wpa_supplicant / hostapd  2.5
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
Macros | Functions
eap_server.c File Reference

hostapd / EAP Full Authenticator state machine (RFC 4137) More...

#include "includes.h"
#include "common.h"
#include "crypto/sha256.h"
#include "eap_i.h"
#include "state_machine.h"
#include "common/wpa_ctrl.h"

Macros

#define STATE_MACHINE_DATA   struct eap_sm
 
#define STATE_MACHINE_DEBUG_PREFIX   "EAP"
 
#define EAP_MAX_AUTH_ROUNDS   50
 
#define EAP_COPY(dst, src)   eap_copy_data((dst), (dst ## Len), (src), (src ## Len))
 

Functions

int eap_user_get (struct eap_sm *sm, const u8 *identity, size_t identity_len, int phase2)
 Fetch user information from the database. More...
 
void eap_log_msg (struct eap_sm *sm, const char *fmt,...)
 
 SM_STATE (EAP, DISABLED)
 
 SM_STATE (EAP, INITIALIZE)
 
 SM_STATE (EAP, PICK_UP_METHOD)
 
 SM_STATE (EAP, IDLE)
 
 SM_STATE (EAP, RETRANSMIT)
 
 SM_STATE (EAP, RECEIVED)
 
 SM_STATE (EAP, DISCARD)
 
 SM_STATE (EAP, SEND_REQUEST)
 
 SM_STATE (EAP, INTEGRITY_CHECK)
 
 SM_STATE (EAP, METHOD_REQUEST)
 
 SM_STATE (EAP, METHOD_RESPONSE)
 
 SM_STATE (EAP, PROPOSE_METHOD)
 
 SM_STATE (EAP, NAK)
 
 SM_STATE (EAP, SELECT_ACTION)
 
 SM_STATE (EAP, TIMEOUT_FAILURE)
 
 SM_STATE (EAP, FAILURE)
 
 SM_STATE (EAP, SUCCESS)
 
 SM_STATE (EAP, INITIATE_REAUTH_START)
 
 SM_STATE (EAP, INITIALIZE_PASSTHROUGH)
 
 SM_STATE (EAP, IDLE2)
 
 SM_STATE (EAP, RETRANSMIT2)
 
 SM_STATE (EAP, RECEIVED2)
 
 SM_STATE (EAP, DISCARD2)
 
 SM_STATE (EAP, SEND_REQUEST2)
 
 SM_STATE (EAP, AAA_REQUEST)
 
 SM_STATE (EAP, AAA_RESPONSE)
 
 SM_STATE (EAP, AAA_IDLE)
 
 SM_STATE (EAP, TIMEOUT_FAILURE2)
 
 SM_STATE (EAP, FAILURE2)
 
 SM_STATE (EAP, SUCCESS2)
 
 SM_STEP (EAP)
 
void eap_sm_process_nak (struct eap_sm *sm, const u8 *nak_list, size_t len)
 Process EAP-Response/Nak. More...
 
int eap_server_sm_step (struct eap_sm *sm)
 Step EAP server state machine. More...
 
struct eap_smeap_server_sm_init (void *eapol_ctx, const struct eapol_callbacks *eapol_cb, struct eap_config *conf)
 Allocate and initialize EAP server state machine. More...
 
void eap_server_sm_deinit (struct eap_sm *sm)
 Deinitialize and free an EAP server state machine. More...
 
void eap_sm_notify_cached (struct eap_sm *sm)
 Notify EAP state machine of cached PMK. More...
 
void eap_sm_pending_cb (struct eap_sm *sm)
 EAP state machine callback for a pending EAP request. More...
 
int eap_sm_method_pending (struct eap_sm *sm)
 Query whether EAP method is waiting for pending data. More...
 
const u8 * eap_get_identity (struct eap_sm *sm, size_t *len)
 Get the user identity (from EAP-Response/Identity) More...
 
struct eap_eapol_interfaceeap_get_interface (struct eap_sm *sm)
 Get pointer to EAP-EAPOL interface data. More...
 
void eap_server_clear_identity (struct eap_sm *sm)
 Clear EAP identity information. More...
 

