Make enums scoped

Signed-off-by: Simon Rozman <simon@rozman.si>
2020-01-04 12:17:16 +01:00 · 2020-01-04 12:17:16 +01:00 · 5a7827e85e
commit 5a7827e85e
parent 6db816cd60
35 changed files with 254 additions and 254 deletions
--- a/include/Common.props
+++ b/include/Common.props
@ -42,6 +42,7 @@
      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
      <StringPooling>true</StringPooling>
      <EnablePREfast>true</EnablePREfast>
      <DisableSpecificWarnings>26812</DisableSpecificWarnings>
    </ClCompile>
    <Link>
      <GenerateDebugInformation>true</GenerateDebugInformation>
--- a/lib/EAPBase/include/Config.h
+++ b/lib/EAPBase/include/Config.h
@ -150,20 +150,20 @@ namespace eap
        ///
        /// Authentication attempt status
        ///
-        enum status_t {
+        enum class status_t {
-            status_success = 0,                             ///< Authentication succeeded
+            success = 0,                    ///< Authentication succeeded
-            status_auth_failed,                             ///< Authentication failed
+            auth_failed,                    ///< Authentication failed
-            status_cred_invalid,                            ///< Invalid credentials
+            cred_invalid,                   ///< Invalid credentials
-            status_cred_expired,                            ///< Credentials expired
+            cred_expired,                   ///< Credentials expired
-            status_cred_changing,                           ///< Credentials are being changed
+            cred_changing,                  ///< Credentials are being changed
-            status_account_disabled,                        ///< Account is disabled
+            account_disabled,               ///< Account is disabled
-            status_account_logon_hours,                     ///< Restricted account logon hours
+            account_logon_hours,            ///< Restricted account logon hours
-            status_account_denied,                          ///< Account access is denied
+            account_denied,                 ///< Account access is denied
-            status_server_compromised,                      ///< Authentication server might have been compromised (CRL)
+            server_compromised,             ///< Authentication server might have been compromised (CRL)
            // Meta statuses
-            status_cred_begin = status_cred_invalid,        ///< First credential related problem
+            cred_begin = cred_invalid,      ///< First credential related problem
-            status_cred_end   = status_cred_changing + 1,   ///< First problem, that is not credential related any more
+            cred_end   = cred_changing + 1, ///< First problem, that is not credential related any more
        };
    public:
--- a/lib/EAPBase/include/Credentials.h
+++ b/lib/EAPBase/include/Credentials.h
@ -57,12 +57,12 @@ namespace eap
        ///
        /// Credential source when combined
        ///
-        enum source_t {
+        enum class source_t {
-            source_unknown = -1, ///< Unknown source
+            unknown = -1,   ///< Unknown source
-            source_cache = 0,    ///< Credentials were obtained from EapHost cache
+            cache = 0,      ///< Credentials were obtained from EapHost cache
-            source_config,       ///< Credentials were set by method configuration
+            config,         ///< Credentials were set by method configuration
-            source_storage,      ///< Credentials were loaded from Windows Credential Manager
+            storage,        ///< Credentials were loaded from Windows Credential Manager
-            source_lower,        ///< Credentials were set by lower EAP method
+            lower,          ///< Credentials were set by lower EAP method
        };
@ -210,9 +210,9 @@ namespace eap
        /// \param[in] pszTargetName          The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
        ///
        /// \returns
-        /// - \c source_cache   Credentials were obtained from EapHost cache
+        /// - \c source_t::cache   Credentials were obtained from EapHost cache
-        /// - \c source_config  Credentials were set by method configuration
+        /// - \c source_t::config  Credentials were set by method configuration
-        /// - \c source_storage Credentials were loaded from Windows Credential Manager
+        /// - \c source_t::storage Credentials were loaded from Windows Credential Manager
        ///
        virtual source_t combine(
            _In_             DWORD         dwFlags,
@ -305,9 +305,9 @@ namespace eap
        /// \param[in] pszTargetName          The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
        ///
        /// \returns
-        /// - \c source_cache   Credentials were obtained from EapHost cache
+        /// - \c source_t::cache   Credentials were obtained from EapHost cache
-        /// - \c source_config  Credentials were set by method configuration
+        /// - \c source_t::config  Credentials were set by method configuration
-        /// - \c source_storage Credentials were loaded from Windows Credential Manager
+        /// - \c source_t::storage Credentials were loaded from Windows Credential Manager
        ///
        virtual source_t combine(
            _In_             DWORD         dwFlags,
@ -327,11 +327,11 @@ namespace eap
        ///
        /// Password encryption method when loaded/saved to profile configuration XML
        ///
-        enum enc_alg_t {
+        enum class enc_alg_t {
-            enc_alg_unknown = -1,   ///< Unknown encryption
+            unknown = -1,   ///< Unknown encryption
-            enc_alg_none = 0,       ///< Unencrypted
+            none = 0,       ///< Unencrypted
-            enc_alg_geantlink,      ///< GÉANTLink module encryption
+            native,         ///< native module encryption
-            enc_alg_kph,            ///< KPH encryption
+            kph,            ///< KPH encryption
        };
    public:
@ -417,9 +417,9 @@ namespace eap
        /// \param[in] pszTargetName          The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
        ///
        /// \returns
-        /// - \c source_cache   Credentials were obtained from EapHost cache
+        /// - \c source_t::cache   Credentials were obtained from EapHost cache
-        /// - \c source_config  Credentials were set by method configuration
+        /// - \c source_t::config  Credentials were set by method configuration
-        /// - \c source_storage Credentials were loaded from Windows Credential Manager
+        /// - \c source_t::storage Credentials were loaded from Windows Credential Manager
        ///
        virtual source_t combine(
            _In_             DWORD         dwFlags,
--- a/lib/EAPBase/include/Module.h
+++ b/lib/EAPBase/include/Module.h
@ -65,7 +65,7 @@ namespace eap
        ///
        /// \param[in] eap_method  EAP method type ID
        ///
-        module(_In_ winstd::eap_type_t eap_method = winstd::eap_type_undefined);
+        module(_In_ winstd::eap_type_t eap_method = winstd::eap_type_t::undefined);
        ///
        /// Destructs the module
--- a/lib/EAPBase/src/Config.cpp
+++ b/lib/EAPBase/src/Config.cpp
@ -87,7 +87,7 @@ const bstr eap::config::namespace_eapmetadata(L"urn:ietf:params:xml:ns:yang:ietf
 eap::config_method::config_method(_In_ module &mod, _In_ unsigned int level) :
    m_level      (level),
    m_allow_save (true),
-    m_last_status(status_success),
+    m_last_status(status_t::success),
    config       (mod)
 {
 }
@ -179,7 +179,7 @@ void eap::config_method::load(_In_ IXMLDOMNode *pConfigRoot)
        m_module.log_config((xpath + L"/allow-save").c_str(), m_allow_save);
    }
-    m_last_status = status_success;
+    m_last_status = status_t::success;
    m_last_msg.clear();
 }
--- a/lib/EAPBase/src/Credentials.cpp
+++ b/lib/EAPBase/src/Credentials.cpp
@ -308,7 +308,7 @@ eap::credentials::source_t eap::credentials_identity::combine(
        // Using EAP service cached credentials.
        *this = *dynamic_cast<const credentials_identity*>(cred_cached);
        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_identity::get_name()), event_data(pszTargetName), event_data::blank);
-        return source_cache;
+        return source_t::cache;
    }
    auto cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
@ -316,7 +316,7 @@ eap::credentials::source_t eap::credentials_identity::combine(
        // Using configured credentials.
        *this = *dynamic_cast<const credentials_identity*>(cfg_with_cred->m_cred.get());
        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_identity::get_name()), event_data(pszTargetName), event_data::blank);
-        return source_config;
+        return source_t::config;
    }
    if (pszTargetName) {
@ -330,13 +330,13 @@ eap::credentials::source_t eap::credentials_identity::combine(
            // Using stored credentials.
            *this = std::move(cred_loaded);
            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_identity::get_name()), event_data(pszTargetName), event_data::blank);
-            return source_storage;
+            return source_t::storage;
        } catch (...) {
            // Not actually an error.
        }
    }
-    return source_unknown;
+    return source_t::unknown;
 }
@ -345,7 +345,7 @@ eap::credentials::source_t eap::credentials_identity::combine(
 //////////////////////////////////////////////////////////////////////
 eap::credentials_pass::credentials_pass(_In_ module &mod) :
-    m_enc_alg(enc_alg_geantlink),
+    m_enc_alg(enc_alg_t::native),
    credentials(mod)
 {
 }
@ -426,7 +426,7 @@ void eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p
    // <Password>
    switch (m_enc_alg) {
-    case enc_alg_kph: {
+    case enc_alg_t::kph: {
        sanitizing_string password_utf8;
        WideCharToMultiByte(CP_UTF8, 0, m_password, password_utf8, NULL, NULL);
        wstring password_enc(std::move(kph_encrypt<wchar_t, char_traits<wchar_t>, allocator<wchar_t> >(cp, password_utf8.c_str())));
@ -481,18 +481,18 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
            throw win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
        m_password = m_module.decrypt_str_md5<char_traits<wchar_t>, sanitizing_allocator<wchar_t> >(cp, password_enc.data(), password_enc.size());
-        m_enc_alg  = enc_alg_geantlink;
+        m_enc_alg  = enc_alg_t::native;
    } else if (encryption && CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, encryption, encryption.length(), _L("KPH"), -1, NULL, NULL, 0) == CSTR_EQUAL) {
        // Decrypt password.
        sanitizing_string password_utf8(std::move(kph_decrypt<OLECHAR>(password)));
        MultiByteToWideChar(CP_UTF8, 0, password_utf8, m_password);
-        m_enc_alg = enc_alg_kph;
+        m_enc_alg = enc_alg_t::kph;
    } else if (encryption && encryption[0]) {
        // Encryption is defined but unrecognized.
        throw invalid_argument(string_printf(__FUNCTION__ " Unsupported <Password> encryption method (encryption: %ls).", (BSTR)encryption));
    } else {
        m_password = password;
-        m_enc_alg  = enc_alg_none;
+        m_enc_alg  = enc_alg_t::none;
        SecureZeroMemory((BSTR)password, sizeof(OLECHAR)*password.length());
    }
@ -614,7 +614,7 @@ eap::credentials::source_t eap::credentials_pass::combine(
        // Using EAP service cached credentials.
