![]() |
The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
|
Implement a common state machine for EAP-SIM, EAP-AKA, EAP-AKA'. More...
#include <freeradius-devel/eap/base.h>
#include <freeradius-devel/eap/types.h>
#include <freeradius-devel/server/pair.h>
#include <freeradius-devel/unlang/interpret.h>
#include <freeradius-devel/unlang/module.h>
#include <freeradius-devel/util/table.h>
#include <freeradius-devel/util/rand.h>
#include "base.h"
#include "state_machine.h"
#include "attrs.h"
Go to the source code of this file.
Macros | |
#define | CALL_SECTION(_x) |
#define | EAP_TLS_MPPE_KEY_LEN 32 |
#define | RESUME(_x) |
#define | RESUME_NO_RESULT(_x) |
#define | SECTION_RCODE_IGNORED |
Warn the user that the rcode they provided is being ignored in this section. | |
#define | SECTION_RCODE_PROCESS |
Trigger a state transition to FAILURE-NOTIFICATION if the section returned a failure code. | |
#define | STATE(_x) |
#define | STATE_GUARD(_x) |
#define | STATE_GUARD_NO_RESULT(_x) |
#define | STATE_NO_RESULT(_x) |
#define | STATE_SET(_new_state) state_set(request, talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t), state_ ## _new_state) |
#define | STATE_TRANSITION(_x) guard_ ## _x(p_result, mctx, request) |
Functions | |
static int | _eap_aka_sim_session_free (eap_aka_sim_session_t *eap_aka_sim_session) |
Zero out the eap_aka_sim_session when we free it to clear knowledge of secret keys. | |
static bool | after_authentication (eap_aka_sim_session_t *eap_aka_sim_session) |
Determine if we're after authentication. | |
static unlang_action_t | aka_challenge_request_send (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) |
Called after 'store session { ... }' and 'store pseudonym { ... }'. | |
return | CALL_SECTION (recv_common_identity_response) |
static int | checkcode_validate (request_t *request) |
Check &control.checkcode matches &reply.checkcode. | |
static void | client_error_debug (request_t *request) |
Print out the error the client returned. | |
static void | common_crypto_export (request_t *request, eap_aka_sim_session_t *eap_aka_sim_session, uint8_t const *hmac_extra_request, size_t hmac_extra_request_len, uint8_t const *hmac_extra_response, size_t hmac_extra_response_len) |
static unlang_action_t | common_reauthentication_request_compose (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, eap_aka_sim_session_t *eap_aka_sim_session) |
Send a EAP-Request/(AKA|SIM)-Reauthenticate message to the supplicant. | |
static unlang_action_t | common_reauthentication_request_send (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) |
Called after 'store session { ... }' and 'store pseudonym { ... }'. | |
static void | common_reply (request_t *request, eap_aka_sim_session_t *eap_aka_sim_session, uint16_t subtype) |
Export EAP-SIM/AKA['] attributes. | |
crypto_identity_set (request, eap_aka_sim_session,(uint8_t const *) eap_session->identity, talloc_array_length(eap_session->identity) - 1) | |
static void | crypto_identity_set (request_t *request, eap_aka_sim_session_t *eap_aka_sim_session, uint8_t const *identity, size_t len) |
Set the crypto identity from a received identity. | |
unlang_action_t | eap_aka_sim_state_machine_process (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) |
Resumes the state machine when receiving a new response packet. | |
fr_assert (0) | |
fr_pair_value_bstrdup_buffer (vp, eap_session->identity, true) | |
static void | identity_hint_pairs_add (fr_aka_sim_id_type_t *type_p, fr_aka_sim_method_hint_t *method_p, request_t *request, char const *identity) |
Based on the hint byte in the identity, add &Identity-Type and &Method-Hint attributes. | |
static int | identity_req_pairs_add (request_t *request, eap_aka_sim_session_t *eap_aka_sim_session) |
Add an Identity Request attribute to the reply. | |
