9 files changed, 228 insertions, 179 deletions

diff --git a/src/libcharon/sa/authenticators/eap/eap_method.c b/src/libcharon/sa/authenticators/eap/eap_method.c
index 892e97bd9..0fa4a00c5 100644
--- a/src/libcharon/sa/authenticators/eap/eap_method.c
+++ b/src/libcharon/sa/authenticators/eap/eap_method.c
@@ -15,20 +15,6 @@
 
 #include "eap_method.h"
 
-ENUM(eap_code_names, EAP_REQUEST, EAP_FAILURE,
-	"EAP_REQUEST",
-	"EAP_RESPONSE",
-	"EAP_SUCCESS",
-	"EAP_FAILURE",
-);
-
-ENUM(eap_code_short_names, EAP_REQUEST, EAP_FAILURE,
-	"REQ",
-	"RES",
-	"SUCC",
-	"FAIL",
-);
-
 ENUM(eap_role_names, EAP_SERVER, EAP_PEER,
 	"EAP_SERVER",
 	"EAP_PEER",
diff --git a/src/libcharon/sa/authenticators/eap/eap_method.h b/src/libcharon/sa/authenticators/eap/eap_method.h
index 91b419b2c..9961039ff 100644
--- a/src/libcharon/sa/authenticators/eap/eap_method.h
+++ b/src/libcharon/sa/authenticators/eap/eap_method.h
@@ -23,10 +23,10 @@
 
 typedef struct eap_method_t eap_method_t;
 typedef enum eap_role_t eap_role_t;
-typedef enum eap_code_t eap_code_t;
 
 #include <library.h>
 #include <utils/identification.h>
+#include <eap/eap.h>
 #include <encoding/payloads/eap_payload.h>
 
 /**
@@ -42,26 +42,6 @@ enum eap_role_t {
 extern enum_name_t *eap_role_names;
 
 /**
- * EAP code, type of an EAP message
- */
-enum eap_code_t {
-	EAP_REQUEST = 1,
-	EAP_RESPONSE = 2,
-	EAP_SUCCESS = 3,
-	EAP_FAILURE = 4,
-};
-
-/**
- * enum names for eap_code_t.
- */
-extern enum_name_t *eap_code_names;
-
-/**
- * short string enum names for eap_code_t.
- */
-extern enum_name_t *eap_code_short_names;
-
-/**
  * Interface of an EAP method for server and client side.
  *
  * An EAP method initiates an EAP exchange and processes requests and
diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk
index c39ff882c..ba254f58b 100644
--- a/src/libstrongswan/Android.mk
+++ b/src/libstrongswan/Android.mk
@@ -49,6 +49,7 @@ credentials/auth_cfg.c credentials/auth_cfg.h credentials/credential_set.h \
 credentials/cert_validator.h \
 database/database.h database/database_factory.h database/database_factory.c \
 fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \
+eap/eap.h eap/eap.c \
 selectors/traffic_selector.c selectors/traffic_selector.h \
 threading/thread.h threading/thread.c \
 threading/thread_value.h threading/thread_value.c \
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index d197057ca..316d8977d 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -48,6 +48,7 @@ credentials/auth_cfg.c credentials/auth_cfg.h credentials/credential_set.h \
 credentials/cert_validator.h \
 database/database.h database/database_factory.h database/database_factory.c \
 fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \
+eap/eap.h eap/eap.c \
 selectors/traffic_selector.c selectors/traffic_selector.h \
 threading/thread.h threading/thread.c \
 threading/thread_value.h threading/thread_value.c \
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index d550f8640..4e7b4b111 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -20,6 +20,7 @@
 #include <debug.h>
 #include <utils/linked_list.h>
 #include <utils/identification.h>
+#include <eap/eap.h>
 #include <credentials/certificates/certificate.h>
 
 ENUM(auth_class_names, AUTH_CLASS_ANY, AUTH_CLASS_EAP,
@@ -29,107 +30,6 @@ ENUM(auth_class_names, AUTH_CLASS_ANY, AUTH_CLASS_EAP,
 	"EAP",
 );
 
