iPXE
Functions | Variables
eap.c File Reference

Extensible Authentication Protocol. More...

#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <byteswap.h>
#include <ipxe/netdevice.h>
#include <ipxe/eap.h>

Go to the source code of this file.

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 FILE_SECBOOT (PERMITTED)
int eap_tx_response (struct eap_supplicant *supplicant, const void *rsp, size_t rsp_len)
 Transmit EAP response.
static int eap_tx_nak (struct eap_supplicant *supplicant)
 Transmit EAP NAK.
static int eap_rx_identity (struct eap_supplicant *supplicant, const void *req, size_t req_len)
 Handle EAP Request-Identity.
static int eap_rx_request (struct eap_supplicant *supplicant, const struct eap_message *msg, size_t len)
 Handle EAP Request.
static int eap_rx_success (struct eap_supplicant *supplicant)
 Handle EAP Success.
static int eap_rx_failure (struct eap_supplicant *supplicant)
 Handle EAP Failure.
int eap_rx (struct eap_supplicant *supplicant, const void *data, size_t len)
 Handle EAP packet.
 REQUIRING_SYMBOL (eap_rx)
 REQUIRE_OBJECT (config_eap)

Variables

struct eap_method eap_identity_method __eap_method
 EAP Request-Identity method.

Detailed Description

Extensible Authentication Protocol.

Definition in file eap.c.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )

◆ FILE_SECBOOT()

FILE_SECBOOT ( PERMITTED )

◆ eap_tx_response()

int eap_tx_response ( struct eap_supplicant * supplicant,
const void * rsp,
size_t rsp_len )

Transmit EAP response.

Parameters
supplicantEAP supplicant
rspResponse type data
rsp_lenLength of response type data
Return values
rcReturn status code

Definition at line 48 of file eap.c.

49 {
50 struct net_device *netdev = supplicant->netdev;
51 struct eap_message *msg;
52 size_t len;
53 int rc;
54
55 /* Allocate and populate response */
56 len = ( sizeof ( *msg ) + rsp_len );
57 msg = malloc ( len );
58 if ( ! msg ) {
59 rc = -ENOMEM;
60 goto err_alloc;
61 }
62 msg->hdr.code = EAP_CODE_RESPONSE;
63 msg->hdr.id = supplicant->id;
64 msg->hdr.len = htons ( len );
65 msg->type = supplicant->type;
66 memcpy ( msg->data, rsp, rsp_len );
67 DBGC ( netdev, "EAP %s Response id %#02x type %d\n",
68 netdev->name, msg->hdr.id, msg->type );
69
70 /* Transmit response */
71 if ( ( rc = supplicant->tx ( supplicant, msg, len ) ) != 0 ) {
72 DBGC ( netdev, "EAP %s could not transmit: %s\n",
73 netdev->name, strerror ( rc ) );
74 goto err_tx;
75 }
76
77 err_tx:
78 free ( msg );
79 err_alloc:
80 return rc;
81}
rc
struct arbelprm_rc_send_wqe rc
Definition arbel.h:3
len
ring len
Length.
Definition dwmac.h:226
EAP_CODE_RESPONSE
#define EAP_CODE_RESPONSE
EAP response.
Definition eap.h:32
netdev
static struct net_device * netdev
Definition gdbudp.c:53
DBGC
#define DBGC(...)
Definition compiler.h:505
ENOMEM
#define ENOMEM
Not enough space.
Definition errno.h:535
htons
#define htons(value)
Definition byteswap.h:136
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
rsp
uint64_t rsp
Definition librm.h:18
malloc
void * malloc(size_t size)
Allocate memory.
Definition malloc.c:621
msg
void msg(unsigned int row, const char *fmt,...)
Print message centred on specified row.
Definition message.c:62
free
static void(* free)(struct refcnt *refcnt))
Definition refcnt.h:55
strerror
char * strerror(int errno)
Retrieve string representation of error number.
Definition strerror.c:79
eap_message
EAP request/response message.
Definition eap.h:35
eap_supplicant::id
uint8_t id
ID for current request/response.
Definition eap.h:145
eap_supplicant::type
uint8_t type
Type for current request/response.
Definition eap.h:147
eap_supplicant::netdev
struct net_device * netdev
Network device.
Definition eap.h:141
eap_supplicant::tx
int(* tx)(struct eap_supplicant *supplicant, const void *data, size_t len)
Transmit EAP response.
Definition eap.h:156
net_device
A network device.
Definition netdevice.h:353

References DBGC, EAP_CODE_RESPONSE, ENOMEM, free, htons, eap_supplicant::id, len, malloc(), memcpy(), msg(), eap_supplicant::netdev, netdev, rc, rsp, strerror(), eap_supplicant::tx, and eap_supplicant::type.

