eap.c File Reference

hostapd / EAP Standalone Authenticator state machine (RFC 4137) More...

#include "includes.h"
#include "hostapd.h"
#include "sta_info.h"
#include "eap_i.h"
#include "state_machine.h"

Include dependency graph for eap.c:

Go to the source code of this file.

Defines
#define	STATE_MACHINE_DATA   struct eap_sm
#define	STATE_MACHINE_DEBUG_PREFIX   "EAP"
#define	EAP_MAX_AUTH_ROUNDS   50
Functions
int	eap_user_get (struct eap_sm *sm, const u8 *identity, size_t identity_len, int phase2)
	Fetch user information from the database.
	SM_STATE (EAP, DISABLED)
	SM_STATE (EAP, INITIALIZE)
	SM_STATE (EAP, PICK_UP_METHOD)
	SM_STATE (EAP, IDLE)
	SM_STATE (EAP, RETRANSMIT)
	SM_STATE (EAP, RECEIVED)
	SM_STATE (EAP, DISCARD)
	SM_STATE (EAP, SEND_REQUEST)
	SM_STATE (EAP, INTEGRITY_CHECK)
	SM_STATE (EAP, METHOD_REQUEST)
	SM_STATE (EAP, METHOD_RESPONSE)
	SM_STATE (EAP, PROPOSE_METHOD)
	SM_STATE (EAP, NAK)
	SM_STATE (EAP, SELECT_ACTION)
	SM_STATE (EAP, TIMEOUT_FAILURE)
	SM_STATE (EAP, FAILURE)
	SM_STATE (EAP, SUCCESS)
	SM_STEP (EAP)
void	eap_sm_process_nak (struct eap_sm *sm, u8 *nak_list, size_t len)
	Process EAP-Response/Nak.
int	eap_sm_step (struct eap_sm *sm)
	Step EAP state machine.
void	eap_set_eapRespData (struct eap_sm *sm, const u8 *eapRespData, size_t eapRespDataLen)
	Set EAP response (eapRespData).
eap_sm *	eap_sm_init (void *eapol_ctx, struct eapol_callbacks *eapol_cb, struct eap_config *conf)
	Allocate and initialize EAP state machine.
void	eap_sm_deinit (struct eap_sm *sm)
	Deinitialize and free an EAP state machine.
void	eap_sm_notify_cached (struct eap_sm *sm)
	Notify EAP state machine of cached PMK.
void	eap_sm_pending_cb (struct eap_sm *sm)
	EAP state machine callback for a pending EAP request.
int	eap_sm_method_pending (struct eap_sm *sm)
	Query whether EAP method is waiting for pending data.
const u8 *	eap_hdr_validate (int vendor, EapType eap_type, const u8 *msg, size_t msglen, size_t *plen)
	Validate EAP header.
eap_hdr *	eap_msg_alloc (int vendor, EapType type, size_t *len, size_t payload_len, u8 code, u8 identifier, u8 **payload)
	Allocate a buffer for an EAP message.

---

Detailed Description

hostapd / EAP Standalone Authenticator state machine (RFC 4137)

Copyright

Copyright (c) 2004-2006, Jouni Malinen <[email protected]>

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation.

Alternatively, this software may be distributed under the terms of BSD license.

See README and COPYING for more details.

Definition in file eap.c.

---

Function Documentation

const u8* eap_hdr_validate (  int  vendor, EapType  eap_type, const u8 *  msg, size_t  msglen, size_t *  plen )

Validate EAP header. Parameters: vendor  Expected EAP Vendor-Id (0 = IETF) eap_type  Expected EAP type number msg  EAP frame (starting with EAP header) msglen  Length of msg plen  Pointer to variable to contain the returned payload length Returns: Pointer to EAP payload (after type field), or NULL on failure This is a helper function for EAP method implementations. This is usually called in the beginning of struct eap_method::process() function to verify that the received EAP request packet has a valid header. This function is able to process both legacy and expanded EAP headers and in most cases, the caller can just use the returned payload pointer (into *plen) for processing the payload regardless of whether the packet used the expanded EAP header or not. Definition at line 1048 of file eap.c. Here is the call graph for this function:

struct eap_hdr* eap_msg_alloc (  int  vendor, EapType  type, size_t *  len, size_t  payload_len, u8  code, u8  identifier, u8 **  payload )

