From: Luke Howard Date: Mon, 11 Oct 2010 19:12:52 +0000 (+0200) Subject: Better error reporting through com_err X-Git-Tag: vm/20110310~135 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.git;a=commitdiff_plain;h=15c93f06ee6ddefa7e7b095351f6e66698c7cc9e Better error reporting through com_err --- diff --git a/.gitignore b/.gitignore index 6cc5e45..06a3924 100644 --- a/.gitignore +++ b/.gitignore @@ -15,6 +15,7 @@ /missing /gsseap_err.[ch] +/radsec_err.[ch] .DS_Store diff --git a/Makefile.am b/Makefile.am index 7ce3113..f44d87b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ mech_eap_la_SOURCES = \ map_name_to_any.c \ process_context_token.c \ pseudo_random.c \ + radsec_err.c \ release_any_name_mapping.c \ release_cred.c \ release_name.c \ @@ -104,8 +105,15 @@ radius_ad_la_LIBADD = @KRB5_LIBS@ radius_ad_la_SOURCES = util_adshim.c endif -gsseap_err.c: gsseap_err.et +gsseap_err.h: gsseap_err.et $(prefix)/bin/compile_et $< +gsseap_err.c: gsseap_err.h + +radsec_err.h: radsec_err.et + $(prefix)/bin/compile_et $< + +radsec_err.c: radsec_err.h + clean-generic: - rm -f gsseap_err.[ch] + rm -f gsseap_err.[ch] radsec_err.[ch] diff --git a/accept_sec_context.c b/accept_sec_context.c index bac6523..c68548f 100644 --- a/accept_sec_context.c +++ b/accept_sec_context.c @@ -76,8 +76,10 @@ acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred) major = gssEapRadiusGetRawAvp(minor, ctx->acceptorCtx.vps, PW_MS_MPPE_SEND_KEY, VENDORPEC_MS, &vp); - if (GSS_ERROR(major)) - return major; + if (GSS_ERROR(major)) { + *minor = GSSEAP_KEY_UNAVAILABLE; + return GSS_S_UNAVAILABLE; + } major = gssEapDeriveRfc3961Key(minor, vp->vp_octets, @@ -249,8 +251,10 @@ createRadiusHandle(OM_uint32 *minor, assert(actx->radHandle == NULL); assert(actx->radConn == NULL); - if (rs_context_create(&actx->radHandle, RS_DICT_FILE) != 0) + if (rs_context_create(&actx->radHandle, RS_DICT_FILE) != 0) { + *minor = GSSEAP_RADSEC_INIT_FAILURE; return GSS_S_FAILURE; + } if (cred != GSS_C_NO_CREDENTIAL) { if (cred->radiusConfigFile != NULL) @@ -454,7 +458,7 @@ eapGssSmAcceptEstablished(OM_uint32 *minor, gss_buffer_t outputToken) { /* Called with already established context */ - *minor = EINVAL; + *minor = GSSEAP_CONTEXT_ESTABLISHED; return GSS_S_BAD_STATUS; } @@ -525,6 +529,7 @@ gss_accept_sec_context(OM_uint32 *minor, GSSEAP_MUTEX_LOCK(&cred->mutex); if ((cred->flags & CRED_FLAG_ACCEPT) == 0) { + *minor = GSSEAP_CRED_USAGE_MISMATCH; major = GSS_S_NO_CRED; goto cleanup; } @@ -538,6 +543,7 @@ gss_accept_sec_context(OM_uint32 *minor, goto cleanup; if (!gssEapCredAvailable(cred, ctx->mechanismUsed)) { + *minor = GSSEAP_WRONG_MECH; major = GSS_S_BAD_MECH; goto cleanup; } @@ -554,6 +560,7 @@ gss_accept_sec_context(OM_uint32 *minor, } else #endif if (tokType != sm->inputTokenType) { + *minor = GSSEAP_WRONG_TOK_ID; major = GSS_S_DEFECTIVE_TOKEN; goto cleanup; } diff --git a/autogen.sh b/autogen.sh index 42cb684..0928bcf 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,4 +1,7 @@ #! /bin/sh + +PATH=/usr/local/bin:$PATH + if [ -x "`which autoreconf 2>/dev/null`" ] ; then exec autoreconf -ivf fi diff --git a/config.guess b/config.guess index 396482d..dc84c68 100755 --- a/config.guess +++ b/config.guess @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, -# Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 +# Free Software Foundation, Inc. -timestamp='2006-07-02' +timestamp='2009-11-20' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -27,16 +27,16 @@ timestamp='2006-07-02' # the same distribution terms that you use for the rest of that program. -# Originally written by Per Bothner . -# Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# Originally written by Per Bothner. Please send patches (context +# diff format) to and include a ChangeLog +# entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # -# The plan is that this can be called by configure scripts if you -# don't specify an explicit build system type. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD me=`echo "$0" | sed -e 's,.*/,,'` @@ -56,8 +56,8 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -161,6 +161,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched @@ -169,7 +170,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep __ELF__ >/dev/null + | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? @@ -323,14 +324,33 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; + s390x:SunOS:*:*) + echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; - i86pc:SunOS:5.*:*) - echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux${UNAME_RELEASE} + exit ;; + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) + eval $set_cc_for_build + SUN_ARCH="i386" + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH="x86_64" + fi + fi + echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize @@ -531,7 +551,7 @@ EOF echo rs6000-ibm-aix3.2 fi exit ;; - *:AIX:*:[45]) + *:AIX:*:[456]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 @@ -639,7 +659,7 @@ EOF # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | - grep __LP64__ >/dev/null + grep -q __LP64__ then HP_ARCH="hppa2.0w" else @@ -780,7 +800,7 @@ EOF i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; - i*:MINGW*:*) + *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:windows32*:*) @@ -790,15 +810,24 @@ EOF i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - x86:Interix*:[3456]*) - echo i586-pc-interix${UNAME_RELEASE} - exit ;; - EM64T:Interix*:[3456]*) - echo x86_64-unknown-interix${UNAME_RELEASE} - exit ;; + *:Interix*:*) + case ${UNAME_MACHINE} in + x86) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; + authenticamd | genuineintel | EM64T) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; + IA64) + echo ia64-unknown-interix${UNAME_RELEASE} + exit ;; + esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; + 8664:Windows_NT:*) + echo x86_64-pc-mks + exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we @@ -828,8 +857,29 @@ EOF i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit ;; arm*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + eval $set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo ${UNAME_MACHINE}-unknown-linux-gnu + else + echo ${UNAME_MACHINE}-unknown-linux-gnueabi + fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu @@ -843,6 +893,17 @@ EOF frv:Linux:*:*) echo frv-unknown-linux-gnu exit ;; + i*86:Linux:*:*) + LIBC=gnu + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #ifdef __dietlibc__ + LIBC=dietlibc + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; @@ -852,74 +913,33 @@ EOF m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; - mips:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #undef CPU - #undef mips - #undef mipsel - #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mipsel - #else - #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips - #else - CPU= - #endif - #endif -EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^CPU/{ - s: ::g - p - }'`" - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } - ;; - mips64:Linux:*:*) + mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU - #undef mips64 - #undef mips64el + #undef ${UNAME_MACHINE} + #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mips64el + CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips64 + CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^CPU/{ - s: ::g - p - }'`" + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; or32:Linux:*:*) echo or32-unknown-linux-gnu exit ;; - ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu + padre:Linux:*:*) + echo sparc-unknown-linux-gnu exit ;; - ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu - exit ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; - EV56) UNAME_MACHINE=alphaev56 ;; - PCA56) UNAME_MACHINE=alphapca56 ;; - PCA57) UNAME_MACHINE=alphapca56 ;; - EV6) UNAME_MACHINE=alphaev6 ;; - EV67) UNAME_MACHINE=alphaev67 ;; - EV68*) UNAME_MACHINE=alphaev68 ;; - esac - objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level @@ -929,8 +949,11 @@ EOF *) echo hppa-unknown-linux-gnu ;; esac exit ;; - parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux @@ -950,69 +973,9 @@ EOF x86_64:Linux:*:*) echo x86_64-unknown-linux-gnu exit ;; - i*86:Linux:*:*) - # The BFD linker knows what the default object file format is, so - # first see if it will tell us. cd to the root directory to prevent - # problems with other programs or directories called `ld' in the path. - # Set LC_ALL=C to ensure ld outputs messages in English. - ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ - | sed -ne '/supported targets:/!d - s/[ ][ ]*/ /g - s/.*supported targets: *// - s/ .*// - p'` - case "$ld_supported_targets" in - elf32-i386) - TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" - ;; - a.out-i386-linux) - echo "${UNAME_MACHINE}-pc-linux-gnuaout" - exit ;; - coff-i386) - echo "${UNAME_MACHINE}-pc-linux-gnucoff" - exit ;; - "") - # Either a pre-BFD a.out linker (linux-gnuoldld) or - # one that does not give us useful --help. - echo "${UNAME_MACHINE}-pc-linux-gnuoldld" - exit ;; - esac - # Determine whether the default compiler is a.out or elf - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - #ifdef __ELF__ - # ifdef __GLIBC__ - # if __GLIBC__ >= 2 - LIBC=gnu - # else - LIBC=gnulibc1 - # endif - # else - LIBC=gnulibc1 - # endif - #else - #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) - LIBC=gnu - #else - LIBC=gnuaout - #endif - #endif - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^LIBC/{ - s: ::g - p - }'`" - test x"${LIBC}" != x && { - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" - exit - } - test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } - ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both @@ -1041,7 +1004,7 @@ EOF i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; - i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) @@ -1085,8 +1048,11 @@ EOF pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i386. - echo i386-pc-msdosdjgpp + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configury will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 @@ -1124,6 +1090,16 @@ EOF 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; @@ -1136,7 +1112,7 @@ EOF rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; - PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) @@ -1199,6 +1175,9 @@ EOF BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1208,6 +1187,15 @@ EOF SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux${UNAME_RELEASE} + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux${UNAME_RELEASE} + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux${UNAME_RELEASE} + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; @@ -1217,6 +1205,16 @@ EOF *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in + i386) + eval $set_cc_for_build + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + UNAME_PROCESSOR="x86_64" + fi + fi ;; unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} @@ -1298,6 +1296,9 @@ EOF i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 @@ -1458,9 +1459,9 @@ This script, last modified $timestamp, has failed to recognize the operating system you are using. It is advised that you download the most up to date version of the config scripts from - http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD and - http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD If the version you run ($0) is already up to date, please send the following data and any information you think might be diff --git a/config.sub b/config.sub index fab0aa3..2a55a50 100755 --- a/config.sub +++ b/config.sub @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, -# Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 +# Free Software Foundation, Inc. -timestamp='2006-09-20' +timestamp='2009-11-20' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -32,13 +32,16 @@ timestamp='2006-09-20' # Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# diff and a properly formatted GNU ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. @@ -72,8 +75,8 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -122,6 +125,7 @@ maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` @@ -148,10 +152,13 @@ case $os in -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray) + -apple | -axis | -knuth | -cray | -microblaze) os= basic_machine=$1 ;; + -bluegene*) + os=-cnk + ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 @@ -245,17 +252,20 @@ case $basic_machine in | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ - | fr30 | frv \ + | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore \ + | maxq | mb | microblaze | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ - | mips64vr | mips64vrel \ + | mips64octeon | mips64octeonel \ | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ + | mips64vr | mips64vrel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ @@ -268,6 +278,7 @@ case $basic_machine in | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ + | moxie \ | mt \ | msp430 \ | nios | nios2 \ @@ -276,20 +287,22 @@ case $basic_machine in | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ + | rx \ | score \ - | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu | strongarm \ | tahoe | thumb | tic4x | tic80 | tron \ + | ubicom32 \ | v850 | v850e \ | we32k \ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ - | z8k) + | z8k | z80) basic_machine=$basic_machine-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12) + m6811 | m68hc11 | m6812 | m68hc12 | picochip) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none @@ -324,19 +337,22 @@ case $basic_machine in | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ - | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ - | mips64vr-* | mips64vrel-* \ + | mips64octeon-* | mips64octeonel-* \ | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ + | mips64vr-* | mips64vrel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ @@ -357,21 +373,26 @@ case $basic_machine in | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ - | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \ | tron-* \ + | ubicom32-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ - | xstormy16-* | xtensa-* \ + | xstormy16-* | xtensa*-* \ | ymp-* \ - | z8k-*) + | z8k-* | z80-*) + ;; + # Recognize the basic CPU types without company name, with glob match. + xtensa*) + basic_machine=$basic_machine-unknown ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. @@ -435,6 +456,10 @@ case $basic_machine in basic_machine=m68k-apollo os=-bsd ;; + aros) + basic_machine=i386-pc + os=-aros + ;; aux) basic_machine=m68k-apple os=-aux @@ -443,10 +468,26 @@ case $basic_machine in basic_machine=ns32k-sequent os=-dynix ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + bluegene*) + basic_machine=powerpc-ibm + os=-cnk + ;; c90) basic_machine=c90-cray os=-unicos ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; convex-c1) basic_machine=c1-convex os=-bsd @@ -475,8 +516,8 @@ case $basic_machine in basic_machine=craynv-cray os=-unicosmp ;; - cr16c) - basic_machine=cr16c-unknown + cr16) + basic_machine=cr16-unknown os=-elf ;; crds | unos) @@ -514,6 +555,10 @@ case $basic_machine in basic_machine=m88k-motorola os=-sysv3 ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp @@ -668,6 +713,14 @@ case $basic_machine in basic_machine=m68k-isi os=-sysv ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; m88k-omron*) basic_machine=m88k-omron ;; @@ -679,10 +732,17 @@ case $basic_machine in basic_machine=ns32k-utek os=-sysv ;; + microblaze) + basic_machine=microblaze-xilinx + ;; mingw32) basic_machine=i386-pc os=-mingw32 ;; + mingw32ce) + basic_machine=arm-unknown + os=-mingw32ce + ;; miniframe) basic_machine=m68000-convergent ;; @@ -809,6 +869,14 @@ case $basic_machine in basic_machine=i860-intel os=-osf ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; pbd) basic_machine=sparc-tti ;; @@ -925,6 +993,9 @@ case $basic_machine in basic_machine=sh-hitachi os=-hms ;; + sh5el) + basic_machine=sh5le-unknown + ;; sh64) basic_machine=sh64-unknown ;; @@ -1014,6 +1085,10 @@ case $basic_machine in basic_machine=tic6x-unknown os=-coff ;; + tile*) + basic_machine=tile-unknown + os=-linux-gnu + ;; tx39) basic_machine=mipstx39-unknown ;; @@ -1089,6 +1164,10 @@ case $basic_machine in basic_machine=z8k-unknown os=-sim ;; + z80-*-coff) + basic_machine=z80-unknown + os=-sim + ;; none) basic_machine=none-none os=-none @@ -1127,7 +1206,7 @@ case $basic_machine in we32k) basic_machine=we32k-att ;; - sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) + sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) @@ -1177,6 +1256,9 @@ case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux + ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; @@ -1197,10 +1279,11 @@ case $os in # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ - | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* \ + | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ @@ -1209,7 +1292,7 @@ case $os in | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* \ + | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ @@ -1219,7 +1302,7 @@ case $os in | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1349,6 +1432,9 @@ case $os in -zvmoe) os=-zvmoe ;; + -dicos*) + os=-dicos + ;; -none) ;; *) @@ -1414,6 +1500,9 @@ case $basic_machine in m68*-cisco) os=-aout ;; + mep-*) + os=-elf + ;; mips*-cisco) os=-elf ;; @@ -1543,7 +1632,7 @@ case $basic_machine in -sunos*) vendor=sun ;; - -aix*) + -cnk*|-aix*) vendor=ibm ;; -beos*) diff --git a/context_time.c b/context_time.c index b72836b..707d29d 100644 --- a/context_time.c +++ b/context_time.c @@ -49,6 +49,7 @@ gss_context_time(OM_uint32 *minor, GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { + *minor = GSSEAP_CONTEXT_INCOMPLETE; major = GSS_S_NO_CONTEXT; goto cleanup; } diff --git a/display_status.c b/display_status.c index ebe66bd..44b5390 100644 --- a/display_status.c +++ b/display_status.c @@ -62,30 +62,32 @@ createStatusInfoKey(void) static void saveStatusInfoNoCopy(OM_uint32 minor, char *message) { - struct gss_eap_status_info *info, *p; + struct gss_eap_status_info **next = NULL, *p; GSSEAP_ONCE(&gssEapStatusInfoKeyOnce, createStatusInfoKey); - info = GSSEAP_CALLOC(1, sizeof(*info)); - if (info == NULL) { - GSSEAP_FREE(message); - return; + p = GSSEAP_GETSPECIFIC(gssEapStatusInfoKey); + for (; p != NULL; p = p->next) { + if (p->code == minor) { + p->message = message; + return; + } + next = &p->next; } - info->code = minor; - info->message = message; - - p = GSSEAP_GETSPECIFIC(gssEapStatusInfoKey); + p = GSSEAP_CALLOC(1, sizeof(*p)); if (p == NULL) { - GSSEAP_SETSPECIFIC(gssEapStatusInfoKey, info); - } else { - struct gss_eap_status_info **next = &p; + GSSEAP_FREE(message); + return; + } - for (; p != NULL; p = p->next) - next = &p->next; + p->code = minor; + p->message = message; - *next = info; - } + if (p != NULL) + *next = p; + else + GSSEAP_SETSPECIFIC(gssEapStatusInfoKey, p); } static const char * diff --git a/eap_mech.c b/eap_mech.c index 686bea9..b6ef299 100644 --- a/eap_mech.c +++ b/eap_mech.c @@ -160,7 +160,8 @@ gssEapInitiatorInit(void) { OM_uint32 major, minor; - initialize_gsseap_error_table(); + initialize_eapg_error_table(); + initialize_rse_error_table(); major = gssEapInitLibEap(&minor); assert(major == GSS_S_COMPLETE); diff --git a/get_mic.c b/get_mic.c index a5f6a14..2fa71a2 100644 --- a/get_mic.c +++ b/get_mic.c @@ -55,6 +55,7 @@ gss_get_mic(OM_uint32 *minor, GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { + *minor = GSSEAP_CONTEXT_INCOMPLETE; major = GSS_S_NO_CONTEXT; goto cleanup; } diff --git a/gssapiP_eap.h b/gssapiP_eap.h index 0cf0cb9..de45508 100644 --- a/gssapiP_eap.h +++ b/gssapiP_eap.h @@ -75,6 +75,7 @@ extern "C" { #endif #include "gsseap_err.h" +#include "radsec_err.h" #include "util.h" #ifdef __cplusplus diff --git a/gsseap_err.et b/gsseap_err.et index f89da01..5a6a493 100644 --- a/gsseap_err.et +++ b/gsseap_err.et @@ -30,9 +30,36 @@ # SUCH DAMAGE. # -error_table gsseap +error_table eapg +error_code GSSEAP_BAD_SERVICE_NAME, "Could not parse service name" +error_code GSSEAP_WRONG_SIZE, "Buffer is incorrect size" +error_code GSSEAP_BAD_USAGE, "Credential usage type is unknown" +error_code GSSEAP_WRONG_MECH, "Mechanism OID is incorrect" +error_code GSSEAP_BAD_TOK_HEADER, "Token header is malformed or corrupt" +error_code GSSEAP_BAD_DIRECTION, "Packet was replayed in wrong direction" +error_code GSSEAP_WRONG_TOK_ID, "Received token ID does not match expected token ID" +error_code GSSEAP_CRED_USAGE_MISMATCH, "Credential usage does not match requested usage" error_code GSSEAP_CRIT_EXT_UNAVAILABLE, "Critical extension unavailable" error_code GSSEAP_MISSING_REQUIRED_EXT, "Missing required extension" +error_code GSSEAP_INPUT_TOO_LONG, "PRF input too long" +error_code GSSEAP_CONTEXT_ESTABLISHED, "Context is already fully established" +error_code GSSEAP_CONTEXT_INCOMPLETE, "Attempt to use incomplete security context" +error_code GSSEAP_RADSEC_INIT_FAILURE, "Failed to initialise RADIUS library" +error_code GSSEAP_SAML_INIT_FAILURE, "Failed to initialise SAML library" +error_code GSSEAP_SHIB_INIT_FAILURE, "Failed to initialise Shibboleth" +error_code GSSEAP_PEER_INIT_FAILURE, "Failed to initialise EAP state machine" +error_code GSSEAP_PEER_AUTH_FAILURE, "EAP authentication failure" +error_code GSSEAP_PEER_BAD_MESSAGE, "Bad EAP message" +error_code GSSEAP_KEY_UNAVAILABLE, "EAP key unavailable" +error_code GSSEAP_KEY_TOO_SHORT, "EAP key too short" +error_code GSSEAP_NO_ATTR_CONTEXT, "Name has no attributes" +error_code GSSEAP_NO_ATTR_PROVIDERS, "Failed to initialise attribute providers" +error_code GSSEAP_NO_SUCH_ATTR, "Unknown naming attribute" +error_code GSSEAP_BAD_ATTR_TOKEN, "Serialised attributes are malformed or corrupt" +error_code GSSEAP_ATTR_CONTEXT_FAILURE, "Failed to initialise attribute context" +error_code GSSEAP_BAD_CONTEXT_TOKEN, "Context token is malformed or corrupt" +error_code GSSEAP_MISSING_IOV, "IOV is missing required buffer" +error_code GSSEAP_BAD_STREAM_IOV, "Stream IOV can only contain a single data buffer" end diff --git a/import_sec_context.c b/import_sec_context.c index 202be3d..1e05f93 100644 --- a/import_sec_context.c +++ b/import_sec_context.c @@ -32,16 +32,16 @@ #include "gssapiP_eap.h" -#define UPDATE_REMAIN(n) do { \ - p += (n); \ - remain -= (n); \ +#define UPDATE_REMAIN(n) do { \ + p += (n); \ + remain -= (n); \ } while (0) -#define CHECK_REMAIN(n) do { \ - if (remain < (n)) { \ - *minor = ERANGE; \ - return GSS_S_DEFECTIVE_TOKEN; \ - } \ +#define CHECK_REMAIN(n) do { \ + if (remain < (n)) { \ + *minor = GSSEAP_WRONG_SIZE; \ + return GSS_S_DEFECTIVE_TOKEN; \ + } \ } while (0) static OM_uint32 @@ -111,13 +111,14 @@ importMechanismOid(OM_uint32 *minor, oidBuf.length = load_uint32_be(p); if (remain < 4 + oidBuf.length || oidBuf.length == 0) { - *minor = ERANGE; + *minor = GSSEAP_WRONG_SIZE; return GSS_S_DEFECTIVE_TOKEN; } oidBuf.elements = &p[4]; if (!gssEapIsConcreteMechanismOid(&oidBuf)) { + *minor = GSSEAP_WRONG_MECH; return GSS_S_BAD_MECH; } @@ -149,7 +150,7 @@ importKerberosKey(OM_uint32 *minor, gss_buffer_desc tmp; if (remain < 12) { - *minor = ERANGE; + *minor = GSSEAP_WRONG_SIZE; return GSS_S_DEFECTIVE_TOKEN; } @@ -158,12 +159,12 @@ importKerberosKey(OM_uint32 *minor, length = load_uint32_be(&p[8]); if ((length != 0) != (encryptionType != ENCTYPE_NULL)) { - *minor = ERANGE; + *minor = GSSEAP_BAD_CONTEXT_TOKEN; return GSS_S_DEFECTIVE_TOKEN; } if (remain - 12 < length) { - *minor = ERANGE; + *minor = GSSEAP_WRONG_SIZE; return GSS_S_DEFECTIVE_TOKEN; } @@ -196,14 +197,14 @@ importName(OM_uint32 *minor, gss_buffer_desc tmp; if (remain < 4) { - *minor = ERANGE; + *minor = GSSEAP_WRONG_SIZE; return GSS_S_DEFECTIVE_TOKEN; } tmp.length = load_uint32_be(p); if (tmp.length != 0) { if (remain - 4 < tmp.length) { - *minor = ERANGE; + *minor = GSSEAP_WRONG_SIZE; return GSS_S_DEFECTIVE_TOKEN; } @@ -232,11 +233,11 @@ gssEapImportContext(OM_uint32 *minor, size_t remain = token->length; if (remain < 16) { - *minor = ERANGE; + *minor = GSSEAP_WRONG_SIZE; return GSS_S_DEFECTIVE_TOKEN; } if (load_uint32_be(&p[0]) != EAP_EXPORT_CONTEXT_V1) { - *minor = EINVAL; + *minor = GSSEAP_BAD_CONTEXT_TOKEN; return GSS_S_DEFECTIVE_TOKEN; } ctx->state = load_uint32_be(&p[4]); @@ -281,7 +282,7 @@ gssEapImportContext(OM_uint32 *minor, } if (remain < 24 + sequenceSize(ctx->seqState)) { - *minor = ERANGE; + *minor = GSSEAP_WRONG_SIZE; return GSS_S_DEFECTIVE_TOKEN; } ctx->expiryTime = (time_t)load_uint64_be(&p[0]); /* XXX */ diff --git a/init_sec_context.c b/init_sec_context.c index 996e250..f7eda20 100644 --- a/init_sec_context.c +++ b/init_sec_context.c @@ -267,13 +267,17 @@ initReady(OM_uint32 *minor, gss_ctx_id_t ctx, OM_uint32 reqFlags) if (GSS_ERROR(major)) return major; - if (!eap_key_available(ctx->initiatorCtx.eap)) + if (!eap_key_available(ctx->initiatorCtx.eap)) { + *minor = GSSEAP_KEY_UNAVAILABLE; return GSS_S_UNAVAILABLE; + } key = eap_get_eapKeyData(ctx->initiatorCtx.eap, &keyLength); - if (keyLength < EAP_EMSK_LEN) + if (keyLength < EAP_EMSK_LEN) { + *minor = GSSEAP_KEY_TOO_SHORT; return GSS_S_UNAVAILABLE; + } major = gssEapDeriveRfc3961Key(minor, &key[EAP_EMSK_LEN / 2], @@ -297,6 +301,7 @@ initReady(OM_uint32 *minor, gss_ctx_id_t ctx, OM_uint32 reqFlags) if (GSS_ERROR(major)) return major; + *minor = 0; return GSS_S_COMPLETE; } @@ -348,6 +353,7 @@ initBegin(OM_uint32 *minor, if (!gssEapInternalizeOid(mech, &ctx->mechanismUsed)) major = duplicateOid(minor, mech, &ctx->mechanismUsed); } else { + *minor = GSSEAP_WRONG_MECH; major = GSS_S_BAD_MECH; } if (GSS_ERROR(major)) @@ -376,8 +382,10 @@ eapGssSmInitIdentity(OM_uint32 *minor, int initialContextToken; initialContextToken = (inputToken->length == 0); - if (!initialContextToken) + if (!initialContextToken) { + *minor = GSSEAP_WRONG_SIZE; return GSS_S_DEFECTIVE_TOKEN; + } major = initBegin(minor, cred, ctx, target, mech, reqFlags, timeReq, chanBindings, @@ -427,6 +435,7 @@ eapGssSmInitAuthenticate(OM_uint32 *minor, ctx, &eapConfig); if (ctx->initiatorCtx.eap == NULL) { + *minor = GSSEAP_PEER_INIT_FAILURE; major = GSS_S_FAILURE; goto cleanup; } @@ -455,11 +464,13 @@ eapGssSmInitAuthenticate(OM_uint32 *minor, major = GSS_S_CONTINUE_NEEDED; ctx->state = EAP_STATE_EXTENSIONS_REQ; } else if (ctx->flags & CTX_FLAG_EAP_FAIL) { + *minor = GSSEAP_PEER_AUTH_FAILURE; major = GSS_S_DEFECTIVE_CREDENTIAL; } else if (code == 0 && initialContextToken) { resp = &emptyWpaBuffer; major = GSS_S_CONTINUE_NEEDED; } else { + *minor = GSSEAP_PEER_BAD_MESSAGE; major = GSS_S_DEFECTIVE_TOKEN; } @@ -547,7 +558,7 @@ eapGssSmInitEstablished(OM_uint32 *minor, gss_buffer_t outputToken) { /* Called with already established context */ - *minor = EINVAL; + *minor = GSSEAP_CONTEXT_ESTABLISHED; return GSS_S_BAD_STATUS; } @@ -607,6 +618,7 @@ gss_init_sec_context(OM_uint32 *minor, if (ctx == GSS_C_NO_CONTEXT) { if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) { + *minor = GSSEAP_WRONG_SIZE; return GSS_S_DEFECTIVE_TOKEN; } @@ -644,10 +656,11 @@ gss_init_sec_context(OM_uint32 *minor, #ifdef GSSEAP_ENABLE_REAUTH if (initialContextToken && gssEapCanReauthP(cred, target_name, time_req)) - ctx->state = EAP_STATE_KRB_REAUTH_GSS; + ctx->state = EAP_STATE_KRB_REAUTH_GSS; #endif if ((cred->flags & CRED_FLAG_INITIATE) == 0) { + *minor = GSSEAP_CRED_USAGE_MISMATCH; major = GSS_S_NO_CRED; goto cleanup; } @@ -661,6 +674,7 @@ gss_init_sec_context(OM_uint32 *minor, goto cleanup; if (tokType != sm->inputTokenType) { + *minor = GSSEAP_WRONG_TOK_ID; major = GSS_S_DEFECTIVE_TOKEN; goto cleanup; } diff --git a/inquire_attrs_for_mech.c b/inquire_attrs_for_mech.c index fdd8893..a40e63e 100644 --- a/inquire_attrs_for_mech.c +++ b/inquire_attrs_for_mech.c @@ -58,8 +58,10 @@ gss_inquire_attrs_for_mech(OM_uint32 *minor, if (known_mech_attrs != NULL) *known_mech_attrs = GSS_C_NO_OID_SET; - if (!gssEapIsConcreteMechanismOid((const gss_OID)mech_oid)) + if (!gssEapIsConcreteMechanismOid((const gss_OID)mech_oid)) { + *minor = GSSEAP_WRONG_MECH; return GSS_S_BAD_MECH; + } if (mech_attrs != NULL) { major = gss_create_empty_oid_set(minor, mech_attrs); diff --git a/inquire_names_for_mech.c b/inquire_names_for_mech.c index e761739..8ceaa89 100644 --- a/inquire_names_for_mech.c +++ b/inquire_names_for_mech.c @@ -35,44 +35,38 @@ OM_uint32 gss_inquire_names_for_mech(OM_uint32 *minor, gss_OID mechanism, - gss_OID_set *name_types) + gss_OID_set *ret_name_types) { OM_uint32 major, tmpMinor; + gss_OID nameTypes[] = { + GSS_C_NT_USER_NAME, + GSS_C_NT_HOSTBASED_SERVICE, + GSS_C_NT_EXPORT_NAME, +#ifdef HAVE_GSS_C_NT_COMPOSITE_EXPORT + GSS_C_NT_COMPOSITE_EXPORT, +#endif + GSS_EAP_NT_PRINCIPAL_NAME, + }; + size_t i; if (!gssEapIsMechanismOid(mechanism)) { *minor = 0; return GSS_S_BAD_MECH; } - major = gss_create_empty_oid_set(minor, name_types); - if (GSS_ERROR(major)) - goto cleanup; - - major = gss_add_oid_set_member(minor, GSS_C_NT_USER_NAME, name_types); + major = gss_create_empty_oid_set(minor, ret_name_types); if (GSS_ERROR(major)) goto cleanup; - major = gss_add_oid_set_member(minor, GSS_C_NT_HOSTBASED_SERVICE, name_types); - if (GSS_ERROR(major)) - goto cleanup; - - major = gss_add_oid_set_member(minor, GSS_C_NT_EXPORT_NAME, name_types); - if (GSS_ERROR(major)) - goto cleanup; - -#ifdef HAVE_GSS_C_NT_COMPOSITE_EXPORT - major = gss_add_oid_set_member(minor, GSS_C_NT_COMPOSITE_EXPORT, name_types); - if (GSS_ERROR(major)) - goto cleanup; -#endif - - major = gss_add_oid_set_member(minor, GSS_EAP_NT_PRINCIPAL_NAME, name_types); - if (GSS_ERROR(major)) - goto cleanup; + for (i = 0; i < sizeof(nameTypes)/sizeof(nameTypes[0]); i++) { + major = gss_add_oid_set_member(minor, nameTypes[i], ret_name_types); + if (GSS_ERROR(major)) + goto cleanup; + } cleanup: if (GSS_ERROR(major)) - gss_release_oid_set(&tmpMinor, name_types); + gss_release_oid_set(&tmpMinor, ret_name_types); return major; } diff --git a/inquire_sec_context_by_oid.c b/inquire_sec_context_by_oid.c index b147ccc..6413b28 100644 --- a/inquire_sec_context_by_oid.c +++ b/inquire_sec_context_by_oid.c @@ -113,6 +113,7 @@ gss_inquire_sec_context_by_oid(OM_uint32 *minor, GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { + *minor = GSSEAP_CONTEXT_INCOMPLETE; major = GSS_S_NO_CONTEXT; goto cleanup; } diff --git a/install-sh b/install-sh index 4fbbae7..6781b98 100755 --- a/install-sh +++ b/install-sh @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2006-10-14.15 +scriptversion=2009-04-28.21; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -48,7 +48,7 @@ IFS=" "" $nl" # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. -doit="${DOITPROG-}" +doit=${DOITPROG-} if test -z "$doit"; then doit_exec=exec else @@ -58,34 +58,49 @@ fi # Put in absolute file names if you don't have them in your path; # or use environment vars. -mvprog="${MVPROG-mv}" -cpprog="${CPPROG-cp}" -chmodprog="${CHMODPROG-chmod}" -chownprog="${CHOWNPROG-chown}" -chgrpprog="${CHGRPPROG-chgrp}" -stripprog="${STRIPPROG-strip}" -rmprog="${RMPROG-rm}" -mkdirprog="${MKDIRPROG-mkdir}" +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_glob='?' +initialize_posix_glob=' + test "$posix_glob" != "?" || { + if (set -f) 2>/dev/null; then + posix_glob= + else + posix_glob=: + fi + } +' -posix_glob= posix_mkdir= # Desired mode of installed file. mode=0755 +chgrpcmd= chmodcmd=$chmodprog chowncmd= -chgrpcmd= -stripcmd= +mvcmd=$mvprog rmcmd="$rmprog -f" -mvcmd="$mvprog" +stripcmd= + src= dst= dir_arg= -dstarg= +dst_arg= + +copy_on_change=false no_target_directory= -usage="Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE or: $0 [OPTION]... SRCFILES... DIRECTORY or: $0 [OPTION]... -t DIRECTORY SRCFILES... or: $0 [OPTION]... -d DIRECTORIES... @@ -95,65 +110,55 @@ In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. In the 4th, create DIRECTORIES. Options: --c (ignored) --d create directories instead of installing files. --g GROUP $chgrpprog installed files to GROUP. --m MODE $chmodprog installed files to MODE. --o USER $chownprog installed files to USER. --s $stripprog installed files. --t DIRECTORY install into DIRECTORY. --T report an error if DSTFILE is a directory. ---help display this help and exit. ---version display version info and exit. + --help display this help and exit. + --version display version info and exit. + + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. Environment variables override the default commands: - CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG " while test $# -ne 0; do case $1 in - -c) shift - continue;; + -c) ;; + + -C) copy_on_change=true;; - -d) dir_arg=true - shift - continue;; + -d) dir_arg=true;; -g) chgrpcmd="$chgrpprog $2" - shift - shift - continue;; + shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 - shift - shift case $mode in *' '* | *' '* | *' '* | *'*'* | *'?'