        *this = *dynamic_cast<const credentials_pass*>(cred_cached);
        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data(pszTargetName), event_data::blank);
-        return source_cache;
+        return source_t::cache;
    }
    auto cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
@ -622,7 +622,7 @@ eap::credentials::source_t eap::credentials_pass::combine(
        // Using configured credentials.
        *this = *dynamic_cast<const credentials_pass*>(cfg_with_cred->m_cred.get());
        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data(pszTargetName), event_data::blank);
-        return source_config;
+        return source_t::config;
    }
    if (pszTargetName) {
@ -636,13 +636,13 @@ eap::credentials::source_t eap::credentials_pass::combine(
            // Using stored credentials.
            *this = std::move(cred_loaded);
            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data(pszTargetName), event_data::blank);
-            return source_storage;
+            return source_t::storage;
        } catch (...) {
            // Not actually an error.
        }
    }
-    return source_unknown;
+    return source_t::unknown;
 }
--- a/lib/EAPBase/src/Method.cpp
+++ b/lib/EAPBase/src/Method.cpp
@ -299,7 +299,7 @@ EapPeerMethodResponseAction eap::method_eap::process_request_packet(
    // Save request packet ID to make matching response packet in get_response_packet() later.
    m_id = hdr->Id;
-    if (hdr->Data[0] != m_eap_method) {
+    if ((eap_type_t)hdr->Data[0] != m_eap_method) {
        // Unsupported EAP method. Respond with Legacy Nak.
        m_send_nak = true;
        return EapPeerMethodResponseActionSend;
@ -324,7 +324,7 @@ void eap::method_eap::get_response_packet(
    hdr.Id = m_id;
    if (!m_send_nak) {
-        hdr.Data[0] = m_eap_method;
+        hdr.Data[0] = (BYTE)m_eap_method;
        packet.reserve(size_max); // To avoid reallocation when inserting EAP packet header later.
@ -332,7 +332,7 @@ void eap::method_eap::get_response_packet(
        method_tunnel::get_response_packet(packet, size_max - sizeof(EapPacket));
    } else {
        // Respond with Legacy Nak suggesting our EAP method to continue.
-        hdr.Data[0] = eap_type_nak;
+        hdr.Data[0] = (BYTE)eap_type_t::nak;
        // Check packet size. We will suggest one EAP method alone, so we need one byte for data.
        size_t size_packet = sizeof(EapPacket) + 1;
@ -341,7 +341,7 @@ void eap::method_eap::get_response_packet(
        packet.reserve(size_packet); // To avoid reallocation when inserting EAP packet header later.
        // Data of Legacy Nak packet is a list of supported EAP types: our method alone.
-        packet.assign(1, m_eap_method);
+        packet.assign(1, (unsigned char)m_eap_method);
    }
    size_t size_packet = packet.size() + sizeof(EapPacket);
--- a/lib/EAPBase_UI/src/EAP_UI.cpp
+++ b/lib/EAPBase_UI/src/EAP_UI.cpp
@ -222,10 +222,10 @@ wxEAPCredentialWarningPanel::wxEAPCredentialWarningPanel(const eap::config_provi
        m_note_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(161)));
    m_note_label->SetLabel((
-        status == eap::config_method::status_cred_invalid  ? _("Previous attempt to connect reported invalid credentials.") :
+        status == eap::config_method::status_t::cred_invalid  ? _("Previous attempt to connect reported invalid credentials.") :
-        status == eap::config_method::status_cred_expired  ? _("Previous attempt to connect reported your credentials expired.") :
+        status == eap::config_method::status_t::cred_expired  ? _("Previous attempt to connect reported your credentials expired.") :
-        status == eap::config_method::status_cred_changing ? _("Previous attempt to connect reported your credentials are being changed.") :
+        status == eap::config_method::status_t::cred_changing ? _("Previous attempt to connect reported your credentials are being changed.") :
-                                                             _("Previous attempt to connect failed.")) + " " +
+                                                                _("Previous attempt to connect failed.")) + " " +
        _("Please, make sure your credentials are correct, or try again later."));
    m_note_label->Wrap(FromDIP(449));
--- a/lib/EapHost/include/Credentials.h
+++ b/lib/EapHost/include/Credentials.h
@ -130,9 +130,9 @@ namespace eap
        /// \param[in] pszTargetName          The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
        ///
        /// \returns
-        /// - \c source_cache   Credentials were obtained from EapHost cache
+        /// - \c source_t::cache   Credentials were obtained from EapHost cache
-        /// - \c source_config  Credentials were set by method configuration
+        /// - \c source_t::config  Credentials were set by method configuration
-        /// - \c source_storage Credentials were loaded from Windows Credential Manager
+        /// - \c source_t::storage Credentials were loaded from Windows Credential Manager
        ///
        virtual source_t combine(
            _In_             DWORD         dwFlags,
--- a/lib/EapHost/src/Credentials.cpp
+++ b/lib/EapHost/src/Credentials.cpp
@ -230,29 +230,29 @@ eap::credentials::source_t eap::credentials_eaphost::combine(
    // To mimic that behaviour, we do the same:
    // 1. Retrieve credentials from cache, store, or configuration
    // 2. Call EapHostPeerGetIdentity()
-    source_t src = source_unknown;
+    source_t src = source_t::unknown;
    if (cred_cached) {
        // Using EAP service cached credentials.
        *this = *dynamic_cast<const credentials_eaphost*>(cred_cached);
        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
-        src = source_cache;
+        src = source_t::cache;
    }
    // Note: Currently we do not provide credential storage for EapHost methods within configuration.
    // EapHost credentials will never get loaded from configuration, since config_method_eaphost is config_method based, not config_method_with_cred.
    // The code is kept (and maintained) for consistency with another methods, if we choose to provide that feature at a later time.
-    if (src == source_unknown) {
+    if (src == source_t::unknown) {
        auto cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
        if (cfg_with_cred && cfg_with_cred->m_use_cred) {
            // Using configured credentials.
            *this = *dynamic_cast<const credentials_eaphost*>(cfg_with_cred->m_cred.get());
            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_eaphost::get_name()), event_data(pszTargetName), event_data::blank);
-            src = source_config;
+            src = source_t::config;
        }
    }
-    if (src == source_unknown && pszTargetName) {
+    if (src == source_t::unknown && pszTargetName) {
        // Switch user context.
        user_impersonator impersonating(hTokenImpersonateUser);
@ -263,7 +263,7 @@ eap::credentials::source_t eap::credentials_eaphost::combine(
            // Using stored credentials.
            *this = std::move(cred_loaded);
            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
-            src = source_storage;
+            src = source_t::storage;
        } catch (...) {
            // Not actually an error.
        }
@ -280,7 +280,7 @@ eap::credentials::source_t eap::credentials_eaphost::combine(
        dwFlags,
        cfg_eaphost->get_type(),
        (DWORD)cfg_eaphost->m_cfg_blob.size(), cfg_eaphost->m_cfg_blob.data(),
-        src != source_unknown ? (DWORD)m_cred_blob.size() : 0, src != source_unknown ? m_cred_blob.data() : NULL,
+        src != source_t::unknown ? (DWORD)m_cred_blob.size() : 0, src != source_t::unknown ? m_cred_blob.data() : NULL,
        hTokenImpersonateUser,
        &fInvokeUI,
        &cred_data_size, get_ptr(cred_data),
@ -295,7 +295,7 @@ eap::credentials::source_t eap::credentials_eaphost::combine(
            m_cred_blob.assign(_cred_data, _cred_data + cred_data_size);
            SecureZeroMemory(_cred_data, cred_data_size);
            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_EAPHOST, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
-            return source_lower;
+            return source_t::lower;
        } else
            SecureZeroMemory(cred_data.get(), cred_data_size);
    } else if (error) {
@ -306,7 +306,7 @@ eap::credentials::source_t eap::credentials_eaphost::combine(
        m_module.log_event(&EAPMETHOD_TRACE_EVT_WIN_ERROR, event_data((unsigned int)dwResult), event_data(__FUNCTION__ " EapHostPeerGetIdentity failed."), event_data::blank);
    }
-    return source_unknown;
+    return source_t::unknown;
 }
--- a/lib/EapHost/src/Method.cpp
+++ b/lib/EapHost/src/Method.cpp
@ -69,7 +69,7 @@ void eap::method_eaphost::begin_session(
    // Presume authentication will fail with generic protocol failure. (Pesimist!!!)
    // We will reset once we get get_result(Success) call.
-    m_cfg.m_last_status = config_method::status_auth_failed;
+    m_cfg.m_last_status = config_method::status_t::auth_failed;
    m_cfg.m_last_msg.clear();
    // Create EapHost peer session using available connection data (m_cfg) and user data (m_cred).
@ -197,7 +197,7 @@ void eap::method_eaphost::get_result(
        }
        if (reason == EapPeerMethodResultSuccess)
-            m_cfg.m_last_status = config_method::status_success;
+            m_cfg.m_last_status = config_method::status_t::success;
        // Always ask EAP host to save the connection data. And it will save it *only* when we report "success".
        // Don't worry. EapHost is well aware of failed authentication condition.
