iPXE
Functions | Variables
eap.c File Reference

Extensible Authentication Protocol. More...

#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <byteswap.h>
#include <ipxe/netdevice.h>
#include <ipxe/eap.h>

Go to the source code of this file.

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 
int eap_tx_response (struct eap_supplicant *supplicant, const void *rsp, size_t rsp_len)
 Transmit EAP response. More...
 
static int eap_tx_nak (struct eap_supplicant *supplicant)
 Transmit EAP NAK. More...
 
static int eap_rx_identity (struct eap_supplicant *supplicant, const void *req, size_t req_len)
 Handle EAP Request-Identity. More...
 
static int eap_rx_request (struct eap_supplicant *supplicant, const struct eap_message *msg, size_t len)
 Handle EAP Request. More...
 
static int eap_rx_success (struct eap_supplicant *supplicant)
 Handle EAP Success. More...
 
static int eap_rx_failure (struct eap_supplicant *supplicant)
 Handle EAP Failure. More...
 
int eap_rx (struct eap_supplicant *supplicant, const void *data, size_t len)
 Handle EAP packet. More...
 
 REQUIRING_SYMBOL (eap_rx)
 
 REQUIRE_OBJECT (config_eap)
 

Variables

struct eap_method eap_identity_method __eap_method
 EAP Request-Identity method. More...
 

Detailed Description

Extensible Authentication Protocol.

Definition in file eap.c.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )

◆ eap_tx_response()

int eap_tx_response ( struct eap_supplicant supplicant,
const void *  rsp,
size_t  rsp_len 
)

Transmit EAP response.

Parameters
supplicantEAP supplicant
rspResponse type data
rsp_lenLength of response type data
Return values
rcReturn status code

Definition at line 47 of file eap.c.

48  {
49  struct net_device *netdev = supplicant->netdev;
50  struct eap_message *msg;
51  size_t len;
52  int rc;
53 
54  /* Allocate and populate response */
55  len = ( sizeof ( *msg ) + rsp_len );
56  msg = malloc ( len );
57  if ( ! msg ) {
58  rc = -ENOMEM;
59  goto err_alloc;
60  }
61  msg->hdr.code = EAP_CODE_RESPONSE;
62  msg->hdr.id = supplicant->id;
63  msg->hdr.len = htons ( len );
64  msg->type = supplicant->type;
65  memcpy ( msg->data, rsp, rsp_len );
66  DBGC ( netdev, "EAP %s Response id %#02x type %d\n",
67  netdev->name, msg->hdr.id, msg->type );
68 
69  /* Transmit response */
70  if ( ( rc = supplicant->tx ( supplicant, msg, len ) ) != 0 ) {
71  DBGC ( netdev, "EAP %s could not transmit: %s\n",
72  netdev->name, strerror ( rc ) );
73  goto err_tx;
74  }
75 
76  err_tx:
77  free ( msg );
78  err_alloc:
79  return rc;
80 }
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
msg
void msg(unsigned int row, const char *fmt,...)
Print message centred on specified row.
Definition: message.c:61
DBGC
#define DBGC(...)
Definition: compiler.h:505
eap_message
EAP request/response message.
Definition: eap.h:34
eap_supplicant::id
uint8_t id
ID for current request/response.
Definition: eap.h:144
EAP_CODE_RESPONSE
#define EAP_CODE_RESPONSE
EAP response.
Definition: eap.h:31
ENOMEM
#define ENOMEM
Not enough space.
Definition: errno.h:534
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
len
ring len
Length.
Definition: dwmac.h:231
netdev
static struct net_device * netdev
Definition: gdbudp.c:52
rsp
uint64_t rsp
Definition: librm.h:153
strerror
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
free
static void(* free)(struct refcnt *refcnt))
Definition: refcnt.h:54
net_device
A network device.
Definition: netdevice.h:352
malloc
void * malloc(size_t size)
Allocate memory.
Definition: malloc.c:620
net_device::name
char name[NETDEV_NAME_LEN]
Name of this network device.
Definition: netdevice.h:362
eap_supplicant::tx
int(* tx)(struct eap_supplicant *supplicant, const void *data, size_t len)
Transmit EAP response.
Definition: eap.h:155
eap_supplicant::type
uint8_t type
Type for current request/response.
Definition: eap.h:146
eap_supplicant::netdev
struct net_device * netdev
Network device.
Definition: eap.h:140
htons
#define htons(value)
Definition: byteswap.h:135

