner methods
switch (cfg_ttls.m_inner->get_method_id()) {
case winstd::eap_type_legacy_pap:
case winstd::eap_type_t::legacy_pap:
m_cfg_pap = dynamic_cast<eap::config_method_pap&>(*cfg_ttls.m_inner);
m_inner_type->SetSelection(0); // 0=PAP
break;
case winstd::eap_type_legacy_mschapv2:
case winstd::eap_type_t::legacy_mschapv2:
m_cfg_mschapv2 = dynamic_cast<eap::config_method_mschapv2&>(*cfg_ttls.m_inner);
m_inner_type->SetSelection(1); // 1=MSCHAPv2
break;
case winstd::eap_type_mschapv2:
case winstd::eap_type_t::mschapv2:
m_cfg_eapmschapv2 = dynamic_cast<eap::config_method_eapmschapv2&>(*cfg_ttls.m_inner);
m_inner_type->SetSelection(2); // 2=EAP-MSCHAPv2
break;
case winstd::eap_type_gtc:
case winstd::eap_type_t::gtc:
m_cfg_eapgtc = dynamic_cast<eap::config_method_eapgtc&>(*cfg_ttls.m_inner);
m_inner_type->SetSelection(3); // 3=EAP-GTC
break;