--- a/lib/GTC/include/Config.h
+++ b/lib/GTC/include/Config.h
@ -48,9 +48,9 @@ namespace eap
        ///
        /// Authentication mode
        ///
-        enum auth_mode_t {
+        enum class auth_mode_t {
-            auth_mode_response = 0, ///< Challenge/Response
+            response = 0,   ///< Challenge/Response
-            auth_mode_password,     ///< Password
+            password,       ///< Password
        };
    public:
@ -111,7 +111,7 @@ namespace eap
        ///
        /// @copydoc eap::config_method::get_method_id()
-        /// \returns This implementation always returns `winstd::eap_type_gtc`
+        /// \returns This implementation always returns `winstd::eap_type_t::gtc`
        ///
        virtual winstd::eap_type_t get_method_id() const;
--- a/lib/GTC/src/Config.cpp
+++ b/lib/GTC/src/Config.cpp
@ -119,9 +119,9 @@ void eap::config_method_eapgtc::operator<<(_Inout_ cursor_out &cursor) const
 {
    // Save authentication mode first, as credential loading will require this information.
    if (dynamic_cast<credentials_identity*>(m_cred.get()))
-        cursor << auth_mode_response;
+        cursor << auth_mode_t::response;
    else if (dynamic_cast<credentials_pass*>(m_cred.get()))
-        cursor << auth_mode_password;
+        cursor << auth_mode_t::password;
    else
        throw invalid_argument(__FUNCTION__ " Unsupported authentication mode.");
@ -133,9 +133,9 @@ size_t eap::config_method_eapgtc::get_pk_size() const
 {
    auth_mode_t auth_mode;
    if (dynamic_cast<credentials_identity*>(m_cred.get()))
-        auth_mode = auth_mode_response;
+        auth_mode = auth_mode_t::response;
    else if (dynamic_cast<credentials_pass*>(m_cred.get()))
-        auth_mode = auth_mode_password;
+        auth_mode = auth_mode_t::password;
    else
        throw invalid_argument(__FUNCTION__ " Unsupported authentication mode.");
@ -151,9 +151,9 @@ void eap::config_method_eapgtc::operator>>(_Inout_ cursor_in &cursor)
    auth_mode_t auth_mode;
    cursor >> auth_mode;
    switch (auth_mode) {
-    case auth_mode_response: m_cred.reset(new eap::credentials_identity(m_module)); break;
+    case auth_mode_t::response: m_cred.reset(new eap::credentials_identity(m_module)); break;
-    case auth_mode_password: m_cred.reset(new eap::credentials_pass    (m_module)); break;
+    case auth_mode_t::password: m_cred.reset(new eap::credentials_pass    (m_module)); break;
-    default                : throw invalid_argument(string_printf(__FUNCTION__ " Unsupported authentication mode (%u).", auth_mode));
+    default                   : throw invalid_argument(string_printf(__FUNCTION__ " Unsupported authentication mode (%u).", auth_mode));
    }
    config_method_with_cred::operator>>(cursor);
@ -162,7 +162,7 @@ void eap::config_method_eapgtc::operator>>(_Inout_ cursor_in &cursor)
 eap_type_t eap::config_method_eapgtc::get_method_id() const
 {
-    return eap_type_gtc;
+    return eap_type_t::gtc;
 }
--- a/lib/GTC/src/Method.cpp
+++ b/lib/GTC/src/Method.cpp
@ -70,7 +70,7 @@ void eap::method_gtc::begin_session(
    // Presume authentication will fail with generic protocol failure. (Pesimist!!!)
    // We will reset once we get get_result(Success) call.
-    m_cfg.m_last_status = config_method::status_auth_failed;
+    m_cfg.m_last_status = config_method::status_t::auth_failed;
    m_cfg.m_last_msg.clear();
 }
@ -81,14 +81,14 @@ EapPeerMethodResponseAction eap::method_gtc::process_request_packet(
 {
    assert(pReceivedPacket || dwReceivedPacketSize == 0);
-    m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_gtc), event_data::blank);
+    m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_t::gtc), event_data::blank);
    credentials_pass *cred_pass;
    if (dynamic_cast<credentials_identity*>(&m_cred)) {
        // Read authenticator challenge as UTF-8 encoded string.
        MultiByteToWideChar(CP_UTF8, 0, (LPCSTR)pReceivedPacket, dwReceivedPacketSize, m_challenge);
-        m_module.log_event(&EAPMETHOD_GTC_RESPONSE_REQ, event_data((unsigned int)eap_type_gtc), event_data::blank);
+        m_module.log_event(&EAPMETHOD_GTC_RESPONSE_REQ, event_data((unsigned int)eap_type_t::gtc), event_data::blank);
        // User must respond to the challenge.
        return EapPeerMethodResponseActionInvokeUI;
@ -97,7 +97,7 @@ EapPeerMethodResponseAction eap::method_gtc::process_request_packet(
        m_response = cred_pass->m_password;
        // Send the response.
-        m_cfg.m_last_status = config_method::status_cred_invalid; // Blame "credentials" if we fail beyond this point.
+        m_cfg.m_last_status = config_method::status_t::cred_invalid; // Blame "credentials" if we fail beyond this point.
        return EapPeerMethodResponseActionSend;
    } else
        throw invalid_argument(__FUNCTION__ " Unsupported authentication mode.");
@ -128,7 +128,7 @@ void eap::method_gtc::get_result(
    method::get_result(reason, pResult);
    if (reason == EapPeerMethodResultSuccess)
-        m_cfg.m_last_status = config_method::status_success;
+        m_cfg.m_last_status = config_method::status_t::success;
    // Always ask EAP host to save the connection data. And it will save it *only* when we report "success".
    // Don't worry. EapHost is well aware of failed authentication condition.
@ -150,7 +150,7 @@ EapPeerMethodResponseAction eap::method_gtc::set_ui_context(
    _In_count_(dwUIContextDataSize) const BYTE  *pUIContextData,
    _In_                                  DWORD dwUIContextDataSize)
 {
-    m_module.log_event(&EAPMETHOD_GTC_RESPONSE, event_data((unsigned int)eap_type_gtc), event_data::blank);
+    m_module.log_event(&EAPMETHOD_GTC_RESPONSE, event_data((unsigned int)eap_type_t::gtc), event_data::blank);
    // Save GTC response.
    m_response.assign(
@ -158,6 +158,6 @@ EapPeerMethodResponseAction eap::method_gtc::set_ui_context(
        reinterpret_cast<sanitizing_wstring::const_pointer>(pUIContextData + dwUIContextDataSize));
    // Send the response.
-    m_cfg.m_last_status = config_method::status_cred_invalid; // Blame "credentials" if we fail beyond this point.
+    m_cfg.m_last_status = config_method::status_t::cred_invalid; // Blame "credentials" if we fail beyond this point.
    return EapPeerMethodResponseActionSend;
 }
--- a/lib/MSCHAPv2/include/Config.h
+++ b/lib/MSCHAPv2/include/Config.h
@ -90,7 +90,7 @@ namespace eap
        ///
        /// @copydoc eap::config_method::get_method_id()
-        /// \returns This implementation always returns `winstd::eap_type_legacy_mschapv2`
+        /// \returns This implementation always returns `winstd::eap_type_t::legacy_mschapv2`
        ///
        virtual winstd::eap_type_t get_method_id() const;
@ -158,7 +158,7 @@ namespace eap
        ///
        /// @copydoc eap::config_method::get_method_id()
-        /// \returns This implementation always returns `winstd::eap_type_mschapv2`
+        /// \returns This implementation always returns `winstd::eap_type_t::mschapv2`
        ///
        virtual winstd::eap_type_t get_method_id() const;
--- a/lib/MSCHAPv2/include/MSCHAPv2.h
+++ b/lib/MSCHAPv2/include/MSCHAPv2.h
@ -23,7 +23,7 @@
 namespace eap
 {
-    enum chap_packet_code_t : unsigned char;
+    enum class chap_packet_code_t : unsigned char;
    struct WINSTD_NOVTABLE chap_header;
    struct WINSTD_NOVTABLE challenge_mschapv2;
    struct WINSTD_NOVTABLE challenge_hash;
@ -65,13 +65,12 @@ namespace eap
    /// CHAP packet codes
    ///
    #pragma warning(suppress: 4480)
-    enum chap_packet_code_t : unsigned char {
+    enum class chap_packet_code_t : unsigned char {
-        chap_packet_code_challenge            = 1, ///< Challenge
+        challenge       = 1,    ///< Challenge
-        chap_packet_code_response             = 2, ///< Response
+        response        = 2,    ///< Response
-        chap_packet_code_success              = 3, ///< Success
+        success         = 3,    ///< Success
-        chap_packet_code_failure              = 4, ///< Failure
+        failure         = 4,    ///< Failure
-
+        change_password = 7,    ///< Change password
        mschapv2_packet_code_change_password  = 7, ///< Change password
    };
--- a/lib/MSCHAPv2/include/Method.h
+++ b/lib/MSCHAPv2/include/Method.h
@ -254,12 +254,12 @@ namespace eap
        ///
        /// Communication phase
        ///
-        enum {
+        enum class phase_t {
-            phase_unknown = -1,                 ///< Unknown phase
+            unknown = -1,       ///< Unknown phase
-            phase_init = 0,                     ///< Send client challenge
+            init = 0,           ///< Send client challenge
-            phase_challenge_server,             ///< Verify server challenge
+            challenge_server,   ///< Verify server challenge
-            phase_finished,                     ///< Connection shut down
+            finished,           ///< Connection shut down
-        } m_phase;                              ///< What phase is our communication at?
+        } m_phase;              ///< What phase is our communication at?
    };
    /// @}
--- a/lib/MSCHAPv2/src/Config.cpp
+++ b/lib/MSCHAPv2/src/Config.cpp
@ -72,7 +72,7 @@ eap::config* eap::config_method_mschapv2::clone() const
 eap_type_t eap::config_method_mschapv2::get_method_id() const
 {
-    return eap_type_legacy_mschapv2;
+    return eap_type_t::legacy_mschapv2;
 }
@ -135,7 +135,7 @@ eap::config* eap::config_method_eapmschapv2::clone() const
 eap_type_t eap::config_method_eapmschapv2::get_method_id() const
 {
-    return eap_type_mschapv2;
+    return eap_type_t::mschapv2;
 }
--- a/lib/MSCHAPv2/src/Method.cpp
+++ b/lib/MSCHAPv2/src/Method.cpp
@ -79,7 +79,7 @@ void eap::method_mschapv2_base::begin_session(
    // Presume authentication will fail with generic protocol failure. (Pesimist!!!)
