Move internal EAPOL authenticator defines into their own file
This is an initial step in further cleaning up the EAPOL authenticator use to avoid requiring direct accesses to the internal data structures. For now, number of external files are still including the internal definitions from eapol_auth_sm_i.h, but eventually, these direct references should be removed.
This commit is contained in:
parent
03da66bd59
commit
e0e14a7bc3
11 changed files with 205 additions and 177 deletions
|
@ -16,14 +16,15 @@
|
|||
#include "includes.h"
|
||||
|
||||
#include "common.h"
|
||||
#include "radius/radius_client.h"
|
||||
#include "radius/radius_server.h"
|
||||
#include "eapol_auth/eapol_auth_sm.h"
|
||||
#include "eapol_auth/eapol_auth_sm_i.h"
|
||||
#include "eap_server/eap.h"
|
||||
#include "hostapd.h"
|
||||
#include "config.h"
|
||||
#include "sta_flags.h"
|
||||
#include "sta_info.h"
|
||||
#include "radius/radius_client.h"
|
||||
#include "radius/radius_server.h"
|
||||
#include "eapol_auth/eapol_auth_sm.h"
|
||||
#include "eap_server/eap.h"
|
||||
|
||||
|
||||
static void fprint_char(FILE *f, char c)
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
#include "crypto/tls.h"
|
||||
#include "common/ieee802_11_defs.h"
|
||||
#include "eapol_auth/eapol_auth_sm.h"
|
||||
#include "eapol_auth/eapol_auth_sm_i.h"
|
||||
#include "radius/radius_client.h"
|
||||
#include "radius/radius_server.h"
|
||||
#include "eap_server/eap_sim_db.h"
|
||||
|
|
|
@ -23,6 +23,7 @@
|
|||
#include "radius/radius.h"
|
||||
#include "radius/radius_client.h"
|
||||
#include "eapol_auth/eapol_auth_sm.h"
|
||||
#include "eapol_auth/eapol_auth_sm_i.h"
|
||||
#include "hostapd.h"
|
||||
#include "ieee802_1x.h"
|
||||
#include "accounting.h"
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
#include "common.h"
|
||||
#include "eloop.h"
|
||||
#include "eapol_auth/eapol_auth_sm.h"
|
||||
#include "eapol_auth/eapol_auth_sm_i.h"
|
||||
#include "pmksa_cache.h"
|
||||
|
||||
|
||||
|
|
|
@ -15,6 +15,8 @@
|
|||
#ifndef PMKSA_CACHE_H
|
||||
#define PMKSA_CACHE_H
|
||||
|
||||
#include "radius/radius.h"
|
||||
|
||||
/**
|
||||
* struct rsn_pmksa_cache_entry - PMKSA cache entry
|
||||
*/
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
#include "sta_info.h"
|
||||
#include "common/wpa_common.h"
|
||||
#include "eapol_auth/eapol_auth_sm.h"
|
||||
#include "eapol_auth/eapol_auth_sm_i.h"
|
||||
#include "wpa.h"
|
||||
#include "preauth.h"
|
||||
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
#include "common/ieee802_11_defs.h"
|
||||
#include "common/ieee802_11_common.h"
|
||||
#include "eapol_auth/eapol_auth_sm.h"
|
||||
#include "eapol_auth/eapol_auth_sm_i.h"
|
||||
#include "wps/wps.h"
|
||||
#include "wps/wps_defs.h"
|
||||
#include "wps/wps_dev_attr.h"
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
#include "common.h"
|
||||
#include "eap_server/eap.h"
|
||||
#include "eapol_auth_sm.h"
|
||||
#include "eapol_auth_sm_i.h"
|
||||
|
||||
static inline const char * port_type_txt(PortTypes pt)
|
||||
{
|
||||
|
|
|
@ -15,12 +15,14 @@
|
|||
#include "includes.h"
|
||||
|
||||
#include "common.h"
|
||||
#include "eapol_auth_sm.h"
|
||||
#include "eloop.h"
|
||||
#include "common/eapol_common.h"
|
||||
#include "eap_server/eap.h"
|
||||
#include "state_machine.h"
|
||||
#include "common/eapol_common.h"
|
||||
#include "eap_common/eap_defs.h"
|
||||
#include "eap_common/eap_common.h"
|
||||
#include "eap_server/eap.h"
|
||||
#include "eapol_auth_sm.h"
|
||||
#include "eapol_auth_sm_i.h"
|
||||
|
||||
