diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_cfg.c b/src/sonic-pac/authmgr/mapping/auth_mgr_cfg.c new file mode 100755 index 000000000000..3f55a3c5cebc --- /dev/null +++ b/src/sonic-pac/authmgr/mapping/auth_mgr_cfg.c @@ -0,0 +1,305 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#include "auth_mgr_include.h" +#include "auth_mgr_client.h" +#include "auth_mgr_struct.h" + +extern authmgrCB_t *authmgrCB; +extern void authmgrDebugCfgUpdate(void); + +/********************************************************************* +* @purpose Checks if authmgr user config data has changed +* +* @param void +* +* @returns TRUE +* @returns FALSE +* +* @comments none +* +* @end +*********************************************************************/ + BOOL authmgrHasDataChanged(void) +{ + return authmgrCB->globalInfo->authmgrCfg->cfgHdr.dataChanged; +} + +/********************************************************************* +* @purpose Reset authmgr user config data flag +* +* @param void +* +* @returns none +* +* @comments none +* +* @end +*********************************************************************/ +void authmgrResetDataChanged(void) +{ + authmgrCB->globalInfo->authmgrCfg->cfgHdr.dataChanged = FALSE; + return; +} +/********************************************************************* +* @purpose Print the current authmgr config values to serial port +* +* @param none +* +* @returns SUCCESS +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrCfgDump(void) +{ + char8 buf[32]; + uint32 i; + uint32 intIfNum = 0; + authmgrPortCfg_t *pCfg; + nimConfigID_t configIdNull; + + memset(&configIdNull, 0, sizeof(nimConfigID_t)); + + sysapiPrintf("\n"); + sysapiPrintf("AUTHMGR\n"); + sysapiPrintf("=====\n"); + + if (authmgrCB->globalInfo->authmgrCfg->authmgrLogTraceMode == ENABLE) + osapiSnprintf(buf, sizeof(buf),"Enable"); + else + osapiSnprintf(buf,sizeof(buf),"Disable"); + sysapiPrintf("Log Trace Mode - %s\n\n", buf); + + if(authmgrCB->globalInfo->authmgrCfg->vlanAssignmentMode == ENABLE) + osapiSnprintf(buf,sizeof(buf),"Enable"); + else + osapiSnprintf(buf, sizeof(buf), "Disable"); + sysapiPrintf("Vlan Assignment Mode - %s\n\n", buf); + + sysapiPrintf("Interface configuration:\n"); + for (i = 1; i < AUTHMGR_INTF_MAX_COUNT; i++) + { + if (authmgrIntfIsConfigurable(intIfNum, &pCfg) == TRUE) + { + switch (pCfg->portControlMode) + { + case AUTHMGR_PORT_FORCE_UNAUTHORIZED: + osapiSnprintf(buf,sizeof(buf), "forceUnauthorized"); + break; + case AUTHMGR_PORT_AUTO: + osapiSnprintf(buf, sizeof(buf), "auto"); + break; + case AUTHMGR_PORT_FORCE_AUTHORIZED: + osapiSnprintf(buf, sizeof(buf), "forceAuthorized"); + break; + default: + osapiSnprintf(buf,sizeof(buf), "N/A"); + break; + } + + sysapiPrintf(" Port Control Mode: %s(%d)\n", buf, pCfg->portControlMode); + sysapiPrintf(" Quiet Period: %d\n", pCfg->quietPeriod); + sysapiPrintf(" ReAuth Period: %d\n", pCfg->reAuthPeriod); + sysapiPrintf(" Inactivity Period: %d\n", pCfg->inActivityPeriod); + + switch (pCfg->reAuthEnabled) + { + case TRUE: + osapiSnprintf(buf, sizeof(buf),"True"); + break; + case FALSE: + osapiSnprintf(buf, sizeof(buf), "False"); + break; + default: + osapiSnprintf(buf,sizeof(buf), "N/A"); + break; + } + sysapiPrintf(" ReAuth Enabled: %s\n", buf); + + sysapiPrintf("\n"); + } + } + + sysapiPrintf("=============\n"); + return SUCCESS; +} + +/********************************************************************* +* @purpose Build default authmgr config data +* +* @param none +* +* @returns void +* +* @comments +* +* @end +*********************************************************************/ +void authmgrBuildDefaultConfigData(void) +{ + uint32 cfgIndex; + nimConfigID_t configId[ AUTHMGR_INTF_MAX_COUNT]; + + /* Save the config IDs */ + memset((void *)&configId[0], 0, sizeof(nimConfigID_t) * AUTHMGR_INTF_MAX_COUNT); + for (cfgIndex = 1; cfgIndex < AUTHMGR_INTF_MAX_COUNT; cfgIndex++) + NIM_CONFIG_ID_COPY(&configId[cfgIndex], &authmgrCB->globalInfo->authmgrCfg->authmgrPortCfg[cfgIndex].configId); + + memset((void *)authmgrCB->globalInfo->authmgrCfg, 0, sizeof(authmgrCfg_t)); + + for (cfgIndex = 1; cfgIndex < AUTHMGR_INTF_MAX_COUNT; cfgIndex++) + { + authmgrBuildDefaultIntfConfigData(&configId[cfgIndex], &authmgrCB->globalInfo->authmgrCfg->authmgrPortCfg[cfgIndex]); + } + authmgrCB->globalInfo->authmgrCfg->cfgHdr.dataChanged = FALSE; + + authmgrCB->globalInfo->authmgrCfg->adminMode = FD_AUTHMGR_ADMIN_MODE; + authmgrCB->globalInfo->authmgrCfg->authmgrLogTraceMode = FD_AUTHMGR_LOG_TRACE_MODE; + authmgrCB->globalInfo->authmgrCfg->vlanAssignmentMode = FD_AUTHMGR_VLAN_ASSIGN_MODE; + authmgrCB->globalInfo->authmgrCfg->portControlMode = FD_AUTHMGR_PORT_MODE; + authmgrCB->globalInfo->authmgrCfg->hostMode = FD_AUTHMGR_HOST_MODE; + + + return; +} + +/********************************************************************* +* @purpose Build default authmgr port config data +* +* @parms config Id, the config Id to be placed into the intf config +* @parms pCfg, a pointer to the interface structure +* +* @returns none +* +* +* @end +*********************************************************************/ +void authmgrBuildDefaultIntfConfigData(nimConfigID_t *configId, authmgrPortCfg_t *pCfg) +{ + uint32 i = 0; + AUTHMGR_METHOD_t buildFdList[] = FD_AUTHMGR_LIST; + + pCfg->portControlMode = FD_AUTHMGR_PORT_MODE; + pCfg->hostMode = FD_AUTHMGR_HOST_MODE; + pCfg->intfConfigMask = 0; + pCfg->quietPeriod = FD_AUTHMGR_RESTART_TIMER_VAL; + pCfg->reAuthPeriod = FD_AUTHMGR_PORT_REAUTH_PERIOD; + pCfg->reAuthEnabled = FD_AUTHMGR_PORT_REAUTH_ENABLED; + pCfg->reAuthPeriodServer = FD_AUTHMGR_PORT_REAUTH_PERIOD_FROM_SERVER; + pCfg->maxUsers = FD_AUTHMGR_PORT_MAX_USERS; + pCfg->maxAuthAttempts = FD_AUTHMGR_RADIUS_MAX_AUTH_ATTEMPTS; + pCfg->inActivityPeriod = FD_AUTHMGR_PORT_INACTIVITY_PERIOD; + pCfg->paeCapabilities = FD_AUTHMGR_PORT_PAE_CAPABILITIES; + + for (i = 0; i < AUTHMGR_METHOD_MAX; i++) + { + pCfg->methodList[i] = buildFdList[i]; + pCfg->priorityList[i] = buildFdList[i]; + } + + authmgrCB->globalInfo->authmgrCfg->cfgHdr.dataChanged = FALSE; +} + +/********************************************************************* +* @purpose Apply authmgr config data +* +* @param void +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrApplyConfigData(void) +{ + return (authmgrIssueCmd(authmgrMgmtApplyConfigData, NULL, NULLPTR)); +} + +/********************************************************************* +* @purpose Apply authmgr config data to specified interface +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrApplyPortConfigData(uint32 intIfNum) +{ + return (authmgrIssueCmd(authmgrMgmtApplyPortConfigData, NULL, NULLPTR)); +} + +/********************************************************************* +* @purpose Fill in default values and set the port state +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrPortReset(uint32 intIfNum) +{ + authmgrPortInfoInitialize(intIfNum, FALSE); + return SUCCESS; +} + +/********************************************************************* +* @purpose Checks if authmgr debug config data has changed +* +* @param void +* +* @returns TRUE or FALSE +* +* @notes none +* +* @end +*********************************************************************/ + BOOL authmgrDebugHasDataChanged(void) +{ + return authmgrCB->globalInfo->authmgrDebugCfg.hdr.dataChanged; +} + +/********************************************************************* +* @purpose