Peer (Main.cpp) no longer manipulates session directly. Session management moved to eap::peer.

EAPMethods/src/Main.cpp

@@ -27,7 +27,6 @@ using namespace winstd;
 
 #if EAPMETHOD_TYPE==21
 #define _EAPMETHOD_PEER    eap::peer_ttls
-#define _EAPMETHOD_SESSION eap::session_ttls
 #else
 #error Unknown EAP Method type.
 #endif
@@ -283,29 +282,12 @@ DWORD APIENTRY EapPeerBeginSession(
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pUserData is NULL.")));
     else if (!phSession)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" phSession is NULL.")));
-    else {
+    else if (!g_peer.begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, pConnectionData, dwConnectionDataSize, pUserData, dwUserDataSize, dwMaxSendPacketSize, phSession, ppEapError)) {
-        *phSession = NULL;
+        if (*ppEapError) {
-
+            g_peer.log_error(*ppEapError);
-        // Allocate new session.
+            return dwResult = (*ppEapError)->dwWinError;
-        unique_ptr<_EAPMETHOD_SESSION> session(new _EAPMETHOD_SESSION(g_peer));
+        } else
-        if (!session) {
+            return dwResult = ERROR_INVALID_DATA;
-            g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_OUTOFMEMORY, _T(__FUNCTION__) _T(" Error allocating memory for EAP session.")));
-            return dwResult;
-        }
-
-        // Begin the session.
-        if (!g_peer.unpack(session->m_cfg, pConnectionData, dwConnectionDataSize, ppEapError) ||
-            !g_peer.unpack(session->m_cred, pUserData, dwUserDataSize, ppEapError) ||
-            !session->begin(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize, ppEapError))
-        {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                return dwResult = (*ppEapError)->dwWinError;
-            } else
-                return dwResult = ERROR_INVALID_DATA;
-        }
-
-        *phSession = session.release();
     }
 
     return dwResult;
@@ -317,7 +299,9 @@ DWORD APIENTRY EapPeerBeginSession(
 ///
 /// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx)
 ///
-DWORD APIENTRY EapPeerEndSession(_In_ EAP_SESSION_HANDLE hSession, _Out_ EAP_ERROR **ppEapError)
+DWORD APIENTRY EapPeerEndSession(
+    _In_  EAP_SESSION_HANDLE hSession,
+    _Out_ EAP_ERROR          **ppEapError)
 {
     DWORD dwResult = ERROR_SUCCESS;
     event_fn_auto_ret<DWORD> event_auto(g_peer.get_event_fn_auto(__FUNCTION__, dwResult));
@@ -333,9 +317,12 @@ DWORD APIENTRY EapPeerEndSession(_In_ EAP_SESSION_HANDLE hSession, _Out_ EAP_ERR
 
     if (!hSession)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" hSession is NULL.")));
-    else {
+    else if (!g_peer.end_session(hSession, ppEapError)) {
-        static_cast<_EAPMETHOD_SESSION*>(hSession)->end(ppEapError);
+        if (*ppEapError) {
-        delete static_cast<_EAPMETHOD_SESSION*>(hSession);
+            g_peer.log_error(*ppEapError);
+            return dwResult = (*ppEapError)->dwWinError;
+        } else
+            return dwResult = ERROR_INVALID_DATA;
     }
 
     return dwResult;
@@ -372,15 +359,12 @@ DWORD APIENTRY EapPeerProcessRequestPacket(
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pReceivedPacket is NULL or too short.")));
     else if (!pEapOutput)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapOutput is NULL.")));
-    else {
+    else if (!g_peer.process_request_packet(hSession, pReceivedPacket, dwReceivedPacketSize, pEapOutput, ppEapError)) {
-        assert(dwReceivedPacketSize == ntohs(*(WORD*)pReceivedPacket->Length));
+        if (*ppEapError) {
-        if (!static_cast<_EAPMETHOD_SESSION*>(hSession)->process_request_packet(dwReceivedPacketSize, pReceivedPacket, pEapOutput, ppEapError)) {
+            g_peer.log_error(*ppEapError);
-            if (*ppEapError) {
+            dwResult = (*ppEapError)->dwWinError;
-                g_peer.log_error(*ppEapError);
+        } else
-                dwResult = (*ppEapError)->dwWinError;
+            dwResult = ERROR_INVALID_DATA;
-            } else
-                dwResult = ERROR_INVALID_DATA;
-        }
     }
 