Referenced by eap_rx_identity(), eap_rx_md5(), eap_rx_mschapv2_request(), eap_rx_mschapv2_success(), and eap_tx_nak().

◆ eap_tx_nak()

int eap_tx_nak ( struct eap_supplicant * supplicant)
static

Transmit EAP NAK.

Parameters
supplicantEAP supplicant
Return values
rcReturn status code

Definition at line 89 of file eap.c.

89 {
90 struct net_device *netdev = supplicant->netdev;
91 unsigned int max = table_num_entries ( EAP_METHODS );
92 uint8_t methods[ max + 1 /* potential EAP_TYPE_NONE */ ];
93 unsigned int count = 0;
94 struct eap_method *method;
95
96 /* Populate methods list */
97 DBGC ( netdev, "EAP %s Nak offering types {", netdev->name );
98 for_each_table_entry ( method, EAP_METHODS ) {
99 if ( method->type > EAP_TYPE_NAK ) {
100 DBGC ( netdev, "%s%d",
101 ( count ? ", " : "" ), method->type );
102 methods[count++] = method->type;
103 }
104 }
105 if ( ! count )
106 methods[count++] = EAP_TYPE_NONE;
107 DBGC ( netdev, "}\n" );
108 assert ( count <= max );
109
110 /* Transmit response */
111 supplicant->type = EAP_TYPE_NAK;
112 return eap_tx_response ( supplicant, methods, count );
113}
uint8_t
unsigned char uint8_t
Definition stdint.h:10
assert
#define assert(condition)
Assert a condition at run-time.
Definition assert.h:50
max
#define max(x, y)
Definition ath.h:41
eap_tx_response
int eap_tx_response(struct eap_supplicant *supplicant, const void *rsp, size_t rsp_len)
Transmit EAP response.
Definition eap.c:48
EAP_METHODS
#define EAP_METHODS
EAP method table.
Definition eap.h:194
EAP_TYPE_NONE
#define EAP_TYPE_NONE
EAP "no available types" marker.
Definition eap.h:45
EAP_TYPE_NAK
#define EAP_TYPE_NAK
EAP NAK.
Definition eap.h:51
count
static unsigned int count
Number of entries.
Definition dwmac.h:220
method
uint8_t method
Definition ib_mad.h:3
eap_method
An EAP method.
Definition eap.h:178
table_num_entries
#define table_num_entries(table)
Get number of entries in linker table.
Definition tables.h:336
for_each_table_entry
#define for_each_table_entry(pointer, table)
Iterate through all entries within a linker table.
Definition tables.h:386

References assert, count, DBGC, EAP_METHODS, eap_tx_response(), EAP_TYPE_NAK, EAP_TYPE_NONE, for_each_table_entry, max, method, eap_supplicant::netdev, netdev, table_num_entries, and eap_supplicant::type.

Referenced by eap_rx_request().

◆ eap_rx_identity()

int eap_rx_identity ( struct eap_supplicant * supplicant,
const void * req,
size_t req_len )
static

Handle EAP Request-Identity.

Parameters
supplicantEAP supplicant
reqRequest type data
req_lenLength of request type data
Return values
rcReturn status code

Definition at line 123 of file eap.c.

124 {
125 struct net_device *netdev = supplicant->netdev;
126 void *rsp;
127 int rsp_len;
128 int rc;
129
130 /* Treat Request-Identity as blocking the link */
131 DBGC ( netdev, "EAP %s Request-Identity blocking link\n",
132 netdev->name );
133 DBGC_HDA ( netdev, 0, req, req_len );
134 netdev_link_block ( netdev, EAP_BLOCK_TIMEOUT );
135
136 /* Mark EAP as in progress */
137 supplicant->flags |= EAP_FL_ONGOING;
138
139 /* Construct response, if applicable */
140 rsp_len = fetch_raw_setting_copy ( netdev_settings ( netdev ),
141 &username_setting, &rsp );
142 if ( rsp_len < 0 ) {
143 /* We have no identity to offer, so wait until the
144 * switch times out and switches to MAC Authentication
145 * Bypass (MAB).
146 */
147 DBGC2 ( netdev, "EAP %s has no identity\n", netdev->name );
148 supplicant->flags |= EAP_FL_PASSIVE;
149 rc = 0;
150 goto no_response;
151 }
152
153 /* Transmit response */
154 if ( ( rc = eap_tx_response ( supplicant, rsp, rsp_len ) ) != 0 )
155 goto err_tx;
156
157 err_tx:
158 free ( rsp );
159 no_response:
160 return rc;
161}
EAP_FL_ONGOING
#define EAP_FL_ONGOING
EAP authentication is in progress.
Definition eap.h:165
EAP_FL_PASSIVE
#define EAP_FL_PASSIVE
EAP supplicant is passive.
Definition eap.h:175
EAP_BLOCK_TIMEOUT
#define EAP_BLOCK_TIMEOUT
EAP link block timeout.
Definition eap.h:118
DBGC2
#define DBGC2(...)
Definition compiler.h:522
DBGC_HDA
#define DBGC_HDA(...)
Definition compiler.h:506
netdev_link_block
void netdev_link_block(struct net_device *netdev, unsigned long timeout)
Mark network device link as being blocked.
Definition netdevice.c:248
netdev_settings
static struct settings * netdev_settings(struct net_device *netdev)
Get per-netdevice configuration settings block.
Definition netdevice.h:587
fetch_raw_setting_copy
int fetch_raw_setting_copy(struct settings *settings, const struct setting *setting, void **data)
Fetch value of setting.
Definition settings.c:822
eap_supplicant::flags
uint16_t flags
Flags.
Definition eap.h:143

