1 /* 2 * IEEE 802.1X-2004 Authenticator - EAPOL state machine (internal definitions) 3 * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef EAPOL_AUTH_SM_I_H 10 #define EAPOL_AUTH_SM_I_H 11 12 #include "common/defs.h" 13 14 /* IEEE Std 802.1X-2004, Ch. 8.2 */ 15 16 typedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 } 17 PortTypes; 18 typedef enum { Unauthorized = 2, Authorized = 1 } PortState; 19 typedef enum { Both = 0, In = 1 } ControlledDirection; 20 typedef unsigned int Counter; 21 22 23 /** 24 * struct eapol_authenticator - Global EAPOL authenticator data 25 */ 26 struct eapol_authenticator { 27 struct eapol_auth_config conf; 28 struct eapol_auth_cb cb; 29 30 u8 *default_wep_key; 31 u8 default_wep_key_idx; 32 }; 33 34 35 /** 36 * struct eapol_state_machine - Per-Supplicant Authenticator state machines 37 */ 38 struct eapol_state_machine { 39 /* timers */ 40 int aWhile; 41 int quietWhile; 42 int reAuthWhen; 43 44 /* global variables */ 45 bool authAbort; 46 bool authFail; 47 PortState authPortStatus; 48 bool authStart; 49 bool authTimeout; 50 bool authSuccess; 51 bool eapolEap; 52 bool initialize; 53 bool keyDone; 54 bool keyRun; 55 bool keyTxEnabled; 56 PortTypes portControl; 57 bool portValid; 58 bool reAuthenticate; 59 60 /* Port Timers state machine */ 61 /* 'bool tick' implicitly handled as registered timeout */ 62 63 /* Authenticator PAE state machine */ 64 enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING, 65 AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED, 66 AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH, 67 AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state; 68 /* variables */ 69 bool eapolLogoff; 70 bool eapolStart; 71 PortTypes portMode; 72 unsigned int reAuthCount; 73 /* constants */ 74 unsigned int quietPeriod; /* default 60; 0..65535 */ 75 #define AUTH_PAE_DEFAULT_quietPeriod 60 76 unsigned int reAuthMax; /* default 2 */ 77 #define AUTH_PAE_DEFAULT_reAuthMax 2 78 /* counters */ 79 Counter authEntersConnecting; 80 Counter authEapLogoffsWhileConnecting; 81 Counter authEntersAuthenticating; 82 Counter authAuthSuccessesWhileAuthenticating; 83 Counter authAuthTimeoutsWhileAuthenticating; 84 Counter authAuthFailWhileAuthenticating; 85 Counter authAuthEapStartsWhileAuthenticating; 86 Counter authAuthEapLogoffWhileAuthenticating; 87 Counter authAuthReauthsWhileAuthenticated; 88 Counter authAuthEapStartsWhileAuthenticated; 89 Counter authAuthEapLogoffWhileAuthenticated; 90 91 /* Backend Authentication state machine */ 92 enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS, 93 BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE, 94 BE_AUTH_IGNORE 95 } be_auth_state; 96 /* constants */ 97 unsigned int serverTimeout; /* default 30; 1..X */ 98 #define BE_AUTH_DEFAULT_serverTimeout 30 99 /* counters */ 100 Counter backendResponses; 101 Counter backendAccessChallenges; 102 Counter backendOtherRequestsToSupplicant; 103 Counter backendAuthSuccesses; 104 Counter backendAuthFails; 105 106 /* Reauthentication Timer state machine */ 107 enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE 108 } reauth_timer_state; 109 /* constants */ 110 unsigned int reAuthPeriod; /* default 3600 s */ 111 bool reAuthEnabled; 112 113 /* Authenticator Key Transmit state machine */ 114 enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT 115 } auth_key_tx_state; 116 117 /* Key Receive state machine */ 118 enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state; 119 /* variables */ 120 bool rxKey; 121 122 /* Controlled Directions state machine */ 123 enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state; 124 /* variables */ 125 ControlledDirection adminControlledDirections; 126 ControlledDirection operControlledDirections; 127 bool operEdge; 128 129 /* Authenticator Statistics Table */ 130 Counter dot1xAuthEapolFramesRx; 131 Counter dot1xAuthEapolFramesTx; 132 Counter dot1xAuthEapolStartFramesRx; 133 Counter dot1xAuthEapolLogoffFramesRx; 134 Counter dot1xAuthEapolRespIdFramesRx; 135 Counter dot1xAuthEapolRespFramesRx; 136 Counter dot1xAuthEapolReqIdFramesTx; 137 Counter dot1xAuthEapolReqFramesTx; 138 Counter dot1xAuthInvalidEapolFramesRx; 139 Counter dot1xAuthEapLengthErrorFramesRx; 140 Counter dot1xAuthLastEapolFrameVersion; 141 142 /* Other variables - not defined in IEEE 802.1X */ 143 u8 addr[ETH_ALEN]; /* Supplicant address */ 144 int flags; /* EAPOL_SM_* */ 145 146 /* EAPOL/AAA <-> EAP full authenticator interface */ 147 struct eap_eapol_interface *eap_if; 148 149 int radius_identifier; 150 /* TODO: check when the last messages can be released */ 151 struct radius_msg *last_recv_radius; 152 u8 last_eap_id; /* last used EAP Identifier */ 153 u8 *identity; 154 size_t identity_len; 155 u8 eap_type_authsrv; /* EAP type of the last EAP packet from 156 * Authentication server */ 157 u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */ 158 #ifndef CONFIG_NO_RADIUS 159 struct wpabuf *radius_cui; /* Chargeable-User-Identity */ 160 #endif 161 162 struct eap_sm *eap; 163 164 bool initializing; /* in process of initializing state machines */ 165 bool changed; 166 167 struct eapol_authenticator *eapol; 168 169 void *sta; /* station context pointer to use in callbacks */ 170 171 int remediation; 172 173 u64 acct_multi_session_id; 174 }; 175 176 #endif /* EAPOL_AUTH_SM_I_H */ 177