     return dwResult;
@@ -416,14 +400,12 @@ DWORD APIENTRY EapPeerGetResponsePacket(
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pdwSendPacketSize is NULL.")));
     else if (!pSendPacket && *pdwSendPacketSize)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pSendPacket is NULL.")));
-    else {
+    else if (!g_peer.get_response_packet(hSession, pSendPacket, pdwSendPacketSize, ppEapError)) {
-        if (!static_cast<_EAPMETHOD_SESSION*>(hSession)->get_response_packet(pdwSendPacketSize, pSendPacket, ppEapError)) {
+        if (*ppEapError) {
-            if (*ppEapError) {
+            g_peer.log_error(*ppEapError);
-                g_peer.log_error(*ppEapError);
+            dwResult = (*ppEapError)->dwWinError;
-                dwResult = (*ppEapError)->dwWinError;
+        } else
-            } else
+            dwResult = ERROR_INVALID_DATA;
-                dwResult = ERROR_INVALID_DATA;
-        }
     }
 
     return dwResult;
@@ -435,7 +417,11 @@ DWORD APIENTRY EapPeerGetResponsePacket(
 ///
 /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
 ///
-DWORD APIENTRY EapPeerGetResult(_In_ EAP_SESSION_HANDLE hSession, _In_ EapPeerMethodResultReason reason, _Out_ EapPeerMethodResult *ppResult, _Out_ EAP_ERROR **ppEapError)
+DWORD APIENTRY EapPeerGetResult(
+    _In_  EAP_SESSION_HANDLE        hSession,
+    _In_  EapPeerMethodResultReason reason,
+    _Out_ EapPeerMethodResult       *ppResult,
+    _Out_ EAP_ERROR                 **ppEapError)
 {
     DWORD dwResult = ERROR_SUCCESS;
     event_fn_auto_ret<DWORD> event_auto(g_peer.get_event_fn_auto(__FUNCTION__, dwResult));
@@ -453,14 +439,12 @@ DWORD APIENTRY EapPeerGetResult(_In_ EAP_SESSION_HANDLE hSession, _In_ EapPeerMe
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" hSession is NULL.")));
     else if (!ppResult)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppResult is NULL.")));
-    else {
+    else if (!g_peer.get_result(hSession, reason, ppResult, ppEapError)) {
-        if (!static_cast<_EAPMETHOD_SESSION*>(hSession)->get_result(reason, ppResult, ppEapError)) {
+        if (*ppEapError) {
-            if (*ppEapError) {
+            g_peer.log_error(*ppEapError);
-                g_peer.log_error(*ppEapError);
+            dwResult = (*ppEapError)->dwWinError;
-                dwResult = (*ppEapError)->dwWinError;
+        } else
-            } else
+            dwResult = ERROR_INVALID_DATA;
-                dwResult = ERROR_INVALID_DATA;
-        }
     }
 
