diff --git a/CredWrite/Main.cpp b/CredWrite/Main.cpp index 7b35caf..2a13df0 100644 --- a/CredWrite/Main.cpp +++ b/CredWrite/Main.cpp @@ -81,28 +81,25 @@ static int CredWrite() } // Write credentials. - EAP_ERROR *pEapError = NULL; #ifdef _DEBUG { eap::credentials_pap cred_stored(g_module); - if (!cred_stored.retrieve(target_name.c_str(), &pEapError)) { - if (pEapError) { - OutputDebugStr(_T("%ls (error %u)\n"), pEapError->pRootCauseString, pEapError->dwWinError); - g_module.free_error_memory(pEapError); - pEapError = NULL; - } else - OutputDebugStr(_T("Reading credentials failed.\n")); + try { + cred_stored.retrieve(target_name.c_str()); + } catch(eap::win_runtime_error &err) { + OutputDebugStr(_T("%ls (error %u)\n"), err.m_msg.c_str(), err.m_error); + } catch(...) { + OutputDebugStr(_T("Reading credentials failed.\n")); } } #endif - if (!cred.store(target_name.c_str(), &pEapError)) { - if (pEapError) { - OutputDebugStr(_T("%ls (error %u)\n"), pEapError->pRootCauseString, pEapError->dwWinError); - g_module.free_error_memory(pEapError); - pEapError = NULL; - } else - OutputDebugStr(_T("Writing credentials failed.\n")); - + try { + cred.store(target_name.c_str()); + } catch(eap::win_runtime_error &err) { + OutputDebugStr(_T("%ls (error %u)\n"), err.m_msg.c_str(), err.m_error); + return 2; + } catch(...) { + OutputDebugStr(_T("Writing credentials failed.\n")); return 2; } diff --git a/EAPMethods/src/Main.cpp b/EAPMethods/src/Main.cpp index a6e85a9..b4cff14 100644 --- a/EAPMethods/src/Main.cpp +++ b/EAPMethods/src/Main.cpp @@ -150,12 +150,13 @@ DWORD APIENTRY EapPeerInitialize(_Out_ EAP_ERROR **ppEapError) assert(!*ppEapError); - if (!g_peer.initialize(ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); - dwResult = (*ppEapError)->dwWinError; - } else - dwResult = ERROR_INVALID_DATA; + try { + g_peer.initialize(); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); + dwResult = (*ppEapError)->dwWinError; + } catch (...) { + dwResult = ERROR_INVALID_DATA; } return dwResult; @@ -181,12 +182,13 @@ DWORD APIENTRY EapPeerShutdown(_Out_ EAP_ERROR **ppEapError) assert(!*ppEapError); - if (!g_peer.shutdown(ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); - dwResult = (*ppEapError)->dwWinError; - } else - dwResult = ERROR_INVALID_DATA; + try { + g_peer.shutdown(); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); + dwResult = (*ppEapError)->dwWinError; + } catch (...) { + dwResult = ERROR_INVALID_DATA; } return dwResult; @@ -235,12 +237,15 @@ DWORD APIENTRY EapPeerGetIdentity( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppUserDataOut is NULL."))); else if (!ppwszIdentity) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppwszIdentity is NULL."))); - else if (!g_peer.get_identity(dwFlags, pConnectionData, dwConnectionDataSize, pUserData, dwUserDataSize, ppUserDataOut, pdwUserDataOutSize, hTokenImpersonateUser, pfInvokeUI, ppwszIdentity, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); + else { + try { + g_peer.get_identity(dwFlags, pConnectionData, dwConnectionDataSize, pUserData, dwUserDataSize, ppUserDataOut, pdwUserDataOutSize, hTokenImpersonateUser, pfInvokeUI, ppwszIdentity); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); dwResult = (*ppEapError)->dwWinError; - } else + } catch (...) { dwResult = ERROR_INVALID_DATA; + } } return dwResult; @@ -282,12 +287,15 @@ DWORD APIENTRY EapPeerBeginSession( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pUserData is NULL."))); else if (!phSession) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" phSession is NULL."))); - else if (!g_peer.begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, pConnectionData, dwConnectionDataSize, pUserData, dwUserDataSize, dwMaxSendPacketSize, phSession, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); - return dwResult = (*ppEapError)->dwWinError; - } else - return dwResult = ERROR_INVALID_DATA; + else { + try { + *phSession = g_peer.begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, pConnectionData, dwConnectionDataSize, pUserData, dwUserDataSize, dwMaxSendPacketSize); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); + dwResult = (*ppEapError)->dwWinError; + } catch (...) { + dwResult = ERROR_INVALID_DATA; + } } return dwResult; @@ -317,12 +325,15 @@ DWORD APIENTRY EapPeerEndSession( if (!hSession) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" hSession is NULL."))); - else if (!g_peer.end_session(hSession, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); - return dwResult = (*ppEapError)->dwWinError; - } else - return dwResult = ERROR_INVALID_DATA; + else { + try { + g_peer.end_session(hSession); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); + dwResult = (*ppEapError)->dwWinError; + } catch (...) { + dwResult = ERROR_INVALID_DATA; + } } return dwResult; @@ -359,12 +370,15 @@ DWORD APIENTRY EapPeerProcessRequestPacket( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pReceivedPacket is NULL or too short."))); else if (!pEapOutput) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapOutput is NULL."))); - else if (!g_peer.process_request_packet(hSession, pReceivedPacket, dwReceivedPacketSize, pEapOutput, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); + else { + try { + g_peer.process_request_packet(hSession, pReceivedPacket, dwReceivedPacketSize, pEapOutput); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); dwResult = (*ppEapError)->dwWinError; - } else + } catch (...) { dwResult = ERROR_INVALID_DATA; + } } return dwResult; @@ -400,12 +414,15 @@ DWORD APIENTRY EapPeerGetResponsePacket( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pdwSendPacketSize is NULL."))); else if (!pSendPacket && *pdwSendPacketSize) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pSendPacket is NULL."))); - else if (!g_peer.get_response_packet(hSession, pSendPacket, pdwSendPacketSize, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); + else { + try { + g_peer.get_response_packet(hSession, pSendPacket, pdwSendPacketSize); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); dwResult = (*ppEapError)->dwWinError; - } else + } catch (...) { dwResult = ERROR_INVALID_DATA; + } } return dwResult; @@ -439,12 +456,15 @@ DWORD APIENTRY EapPeerGetResult( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" hSession is NULL."))); else if (!ppResult) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppResult is NULL."))); - else if (!g_peer.get_result(hSession, reason, ppResult, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); + else { + try { + g_peer.get_result(hSession, reason, ppResult); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); dwResult = (*ppEapError)->dwWinError; - } else + } catch (...) { dwResult = ERROR_INVALID_DATA; + } } return dwResult; @@ -482,12 +502,15 @@ DWORD APIENTRY EapPeerGetUIContext( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pdwUIContextDataSize is NULL."))); else if (!ppUIContextData) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppUIContextData is NULL."))); - else if (!g_peer.get_ui_context(hSession, ppUIContextData, pdwUIContextDataSize, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); + else { + try { + g_peer.get_ui_context(hSession, ppUIContextData, pdwUIContextDataSize); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); dwResult = (*ppEapError)->dwWinError; - } else + } catch (...) { dwResult = ERROR_INVALID_DATA; + } } return dwResult; @@ -526,12 +549,15 @@ DWORD APIENTRY EapPeerSetUIContext( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pUIContextData is NULL."))); else if (!pEapOutput) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapOutput is NULL."))); - else if (!g_peer.set_ui_context(hSession, pUIContextData, dwUIContextDataSize, pEapOutput, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); + else { + try { + g_peer.set_ui_context(hSession, pUIContextData, dwUIContextDataSize, pEapOutput); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); dwResult = (*ppEapError)->dwWinError; - } else + } catch (...) { dwResult = ERROR_INVALID_DATA; + } } return dwResult; @@ -564,12 +590,15 @@ DWORD APIENTRY EapPeerGetResponseAttributes( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" hSession is NULL."))); else if (!pAttribs) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pAttribs is NULL."))); - else if (!g_peer.get_response_attributes(hSession, pAttribs, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); + else { + try { + g_peer.get_response_attributes(hSession, pAttribs); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); dwResult = (*ppEapError)->dwWinError; - } else + } catch (...) { dwResult = ERROR_INVALID_DATA; + } } return dwResult; @@ -603,12 +632,15 @@ DWORD APIENTRY EapPeerSetResponseAttributes( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" hSession is NULL."))); else if (!pEapOutput) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapOutput is NULL."))); - else if (!g_peer.set_response_attributes(hSession, pAttribs, pEapOutput, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); + else { + try { + g_peer.set_response_attributes(hSession, pAttribs, pEapOutput); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); dwResult = (*ppEapError)->dwWinError; - } else + } catch (...) { dwResult = ERROR_INVALID_DATA; + } } return dwResult; @@ -654,12 +686,15 @@ DWORD WINAPI EapPeerGetMethodProperties( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pUserData is NULL."))); else if (!pMethodPropertyArray) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pMethodPropertyArray is NULL."))); - else if (!g_peer.get_method_properties(dwVersion, dwFlags, hUserImpersonationToken, pConnectionData, dwConnectionDataSize, pUserData, dwUserDataSize, pMethodPropertyArray, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); + else { + try { + g_peer.get_method_properties(dwVersion, dwFlags, hUserImpersonationToken, pConnectionData, dwConnectionDataSize, pUserData, dwUserDataSize, pMethodPropertyArray); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); dwResult = (*ppEapError)->dwWinError; - } else + } catch (...) { dwResult = ERROR_INVALID_DATA; + } } return dwResult; @@ -709,18 +744,19 @@ DWORD WINAPI EapPeerCredentialsXml2Blob( // com_obj pXmlElCredentials; if ((dwResult = eapxml::select_node(pCredentialsDoc, bstr(L"//EapHostUserCredentials/Credentials"), &pXmlElCredentials)) != ERROR_SUCCESS) { - g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_FOUND, _T(__FUNCTION__) _T(" Error selecting element."), _T("Please make sure credential XML is a valid ") _T(PRODUCT_NAME_STR) _T(" credential XML document."))); + g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_FOUND, _T(__FUNCTION__) _T(" Error selecting element."))); return dwResult; } // Load credentials. pCredentialsDoc->setProperty(bstr(L"SelectionNamespaces"), variant(L"xmlns:eap-metadata=\"urn:ietf:params:xml:ns:yang:ietf-eap-metadata\"")); - if (!g_peer.credentials_xml2blob(dwFlags, pXmlElCredentials, pConnectionData, dwConnectionDataSize, ppCredentialsOut, pdwCredentialsOutSize, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); - return dwResult = (*ppEapError)->dwWinError; - } else - return dwResult = ERROR_INVALID_DATA; + try { + g_peer.credentials_xml2blob(dwFlags, pXmlElCredentials, pConnectionData, dwConnectionDataSize, ppCredentialsOut, pdwCredentialsOutSize); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); + dwResult = (*ppEapError)->dwWinError; + } catch (...) { + dwResult = ERROR_INVALID_DATA; } } @@ -762,19 +798,15 @@ DWORD WINAPI EapPeerQueryCredentialInputFields( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pConnectionData is NULL."))); else if (!pEapConfigInputFieldsArray) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapConfigInputFieldsArray is NULL."))); - else if (!g_peer.query_credential_input_fields( - hUserImpersonationToken, - dwFlags, - dwConnectionDataSize, - pConnectionData, - pEapConfigInputFieldsArray, - ppEapError)) - { - if (*ppEapError) { - g_peer.log_error(*ppEapError); + else { + try { + g_peer.query_credential_input_fields(hUserImpersonationToken, dwFlags, dwConnectionDataSize, pConnectionData, pEapConfigInputFieldsArray); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); dwResult = (*ppEapError)->dwWinError; - } else + } catch (...) { dwResult = ERROR_INVALID_DATA; + } } return dwResult; @@ -821,21 +853,15 @@ DWORD WINAPI EapPeerQueryUserBlobFromCredentialInputFields( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pdwUsersBlobSize is NULL."))); else if (!ppUserBlob) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppUserBlob is NULL."))); - else if (!g_peer.query_user_blob_from_credential_input_fields( - hUserImpersonationToken, - dwFlags, - dwConnectionDataSize, - pConnectionData, - pEapConfigInputFieldArray, - pdwUsersBlobSize, - ppUserBlob, - ppEapError)) - { - if (*ppEapError) { - g_peer.log_error(*ppEapError); + else { + try { + g_peer.query_user_blob_from_credential_input_fields(hUserImpersonationToken, dwFlags, dwConnectionDataSize, pConnectionData, pEapConfigInputFieldArray, pdwUsersBlobSize, ppUserBlob); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); dwResult = (*ppEapError)->dwWinError; - } else + } catch (...) { dwResult = ERROR_INVALID_DATA; + } } return dwResult; @@ -874,20 +900,15 @@ DWORD WINAPI EapPeerQueryInteractiveUIInputFields( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pUIContextData is NULL."))); else if (!pEapInteractiveUIData) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapInteractiveUIData is NULL."))); - else if (!g_peer.query_interactive_ui_input_fields( - dwVersion, - dwFlags, - dwUIContextDataSize, - pUIContextData, - pEapInteractiveUIData, - ppEapError, - pvReserved)) - { - if (*ppEapError) { - g_peer.log_error(*ppEapError); + else { + try { + g_peer.query_interactive_ui_input_fields(dwVersion, dwFlags, dwUIContextDataSize, pUIContextData, pEapInteractiveUIData); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); dwResult = (*ppEapError)->dwWinError; - } else + } catch (...) { dwResult = ERROR_INVALID_DATA; + } } return dwResult; @@ -930,22 +951,15 @@ DWORD WINAPI EapPeerQueryUIBlobFromInteractiveUIInputFields( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pdwDataFromInteractiveUISize is NULL."))); else if (!ppDataFromInteractiveUI) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppDataFromInteractiveUI is NULL."))); - else if (!g_peer.query_ui_blob_from_interactive_ui_input_fields( - dwVersion, - dwFlags, - dwUIContextDataSize, - pUIContextData, - pEapInteractiveUIData, - pdwDataFromInteractiveUISize, - ppDataFromInteractiveUI, - ppEapError, - ppvReserved)) - { - if (*ppEapError) { - g_peer.log_error(*ppEapError); + else { + try { + g_peer.query_ui_blob_from_interactive_ui_input_fields(dwVersion, dwFlags, dwUIContextDataSize, pUIContextData, pEapInteractiveUIData, pdwDataFromInteractiveUISize, ppDataFromInteractiveUI); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); dwResult = (*ppEapError)->dwWinError; - } else + } catch (...) { dwResult = ERROR_INVALID_DATA; + } } return dwResult; diff --git a/EAPMethods/src/Main_UI.cpp b/EAPMethods/src/Main_UI.cpp index 055b111..6c6d330 100644 --- a/EAPMethods/src/Main_UI.cpp +++ b/EAPMethods/src/Main_UI.cpp @@ -140,12 +140,13 @@ DWORD WINAPI EapPeerConfigXml2Blob( // Load configuration. pConfigDoc->setProperty(bstr(L"SelectionNamespaces"), variant(L"xmlns:eap-metadata=\"urn:ietf:params:xml:ns:yang:ietf-eap-metadata\"")); - if (!g_peer.config_xml2blob(dwFlags, pXmlElConfig, pConnectionDataOut, pdwConnectionDataOutSize, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); - return dwResult = (*ppEapError)->dwWinError; - } else - return dwResult = ERROR_INVALID_DATA; + try { + g_peer.config_xml2blob(dwFlags, pXmlElConfig, pConnectionDataOut, pdwConnectionDataOutSize); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); + dwResult = (*ppEapError)->dwWinError; + } catch (...) { + dwResult = ERROR_INVALID_DATA; } } @@ -221,12 +222,13 @@ DWORD WINAPI EapPeerConfigBlob2Xml( // Save configuration. pDoc->setProperty(bstr(L"SelectionNamespaces"), variant(L"xmlns:eap-metadata=\"urn:ietf:params:xml:ns:yang:ietf-eap-metadata\"")); - if (!g_peer.config_blob2xml(dwFlags, pConnectionData, dwConnectionDataSize, pDoc, pXmlElConfig, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); - return dwResult = (*ppEapError)->dwWinError; - } else - return dwResult = ERROR_INVALID_DATA; + try { + g_peer.config_blob2xml(dwFlags, pConnectionData, dwConnectionDataSize, pDoc, pXmlElConfig); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); + return dwResult = (*ppEapError)->dwWinError; + } catch (...) { + return dwResult = ERROR_INVALID_DATA; } *ppConfigDoc = pDoc.detach(); @@ -277,12 +279,15 @@ DWORD WINAPI EapPeerInvokeConfigUI( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pdwConnectionDataOutSize is NULL."))); else if (!ppConnectionDataOut) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppConnectionDataOut is NULL."))); - else if (!g_peer.invoke_config_ui(hwndParent, pConnectionDataIn, dwConnectionDataInSize, ppConnectionDataOut, pdwConnectionDataOutSize, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); - return dwResult = (*ppEapError)->dwWinError; - } else - return dwResult = ERROR_INVALID_DATA; + else { + try { + g_peer.invoke_config_ui(hwndParent, pConnectionDataIn, dwConnectionDataInSize, ppConnectionDataOut, pdwConnectionDataOutSize); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); + dwResult = (*ppEapError)->dwWinError; + } catch (...) { + dwResult = ERROR_INVALID_DATA; + } } return dwResult; @@ -336,12 +341,15 @@ DWORD WINAPI EapPeerInvokeIdentityUI( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppUserDataOut is NULL."))); else if (!ppwszIdentity) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppwszIdentity is NULL."))); - else if (!g_peer.invoke_identity_ui(hwndParent, dwFlags, pConnectionData, dwConnectionDataSize, pUserData, dwUserDataSize, ppUserDataOut, pdwUserDataOutSize, ppwszIdentity, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); - return dwResult = (*ppEapError)->dwWinError; - } else - return dwResult = ERROR_INVALID_DATA; + else { + try { + g_peer.invoke_identity_ui(hwndParent, dwFlags, pConnectionData, dwConnectionDataSize, pUserData, dwUserDataSize, ppUserDataOut, pdwUserDataOutSize, ppwszIdentity); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); + dwResult = (*ppEapError)->dwWinError; + } catch (...) { + dwResult = ERROR_INVALID_DATA; + } } return dwResult; @@ -387,12 +395,15 @@ DWORD WINAPI EapPeerInvokeInteractiveUI( g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pdwDataFromInteractiveUISize is NULL."))); else if (!ppDataFromInteractiveUI) g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppDataFromInteractiveUI is NULL."))); - else if (!g_peer.invoke_interactive_ui(hwndParent, pUIContextData, dwUIContextDataSize, ppDataFromInteractiveUI, pdwDataFromInteractiveUISize, ppEapError)) { - if (*ppEapError) { - g_peer.log_error(*ppEapError); - return dwResult = (*ppEapError)->dwWinError; - } else - return dwResult = ERROR_INVALID_DATA; + else { + try { + g_peer.invoke_interactive_ui(hwndParent, pUIContextData, dwUIContextDataSize, ppDataFromInteractiveUI, pdwDataFromInteractiveUISize); + } catch (std::exception &err) { + g_peer.log_error(*ppEapError = g_peer.make_error(err)); + dwResult = (*ppEapError)->dwWinError; + } catch (...) { + dwResult = ERROR_INVALID_DATA; + } } return dwResult; diff --git a/lib/EAPBase/build/EAPBase.vcxproj b/lib/EAPBase/build/EAPBase.vcxproj index 3b7c1a7..9294069 100644 --- a/lib/EAPBase/build/EAPBase.vcxproj +++ b/lib/EAPBase/build/EAPBase.vcxproj @@ -90,6 +90,7 @@ + diff --git a/lib/EAPBase/build/EAPBase.vcxproj.filters b/lib/EAPBase/build/EAPBase.vcxproj.filters index 2f249ca..baddccc 100644 --- a/lib/EAPBase/build/EAPBase.vcxproj.filters +++ b/lib/EAPBase/build/EAPBase.vcxproj.filters @@ -49,5 +49,8 @@ Source Files + + Source Files + \ No newline at end of file diff --git a/lib/EAPBase/include/Config.h b/lib/EAPBase/include/Config.h index 7be0678..22b31ea 100644 --- a/lib/EAPBase/include/Config.h +++ b/lib/EAPBase/include/Config.h @@ -149,29 +149,19 @@ namespace eap /// @{ /// - /// Save configuration to XML document + /// Save to XML document /// /// \param[in] pDoc XML document - /// \param[in] pConfigRoot Suggested root element for saving configuration - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Suggested root element for saving /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const; + virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const; /// - /// Load configuration from XML document + /// Load from XML document /// - /// \param[in] pConfigRoot Root element for loading configuration - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Root element for loading /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError); + virtual void load(_In_ IXMLDOMNode *pConfigRoot); /// @} @@ -306,29 +296,19 @@ namespace eap /// @{ /// - /// Save configuration to XML document + /// Save to XML document /// /// \param[in] pDoc XML document - /// \param[in] pConfigRoot Suggested root element for saving configuration - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Suggested root element for saving /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const; + virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const; /// - /// Load configuration from XML document + /// Load from XML document /// - /// \param[in] pConfigRoot Root element for loading configuration - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Root element for loading /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError); + virtual void load(_In_ IXMLDOMNode *pConfigRoot); /// @} @@ -418,29 +398,19 @@ namespace eap /// @{ /// - /// Save configuration to XML document + /// Save to XML document /// /// \param[in] pDoc XML document - /// \param[in] pConfigRoot Suggested root element for saving configuration - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Suggested root element for saving /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const; + virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const; /// - /// Load