References DBGC, DBGC2, DBGC_HDA, EAP_BLOCK_TIMEOUT, EAP_FL_ONGOING, EAP_FL_PASSIVE, eap_tx_response(), fetch_raw_setting_copy(), eap_supplicant::flags, free, eap_supplicant::netdev, netdev, netdev_link_block(), netdev_settings(), rc, and rsp.

◆ eap_rx_request()

int eap_rx_request ( struct eap_supplicant * supplicant,
const struct eap_message * msg,
size_t len )
static

Handle EAP Request.

Parameters
supplicantEAP supplicant
msgEAP request
lenLength of EAP request
Return values
rcReturn status code

Definition at line 177 of file eap.c.

178 {
179 struct net_device *netdev = supplicant->netdev;
180 struct eap_method *method;
181 const void *req;
182 size_t req_len;
183
184 /* Sanity checks */
185 if ( len < sizeof ( *msg ) ) {
186 DBGC ( netdev, "EAP %s underlength request:\n", netdev->name );
187 DBGC_HDA ( netdev, 0, msg, len );
188 return -EINVAL;
189 }
190 if ( len < ntohs ( msg->hdr.len ) ) {
191 DBGC ( netdev, "EAP %s truncated request:\n", netdev->name );
192 DBGC_HDA ( netdev, 0, msg, len );
193 return -EINVAL;
194 }
195 req = msg->data;
196 req_len = ( ntohs ( msg->hdr.len ) - sizeof ( *msg ) );
197
198 /* Record request details */
199 supplicant->id = msg->hdr.id;
200 supplicant->type = msg->type;
201 DBGC ( netdev, "EAP %s Request id %#02x type %d\n",
202 netdev->name, msg->hdr.id, msg->type );
203
204 /* Handle according to type */
205 for_each_table_entry ( method, EAP_METHODS ) {
206 if ( msg->type == method->type )
207 return method->rx ( supplicant, req, req_len );
208 }
209 DBGC ( netdev, "EAP %s requested type %d unknown:\n",
210 netdev->name, msg->type );
211 DBGC_HDA ( netdev, 0, msg, len );
212
213 /* Send NAK if applicable */
214 if ( msg->type > EAP_TYPE_NAK )
215 return eap_tx_nak ( supplicant );
216
217 return -ENOTSUP;
218}
eap_tx_nak
static int eap_tx_nak(struct eap_supplicant *supplicant)
Transmit EAP NAK.
Definition eap.c:89
EINVAL
#define EINVAL
Invalid argument.
Definition errno.h:429
ENOTSUP
#define ENOTSUP
Operation not supported.
Definition errno.h:590
ntohs
#define ntohs(value)
Definition byteswap.h:137

References DBGC, DBGC_HDA, EAP_METHODS, eap_tx_nak(), EAP_TYPE_NAK, EINVAL, ENOTSUP, for_each_table_entry, eap_supplicant::id, len, method, msg(), eap_supplicant::netdev, netdev, ntohs, and eap_supplicant::type.

Referenced by eap_rx().

◆ eap_rx_success()

int eap_rx_success ( struct eap_supplicant * supplicant)
static

Handle EAP Success.

Parameters
supplicantEAP supplicant
Return values
rcReturn status code

Definition at line 226 of file eap.c.

226 {
227 struct net_device *netdev = supplicant->netdev;
228
229 /* Mark authentication as complete */
230 supplicant->flags = EAP_FL_PASSIVE;
231
232 /* Mark link as unblocked */
233 DBGC ( netdev, "EAP %s Success\n", netdev->name );
234 netdev_link_unblock ( netdev );
235
236 return 0;
237}
netdev_link_unblock
void netdev_link_unblock(struct net_device *netdev)
Mark network device link as being unblocked.
Definition netdevice.c:263

References DBGC, EAP_FL_PASSIVE, eap_supplicant::flags, eap_supplicant::netdev, netdev, and netdev_link_unblock().

Referenced by eap_rx().

◆ eap_rx_failure()

int eap_rx_failure ( struct eap_supplicant * supplicant)
static

Handle EAP Failure.