     return dwResult;
@@ -498,7 +482,7 @@ DWORD APIENTRY EapPeerGetUIContext(
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pdwUIContextDataSize is NULL.")));
     else if (!ppUIContextData)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppUIContextData is NULL.")));
-    else if (!static_cast<_EAPMETHOD_SESSION*>(hSession)->get_ui_context(ppUIContextData, pdwUIContextDataSize, ppEapError)) {
+    else if (!g_peer.get_ui_context(hSession, ppUIContextData, pdwUIContextDataSize, ppEapError)) {
         if (*ppEapError) {
             g_peer.log_error(*ppEapError);
             dwResult = (*ppEapError)->dwWinError;
@@ -542,7 +526,7 @@ DWORD APIENTRY EapPeerSetUIContext(
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pUIContextData is NULL.")));
     else if (!pEapOutput)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapOutput is NULL.")));
-    else if (!static_cast<_EAPMETHOD_SESSION*>(hSession)->set_ui_context(pUIContextData, dwUIContextDataSize, pEapOutput, ppEapError)) {
+    else if (!g_peer.set_ui_context(hSession, pUIContextData, dwUIContextDataSize, pEapOutput, ppEapError)) {
         if (*ppEapError) {
             g_peer.log_error(*ppEapError);
             dwResult = (*ppEapError)->dwWinError;
@@ -559,7 +543,10 @@ DWORD APIENTRY EapPeerSetUIContext(
 ///
 /// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx)
 ///
-DWORD APIENTRY EapPeerGetResponseAttributes(_In_ EAP_SESSION_HANDLE hSession, _Out_ EapAttributes *pAttribs, _Out_ EAP_ERROR **ppEapError)
+DWORD APIENTRY EapPeerGetResponseAttributes(
+    _In_  EAP_SESSION_HANDLE hSession,
+    _Out_ EapAttributes      *pAttribs,
+    _Out_ EAP_ERROR          **ppEapError)
 {
     DWORD dwResult = ERROR_SUCCESS;
     event_fn_auto_ret<DWORD> event_auto(g_peer.get_event_fn_auto(__FUNCTION__, dwResult));
@@ -577,14 +564,12 @@ DWORD APIENTRY EapPeerGetResponseAttributes(_In_ EAP_SESSION_HANDLE hSession, _O
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" hSession is NULL.")));
     else if (!pAttribs)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pAttribs is NULL.")));
-    else {
+    else if (!g_peer.get_response_attributes(hSession, pAttribs, ppEapError)) {
-        if (!static_cast<_EAPMETHOD_SESSION*>(hSession)->get_response_attributes(pAttribs, ppEapError)) {
+        if (*ppEapError) {
-            if (*ppEapError) {
+            g_peer.log_error(*ppEapError);
-                g_peer.log_error(*ppEapError);
+            dwResult = (*ppEapError)->dwWinError;
-                dwResult = (*ppEapError)->dwWinError;
+        } else
-            } else
+            dwResult = ERROR_INVALID_DATA;
-                dwResult = ERROR_INVALID_DATA;
-        }
     }
 
     return dwResult;
@@ -596,7 +581,11 @@ DWORD APIENTRY EapPeerGetResponseAttributes(_In_ EAP_SESSION_HANDLE hSession, _O
 ///
 /// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx)
 ///
-DWORD APIENTRY EapPeerSetResponseAttributes(_In_ EAP_SESSION_HANDLE hSession, _In_ /*const*/ EapAttributes *pAttribs, _Out_ EapPeerMethodOutput *pEapOutput, _Out_ EAP_ERROR **ppEapError)
+DWORD APIENTRY EapPeerSetResponseAttributes(
+    _In_            EAP_SESSION_HANDLE  hSession,
+    _In_  /*const*/ EapAttributes       *pAttribs,
+    _Out_           EapPeerMethodOutput *pEapOutput,
+    _Out_           EAP_ERROR           **ppEapError)
 {
     DWORD dwResult = ERROR_SUCCESS;
     event_fn_auto_ret<DWORD> event_auto(g_peer.get_event_fn_auto(__FUNCTION__, dwResult));
@@ -614,14 +603,12 @@ DWORD APIENTRY EapPeerSetResponseAttributes(_In_ EAP_SESSION_HANDLE hSession, _I
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" hSession is NULL.")));
     else if (!pEapOutput)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapOutput is NULL.")));
-    else {
+    else if (!g_peer.set_response_attributes(hSession, pAttribs, pEapOutput, ppEapError)) {
-        if (!static_cast<_EAPMETHOD_SESSION*>(hSession)->set_response_attributes(pAttribs, pEapOutput, ppEapError)) {
+        if (*ppEapError) {
-            if (*ppEapError) {
+            g_peer.log_error(*ppEapError);
-                g_peer.log_error(*ppEapError);
+            dwResult = (*ppEapError)->dwWinError;
-                dwResult = (*ppEapError)->dwWinError;
+        } else
-            } else
+            dwResult = ERROR_INVALID_DATA;
-                dwResult = ERROR_INVALID_DATA;
-        }
     }
 