    // We will reset once we get get_result(Success) call.
-    m_cfg.m_last_status = config_method::status_auth_failed;
+    m_cfg.m_last_status = config_method::status_t::auth_failed;
    m_cfg.m_last_msg.clear();
    // Create cryptographics provider for support needs (client challenge ...).
@ -108,7 +108,7 @@ void eap::method_mschapv2_base::get_result(
    method::get_result(reason, pResult);
    if (reason == EapPeerMethodResultSuccess)
-        m_cfg.m_last_status = config_method::status_success;
+        m_cfg.m_last_status = config_method::status_t::success;
    // Always ask EAP host to save the connection data. And it will save it *only* when we report "success".
    // Don't worry. EapHost is well aware of failed authentication condition.
@ -119,7 +119,7 @@ void eap::method_mschapv2_base::get_result(
 void eap::method_mschapv2_base::process_success(_In_ const list<string> &argv)
 {
-    assert(m_cfg.m_last_status != config_method::status_success);
+    assert(m_cfg.m_last_status != config_method::status_t::success);
    for (auto arg = argv.cbegin(), arg_end = argv.cend(); arg != arg_end; ++arg) {
        const string &val = *arg;
@ -140,11 +140,11 @@ void eap::method_mschapv2_base::process_success(_In_ const list<string> &argv)
                throw invalid_argument(__FUNCTION__ " MS-CHAP2-Success authentication response string failed.");
            m_module.log_event(&EAPMETHOD_METHOD_SUCCESS, event_data((unsigned int)m_cfg.get_method_id()), event_data::blank);
-            m_cfg.m_last_status = config_method::status_success;
+            m_cfg.m_last_status = config_method::status_t::success;
        }
    }
-    if (m_cfg.m_last_status != config_method::status_success)
+    if (m_cfg.m_last_status != config_method::status_t::success)
        throw invalid_argument(__FUNCTION__ " MS-CHAP2-Success authentication response string not found.");
 }
@ -157,12 +157,12 @@ void eap::method_mschapv2_base::process_error(_In_ const list<string> &argv)
            DWORD dwResult = strtoul(val.data() + 2, NULL, 10);
            m_module.log_event(&EAPMETHOD_METHOD_FAILURE_ERROR, event_data((unsigned int)m_cfg.get_method_id()), event_data(dwResult), event_data::blank);
            switch (dwResult) {
-            case ERROR_ACCT_DISABLED         : m_cfg.m_last_status = config_method::status_account_disabled   ; break;
+            case ERROR_ACCT_DISABLED         : m_cfg.m_last_status = config_method::status_t::account_disabled   ; break;
-            case ERROR_RESTRICTED_LOGON_HOURS: m_cfg.m_last_status = config_method::status_account_logon_hours; break;
+            case ERROR_RESTRICTED_LOGON_HOURS: m_cfg.m_last_status = config_method::status_t::account_logon_hours; break;
-            case ERROR_NO_DIALIN_PERMISSION  : m_cfg.m_last_status = config_method::status_account_denied     ; break;
+            case ERROR_NO_DIALIN_PERMISSION  : m_cfg.m_last_status = config_method::status_t::account_denied     ; break;
-            case ERROR_PASSWD_EXPIRED        : m_cfg.m_last_status = config_method::status_cred_expired       ; break;
+            case ERROR_PASSWD_EXPIRED        : m_cfg.m_last_status = config_method::status_t::cred_expired       ; break;
-            case ERROR_CHANGING_PASSWORD     : m_cfg.m_last_status = config_method::status_cred_changing      ; break;
+            case ERROR_CHANGING_PASSWORD     : m_cfg.m_last_status = config_method::status_t::cred_changing      ; break;
-            default                          : m_cfg.m_last_status = config_method::status_cred_invalid       ;
+            default                          : m_cfg.m_last_status = config_method::status_t::cred_invalid       ;
            }
        } else if ((val[0] == 'C' || val[0] == 'c') && val[1] == '=') {
            hex_dec dec;
@ -247,8 +247,8 @@ EapPeerMethodResponseAction eap::method_mschapv2::process_request_packet(
        m_ident = hdr->ident;
        switch (hdr->code) {
-        case chap_packet_code_challenge: {
+        case chap_packet_code_t::challenge: {
-            m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_mschapv2), event_data::blank);
+            m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_t::mschapv2), event_data::blank);
            if (msg + 1 > msg_end)
                throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete CHAP challenge packet.");
@ -279,7 +279,7 @@ EapPeerMethodResponseAction eap::method_mschapv2::process_request_packet(
            value.push_back(0); // Flags
            chap_header hdr_resp;
-            hdr_resp.code = chap_packet_code_response;
+            hdr_resp.code = chap_packet_code_t::response;
            hdr_resp.ident = m_ident;
            size_t size_value = value.size();
            *reinterpret_cast<unsigned short*>(hdr_resp.length) = htons((unsigned short)(sizeof(chap_header) + 1 + size_value + identity_utf8.length()));
@ -291,21 +291,21 @@ EapPeerMethodResponseAction eap::method_mschapv2::process_request_packet(
            m_packet_res.insert(m_packet_res.end(), value.begin(), value.end());
            m_packet_res.insert(m_packet_res.end(), identity_utf8.begin(), identity_utf8.end());
-            m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point.
+            m_cfg.m_last_status = config_method::status_t::cred_invalid; // Blame credentials if we fail beyond this point.
            return EapPeerMethodResponseActionSend;
        }
-        case chap_packet_code_success:
+        case chap_packet_code_t::success:
            process_success(parse_response(reinterpret_cast<const char*>(msg), reinterpret_cast<const char*>(msg_end) - reinterpret_cast<const char*>(msg)));
-            if (m_cfg.m_last_status == config_method::status_success) {
+            if (m_cfg.m_last_status == config_method::status_t::success) {
-                // Acknowledge the authentication by sending a "3" (chap_packet_code_success).
+                // Acknowledge the authentication by sending a "3" (chap_packet_code_t::success).
-                m_packet_res.assign(1, chap_packet_code_success);
+                m_packet_res.assign(1, (unsigned char)chap_packet_code_t::success);
-                m_cfg.m_last_status = config_method::status_auth_failed; // Blame protocol if we fail beyond this point.
+                m_cfg.m_last_status = config_method::status_t::auth_failed; // Blame protocol if we fail beyond this point.
                return EapPeerMethodResponseActionSend;
            } else
                return EapPeerMethodResponseActionDiscard;
-        case chap_packet_code_failure:
+        case chap_packet_code_t::failure:
            process_error(parse_response(reinterpret_cast<const char*>(msg), reinterpret_cast<const char*>(msg_end) - reinterpret_cast<const char*>(msg)));
            return EapPeerMethodResponseActionDiscard;
        }
@ -322,7 +322,7 @@ EapPeerMethodResponseAction eap::method_mschapv2::process_request_packet(
 //////////////////////////////////////////////////////////////////////
 eap::method_mschapv2_diameter::method_mschapv2_diameter(_In_ module &mod, _In_ config_method_mschapv2 &cfg, _In_ credentials_pass &cred) :
-    m_phase(phase_unknown),
+    m_phase(phase_t::unknown),
    method_mschapv2_base(mod, cfg, cred)
 {
 }
@ -354,7 +354,7 @@ void eap::method_mschapv2_diameter::begin_session(
 {
    method_mschapv2_base::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
-    m_phase = phase_init;
+    m_phase = phase_t::init;
 }
@ -365,8 +365,8 @@ EapPeerMethodResponseAction eap::method_mschapv2_diameter::process_request_packe
    assert(pReceivedPacket || dwReceivedPacketSize == 0);
    switch (m_phase) {
-    case phase_init: {
+    case phase_t::init: {
-        m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_legacy_mschapv2), event_data::blank);
+        m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_t::legacy_mschapv2), event_data::blank);
        // Randomize Peer-Challenge.
        m_challenge_client.randomize(m_cp);
@ -396,25 +396,25 @@ EapPeerMethodResponseAction eap::method_mschapv2_diameter::process_request_packe
        diameter_avp_append(11, 311, diameter_avp_flag_mandatory, m_challenge_server.data(), (unsigned int)m_challenge_server.size(), m_packet_res);
        diameter_avp_append(25, 311, diameter_avp_flag_mandatory, response          .data(), (unsigned int)response          .size(), m_packet_res);
-        m_phase = phase_challenge_server;
+        m_phase = phase_t::challenge_server;
-        m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point.
+        m_cfg.m_last_status = config_method::status_t::cred_invalid; // Blame credentials if we fail beyond this point.
        return EapPeerMethodResponseActionSend;
    }
-    case phase_challenge_server: {
+    case phase_t::challenge_server: {
        process_packet(pReceivedPacket, dwReceivedPacketSize);
-        if (m_cfg.m_last_status == config_method::status_success) {
+        if (m_cfg.m_last_status == config_method::status_t::success) {
-            m_phase = phase_finished;
+            m_phase = phase_t::finished;
            // Acknowledge the authentication by sending an empty response packet.
            m_packet_res.clear();
-            m_cfg.m_last_status = config_method::status_auth_failed; // Blame protocol if we fail beyond this point.
