From 5a7827e85eb1e9455701ef704bfcdec0ee86548c Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Sat, 4 Jan 2020 12:17:16 +0100 Subject: [PATCH] Make enums scoped Signed-off-by: Simon Rozman --- include/Common.props | 1 + lib/EAPBase/include/Config.h | 24 ++++++------ lib/EAPBase/include/Credentials.h | 40 +++++++++---------- lib/EAPBase/include/Module.h | 2 +- lib/EAPBase/src/Config.cpp | 4 +- lib/EAPBase/src/Credentials.cpp | 26 ++++++------- lib/EAPBase/src/Method.cpp | 8 ++-- lib/EAPBase_UI/src/EAP_UI.cpp | 8 ++-- lib/EapHost/include/Credentials.h | 6 +-- lib/EapHost/src/Credentials.cpp | 18 ++++----- lib/EapHost/src/Method.cpp | 4 +- lib/GTC/include/Config.h | 8 ++-- lib/GTC/src/Config.cpp | 16 ++++---- lib/GTC/src/Method.cpp | 14 +++---- lib/MSCHAPv2/include/Config.h | 4 +- lib/MSCHAPv2/include/MSCHAPv2.h | 15 ++++---- lib/MSCHAPv2/include/Method.h | 12 +++--- lib/MSCHAPv2/src/Config.cpp | 4 +- lib/MSCHAPv2/src/Method.cpp | 64 +++++++++++++++---------------- lib/PAP/include/Config.h | 2 +- lib/PAP/include/Method.h | 8 ++-- lib/PAP/src/Config.cpp | 2 +- lib/PAP/src/Method.cpp | 18 ++++----- lib/TLS/include/Config.h | 2 +- lib/TLS/include/Credentials.h | 6 +-- lib/TLS/src/Config.cpp | 2 +- lib/TLS/src/Credentials.cpp | 14 +++---- lib/TTLS/include/Config.h | 2 +- lib/TTLS/include/Credentials.h | 6 +-- lib/TTLS/include/Method.h | 18 ++++----- lib/TTLS/src/Config.cpp | 18 ++++----- lib/TTLS/src/Method.cpp | 48 +++++++++++------------ lib/TTLS/src/Module.cpp | 48 +++++++++++------------ lib/TTLS_UI/src/Module.cpp | 28 +++++++------- lib/TTLS_UI/src/TTLS_UI.cpp | 8 ++-- 35 files changed, 254 insertions(+), 254 deletions(-) diff --git a/include/Common.props b/include/Common.props index dea651b..1998c41 100644 --- a/include/Common.props +++ b/include/Common.props @@ -42,6 +42,7 @@ ProgramDatabase true true + 26812 true diff --git a/lib/EAPBase/include/Config.h b/lib/EAPBase/include/Config.h index afaa4b6..e5b2e17 100644 --- a/lib/EAPBase/include/Config.h +++ b/lib/EAPBase/include/Config.h @@ -150,20 +150,20 @@ namespace eap /// /// Authentication attempt status /// - enum status_t { - status_success = 0, ///< Authentication succeeded - status_auth_failed, ///< Authentication failed - status_cred_invalid, ///< Invalid credentials - status_cred_expired, ///< Credentials expired - status_cred_changing, ///< Credentials are being changed - status_account_disabled, ///< Account is disabled - status_account_logon_hours, ///< Restricted account logon hours - status_account_denied, ///< Account access is denied - status_server_compromised, ///< Authentication server might have been compromised (CRL) + enum class status_t { + success = 0, ///< Authentication succeeded + auth_failed, ///< Authentication failed + cred_invalid, ///< Invalid credentials + cred_expired, ///< Credentials expired + cred_changing, ///< Credentials are being changed + account_disabled, ///< Account is disabled + account_logon_hours, ///< Restricted account logon hours + account_denied, ///< Account access is denied + server_compromised, ///< Authentication server might have been compromised (CRL) // Meta statuses - status_cred_begin = status_cred_invalid, ///< First credential related problem - status_cred_end = status_cred_changing + 1, ///< First problem, that is not credential related any more + cred_begin = cred_invalid, ///< First credential related problem + cred_end = cred_changing + 1, ///< First problem, that is not credential related any more }; public: diff --git a/lib/EAPBase/include/Credentials.h b/lib/EAPBase/include/Credentials.h index 0dddcf1..a30f4b2 100644 --- a/lib/EAPBase/include/Credentials.h +++ b/lib/EAPBase/include/Credentials.h @@ -57,12 +57,12 @@ namespace eap /// /// Credential source when combined /// - enum source_t { - source_unknown = -1, ///< Unknown source - source_cache = 0, ///< Credentials were obtained from EapHost cache - source_config, ///< Credentials were set by method configuration - source_storage, ///< Credentials were loaded from Windows Credential Manager - source_lower, ///< Credentials were set by lower EAP method + enum class source_t { + unknown = -1, ///< Unknown source + cache = 0, ///< Credentials were obtained from EapHost cache + config, ///< Credentials were set by method configuration + storage, ///< Credentials were loaded from Windows Credential Manager + lower, ///< Credentials were set by lower EAP method }; @@ -210,9 +210,9 @@ namespace eap /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL) /// /// \returns - /// - \c source_cache Credentials were obtained from EapHost cache - /// - \c source_config Credentials were set by method configuration - /// - \c source_storage Credentials were loaded from Windows Credential Manager + /// - \c source_t::cache Credentials were obtained from EapHost cache + /// - \c source_t::config Credentials were set by method configuration + /// - \c source_t::storage Credentials were loaded from Windows Credential Manager /// virtual source_t combine( _In_ DWORD dwFlags, @@ -305,9 +305,9 @@ namespace eap /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL) /// /// \returns - /// - \c source_cache Credentials were obtained from EapHost cache - /// - \c source_config Credentials were set by method configuration - /// - \c source_storage Credentials were loaded from Windows Credential Manager + /// - \c source_t::cache Credentials were obtained from EapHost cache + /// - \c source_t::config Credentials were set by method configuration + /// - \c source_t::storage Credentials were loaded from Windows Credential Manager /// virtual source_t combine( _In_ DWORD dwFlags, @@ -327,11 +327,11 @@ namespace eap /// /// Password encryption method when loaded/saved to profile configuration XML /// - enum enc_alg_t { - enc_alg_unknown = -1, ///< Unknown encryption - enc_alg_none = 0, ///< Unencrypted - enc_alg_geantlink, ///< GÉANTLink module encryption - enc_alg_kph, ///< KPH encryption + enum class enc_alg_t { + unknown = -1, ///< Unknown encryption + none = 0, ///< Unencrypted + native, ///< native module encryption + kph, ///< KPH encryption }; public: @@ -417,9 +417,9 @@ namespace eap /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL) /// /// \returns - /// - \c source_cache Credentials were obtained from EapHost cache - /// - \c source_config Credentials were set by method configuration - /// - \c source_storage Credentials were loaded from Windows Credential Manager + /// - \c source_t::cache Credentials were obtained from EapHost cache + /// - \c source_t::config Credentials were set by method configuration + /// - \c source_t::storage Credentials were loaded from Windows Credential Manager /// virtual source_t combine( _In_ DWORD dwFlags, diff --git a/lib/EAPBase/include/Module.h b/lib/EAPBase/include/Module.h index 5afdb37..1e0a066 100644 --- a/lib/EAPBase/include/Module.h +++ b/lib/EAPBase/include/Module.h @@ -65,7 +65,7 @@ namespace eap /// /// \param[in] eap_method EAP method type ID /// - module(_In_ winstd::eap_type_t eap_method = winstd::eap_type_undefined); + module(_In_ winstd::eap_type_t eap_method = winstd::eap_type_t::undefined); /// /// Destructs the module diff --git a/lib/EAPBase/src/Config.cpp b/lib/EAPBase/src/Config.cpp index 876b4c2..bbc73de 100644 --- a/lib/EAPBase/src/Config.cpp +++ b/lib/EAPBase/src/Config.cpp @@ -87,7 +87,7 @@ const bstr eap::config::namespace_eapmetadata(L"urn:ietf:params:xml:ns:yang:ietf eap::config_method::config_method(_In_ module &mod, _In_ unsigned int level) : m_level (level), m_allow_save (true), - m_last_status(status_success), + m_last_status(status_t::success), config (mod) { } @@ -179,7 +179,7 @@ void eap::config_method::load(_In_ IXMLDOMNode *pConfigRoot) m_module.log_config((xpath + L"/allow-save").c_str(), m_allow_save); } - m_last_status = status_success; + m_last_status = status_t::success; m_last_msg.clear(); } diff --git a/lib/EAPBase/src/Credentials.cpp b/lib/EAPBase/src/Credentials.cpp index e1bccee..9f8dfa5 100644 --- a/lib/EAPBase/src/Credentials.cpp +++ b/lib/EAPBase/src/Credentials.cpp @@ -308,7 +308,7 @@ eap::credentials::source_t eap::credentials_identity::combine( // Using EAP service cached credentials. *this = *dynamic_cast(cred_cached); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_identity::get_name()), event_data(pszTargetName), event_data::blank); - return source_cache; + return source_t::cache; } auto cfg_with_cred = dynamic_cast(&cfg); @@ -316,7 +316,7 @@ eap::credentials::source_t eap::credentials_identity::combine( // Using configured credentials. *this = *dynamic_cast(cfg_with_cred->m_cred.get()); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_identity::get_name()), event_data(pszTargetName), event_data::blank); - return source_config; + return source_t::config; } if (pszTargetName) { @@ -330,13 +330,13 @@ eap::credentials::source_t eap::credentials_identity::combine( // Using stored credentials. *this = std::move(cred_loaded); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_identity::get_name()), event_data(pszTargetName), event_data::blank); - return source_storage; + return