Detailed Description

hostapd / EAP Full Authenticator state machine (RFC 4137)

This state machine is based on the full authenticator state machine defined in RFC 4137. However, to support backend authentication in RADIUS authentication server functionality, parts of backend authenticator (also from RFC 4137) are mixed in. This functionality is enabled by setting backend_auth configuration variable to TRUE.

Function Documentation

const u8* eap_get_identity ( struct eap_sm sm,
size_t *  len 
)

Get the user identity (from EAP-Response/Identity)

Parameters
smPointer to EAP state machine allocated with eap_server_sm_init()
lenBuffer for returning identity length
Returns
Pointer to the user identity or NULL if not available
struct eap_eapol_interface* eap_get_interface ( struct eap_sm sm)

Get pointer to EAP-EAPOL interface data.

Parameters
smPointer to EAP state machine allocated with eap_server_sm_init()
Returns
Pointer to the EAP-EAPOL interface data
void eap_server_clear_identity ( struct eap_sm sm)

Clear EAP identity information.

Parameters
smPointer to EAP state machine allocated with eap_server_sm_init()

This function can be used to clear the EAP identity information in the EAP server context. This allows the EAP/Identity method to be used again after EAPOL-Start or EAPOL-Logoff.

void eap_server_sm_deinit ( struct eap_sm sm)

Deinitialize and free an EAP server state machine.

Parameters
smPointer to EAP state machine allocated with eap_server_sm_init()

This function deinitializes EAP state machine and frees all allocated resources.

struct eap_sm* eap_server_sm_init ( void *  eapol_ctx,
const struct eapol_callbacks eapol_cb,
struct eap_config conf 
)

Allocate and initialize EAP server state machine.

Parameters
eapol_ctxContext data to be used with eapol_cb calls
eapol_cbPointer to EAPOL callback functions
confEAP configuration
Returns
Pointer to the allocated EAP state machine or NULL on failure

This function allocates and initializes an EAP state machine.

int eap_server_sm_step ( struct eap_sm sm)

Step EAP server state machine.

Parameters
smPointer to EAP state machine allocated with eap_server_sm_init()
Returns
1 if EAP state was changed or 0 if not

This function advances EAP state machine to a new state to match with the current variables. This should be called whenever variables used by the EAP state machine have changed.

int eap_sm_method_pending ( struct eap_sm sm)

Query whether EAP method is waiting for pending data.

Parameters
smPointer to EAP state machine allocated with eap_server_sm_init()
Returns
1 if method is waiting for pending data or 0 if not
void eap_sm_notify_cached ( struct eap_sm sm)

Notify EAP state machine of cached PMK.

Parameters
smPointer to EAP state machine allocated with eap_server_sm_init()

This function is called when PMKSA caching is used to skip EAP authentication.

void eap_sm_pending_cb ( struct eap_sm sm)

EAP state machine callback for a pending EAP request.

Parameters
smPointer to EAP state machine allocated with eap_server_sm_init()

This function is called when data for a pending EAP-Request is received.

void eap_sm_process_nak ( struct eap_sm sm,
const u8 *  nak_list,
size_t  len 
)

Process EAP-Response/Nak.

Parameters
smPointer to EAP state machine allocated with eap_server_sm_init()
nak_listNak list (allowed methods) from the supplicant
lenLength of nak_list in bytes

This function is called when EAP-Response/Nak is received from the supplicant. This can happen for both phase 1 and phase 2 authentications.

int eap_user_get ( struct eap_sm sm,
const u8 *  identity,
size_t  identity_len,
int  phase2 
)

Fetch user information from the database.

Parameters
smPointer to EAP state machine allocated with eap_server_sm_init()
identityIdentity (User-Name) of the user
identity_lenLength of identity in bytes
phase20 = EAP phase1 user, 1 = EAP phase2 (tunneled) user
Returns
0 on success, or -1 on failure

This function is used to fetch user information for EAP. The user will be selected based on the specified identity. sm->user and sm->user_eap_method_index are updated for the new user when a matching user is found. sm->user can be used to get user information (e.g., password).

Generated on Sun Sep 27 2015 22:08:08 for wpa_supplicant / hostapd by   doxygen 1.8.6