📄 eapol_sm.c

📁 hostapd无线ＡＰ工具
💻 C
📖 第 1 页 / 共 2 页
字号:
上一页 12
			SM_ENTER(KEY_RX, KEY_RECEIVE);		break;	case KEY_RX_KEY_RECEIVE:		if (sm->key_rx.rxKey)			SM_ENTER(KEY_RX, KEY_RECEIVE);		break;	}}/* Controlled Directions state machine */SM_STATE(CTRL_DIR, FORCE_BOTH){	SM_ENTRY(CTRL_DIR, FORCE_BOTH, ctrl_dir);	sm->ctrl_dir.operControlledDirections = Both;}SM_STATE(CTRL_DIR, IN_OR_BOTH){	SM_ENTRY(CTRL_DIR, IN_OR_BOTH, ctrl_dir);	sm->ctrl_dir.operControlledDirections =		sm->ctrl_dir.adminControlledDirections;}SM_STEP(CTRL_DIR){	if (sm->initialize) {		SM_ENTER(CTRL_DIR, IN_OR_BOTH);		return;	}	switch (sm->ctrl_dir.state) {	case CTRL_DIR_FORCE_BOTH:		if (sm->portEnabled && sm->ctrl_dir.operEdge)			SM_ENTER(CTRL_DIR, IN_OR_BOTH);		break;	case CTRL_DIR_IN_OR_BOTH:		if (sm->ctrl_dir.operControlledDirections !=		    sm->ctrl_dir.adminControlledDirections)			SM_ENTER(CTRL_DIR, IN_OR_BOTH);		if (!sm->portEnabled || !sm->ctrl_dir.operEdge)			SM_ENTER(CTRL_DIR, FORCE_BOTH);		break;	}}struct eapol_state_machine *eapol_sm_alloc(hostapd *hapd, struct sta_info *sta){	struct eapol_state_machine *sm;	sm = (struct eapol_state_machine *) malloc(sizeof(*sm));	if (sm == NULL) {		printf("IEEE 802.1X port state allocation failed\n");		return NULL;	}	memset(sm, 0, sizeof(*sm));	sm->radius_identifier = -1;	memcpy(sm->addr, sta->addr, ETH_ALEN);	if (sta->flags & WLAN_STA_PREAUTH)		sm->flags |= EAPOL_SM_PREAUTH;	sm->hapd = hapd;	sm->sta = sta;	/* Set default values for state machine constants */	sm->auth_pae.state = AUTH_PAE_INITIALIZE;	sm->auth_pae.quietPeriod = AUTH_PAE_DEFAULT_quietPeriod;	sm->auth_pae.reAuthMax = AUTH_PAE_DEFAULT_reAuthMax;	sm->be_auth.state = BE_AUTH_INITIALIZE;	sm->be_auth.serverTimeout = BE_AUTH_DEFAULT_serverTimeout;	sm->reauth_timer.state = REAUTH_TIMER_INITIALIZE;	sm->reauth_timer.reAuthPeriod = hapd->conf->eap_reauth_period;	sm->reauth_timer.reAuthEnabled = hapd->conf->eap_reauth_period > 0 ?		TRUE : FALSE;	sm->auth_key_tx.state = AUTH_KEY_TX_NO_KEY_TRANSMIT;	sm->key_rx.state = KEY_RX_NO_KEY_RECEIVE;	sm->ctrl_dir.state = CTRL_DIR_IN_OR_BOTH;	sm->portEnabled = FALSE;	sm->portControl = Auto;	sm->keyAvailable = FALSE;	if (!hapd->conf->wpa &&	    (hapd->default_wep_key || hapd->conf->individual_wep_key_len > 0))		sm->keyTxEnabled = TRUE;	else		sm->keyTxEnabled = FALSE;	if (hapd->conf->wpa)		sm->portValid = FALSE;	else		sm->portValid = TRUE;	if (hapd->conf->eap_server) {		struct eap_config eap_conf;		memset(&eap_conf, 0, sizeof(eap_conf));		eap_conf.ssl_ctx = hapd->ssl_ctx;		eap_conf.eap_sim_db_priv = hapd->eap_sim_db_priv;		sm->eap = eap_sm_init(sm, &eapol_cb, &eap_conf);		if (sm->eap == NULL) {			eapol_sm_free(sm);			return NULL;		}	}	eapol_sm_initialize(sm);	return sm;}void eapol_sm_free(struct eapol_state_machine *sm){	if (sm == NULL)		return;	eloop_cancel_timeout(eapol_port_timers_tick, sm->hapd, sm);	if (sm->eap)		eap_sm_deinit(sm->eap);	free(sm);}static int eapol_sm_sta_entry_alive(struct hostapd_data *hapd, u8 *addr){	struct sta_info *sta;	sta = ap_get_sta(hapd, addr);	if (sta == NULL || sta->eapol_sm == NULL)		return 0;	return 1;}void eapol_sm_step(struct eapol_state_machine *sm){	struct hostapd_data *hapd = sm->hapd;	