eap.h   [plain text]


/*
 * Copyright (c) 2003 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */
/*
 * eap.h - Extensible Authentication Protocol definitions.
 *
 * Redistribution and use in source and binary forms are permitted
 * provided that the above copyright notice and this paragraph are
 * duplicated in all such forms and that any documentation,
 * advertising materials, and other materials related to such
 * distribution and use acknowledge that the software was developed
 * by the author.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 *
 * $Id: eap.h,v 1.7 2004/08/03 23:11:15 lindak Exp $
 */

#ifndef __EAP_INCLUDE__

#include "eap_plugin.h"


/*
 *  Challenge lengths (for challenges we send) and other limits.
 */
#define MAX_EAP_RESPONSE_LENGTH	1024	/* Max len for the EAP data part */
#define MAX_NAME_LENGTH		256

/*
 * Extension structure for eap types.
 */

#define EAP_EXT_CLIENT		0x1	// support client mode  
#define EAP_EXT_SERVER 		0x2	// support server mode

typedef struct eap_ext {
    struct eap_ext 	*next;		// next extensiopn structure
    u_int8_t 		type;		// eap type
    char 		*name;		// extension name
    u_int32_t 		flags;		// support flags
    void		*plugin;	// used to keep ref of the plugin
    int (*init) __P((EAP_Input *eap_in, void **context));
    //int (*reinit) __P((void *context));
    int (*dispose) __P((void *context));
    int (*process) __P((void *context, EAP_Input *eap_in, EAP_Output *eap_out));
    int (*free) __P((void *context, EAP_Output *eap_out));
    int (*attribute) __P((void *context, EAP_Attribute *eap_attr));
    int (*interactive_ui) __P((void *data_in, int data_in_len, void **data_out, int *data_out_len));
    void (*print_packet) __P((void (*printer)(void *, char *, ...), void *arg, u_char code, char *inbuf, int insize));
    int (*identity) __P((char *identity, int maxlen));

} eap_ext;

/*
 * Each interface is described by a eap structure.
 */

typedef struct eap_state {
    int unit;			/* Interface unit number */
 
    int clientstate;		/* Client state */
    int serverstate;		/* Server state */

    char *our_identity;		/* Our identity name */
    char *username;		/* the user name (only for client mode) */
    char *password;		/* the password (only for client mode) */
    char peer_identity[MAX_NAME_LENGTH];	/* peer name discovered with identity request */

    u_char req_id;		/* ID of last challenge */
    u_char resp_id;		/* ID of last response */
    u_char req_type;		/* last request type  */
    int req_interval;		/* Time until we challenge peer again */
    int timeouttime;		/* Timeout time in seconds */
    int max_transmits;		/* Maximum # of challenge transmissions */
    int req_transmits;		/* Number of transmissions of challenge */

    eap_ext *client_ext;	/* client eap extension */
    void *client_ext_ctx;	/* client eap extension context */
    EAP_Input *client_ext_input;	/* client eap extension input structure */
    EAP_Output *client_ext_output;	/* client eap extension output structure */
    int client_ext_ui_fds[2];	/* files descriptors for UI thread */
    void *client_ext_ui_data;	/* UI data */
    int client_ext_ui_data_len;	/* UI data len */
    pthread_t client_ui_thread; /* UI thread */
    
    eap_ext *server_ext;	/* server eap extension */
    void *server_ext_ctx;	/* server eap extension context */
    EAP_Input *server_ext_input;	/* server eap extension input structure */
    EAP_Output *server_ext_output;	/* server eap extension output structure */

} eap_state;


int EapExtAdd(eap_ext *newext);

/*
 * Client (peer) states.
 */
#define EAPCS_INITIAL		0	/* Lower layer down, not opened */
#define EAPCS_CLOSED		1	/* Lower layer up, not opened */
#define EAPCS_PENDING		2	/* Auth us to peer when lower up */
#define EAPCS_LISTEN		3	/* Listening for a challenge */
#define EAPCS_OPEN		4	/* We've received Success */

/*
 * Server (authenticator) states.
 */
#define EAPSS_INITIAL		0	/* Lower layer down, not opened */
#define EAPSS_CLOSED		1	/* Lower layer up, not opened */
#define EAPSS_PENDING		2	/* Auth peer when lower up */
#define EAPSS_INITIAL_CHAL	3	/* We've sent the first challenge */
#define EAPSS_OPEN		4	/* We've sent a Success msg */
#define EAPSS_RECHALLENGE	5	/* We've sent another challenge */
#define EAPSS_BADAUTH		6	/* We've sent a Failure msg */

/*
 * Timeouts.
 */
#define EAP_DEFTIMEOUT		3	/* Timeout time in seconds */
#define EAP_DEFTRANSMITS	10	/* max # times to send challenge */

extern eap_state eap[];

void EapAuthWithPeer __P((int, char *));
void EapAuthPeer __P((int, char *));
void EapGenChallenge __P((eap_state *));
void EapLostSuccess __P((int));
void EapLostFailure __P((int));

int EapGetClientSecret(void *cookie, u_char *our_name, u_char *peer_name, u_char *secret, int *secretlen);
int EapGetServerSecret(void *cookie, u_char *our_name, u_char *peer_name, u_char *secret, int *secretlen);

int EAPAllowedAddr(int unit, u_int32_t addr);

int reqeap(char **);

extern struct protent eap_protent;

#define __EAP_INCLUDE__
#endif /* __EAP_INCLUDE__ */