Build default authmgr config data +* +* @param ver Software version of Config Data +* +* @returns void +* +* @notes +* +* @end +*********************************************************************/ +void authmgrDebugBuildDefaultConfigData(uint32 ver) +{ + authmgrCB->globalInfo->authmgrDebugCfg.hdr.dataChanged = FALSE; + + /* set all flags to FALSE */ + memset(&authmgrCB->globalInfo->authmgrDebugCfg.cfg, 0, sizeof(authmgrCB->globalInfo->authmgrDebugCfg.cfg)); +} + diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_client.c b/src/sonic-pac/authmgr/mapping/auth_mgr_client.c new file mode 100644 index 000000000000..af5a7d94c956 --- /dev/null +++ b/src/sonic-pac/authmgr/mapping/auth_mgr_client.c @@ -0,0 +1,1418 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "auth_mgr_include.h" + +#include "auth_mgr_client.h" +#include "auth_mgr_timer.h" +#include "auth_mgr_struct.h" +#include "pacoper_common.h" +#include "pac_cfg_authmgr.h" +#include "auth_mgr_vlan_db.h" +#include "simapi.h" + +extern authmgrCB_t *authmgrCB; + +/********************************************************************* +* @purpose Set the authmgr physical port authorization status +* +* @param intIfNum @b{(input)) internal interface number +* @param portStatus @b{(input)) port authorization status setting +* +* @returns SUCCESS +* @returns FAILURE +* @returns ERROR +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrIhPhysicalPortStatusSet (uint32 intIfNum, + AUTHMGR_PORT_STATUS_t portStatus) +{ + INTF_STATES_t state; + uchar8 ifName[ NIM_IF_ALIAS_SIZE + 1]; + authmgrPortCfg_t *pCfg; + AUTHMGR_PORT_STATUS_t status; + + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, intIfNum, + "%s:%d: Intf %d, portStatus %d\n", + __FUNCTION__, __LINE__, intIfNum, portStatus); + + /* Set the port status in the driver */ + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) == FALSE) + { + LOGF ( LOG_SEVERITY_INFO, + "Interface %s not authmgr configurable", authmgrIntfIfNameGet(intIfNum)); + return FAILURE; + } + + state = nimGetIntfState (intIfNum); + if ((state != INTF_ATTACHED) + && (state != INTF_ATTACHING) && (state != INTF_DETACHING)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, intIfNum, + "%s:%d: Intf %s, state %d\n", + __FUNCTION__, __LINE__, authmgrIntfIfNameGet(intIfNum), state); + } + + /* set the port status */ + if ( DOT1X_PAE_PORT_NONE_CAPABLE == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities) + { + status = portStatus; + } + else if (( AUTHMGR_SINGLE_AUTH_MODE == + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode) + || ( AUTHMGR_MULTI_AUTH_MODE == + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode)) + { + status = AUTHMGR_PORT_STATUS_UNAUTHORIZED; + } + else + { + status = portStatus; + } + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, intIfNum, + "%s:Setting the port-%d to %s\n", + __FUNCTION__, intIfNum, + ( AUTHMGR_PORT_STATUS_AUTHORIZED == + portStatus) ? "Authorize" : "Unauthorize"); + + if (nimGetIntfName(intIfNum, ALIASNAME, ifName) != SUCCESS) + { + LOGF( LOG_SEVERITY_ERROR, + "Unable to get aliasName for interface %s", authmgrIntfIfNameGet(intIfNum)); + return FAILURE; + } + + /* apply the violation policy */ + if ( SUCCESS != authmgrViolationPolicyApply (intIfNum)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, intIfNum, + "%s:Unable to apply port violation policy for port-%s\n", + __FUNCTION__, authmgrIntfIfNameGet(intIfNum)); + return FAILURE; + } + + /* set the learning status */ + if ( SUCCESS != authmgrPortLearningModify (intIfNum)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, intIfNum, + "%s:Unable to modify port learning for port-%s\n", + __FUNCTION__, authmgrIntfIfNameGet(intIfNum)); + return FAILURE; + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose application function to add the authenticated client +* +* @param physPort @b{(input)} internal interface number +* @param macAddr @b{(input)} MAC address of authorized client +* @param vlanId @b{(input)} set to non-zero value to assign this client +* to a VLAN +* @param pTLV @b{(input)} pass a non-NULL pointer to apply a policy +* for this client +* @param blockVlanId @b{(input)} vlan id in which the client is received +* +* @returns SUCCESS +* @returns FAILURE +* @returns ERROR +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrAuthenticatedClientAdd (uint32 physPort, + enetMacAddr_t macAddr, + ushort16 vlanId, + ushort16 blockVlanId) +{ + RC_t rc = SUCCESS, rc1 = SUCCESS; + char8 ifName[ NIM_IF_ALIAS_SIZE + 1]; + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort, + "%s:%d:adding the client %s, vlan= %d to port %s \n", + __FUNCTION__, __LINE__, + AUTHMGR_PRINT_MAC_ADDR(macAddr.addr), vlanId, + authmgrIntfIfNameGet(physPort)); + + if (nimGetIntfName (physPort, ALIASNAME, ifName) != SUCCESS) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to get alias for intf %s", authmgrIntfIfNameGet(physPort)); + rc1 = FAILURE; + goto fail; + } + + if (pacCfgIntfClientAdd(ifName, macAddr.addr, vlanId) != TRUE) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to add client on port %s", ifName); + rc1 = FAILURE; + goto fail; + } + + if ( SUCCESS == rc) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort, + "%s:%d Inserting the mac to fdb table as static entry \n", + __FUNCTION__, __LINE__); + if (0 != blockVlanId) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort, + "%s:%d Unblocking the Client %s with vlan id- %d \n", + __FUNCTION__, __LINE__, + AUTHMGR_PRINT_MAC_ADDR(macAddr.addr), blockVlanId); + + if (blockVlanId != vlanId) + { + if (pacCfgIntfClientUnblock(ifName, macAddr.addr, blockVlanId) != TRUE) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to block port %s", ifName); + rc1 = FAILURE; + } + +fail: + if ( SUCCESS != rc1) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort, + "%s:%d Client operation not successful \n", + __FUNCTION__, __LINE__); + } + } + } + } + + return rc; +} + +/********************************************************************* +* @purpose Set the authmgr physical port authorization status +* +* @param intIfNum @b{(input)} internal interface number +* @param macAddr @b{(input)} MAC address of authorized client +* @param vlanId @b{(input)} set to non-zero value to assign this client +* to a VLAN +* +* @returns SUCCESS +* @returns FAILURE +* @returns ERROR +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrAuthenticatedClientDelete (uint32 physPort, + enetMacAddr_t macAddr, + ushort16 vlanId) +{ + RC_t rc = SUCCESS; + char8 ifName[ NIM_IF_ALIAS_SIZE + 1]; + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort, + "%s:%d:removing the client " + "Mac Addr: %s from port %s \n", + __FUNCTION__, __LINE__, AUTHMGR_PRINT_MAC_ADDR(macAddr.addr), + authmgrIntfIfNameGet(physPort)); + + if (nimGetIntfName (physPort, ALIASNAME, ifName) != SUCCESS) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to get alias for intf %s", authmgrIntfIfNameGet(physPort)); + rc = FAILURE; + goto label; + } + + if (pacCfgIntfClientRemove(ifName, macAddr.addr, vlanId) != TRUE) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to add client on port %s", ifName); + rc = FAILURE; + } + + +label: + if ( SUCCESS != rc) + { + LOGF ( LOG_SEVERITY_NOTICE, + "Error in removing the client details from the driver." + " Could not remove client details from the