configuration from XML document + /// Load from XML document /// - /// \param[in] pConfigRoot Root element for loading configuration - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Root element for loading /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError); + virtual void load(_In_ IXMLDOMNode *pConfigRoot); /// @} @@ -537,29 +507,19 @@ namespace eap /// @{ /// - /// Save configuration to XML document + /// Save to XML document /// /// \param[in] pDoc XML document - /// \param[in] pConfigRoot Suggested root element for saving configuration - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Suggested root element for saving /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const; + virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const; /// - /// Load configuration from XML document + /// Load from XML document /// - /// \param[in] pConfigRoot Root element for loading configuration - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Root element for loading /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError); + virtual void load(_In_ IXMLDOMNode *pConfigRoot); /// @} diff --git a/lib/EAPBase/include/Credentials.h b/lib/EAPBase/include/Credentials.h index 5e1d39c..c5e3b9c 100644 --- a/lib/EAPBase/include/Credentials.h +++ b/lib/EAPBase/include/Credentials.h @@ -108,36 +108,6 @@ namespace eap /// virtual bool empty() const; - /// \name XML configuration management - /// @{ - - /// - /// Save credentials to XML document - /// - /// \param[in] pDoc XML document - /// \param[in] pConfigRoot Suggested root element for saving credentials - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. - /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const; - - /// - /// Load credentials from XML document - /// - /// \param[in] pConfigRoot Root element for loading credentials - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. - /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError); - - /// @} - /// \name Storage /// @{ @@ -145,25 +115,15 @@ namespace eap /// Save credentials to Windows Credential Manager /// /// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const = 0; + virtual void store(_In_ LPCTSTR pszTargetName) const = 0; /// /// Retrieve credentials from Windows Credential Manager /// /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) = 0; + virtual void retrieve(_In_ LPCTSTR pszTargetName) = 0; /// /// Returns target name for Windows Credential Manager credential name @@ -261,29 +221,19 @@ namespace eap /// @{ /// - /// Save credentials to XML document + /// Save to XML document /// /// \param[in] pDoc XML document - /// \param[in] pConfigRoot Suggested root element for saving credentials - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Suggested root element for saving /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const; + virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const; /// - /// Load credentials from XML document + /// Load from XML document /// - /// \param[in] pConfigRoot Root element for loading credentials - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Root element for loading /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError); + virtual void load(_In_ IXMLDOMNode *pConfigRoot); /// @} @@ -320,25 +270,15 @@ namespace eap /// Save credentials to Windows Credential Manager /// /// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const; + virtual void store(_In_ LPCTSTR pszTargetName) const; /// /// Retrieve credentials from Windows Credential Manager /// /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError); + virtual void retrieve(_In_ LPCTSTR pszTargetName); /// @} diff --git a/lib/EAPBase/include/EAP.h b/lib/EAPBase/include/EAP.h index 969f3b5..bf9a737 100644 --- a/lib/EAPBase/include/EAP.h +++ b/lib/EAPBase/include/EAP.h @@ -37,6 +37,7 @@ #include #include +#include #include #include @@ -56,6 +57,11 @@ namespace eap /// Sanitizing dynamically allocated BLOB /// typedef std::vector > sanitizing_blob; + + /// + /// Windows runtime error + /// + class win_runtime_error; } /// @@ -361,6 +367,7 @@ namespace eap ptr_type ptr_end; ///< Pointer to the end of available memory }; + struct cursor_in { typedef const unsigned char *ptr_type; @@ -368,6 +375,59 @@ namespace eap ptr_type ptr; ///< Pointer to first data unread ptr_type ptr_end; ///< Pointer to the end of BLOB }; + + + class win_runtime_error : public std::runtime_error + { + public: + /// + /// Constructs an exception + /// + /// \param[in] error Windows error code + /// \param[in] msg Error message + /// + win_runtime_error(_In_ DWORD error, _In_ const winstd::tstring& msg); + + /// + /// Constructs an exception + /// + /// \param[in] error Windows error code + /// \param[in] msg Error message + /// + win_runtime_error(_In_ DWORD error, _In_z_ const TCHAR *msg); + + /// + /// Constructs an exception using `GetLastError()` + /// + /// \param[in] msg Error message + /// + win_runtime_error(_In_ const winstd::tstring& msg); + + /// + /// Constructs an exception using `GetLastError()` + /// + /// \param[in] msg Error message + /// + win_runtime_error(_In_z_ const TCHAR *msg); + + /// + /// Copies an exception + /// + /// \param[in] other Exception to copy from + /// + win_runtime_error(const win_runtime_error &other); + + /// + /// Copies an exception + /// + /// \param[in] other Exception to copy from + /// + win_runtime_error& operator=(const win_runtime_error &other); + + public: + DWORD m_error; ///< Windows error code + winstd::tstring m_msg; ///< Error description + }; } diff --git a/lib/EAPBase/include/Method.h b/lib/EAPBase/include/Method.h index 2e587fa..cbcc91e 100644 --- a/lib/EAPBase/include/Method.h +++ b/lib/EAPBase/include/Method.h @@ -95,70 +95,46 @@ namespace eap /// /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool begin_session( + virtual void begin_session( _In_ DWORD dwFlags, _In_ const EapAttributes *pAttributeArray, _In_ HANDLE hTokenImpersonateUser, - _In_ DWORD dwMaxSendPacketSize, - _Out_ EAP_ERROR **ppEapError); + _In_ DWORD dwMaxSendPacketSize); /// /// Ends an EAP authentication session for the EAP method. /// /// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool end_session(_Out_ EAP_ERROR **ppEapError); + virtual void end_session(); /// /// Processes a packet received by EAPHost from a supplicant. /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx) /// - virtual bool process_request_packet( + virtual void process_request_packet( _In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket, _In_ DWORD dwReceivedPacketSize, - _Out_ EapPeerMethodOutput *pEapOutput, - _Out_ EAP_ERROR **ppEapError) = 0; + _Inout_ EapPeerMethodOutput *pEapOutput) = 0; /// /// Obtains a response packet from the EAP method. /// /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_response_packet( + virtual void get_response_packet( _Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket, - _Inout_ DWORD *pdwSendPacketSize, - _Out_ EAP_ERROR **ppEapError) = 0; + _Inout_ DWORD *pdwSendPacketSize) = 0; /// /// Obtains the result of an authentication session from the EAP method. /// /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_result( - _In_ EapPeerMethodResultReason reason, - _Out_ EapPeerMethodResult *ppResult, - _Out_ EAP_ERROR **ppEapError) = 0; + virtual void get_result( + _In_ EapPeerMethodResultReason reason, + _Inout_ EapPeerMethodResult *ppResult) = 0; /// @} diff --git a/lib/EAPBase/include/Module.h b/lib/EAPBase/include/Module.h index 8639752..1f0511f 100644 --- a/lib/EAPBase/include/Module.h +++ b/lib/EAPBase/include/Module.h @@ -53,6 +53,8 @@ extern "C" { #include // Must include after +#include + namespace eap { @@ -79,6 +81,11 @@ namespace eap /// EAP_ERROR* make_error(_In_ DWORD dwErrorCode, _In_opt_z_ LPCWSTR pszRootCauseString = NULL, _In_opt_z_ LPCWSTR pszRepairString = NULL, _In_opt_ DWORD dwReasonCode = 0, _In_opt_ LPCGUID pRootCauseGuid = NULL, _In_opt_ LPCGUID pRepairGuid = NULL, _In_opt_ LPCGUID pHelpLinkGuid = NULL) const; + /// + /// Allocate a EAP_ERROR and fill it according to exception + /// + EAP_ERROR* make_error(_In_ std::exception &err) const; + /// /// Allocate BLOB /// @@ -204,137 +211,108 @@ namespace eap /// /// Encrypts data /// - /// \param[in ] hProv Handle of cryptographics provider - /// \param[in ] data Pointer to data to encrypt - /// \param[in ] size Size of \p data in bytes - /// \param[out] enc Encrypted data - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. - /// \param[out] hHash Handle of hashing object + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] data Pointer to data to encrypt + /// \param[in ] size Size of \p data in bytes + /// \param[out] enc Encrypted data + /// \param[out] hHash Handle of hashing object /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. + /// \returns Encrypted data /// - bool encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const; + std::vector encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_opt_ HCRYPTHASH hHash = NULL) const; /// /// Encrypts a string /// - /// \param[in ] hProv Handle of cryptographics provider - /// \param[in ] val String to encrypt - /// \param[out] enc Encrypted data - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. - /// \param[out] hHash Handle of hashing object + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] val String to encrypt + /// \param[out] hHash Handle of hashing object /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. + /// \returns Encrypted data /// template - bool encrypt(_In_ HCRYPTPROV hProv, _In_ const std::basic_string<_Elem, _Traits, _Ax> &val, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const + std::vector encrypt(_In_ HCRYPTPROV hProv, _In_ const std::basic_string<_Elem, _Traits, _Ax> &val, _Out_opt_ HCRYPTHASH hHash = NULL) const { - return encrypt(hProv, val.c_str(), val.length()*sizeof(_Elem), enc, ppEapError, hHash); + return encrypt(hProv, val.c_str(), val.length()*sizeof(_Elem), hHash); } /// /// Encrypts a wide string /// - /// \param[in ] hProv Handle of cryptographics provider - /// \param[in ] val String to encrypt - /// \param[out] enc Encrypted data - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. - /// \param[out] hHash Handle of hashing object + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] val String to encrypt + /// \param[out] hHash Handle of hashing object /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. + /// \returns Encrypted data /// template - bool encrypt(_In_ HCRYPTPROV hProv, _In_ const std::basic_string &val, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const + std::vector encrypt(_In_ HCRYPTPROV hProv, _In_ const std::basic_string &val, _Out_opt_ HCRYPTHASH hHash = NULL) const { winstd::sanitizing_string val_utf8; WideCharToMultiByte(CP_UTF8, 0, val.c_str(), (int)val.length(), val_utf8, NULL, NULL); - return encrypt(hProv, val_utf8, enc, ppEapError, hHash); + return encrypt(hProv, val_utf8, hHash); } /// /// Encrypts data and add MD5 hash for integrity check /// - /// \param[in ] hProv Handle of cryptographics provider - /// \param[in ] data Pointer to data to encrypt - /// \param[in ] size Size of \p data in bytes - /// \param[out] enc Encrypted data with 16B MD5 hash appended - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] data Pointer to data to encrypt + /// \param[in ] size Size of \p data in bytes /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. + /// \returns Encrypted data with 16B MD5 hash appended /// - bool encrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError) const; + std::vector encrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size) const; /// /// Encrypts a string and add MD5 hash for integrity check /// - /// \param[in ] hProv Handle of cryptographics provider - /// \param[in ] val String to encrypt - /// \param[out] enc Encrypted data with 16B MD5 hash appended - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] val String to encrypt /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. + /// \returns Encrypted data with 16B MD5 hash appended /// template - bool encrypt_md5(_In_ HCRYPTPROV hProv, _In_ const std::basic_string<_Elem, _Traits, _Ax> &val, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError) const + std::vector encrypt_md5(_In_ HCRYPTPROV hProv, _In_ const std::basic_string<_Elem, _Traits, _Ax> &val) const { - return encrypt_md5(hProv, val.c_str(), val.length()*sizeof(_Elem), enc, ppEapError); + return encrypt_md5(hProv, val.c_str(), val.length()*sizeof(_Elem)); } /// /// Encrypts a wide string and add MD5 hash for integrity check /// - /// \param[in ] hProv Handle of cryptographics provider - /// \param[in ] val String to encrypt - /// \param[out] enc Encrypted data with 16B MD5 hash appended - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] val String to encrypt /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. + /// \returns Encrypted data with 16B MD5 hash appended /// template - bool encrypt_md5(_In_ HCRYPTPROV hProv, _In_ const std::basic_string &val, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError) const + std::vector encrypt_md5(_In_ HCRYPTPROV hProv, _In_ const std::basic_string &val) const { winstd::sanitizing_string val_utf8; WideCharToMultiByte(CP_UTF8, 0, val.c_str(), (int)val.length(), val_utf8, NULL, NULL); - return encrypt_md5(hProv, val_utf8, enc, ppEapError); + return encrypt_md5(hProv, val_utf8); } /// /// Decrypts data /// - /// \param[in ] hProv Handle of cryptographics provider - /// \param[in ] data Pointer to data to decrypt - /// \param[in ] size Size of \p data in bytes - /// \param[out] dec Decrypted data - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. - /// \param[out] hHash Handle of hashing object + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] data Pointer to data to decrypt + /// \param[in ] size Size of \p data in bytes + /// \param[out] hHash Handle of hashing object /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. + /// \returns Decrypted data /// template - bool decrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<_Ty, _Ax> &dec, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const + std::vector<_Ty, _Ax> decrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_opt_ HCRYPTHASH hHash = NULL) const { - assert(ppEapError); - // Import the private RSA key. HRSRC res = FindResource(m_instance, MAKEINTRESOURCE(IDR_EAP_KEY_PRIVATE), RT_RCDATA); assert(res); @@ -343,183 +321,133 @@ namespace eap winstd::crypt_key key_rsa; std::unique_ptr > keyinfo_data; DWORD keyinfo_size = 0; - if (!CryptDecodeObjectEx(X509_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, (const BYTE*)::LockResource(res_handle), ::SizeofResource(m_instance, res), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size)) { - *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptDecodeObjectEx failed.")); - return false; - } - if (!key_rsa.import(hProv, keyinfo_data.get(), keyinfo_size, NULL, 0)) { - *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Private key import failed.")); - return false; - } + if (!CryptDecodeObjectEx(X509_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, (const BYTE*)::LockResource(res_handle), ::SizeofResource(m_instance, res), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CryptDecodeObjectEx failed.")); + if (!key_rsa.import(hProv, keyinfo_data.get(), keyinfo_size, NULL, 0)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Private key import failed.")); // Import the 256-bit AES session key. winstd::crypt_key key_aes; - if (!CryptImportKey(hProv, (LPCBYTE)data, 268, key_rsa, 0, &key_aes)) { - *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptImportKey failed.")); - return false; - } + if (!CryptImportKey(hProv, (LPCBYTE)data, 268, key_rsa, 0, &key_aes)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CryptImportKey failed.")); // Decrypt the data using AES session key. std::vector > buf; buf.assign((const unsigned char*)data + 268, (const unsigned char*)data + size); - if (!CryptDecrypt(key_aes, hHash, TRUE, 0, buf)) { - *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptDecrypt failed.")); - return false; - } - dec.assign(buf.begin(), buf.end()); + if (!CryptDecrypt(key_aes, hHash, TRUE, 0, buf)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CryptDecrypt failed.")); - return true; + return std::vector<_Ty, _Ax>(buf); } /// /// Decrypts a string /// - /// \param[in ] hProv Handle of cryptographics provider - /// \param[in ] data Pointer to data to decrypt - /// \param[in ] size Size of \p data in bytes - /// \param[out] dec Decrypted string - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. - /// \param[out] hHash Handle of hashing object + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] data Pointer to data to decrypt + /// \param[in ] size Size of \p data in bytes + /// \param[out] hHash Handle of hashing object /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. + /// \returns Decrypted string /// template - bool decrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::basic_string<_Elem, _Traits, _Ax> &dec, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const + std::basic_string<_Elem, _Traits, _Ax> decrypt_str(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_opt_ HCRYPTHASH hHash = NULL) const { - std::vector<_Elem, sanitizing_allocator<_Elem> > buf; - if (!decrypt(hProv, data, size, buf, ppEapError, hHash)) - return false; - dec.assign(buf.data(), buf.size()); - - return true; + std::vector<_Elem, sanitizing_allocator<_Elem> > buf(std::move(decrypt(hProv, data, size, hHash))); + return std::basic_string<_Elem, _Traits, _Ax>(buf.data(), buf.size()); } /// /// Decrypts a wide string /// - /// \param[in ] hProv Handle of cryptographics provider - /// \param[in ] data Pointer to data to decrypt - /// \param[in ] size Size of \p data in bytes - /// \param[out] dec Decrypted string - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. - /// \param[out] hHash Handle of hashing object + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] data Pointer to data to decrypt + /// \param[in ] size Size of \p data in bytes + /// \param[out] hHash Handle of hashing object /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. + /// \returns Decrypted string /// template - bool decrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::basic_string &dec, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash = NULL) const + std::basic_string decrypt_str(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_opt_ HCRYPTHASH hHash = NULL) const { - winstd::sanitizing_string buf; - if (!decrypt(hProv, data, size, buf, ppEapError, hHash)) - return false; + winstd::sanitizing_string buf(std::move(decrypt_str(hProv, data, size, hHash))); + std::basic_string dec; MultiByteToWideChar(CP_UTF8, 0, buf.data(), (int)buf.size(), dec); - - return true; + return dec; } /// /// Decrypts data with MD5 integrity check /// - /// \param[in ] hProv Handle of cryptographics provider - /// \param[in ] data Pointer to data with 16B MD5 hash appended to decrypt - /// \param[in ] size Size of \p data in bytes - /// \param[out] dec Decrypted data - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] data Pointer to data with 16B MD5 hash appended to decrypt + /// \param[in ] size Size of \p data in bytes /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. + /// \returns Decrypted data /// template - bool decrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<_Ty, _Ax> &dec, _Out_ EAP_ERROR **ppEapError) const + std::vector<_Ty, _Ax> decrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size) const { // Create hash. winstd::crypt_hash hash; - if (!hash.create(hProv, CALG_MD5)) { - *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Creating MD5 hash failed.")); - return false; - } - DWORD dwHashSize, dwHashSizeSize = sizeof(dwHashSize); - CryptGetHashParam(hash, HP_HASHSIZE, (LPBYTE)&dwHashSize, &dwHashSizeSize, 0); - if (size < dwHashSize) { - *ppEapError = make_error(ERROR_INVALID_DATA, _T(__FUNCTION__) _T(" Encrypted data too short.")); - return false; - } + if (!hash.create(hProv, CALG_MD5)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Creating MD5 hash failed.")); + DWORD dwHashSize; + CryptGetHashParam(hash, HP_HASHSIZE, dwHashSize, 0); + if (size < dwHashSize) + throw invalid_argument(__FUNCTION__ " Encrypted data too short."); size_t enc_size = size - dwHashSize; // Decrypt data. - if (!decrypt(hProv, data, enc_size, dec, ppEapError, hash)) - return false; + std::vector<_Ty, _Ax> dec(std::move(decrypt<_Ty, _Ax>(hProv, data, enc_size, hash))); // Calculate MD5 hash and verify it. std::vector hash_bin; - if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0)) { - *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Calculating MD5 hash failed.")); - return false; - } - if (memcmp((unsigned char*)data + enc_size, hash_bin.data(), dwHashSize) != 0) { - *ppEapError = make_error(ERROR_INVALID_DATA, _T(__FUNCTION__) _T(" Invalid encrypted data.")); - return false; - } + if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Calculating MD5 hash failed.")); + if (memcmp((unsigned char*)data + enc_size, hash_bin.data(), dwHashSize) != 0) + throw invalid_argument(__FUNCTION__ " Invalid encrypted data."); - return true; + return dec; } /// /// Decrypts a string with MD5 integrity check /// - /// \param[in ] hProv Handle of cryptographics provider - /// \param[in ] data Pointer to data with 16B MD5 hash appended to decrypt - /// \param[in ] size Size of \p data in bytes - /// \param[out] dec Decrypted string - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] data Pointer to data with 16B MD5 hash appended to decrypt + /// \param[in ] size Size of \p data in bytes /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. + /// \returns Decrypted string /// template - bool decrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::basic_string<_Elem, _Traits, _Ax> &dec, _Out_ EAP_ERROR **ppEapError) const + std::basic_string<_Elem, _Traits, _Ax> decrypt_str_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size) const { - std::vector<_Elem, sanitizing_allocator<_Elem> > buf; - if (!decrypt_md5(hProv, data, size, buf, ppEapError)) - return false; - dec.assign(buf.data(), buf.size()); - - return true; + std::vector<_Elem, sanitizing_allocator<_Elem> > buf(std::move(decrypt_md5(hProv, data, size))); + return std::basic_string<_Elem, _Traits, _Ax>(buf.data(), buf.size()); } /// /// Decrypts a wide string with MD5 integrity check /// - /// \param[in ] hProv Handle of cryptographics provider - /// \param[in ] data Pointer to data with 16B MD5 hash appended to decrypt - /// \param[in ] size Size of \p data in bytes - /// \param[out] dec Decrypted string - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in ] hProv Handle of cryptographics provider + /// \param[in ] data Pointer to data with 16B MD5 hash appended to decrypt + /// \param[in ] size Size of \p data in bytes /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. + /// \returns Decrypted string /// template - bool decrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::basic_string &dec, _Out_ EAP_ERROR **ppEapError) const + std::basic_string decrypt_str_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size) const { - winstd::sanitizing_string buf; - if (!decrypt_md5(hProv, data, size, buf, ppEapError)) - return false; + winstd::sanitizing_string buf(std::move(decrypt_str_md5(hProv, data, size))); + std::basic_string dec; MultiByteToWideChar(CP_UTF8, 0, buf.data(), (int)buf.size(), dec); - - return true; + return dec; } /// @} @@ -540,35 +468,26 @@ namespace eap /// - \c false otherwise. See \p ppEapError for details. /// template - bool unpack( + void unpack( _Inout_ T &record, _In_count_(dwDataInSize) const BYTE *pDataIn, - _In_ DWORD dwDataInSize, - _Out_ EAP_ERROR **ppEapError) + _In_ DWORD dwDataInSize) { #if EAP_ENCRYPT_BLOBS // Prepare cryptographics provider. winstd::crypt_prov cp; - if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) { - *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptAcquireContext failed.")); - return false; - } + if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CryptAcquireContext failed.")); // Decrypt data. - std::vector > data; - if (!decrypt_md5(cp, pDataIn, dwDataInSize, data, ppEapError)) - return false; + std::vector > data(std::move(decrypt_md5 >(cp, pDataIn, dwDataInSize))); cursor_in cursor = { data.data(), data.data() + data.size() }; #else - UNREFERENCED_PARAMETER(ppEapError); - cursor_in cursor = { pDataIn, pDataIn + dwDataInSize }; #endif cursor >> record; assert(cursor.ptr == cursor.ptr_end); - - return true; } @@ -578,18 +497,12 @@ namespace eap /// \param[in ] record Object to pack /// \param[out] ppDataOut Pointer to pointer to receive encrypted BLOB. Pointer must be freed using `module::free_memory()`. /// \param[out] pdwDataOutSize Pointer to \p ppDataOut size - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. - /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. /// template - bool pack( - _In_ const T &record, - _Out_ BYTE **ppDataOut, - _Out_ DWORD *pdwDataOutSize, - _Out_ EAP_ERROR **ppEapError) + void pack( + _In_ const T &record, + _Out_ BYTE **ppDataOut, + _Out_ DWORD *pdwDataOutSize) { assert(ppDataOut); assert(pdwDataOutSize); @@ -606,32 +519,24 @@ namespace eap // Prepare cryptographics provider. winstd::crypt_prov cp; - if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) { - *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptAcquireContext failed.")); - return false; - } + if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CryptAcquireContext failed.")); // Encrypt BLOB. - std::vector data_enc; - if (!encrypt_md5(cp, data.data(), data.size(), data_enc, ppEapError)) - return false; + std::vector data_enc(std::move(encrypt_md5(cp, data.data(), data.size()))); // Copy encrypted BLOB to output. *pdwDataOutSize = (DWORD)data_enc.size(); *ppDataOut = alloc_memory(*pdwDataOutSize); - if (!*ppDataOut) { - *ppEapError = make_error(ERROR_OUTOFMEMORY, winstd::wstring_printf(_T(__FUNCTION__) _T(" Error allocating memory for BLOB (%uB)."), *pdwDataOutSize).c_str()); - return false; - } + if (!*ppDataOut) + throw win_runtime_error(ERROR_OUTOFMEMORY, winstd::wstring_printf(_T(__FUNCTION__) _T(" Error allocating memory for BLOB (%uB)."), *pdwDataOutSize).c_str()); memcpy(*ppDataOut, data_enc.data(), *pdwDataOutSize); #else // Allocate BLOB. *pdwDataOutSize = (DWORD)pksizeof(record); *ppDataOut = alloc_memory(*pdwDataOutSize); - if (!*ppDataOut) { - *ppEapError = make_error(ERROR_OUTOFMEMORY, winstd::wstring_printf(_T(__FUNCTION__) _T(" Error allocating memory for BLOB (%uB)."), *pdwDataOutSize).c_str()); - return false; - } + if (!*ppDataOut) + throw win_runtime_error(ERROR_OUTOFMEMORY, winstd::wstring_printf(_T(__FUNCTION__) _T(" Error allocating memory for BLOB (%uB)."), *pdwDataOutSize).c_str()); // Pack to BLOB. cursor_out cursor = { *ppDataOut, *ppDataOut + *pdwDataOutSize }; @@ -639,8 +544,6 @@ namespace eap assert(cursor.ptr == cursor.ptr_end); *pdwDataOutSize = cursor.ptr - *ppDataOut; #endif - - return true; } /// @} @@ -670,55 +573,38 @@ namespace eap /// /// \sa [EapPeerGetInfo function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363613.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool initialize(_Out_ EAP_ERROR **ppEapError) = 0; + virtual void initialize() = 0; /// /// Shuts down the EAP method and prepares to unload its corresponding DLL. /// /// \sa [EapPeerShutdown function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363627.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool shutdown(_Out_ EAP_ERROR **ppEapError) = 0; + virtual void shutdown() = 0; /// /// Returns the user data and user identity after being called by EAPHost. /// /// \sa [EapPeerGetIdentity function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363607.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_identity( - _In_ DWORD dwFlags, - _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, - _In_ DWORD dwConnectionDataSize, - _In_count_(dwUserDataSize) const BYTE *pUserData, - _In_ DWORD dwUserDataSize, - _Out_ BYTE **ppUserDataOut, - _Out_ DWORD *pdwUserDataOutSize, - _In_ HANDLE hTokenImpersonateUser, - _Out_ BOOL *pfInvokeUI, - _Out_ WCHAR **ppwszIdentity, - _Out_ EAP_ERROR **ppEapError) = 0; + virtual void get_identity( + _In_ DWORD dwFlags, + _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, + _In_ DWORD dwConnectionDataSize, + _In_count_(dwUserDataSize) const BYTE *pUserData, + _In_ DWORD dwUserDataSize, + _Inout_ BYTE **ppUserDataOut, + _Inout_ DWORD *pdwUserDataOutSize, + _In_ HANDLE hTokenImpersonateUser, + _Inout_ BOOL *pfInvokeUI, + _Inout_ WCHAR **ppwszIdentity) = 0; /// /// Defines the implementation of an EAP method-specific function that retrieves the properties of an EAP method given the connection and user data. /// /// \sa [EapPeerGetMethodProperties function](https://msdn.microsoft.com/en-us/library/windows/desktop/hh706636.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_method_properties( + virtual void get_method_properties( _In_ DWORD dwVersion, _In_ DWORD dwFlags, _In_ HANDLE hUserImpersonationToken, @@ -726,100 +612,72 @@ namespace eap _In_ DWORD dwConnectionDataSize, _In_count_(dwUserDataSize) const BYTE *pUserData, _In_ DWORD dwUserDataSize, - _Out_ EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray, - _Out_ EAP_ERROR **ppEapError) = 0; + _Inout_ EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray) = 0; /// /// Converts XML into the configuration BLOB. The XML based credentials can come from group policy or from a system administrator. /// /// \sa [EapPeerCredentialsXml2Blob function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363603.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool credentials_xml2blob( + virtual void credentials_xml2blob( _In_ DWORD dwFlags, _In_ IXMLDOMNode *pConfigRoot, _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, _In_ DWORD dwConnectionDataSize, - _Out_ BYTE **ppCredentialsOut, - _Out_ DWORD *pdwCredentialsOutSize, - _Out_ EAP_ERROR **ppEapError) = 0; + _Inout_ BYTE **ppCredentialsOut, + _Inout_ DWORD *pdwCredentialsOutSize) = 0; /// /// Defines the implementation of an EAP method-specific function that obtains the EAP Single-Sign-On (SSO) credential input fields for an EAP method. /// /// \sa [EapPeerQueryCredentialInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363622.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool query_credential_input_fields( + virtual void query_credential_input_fields( _In_ HANDLE hUserImpersonationToken, _In_ DWORD dwFlags, _In_ DWORD dwConnectionDataSize, _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, - _Out_ EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray, - _Out_ EAP_ERROR **ppEapError) const; + _Inout_ EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray) const; /// /// Defines the implementation of an EAP method function that obtains the user BLOB data provided in an interactive Single-Sign-On (SSO) UI raised on the supplicant. /// /// \sa [EapPeerQueryUserBlobFromCredentialInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb204697.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool query_user_blob_from_credential_input_fields( + virtual void query_user_blob_from_credential_input_fields( _In_ HANDLE hUserImpersonationToken, _In_ DWORD dwFlags, _In_ DWORD dwConnectionDataSize, _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, _In_ const EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldArray, _Inout_ DWORD *pdwUsersBlobSize, - _Inout_ BYTE **ppUserBlob, - _Out_ EAP_ERROR **ppEapError) const; + _Inout_ BYTE **ppUserBlob) const; /// /// Defines the implementation of an EAP method API that provides the input fields for interactive UI components to be raised on the supplicant. /// /// \sa [EapPeerQueryInteractiveUIInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb204695.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool query_interactive_ui_input_fields( + virtual void query_interactive_ui_input_fields( _In_ DWORD dwVersion, _In_ DWORD dwFlags, _In_ DWORD dwUIContextDataSize, _In_count_(dwUIContextDataSize) const BYTE *pUIContextData, - _Out_ EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData, - _Out_ EAP_ERROR **ppEapError, - _Inout_ LPVOID *pvReserved) const; + _Inout_ EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData) const; /// /// Converts user information into a user BLOB that can be consumed by EAPHost run-time functions. /// /// \sa [EapPeerQueryUIBlobFromInteractiveUIInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb204696.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool query_ui_blob_from_interactive_ui_input_fields( + virtual void query_ui_blob_from_interactive_ui_input_fields( _In_ DWORD dwVersion, _In_ DWORD dwFlags, _In_ DWORD dwUIContextDataSize, _In_count_(dwUIContextDataSize) const BYTE *pUIContextData, _In_ const EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData, - _Out_ DWORD *pdwDataFromInteractiveUISize, - _Out_ BYTE **ppDataFromInteractiveUI, - _Out_ EAP_ERROR **ppEapError, - _Inout_ LPVOID *ppvReserved) const; + _Inout_ DWORD *pdwDataFromInteractiveUISize, + _Inout_ BYTE **ppDataFromInteractiveUI) const; /// \name Session management /// @{ @@ -829,80 +687,55 @@ namespace eap /// /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. + /// \returns Session handle /// - virtual bool begin_session( - _In_ DWORD dwFlags, - _In_ const EapAttributes *pAttributeArray, - _In_ HANDLE hTokenImpersonateUser, - _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, - _In_ DWORD dwConnectionDataSize, - _In_count_(dwUserDataSize) const BYTE *pUserData, - _In_ DWORD dwUserDataSize, - _In_ DWORD dwMaxSendPacketSize, - _Out_ EAP_SESSION_HANDLE *phSession, - _Out_ EAP_ERROR **ppEapError) = 0; + virtual EAP_SESSION_HANDLE begin_session( + _In_ DWORD dwFlags, + _In_ const EapAttributes *pAttributeArray, + _In_ HANDLE hTokenImpersonateUser, + _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, + _In_ DWORD dwConnectionDataSize, + _In_count_(dwUserDataSize) const BYTE *pUserData, + _In_ DWORD dwUserDataSize, + _In_ DWORD dwMaxSendPacketSize) = 0; /// /// Ends an EAP authentication session for the EAP method. /// /// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool end_session( - _In_ EAP_SESSION_HANDLE hSession, - _Out_ EAP_ERROR **ppEapError) = 0; + virtual void end_session(_In_ EAP_SESSION_HANDLE hSession) = 0; /// /// Processes a packet received by EAPHost from a supplicant. /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx) /// - virtual bool process_request_packet( + virtual void process_request_packet( _In_ EAP_SESSION_HANDLE hSession, _In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket, _In_ DWORD dwReceivedPacketSize, - _Out_ EapPeerMethodOutput *pEapOutput, - _Out_ EAP_ERROR **ppEapError) = 0; + _Inout_ EapPeerMethodOutput *pEapOutput) = 0; /// /// Obtains a response packet from the EAP method. /// /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_response_packet( + virtual void get_response_packet( _In_ EAP_SESSION_HANDLE hSession, _Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket, - _Inout_ DWORD *pdwSendPacketSize, - _Out_ EAP_ERROR **ppEapError) = 0; + _Inout_ DWORD *pdwSendPacketSize) = 0; /// /// Obtains the result of an authentication session from the EAP method. /// /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_result( - _In_ EAP_SESSION_HANDLE hSession, - _In_ EapPeerMethodResultReason reason, - _Out_ EapPeerMethodResult *ppResult, - _Out_ EAP_ERROR **ppEapError) = 0; + virtual void get_result( + _In_ EAP_SESSION_HANDLE hSession, + _In_ EapPeerMethodResultReason reason, + _Inout_ EapPeerMethodResult *ppResult) = 0; /// /// Obtains the user interface context from the EAP method. @@ -911,15 +744,10 @@ namespace eap /// /// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_ui_context( - _In_ EAP_SESSION_HANDLE hSession, - _Out_ BYTE **ppUIContextData, - _Out_ DWORD *pdwUIContextDataSize, - _Out_ EAP_ERROR **ppEapError) = 0; + virtual void get_ui_context( + _In_ EAP_SESSION_HANDLE hSession, + _Inout_ BYTE **ppUIContextData, + _Inout_ DWORD *pdwUIContextDataSize) = 0; /// /// Provides a user interface context to the EAP method. @@ -928,45 +756,30 @@ namespace eap /// /// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool set_ui_context( + virtual void set_ui_context( _In_ EAP_SESSION_HANDLE hSession, _In_count_(dwUIContextDataSize) const BYTE *pUIContextData, _In_ DWORD dwUIContextDataSize, - _In_ const EapPeerMethodOutput *pEapOutput, - _Out_ EAP_ERROR **ppEapError) = 0; + _In_ const EapPeerMethodOutput *pEapOutput) = 0; /// /// Obtains an array of EAP response attributes from the EAP method. /// /// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_response_attributes( - _In_ EAP_SESSION_HANDLE hSession, - _Out_ EapAttributes *pAttribs, - _Out_ EAP_ERROR **ppEapError) = 0; + virtual void get_response_attributes( + _In_ EAP_SESSION_HANDLE hSession, + _Inout_ EapAttributes *pAttribs) = 0; /// /// Provides an updated array of EAP response attributes to the EAP method. /// /// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool set_response_attributes( + virtual void set_response_attributes( _In_ EAP_SESSION_HANDLE hSession, _In_ const EapAttributes *pAttribs, - _Out_ EapPeerMethodOutput *pEapOutput, - _Out_ EAP_ERROR **ppEapError) = 0; + _Inout_ EapPeerMethodOutput *pEapOutput) = 0; /// @} }; diff --git a/lib/EAPBase/src/Config.cpp b/lib/EAPBase/src/Config.cpp index 9e4debc..1183f6a 100644 --- a/lib/EAPBase/src/Config.cpp +++ b/lib/EAPBase/src/Config.cpp @@ -64,22 +64,16 @@ eap::config& eap::config::operator=(_Inout_ config &&other) } -bool eap::config::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const +void eap::config::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const { UNREFERENCED_PARAMETER(pDoc); UNREFERENCED_PARAMETER(pConfigRoot); - UNREFERENCED_PARAMETER(ppEapError); - - return true; } -bool eap::config::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) +void eap::config::load(_In_ IXMLDOMNode *pConfigRoot) { UNREFERENCED_PARAMETER(pConfigRoot); - UNREFERENCED_PARAMETER(ppEapError); - - return true; } @@ -194,39 +188,31 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_Inout_ co } -bool eap::config_method_with_cred::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const +void eap::config_method_with_cred::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const { assert(pDoc); assert(pConfigRoot); - assert(ppEapError); const winstd::bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata"); DWORD dwResult; // winstd::com_obj pXmlElClientSideCredential; - if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, winstd::bstr(L"eap-metadata:ClientSideCredential"), winstd::bstr(L"ClientSideCredential"), bstrNamespace, &pXmlElClientSideCredential)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, winstd::bstr(L"eap-metadata:ClientSideCredential"), winstd::bstr(L"ClientSideCredential"), bstrNamespace, &pXmlElClientSideCredential)) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // / - if ((dwResult = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, winstd::bstr(L"allow-save"), bstrNamespace, m_allow_save)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, winstd::bstr(L"allow-save"), bstrNamespace, m_allow_save)) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - if (m_use_preshared && !m_preshared->save(pDoc, pXmlElClientSideCredential, ppEapError)) - return false; - - return true; + if (m_use_preshared) + m_preshared->save(pDoc, pXmlElClientSideCredential); } -bool eap::config_method_with_cred::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) +void eap::config_method_with_cred::load(_In_ IXMLDOMNode *pConfigRoot) { assert(pConfigRoot); - assert(ppEapError); m_allow_save = true; m_use_preshared = false; @@ -241,18 +227,13 @@ bool eap::config_method_with_cred::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP eapxml::get_element_value(pXmlElClientSideCredential, winstd::bstr(L"eap-metadata:allow-save"), &m_allow_save); m_module.log_config((xpath + L"/allow-save").c_str(), m_allow_save); - if (m_preshared->load(pXmlElClientSideCredential, ppEapError)) { + try { + m_preshared->load(pXmlElClientSideCredential); m_use_preshared = true; - } else { + } catch (...) { // This is not really an error - merely an indication pre-shared credentials are unavailable. - if (*ppEapError) { - m_module.free_error_memory(*ppEapError); - *ppEapError = NULL; - } } } - - return true; } @@ -377,129 +358,95 @@ eap::config* eap::config_provider::clone() const } -bool eap::config_provider::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const +void eap::config_provider::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const { - if (!config::save(pDoc, pConfigRoot, ppEapError)) - return false; + config::save(pDoc, pConfigRoot); const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata"); DWORD dwResult; HRESULT hr; // - if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"read-only"), bstrNamespace, m_read_only)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"read-only"), bstrNamespace, m_read_only)) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // if (!m_id.empty()) - if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"ID"), bstrNamespace, bstr(m_id))) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"ID"), bstrNamespace, bstr(m_id))) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // com_obj pXmlElProviderInfo; - if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ProviderInfo"), bstr(L"ProviderInfo"), bstrNamespace, &pXmlElProviderInfo)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ProviderInfo"), bstr(L"ProviderInfo"), bstrNamespace, &pXmlElProviderInfo)) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // / if (!m_name.empty()) - if ((dwResult = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"DisplayName"), bstrNamespace, bstr(m_name))) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"DisplayName"), bstrNamespace, bstr(m_name))) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // / com_obj pXmlElHelpdesk; - if ((dwResult = eapxml::create_element(pDoc, pXmlElProviderInfo, bstr(L"eap-metadata:Helpdesk"), bstr(L"Helpdesk"), bstrNamespace, &pXmlElHelpdesk)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::create_element(pDoc, pXmlElProviderInfo, bstr(L"eap-metadata:Helpdesk"), bstr(L"Helpdesk"), bstrNamespace, &pXmlElHelpdesk)) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // // if (!m_help_email.empty()) - if ((dwResult = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"EmailAddress"), bstrNamespace, bstr(m_help_email))) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"EmailAddress"), bstrNamespace, bstr(m_help_email))) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // // if (!m_help_web.empty()) - if ((dwResult = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"WebAddress"), bstrNamespace, bstr(m_help_web))) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"WebAddress"), bstrNamespace, bstr(m_help_web))) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // // if (!m_help_phone.empty()) - if ((dwResult = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"Phone"), bstrNamespace, bstr(m_help_phone))) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"Phone"), bstrNamespace, bstr(m_help_phone))) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // / if (!m_lbl_alt_credential.empty()) - if ((dwResult = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"CredentialPrompt"), bstrNamespace, bstr(m_lbl_alt_credential))) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"CredentialPrompt"), bstrNamespace, bstr(m_lbl_alt_credential))) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // / if (!m_lbl_alt_identity.empty()) - if ((dwResult = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"UserNameLabel"), bstrNamespace, bstr(m_lbl_alt_identity))) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"UserNameLabel"), bstrNamespace, bstr(m_lbl_alt_identity))) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // / if (!m_lbl_alt_password.empty()) - if ((dwResult = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"PasswordLabel"), bstrNamespace, bstr(m_lbl_alt_password))) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"PasswordLabel"), bstrNamespace, bstr(m_lbl_alt_password))) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // com_obj pXmlElAuthenticationMethods; - if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods"), bstr(L"AuthenticationMethods"), bstrNamespace, &pXmlElAuthenticationMethods)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods"), bstr(L"AuthenticationMethods"), bstrNamespace, &pXmlElAuthenticationMethods)) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); for (list >::const_iterator method = m_methods.cbegin(), method_end = m_methods.cend(); method != method_end; ++method) { // com_obj pXmlElAuthenticationMethod; - if ((dwResult = eapxml::create_element(pDoc, bstr(L"AuthenticationMethod"), bstrNamespace, &pXmlElAuthenticationMethod))) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::create_element(pDoc, bstr(L"AuthenticationMethod"), bstrNamespace, &pXmlElAuthenticationMethod))) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // /... - if (!method->get()->save(pDoc, pXmlElAuthenticationMethod, ppEapError)) - return false; + method->get()->save(pDoc, pXmlElAuthenticationMethod); - if (FAILED(hr = pXmlElAuthenticationMethods->appendChild(pXmlElAuthenticationMethod, NULL))) { - *ppEapError = m_module.make_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending element.")); - return false; - } + if (FAILED(hr = pXmlElAuthenticationMethods->appendChild(pXmlElAuthenticationMethod, NULL))) + throw win_runtime_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending element.")); } - - return true; } -bool eap::config_provider::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) +void eap::config_provider::load(_In_ IXMLDOMNode *pConfigRoot) { assert(pConfigRoot); - assert(ppEapError); DWORD dwResult; wstring xpath(eapxml::get_xpath(pConfigRoot)); - if (!config::load(pConfigRoot, ppEapError)) - return false; + config::load(pConfigRoot); // if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:read-only"), &m_read_only)) != ERROR_SUCCESS) @@ -562,10 +509,8 @@ bool eap::config_provider::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR * // Iterate authentication methods (). m_methods.clear(); com_obj pXmlListMethods; - if ((dwResult = eapxml::select_nodes(pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods/eap-metadata:AuthenticationMethod"), &pXmlListMethods)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(ERROR_NOT_FOUND, _T(__FUNCTION__) _T(" Error selecting / elements."