* | *'['*) echo "$0: invalid mode: $mode" >&2 exit 1;; esac - continue;; + shift;; -o) chowncmd="$chownprog $2" - shift - shift - continue;; + shift;; - -s) stripcmd=$stripprog - shift - continue;; + -s) stripcmd=$stripprog;; - -t) dstarg=$2 - shift - shift - continue;; + -t) dst_arg=$2 + shift;; - -T) no_target_directory=true - shift - continue;; + -T) no_target_directory=true;; --version) echo "$0 $scriptversion"; exit $?;; @@ -165,21 +170,22 @@ while test $# -ne 0; do *) break;; esac + shift done -if test $# -ne 0 && test -z "$dir_arg$dstarg"; then +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. # Otherwise, the last argument is the destination. Remove it from $@. for arg do - if test -n "$dstarg"; then + if test -n "$dst_arg"; then # $@ is not empty: it contains at least $arg. - set fnord "$@" "$dstarg" + set fnord "$@" "$dst_arg" shift # fnord fi shift # arg - dstarg=$arg + dst_arg=$arg done fi @@ -224,7 +230,7 @@ for src do # Protect names starting with `-'. case $src in - -*) src=./$src ;; + -*) src=./$src;; esac if test -n "$dir_arg"; then @@ -242,22 +248,22 @@ do exit 1 fi - if test -z "$dstarg"; then + if test -z "$dst_arg"; then echo "$0: no destination specified." >&2 exit 1 fi - dst=$dstarg + dst=$dst_arg # Protect names starting with `-'. case $dst in - -*) dst=./$dst ;; + -*) dst=./$dst;; esac # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. if test -d "$dst"; then if test -n "$no_target_directory"; then - echo "$0: $dstarg: Is a directory" >&2 + echo "$0: $dst_arg: Is a directory" >&2 exit 1 fi dstdir=$dst @@ -378,26 +384,19 @@ do # directory the slow way, step by step, checking for races as we go. case $dstdir in - /*) prefix=/ ;; - -*) prefix=./ ;; - *) prefix= ;; + /*) prefix='/';; + -*) prefix='./';; + *) prefix='';; esac - case $posix_glob in - '') - if (set -f) 2>/dev/null; then - posix_glob=true - else - posix_glob=false - fi ;; - esac + eval "$initialize_posix_glob" oIFS=$IFS IFS=/ - $posix_glob && set -f + $posix_glob set -f set fnord $dstdir shift - $posix_glob && set +f + $posix_glob set +f IFS=$oIFS prefixes= @@ -459,41 +458,54 @@ do # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $cpprog $src $dsttmp" command. # - { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \ - && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \ - && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \ - && { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && - - # Now rename the file to the real destination. - { $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null \ - || { - # The rename failed, perhaps because mv can't rename something else - # to itself, or perhaps because mv is so ancient that it does not - # support -f. - - # Now remove or move aside any old file at destination location. - # We try this two ways since rm can't unlink itself on some - # systems and the destination file might be busy for other - # reasons. In this case, the final cleanup might fail but the new - # file should still install successfully. - { - if test -f "$dst"; then - $doit $rmcmd -f "$dst" 2>/dev/null \ - || { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null \ - && { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }; }\ - || { - echo "$0: cannot unlink or rename $dst" >&2 - (exit 1); exit 1 - } - else - : - fi - } && - - # Now rename the file to the real destination. - $doit $mvcmd "$dsttmp" "$dst" - } - } || exit 1 + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + + eval "$initialize_posix_glob" && + $posix_glob set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + $posix_glob set +f && + + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 trap '' 0 fi @@ -503,5 +515,6 @@ done # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: diff --git a/process_context_token.c b/process_context_token.c index 32e657c..daba6f8 100644 --- a/process_context_token.c +++ b/process_context_token.c @@ -49,6 +49,7 @@ gss_process_context_token(OM_uint32 *minor, if (!CTX_IS_ESTABLISHED(ctx)) { GSSEAP_MUTEX_UNLOCK(&ctx->mutex); + *minor = GSSEAP_CONTEXT_INCOMPLETE; return GSS_S_NO_CONTEXT; } diff --git a/pseudo_random.c b/pseudo_random.c index f07e099..7895060 100644 --- a/pseudo_random.c +++ b/pseudo_random.c @@ -85,6 +85,7 @@ gss_pseudo_random(OM_uint32 *minor, if (!CTX_IS_ESTABLISHED(ctx)) { GSSEAP_MUTEX_UNLOCK(&ctx->mutex); + *minor = GSSEAP_CONTEXT_INCOMPLETE; return GSS_S_NO_CONTEXT; } diff --git a/radsec_err.et b/radsec_err.et new file mode 100644 index 0000000..07aa549 --- /dev/null +++ b/radsec_err.et @@ -0,0 +1,36 @@ +# +# Copyright (c) 2010, JANET(UK) +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of JANET(UK) nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# + +# Placeholders only +error_table rse + +end diff --git a/unwrap.c b/unwrap.c index cd8196f..911fd2b 100644 --- a/unwrap.c +++ b/unwrap.c @@ -54,6 +54,7 @@ gss_unwrap(OM_uint32 *minor, if (!CTX_IS_ESTABLISHED(ctx)) { major = GSS_S_NO_CONTEXT; + *minor = GSSEAP_CONTEXT_INCOMPLETE; goto cleanup; } diff --git a/unwrap_iov.c b/unwrap_iov.c index 705cbc1..a5a2c2f 100644 --- a/unwrap_iov.c +++ b/unwrap_iov.c @@ -294,7 +294,7 @@ unwrapStream(OM_uint32 *minor, assert(toktype == TOK_TYPE_WRAP); if (toktype != TOK_TYPE_WRAP) { - code = EINVAL; + code = GSSEAP_WRONG_TOK_ID; goto cleanup; } @@ -330,7 +330,7 @@ unwrapStream(OM_uint32 *minor, if (type == GSS_IOV_BUFFER_TYPE_DATA) { if (data != NULL) { /* only a single DATA buffer can appear */ - code = EINVAL; + code = GSSEAP_BAD_STREAM_IOV; goto cleanup; } @@ -344,7 +344,7 @@ unwrapStream(OM_uint32 *minor, if (data == NULL) { /* a single DATA buffer must be present */ - code = EINVAL; + code = GSSEAP_BAD_STREAM_IOV; goto cleanup; } @@ -405,7 +405,7 @@ unwrapStream(OM_uint32 *minor, if (stream->buffer.length < theader->buffer.length + tpadding->buffer.length + ttrailer->buffer.length) { - code = KRB5_BAD_MSIZE; + code = GSSEAP_WRONG_SIZE; major = GSS_S_DEFECTIVE_TOKEN; goto cleanup; } @@ -484,7 +484,7 @@ gss_unwrap_iov(OM_uint32 *minor, gss_iov_buffer_desc *iov, int iov_count) { - OM_uint32 major = GSS_S_NO_CONTEXT; + OM_uint32 major; if (ctx == GSS_C_NO_CONTEXT) { *minor = EINVAL; @@ -495,11 +495,18 @@ gss_unwrap_iov(OM_uint32 *minor, GSSEAP_MUTEX_LOCK(&ctx->mutex); - if (CTX_IS_ESTABLISHED(ctx)) { - major = gssEapUnwrapOrVerifyMIC(minor, ctx, conf_state, qop_state, - iov, iov_count, TOK_TYPE_WRAP); + if (!CTX_IS_ESTABLISHED(ctx)) { + *minor = GSSEAP_CONTEXT_INCOMPLETE; + major = GSS_S_NO_CONTEXT; + goto cleanup; } + major = gssEapUnwrapOrVerifyMIC(minor, ctx, conf_state, qop_state, + iov, iov_count, TOK_TYPE_WRAP); + if (GSS_ERROR(major)) + goto cleanup; + +cleanup: GSSEAP_MUTEX_UNLOCK(&ctx->mutex); return major; diff --git a/util_attr.cpp b/util_attr.cpp index 89296e6..57af9cd 100644 --- a/util_attr.cpp +++ b/util_attr.cpp @@ -62,9 +62,13 @@ gssEapAttrProvidersInitInternal(void) } static OM_uint32 -gssEapAttrProvidersInit(void) +gssEapAttrProvidersInit(OM_uint32 *minor) { GSSEAP_ONCE(&gssEapAttrProvidersInitOnce, gssEapAttrProvidersInitInternal); + + if (GSS_ERROR(gssEapAttrProvidersInitStatus)) + *minor = GSSEAP_NO_ATTR_PROVIDERS; + return gssEapAttrProvidersInitStatus; } @@ -729,15 +733,20 @@ gssEapInquireName(OM_uint32 *minor, gss_OID *MN_mech, gss_buffer_set_t *attrs) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; + } - if (GSS_ERROR(gssEapAttrProvidersInit())) + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) { return GSS_S_UNAVAILABLE; + } try { - if (!name->attrCtx->getAttributeTypes(attrs)) + if (!name->attrCtx->getAttributeTypes(attrs)) { + *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; + } } catch (std::exception &e) { return mapException(minor, e); } @@ -768,16 +777,23 @@ gssEapGetNameAttribute(OM_uint32 *minor, display_value->value = NULL; } - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; + } - if (GSS_ERROR(gssEapAttrProvidersInit())) + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) { return GSS_S_UNAVAILABLE; + } try { if (!name->attrCtx->getAttribute(attr, authenticated, complete, - value, display_value, more)) + value, display_value, more)) { + *minor = GSSEAP_NO_SUCH_ATTR; + gssEapSaveStatusInfo(*minor, "Unknown naming attribute %.*s", + (int)attr->length, (char *)attr->value); return GSS_S_UNAVAILABLE; + } } catch (std::exception &e) { return mapException(minor, e); } @@ -790,10 +806,12 @@ gssEapDeleteNameAttribute(OM_uint32 *minor, gss_name_t name, gss_buffer_t attr) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; + } - if (GSS_ERROR(gssEapAttrProvidersInit())) + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { @@ -812,10 +830,12 @@ gssEapSetNameAttribute(OM_uint32 *minor, gss_buffer_t attr, gss_buffer_t value) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; + } - if (GSS_ERROR(gssEapAttrProvidersInit())) + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { @@ -839,7 +859,7 @@ gssEapExportAttrContext(OM_uint32 *minor, return GSS_S_COMPLETE; } - if (GSS_ERROR(gssEapAttrProvidersInit())) + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { @@ -860,7 +880,7 @@ gssEapImportAttrContext(OM_uint32 *minor, assert(name->attrCtx == NULL); - if (GSS_ERROR(gssEapAttrProvidersInit())) + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; if (buffer->length != 0) { @@ -869,6 +889,7 @@ gssEapImportAttrContext(OM_uint32 *minor, if (!ctx->initFromBuffer(buffer)) { delete ctx; + *minor = GSSEAP_BAD_ATTR_TOKEN; return GSS_S_DEFECTIVE_TOKEN; } name->attrCtx = ctx; @@ -890,7 +911,7 @@ gssEapDuplicateAttrContext(OM_uint32 *minor, assert(out->attrCtx == NULL); - if (GSS_ERROR(gssEapAttrProvidersInit())) + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { @@ -898,6 +919,7 @@ gssEapDuplicateAttrContext(OM_uint32 *minor, ctx = new gss_eap_attr_ctx(); if (!ctx->initFromExistingContext(in->attrCtx)) { delete ctx; + *minor = GSSEAP_ATTR_CONTEXT_FAILURE; return GSS_S_FAILURE; } out->attrCtx = ctx; @@ -917,10 +939,12 @@ gssEapMapNameToAny(OM_uint32 *minor, gss_buffer_t type_id, gss_any_t *output) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; + } - if (GSS_ERROR(gssEapAttrProvidersInit())) + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { @@ -938,10 +962,12 @@ gssEapReleaseAnyNameMapping(OM_uint32 *minor, gss_buffer_t type_id, gss_any_t *input) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; + } - if (GSS_ERROR(gssEapAttrProvidersInit())) + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { @@ -974,10 +1000,11 @@ gssEapCreateAttrContext(gss_cred_id_t gssCred, gss_ctx_id_t gssCtx) { gss_eap_attr_ctx *ctx; + OM_uint32 tmpMinor; assert(gssCtx != GSS_C_NO_CONTEXT); - if (GSS_ERROR(gssEapAttrProvidersInit())) + if (GSS_ERROR(gssEapAttrProvidersInit(&tmpMinor))) return NULL; ctx = new gss_eap_attr_ctx(); diff --git a/util_context.c b/util_context.c index 0998369..ae3712a 100644 --- a/util_context.c +++ b/util_context.c @@ -190,8 +190,10 @@ gssEapVerifyToken(OM_uint32 *minor, return major; if (ctx->mechanismUsed == GSS_C_NO_OID) { - if (!gssEapIsConcreteMechanismOid(oid)) + if (!gssEapIsConcreteMechanismOid(oid)) { + *minor = GSSEAP_WRONG_MECH; return GSS_S_BAD_MECH; + } if (!gssEapInternalizeOid(oid, &ctx->mechanismUsed)) { major = duplicateOid(minor, oid, &ctx->mechanismUsed); diff --git a/util_cred.c b/util_cred.c index f85639c..58700c7 100644 --- a/util_cred.c +++ b/util_cred.c @@ -180,6 +180,7 @@ gssEapAcquireCred(OM_uint32 *minor, cred->flags |= CRED_FLAG_ACCEPT; break; default: + *minor = GSSEAP_BAD_USAGE; major = GSS_S_FAILURE; goto cleanup; break; diff --git a/util_name.c b/util_name.c index cc224b5..b3f061f 100644 --- a/util_name.c +++ b/util_name.c @@ -227,7 +227,7 @@ importUserName(OM_uint32 *minor, #define CHECK_REMAIN(n) do { \ if (remain < (n)) { \ - *minor = ERANGE; \ + *minor = GSSEAP_WRONG_SIZE; \ major = GSS_S_BAD_NAME; \ goto cleanup; \ } \ diff --git a/util_oid.c b/util_oid.c index 9586689..45c37d8 100644 --- a/util_oid.c +++ b/util_oid.c @@ -101,7 +101,7 @@ composeOid(OM_uint32 *minor, return GSS_S_FAILURE; } if (oid->length < prefix_len) { - *minor = ERANGE; + *minor = GSSEAP_WRONG_SIZE; return GSS_S_FAILURE; } @@ -160,7 +160,7 @@ decomposeOid(OM_uint32 *minor, for (i = 0; i < slen; i++) { *suffix = (*suffix << 7) | (op[i] & 0x7f); if (i + 1 != slen && (op[i] & 0x80) == 0) { - *minor = EINVAL; + *minor = GSSEAP_WRONG_SIZE; return GSS_S_FAILURE; } } diff --git a/util_radius.cpp b/util_radius.cpp index 0237eed..3aef0db 100644 --- a/util_radius.cpp +++ b/util_radius.cpp @@ -514,8 +514,12 @@ gssEapRadiusFreeAvps(OM_uint32 *minor, OM_uint32 gssEapRadiusAttrProviderInit(OM_uint32 *minor) { - return gss_eap_radius_attr_provider::init() - ? GSS_S_COMPLETE : GSS_S_FAILURE; + if (!gss_eap_radius_attr_provider::init()) { + *minor = GSSEAP_RADSEC_INIT_FAILURE; + return GSS_S_FAILURE; + } + + return GSS_S_COMPLETE; } OM_uint32 @@ -712,8 +716,6 @@ gss_eap_radius_attr_provider::getExpiryTime(void) const } /* partition error namespace so it does not conflict with krb5 */ -#define ERROR_TABLE_BASE_rse (46882560L) - #define RS_TO_COM_ERR(rse) ((rse) == RSE_OK ? 