| Brian Waters | 13d9601 | 2017-12-08 16:53:31 -0600 | [diff] [blame^] | 1 | /***************************************************************************************************** |
| 2 | * Software License Agreement (BSD License) |
| 3 | * Author : Souheil Ben Ayed <souheil@tera.ics.keio.ac.jp> |
| 4 | * |
| 5 | * Copyright (c) 2009-2010, Souheil Ben Ayed, Teraoka Laboratory of Keio University, and the WIDE Project |
| 6 | * All rights reserved. |
| 7 | * |
| 8 | * Redistribution and use of this software in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions are met: |
| 10 | * |
| 11 | * 1. Redistributions of source code must retain the above copyright |
| 12 | * notice, this list of conditions and the following disclaimer. |
| 13 | * |
| 14 | * 2. Redistributions in binary form must reproduce the above copyright |
| 15 | * notice, this list of conditions and the following disclaimer in the |
| 16 | * documentation and/or other materials provided with the distribution. |
| 17 | * |
| 18 | * 3. All advertising materials mentioning features or use of this software |
| 19 | * must display the following acknowledgement: |
| 20 | * This product includes software developed by Souheil Ben Ayed <souheil@tera.ics.keio.ac.jp>. |
| 21 | * |
| 22 | * 4. Neither the name of Souheil Ben Ayed, Teraoka Laboratory of Keio University or the WIDE Project nor the |
| 23 | * names of its contributors may be used to endorse or promote products |
| 24 | * derived from this software without specific prior written permission. |
| 25 | * |
| 26 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ''AS IS'' AND ANY |
| 27 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
| 28 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
| 29 | * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY |
| 30 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
| 31 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| 32 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
| 33 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 34 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
| 35 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | *****************************************************************************************************/ |
| 37 | |
| 38 | |
| 39 | #ifndef LIBDIAMEAP_H_ |
| 40 | #define LIBDIAMEAP_H_ |
| 41 | |
| 42 | #include <freeDiameter/extension.h> |
| 43 | |
| 44 | #define DIAMEAP_EXTENSION "[DiamEAP extension] " |
| 45 | |
| 46 | #include "diameap_defs.h" |
| 47 | #include "diameap_eappacket.h" |
| 48 | #include "diameap_user.h" |
| 49 | #include "diameap_mysql.h" |
| 50 | |
| 51 | #include <math.h> |
| 52 | #include <dlfcn.h> |
| 53 | |
| 54 | |
| 55 | /* authentication and authorization attributes */ |
| 56 | |
| 57 | struct auth_attribute |
| 58 | { |
| 59 | struct fd_list chain; |
| 60 | char * attrib; |
| 61 | char * op; |
| 62 | char * value; |
| 63 | }; |
| 64 | |
| 65 | struct avp_attribute |
| 66 | { |
| 67 | struct fd_list chain; |
| 68 | char * attrib; |
| 69 | union avp_value value; |
| 70 | int tofree; |
| 71 | }; |
| 72 | |
| 73 | |
| 74 | /************************************************/ |
| 75 | /* EAP Methods plugins */ |
| 76 | /************************************************/ |
| 77 | |
| 78 | /* The register functions of an EAP method */ |
| 79 | struct register_plugin |
| 80 | { |
| 81 | char * configure; |
| 82 | char * init; |
| 83 | char * initPickUp; |
| 84 | char * buildReq; |
| 85 | char * isDone; |
| 86 | char * process; |
| 87 | char * check; |
| 88 | char * getTimeout; |
| 89 | char * getKey; |
| 90 | char * unregister; |
| 91 | char * datafree; |
| 92 | }; |
| 93 | |
| 94 | struct eap_state_machine; |
| 95 | /* List of plugins to load ( only EAP methods declared in the configuration file will be loaded) */ |