#define STATE_MACHINE_DATA struct eapol_state_machine
|
||||
#define STATE_MACHINE_DEBUG_PREFIX "IEEE 802.1X"
|
||||
|
|
|
@ -15,19 +15,10 @@
|
|||
#ifndef EAPOL_AUTH_SM_H
|
||||
#define EAPOL_AUTH_SM_H
|
||||
|
||||
#include "common/defs.h"
|
||||
#include "radius/radius.h"
|
||||
|
||||
/* IEEE Std 802.1X-2004, Ch. 8.2 */
|
||||
|
||||
typedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 }
|
||||
PortTypes;
|
||||
typedef enum { Unauthorized = 2, Authorized = 1 } PortState;
|
||||
typedef enum { Both = 0, In = 1 } ControlledDirection;
|
||||
typedef unsigned int Counter;
|
||||
|
||||
struct eap_sm;
|
||||
|
||||
#define EAPOL_SM_PREAUTH BIT(0)
|
||||
#define EAPOL_SM_WAIT_START BIT(1)
|
||||
#define EAPOL_SM_USES_WPA BIT(2)
|
||||
#define EAPOL_SM_FROM_PMKSA_CACHE BIT(3)
|
||||
|
||||
struct eapol_auth_config {
|
||||
int eap_reauth_period;
|
||||
|
@ -81,163 +72,6 @@ struct eapol_auth_cb {
|
|||
void (*eapol_event)(void *ctx, void *sta_ctx, enum eapol_event type);
|
||||
};
|
||||
|
||||
/**
|
||||
* struct eapol_authenticator - Global EAPOL authenticator data
|
||||
*/
|
||||
struct eapol_authenticator {
|
||||
struct eapol_auth_config conf;
|
||||
struct eapol_auth_cb cb;
|
||||
|
||||
u8 *default_wep_key;
|
||||
u8 default_wep_key_idx;
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* struct eapol_state_machine - Per-Supplicant Authenticator state machines
|
||||
*/
|
||||
struct eapol_state_machine {
|
||||
/* timers */
|
||||
int aWhile;
|
||||
int quietWhile;
|
||||
int reAuthWhen;
|
||||
|
||||
/* global variables */
|
||||
Boolean authAbort;
|
||||
Boolean authFail;
|
||||
PortState authPortStatus;
|
||||
Boolean authStart;
|
||||
Boolean authTimeout;
|
||||
Boolean authSuccess;
|
||||
Boolean eapolEap;
|
||||
Boolean initialize;
|
||||
Boolean keyDone;
|
||||
Boolean keyRun;
|
||||
Boolean keyTxEnabled;
|
||||
PortTypes portControl;
|
||||
Boolean portValid;
|
||||
Boolean reAuthenticate;
|
||||
|
||||
/* Port Timers state machine */
|
||||
/* 'Boolean tick' implicitly handled as registered timeout */
|
||||
|
||||
/* Authenticator PAE state machine */
|
||||
enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING,
|
||||
AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED,
|
||||
AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH,
|
||||
AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state;
|
||||
/* variables */
|
||||
Boolean eapolLogoff;
|
||||
Boolean eapolStart;
|
||||
PortTypes portMode;
|
||||
unsigned int reAuthCount;
|
||||
/* constants */
|
||||
unsigned int quietPeriod; /* default 60; 0..65535 */
|
||||
#define AUTH_PAE_DEFAULT_quietPeriod 60
|
||||
unsigned int reAuthMax; /* default 2 */
|
||||
#define AUTH_PAE_DEFAULT_reAuthMax 2
|
||||
/* counters */
|
||||
Counter authEntersConnecting;
|
||||
Counter authEapLogoffsWhileConnecting;
|
||||
Counter authEntersAuthenticating;
|
||||
Counter authAuthSuccessesWhileAuthenticating;
|
||||
Counter authAuthTimeoutsWhileAuthenticating;
|
||||
Counter authAuthFailWhileAuthenticating;
|
||||
Counter authAuthEapStartsWhileAuthenticating;
|
||||
Counter authAuthEapLogoffWhileAuthenticating;
|
||||
Counter authAuthReauthsWhileAuthenticated;
|
||||
Counter authAuthEapStartsWhileAuthenticated;
|
||||
Counter authAuthEapLogoffWhileAuthenticated;
|
||||
|
||||
/* Backend Authentication state machine */
|
||||
enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS,
|
||||
BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE,
|
||||
BE_AUTH_IGNORE
|
||||
} be_auth_state;
|
||||
/* constants */
|
||||