static bool | identity_req_set_by_user (request_t *request, eap_aka_sim_session_t *eap_aka_sim_session) |
Sync up what identity we're requesting with attributes in the reply. | |
static int | identity_to_permanent_identity (request_t *request, fr_pair_t *in, eap_type_t eap_type, bool strip_hint) |
Copy the incoming identity to the permanent identity attribute. | |
if (!eap_session->identity) | |
if (!fr_cond_assert(request &&mctx &&eap_aka_sim_session)) RETURN_UNLANG_FAIL | |
if (!subtype_vp) goto fail | |
if (type==AKA_SIM_ID_TYPE_PERMANENT) | |
static int | mac_validate (request_t *request) |
Check &control.mac matches &reply.mac. | |
MEM (pair_append_request(&vp, attr_eap_aka_sim_identity) >=0) | |
static void | mod_signal (module_ctx_t const *mctx, request_t *request, UNUSED fr_signal_t action) |
Cancel a call to a submodule. | |
RESUME (clear_pseudonym) | |
Resume after 'clear pseudonym { ... }'. | |
RESUME (clear_session) | |
Resume after 'clear session { ... }'. | |
RESUME (load_pseudonym) | |
Resume after 'load pseudonym { ... }'. | |
RESUME (load_session) | |
Resume after 'load session { ... }'. | |
RESUME (recv_aka_authentication_reject) | |
Resume after 'recv Authentication-Reject { ... }'. | |
RESUME (recv_aka_challenge_response) | |
Resume after 'recv Challenge-Response { ... }'. | |
RESUME (recv_aka_identity_response) | |
Resume after 'recv Identity-Response { ... }' or 'recv AKA-Identity { ... }'. | |
RESUME (recv_aka_synchronization_failure) | |
Resume after 'recv Synchronization-Failure { ... }'. | |
RESUME (recv_common_client_error) | |
Resume after 'recv Client-Error { ... }'. | |
RESUME (recv_common_failure_notification_ack) | |
Resume after 'recv Failure-Notification-Ack { ... }'. | |
RESUME (recv_common_identity_response) | |
Resume after 'recv Identity-Response { ... }'. | |
RESUME (recv_common_reauthentication_response) | |
Resume after 'recv Reauthentication-Response { ... }'. | |
RESUME (recv_common_success_notification_ack) | |
Resume after 'recv Success-Notification-Ack { ... }'. | |
RESUME (recv_sim_challenge_response) | |
Resume after 'recv Challenge-Response { ... }'. | |
RESUME (recv_sim_start_response) | |
Resume after 'recv Identity-Response { ... }' or 'recv SIM-Start { ... }'. | |
RESUME (send_aka_challenge_request) | |
Resume after 'send Challenge-Request { ... }'. | |
RESUME (send_aka_identity_request) | |
Resume after 'send Identity-Request { ... }'. | |
RESUME (send_common_failure_notification) | |
Resume after 'send Failure-Notification { ... }'. | |
RESUME (send_common_reauthentication_request) | |
Resume after 'send Reauthentication-Request { ... }'. | |
RESUME (send_common_success_notification) | |
Resume after 'send Success-Notification { ... }'. | |
RESUME (send_eap_failure) | |
Resume after 'send EAP-Failure { ... }'. | |
RESUME (send_eap_success) | |
Resume after 'send EAP-Success { ... }'. | |
RESUME (send_sim_challenge_request) | |
Resume after 'send Challenge-Request { ... }'. | |
RESUME (send_sim_start) | |
Resume after 'send Start { ... }'. | |
RESUME (store_pseudonym) | |
Resume after 'store pseudonym { ... }'. | |
RESUME (store_session) | |
Resume after 'store session { ... }'. | |
static unlang_action_t | session_and_pseudonym_clear (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, eap_aka_sim_session_t *eap_aka_sim_session, module_method_t next) |
Implements a set of states for clearing out pseudonym and fastauth identities. | |
static unlang_action_t | session_and_pseudonym_store (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, eap_aka_sim_session_t *eap_aka_sim_session, module_method_t next) |
Implements a set of states for storing pseudonym and fastauth identities. | |
static unlang_action_t | sim_challenge_request_send (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) |
Called after 'store session { ... }' and 'store pseudonym { ... }'. | |