     return dwResult;
@@ -775,21 +762,19 @@ DWORD WINAPI EapPeerQueryCredentialInputFields(
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pConnectionData is NULL.")));
     else if (!pEapConfigInputFieldsArray)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapConfigInputFieldsArray is NULL.")));
-    else {
+    else if (!g_peer.query_credential_input_fields(
-        if (!g_peer.query_credential_input_fields(
+        hUserImpersonationToken,
-            hUserImpersonationToken,
+        dwFlags,
-            dwFlags,
+        dwConnectionDataSize,
-            dwConnectionDataSize,
+        pConnectionData,
-            pConnectionData,
+        pEapConfigInputFieldsArray,
-            pEapConfigInputFieldsArray,
+        ppEapError))
-            ppEapError))
+    {
-        {
+        if (*ppEapError) {
-            if (*ppEapError) {
+            g_peer.log_error(*ppEapError);
-                g_peer.log_error(*ppEapError);
+            dwResult = (*ppEapError)->dwWinError;
-                dwResult = (*ppEapError)->dwWinError;
+        } else
-            } else
+            dwResult = ERROR_INVALID_DATA;
-                dwResult = ERROR_INVALID_DATA;
-        }
     }
 
     return dwResult;
@@ -836,23 +821,21 @@ DWORD WINAPI EapPeerQueryUserBlobFromCredentialInputFields(
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pdwUsersBlobSize is NULL.")));
     else if (!ppUserBlob)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppUserBlob is NULL.")));
-    else {
+    else if (!g_peer.query_user_blob_from_credential_input_fields(
-        if (!g_peer.query_user_blob_from_credential_input_fields(
+        hUserImpersonationToken,
-            hUserImpersonationToken,
+        dwFlags,
-            dwFlags,
+        dwConnectionDataSize,
-            dwConnectionDataSize,
+        pConnectionData,
-            pConnectionData,
+        pEapConfigInputFieldArray,
-            pEapConfigInputFieldArray,
+        pdwUsersBlobSize,
-            pdwUsersBlobSize,
+        ppUserBlob,
-            ppUserBlob,
+        ppEapError))
-            ppEapError))
+    {
-        {
+        if (*ppEapError) {
-            if (*ppEapError) {
+            g_peer.log_error(*ppEapError);
-                g_peer.log_error(*ppEapError);
+            dwResult = (*ppEapError)->dwWinError;
-                dwResult = (*ppEapError)->dwWinError;
+        } else
-            } else
+            dwResult = ERROR_INVALID_DATA;
-                dwResult = ERROR_INVALID_DATA;
-        }
     }
 
     return dwResult;
@@ -891,22 +874,20 @@ DWORD WINAPI EapPeerQueryInteractiveUIInputFields(
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pUIContextData is NULL.")));
     else if (!pEapInteractiveUIData)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapInteractiveUIData is NULL.")));
-    else {
+    else if (!g_peer.query_interactive_ui_input_fields(
-        if (!g_peer.query_interactive_ui_input_fields(
+        dwVersion,
-            dwVersion,
+        dwFlags,
-            dwFlags,
+        dwUIContextDataSize,
-            dwUIContextDataSize,
+        pUIContextData,
-            pUIContextData,
+        pEapInteractiveUIData,
-            pEapInteractiveUIData,
+        ppEapError,
-            ppEapError,
+        pvReserved))
-            pvReserved))
+    {
-        {
+        if (*ppEapError) {
-            if (*ppEapError) {
+            g_peer.log_error(*ppEapError);
-                g_peer.log_error(*ppEapError);
+            dwResult = (*ppEapError)->dwWinError;
-                dwResult = (*ppEapError)->dwWinError;
+        } else
-            } else
+            dwResult = ERROR_INVALID_DATA;
-                dwResult = ERROR_INVALID_DATA;
-        }
     }
 