References DBGC, EAP_CODE_RESPONSE, ENOMEM, free, htons, eap_supplicant::id, len, malloc(), memcpy(), msg(), net_device::name, netdev, eap_supplicant::netdev, rc, rsp, strerror(), eap_supplicant::tx, and eap_supplicant::type.

Referenced by eap_rx_identity(), eap_rx_md5(), eap_rx_mschapv2_request(), eap_rx_mschapv2_success(), and eap_tx_nak().

◆ eap_tx_nak()

static int eap_tx_nak ( struct eap_supplicant supplicant)
static

Transmit EAP NAK.

Parameters
supplicantEAP supplicant
Return values
rcReturn status code

Definition at line 88 of file eap.c.

88  {
89  struct net_device *netdev = supplicant->netdev;
90  unsigned int max = table_num_entries ( EAP_METHODS );
91  uint8_t methods[ max + 1 /* potential EAP_TYPE_NONE */ ];
92  unsigned int count = 0;
93  struct eap_method *method;
94 
95  /* Populate methods list */
96  DBGC ( netdev, "EAP %s Nak offering types {", netdev->name );
97  for_each_table_entry ( method, EAP_METHODS ) {
98  if ( method->type > EAP_TYPE_NAK ) {
99  DBGC ( netdev, "%s%d",
100  ( count ? ", " : "" ), method->type );
101  methods[count++] = method->type;
102  }
103  }
104  if ( ! count )
105  methods[count++] = EAP_TYPE_NONE;
106  DBGC ( netdev, "}\n" );
107  assert ( count <= max );
108 
109  /* Transmit response */
110  supplicant->type = EAP_TYPE_NAK;
111  return eap_tx_response ( supplicant, methods, count );
112 }
EAP_TYPE_NONE
#define EAP_TYPE_NONE
EAP "no available types" marker.
Definition: eap.h:44
max
#define max(x, y)
Definition: ath.h:40
DBGC
#define DBGC(...)
Definition: compiler.h:505
EAP_METHODS
#define EAP_METHODS
EAP method table.
Definition: eap.h:193
method
uint8_t method
Definition: ib_mad.h:14
eap_tx_response
int eap_tx_response(struct eap_supplicant *supplicant, const void *rsp, size_t rsp_len)
Transmit EAP response.
Definition: eap.c:47
assert
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
netdev
static struct net_device * netdev
Definition: gdbudp.c:52
count
static unsigned int count
Number of entries.
Definition: dwmac.h:225
for_each_table_entry
#define for_each_table_entry(pointer, table)
Iterate through all entries within a linker table.
Definition: tables.h:385
net_device
A network device.
Definition: netdevice.h:352
uint8_t
unsigned char uint8_t
Definition: stdint.h:10
EAP_TYPE_NAK
#define EAP_TYPE_NAK
EAP NAK.
Definition: eap.h:50
net_device::name
char name[NETDEV_NAME_LEN]
Name of this network device.
Definition: netdevice.h:362
eap_supplicant::type
uint8_t type
Type for current request/response.
Definition: eap.h:146
eap_supplicant::netdev
struct net_device * netdev
Network device.
Definition: eap.h:140
table_num_entries
#define table_num_entries(table)
Get number of entries in linker table.
Definition: tables.h:335
eap_method
An EAP method.
Definition: eap.h:177

References assert(), count, DBGC, EAP_METHODS, eap_tx_response(), EAP_TYPE_NAK, EAP_TYPE_NONE, for_each_table_entry, max, method, net_device::name, netdev, eap_supplicant::netdev, table_num_entries, and eap_supplicant::type.