static int | sim_start_nonce_mt_check (request_t *request, eap_aka_sim_session_t *eap_aka_sim_session) |
Helper function to check for the presence and length of AT_NONCE_MT and copy its value into the keys structure. | |
static int | sim_start_selected_version_check (request_t *request, eap_aka_sim_session_t *eap_aka_sim_session) |
Helper function to check for the presence and length of AT_SELECTED_VERSION and copy its value into the keys structure. | |
STATE_GUARD (aka_challenge) | |
Enter the AKA-CHALLENGE state. | |
STATE_GUARD (aka_identity) | |
STATE_GUARD (common_challenge) | |
Enter the SIM-CHALLENGE or AKA-CHALLENGE state. | |
STATE_GUARD (common_failure_notification) | |
Enter the FAILURE-NOTIFICATION state. | |
STATE_GUARD (common_identity) | |
Enter the SIM-START or AKA-IDENTITY state. | |
STATE_GUARD (common_reauthentication) | |
STATE_GUARD (common_success_notification) | |
STATE_GUARD (eap_failure) | |
Enter EAP-FAILURE state. | |
STATE_GUARD (eap_success) | |
STATE_GUARD (sim_challenge) | |
Enter the SIM-CHALLENGE state. | |
STATE_GUARD (sim_start) | |
STATE_GUARD_NO_RESULT (aka_identity) | |
Enter the AKA-IDENTITY state. | |
STATE_GUARD_NO_RESULT (common_reauthentication) | |
Enter the REAUTHENTICATION state. | |
STATE_GUARD_NO_RESULT (common_success_notification) | |
Enter the SUCCESS-NOTIFICATION state. | |
STATE_GUARD_NO_RESULT (eap_success) | |
Enter EAP-SUCCESS state. | |
STATE_GUARD_NO_RESULT (sim_start) | |
Enter the SIM-START state. | |
STATE_NO_RESULT (common_success_notification) | |
SUCCESS-NOTIFICATION state - Continue the state machine after receiving a response to our EAP-Request/(AKA|SIM)-Notification. | |
static void | state_set (request_t *request, eap_aka_sim_session_t *eap_aka_sim_session, module_method_t new_state) |
Print debugging information, and write new state to eap_aka_sim_session->state. | |
switch (subtype_vp->vp_uint16) | |
Variables | |
aka_challenge | |
AKA-CHALLENGE state - Continue the state machine after receiving a response to our EAP-Request/SIM-Challenge. | |
aka_identity | |
AKA-IDENTITY state - Continue the state machine after receiving a response to our EAP-Request/AKA-Identity. | |
static fr_table_ptr_ordered_t const | aka_sim_state_table [] |
static size_t | aka_sim_state_table_len = NUM_ELEMENTS(aka_sim_state_table) |
common_failure_notification | |
FAILURE-NOTIFICATION state - Continue the state machine after receiving a response to our EAP-Request/(AKA|SIM)-Notification. | |
common_reauthentication | |
REAUTHENTICATION state - Continue the state machine after receiving a response to our EAP-Request/SIM-Start. | |
common_success_notification | |
eap_aka_sim_session_t * | eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t) |
eap_failure | |
FAILURE state - State machine exit point after sending EAP-Failure. | |
eap_success | |
SUCCESS state - State machine exit point after sending EAP-Success. | |
init | |
Enter the EAP-IDENTITY state. | |
eap_aka_sim_process_conf_t * | inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_process_conf_t) |
RETURN_UNLANG_FAIL | |
sim_challenge | |
SIM-CHALLENGE state - Continue the state machine after receiving a response to our EAP-Request/SIM-Challenge. | |
sim_start | |
SIM-START state - Continue the state machine after receiving a response to our EAP-Request/SIM-Start. | |
fr_pair_t * | subtype_vp = NULL |
fr_aka_sim_id_type_t | type |
fr_pair_t * | vp |
Implement a common state machine for EAP-SIM, EAP-AKA, EAP-AKA'.
Definition in file state_machine.c.
#define CALL_SECTION | ( | _x | ) |
Definition at line 74 of file state_machine.c.
#define EAP_TLS_MPPE_KEY_LEN 32 |
Definition at line 41 of file state_machine.c.
#define RESUME | ( | _x | ) |
Definition at line 52 of file state_machine.c.
#define RESUME_NO_RESULT | ( | _x | ) |
Definition at line 66 of file state_machine.c.