unsigned int serverTimeout; /* default 30; 1..X */
|
||||
#define BE_AUTH_DEFAULT_serverTimeout 30
|
||||
/* counters */
|
||||
Counter backendResponses;
|
||||
Counter backendAccessChallenges;
|
||||
Counter backendOtherRequestsToSupplicant;
|
||||
Counter backendAuthSuccesses;
|
||||
Counter backendAuthFails;
|
||||
|
||||
/* Reauthentication Timer state machine */
|
||||
enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE
|
||||
} reauth_timer_state;
|
||||
/* constants */
|
||||
unsigned int reAuthPeriod; /* default 3600 s */
|
||||
Boolean reAuthEnabled;
|
||||
|
||||
/* Authenticator Key Transmit state machine */
|
||||
enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT
|
||||
} auth_key_tx_state;
|
||||
|
||||
/* Key Receive state machine */
|
||||
enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state;
|
||||
/* variables */
|
||||
Boolean rxKey;
|
||||
|
||||
/* Controlled Directions state machine */
|
||||
enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state;
|
||||
/* variables */
|
||||
ControlledDirection adminControlledDirections;
|
||||
ControlledDirection operControlledDirections;
|
||||
Boolean operEdge;
|
||||
|
||||
/* Authenticator Statistics Table */
|
||||
Counter dot1xAuthEapolFramesRx;
|
||||
Counter dot1xAuthEapolFramesTx;
|
||||
Counter dot1xAuthEapolStartFramesRx;
|
||||
Counter dot1xAuthEapolLogoffFramesRx;
|
||||
Counter dot1xAuthEapolRespIdFramesRx;
|
||||
Counter dot1xAuthEapolRespFramesRx;
|
||||
Counter dot1xAuthEapolReqIdFramesTx;
|
||||
Counter dot1xAuthEapolReqFramesTx;
|
||||
Counter dot1xAuthInvalidEapolFramesRx;
|
||||
Counter dot1xAuthEapLengthErrorFramesRx;
|
||||
Counter dot1xAuthLastEapolFrameVersion;
|
||||
|
||||
/* Other variables - not defined in IEEE 802.1X */
|
||||
u8 addr[ETH_ALEN]; /* Supplicant address */
|
||||
#define EAPOL_SM_PREAUTH BIT(0)
|
||||
#define EAPOL_SM_WAIT_START BIT(1)
|
||||
#define EAPOL_SM_USES_WPA BIT(2)
|
||||
#define EAPOL_SM_FROM_PMKSA_CACHE BIT(3)
|
||||
int flags; /* EAPOL_SM_* */
|
||||
|
||||
/* EAPOL/AAA <-> EAP full authenticator interface */
|
||||
struct eap_eapol_interface *eap_if;
|
||||
|
||||
int radius_identifier;
|
||||
/* TODO: check when the last messages can be released */
|
||||
struct radius_msg *last_recv_radius;
|
||||
u8 last_eap_id; /* last used EAP Identifier */
|
||||
u8 *identity;
|
||||
size_t identity_len;
|
||||
u8 eap_type_authsrv; /* EAP type of the last EAP packet from
|
||||
* Authentication server */
|
||||
u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
|
||||
struct radius_class_data radius_class;
|
||||
|
||||
/* Keys for encrypting and signing EAPOL-Key frames */
|
||||
u8 *eapol_key_sign;
|
||||
size_t eapol_key_sign_len;
|
||||
u8 *eapol_key_crypt;
|
||||
size_t eapol_key_crypt_len;
|
||||
|
||||
struct eap_sm *eap;
|
||||
|
||||
Boolean initializing; /* in process of initializing state machines */
|
||||
Boolean changed;
|
||||
|
||||
struct eapol_authenticator *eapol;
|
||||
|
||||
void *sta; /* station context pointer to use in callbacks */
|
||||
};
|
||||
|
||||
|
||||
struct eapol_authenticator * eapol_auth_init(struct eapol_auth_config *conf,
|
||||
struct eapol_auth_cb *cb);
|
||||
|
|
183
src/eapol_auth/eapol_auth_sm_i.h
Normal file
183
src/eapol_auth/eapol_auth_sm_i.h
Normal file
|
@ -0,0 +1,183 @@
|
|||
/*
|
||||
* IEEE 802.1X-2004 Authenticator - EAPOL state machine (internal definitions)
|
||||
* Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* Alternatively, this software may be distributed under the terms of BSD
|
||||
* license.
