eap.c File Reference

hostapd / EAP Full Authenticator state machine (RFC 4137) More...

#include "includes.h"
#include "common.h"
#include "eap_i.h"
#include "state_machine.h"
Include dependency graph for eap.c:

Go to the source code of this file.

Defines

#define STATE_MACHINE_DATA   struct eap_sm
#define STATE_MACHINE_DEBUG_PREFIX   "EAP"
#define EAP_MAX_AUTH_ROUNDS   50
#define EAP_COPY(dst, src)   eap_copy_data((dst), (dst ## Len), (src), (src ## Len))

Functions

int eap_user_get (struct eap_sm *sm, const u8 *identity, size_t identity_len, int phase2)
 Fetch user information from the database.
 SM_STATE (EAP, DISABLED)
 SM_STATE (EAP, INITIALIZE)
 SM_STATE (EAP, PICK_UP_METHOD)
 SM_STATE (EAP, IDLE)
 SM_STATE (EAP, RETRANSMIT)
 SM_STATE (EAP, RECEIVED)
 SM_STATE (EAP, DISCARD)
 SM_STATE (EAP, SEND_REQUEST)
 SM_STATE (EAP, INTEGRITY_CHECK)
 SM_STATE (EAP, METHOD_REQUEST)
 SM_STATE (EAP, METHOD_RESPONSE)
 SM_STATE (EAP, PROPOSE_METHOD)
 SM_STATE (EAP, NAK)
 SM_STATE (EAP, SELECT_ACTION)
 SM_STATE (EAP, TIMEOUT_FAILURE)
 SM_STATE (EAP, FAILURE)
 SM_STATE (EAP, SUCCESS)
 SM_STATE (EAP, INITIALIZE_PASSTHROUGH)
 SM_STATE (EAP, IDLE2)
 SM_STATE (EAP, RETRANSMIT2)
 SM_STATE (EAP, RECEIVED2)
 SM_STATE (EAP, DISCARD2)
 SM_STATE (EAP, SEND_REQUEST2)
 SM_STATE (EAP, AAA_REQUEST)
 SM_STATE (EAP, AAA_RESPONSE)
 SM_STATE (EAP, AAA_IDLE)
 SM_STATE (EAP, TIMEOUT_FAILURE2)
 SM_STATE (EAP, FAILURE2)
 SM_STATE (EAP, SUCCESS2)
 SM_STEP (EAP)
void eap_sm_process_nak (struct eap_sm *sm, const u8 *nak_list, size_t len)
 Process EAP-Response/Nak.
int eap_server_sm_step (struct eap_sm *sm)
 Step EAP server state machine.
struct eap_smeap_server_sm_init (void *eapol_ctx, struct eapol_callbacks *eapol_cb, struct eap_config *conf)
 Allocate and initialize EAP server state machine.
void eap_server_sm_deinit (struct eap_sm *sm)
 Deinitialize and free an EAP server state machine.
void eap_sm_notify_cached (struct eap_sm *sm)
 Notify EAP state machine of cached PMK.
void eap_sm_pending_cb (struct eap_sm *sm)
 EAP state machine callback for a pending EAP request.
int eap_sm_method_pending (struct eap_sm *sm)
 Query whether EAP method is waiting for pending data.
const u8 * eap_get_identity (struct eap_sm *sm, size_t *len)
 Get the user identity (from EAP-Response/Identity).
struct eap_eapol_interfaceeap_get_interface (struct eap_sm *sm)
 Get pointer to EAP-EAPOL interface data.

Detailed Description

hostapd / EAP Full Authenticator state machine (RFC 4137)

Copyright
Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation.

Alternatively, this software may be distributed under the terms of BSD license.

See README and COPYING for more details.

This state machine is based on the full authenticator state machine defined in RFC 4137. However, to support backend authentication in RADIUS authentication server functionality, parts of backend authenticator (also from RFC 4137) are mixed in. This functionality is enabled by setting backend_auth configuration variable to TRUE.

Definition in file eap.c.

Function Documentation

const u8* eap_get_identity ( struct eap_sm sm,
size_t *  len 
)

Get the user identity (from EAP-Response/Identity).