#define SECTION_RCODE_IGNORED |
Warn the user that the rcode they provided is being ignored in this section.
Definition at line 151 of file state_machine.c.
#define SECTION_RCODE_PROCESS |
Trigger a state transition to FAILURE-NOTIFICATION if the section returned a failure code.
Definition at line 166 of file state_machine.c.
#define STATE | ( | _x | ) |
Definition at line 44 of file state_machine.c.
#define STATE_GUARD | ( | _x | ) |
Definition at line 48 of file state_machine.c.
#define STATE_GUARD_NO_RESULT | ( | _x | ) |
Definition at line 61 of file state_machine.c.
#define STATE_NO_RESULT | ( | _x | ) |
Definition at line 56 of file state_machine.c.
#define STATE_SET | ( | _new_state | ) | state_set(request, talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t), state_ ## _new_state) |
Definition at line 216 of file state_machine.c.
#define STATE_TRANSITION | ( | _x | ) | guard_ ## _x(p_result, mctx, request) |
Definition at line 72 of file state_machine.c.
|
static |
Zero out the eap_aka_sim_session when we free it to clear knowledge of secret keys.
[in] | eap_aka_sim_session | to free. |
Definition at line 3699 of file state_machine.c.
|
inlinestatic |
Determine if we're after authentication.
Definition at line 221 of file state_machine.c.
|
static |
Called after 'store session { ... }' and 'store pseudonym { ... }'.
Definition at line 1070 of file state_machine.c.
return CALL_SECTION | ( | recv_common_identity_response | ) |
|
static |
Check &control.checkcode matches &reply.checkcode.
[in] | request | The current request. |
Definition at line 546 of file state_machine.c.
|
inlinestatic |
Print out the error the client returned.
Definition at line 229 of file state_machine.c.
|
static |
Definition at line 989 of file state_machine.c.
|
static |
Send a EAP-Request/(AKA|SIM)-Reauthenticate message to the supplicant.
Definition at line 1803 of file state_machine.c.
|
static |
Called after 'store session { ... }' and 'store pseudonym { ... }'.
Definition at line 1026 of file state_machine.c.
|
static |
Export EAP-SIM/AKA['] attributes.
Makes any internal data available as attributes in the response. This allows test frameworks and the encoder to access any data they need without needing to look at the eap_aka_session_t.
Definition at line 967 of file state_machine.c.
crypto_identity_set | ( | request | , |
eap_aka_sim_session | , | ||
(uint8_t const *) eap_session-> | identity, | ||
talloc_array_length(eap_session->identity) - | 1 | ||
) |
|
static |
Set the crypto identity from a received identity.
Definition at line 633 of file state_machine.c.
unlang_action_t eap_aka_sim_state_machine_process | ( | unlang_result_t * | p_result, |
module_ctx_t const * | mctx, | ||
request_t * | request | ||
) |
Resumes the state machine when receiving a new response packet.
Definition at line 3708 of file state_machine.c.
fr_assert | ( | 0 | ) |
fr_pair_value_bstrdup_buffer | ( | vp | , |
eap_session-> | identity, | ||
true | |||
) |
|
static |
Based on the hint byte in the identity, add &Identity-Type and &Method-Hint attributes.
Definition at line 279 of file state_machine.c.
|
static |
Add an Identity Request attribute to the reply.
Verify the progression of identity requests is valid.
[in] | request | The current request. |
[in] | eap_aka_sim_session | The current eap_aka_sim_session. |
Definition at line 361 of file state_machine.c.
|
static |
Sync up what identity we're requesting with attributes in the reply.
Definition at line 244 of file state_machine.c.
|
static |
Copy the incoming identity to the permanent identity attribute.
If the incoming ID really looks like a permanent ID, and we were told it was a permanent ID, then (optionally) trim the first byte to form the real permanent ID.
Otherwise copy the entire incoming Identity to the &session-state.Permanent-Identity attribute.