| 96 | struct plugin |
| 97 | { |
| 98 | struct fd_list chain; /* link in the list */ |
| 99 | u32 vendor; /* vendor*/ |
| 100 | const char *methodname; /* name of the EAP method*/ |
| 101 | eap_type methodtype; /* type number of the EAP method */ |
| 102 | char *pluginfile; /* plugin filename */ |
| 103 | char *conffile; /* optional configuration file name for the method */ |
| 104 | void *handler; /* object returned by dlopen() */ |
| 105 | int (*eap_method_configure)(char * configfile); /* (Optional) address of the eap_method_configure method */ |
| 106 | int (*eap_method_init)(struct eap_state_machine *smd); /* address of the eap_method_init method */ |
| 107 | int (*eap_method_initPickUp)(struct eap_state_machine *smd); /* address of the eap_method_initPickUp method */ |
| 108 | int (*eap_method_buildReq)(struct eap_state_machine *smd, |
| 109 | u8 identifier,struct eap_packet * eapPacket); /* address of the eap_method_buildReq method */ |
| 110 | int (*eap_method_getTimeout)(struct eap_state_machine *smd, int * timeout); /* address of the eap_method_getTimeout method */ |
| 111 | boolean (*eap_method_check)(struct eap_state_machine *smd, |
| 112 | struct eap_packet * eapRespData); /* address of the eap_method_check method */ |
| 113 | int (*eap_method_process)(struct eap_state_machine *smd, |
| 114 | struct eap_packet * eapRespData); /* address of the eap_method_process method */ |
| 115 | boolean (*eap_method_isDone)(struct eap_state_machine *smd); /* address of the eap_method_isDone method */ |
| 116 | int (*eap_method_getKey)(struct eap_state_machine *smd, u8 ** msk,int *msklength, |
| 117 | u8 ** emsk,int *emsklength); /* address of the eap_method_getKey method */ |
| 118 | void (*eap_method_unregister)(void); /* (Optional) address of the eap_method_unregister method */ |
| 119 | void (*eap_method_free)(void *); /* (Optional) address of the eap_method_datafree method */ |
| 120 | |
| 121 | }; |
| 122 | |
| 123 | |
| 124 | /************************************************/ |
| 125 | /* EAP State Machine */ |
| 126 | /************************************************/ |
| 127 | |
| 128 | /* EAP Policy Decision */ |
| 129 | typedef enum |
| 130 | { |
| 131 | DECISION_FAILURE = 0, DECISION_SUCCESS = 1, DECISION_CONTINUE = 2 |
| 132 | } decision; |
| 133 | |
| 134 | typedef enum |
| 135 | { |
| 136 | EAP_M_END, EAP_M_CONTINUE, EAP_M_PROPOSED |
| 137 | } eap_method_state; |
| 138 | |
| 139 | /* EAP Backend Authenticator State Machine (RFC4137) */ |
| 140 | /* Most of variables are described in the part 6 of the RFC 4137 */ |
| 141 | /* */ |
| 142 | struct eap_state_machine |
| 143 | { |
| 144 | /*Local state Machine Variables*/ |
| 145 | |
| 146 | /* Long-Term (Maintained between Packets) */ |
| 147 | eap_type currentMethod; |
| 148 | u32 currentVendor; |
| 149 | int currentId; |
| 150 | int lastId; |
| 151 | void * methodData; |
| 152 | struct plugin *selectedMethod; |
| 153 | u8 NAKproposedMethods[251]; |
| 154 | |
| 155 | eap_method_state methodState; |
| 156 | |
| 157 | struct eap_user user; |
| 158 | |
| 159 | /* Short-Term (Not Maintained between exchanged Diameter EAP messages)*/ |
| 160 | boolean rxResp; |
| 161 | int respId; |
| 162 | eap_type respMethod; |
| 163 | int respVendorMethod; |
| 164 | u32 respVendor; |
| 165 | decision sm_decision; |
| 166 | enum |
| 167 | { |
| 168 | EAP_INITIALIZE, |
| 169 | EAP_PICK_UP_METHOD, |
| 170 | EAP_IDLE, |
| 171 | EAP_RECEIVED, |
| 172 | EAP_SEND_REQUEST, |
| 173 | EAP_INTEGRITY_CHECK, |
| 174 | EAP_METHOD_REQUEST, |
| 175 | EAP_METHOD_RESPONSE, |
| 176 | EAP_PROPOSE_METHOD, |
| 177 | EAP_NAK, |
| 178 | EAP_SELECT_ACTION, |
| 179 | EAP_END, |
| 180 | EAP_DISCARD |
| 181 | } eap_state; |
| 182 | |
| 183 | }; |
| 184 | |
| 185 | |
| 186 | |
| 187 | #endif /* LIBDIAMEAP_H_ */ |