From: Luke Howard Date: Mon, 19 Sep 2011 12:49:16 +0000 (+1000) Subject: Add GSSEAP_NO_LOCAL_MAPPING error X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.orig;a=commitdiff_plain;h=3d6aee344d6a992d500869b336d68b09fc07cba3 Add GSSEAP_NO_LOCAL_MAPPING error --- 3d6aee344d6a992d500869b336d68b09fc07cba3 diff --cc libeap/Makefile.am index 163e4ff,0000000..b735ec8 mode 100644,000000..100644 --- a/libeap/Makefile.am +++ b/libeap/Makefile.am @@@ -1,211 -1,0 +1,126 @@@ +AUTOMAKE_OPTIONS = foreign + +AM_CPPFLAGS = -I$(srcdir)/src -I$(srcdir)/eap_example -I$(srcdir)/src/utils - noinst_HEADERS = \ - src/common/defs.h \ - src/common/eapol_common.h \ - src/common/ieee802_11_common.h \ - src/common/ieee802_11_defs.h \ - src/common/privsep_commands.h \ - src/common/version.h \ - src/common/wpa_common.h \ - src/common/wpa_ctrl.h - - EXTRA_DIST = src/tls/libtommath.c + +SOURCES_BOTH = src/eap_common/eap_peap_common.c +SOURCES_BOTH += src/eap_common/eap_psk_common.c +SOURCES_BOTH += src/eap_common/eap_pax_common.c +SOURCES_BOTH += src/eap_common/eap_sake_common.c +SOURCES_BOTH += src/eap_common/eap_gpsk_common.c - SOURCES_BOTH += src/eap_common/chap.c \ - src/eap_common/chap.h \ - src/eap_common/eap_common.h \ - src/eap_common/eap_defs.h \ - src/eap_common/eap_fast_common.h \ - src/eap_common/eap_gpsk_common.h \ - src/eap_common/eap_ikev2_common.h \ - src/eap_common/eap_pax_common.h \ - src/eap_common/eap_peap_common.h \ - src/eap_common/eap_psk_common.h \ - src/eap_common/eap_pwd_common.h \ - src/eap_common/eap_sake_common.h \ - src/eap_common/eap_sim_common.h \ - src/eap_common/eap_tlv_common.h \ - src/eap_common/eap_ttls.h \ - src/eap_common/eap_wsc_common.h \ - src/eap_common/ikev2_common.h - ++SOURCES_BOTH += src/eap_common/chap.c + +SOURCES_peer = src/eap_peer/eap_tls.c +SOURCES_peer += src/eap_peer/eap_peap.c +SOURCES_peer += src/eap_peer/eap_ttls.c +SOURCES_peer += src/eap_peer/eap_md5.c +SOURCES_peer += src/eap_peer/eap_mschapv2.c +SOURCES_peer += src/eap_peer/mschapv2.c +SOURCES_peer += src/eap_peer/eap_otp.c +SOURCES_peer += src/eap_peer/eap_gtc.c +SOURCES_peer += src/eap_peer/eap_leap.c +SOURCES_peer += src/eap_peer/eap_psk.c +SOURCES_peer += src/eap_peer/eap_pax.c +SOURCES_peer += src/eap_peer/eap_sake.c +SOURCES_peer += src/eap_peer/eap_gpsk.c +SOURCES_peer += src/eap_peer/eap.c +SOURCES_peer += src/eap_common/eap_common.c +SOURCES_peer += src/eap_peer/eap_methods.c - SOURCES_peer += src/eap_peer/eap_tls_common.c \ - src/eap_peer/eap_config.h \ - src/eap_peer/eap_fast_pac.h \ - src/eap_peer/eap.h \ - src/eap_peer/eap_i.h \ - src/eap_peer/eap_methods.h \ - src/eap_peer/eap_tls_common.h \ - src/eap_peer/ikev2.h \ - src/eap_peer/mschapv2.h \ - src/eap_peer/tncc.h - ++SOURCES_peer += src/eap_peer/eap_tls_common.c +CFLAGS += -DEAP_TLS +CFLAGS += -DEAP_PEAP +CFLAGS += -DEAP_TTLS +CFLAGS += -DEAP_MD5 +CFLAGS += -DEAP_MSCHAPv2 +CFLAGS += -DEAP_GTC +CFLAGS += -DEAP_OTP +CFLAGS += -DEAP_LEAP +CFLAGS += -DEAP_PSK +CFLAGS += -DEAP_PAX +CFLAGS += -DEAP_SAKE +CFLAGS += -DEAP_GPSK -DEAP_GPSK_SHA256 + +CFLAGS += -DEAP_SERVER_IDENTITY +CFLAGS += -DEAP_SERVER_TLS +CFLAGS += -DEAP_SERVER_PEAP +CFLAGS += -DEAP_SERVER_TTLS +CFLAGS += -DEAP_SERVER_MD5 +CFLAGS += -DEAP_SERVER_MSCHAPV2 +CFLAGS += -DEAP_SERVER_GTC +CFLAGS += -DEAP_SERVER_PSK +CFLAGS += -DEAP_SERVER_PAX +CFLAGS += -DEAP_SERVER_SAKE +CFLAGS += -DEAP_SERVER_GPSK -DEAP_SERVER_GPSK_SHA256 + +CFLAGS += -DIEEE8021X_EAPOL +CFLAGS += -DCONFIG_IPV6 + +CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH +CFLAGS += -DCONFIG_CRYPTO_INTERNAL +CFLAGS += -DCONFIG_TLS_INTERNAL_CLIENT + +UTILS_SRCS = src/utils/base64.c \ + src/utils/common.c \ + src/utils/ip_addr.c \ + src/utils/radiotap.c \ + src/utils/trace.c \ + src/utils/uuid.c \ + src/utils/wpa_debug.c \ + src/utils/wpabuf.c \ - src/utils/os_unix.c \ - src/utils/base64.h \ - src/utils/build_config.h \ - src/utils/common.h \ - src/utils/eloop.h \ - src/utils/includes.h \ - src/utils/ip_addr.h \ - src/utils/list.h \ - src/utils/os.h \ - src/utils/pcsc_funcs.h \ - src/utils/radiotap.h \ - src/utils/radiotap_iter.h \ - src/utils/state_machine.h \ - src/utils/trace.h \ - src/utils/uuid.h \ - src/utils/wpabuf.h \ - src/utils/wpa_debug.h - ++ src/utils/os_unix.c + +CRYPTO_SRCS = \ + src/crypto/aes-cbc.c \ + src/crypto/aes-ctr.c \ + src/crypto/aes-eax.c \ + src/crypto/aes-encblock.c \ + src/crypto/aes-internal.c \ + src/crypto/aes-internal-dec.c \ + src/crypto/aes-internal-enc.c \ + src/crypto/aes-omac1.c \ + src/crypto/aes-unwrap.c \ + src/crypto/aes-wrap.c \ + src/crypto/des-internal.c \ + src/crypto/dh_group5.c \ + src/crypto/dh_groups.c \ + src/crypto/md4-internal.c \ + src/crypto/md5.c \ + src/crypto/md5-internal.c \ + src/crypto/md5-non-fips.c \ + src/crypto/milenage.c \ + src/crypto/ms_funcs.c \ + src/crypto/rc4.c \ + src/crypto/sha1.c \ + src/crypto/sha1-internal.c \ + src/crypto/sha1-pbkdf2.c \ + src/crypto/sha1-tlsprf.c \ + src/crypto/sha1-tprf.c \ + src/crypto/sha256.c \ + src/crypto/sha256-internal.c \ + src/crypto/crypto_internal.c \ + src/crypto/crypto_internal-cipher.c \ + src/crypto/crypto_internal-modexp.c \ + src/crypto/crypto_internal-rsa.c \ + src/crypto/tls_internal.c \ - src/crypto/fips_prf_internal.c \ - src/crypto/aes.h \ - src/crypto/aes_i.h \ - src/crypto/aes_wrap.h \ - src/crypto/crypto.h \ - src/crypto/des_i.h \ - src/crypto/dh_group5.h \ - src/crypto/dh_groups.h \ - src/crypto/md5.h \ - src/crypto/md5_i.h \ - src/crypto/milenage.h \ - src/crypto/ms_funcs.h \ - src/crypto/sha1.h \ - src/crypto/sha1_i.h \ - src/crypto/sha256.h \ - src/crypto/tls.h - ++ src/crypto/fips_prf_internal.c + +TLS_SRCS = \ + src/tls/asn1.c \ + src/tls/bignum.c \ + src/tls/pkcs1.c \ + src/tls/pkcs5.c \ + src/tls/pkcs8.c \ + src/tls/rsa.c \ + src/tls/tlsv1_client.c \ + src/tls/tlsv1_client_read.c \ + src/tls/tlsv1_client_write.c \ + src/tls/tlsv1_common.c \ + src/tls/tlsv1_cred.c \ + src/tls/tlsv1_record.c \ + src/tls/tlsv1_server.c \ + src/tls/tlsv1_server_read.c \ + src/tls/tlsv1_server_write.c \ - src/tls/x509v3.c \ - src/tls/asn1.h \ - src/tls/bignum.h \ - src/tls/pkcs1.h \ - src/tls/pkcs5.h \ - src/tls/pkcs8.h \ - src/tls/rsa.h \ - src/tls/tlsv1_client.h \ - src/tls/tlsv1_client_i.h \ - src/tls/tlsv1_common.h \ - src/tls/tlsv1_cred.h \ - src/tls/tlsv1_record.h \ - src/tls/tlsv1_server.h \ - src/tls/tlsv1_server_i.h \ - src/tls/x509v3.h ++ src/tls/x509v3.c + +libeap_la_SOURCES = $(SOURCES_BOTH) $(SOURCES_peer) $(UTILS_SRCS) $(CRYPTO_SRCS) $(TLS_SRCS) + +noinst_LTLIBRARIES = libeap.la diff --cc mech_eap/gsseap_err.et index f8ec5ef,0000000..d60c2c7 mode 100644,000000..100644 --- a/mech_eap/gsseap_err.et +++ b/mech_eap/gsseap_err.et @@@ -1,161 -1,0 +1,162 @@@ +# +# Copyright (c) 2011, JANET(UK) +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of JANET(UK) nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# + +error_table eapg + +# +# Protocol errors that can be returned in an error token. This should match +# up with makeErrorToken in accept_sec_context.c. +# +error_code GSSEAP_RESERVED, "" +error_code GSSEAP_WRONG_SIZE, "Buffer is incorrect size" +error_code GSSEAP_WRONG_MECH, "Mechanism OID is incorrect" +error_code GSSEAP_BAD_TOK_HEADER, "Token header is malformed or corrupt" +error_code GSSEAP_TOK_TRUNC, "Token is missing data" +error_code GSSEAP_BAD_DIRECTION, "Packet was replayed in wrong direction" +error_code GSSEAP_WRONG_TOK_ID, "Received token ID does not match expected token ID" +error_code GSSEAP_CRIT_ITOK_UNAVAILABLE, "Critical inner token type unavailable" +error_code GSSEAP_MISSING_REQUIRED_ITOK, "Missing required inner token" +error_code GSSEAP_DUPLICATE_ITOK, "Duplicate inner token received" +error_code GSSEAP_WRONG_ITOK, "Recieved invalid inner token for current state" +error_code GSSEAP_KEY_UNAVAILABLE, "EAP key unavailable" +error_code GSSEAP_KEY_TOO_SHORT, "EAP key too short" +error_code GSSEAP_RADIUS_AUTH_FAILURE, "Authentication rejected by RADIUS server" +error_code GSSEAP_UNKNOWN_RADIUS_CODE, "Received unknown response code from RADIUS server" +error_code GSSEAP_MISSING_EAP_REQUEST, "RADIUS response is missing EAP request" +error_code GSSEAP_RADIUS_PROT_FAILURE, "Generic RADIUS failure" + +# +# Context errors +# +error_code GSSEAP_CONTEXT_ESTABLISHED, "Context is already fully established" +error_code GSSEAP_CONTEXT_INCOMPLETE, "Attempt to use incomplete security context" +error_code GSSEAP_BAD_CONTEXT_TOKEN, "Context token is malformed or corrupt" +error_code GSSEAP_BAD_ERROR_TOKEN, "Error token is malformed or corrupt" +error_code GSSEAP_BAD_CONTEXT_OPTION, "Bad context option" + +# +# Name errors +# +error_code GSSEAP_BAD_SERVICE_NAME, "Name is not a valid service name" +error_code GSSEAP_BAD_INITIATOR_NAME, "Initiator identity must be a valid name" +error_code GSSEAP_NO_HOSTNAME, "Could not determine local host name" +error_code GSSEAP_NO_ACCEPTOR_NAME, "Could not determine acceptor identity" +error_code GSSEAP_BAD_NAME_TOKEN, "Name token is malformed or corrupt" ++error_code GSSEAP_NO_LOCAL_MAPPING, "Unable to map name to a local identity" + +# +# Credential errors +# +error_code GSSEAP_BAD_USAGE, "Credential usage type is unknown" +error_code GSSEAP_CRED_USAGE_MISMATCH, "Credential usage does not match requested usage" +error_code GSSEAP_CRED_MECH_MISMATCH, "Credential is not usable with this mechanism" +error_code GSSEAP_CRED_EXPIRED, "Attributes indicate credentials have expired" +error_code GSSEAP_BAD_CRED_OPTION, "Bad credential option" +error_code GSSEAP_NO_DEFAULT_IDENTITY, "Default credentials identity unavailable" +error_code GSSEAP_NO_DEFAULT_CRED, "Missing default password or other credentials" +error_code GSSEAP_CRED_RESOLVED, "Credential is already fully resolved" + +# +# Local identity service errors +# +error_code GSSEAP_UNABLE_TO_START_IDENTITY_SERVICE, "Unable to start identity service" +error_code GSSEAP_NO_IDENTITY_SELECTED, "No identity selected" +error_code