1 /* 2 * IEEE 802.1X-2004 Authenticator - EAPOL state machine (internal definitions) 3 * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef EAPOL_AUTH_SM_I_H 10 #define EAPOL_AUTH_SM_I_H 11 12 #include "common/defs.h" 13 #include "radius/radius.h" 14 15 /* IEEE Std 802.1X-2004, Ch. 8.2 */ 16 17 typedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 } 18 PortTypes; 19 typedef enum { Unauthorized = 2, Authorized = 1 } PortState; 20 typedef enum { Both = 0, In = 1 } ControlledDirection; 21 typedef unsigned int Counter; 22 23 24 /** 25 * struct eapol_authenticator - Global EAPOL authenticator data 26 */ 27 struct eapol_authenticator { 28 struct eapol_auth_config conf; 29 struct eapol_auth_cb cb; 30 31 u8 *default_wep_key; 32 u8 default_wep_key_idx; 33 }; 34 35 36 /** 37 * struct eapol_state_machine - Per-Supplicant Authenticator state machines 38 */ 39 struct eapol_state_machine { 40 /* timers */ 41 int aWhile; 42 int quietWhile; 43 int reAuthWhen; 44 45 /* global variables */ 46 bool authAbort; 47 bool authFail; 48 PortState authPortStatus; 49 bool authStart; 50 bool authTimeout; 51 bool authSuccess; 52 bool eapolEap; 53 bool initialize; 54 bool keyDone; 55 bool keyRun; 56 bool keyTxEnabled; 57 PortTypes portControl; 58 bool portValid; 59 bool reAuthenticate; 60 61 /* Port Timers state machine */ 62 /* 'bool tick' implicitly handled as registered timeout */ 63 64 /* Authenticator PAE state machine */ 65 enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING, 66 AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED, 67 AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH, 68 AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state; 69 /* variables */ 70 bool eapolLogoff; 71 bool eapolStart; 72 PortTypes portMode; 73 unsigned int reAuthCount; 74 /* constants */ 75 unsigned int quietPeriod; /* default 60; 0..65535 */ 76 #define AUTH_PAE_DEFAULT_quietPeriod 60 77 unsigned int reAuthMax; /* default 2 */ 78 #define AUTH_PAE_DEFAULT_reAuthMax 2 79 /* counters */ 80 Counter authEntersConnecting; 81 Counter authEapLogoffsWhileConnecting; 82 Counter authEntersAuthenticating; 83 Counter authAuthSuccessesWhileAuthenticating; 84 Counter authAuthTimeoutsWhileAuthenticating; 85 Counter authAuthFailWhileAuthenticating; 86 Counter authAuthEapStartsWhileAuthenticating; 87 Counter authAuthEapLogoffWhileAuthenticating; 88 Counter authAuthReauthsWhileAuthenticated; 89 Counter authAuthEapStartsWhileAuthenticated; 90 Counter authAuthEapLogoffWhileAuthenticated; 91 92 /* Backend Authentication state machine */ 93 enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS, 94 BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE, 95 BE_AUTH_IGNORE 96 } be_auth_state; 97 /* constants */ 98 unsigned int serverTimeout; /* default 30; 1..X */ 99 #define BE_AUTH_DEFAULT_serverTimeout 30 100 /* counters */ 101 Counter backendResponses; 102 Counter backendAccessChallenges; 103 Counter backendOtherRequestsToSupplicant; 104 Counter backendAuthSuccesses; 105 Counter backendAuthFails; 106 107 /* Reauthentication Timer state machine */ 108 enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE 109 } reauth_timer_state; 110 /* constants */ 111 unsigned int reAuthPeriod; /* default 3600 s */ 112 bool reAuthEnabled; 113 114 /* Authenticator Key Transmit state machine */ 115 enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT 116 } auth_key_tx_state; 117 118 /* Key Receive state machine */ 119 enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state; 120 /* variables */ 121 bool rxKey; 122 123 /* Controlled Directions state machine */ 124 enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state; 125 /* variables */ 126 ControlledDirection adminControlledDirections; 127 ControlledDirection operControlledDirections; 128 bool operEdge; 129 130 /* Authenticator Statistics Table */ 131 Counter dot1xAuthEapolFramesRx; 132 Counter dot1xAuthEapolFramesTx; 133 Counter dot1xAuthEapolStartFramesRx; 134 Counter dot1xAuthEapolLogoffFramesRx; 135 Counter dot1xAuthEapolRespIdFramesRx; 136 Counter dot1xAuthEapolRespFramesRx; 137 Counter dot1xAuthEapolReqIdFramesTx; 138 Counter dot1xAuthEapolReqFramesTx; 139 Counter dot1xAuthInvalidEapolFramesRx; 140 Counter dot1xAuthEapLengthErrorFramesRx; 141 Counter dot1xAuthLastEapolFrameVersion; 142 143 /* Other variables - not defined in IEEE 802.1X */ 144 u8 addr[ETH_ALEN]; /* Supplicant address */ 145 int flags; /* EAPOL_SM_* */ 146 147 /* EAPOL/AAA <-> EAP full authenticator interface */ 148 struct eap_eapol_interface *eap_if; 149 150 int radius_identifier; 151 /* TODO: check when the last messages can be released */ 152 struct radius_msg *last_recv_radius; 153 u8 last_eap_id; /* last used EAP Identifier */ 154 u8 *identity; 155 size_t identity_len; 156 u8 eap_type_authsrv; /* EAP type of the last EAP packet from 157 * Authentication server */ 158 u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */ 159 struct radius_class_data radius_class; 160 struct wpabuf *radius_cui; /* Chargeable-User-Identity */ 161 162 struct eap_sm *eap; 163 164 bool initializing; /* in process of initializing state machines */ 165 bool changed; 166 167 struct eapol_authenticator *eapol; 168 169 void *sta; /* station context pointer to use in callbacks */ 170 171 int remediation; 172 173 u64 acct_multi_session_id; 174 175 unsigned int authenticated; /* The number of times authentication has 176 * been completed successfully. */ 177 bool stopped; 178 }; 179 180 #endif /* EAPOL_AUTH_SM_I_H */ 181