diff --git a/src/sonic-pac/mab/Makefile.am b/src/sonic-pac/mab/Makefile.am new file mode 100644 index 000000000000..bc423260d7e9 --- /dev/null +++ b/src/sonic-pac/mab/Makefile.am @@ -0,0 +1,28 @@ +sonic_wpa_supp_path = $(top_srcdir)/../wpasupplicant/sonic-wpa-supplicant +radius_lib_path = $(top_srcdir)/../wpasupplicant/sonic-wpa-supplicant/build/radius_lib +radius_lib = $(radius_lib_path)/src/radius/libradius.a +utils_lib = $(radius_lib_path)/src/utils/libutils.a +crypto_lib = $(radius_lib_path)/src/crypto/libcrypto.a + +INCLUDES = -I $(top_srcdir)/fpinfra/inc -I $(top_srcdir)/mab/common -I $(top_srcdir)/mab/mapping/mab_sid -I $(top_srcdir)/mab/mapping/include -I $(top_srcdir)/mab/protocol/include -I $(top_srcdir)/authmgr/common -I $(sonic_wpa_supp_path)/src/utils -I $(sonic_wpa_supp_path)/src/radius + + +#bin_PROGRAMS = mabd +lib_LTLIBRARIES = libmab.la + +if DEBUG +DBGFLAGS = -ggdb -DDEBUG +else +DBGFLAGS = -g -DNDEBUG +endif + +AM_CPPFLAGS = -save-temps -Wall -Wno-pointer-sign -Wno-unused-but-set-variable -Wno-address -Wno-array-bounds -Wno-sequence-point -Wno-switch -Wno-uninitialized -Wno-unused-result -Wno-aggressive-loop-optimizations -Wno-sizeof-pointer-memaccess -Wno-unused-local-typedefs -Wno-unused-value -Wno-format-truncation -g -Werror $(SONIC_COMMON_CFLAGS) -DCONFIG_SONIC_RADIUS + +libmab_la_SOURCES = mapping/mab_socket.c mapping/mab_init.c mapping/mab_cfg.c mapping/mab_api.c mapping/mab_client.c mapping/mab_ih.c mapping/mab_debug.c mapping/mab_sid/mab_sid.c mapping/mab_auth_mgr.c protocol/mab_db.c mapping/mab_control.c protocol/mab_mac_db.c protocol/mab_vlan.c protocol/mab_utils.c protocol/mab_auth.c protocol/mab_local.c protocol/mab_timer.c protocol/mab_radius.c $(sonic_wpa_supp_path)/src/radius/radius_mab.c + + +libmab_la_LIBADD = -lpthread -lswsscommon -L$(top_srcdir)/fpinfra/ -lfpinfra $(radius_lib) $(utils_lib) $(crypto_lib) -lrt $(SONIC_COMMON_LDFLAGS) + +$(radius_lib) $(utils_lib) $(crypto_lib): + cd $(sonic_wpa_supp_path)/radius_lib && make + diff --git a/src/sonic-pac/mab/common/mab_api.h b/src/sonic-pac/mab/common/mab_api.h new file mode 100755 index 000000000000..9f0367c61c9f --- /dev/null +++ b/src/sonic-pac/mab/common/mab_api.h @@ -0,0 +1,215 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifndef INCLUDE_MAB_API_H +#define INCLUDE_MAB_API_H + +/* USE C Declarations */ +#ifdef __cplusplus +extern "C" { +#endif + +#include "pacinfra_common.h" +#include "auth_mgr_exports.h" +#include "mab_exports.h" + +/********************************************************************* +* @purpose Set the MAB value on the port. +* +* @param intIfNum @b{(input)} internal interface number +* @param mabEnable @b{(output)} boolean value determining if MAB +* has been configured on the port +* +* @returns SUCCESS +* @returns FAILURE +* @results REQUEST_DENIED if port control mode of the port is +* not mac-based +* +* @comments +* +* @end +*********************************************************************/ +RC_t mabPortMABEnableSet(uint32 intIfNum, uint32 mabEnable); + +/********************************************************************* +* @purpose Get the operational MAB value on the port. +* +* @param intIfNum @b{(input)} internal interface number +* @param mabEnabled @b{(output)} value determining if MAB +* has been operationally +* enabled on the port +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t mabPortOperMABEnabledGet(uint32 intIfNum, uint32 *mabEnabled); + +/********************************************************************* +* @purpose Set the authentication type on the port to be used by MAB. +* +* @param intIfNum @b{(input)} internal interface number +* @param auth_type @b{(input)} Authentication type {EAP-MD5 or PAP} +* +* @returns SUCCESS if able to set the auth_type successfully +* @results REQUEST_DENIED if MAB is not enabled on that port +* @returns FAILURE otherwise +* +* @comments +* +* @end +*********************************************************************/ +RC_t mabPortMABAuthTypeSet(uint32 intIfNum, + AUTHMGR_PORT_MAB_AUTH_TYPE_t auth_type); + +/********************************************************************* +* @purpose Determine if the interface is valid to participate in mab +* +* @param intIfNum @b{(input)} internal interface number +* +* @returns TRUE +* @returns FALSE +* +* @comments +* +* @end +*********************************************************************/ + BOOL mabIsValidIntf(uint32 intIfNum); + +/********************************************************************* +* @purpose Determine if the interface type is valid to participate in mab +* +* @param sysIntfType @b{(input)} interface type +* +* @returns TRUE +* @returns