eap.c File Reference

hostapd / EAP Standalone Authenticator state machine (RFC 4137) More...

#include "includes.h"
#include "hostapd.h"
#include "sta_info.h"
#include "eap_i.h"
#include "state_machine.h"

Include dependency graph for eap.c:

Go to the source code of this file.

Defines

#define STATE_MACHINE_DATA   struct eap_sm
#define STATE_MACHINE_DEBUG_PREFIX   "EAP"
#define EAP_MAX_AUTH_ROUNDS   50

Functions

int eap_user_get (struct eap_sm *sm, const u8 *identity, size_t identity_len, int phase2)
 Fetch user information from the database.
 SM_STATE (EAP, DISABLED)
 SM_STATE (EAP, INITIALIZE)
 SM_STATE (EAP, PICK_UP_METHOD)
 SM_STATE (EAP, IDLE)
 SM_STATE (EAP, RETRANSMIT)
 SM_STATE (EAP, RECEIVED)
 SM_STATE (EAP, DISCARD)
 SM_STATE (EAP, SEND_REQUEST)
 SM_STATE (EAP, INTEGRITY_CHECK)
 SM_STATE (EAP, METHOD_REQUEST)
 SM_STATE (EAP, METHOD_RESPONSE)
 SM_STATE (EAP, PROPOSE_METHOD)
 SM_STATE (EAP, NAK)
 SM_STATE (EAP, SELECT_ACTION)
 SM_STATE (EAP, TIMEOUT_FAILURE)
 SM_STATE (EAP, FAILURE)
 SM_STATE (EAP, SUCCESS)
 SM_STEP (EAP)
void eap_sm_process_nak (struct eap_sm *sm, u8 *nak_list, size_t len)
 Process EAP-Response/Nak.
int eap_sm_step (struct eap_sm *sm)
 Step EAP state machine.
void eap_set_eapRespData (struct eap_sm *sm, const u8 *eapRespData, size_t eapRespDataLen)
 Set EAP response (eapRespData).
eap_smeap_sm_init (void *eapol_ctx, struct eapol_callbacks *eapol_cb, struct eap_config *conf)
 Allocate and initialize EAP state machine.
void eap_sm_deinit (struct eap_sm *sm)
 Deinitialize and free an EAP state machine.
void eap_sm_notify_cached (struct eap_sm *sm)
 Notify EAP state machine of cached PMK.
void eap_sm_pending_cb (struct eap_sm *sm)
 EAP state machine callback for a pending EAP request.
int eap_sm_method_pending (struct eap_sm *sm)
 Query whether EAP method is waiting for pending data.
const u8 * eap_hdr_validate (int vendor, EapType eap_type, const u8 *msg, size_t msglen, size_t *plen)
 Validate EAP header.
eap_hdr * eap_msg_alloc (int vendor, EapType type, size_t *len, size_t payload_len, u8 code, u8 identifier, u8 **payload)
 Allocate a buffer for an EAP message.


Detailed Description

hostapd / EAP Standalone Authenticator state machine (RFC 4137)

Copyright
Copyright (c) 2004-2006, Jouni Malinen <[email protected]>
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation.

Alternatively, this software may be distributed under the terms of BSD license.

See README and COPYING for more details.

Definition in file eap.c.


Function Documentation

const u8* eap_hdr_validate int  vendor,
EapType  eap_type,
const u8 *  msg,
size_t  msglen,
size_t *  plen
 

Validate EAP header.

Parameters:
vendor Expected EAP Vendor-Id (0 = IETF)
eap_type Expected EAP type number
msg EAP frame (starting with EAP header)
msglen Length of msg
plen Pointer to variable to contain the returned payload length
Returns:
Pointer to EAP payload (after type field), or NULL on failure
This is a helper function for EAP method implementations. This is usually called in the beginning of struct eap_method::process() function to verify that the received EAP request packet has a valid header. This function is able to process both legacy and expanded EAP headers and in most cases, the caller can just use the returned payload pointer (into *plen) for processing the payload regardless of whether the packet used the expanded EAP header or not.

Definition at line 1048 of file eap.c.

Here is the call graph for this function:

struct eap_hdr* eap_msg_alloc int  vendor,
EapType  type,
size_t *  len,
size_t  payload_len,
u8  code,
u8  identifier,
u8 **  payload
 

Allocate a buffer for an EAP message.

