EAP_ERROR replaced with C++ exceptions for increased code readability

2016-08-08 22:59:17 +02:00
parent 788c8cdb16
commit b71e30f642
33 changed files with 1180 additions and 2001 deletions
--- a/lib/TTLS/src/Config.cpp
+++ b/lib/TTLS/src/Config.cpp
@@ -85,69 +85,51 @@ eap::config* eap::config_method_ttls::clone() const
 }


-bool eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
+void eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
 {
    assert(pDoc);
    assert(pConfigRoot);
-    assert(ppEapError);

-    if (!config_method::save(pDoc, pConfigRoot, ppEapError))
-        return false;
+    config_method::save(pDoc, pConfigRoot);

    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
    DWORD dwResult;

    // <ClientSideCredential>
    com_obj<IXMLDOMElement> pXmlElClientSideCredential;
-    if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), bstr(L"ClientSideCredential"), bstrNamespace, &pXmlElClientSideCredential)) != ERROR_SUCCESS) {
-        *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ClientSideCredential> element."));
-        return false;
-    }
+    if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), bstr(L"ClientSideCredential"), bstrNamespace, &pXmlElClientSideCredential)) != ERROR_SUCCESS)
+        throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ClientSideCredential> element."));

    // <ClientSideCredential>/<AnonymousIdentity>
    if (!m_anonymous_identity.empty())
-        if ((dwResult = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, bstr(L"AnonymousIdentity"), bstrNamespace, bstr(m_anonymous_identity))) != ERROR_SUCCESS) {
-            *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <AnonymousIdentity> element."));
-            return false;
-        }
+        if ((dwResult = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, bstr(L"AnonymousIdentity"), bstrNamespace, bstr(m_anonymous_identity))) != ERROR_SUCCESS)
+            throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <AnonymousIdentity> element."));

-    if (!m_outer.save(pDoc, pConfigRoot, ppEapError))
-        return false;
+    m_outer.save(pDoc, pConfigRoot);

    // <InnerAuthenticationMethod>
    com_obj<IXMLDOMElement> pXmlElInnerAuthenticationMethod;
-    if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), bstr(L"InnerAuthenticationMethod"), bstrNamespace, &pXmlElInnerAuthenticationMethod)) != ERROR_SUCCESS) {
-        *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <InnerAuthenticationMethod> element."));
-        return false;
-    }
+    if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), bstr(L"InnerAuthenticationMethod"), bstrNamespace, &pXmlElInnerAuthenticationMethod)) != ERROR_SUCCESS)
+        throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <InnerAuthenticationMethod> element."));

    if (dynamic_cast<const config_method_pap*>(m_inner.get())) {
        // <InnerAuthenticationMethod>/<NonEAPAuthMethod>
-        if ((dwResult = eapxml::put_element_value(pDoc, pXmlElInnerAuthenticationMethod, bstr(L"NonEAPAuthMethod"), bstrNamespace, bstr(L"PAP"))) != ERROR_SUCCESS) {
-            *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <NonEAPAuthMethod> element."));
-            return false;
-        }
+        if ((dwResult = eapxml::put_element_value(pDoc, pXmlElInnerAuthenticationMethod, bstr(L"NonEAPAuthMethod"), bstrNamespace, bstr(L"PAP"))) != ERROR_SUCCESS)
+            throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <NonEAPAuthMethod> element."));

        // <InnerAuthenticationMethod>/...
-        if (!m_inner->save(pDoc, pXmlElInnerAuthenticationMethod, ppEapError))
-            return false;
-    } else {
-        *ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Unsupported inner authentication method."));
-        return false;
-    }
-
-    return true;
+        m_inner->save(pDoc, pXmlElInnerAuthenticationMethod);
+    } else
+        throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Unsupported inner authentication method."));
 }


-bool eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
+void eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot)
 {
    assert(pConfigRoot);
-    assert(ppEapError);
    DWORD dwResult;

-    if (!config_method::load(pConfigRoot, ppEapError))
-        return false;
+    config_method::load(pConfigRoot);

    std::wstring xpath(eapxml::get_xpath(pConfigRoot));