Referenced by eap_rx_request().

◆ eap_rx_identity()

static int eap_rx_identity ( struct eap_supplicant supplicant,
const void *  req,
size_t  req_len 
)
static

Handle EAP Request-Identity.

Parameters
supplicantEAP supplicant
reqRequest type data
req_lenLength of request type data
Return values
rcReturn status code

Definition at line 122 of file eap.c.

123  {
124  struct net_device *netdev = supplicant->netdev;
125  void *rsp;
126  int rsp_len;
127  int rc;
128 
129  /* Treat Request-Identity as blocking the link */
130  DBGC ( netdev, "EAP %s Request-Identity blocking link\n",
131  netdev->name );
132  DBGC_HDA ( netdev, 0, req, req_len );
133  netdev_link_block ( netdev, EAP_BLOCK_TIMEOUT );
134 
135  /* Mark EAP as in progress */
136  supplicant->flags |= EAP_FL_ONGOING;
137 
138  /* Construct response, if applicable */
139  rsp_len = fetch_raw_setting_copy ( netdev_settings ( netdev ),
140  &username_setting, &rsp );
141  if ( rsp_len < 0 ) {
142  /* We have no identity to offer, so wait until the
143  * switch times out and switches to MAC Authentication
144  * Bypass (MAB).
145  */
146  DBGC2 ( netdev, "EAP %s has no identity\n", netdev->name );
147  supplicant->flags |= EAP_FL_PASSIVE;
148  rc = 0;
149  goto no_response;
150  }
151 
152  /* Transmit response */
153  if ( ( rc = eap_tx_response ( supplicant, rsp, rsp_len ) ) != 0 )
154  goto err_tx;
155 
156  err_tx:
157  free ( rsp );
158  no_response:
159  return rc;
160 }
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
fetch_raw_setting_copy
int fetch_raw_setting_copy(struct settings *settings, const struct setting *setting, void **data)
Fetch value of setting.
Definition: settings.c:821
DBGC
#define DBGC(...)
Definition: compiler.h:505
netdev_settings
static struct settings * netdev_settings(struct net_device *netdev)
Get per-netdevice configuration settings block.
Definition: netdevice.h:586
eap_tx_response
int eap_tx_response(struct eap_supplicant *supplicant, const void *rsp, size_t rsp_len)
Transmit EAP response.
Definition: eap.c:47
netdev_link_block
void netdev_link_block(struct net_device *netdev, unsigned long timeout)
Mark network device link as being blocked.
Definition: netdevice.c:247
DBGC_HDA
#define DBGC_HDA(...)
Definition: compiler.h:506
netdev
static struct net_device * netdev
Definition: gdbudp.c:52
EAP_FL_PASSIVE
#define EAP_FL_PASSIVE
EAP supplicant is passive.
Definition: eap.h:174
EAP_FL_ONGOING
#define EAP_FL_ONGOING
EAP authentication is in progress.
Definition: eap.h:164
rsp
uint64_t rsp
Definition: librm.h:153
free
static void(* free)(struct refcnt *refcnt))
Definition: refcnt.h:54
net_device
A network device.
Definition: netdevice.h:352
net_device::name
char name[NETDEV_NAME_LEN]
Name of this network device.
Definition: netdevice.h:362
DBGC2
#define DBGC2(...)
Definition: compiler.h:522
EAP_BLOCK_TIMEOUT
#define EAP_BLOCK_TIMEOUT
EAP link block timeout.
Definition: eap.h:117
eap_supplicant::netdev
struct net_device * netdev
Network device.
Definition: eap.h:140
eap_supplicant::flags
uint16_t flags
Flags.
Definition: eap.h:142

References DBGC, DBGC2, DBGC_HDA, EAP_BLOCK_TIMEOUT, EAP_FL_ONGOING, EAP_FL_PASSIVE, eap_tx_response(), fetch_raw_setting_copy(), eap_supplicant::flags, free, net_device::name, netdev, eap_supplicant::netdev, netdev_link_block(), netdev_settings(), rc, and rsp.