Allocate a buffer for an EAP message. Parameters: vendor  Vendor-Id (0 = IETF) type  EAP type len  Buffer for returning message length payload_len  Payload length in bytes (data after Type) code  Message Code (EAP_CODE_*) identifier  Identifier payload  Pointer to payload pointer that will be set to point to the beginning of the payload or NULL if payload pointer is not needed Returns: Pointer to the allocated message buffer or NULL on error This function can be used to allocate a buffer for an EAP message and fill in the EAP header. This function is automatically using expanded EAP header if the selected Vendor-Id is not IETF. In other words, most EAP methods do not need to separately select which header type to use when using this function to allocate the message buffers. Definition at line 1121 of file eap.c.

void eap_set_eapRespData (  struct eap_sm *  sm, const u8 *  eapRespData, size_t  eapRespDataLen )

Set EAP response (eapRespData). Parameters: sm  Pointer to EAP state machine allocated with eap_sm_init() eapRespData  EAP-Response payload from the supplicant eapRespDataLen  Length of eapRespData in bytes This function is called when an EAP-Response is received from a supplicant. Definition at line 900 of file eap.c. Here is the call graph for this function:

void eap_sm_deinit (  struct eap_sm *  sm  )

Deinitialize and free an EAP state machine. Parameters: sm  Pointer to EAP state machine allocated with eap_sm_init() This function deinitializes EAP state machine and frees all allocated resources. Definition at line 965 of file eap.c. Here is the call graph for this function:

struct eap_sm* eap_sm_init (  void *  eapol_ctx, struct eapol_callbacks *  eapol_cb, struct eap_config *  conf )

Allocate and initialize EAP state machine. Parameters: eapol_ctx  Context data to be used with eapol_cb calls eapol_cb  Pointer to EAPOL callback functions conf  EAP configuration Returns: Pointer to the allocated EAP state machine or NULL on failure This function allocates and initializes an EAP state machine. Definition at line 936 of file eap.c. Here is the call graph for this function:

int eap_sm_method_pending (  struct eap_sm *  sm  )

Query whether EAP method is waiting for pending data. Parameters: sm  Pointer to EAP state machine allocated with eap_sm_init() Returns: 1 if method is waiting for pending data or 0 if not Definition at line 1022 of file eap.c.

void eap_sm_notify_cached (  struct eap_sm *  sm  )

Notify EAP state machine of cached PMK. Parameters: sm  Pointer to EAP state machine allocated with eap_sm_init() This function is called when PMKSA caching is used to skip EAP authentication. Definition at line 990 of file eap.c.

void eap_sm_pending_cb (  struct eap_sm *  sm  )

EAP state machine callback for a pending EAP request. Parameters: sm  Pointer to EAP state machine allocated with eap_sm_init() This function is called when data for a pending EAP-Request is received. Definition at line 1006 of file eap.c. Here is the call graph for this function:

void eap_sm_process_nak (  struct eap_sm *  sm, u8 *  nak_list, size_t  len )

Process EAP-Response/Nak. Parameters: sm  Pointer to EAP state machine allocated with eap_sm_init() nak_list  Nak list (allowed methods) from the supplicant len  Length of nak_list in bytes This function is called when EAP-Response/Nak is received from the supplicant. This can happen for both phase 1 and phase 2 authentications. Definition at line 714 of file eap.c. Here is the call graph for this function:

int eap_sm_step (  struct eap_sm *  sm  )

Step EAP state machine. Parameters: sm  Pointer to EAP state machine allocated with eap_sm_init() Returns: 1 if EAP state was changed or 0 if not This function advances EAP state machine to a new state to match with the current variables. This should be called whenever variables used by the EAP state machine have changed. Definition at line 878 of file eap.c.

int eap_user_get (  struct eap_sm *  sm, const u8 *  identity, size_t  identity_len, int  phase2 )

Fetch user information from the database. Parameters: sm  Pointer to EAP state machine allocated with eap_sm_init() identity  Identity (User-Name) of the user identity_len  Length of identity in bytes phase2  0 = EAP phase1 user, 1 = EAP phase2 (tunneled) user Returns: 0 on success, or -1 on failure This function is used to fetch user information for EAP. The user will be selected based on the specified identity. sm->user and sm->user_eap_method_index are updated for the new user when a matching user is found. sm->user can be used to get user information (e.g., password). Definition at line 91 of file eap.c.

---