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document.")); - return false; - } + if ((dwResult = eapxml::select_nodes(pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods/eap-metadata:AuthenticationMethod"), &pXmlListMethods)) != ERROR_SUCCESS) + throw invalid_argument(__FUNCTION__ " Error selecting / elements."); long lCount = 0; pXmlListMethods->get_length(&lCount); for (long i = 0; i < lCount; i++) { @@ -584,14 +529,11 @@ bool eap::config_provider::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR * } // Load configuration. - if (!cfg->load(pXmlElMethod, ppEapError)) - return false; + cfg->load(pXmlElMethod); // Add configuration to the list. m_methods.push_back(std::move(cfg)); } - - return true; } @@ -708,10 +650,9 @@ eap::config* eap::config_provider_list::clone() const } -bool eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const +void eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const { - if (!config::save(pDoc, pConfigRoot, ppEapError)) - return false; + config::save(pDoc, pConfigRoot); const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata"); DWORD dwResult; @@ -719,48 +660,35 @@ bool eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNod // Select node. com_obj pXmlElIdentityProviderList; - if ((dwResult = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList"), &pXmlElIdentityProviderList)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(ERROR_NOT_FOUND, _T(__FUNCTION__) _T(" Error selecting element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document.")); - return false; - } + if ((dwResult = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList"), &pXmlElIdentityProviderList)) != ERROR_SUCCESS) + throw invalid_argument(__FUNCTION__ " Error selecting element."); for (list::const_iterator provider = m_providers.cbegin(), provider_end = m_providers.cend(); provider != provider_end; ++provider) { // com_obj pXmlElIdentityProvider; - if ((dwResult = eapxml::create_element(pDoc, bstr(L"EAPIdentityProvider"), bstrNamespace, &pXmlElIdentityProvider))) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::create_element(pDoc, bstr(L"EAPIdentityProvider"), bstrNamespace, &pXmlElIdentityProvider))) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // /... - if (!provider->save(pDoc, pXmlElIdentityProvider, ppEapError)) - return false; + provider->save(pDoc, pXmlElIdentityProvider); - if (FAILED(hr = pXmlElIdentityProviderList->appendChild(pXmlElIdentityProvider, NULL))) { - *ppEapError = m_module.make_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending element.")); - return false; - } + if (FAILED(hr = pXmlElIdentityProviderList->appendChild(pXmlElIdentityProvider, NULL))) + throw win_runtime_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending element.")); } - - return true; } -bool eap::config_provider_list::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) +void eap::config_provider_list::load(_In_ IXMLDOMNode *pConfigRoot) { assert(pConfigRoot); - assert(ppEapError); DWORD dwResult; - if (!config::load(pConfigRoot, ppEapError)) - return false; + config::load(pConfigRoot); // Iterate authentication providers (). com_obj pXmlListProviders; - if ((dwResult = eapxml::select_nodes(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList/eap-metadata:EAPIdentityProvider"), &pXmlListProviders)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(ERROR_NOT_FOUND, _T(__FUNCTION__) _T(" Error selecting elements."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document.")); - return false; - } + if ((dwResult = eapxml::select_nodes(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList/eap-metadata:EAPIdentityProvider"), &pXmlListProviders)) != ERROR_SUCCESS) + throw invalid_argument(__FUNCTION__ " Error selecting elements."); long lCount = 0; pXmlListProviders->get_length(&lCount); for (long i = 0; i < lCount; i++) { @@ -770,14 +698,11 @@ bool eap::config_provider_list::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ER config_provider prov(m_module); // Load provider. - if (!prov.load(pXmlElProvider, ppEapError)) - return false; + prov.load(pXmlElProvider); // Add provider to the list. m_providers.push_back(std::move(prov)); } - - return true; } diff --git a/lib/EAPBase/src/Credentials.cpp b/lib/EAPBase/src/Credentials.cpp index a5e668f..fa91893 100644 --- a/lib/EAPBase/src/Credentials.cpp +++ b/lib/EAPBase/src/Credentials.cpp @@ -77,24 +77,6 @@ bool eap::credentials::empty() const } -bool eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const -{ - if (!config::save(pDoc, pConfigRoot, ppEapError)) - return false; - - return true; -} - - -bool eap::credentials::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) -{ - if (!config::load(pConfigRoot, ppEapError)) - return false; - - return true; -} - - tstring eap::credentials::get_name() const { return !empty() ? get_identity() : _T(""); @@ -164,60 +146,46 @@ bool eap::credentials_pass::empty() const } -bool eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const +void eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const { assert(pDoc); assert(pConfigRoot); - assert(ppEapError); - if (!credentials::save(pDoc, pConfigRoot, ppEapError)) - return false; + credentials::save(pDoc, pConfigRoot); const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata"); DWORD dwResult; // - if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // bstr pass(m_password); dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass); SecureZeroMemory((BSTR)pass, sizeof(OLECHAR)*pass.length()); - if (dwResult != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } - - return true; + if (dwResult != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); } -bool eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) +void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot) { assert(pConfigRoot); - assert(ppEapError); DWORD dwResult; - if (!credentials::load(pConfigRoot, ppEapError)) - return false; + credentials::load(pConfigRoot); std::wstring xpath(eapxml::get_xpath(pConfigRoot)); - if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document.")); - return false; - } + if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error reading element.")); m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str()); bstr pass; - if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document.")); - return false; - } + if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error reading element.")); m_password = pass; SecureZeroMemory((BSTR)pass, sizeof(OLECHAR)*pass.length()); @@ -228,8 +196,6 @@ bool eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR L"********" #endif ); - - return true; } @@ -258,10 +224,9 @@ void eap::credentials_pass::operator>>(_Inout_ cursor_in &cursor) } -bool eap::credentials_pass::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const +void eap::credentials_pass::store(_In_ LPCTSTR pszTargetName) const { assert(pszTargetName); - assert(ppEapError); // Convert password to UTF-8. sanitizing_string cred_utf8; @@ -271,10 +236,8 @@ bool eap::credentials_pass::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR ** DATA_BLOB cred_blob = { (DWORD)cred_utf8.size() , (LPBYTE)cred_utf8.data() }; DATA_BLOB entropy_blob = { sizeof(s_entropy), (LPBYTE)s_entropy }; data_blob cred_enc; - if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptProtectData failed.")); - return false; - } + if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CryptProtectData failed.")); tstring target(target_name(pszTargetName)); @@ -295,34 +258,26 @@ bool eap::credentials_pass::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR ** NULL, // TargetAlias (LPTSTR)m_identity.c_str() // UserName }; - if (!CredWrite(&cred, 0)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CredWrite failed.")); - return false; - } - - return true; + if (!CredWrite(&cred, 0)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CredWrite failed.")); } -bool eap::credentials_pass::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) +void eap::credentials_pass::retrieve(_In_ LPCTSTR pszTargetName) { assert(pszTargetName); // Read credentials. unique_ptr > cred; - if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CredRead failed.")); - return false; - } + if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CredRead failed.")); // Decrypt the password using user's key. DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob }; DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy }; data_blob cred_int; - if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptUnprotectData failed.")); - return false; - } + if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CryptUnprotectData failed.")); // Convert password from UTF-8. MultiByteToWideChar(CP_UTF8, 0, (LPCSTR)cred_int.pbData, (int)cred_int.cbData, m_password); @@ -342,8 +297,6 @@ bool eap::credentials_pass::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR L"********" #endif ); - - return true; } diff --git a/lib/EAPBase/src/EAP.cpp b/lib/EAPBase/src/EAP.cpp new file mode 100644 index 0000000..149deab --- /dev/null +++ b/lib/EAPBase/src/EAP.cpp @@ -0,0 +1,80 @@ +/* + Copyright 2015-2016 Amebis + Copyright 2016 GÉANT + + This file is part of GÉANTLink. + + GÉANTLink is free software: you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + GÉANTLink is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GÉANTLink. If not, see . +*/ + +#include "StdAfx.h" + +using namespace std; +using namespace winstd; + + +////////////////////////////////////////////////////////////////////// +// eap::win_runtime_error +////////////////////////////////////////////////////////////////////// + +eap::win_runtime_error::win_runtime_error(_In_ DWORD error, _In_ const tstring& msg) : + m_error(error), + m_msg(msg), + runtime_error("") +{ +} + + +eap::win_runtime_error::win_runtime_error(_In_ DWORD error, _In_z_ const TCHAR *msg) : + m_error(error), + m_msg(msg), + runtime_error("") +{ +} + + +eap::win_runtime_error::win_runtime_error(_In_ const tstring& msg) : + m_error(GetLastError()), + m_msg(msg), + runtime_error("") +{ +} + + +eap::win_runtime_error::win_runtime_error(_In_z_ const TCHAR *msg) : + m_error(GetLastError()), + m_msg(msg), + runtime_error("") +{ +} + + +eap::win_runtime_error::win_runtime_error(const win_runtime_error &other) : + m_error(other.m_error), + m_msg(other.m_msg), + runtime_error(other.what()) +{ +} + + +eap::win_runtime_error& eap::win_runtime_error::operator=(const win_runtime_error &other) +{ + if (this != addressof(other)) { + *(runtime_error*)this = other; + m_error = other.m_error; + m_msg = other.m_msg; + } + + return *this; +} diff --git a/lib/EAPBase/src/Method.cpp b/lib/EAPBase/src/Method.cpp index d0d7b27..96c3485 100644 --- a/lib/EAPBase/src/Method.cpp +++ b/lib/EAPBase/src/Method.cpp @@ -76,26 +76,19 @@ eap::method& eap::method::operator=(_Inout_ method &&other) } -bool eap::method::begin_session( +void eap::method::begin_session( _In_ DWORD dwFlags, _In_ const EapAttributes *pAttributeArray, _In_ HANDLE hTokenImpersonateUser, - _In_ DWORD dwMaxSendPacketSize, - _Out_ EAP_ERROR **ppEapError) + _In_ DWORD dwMaxSendPacketSize) { UNREFERENCED_PARAMETER(dwFlags); UNREFERENCED_PARAMETER(pAttributeArray); UNREFERENCED_PARAMETER(hTokenImpersonateUser); UNREFERENCED_PARAMETER(dwMaxSendPacketSize); - UNREFERENCED_PARAMETER(ppEapError); - - return true; } -bool eap::method::end_session(_Out_ EAP_ERROR **ppEapError) +void eap::method::end_session() { - UNREFERENCED_PARAMETER(ppEapError); - - return true; } diff --git a/lib/EAPBase/src/Module.cpp b/lib/EAPBase/src/Module.cpp index 852849d..669372a 100644 --- a/lib/EAPBase/src/Module.cpp +++ b/lib/EAPBase/src/Module.cpp @@ -85,6 +85,25 @@ EAP_ERROR* eap::module::make_error(_In_ DWORD dwErrorCode, _In_opt_z_ LPCWSTR ps } +EAP_ERROR* eap::module::make_error(_In_ std::exception &err) const +{ + win_runtime_error &err_rt(dynamic_cast(err)); + if (&err_rt) + return make_error(err_rt.m_error, err_rt.m_msg.c_str()); + + invalid_argument &err_ia(dynamic_cast(err)); + if (&err_ia) { + wstring str; + MultiByteToWideChar(CP_ACP, 0, err_ia.what(), -1, str); + return make_error(ERROR_INVALID_PARAMETER, str.c_str()); + } + + wstring str; + MultiByteToWideChar(CP_ACP, 0, err.what(), -1, str); + return make_error(ERROR_INVALID_DATA, str.c_str()); +} + + BYTE* eap::module::alloc_memory(_In_ size_t size) { return (BYTE*)HeapAlloc(m_heap, 0, size); @@ -134,16 +153,12 @@ eap::config_method* eap::module::make_config_method() } -bool eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash) const +std::vector eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_opt_ HCRYPTHASH hHash) const { - assert(ppEapError); - // Generate 256-bit AES session key. crypt_key key_aes; - if (!CryptGenKey(hProv, CALG_AES_256, MAKELONG(CRYPT_EXPORTABLE, 256), &key_aes)) { - *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptGenKey failed.")); - return false; - } + if (!CryptGenKey(hProv, CALG_AES_256, MAKELONG(CRYPT_EXPORTABLE, 256), &key_aes)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CryptGenKey failed.")); // Import the public RSA key. HRSRC res = FindResource(m_instance, MAKEINTRESOURCE(IDR_EAP_KEY_PUBLIC), RT_RCDATA); @@ -153,22 +168,16 @@ bool eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void crypt_key key_rsa; unique_ptr > keyinfo_data; DWORD keyinfo_size = 0; - if (!CryptDecodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, (const BYTE*)::LockResource(res_handle), ::SizeofResource(m_instance, res), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size)) { - *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptDecodeObjectEx failed.")); - return false; - } - if (!key_rsa.import_public(hProv, X509_ASN_ENCODING, keyinfo_data.get())) { - *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Public key import failed.")); - return false; - } + if (!CryptDecodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, (const BYTE*)::LockResource(res_handle), ::SizeofResource(m_instance, res), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CryptDecodeObjectEx failed.")); + if (!key_rsa.import_public(hProv, X509_ASN_ENCODING, keyinfo_data.get())) + throw win_runtime_error(_T(__FUNCTION__) _T(" Public key import failed.")); // Export AES session key encrypted with public RSA key. vector > buf; - if (!CryptExportKey(key_aes, key_rsa, SIMPLEBLOB, 0, buf)) { - *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptExportKey failed.")); - return false; - } - enc.assign(buf.begin(), buf.end()); + if (!CryptExportKey(key_aes, key_rsa, SIMPLEBLOB, 0, buf)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CryptExportKey failed.")); + std::vector enc(buf.begin(), buf.end()); // Pre-allocate memory to allow space, as encryption will grow the data. buf.assign((const unsigned char*)data, (const unsigned char*)data + size); @@ -177,40 +186,33 @@ bool eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void buf.reserve((size + dwBlockLen) / dwBlockLen * dwBlockLen); // Encrypt the data using AES key. - if (!CryptEncrypt(key_aes, hHash, TRUE, 0, buf)) { - *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptEncrypt failed.")); - return false; - } + if (!CryptEncrypt(key_aes, hHash, TRUE, 0, buf)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CryptEncrypt failed.")); // Append encrypted data. enc.insert(enc.cend(), buf.begin(), buf.end()); - return true; + return enc; } -bool eap::module::encrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector &enc, _Out_ EAP_ERROR **ppEapError) const +std::vector eap::module::encrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size) const { // Create hash. crypt_hash hash; - if (!hash.create(hProv, CALG_MD5)) { - *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Creating MD5 hash failed.")); - return false; - } + if (!hash.create(hProv, CALG_MD5)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Creating MD5 hash failed.")); // Encrypt data. - if (!encrypt(hProv, data, size, enc, ppEapError, hash)) - return false; + std::vector enc(std::move(encrypt(hProv, data, size, hash))); // Calculate MD5 hash. vector hash_bin; - if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0)) { - *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Calculating MD5 hash failed.")); - return false; - } + if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0)) + throw invalid_argument(__FUNCTION__ " Calculating MD5 hash failed."); // Append hash. enc.insert(enc.end(), hash_bin.begin(), hash_bin.end()); - return true; + return enc; } @@ -223,35 +225,31 @@ eap::peer::peer(_In_ eap_type_t eap_method) : module(eap_method) } -bool eap::peer::query_credential_input_fields( +void eap::peer::query_credential_input_fields( _In_ HANDLE hUserImpersonationToken, _In_ DWORD dwFlags, _In_ DWORD dwConnectionDataSize, _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, - _Out_ EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray, - _Out_ EAP_ERROR **ppEapError) const + _Inout_ EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray) const { UNREFERENCED_PARAMETER(hUserImpersonationToken); UNREFERENCED_PARAMETER(dwFlags); UNREFERENCED_PARAMETER(dwConnectionDataSize); UNREFERENCED_PARAMETER(pConnectionData); UNREFERENCED_PARAMETER(pEapConfigInputFieldsArray); - UNREFERENCED_PARAMETER(ppEapError); - *ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); - return false; + throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); } -bool eap::peer::query_user_blob_from_credential_input_fields( +void eap::peer::query_user_blob_from_credential_input_fields( _In_ HANDLE hUserImpersonationToken, _In_ DWORD dwFlags, _In_ DWORD dwConnectionDataSize, _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, _In_ const EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldArray, _Inout_ DWORD *pdwUsersBlobSize, - _Inout_ BYTE **ppUserBlob, - _Out_ EAP_ERROR **ppEapError) const + _Inout_ BYTE **ppUserBlob) const { UNREFERENCED_PARAMETER(hUserImpersonationToken); UNREFERENCED_PARAMETER(dwFlags); @@ -260,45 +258,36 @@ bool eap::peer::query_user_blob_from_credential_input_fields( UNREFERENCED_PARAMETER(pEapConfigInputFieldArray); UNREFERENCED_PARAMETER(pdwUsersBlobSize); UNREFERENCED_PARAMETER(ppUserBlob); - UNREFERENCED_PARAMETER(ppEapError); - *ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); - return false; + throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); } -bool eap::peer::query_interactive_ui_input_fields( +void eap::peer::query_interactive_ui_input_fields( _In_ DWORD dwVersion, _In_ DWORD dwFlags, _In_ DWORD dwUIContextDataSize, _In_count_(dwUIContextDataSize) const BYTE *pUIContextData, - _Out_ EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData, - _Out_ EAP_ERROR **ppEapError, - _Inout_ LPVOID *pvReserved) const + _Inout_ EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData) const { UNREFERENCED_PARAMETER(dwVersion); UNREFERENCED_PARAMETER(dwFlags); UNREFERENCED_PARAMETER(dwUIContextDataSize); UNREFERENCED_PARAMETER(pUIContextData); UNREFERENCED_PARAMETER(pEapInteractiveUIData); - UNREFERENCED_PARAMETER(ppEapError); - UNREFERENCED_PARAMETER(pvReserved); - *ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); - return false; + throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); } -bool eap::peer::query_ui_blob_from_interactive_ui_input_fields( +void eap::peer::query_ui_blob_from_interactive_ui_input_fields( _In_ DWORD dwVersion, _In_ DWORD dwFlags, _In_ DWORD dwUIContextDataSize, _In_count_(dwUIContextDataSize) const BYTE *pUIContextData, _In_ const EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData, - _Out_ DWORD *pdwDataFromInteractiveUISize, - _Out_ BYTE **ppDataFromInteractiveUI, - _Out_ EAP_ERROR **ppEapError, - _Inout_ LPVOID *ppvReserved) const + _Inout_ DWORD *pdwDataFromInteractiveUISize, + _Inout_ BYTE **ppDataFromInteractiveUI) const { UNREFERENCED_PARAMETER(dwVersion); UNREFERENCED_PARAMETER(dwFlags); @@ -307,9 +296,6 @@ bool eap::peer::query_ui_blob_from_interactive_ui_input_fields( UNREFERENCED_PARAMETER(pEapInteractiveUIData); UNREFERENCED_PARAMETER(pdwDataFromInteractiveUISize); UNREFERENCED_PARAMETER(ppDataFromInteractiveUI); - UNREFERENCED_PARAMETER(ppEapError); - UNREFERENCED_PARAMETER(ppvReserved); - *ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); - return false; + throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); } diff --git a/lib/EAPBase_UI/include/EAP_UI.h b/lib/EAPBase_UI/include/EAP_UI.h index d79ed15..9d011e1 100644 --- a/lib/EAPBase_UI/include/EAP_UI.h +++ b/lib/EAPBase_UI/include/EAP_UI.h @@ -429,14 +429,12 @@ protected: { if (!m_target.empty() && m_is_config) { // Read credentials from Credential Manager - EAP_ERROR *pEapError; - if (!m_cred.retrieve(m_target.c_str(), &pEapError)) { - if (pEapError) { - if (pEapError->dwWinError != ERROR_NOT_FOUND) - wxLogError(winstd::tstring_printf(_("Error reading credentials from Credential Manager: %ls (error %u)"), pEapError->pRootCauseString, pEapError->dwWinError).c_str()); - m_cred.m_module.free_error_memory(pEapError); - } else - wxLogError(_("Reading credentials failed.")); + try { + m_cred.retrieve(m_target.c_str()); + } catch (eap::win_runtime_error &err) { + wxLogError(winstd::tstring_printf(_("Error reading credentials from Credential Manager: %ls (error %u)"), err.m_msg.c_str(), err.m_error).c_str()); + } catch (...) { + wxLogError(_("Reading credentials failed.")); } } @@ -451,13 +449,12 @@ protected: if (!m_target.empty()) { if (m_remember->GetValue()) { // Write credentials to credential manager. - EAP_ERROR *pEapError; - if (!m_cred.store(m_target.c_str(), &pEapError)) { - if (pEapError) { - wxLogError(winstd::tstring_printf(_("Error writing credentials to Credential Manager: %ls (error %u)"), pEapError->pRootCauseString, pEapError->dwWinError).c_str()); - m_cred.m_module.free_error_memory(pEapError); - } else - wxLogError(_("Writing credentials failed.")); + try { + m_cred.store(m_target.c_str()); + } catch (eap::win_runtime_error &err) { + wxLogError(winstd::tstring_printf(_("Error writing credentials to Credential Manager: %ls (error %u)"), err.m_msg.c_str(), err.m_error).c_str()); + } catch (...) { + wxLogError(_("Writing credentials failed.")); } } } diff --git a/lib/EAPBase_UI/include/Module.h b/lib/EAPBase_UI/include/Module.h index d6c05a2..2dacbfb 100644 --- a/lib/EAPBase_UI/include/Module.h +++ b/lib/EAPBase_UI/include/Module.h @@ -50,16 +50,11 @@ namespace eap /// /// \sa [EapPeerConfigXml2Blob function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363602.