@@ -163,15 +145,12 @@ bool eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERRO
        m_module.log_config((xpathClientSideCredential + L"/AnonymousIdentity").c_str(), m_anonymous_identity.c_str());
    }

-    if (!m_outer.load(pConfigRoot, ppEapError))
-        return false;
+    m_outer.load(pConfigRoot);

    // <InnerAuthenticationMethod>
    com_obj<IXMLDOMElement> pXmlElInnerAuthenticationMethod;
-    if ((dwResult = eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), &pXmlElInnerAuthenticationMethod)) != ERROR_SUCCESS) {
-        *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error selecting <InnerAuthenticationMethod> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
-        return false;
-    }
+    if ((dwResult = eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), &pXmlElInnerAuthenticationMethod)) != ERROR_SUCCESS)
+        throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error selecting <InnerAuthenticationMethod> element."));

    // Determine inner authentication type (<EAPMethod> and <NonEAPAuthMethod>).
    //DWORD dwMethodID;
@@ -188,14 +167,9 @@ bool eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERRO
        // PAP
        m_module.log_config((xpath + L"/NonEAPAuthMethod").c_str(), L"PAP");
        m_inner.reset(new config_method_pap(m_module));
-        if (!m_inner->load(pXmlElInnerAuthenticationMethod, ppEapError))
-            return false;
-    } else {
-        *ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Unsupported inner authentication method."));
-        return false;
-    }
-
-    return true;
+        m_inner->load(pXmlElInnerAuthenticationMethod);
+    } else
+        throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Unsupported inner authentication method."));
 }


--- a/lib/TTLS/src/Credentials.cpp
+++ b/lib/TTLS/src/Credentials.cpp
@@ -96,17 +96,14 @@ bool eap::credentials_ttls::empty() const
 }


-bool eap::credentials_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
+void eap::credentials_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
 {
    assert(pDoc);
    assert(pConfigRoot);
-    assert(ppEapError);

-    if (!credentials::save(pDoc, pConfigRoot, ppEapError))
-        return false;
+    credentials::save(pDoc, pConfigRoot);

-    if (!m_outer.save(pDoc, pConfigRoot, ppEapError))
-        return false;
+    m_outer.save(pDoc, pConfigRoot);

    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
    DWORD dwResult;
@@ -115,49 +112,34 @@ bool eap::credentials_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p
    if (m_inner) {
        // <InnerAuthenticationMethod>
        winstd::com_obj<IXMLDOMElement> pXmlElInnerAuthenticationMethod;
-        if ((dwResult = eapxml::create_element(pDoc, winstd::bstr(L"InnerAuthenticationMethod"), bstrNamespace, &pXmlElInnerAuthenticationMethod))) {
-            *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <InnerAuthenticationMethod> element."));
-            return false;
-        }
+        if ((dwResult = eapxml::create_element(pDoc, winstd::bstr(L"InnerAuthenticationMethod"), bstrNamespace, &pXmlElInnerAuthenticationMethod)))
+            throw win_runtime_error(dwResult, _T(__FUNCTION__) _T(" Error creating <InnerAuthenticationMethod> element."));

-        if (!m_inner->save(pDoc, pXmlElInnerAuthenticationMethod, ppEapError))
-            return false;
+        m_inner->save(pDoc, pXmlElInnerAuthenticationMethod);

-        if (FAILED(hr = pConfigRoot->appendChild(pXmlElInnerAuthenticationMethod, NULL))) {
-            *ppEapError = m_module.make_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending <InnerAuthenticationMethod> element."));
-            return false;
-        }
+        if (FAILED(hr = pConfigRoot->appendChild(pXmlElInnerAuthenticationMethod, NULL)))
+            throw win_runtime_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending <InnerAuthenticationMethod> element."));
    }
-
-    return true;
 }


-bool eap::credentials_ttls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
+void eap::credentials_ttls::load(_In_ IXMLDOMNode *pConfigRoot)
 {
    assert(pConfigRoot);
-    assert(ppEapError);
    DWORD dwResult;

-    if (!credentials::load(pConfigRoot, ppEapError))
-        return false;
+    credentials::load(pConfigRoot);

-    if (!m_outer.load(pConfigRoot, ppEapError))
-        return false;
+    m_outer.load(pConfigRoot);

