eap.c File Reference

Extensible Authentication Protocol. More...

#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <byteswap.h>
#include <ipxe/netdevice.h>
#include <ipxe/eap.h>

Go to the source code of this file.

Functions
	FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
	FILE_SECBOOT (PERMITTED)
int	eap_tx_response (struct eap_supplicant *supplicant, const void *rsp, size_t rsp_len)
	Transmit EAP response. More...
static int	eap_tx_nak (struct eap_supplicant *supplicant)
	Transmit EAP NAK. More...
static int	eap_rx_identity (struct eap_supplicant *supplicant, const void *req, size_t req_len)
	Handle EAP Request-Identity. More...
static int	eap_rx_request (struct eap_supplicant *supplicant, const struct eap_message *msg, size_t len)
	Handle EAP Request. More...
static int	eap_rx_success (struct eap_supplicant *supplicant)
	Handle EAP Success. More...
static int	eap_rx_failure (struct eap_supplicant *supplicant)
	Handle EAP Failure. More...
int	eap_rx (struct eap_supplicant *supplicant, const void *data, size_t len)
	Handle EAP packet. More...
	REQUIRING_SYMBOL (eap_rx)
	REQUIRE_OBJECT (config_eap)

Variables
struct eap_method eap_identity_method	__eap_method
	EAP Request-Identity method. More...

Detailed Description

Extensible Authentication Protocol.

Definition in file eap.c.

Function Documentation

FILE_LICENCE()

FILE_LICENCE

(

GPL2_OR_LATER_OR_UBDL

)

FILE_SECBOOT()

FILE_SECBOOT

(

PERMITTED

)

eap_tx_response()

int eap_tx_response	(	struct eap_supplicant *	supplicant,
		const void *	rsp,
		size_t	rsp_len
	)

Transmit EAP response.

Parameters

supplicant	EAP supplicant
rsp	Response type data
rsp_len	Length of response type data

Return values

rc	Return status code

Definition at line 48 of file eap.c.

                                                        {
        struct net_device *netdev = supplicant->netdev;
        struct eap_message *msg;
        size_t len;
        int rc;

        /* Allocate and populate response */
        len = ( sizeof ( *msg ) + rsp_len );
        msg = malloc ( len );
        if ( ! msg ) {
                rc = -ENOMEM;
                goto err_alloc;
        }
        msg->hdr.code = EAP_CODE_RESPONSE;
        msg->hdr.id = supplicant->id;
        msg->hdr.len = htons ( len );
        msg->type = supplicant->type;
        memcpy ( msg->data, rsp, rsp_len );
        DBGC ( netdev, "EAP %s Response id %#02x type %d\n",
               netdev->name, msg->hdr.id, msg->type );

        /* Transmit response */
        if ( ( rc = supplicant->tx ( supplicant, msg, len ) ) != 0 ) {
                DBGC ( netdev, "EAP %s could not transmit: %s\n",
                       netdev->name, strerror ( rc ) );
                goto err_tx;
        }

 err_tx:
        free ( msg );
 err_alloc:
        return rc;
}

References DBGC, EAP_CODE_RESPONSE, ENOMEM, free, htons, eap_supplicant::id, len, malloc(), memcpy(), msg(), net_device::name, netdev, eap_supplicant::netdev, rc, rsp, strerror(), eap_supplicant::tx, and eap_supplicant::type.

Referenced by eap_rx_identity(), eap_rx_md5(), eap_rx_mschapv2_request(), eap_rx_mschapv2_success(), and eap_tx_nak().

eap_tx_nak()

static int eap_tx_nak ( struct eap_supplicant *  supplicant )

static

Transmit EAP NAK.

Parameters

supplicant

EAP supplicant

Return values

rc	Return status code

Definition at line 89 of file eap.c.