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool config_xml2blob( - _In_ DWORD dwFlags, - _In_ IXMLDOMNode *pConfigRoot, - _Out_ BYTE **pConnectionDataOut, - _Out_ DWORD *pdwConnectionDataOutSize, - _Out_ EAP_ERROR **ppEapError) = 0; + virtual void config_xml2blob( + _In_ DWORD dwFlags, + _In_ IXMLDOMNode *pConfigRoot, + _Inout_ BYTE **pConnectionDataOut, + _Inout_ DWORD *pdwConnectionDataOutSize) = 0; /// /// Converts the configuration BLOB to XML. @@ -68,71 +63,51 @@ namespace eap /// /// \sa [EapPeerConfigBlob2Xml function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363601.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool config_blob2xml( + virtual void config_blob2xml( _In_ DWORD dwFlags, _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, _In_ DWORD dwConnectionDataSize, _In_ IXMLDOMDocument *pDoc, - _In_ IXMLDOMNode *pConfigRoot, - _Out_ EAP_ERROR **ppEapError) = 0; + _In_ IXMLDOMNode *pConfigRoot) = 0; /// /// Raises the EAP method's specific connection configuration user interface dialog on the client. /// /// \sa [EapPeerInvokeConfigUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363614.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool invoke_config_ui( - _In_ HWND hwndParent, - _In_count_(dwConnectionDataInSize) const BYTE *pConnectionDataIn, - _In_ DWORD dwConnectionDataInSize, - _Out_ BYTE **ppConnectionDataOut, - _Out_ DWORD *pdwConnectionDataOutSize, - _Out_ EAP_ERROR **ppEapError) = 0; + virtual void invoke_config_ui( + _In_ HWND hwndParent, + _In_count_(dwConnectionDataInSize) const BYTE *pConnectionDataIn, + _In_ DWORD dwConnectionDataInSize, + _Inout_ BYTE **ppConnectionDataOut, + _Inout_ DWORD *pdwConnectionDataOutSize) = 0; /// /// Raises a custom interactive user interface dialog to obtain user identity information for the EAP method on the client. /// /// \sa [EapPeerInvokeIdentityUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363615.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool invoke_identity_ui( - _In_ HWND hwndParent, - _In_ DWORD dwFlags, - _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, - _In_ DWORD dwConnectionDataSize, - _In_count_(dwUserDataSize) const BYTE *pUserData, - _In_ DWORD dwUserDataSize, - _Out_ BYTE **ppUserDataOut, - _Out_ DWORD *pdwUserDataOutSize, - _Out_ LPWSTR *ppwszIdentity, - _Out_ EAP_ERROR **ppEapError) = 0; + virtual void invoke_identity_ui( + _In_ HWND hwndParent, + _In_ DWORD dwFlags, + _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, + _In_ DWORD dwConnectionDataSize, + _In_count_(dwUserDataSize) const BYTE *pUserData, + _In_ DWORD dwUserDataSize, + _Inout_ BYTE **ppUserDataOut, + _Inout_ DWORD *pdwUserDataOutSize, + _Inout_ LPWSTR *ppwszIdentity) = 0; /// /// Raises a custom interactive user interface dialog for the EAP method on the client. /// /// \sa [EapPeerInvokeInteractiveUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363616.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool invoke_interactive_ui( - _In_ HWND hwndParent, - _In_count_(dwUIContextDataSize) const BYTE *pUIContextData, - _In_ DWORD dwUIContextDataSize, - _Out_ BYTE **ppDataFromInteractiveUI, - _Out_ DWORD *pdwDataFromInteractiveUISize, - _Out_ EAP_ERROR **ppEapError) = 0; + virtual void invoke_interactive_ui( + _In_ HWND hwndParent, + _In_count_(dwUIContextDataSize) const BYTE *pUIContextData, + _In_ DWORD dwUIContextDataSize, + _Inout_ BYTE **ppDataFromInteractiveUI, + _Inout_ DWORD *pdwDataFromInteractiveUISize) = 0; }; } diff --git a/lib/TLS/include/Config.h b/lib/TLS/include/Config.h index efe9664..27a0359 100644 --- a/lib/TLS/include/Config.h +++ b/lib/TLS/include/Config.h @@ -107,29 +107,19 @@ namespace eap /// @{ /// - /// Save configuration to XML document + /// Save to XML document /// /// \param[in] pDoc XML document - /// \param[in] pConfigRoot Suggested root element for saving configuration - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Suggested root element for saving /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const; + virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const; /// - /// Load configuration from XML document + /// Load from XML document /// - /// \param[in] pConfigRoot Root element for loading configuration - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Root element for loading /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError); + virtual void load(_In_ IXMLDOMNode *pConfigRoot); /// @} diff --git a/lib/TLS/include/Credentials.h b/lib/TLS/include/Credentials.h index 3b2b636..770d92c 100644 --- a/lib/TLS/include/Credentials.h +++ b/lib/TLS/include/Credentials.h @@ -107,29 +107,19 @@ namespace eap /// @{ /// - /// Save credentials to XML document + /// Save to XML document /// /// \param[in] pDoc XML document - /// \param[in] pConfigRoot Suggested root element for saving credentials - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Suggested root element for saving /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const; + virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const; /// - /// Load credentials from XML document + /// Load from XML document /// - /// \param[in] pConfigRoot Root element for loading credentials - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Root element for loading /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError); + virtual void load(_In_ IXMLDOMNode *pConfigRoot); /// @} @@ -166,25 +156,15 @@ namespace eap /// Save credentials to Windows Credential Manager /// /// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const; + virtual void store(_In_ LPCTSTR pszTargetName) const; /// /// Retrieve credentials from Windows Credential Manager /// /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError); + virtual void retrieve(_In_ LPCTSTR pszTargetName); /// /// Return target suffix for Windows Credential Manager credential name diff --git a/lib/TLS/include/Method.h b/lib/TLS/include/Method.h index a4e364f..2de99e1 100644 --- a/lib/TLS/include/Method.h +++ b/lib/TLS/include/Method.h @@ -259,59 +259,39 @@ namespace eap /// /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool begin_session( + virtual void begin_session( _In_ DWORD dwFlags, _In_ const EapAttributes *pAttributeArray, _In_ HANDLE hTokenImpersonateUser, - _In_ DWORD dwMaxSendPacketSize, - _Out_ EAP_ERROR **ppEapError); + _In_ DWORD dwMaxSendPacketSize); /// /// Processes a packet received by EAPHost from a supplicant. /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx) /// - virtual bool process_request_packet( + virtual void process_request_packet( _In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket, _In_ DWORD dwReceivedPacketSize, - _Out_ EapPeerMethodOutput *pEapOutput, - _Out_ EAP_ERROR **ppEapError); + _Inout_ EapPeerMethodOutput *pEapOutput); /// /// Obtains a response packet from the EAP method. /// /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_response_packet( + virtual void get_response_packet( _Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket, - _Inout_ DWORD *pdwSendPacketSize, - _Out_ EAP_ERROR **ppEapError); + _Inout_ DWORD *pdwSendPacketSize); /// /// Obtains the result of an authentication session from the EAP method. /// /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_result( - _In_ EapPeerMethodResultReason reason, - _Out_ EapPeerMethodResult *ppResult, - _Out_ EAP_ERROR **ppEapError); + virtual void get_result( + _In_ EapPeerMethodResultReason reason, + _Inout_ EapPeerMethodResult *ppResult); /// @} @@ -334,46 +314,31 @@ namespace eap /// /// \returns TLS handshake message /// - eap::sanitizing_blob make_handshake(_In_ const sanitizing_blob &msg); + static eap::sanitizing_blob make_handshake(_In_ const sanitizing_blob &msg); /// /// Processes a TLS handshake /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1) /// - /// \param[in] msg TLS handshake message data - /// \param[in] msg_size TLS handshake message data size - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] msg TLS handshake message data + /// \param[in] msg_size TLS handshake message data size /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - bool process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size, _Out_ EAP_ERROR **ppEapError); + void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); /// /// Encrypt TLS message /// /// \param[inout] msg TLS message to encrypt - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - bool encrypt_message(_Inout_ sanitizing_blob &msg, _Out_ EAP_ERROR **ppEapError); + void encrypt_message(_Inout_ sanitizing_blob &msg); /// /// Decrypt TLS message /// - /// \param[inout] msg TLS message to decrypt - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[inout] msg TLS message to decrypt /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - bool decrypt_message(_Inout_ sanitizing_blob &msg, _Out_ EAP_ERROR **ppEapError); + void decrypt_message(_Inout_ sanitizing_blob &msg); /// /// Calculates pseudo-random P_hash data defined in RFC 5246 @@ -386,22 +351,16 @@ namespace eap /// \param[in] seed Hashing seed /// \param[in] size_seed \p seed size /// \param[in] size Minimum number of bytes of pseudo-random data required - /// \param[out] data Generated pseudo-random data (\p size or longer) - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. + /// \returns Generated pseudo-random data (\p size or longer) /// - bool p_hash( + std::vector p_hash( _In_ ALG_ID alg, _In_bytecount_(size_secret) const void *secret, _In_ size_t size_secret, _In_bytecount_(size_seed) const void *seed, _In_ size_t size_seed, - _In_ size_t size, - _Out_ std::vector data, - _Out_ EAP_ERROR **ppEapError); + _In_ size_t size); public: enum phase_t { diff --git a/lib/TLS/src/Config.cpp b/lib/TLS/src/Config.cpp index 98acb06..c09563c 100644 --- a/lib/TLS/src/Config.cpp +++ b/lib/TLS/src/Config.cpp @@ -118,14 +118,12 @@ eap::config* eap::config_method_tls::clone() const } -bool eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const +void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const { assert(pDoc); assert(pConfigRoot); - assert(ppEapError); - if (!config_method_with_cred::save(pDoc, pConfigRoot, ppEapError)) - return false; + config_method_with_cred::save(pDoc, pConfigRoot); const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata"); DWORD dwResult; @@ -133,58 +131,43 @@ bool eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode * // com_obj pXmlElServerSideCredential; - if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential)) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); for (list::const_iterator i = m_trusted_root_ca.begin(), i_end = m_trusted_root_ca.end(); i != i_end; ++i) { // com_obj pXmlElCA; - if ((dwResult = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA))) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA))) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // / - if ((dwResult = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM"))) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM"))) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // / const cert_context &cc = *i; - if ((dwResult = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded)) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL))) { - *ppEapError = m_module.make_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending element.")); - return false; - } + if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL))) + throw win_runtime_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending element.")); } // for (list::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) { wstring str; MultiByteToWideChar(CP_UTF8, 0, i->c_str(), (int)i->length(), str); - if ((dwResult = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(str))) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(str))) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); } - - return true; } -bool eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) +void eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot) { assert(pConfigRoot); - if (!config_method_with_cred::load(pConfigRoot, ppEapError)) - return false; + config_method_with_cred::load(pConfigRoot); std::wstring xpath(eapxml::get_xpath(pConfigRoot)); @@ -252,8 +235,6 @@ bool eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names); } } - - return true; } diff --git a/lib/TLS/src/Credentials.cpp b/lib/TLS/src/Credentials.cpp index 9a2c7b8..8b0bfda 100644 --- a/lib/TLS/src/Credentials.cpp +++ b/lib/TLS/src/Credentials.cpp @@ -88,14 +88,12 @@ bool eap::credentials_tls::empty() const } -bool eap::credentials_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const +void eap::credentials_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const { assert(pDoc); assert(pConfigRoot); - assert(ppEapError); - if (!credentials::save(pDoc, pConfigRoot, ppEapError)) - return false; + credentials::save(pDoc, pConfigRoot); const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata"); DWORD dwResult; @@ -103,42 +101,30 @@ bool eap::credentials_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pC // com_obj pXmlElClientCertificate; - if ((dwResult = eapxml::create_element(pDoc, bstr(L"ClientCertificate"), bstrNamespace, &pXmlElClientCertificate))) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::create_element(pDoc, bstr(L"ClientCertificate"), bstrNamespace, &pXmlElClientCertificate))) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); if (m_cert) { // / - if ((dwResult = eapxml::put_element_value(pDoc, pXmlElClientCertificate, bstr(L"format"), bstrNamespace, bstr(L"PEM"))) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_value(pDoc, pXmlElClientCertificate, bstr(L"format"), bstrNamespace, bstr(L"PEM"))) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // / - if ((dwResult = eapxml::put_element_base64(pDoc, pXmlElClientCertificate, bstr(L"cert-data"), bstrNamespace, m_cert->pbCertEncoded, m_cert->cbCertEncoded)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_base64(pDoc, pXmlElClientCertificate, bstr(L"cert-data"), bstrNamespace, m_cert->pbCertEncoded, m_cert->cbCertEncoded)) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); } - if (FAILED(hr = pConfigRoot->appendChild(pXmlElClientCertificate, NULL))) { - *ppEapError = m_module.make_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending element.")); - return false; - } - - return true; + if (FAILED(hr = pConfigRoot->appendChild(pXmlElClientCertificate, NULL))) + throw win_runtime_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending element.")); } -bool eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) +void eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot) { assert(pConfigRoot); - assert(ppEapError); DWORD dwResult; - if (!credentials::load(pConfigRoot, ppEapError)) - return false; + credentials::load(pConfigRoot); std::wstring xpath(eapxml::get_xpath(pConfigRoot)); @@ -146,10 +132,8 @@ bool eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR * // com_obj pXmlElClientCertificate; - if ((dwResult = eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ClientCertificate"), &pXmlElClientCertificate)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document.")); - return false; - } + if ((dwResult = eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ClientCertificate"), &pXmlElClientCertificate)) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error reading element.")); // / bstr bstrFormat; @@ -162,8 +146,6 @@ bool eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR * } } m_module.log_config((xpath + L"/ClientCertificate").c_str(), get_name().c_str()); - - return true; } @@ -189,19 +171,16 @@ void eap::credentials_tls::operator>>(_Inout_ cursor_in &cursor) } -bool eap::credentials_tls::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const +void eap::credentials_tls::store(_In_ LPCTSTR pszTargetName) const { assert(pszTargetName); - assert(ppEapError); // Encrypt the certificate using user's key. DATA_BLOB cred_blob = { m_cert->cbCertEncoded, m_cert->pbCertEncoded }; DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy }; data_blob cred_enc; - if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptProtectData failed.")); - return false; - } + if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CryptProtectData failed.")); tstring target(target_name(pszTargetName)); wstring name(std::move(get_name())); @@ -223,45 +202,33 @@ bool eap::credentials_tls::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **p NULL, // TargetAlias (LPTSTR)name.c_str() // UserName }; - if (!CredWrite(&cred, 0)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CredWrite failed.")); - return false; - } - - return true; + if (!CredWrite(&cred, 0)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CredWrite failed.")); } -bool eap::credentials_tls::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) +void eap::credentials_tls::retrieve(_In_ LPCTSTR pszTargetName) { assert(pszTargetName); // Read credentials. unique_ptr > cred; - if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CredRead failed.")); - return false; - } + if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CredRead failed.")); // Decrypt the certificate using user's key. DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob }; DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy }; data_blob cred_int; - if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptUnprotectData failed.")); - return false; - } + if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int)) + throw win_runtime_error(_T(__FUNCTION__) _T(" CryptUnprotectData failed.")); bool bResult = m_cert.create(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cred_int.pbData, cred_int.cbData); SecureZeroMemory(cred_int.pbData, cred_int.cbData); - if (!bResult) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error loading certificate.")); - return false; - } + if (!bResult) + throw win_runtime_error(_T(__FUNCTION__) _T(" Error loading certificate.")); m_module.log_config((wstring(pszTargetName) + L"/Certificate").c_str(), get_name().c_str()); - - return true; } diff --git a/lib/TLS/src/Method.cpp b/lib/TLS/src/Method.cpp index b3cb99f..3a1d797 100644 --- a/lib/TLS/src/Method.cpp +++ b/lib/TLS/src/Method.cpp @@ -220,50 +220,39 @@ eap::method_tls& eap::method_tls::operator=(_Inout_ method_tls &&other) } -bool eap::method_tls::begin_session( +void eap::method_tls::begin_session( _In_ DWORD dwFlags, _In_ const EapAttributes *pAttributeArray, _In_ HANDLE hTokenImpersonateUser, - _In_ DWORD dwMaxSendPacketSize, - _Out_ EAP_ERROR **ppEapError) + _In_ DWORD dwMaxSendPacketSize) { - if (!eap::method::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize, ppEapError)) - return false; + eap::method::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize); // Create cryptographics provider. - if (!m_cp.create(NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, 0)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error creating cryptographics provider.")); - return false; - } + if (!m_cp.create(NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, 0)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Error