u8 addr[ETH_ALEN];	int prev_auth_pae, prev_be_auth, prev_reauth_timer, prev_auth_key_tx,		prev_key_rx, prev_ctrl_dir;	/* FIX: could re-run eapol_sm_step from registered timeout (after	 * 0 sec) to make sure that other possible timeouts/events are	 * processed */	memcpy(addr, sm->sta->addr, ETH_ALEN);restart:	do {		prev_auth_pae = sm->auth_pae.state;		prev_be_auth = sm->be_auth.state;		prev_reauth_timer = sm->reauth_timer.state;		prev_auth_key_tx = sm->auth_key_tx.state;		prev_key_rx = sm->key_rx.state;		prev_ctrl_dir = sm->ctrl_dir.state;		SM_STEP_RUN(AUTH_PAE);		if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))			break;		SM_STEP_RUN(BE_AUTH);		if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))			break;		SM_STEP_RUN(REAUTH_TIMER);		if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))			break;		SM_STEP_RUN(AUTH_KEY_TX);		if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))			break;		SM_STEP_RUN(KEY_RX);		if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))			break;		SM_STEP_RUN(CTRL_DIR);		if (!sm->initializing && !eapol_sm_sta_entry_alive(hapd, addr))			break;	} while (prev_auth_pae != sm->auth_pae.state ||		 prev_be_auth != sm->be_auth.state ||		 prev_reauth_timer != sm->reauth_timer.state ||		 prev_auth_key_tx != sm->auth_key_tx.state ||		 prev_key_rx != sm->key_rx.state ||		 prev_ctrl_dir != sm->ctrl_dir.state);	if (eapol_sm_sta_entry_alive(hapd, addr) && sm->eap) {		if (eap_sm_step(sm->eap))			goto restart;	}	if (eapol_sm_sta_entry_alive(hapd, addr))		wpa_sm_notify(sm->hapd, sm->sta);}void eapol_sm_initialize(struct eapol_state_machine *sm){	sm->initializing = TRUE;	/* Initialize the state machines by asserting initialize and then	 * deasserting it after one step */	sm->initialize = TRUE;	eapol_sm_step(sm);	sm->initialize = FALSE;	eapol_sm_step(sm);	sm->initializing = FALSE;	/* Start one second tick for port timers state machine */	eloop_cancel_timeout(eapol_port_timers_tick, sm->hapd, sm);	eloop_register_timeout(1, 0, eapol_port_timers_tick, sm->hapd, sm);}#ifdef HOSTAPD_DUMP_STATEstatic inline const char * port_type_txt(PortTypes pt){	switch (pt) {	case ForceUnauthorized: return "ForceUnauthorized";	case ForceAuthorized: return "ForceAuthorized";	case Auto: return "Auto";	default: return "Unknown";	}}static inline const char * port_state_txt(PortState ps){	switch (ps) {	case Unauthorized: return "Unauthorized";	case Authorized: return "Authorized";	default: return "Unknown";	}}static inline const char * ctrl_dir_txt(ControlledDirection dir){	switch (dir) {	case Both: return "Both";	case In: return "In";	default: return "Unknown";	}}static inline const char * auth_pae_state_txt(int s){	switch (s) {	case AUTH_PAE_INITIALIZE: return "INITIALIZE";	case AUTH_PAE_DISCONNECTED: return "DISCONNECTED";	case AUTH_PAE_CONNECTING: return "CONNECTING";	case AUTH_PAE_AUTHENTICATING: return "AUTHENTICATING";	case AUTH_PAE_AUTHENTICATED: return "AUTHENTICATED";	case AUTH_PAE_ABORTING: return "ABORTING";	case AUTH_PAE_HELD: return "HELD";	case AUTH_PAE_FORCE_AUTH: return "FORCE_AUTH";	case AUTH_PAE_FORCE_UNAUTH: return "FORCE_UNAUTH";	case AUTH_PAE_RESTART: return "RESTART";	default: return "Unknown";	}}static inline const char * be_auth_state_txt(int s){	switch (s) {	case BE_AUTH_REQUEST: return "REQUEST";	case BE_AUTH_RESPONSE: return "RESPONSE";	case BE_AUTH_SUCCESS: return "SUCCESS";	case BE_AUTH_FAIL: return "FAIL";	case BE_AUTH_TIMEOUT: return "TIMEOUT";	case BE_AUTH_IDLE: return "IDLE";	case BE_AUTH_INITIALIZE: return "INITIALIZE";	case BE_AUTH_IGNORE: return "IGNORE";	default: return "Unknown";	}}static inline const char * reauth_timer_state_txt(int s){	switch (s) {	case REAUTH_TIMER_INITIALIZE: return "INITIALIZE";	case REAUTH_TIMER_REAUTHENTICATE: return "REAUTHENTICATE";	default: return "Unknown";	}}static inline const char * auth_key_tx_state_txt(int s){	switch (s) {	case AUTH_KEY_TX_NO_KEY_TRANSMIT: return "NO_KEY_TRANSMIT";	case AUTH_KEY_TX_KEY_TRANSMIT: return "KEY_TRANSMIT";	default: return "Unknown";	}}static inline const char * key_rx_state_txt(int s){	switch (s) {	case KEY_RX_NO_KEY_RECEIVE: return "NO_KEY_RECEIVE";	case KEY_RX_KEY_RECEIVE: return "KEY_RECEIVE";	default: return "Unknown";	}}static inline const char * ctrl_dir_state_txt(int s){	switch (s) {	case CTRL_DIR_FORCE_BOTH: return "FORCE_BOTH";	case CTRL_DIR_IN_OR_BOTH: return "IN_OR_BOTH";	default: return "Unknown";	}}void eapol_sm_dump_state(FILE *f, const char *prefix,			 struct eapol_state_machine *sm){	fprintf(f, "%sEAPOL state machine:\n", prefix);	fprintf(f, "%s  aWhile=%d quietWhile=%d reAuthWhen=%d\n", prefix,		sm->aWhile, sm->quietWhile, sm->reAuthWhen);#define _SB(b) ((b) ? "TRUE" : "FALSE")	fprintf(f,		"%s  authAbort=%s authFail=%s authPortStatus=%s authStart=%s\n"		"%s  authTimeout=%s authSuccess=%s eapFail=%s eapolEap=%s\n"		"%s  eapSuccess=%s eapTimeout=%s initialize=%s "		"keyAvailable=%s\n"		"%s  keyDone=%s keyRun=%s keyTxEnabled=%s portControl=%s\n"		"%s  portEnabled=%s portValid=%s reAuthenticate=%s\n",		prefix, _SB(sm->authAbort), _SB(sm->authFail),		port_state_txt(sm->authPortStatus), _SB(sm->authStart),		prefix, _SB(sm->authTimeout), _SB(sm->authSuccess),		_SB(sm->eapFail), _SB(sm->eapolEap),		prefix, _SB(sm->eapSuccess), _SB(sm->eapTimeout),		_SB(sm->initialize), _SB(sm->keyAvailable),		prefix, _SB(sm->keyDone), _SB(sm->keyRun),		_SB(sm->keyTxEnabled), port_type_txt(sm->portControl),		prefix, _SB(sm->portEnabled), _SB(sm->portValid),		_SB(sm->reAuthenticate));	fprintf(f, "%s  Authenticator PAE:\n"		"%s    state=%s\n"		"%s    eapolLogoff=%s eapolStart=%s eapRestart=%s\n"		"%s    portMode=%s reAuthCount=%d\n"		"%s    quietPeriod=%d reAuthMax=%d\n"		"%s    authEntersConnecting=%d\n"		"%s    authEapLogoffsWhileConnecting=%d\n"		"%s    authEntersAuthenticating=%d\n"		"%s    authAuthSuccessesWhileAuthenticating=%d\n"		"%s    authAuthTimeoutsWhileAuthenticating=%d\n"		"%s    authAuthFailWhileAuthenticating=%d\n"		"%s    authAuthEapStartsWhileAuthenticating=%d\n"		"%s    authAuthEapLogoffWhileAuthenticating=%d\n"		"%s    authAuthReauthsWhileAuthenticated=%d\n"		"%s    authAuthEapStartsWhileAuthenticated=%d\n"		"%s    authAuthEapLogoffWhileAuthenticated=%d\n",		prefix, prefix, auth_pae_state_txt(sm->auth_pae.state), prefix,		_SB(sm->auth_pae.eapolLogoff), _SB(sm->auth_pae.eapolStart),		_SB(sm->auth_pae.eapRestart), prefix,		