0 : (rse) + ERROR_TABLE_BASE_rse) #define COM_TO_RS_ERR(err) ((err) > ERROR_TABLE_BASE_rse && \ (err) <= (ERROR_TABLE_BASE_rse + RSE_SOME_ERROR) ? \ @@ -732,7 +734,7 @@ gssEapRadiusMapError(OM_uint32 *minor, *minor = RS_TO_COM_ERR(code); - gssEapSaveStatusInfo(*minor, "radsec: %s", rs_err_msg(err, 0)); + gssEapSaveStatusInfo(*minor, "%s", rs_err_msg(err, 0)); rs_err_free(err); return GSS_S_FAILURE; diff --git a/util_saml.cpp b/util_saml.cpp index f9a74ee..820896f 100644 --- a/util_saml.cpp +++ b/util_saml.cpp @@ -584,11 +584,13 @@ gss_eap_saml_attr_provider::createAttrContext(void) OM_uint32 gssEapSamlAttrProvidersInit(OM_uint32 *minor) { - if (gss_eap_saml_assertion_provider::init() && - gss_eap_saml_attr_provider::init()) - return GSS_S_COMPLETE; + if (!gss_eap_saml_assertion_provider::init() || + !gss_eap_saml_attr_provider::init()) { + *minor = GSSEAP_SAML_INIT_FAILURE; + return GSS_S_FAILURE; + } - return GSS_S_FAILURE; + return GSS_S_COMPLETE; } OM_uint32 diff --git a/util_shib.cpp b/util_shib.cpp index c5790f5..a37329f 100644 --- a/util_shib.cpp +++ b/util_shib.cpp @@ -478,8 +478,11 @@ gss_eap_shib_attr_provider::duplicateAttributes(const vector src) OM_uint32 gssEapLocalAttrProviderInit(OM_uint32 *minor) { - return gss_eap_shib_attr_provider::init() - ? GSS_S_COMPLETE : GSS_S_FAILURE; + if (!gss_eap_shib_attr_provider::init()) { + *minor = GSSEAP_SHIB_INIT_FAILURE; + return GSS_S_FAILURE; + } + return GSS_S_COMPLETE; } OM_uint32 diff --git a/util_token.c b/util_token.c index 29614fd..6642375 100644 --- a/util_token.c +++ b/util_token.c @@ -208,7 +208,7 @@ verifyTokenHeader(OM_uint32 *minor, gss_OID_desc toid; ssize_t toksize = (ssize_t)toksize_in; - *minor = 0; + *minor = GSSEAP_BAD_TOK_HEADER; if (ret_tok_type != NULL) *ret_tok_type = TOK_TYPE_NONE; @@ -248,6 +248,7 @@ verifyTokenHeader(OM_uint32 *minor, if (toid.length == 0) return GSS_S_BAD_MECH; } else if (!oidEqual(&toid, mech)) { + *minor = GSSEAP_WRONG_MECH; return GSS_S_BAD_MECH; } @@ -258,8 +259,10 @@ verifyTokenHeader(OM_uint32 *minor, *ret_tok_type = load_uint16_be(buf); buf += 2; } + *buf_in = buf; *body_size = toksize; + *minor = 0; return GSS_S_COMPLETE; } diff --git a/verify_mic.c b/verify_mic.c index 1403eca..f8ecf94 100644 --- a/verify_mic.c +++ b/verify_mic.c @@ -43,13 +43,13 @@ gss_verify_mic(OM_uint32 *minor, gss_iov_buffer_desc iov[3]; int conf_state; - *minor = 0; - if (message_token->length < 16) { - *minor = KRB5_BAD_MSIZE; + *minor = GSSEAP_WRONG_SIZE; return GSS_S_BAD_SIG; } + *minor = 0; + iov[0].type = GSS_IOV_BUFFER_TYPE_DATA; iov[0].buffer = *message_buffer; diff --git a/wrap.c b/wrap.c index 0407a33..122945e 100644 --- a/wrap.c +++ b/wrap.c @@ -53,6 +53,7 @@ gss_wrap(OM_uint32 *minor, GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { + *minor = GSSEAP_CONTEXT_INCOMPLETE; major = GSS_S_NO_CONTEXT; goto cleanup; } diff --git a/wrap_iov.c b/wrap_iov.c index 10a3254..8b8dc69 100644 --- a/wrap_iov.c +++ b/wrap_iov.c @@ -119,7 +119,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor, header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); if (header == NULL) { - *minor = EINVAL; + *minor = GSSEAP_MISSING_IOV; return GSS_S_FAILURE; } @@ -172,7 +172,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor, if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) { code = gssEapAllocIov(header, (size_t)gssHeaderLen); } else if (header->buffer.length < gssHeaderLen) - code = KRB5_BAD_MSIZE; + code = GSSEAP_WRONG_SIZE; if (code != 0) goto cleanup; outbuf = (unsigned char *)header->buffer.value; @@ -182,7 +182,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor, if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) code = gssEapAllocIov(trailer, (size_t)gssTrailerLen); else if (trailer->buffer.length < gssTrailerLen) - code = KRB5_BAD_MSIZE; + code = GSSEAP_WRONG_SIZE; if (code != 0) goto cleanup; trailer->buffer.length = (size_t)gssTrailerLen; @@ -245,7 +245,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor, if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) code = gssEapAllocIov(header, (size_t)gssHeaderLen); else if (header->buffer.length < gssHeaderLen) - code = KRB5_BAD_MSIZE; + code = GSSEAP_WRONG_SIZE; if (code != 0) goto cleanup; outbuf = (unsigned char *)header->buffer.value; @@ -255,7 +255,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor, if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) code = gssEapAllocIov(trailer, (size_t)gssTrailerLen); else if (trailer->buffer.length < gssTrailerLen) - code = KRB5_BAD_MSIZE; + code = GSSEAP_WRONG_SIZE; if (code != 0) goto cleanup; trailer->buffer.length = (size_t)gssTrailerLen; @@ -338,6 +338,7 @@ gss_wrap_iov(OM_uint32 *minor, GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { + *minor = GSSEAP_CONTEXT_INCOMPLETE; major = GSS_S_NO_CONTEXT; goto cleanup; } diff --git a/wrap_iov_length.c b/wrap_iov_length.c index f24976d..25bc3be 100644 --- a/wrap_iov_length.c +++ b/wrap_iov_length.c @@ -87,7 +87,7 @@ gssEapWrapIovLength(OM_uint32 *minor, header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); if (header == NULL) { - *minor = EINVAL; + *minor = GSSEAP_MISSING_IOV; return GSS_S_FAILURE; } INIT_IOV_DATA(header); @@ -200,6 +200,7 @@ gss_wrap_iov_length(OM_uint32 *minor, GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { + *minor = GSSEAP_CONTEXT_INCOMPLETE; major = GSS_S_NO_CONTEXT; goto cleanup; } diff --git a/wrap_size_limit.c b/wrap_size_limit.c index 48d8212..8fd9251 100644 --- a/wrap_size_limit.c +++ b/wrap_size_limit.c @@ -53,6 +53,7 @@ gss_wrap_size_limit(OM_uint32 *minor, GSSEAP_MUTEX_LOCK(&ctx->mutex); if (!CTX_IS_ESTABLISHED(ctx)) { + *minor = GSSEAP_CONTEXT_INCOMPLETE; major = GSS_S_NO_CONTEXT; goto cleanup; }