Parameters:
vendor Vendor-Id (0 = IETF)
type EAP type
len Buffer for returning message length
payload_len Payload length in bytes (data after Type)
code Message Code (EAP_CODE_*)
identifier Identifier
payload Pointer to payload pointer that will be set to point to the beginning of the payload or NULL if payload pointer is not needed
Returns:
Pointer to the allocated message buffer or NULL on error
This function can be used to allocate a buffer for an EAP message and fill in the EAP header. This function is automatically using expanded EAP header if the selected Vendor-Id is not IETF. In other words, most EAP methods do not need to separately select which header type to use when using this function to allocate the message buffers.

Definition at line 1121 of file eap.c.

void eap_set_eapRespData struct eap_sm sm,
const u8 *  eapRespData,
size_t  eapRespDataLen
 

Set EAP response (eapRespData).

Parameters:
sm Pointer to EAP state machine allocated with eap_sm_init()
eapRespData EAP-Response payload from the supplicant
eapRespDataLen Length of eapRespData in bytes
This function is called when an EAP-Response is received from a supplicant.

Definition at line 900 of file eap.c.

Here is the call graph for this function:

void eap_sm_deinit struct eap_sm sm  ) 
 

Deinitialize and free an EAP state machine.

Parameters:
sm Pointer to EAP state machine allocated with eap_sm_init()
This function deinitializes EAP state machine and frees all allocated resources.

Definition at line 965 of file eap.c.

Here is the call graph for this function:

struct eap_sm* eap_sm_init void *  eapol_ctx,
struct eapol_callbacks *  eapol_cb,
struct eap_config *  conf
 

Allocate and initialize EAP state machine.

Parameters:
eapol_ctx Context data to be used with eapol_cb calls
eapol_cb Pointer to EAPOL callback functions
conf EAP configuration
Returns:
Pointer to the allocated EAP state machine or NULL on failure
This function allocates and initializes an EAP state machine.

Definition at line 936 of file eap.c.

Here is the call graph for this function:

int eap_sm_method_pending struct eap_sm sm  ) 
 

Query whether EAP method is waiting for pending data.

Parameters:
sm Pointer to EAP state machine allocated with eap_sm_init()
Returns:
1 if method is waiting for pending data or 0 if not

Definition at line 1022 of file eap.c.

void eap_sm_notify_cached struct eap_sm sm  ) 
 

Notify EAP state machine of cached PMK.

Parameters:
sm Pointer to EAP state machine allocated with eap_sm_init()
This function is called when PMKSA caching is used to skip EAP authentication.

Definition at line 990 of file eap.c.

void eap_sm_pending_cb struct eap_sm sm  ) 
 

EAP state machine callback for a pending EAP request.

Parameters:
sm Pointer to EAP state machine allocated with eap_sm_init()
This function is called when data for a pending EAP-Request is received.

Definition at line 1006 of file eap.c.

Here is the call graph for this function:

void eap_sm_process_nak struct eap_sm sm,
u8 *  nak_list,
size_t  len
 

Process EAP-Response/Nak.

Parameters:
sm Pointer to EAP state machine allocated with eap_sm_init()
nak_list Nak list (allowed methods) from the supplicant
len Length of nak_list in bytes
This function is called when EAP-Response/Nak is received from the supplicant. This can happen for both phase 1 and phase 2 authentications.

Definition at line 714 of file eap.c.

Here is the call graph for this function:

int eap_sm_step struct eap_sm sm  ) 
 

Step EAP state machine.

Parameters:
sm Pointer to EAP state machine allocated with eap_sm_init()
Returns:
1 if EAP state was changed or 0 if not
This function advances EAP state machine to a new state to match with the current variables. This should be called whenever variables used by the EAP state machine have changed.

Definition at line 878 of file eap.c.

int eap_user_get struct eap_sm sm,
const u8 *  identity,
size_t  identity_len,
int  phase2
 

Fetch user information from the database.

Parameters:
sm Pointer to EAP state machine allocated with eap_sm_init()
identity Identity (User-Name) of the user
identity_len Length of identity in bytes
phase2 0 = EAP phase1 user, 1 = EAP phase2 (tunneled) user
Returns:
0 on success, or -1 on failure
This function is used to fetch user information for EAP. The user will be selected based on the specified identity. sm->user and sm->user_eap_method_index are updated for the new user when a matching user is found. sm->user can be used to get user information (e.g., password).

Definition at line 91 of file eap.c.


Generated on Sun Dec 31 13:44:04 2006 for hostapd by  doxygen 1.4.2