creating cryptographics provider.")); // HMAC symmetric key generation sample. To be used later... //crypt_hash hash_key; //hash_key.create(m_cp, CALG_SHA1, 0, 0); //CryptHashData(hash_key, Data1, sizeof(Data1), 0); //m_key_hmac.derive(m_cp, CALG_RC4, hash_key, 0); - - return true; } -bool eap::method_tls::process_request_packet( +void eap::method_tls::process_request_packet( _In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket, _In_ DWORD dwReceivedPacketSize, - _Out_ EapPeerMethodOutput *pEapOutput, - _Out_ EAP_ERROR **ppEapError) + _Inout_ EapPeerMethodOutput *pEapOutput) { assert(pReceivedPacket && dwReceivedPacketSize >= 4); assert(pEapOutput); - assert(ppEapError); // Is this a valid EAP-TLS packet? - if (dwReceivedPacketSize < 6) { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Packet is too small. EAP-%s packets should be at least 6B.")); - return false; - }/* else if (pReceivedPacket->Data[0] != eap_type_tls) { // Skip method check, to allow TTLS extension. - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Packet is not EAP-TLS (expected: %u, received: %u)."), eap_type_tls, pReceivedPacket->Data[0]).c_str()); - return false; - }*/ + if (dwReceivedPacketSize < 6) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Packet is too small. EAP-%s packets should be at least 6B.")); + //else if (pReceivedPacket->Data[0] != eap_type_tls) // Skip method check, to allow TTLS extension. + // throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Packet is not EAP-TLS (expected: %u, received: %u)."), eap_type_tls, pReceivedPacket->Data[0]).c_str()); // Get packet data pointer and size for more readable code later on. const unsigned char *packet_data_ptr; @@ -304,7 +293,7 @@ bool eap::method_tls::process_request_packet( m_packet_res.m_data.clear(); pEapOutput->fAllowNotifications = FALSE; pEapOutput->action = EapPeerMethodResponseActionSend; - return true; + return; } else if (!m_packet_req.m_data.empty()) { // Last fragment received. Append data. m_packet_req.m_data.insert(m_packet_req.m_data.end(), packet_data_ptr, packet_data_ptr + packet_data_size); @@ -325,26 +314,20 @@ bool eap::method_tls::process_request_packet( // Generate client randomness. _time32(&m_random_client.time); - if (!CryptGenRandom(m_cp, sizeof(m_random_client.data), m_random_client.data)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error creating client randomness.")); - return false; - } + if (!CryptGenRandom(m_cp, sizeof(m_random_client.data), m_random_client.data)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Error creating client randomness.")); m_random_server.clear(); m_server_cert_chain.clear(); m_send_client_cert = false; m_session_id.clear(); // Create MD5 hash object. - if (!m_hash_handshake_msgs_md5.create(m_cp, CALG_MD5, NULL, 0)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error creating MD5 hashing object.")); - return false; - } + if (!m_hash_handshake_msgs_md5.create(m_cp, CALG_MD5, NULL, 0)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Error creating MD5 hashing object.")); // Create SHA-1 hash object. - if (!m_hash_handshake_msgs_sha1.create(m_cp, CALG_SHA1, NULL, 0)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error creating SHA-1 hashing object.")); - return false; - } + if (!m_hash_handshake_msgs_sha1.create(m_cp, CALG_SHA1, NULL, 0)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Error creating SHA-1 hashing object.")); m_seq_num = 0; } @@ -364,11 +347,9 @@ bool eap::method_tls::process_request_packet( m_packet_res.m_id++; pEapOutput->fAllowNotifications = FALSE; pEapOutput->action = EapPeerMethodResponseActionSend; - return true; - } else { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" ACK expected, received %u-%u-%x."), m_packet_req.m_code, m_packet_req.m_id, m_packet_req.m_flags).c_str()); - return false; - } + return; + } else + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" ACK expected, received %u-%u-%x."), m_packet_req.m_code, m_packet_req.m_id, m_packet_req.m_flags).c_str()); } switch (m_phase) { @@ -394,40 +375,32 @@ bool eap::method_tls::process_request_packet( } case phase_server_hello: { - if (m_packet_req.m_data.size() < 5) { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" TLS message too small (expected >=5, received %uB)."), m_packet_req.m_data.size()).c_str()); - return false; - }; + if (m_packet_req.m_data.size() < 5) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" TLS message too small (expected >=5, received %uB)."), m_packet_req.m_data.size()).c_str()); const message *msg = (const message*)m_packet_req.m_data.data(); - if (msg->type != message_type_handshake) { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Wrong TLS message (expected %u, received %uB)."), message_type_handshake, msg->type).c_str()); - return false; - } else if (!process_handshake(msg->data, std::min(ntohs(*(unsigned short*)msg->length), m_packet_req.m_data.size() - 5), ppEapError)) - return false; + if (msg->type != message_type_handshake) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Wrong TLS message (expected %u, received %uB)."), message_type_handshake, msg->type).c_str()); + + process_handshake(msg->data, std::min(ntohs(*(unsigned short*)msg->length), m_packet_req.m_data.size() - 5)); //break; } default: - *ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); - return false; + throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); } // Request packet was processed. Clear its data since we use the absence of data to detect first of fragmented message packages. m_packet_req.m_data.clear(); - - return true; } -bool eap::method_tls::get_response_packet( +void eap::method_tls::get_response_packet( _Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket, - _Inout_ DWORD *pdwSendPacketSize, - _Out_ EAP_ERROR **ppEapError) + _Inout_ DWORD *pdwSendPacketSize) { assert(pdwSendPacketSize); assert(pSendPacket); - UNREFERENCED_PARAMETER(ppEapError); unsigned int size_data = (unsigned int)m_packet_res.m_data.size(), @@ -475,21 +448,17 @@ bool eap::method_tls::get_response_packet( memcpy(data_dst, m_packet_res.m_data.data(), size_data); m_packet_res.m_data.erase(m_packet_res.m_data.begin(), m_packet_res.m_data.begin() + size_data); *pdwSendPacketSize = size_packet; - return true; } -bool eap::method_tls::get_result( - _In_ EapPeerMethodResultReason reason, - _Out_ EapPeerMethodResult *ppResult, - _Out_ EAP_ERROR **ppEapError) +void eap::method_tls::get_result( + _In_ EapPeerMethodResultReason reason, + _Inout_ EapPeerMethodResult *ppResult) { UNREFERENCED_PARAMETER(reason); UNREFERENCED_PARAMETER(ppResult); - assert(ppEapError); - *ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); - return false; + throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); } @@ -568,100 +537,75 @@ eap::sanitizing_blob eap::method_tls::make_handshake(_In_ const sanitizing_blob } -bool eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_msg, _In_ size_t msg_size, _Out_ EAP_ERROR **ppEapError) +void eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_msg, _In_ size_t msg_size) { for (const unsigned char *msg = (const unsigned char*)_msg, *msg_end = msg + msg_size; msg < msg_end; ) { // Parse record header. - if (msg + sizeof(unsigned int) > msg_end) { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Incomplete record header.")); - return false; - } + if (msg + sizeof(unsigned int) > msg_end) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Incomplete record header.")); unsigned int hdr = ntohl(*(unsigned int*)msg); const unsigned char *rec = msg + sizeof(unsigned int), *rec_end = rec + (hdr & 0xffffff); - if (rec_end > msg_end) { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Incomplete record rec.")); - return false; - } + if (rec_end > msg_end) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Incomplete record rec.")); // Process record. switch (hdr >> 24) { case server_hello: // TLS version - if (rec + 2 > rec_end) { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Server SSL/TLS version missing or incomplete.")); - return false; - } else if (rec[0] != 3 || rec[1] != 1) { - *ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Unsupported SSL/TLS version.")); - return false; - } + if (rec + 2 > rec_end) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Server SSL/TLS version missing or incomplete.")); + else if (rec[0] != 3 || rec[1] != 1) + throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Unsupported SSL/TLS version.")); rec += 2; // Server random - if (rec + sizeof(m_random_server) > rec_end) { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Server random missing or incomplete.")); - return false; - } + if (rec + sizeof(m_random_server) > rec_end) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Server random missing or incomplete.")); memcpy(&m_random_server, rec, sizeof(m_random_server)); rec += sizeof(m_random_server); // Session ID - if (rec + 1 > rec_end || rec + 1 + rec[0] > rec_end) { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Session ID missing or incomplete.")); - return false; - } + if (rec + 1 > rec_end || rec + 1 + rec[0] > rec_end) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Session ID missing or incomplete.")); assert(rec[0] <= 32); // According to RFC 5246 session IDs should not be longer than 32B. m_session_id.assign(rec + 1, rec + 1 + rec[0]); rec += rec[0] + 1; // Cipher - if (rec + 2 > rec_end) { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Cipher or incomplete.")); - return false; - } - if (rec[0] != 0x00 || rec[1] != 0x0a) { - *ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, wstring_printf(_T(__FUNCTION__) _T(" Other than requested cipher selected (expected 0x000a, received 0x%02x%02x)."), rec[0], rec[1]).c_str()); - return false; - } + if (rec + 2 > rec_end) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Cipher or incomplete.")); + if (rec[0] != 0x00 || rec[1] != 0x0a) + throw win_runtime_error(ERROR_NOT_SUPPORTED, wstring_printf(_T(__FUNCTION__) _T(" Other than requested cipher selected (expected 0x000a, received 0x%02x%02x)."), rec[0], rec[1]).c_str()); break; case certificate: { // Certificate list size - if (rec + 3 > rec_end) { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Certificate list size missing or incomplete.")); - return false; - } + if (rec + 3 > rec_end) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Certificate list size missing or incomplete.")); const unsigned char *list = rec + 3, *list_end = list + ((rec[0] << 16) | (rec[1] << 8) | rec[2]); - if (list_end > rec_end) { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Certificate list missing or incomplete.")); - return false; - } + if (list_end > rec_end) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Certificate list missing or incomplete.")); m_server_cert_chain.clear(); while (list < list_end) { // Certificate size - if (list + 3 > list_end) { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Certificate size missing or incomplete.")); - return false; - } + if (list + 3 > list_end) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Certificate size missing or incomplete.")); const unsigned char *cert = list + 3, *cert_end = cert + ((list[0] << 16) | (list[1] << 8) | list[2]); - if (cert_end > list_end) { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Certificate rec missing or incomplete.")); - return false; - } + if (cert_end > list_end) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Certificate rec missing or incomplete.")); // Certificate cert_context c; - if (!c.create(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert, (DWORD)(cert_end - cert))) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error reading certificate.")); - return false; - } + if (!c.create(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert, (DWORD)(cert_end - cert))) + throw win_runtime_error(_T(__FUNCTION__) _T(" Error reading certificate.")); m_server_cert_chain.push_back(std::move(c)); list = cert_end; @@ -675,59 +619,41 @@ bool eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_ms break; case finished: - if (rec_end - rec != 12) { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" \"finished\" size incorrect (expected 12B, received %u)."), rec_end - rec).c_str()); - return false; - } + if (rec_end - rec != 12) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" \"finished\" size incorrect (expected 12B, received %u)."), rec_end - rec).c_str()); vector hash, hash_sha1; - if (!CryptGetHashParam(m_hash_handshake_msgs_md5, HP_HASHVAL, hash, 0)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error finishing MD5 hash calculation.")); - return false; - } - if (!CryptGetHashParam(m_hash_handshake_msgs_sha1, HP_HASHVAL, hash_sha1, 0)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error finishing SHA-1 hash calculation.")); - return false; - } + if (!CryptGetHashParam(m_hash_handshake_msgs_md5, HP_HASHVAL, hash, 0)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Error finishing MD5 hash calculation.")); + if (!CryptGetHashParam(m_hash_handshake_msgs_sha1, HP_HASHVAL, hash_sha1, 0)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Error finishing SHA-1 hash calculation.")); hash.insert(hash.end(), hash_sha1.begin(), hash_sha1.end()); } msg = rec_end; } - - return true; } -bool eap::method_tls::encrypt_message(_Inout_ sanitizing_blob &msg, _Out_ EAP_ERROR **ppEapError) +void eap::method_tls::encrypt_message(_Inout_ sanitizing_blob &msg) { - assert(ppEapError); - // Create a HMAC hash. crypt_hash hash_hmac; static const HMAC_INFO s_hmac_info = { CALG_SHA1 }; if (!hash_hmac.create(m_cp, CALG_HMAC, m_key_hmac, 0) || !CryptSetHashParam(hash_hmac, HP_HMAC_INFO, (const BYTE*)&s_hmac_info, 0)) - { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error creating HMAC hash.")); - return false; - } + throw win_runtime_error(_T(__FUNCTION__) _T(" Error creating HMAC hash.")); // Hash sequence number and message. unsigned __int64 seq_num = htonll(m_seq_num); if (!CryptHashData(hash_hmac, (const BYTE*)&seq_num, sizeof(seq_num), 0) || !CryptHashData(hash_hmac, msg.data(), (DWORD)msg.size(), 0)) - { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error hashing data.")); - return false; - } + throw win_runtime_error(_T(__FUNCTION__) _T(" Error hashing data.")); // Calculate hash. vector hmac; - if (!CryptGetHashParam(hash_hmac, HP_HASHVAL, hmac, 0)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error finishing hash calculation.")); - return false; - } + if (!CryptGetHashParam(hash_hmac, HP_HASHVAL, hmac, 0)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Error finishing hash calculation.")); // Remove SSL/TLS header (record type, version, message size). msg.erase(msg.begin(), msg.begin() + 5); @@ -752,59 +678,46 @@ bool eap::method_tls::encrypt_message(_Inout_ sanitizing_blob &msg, _Out_ EAP_ER // Encrypt. assert(size < 0xffffffff); DWORD size2 = (DWORD)size; - if (!CryptEncrypt(m_key_encrypt, NULL, FALSE, 0, msg.data(), &size2, (DWORD)size)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error encrypting message.")); - return false; - } + if (!CryptEncrypt(m_key_encrypt, NULL, FALSE, 0, msg.data(), &size2, (DWORD)size)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Error encrypting message.")); // Increment sequence number. m_seq_num++; - - return true; } -bool eap::method_tls::decrypt_message(_Inout_ sanitizing_blob &msg, _Out_ EAP_ERROR **ppEapError) +void eap::method_tls::decrypt_message(_Inout_ sanitizing_blob &msg) { // Decrypt. DWORD size = (DWORD)msg.size(); - if (!CryptDecrypt(m_key_decrypt, NULL, FALSE, 0, msg.data(), &size)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error decrypting message.")); - return false; - } + if (!CryptDecrypt(m_key_decrypt, NULL, FALSE, 0, msg.data(), &size)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Error decrypting message.")); // Remove padding. msg.resize(size - msg.back() - 1); - return true; } -bool eap::method_tls::p_hash( +vector eap::method_tls::p_hash( _In_ ALG_ID alg, _In_bytecount_(size_secret) const void *secret, _In_ size_t size_secret, _In_bytecount_(size_seed) const void *seed, _In_ size_t size_seed, - _In_ size_t size, - _Out_ vector data, - _Out_ EAP_ERROR **ppEapError) + _In_ size_t size) { // HMAC symmetric key generation. crypt_hash hash_key; - if (!hash_key.create(m_cp, alg, 0, 0)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error creating key hash.")); - return false; - } - if (!CryptHashData(hash_key, (const BYTE*)secret, (DWORD)size_secret, 0)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error hashing secret.")); - return false; - } + if (!hash_key.create(m_cp, alg, 0, 0)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Error creating key hash.")); + if (!CryptHashData(hash_key, (const BYTE*)secret, (DWORD)size_secret, 0)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Error hashing secret.")); crypt_key key_hmac; key_hmac.derive(m_cp, CALG_RC4, hash_key, 0); vector block; const HMAC_INFO hmac_info = { alg }; - data.clear(); + vector data; data.reserve(size); // https://tools.ietf.org/html/rfc5246#section-5: @@ -826,41 +739,26 @@ bool eap::method_tls::p_hash( crypt_hash hash_hmac1; if (!hash_hmac1.create(m_cp, CALG_HMAC, key_hmac, 0) || !CryptSetHashParam(hash_hmac1, HP_HMAC_INFO, (const BYTE*)&hmac_info, 0)) - { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error creating HMAC hash.")); - return false; - } - if (!CryptHashData(hash_hmac1, A.data(), (DWORD)A.size(), 0)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error hashing A.")); - return false; - } - if (!CryptGetHashParam(hash_hmac1, HP_HASHVAL, A, 0)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error finishing hash A calculation.")); - return false; - } + throw win_runtime_error(_T(__FUNCTION__) _T(" Error creating HMAC hash.")); + if (!CryptHashData(hash_hmac1, A.data(), (DWORD)A.size(), 0)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Error hashing A.")); + if (!CryptGetHashParam(hash_hmac1, HP_HASHVAL, A, 0)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Error finishing hash A calculation.")); // Hash A and seed. crypt_hash hash_hmac2; if (!hash_hmac2.create(m_cp, CALG_HMAC, key_hmac, 0) || !CryptSetHashParam(hash_hmac2, HP_HMAC_INFO, (const BYTE*)&hmac_info, 0)) - { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error creating A+seed hash.")); - return false; - } + throw win_runtime_error(_T(__FUNCTION__) _T(" Error creating A+seed hash.")); if (!CryptHashData(hash_hmac2, A.data(), (DWORD)A.size(), 0) || !CryptHashData(hash_hmac2, (const BYTE*)seed, (DWORD)size_seed, 0)) - { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error hashing seed.")); - return false; - } - if (!CryptGetHashParam(hash_hmac2, HP_HASHVAL, block, 0)) { - *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error finishing hash A+seed calculation.")); - return false; - } + throw win_runtime_error(_T(__FUNCTION__) _T(" Error hashing seed.")); + if (!CryptGetHashParam(hash_hmac2, HP_HASHVAL, block, 0)) + throw win_runtime_error(_T(__FUNCTION__) _T(" Error finishing hash A+seed calculation.")); // Append to output data. data.insert(data.end(), block.begin(), block.end()); } - return true; + return data; } diff --git a/lib/TTLS/include/Config.h b/lib/TTLS/include/Config.h index 346b1c2..ffffb0e 100644 --- a/lib/TTLS/include/Config.h +++ b/lib/TTLS/include/Config.h @@ -93,29 +93,19 @@ namespace eap { /// @{ /// - /// Save configuration to XML document + /// Save to XML document /// /// \param[in] pDoc XML document - /// \param[in] pConfigRoot Suggested root element for saving configuration - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Suggested root element for saving /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const; + virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const; /// - /// Load configuration from XML document + /// Load from XML document /// - /// \param[in] pConfigRoot Root element for loading configuration - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Root element for loading /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError); + virtual void load(_In_ IXMLDOMNode *pConfigRoot); /// @} diff --git a/lib/TTLS/include/Credentials.h b/lib/TTLS/include/Credentials.h index 57bea99..59b75b9 100644 --- a/lib/TTLS/include/Credentials.h +++ b/lib/TTLS/include/Credentials.h @@ -103,29 +103,19 @@ namespace eap /// @{ /// - /// Save credentials to XML document + /// Save to XML document /// /// \param[in] pDoc XML document - /// \param[in] pConfigRoot Suggested root element for saving credentials - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Suggested root element for saving /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const; + virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const; /// - /// Load credentials from XML document + /// Load from XML document /// - /// \param[in] pConfigRoot Root element for loading credentials - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. + /// \param[in] pConfigRoot Root element for loading /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError); + virtual void load(_In_ IXMLDOMNode *pConfigRoot); /// @} @@ -160,25 +150,15 @@ namespace eap /// Save credentials to Windows Credential Manager /// /// \param[in] pszTargetName The name in Windows Credential Manager to store credentials as - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const; + virtual void store(_In_ LPCTSTR pszTargetName) const; /// /// Retrieve credentials from Windows Credential Manager /// /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from - /// \param[out] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`. /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError); + virtual void retrieve(_In_ LPCTSTR pszTargetName); /// /// Return target suffix for Windows Credential Manager credential name diff --git a/lib/TTLS/include/Method.h b/lib/TTLS/include/Method.h index e99dc98..69d057f 100644 --- a/lib/TTLS/include/Method.h +++ b/lib/TTLS/include/Method.h @@ -101,59 +101,39 @@ namespace eap /// /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool begin_session( + virtual void begin_session( _In_ DWORD dwFlags, _In_ const EapAttributes *pAttributeArray, _In_ HANDLE hTokenImpersonateUser, - _In_ DWORD dwMaxSendPacketSize, - _Out_ EAP_ERROR **ppEapError); + _In_ DWORD dwMaxSendPacketSize); /// /// Processes a packet received by EAPHost from a supplicant. /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx) /// - virtual bool process_request_packet( + virtual void process_request_packet( _In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket, _In_ DWORD dwReceivedPacketSize, - _Out_ EapPeerMethodOutput *pEapOutput, - _Out_ EAP_ERROR **ppEapError); + _Inout_ EapPeerMethodOutput *pEapOutput); /// /// Obtains a response packet from the EAP method. /// /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_response_packet( + virtual void get_response_packet( _Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket, - _Inout_ DWORD *pdwSendPacketSize, - _Out_ EAP_ERROR **ppEapError); + _Inout_ DWORD *pdwSendPacketSize); /// /// Obtains the result of an authentication session from the EAP method. /// /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_result( - _In_ EapPeerMethodResultReason reason, - _Out_ EapPeerMethodResult *ppResult, - _Out_ EAP_ERROR **ppEapError); + virtual void get_result( + _In_ EapPeerMethodResultReason reason, + _Inout_ EapPeerMethodResult *ppResult); /// @} diff --git a/lib/TTLS/include/Module.h b/lib/TTLS/include/Module.h index d9c57a6..402b73c 100644 --- a/lib/TTLS/include/Module.h +++ b/lib/TTLS/include/Module.h @@ -53,55 +53,38 @@ namespace eap /// /// \sa [EapPeerGetInfo function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363613.