    // TODO: For the time being, there is no detection what type is inner method. Introduce one!
    if (m_inner) {
        com_obj<IXMLDOMNode> pXmlElInnerAuthenticationMethod;
-        if ((dwResult = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), &pXmlElInnerAuthenticationMethod)) != ERROR_SUCCESS) {
-            *ppEapError = m_module.make_error(ERROR_NOT_FOUND, _T(__FUNCTION__) _T(" Error selecting <InnerAuthenticationMethod> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
-            return false;
-        }
+        if ((dwResult = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), &pXmlElInnerAuthenticationMethod)) != ERROR_SUCCESS)
+            throw invalid_argument(__FUNCTION__ " Error selecting <InnerAuthenticationMethod> element.");

-        if (!m_inner->load(pXmlElInnerAuthenticationMethod, ppEapError))
-            return false;
+        m_inner->load(pXmlElInnerAuthenticationMethod);
    }
-
-    return true;
 }


@@ -219,31 +201,21 @@ void eap::credentials_ttls::operator>>(_Inout_ cursor_in &cursor)
 }


-bool eap::credentials_ttls::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const
+void eap::credentials_ttls::store(_In_ LPCTSTR pszTargetName) const
 {
-    if (!m_outer.store(pszTargetName, ppEapError))
-        return false;
+    m_outer.store(pszTargetName);

-    if (m_inner) {
-        if (!m_inner->store(pszTargetName, ppEapError))
-            return false;
-    }
-
-    return true;
+    if (m_inner)
+        m_inner->store(pszTargetName);
 }


-bool eap::credentials_ttls::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError)
+void eap::credentials_ttls::retrieve(_In_ LPCTSTR pszTargetName)
 {
-    if (!m_outer.retrieve(pszTargetName, ppEapError))
-        return false;
+    m_outer.retrieve(pszTargetName);

-    if (m_inner) {
-        if (!m_inner->retrieve(pszTargetName, ppEapError))
-            return false;
-    }
-
-    return true;
+    if (m_inner)
+        m_inner->retrieve(pszTargetName);
 }


--- a/lib/TTLS/src/Method.cpp
+++ b/lib/TTLS/src/Method.cpp
@@ -71,34 +71,26 @@ eap::method_ttls& eap::method_ttls::operator=(_Inout_ method_ttls &&other)
 }


-bool eap::method_ttls::begin_session(
+void eap::method_ttls::begin_session(
    _In_        DWORD         dwFlags,
    _In_  const EapAttributes *pAttributeArray,
    _In_        HANDLE        hTokenImpersonateUser,
-    _In_        DWORD         dwMaxSendPacketSize,
-    _Out_       EAP_ERROR     **ppEapError)
+    _In_        DWORD         dwMaxSendPacketSize)
 {
-    if (!m_outer.begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize, ppEapError))
-        return false;
-
-    return true;
+    m_outer.begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
 }


-bool eap::method_ttls::process_request_packet(
+void eap::method_ttls::process_request_packet(
    _In_bytecount_(dwReceivedPacketSize) const EapPacket           *pReceivedPacket,
    _In_                                       DWORD               dwReceivedPacketSize,
-    _Out_                                      EapPeerMethodOutput *pEapOutput,
-    _Out_                                      EAP_ERROR           **ppEapError)
+    _Inout_                                    EapPeerMethodOutput *pEapOutput)
 {
    // Is this a valid EAP-TTLS packet?
-    if (dwReceivedPacketSize < 6) {
-        *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Packet is too small. EAP-%s packets should be at least 6B."));
-        return false;
-    } else if (pReceivedPacket->Data[0] != eap_type_ttls) {
-        *ppEapError = m_module.make_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Packet is not EAP-TTLS (expected: %u, received: %u)."), eap_type_ttls, pReceivedPacket->Data[0]).c_str());
-        return false;
-    }
+    if (dwReceivedPacketSize < 6)
+        throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, _T(__FUNCTION__) _T(" Packet is too small. EAP-%s packets should be at least 6B."));
+    else if (pReceivedPacket->Data[0] != eap_type_ttls)
+        throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Packet is not EAP-TTLS (expected: %u, received: %u)."), eap_type_ttls, pReceivedPacket->Data[0]).c_str());

    if (pReceivedPacket->Code == EapCodeRequest && (pReceivedPacket->Data[1] & flags_start)) {
        // This is a start EAP-TTLS packet.
@@ -109,31 +101,26 @@ bool eap::method_ttls::process_request_packet(
        m_module.log_event(&EAPMETHOD_HANDSHAKE_START1, event_data((unsigned int)eap_type_ttls), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank);
    }