|
||||
*
|
||||
* See README and COPYING for more details.
|
||||
*/
|
||||
|
||||
#ifndef EAPOL_AUTH_SM_I_H
|
||||
#define EAPOL_AUTH_SM_I_H
|
||||
|
||||
#include "common/defs.h"
|
||||
#include "radius/radius.h"
|
||||
|
||||
/* IEEE Std 802.1X-2004, Ch. 8.2 */
|
||||
|
||||
typedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 }
|
||||
PortTypes;
|
||||
typedef enum { Unauthorized = 2, Authorized = 1 } PortState;
|
||||
typedef enum { Both = 0, In = 1 } ControlledDirection;
|
||||
typedef unsigned int Counter;
|
||||
|
||||
|
||||
/**
|
||||
* struct eapol_authenticator - Global EAPOL authenticator data
|
||||
*/
|
||||
struct eapol_authenticator {
|
||||
struct eapol_auth_config conf;
|
||||
struct eapol_auth_cb cb;
|
||||
|
||||
u8 *default_wep_key;
|
||||
u8 default_wep_key_idx;
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* struct eapol_state_machine - Per-Supplicant Authenticator state machines
|
||||
*/
|
||||
struct eapol_state_machine {
|
||||
/* timers */
|
||||
int aWhile;
|
||||
int quietWhile;
|
||||
int reAuthWhen;
|
||||
|
||||
/* global variables */
|
||||
Boolean authAbort;
|
||||
Boolean authFail;
|
||||
PortState authPortStatus;
|
||||
Boolean authStart;
|
||||
Boolean authTimeout;
|
||||
Boolean authSuccess;
|
||||
Boolean eapolEap;
|
||||
Boolean initialize;
|
||||
Boolean keyDone;
|
||||
Boolean keyRun;
|
||||
Boolean keyTxEnabled;
|
||||
PortTypes portControl;
|
||||
Boolean portValid;
|
||||
Boolean reAuthenticate;
|
||||
|
||||
/* Port Timers state machine */
|
||||
/* 'Boolean tick' implicitly handled as registered timeout */
|
||||
|
||||
/* Authenticator PAE state machine */
|
||||
enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING,
|
||||
AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED,
|
||||
AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH,
|
||||
AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state;
|
||||
/* variables */
|
||||
Boolean eapolLogoff;
|
||||
Boolean eapolStart;
|
||||
PortTypes portMode;
|
||||
unsigned int reAuthCount;
|
||||
/* constants */
|
||||
unsigned int quietPeriod; /* default 60; 0..65535 */
|
||||
#define AUTH_PAE_DEFAULT_quietPeriod 60
|
||||
unsigned int reAuthMax; /* default 2 */
|
||||
#define AUTH_PAE_DEFAULT_reAuthMax 2
|
||||
/* counters */
|
||||
Counter authEntersConnecting;
|
||||
Counter authEapLogoffsWhileConnecting;
|
||||
Counter authEntersAuthenticating;
|
||||
Counter authAuthSuccessesWhileAuthenticating;
|
||||
Counter authAuthTimeoutsWhileAuthenticating;
|
||||
Counter authAuthFailWhileAuthenticating;
|
||||
Counter authAuthEapStartsWhileAuthenticating;
|
||||
Counter authAuthEapLogoffWhileAuthenticating;
|
||||
Counter authAuthReauthsWhileAuthenticated;
|
||||
Counter authAuthEapStartsWhileAuthenticated;
|
||||
Counter authAuthEapLogoffWhileAuthenticated;
|
||||
|
||||
/* Backend Authentication state machine */
|
||||
enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS,
|
||||
BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE,
|
||||