     return dwResult;
@@ -949,24 +930,22 @@ DWORD WINAPI EapPeerQueryUIBlobFromInteractiveUIInputFields(
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pdwDataFromInteractiveUISize is NULL.")));
     else if (!ppDataFromInteractiveUI)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppDataFromInteractiveUI is NULL.")));
-    else {
+    else if (!g_peer.query_ui_blob_from_interactive_ui_input_fields(
-        if (!g_peer.query_ui_blob_from_interactive_ui_input_fields(
+        dwVersion,
-            dwVersion,
+        dwFlags,
-            dwFlags,
+        dwUIContextDataSize,
-            dwUIContextDataSize,
+        pUIContextData,
-            pUIContextData,
+        pEapInteractiveUIData,
-            pEapInteractiveUIData,
+        pdwDataFromInteractiveUISize,
-            pdwDataFromInteractiveUISize,
+        ppDataFromInteractiveUI,
-            ppDataFromInteractiveUI,
+        ppEapError,
-            ppEapError,
+        ppvReserved))
-            ppvReserved))
+    {
-        {
+        if (*ppEapError) {
-            if (*ppEapError) {
+            g_peer.log_error(*ppEapError);
-                g_peer.log_error(*ppEapError);
+            dwResult = (*ppEapError)->dwWinError;
-                dwResult = (*ppEapError)->dwWinError;
+        } else
-            } else
+            dwResult = ERROR_INVALID_DATA;
-                dwResult = ERROR_INVALID_DATA;
-        }
     }
 
     return dwResult;

lib/EAPBase/include/Module.h

@@ -45,6 +45,9 @@ namespace eap
 
 #include <Windows.h>
 #include <eaptypes.h> // Must include after <Windows.h>
+extern "C" {
+#include <eapmethodpeerapis.h>
+}
 #include <sal.h>
 #include <tchar.h>
 
@@ -817,5 +820,154 @@ namespace eap
             _Out_                                 BYTE                    **ppDataFromInteractiveUI,
             _Out_                                 EAP_ERROR               **ppEapError,
             _Inout_                               LPVOID                  *ppvReserved) const;
+
+        /// \name Session management
+        /// @{
+
+        ///
+        /// Starts an EAP authentication session on the peer EAPHost using the EAP method.
+        ///
+        /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        virtual bool begin_session(
+            _In_                                   DWORD              dwFlags,
+            _In_                           const   EapAttributes      *pAttributeArray,
+            _In_                                   HANDLE             hTokenImpersonateUser,
+            _In_count_(dwConnectionDataSize) const BYTE               *pConnectionData,
+            _In_                                   DWORD              dwConnectionDataSize,
+            _In_count_(dwUserDataSize)       const BYTE               *pUserData,
+            _In_                                   DWORD              dwUserDataSize,
+            _In_                                   DWORD              dwMaxSendPacketSize,
+            _Out_                                  EAP_SESSION_HANDLE *phSession,
+            _Out_                                  EAP_ERROR          **ppEapError) = 0;
+
+        ///
+        /// Ends an EAP authentication session for the EAP method.
+        ///
+        /// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx)
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        virtual bool end_session(
+            _In_  EAP_SESSION_HANDLE hSession,
+            _Out_ EAP_ERROR          **ppEapError) = 0;
+
+        ///
+        /// Processes a packet received by EAPHost from a supplicant.
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
+        ///
+        virtual bool process_request_packet(
+            _In_                                       EAP_SESSION_HANDLE  hSession,