-    return m_outer.process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput, ppEapError);
+    m_outer.process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
 }


-bool eap::method_ttls::get_response_packet(
+void eap::method_ttls::get_response_packet(
    _Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket,
-    _Inout_                            DWORD     *pdwSendPacketSize,
-    _Out_                              EAP_ERROR **ppEapError)
+    _Inout_                            DWORD     *pdwSendPacketSize)
 {
-    if (!m_outer.get_response_packet(pSendPacket, pdwSendPacketSize, ppEapError))
-        return false;
+    m_outer.get_response_packet(pSendPacket, pdwSendPacketSize);

    // Change packet type to EAP-TTLS, and add EAP-TTLS version.
    pSendPacket->Data[0]  = (BYTE)eap_type_ttls;
    pSendPacket->Data[1] &= ~flags_ver_mask;
    pSendPacket->Data[1] |= m_version;
-
-    return true;
 }


-bool eap::method_ttls::get_result(
-    _In_  EapPeerMethodResultReason reason,
-    _Out_ EapPeerMethodResult       *ppResult,
-    _Out_ EAP_ERROR                 **ppEapError)
+void eap::method_ttls::get_result(
+    _In_    EapPeerMethodResultReason reason,
+    _Inout_ EapPeerMethodResult       *ppResult)
 {
-    return m_outer.get_result(reason, ppResult, ppEapError);
+    m_outer.get_result(reason, ppResult);
 }
--- a/lib/TTLS/src/Module.cpp
+++ b/lib/TTLS/src/Module.cpp
@@ -39,10 +39,8 @@ eap::config_method* eap::peer_ttls::make_config_method()
 }


-bool eap::peer_ttls::initialize(_Out_ EAP_ERROR **ppEapError)
+void eap::peer_ttls::initialize()
 {
-    UNREFERENCED_PARAMETER(ppEapError);
-
    // MSI's feature completeness check removed: It might invoke UI (prompt user for missing MSI),
    // which would be disasterous in EapHost system service.
 #if 0
@@ -52,43 +50,34 @@ bool eap::peer_ttls::initialize(_Out_ EAP_ERROR **ppEapError)
    if (MsiQueryFeatureState(_T(PRODUCT_VERSION_GUID), _T("featEAPTTLS")) != INSTALLSTATE_UNKNOWN)
        MsiUseFeature(_T(PRODUCT_VERSION_GUID), _T("featEAPTTLS"));
 #endif
-
-    return true;
 }


-bool eap::peer_ttls::shutdown(_Out_ EAP_ERROR **ppEapError)
+void eap::peer_ttls::shutdown()
 {
-    UNREFERENCED_PARAMETER(ppEapError);
-    return true;
 }


-bool eap::peer_ttls::get_identity(
-    _In_                                   DWORD     dwFlags,
-    _In_count_(dwConnectionDataSize) const BYTE      *pConnectionData,
-    _In_                                   DWORD     dwConnectionDataSize,
-    _In_count_(dwUserDataSize)       const BYTE      *pUserData,
-    _In_                                   DWORD     dwUserDataSize,
-    _Out_                                  BYTE      **ppUserDataOut,
-    _Out_                                  DWORD     *pdwUserDataOutSize,
-    _In_                                   HANDLE    hTokenImpersonateUser,
-    _Out_                                  BOOL      *pfInvokeUI,
-    _Out_                                  WCHAR     **ppwszIdentity,
-    _Out_                                  EAP_ERROR **ppEapError)
+void eap::peer_ttls::get_identity(
+    _In_                                   DWORD  dwFlags,
+    _In_count_(dwConnectionDataSize) const BYTE   *pConnectionData,
+    _In_                                   DWORD  dwConnectionDataSize,
+    _In_count_(dwUserDataSize)       const BYTE   *pUserData,
+    _In_                                   DWORD  dwUserDataSize,
+    _Inout_                                BYTE   **ppUserDataOut,
+    _Inout_                                DWORD  *pdwUserDataOutSize,
+    _In_                                   HANDLE hTokenImpersonateUser,
+    _Inout_                                BOOL   *pfInvokeUI,
+    _Inout_                                WCHAR  **ppwszIdentity)
 {
    assert(pfInvokeUI);
    assert(ppwszIdentity);
-    assert(ppEapError);