port_type_txt(sm->auth_pae.portMode), sm->auth_pae.reAuthCount,		prefix, sm->auth_pae.quietPeriod, sm->auth_pae.reAuthMax,		prefix, sm->auth_pae.authEntersConnecting,		prefix, sm->auth_pae.authEapLogoffsWhileConnecting,		prefix, sm->auth_pae.authEntersAuthenticating,		prefix, sm->auth_pae.authAuthSuccessesWhileAuthenticating,		prefix, sm->auth_pae.authAuthTimeoutsWhileAuthenticating,		prefix, sm->auth_pae.authAuthFailWhileAuthenticating,		prefix, sm->auth_pae.authAuthEapStartsWhileAuthenticating,		prefix, sm->auth_pae.authAuthEapLogoffWhileAuthenticating,		prefix, sm->auth_pae.authAuthReauthsWhileAuthenticated,		prefix, sm->auth_pae.authAuthEapStartsWhileAuthenticated,		prefix, sm->auth_pae.authAuthEapLogoffWhileAuthenticated);	fprintf(f, "%s  Backend Authentication:\n"		"%s    state=%s\n"		"%s    eapNoReq=%s eapReq=%s eapResp=%s\n"		"%s    serverTimeout=%d\n"		"%s    backendResponses=%d\n"		"%s    backendAccessChallenges=%d\n"		"%s    backendOtherRequestsToSupplicant=%d\n"		"%s    backendAuthSuccesses=%d\n"		"%s    backendAuthFails=%d\n",		prefix, prefix,		be_auth_state_txt(sm->be_auth.state),		prefix, _SB(sm->be_auth.eapNoReq), _SB(sm->be_auth.eapReq),		_SB(sm->be_auth.eapResp),		prefix, sm->be_auth.serverTimeout,		prefix, sm->be_auth.backendResponses,		prefix, sm->be_auth.backendAccessChallenges,		prefix, sm->be_auth.backendOtherRequestsToSupplicant,		prefix, sm->be_auth.backendAuthSuccesses,		prefix, sm->be_auth.backendAuthFails);	fprintf(f, "%s  Reauthentication Timer:\n"		"%s    state=%s\n"		"%s    reAuthPeriod=%d reAuthEnabled=%s\n", prefix, prefix,		reauth_timer_state_txt(sm->reauth_timer.state), prefix,		sm->reauth_timer.reAuthPeriod,		_SB(sm->reauth_timer.reAuthEnabled));	fprintf(f, "%s  Authenticator Key Transmit:\n"		"%s    state=%s\n", prefix, prefix,		auth_key_tx_state_txt(sm->auth_key_tx.state));	fprintf(f, "%s  Key Receive:\n"		"%s    state=%s\n"		"%s    rxKey=%s\n", prefix, prefix,		key_rx_state_txt(sm->key_rx.state),		prefix, _SB(sm->key_rx.rxKey));	fprintf(f, "%s  Controlled Directions:\n"		"%s    state=%s\n"		"%s    adminControlledDirections=%s "		"operControlledDirections=%s\n"		"%s    operEdge=%s\n", prefix, prefix,		ctrl_dir_state_txt(sm->ctrl_dir.state),		prefix, ctrl_dir_txt(sm->ctrl_dir.adminControlledDirections),		ctrl_dir_txt(sm->ctrl_dir.operControlledDirections),		prefix, _SB(sm->ctrl_dir.operEdge));#undef _SB}#endif /* HOSTAPD_DUMP_STATE */static Boolean eapol_sm_get_bool(void *ctx, enum eapol_bool_var variable){	struct eapol_state_machine *sm = ctx;	if (sm == NULL)		return FALSE;	switch (variable) {	case EAPOL_eapSuccess:		return sm->eapSuccess;	case EAPOL_eapRestart:		return sm->auth_pae.eapRestart;	case EAPOL_eapFail:		return sm->eapFail;	case EAPOL_eapResp:		return sm->be_auth.eapResp;	case EAPOL_eapReq:		return sm->be_auth.eapReq;	case EAPOL_eapNoReq:		return sm->be_auth.eapNoReq;	case EAPOL_portEnabled:		return sm->portEnabled;	case EAPOL_eapTimeout:		return sm->eapTimeout;	}	return FALSE;}static void eapol_sm_set_bool(void *ctx, enum eapol_bool_var variable,			      Boolean value){	struct eapol_state_machine *sm = ctx;	if (sm == NULL)		return;	switch (variable) {	case