◆ eap_rx_request()

static int eap_rx_request ( struct eap_supplicant supplicant,
const struct eap_message msg,
size_t  len 
)
static

Handle EAP Request.

Parameters
supplicantEAP supplicant
msgEAP request
lenLength of EAP request
Return values
rcReturn status code

Definition at line 176 of file eap.c.

177  {
178  struct net_device *netdev = supplicant->netdev;
179  struct eap_method *method;
180  const void *req;
181  size_t req_len;
182 
183  /* Sanity checks */
184  if ( len < sizeof ( *msg ) ) {
185  DBGC ( netdev, "EAP %s underlength request:\n", netdev->name );
186  DBGC_HDA ( netdev, 0, msg, len );
187  return -EINVAL;
188  }
189  if ( len < ntohs ( msg->hdr.len ) ) {
190  DBGC ( netdev, "EAP %s truncated request:\n", netdev->name );
191  DBGC_HDA ( netdev, 0, msg, len );
192  return -EINVAL;
193  }
194  req = msg->data;
195  req_len = ( ntohs ( msg->hdr.len ) - sizeof ( *msg ) );
196 
197  /* Record request details */
198  supplicant->id = msg->hdr.id;
199  supplicant->type = msg->type;
200  DBGC ( netdev, "EAP %s Request id %#02x type %d\n",
201  netdev->name, msg->hdr.id, msg->type );
202 
203  /* Handle according to type */
204  for_each_table_entry ( method, EAP_METHODS ) {
205  if ( msg->type == method->type )
206  return method->rx ( supplicant, req, req_len );
207  }
208  DBGC ( netdev, "EAP %s requested type %d unknown:\n",
209  netdev->name, msg->type );
210  DBGC_HDA ( netdev, 0, msg, len );
211 
212  /* Send NAK if applicable */
213  if ( msg->type > EAP_TYPE_NAK )
214  return eap_tx_nak ( supplicant );
215 
216  return -ENOTSUP;
217 }
EINVAL
#define EINVAL
Invalid argument.
Definition: errno.h:428
msg
void msg(unsigned int row, const char *fmt,...)
Print message centred on specified row.
Definition: message.c:61
DBGC
#define DBGC(...)
Definition: compiler.h:505
EAP_METHODS
#define EAP_METHODS
EAP method table.
Definition: eap.h:193
ntohs
#define ntohs(value)
Definition: byteswap.h:136
method
uint8_t method
Definition: ib_mad.h:14
eap_supplicant::id
uint8_t id
ID for current request/response.
Definition: eap.h:144
ENOTSUP
#define ENOTSUP
Operation not supported.
Definition: errno.h:589
DBGC_HDA
#define DBGC_HDA(...)
Definition: compiler.h:506
len
ring len
Length.
Definition: dwmac.h:231
netdev
static struct net_device * netdev
Definition: gdbudp.c:52
eap_tx_nak
static int eap_tx_nak(struct eap_supplicant *supplicant)
Transmit EAP NAK.
Definition: eap.c:88
for_each_table_entry
#define for_each_table_entry(pointer, table)
Iterate through all entries within a linker table.
Definition: tables.h:385
net_device
A network device.
Definition: netdevice.h:352
EAP_TYPE_NAK
#define EAP_TYPE_NAK
EAP NAK.
Definition: eap.h:50
net_device::name
char name[NETDEV_NAME_LEN]
Name of this network device.
Definition: netdevice.h:362
eap_supplicant::type
uint8_t type
Type for current request/response.
Definition: eap.h:146
eap_supplicant::netdev
struct net_device * netdev
Network device.
Definition: eap.h:140
eap_method
An EAP method.
Definition: eap.h:177

References DBGC, DBGC_HDA, EAP_METHODS, eap_tx_nak(), EAP_TYPE_NAK, EINVAL, ENOTSUP, for_each_table_entry, eap_supplicant::id, len, method, msg(), net_device::name, netdev, eap_supplicant::netdev, ntohs, and eap_supplicant::type.