    // Unpack configuration.
    config_provider_list cfg(*this);
-    if (!unpack(cfg, pConnectionData, dwConnectionDataSize, ppEapError))
-        return false;
-    else if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty()) {
-        *ppEapError = make_error(ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" Configuration has no providers and/or methods."));
-        return false;
-    }
+    unpack(cfg, pConnectionData, dwConnectionDataSize);
+    if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty())
+        throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods.");

    // Get method configuration.
    const config_provider &cfg_prov(cfg.m_providers.front());
@@ -98,8 +87,8 @@ bool eap::peer_ttls::get_identity(

    // Unpack cached credentials.
    credentials_ttls cred_in(*this);
-    if (dwUserDataSize && !unpack(cred_in, pUserData, dwUserDataSize, ppEapError))
-        return false;
+    if (dwUserDataSize)
+        unpack(cred_in, pUserData, dwUserDataSize);

    credentials_ttls cred_out(*this);

@@ -160,15 +149,16 @@ bool eap::peer_ttls::get_identity(
        bool user_ctx_changed = hTokenImpersonateUser && ImpersonateLoggedOnUser(hTokenImpersonateUser);

        if (!is_outer_set) {
-            credentials_tls cred_loaded(*this);
-            if (cred_loaded.retrieve(cfg_prov.m_id.c_str(), ppEapError)) {
+            try {
+                credentials_tls cred_loaded(*this);
+                cred_loaded.retrieve(cfg_prov.m_id.c_str());
+
                // Outer TLS: Using stored credentials.
                cred_out.m_outer = std::move(cred_loaded);
                log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_tls), event_data(cred_out.m_outer.get_name()), event_data::blank);
                is_outer_set = true;
-            } else {
+            } catch (...) {
                // Not actually an error.
-                free_error_memory(*ppEapError);
            }
        }

@@ -176,14 +166,15 @@ bool eap::peer_ttls::get_identity(
            unique_ptr<credentials> cred_loaded;
            if (cfg_inner_pap) cred_loaded.reset(new credentials_pap(*this));
            else               assert(0); // Unsupported inner authentication method type.
-            if (cred_loaded->retrieve(cfg_prov.m_id.c_str(), ppEapError)) {
+            try {
+                cred_loaded->retrieve(cfg_prov.m_id.c_str());
+
                // Inner PAP: Using stored credentials.
                cred_out.m_inner = std::move(cred_loaded);
                log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)type_inner), event_data(cred_out.m_inner->get_name()), event_data::blank);
                is_inner_set = true;
-            } else {
+            } catch(...) {
                // Not actually an error.
-                free_error_memory(*ppEapError);
            }
        }

@@ -197,20 +188,18 @@ bool eap::peer_ttls::get_identity(
        if (!is_outer_set) {
            log_event(&EAPMETHOD_TRACE_EVT_CRED_INVOKE_UI1, event_data((unsigned int)eap_type_tls), event_data::blank);
            *pfInvokeUI = TRUE;
-            return true;
+            return;
        }

        if (!is_inner_set) {
            log_event(&EAPMETHOD_TRACE_EVT_CRED_INVOKE_UI1, event_data((unsigned int)type_inner), event_data::blank);
            *pfInvokeUI = TRUE;
-            return true;
+            return;
        }
    } else {
        // Per-machine authentication
-        if (!is_outer_set || !is_inner_set) {
-            *ppEapError = make_error(ERROR_NO_SUCH_USER, _T(__FUNCTION__) _T(" Credentials for per-machine authentication not available."));
-            return false;
-        }
+        if (!is_outer_set || !is_inner_set)
+            throw win_runtime_error(ERROR_NO_SUCH_USER, _T(__FUNCTION__) _T(" Credentials for per-machine authentication not available."));
    }