+            _In_bytecount_(dwReceivedPacketSize) const EapPacket           *pReceivedPacket,
+            _In_                                       DWORD               dwReceivedPacketSize,
+            _Out_                                      EapPeerMethodOutput *pEapOutput,
+            _Out_                                      EAP_ERROR           **ppEapError) = 0;
+
+        ///
+        /// Obtains a response packet from the EAP method.
+        ///
+        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        virtual bool get_response_packet(
+            _In_                               EAP_SESSION_HANDLE hSession,
+            _Inout_bytecap_(*dwSendPacketSize) EapPacket          *pSendPacket,
+            _Inout_                            DWORD              *pdwSendPacketSize,
+            _Out_                              EAP_ERROR          **ppEapError) = 0;
+
+        ///
+        /// Obtains the result of an authentication session from the EAP method.
+        ///
+        /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        virtual bool get_result(
+            _In_  EAP_SESSION_HANDLE        hSession,
+            _In_  EapPeerMethodResultReason reason,
+            _Out_ EapPeerMethodResult       *ppResult,
+            _Out_ EAP_ERROR                 **ppEapError) = 0;
+
+        ///
+        /// Obtains the user interface context from the EAP method.
+        ///
+        /// \note This function is always followed by the `EapPeerInvokeInteractiveUI()` function, which is followed by the `EapPeerSetUIContext()` function.
+        ///
+        /// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx)
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        virtual bool get_ui_context(
+            _In_  EAP_SESSION_HANDLE hSession,
+            _Out_ BYTE               **ppUIContextData,
+            _Out_ DWORD              *pdwUIContextDataSize,
+            _Out_ EAP_ERROR          **ppEapError) = 0;
+
+        ///
+        /// Provides a user interface context to the EAP method.
+        ///
+        /// \note This function is called after the UI has been raised through the `EapPeerGetUIContext()` function.
+        ///
+        /// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx)
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        virtual bool set_ui_context(
+            _In_                                  EAP_SESSION_HANDLE  hSession,
+            _In_count_(dwUIContextDataSize) const BYTE                *pUIContextData,
+            _In_                                  DWORD               dwUIContextDataSize,
+            _In_                            const EapPeerMethodOutput *pEapOutput,
+            _Out_                                 EAP_ERROR           **ppEapError) = 0;
+
+        ///
+        /// Obtains an array of EAP response attributes from the EAP method.
+        ///
+        /// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx)
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        virtual bool get_response_attributes(
+            _In_  EAP_SESSION_HANDLE hSession,
+            _Out_ EapAttributes      *pAttribs,
+            _Out_ EAP_ERROR          **ppEapError) = 0;
+
+        ///
+        /// Provides an updated array of EAP response attributes to the EAP method.
+        ///
+        /// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx)
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        virtual bool set_response_attributes(
+            _In_       EAP_SESSION_HANDLE  hSession,
+            _In_ const EapAttributes       *pAttribs,
+            _Out_      EapPeerMethodOutput *pEapOutput,
+            _Out_      EAP_ERROR           **ppEapError) = 0;
+
+        /// @}
     };
 }