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool initialize(_Out_ EAP_ERROR **ppEapError); + virtual void initialize(); /// /// Shuts down the EAP method and prepares to unload its corresponding DLL. /// /// \sa [EapPeerShutdown function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363627.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool shutdown(_Out_ EAP_ERROR **ppEapError); + virtual void shutdown(); /// /// Returns the user data and user identity after being called by EAPHost. /// /// \sa [EapPeerGetIdentity function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363607.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_identity( - _In_ DWORD dwFlags, - _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, - _In_ DWORD dwConnectionDataSize, - _In_count_(dwUserDataSize) const BYTE *pUserData, - _In_ DWORD dwUserDataSize, - _Out_ BYTE **ppUserDataOut, - _Out_ DWORD *pdwUserDataOutSize, - _In_ HANDLE hTokenImpersonateUser, - _Out_ BOOL *pfInvokeUI, - _Out_ WCHAR **ppwszIdentity, - _Out_ EAP_ERROR **ppEapError); + virtual void get_identity( + _In_ DWORD dwFlags, + _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, + _In_ DWORD dwConnectionDataSize, + _In_count_(dwUserDataSize) const BYTE *pUserData, + _In_ DWORD dwUserDataSize, + _Inout_ BYTE **ppUserDataOut, + _Inout_ DWORD *pdwUserDataOutSize, + _In_ HANDLE hTokenImpersonateUser, + _Inout_ BOOL *pfInvokeUI, + _Inout_ WCHAR **ppwszIdentity); /// /// Defines the implementation of an EAP method-specific function that retrieves the properties of an EAP method given the connection and user data. /// /// \sa [EapPeerGetMethodProperties function](https://msdn.microsoft.com/en-us/library/windows/desktop/hh706636.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_method_properties( + virtual void get_method_properties( _In_ DWORD dwVersion, _In_ DWORD dwFlags, _In_ HANDLE hUserImpersonationToken, @@ -109,26 +92,20 @@ namespace eap _In_ DWORD dwConnectionDataSize, _In_count_(dwUserDataSize) const BYTE *pUserData, _In_ DWORD dwUserDataSize, - _Out_ EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray, - _Out_ EAP_ERROR **ppEapError); + _Inout_ EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray); /// /// Converts XML into the configuration BLOB. The XML based credentials can come from group policy or from a system administrator. /// /// \sa [EapPeerCredentialsXml2Blob function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363603.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool credentials_xml2blob( + virtual void credentials_xml2blob( _In_ DWORD dwFlags, _In_ IXMLDOMNode *pConfigRoot, _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, _In_ DWORD dwConnectionDataSize, - _Out_ BYTE **ppCredentialsOut, - _Out_ DWORD *pdwCredentialsOutSize, - _Out_ EAP_ERROR **ppEapError); + _Inout_ BYTE **ppCredentialsOut, + _Inout_ DWORD *pdwCredentialsOutSize); /// \name Session management /// @{ @@ -138,11 +115,9 @@ namespace eap /// /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. + /// \returns Session handle /// - virtual bool begin_session( + virtual EAP_SESSION_HANDLE begin_session( _In_ DWORD dwFlags, _In_ const EapAttributes *pAttributeArray, _In_ HANDLE hTokenImpersonateUser, @@ -150,68 +125,45 @@ namespace eap _In_ DWORD dwConnectionDataSize, _In_count_(dwUserDataSize) const BYTE *pUserData, _In_ DWORD dwUserDataSize, - _In_ DWORD dwMaxSendPacketSize, - _Out_ EAP_SESSION_HANDLE *phSession, - _Out_ EAP_ERROR **ppEapError); + _In_ DWORD dwMaxSendPacketSize); /// /// Ends an EAP authentication session for the EAP method. /// /// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool end_session( - _In_ EAP_SESSION_HANDLE hSession, - _Out_ EAP_ERROR **ppEapError); + virtual void end_session(_In_ EAP_SESSION_HANDLE hSession); /// /// Processes a packet received by EAPHost from a supplicant. /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx) /// - virtual bool process_request_packet( + virtual void process_request_packet( _In_ EAP_SESSION_HANDLE hSession, _In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket, _In_ DWORD dwReceivedPacketSize, - _Out_ EapPeerMethodOutput *pEapOutput, - _Out_ EAP_ERROR **ppEapError); + _Inout_ EapPeerMethodOutput *pEapOutput); /// /// Obtains a response packet from the EAP method. /// /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_response_packet( + virtual void get_response_packet( _In_ EAP_SESSION_HANDLE hSession, _Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket, - _Inout_ DWORD *pdwSendPacketSize, - _Out_ EAP_ERROR **ppEapError); + _Inout_ DWORD *pdwSendPacketSize); /// /// Obtains the result of an authentication session from the EAP method. /// /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_result( - _In_ EAP_SESSION_HANDLE hSession, - _In_ EapPeerMethodResultReason reason, - _Out_ EapPeerMethodResult *ppResult, - _Out_ EAP_ERROR **ppEapError); + virtual void get_result( + _In_ EAP_SESSION_HANDLE hSession, + _In_ EapPeerMethodResultReason reason, + _Inout_ EapPeerMethodResult *ppResult); /// /// Obtains the user interface context from the EAP method. @@ -220,15 +172,10 @@ namespace eap /// /// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_ui_context( - _In_ EAP_SESSION_HANDLE hSession, - _Out_ BYTE **ppUIContextData, - _Out_ DWORD *pdwUIContextDataSize, - _Out_ EAP_ERROR **ppEapError); + virtual void get_ui_context( + _In_ EAP_SESSION_HANDLE hSession, + _Inout_ BYTE **ppUIContextData, + _Inout_ DWORD *pdwUIContextDataSize); /// /// Provides a user interface context to the EAP method. @@ -237,45 +184,30 @@ namespace eap /// /// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool set_ui_context( + virtual void set_ui_context( _In_ EAP_SESSION_HANDLE hSession, _In_count_(dwUIContextDataSize) const BYTE *pUIContextData, _In_ DWORD dwUIContextDataSize, - _In_ const EapPeerMethodOutput *pEapOutput, - _Out_ EAP_ERROR **ppEapError); + _In_ const EapPeerMethodOutput *pEapOutput); /// /// Obtains an array of EAP response attributes from the EAP method. /// /// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool get_response_attributes( - _In_ EAP_SESSION_HANDLE hSession, - _Out_ EapAttributes *pAttribs, - _Out_ EAP_ERROR **ppEapError); + virtual void get_response_attributes( + _In_ EAP_SESSION_HANDLE hSession, + _Inout_ EapAttributes *pAttribs); /// /// Provides an updated array of EAP response attributes to the EAP method. /// /// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool set_response_attributes( + virtual void set_response_attributes( _In_ EAP_SESSION_HANDLE hSession, _In_ const EapAttributes *pAttribs, - _Out_ EapPeerMethodOutput *pEapOutput, - _Out_ EAP_ERROR **ppEapError); + _Inout_ EapPeerMethodOutput *pEapOutput); /// @} diff --git a/lib/TTLS/src/Config.cpp b/lib/TTLS/src/Config.cpp index 6745fc5..8d76ccf 100644 --- a/lib/TTLS/src/Config.cpp +++ b/lib/TTLS/src/Config.cpp @@ -85,69 +85,51 @@ eap::config* eap::config_method_ttls::clone() const } -bool eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const +void eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const { assert(pDoc); assert(pConfigRoot); - assert(ppEapError); - if (!config_method::save(pDoc, pConfigRoot, ppEapError)) - return false; + config_method::save(pDoc, pConfigRoot); const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata"); DWORD dwResult; // com_obj pXmlElClientSideCredential; - if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), bstr(L"ClientSideCredential"), bstrNamespace, &pXmlElClientSideCredential)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), bstr(L"ClientSideCredential"), bstrNamespace, &pXmlElClientSideCredential)) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // / if (!m_anonymous_identity.empty()) - if ((dwResult = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, bstr(L"AnonymousIdentity"), bstrNamespace, bstr(m_anonymous_identity))) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, bstr(L"AnonymousIdentity"), bstrNamespace, bstr(m_anonymous_identity))) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - if (!m_outer.save(pDoc, pConfigRoot, ppEapError)) - return false; + m_outer.save(pDoc, pConfigRoot); // com_obj pXmlElInnerAuthenticationMethod; - if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), bstr(L"InnerAuthenticationMethod"), bstrNamespace, &pXmlElInnerAuthenticationMethod)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), bstr(L"InnerAuthenticationMethod"), bstrNamespace, &pXmlElInnerAuthenticationMethod)) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); if (dynamic_cast(m_inner.get())) { // / - if ((dwResult = eapxml::put_element_value(pDoc, pXmlElInnerAuthenticationMethod, bstr(L"NonEAPAuthMethod"), bstrNamespace, bstr(L"PAP"))) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::put_element_value(pDoc, pXmlElInnerAuthenticationMethod, bstr(L"NonEAPAuthMethod"), bstrNamespace, bstr(L"PAP"))) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); // /... - if (!m_inner->save(pDoc, pXmlElInnerAuthenticationMethod, ppEapError)) - return false; - } else { - *ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Unsupported inner authentication method.")); - return false; - } - - return true; + m_inner->save(pDoc, pXmlElInnerAuthenticationMethod); + } else + throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Unsupported inner authentication method.")); } -bool eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) +void eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot) { assert(pConfigRoot); - assert(ppEapError); DWORD dwResult; - if (!config_method::load(pConfigRoot, ppEapError)) - return false; + config_method::load(pConfigRoot); std::wstring xpath(eapxml::get_xpath(pConfigRoot)); @@ -163,15 +145,12 @@ bool eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERRO m_module.log_config((xpathClientSideCredential + L"/AnonymousIdentity").c_str(), m_anonymous_identity.c_str()); } - if (!m_outer.load(pConfigRoot, ppEapError)) - return false; + m_outer.load(pConfigRoot); // com_obj pXmlElInnerAuthenticationMethod; - if ((dwResult = eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), &pXmlElInnerAuthenticationMethod)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error selecting element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document.")); - return false; - } + if ((dwResult = eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), &pXmlElInnerAuthenticationMethod)) != ERROR_SUCCESS) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error selecting element.")); // Determine inner authentication type ( and ). //DWORD dwMethodID; @@ -188,14 +167,9 @@ bool eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERRO // PAP m_module.log_config((xpath + L"/NonEAPAuthMethod").c_str(), L"PAP"); m_inner.reset(new config_method_pap(m_module)); - if (!m_inner->load(pXmlElInnerAuthenticationMethod, ppEapError)) - return false; - } else { - *ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Unsupported inner authentication method.")); - return false; - } - - return true; + m_inner->load(pXmlElInnerAuthenticationMethod); + } else + throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Unsupported inner authentication method.")); } diff --git a/lib/TTLS/src/Credentials.cpp b/lib/TTLS/src/Credentials.cpp index 3adf4dd..bc2da8b 100644 --- a/lib/TTLS/src/Credentials.cpp +++ b/lib/TTLS/src/Credentials.cpp @@ -96,17 +96,14 @@ bool eap::credentials_ttls::empty() const } -bool eap::credentials_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const +void eap::credentials_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const { assert(pDoc); assert(pConfigRoot); - assert(ppEapError); - if (!credentials::save(pDoc, pConfigRoot, ppEapError)) - return false; + credentials::save(pDoc, pConfigRoot); - if (!m_outer.save(pDoc, pConfigRoot, ppEapError)) - return false; + m_outer.save(pDoc, pConfigRoot); const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata"); DWORD dwResult; @@ -115,49 +112,34 @@ bool eap::credentials_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p if (m_inner) { // winstd::com_obj pXmlElInnerAuthenticationMethod; - if ((dwResult = eapxml::create_element(pDoc, winstd::bstr(L"InnerAuthenticationMethod"), bstrNamespace, &pXmlElInnerAuthenticationMethod))) { - *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - return false; - } + if ((dwResult = eapxml::create_element(pDoc, winstd::bstr(L"InnerAuthenticationMethod"), bstrNamespace, &pXmlElInnerAuthenticationMethod))) + throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating element.")); - if (!m_inner->save(pDoc, pXmlElInnerAuthenticationMethod, ppEapError)) - return false; + m_inner->save(pDoc, pXmlElInnerAuthenticationMethod); - if (FAILED(hr = pConfigRoot->appendChild(pXmlElInnerAuthenticationMethod, NULL))) { - *ppEapError = m_module.make_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending element.")); - return false; - } + if (FAILED(hr = pConfigRoot->appendChild(pXmlElInnerAuthenticationMethod, NULL))) + throw win_runtime_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending element.")); } - - return true; } -bool eap::credentials_ttls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) +void eap::credentials_ttls::load(_In_ IXMLDOMNode *pConfigRoot) { assert(pConfigRoot); - assert(ppEapError); DWORD dwResult; - if (!credentials::load(pConfigRoot, ppEapError)) - return false; + credentials::load(pConfigRoot); - if (!m_outer.load(pConfigRoot, ppEapError)) - return false; + m_outer.load(pConfigRoot); // TODO: For the time being, there is no detection what type is inner method. Introduce one! if (m_inner) { com_obj pXmlElInnerAuthenticationMethod; - if ((dwResult = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), &pXmlElInnerAuthenticationMethod)) != ERROR_SUCCESS) { - *ppEapError = m_module.make_error(ERROR_NOT_FOUND, _T(__FUNCTION__) _T(" Error selecting element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document.")); - return false; - } + if ((dwResult = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), &pXmlElInnerAuthenticationMethod)) != ERROR_SUCCESS) + throw invalid_argument(__FUNCTION__ " Error selecting element."); - if (!m_inner->load(pXmlElInnerAuthenticationMethod, ppEapError)) - return false; + m_inner->load(pXmlElInnerAuthenticationMethod); } - - return true; } @@ -219,31 +201,21 @@ void eap::credentials_ttls::operator>>(_Inout_ cursor_in &cursor) } -bool eap::credentials_ttls::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const +void eap::credentials_ttls::store(_In_ LPCTSTR pszTargetName) const { - if (!m_outer.store(pszTargetName, ppEapError)) - return false; + m_outer.store(pszTargetName); - if (m_inner) { - if (!m_inner->store(pszTargetName, ppEapError)) - return false; - } - - return true; + if (m_inner) + m_inner->store(pszTargetName); } -bool eap::credentials_ttls::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) +void eap::credentials_ttls::retrieve(_In_ LPCTSTR pszTargetName) { - if (!m_outer.retrieve(pszTargetName, ppEapError)) - return false; + m_outer.retrieve(pszTargetName); - if (m_inner) { - if (!m_inner->retrieve(pszTargetName, ppEapError)) - return false; - } - - return true; + if (m_inner) + m_inner->retrieve(pszTargetName); } diff --git a/lib/TTLS/src/Method.cpp b/lib/TTLS/src/Method.cpp index 8172e5b..c96761e 100644 --- a/lib/TTLS/src/Method.cpp +++ b/lib/TTLS/src/Method.cpp @@ -71,34 +71,26 @@ eap::method_ttls& eap::method_ttls::operator=(_Inout_ method_ttls &&other) } -bool eap::method_ttls::begin_session( +void eap::method_ttls::begin_session( _In_ DWORD dwFlags, _In_ const EapAttributes *pAttributeArray, _In_ HANDLE hTokenImpersonateUser, - _In_ DWORD dwMaxSendPacketSize, - _Out_ EAP_ERROR **ppEapError) + _In_ DWORD dwMaxSendPacketSize) { - if (!m_outer.begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize, ppEapError)) - return false; - - return true; + m_outer.begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize); } -bool eap::method_ttls::process_request_packet( +void eap::method_ttls::process_request_packet( _In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket, _In_ DWORD dwReceivedPacketSize, - _Out_ EapPeerMethodOutput *pEapOutput, - _Out_ EAP_ERROR **ppEapError) + _Inout_ EapPeerMethodOutput *pEapOutput) { // Is this a valid EAP-TTLS packet? - if (dwReceivedPacketSize < 6) { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Packet is too small. EAP-%s packets should be at least 6B.")); - return false; - } else if (pReceivedPacket->Data[0] != eap_type_ttls) { - *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Packet is not EAP-TTLS (expected: %u, received: %u)."), eap_type_ttls, pReceivedPacket->Data[0]).c_str()); - return false; - } + if (dwReceivedPacketSize < 6) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Packet is too small. EAP-%s packets should be at least 6B.")); + else if (pReceivedPacket->Data[0] != eap_type_ttls) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Packet is not EAP-TTLS (expected: %u, received: %u)."), eap_type_ttls, pReceivedPacket->Data[0]).c_str()); if (pReceivedPacket->Code == EapCodeRequest && (pReceivedPacket->Data[1] & flags_start)) { // This is a start EAP-TTLS packet. @@ -109,31 +101,26 @@ bool eap::method_ttls::process_request_packet( m_module.log_event(&EAPMETHOD_HANDSHAKE_START1, event_data((unsigned int)eap_type_ttls), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank); } - return m_outer.process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput, ppEapError); + m_outer.process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput); } -bool eap::method_ttls::get_response_packet( +void eap::method_ttls::get_response_packet( _Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket, - _Inout_ DWORD *pdwSendPacketSize, - _Out_ EAP_ERROR **ppEapError) + _Inout_ DWORD *pdwSendPacketSize) { - if (!m_outer.get_response_packet(pSendPacket, pdwSendPacketSize, ppEapError)) - return false; + m_outer.get_response_packet(pSendPacket, pdwSendPacketSize); // Change packet type to EAP-TTLS, and add EAP-TTLS version. pSendPacket->Data[0] = (BYTE)eap_type_ttls; pSendPacket->Data[1] &= ~flags_ver_mask; pSendPacket->Data[1] |= m_version; - - return true; } -bool eap::method_ttls::get_result( - _In_ EapPeerMethodResultReason reason, - _Out_ EapPeerMethodResult *ppResult, - _Out_ EAP_ERROR **ppEapError) +void eap::method_ttls::get_result( + _In_ EapPeerMethodResultReason reason, + _Inout_ EapPeerMethodResult *ppResult) { - return m_outer.get_result(reason, ppResult, ppEapError); + m_outer.get_result(reason, ppResult); } diff --git a/lib/TTLS/src/Module.cpp b/lib/TTLS/src/Module.cpp index 02f33b8..288b762 100644 --- a/lib/TTLS/src/Module.cpp +++ b/lib/TTLS/src/Module.cpp @@ -39,10 +39,8 @@ eap::config_method* eap::peer_ttls::make_config_method() } -bool eap::peer_ttls::initialize(_Out_ EAP_ERROR **ppEapError) +void eap::peer_ttls::initialize() { - UNREFERENCED_PARAMETER(ppEapError); - // MSI's feature completeness check removed: It might invoke UI (prompt user for missing MSI), // which would be disasterous in EapHost system service. #if 0 @@ -52,43 +50,34 @@ bool eap::peer_ttls::initialize(_Out_ EAP_ERROR **ppEapError) if (MsiQueryFeatureState(_T(PRODUCT_VERSION_GUID), _T("featEAPTTLS")) != INSTALLSTATE_UNKNOWN) MsiUseFeature(_T(PRODUCT_VERSION_GUID), _T("featEAPTTLS")); #endif - - return true; } -bool eap::peer_ttls::shutdown(_Out_ EAP_ERROR **ppEapError) +void eap::peer_ttls::shutdown() { - UNREFERENCED_PARAMETER(ppEapError); - return true; } -bool eap::peer_ttls::get_identity( - _In_ DWORD dwFlags, - _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, - _In_ DWORD dwConnectionDataSize, - _In_count_(dwUserDataSize) const BYTE *pUserData, - _In_ DWORD dwUserDataSize, - _Out_ BYTE **ppUserDataOut, - _Out_ DWORD *pdwUserDataOutSize, - _In_ HANDLE hTokenImpersonateUser, - _Out_ BOOL *pfInvokeUI, - _Out_ WCHAR **ppwszIdentity, - _Out_ EAP_ERROR **ppEapError) +void eap::peer_ttls::get_identity( + _In_ DWORD dwFlags, + _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, + _In_ DWORD dwConnectionDataSize, + _In_count_(dwUserDataSize) const BYTE *pUserData, + _In_ DWORD dwUserDataSize, + _Inout_ BYTE **ppUserDataOut, + _Inout_ DWORD *pdwUserDataOutSize, + _In_ HANDLE hTokenImpersonateUser, + _Inout_ BOOL *pfInvokeUI, + _Inout_ WCHAR **ppwszIdentity) { assert(pfInvokeUI); assert(ppwszIdentity); - assert(ppEapError); // Unpack configuration. config_provider_list cfg(*this); - if (!unpack(cfg, pConnectionData, dwConnectionDataSize, ppEapError)) - return