    // If we got here, we have all credentials we need.
@@ -223,11 +212,11 @@ bool eap::peer_ttls::get_identity(
    memcpy(*ppwszIdentity, identity.c_str(), size);

    // Pack credentials.
-    return pack(cred_out, ppUserDataOut, pdwUserDataOutSize, ppEapError);
+    pack(cred_out, ppUserDataOut, pdwUserDataOutSize);
 }


-bool eap::peer_ttls::get_method_properties(
+void eap::peer_ttls::get_method_properties(
    _In_                                   DWORD                     dwVersion,
    _In_                                   DWORD                     dwFlags,
    _In_                                   HANDLE                    hUserImpersonationToken,
@@ -235,8 +224,7 @@ bool eap::peer_ttls::get_method_properties(
    _In_                                   DWORD                     dwConnectionDataSize,
    _In_count_(dwUserDataSize)       const BYTE                      *pUserData,
    _In_                                   DWORD                     dwUserDataSize,
-    _Out_                                  EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray,
-    _Out_                                  EAP_ERROR                 **ppEapError)
+    _Inout_                                EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray)
 {
    UNREFERENCED_PARAMETER(dwVersion);
    UNREFERENCED_PARAMETER(dwFlags);
@@ -246,7 +234,6 @@ bool eap::peer_ttls::get_method_properties(
    UNREFERENCED_PARAMETER(pUserData);
    UNREFERENCED_PARAMETER(dwUserDataSize);
    assert(pMethodPropertyArray);
-    assert(ppEapError);

    vector<EAP_METHOD_PROPERTY> properties;
    properties.reserve(20);
@@ -275,27 +262,22 @@ bool eap::peer_ttls::get_method_properties(
    // Allocate property array.
    DWORD dwCount = (DWORD)properties.size();
    pMethodPropertyArray->pMethodProperty = (EAP_METHOD_PROPERTY*)alloc_memory(sizeof(EAP_METHOD_PROPERTY) * dwCount);
-    if (!pMethodPropertyArray->pMethodProperty) {
-        *ppEapError = make_error(ERROR_OUTOFMEMORY, _T(__FUNCTION__) _T(" Error allocating memory for propery array."));
-        return false;
-    }
+    if (!pMethodPropertyArray->pMethodProperty)
+        throw win_runtime_error(ERROR_OUTOFMEMORY, _T(__FUNCTION__) _T(" Error allocating memory for propery array."));

    // Copy properties.
    memcpy(pMethodPropertyArray->pMethodProperty, properties.data(), sizeof(EAP_METHOD_PROPERTY) * dwCount);
    pMethodPropertyArray->dwNumberOfProperties = dwCount;
-
-    return true;
 }


-bool eap::peer_ttls::credentials_xml2blob(
+void eap::peer_ttls::credentials_xml2blob(
    _In_                                   DWORD       dwFlags,
    _In_                                   IXMLDOMNode *pConfigRoot,
    _In_count_(dwConnectionDataSize) const BYTE        *pConnectionData,
    _In_                                   DWORD       dwConnectionDataSize,
-    _Out_                                  BYTE        **ppCredentialsOut,
-    _Out_                                  DWORD       *pdwCredentialsOutSize,
-    _Out_                                  EAP_ERROR   **ppEapError)
+    _Inout_                                BYTE        **ppCredentialsOut,
+    _Inout_                                DWORD       *pdwCredentialsOutSize)
 {
    UNREFERENCED_PARAMETER(dwFlags);
    UNREFERENCED_PARAMETER(pConnectionData);
@@ -303,15 +285,14 @@ bool eap::peer_ttls::credentials_xml2blob(

    // Load credentials from XML.
    credentials_ttls cred(*this);
-    if (!cred.load(pConfigRoot, ppEapError))
-        return false;
+    cred.load(pConfigRoot);

    // Pack credentials.
-    return pack(cred, ppCredentialsOut, pdwCredentialsOutSize, ppEapError);
+    pack(cred, ppCredentialsOut, pdwCredentialsOutSize);
 }