FALSE +* +* @comments +* +* @end +*********************************************************************/ + BOOL mabIsValidIntfType(uint32 sysIntfType); + +/********************************************************************* +* @purpose Set port control mode +* +* @param intIfNum @b{(input)} internal interface number +* @param portControl @b{(input)} port control mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t mabPortControlModeSet(uint32 intIfNum, AUTHMGR_PORT_CONTROL_t portControl); + +/********************************************************************* +* @purpose Set host control mode +* +* @param intIfNum @b{(input)} internal interface number +* @param hostControl @b{(input)} host control mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t mabPortControlHostModeSet(uint32 intIfNum, AUTHMGR_HOST_CONTROL_t hostMode); + +/********************************************************************* + * @purpose Handle Auth Manager event + * + * @param intIfNum @b{(input)} internal interface number + * @param event @b{(input)} event + * @param macAddr @b{(input)} client mac address + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @end + *********************************************************************/ +RC_t mabClientEventUpdate(uint32 intIfNum, uint32 event, enetMacAddr_t *macAddr); + +/********************************************************************* +* @purpose Return Internal Interface Number of the first valid interface for +* mab. +* +* @param pFirstIntIfNum @b{(output)} pointer to first internal interface number +* +* @returns SUCCESS if success +* @returns ERROR if interface does not exist +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t mabFirstValidIntfNumber(uint32 *pFirstIntIfNum); + +/********************************************************************* +* @purpose Return Internal Interface Number of next valid interface for +* mab. +* +* @param intIfNum @b{(input)} Internal Interface Number +* @param pNextintIfNum @b{(output)} pointer to Next Internal Interface Number, +* +* @returns SUCCESS if success +* @returns ERROR if interface does not exist +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t mabNextValidIntf(uint32 intIfNum, uint32 *pNextIntIfNum); + +/********************************************************************* +* @purpose Update the RADIUS server configuration +* +* @param add @b{(input)} whether server should be added or deleted +* @param radius_type @b{(input)} radius server type +* @param serv_addr @b{(input)} radius server address +* @param serv_priority @b{(input)} radius server priority +* @param radius_key @b{(input)} radius server key +* @param serv_port @b{(input)} radius server port +* +* @returns SUCCESS values are valid and are updated successfully +* @returns FAILURE otherwise +* +* @comments +* +* @end +*********************************************************************/ +RC_t mabRadiusServerUpdate(uint32 cmd, const char *radius_type, + const char *serv_addr, const char *serv_priority, + const char *radius_key, const char *serv_port); + +/* USE C Declarations */ +#ifdef __cplusplus +} +#endif + +#endif /* INCLUDE_MAB_API_H */ diff --git a/src/sonic-pac/mab/common/mab_common.h b/src/sonic-pac/mab/common/mab_common.h new file mode 100644 index 000000000000..48ec6509c1d2 --- /dev/null +++ b/src/sonic-pac/mab/common/mab_common.h @@ -0,0 +1,35 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifndef INCLUDE_MAB_COMMON_H +#define INCLUDE_MAB_COMMON_H + +/* USE C Declarations */ +#ifdef __cplusplus + extern "C" { +#endif + +#include "resources.h" + +#define MAB_INTF_MAX_COUNT ( MAX_PORT_COUNT + 1) + +/* USE C Declarations */ +#ifdef __cplusplus +} +#endif + +#endif /* INCLUDE_MAB_COMMON_H */ diff --git a/src/sonic-pac/mab/common/mab_exports.h b/src/sonic-pac/mab/common/mab_exports.h new file mode 100755 index 000000000000..125a5858ef45 --- /dev/null +++ b/src/sonic-pac/mab/common/mab_exports.h @@ -0,0 +1,50 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __MAB_EXPORTS_H_ +#define __MAB_EXPORTS_H_ + +/* USE C Declarations */ +#ifdef __cplusplus +extern "C" { +#endif + +#define MAB_MAX_USERS_PER_PORT FD_AUTHMGR_PORT_MAX_USERS + +#define MAB_USER_NAME_LEN 65 +#define MAB_CHALLENGE_LEN 32 + +#define MAB_CHAP_CHALLENGE_LEN 16 +#define MAB_FILTER_NAME_LEN 256 + +/* Port protocol version */ +typedef enum +{ + MAB_PAE_PORT_PROTOCOL_VERSION_1 = 1 +} MAB_PAE_PORT_PROTOCOL_VERSION_t; + +/******************** conditional Override *****************************/ + +#ifdef INCLUDE_MAB_EXPORTS_OVERRIDES +#include "mab_exports_overrides.h" +#endif + +/* USE C Declarations */ +#ifdef __cplusplus +} +#endif + +#endif /* __MAB_EXPORTS_H_*/