src/eapol_auth/eapol_auth_sm_i.h

   1 /*
   2  * IEEE 802.1X-2004 Authenticator - EAPOL state machine (internal definitions)
   3  * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
   4  *
   5  * This software may be distributed under the terms of the BSD license.
   6  * See README for more details.
   7  */
   8
   9 #ifndef EAPOL_AUTH_SM_I_H
  10 #define EAPOL_AUTH_SM_I_H
  11
  12 #include "common/defs.h"
  13 #include "radius/radius.h"
  14
  15 /* IEEE Std 802.1X-2004, Ch. 8.2 */
  16
  17 typedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 }
  18         PortTypes;
  19 typedef enum { Unauthorized = 2, Authorized = 1 } PortState;
  20 typedef enum { Both = 0, In = 1 } ControlledDirection;
  21 typedef unsigned int Counter;
  22
  23
  24 /**
  25  * struct eapol_authenticator - Global EAPOL authenticator data
  26  */
  27 struct eapol_authenticator {
  28         struct eapol_auth_config conf;
  29         struct eapol_auth_cb cb;
  30
  31         u8 *default_wep_key;
  32         u8 default_wep_key_idx;
  33
  34         u32 acct_multi_session_id_hi;
  35         u32 acct_multi_session_id_lo;
  36 };
  37
  38
  39 /**
  40  * struct eapol_state_machine - Per-Supplicant Authenticator state machines
  41  */
  42 struct eapol_state_machine {
  43         /* timers */
  44         int aWhile;
  45         int quietWhile;
  46         int reAuthWhen;
  47
  48         /* global variables */
  49         Boolean authAbort;
  50         Boolean authFail;
  51         PortState authPortStatus;
  52         Boolean authStart;
  53         Boolean authTimeout;
  54         Boolean authSuccess;
  55         Boolean eapolEap;
  56         Boolean initialize;
  57         Boolean keyDone;
  58         Boolean keyRun;
  59         Boolean keyTxEnabled;
  60         PortTypes portControl;
  61         Boolean portValid;
  62         Boolean reAuthenticate;
  63
  64         /* Port Timers state machine */
  65         /* 'Boolean tick' implicitly handled as registered timeout */
  66
  67         /* Authenticator PAE state machine */
  68         enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING,
  69                AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED,
  70                AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH,
  71                AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state;
  72         /* variables */
  73         Boolean eapolLogoff;
  74         Boolean eapolStart;
  75         PortTypes portMode;
  76         unsigned int reAuthCount;
  77         /* constants */
  78         unsigned int quietPeriod; /* default 60; 0..65535 */
  79 #define AUTH_PAE_DEFAULT_quietPeriod 60
  80         unsigned int reAuthMax; /* default 2 */
  81 #define AUTH_PAE_DEFAULT_reAuthMax 2
  82         /* counters */
  83         Counter authEntersConnecting;
  84         Counter authEapLogoffsWhileConnecting;
  85         Counter authEntersAuthenticating;
  86         Counter authAuthSuccessesWhileAuthenticating;
  87         Counter authAuthTimeoutsWhileAuthenticating;
  88         Counter authAuthFailWhileAuthenticating;
  89         Counter authAuthEapStartsWhileAuthenticating;
  90         Counter authAuthEapLogoffWhileAuthenticating;
  91         Counter authAuthReauthsWhileAuthenticated;
  92         Counter authAuthEapStartsWhileAuthenticated;
  93         Counter authAuthEapLogoffWhileAuthenticated;
  94
  95         /* Backend Authentication state machine */
  96         enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS,
  97                BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE,
  98                BE_AUTH_IGNORE
  99         } be_auth_state;
 100         /* constants */
 101         unsigned int serverTimeout; /* default 30; 1..X */
 102 #define BE_AUTH_DEFAULT_serverTimeout 30
 103         /* counters */
 104         Counter backendResponses;
 105         Counter backendAccessChallenges;
 106         Counter backendOtherRequestsToSupplicant;
 107         Counter backendAuthSuccesses;
 108         Counter backendAuthFails;
 109
 110         /* Reauthentication Timer state machine */
 111         enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE
 112         } reauth_timer_state;
 113         /* constants */
 114         unsigned int reAuthPeriod; /* default 3600 s */
 115         Boolean reAuthEnabled;
 116
 117         /* Authenticator Key Transmit state machine */
 118         enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT
 119         } auth_key_tx_state;
 120
 121         /* Key Receive state machine */
 122         enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state;
 123         /* variables */
 124         Boolean rxKey;
 125
 126         /* Controlled Directions state machine */
 127         enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state;
 128         /* variables */
 129         ControlledDirection adminControlledDirections;
 130         ControlledDirection operControlledDirections;
 131         Boolean operEdge;
 132
 133         /* Authenticator Statistics Table */
 134         Counter dot1xAuthEapolFramesRx;
 135         Counter dot1xAuthEapolFramesTx;
 136         Counter dot1xAuthEapolStartFramesRx;
 137         Counter dot1xAuthEapolLogoffFramesRx;
 138         Counter dot1xAuthEapolRespIdFramesRx;
 139         Counter dot1xAuthEapolRespFramesRx;
 140         Counter dot1xAuthEapolReqIdFramesTx;
 141         Counter dot1xAuthEapolReqFramesTx;
 142         Counter dot1xAuthInvalidEapolFramesRx;
 143         Counter dot1xAuthEapLengthErrorFramesRx;
 144         Counter dot1xAuthLastEapolFrameVersion;
 145
 146         /* Other variables - not defined in IEEE 802.1X */
 147         u8 addr[ETH_ALEN]; /* Supplicant address */
 148         int flags; /* EAPOL_SM_* */
 149
 150         /* EAPOL/AAA <-> EAP full authenticator interface */
 151         struct eap_eapol_interface *eap_if;
 152
 153         int radius_identifier;
 154         /* TODO: check when the last messages can be released */
 155         struct radius_msg *last_recv_radius;
 156         u8 last_eap_id; /* last used EAP Identifier */
 157         u8 *identity;
 158         size_t identity_len;
 159         u8 eap_type_authsrv; /* EAP type of the last EAP packet from
 160                               * Authentication server */
 161         u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
 162         struct radius_class_data radius_class;
 163         struct wpabuf *radius_cui; /* Chargeable-User-Identity */
 164
 165         struct eap_sm *eap;
 166
 167         Boolean initializing; /* in process of initializing state machines */
 168         Boolean changed;
 169
 170         struct eapol_authenticator *eapol;
 171
 172         void *sta; /* station context pointer to use in callbacks */
 173
 174         int remediation;
 175
 176         u32 acct_multi_session_id_hi;
 177         u32 acct_multi_session_id_lo;
 178 };
 179
 180 #endif /* EAPOL_AUTH_SM_I_H */