GSSEAP_IDENTITY_SERVICE_INSTALL_ERROR, "Identity service installation error" +error_code GSSEAP_IDENTITY_SERVICE_OS_ERROR, "Identity service OS error" +error_code GSSEAP_IDENTITY_SERVICE_IPC_ERROR, "Identity service IPC error" +error_code GSSEAP_IDENTITY_SERVICE_UNKNOWN_ERROR, "Unknown identity service error" + +# +# Wrap/unwrap/PRF errors +# +error_code GSSEAP_BAD_WRAP_TOKEN, "Bad RFC 4121 wrap or MIC token" +error_code GSSEAP_MISSING_IOV, "IOV is missing required buffer" +error_code GSSEAP_BAD_STREAM_IOV, "Stream IOV can only contain a single data buffer" +error_code GSSEAP_BAD_PADDING_IOV, "Padding IOV is not permitted for RFC 4121 tokens" +error_code GSSEAP_UNKNOWN_QOP, "Unknown quality of protection specified" +error_code GSSEAP_INPUT_TOO_LONG, "PRF input too long" +error_code GSSEAP_BAD_PRF_KEY, "PRF key usage type is unknown" + +# +# libeap errors +# +error_code GSSEAP_LIBEAP_INIT_FAILURE, "Failed to initialize EAP library" +error_code GSSEAP_PEER_SM_INIT_FAILURE, "Failed to create EAP state machine" +error_code GSSEAP_PEER_SM_STEP_FAILURE, "Failed to step EAP state machine" +error_code GSSEAP_PEER_AUTH_FAILURE, "EAP peer authentication failure" +error_code GSSEAP_PEER_BAD_MESSAGE, "Received bad EAP message" + +# +# RadSec initialisation errors +# +error_code GSSEAP_RADSEC_INIT_FAILURE, "Failed to initialize RadSec library" +error_code GSSEAP_RADSEC_CONTEXT_FAILURE, "Failed to create RadSec context" + +# +# Attribute errors +# +error_code GSSEAP_NO_ATTR_CONTEXT, "Name has no attributes" +error_code GSSEAP_NO_ATTR_PROVIDERS, "Failed to initialize attribute providers" +error_code GSSEAP_NO_SUCH_ATTR, "Unknown naming attribute" +error_code GSSEAP_BAD_ATTR_TOKEN, "Serialised attributes are malformed or corrupt" +error_code GSSEAP_ATTR_CONTEXT_FAILURE, "Failed to initialize attribute context" + +# +# OpenSAML errors +# +error_code GSSEAP_SAML_INIT_FAILURE, "Failed to initialize SAML library" +error_code GSSEAP_SAML_SEC_POLICY_FAILURE, "Failed to process SAML security policy" +error_code GSSEAP_SAML_BINDING_FAILURE, "Failed in SAML binding processing" +error_code GSSEAP_SAML_PROFILE_FAILURE, "Failed to process SAML profile" +error_code GSSEAP_SAML_FATAL_PROFILE_FAILURE, "Non-recoverable failure in SAML profile processing" +error_code GSSEAP_SAML_RETRY_PROFILE_FAILURE, "Temporary failure in SAML profile processing" +error_code GSSEAP_SAML_METADATA_FAILURE, "Failure related to SAML metadata use" + +# +# Shibboleth errors +# +error_code GSSEAP_SHIB_INIT_FAILURE, "Failed to initialize Shibboleth" +error_code GSSEAP_SHIB_ATTR_FAILURE, "Failure during local attribute processing" +error_code GSSEAP_SHIB_ATTR_EXTRACT_FAILURE, "Failed to extract local attributes" +error_code GSSEAP_SHIB_ATTR_FILTER_FAILURE, "Failed to filter local attributes" +error_code GSSEAP_SHIB_ATTR_RESOLVE_FAILURE, "Failed to resolve local attributes" +error_code GSSEAP_SHIB_CONFIG_FAILURE, "Local attribute configuration failure" +error_code GSSEAP_SHIB_LISTENER_FAILURE, "Failed to communicate with local attribute server" + +# +# Extensions +# +error_code GSSEAP_BINDINGS_MISMATCH, "Channel bindings do not match" +error_code GSSEAP_NO_MECHGLUE_SYMBOL, "Could not find symbol in mechanism glue" +error_code GSSEAP_BAD_INVOCATION, "Bad mechanism invoke OID" + +end