BE_AUTH_IGNORE
|
||||
} be_auth_state;
|
||||
/* constants */
|
||||
unsigned int serverTimeout; /* default 30; 1..X */
|
||||
#define BE_AUTH_DEFAULT_serverTimeout 30
|
||||
/* counters */
|
||||
Counter backendResponses;
|
||||
Counter backendAccessChallenges;
|
||||
Counter backendOtherRequestsToSupplicant;
|
||||
Counter backendAuthSuccesses;
|
||||
Counter backendAuthFails;
|
||||
|
||||
/* Reauthentication Timer state machine */
|
||||
enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE
|
||||
} reauth_timer_state;
|
||||
/* constants */
|
||||
unsigned int reAuthPeriod; /* default 3600 s */
|
||||
Boolean reAuthEnabled;
|
||||
|
||||
/* Authenticator Key Transmit state machine */
|
||||
enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT
|
||||
} auth_key_tx_state;
|
||||
|
||||
/* Key Receive state machine */
|
||||
enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state;
|
||||
/* variables */
|
||||
Boolean rxKey;
|
||||
|
||||
/* Controlled Directions state machine */
|
||||
enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state;
|
||||
/* variables */
|
||||
ControlledDirection adminControlledDirections;
|
||||
ControlledDirection operControlledDirections;
|
||||
Boolean operEdge;
|
||||
|
||||
/* Authenticator Statistics Table */
|
||||
Counter dot1xAuthEapolFramesRx;
|
||||
Counter dot1xAuthEapolFramesTx;
|
||||
Counter dot1xAuthEapolStartFramesRx;
|
||||
Counter dot1xAuthEapolLogoffFramesRx;
|
||||
Counter dot1xAuthEapolRespIdFramesRx;
|
||||
Counter dot1xAuthEapolRespFramesRx;
|
||||
Counter dot1xAuthEapolReqIdFramesTx;
|
||||
Counter dot1xAuthEapolReqFramesTx;
|
||||
Counter dot1xAuthInvalidEapolFramesRx;
|
||||
Counter dot1xAuthEapLengthErrorFramesRx;
|
||||
Counter dot1xAuthLastEapolFrameVersion;
|
||||
|
||||
/* Other variables - not defined in IEEE 802.1X */
|
||||
u8 addr[ETH_ALEN]; /* Supplicant address */
|
||||
int flags; /* EAPOL_SM_* */
|
||||
|
||||
/* EAPOL/AAA <-> EAP full authenticator interface */
|
||||
struct eap_eapol_interface *eap_if;
|
||||
|
||||
int radius_identifier;
|
||||
/* TODO: check when the last messages can be released */
|
||||
struct radius_msg *last_recv_radius;
|
||||
u8 last_eap_id; /* last used EAP Identifier */
|
||||
u8 *identity;
|
||||
size_t identity_len;
|
||||
u8 eap_type_authsrv; /* EAP type of the last EAP packet from
|
||||
* Authentication server */
|
||||
u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
|
||||
struct radius_class_data radius_class;
|
||||
|
||||
/* Keys for encrypting and signing EAPOL-Key frames */
|
||||
u8 *eapol_key_sign;
|
||||
size_t eapol_key_sign_len;
|
||||
u8 *eapol_key_crypt;
|
||||
size_t eapol_key_crypt_len;
|
||||
|
||||
struct eap_sm *eap;
|
||||
|
||||
Boolean initializing; /* in process of initializing state machines */
|
||||
Boolean changed;
|
||||
|
||||
struct eapol_authenticator *eapol;
|
||||
|
||||
void *sta; /* station context pointer to use in callbacks */
|
||||
};
|
||||
|
||||
#endif /* EAPOL_AUTH_SM_I_H */
|
Loading…
Reference in a new issue