                                                            {
        struct net_device *netdev = supplicant->netdev;
        unsigned int max = table_num_entries ( EAP_METHODS );
        uint8_t methods[ max + 1 /* potential EAP_TYPE_NONE */ ];
        unsigned int count = 0;
        struct eap_method *method;

        /* Populate methods list */
        DBGC ( netdev, "EAP %s Nak offering types {", netdev->name );
        for_each_table_entry ( method, EAP_METHODS ) {
                if ( method->type > EAP_TYPE_NAK ) {
                        DBGC ( netdev, "%s%d",
                               ( count ? ", " : "" ), method->type );
                        methods[count++] = method->type;
                }
        }
        if ( ! count )
                methods[count++] = EAP_TYPE_NONE;
        DBGC ( netdev, "}\n" );
        assert ( count <= max );

        /* Transmit response */
        supplicant->type = EAP_TYPE_NAK;
        return eap_tx_response ( supplicant, methods, count );
}

References assert(), count, DBGC, EAP_METHODS, eap_tx_response(), EAP_TYPE_NAK, EAP_TYPE_NONE, for_each_table_entry, max, method, net_device::name, netdev, eap_supplicant::netdev, table_num_entries, and eap_supplicant::type.

Referenced by eap_rx_request().

eap_rx_identity()

static int eap_rx_identity ( struct eap_supplicant *  supplicant, const void *  req, size_t  req_len  )

static

Handle EAP Request-Identity.

Parameters

supplicant	EAP supplicant
req	Request type data
req_len	Length of request type data

Return values

rc	Return status code

Definition at line 123 of file eap.c.

                                                               {
        struct net_device *netdev = supplicant->netdev;
        void *rsp;
        int rsp_len;
        int rc;

        /* Treat Request-Identity as blocking the link */
        DBGC ( netdev, "EAP %s Request-Identity blocking link\n",
               netdev->name );
        DBGC_HDA ( netdev, 0, req, req_len );
        netdev_link_block ( netdev, EAP_BLOCK_TIMEOUT );

        /* Mark EAP as in progress */
        supplicant->flags |= EAP_FL_ONGOING;

        /* Construct response, if applicable */
        rsp_len = fetch_raw_setting_copy ( netdev_settings ( netdev ),
                                           &username_setting, &rsp );
        if ( rsp_len < 0 ) {
                /* We have no identity to offer, so wait until the
                 * switch times out and switches to MAC Authentication
                 * Bypass (MAB).
                 */
                DBGC2 ( netdev, "EAP %s has no identity\n", netdev->name );
                supplicant->flags |= EAP_FL_PASSIVE;
                rc = 0;
                goto no_response;
        }

        /* Transmit response */
        if ( ( rc = eap_tx_response ( supplicant, rsp, rsp_len ) ) != 0 )
                goto err_tx;

 err_tx:
        free ( rsp );
 no_response:
        return rc;
}

References DBGC, DBGC2, DBGC_HDA, EAP_BLOCK_TIMEOUT, EAP_FL_ONGOING, EAP_FL_PASSIVE, eap_tx_response(), fetch_raw_setting_copy(), eap_supplicant::flags, free, net_device::name, netdev, eap_supplicant::netdev, netdev_link_block(), netdev_settings(), rc, and rsp.

eap_rx_request()

static int eap_rx_request ( struct eap_supplicant *  supplicant, const struct eap_message *  msg, size_t  len  )

static

Handle EAP Request.

Parameters

supplicant	EAP supplicant
msg	EAP request
len	Length of EAP request

Return values

rc	Return status code

Definition at line 177 of file eap.c.

                                                                        {
        struct net_device *netdev = supplicant->netdev;
        struct eap_method *method;
        const void *req;
        size_t req_len;

        /* Sanity checks */
        if ( len < sizeof ( *msg ) ) {
                DBGC ( netdev, "EAP %s underlength request:\n", netdev->name );
                DBGC_HDA ( netdev, 0, msg, len );
                return -EINVAL;
        }
        if ( len < ntohs ( msg->hdr.len ) ) {
                DBGC ( netdev, "EAP %s truncated request:\n", netdev->name );
                DBGC_HDA ( netdev, 0, msg, len );
                return -EINVAL;
        }
        req = msg->data;
        req_len = ( ntohs ( msg->hdr.len ) - sizeof ( *msg ) );

        /* Record request details */
        supplicant->id = msg->hdr.id;
        supplicant->type = msg->type;
        DBGC ( netdev, "EAP %s Request id %#02x type %d\n",
               netdev->name, msg->hdr.id, msg->type );

        /* Handle according to type */
        for_each_table_entry ( method, EAP_METHODS ) {
                if ( msg->type == method->type )
                        return method->rx ( supplicant, req, req_len );
        }
        DBGC ( netdev, "EAP %s requested type %d unknown:\n",
               netdev->name, msg->type );
        DBGC_HDA ( netdev, 0, msg, len );

        /* Send NAK if applicable */
        if ( msg->type > EAP_TYPE_NAK )
                return eap_tx_nak ( supplicant );

        return -ENOTSUP;
}

References DBGC, DBGC_HDA, EAP_METHODS, eap_tx_nak(), EAP_TYPE_NAK, EINVAL, ENOTSUP, for_each_table_entry, eap_supplicant::id, len, method, msg(), net_device::name, netdev, eap_supplicant::netdev, ntohs, and eap_supplicant::type.

Referenced by eap_rx().

eap_rx_success()

static int eap_rx_success ( struct eap_supplicant *  supplicant )

static

Handle EAP Success.

Parameters

supplicant

EAP supplicant

Return values

rc	Return status code

Definition at line 226 of file eap.c.

                                                                {
        struct net_device *netdev = supplicant->netdev;

        /* Mark authentication as complete */
        supplicant->flags = EAP_FL_PASSIVE;

        /* Mark link as unblocked */
        DBGC ( netdev, "EAP %s Success\n", netdev->name );
        netdev_link_unblock ( netdev );

        return 0;
}

References DBGC, EAP_FL_PASSIVE, eap_supplicant::flags, net_device::name, netdev, eap_supplicant::netdev, and netdev_link_unblock().

Referenced by eap_rx().

eap_rx_failure()

static int eap_rx_failure ( struct eap_supplicant *  supplicant )

static

Handle EAP Failure.

Parameters

supplicant

EAP supplicant

Return values

rc	Return status code

Definition at line 245 of file eap.c.

                                                                {
        struct net_device *netdev = supplicant->netdev;

        /* Mark authentication as complete */
        supplicant->flags = EAP_FL_PASSIVE;

        /* Record error */
        DBGC ( netdev, "EAP %s Failure\n", netdev->name );
        return -EPERM;
}

References DBGC, EAP_FL_PASSIVE, EPERM, eap_supplicant::flags, net_device::name, netdev, and eap_supplicant::netdev.

Referenced by eap_rx().

eap_rx()

int eap_rx	(	struct eap_supplicant *	supplicant,
		const void *	data,
		size_t	len
	)

Handle EAP packet.

Parameters

supplicant	EAP supplicant
data	EAP packet
len	Length of EAP packet

Return values

rc	Return status code

Definition at line 264 of file eap.c.

                          {
        struct net_device *netdev = supplicant->netdev;
        const union eap_packet *eap = data;

        /* Sanity check */
        if ( len < sizeof ( eap->hdr ) ) {
                DBGC ( netdev, "EAP %s underlength header:\n", netdev->name );
                DBGC_HDA ( netdev, 0, eap, len );
                return -EINVAL;
        }

        /* Handle according to code */
        switch ( eap->hdr.code ) {
        case EAP_CODE_REQUEST:
                return eap_rx_request ( supplicant, &eap->msg, len );
        case EAP_CODE_RESPONSE:
                DBGC2 ( netdev, "EAP %s ignoring response\n", netdev->name );
                return 0;
        case EAP_CODE_SUCCESS:
                return eap_rx_success ( supplicant );
        case EAP_CODE_FAILURE:
                return eap_rx_failure ( supplicant );
        default:
                DBGC ( netdev, "EAP %s unsupported code %d\n",
                       netdev->name, eap->hdr.code );
                DBGC_HDA ( netdev, 0, eap, len );
                return -ENOTSUP;
        }
}

References eap_header::code, data, DBGC, DBGC2, DBGC_HDA, EAP_CODE_FAILURE, EAP_CODE_REQUEST, EAP_CODE_RESPONSE, EAP_CODE_SUCCESS, eap_rx_failure(), eap_rx_request(), eap_rx_success(), EINVAL, ENOTSUP, eap_packet::hdr, len, eap_packet::msg, net_device::name, netdev, and eap_supplicant::netdev.

Referenced by eapol_eap_rx().

REQUIRING_SYMBOL()

REQUIRING_SYMBOL

(

eap_rx

)

REQUIRE_OBJECT()

REQUIRE_OBJECT

(

config_eap

)

Variable Documentation

__eap_method

struct eap_method eap_identity_method __eap_method

Initial value:

= {
        .type = EAP_TYPE_IDENTITY,
        .rx = eap_rx_identity,
}

EAP Request-Identity method.

Definition at line 164 of file eap.c.