+            m_cfg.m_last_status = config_method::status_t::auth_failed; // Blame protocol if we fail beyond this point.
            return EapPeerMethodResponseActionSend;
        } else
            return EapPeerMethodResponseActionDiscard;
    }
-    case phase_finished:
+    case phase_t::finished:
        return EapPeerMethodResponseActionNone;
    default:
--- a/lib/PAP/include/Config.h
+++ b/lib/PAP/include/Config.h
@ -89,7 +89,7 @@ namespace eap
        ///
        /// @copydoc eap::config_method::get_method_id()
-        /// \returns This implementation always returns `winstd::eap_type_legacy_pap`
+        /// \returns This implementation always returns `winstd::eap_type_t::legacy_pap`
        ///
        virtual winstd::eap_type_t get_method_id() const;
--- a/lib/PAP/include/Method.h
+++ b/lib/PAP/include/Method.h
@ -104,10 +104,10 @@ namespace eap
        ///
        /// Communication phase
        ///
-        enum {
+        enum class phase_t {
-            phase_unknown = -1,         ///< Unknown phase
+            unknown = -1,               ///< Unknown phase
-            phase_init = 0,             ///< Handshake initialize
+            init = 0,                   ///< Handshake initialize
-            phase_finished,             ///< Connection shut down
+            finished,                   ///< Connection shut down
        } m_phase;                      ///< What phase is our communication at?
        sanitizing_blob m_packet_res;   ///< Response packet
--- a/lib/PAP/src/Config.cpp
+++ b/lib/PAP/src/Config.cpp
@ -72,7 +72,7 @@ eap::config* eap::config_method_pap::clone() const
 eap_type_t eap::config_method_pap::get_method_id() const
 {
-    return eap_type_legacy_pap;
+    return eap_type_t::legacy_pap;
 }
--- a/lib/PAP/src/Method.cpp
+++ b/lib/PAP/src/Method.cpp
@ -31,7 +31,7 @@ using namespace winstd;
 eap::method_pap_diameter::method_pap_diameter(_In_ module &mod, _In_ config_method_pap &cfg, _In_ credentials_pass &cred) :
    m_cfg(cfg),
    m_cred(cred),
-    m_phase(phase_unknown),
+    m_phase(phase_t::unknown),
    method(mod)
 {
 }
@ -71,10 +71,10 @@ void eap::method_pap_diameter::begin_session(
    // Presume authentication will fail with generic protocol failure. (Pesimist!!!)
    // We will reset once we get get_result(Success) call.
-    m_cfg.m_last_status = config_method::status_auth_failed;
+    m_cfg.m_last_status = config_method::status_t::auth_failed;
    m_cfg.m_last_msg.clear();
-    m_phase = phase_init;
+    m_phase = phase_t::init;
 }
@ -86,8 +86,8 @@ EapPeerMethodResponseAction eap::method_pap_diameter::process_request_packet(
    UNREFERENCED_PARAMETER(dwReceivedPacketSize);
    switch (m_phase) {
-    case phase_init: {
+    case phase_t::init: {
-        m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_legacy_pap), event_data::blank);
+        m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_t::legacy_pap), event_data::blank);
        // Convert username and password to UTF-8.
        sanitizing_string identity_utf8, password_utf8;
@ -103,12 +103,12 @@ EapPeerMethodResponseAction eap::method_pap_diameter::process_request_packet(
        diameter_avp_append(1, diameter_avp_flag_mandatory, identity_utf8.data(), (unsigned int)identity_utf8.size(), m_packet_res);
        diameter_avp_append(2, diameter_avp_flag_mandatory, password_utf8.data(), (unsigned int)password_utf8.size(), m_packet_res);
-        m_phase = phase_finished;
+        m_phase = phase_t::finished;
-        m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point.
+        m_cfg.m_last_status = config_method::status_t::cred_invalid; // Blame credentials if we fail beyond this point.
        return EapPeerMethodResponseActionSend;
    }
-    case phase_finished:
+    case phase_t::finished:
        return EapPeerMethodResponseActionNone;
    default:
@ -137,7 +137,7 @@ void eap::method_pap_diameter::get_result(
    method::get_result(reason, pResult);
    if (reason == EapPeerMethodResultSuccess)
-        m_cfg.m_last_status = config_method::status_success;
+        m_cfg.m_last_status = config_method::status_t::success;
    // Always ask EAP host to save the connection data. And it will save it *only* when we report "success".
    // Don't worry. EapHost is well aware of failed authentication condition.
--- a/lib/TLS/include/Config.h
+++ b/lib/TLS/include/Config.h
@ -126,7 +126,7 @@ namespace eap
        ///
        /// @copydoc eap::config_method::get_method_id()
-        /// \returns This implementation always returns `winstd::eap_type_tls`
+        /// \returns This implementation always returns `winstd::eap_type_t::tls`
        ///
        virtual winstd::eap_type_t get_method_id() const;
--- a/lib/TLS/include/Credentials.h
+++ b/lib/TLS/include/Credentials.h
@ -132,9 +132,9 @@ namespace eap
        /// \param[in] pszTargetName          The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
        ///
        /// \returns
-        /// - \c source_cache   Credentials were obtained from EapHost cache
+        /// - \c source_t::cache   Credentials were obtained from EapHost cache
-        /// - \c source_config  Credentials were set by method configuration
+        /// - \c source_t::config  Credentials were set by method configuration
-        /// - \c source_storage Credentials were loaded from Windows Credential Manager
+        /// - \c source_t::storage Credentials were loaded from Windows Credential Manager
        ///
        virtual source_t combine(
            _In_             DWORD         dwFlags,
--- a/lib/TLS/src/Config.cpp
+++ b/lib/TLS/src/Config.cpp
@ -256,7 +256,7 @@ void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor)
 eap_type_t eap::config_method_tls::get_method_id() const
 {
-    return eap_type_tls;
+    return eap_type_t::tls;
 }
--- a/lib/TLS/src/Credentials.cpp
+++ b/lib/TLS/src/Credentials.cpp
@ -310,16 +310,16 @@ eap::credentials::source_t eap::credentials_tls::combine(
    if (cred_cached) {
        // Using EAP service cached credentials.
        *this = *dynamic_cast<const credentials_tls*>(cred_cached);
-        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
+        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)eap_type_t::tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
-        return source_cache;
+        return source_t::cache;
    }
    auto cfg_with_cred = dynamic_cast<const config_method_with_cred*>(&cfg);
    if (cfg_with_cred && cfg_with_cred->m_use_cred) {
        // Using configured credentials.
        *this = *dynamic_cast<const credentials_tls*>(cfg_with_cred->m_cred.get());
-        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
+        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)eap_type_t::tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
-        return source_config;
+        return source_t::config;
    }
    if (pszTargetName) {
@ -332,14 +332,14 @@ eap::credentials::source_t eap::credentials_tls::combine(
            // Using stored credentials.
            *this = std::move(cred_loaded);
-            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
+            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)eap_type_t::tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
-            return source_storage;
+            return source_t::storage;
        } catch (...) {
            // Not actually an error.
        }
    }
-    return source_unknown;
+    return source_t::unknown;
 }
--- a/lib/TTLS/include/Config.h
+++ b/lib/TTLS/include/Config.h
@ -106,7 +106,7 @@ namespace eap
        ///
        /// @copydoc eap::config_method::get_method_id()
-        /// \returns This implementation always returns `winstd::eap_type_ttls`
+        /// \returns This implementation always returns `winstd::eap_type_t::ttls`
        ///
        virtual winstd::eap_type_t get_method_id() const;
--- a/lib/TTLS/include/Credentials.h
+++ b/lib/TTLS/include/Credentials.h
@ -121,9 +121,9 @@ namespace eap
        /// \param[in] pszTargetName          The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
        ///
        /// \returns
-        /// - \c source_cache   Credentials were obtained from EapHost cache
+        /// - \c source_t::cache   Credentials were obtained from EapHost cache
-        /// - \c source_config  Credentials were set by method configuration
+        /// - \c source_t::config  Credentials were set by method configuration
-        /// - \c source_storage Credentials were loaded from Windows Credential Manager
+        /// - \c source_t::storage Credentials were loaded from Windows Credential Manager
        ///
        virtual source_t combine(
            _In_             DWORD         dwFlags,
--- a/lib/TTLS/include/Method.h
+++ b/lib/TTLS/include/Method.h
@ -196,10 +196,10 @@ namespace eap
        ///
        /// Communication phase
        ///
-        enum {
+        enum class phase_t {
-            phase_unknown = -1,         ///< Unknown phase
+            unknown = -1,               ///< Unknown phase
-            phase_identity = 0,         ///< Send identity
+            identity = 0,               ///< Send identity
-            phase_finished,             ///< Connection shut down
+            finished,                   ///< Connection shut down
        } m_phase;                      ///< What phase is our communication at?
        sanitizing_blob m_packet_res;   ///< Response packet
@ -289,11 +289,11 @@ namespace eap
        ///
        /// Communication phase
        ///
-        enum {
+        enum class phase_t {
-            phase_unknown = -1,                     ///< Unknown phase
+            unknown = -1,                           ///< Unknown phase
-            phase_handshake_init = 0,               ///< Handshake initialize
+            handshake_init = 0,                     ///< Handshake initialize
-            phase_handshake_cont,                   ///< Handshake continue
+            handshake_cont,                         ///< Handshake continue
-            phase_finished,                         ///< Exchange application data
+            finished,                               ///< Exchange application data
        } m_phase;                                  ///< What phase is our communication at?