Referenced by eap_rx().

◆ eap_rx_success()

static int eap_rx_success ( struct eap_supplicant supplicant)
static

Handle EAP Success.

Parameters
supplicantEAP supplicant
Return values
rcReturn status code

Definition at line 225 of file eap.c.

225  {
226  struct net_device *netdev = supplicant->netdev;
227 
228  /* Mark authentication as complete */
229  supplicant->flags = EAP_FL_PASSIVE;
230 
231  /* Mark link as unblocked */
232  DBGC ( netdev, "EAP %s Success\n", netdev->name );
233  netdev_link_unblock ( netdev );
234 
235  return 0;
236 }
DBGC
#define DBGC(...)
Definition: compiler.h:505
netdev_link_unblock
void netdev_link_unblock(struct net_device *netdev)
Mark network device link as being unblocked.
Definition: netdevice.c:262
netdev
static struct net_device * netdev
Definition: gdbudp.c:52
EAP_FL_PASSIVE
#define EAP_FL_PASSIVE
EAP supplicant is passive.
Definition: eap.h:174
net_device
A network device.
Definition: netdevice.h:352
net_device::name
char name[NETDEV_NAME_LEN]
Name of this network device.
Definition: netdevice.h:362
eap_supplicant::netdev
struct net_device * netdev
Network device.
Definition: eap.h:140
eap_supplicant::flags
uint16_t flags
Flags.
Definition: eap.h:142

References DBGC, EAP_FL_PASSIVE, eap_supplicant::flags, net_device::name, netdev, eap_supplicant::netdev, and netdev_link_unblock().

Referenced by eap_rx().

◆ eap_rx_failure()

static int eap_rx_failure ( struct eap_supplicant supplicant)
static

Handle EAP Failure.

Parameters
supplicantEAP supplicant
Return values
rcReturn status code

Definition at line 244 of file eap.c.

244  {
245  struct net_device *netdev = supplicant->netdev;
246 
247  /* Mark authentication as complete */
248  supplicant->flags = EAP_FL_PASSIVE;
249 
250  /* Record error */
251  DBGC ( netdev, "EAP %s Failure\n", netdev->name );
252  return -EPERM;
253 }
DBGC
#define DBGC(...)
Definition: compiler.h:505
netdev
static struct net_device * netdev
Definition: gdbudp.c:52
EAP_FL_PASSIVE
#define EAP_FL_PASSIVE
EAP supplicant is passive.
Definition: eap.h:174
net_device
A network device.
Definition: netdevice.h:352
EPERM
#define EPERM
Operation not permitted.
Definition: errno.h:614
net_device::name
char name[NETDEV_NAME_LEN]
Name of this network device.
Definition: netdevice.h:362
eap_supplicant::netdev
struct net_device * netdev
Network device.
Definition: eap.h:140
eap_supplicant::flags
uint16_t flags
Flags.
Definition: eap.h:142

References DBGC, EAP_FL_PASSIVE, EPERM, eap_supplicant::flags, net_device::name, netdev, and eap_supplicant::netdev.

Referenced by eap_rx().

◆ eap_rx()

int eap_rx ( struct eap_supplicant supplicant,
const void *  data,
size_t  len 
)

Handle EAP packet.

Parameters
supplicantEAP supplicant
dataEAP packet
lenLength of EAP packet
Return values
rcReturn status code

Definition at line 263 of file eap.c.