lib/TTLS/include/Module.h

@@ -129,5 +129,154 @@ namespace eap
             _Out_                                  BYTE        **ppCredentialsOut,
             _Out_                                  DWORD       *pdwCredentialsOutSize,
             _Out_                                  EAP_ERROR   **ppEapError);
+
+        /// \name Session management
+        /// @{
+
+        ///
+        /// Starts an EAP authentication session on the peer EAPHost using the EAP method.
+        ///
+        /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        virtual bool begin_session(
+            _In_                                   DWORD              dwFlags,
+            _In_                           const   EapAttributes      *pAttributeArray,
+            _In_                                   HANDLE             hTokenImpersonateUser,
+            _In_count_(dwConnectionDataSize) const BYTE               *pConnectionData,
+            _In_                                   DWORD              dwConnectionDataSize,
+            _In_count_(dwUserDataSize)       const BYTE               *pUserData,
+            _In_                                   DWORD              dwUserDataSize,
+            _In_                                   DWORD              dwMaxSendPacketSize,
+            _Out_                                  EAP_SESSION_HANDLE *phSession,
+            _Out_                                  EAP_ERROR          **ppEapError);
+
+        ///
+        /// Ends an EAP authentication session for the EAP method.
+        ///
+        /// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx)
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        virtual bool end_session(
+            _In_ EAP_SESSION_HANDLE hSession,
+            _Out_ EAP_ERROR **ppEapError);
+
+        ///
+        /// Processes a packet received by EAPHost from a supplicant.
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
+        ///
+        virtual bool process_request_packet(
+            _In_                                       EAP_SESSION_HANDLE  hSession,
+            _In_bytecount_(dwReceivedPacketSize) const EapPacket           *pReceivedPacket,
+            _In_                                       DWORD               dwReceivedPacketSize,
+            _Out_                                      EapPeerMethodOutput *pEapOutput,
+            _Out_                                      EAP_ERROR           **ppEapError);
+
+        ///
+        /// Obtains a response packet from the EAP method.
+        ///
+        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        virtual bool get_response_packet(
+            _In_                               EAP_SESSION_HANDLE hSession,
+            _Inout_bytecap_(*dwSendPacketSize) EapPacket          *pSendPacket,
+            _Inout_                            DWORD              *pdwSendPacketSize,
+            _Out_                              EAP_ERROR          **ppEapError);
+
+        ///
+        /// Obtains the result of an authentication session from the EAP method.
+        ///
+        /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        virtual bool get_result(
+            _In_  EAP_SESSION_HANDLE        hSession,
+            _In_  EapPeerMethodResultReason reason,
+            _Out_ EapPeerMethodResult       *ppResult,
+            _Out_ EAP_ERROR                 **ppEapError);
+
+        ///
+        /// Obtains the user interface context from the EAP method.
+        ///
+        /// \note This function is always followed by the `EapPeerInvokeInteractiveUI()` function, which is followed by the `EapPeerSetUIContext()` function.
+        ///
+        /// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx)
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        virtual bool get_ui_context(
+            _In_  EAP_SESSION_HANDLE hSession,
+            _Out_ BYTE               **ppUIContextData,
+            _Out_ DWORD              *pdwUIContextDataSize,
+            _Out_ EAP_ERROR          **ppEapError);
+
+        ///
+        /// Provides a user interface context to the EAP method.
+        ///
+        /// \note This function is called after the UI has been raised through the `EapPeerGetUIContext()` function.
+        ///
+        /// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx)
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        virtual bool set_ui_context(
+            _In_                                  EAP_SESSION_HANDLE  hSession,
+            _In_count_(dwUIContextDataSize) const BYTE                *pUIContextData,
+            _In_                                  DWORD               dwUIContextDataSize,
+            _In_                            const EapPeerMethodOutput *pEapOutput,
+            _Out_                                 EAP_ERROR           **ppEapError);
+
+        ///
+        /// Obtains an array of EAP response attributes from the EAP method.
+        ///
+        /// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx)
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        virtual bool get_response_attributes(
+            _In_  EAP_SESSION_HANDLE hSession,
+            _Out_ EapAttributes      *pAttribs,
+            _Out_ EAP_ERROR          **ppEapError);
+
+        ///
+        /// Provides an updated array of EAP response attributes to the EAP method.
+        ///
+        /// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx)
+        ///
+        /// \returns
+        /// - \c true if succeeded
+        /// - \c false otherwise. See \p ppEapError for details.
+        ///
+        virtual bool set_response_attributes(
+            _In_       EAP_SESSION_HANDLE  hSession,
+            _In_ const EapAttributes       *pAttribs,
+            _Out_      EapPeerMethodOutput *pEapOutput,
+            _Out_      EAP_ERROR           **ppEapError);
+
+        /// @}
     };
 }