-ENUM_BEGIN(eap_type_names, EAP_IDENTITY, EAP_GTC,
-	"EAP_IDENTITY",
-	"EAP_NOTIFICATION",
-	"EAP_NAK",
-	"EAP_MD5",
-	"EAP_OTP",
-	"EAP_GTC");
-ENUM_NEXT(eap_type_names, EAP_TLS, EAP_TLS, EAP_GTC,
-	"EAP_TLS");
-ENUM_NEXT(eap_type_names, EAP_SIM, EAP_SIM, EAP_TLS,
-	"EAP_SIM");
-ENUM_NEXT(eap_type_names, EAP_TTLS, EAP_TTLS, EAP_SIM,
-	"EAP_TTLS");
-ENUM_NEXT(eap_type_names, EAP_AKA, EAP_AKA, EAP_TTLS,
-	"EAP_AKA");
-ENUM_NEXT(eap_type_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA,
-	"EAP_MSCHAPV2");
-ENUM_NEXT(eap_type_names, EAP_TNC, EAP_TNC, EAP_MSCHAPV2,
-	"EAP_TNC");
-ENUM_NEXT(eap_type_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_TNC,
-	"EAP_RADIUS",
-	"EAP_EXPANDED",
-	"EAP_EXPERIMENTAL");
-ENUM_END(eap_type_names, EAP_EXPERIMENTAL);
-
-ENUM_BEGIN(eap_type_short_names, EAP_IDENTITY, EAP_GTC,
-	"ID",
-	"NTF",
-	"NAK",
-	"MD5",
-	"OTP",
-	"GTC");
-ENUM_NEXT(eap_type_short_names, EAP_TLS, EAP_TLS, EAP_GTC,
-	"TLS");
-ENUM_NEXT(eap_type_short_names, EAP_SIM, EAP_SIM, EAP_TLS,
-	"SIM");
-ENUM_NEXT(eap_type_short_names, EAP_TTLS, EAP_TTLS, EAP_SIM,
-	"TTLS");
-ENUM_NEXT(eap_type_short_names, EAP_AKA, EAP_AKA, EAP_TTLS,
-	"AKA");
-ENUM_NEXT(eap_type_short_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA,
-	"MSCHAPV2");
-ENUM_NEXT(eap_type_short_names, EAP_TNC, EAP_TNC, EAP_MSCHAPV2,
-	"TNC");
-ENUM_NEXT(eap_type_short_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_TNC,
-	"RAD",
-	"EXP",
-	"XP");
-ENUM_END(eap_type_short_names, EAP_EXPERIMENTAL);
-
-ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_SUBJECT_HASH_URL,
-	"RULE_IDENTITY",
-	"RULE_AUTH_CLASS",
-	"RULE_EAP_IDENTITY",
-	"RULE_EAP_TYPE",
-	"RULE_EAP_VENDOR",
-	"RULE_CA_CERT",
-	"RULE_IM_CERT",
-	"RULE_SUBJECT_CERT",
-	"RULE_CRL_VALIDATION",
-	"RULE_OCSP_VALIDATION",
-	"RULE_GROUP",
-	"HELPER_IM_CERT",
-	"HELPER_SUBJECT_CERT",
-	"HELPER_IM_HASH_URL",
-	"HELPER_SUBJECT_HASH_URL",
-);
-
-/*
- * See header
- */
-eap_type_t eap_type_from_string(char *name)
-{
-	int i;
-	static struct {
-		char *name;
-		eap_type_t type;
-	} types[] = {
-		{"identity",	EAP_IDENTITY},
-		{"md5",			EAP_MD5},
-		{"otp",			EAP_OTP},
-		{"gtc",			EAP_GTC},
-		{"tls",			EAP_TLS},
-		{"ttls",		EAP_TTLS},
-		{"sim",			EAP_SIM},
-		{"aka",			EAP_AKA},
-		{"mschapv2",	EAP_MSCHAPV2},
-		{"tnc",			EAP_TNC},
-		{"radius",		EAP_RADIUS},
-	};
-
-	for (i = 0; i < countof(types); i++)
-	{
-		if (strcaseeq(name, types[i].name))
-		{
-			return types[i].type;
-		}
-	}
-	return 0;
-}
-
 typedef struct private_auth_cfg_t private_auth_cfg_t;
 
 /**
diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h
index f088c1442..9a5fdc0da 100644
--- a/src/libstrongswan/credentials/auth_cfg.h
+++ b/src/libstrongswan/credentials/auth_cfg.h
@@ -27,7 +27,6 @@
 typedef struct auth_cfg_t auth_cfg_t;
 typedef enum auth_rule_t auth_rule_t;
 typedef enum auth_class_t auth_class_t;
-typedef enum eap_type_t eap_type_t;
 
 /**
  * Class of authentication to use. This is different to auth_method_t in that
@@ -51,46 +50,6 @@ enum auth_class_t {
 extern enum_name_t *auth_class_names;
 