264  {
265  struct net_device *netdev = supplicant->netdev;
266  const union eap_packet *eap = data;
267 
268  /* Sanity check */
269  if ( len < sizeof ( eap->hdr ) ) {
270  DBGC ( netdev, "EAP %s underlength header:\n", netdev->name );
271  DBGC_HDA ( netdev, 0, eap, len );
272  return -EINVAL;
273  }
274 
275  /* Handle according to code */
276  switch ( eap->hdr.code ) {
277  case EAP_CODE_REQUEST:
278  return eap_rx_request ( supplicant, &eap->msg, len );
279  case EAP_CODE_RESPONSE:
280  DBGC2 ( netdev, "EAP %s ignoring response\n", netdev->name );
281  return 0;
282  case EAP_CODE_SUCCESS:
283  return eap_rx_success ( supplicant );
284  case EAP_CODE_FAILURE:
285  return eap_rx_failure ( supplicant );
286  default:
287  DBGC ( netdev, "EAP %s unsupported code %d\n",
288  netdev->name, eap->hdr.code );
289  DBGC_HDA ( netdev, 0, eap, len );
290  return -ENOTSUP;
291  }
292 }
EINVAL
#define EINVAL
Invalid argument.
Definition: errno.h:428
eap_packet::msg
struct eap_message msg
Request/response message.
Definition: eap.h:103
eap_rx_failure
static int eap_rx_failure(struct eap_supplicant *supplicant)
Handle EAP Failure.
Definition: eap.c:244
EAP_CODE_REQUEST
#define EAP_CODE_REQUEST
EAP request.
Definition: eap.h:28
eap_packet::hdr
struct eap_header hdr
Header.
Definition: eap.h:101
DBGC
#define DBGC(...)
Definition: compiler.h:505
ENOTSUP
#define ENOTSUP
Operation not supported.
Definition: errno.h:589
EAP_CODE_RESPONSE
#define EAP_CODE_RESPONSE
EAP response.
Definition: eap.h:31
EAP_CODE_FAILURE
#define EAP_CODE_FAILURE
EAP failure.
Definition: eap.h:96
eap_rx_success
static int eap_rx_success(struct eap_supplicant *supplicant)
Handle EAP Success.
Definition: eap.c:225
eap_packet
EAP packet.
Definition: eap.h:99
DBGC_HDA
#define DBGC_HDA(...)
Definition: compiler.h:506
len
ring len
Length.
Definition: dwmac.h:231
netdev
static struct net_device * netdev
Definition: gdbudp.c:52
net_device
A network device.
Definition: netdevice.h:352
EAP_CODE_SUCCESS
#define EAP_CODE_SUCCESS
EAP success.
Definition: eap.h:93
eap_rx_request
static int eap_rx_request(struct eap_supplicant *supplicant, const struct eap_message *msg, size_t len)
Handle EAP Request.
Definition: eap.c:176
net_device::name
char name[NETDEV_NAME_LEN]
Name of this network device.
Definition: netdevice.h:362
DBGC2
#define DBGC2(...)
Definition: compiler.h:522
eap_header::code
uint8_t code
Code.
Definition: eap.h:20
data
uint8_t data[48]
Additional event data.
Definition: ena.h:22
eap_supplicant::netdev
struct net_device * netdev
Network device.
Definition: eap.h:140

References eap_header::code, data, DBGC, DBGC2, DBGC_HDA, EAP_CODE_FAILURE, EAP_CODE_REQUEST, EAP_CODE_RESPONSE, EAP_CODE_SUCCESS, eap_rx_failure(), eap_rx_request(), eap_rx_success(), EINVAL, ENOTSUP, eap_packet::hdr, len, eap_packet::msg, net_device::name, netdev, and eap_supplicant::netdev.

Referenced by eapol_eap_rx().

◆ REQUIRING_SYMBOL()

REQUIRING_SYMBOL ( eap_rx  )

◆ REQUIRE_OBJECT()

REQUIRE_OBJECT ( config_eap  )

Variable Documentation

◆ __eap_method

struct eap_method eap_identity_method __eap_method
Initial value:
= {
.type = EAP_TYPE_IDENTITY,
.rx = eap_rx_identity,
}
EAP_TYPE_IDENTITY
#define EAP_TYPE_IDENTITY
EAP identity.
Definition: eap.h:47
eap_rx_identity
static int eap_rx_identity(struct eap_supplicant *supplicant, const void *req, size_t req_len)
Handle EAP Request-Identity.
Definition: eap.c:122

EAP Request-Identity method.

Definition at line 163 of file eap.c.

Generated by   doxygen 1.8.15