[in] | request | The current request. |
[in] | in | current identity. |
[in] | eap_type | The current eap_type. |
[in] | strip_hint | Whether to strip the hint byte off the permanent identity |
Definition at line 456 of file state_machine.c.
if | ( | !eap_session-> | identity | ) |
Definition at line 3661 of file state_machine.c.
if | ( | ! | fr_cond_assertrequest &&mctx &&eap_aka_sim_session | ) |
if | ( | ! | subtype_vp | ) |
Definition at line 1758 of file state_machine.c.
if | ( | type | = = AKA_SIM_ID_TYPE_PERMANENT | ) |
|
static |
Check &control.mac matches &reply.mac.
[in] | request | The current request. |
Definition at line 591 of file state_machine.c.
MEM | ( | pair_append_request &, attr_eap_aka_sim_identity >= | 0 | ) |
|
static |
Cancel a call to a submodule.
[in] | mctx | UNUSED. |
[in] | request | The current request. |
[in] | action | to perform. |
Definition at line 135 of file state_machine.c.
RESUME | ( | clear_pseudonym | ) |
Resume after 'clear pseudonym { ... }'.
Definition at line 893 of file state_machine.c.
RESUME | ( | clear_session | ) |
Resume after 'clear session { ... }'.
Definition at line 881 of file state_machine.c.
RESUME | ( | load_pseudonym | ) |
Resume after 'load pseudonym { ... }'.
Definition at line 1990 of file state_machine.c.
RESUME | ( | load_session | ) |
Resume after 'load session { ... }'.
Definition at line 2052 of file state_machine.c.
RESUME | ( | recv_aka_authentication_reject | ) |
Resume after 'recv Authentication-Reject { ... }'.
Definition at line 2193 of file state_machine.c.
RESUME | ( | recv_aka_challenge_response | ) |
Resume after 'recv Challenge-Response { ... }'.
Verify that MAC, and RES match what we expect.
Definition at line 2212 of file state_machine.c.
RESUME | ( | recv_aka_identity_response | ) |
Resume after 'recv Identity-Response { ... }' or 'recv AKA-Identity { ... }'.
Definition at line 2827 of file state_machine.c.
RESUME | ( | recv_aka_synchronization_failure | ) |
Resume after 'recv Synchronization-Failure { ... }'.
Definition at line 2147 of file state_machine.c.
RESUME | ( | recv_common_client_error | ) |
Resume after 'recv Client-Error { ... }'.
Definition at line 1669 of file state_machine.c.
RESUME | ( | recv_common_failure_notification_ack | ) |
Resume after 'recv Failure-Notification-Ack { ... }'.
Definition at line 1283 of file state_machine.c.
RESUME | ( | recv_common_identity_response | ) |
Resume after 'recv Identity-Response { ... }'.
Definition at line 3481 of file state_machine.c.
RESUME | ( | recv_common_reauthentication_response | ) |
Resume after 'recv Reauthentication-Response { ... }'.
Definition at line 1685 of file state_machine.c.
RESUME | ( | recv_common_success_notification_ack | ) |
Resume after 'recv Success-Notification-Ack { ... }'.
Definition at line 1558 of file state_machine.c.
RESUME | ( | recv_sim_challenge_response | ) |
Resume after 'recv Challenge-Response { ... }'.
Verify that MAC, and RES match what we expect.
Definition at line 2589 of file state_machine.c.
RESUME | ( | recv_sim_start_response | ) |
Resume after 'recv Identity-Response { ... }' or 'recv SIM-Start { ... }'.
Definition at line 3096 of file state_machine.c.
RESUME | ( | send_aka_challenge_request | ) |
Resume after 'send Challenge-Request { ... }'.
Definition at line 2380 of file state_machine.c.
RESUME | ( | send_aka_identity_request | ) |
Resume after 'send Identity-Request { ... }'.
There are three types of user identities that can be implemented
In order to perform full authentication the original IMSI is required for forwarding to the HLR. In the case where we can't match/decrypt the pseudonym, or can't perform fast resumption, we need to request the full identity from the supplicant.
Definition at line 3019 of file state_machine.c.
RESUME | ( | send_common_failure_notification | ) |
Resume after 'send Failure-Notification { ... }'.
Ignores return code from send Failure-Notification { ... } section.
Definition at line 1326 of file state_machine.c.
RESUME | ( | send_common_reauthentication_request | ) |
Resume after 'send Reauthentication-Request { ... }'.
Definition at line 1932 of file state_machine.c.