 /**
- * EAP types, defines the EAP method implementation
- */
-enum eap_type_t {
-	EAP_IDENTITY = 1,
-	EAP_NOTIFICATION = 2,
-	EAP_NAK = 3,
-	EAP_MD5 = 4,
-	EAP_OTP = 5,
-	EAP_GTC = 6,
-	EAP_TLS = 13,
-	EAP_SIM = 18,
-	EAP_TTLS = 21,
-	EAP_AKA = 23,
-	EAP_MSCHAPV2 = 26,
-	EAP_TNC = 38,
-	/** not a method, but an implementation providing different methods */
-	EAP_RADIUS = 253,
-	EAP_EXPANDED = 254,
-	EAP_EXPERIMENTAL = 255,
-};
-
-/**
- * enum names for eap_type_t.
- */
-extern enum_name_t *eap_type_names;
-
-/**
- * short string enum names for eap_type_t.
- */
-extern enum_name_t *eap_type_short_names;
-
-/**
- * Lookup the EAP method type from a string.
- *
- * @param name		EAP method name (such as "md5", "aka")
- * @return			method type, 0 if unkown
- */
-eap_type_t eap_type_from_string(char *name);
-
-/**
  * Authentication config to use during authentication process.
  *
  * Each authentication config contains a set of rules. These rule-sets are used
diff --git a/src/libstrongswan/eap/eap.c b/src/libstrongswan/eap/eap.c
new file mode 100644
index 000000000..71734017a
--- /dev/null
+++ b/src/libstrongswan/eap/eap.c
@@ -0,0 +1,131 @@
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "eap.h"
+
+ENUM(eap_code_names, EAP_REQUEST, EAP_FAILURE,
+	"EAP_REQUEST",
+	"EAP_RESPONSE",
+	"EAP_SUCCESS",
+	"EAP_FAILURE",
+);
+
+ENUM(eap_code_short_names, EAP_REQUEST, EAP_FAILURE,
+	"REQ",
+	"RES",
+	"SUCC",
+	"FAIL",
+);
+
+ENUM_BEGIN(eap_type_names, EAP_IDENTITY, EAP_GTC,
+	"EAP_IDENTITY",
+	"EAP_NOTIFICATION",
+	"EAP_NAK",
+	"EAP_MD5",
+	"EAP_OTP",
+	"EAP_GTC");
+ENUM_NEXT(eap_type_names, EAP_TLS, EAP_TLS, EAP_GTC,
+	"EAP_TLS");
+ENUM_NEXT(eap_type_names, EAP_SIM, EAP_SIM, EAP_TLS,
+	"EAP_SIM");
+ENUM_NEXT(eap_type_names, EAP_TTLS, EAP_TTLS, EAP_SIM,
+	"EAP_TTLS");
+ENUM_NEXT(eap_type_names, EAP_AKA, EAP_AKA, EAP_TTLS,
+	"EAP_AKA");
+ENUM_NEXT(eap_type_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA,
+	"EAP_MSCHAPV2");
+ENUM_NEXT(eap_type_names, EAP_TNC, EAP_TNC, EAP_MSCHAPV2,
+	"EAP_TNC");
+ENUM_NEXT(eap_type_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_TNC,
+	"EAP_RADIUS",
+	"EAP_EXPANDED",
+	"EAP_EXPERIMENTAL");
+ENUM_END(eap_type_names, EAP_EXPERIMENTAL);
+
+ENUM_BEGIN(eap_type_short_names, EAP_IDENTITY, EAP_GTC,
+	"ID",
+	"NTF",
+	"NAK",
+	"MD5",
+	"OTP",
+	"GTC");
+ENUM_NEXT(eap_type_short_names, EAP_TLS, EAP_TLS, EAP_GTC,
+	"TLS");
+ENUM_NEXT(eap_type_short_names, EAP_SIM, EAP_SIM, EAP_TLS,
+	"SIM");
+ENUM_NEXT(eap_type_short_names, EAP_TTLS, EAP_TTLS, EAP_SIM,
+	"TTLS");
+ENUM_NEXT(eap_type_short_names, EAP_AKA, EAP_AKA, EAP_TTLS,
+	"AKA");
+ENUM_NEXT(eap_type_short_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA,
+	"MSCHAPV2");
+ENUM_NEXT(eap_type_short_names, EAP_TNC, EAP_TNC, EAP_MSCHAPV2,
+	"TNC");
+ENUM_NEXT(eap_type_short_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_TNC,
+	"RAD",
+	"EXP",
+	"XP");
+ENUM_END(eap_type_short_names, EAP_EXPERIMENTAL);
+
+ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_SUBJECT_HASH_URL,
+	"RULE_IDENTITY",
+	"RULE_AUTH_CLASS",
+	"RULE_EAP_IDENTITY",
+	"RULE_EAP_TYPE",
+	"RULE_EAP_VENDOR",
+	"RULE_CA_CERT",
+	"RULE_IM_CERT",
+	"RULE_SUBJECT_CERT",