source_t::storage; } catch (...) { // Not actually an error. } } - return source_unknown; + return source_t::unknown; } @@ -345,7 +345,7 @@ eap::credentials::source_t eap::credentials_identity::combine( ////////////////////////////////////////////////////////////////////// eap::credentials_pass::credentials_pass(_In_ module &mod) : - m_enc_alg(enc_alg_geantlink), + m_enc_alg(enc_alg_t::native), credentials(mod) { } @@ -426,7 +426,7 @@ void eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p // switch (m_enc_alg) { - case enc_alg_kph: { + case enc_alg_t::kph: { sanitizing_string password_utf8; WideCharToMultiByte(CP_UTF8, 0, m_password, password_utf8, NULL, NULL); wstring password_enc(std::move(kph_encrypt, allocator >(cp, password_utf8.c_str()))); @@ -481,18 +481,18 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot) throw win_runtime_error(__FUNCTION__ " CryptAcquireContext failed."); m_password = m_module.decrypt_str_md5, sanitizing_allocator >(cp, password_enc.data(), password_enc.size()); - m_enc_alg = enc_alg_geantlink; + m_enc_alg = enc_alg_t::native; } else if (encryption && CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, encryption, encryption.length(), _L("KPH"), -1, NULL, NULL, 0) == CSTR_EQUAL) { // Decrypt password. sanitizing_string password_utf8(std::move(kph_decrypt(password))); MultiByteToWideChar(CP_UTF8, 0, password_utf8, m_password); - m_enc_alg = enc_alg_kph; + m_enc_alg = enc_alg_t::kph; } else if (encryption && encryption[0]) { // Encryption is defined but unrecognized. throw invalid_argument(string_printf(__FUNCTION__ " Unsupported encryption method (encryption: %ls).", (BSTR)encryption)); } else { m_password = password; - m_enc_alg = enc_alg_none; + m_enc_alg = enc_alg_t::none; SecureZeroMemory((BSTR)password, sizeof(OLECHAR)*password.length()); } @@ -614,7 +614,7 @@ eap::credentials::source_t eap::credentials_pass::combine( // Using EAP service cached credentials. *this = *dynamic_cast(cred_cached); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data(pszTargetName), event_data::blank); - return source_cache; + return source_t::cache; } auto cfg_with_cred = dynamic_cast(&cfg); @@ -622,7 +622,7 @@ eap::credentials::source_t eap::credentials_pass::combine( // Using configured credentials. *this = *dynamic_cast(cfg_with_cred->m_cred.get()); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data(pszTargetName), event_data::blank); - return source_config; + return source_t::config; } if (pszTargetName) { @@ -636,13 +636,13 @@ eap::credentials::source_t eap::credentials_pass::combine( // Using stored credentials. *this = std::move(cred_loaded); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data(pszTargetName), event_data::blank); - return source_storage; + return source_t::storage; } catch (...) { // Not actually an error. } } - return source_unknown; + return source_t::unknown; } diff --git a/lib/EAPBase/src/Method.cpp b/lib/EAPBase/src/Method.cpp index 7f947b3..d86a2bc 100644 --- a/lib/EAPBase/src/Method.cpp +++ b/lib/EAPBase/src/Method.cpp @@ -299,7 +299,7 @@ EapPeerMethodResponseAction eap::method_eap::process_request_packet( // Save request packet ID to make matching response packet in get_response_packet() later. m_id = hdr->Id; - if (hdr->Data[0] != m_eap_method) { + if ((eap_type_t)hdr->Data[0] != m_eap_method) { // Unsupported EAP method. Respond with Legacy Nak. m_send_nak = true; return EapPeerMethodResponseActionSend; @@ -324,7 +324,7 @@ void eap::method_eap::get_response_packet( hdr.Id = m_id; if (!m_send_nak) { - hdr.Data[0] = m_eap_method; + hdr.Data[0] = (BYTE)m_eap_method; packet.reserve(size_max); // To avoid reallocation when inserting EAP packet header later. @@ -332,7 +332,7 @@ void eap::method_eap::get_response_packet( method_tunnel::get_response_packet(packet, size_max - sizeof(EapPacket)); } else { // Respond with Legacy Nak suggesting our EAP method to continue. - hdr.Data[0] = eap_type_nak; + hdr.Data[0] = (BYTE)eap_type_t::nak; // Check packet size. We will suggest one EAP method alone, so we need one byte for data. size_t size_packet = sizeof(EapPacket) + 1; @@ -341,7 +341,7 @@ void eap::method_eap::get_response_packet( packet.reserve(size_packet); // To avoid reallocation when inserting EAP packet header later. // Data of Legacy Nak packet is a list of supported EAP types: our method alone. - packet.assign(1, m_eap_method); + packet.assign(1, (unsigned char)m_eap_method); } size_t size_packet = packet.size() + sizeof(EapPacket); diff --git a/lib/EAPBase_UI/src/EAP_UI.cpp b/lib/EAPBase_UI/src/EAP_UI.cpp index 87d8632..97ae9a7 100644 --- a/lib/EAPBase_UI/src/EAP_UI.cpp +++ b/lib/EAPBase_UI/src/EAP_UI.cpp @@ -222,10 +222,10 @@ wxEAPCredentialWarningPanel::wxEAPCredentialWarningPanel(const eap::config_provi m_note_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(161))); m_note_label->SetLabel(( - status == eap::config_method::status_cred_invalid ? _("Previous attempt to connect reported invalid credentials.") : - status == eap::config_method::status_cred_expired ? _("Previous attempt to connect reported your credentials expired.") : - status == eap::config_method::status_cred_changing ? _("Previous attempt to connect reported your credentials are being changed.") : - _("Previous attempt to connect failed.")) + " " + + status == eap::config_method::status_t::cred_invalid ? _("Previous attempt to connect reported invalid credentials.") : + status == eap::config_method::status_t::cred_expired ? _("Previous attempt to connect reported your credentials expired.") : + status == eap::config_method::status_t::cred_changing ? _("Previous attempt to connect reported your credentials are being changed.") : + _("Previous attempt to connect failed.")) + " " + _("Please, make sure your credentials are correct, or try again later.")); m_note_label->Wrap(FromDIP(449)); diff --git a/lib/EapHost/include/Credentials.h b/lib/EapHost/include/Credentials.h index bacf58d..15bcda3 100644 --- a/lib/EapHost/include/Credentials.h +++ b/lib/EapHost/include/Credentials.h @@ -130,9 +130,9 @@ namespace eap /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL) /// /// \returns - /// - \c source_cache Credentials were obtained from EapHost cache - /// - \c source_config Credentials were set by method configuration - /// - \c source_storage Credentials were loaded from Windows Credential Manager + /// - \c source_t::cache Credentials were obtained from EapHost cache + /// - \c source_t::config Credentials were set by method configuration + /// - \c source_t::storage Credentials were loaded from Windows Credential Manager /// virtual source_t combine( _In_ DWORD dwFlags, diff --git a/lib/EapHost/src/Credentials.cpp b/lib/EapHost/src/Credentials.cpp index 633aa49..25eb754 100644 --- a/lib/EapHost/src/Credentials.cpp +++ b/lib/EapHost/src/Credentials.cpp @@ -230,29 +230,29 @@ eap::credentials::source_t eap::credentials_eaphost::combine( // To mimic that behaviour, we do the same: // 1. Retrieve credentials from cache, store, or configuration // 2. Call EapHostPeerGetIdentity() - source_t src = source_unknown; + source_t src = source_t::unknown; if (cred_cached) { // Using EAP service cached credentials. *this = *dynamic_cast(cred_cached); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank); - src = source_cache; + src = source_t::cache; } // Note: Currently we do not provide credential storage for EapHost methods within configuration. // EapHost credentials will never get loaded from configuration, since config_method_eaphost is config_method based, not config_method_with_cred. // The code is kept (and maintained) for consistency with another methods, if we choose to provide that feature at a later time. - if (src == source_unknown) { + if (src == source_t::unknown) { auto cfg_with_cred = dynamic_cast(&cfg); if (cfg_with_cred && cfg_with_cred->m_use_cred) { // Using configured credentials. *this = *dynamic_cast(cfg_with_cred->m_cred.get()); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_eaphost::get_name()), event_data(pszTargetName), event_data::blank); - src = source_config; + src = source_t::config; } } - if (src == source_unknown && pszTargetName) { + if (src == source_t::unknown && pszTargetName) { // Switch user context. user_impersonator impersonating(hTokenImpersonateUser); @@ -263,7 +263,7 @@ eap::credentials::source_t eap::credentials_eaphost::combine( // Using stored credentials. *this = std::move(cred_loaded); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank); - src = source_storage; + src = source_t::storage; } catch (...) { // Not actually an error. } @@ -280,7 +280,7 @@ eap::credentials::source_t eap::credentials_eaphost::combine( dwFlags, cfg_eaphost->get_type(), (DWORD)cfg_eaphost->m_cfg_blob.size(), cfg_eaphost->m_cfg_blob.data(), - src != source_unknown ? (DWORD)m_cred_blob.size() : 0, src != source_unknown ? m_cred_blob.data() : NULL, + src != source_t::unknown ? (DWORD)m_cred_blob.size() : 0, src != source_t::unknown ? m_cred_blob.data() : NULL, hTokenImpersonateUser, &fInvokeUI, &cred_data_size, get_ptr(cred_data), @@ -295,7 +295,7 @@ eap::credentials::source_t eap::credentials_eaphost::combine( m_cred_blob.assign(_cred_data, _cred_data + cred_data_size); SecureZeroMemory(_cred_data, cred_data_size); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_EAPHOST, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank); - return source_lower; + return source_t::lower; } else SecureZeroMemory(cred_data.get(), cred_data_size); } else if (error) { @@ -306,7 +306,7 @@ eap::credentials::source_t eap::credentials_eaphost::combine( m_module.log_event(&EAPMETHOD_TRACE_EVT_WIN_ERROR, event_data((unsigned int)dwResult), event_data(__FUNCTION__ " EapHostPeerGetIdentity failed."), event_data::blank); } - return source_unknown; + return source_t::unknown; } diff --git a/lib/EapHost/src/Method.cpp b/lib/EapHost/src/Method.cpp index 27f221f..d4a4f50 100644 --- a/lib/EapHost/src/Method.cpp +++ b/lib/EapHost/src/Method.cpp @@ -69,7 +69,7 @@ void eap::method_eaphost::begin_session( // Presume authentication will fail with generic protocol failure. (Pesimist!!!) // We will reset once we get get_result(Success) call. - m_cfg.m_last_status = config_method::status_auth_failed; + m_cfg.m_last_status = config_method::status_t::auth_failed; m_cfg.m_last_msg.clear(); // Create EapHost peer session using available connection data (m_cfg) and user data (m_cred). @@ -197,7 +197,7 @@ void eap::method_eaphost::get_result( } if (reason == EapPeerMethodResultSuccess) - m_cfg.m_last_status = config_method::status_success; + m_cfg.m_last_status = config_method::status_t::success; // Always ask EAP host to save the connection data. And it will save it *only* when we report "success". // Don't worry. EapHost is well aware of failed authentication condition. diff --git a/lib/GTC/include/Config.h b/lib/GTC/include/Config.h index 2a2463c..206cd52 100644 --- a/lib/GTC/include/Config.h +++ b/lib/GTC/include/Config.h @@ -48,9 +48,9 @@ namespace eap /// /// Authentication mode /// - enum auth_mode_t { - auth_mode_response = 0, ///< Challenge/Response - auth_mode_password, ///< Password + enum class auth_mode_t { + response = 0, ///< Challenge/Response + password, ///< Password }; public: @@ -111,7 +111,7 @@ namespace eap /// /// @copydoc eap::config_method::get_method_id() - /// \returns This implementation always returns `winstd::eap_type_gtc` + /// \returns This implementation always returns `winstd::eap_type_t::gtc` /// virtual winstd::eap_type_t get_method_id() const; diff --git a/lib/GTC/src/Config.cpp b/lib/GTC/src/Config.cpp index 1012dac..b79d0e4 100644 --- a/lib/GTC/src/Config.cpp +++ b/lib/GTC/src/Config.cpp @@ -119,9 +119,9 @@ void eap::config_method_eapgtc::operator<<(_Inout_ cursor_out &cursor) const { // Save authentication mode first, as credential loading will require this information. if (dynamic_cast(m_cred.get())) - cursor << auth_mode_response; + cursor << auth_mode_t::response; else if (dynamic_cast(m_cred.get())) - cursor << auth_mode_password; + cursor << auth_mode_t::password; else throw invalid_argument(__FUNCTION__ " Unsupported authentication mode."); @@ -133,9 +133,9 @@ size_t eap::config_method_eapgtc::get_pk_size() const { auth_mode_t auth_mode; if (dynamic_cast(m_cred.get())) - auth_mode = auth_mode_response; + auth_mode = auth_mode_t::response; else if (dynamic_cast(m_cred.get())) - auth_mode = auth_mode_password; + auth_mode = auth_mode_t::password; else throw invalid_argument(__FUNCTION__ " Unsupported authentication mode."); @@ -151,9 +151,9 @@ void eap::config_method_eapgtc::operator>>(_Inout_ cursor_in &cursor) auth_mode_t auth_mode; cursor >> auth_mode; switch (auth_mode) { - case auth_mode_response: m_cred.reset(new eap::credentials_identity(m_module)); break; - case auth_mode_password: m_cred.reset(new eap::credentials_pass (m_module)); break; - default : throw invalid_argument(string_printf(__FUNCTION__ " Unsupported authentication mode (%u).", auth_mode)); + case auth_mode_t::response: m_cred.reset(new eap::credentials_identity(m_module)); break; + case auth_mode_t::password: m_cred.reset(new eap::credentials_pass (m_module)); break; + default : throw invalid_argument(string_printf(__FUNCTION__ " Unsupported authentication mode (%u).", auth_mode)); } config_method_with_cred::operator>>(cursor); @@ -162,7 +162,7 @@ void eap::config_method_eapgtc::operator>>(_Inout_ cursor_in &cursor) eap_type_t eap::config_method_eapgtc::get_method_id() const { - return eap_type_gtc; + return eap_type_t::gtc; } diff --git a/lib/GTC/src/Method.cpp b/lib/GTC/src/Method.cpp index c744a6e..91f92f9 100644 --- a/lib/GTC/src/Method.cpp +++ b/lib/GTC/src/Method.cpp @@ -70,7 +70,7 @@ void eap::method_gtc::begin_session( // Presume authentication will fail with generic protocol failure. (Pesimist!!!) // We will reset once we get get_result(Success) call. - m_cfg.m_last_status = config_method::status_auth_failed; + m_cfg.m_last_status = config_method::status_t::auth_failed; m_cfg.m_last_msg.clear(); } @@ -81,14 +81,14 @@ EapPeerMethodResponseAction eap::method_gtc::process_request_packet( { assert(pReceivedPacket || dwReceivedPacketSize == 0); - m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_gtc), event_data::blank); + m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_t::gtc), event_data::blank); credentials_pass *cred_pass; if (dynamic_cast(&m_cred)) { // Read authenticator challenge as UTF-8 encoded string. MultiByteToWideChar(CP_UTF8, 0, (LPCSTR)pReceivedPacket, dwReceivedPacketSize, m_challenge); - m_module.log_event(&EAPMETHOD_GTC_RESPONSE_REQ, event_data((unsigned int)eap_type_gtc), event_data::blank); + m_module.log_event(&EAPMETHOD_GTC_RESPONSE_REQ, event_data((unsigned int)eap_type_t::gtc), event_data::blank); // User must respond to the challenge. return EapPeerMethodResponseActionInvokeUI; @@ -97,7 +97,7 @@ EapPeerMethodResponseAction eap::method_gtc::process_request_packet( m_response = cred_pass->m_password; // Send the response. - m_cfg.m_last_status = config_method::status_cred_invalid; // Blame "credentials" if we fail beyond this point. + m_cfg.m_last_status = config_method::status_t::cred_invalid; // Blame "credentials" if we fail beyond this point. return EapPeerMethodResponseActionSend; } else throw invalid_argument(__FUNCTION__ " Unsupported authentication mode."); @@ -128,7 +128,7 @@ void eap::method_gtc::get_result( method::get_result(reason, pResult); if (reason == EapPeerMethodResultSuccess) - m_cfg.m_last_status = config_method::status_success; + m_cfg.m_last_status = config_method::status_t::success; // Always ask EAP host to save the connection data. And it will save it *only* when we report "success". // Don't worry. EapHost is well aware of failed authentication condition. @@ -150,7 +150,7 @@ EapPeerMethodResponseAction eap::method_gtc::set_ui_context( _In_count_(dwUIContextDataSize) const BYTE *pUIContextData, _In_ DWORD dwUIContextDataSize) { - m_module.log_event(&EAPMETHOD_GTC_RESPONSE, event_data((unsigned int)eap_type_gtc), event_data::blank); + m_module.log_event(&EAPMETHOD_GTC_RESPONSE, event_data((unsigned int)eap_type_t::gtc), event_data::blank); // Save GTC response. m_response.assign( @@ -158,6 +158,6 @@ EapPeerMethodResponseAction eap::method_gtc::set_ui_context( reinterpret_cast(pUIContextData + dwUIContextDataSize)); // Send the response. - m_cfg.m_last_status = config_method::status_cred_invalid; // Blame "credentials" if we fail beyond this point. + m_cfg.m_last_status = config_method::status_t::cred_invalid; // Blame "credentials" if we fail beyond this point. return EapPeerMethodResponseActionSend; } diff --git a/lib/MSCHAPv2/include/Config.h b/lib/MSCHAPv2/include/Config.h index ccd7bf2..12e4e6b 100644 --- a/lib/MSCHAPv2/include/Config.h +++ b/lib/MSCHAPv2/include/Config.h @@ -90,7 +90,7 @@ namespace eap /// /// @copydoc eap::config_method::get_method_id() - /// \returns This implementation always returns `winstd::eap_type_legacy_mschapv2` + /// \returns This implementation always returns `winstd::eap_type_t::legacy_mschapv2` /// virtual winstd::eap_type_t get_method_id() const; @@ -158,7 +158,7 @@ namespace eap /// /// @copydoc eap::config_method::get_method_id() - /// \returns This implementation always returns `winstd::eap_type_mschapv2` + /// \returns This implementation always returns `winstd::eap_type_t::mschapv2` /// virtual winstd::eap_type_t get_method_id() const; diff --git a/lib/MSCHAPv2/include/MSCHAPv2.h b/lib/MSCHAPv2/include/MSCHAPv2.h index 7e096aa..693f257 100644 --- a/lib/MSCHAPv2/include/MSCHAPv2.h +++ b/lib/MSCHAPv2/include/MSCHAPv2.h @@ -23,7 +23,7 @@ namespace eap { - enum chap_packet_code_t : unsigned char; + enum class chap_packet_code_t : unsigned char; struct WINSTD_NOVTABLE chap_header; struct WINSTD_NOVTABLE challenge_mschapv2; struct WINSTD_NOVTABLE challenge_hash; @@ -65,13 +65,12 @@ namespace eap /// CHAP packet codes /// #pragma warning(suppress: 4480) - enum chap_packet_code_t : unsigned char { - chap_packet_code_challenge = 1, ///< Challenge - chap_packet_code_response = 2, ///< Response - chap_packet_code_success = 3, ///< Success - chap_packet_code_failure = 4, ///< Failure - - mschapv2_packet_code_change_password = 7, ///< Change password + enum class chap_packet_code_t : unsigned char { + challenge = 1, ///< Challenge + response = 2, ///< Response + success = 3, ///< Success + failure = 4, ///< Failure + change_password = 7, ///< Change password }; diff --git a/lib/MSCHAPv2/include/Method.h b/lib/MSCHAPv2/include/Method.h index 84cbfd0..8469dbb 100644 --- a/lib/MSCHAPv2/include/Method.h +++ b/lib/MSCHAPv2/include/Method.h @@ -254,12 +254,12 @@ namespace eap /// /// Communication phase /// - enum { - phase_unknown = -1, ///< Unknown phase - phase_init = 0, ///< Send client challenge - phase_challenge_server, ///< Verify server challenge - phase_finished, ///< Connection shut down - } m_phase; ///< What phase is our communication at? + enum class phase_t { + unknown = -1, ///< Unknown phase + init = 0, ///< Send client challenge + challenge_server, ///< Verify server challenge + finished, ///< Connection shut down + } m_phase; ///< What phase is our communication at? }; /// @} diff --git a/lib/MSCHAPv2/src/Config.cpp b/lib/MSCHAPv2/src/Config.cpp index caf4180..fa9c1f1 100644 --- a/lib/MSCHAPv2/src/Config.cpp +++ b/lib/MSCHAPv2/src/Config.cpp @@ -72,7 +72,7 @@ eap::config* eap::config_method_mschapv2::clone() const eap_type_t eap::config_method_mschapv2::get_method_id() const { - return eap_type_legacy_mschapv2; + return eap_type_t::legacy_mschapv2; } @@ -135,7 +135,7 @@ eap::config* eap::config_method_eapmschapv2::clone() const eap_type_t eap::config_method_eapmschapv2::get_method_id() const { - return eap_type_mschapv2; + return eap_type_t::mschapv2; } diff --git a/lib/MSCHAPv2/src/Method.cpp b/lib/MSCHAPv2/src/Method.cpp index e344730..9069e27 100644 --- a/lib/MSCHAPv2/src/Method.cpp +++ b/lib/MSCHAPv2/src/Method.cpp @@ -79,7 +79,7 @@ void eap::method_mschapv2_base::begin_session( // Presume authentication will fail with generic protocol failure. (Pesimist!!!) // We will reset once we get get_result(Success) call. - m_cfg.m_last_status = config_method::status_auth_failed; + m_cfg.m_last_status = config_method::status_t::auth_failed; m_cfg.m_last_msg.clear(); // Create cryptographics provider for support needs (client challenge ...). @@ -108,7 +108,7 @@ void eap::method_mschapv2_base::get_result( method::get_result(reason, pResult); if (reason == EapPeerMethodResultSuccess) - m_cfg.m_last_status = config_method::status_success; + m_cfg.m_last_status = config_method::status_t::success; // Always ask EAP host to save the connection data. And it will save it *only* when we report "success". // Don't worry. EapHost is well aware of failed authentication condition. @@ -119,7 +119,7 @@ void eap::method_mschapv2_base::get_result( void eap::method_mschapv2_base::process_success(_In_ const list &argv) { - assert(m_cfg.m_last_status != config_method::status_success); + assert(m_cfg.m_last_status != config_method::status_t::success); for (auto arg = argv.cbegin(), arg_end = argv.cend(); arg != arg_end; ++arg) { const string &val = *arg; @@ -140,11 +140,11 @@ void eap::method_mschapv2_base::process_success(_In_ const list &argv) throw invalid_argument(__FUNCTION__ " MS-CHAP2-Success authentication response string failed."); m_module.log_event(&EAPMETHOD_METHOD_SUCCESS, event_data((unsigned int)m_cfg.get_method_id()), event_data::blank); - m_cfg.m_last_status = config_method::status_success; + m_cfg.m_last_status = config_method::status_t::success; } } - if (m_cfg.m_last_status != config_method::status_success) + if (m_cfg.m_last_status != config_method::status_t::success) throw invalid_argument(__FUNCTION__ " MS-CHAP2-Success authentication response string not found."); } @@ -157,12 +157,12 @@ void eap::method_mschapv2_base::process_error(_In_ const list &argv) DWORD dwResult = strtoul(val.data() + 2, NULL, 10); m_module.log_event(&EAPMETHOD_METHOD_FAILURE_ERROR, event_data((unsigned int)m_cfg.get_method_id()), event_data(dwResult), event_data::blank); switch (dwResult) { - case ERROR_ACCT_DISABLED : m_cfg.m_last_status = config_method::status_account_disabled ; break; - case ERROR_RESTRICTED_LOGON_HOURS: m_cfg.m_last_status = config_method::status_account_logon_hours; break; - case ERROR_NO_DIALIN_PERMISSION : m_cfg.m_last_status = config_method::status_account_denied ; break; - case ERROR_PASSWD_EXPIRED : m_cfg.m_last_status = config_method::status_cred_expired ; break; - case ERROR_CHANGING_PASSWORD : m_cfg.m_last_status = config_method::status_cred_changing ; break; - default : m_cfg.m_last_status = config_method::status_cred_invalid ; + case ERROR_ACCT_DISABLED : m_cfg.m_last_status = config_method::status_t::account_disabled ; break; + case ERROR_RESTRICTED_LOGON_HOURS: m_cfg.m_last_status = config_method::status_t::account_logon_hours; break; + case ERROR_NO_DIALIN_PERMISSION : m_cfg.m_last_status = config_method::status_t::account_denied ; break; + case ERROR_PASSWD_EXPIRED : m_cfg.m_last_status = config_method::status_t::cred_expired ; break; + case ERROR_CHANGING_PASSWORD : m_cfg.m_last_status = config_method::status_t::cred_changing ; break; + default : m_cfg.m_last_status = config_method::status_t::cred_invalid ; } } else if ((val[0] == 'C' || val[0] == 'c') && val[1] == '=') { hex_dec dec; @@ -247,8 +247,8 @@ EapPeerMethodResponseAction eap::method_mschapv2::process_request_packet( m_ident = hdr->ident; switch (hdr->code) { - case chap_packet_code_challenge: { - m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_mschapv2), event_data::blank); + case chap_packet_code_t::challenge: { + m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_t::mschapv2), event_data::blank); if (msg + 1 > msg_end) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete CHAP challenge packet."); @@ -279,7 +279,7 @@ EapPeerMethodResponseAction eap::method_mschapv2::process_request_packet( value.push_back(0); // Flags chap_header hdr_resp; - hdr_resp.code = chap_packet_code_response; + hdr_resp.code = chap_packet_code_t::response; hdr_resp.ident = m_ident; size_t size_value = value.size(); *reinterpret_cast(hdr_resp.length) = htons((unsigned short)(sizeof(chap_header) + 1 + size_value + identity_utf8.length())); @@ -291,21 +291,21 @@ EapPeerMethodResponseAction eap::method_mschapv2::process_request_packet( m_packet_res.insert(m_packet_res.end(), value.begin(), value.end()); m_packet_res.insert(m_packet_res.end(), identity_utf8.begin(), identity_utf8.end()); - m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point. + m_cfg.m_last_status = config_method::status_t::cred_invalid; // Blame credentials if we fail beyond this point. return EapPeerMethodResponseActionSend; } - case chap_packet_code_success: + case chap_packet_code_t::success: process_success(parse_response(reinterpret_cast(msg), reinterpret_cast(msg_end) - reinterpret_cast(msg))); - if (m_cfg.m_last_status == config_method::status_success) { - // Acknowledge the authentication by sending a "3" (chap_packet_code_success). - m_packet_res.assign(1, chap_packet_code_success); - m_cfg.m_last_status = config_method::status_auth_failed; // Blame protocol if we fail beyond this point. + if (m_cfg.m_last_status == config_method::status_t::success) { + // Acknowledge the authentication by sending a "3" (chap_packet_code_t::success). + m_packet_res.assign(1, (unsigned char)chap_packet_code_t::success); + m_cfg.m_last_status = config_method::status_t::auth_failed; // Blame protocol if we fail beyond this point. return EapPeerMethodResponseActionSend; } else return EapPeerMethodResponseActionDiscard; - case chap_packet_code_failure: + case chap_packet_code_t::failure: process_error(parse_response(reinterpret_cast(msg), reinterpret_cast(msg_end) - reinterpret_cast(msg))); return EapPeerMethodResponseActionDiscard; } @@ -322,7 +322,7 @@ EapPeerMethodResponseAction eap::method_mschapv2::process_request_packet( ////////////////////////////////////////////////////////////////////// eap::method_mschapv2_diameter::method_mschapv2_diameter(_In_ module &mod, _In_ config_method_mschapv2 &cfg, _In_ credentials_pass &cred) : - m_phase(phase_unknown), + m_phase(phase_t::unknown), method_mschapv2_base(mod, cfg, cred) { } @@ -354,7 +354,7 @@ void eap::method_mschapv2_diameter::begin_session( { method_mschapv2_base::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize); - m_phase = phase_init; + m_phase = phase_t::init; } @@ -365,8 +365,8 @@ EapPeerMethodResponseAction eap::method_mschapv2_diameter::process_request_packe assert(pReceivedPacket || dwReceivedPacketSize == 0); switch (m_phase) { - case phase_init: { - m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_legacy_mschapv2), event_data::blank); + case phase_t::init: { + m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_t::legacy_mschapv2), event_data::blank); // Randomize Peer-Challenge. m_challenge_client.randomize(m_cp); @@ -396,25 +396,25 @@ EapPeerMethodResponseAction eap::method_mschapv2_diameter::process_request_packe diameter_avp_append(11, 311, diameter_avp_flag_mandatory, m_challenge_server.data(), (unsigned int)m_challenge_server.size(), m_packet_res); diameter_avp_append(25, 311, diameter_avp_flag_mandatory, response .data(), (unsigned int)response .size(), m_packet_res); - m_phase = phase_challenge_server; - m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point. + m_phase = phase_t::challenge_server; + m_cfg.m_last_status = config_method::status_t::cred_invalid; // Blame credentials if we fail beyond this point. return EapPeerMethodResponseActionSend; } - case phase_challenge_server: { + case phase_t::challenge_server: { process_packet(pReceivedPacket, dwReceivedPacketSize); - if (m_cfg.m_last_status == config_method::status_success) { - m_phase = phase_finished; + if (m_cfg.m_last_status == config_method::status_t::success) { + m_phase = phase_t::finished; // Acknowledge the authentication by sending an empty response packet. m_packet_res.clear(); - m_cfg.m_last_status = config_method::status_auth_failed; // Blame protocol if we fail beyond this point. + m_cfg.m_last_status = config_method::status_t::auth_failed; // Blame protocol if we fail beyond this point. return EapPeerMethodResponseActionSend; } else return EapPeerMethodResponseActionDiscard; } - case phase_finished: + case phase_t::finished: return EapPeerMethodResponseActionNone; default: diff --git a/lib/PAP/include/Config.h b/lib/PAP/include/Config.h index f5cab9c..18b5676 100644 --- a/lib/PAP/include/Config.h +++ b/lib/PAP/include/Config.h @@ -89,7 +89,7 @@ namespace eap /// /// @copydoc eap::config_method::get_method_id() - /// \returns This implementation always returns `winstd::eap_type_legacy_pap` + /// \returns This implementation always returns `winstd::eap_type_t::legacy_pap` /// virtual winstd::eap_type_t get_method_id() const; diff --git a/lib/PAP/include/Method.h b/lib/PAP/include/Method.h index 7b25a59..b7797a9 100644 --- a/lib/PAP/include/Method.h +++ b/lib/PAP/include/Method.h @@ -104,10 +104,10 @@ namespace eap /// /// Communication phase /// - enum { - phase_unknown = -1, ///< Unknown phase - phase_init = 0, ///< Handshake initialize - phase_finished, ///< Connection shut down + enum class phase_t { + unknown = -1, ///< Unknown phase + init = 0, ///< Handshake initialize + finished, ///< Connection shut down } m_phase; ///< What phase is our communication at? sanitizing_blob m_packet_res; ///< Response packet diff --git a/lib/PAP/src/Config.cpp b/lib/PAP/src/Config.cpp index 45256c1..5212490 100644 --- a/lib/PAP/src/Config.cpp +++ b/lib/PAP/src/Config.cpp @@ -72,7 +72,7 @@ eap::config* eap::config_method_pap::clone() const eap_type_t eap::config_method_pap::get_method_id() const { - return eap_type_legacy_pap; + return eap_type_t::legacy_pap; } diff --git a/lib/PAP/src/Method.cpp b/lib/PAP/src/Method.cpp index 0b1b051..1880f5c 100644 --- a/lib/PAP/src/Method.cpp +++ b/lib/PAP/src/Method.cpp @@ -31,7 +31,7 @@ using namespace winstd; eap::method_pap_diameter::method_pap_diameter(_In_ module &mod, _In_ config_method_pap &cfg, _In_ credentials_pass &cred) : m_cfg(cfg), m_cred(cred), - m_phase(phase_unknown), + m_phase(phase_t::unknown), method(mod) { } @@ -71,10 +71,10 @@ void eap::method_pap_diameter::begin_session( // Presume authentication will fail with generic protocol failure. (Pesimist!!!) // We will reset once we get get_result(Success) call. - m_cfg.m_last_status = config_method::status_auth_failed; + m_cfg.m_last_status = config_method::status_t::auth_failed; m_cfg.m_last_msg.clear(); - m_phase = phase_init; + m_phase = phase_t::init; } @@ -86,8 +86,8 @@ EapPeerMethodResponseAction eap::method_pap_diameter::process_request_packet( UNREFERENCED_PARAMETER(dwReceivedPacketSize); switch (m_phase) { - case phase_init: { - m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_legacy_pap), event_data::blank); + case phase_t::init: { + m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_t::legacy_pap), event_data::blank); // Convert username and password to UTF-8. sanitizing_string identity_utf8, password_utf8; @@ -103,12 +103,12 @@ EapPeerMethodResponseAction eap::method_pap_diameter::process_request_packet( diameter_avp_append(1, diameter_avp_flag_mandatory, identity_utf8.data(), (unsigned int)identity_utf8.size(), m_packet_res); diameter_avp_append(2, diameter_avp_flag_mandatory, password_utf8.data(), (unsigned int)password_utf8.size(), m_packet_res); - m_phase = phase_finished; - m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point. + m_phase = phase_t::finished; + m_cfg.m_last_status = config_method::status_t::cred_invalid; // Blame credentials if we fail beyond this point. return EapPeerMethodResponseActionSend; } - case phase_finished: + case phase_t::finished: return EapPeerMethodResponseActionNone; default: @@ -137,7 +137,7 @@ void eap::method_pap_diameter::get_result( method::get_result(reason, pResult); if (reason == EapPeerMethodResultSuccess) - m_cfg.m_last_status = config_method::status_success; + m_cfg.m_last_status = config_method::status_t::success; // Always ask EAP host to save the connection data. And it will save it *only* when we report "success". // Don't worry. EapHost is well aware of failed authentication condition. diff --git a/lib/TLS/include/Config.h b/lib/TLS/include/Config.h index 5dc2a95..5c497c5 100644 --- a/lib/TLS/include/Config.h +++ b/lib/TLS/include/Config.h @@ -126,7 +126,7 @@ namespace eap /// /// @copydoc eap::config_method::get_method_id() - /// \returns This implementation always returns `winstd::eap_type_tls` + /// \returns This implementation always returns `winstd::eap_type_t::tls` /// virtual winstd::eap_type_t get_method_id() const; diff --git a/lib/TLS/include/Credentials.h b/lib/TLS/include/Credentials.h index be500d0..61a8fdd 100644 --- a/lib/TLS/include/Credentials.h +++ b/lib/TLS/include/Credentials.h @@ -132,9 +132,9 @@ namespace eap /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL) /// /// \returns - /// - \c source_cache Credentials were obtained from EapHost cache - /// - \c source_config Credentials were set by method configuration - /// - \c source_storage Credentials were loaded from Windows Credential Manager + /// - \c source_t::cache Credentials were obtained from EapHost cache + /// - \c source_t::config Credentials were set by method configuration + /// - \c source_t::storage Credentials were loaded from Windows Credential Manager /// virtual source_t combine( _In_ DWORD dwFlags, diff --git a/lib/TLS/src/Config.cpp b/lib/TLS/src/Config.cpp index cd48a3c..5a6d42c 100644 --- a/lib/TLS/src/Config.cpp +++ b/lib/TLS/src/Config.cpp @@ -256,7 +256,7 @@ void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor) eap_type_t eap::config_method_tls::get_method_id() const { - return eap_type_tls; + return eap_type_t::tls; } diff --git a/lib/TLS/src/Credentials.cpp b/lib/TLS/src/Credentials.cpp index ae694f1..0d9cc2b 100644 --- a/lib/TLS/src/Credentials.cpp +++ b/lib/TLS/src/Credentials.cpp @@ -310,16 +310,16 @@ eap::credentials::source_t eap::credentials_tls::combine( if (cred_cached) { // Using EAP service cached credentials. *this = *dynamic_cast(cred_cached); - m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank); - return source_cache; + m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)eap_type_t::tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank); + return source_t::cache; } auto cfg_with_cred = dynamic_cast(&cfg); if (cfg_with_cred && cfg_with_cred->m_use_cred) { // Using configured credentials. *this = *dynamic_cast(cfg_with_cred->m_cred.get()); - m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank); - return source_config; + m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)eap_type_t::tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank); + return source_t::config; } if (pszTargetName) { @@ -332,14 +332,14 @@ eap::credentials::source_t eap::credentials_tls::combine( // Using stored credentials. *this = std::move(cred_loaded); - m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank); - return source_storage; + m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)eap_type_t::tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank); + return source_t::storage; } catch (...) { // Not actually an error. } } - return source_unknown; + return source_t::unknown; } diff --git a/lib/TTLS/include/Config.h b/lib/TTLS/include/Config.h index 70f9b77..8aa02f1 100644 --- a/lib/TTLS/include/Config.h +++ b/lib/TTLS/include/Config.h @@ -106,7 +106,7 @@ namespace eap /// /// @copydoc eap::config_method::get_method_id() - /// \returns This implementation always returns `winstd::eap_type_ttls` + /// \returns This implementation always returns `winstd::eap_type_t::ttls` /// virtual winstd::eap_type_t get_method_id() const; diff --git a/lib/TTLS/include/Credentials.h b/lib/TTLS/include/Credentials.h index 6c97baf..65c92c9 100644 --- a/lib/TTLS/include/Credentials.h +++ b/lib/TTLS/include/Credentials.h @@ -121,9 +121,9 @@ namespace eap /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL) /// /// \returns - /// - \c source_cache Credentials were obtained from EapHost cache - /// - \c source_config Credentials were set by method configuration - /// - \c source_storage Credentials were loaded from Windows Credential Manager + /// - \c source_t::cache