Parameters
supplicantEAP supplicant
Return values
rcReturn status code

Definition at line 245 of file eap.c.

245 {
246 struct net_device *netdev = supplicant->netdev;
247
248 /* Mark authentication as complete */
249 supplicant->flags = EAP_FL_PASSIVE;
250
251 /* Record error */
252 DBGC ( netdev, "EAP %s Failure\n", netdev->name );
253 return -EPERM;
254}
EPERM
#define EPERM
Operation not permitted.
Definition errno.h:615

References DBGC, EAP_FL_PASSIVE, EPERM, eap_supplicant::flags, eap_supplicant::netdev, and netdev.

Referenced by eap_rx().

◆ eap_rx()

int eap_rx ( struct eap_supplicant * supplicant,
const void * data,
size_t len )

Handle EAP packet.

Parameters
supplicantEAP supplicant
dataEAP packet
lenLength of EAP packet
Return values
rcReturn status code

Definition at line 264 of file eap.c.

265 {
266 struct net_device *netdev = supplicant->netdev;
267 const union eap_packet *eap = data;
268
269 /* Sanity check */
270 if ( len < sizeof ( eap->hdr ) ) {
271 DBGC ( netdev, "EAP %s underlength header:\n", netdev->name );
272 DBGC_HDA ( netdev, 0, eap, len );
273 return -EINVAL;
274 }
275
276 /* Handle according to code */
277 switch ( eap->hdr.code ) {
278 case EAP_CODE_REQUEST:
279 return eap_rx_request ( supplicant, &eap->msg, len );
280 case EAP_CODE_RESPONSE:
281 DBGC2 ( netdev, "EAP %s ignoring response\n", netdev->name );
282 return 0;
283 case EAP_CODE_SUCCESS:
284 return eap_rx_success ( supplicant );
285 case EAP_CODE_FAILURE:
286 return eap_rx_failure ( supplicant );
287 default:
288 DBGC ( netdev, "EAP %s unsupported code %d\n",
289 netdev->name, eap->hdr.code );
290 DBGC_HDA ( netdev, 0, eap, len );
291 return -ENOTSUP;
292 }
293}
eap_rx_request
static int eap_rx_request(struct eap_supplicant *supplicant, const struct eap_message *msg, size_t len)
Handle EAP Request.
Definition eap.c:177
eap_rx_success
static int eap_rx_success(struct eap_supplicant *supplicant)
Handle EAP Success.
Definition eap.c:226
eap_rx_failure
static int eap_rx_failure(struct eap_supplicant *supplicant)
Handle EAP Failure.
Definition eap.c:245
EAP_CODE_REQUEST
#define EAP_CODE_REQUEST
EAP request.
Definition eap.h:29
EAP_CODE_FAILURE
#define EAP_CODE_FAILURE
EAP failure.
Definition eap.h:97
EAP_CODE_SUCCESS
#define EAP_CODE_SUCCESS
EAP success.
Definition eap.h:94
data
uint8_t data[48]
Additional event data.
Definition ena.h:11
eap_header::code
uint8_t code
Code.
Definition eap.h:21
eap_packet
EAP packet.
Definition eap.h:100
eap_packet::msg
struct eap_message msg
Request/response message.
Definition eap.h:104
eap_packet::hdr
struct eap_header hdr
Header.
Definition eap.h:102

References eap_header::code, data, DBGC, DBGC2, DBGC_HDA, EAP_CODE_FAILURE, EAP_CODE_REQUEST, EAP_CODE_RESPONSE, EAP_CODE_SUCCESS, eap_rx_failure(), eap_rx_request(), eap_rx_success(), EINVAL, ENOTSUP, eap_packet::hdr, len, eap_packet::msg, eap_supplicant::netdev, and netdev.

Referenced by eapol_eap_rx(), and REQUIRING_SYMBOL().

◆ REQUIRING_SYMBOL()

REQUIRING_SYMBOL ( eap_rx )

References eap_rx().

◆ REQUIRE_OBJECT()

REQUIRE_OBJECT ( config_eap )

Variable Documentation

◆ __eap_method

struct eap_method eap_identity_method __eap_method
Initial value:
= {
.type = EAP_TYPE_IDENTITY,
.rx = eap_rx_identity,
}
eap_rx_identity
static int eap_rx_identity(struct eap_supplicant *supplicant, const void *req, size_t req_len)
Handle EAP Request-Identity.
Definition eap.c:123
EAP_TYPE_IDENTITY
#define EAP_TYPE_IDENTITY
EAP identity.
Definition eap.h:48

EAP Request-Identity method.

Definition at line 164 of file eap.c.

164 {
165 .type = EAP_TYPE_IDENTITY,
166 .rx = eap_rx_identity,
167};
Generated by doxygen 1.14.0