search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Adapt to OpenPAM Hydrangea.
[dragonfly.git] / contrib / hostapd-0.5.8 / eapol_sm.h
blobdcb5ee9b31967091219a7ee4396c6c1a621b6097
1 /*
2 * hostapd / IEEE 802.1X Authenticator - EAPOL state machine
3 * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15 #ifndef EAPOL_SM_H
16 #define EAPOL_SM_H
17
18 #include "defs.h"
19
20 /* IEEE Std 802.1X-2004, Ch. 8.2 */
21
22 typedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 }
23 PortTypes;
24 typedef enum { Unauthorized = 2, Authorized = 1 } PortState;
25 typedef enum { Both = 0, In = 1 } ControlledDirection;
26 typedef unsigned int Counter;
27
28 struct eap_sm;
29
30 struct radius_attr_data {
31 u8 *data;
32 size_t len;
33 };
34
35 struct radius_class_data {
36 struct radius_attr_data *attr;
37 size_t count;
38 };
39
40 struct eapol_state_machine {
41 /* timers */
42 int aWhile;
43 int quietWhile;
44 int reAuthWhen;
45
46 /* global variables */
47 Boolean authAbort;
48 Boolean authFail;
49 PortState authPortStatus;
50 Boolean authStart;
51 Boolean authTimeout;
52 Boolean authSuccess;
53 Boolean eapFail;
54 Boolean eapolEap;
55 Boolean eapSuccess;
56 Boolean eapTimeout;
57 Boolean initialize;
58 Boolean keyAvailable;
59 Boolean keyDone;
60 Boolean keyRun;
61 Boolean keyTxEnabled;
62 PortTypes portControl;
63 Boolean portEnabled;
64 Boolean portValid;
65 Boolean reAuthenticate;
66
67 /* Port Timers state machine */
68 /* 'Boolean tick' implicitly handled as registered timeout */
69
70 /* Authenticator PAE state machine */
71 enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING,
72 AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED,
73 AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH,
74 AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state;
75 /* variables */
76 Boolean eapolLogoff;
77 Boolean eapolStart;
78 Boolean eapRestart;
79 PortTypes portMode;
80 unsigned int reAuthCount;
81 /* constants */
82 unsigned int quietPeriod; /* default 60; 0..65535 */
83 #define AUTH_PAE_DEFAULT_quietPeriod 60
84 unsigned int reAuthMax; /* default 2 */
85 #define AUTH_PAE_DEFAULT_reAuthMax 2
86 /* counters */
87 Counter authEntersConnecting;
88 Counter authEapLogoffsWhileConnecting;
89 Counter authEntersAuthenticating;
90 Counter authAuthSuccessesWhileAuthenticating;
91 Counter authAuthTimeoutsWhileAuthenticating;
92 Counter authAuthFailWhileAuthenticating;
93 Counter authAuthEapStartsWhileAuthenticating;
94 Counter authAuthEapLogoffWhileAuthenticating;
95 Counter authAuthReauthsWhileAuthenticated;
96 Counter authAuthEapStartsWhileAuthenticated;
97 Counter authAuthEapLogoffWhileAuthenticated;
98
99 /* Backend Authentication state machine */
100 enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS,
101 BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE,
102 BE_AUTH_IGNORE
103 } be_auth_state;
104 /* variables */
105 Boolean eapNoReq;
106 Boolean eapReq;
107 Boolean eapResp;
108 /* constants */
109 unsigned int serverTimeout; /* default 30; 1..X */
110 #define BE_AUTH_DEFAULT_serverTimeout 30
111 /* counters */
112 Counter backendResponses;
113 Counter backendAccessChallenges;
114 Counter backendOtherRequestsToSupplicant;
115 Counter backendAuthSuccesses;
116 Counter backendAuthFails;
117
118 /* Reauthentication Timer state machine */
119 enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE
120 } reauth_timer_state;
121 /* constants */
122 unsigned int reAuthPeriod; /* default 3600 s */
123 Boolean reAuthEnabled;
124
125 /* Authenticator Key Transmit state machine */
126 enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT
127 } auth_key_tx_state;
128
129 /* Key Receive state machine */
130 enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state;
131 /* variables */
132 Boolean rxKey;
133
134 /* Controlled Directions state machine */
135 enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state;
136 /* variables */
137 ControlledDirection adminControlledDirections;
138 ControlledDirection operControlledDirections;
139 Boolean operEdge;
140
141 /* Authenticator Statistics Table */
142 Counter dot1xAuthEapolFramesRx;
143 Counter dot1xAuthEapolFramesTx;
144 Counter dot1xAuthEapolStartFramesRx;
145 Counter dot1xAuthEapolLogoffFramesRx;
146 Counter dot1xAuthEapolRespIdFramesRx;
147 Counter dot1xAuthEapolRespFramesRx;
148 Counter dot1xAuthEapolReqIdFramesTx;
149 Counter dot1xAuthEapolReqFramesTx;
150 Counter dot1xAuthInvalidEapolFramesRx;
151 Counter dot1xAuthEapLengthErrorFramesRx;
152 Counter dot1xAuthLastEapolFrameVersion;
153
154 /* Other variables - not defined in IEEE 802.1X */
155 u8 addr[ETH_ALEN]; /* Supplicant address */
156 #define EAPOL_SM_PREAUTH BIT(0)
157 int flags; /* EAPOL_SM_* */
158
159 int radius_identifier;
160 /* TODO: check when the last messages can be released */
161 struct radius_msg *last_recv_radius;
162 u8 *last_eap_supp; /* last received EAP Response from Supplicant */
163 size_t last_eap_supp_len;
164 u8 *last_eap_radius; /* last received EAP Response from Authentication
165 * Server */
166 size_t last_eap_radius_len;
167 u8 *identity;
168 size_t identity_len;
169 u8 eap_type_authsrv; /* EAP type of the last EAP packet from
170 * Authentication server */
171 u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
172 struct radius_class_data radius_class;
173
174 /* Keys for encrypting and signing EAPOL-Key frames */
175 u8 *eapol_key_sign;
176 size_t eapol_key_sign_len;
177 u8 *eapol_key_crypt;
178 size_t eapol_key_crypt_len;
179
180 Boolean rx_identity; /* set to TRUE on reception of
181 * EAP-Response/Identity */
182
183 struct eap_sm *eap;
184
185 /* currentId was removed in IEEE 802.1X-REV, but it is needed to filter
186 * out EAP-Responses to old packets (e.g., to two EAP-Request/Identity
187 * packets that are often sent in the beginning of the authentication).
188 */
189 u8 currentId;
190
191 Boolean initializing; /* in process of initializing state machines */
192 Boolean changed;
193
194 /* Somewhat nasty pointers to global hostapd and STA data to avoid
195 * passing these to every function */
196 struct hostapd_data *hapd;
197 struct sta_info *sta;
198 };
199
200
201 struct eapol_state_machine *eapol_sm_alloc(struct hostapd_data *hapd,
202 struct sta_info *sta);
203 void eapol_sm_free(struct eapol_state_machine *sm);
204 void eapol_sm_step(struct eapol_state_machine *sm);
205 void eapol_sm_initialize(struct eapol_state_machine *sm);
206 void eapol_sm_dump_state(FILE *f, const char *prefix,
207 struct eapol_state_machine *sm);
208 int eapol_sm_eap_pending_cb(struct eapol_state_machine *sm, void *ctx);
209
210 #endif /* EAPOL_SM_H */
DragonFly BSD