diff options
| author | Michael Brown <mcb30@ipxe.org> | 2024-01-10 15:30:36 +0000 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2024-01-10 16:03:10 +0000 |
| commit | c6226f104e22db7d19b4c983e962d84b5665c04b (patch) | |
| tree | 314faf14e92db9dceb635d8e1a725fc1cf00d45c /src/include/ipxe/eap.h | |
| parent | 0abb3e85e518c4d9366d4555093c0aff0c060858 (diff) | |
| download | ipxe-c6226f104e22db7d19b4c983e962d84b5665c04b.tar.gz | |
[eap] Add support for sending an EAP identity
Allow the ${netX/username} setting to be used to specify an EAP
identity to be returned in response to a Request-Identity, and provide
a mechanism for responding with a NAK to indicate which authentication
types we support.
If no identity is specified then fall back to the current behaviour of
not sending any Request-Identity response, so that switches will time
out and switch to MAC Authentication Bypass (MAB) if applicable.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include/ipxe/eap.h')
| -rw-r--r-- | src/include/ipxe/eap.h | 45 |
1 files changed, 40 insertions, 5 deletions
diff --git a/src/include/ipxe/eap.h b/src/include/ipxe/eap.h index 4b689cc24..bbae517da 100644 --- a/src/include/ipxe/eap.h +++ b/src/include/ipxe/eap.h @@ -12,6 +12,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <stdint.h> #include <ipxe/netdevice.h> #include <ipxe/timer.h> +#include <ipxe/tables.h> /** EAP header */ struct eap_header { @@ -29,17 +30,25 @@ struct eap_header { /** EAP response */ #define EAP_CODE_RESPONSE 2 -/** EAP request */ -struct eap_request { +/** EAP request/response message */ +struct eap_message { /** Header */ struct eap_header hdr; /** Type */ uint8_t type; + /** Type data */ + uint8_t data[0]; } __attribute__ (( packed )); +/** EAP "no available types" marker */ +#define EAP_TYPE_NONE 0 + /** EAP identity */ #define EAP_TYPE_IDENTITY 1 +/** EAP NAK */ +#define EAP_TYPE_NAK 3 + /** EAP success */ #define EAP_CODE_SUCCESS 3 @@ -50,8 +59,8 @@ struct eap_request { union eap_packet { /** Header */ struct eap_header hdr; - /** Request */ - struct eap_request req; + /** Request/response message */ + struct eap_message msg; }; /** EAP link block timeout @@ -90,7 +99,11 @@ struct eap_supplicant { /** Network device */ struct net_device *netdev; /** Flags */ - unsigned int flags; + uint16_t flags; + /** ID for current request/response */ + uint8_t id; + /** Type for current request/response */ + uint8_t type; /** * Transmit EAP response * @@ -120,6 +133,28 @@ struct eap_supplicant { */ #define EAP_FL_PASSIVE 0x0002 +/** An EAP method */ +struct eap_method { + /** Type */ + uint8_t type; + /** + * Handle EAP request + * + * @v supplicant EAP supplicant + * @v req Request type data + * @v req_len Length of request type data + * @ret rc Return status code + */ + int ( * rx ) ( struct eap_supplicant *supplicant, + const void *req, size_t req_len ); +}; + +/** EAP method table */ +#define EAP_METHODS __table ( struct eap_method, "eap_methods" ) + +/** Declare an EAP method */ +#define __eap_method __table_entry ( EAP_METHODS, 01 ) + extern int eap_rx ( struct eap_supplicant *supplicant, const void *data, size_t len ); |