lib/TTLS/src/Module.cpp

@@ -309,3 +309,120 @@ bool eap::peer_ttls::credentials_xml2blob(
     // Pack credentials.
     return pack(cred, ppCredentialsOut, pdwCredentialsOutSize, ppEapError);
 }
+
+
+bool eap::peer_ttls::begin_session(
+    _In_                                   DWORD              dwFlags,
+    _In_                           const   EapAttributes      *pAttributeArray,
+    _In_                                   HANDLE             hTokenImpersonateUser,
+    _In_count_(dwConnectionDataSize) const BYTE               *pConnectionData,
+    _In_                                   DWORD              dwConnectionDataSize,
+    _In_count_(dwUserDataSize)       const BYTE               *pUserData,
+    _In_                                   DWORD              dwUserDataSize,
+    _In_                                   DWORD              dwMaxSendPacketSize,
+    _Out_                                  EAP_SESSION_HANDLE *phSession,
+    _Out_                                  EAP_ERROR          **ppEapError)
+{
+    *phSession = NULL;
+
+    // Allocate new session.
+    unique_ptr<session_ttls> session(new session_ttls(*this));
+    if (!session) {
+        log_error(*ppEapError = make_error(ERROR_OUTOFMEMORY, _T(__FUNCTION__) _T(" Error allocating memory for EAP-TTLS session.")));
+        return false;
+    }
+
+    // Begin the session.
+    if (!unpack(session->m_cfg, pConnectionData, dwConnectionDataSize, ppEapError) ||
+        !unpack(session->m_cred, pUserData, dwUserDataSize, ppEapError) ||
+        !session->begin(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize, ppEapError))
+        return false;
+
+    *phSession = session.release();
+    return true;
+}
+
+
+bool eap::peer_ttls::end_session(_In_ EAP_SESSION_HANDLE hSession, _Out_ EAP_ERROR **ppEapError)
+{
+    assert(hSession);
+
+    // End the session.
+    session_ttls *session = static_cast<session_ttls*>(hSession);
+    session->end(ppEapError);
+    delete session;
+
+    return true;
+}
+
+
+bool eap::peer_ttls::process_request_packet(
+    _In_                                       EAP_SESSION_HANDLE  hSession,
+    _In_bytecount_(dwReceivedPacketSize) const EapPacket           *pReceivedPacket,
+    _In_                                       DWORD               dwReceivedPacketSize,
+    _Out_                                      EapPeerMethodOutput *pEapOutput,
+    _Out_                                      EAP_ERROR           **ppEapError)
+{
+    assert(dwReceivedPacketSize == ntohs(*(WORD*)pReceivedPacket->Length));
+    return static_cast<session_ttls*>(hSession)->process_request_packet(dwReceivedPacketSize, pReceivedPacket, pEapOutput, ppEapError);
+}
+
+
+bool eap::peer_ttls::get_response_packet(
+    _In_                               EAP_SESSION_HANDLE hSession,
+    _Inout_bytecap_(*dwSendPacketSize) EapPacket          *pSendPacket,
+    _Inout_                            DWORD              *pdwSendPacketSize,
+    _Out_                              EAP_ERROR          **ppEapError)
+{
+    return static_cast<session_ttls*>(hSession)->get_response_packet(pdwSendPacketSize, pSendPacket, ppEapError);
+}
+
+
+bool eap::peer_ttls::get_result(
+    _In_  EAP_SESSION_HANDLE        hSession,
+    _In_  EapPeerMethodResultReason reason,
+    _Out_ EapPeerMethodResult       *ppResult,
+    _Out_ EAP_ERROR                 **ppEapError)
+{
+    return static_cast<session_ttls*>(hSession)->get_result(reason, ppResult, ppEapError);
+}
+
+
+bool eap::peer_ttls::get_ui_context(
+    _In_  EAP_SESSION_HANDLE hSession,
+    _Out_ BYTE               **ppUIContextData,
+    _Out_ DWORD              *pdwUIContextDataSize,
+    _Out_ EAP_ERROR          **ppEapError)
+{
+    return static_cast<session_ttls*>(hSession)->get_ui_context(ppUIContextData, pdwUIContextDataSize, ppEapError);
+}
+
+
+bool eap::peer_ttls::set_ui_context(
+    _In_                                  EAP_SESSION_HANDLE  hSession,
+    _In_count_(dwUIContextDataSize) const BYTE                *pUIContextData,
+    _In_                                  DWORD               dwUIContextDataSize,
+    _In_                            const EapPeerMethodOutput *pEapOutput,
+    _Out_                                 EAP_ERROR           **ppEapError)
+{
+    return static_cast<session_ttls*>(hSession)->set_ui_context(pUIContextData, dwUIContextDataSize, pEapOutput, ppEapError);
+}
+
+
+bool eap::peer_ttls::get_response_attributes(
+    _In_  EAP_SESSION_HANDLE hSession,
+    _Out_ EapAttributes      *pAttribs,
+    _Out_ EAP_ERROR          **ppEapError)
+{
+    return static_cast<session_ttls*>(hSession)->get_response_attributes(pAttribs, ppEapError);
+}
+
+
+bool eap::peer_ttls::set_response_attributes(
+    _In_       EAP_SESSION_HANDLE  hSession,
+    _In_ const EapAttributes       *pAttribs,
+    _Out_      EapPeerMethodOutput *pEapOutput,
+    _Out_      EAP_ERROR           **ppEapError)
+{
+    return static_cast<session_ttls*>(hSession)->set_response_attributes(pAttribs, pEapOutput, ppEapError);
+}