-bool eap::peer_ttls::begin_session(
+EAP_SESSION_HANDLE eap::peer_ttls::begin_session(
    _In_                                   DWORD              dwFlags,
    _In_                           const   EapAttributes      *pAttributeArray,
    _In_                                   HANDLE             hTokenImpersonateUser,
@@ -319,152 +300,118 @@ bool eap::peer_ttls::begin_session(
    _In_                                   DWORD              dwConnectionDataSize,
    _In_count_(dwUserDataSize)       const BYTE               *pUserData,
    _In_                                   DWORD              dwUserDataSize,
-    _In_                                   DWORD              dwMaxSendPacketSize,
-    _Out_                                  EAP_SESSION_HANDLE *phSession,
-    _Out_                                  EAP_ERROR          **ppEapError)
+    _In_                                   DWORD              dwMaxSendPacketSize)
 {
-    *phSession = NULL;
-
-    // Allocate new session.
+    // Create new session.
    unique_ptr<session> s(new session(*this));
-    if (!s) {
-        *ppEapError = make_error(ERROR_OUTOFMEMORY, _T(__FUNCTION__) _T(" Error allocating memory for EAP-TTLS session."));
-        return false;
-    }

    // Unpack configuration.
    config_provider_list cfg(*this);
-    if (!unpack(cfg, pConnectionData, dwConnectionDataSize, ppEapError))
-        return false;
-    else if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty()) {
-        *ppEapError = make_error(ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" Configuration has no providers and/or methods."));
-        return false;
-    }
+    unpack(cfg, pConnectionData, dwConnectionDataSize);
+    if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty())
+        throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods.");

    // Copy method configuration.
    const config_provider &cfg_prov(cfg.m_providers.front());
    s->m_cfg = *dynamic_cast<const config_method_ttls*>(cfg_prov.m_methods.front().get());

    // Unpack credentials.
-    if (!unpack(s->m_cred, pUserData, dwUserDataSize, ppEapError))
-        return false;
+    unpack(s->m_cred, pUserData, dwUserDataSize);

    // Initialize method.
-    if (!s->m_method.begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize, ppEapError))
-        return false;
+    s->m_method.begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);

-    *phSession = s.release();
-    return true;
+    return s.release();
 }


-bool eap::peer_ttls::end_session(_In_ EAP_SESSION_HANDLE hSession, _Out_ EAP_ERROR **ppEapError)
+void eap::peer_ttls::end_session(_In_ EAP_SESSION_HANDLE hSession)
 {
    assert(hSession);
-    UNREFERENCED_PARAMETER(ppEapError); // What could possibly go wrong when destroying!? ;)

    // End the session.
    session *s = static_cast<session*>(hSession);
    //s->end(ppEapError);
    delete s;
-
-    return true;
 }


-bool eap::peer_ttls::process_request_packet(
+void eap::peer_ttls::process_request_packet(
    _In_                                       EAP_SESSION_HANDLE  hSession,
    _In_bytecount_(dwReceivedPacketSize) const EapPacket           *pReceivedPacket,
    _In_                                       DWORD               dwReceivedPacketSize,
-    _Out_                                      EapPeerMethodOutput *pEapOutput,
-    _Out_                                      EAP_ERROR           **ppEapError)
+    _Inout_                                    EapPeerMethodOutput *pEapOutput)
 {
    assert(dwReceivedPacketSize == ntohs(*(WORD*)pReceivedPacket->Length));
-    return static_cast<session*>(hSession)->m_method.process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput, ppEapError);
+    static_cast<session*>(hSession)->m_method.process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
 }


-bool eap::peer_ttls::get_response_packet(
+void eap::peer_ttls::get_response_packet(
    _In_                               EAP_SESSION_HANDLE hSession,
    _Inout_bytecap_(*dwSendPacketSize) EapPacket          *pSendPacket,
-    _Inout_                            DWORD              *pdwSendPacketSize,
-    _Out_                              EAP_ERROR          **ppEapError)
+    _Inout_                            DWORD              *pdwSendPacketSize)
 {
-    return static_cast<session*>(hSession)->m_method.get_response_packet(pSendPacket, pdwSendPacketSize, ppEapError);
+    static_cast<session*>(hSession)->m_method.get_response_packet(pSendPacket, pdwSendPacketSize);
 }