        sanitizing_blob m_packet_res;               ///< Response packet
--- a/lib/TTLS/src/Config.cpp
+++ b/lib/TTLS/src/Config.cpp
@ -110,7 +110,7 @@ void eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <InnerAuthenticationMethod> element.");
    eap_type_t eap_type = m_inner->get_method_id();
-    if (eap_type_noneap_start <= eap_type && eap_type < eap_type_noneap_end) {
+    if (eap_type_t::noneap_start <= eap_type && eap_type < eap_type_t::noneap_end) {
        // <InnerAuthenticationMethod>/<NonEAPAuthMethod>
        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElInnerAuthenticationMethod, bstr(L"NonEAPAuthMethod"), namespace_eapmetadata, bstr(m_inner->get_method_str()))))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <NonEAPAuthMethod> element.");
@ -201,7 +201,7 @@ void eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot)
    DWORD dwMethod;
    bstr bstrMethod;
    if (SUCCEEDED(eapxml::get_element_value(pXmlElInnerAuthenticationMethod, bstr(L"eap-metadata:EAPMethod"), dwMethod)) &&
-        eap_type_start <= dwMethod && dwMethod < eap_type_end)
+        eap_type_t::start <= (eap_type_t)dwMethod && (eap_type_t)dwMethod < eap_type_t::end)
    {
        m_inner.reset(make_config_method((eap_type_t)dwMethod));
        m_module.log_config((xpath + L"/EAPMethod").c_str(), m_inner->get_method_str());
@ -248,7 +248,7 @@ void eap::config_method_ttls::operator>>(_Inout_ cursor_in &cursor)
 eap_type_t eap::config_method_ttls::get_method_id() const
 {
-    return eap_type_ttls;
+    return eap_type_t::ttls;
 }
@ -269,14 +269,14 @@ eap::credentials* eap::config_method_ttls::make_credentials() const
 eap::config_method* eap::config_method_ttls::make_config_method(_In_ winstd::eap_type_t eap_type) const
 {
    switch (eap_type) {
-    case eap_type_legacy_pap     : return new config_method_pap        (m_module, m_level + 1);
+    case eap_type_t::legacy_pap     : return new config_method_pap        (m_module, m_level + 1);
-    case eap_type_legacy_mschapv2: return new config_method_mschapv2   (m_module, m_level + 1);
+    case eap_type_t::legacy_mschapv2: return new config_method_mschapv2   (m_module, m_level + 1);
-    case eap_type_mschapv2       : return new config_method_eapmschapv2(m_module, m_level + 1);
+    case eap_type_t::mschapv2       : return new config_method_eapmschapv2(m_module, m_level + 1);
-    case eap_type_gtc            : return new config_method_eapgtc     (m_module, m_level + 1);
+    case eap_type_t::gtc            : return new config_method_eapgtc     (m_module, m_level + 1);
 #if EAP_INNER_EAPHOST
-    default                      : return new config_method_eaphost    (m_module, m_level + 1); // EapHost peer method handles all other method types
+    default                         : return new config_method_eaphost    (m_module, m_level + 1); // EapHost peer method handles all other method types
 #else
-    default                      : throw invalid_argument(string_printf(__FUNCTION__ " Unsupported inner authentication method (%d).", eap_type));
+    default                         : throw invalid_argument(string_printf(__FUNCTION__ " Unsupported inner authentication method (%d).", eap_type));
 #endif
    }
 }
--- a/lib/TTLS/src/Method.cpp
+++ b/lib/TTLS/src/Method.cpp
@ -175,7 +175,7 @@ void eap::method_defrag::get_response_packet(
 eap::method_eapmsg::method_eapmsg(_In_ module &mod, _In_ const wchar_t *identity, _In_ method *inner) :
    m_identity(identity),
-    m_phase(phase_unknown),
+    m_phase(phase_t::unknown),
    method_tunnel(mod, inner)
 {
 }
@ -219,7 +219,7 @@ void eap::method_eapmsg::begin_session(
    assert(m_inner);
    m_inner->begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, std::min<DWORD>(dwMaxSendPacketSize, 0xffffff) - sizeof(diameter_avp_header));
-    m_phase = phase_identity;
+    m_phase = phase_t::identity;
 }
@ -228,7 +228,7 @@ EapPeerMethodResponseAction eap::method_eapmsg::process_request_packet(
    _In_                                       DWORD dwReceivedPacketSize)
 {
    switch (m_phase) {
-    case phase_identity: {
+    case phase_t::identity: {
        // Convert identity to UTF-8.
        sanitizing_string identity_utf8;
        WideCharToMultiByte(CP_UTF8, 0, m_identity, identity_utf8, NULL, NULL);
@ -239,18 +239,18 @@ EapPeerMethodResponseAction eap::method_eapmsg::process_request_packet(
        eap_packet pck;
        if (!pck.create(EapCodeResponse, 0, (WORD)size_packet))
            throw win_runtime_error(__FUNCTION__ " EapPacket creation failed.");
-        pck->Data[0] = eap_type_identity;
+        pck->Data[0] = (BYTE)eap_type_t::identity;
        memcpy(pck->Data + 1, identity_utf8.data(), size_identity);
        // Diameter AVP (EAP-Message=79)
        m_packet_res.clear();
        diameter_avp_append(79, diameter_avp_flag_mandatory, (const EapPacket*)pck, (unsigned int)size_packet, m_packet_res);
-        m_phase = phase_finished;
+        m_phase = phase_t::finished;
        return EapPeerMethodResponseActionSend;
    }
-    case phase_finished: {
+    case phase_t::finished: {
        EapPeerMethodResponseAction action = EapPeerMethodResponseActionNone;
        bool eap_message_found = false;
@ -340,7 +340,7 @@ eap::method_ttls::method_ttls(_In_ module &mod, _In_ config_method_ttls &cfg, _I
    m_cfg(cfg),
    m_cred(cred),
    m_user_ctx(NULL),
-    m_phase(phase_unknown),
+    m_phase(phase_t::unknown),
    m_packet_res_inner(false),
    method_tunnel(mod, inner)
 {
@ -404,7 +404,7 @@ void eap::method_ttls::begin_session(
    // Presume authentication will fail with generic protocol failure. (Pesimist!!!)
    // We will reset once we get get_result(Success) call.
-    m_cfg.m_last_status = config_method::status_auth_failed;
+    m_cfg.m_last_status = config_method::status_t::auth_failed;
    m_cfg.m_last_msg.clear();
    m_user_ctx = hTokenImpersonateUser;
@ -456,7 +456,7 @@ void eap::method_ttls::begin_session(
    if (FAILED(stat))
        throw sec_runtime_error(stat, __FUNCTION__ " Error acquiring Schannel credentials handle.");
-    m_phase = phase_handshake_init;
+    m_phase = phase_t::handshake_init;
 }
@ -469,8 +469,8 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
    user_impersonator impersonating(m_user_ctx);
    switch (m_phase) {
-    case phase_handshake_init: {
+    case phase_t::handshake_init: {
-        m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_ttls), event_data::blank);
+        m_module.log_event(&EAPMETHOD_METHOD_HANDSHAKE_START2, event_data((unsigned int)eap_type_t::ttls), event_data::blank);
        // Prepare input buffer(s).
        SecBuffer buf_in[] = {
@ -512,7 +512,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
            } else
                m_sc_queue.clear();
-            m_phase = phase_handshake_cont;
+            m_phase = phase_t::handshake_cont;
            m_packet_res_inner = false;
            return EapPeerMethodResponseActionSend;
        } else if (FAILED(status)) {
@ -529,7 +529,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
            throw sec_runtime_error(status, __FUNCTION__ " Unexpected Schannel result.");
    }
-    case phase_handshake_cont: {
+    case phase_t::handshake_cont: {
        m_sc_queue.insert(m_sc_queue.end(), reinterpret_cast<const unsigned char*>(pReceivedPacket), reinterpret_cast<const unsigned char*>(pReceivedPacket) + dwReceivedPacketSize);
        // Prepare input buffer(s).
@ -577,7 +577,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
                        enc.encode(hash_unicode, hash.data(), hash.size());
                        if (RegQueryValueExW(key, hash_unicode.c_str(), NULL, NULL, subj) == ERROR_SUCCESS) {
                            // A certificate in the chain is found to be revoked as compromised.
-                            m_cfg.m_last_status = config_method::status_server_compromised;
+                            m_cfg.m_last_status = config_method::status_t::server_compromised;
                            throw com_runtime_error(CRYPT_E_REVOKED, __FUNCTION__ " Server certificate or one of its issuer's certificate has been found revoked as compromised. Your credentials were probably sent to this server during previous connection attempts, thus changing your credentials (in a safe manner) is strongly advised. Please, contact your helpdesk immediately.");
                        }
                    }
@ -607,7 +607,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
            if (status == SEC_I_CONTINUE_NEEDED) {
                // Blame credentials if we fail beyond this point.
-                m_cfg.m_last_status = config_method::status_cred_invalid;
+                m_cfg.m_last_status = config_method::status_t::cred_invalid;
                m_packet_res_inner = false;
            } else {
                SecPkgContext_Authority auth;
@ -619,7 +619,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
                SecPkgContext_ConnectionInfo info;
                if (SUCCEEDED(status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_CONNECTION_INFO, &info)))
                    m_module.log_event(&EAPMETHOD_TLS_HANDSHAKE_FINISHED,
-                        event_data((unsigned int)eap_type_ttls),
+                        event_data((unsigned int)eap_type_t::ttls),
                        event_data(auth.sAuthorityName),
                        event_data(info.dwProtocol),
                        event_data(info.aiCipher),
@ -632,8 +632,8 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
                else
                    m_module.log_event(&EAPMETHOD_TLS_QUERY_FAILED, event_data((unsigned int)SECPKG_ATTR_CONNECTION_INFO), event_data(status), event_data::blank);
-                m_phase = phase_finished;
+                m_phase = phase_t::finished;
-                m_cfg.m_last_status = config_method::status_success;
+                m_cfg.m_last_status = config_method::status_t::success;
                method_mschapv2_diameter *inner_mschapv2 = dynamic_cast<method_mschapv2_diameter*>(m_inner.get());
                if (inner_mschapv2) {
@ -712,7 +712,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
            throw sec_runtime_error(status, __FUNCTION__ " Unexpected Schannel result.");
    }
-    case phase_finished: {
+    case phase_t::finished: {
        m_packet_res.clear();
        m_sc_queue.insert(m_sc_queue.end(), reinterpret_cast<const unsigned char*>(pReceivedPacket), reinterpret_cast<const unsigned char*>(pReceivedPacket) + dwReceivedPacketSize);
@ -867,7 +867,7 @@ void eap::method_ttls::get_result(
        m_eap_attr_desc.pAttribs = m_eap_attr.data();
        pResult->pAttribArray = &m_eap_attr_desc;
-        m_cfg.m_last_status = config_method::status_success;
+        m_cfg.m_last_status = config_method::status_t::success;
        // Spawn certificate revocation verify thread.
        dynamic_cast<peer_ttls&>(m_module).spawn_crl_check(std::move(m_sc_cert));
@ -889,7 +889,7 @@ void eap::method_ttls::verify_server_trust() const
            memcmp(m_sc_cert->pbCertEncoded, (*c)->pbCertEncoded, m_sc_cert->cbCertEncoded) == 0)
        {
            // Server certificate found directly on the trusted root CA list.