Credentials were obtained from EapHost cache + /// - \c source_t::config Credentials were set by method configuration + /// - \c source_t::storage Credentials were loaded from Windows Credential Manager /// virtual source_t combine( _In_ DWORD dwFlags, diff --git a/lib/TTLS/include/Method.h b/lib/TTLS/include/Method.h index 0bf1b19..2378c01 100644 --- a/lib/TTLS/include/Method.h +++ b/lib/TTLS/include/Method.h @@ -196,10 +196,10 @@ namespace eap /// /// Communication phase /// - enum { - phase_unknown = -1, ///< Unknown phase - phase_identity = 0, ///< Send identity - phase_finished, ///< Connection shut down + enum class phase_t { + unknown = -1, ///< Unknown phase + identity = 0, ///< Send identity + finished, ///< Connection shut down } m_phase; ///< What phase is our communication at? sanitizing_blob m_packet_res; ///< Response packet @@ -289,11 +289,11 @@ namespace eap /// /// Communication phase /// - enum { - phase_unknown = -1, ///< Unknown phase - phase_handshake_init = 0, ///< Handshake initialize - phase_handshake_cont, ///< Handshake continue - phase_finished, ///< Exchange application data + enum class phase_t { + unknown = -1, ///< Unknown phase + handshake_init = 0, ///< Handshake initialize + handshake_cont, ///< Handshake continue + finished, ///< Exchange application data } m_phase; ///< What phase is our communication at? sanitizing_blob m_packet_res; ///< Response packet diff --git a/lib/TTLS/src/Config.cpp b/lib/TTLS/src/Config.cpp index 7b5eef0..280b677 100644 --- a/lib/TTLS/src/Config.cpp +++ b/lib/TTLS/src/Config.cpp @@ -110,7 +110,7 @@ void eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode throw com_runtime_error(hr, __FUNCTION__ " Error creating element."); eap_type_t eap_type = m_inner->get_method_id(); - if (eap_type_noneap_start <= eap_type && eap_type < eap_type_noneap_end) { + if (eap_type_t::noneap_start <= eap_type && eap_type < eap_type_t::noneap_end) { // / if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElInnerAuthenticationMethod, bstr(L"NonEAPAuthMethod"), namespace_eapmetadata, bstr(m_inner->get_method_str())))) throw com_runtime_error(hr, __FUNCTION__ " Error creating element."); @@ -201,7 +201,7 @@ void eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot) DWORD dwMethod; bstr bstrMethod; if (SUCCEEDED(eapxml::get_element_value(pXmlElInnerAuthenticationMethod, bstr(L"eap-metadata:EAPMethod"), dwMethod)) && - eap_type_start <= dwMethod && dwMethod < eap_type_end) + eap_type_t::start <= (eap_type_t)dwMethod && (eap_type_t)dwMethod < eap_type_t::end) { m_inner.reset(make_config_method((eap_type_t)dwMethod)); m_module.log_config((xpath + L"/EAPMethod").c_str(), m_inner->get_method_str()); @@ -248,7 +248,7 @@ void eap::config_method_ttls::operator>>(_Inout_ cursor_in &cursor) eap_type_t eap::config_method_ttls::get_method_id() const { - return eap_type_ttls; + return eap_type_t::ttls; } @@ -269,14 +269,14 @@ eap::credentials* eap::config_method_ttls::make_credentials() const eap::config_method* eap::config_method_ttls::make_config_method(_In_ winstd::eap_type_t eap_type) const { switch (eap_type) { - case eap_type_legacy_pap : return new config_method_pap (m_module, m_level + 1); - case eap_type_legacy_mschapv2: return new config_method_mschapv2 (m_module, m_level + 1); - case eap_type_mschapv2 : return new config_method_eapmschapv2(m_module, m_level + 1); - case eap_type_gtc : return new config_method_eapgtc (m_module, m_level + 1); + case eap_type_t::legacy_pap : return new config_method_pap (m_module, m_level + 1); + case eap_type_t::legacy_mschapv2: return new config_method_mschapv2 (m_module, m_level + 1); + case eap_type_t::mschapv2 : return new config_method_eapmschapv2(m_module, m_level + 1); + case eap_type_t::gtc : return new config_method_eapgtc (m_module, m_level + 1); #if EAP_INNER_EAPHOST - default : return new config_method_eaphost (m_module, m_level + 1); // EapHost peer method handles all other method types + default : return new config_method_eaphost (m_module, m_level + 1); // EapHost peer method handles all other method types #else - default : throw invalid_argument(string_printf(__FUNCTION__ " Unsupported inner authentication method (%d).", eap_type)); + default : throw invalid_argument(string_printf(__FUNCTION__ " Unsupported inner authentication method (%d).", eap_type)); #endif } } diff --git a/lib/TTLS/src/Method.cpp b/lib/TTLS/src/Method.cpp index ccae180..fe72eae 100644 --- a/lib/TTLS/src/Method.cpp +++ b/lib/TTLS/src/Method.cpp @@ -175,7 +175,7 @@ void eap::method_defrag::get_response_packet( eap::method_eapmsg::method_eapmsg(_In_ module &mod, _In_ const wchar_t *identity, _In_ method *inner) : m_identity(identity), - m_phase(phase_unknown), + m_phase(phase_t::unknown), method_tunnel(mod, inner) { } @@ -219,7 +219,7 @@ void eap::method_eapmsg::begin_session( assert(m_inner); m_inner->begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, std::min(dwMaxSendPacketSize, 0xffffff) - sizeof(diameter_avp_header)); - m_phase = phase_identity; + m_phase = phase_t::identity; } @@ -228,7 +228,7 @@ EapPeerMethodResponseAction eap::method_eapmsg::process_request_packet( _In_ DWORD dwReceivedPacketSize) { switch (m_phase) { - case phase_identity: { + case phase_t::identity: { // Convert identity to UTF-8. sanitizing_string identity_utf8; WideCharToMultiByte(CP_UTF8, 0, m_identity, identity_utf8, NULL, NULL); @@ -239,18 +239,18 @@ EapPeerMethodResponseAction eap::method_eapmsg::process_request_packet( eap_packet pck; if (!pck.create(EapCodeResponse, 0, (WORD)size_packet)) throw win_runtime_error(__FUNCTION__ " EapPacket creation failed."); - pck->Data[0] = eap_type_identity; + pck->Data[0] = (BYTE)eap_type_t::identity; memcpy(pck->Data + 1, identity_utf8.data(), size_identity); // Diameter AVP (EAP-Message=79) m_packet_res.clear(); diameter_avp_append(79, diameter_avp_flag_mandatory, (const EapPacket*)pck, (unsigned int)size_packet, m_packet_res); - m_phase = phase_finished; + m_phase = phase_t::finished; return EapPeerMethodResponseActionSend; } - case phase_finished: { + case phase_t::finished: { EapPeerMethodResponseAction action = EapPeerMethodResponseActionNone; bool eap_message_found = false; @@ -340,7 +340,7 @@ eap::method_ttls::method_ttls(_In_ module &mod, _In_ config_method_ttls &cfg, _I m_cfg(cfg), m_cred(cred), m_user_ctx(NULL), - m_phase(phase_unknown), + m_phase(phase_t::unknown), m_packet_res_inner(false), method_tunnel(mod, inner) { @@ -404,7 +404,7 @@ void eap::method_ttls::begin_session( // Presume authentication will fail with generic protocol failure. (Pesimist!!!) // We will reset once we get get_result(Success) call. - m_cfg.m_last_status = config_method::status_auth_failed; + m_cfg.m_last_status = config_method::status_t::auth_failed; m_cfg.m_last_msg.clear(); m_user_ctx = hTokenImpersonateUser; @@ -456,7 +456,7 @@ void eap::method_ttls::begin_session( if (FAILED(stat)) throw sec_runtime_error(stat, __FUNCTION__ " Error acquiring Schannel credentials handle."); - m_phase = phase_handshake_init; + m_phase = phase_t::handshake_init; } @@ -469,8 +469,8 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet( user_impersonator impersonating(m_user_ctx); switch (m_phase) { - case phase_handshake_init: { - m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_ttls), event_data::blank); + case phase_t::handshake_init: { + m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_t::ttls), event_data::blank); // Prepare input buffer(s). SecBuffer buf_in[] = { @@ -512,7 +512,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet( } else m_sc_queue.clear(); - m_phase = phase_handshake_cont; + m_phase = phase_t::handshake_cont; m_packet_res_inner = false; return EapPeerMethodResponseActionSend; } else if (FAILED(status)) { @@ -529,7 +529,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet( throw sec_runtime_error(status, __FUNCTION__ " Unexpected Schannel result."); } - case phase_handshake_cont: { + case phase_t::handshake_cont: { m_sc_queue.insert(m_sc_queue.end(), reinterpret_cast(pReceivedPacket), reinterpret_cast(pReceivedPacket) + dwReceivedPacketSize); // Prepare input buffer(s). @@ -577,7 +577,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet( enc.encode(hash_unicode, hash.data(), hash.size()); if (RegQueryValueExW(key, hash_unicode.c_str(), NULL, NULL, subj) == ERROR_SUCCESS) { // A certificate in the chain is found to be revoked as compromised. - m_cfg.m_last_status = config_method::status_server_compromised; + m_cfg.m_last_status = config_method::status_t::server_compromised; throw com_runtime_error(CRYPT_E_REVOKED, __FUNCTION__ " Server certificate or one of its issuer's certificate has been found revoked as compromised. Your credentials were probably sent to this server during previous connection attempts, thus changing your credentials (in a safe manner) is strongly advised. Please, contact your helpdesk immediately."); } } @@ -607,7 +607,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet( if (status == SEC_I_CONTINUE_NEEDED) { // Blame credentials if we fail beyond this point. - m_cfg.m_last_status = config_method::status_cred_invalid; + m_cfg.m_last_status = config_method::status_t::cred_invalid; m_packet_res_inner = false; } else { SecPkgContext_Authority auth; @@ -619,7 +619,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet( SecPkgContext_ConnectionInfo info; if (SUCCEEDED(status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_CONNECTION_INFO, &info))) m_module.log_event(&EAPMETHOD_TLS_HANDSHAKE_FINISHED, - event_data((unsigned int)eap_type_ttls), + event_data((unsigned int)eap_type_t::ttls), event_data(auth.sAuthorityName), event_data(info.dwProtocol), event_data(info.aiCipher), @@ -632,8 +632,8 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet( else m_module.log_event(&EAPMETHOD_TLS_QUERY_FAILED, event_data((unsigned int)SECPKG_ATTR_CONNECTION_INFO), event_data(status), event_data::blank); - m_phase = phase_finished; - m_cfg.m_last_status = config_method::status_success; + m_phase = phase_t::finished; + m_cfg.m_last_status = config_method::status_t::success; method_mschapv2_diameter *inner_mschapv2 = dynamic_cast(m_inner.get()); if (inner_mschapv2) { @@ -712,7 +712,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet( throw sec_runtime_error(status, __FUNCTION__ " Unexpected Schannel result."); } - case phase_finished: { + case phase_t::finished: { m_packet_res.clear(); m_sc_queue.insert(m_sc_queue.end(), reinterpret_cast(pReceivedPacket), reinterpret_cast(pReceivedPacket) + dwReceivedPacketSize); @@ -867,7 +867,7 @@ void eap::method_ttls::get_result( m_eap_attr_desc.pAttribs = m_eap_attr.data(); pResult->pAttribArray = &m_eap_attr_desc; - m_cfg.m_last_status = config_method::status_success; + m_cfg.m_last_status = config_method::status_t::success; // Spawn certificate revocation verify thread. dynamic_cast(m_module).spawn_crl_check(std::move(m_sc_cert)); @@ -889,7 +889,7 @@ void eap::method_ttls::verify_server_trust() const memcmp(m_sc_cert->pbCertEncoded, (*c)->pbCertEncoded, m_sc_cert->cbCertEncoded) == 0) { // Server certificate found directly on the trusted root CA list. - m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED_EX1, event_data((unsigned int)eap_type_ttls), event_data::blank); + m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED_EX1, event_data((unsigned int)eap_type_t::ttls), event_data::blank); return; } } @@ -938,7 +938,7 @@ void eap::method_ttls::verify_server_trust() const if (san_info->rgAltEntry[idx_entry].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME && _wcsicmp(s->c_str(), san_info->rgAltEntry[idx_entry].pwszDNSName) == 0) { - m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)eap_type_ttls), event_data(san_info->rgAltEntry[idx_entry].pwszDNSName), event_data::blank); + m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)eap_type_t::ttls), event_data(san_info->rgAltEntry[idx_entry].pwszDNSName), event_data::blank); found = true; } } @@ -953,7 +953,7 @@ void eap::method_ttls::verify_server_trust() const for (auto s = m_cfg.m_server_names.cbegin(), s_end = m_cfg.m_server_names.cend(); !found && s != s_end; ++s) { if (_wcsicmp(s->c_str(), subj.c_str()) == 0) { - m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data::blank); + m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)eap_type_t::ttls), event_data(subj), event_data::blank); found = true; } } @@ -1043,7 +1043,7 @@ void eap::method_ttls::verify_server_trust() const } } - m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED1, event_data((unsigned int)eap_type_ttls), event_data::blank); + m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED1, event_data((unsigned int)eap_type_t::ttls), event_data::blank); } #endif diff --git a/lib/TTLS/src/Module.cpp b/lib/TTLS/src/Module.cpp index 3b831a2..726f70b 100644 --- a/lib/TTLS/src/Module.cpp +++ b/lib/TTLS/src/Module.cpp @@ -30,7 +30,7 @@ using namespace winstd; // eap::peer_ttls ////////////////////////////////////////////////////////////////////// -eap::peer_ttls::peer_ttls() : peer(eap_type_ttls) +eap::peer_ttls::peer_ttls() : peer(eap_type_t::ttls) { } @@ -126,7 +126,7 @@ void eap::peer_ttls::get_identity( // Build our identity. ;) wstring identity(std::move(cfg_method->get_public_identity(*dynamic_cast(cred_out.m_cred.get())))); - log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_ttls), event_data(identity), event_data::blank); + log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_t::ttls), event_data(identity), event_data::blank); size_t size = sizeof(WCHAR)*(identity.length() + 1); *ppwszIdentity = (WCHAR*)alloc_memory(size); memcpy(*ppwszIdentity, identity.c_str(), size); @@ -255,16 +255,16 @@ EAP_SESSION_HANDLE eap::peer_ttls::begin_session( { // Native inner methods switch (cfg_inner->get_method_id()) { - case eap_type_legacy_pap : meth_inner.reset(new method_pap_diameter (*this, dynamic_cast(*cfg_inner), dynamic_cast(*cred_inner))); break; - case eap_type_legacy_mschapv2: meth_inner.reset(new method_mschapv2_diameter(*this, dynamic_cast(*cfg_inner), dynamic_cast(*cred_inner))); break; - case eap_type_mschapv2 : meth_inner.reset( - new method_eapmsg (*this, cred_inner->get_identity().c_str(), - new method_eap (*this, eap_type_mschapv2, - new method_mschapv2(*this, dynamic_cast(*cfg_inner), dynamic_cast(*cred_inner))))); break; - case eap_type_gtc : meth_inner.reset( - new method_eapmsg (*this, cred_inner->get_identity().c_str(), - new method_eap (*this, eap_type_gtc, - new method_gtc (*this, dynamic_cast(*cfg_inner), dynamic_cast(*cred_inner))))); break; + case eap_type_t::legacy_pap : meth_inner.reset(new method_pap_diameter (*this, dynamic_cast(*cfg_inner), dynamic_cast(*cred_inner))); break; + case eap_type_t::legacy_mschapv2: meth_inner.reset(new method_mschapv2_diameter(*this, dynamic_cast(*cfg_inner), dynamic_cast(*cred_inner))); break; + case eap_type_t::mschapv2 : meth_inner.reset( + new method_eapmsg (*this, cred_inner->get_identity().c_str(), + new method_eap (*this, eap_type_t::mschapv2, + new method_mschapv2(*this, dynamic_cast(*cfg_inner), dynamic_cast(*cred_inner))))); break; + case eap_type_t::gtc : meth_inner.reset( + new method_eapmsg (*this, cred_inner->get_identity().c_str(), + new method_eap (*this, eap_type_t::gtc, + new method_gtc (*this, dynamic_cast(*cfg_inner), dynamic_cast(*cred_inner))))); break; default: throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method."); } } @@ -277,7 +277,7 @@ EAP_SESSION_HANDLE eap::peer_ttls::begin_session( } #endif s->m_method.reset( - new method_eap (*this, eap_type_ttls, + new method_eap (*this, eap_type_t::ttls, new method_defrag(*this, new method_ttls (*this, *cfg_method, *dynamic_cast(s->m_cred.m_cred.get()), meth_inner.release())))); @@ -476,8 +476,8 @@ _Success_(return != 0) const eap::config_method_ttls* eap::peer_ttls::combine_cr #endif *cfg_method, cfg_method->m_allow_save ? _target_name : NULL); - if (src_outer == eap::credentials::source_unknown) { - log_event(&EAPMETHOD_TRACE_EVT_CRED_UNKNOWN3, event_data(target_name), event_data((unsigned int)eap_type_tls), event_data::blank); + if (src_outer == eap::credentials::source_t::unknown) { + log_event(&EAPMETHOD_TRACE_EVT_CRED_UNKNOWN3, event_data(target_name), event_data((unsigned int)eap_type_t::tls), event_data::blank); continue; } @@ -492,7 +492,7 @@ _Success_(return != 0) const eap::config_method_ttls* eap::peer_ttls::combine_cr #endif *cfg_method->m_inner, cfg_method->m_inner->m_allow_save ? _target_name : NULL); - if (src_inner == eap::credentials::source_unknown) { + if (src_inner == eap::credentials::source_t::unknown) { log_event(&EAPMETHOD_TRACE_EVT_CRED_UNKNOWN3, event_data(target_name), event_data((unsigned int)cfg_method->m_inner->get_method_id()), event_data::blank); continue; } @@ -500,13 +500,13 @@ _Success_(return != 0) const eap::config_method_ttls* eap::peer_ttls::combine_cr // If we got here, we have all credentials we need. But, wait! if ((dwFlags & EAP_FLAG_MACHINE_AUTH) == 0) { - if (config_method::status_cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < config_method::status_cred_end) { + if (config_method::status_t::cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < config_method::status_t::cred_end) { // Outer: Credentials failed on last connection attempt. - log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM2, event_data(target_name), event_data((unsigned int)eap_type_tls), event_data((unsigned int)cfg_method->m_last_status), event_data::blank); + log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM2, event_data(target_name), event_data((unsigned int)eap_type_t::tls), event_data((unsigned int)cfg_method->m_last_status), event_data::blank); continue; } - if (config_method::status_cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < config_method::status_cred_end) { + if (config_method::status_t::cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < config_method::status_t::cred_end) { // Inner: Credentials failed on last connection attempt. log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM2, event_data(target_name), event_data((unsigned int)cfg_method->m_inner->get_method_id()), event_data((unsigned int)cfg_method->m_inner->m_last_status), event_data::blank); continue; @@ -637,7 +637,7 @@ DWORD WINAPI eap::peer_ttls::crl_checker::verify(_In_ crl_checker *obj) // This "error" is expected for the root CA certificate. } else { // This really was an error, as it appeared before the root CA cerficate in the chain. - obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_SKIPPED, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data::blank); + obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_SKIPPED, event_data((unsigned int)eap_type_t::ttls), event_data(subj), event_data::blank); } break; @@ -649,12 +649,12 @@ DWORD WINAPI eap::peer_ttls::crl_checker::verify(_In_ crl_checker *obj) case CRL_REASON_CESSATION_OF_OPERATION: case CRL_REASON_CERTIFICATE_HOLD: // The revocation was of administrative nature. No need to black-list. - obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKED1, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data(status_rev.dwReason), event_data::blank); + obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKED1, event_data((unsigned int)eap_type_t::ttls), event_data(subj), event_data(status_rev.dwReason), event_data::blank); break; default: { // One of the certificates in the chain was revoked as compromised. Black-list it. - obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKED, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data(status_rev.dwReason), event_data::blank); + obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKED, event_data((unsigned int)eap_type_t::ttls), event_data(subj), event_data(status_rev.dwReason), event_data::blank); reg_key key; if (key.create(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\") _T(VENDOR_NAME_STR) _T("\\") _T(PRODUCT_NAME_STR) _T("\\TLSCRL"), NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE)) { vector hash; @@ -678,7 +678,7 @@ DWORD WINAPI eap::peer_ttls::crl_checker::verify(_In_ crl_checker *obj) default: // Checking one of the certificates in the chain for revocation failed. Resume checking the rest. - obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_FAILED, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data(status_rev.dwError), event_data::blank); + obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_FAILED, event_data((unsigned int)eap_type_t::ttls), event_data(subj), event_data(status_rev.dwError), event_data::blank); c += (size_t)status_rev.dwIndex + 1; } } else { @@ -688,6 +688,6 @@ DWORD WINAPI eap::peer_ttls::crl_checker::verify(_In_ crl_checker *obj) } // Revocation check succeeded. - obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_FINISHED, event_data((unsigned int)eap_type_ttls), event_data::blank); + obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_FINISHED, event_data((unsigned int)eap_type_t::ttls), event_data::blank); return 0; } diff --git a/lib/TTLS_UI/src/Module.cpp b/lib/TTLS_UI/src/Module.cpp index 1446097..3f9e962 100644 --- a/lib/TTLS_UI/src/Module.cpp +++ b/lib/TTLS_UI/src/Module.cpp @@ -54,7 +54,7 @@ protected: // eap::peer_ttls_ui ////////////////////////////////////////////////////////////////////// -eap::peer_ttls_ui::peer_ttls_ui() : peer_ui(eap_type_ttls) +eap::peer_ttls_ui::peer_ttls_ui() : peer_ui(eap_type_t::ttls) { } @@ -244,16 +244,16 @@ void eap::peer_ttls_ui::invoke_identity_ui( #endif *cfg_method, cfg_method->m_allow_save ? target_name.c_str() : NULL); - if (src_outer == eap::credentials::source_unknown || - src_outer != eap::credentials::source_config && eap::config_method::status_cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < eap::config_method::status_cred_end) + if (src_outer == eap::credentials::source_t::unknown || + src_outer != eap::credentials::source_t::config && eap::config_method::status_t::cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < eap::config_method::status_t::cred_end) { // Build dialog to prompt for outer credentials. wxEAPCredentialsDialog dlg(*cfg_prov, init.m_parent); ui_canceller lock(dlg.GetHWND()); - if (eap::config_method::status_cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < eap::config_method::status_cred_end) + if (eap::config_method::status_t::cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < eap::config_method::status_t::cred_end) dlg.AddContent(new wxEAPCredentialWarningPanel(*cfg_prov, cfg_method->m_last_status, &dlg)); auto panel = new wxTLSCredentialsPanel(*cfg_prov, *cfg_method, *cred, &dlg, false); - panel->SetRemember(src_outer == eap::credentials::source_storage); + panel->SetRemember(src_outer == eap::credentials::source_t::storage); dlg.AddContent(panel); // Update dialog layout. @@ -292,8 +292,8 @@ void eap::peer_ttls_ui::invoke_identity_ui( #endif *cfg_method->m_inner, cfg_method->m_inner->m_allow_save ? target_name.c_str() : NULL); - if (src_inner == eap::credentials::source_unknown || - src_inner != eap::credentials::source_config && eap::config_method::status_cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < eap::config_method::status_cred_end) + if (src_inner == eap::credentials::source_t::unknown || + src_inner != eap::credentials::source_t::config && eap::config_method::status_t::cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < eap::config_method::status_t::cred_end) { // Prompt for inner credentials. #if EAP_INNER_EAPHOST @@ -304,14 +304,14 @@ void eap::peer_ttls_ui::invoke_identity_ui( // Native inner methods. Build dialog to prompt for inner credentials. wxEAPCredentialsDialog dlg(*cfg_prov, init.m_parent); ui_canceller lock(dlg.GetHWND()); - if (eap::config_method::status_cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < eap::config_method::status_cred_end) + if (eap::config_method::status_t::cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < eap::config_method::status_t::cred_end) dlg.AddContent(new wxEAPCredentialWarningPanel(*cfg_prov, cfg_method->m_inner->m_last_status, &dlg)); wxEAPCredentialsPanelBase *panel = NULL; switch (cfg_method->m_inner->get_method_id()) { - case eap_type_legacy_pap : panel = new wxPAPCredentialsPanel (*cfg_prov, *dynamic_cast(cfg_method->m_inner.get()), *dynamic_cast(cred->m_inner.get()), &dlg, false); break; - case eap_type_legacy_mschapv2: panel = new wxMSCHAPv2CredentialsPanel(*cfg_prov, *dynamic_cast(cfg_method->m_inner.get()), *dynamic_cast(cred->m_inner.get()), &dlg, false); break; - case eap_type_mschapv2 : panel = new wxMSCHAPv2CredentialsPanel(*cfg_prov, *dynamic_cast(cfg_method->m_inner.get()), *dynamic_cast(cred->m_inner.get()), &dlg, false); break; - case eap_type_gtc : { + case eap_type_t::legacy_pap : panel = new wxPAPCredentialsPanel (*cfg_prov, *dynamic_cast(cfg_method->m_inner.get()), *dynamic_cast(cred->m_inner.get()), &dlg, false); break; + case eap_type_t::legacy_mschapv2: panel = new wxMSCHAPv2CredentialsPanel(*cfg_prov, *dynamic_cast(cfg_method->m_inner.get()), *dynamic_cast(cred->m_inner.get()), &dlg, false); break; + case eap_type_t::mschapv2 : panel = new wxMSCHAPv2CredentialsPanel(*cfg_prov, *dynamic_cast(cfg_method->m_inner.get()), *dynamic_cast(cred->m_inner.get()), &dlg, false); break; + case eap_type_t::gtc : { // EAP-GTC credential prompt differes for "Challenge/Response" and "Password" authentication modes. eap::credentials_identity *cred_resp; eap::credentials_pass *cred_pass; @@ -327,7 +327,7 @@ void eap::peer_ttls_ui::invoke_identity_ui( } if (!panel) throw invalid_argument("Invalid authentication mode"); - panel->SetRemember(src_inner == eap::credentials::source_storage); + panel->SetRemember(src_inner == eap::credentials::source_t::storage); dlg.AddContent(panel); // Update dialog layout. @@ -397,7 +397,7 @@ void eap::peer_ttls_ui::invoke_identity_ui( // Build our identity. ;) wstring identity(std::move(cfg_method->get_public_identity(*dynamic_cast(cred_out.m_cred.get())))); - log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_ttls), event_data(identity), event_data::blank); + log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_t::ttls), event_data(identity), event_data::blank); size_t size = sizeof(WCHAR)*(identity.length() + 1); *ppwszIdentity = (WCHAR*)alloc_memory(size); memcpy(*ppwszIdentity, identity.c_str(), size); diff --git a/lib/TTLS_UI/src/TTLS_UI.cpp b/lib/TTLS_UI/src/TTLS_UI.cpp index e5f2d02..f3266fa 100644 --- a/lib/TTLS_UI/src/TTLS_UI.cpp +++ b/lib/TTLS_UI/src/TTLS_UI.cpp @@ -186,22 +186,22 @@ bool wxTTLSConfigWindow::TransferDataToWindow() { // Native inner methods switch (cfg_ttls.m_inner->get_method_id()) { - case winstd::eap_type_legacy_pap: + case winstd::eap_type_t::legacy_pap: m_cfg_pap = dynamic_cast(*cfg_ttls.m_inner); m_inner_type->SetSelection(0); // 0=PAP break; - case winstd::eap_type_legacy_mschapv2: + case winstd::eap_type_t::legacy_mschapv2: m_cfg_mschapv2 = dynamic_cast(*cfg_ttls.m_inner); m_inner_type->SetSelection(1); // 1=MSCHAPv2 break; - case winstd::eap_type_mschapv2: + case winstd::eap_type_t::mschapv2: m_cfg_eapmschapv2 = dynamic_cast(*cfg_ttls.m_inner); m_inner_type->SetSelection(2); // 2=EAP-MSCHAPv2 break; - case winstd::eap_type_gtc: + case winstd::eap_type_t::gtc: m_cfg_eapgtc = dynamic_cast(*cfg_ttls.m_inner); m_inner_type->SetSelection(3); // 3=EAP-GTC break;