RESUME | ( | send_common_success_notification | ) |
Resume after 'send Success-Notification { ... }'.
Definition at line 1596 of file state_machine.c.
RESUME | ( | send_eap_failure | ) |
Resume after 'send EAP-Failure { ... }'.
Definition at line 1238 of file state_machine.c.
RESUME | ( | send_eap_success | ) |
Resume after 'send EAP-Success { ... }'.
Add MPPE keys to the request being sent to the supplicant
The only work to be done is the add the appropriate SEND/RECV attributes derived from the MSK.
Definition at line 1492 of file state_machine.c.
RESUME | ( | send_sim_challenge_request | ) |
Resume after 'send Challenge-Request { ... }'.
Definition at line 2679 of file state_machine.c.
RESUME | ( | send_sim_start | ) |
Resume after 'send Start { ... }'.
Send a EAP-Request/SIM-Start message to the supplicant
There are three types of user identities that can be implemented
In order to perform full authentication the original IMSI is required for forwarding to the HLR. In the case where we can't match/decrypt the pseudonym, or can't perform fast resumption, we need to request the full identity from the supplicant.
Definition at line 3358 of file state_machine.c.
RESUME | ( | store_pseudonym | ) |
Resume after 'store pseudonym { ... }'.
Stores session data if required.
Definition at line 672 of file state_machine.c.
RESUME | ( | store_session | ) |
Resume after 'store session { ... }'.
Definition at line 647 of file state_machine.c.
|
static |
Implements a set of states for clearing out pseudonym and fastauth identities.
If either a Challenge round or Reauthentication round fail, we need to clear any identities that were provided during those rounds, as the supplicant will have discarded them.
[out] | p_result | Result of calling the module. |
[in] | mctx | module calling ctx. |
[in] | request | the current request. |
[in] | eap_aka_sim_session | the current EAP session |
[in] | next | function to call after clearing sessions and pseudonyms. |
Definition at line 932 of file state_machine.c.
|
static |
Implements a set of states for storing pseudonym and fastauth identities.
At the end of challenge or reauthentication rounds, the user may have specified a pseudonym and fastauth identity to return to the supplicant.
Call the appropriate sections to persist those values.
[out] | p_result | Result of calling the module. |
[in] | mctx | Module calling ctx. |
[in] | request | the current request. |
[in] | eap_aka_sim_session | the EAP session |
[in] | next | function to call after storing sessions and pseudonyms. |
Definition at line 816 of file state_machine.c.
|
static |
Called after 'store session { ... }' and 'store pseudonym { ... }'.
Definition at line 1100 of file state_machine.c.
|
static |
Helper function to check for the presence and length of AT_NONCE_MT and copy its value into the keys structure.
Does not actually perform cryptographic validation of AT_NONCE_MT, this is done later.
Definition at line 1196 of file state_machine.c.
|
static |
Helper function to check for the presence and length of AT_SELECTED_VERSION and copy its value into the keys structure.
Also checks the version matches one of the ones we advertised in our version list, which is a bit redundant seeing as there's only one version of EAP-SIM.
Definition at line 1143 of file state_machine.c.
STATE_GUARD | ( | aka_challenge | ) |
Enter the AKA-CHALLENGE state.
Definition at line 2519 of file state_machine.c.
STATE_GUARD | ( | aka_identity | ) |
STATE_GUARD | ( | common_challenge | ) |
Enter the SIM-CHALLENGE or AKA-CHALLENGE state.
Called by functions which are common to both the EAP-SIM and EAP-AKA state machines to enter the correct challenge state.
Definition at line 2795 of file state_machine.c.
STATE_GUARD | ( | common_failure_notification | ) |
Enter the FAILURE-NOTIFICATION state.
Definition at line 1436 of file state_machine.c.
STATE_GUARD | ( | common_identity | ) |
Enter the SIM-START or AKA-IDENTITY state.
Called by functions which are common to both the EAP-SIM and EAP-AKA state machines to enter the correct Identity-Request state.
Definition at line 3452 of file state_machine.c.
STATE_GUARD | ( | common_reauthentication | ) |
STATE_GUARD | ( | common_success_notification | ) |
STATE_GUARD | ( | eap_failure | ) |
Enter EAP-FAILURE state.