-bool eap::peer_ttls::get_result(
-    _In_  EAP_SESSION_HANDLE        hSession,
-    _In_  EapPeerMethodResultReason reason,
-    _Out_ EapPeerMethodResult       *ppResult,
-    _Out_ EAP_ERROR                 **ppEapError)
+void eap::peer_ttls::get_result(
+    _In_    EAP_SESSION_HANDLE        hSession,
+    _In_    EapPeerMethodResultReason reason,
+    _Inout_ EapPeerMethodResult       *ppResult)
 {
-    return static_cast<session*>(hSession)->m_method.get_result(reason, ppResult, ppEapError);
+    static_cast<session*>(hSession)->m_method.get_result(reason, ppResult);
 }


-bool eap::peer_ttls::get_ui_context(
-    _In_  EAP_SESSION_HANDLE hSession,
-    _Out_ BYTE               **ppUIContextData,
-    _Out_ DWORD              *pdwUIContextDataSize,
-    _Out_ EAP_ERROR          **ppEapError)
+void eap::peer_ttls::get_ui_context(
+    _In_    EAP_SESSION_HANDLE hSession,
+    _Inout_ BYTE               **ppUIContextData,
+    _Inout_ DWORD              *pdwUIContextDataSize)
 {
    UNREFERENCED_PARAMETER(hSession);
    UNREFERENCED_PARAMETER(ppUIContextData);
    UNREFERENCED_PARAMETER(pdwUIContextDataSize);
-    assert(ppEapError);

-    *ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
-    return false;
+    throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
 }


-bool eap::peer_ttls::set_ui_context(
+void eap::peer_ttls::set_ui_context(
    _In_                                  EAP_SESSION_HANDLE  hSession,
    _In_count_(dwUIContextDataSize) const BYTE                *pUIContextData,
    _In_                                  DWORD               dwUIContextDataSize,
-    _In_                            const EapPeerMethodOutput *pEapOutput,
-    _Out_                                 EAP_ERROR           **ppEapError)
+    _In_                            const EapPeerMethodOutput *pEapOutput)
 {
    UNREFERENCED_PARAMETER(hSession);
    UNREFERENCED_PARAMETER(pUIContextData);
    UNREFERENCED_PARAMETER(dwUIContextDataSize);
    UNREFERENCED_PARAMETER(pEapOutput);
-    assert(ppEapError);

-    *ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
-    return false;
+    throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
 }


-bool eap::peer_ttls::get_response_attributes(
-    _In_  EAP_SESSION_HANDLE hSession,
-    _Out_ EapAttributes      *pAttribs,
-    _Out_ EAP_ERROR          **ppEapError)
+void eap::peer_ttls::get_response_attributes(
+    _In_    EAP_SESSION_HANDLE hSession,
+    _Inout_ EapAttributes      *pAttribs)
 {
    UNREFERENCED_PARAMETER(hSession);
    UNREFERENCED_PARAMETER(pAttribs);
-    UNREFERENCED_PARAMETER(ppEapError);
-    assert(ppEapError);

-    *ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
-    return false;
+    throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
 }


-bool eap::peer_ttls::set_response_attributes(
-    _In_       EAP_SESSION_HANDLE  hSession,
-    _In_ const EapAttributes       *pAttribs,
-    _Out_      EapPeerMethodOutput *pEapOutput,
-    _Out_      EAP_ERROR           **ppEapError)
+void eap::peer_ttls::set_response_attributes(
+            _In_       EAP_SESSION_HANDLE  hSession,
+            _In_ const EapAttributes       *pAttribs,
+            _Inout_    EapPeerMethodOutput *pEapOutput)
 {
    UNREFERENCED_PARAMETER(hSession);
    UNREFERENCED_PARAMETER(pAttribs);
    UNREFERENCED_PARAMETER(pEapOutput);
-    UNREFERENCED_PARAMETER(ppEapError);
-    assert(ppEapError);

-    *ppEapError = make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
-    return false;
+    throw win_runtime_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
 }