+	"RULE_CRL_VALIDATION",
+	"RULE_OCSP_VALIDATION",
+	"RULE_GROUP",
+	"HELPER_IM_CERT",
+	"HELPER_SUBJECT_CERT",
+	"HELPER_IM_HASH_URL",
+	"HELPER_SUBJECT_HASH_URL",
+);
+
+/*
+ * See header
+ */
+eap_type_t eap_type_from_string(char *name)
+{
+	int i;
+	static struct {
+		char *name;
+		eap_type_t type;
+	} types[] = {
+		{"identity",	EAP_IDENTITY},
+		{"md5",			EAP_MD5},
+		{"otp",			EAP_OTP},
+		{"gtc",			EAP_GTC},
+		{"tls",			EAP_TLS},
+		{"ttls",		EAP_TTLS},
+		{"sim",			EAP_SIM},
+		{"aka",			EAP_AKA},
+		{"mschapv2",	EAP_MSCHAPV2},
+		{"tnc",			EAP_TNC},
+		{"radius",		EAP_RADIUS},
+	};
+
+	for (i = 0; i < countof(types); i++)
+	{
+		if (strcaseeq(name, types[i].name))
+		{
+			return types[i].type;
+		}
+	}
+	return 0;
+}
diff --git a/src/libstrongswan/eap/eap.h b/src/libstrongswan/eap/eap.h
new file mode 100644
index 000000000..1d55747a4
--- /dev/null
+++ b/src/libstrongswan/eap/eap.h
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup eap eap
+ * @{ @ingroup libstrongswan
+ */
+
+#ifndef EAP_H_
+#define EAP_H_
+
+typedef enum eap_code_t eap_code_t;
+typedef enum eap_type_t eap_type_t;
+
+#include <library.h>
+
+/**
+ * EAP code, type of an EAP message
+ */
+enum eap_code_t {
+	EAP_REQUEST = 1,
+	EAP_RESPONSE = 2,
+	EAP_SUCCESS = 3,
+	EAP_FAILURE = 4,
+};
+
+/**
+ * enum names for eap_code_t.
+ */
+extern enum_name_t *eap_code_names;
+
+/**
+ * short string enum names for eap_code_t.
+ */
+extern enum_name_t *eap_code_short_names;
+
+/**
+ * EAP types, defines the EAP method implementation
+ */
+enum eap_type_t {
+	EAP_IDENTITY = 1,
+	EAP_NOTIFICATION = 2,
+	EAP_NAK = 3,
+	EAP_MD5 = 4,
+	EAP_OTP = 5,
+	EAP_GTC = 6,
+	EAP_TLS = 13,
+	EAP_SIM = 18,
+	EAP_TTLS = 21,
+	EAP_AKA = 23,
+	EAP_MSCHAPV2 = 26,
+	EAP_TNC = 38,
+	/** not a method, but an implementation providing different methods */
+	EAP_RADIUS = 253,
+	EAP_EXPANDED = 254,
+	EAP_EXPERIMENTAL = 255,
+};
+
+/**
+ * enum names for eap_type_t.
+ */
+extern enum_name_t *eap_type_names;
+
+/**
+ * short string enum names for eap_type_t.
+ */
+extern enum_name_t *eap_type_short_names;
+
+/**
+ * Lookup the EAP method type from a string.
+ *
+ * @param name		EAP method name (such as "md5", "aka")
+ * @return			method type, 0 if unkown
+ */
+eap_type_t eap_type_from_string(char *name);
+
+#endif /** EAP_H_ @}*/
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 379c2b477..dd5885ee1 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -19,6 +19,8 @@
 
 #include <freeswan.h>
 
+#include <eap/eap.h>
+
 #include "../pluto/constants.h"
 #include "../pluto/defs.h"
 #include "../pluto/log.h"
@@ -461,7 +463,7 @@ static void handle_firewall(const char *label, starter_end_t *end,
 	}
 }
 
-static bool handle_mark(char *value, mark_t *mark)	
+static bool handle_mark(char *value, mark_t *mark)
 {
 	char *pos, *endptr;
 
@@ -856,7 +858,7 @@ static void load_also_conns(starter_conn_t *conn, also_t *also,
 /*
  * find a conn included by also
  */
-static kw_list_t* find_also_conn(const char* name, starter_conn_t *conn, 
+static kw_list_t* find_also_conn(const char* name, starter_conn_t *conn,
 								 starter_config_t *cfg)
 {
 	starter_conn_t *c = cfg->conn_first;