-            m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED_EX1, event_data((unsigned int)eap_type_ttls), event_data::blank);
+            m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED_EX1, event_data((unsigned int)eap_type_t::ttls), event_data::blank);
            return;
        }
    }
@ -938,7 +938,7 @@ void eap::method_ttls::verify_server_trust() const
                    if (san_info->rgAltEntry[idx_entry].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME &&
                        _wcsicmp(s->c_str(), san_info->rgAltEntry[idx_entry].pwszDNSName) == 0)
                    {
-                        m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)eap_type_ttls), event_data(san_info->rgAltEntry[idx_entry].pwszDNSName), event_data::blank);
+                        m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)eap_type_t::ttls), event_data(san_info->rgAltEntry[idx_entry].pwszDNSName), event_data::blank);
                        found = true;
                    }
                }
@ -953,7 +953,7 @@ void eap::method_ttls::verify_server_trust() const
            for (auto s = m_cfg.m_server_names.cbegin(), s_end = m_cfg.m_server_names.cend(); !found && s != s_end; ++s) {
                if (_wcsicmp(s->c_str(), subj.c_str()) == 0) {
-                    m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data::blank);
+                    m_module.log_event(&EAPMETHOD_TLS_SERVER_NAME_TRUSTED2, event_data((unsigned int)eap_type_t::ttls), event_data(subj), event_data::blank);
                    found = true;
                }
            }
@ -1043,7 +1043,7 @@ void eap::method_ttls::verify_server_trust() const
        }
    }
-    m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED1, event_data((unsigned int)eap_type_ttls), event_data::blank);
+    m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED1, event_data((unsigned int)eap_type_t::ttls), event_data::blank);
 }
 #endif
--- a/lib/TTLS/src/Module.cpp
+++ b/lib/TTLS/src/Module.cpp
@ -30,7 +30,7 @@ using namespace winstd;
 // eap::peer_ttls
 //////////////////////////////////////////////////////////////////////
-eap::peer_ttls::peer_ttls() : peer(eap_type_ttls)
+eap::peer_ttls::peer_ttls() : peer(eap_type_t::ttls)
 {
 }
@ -126,7 +126,7 @@ void eap::peer_ttls::get_identity(
    // Build our identity. ;)
    wstring identity(std::move(cfg_method->get_public_identity(*dynamic_cast<const credentials_ttls*>(cred_out.m_cred.get()))));
-    log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_ttls), event_data(identity), event_data::blank);
+    log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_t::ttls), event_data(identity), event_data::blank);
    size_t size = sizeof(WCHAR)*(identity.length() + 1);
    *ppwszIdentity = (WCHAR*)alloc_memory(size);
    memcpy(*ppwszIdentity, identity.c_str(), size);
@ -255,16 +255,16 @@ EAP_SESSION_HANDLE eap::peer_ttls::begin_session(
    {
        // Native inner methods
        switch (cfg_inner->get_method_id()) {
-        case eap_type_legacy_pap     : meth_inner.reset(new method_pap_diameter     (*this, dynamic_cast<config_method_pap     &>(*cfg_inner), dynamic_cast<credentials_pass&>(*cred_inner))); break;
+        case eap_type_t::legacy_pap     : meth_inner.reset(new method_pap_diameter     (*this, dynamic_cast<config_method_pap     &>(*cfg_inner), dynamic_cast<credentials_pass&>(*cred_inner))); break;
-        case eap_type_legacy_mschapv2: meth_inner.reset(new method_mschapv2_diameter(*this, dynamic_cast<config_method_mschapv2&>(*cfg_inner), dynamic_cast<credentials_pass&>(*cred_inner))); break;
+        case eap_type_t::legacy_mschapv2: meth_inner.reset(new method_mschapv2_diameter(*this, dynamic_cast<config_method_mschapv2&>(*cfg_inner), dynamic_cast<credentials_pass&>(*cred_inner))); break;
-        case eap_type_mschapv2       : meth_inner.reset(
+        case eap_type_t::mschapv2       : meth_inner.reset(
-                                           new method_eapmsg  (*this, cred_inner->get_identity().c_str(),
+                                              new method_eapmsg  (*this, cred_inner->get_identity().c_str(),
-                                           new method_eap     (*this, eap_type_mschapv2,
+                                              new method_eap     (*this, eap_type_t::mschapv2,
-                                           new method_mschapv2(*this, dynamic_cast<config_method_mschapv2&>(*cfg_inner), dynamic_cast<credentials_pass&>(*cred_inner))))); break;
+                                              new method_mschapv2(*this, dynamic_cast<config_method_mschapv2&>(*cfg_inner), dynamic_cast<credentials_pass&>(*cred_inner))))); break;
-        case eap_type_gtc            : meth_inner.reset(
+        case eap_type_t::gtc            : meth_inner.reset(
-                                           new method_eapmsg  (*this, cred_inner->get_identity().c_str(),
+                                              new method_eapmsg  (*this, cred_inner->get_identity().c_str(),
-                                           new method_eap     (*this, eap_type_gtc,
+                                              new method_eap     (*this, eap_type_t::gtc,
-                                           new method_gtc     (*this, dynamic_cast<config_method_eapgtc&>(*cfg_inner), dynamic_cast<credentials&>(*cred_inner))))); break;
+                                              new method_gtc     (*this, dynamic_cast<config_method_eapgtc&>(*cfg_inner), dynamic_cast<credentials&>(*cred_inner))))); break;
        default: throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method.");
        }
    }
@ -277,7 +277,7 @@ EAP_SESSION_HANDLE eap::peer_ttls::begin_session(
    }
 #endif
    s->m_method.reset(
-        new method_eap   (*this, eap_type_ttls,
+        new method_eap   (*this, eap_type_t::ttls,
        new method_defrag(*this,
        new method_ttls  (*this, *cfg_method, *dynamic_cast<credentials_ttls*>(s->m_cred.m_cred.get()), meth_inner.release()))));
@ -476,8 +476,8 @@ _Success_(return != 0) const eap::config_method_ttls* eap::peer_ttls::combine_cr
 #endif
            *cfg_method,
            cfg_method->m_allow_save ? _target_name : NULL);
-        if (src_outer == eap::credentials::source_unknown) {
+        if (src_outer == eap::credentials::source_t::unknown) {
-            log_event(&EAPMETHOD_TRACE_EVT_CRED_UNKNOWN3, event_data(target_name), event_data((unsigned int)eap_type_tls), event_data::blank);
+            log_event(&EAPMETHOD_TRACE_EVT_CRED_UNKNOWN3, event_data(target_name), event_data((unsigned int)eap_type_t::tls), event_data::blank);
            continue;
        }
@ -492,7 +492,7 @@ _Success_(return != 0) const eap::config_method_ttls* eap::peer_ttls::combine_cr
 #endif
            *cfg_method->m_inner,
            cfg_method->m_inner->m_allow_save ? _target_name : NULL);
-        if (src_inner == eap::credentials::source_unknown) {
+        if (src_inner == eap::credentials::source_t::unknown) {
            log_event(&EAPMETHOD_TRACE_EVT_CRED_UNKNOWN3, event_data(target_name), event_data((unsigned int)cfg_method->m_inner->get_method_id()), event_data::blank);
            continue;
        }
@ -500,13 +500,13 @@ _Success_(return != 0) const eap::config_method_ttls* eap::peer_ttls::combine_cr
        // If we got here, we have all credentials we need. But, wait!
        if ((dwFlags & EAP_FLAG_MACHINE_AUTH) == 0) {
-            if (config_method::status_cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < config_method::status_cred_end) {
+            if (config_method::status_t::cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < config_method::status_t::cred_end) {
                // Outer: Credentials failed on last connection attempt.
-                log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM2, event_data(target_name), event_data((unsigned int)eap_type_tls), event_data((unsigned int)cfg_method->m_last_status), event_data::blank);
+                log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM2, event_data(target_name), event_data((unsigned int)eap_type_t::tls), event_data((unsigned int)cfg_method->m_last_status), event_data::blank);
                continue;
            }
-            if (config_method::status_cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < config_method::status_cred_end) {
+            if (config_method::status_t::cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < config_method::status_t::cred_end) {
                // Inner: Credentials failed on last connection attempt.
                log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM2, event_data(target_name), event_data((unsigned int)cfg_method->m_inner->get_method_id()), event_data((unsigned int)cfg_method->m_inner->m_last_status), event_data::blank);
                continue;
@ -637,7 +637,7 @@ DWORD WINAPI eap::peer_ttls::crl_checker::verify(_In_ crl_checker *obj)
                    // This "error" is expected for the root CA certificate.
                } else {
                    // This really was an error, as it appeared before the root CA cerficate in the chain.
-                    obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_SKIPPED, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data::blank);
+                    obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_SKIPPED, event_data((unsigned int)eap_type_t::ttls), event_data(subj), event_data::blank);
                }
                break;
@ -649,12 +649,12 @@ DWORD WINAPI eap::peer_ttls::crl_checker::verify(_In_ crl_checker *obj)
                case CRL_REASON_CESSATION_OF_OPERATION:
                case CRL_REASON_CERTIFICATE_HOLD:
                    // The revocation was of administrative nature. No need to black-list.