Parameters:
sm Pointer to EAP state machine allocated with eap_server_sm_init()
len Buffer for returning identity length
Returns:
Pointer to the user identity or NULL if not available

Definition at line 1342 of file eap.c.

struct eap_eapol_interface* eap_get_interface ( struct eap_sm sm  )  [read]

Get pointer to EAP-EAPOL interface data.

Parameters:
sm Pointer to EAP state machine allocated with eap_server_sm_init()
Returns:
Pointer to the EAP-EAPOL interface data

Definition at line 1355 of file eap.c.

void eap_server_sm_deinit ( struct eap_sm sm  ) 

Deinitialize and free an EAP server state machine.

Parameters:
sm Pointer to EAP state machine allocated with eap_server_sm_init()

This function deinitializes EAP state machine and frees all allocated resources.

Definition at line 1263 of file eap.c.

Here is the call graph for this function:

struct eap_sm* eap_server_sm_init ( void *  eapol_ctx,
struct eapol_callbacks eapol_cb,
struct eap_config conf 
) [read]

Allocate and initialize EAP server state machine.

Parameters:
eapol_ctx Context data to be used with eapol_cb calls
eapol_cb Pointer to EAPOL callback functions
conf EAP configuration
Returns:
Pointer to the allocated EAP state machine or NULL on failure

This function allocates and initializes an EAP state machine.

Definition at line 1205 of file eap.c.

Here is the call graph for this function:

int eap_server_sm_step ( struct eap_sm sm  ) 

Step EAP server state machine.

Parameters:
sm Pointer to EAP state machine allocated with eap_server_sm_init()
Returns:
1 if EAP state was changed or 0 if not

This function advances EAP state machine to a new state to match with the current variables. This should be called whenever variables used by the EAP state machine have changed.

Definition at line 1172 of file eap.c.

int eap_sm_method_pending ( struct eap_sm sm  ) 

Query whether EAP method is waiting for pending data.

Parameters:
sm Pointer to EAP state machine allocated with eap_server_sm_init()
Returns:
1 if method is waiting for pending data or 0 if not

Definition at line 1327 of file eap.c.

void eap_sm_notify_cached ( struct eap_sm sm  ) 

Notify EAP state machine of cached PMK.

Parameters:
sm Pointer to EAP state machine allocated with eap_server_sm_init()

This function is called when PMKSA caching is used to skip EAP authentication.

Definition at line 1295 of file eap.c.

void eap_sm_pending_cb ( struct eap_sm sm  ) 

EAP state machine callback for a pending EAP request.

Parameters:
sm Pointer to EAP state machine allocated with eap_server_sm_init()

This function is called when data for a pending EAP-Request is received.

Definition at line 1311 of file eap.c.

Here is the call graph for this function:

void eap_sm_process_nak ( struct eap_sm sm,
const u8 *  nak_list,
size_t  len 
)

Process EAP-Response/Nak.

Parameters:
sm Pointer to EAP state machine allocated with eap_server_sm_init()
nak_list Nak list (allowed methods) from the supplicant
len Length of nak_list in bytes

This function is called when EAP-Response/Nak is received from the supplicant. This can happen for both phase 1 and phase 2 authentications.

Definition at line 981 of file eap.c.

Here is the call graph for this function:

int eap_user_get ( struct eap_sm sm,
const u8 *  identity,
size_t  identity_len,
int  phase2 
)

Fetch user information from the database.

Parameters:
sm Pointer to EAP state machine allocated with eap_server_sm_init()
identity Identity (User-Name) of the user
identity_len Length of identity in bytes
phase2 0 = EAP phase1 user, 1 = EAP phase2 (tunneled) user
Returns:
0 on success, or -1 on failure

This function is used to fetch user information for EAP. The user will be selected based on the specified identity. sm->user and sm->user_eap_method_index are updated for the new user when a matching user is found. sm->user can be used to get user information (e.g., password).

Definition at line 100 of file eap.c.

Here is the call graph for this function:

 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Defines
Generated on Sat Nov 21 23:21:17 2009 for hostapd by  doxygen 1.6.1