false; - else if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty()) { - *ppEapError = make_error(ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" Configuration has no providers and/or methods.")); - return false; - } + unpack(cfg, pConnectionData, dwConnectionDataSize); + if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty()) + throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods."); // Get method configuration. const config_provider &cfg_prov(cfg.m_providers.front()); @@ -98,8 +87,8 @@ bool eap::peer_ttls::get_identity( // Unpack cached credentials. credentials_ttls cred_in(*this); - if (dwUserDataSize && !unpack(cred_in, pUserData, dwUserDataSize, ppEapError)) - return false; + if (dwUserDataSize) + unpack(cred_in, pUserData, dwUserDataSize); credentials_ttls cred_out(*this); @@ -160,15 +149,16 @@ bool eap::peer_ttls::get_identity( bool user_ctx_changed = hTokenImpersonateUser && ImpersonateLoggedOnUser(hTokenImpersonateUser); if (!is_outer_set) { - credentials_tls cred_loaded(*this); - if (cred_loaded.retrieve(cfg_prov.m_id.c_str(), ppEapError)) { + try { + credentials_tls cred_loaded(*this); + cred_loaded.retrieve(cfg_prov.m_id.c_str()); + // Outer TLS: Using stored credentials. cred_out.m_outer = std::move(cred_loaded); log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_tls), event_data(cred_out.m_outer.get_name()), event_data::blank); is_outer_set = true; - } else { + } catch (...) { // Not actually an error. - free_error_memory(*ppEapError); } } @@ -176,14 +166,15 @@ bool eap::peer_ttls::get_identity( unique_ptr cred_loaded; if (cfg_inner_pap) cred_loaded.reset(new credentials_pap(*this)); else assert(0); // Unsupported inner authentication method type. - if (cred_loaded->retrieve(cfg_prov.m_id.c_str(), ppEapError)) { + try { + cred_loaded->retrieve(cfg_prov.m_id.c_str()); + // Inner PAP: Using stored credentials. cred_out.m_inner = std::move(cred_loaded); log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)type_inner), event_data(cred_out.m_inner->get_name()), event_data::blank); is_inner_set = true; - } else { + } catch(...) { // Not actually an error. - free_error_memory(*ppEapError); } } @@ -197,20 +188,18 @@ bool eap::peer_ttls::get_identity( if (!is_outer_set) { log_event(&EAPMETHOD_TRACE_EVT_CRED_INVOKE_UI1, event_data((unsigned int)eap_type_tls), event_data::blank); *pfInvokeUI = TRUE; - return true; + return; } if (!is_inner_set) { log_event(&EAPMETHOD_TRACE_EVT_CRED_INVOKE_UI1, event_data((unsigned int)type_inner), event_data::blank); *pfInvokeUI = TRUE; - return true; + return; } } else { // Per-machine authentication - if (!is_outer_set || !is_inner_set) { - *ppEapError = make_error(ERROR_NO_SUCH_USER, _T(__FUNCTION__) _T(" Credentials for per-machine authentication not available.")); - return false; - } + if (!is_outer_set || !is_inner_set) + throw win_runtime_error(ERROR_NO_SUCH_USER, _T(__FUNCTION__) _T(" Credentials for per-machine authentication not available.")); } // If we got here, we have all credentials we need. @@ -223,11 +212,11 @@ bool eap::peer_ttls::get_identity( memcpy(*ppwszIdentity, identity.c_str(), size); // Pack credentials. - return pack(cred_out, ppUserDataOut, pdwUserDataOutSize, ppEapError); + pack(cred_out, ppUserDataOut, pdwUserDataOutSize); } -bool eap::peer_ttls::get_method_properties( +void eap::peer_ttls::get_method_properties( _In_ DWORD dwVersion, _In_ DWORD dwFlags, _In_ HANDLE hUserImpersonationToken, @@ -235,8 +224,7 @@ bool eap::peer_ttls::get_method_properties( _In_ DWORD dwConnectionDataSize, _In_count_(dwUserDataSize) const BYTE *pUserData, _In_ DWORD dwUserDataSize, - _Out_ EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray, - _Out_ EAP_ERROR **ppEapError) + _Inout_ EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray) { UNREFERENCED_PARAMETER(dwVersion); UNREFERENCED_PARAMETER(dwFlags); @@ -246,7 +234,6 @@ bool eap::peer_ttls::get_method_properties( UNREFERENCED_PARAMETER(pUserData); UNREFERENCED_PARAMETER(dwUserDataSize); assert(pMethodPropertyArray); - assert(ppEapError); vector properties; properties.reserve(20); @@ -275,27 +262,22 @@ bool eap::peer_ttls::get_method_properties( // Allocate property array. DWORD dwCount = (DWORD)properties.size(); pMethodPropertyArray->pMethodProperty = (EAP_METHOD_PROPERTY*)alloc_memory(sizeof(EAP_METHOD_PROPERTY) * dwCount); - if (!pMethodPropertyArray->pMethodProperty) { - *ppEapError = make_error(ERROR_OUTOFMEMORY, _T(__FUNCTION__) _T(" Error allocating memory for propery array.")); - return false; - } + if (!pMethodPropertyArray->pMethodProperty) + throw win_runtime_error(ERROR_OUTOFMEMORY, _T(__FUNCTION__) _T(" Error allocating memory for propery array.")); // Copy properties. memcpy(pMethodPropertyArray->pMethodProperty, properties.data(), sizeof(EAP_METHOD_PROPERTY) * dwCount); pMethodPropertyArray->dwNumberOfProperties = dwCount; - - return true; } -bool eap::peer_ttls::credentials_xml2blob( +void eap::peer_ttls::credentials_xml2blob( _In_ DWORD dwFlags, _In_ IXMLDOMNode *pConfigRoot, _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, _In_ DWORD dwConnectionDataSize, - _Out_ BYTE **ppCredentialsOut, - _Out_ DWORD *pdwCredentialsOutSize, - _Out_ EAP_ERROR **ppEapError) + _Inout_ BYTE **ppCredentialsOut, + _Inout_ DWORD *pdwCredentialsOutSize) { UNREFERENCED_PARAMETER(dwFlags); UNREFERENCED_PARAMETER(pConnectionData); @@ -303,15 +285,14 @@ bool eap::peer_ttls::credentials_xml2blob( // Load credentials from XML. credentials_ttls cred(*this); - if (!cred.load(pConfigRoot, ppEapError)) - return false; + cred.load(pConfigRoot); // Pack credentials. - return pack(cred, ppCredentialsOut, pdwCredentialsOutSize, ppEapError); + pack(cred, ppCredentialsOut, pdwCredentialsOutSize); } -bool eap::peer_ttls::begin_session( +EAP_SESSION_HANDLE eap::peer_ttls::begin_session( _In_ DWORD dwFlags, _In_ const EapAttributes *pAttributeArray, _In_ HANDLE hTokenImpersonateUser, @@ -319,152 +300,118 @@ bool eap::peer_ttls::begin_session( _In_ DWORD dwConnectionDataSize, _In_count_(dwUserDataSize) const BYTE *pUserData, _In_ DWORD dwUserDataSize, - _In_ DWORD dwMaxSendPacketSize, - _Out_ EAP_SESSION_HANDLE *phSession, - _Out_ EAP_ERROR **ppEapError) + _In_ DWORD dwMaxSendPacketSize) { - *phSession = NULL; - - // Allocate new session. + // Create new session. unique_ptr s(new session(*this)); - if (!s) { - *ppEapError = make_error(ERROR_OUTOFMEMORY, _T(__FUNCTION__) _T(" Error allocating memory for EAP-TTLS session.")); - return false; - } // Unpack configuration. config_provider_list cfg(*this); - if (!unpack(cfg, pConnectionData, dwConnectionDataSize, ppEapError)) - return false; - else if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty()) { - *ppEapError = make_error(ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" Configuration has no providers and/or methods.")); - return false; - } + unpack(cfg, pConnectionData, dwConnectionDataSize); + if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty()) + throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods."); // Copy method configuration. const config_provider &cfg_prov(cfg.m_providers.front()); s->m_cfg = *dynamic_cast(cfg_prov.m_methods.front().get()); // Unpack credentials. - if (!unpack(s->m_cred, pUserData, dwUserDataSize, ppEapError)) - return false; + unpack(s->m_cred, pUserData, dwUserDataSize); // Initialize method. - if (!s->m_method.begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize, ppEapError)) - return false; + s->m_method.begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize); - *phSession = s.release(); - return true; + return s.release(); } -bool eap::peer_ttls::end_session(_In_ EAP_SESSION_HANDLE hSession, _Out_ EAP_ERROR **ppEapError) +void eap::peer_ttls::end_session(_In_ EAP_SESSION_HANDLE hSession) { assert(hSession); - UNREFERENCED_PARAMETER(ppEapError); // What could possibly go wrong when destroying!? ;) // End the session. session *s = static_cast(hSession); //s->end(ppEapError); delete s; - - return true; } -bool eap::peer_ttls::process_request_packet( +void eap::peer_ttls::process_request_packet( _In_ EAP_SESSION_HANDLE hSession, _In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket, _In_ DWORD dwReceivedPacketSize, - _Out_ EapPeerMethodOutput *pEapOutput, - _Out_ EAP_ERROR **ppEapError) + _Inout_ EapPeerMethodOutput *pEapOutput) { assert(dwReceivedPacketSize == ntohs(*(WORD*)pReceivedPacket->Length)); - return static_cast(hSession)->m_method.process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput, ppEapError); + static_cast(hSession)->m_method.process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput); } -bool eap::peer_ttls::get_response_packet( +void eap::peer_ttls::get_response_packet( _In_ EAP_SESSION_HANDLE hSession, _Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket, - _Inout_ DWORD *pdwSendPacketSize, - _Out_ EAP_ERROR **ppEapError) + _Inout_ DWORD *pdwSendPacketSize) { - return static_cast(hSession)->m_method.get_response_packet(pSendPacket, pdwSendPacketSize, ppEapError); + static_cast(hSession)->m_method.get_response_packet(pSendPacket, pdwSendPacketSize); } -bool eap::peer_ttls::get_result( - _In_ EAP_SESSION_HANDLE hSession, - _In_ EapPeerMethodResultReason reason, - _Out_ EapPeerMethodResult *ppResult, - _Out_ EAP_ERROR **ppEapError) +void eap::peer_ttls::get_result( + _In_ EAP_SESSION_HANDLE hSession, + _In_ EapPeerMethodResultReason reason, + _Inout_ EapPeerMethodResult *ppResult) { - return static_cast(hSession)->m_method.get_result(reason, ppResult, ppEapError); + static_cast(hSession)->m_method.get_result(reason, ppResult); } -bool eap::peer_ttls::get_ui_context( - _In_ EAP_SESSION_HANDLE hSession, - _Out_ BYTE **ppUIContextData, - _Out_ DWORD *pdwUIContextDataSize, - _Out_ EAP_ERROR **ppEapError) +void eap::peer_ttls::get_ui_context( + _In_ EAP_SESSION_HANDLE hSession, + _Inout_ BYTE **ppUIContextData, + _Inout_ DWORD *pdwUIContextDataSize) { UNREFERENCED_PARAMETER(hSession); UNREFERENCED_PARAMETER(ppUIContextData); UNREFERENCED_PARAMETER(pdwUIContextDataSize); - assert(ppEapError); - *ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); - return false; + throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); } -bool eap::peer_ttls::set_ui_context( +void eap::peer_ttls::set_ui_context( _In_ EAP_SESSION_HANDLE hSession, _In_count_(dwUIContextDataSize) const BYTE *pUIContextData, _In_ DWORD dwUIContextDataSize, - _In_ const EapPeerMethodOutput *pEapOutput, - _Out_ EAP_ERROR **ppEapError) + _In_ const EapPeerMethodOutput *pEapOutput) { UNREFERENCED_PARAMETER(hSession); UNREFERENCED_PARAMETER(pUIContextData); UNREFERENCED_PARAMETER(dwUIContextDataSize); UNREFERENCED_PARAMETER(pEapOutput); - assert(ppEapError); - *ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); - return false; + throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); } -bool eap::peer_ttls::get_response_attributes( - _In_ EAP_SESSION_HANDLE hSession, - _Out_ EapAttributes *pAttribs, - _Out_ EAP_ERROR **ppEapError) +void eap::peer_ttls::get_response_attributes( + _In_ EAP_SESSION_HANDLE hSession, + _Inout_ EapAttributes *pAttribs) { UNREFERENCED_PARAMETER(hSession); UNREFERENCED_PARAMETER(pAttribs); - UNREFERENCED_PARAMETER(ppEapError); - assert(ppEapError); - *ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); - return false; + throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); } -bool eap::peer_ttls::set_response_attributes( - _In_ EAP_SESSION_HANDLE hSession, - _In_ const EapAttributes *pAttribs, - _Out_ EapPeerMethodOutput *pEapOutput, - _Out_ EAP_ERROR **ppEapError) +void eap::peer_ttls::set_response_attributes( + _In_ EAP_SESSION_HANDLE hSession, + _In_ const EapAttributes *pAttribs, + _Inout_ EapPeerMethodOutput *pEapOutput) { UNREFERENCED_PARAMETER(hSession); UNREFERENCED_PARAMETER(pAttribs); UNREFERENCED_PARAMETER(pEapOutput); - UNREFERENCED_PARAMETER(ppEapError); - assert(ppEapError); - *ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); - return false; + throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported.")); } diff --git a/lib/TTLS_UI/include/Module.h b/lib/TTLS_UI/include/Module.h index c0c8424..f676583 100644 --- a/lib/TTLS_UI/include/Module.h +++ b/lib/TTLS_UI/include/Module.h @@ -53,16 +53,11 @@ namespace eap /// /// \sa [EapPeerConfigXml2Blob function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363602.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool config_xml2blob( - _In_ DWORD dwFlags, - _In_ IXMLDOMNode *pConfigRoot, - _Out_ BYTE **pConnectionDataOut, - _Out_ DWORD *pdwConnectionDataOutSize, - _Out_ EAP_ERROR **ppEapError); + virtual void config_xml2blob( + _In_ DWORD dwFlags, + _In_ IXMLDOMNode *pConfigRoot, + _Inout_ BYTE **pConnectionDataOut, + _Inout_ DWORD *pdwConnectionDataOutSize); /// /// Converts the configuration BLOB to XML. @@ -71,71 +66,51 @@ namespace eap /// /// \sa [EapPeerConfigBlob2Xml function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363601.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool config_blob2xml( + virtual void config_blob2xml( _In_ DWORD dwFlags, _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, _In_ DWORD dwConnectionDataSize, _In_ IXMLDOMDocument *pDoc, - _In_ IXMLDOMNode *pConfigRoot, - _Out_ EAP_ERROR **ppEapError); + _In_ IXMLDOMNode *pConfigRoot); /// /// Raises the EAP method's specific connection configuration user interface dialog on the client. /// /// \sa [EapPeerInvokeConfigUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363614.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool invoke_config_ui( - _In_ HWND hwndParent, - _In_count_(dwConnectionDataInSize) const BYTE *pConnectionDataIn, - _In_ DWORD dwConnectionDataInSize, - _Out_ BYTE **ppConnectionDataOut, - _Out_ DWORD *pdwConnectionDataOutSize, - _Out_ EAP_ERROR **ppEapError); + virtual void invoke_config_ui( + _In_ HWND hwndParent, + _In_count_(dwConnectionDataInSize) const BYTE *pConnectionDataIn, + _In_ DWORD dwConnectionDataInSize, + _Inout_ BYTE **ppConnectionDataOut, + _Inout_ DWORD *pdwConnectionDataOutSize); /// /// Raises a custom interactive user interface dialog to obtain user identity information for the EAP method on the client. /// /// \sa [EapPeerInvokeIdentityUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363615.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool invoke_identity_ui( - _In_ HWND hwndParent, - _In_ DWORD dwFlags, - _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, - _In_ DWORD dwConnectionDataSize, - _In_count_(dwUserDataSize) const BYTE *pUserData, - _In_ DWORD dwUserDataSize, - _Out_ BYTE **ppUserDataOut, - _Out_ DWORD *pdwUserDataOutSize, - _Out_ LPWSTR *ppwszIdentity, - _Out_ EAP_ERROR **ppEapError); + virtual void invoke_identity_ui( + _In_ HWND hwndParent, + _In_ DWORD dwFlags, + _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, + _In_ DWORD dwConnectionDataSize, + _In_count_(dwUserDataSize) const BYTE *pUserData, + _In_ DWORD dwUserDataSize, + _Inout_ BYTE **ppUserDataOut, + _Inout_ DWORD *pdwUserDataOutSize, + _Inout_ LPWSTR *ppwszIdentity); /// /// Raises a custom interactive user interface dialog for the EAP method on the client. /// /// \sa [EapPeerInvokeInteractiveUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363616.aspx) /// - /// \returns - /// - \c true if succeeded - /// - \c false otherwise. See \p ppEapError for details. - /// - virtual bool invoke_interactive_ui( - _In_ HWND hwndParent, - _In_count_(dwUIContextDataSize) const BYTE *pUIContextData, - _In_ DWORD dwUIContextDataSize, - _Out_ BYTE **ppDataFromInteractiveUI, - _Out_ DWORD *pdwDataFromInteractiveUISize, - _Out_ EAP_ERROR **ppEapError); + virtual void invoke_interactive_ui( + _In_ HWND hwndParent, + _In_count_(dwUIContextDataSize) const BYTE *pUIContextData, + _In_ DWORD dwUIContextDataSize, + _Inout_ BYTE **ppDataFromInteractiveUI, + _Inout_ DWORD *pdwDataFromInteractiveUISize); }; } diff --git a/lib/TTLS_UI/src/Module.cpp b/lib/TTLS_UI/src/Module.cpp index 463c776..c669539 100644 --- a/lib/TTLS_UI/src/Module.cpp +++ b/lib/TTLS_UI/src/Module.cpp @@ -39,57 +39,52 @@ eap::config_method* eap::peer_ttls_ui::make_config_method() } -bool eap::peer_ttls_ui::config_xml2blob( - _In_ DWORD dwFlags, - _In_ IXMLDOMNode *pConfigRoot, - _Out_ BYTE **pConnectionDataOut, - _Out_ DWORD *pdwConnectionDataOutSize, - _Out_ EAP_ERROR **ppEapError) +void eap::peer_ttls_ui::config_xml2blob( + _In_ DWORD dwFlags, + _In_ IXMLDOMNode *pConfigRoot, + _Inout_ BYTE **pConnectionDataOut, + _Inout_ DWORD *pdwConnectionDataOutSize) { UNREFERENCED_PARAMETER(dwFlags); // Load configuration from XML. config_provider_list cfg(*this); - if (!cfg.load(pConfigRoot, ppEapError)) - return false; + cfg.load(pConfigRoot); // Pack configuration. - return pack(cfg, pConnectionDataOut, pdwConnectionDataOutSize, ppEapError); + pack(cfg, pConnectionDataOut, pdwConnectionDataOutSize); } -bool eap::peer_ttls_ui::config_blob2xml( +void eap::peer_ttls_ui::config_blob2xml( _In_ DWORD dwFlags, _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, _In_ DWORD dwConnectionDataSize, _In_ IXMLDOMDocument *pDoc, - _In_ IXMLDOMNode *pConfigRoot, - _Out_ EAP_ERROR **ppEapError) + _In_ IXMLDOMNode *pConfigRoot) { UNREFERENCED_PARAMETER(dwFlags); // Unpack configuration. config_provider_list cfg(*this); - if (!unpack(cfg, pConnectionData, dwConnectionDataSize, ppEapError)) - return false; + unpack(cfg, pConnectionData, dwConnectionDataSize); // Save configuration to XML. - return cfg.save(pDoc, pConfigRoot, ppEapError); + cfg.save(pDoc, pConfigRoot); } -bool eap::peer_ttls_ui::invoke_config_ui( - _In_ HWND hwndParent, - _In_count_(dwConnectionDataInSize) const BYTE *pConnectionDataIn, - _In_ DWORD dwConnectionDataInSize, - _Out_ BYTE **ppConnectionDataOut, - _Out_ DWORD *pdwConnectionDataOutSize, - _Out_ EAP_ERROR **ppEapError) +void eap::peer_ttls_ui::invoke_config_ui( + _In_ HWND hwndParent, + _In_count_(dwConnectionDataInSize) const BYTE *pConnectionDataIn, + _In_ DWORD dwConnectionDataInSize, + _Inout_ BYTE **ppConnectionDataOut, + _Inout_ DWORD *pdwConnectionDataOutSize) { // Unpack configuration. config_provider_list cfg(*this); - if (dwConnectionDataInSize && !unpack(cfg, pConnectionDataIn, dwConnectionDataInSize, ppEapError)) - return false; + if (dwConnectionDataInSize) + unpack(cfg, pConnectionDataIn, dwConnectionDataInSize); // Initialize application. new wxApp(); @@ -113,39 +108,33 @@ bool eap::peer_ttls_ui::invoke_config_ui( // Clean-up and return. wxEntryCleanup(); - if (result != wxID_OK) { - *ppEapError = make_error(ERROR_CANCELLED, _T(__FUNCTION__) _T(" Cancelled.")); - return false; - } + if (result != wxID_OK) + throw win_runtime_error(ERROR_CANCELLED, _T(__FUNCTION__) _T(" Cancelled.")); // Pack new configuration. - return pack(cfg, ppConnectionDataOut, pdwConnectionDataOutSize, ppEapError); + pack(cfg, ppConnectionDataOut, pdwConnectionDataOutSize); } -bool eap::peer_ttls_ui::invoke_identity_ui( - _In_ HWND hwndParent, - _In_ DWORD dwFlags, - _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, - _In_ DWORD dwConnectionDataSize, - _In_count_(dwUserDataSize) const BYTE *pUserData, - _In_ DWORD dwUserDataSize, - _Out_ BYTE **ppUserDataOut, - _Out_ DWORD *pdwUserDataOutSize, - _Out_ LPWSTR *ppwszIdentity, - _Out_ EAP_ERROR **ppEapError) +void eap::peer_ttls_ui::invoke_identity_ui( + _In_ HWND hwndParent, + _In_ DWORD dwFlags, + _In_count_(dwConnectionDataSize) const BYTE *pConnectionData, + _In_ DWORD dwConnectionDataSize, + _In_count_(dwUserDataSize) const BYTE *pUserData, + _In_ DWORD dwUserDataSize, + _Inout_ BYTE **ppUserDataOut, + _Inout_ DWORD *pdwUserDataOutSize, + _Inout_ LPWSTR *ppwszIdentity) { config_provider_list cfg(*this); - if (!unpack(cfg, pConnectionData, dwConnectionDataSize, ppEapError)) - return false; - else if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty()) { - *ppEapError = make_error(ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" Configuration has no providers and/or methods.")); - return false; - } + unpack(cfg, pConnectionData, dwConnectionDataSize); + if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty()) + throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods."); credentials_ttls cred(*this); - if (dwUserDataSize && !unpack(cred, pUserData, dwUserDataSize, ppEapError)) - return false; + if (dwUserDataSize) + unpack(cred, pUserData, dwUserDataSize); const config_provider &cfg_prov(cfg.m_providers.front()); config_method_ttls *cfg_method = dynamic_cast(cfg_prov.m_methods.front().get()); @@ -186,10 +175,8 @@ bool eap::peer_ttls_ui::invoke_identity_ui( // Clean-up and return. wxEntryCleanup(); - if (result != wxID_OK) { - *ppEapError = make_error(ERROR_CANCELLED, _T(__FUNCTION__) _T(" Cancelled.")); - return false; - } + if (result != wxID_OK) + throw win_runtime_error(ERROR_CANCELLED, _T(__FUNCTION__) _T(" Cancelled.")); // Build our identity. ;) wstring identity(move(cfg_method->get_public_identity(cred))); @@ -199,26 +186,22 @@ bool eap::peer_ttls_ui::invoke_identity_ui( memcpy(*ppwszIdentity, identity.c_str(), size); // Pack credentials. - return pack(cred, ppUserDataOut, pdwUserDataOutSize, ppEapError); + pack(cred, ppUserDataOut, pdwUserDataOutSize); } -bool eap::peer_ttls_ui::invoke_interactive_ui( - _In_ HWND hwndParent, - _In_count_(dwUIContextDataSize) const BYTE *pUIContextData, - _In_ DWORD dwUIContextDataSize, - _Out_ BYTE **ppDataFromInteractiveUI, - _Out_ DWORD *pdwDataFromInteractiveUISize, - _Out_ EAP_ERROR **ppEapError) +void eap::peer_ttls_ui::invoke_interactive_ui( + _In_ HWND hwndParent, + _In_count_(dwUIContextDataSize) const BYTE *pUIContextData, + _In_ DWORD dwUIContextDataSize, + _Inout_ BYTE **ppDataFromInteractiveUI, + _Inout_ DWORD *pdwDataFromInteractiveUISize) { UNREFERENCED_PARAMETER(pUIContextData); UNREFERENCED_PARAMETER(dwUIContextDataSize); UNREFERENCED_PARAMETER(ppDataFromInteractiveUI); UNREFERENCED_PARAMETER(pdwDataFromInteractiveUISize); - UNREFERENCED_PARAMETER(ppEapError); InitCommonControls(); MessageBox(hwndParent, _T(PRODUCT_NAME_STR) _T(" interactive UI goes here!"), _T(PRODUCT_NAME_STR) _T(" Prompt"), MB_OK); - - return true; }