-                    obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKED1, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data(status_rev.dwReason), event_data::blank);
+                    obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKED1, event_data((unsigned int)eap_type_t::ttls), event_data(subj), event_data(status_rev.dwReason), event_data::blank);
                    break;
                default: {
                    // One of the certificates in the chain was revoked as compromised. Black-list it.
-                    obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKED, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data(status_rev.dwReason), event_data::blank);
+                    obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKED, event_data((unsigned int)eap_type_t::ttls), event_data(subj), event_data(status_rev.dwReason), event_data::blank);
                    reg_key key;
                    if (key.create(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\") _T(VENDOR_NAME_STR) _T("\\") _T(PRODUCT_NAME_STR) _T("\\TLSCRL"), NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE)) {
                        vector<unsigned char> hash;
@ -678,7 +678,7 @@ DWORD WINAPI eap::peer_ttls::crl_checker::verify(_In_ crl_checker *obj)
            default:
                // Checking one of the certificates in the chain for revocation failed. Resume checking the rest.
-                obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_FAILED, event_data((unsigned int)eap_type_ttls), event_data(subj), event_data(status_rev.dwError), event_data::blank);
+                obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_FAILED, event_data((unsigned int)eap_type_t::ttls), event_data(subj), event_data(status_rev.dwError), event_data::blank);
                c += (size_t)status_rev.dwIndex + 1;
            }
        } else {
@ -688,6 +688,6 @@ DWORD WINAPI eap::peer_ttls::crl_checker::verify(_In_ crl_checker *obj)
    }
    // Revocation check succeeded.
-    obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_FINISHED, event_data((unsigned int)eap_type_ttls), event_data::blank);
+    obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKE_FINISHED, event_data((unsigned int)eap_type_t::ttls), event_data::blank);
    return 0;
 }
--- a/lib/TTLS_UI/src/Module.cpp
+++ b/lib/TTLS_UI/src/Module.cpp
@ -54,7 +54,7 @@ protected:
 // eap::peer_ttls_ui
 //////////////////////////////////////////////////////////////////////
-eap::peer_ttls_ui::peer_ttls_ui() : peer_ui(eap_type_ttls)
+eap::peer_ttls_ui::peer_ttls_ui() : peer_ui(eap_type_t::ttls)
 {
 }
@ -244,16 +244,16 @@ void eap::peer_ttls_ui::invoke_identity_ui(
 #endif
        *cfg_method,
        cfg_method->m_allow_save ? target_name.c_str() : NULL);
-    if (src_outer == eap::credentials::source_unknown ||
+    if (src_outer == eap::credentials::source_t::unknown ||
-        src_outer != eap::credentials::source_config && eap::config_method::status_cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < eap::config_method::status_cred_end)
+        src_outer != eap::credentials::source_t::config && eap::config_method::status_t::cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < eap::config_method::status_t::cred_end)
    {
        // Build dialog to prompt for outer credentials.
        wxEAPCredentialsDialog dlg(*cfg_prov, init.m_parent);
        ui_canceller lock(dlg.GetHWND());
-        if (eap::config_method::status_cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < eap::config_method::status_cred_end)
+        if (eap::config_method::status_t::cred_begin <= cfg_method->m_last_status && cfg_method->m_last_status < eap::config_method::status_t::cred_end)
            dlg.AddContent(new wxEAPCredentialWarningPanel(*cfg_prov, cfg_method->m_last_status, &dlg));
        auto panel = new wxTLSCredentialsPanel(*cfg_prov, *cfg_method, *cred, &dlg, false);
-        panel->SetRemember(src_outer == eap::credentials::source_storage);
+        panel->SetRemember(src_outer == eap::credentials::source_t::storage);
        dlg.AddContent(panel);
        // Update dialog layout.
@ -292,8 +292,8 @@ void eap::peer_ttls_ui::invoke_identity_ui(
 #endif
        *cfg_method->m_inner,
        cfg_method->m_inner->m_allow_save ? target_name.c_str() : NULL);
-    if (src_inner == eap::credentials::source_unknown ||
+    if (src_inner == eap::credentials::source_t::unknown ||
-        src_inner != eap::credentials::source_config && eap::config_method::status_cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < eap::config_method::status_cred_end)
+        src_inner != eap::credentials::source_t::config && eap::config_method::status_t::cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < eap::config_method::status_t::cred_end)
    {
        // Prompt for inner credentials.
 #if EAP_INNER_EAPHOST
@ -304,14 +304,14 @@ void eap::peer_ttls_ui::invoke_identity_ui(
            // Native inner methods. Build dialog to prompt for inner credentials.
            wxEAPCredentialsDialog dlg(*cfg_prov, init.m_parent);
            ui_canceller lock(dlg.GetHWND());
-            if (eap::config_method::status_cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < eap::config_method::status_cred_end)
+            if (eap::config_method::status_t::cred_begin <= cfg_method->m_inner->m_last_status && cfg_method->m_inner->m_last_status < eap::config_method::status_t::cred_end)
                dlg.AddContent(new wxEAPCredentialWarningPanel(*cfg_prov, cfg_method->m_inner->m_last_status, &dlg));
            wxEAPCredentialsPanelBase *panel = NULL;
            switch (cfg_method->m_inner->get_method_id()) {
-                case eap_type_legacy_pap     : panel = new wxPAPCredentialsPanel     (*cfg_prov, *dynamic_cast<const eap::config_method_pap        *>(cfg_method->m_inner.get()), *dynamic_cast<eap::credentials_pass    *>(cred->m_inner.get()), &dlg, false); break;
+                case eap_type_t::legacy_pap     : panel = new wxPAPCredentialsPanel     (*cfg_prov, *dynamic_cast<const eap::config_method_pap        *>(cfg_method->m_inner.get()), *dynamic_cast<eap::credentials_pass    *>(cred->m_inner.get()), &dlg, false); break;
-                case eap_type_legacy_mschapv2: panel = new wxMSCHAPv2CredentialsPanel(*cfg_prov, *dynamic_cast<const eap::config_method_mschapv2   *>(cfg_method->m_inner.get()), *dynamic_cast<eap::credentials_pass    *>(cred->m_inner.get()), &dlg, false); break;
+                case eap_type_t::legacy_mschapv2: panel = new wxMSCHAPv2CredentialsPanel(*cfg_prov, *dynamic_cast<const eap::config_method_mschapv2   *>(cfg_method->m_inner.get()), *dynamic_cast<eap::credentials_pass    *>(cred->m_inner.get()), &dlg, false); break;
-                case eap_type_mschapv2       : panel = new wxMSCHAPv2CredentialsPanel(*cfg_prov, *dynamic_cast<const eap::config_method_eapmschapv2*>(cfg_method->m_inner.get()), *dynamic_cast<eap::credentials_pass    *>(cred->m_inner.get()), &dlg, false); break;
+                case eap_type_t::mschapv2       : panel = new wxMSCHAPv2CredentialsPanel(*cfg_prov, *dynamic_cast<const eap::config_method_eapmschapv2*>(cfg_method->m_inner.get()), *dynamic_cast<eap::credentials_pass    *>(cred->m_inner.get()), &dlg, false); break;
-                case eap_type_gtc            : {
+                case eap_type_t::gtc            : {
                    // EAP-GTC credential prompt differes for "Challenge/Response" and "Password" authentication modes.
                    eap::credentials_identity *cred_resp;
                    eap::credentials_pass     *cred_pass;
@ -327,7 +327,7 @@ void eap::peer_ttls_ui::invoke_identity_ui(
            }
            if (!panel)
                throw invalid_argument("Invalid authentication mode");
-            panel->SetRemember(src_inner == eap::credentials::source_storage);
+            panel->SetRemember(src_inner == eap::credentials::source_t::storage);
            dlg.AddContent(panel);
            // Update dialog layout.
@ -397,7 +397,7 @@ void eap::peer_ttls_ui::invoke_identity_ui(
    // Build our identity. ;)
    wstring identity(std::move(cfg_method->get_public_identity(*dynamic_cast<const credentials_ttls*>(cred_out.m_cred.get()))));
-    log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_ttls), event_data(identity), event_data::blank);
+    log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_t::ttls), event_data(identity), event_data::blank);
    size_t size = sizeof(WCHAR)*(identity.length() + 1);
    *ppwszIdentity = (WCHAR*)alloc_memory(size);
    memcpy(*ppwszIdentity, identity.c_str(), size);
--- a/lib/TTLS_UI/src/TTLS_UI.cpp
+++ b/lib/TTLS_UI/src/TTLS_UI.cpp
@ -186,22 +186,22 @@ bool wxTTLSConfigWindow::TransferDataToWindow()
    {
        // Native inner methods
        switch (cfg_ttls.m_inner->get_method_id()) {
-        case winstd::eap_type_legacy_pap:
+        case winstd::eap_type_t::legacy_pap:
            m_cfg_pap = dynamic_cast<eap::config_method_pap&>(*cfg_ttls.m_inner);
            m_inner_type->SetSelection(0); // 0=PAP
            break;
-        case winstd::eap_type_legacy_mschapv2:
+        case winstd::eap_type_t::legacy_mschapv2:
            m_cfg_mschapv2 = dynamic_cast<eap::config_method_mschapv2&>(*cfg_ttls.m_inner);
            m_inner_type->SetSelection(1); // 1=MSCHAPv2
            break;
-        case winstd::eap_type_mschapv2:
+        case winstd::eap_type_t::mschapv2:
            m_cfg_eapmschapv2 = dynamic_cast<eap::config_method_eapmschapv2&>(*cfg_ttls.m_inner);
            m_inner_type->SetSelection(2); // 2=EAP-MSCHAPv2
            break;
-        case winstd::eap_type_gtc:
+        case winstd::eap_type_t::gtc:
            m_cfg_eapgtc = dynamic_cast<eap::config_method_eapgtc&>(*cfg_ttls.m_inner);
            m_inner_type->SetSelection(3); // 3=EAP-GTC
            break;