EAPOL_eapSuccess:		sm->eapSuccess = value;		break;	case EAPOL_eapRestart:		sm->auth_pae.eapRestart = value;		break;	case EAPOL_eapFail:		sm->eapFail = value;		break;	case EAPOL_eapResp:		sm->be_auth.eapResp = value;		break;	case EAPOL_eapReq:		sm->be_auth.eapReq = value;		break;	case EAPOL_eapNoReq:		sm->be_auth.eapNoReq = value;		break;	case EAPOL_portEnabled:		sm->portEnabled = value;		break;	case EAPOL_eapTimeout:		sm->eapTimeout = value;		break;	}}static void eapol_sm_set_eapReqData(void *ctx, const u8 *eapReqData,				    size_t eapReqDataLen){	struct eapol_state_machine *sm = ctx;	if (sm == NULL)		return;	free(sm->last_eap_radius);	sm->last_eap_radius = malloc(eapReqDataLen);	if (sm->last_eap_radius == NULL)		return;	memcpy(sm->last_eap_radius, eapReqData, eapReqDataLen);	sm->last_eap_radius_len = eapReqDataLen;}static void eapol_sm_set_eapKeyData(void *ctx, const u8 *eapKeyData,				    size_t eapKeyDataLen){	struct eapol_state_machine *sm = ctx;	struct hostapd_data *hapd;	if (sm == NULL)		return;	hapd = sm->hapd;	if (eapKeyData && eapKeyDataLen >= 64) {		free(sm->eapol_key_sign);		free(sm->eapol_key_crypt);		sm->eapol_key_crypt = malloc(32);		if (sm->eapol_key_crypt) {			memcpy(sm->eapol_key_crypt, eapKeyData, 32);			sm->eapol_key_crypt_len = 32;		}		sm->eapol_key_sign = malloc(32);		if (sm->eapol_key_sign) {			memcpy(sm->eapol_key_sign, eapKeyData + 32, 32);			sm->eapol_key_sign_len = 32;		}		if (hapd->default_wep_key ||		    hapd->conf->individual_wep_key_len > 0 ||		    hapd->conf->wpa)			sm->keyAvailable = TRUE;	} else {		free(sm->eapol_key_sign);		free(sm->eapol_key_crypt);		sm->eapol_key_sign = NULL;		sm->eapol_key_crypt = NULL;		sm->eapol_key_sign_len = 0;		sm->eapol_key_crypt_len = 0;		sm->keyAvailable = FALSE;	}}static int eapol_sm_get_eap_user(void *ctx, const u8 *identity,				 size_t identity_len, int phase2,				 struct eap_user *user){	struct eapol_state_machine *sm = ctx;	const struct hostapd_eap_user *eap_user;	eap_user = hostapd_get_eap_user(sm->hapd->conf, identity,					identity_len, phase2);	if (eap_user == NULL)		return -1;	memset(user, 0, sizeof(*user));	user->phase2 = phase2;	memcpy(user->methods, eap_user->methods,	       EAP_USER_MAX_METHODS > EAP_MAX_METHODS ?	       EAP_USER_MAX_METHODS : EAP_MAX_METHODS);	if (eap_user->password) {		user->password = malloc(eap_user->password_len);		if (user->password == NULL)			return -1;		memcpy(user->password, eap_user->password,		       eap_user->password_len);		user->password_len = eap_user->password_len;	}	user->force_version = eap_user->force_version;	return 0;}static const char * eapol_sm_get_eap_req_id_text(void *ctx, size_t *len){	struct eapol_state_machine *sm = ctx;	*len = sm->hapd->conf->eap_req_id_text_len;	return sm->hapd->conf->eap_req_id_text;}static struct eapol_callbacks eapol_cb ={	.get_bool = eapol_sm_get_bool,	.set_bool = eapol_sm_set_bool,	.set_eapReqData = eapol_sm_set_eapReqData,	.set_eapKeyData = eapol_sm_set_eapKeyData,	.get_eap_user = eapol_sm_get_eap_user,	.get_eap_req_id_text = eapol_sm_get_eap_req_id_text,};
上一页 12
💿 文件大小 260 K
👤 上传用户 xiaotiao
📂 所属分类网络
🏷️ 相关标签

#hostapd #无线
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -