X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Feap.h;h=5d582bc6e2db60ad61ec194ec55347674dcffa8e;hb=4a54e34cf5629f9fed61f0b7d69ee3ba4d874bc6;hp=199d1849b8261093ebd0f54a1b100081f27d2f3f;hpb=71d3de90eae52087b405e962ca650b71cec79c67;p=ppp.git

diff --git a/pppd/eap.h b/pppd/eap.h
index 199d184..5d582bc 100644
--- a/pppd/eap.h
+++ b/pppd/eap.h
@@ -20,6 +20,8 @@
  * $Id: eap.h,v 1.2 2003/06/11 23:56:26 paulus Exp $
  */
 
+#include "pppdconf.h"
+
 #ifndef PPP_EAP_H
 #define	PPP_EAP_H
 
@@ -59,6 +61,18 @@ extern "C" {
 #define	EAPT_NOKIACARD		18	/* Nokia IP smart card */
 #define	EAPT_SRP		19	/* Secure Remote Password */
 /* 20 is deprecated */
+#define	EAPT_TTLS		21	/* EAP Tunneled TLS Authentication Protocol RFC5281 */
+#define	EAPT_RAS		22	/* Remote Access Service */
+#define	EAPT_AKA		23	/* EAP method for 3rd Generation Authentication and Key Agreement RFC4187 */
+#define	EAPT_3COM		24	/* EAP-3Com Wireless */
+#define	EAPT_PEAP		25	/* Protected EAP */
+#define	EAPT_MSCHAPV2		26	/* EAP-MSCHAPv2 RFC-draft-kamath-pppext-eap-mschapv2-02 */
+
+/* OpCodes for MSCHAPv2 */
+#define CHAP_CHALLENGE		1
+#define CHAP_RESPONSE		2
+#define CHAP_SUCCESS		3
+#define CHAP_FAILURE		4
 
 /* EAP SRP-SHA1 Subtypes */
 #define	EAPSRP_CHALLENGE	1	/* Request 1 - Challenge */
@@ -84,10 +98,21 @@ enum eap_state_code {
 	eapClosed,	/* Authentication not in use */
 	eapListen,	/* Client ready (and timer running) */
 	eapIdentify,	/* EAP Identify sent */
+	eapTlsStart,	/* Send EAP-TLS start packet */
+	eapTlsRecv,	/* Receive EAP-TLS tls data */
+	eapTlsSendAck,	/* Send EAP-TLS ack */
+	eapTlsSend,	/* Send EAP-TLS tls data */
+	eapTlsRecvAck,	/* Receive EAP-TLS ack */
+	eapTlsRecvClient, 	/* Receive EAP-TLS auth response from client*/
+	eapTlsSendAlert,	/* Send EAP-TLS tls alert (server)*/
+	eapTlsRecvAlertAck,	/* Receive EAP-TLS ack after sending alert */
+	eapTlsRecvSuccess,	/* Receive EAP success */
+	eapTlsRecvFailure,	/* Receive EAP failure */
 	eapSRP1,	/* Sent EAP SRP-SHA1 Subtype 1 */
 	eapSRP2,	/* Sent EAP SRP-SHA1 Subtype 2 */
 	eapSRP3,	/* Sent EAP SRP-SHA1 Subtype 3 */
 	eapMD5Chall,	/* Sent MD5-Challenge */
+	eapMSCHAPv2Chall,	/* Sent MSCHAPv2-Challenge */
 	eapOpen,	/* Completed authentication */
 	eapSRP4,	/* Sent EAP SRP-SHA1 Subtype 4 */
 	eapBadAuth	/* Failed authentication */
@@ -95,9 +120,18 @@ enum eap_state_code {
 
 #define	EAP_STATES	\
 	"Initial", "Pending", "Closed", "Listen", "Identify", \
-	"SRP1", "SRP2", "SRP3", "MD5Chall", "Open", "SRP4", "BadAuth"
+	"TlsStart", "TlsRecv", "TlsSendAck", "TlsSend", "TlsRecvAck", "TlsRecvClient",\
+	"TlsSendAlert", "TlsRecvAlertAck" , "TlsRecvSuccess", "TlsRecvFailure", \
+	"SRP1", "SRP2", "SRP3", "MD5Chall", "MSCHAPv2Chall", "Open", "SRP4", "BadAuth"
+
+#ifdef USE_EAPTLS
+#define	eap_client_active(esp)	((esp)->es_client.ea_state != eapInitial &&\
+				 (esp)->es_client.ea_state != eapPending &&\
+				 (esp)->es_client.ea_state != eapClosed)
+#else
+#define eap_client_active(esp)	((esp)->es_client.ea_state == eapListen)
+#endif /* USE_EAPTLS */
 
-#define	eap_client_active(esp)	((esp)->es_client.ea_state == eapListen)
 #define	eap_server_active(esp)	\
 	((esp)->es_server.ea_state >= eapIdentify && \
 	 (esp)->es_server.ea_state <= eapMD5Chall)
@@ -112,11 +146,20 @@ struct eap_auth {
 	u_short ea_namelen;	/* Length of our name */
 	u_short ea_peerlen;	/* Length of peer's name */
 	enum eap_state_code ea_state;
+#ifdef USE_EAPTLS
+	enum eap_state_code ea_prev_state;
+#endif
+#ifdef CHAPMS
+        struct chap_digest_type *digest;
+#endif
 	u_char ea_id;		/* Current id */
 	u_char ea_requests;	/* Number of Requests sent/received */
 	u_char ea_responses;	/* Number of Responses */
 	u_char ea_type;		/* One of EAPT_* */
 	u_int32_t ea_keyflags;	/* SRP shared key usage flags */
+#ifdef USE_EAPTLS
+	bool ea_using_eaptls;
+#endif
 };
 
 /*
@@ -126,6 +169,9 @@ typedef struct eap_state {
 	int es_unit;			/* Interface unit number */
 	struct eap_auth es_client;	/* Client (authenticatee) data */
 	struct eap_auth es_server;	/* Server (authenticator) data */
+#ifdef USE_PEAP
+	struct peap_state *ea_peap;	/* Client PEAP (authenticator) data */
+#endif
 	int es_savedtime;		/* Saved timeout */
 	int es_rechallenge;		/* EAP rechallenge interval */
 	int es_lwrechallenge;		/* SRP lightweight rechallenge inter */
@@ -139,14 +185,19 @@ typedef struct eap_state {
  * Timeouts.
  */
 #define	EAP_DEFTIMEOUT		3	/* Timeout (seconds) for rexmit */
+#ifdef USE_EAPTLS
+#define	EAP_DEFTRANSMITS	30	/* max # times to transmit */
+					/* certificates can be long ... */
+#else
 #define	EAP_DEFTRANSMITS	10	/* max # times to transmit */
+#endif /* USE_EAPTLS */
 #define	EAP_DEFREQTIME		20	/* Time to wait for peer request */
 #define	EAP_DEFALLOWREQ		20	/* max # times to accept requests */
 
 extern eap_state eap_states[];
 
-void eap_authwithpeer __P((int unit, char *localname));
-void eap_authpeer __P((int unit, char *localname));
+void eap_authwithpeer (int unit, char *localname);
+void eap_authpeer (int unit, char *localname);
 
 extern struct protent eap_protent;