Definition at line 1254 of file state_machine.c.
STATE_GUARD | ( | eap_success | ) |
STATE_GUARD | ( | sim_challenge | ) |
Enter the SIM-CHALLENGE state.
Definition at line 2759 of file state_machine.c.
STATE_GUARD | ( | sim_start | ) |
STATE_GUARD_NO_RESULT | ( | aka_identity | ) |
Enter the AKA-IDENTITY state.
Definition at line 3058 of file state_machine.c.
STATE_GUARD_NO_RESULT | ( | common_reauthentication | ) |
Enter the REAUTHENTICATION state.
Definition at line 2118 of file state_machine.c.
STATE_GUARD_NO_RESULT | ( | common_success_notification | ) |
Enter the SUCCESS-NOTIFICATION state.
Definition at line 1655 of file state_machine.c.
STATE_GUARD_NO_RESULT | ( | eap_success | ) |
Enter EAP-SUCCESS state.
Definition at line 1544 of file state_machine.c.
STATE_GUARD_NO_RESULT | ( | sim_start | ) |
Enter the SIM-START state.
Definition at line 3428 of file state_machine.c.
STATE_NO_RESULT | ( | common_success_notification | ) |
SUCCESS-NOTIFICATION state - Continue the state machine after receiving a response to our EAP-Request/(AKA|SIM)-Notification.
Definition at line 1576 of file state_machine.c.
|
inlinestatic |
Print debugging information, and write new state to eap_aka_sim_session->state.
Definition at line 199 of file state_machine.c.
switch | ( | subtype_vp-> | vp_uint16 | ) |
Definition at line 1310 of file state_machine.c.
aka_challenge |
AKA-CHALLENGE state - Continue the state machine after receiving a response to our EAP-Request/SIM-Challenge.
Definition at line 97 of file state_machine.c.
aka_identity |
AKA-IDENTITY state - Continue the state machine after receiving a response to our EAP-Request/AKA-Identity.
Definition at line 102 of file state_machine.c.
|
static |
Definition at line 109 of file state_machine.c.
|
static |
Definition at line 127 of file state_machine.c.
common_failure_notification |
FAILURE-NOTIFICATION state - Continue the state machine after receiving a response to our EAP-Request/(AKA|SIM)-Notification.
Definition at line 89 of file state_machine.c.
common_reauthentication |
REAUTHENTICATION state - Continue the state machine after receiving a response to our EAP-Request/SIM-Start.
Definition at line 95 of file state_machine.c.
common_success_notification |
Definition at line 93 of file state_machine.c.
eap_aka_sim_session_t * eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t) |
Definition at line 1304 of file state_machine.c.
eap_failure |
FAILURE state - State machine exit point after sending EAP-Failure.
Should never actually be called. Is just a placeholder function to represent the FAILURE termination state. Could equally be a NULL pointer, but then on a logic error we'd get a SEGV instead of a more friendly assert/failure rcode.
Definition at line 87 of file state_machine.c.
eap_success |
SUCCESS state - State machine exit point after sending EAP-Success.
Should never actually be called. Is just a placeholder function to represent the SUCCESS termination state. Could equally be a NULL pointer, but then on a logic error we'd get a SEGV instead of a more friendly assert/failure rcode.
Definition at line 91 of file state_machine.c.
init |
Enter the EAP-IDENTITY state.
Definition at line 107 of file state_machine.c.
eap_aka_sim_process_conf_t* inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_process_conf_t) |
Definition at line 3651 of file state_machine.c.
RETURN_UNLANG_FAIL |
Definition at line 1232 of file state_machine.c.
sim_challenge |
SIM-CHALLENGE state - Continue the state machine after receiving a response to our EAP-Request/SIM-Challenge.
Definition at line 99 of file state_machine.c.
sim_start |
SIM-START state - Continue the state machine after receiving a response to our EAP-Request/SIM-Start.
Definition at line 104 of file state_machine.c.
fr_pair_t * subtype_vp = NULL |
Definition at line 1305 of file state_machine.c.
identity_hint_pairs_add & type |
Definition at line 3654 of file state_machine.c.
fr_pair_t * vp |
Definition at line 2293 of file state_machine.c.