driver"); + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort, + "\n%s:%d Error in removing the client details from the driver\n", + __FUNCTION__, __LINE__); + } + + return rc; +} + +/********************************************************************* +* @purpose function to cleanup the client hw params such as vlan and other settings +* +* @param logicalPortInfo @b{(input)) client logical port info structure +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrClientHwInfoCleanup (authmgrLogicalPortInfo_t * logicalPortInfo) +{ + RC_t rc = FAILURE; + authmgrPortCfg_t *pCfg; + BOOL valid = FALSE; + authmgrVlanType_t vlanType = 0; + uint32 vlanId = 0; + uint32 physPort = 0, lPort = 0, type = 0; + + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + + AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum); + + if (authmgrIntfIsConfigurable (physPort, &pCfg) != TRUE) + { + return SUCCESS; + } + + if ( AUTHMGR_PORT_AUTO != + authmgrCB->globalInfo->authmgrPortInfo[physPort].portControlMode) + { + return SUCCESS; + } + + /* get the host policy for the current host mode */ + if ( SUCCESS == authmgrStaticFdbEntryValidCheck (physPort, &valid)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort, + "Initiating the HW Info cleanup for the client %d\n", + logicalPortInfo->key.keyNum); + + if (valid) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort, + "trying to remove the static fdb entry for the client %d\n", + logicalPortInfo->key.keyNum); + + rc = SUCCESS; + if (logicalPortInfo->client.attrCreateMask & (1<<(AUTHMGR_HW_ATTR_STATIC_FDB))) + { + /* remove the CPU inserted client */ + rc = authmgrAuthenticatedClientDelete (physPort, + logicalPortInfo->client. + suppMacAddr, + logicalPortInfo->client.vlanId); + logicalPortInfo->client.attrCreateMask &= ~(1<<(AUTHMGR_HW_ATTR_STATIC_FDB)); + } + + if ( SUCCESS != rc) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort, + "%s:%d unable to delete client on " + "port %d logicalPort %d, type %d vlan %d \n", + __FUNCTION__, __LINE__, physPort, lPort, + type, logicalPortInfo->client.vlanId); + + return FAILURE; + } + } + } + + /* take a back up of vlan id and Vlan type */ + vlanType = logicalPortInfo->client.vlanType; + vlanId = logicalPortInfo->client.vlanId; + + /* reset the data from the logical node temporarily */ + logicalPortInfo->client.vlanId = 0; + logicalPortInfo->client.vlanType = AUTHMGR_VLAN_UNASSIGNED; + + /* check if no clients are on the same vlan */ + if ( SUCCESS != authmgrVlanPortDeletionValidate (physPort, vlanId)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort, + "%s:%d unable to clear vlan participation " + "port %d is having additional clients on vlan %d \n", + __FUNCTION__, __LINE__, physPort, vlanId); + return SUCCESS; + } + + + rc = authmgrClientVlanInfoReset (physPort, vlanId); + + if ( SUCCESS != rc) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort, + "%s:%d unable to clear vlan participation " + "port %d from vlan %d \n", + __FUNCTION__, __LINE__, physPort, vlanId); + + /* put back the backed up info */ + logicalPortInfo->client.vlanType = vlanType; + logicalPortInfo->client.vlanId = vlanId; + } + + return rc; +} + +/********************************************************************* +* @purpose function to add cient hw params such as vlan and other settings +* +* @param logicalPortInfo @b{(input)) logical port info structure +* @param macAddr @b{(input)) mac address +* @param vlanId @b{(input)) vlanId +* @param policyIndex @b{(input)) policyIndex +* @param blockVlanId @b{(input)) vlan id on which client is received +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrClientHwInfoAdd (authmgrLogicalPortInfo_t * logicalPortInfo, + enetMacAddr_t macAddr, + ushort16 vlanId, + ushort16 blockVlanId) +{ + RC_t rc = FAILURE; + authmgrPortCfg_t *pCfg; + BOOL valid = FALSE; + uint32 physPort = 0, lPort = 0, type = 0, mask = 0; + char8 ifName[ NIM_IF_ALIAS_SIZE + 1]; + + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + + AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum); + + if (nimGetIntfName (physPort, ALIASNAME, ifName) != SUCCESS) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to get alias for intf %s", authmgrIntfIfNameGet(physPort)); + return FAILURE; + } + + if (authmgrIntfIsConfigurable (physPort, &pCfg) != TRUE) + { + return SUCCESS; + } + + if ( AUTHMGR_PORT_AUTO != + authmgrCB->globalInfo->authmgrPortInfo[physPort].portControlMode) + { + return SUCCESS; + } + + /* see if static fdb entry is allowed */ + if ( SUCCESS == + authmgrStaticFdbEntryValidCheck (physPort, &valid)) + { + if (valid) + { + rc = SUCCESS; + if (!((1<<(AUTHMGR_HW_ATTR_STATIC_FDB) & logicalPortInfo->client.attrCreateMask))) + { + rc = authmgrAuthenticatedClientAdd (physPort, + macAddr, vlanId, blockVlanId); + } + + if ( SUCCESS != rc) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort, + "%s:%d unable to add client on " + "port %d logicalPort %d, type %d vlan %d \n", + __FUNCTION__, __LINE__, physPort, lPort, + type, vlanId); + + authmgrClientHwAddFailPostHwCleanup(logicalPortInfo, mask); + return FAILURE; + } + + mask |= (1<<(AUTHMGR_HW_ATTR_STATIC_FDB)); + logicalPortInfo->client.attrCreateMask |= (1<<(AUTHMGR_HW_ATTR_STATIC_FDB)); + + } + else + { + /* un Block traffic from this client. */ + if ( TRUE == logicalPortInfo->client.dataBlocked) + { + if (0 != logicalPortInfo->client.blockVlanId) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort, + "%s, %d, disabling the settings for logicalInterface %d to permit traffic\n", + __func__, __LINE__, logicalPortInfo->key.keyNum); + if (pacCfgIntfClientUnblock(ifName, logicalPortInfo->client.suppMacAddr.addr, logicalPortInfo->client.blockVlanId) != TRUE) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to block port %s", ifName); + return FAILURE; + } + logicalPortInfo->client.dataBlocked = FALSE; + } + } + } + + /* make the vlan participation */ + + if ( SUCCESS != authmgrClientVlanInfoSet (logicalPortInfo, vlanId)) + { + if (0 == authmgrCB->processInfo.vlanId) + { + authmgrCB->processInfo.vlanId = vlanId; + } + authmgrClientHwAddFailPostHwCleanup(logicalPortInfo, mask); + return FAILURE; + } + + return SUCCESS; + } + + return FAILURE; +} + +/********************************************************************* +* @purpose Set the authmgr client info +* +* @param logicalPortInfo @b{(input)) logical interface structure +* @param client_info @b{(output)) client info +* +* @returns void +* +* @comments none +* +* @end +*********************************************************************/ +static +void authmgrClientInfoPopulate(authmgrLogicalPortInfo_t *logicalPortInfo, + pac_authenticated_clients_oper_table_t *client_info) +{ + uint32 physPort = 0, lPort = 0, type = 0; + + AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum); + + memset(client_info, 0, sizeof(*client_info)); + + client_info->currentIdL = logicalPortInfo->client.currentIdL; + client_info->auth_status = logicalPortInfo->client.logicalPortStatus; + client_info->authenticatedMethod = logicalPortInfo->client.authenticatedMethod; + + memcpy(&client_info->serverState, logicalPortInfo->client.serverState, + logicalPortInfo->client.serverStateLen); + client_info->serverStateLen = logicalPortInfo->client.serverStateLen; + + memcpy(&client_info->serverClass, logicalPortInfo->client.serverClass, + logicalPortInfo->client.serverClassLen); + client_info->serverClassLen = logicalPortInfo->client.serverClassLen; + + client_info->sessionTimeoutRcvdFromRadius = logicalPortInfo->client.sessionTimeout; + if ( TRUE == authmgrCB->globalInfo->authmgrPortInfo[physPort].reAuthPeriodServer) + { + client_info->sessionTimeoutOper = logicalPortInfo->client.sessionTimeout; + } + else if ( TRUE == authmgrCB->globalInfo->authmgrPortInfo[physPort].reAuthEnabled) + { + client_info->sessionTimeoutOper = authmgrCB->globalInfo->authmgrPortInfo[physPort].reAuthPeriod; + } + else + { + client_info->sessionTimeoutOper = 0; + } + + strcpy(client_info->userName, logicalPortInfo->client.authmgrUserName); + + client_info->userNameLen = logicalPortInfo->client.authmgrUserNameLength; + + client_info->terminationAction = logicalPortInfo->client.terminationAction; + + client_info->vlanType = logicalPortInfo->client.vlanType; + + client_info->vlanId = logicalPortInfo->client.vlanId; + + client_info->sessionTime = logicalPortInfo->client.sessionTime; + + client_info->lastAuthTime = logicalPortInfo->client.lastAuthTime; + + client_info->backend_auth_method = logicalPortInfo->client.authMethod; +} + +/********************************************************************* +* @purpose Set the authmgr global info +* +* @param global_info @b{(output)) global info +* +* @returns void +* +* @comments none +* +* @end +*********************************************************************/ +static +void authmgrGlobalAuthInfoPopulate(pac_global_oper_table_t *global_info) +{ + memset(global_info, 0, sizeof(*global_info)); + return; +} + +/********************************************************************* +* @purpose Set the authmgr client authorization status +* +* @param logicalPortInfo @b{(input)) logical interface structure +* @param portStatus @b{(input)) port authorization status setting +* +* @returns SUCCESS +* @returns FAILURE +* @returns ERROR +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrClientStatusSet (authmgrLogicalPortInfo_t * logicalPortInfo, + AUTHMGR_PORT_STATUS_t portStatus) +{ + uint32 physPort = 0, lPort = 0, type = 0; + AUTHMGR_PORT_STATUS_t currentStatus; + pac_authenticated_clients_oper_table_t client_info; + pac_global_oper_table_t global_info; + + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + + AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum); + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort, + "%s:Setting the Logical port-%d to %s\n", __FUNCTION__, + logicalPortInfo->key.keyNum, + (portStatus == + AUTHMGR_PORT_STATUS_AUTHORIZED) ? "Authorize" : + "Unauthorize"); + + /* Verify port status parm value */ + if (portStatus != AUTHMGR_PORT_STATUS_AUTHORIZED + && portStatus != AUTHMGR_PORT_STATUS_UNAUTHORIZED) + { + return FAILURE; + } + + /*If setting to the same value, just return success */ + if (portStatus == logicalPortInfo->client.logicalPortStatus) + { + /* check if the client is authenticated + as part of re-auth */ + if (( AUTHMGR_PORT_STATUS_AUTHORIZED == portStatus) && + (logicalPortInfo->protocol.reauth)) + { + if (logicalPortInfo->client.sessionTimeout != 0) + logicalPortInfo->client.lastAuthTime = simSystemUpTimeGet (); + } + + authmgrClientInfoPopulate(logicalPortInfo, &client_info); + + PacAuthClientOperTblSet(physPort, logicalPortInfo->client.suppMacAddr, &client_info); + + authmgrGlobalAuthInfoPopulate(&global_info); + + PacGlobalOperTblSet(&global_info); + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort, + "%s:%d Status already set \n", __FUNCTION__, __LINE__); + return SUCCESS; + } + + if ((( AUTHMGR_PORT_FORCE_UNAUTHORIZED == + authmgrCB->globalInfo->authmgrPortInfo[physPort].portControlMode) + && ( AUTHMGR_PORT_STATUS_AUTHORIZED == portStatus)) + || + (( AUTHMGR_PORT_FORCE_AUTHORIZED == + authmgrCB->globalInfo->authmgrPortInfo[physPort].portControlMode) + && ( AUTHMGR_PORT_STATUS_UNAUTHORIZED == portStatus))) + { + /* this combination is not allowed.. So just a sanity check */ + return FAILURE; + } + + /* */ + + currentStatus = logicalPortInfo->client.logicalPortStatus; + logicalPortInfo->client.logicalPortStatus = portStatus; + + if ( AUTHMGR_PORT_STATUS_AUTHORIZED == portStatus) + { + /* set the port status to authorized */ + authmgrCB->globalInfo->authmgrPortInfo[physPort].authCount++; + if (authmgrCB->globalInfo->authmgrPortInfo[physPort].portControlMode != + AUTHMGR_PORT_FORCE_AUTHORIZED) + { + authmgrCtlResetLogicalPortSessionData (logicalPortInfo); + + authmgrClientInfoPopulate(logicalPortInfo, &client_info); + + PacAuthClientOperTblSet(physPort, logicalPortInfo->client.suppMacAddr, &client_info); + + authmgrGlobalAuthInfoPopulate(&global_info); + + PacGlobalOperTblSet(&global_info); + + } + } + else + { + if (authmgrCB->globalInfo->authmgrPortInfo[physPort].authCount > 0) + { + if ( AUTHMGR_PORT_STATUS_AUTHORIZED == currentStatus) + { + authmgrCB->globalInfo->authmgrPortInfo[physPort].authCount--; + } + if (authmgrCB->globalInfo->authmgrPortInfo[physPort].portControlMode != + AUTHMGR_PORT_FORCE_UNAUTHORIZED) + { + PacAuthClientOperTblDel(physPort, logicalPortInfo->client.suppMacAddr); + + authmgrGlobalAuthInfoPopulate(&global_info); + PacGlobalOperTblSet(&global_info); + } + } + } + + if (((0 == authmgrCB->globalInfo->authmgrPortInfo[physPort].authCount) && + ( AUTHMGR_PORT_STATUS_UNAUTHORIZED == portStatus)) || + ((1 == authmgrCB->globalInfo->authmgrPortInfo[physPort].authCount) && + ( AUTHMGR_PORT_STATUS_AUTHORIZED == portStatus))) + + { + authmgrIhPhysicalPortStatusSet (physPort, portStatus); + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose function to cleanup the client sw info +* +* @param logicalPortInfo @b{(input)) logical interface structure +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrClientSwInfoCleanup (authmgrLogicalPortInfo_t * logicalPortInfo) +{ + RC_t rc = SUCCESS, rc1 = SUCCESS, rc2 = SUCCESS, rc3 = SUCCESS; + authmgrPortCfg_t *pCfg; + uint32 physPort = 0, lPort = 0, type = 0; + enetMacAddr_t nullMacAddr; + + memset (&nullMacAddr.addr, 0, ENET_MAC_ADDR_LEN); + + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + + AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum); + + if (authmgrIntfIsConfigurable (physPort, &pCfg) != TRUE) + { + return SUCCESS; + } + + if (0 != logicalPortInfo->authmgrMethodNoRespTimer.handle.timer) + { + rc = + authmgrTimerDestroy (authmgrCB->globalInfo->authmgrTimerCB, + logicalPortInfo, AUTHMGR_METHOD_NO_RESP_TMR); + } + + if (0 != logicalPortInfo->authmgrTimer.handle.timer) + { + rc = + authmgrTimerDestroy (authmgrCB->globalInfo->authmgrTimerCB, + logicalPortInfo, + logicalPortInfo->authmgrTimer.cxt.type); + } + + /* send the accounting update */ + if ( AUTHMGR_PORT_STATUS_AUTHORIZED == + logicalPortInfo->client.logicalPortStatus) + { + /* notify the associated method to disconnected client */ + + if ( NULLPTR != + authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client. + authenticatedMethod]. + eventNotifyFn) + { + rc = + authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client. + authenticatedMethod].eventNotifyFn + (physPort, authmgrClientDisconnect, + &logicalPortInfo->client.suppMacAddr); + } + } + else + { + /* 802.1X/MAB clients may be in the process of authenticating. + de-authenticate 802.1X/MAB clients */ + + if ( NULLPTR != + authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client.currentMethod]. + eventNotifyFn) + { + rc = + authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client.currentMethod].eventNotifyFn + (physPort, authmgrClientDisconnect, + &logicalPortInfo->client.suppMacAddr); + } + } + + /* set the client to un-authorized */ + + rc1 = + authmgrClientStatusSet (logicalPortInfo, + AUTHMGR_PORT_STATUS_UNAUTHORIZED); + + if ( TRUE == logicalPortInfo->protocol.eapSuccess) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort, + "%s:Send EAP Success instead of Failure for data client on port [%s]\n\r", + __FUNCTION__, authmgrIntfIfNameGet(physPort)); + + logicalPortInfo->protocol.eapSuccess = FALSE; + authmgrTxCannedSuccess (logicalPortInfo->key.keyNum, AUTHMGR_LOGICAL_PORT); + } + else + { + authmgrTxCannedFail (logicalPortInfo->key.keyNum, AUTHMGR_LOGICAL_PORT); + } + + /*remove supplicant mac address from Mac address Database */ + /*input check */ + if (0 != + memcmp (logicalPortInfo->client.suppMacAddr.addr, nullMacAddr.addr, + ENET_MAC_ADDR_LEN)) + { + rc2 = authmgrMacAddrInfoRemove (&(logicalPortInfo->client.suppMacAddr)); + } + + if (authmgrCB->globalInfo->authmgrPortInfo[physPort].numUsers > 0) + { + authmgrCB->globalInfo->authmgrPortInfo[physPort].numUsers--; + } + + if (authmgrCB->globalInfo->authmgrPortInfo[physPort].numUsers == 0) + { + authmgrIhPhysicalPortStatusSet(physPort, AUTHMGR_PORT_STATUS_UNAUTHORIZED); + } + + /* Deallocate memory for Clients */ + rc3 = authmgrLogicalPortInfoDeAlloc (logicalPortInfo); + + if (( SUCCESS != rc) || + ( SUCCESS != rc1) || ( SUCCESS != rc2) || ( SUCCESS != rc3)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort, + "%s:Unable to clean up client sw info on port-%s\n", + __FUNCTION__, authmgrIntfIfNameGet(physPort)); + return FAILURE; + } + else + { + return SUCCESS; + } +} + +/********************************************************************* +* @purpose function to cleanup the client +* +* @param logicalPortInfo @b{(input)) logical interface structure +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrClientInfoCleanup (authmgrLogicalPortInfo_t * logicalPortInfo) +{ + RC_t rc = SUCCESS, rc1 = SUCCESS; + authmgrPortCfg_t *pCfg; + uint32 physPort = 0, lPort = 0, type = 0; + enetMacAddr_t zeroMac; + BOOL valid = FALSE; + uchar8 ifName[ NIM_IF_ALIAS_SIZE + 1]; + + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + + AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum); + + nimGetIntfName(physPort, ALIASNAME, ifName); + if (authmgrIntfIsConfigurable (physPort, &pCfg) != TRUE) + { + return SUCCESS; + } + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort, + "%s:Deleting client authenticated with method %d on Physical port-%s VLAN type %s \n", + __FUNCTION__, logicalPortInfo->client.authenticatedMethod, authmgrIntfIfNameGet(physPort), + authmgrVlanTypeStringGet(logicalPortInfo->client.vlanType)); + LOGF ( LOG_SEVERITY_NOTICE, + "Client %s is getting disconnected on port (%s) with VLAN type %s.", + AUTHMGR_PRINT_MAC_ADDR(logicalPortInfo->client.suppMacAddr.addr), + ifName, authmgrVlanTypeStringGet (logicalPortInfo->client.vlanType)); + + authmgrCB->oldInfo.vlanId = logicalPortInfo->client.vlanId; + + /* clean up the client info from hw */ + if ( AUTHMGR_PORT_STATUS_AUTHORIZED == + logicalPortInfo->client.logicalPortStatus) + { + rc = authmgrClientHwInfoCleanup (logicalPortInfo); + } + else + { + if (( SUCCESS == authmgrHostIsDynamicNodeAllocCheck + (authmgrCB->globalInfo->authmgrPortInfo[physPort].hostMode, &valid)) && + ( TRUE == valid)) + { + /* if exists unblock the client */ + memset (&zeroMac, 0, sizeof ( enetMacAddr_t)); + + if ((0 != memcmp (zeroMac.addr, logicalPortInfo->client.suppMacAddr.addr, + ENET_MAC_ADDR_LEN)) && + (0 != logicalPortInfo->client.blockVlanId)) + { + if (pacCfgIntfClientUnblock(ifName, logicalPortInfo->client.suppMacAddr.addr, + logicalPortInfo->client.blockVlanId) != TRUE) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to block port %s", ifName); + rc1 = FAILURE; + } + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort, + "%s, %d,Enabling the settings for logicalInterface %d to receive further packets to CPU\n", + __func__, __LINE__, logicalPortInfo->key.keyNum); + + logicalPortInfo->client.dataBlocked = FALSE; + + if ( SUCCESS != rc1) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort, + "%s:%d unable to delete client on " + "port %d logicalPort %d, type %d vlan %d \n", + __FUNCTION__, __LINE__, physPort, logicalPortInfo->key.keyNum, + type, logicalPortInfo->client.vlanId); + } + } + } + else if ( FALSE == valid) + { + /* check if any blocked un-auth clients + are present */ + if (0 != logicalPortInfo->client.blockVlanId) + { + /* if exists unblock the client */ + memset (&zeroMac, 0, sizeof ( enetMacAddr_t)); + + if ((0 != memcmp (zeroMac.addr, logicalPortInfo->client.suppMacAddr.addr, + ENET_MAC_ADDR_LEN)) && + (0 != logicalPortInfo->client.blockVlanId)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort, + "%s, %d,Enabling the settings for logicalInterface %d to receive further packets to CPU\n", + __func__, __LINE__, logicalPortInfo->key.keyNum); + + logicalPortInfo->client.dataBlocked = FALSE; + + if ( SUCCESS != rc1) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort, + "%s:%d unable to delete client on " + "port %s logicalPort %d, type %d vlan %d \n", + __FUNCTION__, __LINE__, authmgrIntfIfNameGet(physPort), lPort, + type, logicalPortInfo->client.vlanId); + } + } + } + } + } + + if ( SUCCESS == rc) + { + rc = authmgrClientSwInfoCleanup (logicalPortInfo); + } + + return rc; +} + +/********************************************************************* +* @purpose function to check and deAllocate the client +* +* @param logicalPortInfo @b{(input)) logical interface structure +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrClientDisconnectAction (authmgrLogicalPortInfo_t * + logicalPortInfo) +{ + RC_t rc = SUCCESS; + authmgrPortCfg_t *pCfg; + uint32 physPort = 0, lPort = 0, type = 0; + BOOL valid = FALSE; + + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + + AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum); + + if (authmgrIntfIsConfigurable (physPort, &pCfg) != TRUE) + { + return SUCCESS; + } + + /* check if the client can be de-allocated */ + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort, + "checking if logicalInterface %d can be disconnected\n", + logicalPortInfo->key.keyNum); + + if ( TRUE != logicalPortInfo->protocol.heldTimerExpired) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort, + "%s:Held time not expired for client on port -%s\n", + __FUNCTION__, authmgrIntfIfNameGet(physPort)); + return FAILURE; + } + + logicalPortInfo->protocol.heldTimerExpired = FALSE; + + if ( SUCCESS == + authmgrHostIsDynamicNodeAllocCheck (authmgrCB->globalInfo-> + authmgrPortInfo[physPort].hostMode, + &valid)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort, + "logicalInterface %d is getting disconnected\n", + logicalPortInfo->key.keyNum); + rc = authmgrClientInfoCleanup (logicalPortInfo); + } + return rc; +} + +/********************************************************************* +* @purpose utility function to check if the client client params needs cleanup +* before adding new params +* @param logicalPortInfo +* @param vlanId +* @param policyId +* @return SUCCESS/ FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrClientInfoCleanupCheck (authmgrClientInfo_t * src, + authmgrClientInfo_t * dst) +{ + AUTHMGR_IF_NULLPTR_RETURN_LOG (src); + AUTHMGR_IF_NULLPTR_RETURN_LOG (dst); + + if ((src->vlanId == dst->vlanId) && + ( AUTHMGR_PORT_STATUS_AUTHORIZED == + src->logicalPortStatus)) + { + return SUCCESS; + } + + return FAILURE; +} + +/********************************************************************* +* @purpose function to perform client related actions if client auth is +* failure or timeout. +* +* @param logicalPortInfo -- client logical port structure +* @return SUCCESS/ FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrClientFailTimeoutAction (authmgrLogicalPortInfo_t * + logicalPortInfo) +{ + uint32 physPort = 0, vlanId = 0; + RC_t rc = SUCCESS; + authmgrClientInfo_t client; + uchar8 ifName[ NIM_IF_ALIAS_SIZE + 1]; + + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + AUTHMGR_PORT_GET (physPort, logicalPortInfo->key.keyNum); + + memset(&client, 0 , sizeof(authmgrClientInfo_t)); + + + nimGetIntfName(physPort, ALIASNAME, ifName); + + + /* check for the allowed data clients */ + + client = logicalPortInfo->client; + client.vlanId = vlanId; + + if ( SUCCESS == + authmgrClientInfoCleanupCheck (&logicalPortInfo->client, &client)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort, + "%s:Nothing changed for logicalPort num-%d\n ", + __FUNCTION__, logicalPortInfo->key.keyNum); + return SUCCESS; + } + + if ( AUTHMGR_PORT_STATUS_AUTHORIZED == + logicalPortInfo->client.logicalPortStatus) + { + /* clean up previous data */ + if ( SUCCESS != authmgrClientHwInfoCleanup (logicalPortInfo)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort, + "%s:Unable to cleanup client hw info logicalPort num-%d\n", + __FUNCTION__, logicalPortInfo->key.keyNum); + } + } + + return rc; +} + +RC_t authmgrBlockFdbCleanup(authmgrLogicalPortInfo_t *logicalPortInfo) +{ + uint32 physPort = 0; + RC_t rc = SUCCESS; + enetMacAddr_t zeroMac; + char8 ifName[ NIM_IF_ALIAS_SIZE + 1]; + + AUTHMGR_IF_NULLPTR_RETURN_LOG(logicalPortInfo); + + AUTHMGR_PORT_GET(physPort, logicalPortInfo->key.keyNum); + + /* if exists unblock the client */ + memset (&zeroMac, 0, sizeof ( enetMacAddr_t)); + + if ((0 != memcmp (zeroMac.addr, logicalPortInfo->client.suppMacAddr.addr, + ENET_MAC_ADDR_LEN)) && + (0 != logicalPortInfo->client.blockVlanId)) + { + /* mac exists */ + if (nimGetIntfName (physPort, ALIASNAME, ifName) != SUCCESS) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to get alias for intf %s", authmgrIntfIfNameGet(physPort)); + return FAILURE; + } + + if ((pacCfgIntfClientUnblock(ifName, logicalPortInfo->client.suppMacAddr.addr, + logicalPortInfo->client.blockVlanId)) != TRUE) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to block port %s", ifName); + rc = FAILURE; + } + } + return rc; +} + + +RC_t authmgrStaticFdbCleanup(authmgrLogicalPortInfo_t *logicalPortInfo) +{ + uint32 physPort = 0; + RC_t rc = SUCCESS; + + AUTHMGR_IF_NULLPTR_RETURN_LOG(logicalPortInfo); + + AUTHMGR_PORT_GET(physPort, logicalPortInfo->key.keyNum); + + if (logicalPortInfo->client.attrCreateMask & (1<<(AUTHMGR_HW_ATTR_STATIC_FDB))) + { + rc = authmgrAuthenticatedClientDelete (physPort, + logicalPortInfo->client. + suppMacAddr, + authmgrCB->processInfo.vlanId); + } + logicalPortInfo->client.attrCreateMask &= ~(1<<(AUTHMGR_HW_ATTR_STATIC_FDB)); + + return rc; + +} + +/************************************************************************* +* @purpose utility function to get function map entry for the given event +* +* @param event @b{(input)} event +* @param elem @b{(input)} Pointer to map entry +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments none +* +* @end +*************************************************************************/ +RC_t authmgrHwCleanupEventFnMapGet (uint32 event, + authmgrHwCleanupEventMap_t * elem) +{ + uint32 i = 0; + static authmgrHwCleanupEventMap_t authmgrHwCleanupEventMapTable[] = { + {AUTHMGR_HW_ATTR_STATIC_FDB, authmgrStaticFdbCleanup}, + {AUTHMGR_HW_ATTR_BLOCK_FDB, authmgrBlockFdbCleanup}, + {AUTHMGR_HW_ATTR_PVID, NULLPTR} + }; + + for (i = 0; + i < + (sizeof (authmgrHwCleanupEventMapTable) / sizeof (authmgrHwCleanupEventMap_t)); + i++) + { + if (event == authmgrHwCleanupEventMapTable[i].event) + { + *elem = authmgrHwCleanupEventMapTable[i]; + return SUCCESS; + } + } + + return FAILURE; +} + +/********************************************************************* +* @purpose utility function to check if the client ckpt params modified +* @param src +* @param dst +* @return SUCCESS/ FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrClientHwAddFailPostHwCleanup (authmgrLogicalPortInfo_t *logicalPortInfo, + uint32 mask) +{ + uint32 i = 0; + authmgrHwCleanupEventMap_t entry; + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + + for (i = 0; i < AUTHMGR_HW_ATTR_LAST; i++) + { + if (mask & (1<< i)) + { + memset(&entry, 0, sizeof(authmgrHwCleanupEventMap_t)); + + authmgrHwCleanupEventFnMapGet(i, &entry); + + if ( NULLPTR != entry.cleanupFn) + { + entry.cleanupFn(logicalPortInfo); + } + } + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose function to cleanup the authenticated client sw info +* +* @param logicalPortInfo @b{(input)) logical interface structure +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrAuthenticatedClientSwInfoCleanup (authmgrLogicalPortInfo_t * logicalPortInfo) +{ + RC_t rc = SUCCESS; + authmgrPortCfg_t *pCfg; + uint32 physPort = 0, lPort = 0, type = 0; + enetMacAddr_t macAddr; + uchar8 userName[AUTHMGR_USER_NAME_LEN] = {0}; + uint32 userNameLength = 0; + + memset(&macAddr, 0, sizeof( enetMacAddr_t)); + + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + + AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum); + + if (authmgrIntfIsConfigurable (physPort, &pCfg) != TRUE) + { + return SUCCESS; + } + + if (0 != logicalPortInfo->authmgrTimer.handle.timer) + { + rc = + authmgrTimerDestroy (authmgrCB->globalInfo->authmgrTimerCB, + logicalPortInfo, + logicalPortInfo->authmgrTimer.cxt.type); + } + + /* send the accounting update */ + if ( AUTHMGR_PORT_STATUS_AUTHORIZED == + logicalPortInfo->client.logicalPortStatus) + { + /* notify the associated method to disconnected client */ + + if ( NULLPTR != + authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client. + authenticatedMethod]. + eventNotifyFn) + { + rc = + authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client. + authenticatedMethod].eventNotifyFn + (physPort, authmgrClientDisconnect, + &logicalPortInfo->client.suppMacAddr); + } + } + + /* set the client to un-authorized */ + + rc = + authmgrClientStatusSet (logicalPortInfo, + AUTHMGR_PORT_STATUS_UNAUTHORIZED); + + + if ( TRUE == logicalPortInfo->protocol.eapSuccess) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort, + "%s:Send EAP Success instead of Failure for data client on port [%d]\n\r", + __FUNCTION__, physPort); + + logicalPortInfo->protocol.eapSuccess = FALSE; + authmgrTxCannedSuccess (logicalPortInfo->key.keyNum, AUTHMGR_LOGICAL_PORT); + } + else + { + authmgrTxCannedFail (logicalPortInfo->key.keyNum, AUTHMGR_LOGICAL_PORT); + } + + memcpy(&macAddr, &logicalPortInfo->client.suppMacAddr, sizeof( enetMacAddr_t)); + + memset(&logicalPortInfo->protocol, 0, sizeof(authmgrProtocolInfo_t)); + memset(&logicalPortInfo->client, 0, sizeof(authmgrClientInfo_t)); + memcpy(&logicalPortInfo->client.suppMacAddr, &macAddr, sizeof( enetMacAddr_t)); + memcpy(logicalPortInfo->client.authmgrUserName, userName, AUTHMGR_USER_NAME_LEN); + logicalPortInfo->client.authmgrUserNameLength = userNameLength; + + return SUCCESS; +} + +/********************************************************************* +* @purpose function to cleanup the authenticated client +* +* @param logicalPortInfo @b{(input)) logical interface structure +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrAuthenticatedClientCleanup (authmgrLogicalPortInfo_t * logicalPortInfo) +{ + RC_t rc = SUCCESS; + authmgrPortCfg_t *pCfg; + uint32 physPort = 0, lPort = 0, type = 0; + enetMacAddr_t clientMac; + uchar8 ifName[ NIM_IF_ALIAS_SIZE + 1]; + uint32 vlanId = 0; + + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + + AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum); + + nimGetIntfName(physPort, ALIASNAME, ifName); + if (authmgrIntfIsConfigurable (physPort, &pCfg) != TRUE) + { + return SUCCESS; + } + + if ( AUTHMGR_PORT_STATUS_AUTHORIZED != + logicalPortInfo->client.logicalPortStatus) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort, + "%s:client is not in authorized state %d on Physical port-%s VLAN type %s \n", + __FUNCTION__, logicalPortInfo->client.logicalPortStatus, ifName, + authmgrVlanTypeStringGet(logicalPortInfo->client.vlanType)); + /* return */ + return FAILURE; + } + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort, + "%s:Deleting client authenticated with method %d on Physical port-%s VLAN type %s \n", + __FUNCTION__, logicalPortInfo->client.authenticatedMethod, ifName, + authmgrVlanTypeStringGet(logicalPortInfo->client.vlanType)); + + memset (&clientMac, 0, sizeof ( enetMacAddr_t)); + memcpy(&clientMac, &logicalPortInfo->client.suppMacAddr, sizeof ( enetMacAddr_t)); + + authmgrCB->oldInfo.vlanId = logicalPortInfo->client.vlanId; + + /* clean up the client info from hw */ + if ( AUTHMGR_PORT_STATUS_AUTHORIZED == + logicalPortInfo->client.logicalPortStatus) + { + rc = authmgrClientHwInfoCleanup (logicalPortInfo); + + authmgrAuthenticatedClientSwInfoCleanup(logicalPortInfo); + logicalPortInfo->client.blockVlanId = vlanId; + logicalPortInfo->client.logicalPortStatus = AUTHMGR_PORT_STATUS_UNAUTHORIZED; + } + + return rc; +} + +/********************************************************************* +* @purpose function to check and cleanup authenticated client's params +* +* @param logicalPortInfo @b{(input)) logical interface structure +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrAuthenticatedClientCleanupAction (authmgrLogicalPortInfo_t * + logicalPortInfo) +{ + return authmgrAuthenticatedClientCleanup(logicalPortInfo); +} + + diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_cnfgr.c b/src/sonic-pac/authmgr/mapping/auth_mgr_cnfgr.c new file mode 100755 index 000000000000..759250e334b8 --- /dev/null +++ b/src/sonic-pac/authmgr/mapping/auth_mgr_cnfgr.c @@ -0,0 +1,553 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#include "auth_mgr_include.h" +#include "auth_mgr_struct.h" +#include "auth_mgr_debug.h" +#include "auth_mgr_auth_method.h" +#include "auth_mgr_ih.h" +#include "auth_mgr_vlan_db.h" +#include "osapi_sem.h" + +authmgrCB_t *authmgrCB = NULLPTR; + +authmgrCnfgrState_t authmgrCnfgrState; +authMgrVlanDbData_t *authmgrVlanStateDb; /* Vlan operational state cache. */ +authMgrVlanDbData_t *authmgrVlanCfgDb; /* Vlan configured state cache. */ + +#define platAuthMgrMaxUsersGet() (512) + +static uint32 platIntfMaxCountGet (void) +{ + return MAX_INTERFACE_COUNT; +} + +/********************************************************************* +* +* @purpose System Initialization for authmgr component +* +* @param none + +* @returns SUCCESS, if success +* @returns FAILURE, if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrInit (void) +{ + /* invoke dependent libraries */ + + authmgrCB = osapiMalloc ( AUTHMGR_COMPONENT_ID, sizeof (authmgrCB_t)); + + if ( NULLPTR == authmgrCB) + { + return FAILURE; + } + + memset (authmgrCB, 0, sizeof (authmgrCB_t)); + + /*semaphore creation for task protection over the common data*/ + authmgrCB->authmgrTaskSyncSema = osapiSemaCCreate( OSAPI_SEM_Q_FIFO, OSAPI_SEM_EMPTY); + if (authmgrCB->authmgrTaskSyncSema == NULL) + { + LOGF( LOG_SEVERITY_NOTICE, + "Unable to create authmgr task semaphore"); + return FAILURE; + } + + authmgrCB->authmgrBulkQueue = + (void *) osapiMsgQueueCreate ("authmgrBulkQueue", AUTHMGR_MSG_COUNT, + (uint32) sizeof (authmgrBulkMsg_t)); + if (authmgrCB->authmgrBulkQueue == NULLPTR) + { + LOGF ( LOG_SEVERITY_INFO, + "authmgrInit: Bulk msgQueue creation error.\n"); + return FAILURE; + } + + authmgrCB->authmgrVlanEventQueue = + (void *) osapiMsgQueueCreate ("authmgrVlanEventQueue", AUTHMGR_VLAN_MSG_COUNT, + (uint32) sizeof (authmgrVlanMsg_t)); + if (authmgrCB->authmgrVlanEventQueue == NULLPTR) + { + LOGF ( LOG_SEVERITY_INFO, + "authmgrInit: VLAN event msgQueue creation error.\n"); + return FAILURE; + } + + authmgrCB->authmgrQueue = + (void *) osapiMsgQueueCreate ("authmgrQueue", AUTHMGR_MSG_COUNT, + (uint32) sizeof (authmgrMsg_t)); + if (authmgrCB->authmgrQueue == NULLPTR) + { + LOGF ( LOG_SEVERITY_INFO, + "authmgrInit: msgQueue creation error.\n"); + return FAILURE; + } + + if (authmgrStartTasks () != SUCCESS) + { + return FAILURE; + } + + return SUCCESS; +} + +/********************************************************************* +* +* @purpose System Init Undo for authmgr component +* +* @param none +* +* @comments none +* +* @end +*********************************************************************/ +void authmgrInitUndo () +{ + if (authmgrCB->authmgrQueue != NULLPTR) + { + osapiMsgQueueDelete (authmgrCB->authmgrQueue); + } + + if (authmgrCB->authmgrBulkQueue != NULLPTR) + { + osapiMsgQueueDelete (authmgrCB->authmgrBulkQueue); + } + + if (authmgrCB->authmgrVlanEventQueue != NULLPTR) + { + osapiMsgQueueDelete (authmgrCB->authmgrVlanEventQueue); + } + + if ( NULL != authmgrCB->authmgrTaskSyncSema) + { + (void)osapiSemaDelete(authmgrCB->authmgrTaskSyncSema); + } + + if ( NULL != authmgrCB->authmgrSrvrTaskSyncSema) + { + (void)osapiSemaDelete(authmgrCB->authmgrSrvrTaskSyncSema); + } + + (void) osapiRWLockDelete (authmgrCB->authmgrRWLock); + (void) osapiRWLockDelete (authmgrCB->authmgrCfgRWLock); + + + if (authmgrCB->authmgrTaskId != 0) + { + osapiTaskDelete (authmgrCB->authmgrTaskId); + } + + if (authmgrCB->authmgrSrvrTaskId != 0) + { + osapiTaskDelete (authmgrCB->authmgrSrvrTaskId); + } + + if ( NULLPTR != authmgrCB) + { + osapiFree ( AUTHMGR_COMPONENT_ID, authmgrCB); + } + + authmgrCnfgrState = AUTHMGR_PHASE_INIT_0; +} + +/********************************************************************* +* @purpose This function process the configurator control commands/request +* pair Init Phase 1. +* +* @param none + +* @param pReason - @b{(output)} Reason if ERROR. +* +* @returns SUCCESS - There were no errors. Response is available. +* +* @returns ERROR - There were errors. Reason code is available. +* +* @comments The following are valid response: +* CNFGR_CMD_COMPLETE +* +* @commets The following are valid error reason code: +* CNFGR_ERR_RC_FATAL +* CNFGR_ERR_RC_LACK_OF_RESOURCES +* +* @end +*********************************************************************/ +RC_t authmgrCnfgrInitPhase1Process (void) +{ + RC_t authmgrRC, rc; + RC_t rc1 = SUCCESS; + RC_t rc2 = SUCCESS; + uint32 authmgrMaxTimerNodes; + + authmgrRC = SUCCESS; + + printf("%s:%d\r\n", __FUNCTION__, __LINE__); + + authmgrCB->globalInfo = + osapiMalloc ( AUTHMGR_COMPONENT_ID, sizeof (authmgrGlobalInfo_t)); + + if ( NULLPTR == authmgrCB->globalInfo) + { + authmgrRC = ERROR; + return authmgrRC; + } + + authmgrCB->globalInfo->authmgrCfg = + osapiMalloc ( AUTHMGR_COMPONENT_ID, sizeof (authmgrCfg_t)); + + authmgrCB->globalInfo->authmgrPortInfo = + osapiMalloc ( AUTHMGR_COMPONENT_ID, + sizeof (authmgrPortInfo_t) * AUTHMGR_INTF_MAX_COUNT); + + rc = authmgrLogicalPortInfoDBInit (platAuthMgrMaxUsersGet ()); + + authmgrCB->globalInfo->authmgrPortSessionStats = + osapiMalloc ( AUTHMGR_COMPONENT_ID, + (sizeof (authmgrPortSessionStats_t) * + (platIntfMaxCountGet () + 1))); + + authmgrCB->globalInfo->authmgrPortStats = + osapiMalloc ( AUTHMGR_COMPONENT_ID, + sizeof (authmgrPortStats_t) * platIntfMaxCountGet ()); + + authmgrCB->globalInfo->authmgrMapTbl = + osapiMalloc ( AUTHMGR_COMPONENT_ID, + sizeof (uint32) * platIntfMaxCountGet ()); + + authmgrVlanStateDb = osapiMalloc( AUTHMGR_COMPONENT_ID, + sizeof (authMgrVlanDbData_t)); + + authmgrVlanCfgDb = osapiMalloc( AUTHMGR_COMPONENT_ID, + sizeof (authMgrVlanDbData_t)); + + if (( NULLPTR == authmgrVlanStateDb) || ( NULLPTR == authmgrVlanCfgDb)) + { + authmgrRC = ERROR; + return authmgrRC; + } + + /* initialize Mac address database */ + + rc = authmgrMacAddrInfoDBInit (platAuthMgrMaxUsersGet ()); + + /* Two timers per client; one for protocol and one for interim accounting. + 30 seconds timer needed for voice clients are not accounted for presently. */ + authmgrMaxTimerNodes = (2 * platAuthMgrMaxUsersGet()); + + /* Allocate buffer pool for App Timer */ + if (bufferPoolInit + ( AUTHMGR_COMPONENT_ID, authmgrMaxTimerNodes, APP_TMR_NODE_SIZE, + "AUTHMGR Timer Bufs", + &authmgrCB->globalInfo->authmgrAppTimerBufferPoolId) != SUCCESS) + { + authmgrRC = ERROR; + + return authmgrRC; + } + + if ((authmgrCB->globalInfo->authmgrCfg == NULLPTR) || + (authmgrCB->globalInfo->authmgrPortInfo == NULLPTR) || + (rc == FAILURE) || + (rc1 == FAILURE) || + (rc2 == FAILURE) || + (authmgrCB->globalInfo->authmgrPortStats == NULLPTR) || + (authmgrCB->globalInfo->authmgrMapTbl == NULLPTR) || + (authmgrCB->globalInfo->authmgrPortSessionStats == NULLPTR)) + { + authmgrRC = ERROR; + + return authmgrRC; + } + + /* Zero bitmasks to indicate no interfaces are enabled */ + memset ((void *) authmgrCB->globalInfo->authmgrCfg, 0, sizeof (authmgrCfg_t)); + memset ((void *) authmgrCB->globalInfo->authmgrPortInfo, 0, + sizeof (authmgrPortInfo_t) * AUTHMGR_INTF_MAX_COUNT); + memset ((void *) authmgrCB->globalInfo->authmgrPortStats, 0, + sizeof (authmgrPortStats_t) * platIntfMaxCountGet ()); + memset ((void *) authmgrCB->globalInfo->authmgrMapTbl, 0, + sizeof (uint32) * platIntfMaxCountGet ()); + memset ((void *) authmgrCB->globalInfo->authmgrPortSessionStats, 0, + sizeof (authmgrPortSessionStats_t) * ( MAX_INTERFACE_COUNT + 1)); + + authmgrCnfgrState = AUTHMGR_PHASE_INIT_1; + + printf("%s:%d\r\n", __FUNCTION__, __LINE__); + + return authmgrRC; +} + +/********************************************************************* +* @purpose This function process the configurator control commands/request +* pair Init Phase 2. +* +* @param pResponse - @b{(output)} Response if SUCCESS. +* +* @param pReason - @b{(output)} Reason if ERROR. +* +* @returns SUCCESS - There were no errors. Response is available. +* +* @returns ERROR - There were errors. Reason code is available. +* +* @comments The following are valid response: +* CNFGR_CMD_COMPLETE +* +* @comments The following are valid error reason code: +* CNFGR_ERR_RC_FATAL +* CNFGR_ERR_RC_LACK_OF_RESOURCES +* +* @end +*********************************************************************/ +RC_t authmgrCnfgrInitPhase2Process (void) +{ + RC_t authmgrRC; + printf("%s:%d\r\n", __FUNCTION__, __LINE__); + + authmgrRC = SUCCESS; + + authmgrCnfgrState = AUTHMGR_PHASE_INIT_2; + + if (nimRegisterIntfChange ( AUTHMGR_COMPONENT_ID, authmgrIntfChangeCallback, + authmgrIntfStartupCallback, NIM_STARTUP_PRIO_AUTHMGR) + != SUCCESS) + { + return FAILURE; + } + + if ( SUCCESS != authmgrEventCallbackRegister( AUTHMGR_METHOD_8021X, + NULL, NULL, + authmgrDot1xEventSend, authmgrDot1xIntfAdminModeGet, + NULL)) + { + return FAILURE; + } + + + if ( SUCCESS != authmgrEventCallbackRegister( AUTHMGR_METHOD_MAB, + NULL, NULL, + authmgrMabEventSend, authmgrMabIntfAdminModeGet, + NULL)) + { + return FAILURE; + } + + return authmgrRC; +} + +/********************************************************************* +* @purpose This function process the configurator control commands/request +* pair Init Phase 3. +* +* @param pResponse - @b{(output)} Response if SUCCESS. +* +* @param pReason - @b{(output)} Reason if ERROR. +* +* @returns SUCCESS - There were no errors. Response is available. +* +* @returns ERROR - There were errors. Reason code is available. +* +* @comments The following are valid response: +* CNFGR_CMD_COMPLETE +* +* @comments The following are valid error reason code: +* CNFGR_ERR_RC_FATAL +* CNFGR_ERR_RC_LACK_OF_RESOURCES +* +* @end +*********************************************************************/ +RC_t authmgrCnfgrInitPhase3Process ( BOOL warmRestart) +{ + RC_t authmgrRC; + + authmgrRC = SUCCESS; + printf("%s:%d\r\n", __FUNCTION__, __LINE__); + + authmgrBuildDefaultConfigData(); + + authmgrCnfgrState = AUTHMGR_PHASE_INIT_3; + if (authmgrCtlApplyConfigData () != SUCCESS) + { + authmgrRC = ERROR; + + return authmgrRC; + } + printf("%s:%d\r\n", __FUNCTION__, __LINE__); + + return authmgrRC; +} + +/********************************************************************* +* @purpose This function undoes authmgrCnfgrInitPhase1Process +* +* @param none +* +* @returns none +* +* @comments none +* +* @end +*********************************************************************/ +void authmgrCnfgrFiniPhase1Process () +{ + if (authmgrCB->globalInfo->authmgrCfg != NULLPTR) + { + osapiFree ( AUTHMGR_COMPONENT_ID, authmgrCB->globalInfo->authmgrCfg); + authmgrCB->globalInfo->authmgrCfg = NULLPTR; + } + + if (authmgrCB->globalInfo->authmgrPortInfo != NULLPTR) + { + osapiFree ( AUTHMGR_COMPONENT_ID, authmgrCB->globalInfo->authmgrPortInfo); + authmgrCB->globalInfo->authmgrPortInfo = NULLPTR; + } + authmgrLogicalPortInfoDBDeInit (); + + if (authmgrCB->globalInfo->authmgrPortStats != NULLPTR) + { + osapiFree ( AUTHMGR_COMPONENT_ID, + authmgrCB->globalInfo->authmgrPortStats); + authmgrCB->globalInfo->authmgrPortStats = NULLPTR; + } + + if (authmgrCB->globalInfo->authmgrMapTbl != NULLPTR) + { + osapiFree ( AUTHMGR_COMPONENT_ID, authmgrCB->globalInfo->authmgrMapTbl); + authmgrCB->globalInfo->authmgrMapTbl = NULLPTR; + } + + authmgrMacAddrInfoDBDeInit (); + + authmgrInitUndo (); + + if (authmgrCB->globalInfo != NULLPTR) + { + osapiFree ( AUTHMGR_COMPONENT_ID, authmgrCB->globalInfo); + authmgrCB->globalInfo = NULLPTR; + } + + authmgrCnfgrState = AUTHMGR_PHASE_INIT_0; +} + +/********************************************************************* +* @purpose This function undoes authmgrCnfgrInitPhase2Process +* +* @param none +* +* @returns none +* +* @comments none +* +* @end +*********************************************************************/ +void authmgrCnfgrFiniPhase3Process () +{ + CNFGR_RESPONSE_t response; + CNFGR_ERR_RC_t reason; + + /* this func will place authmgrCnfgrState to WMU */ + authmgrCnfgrUconfigPhase2 (&response, &reason); +} + +/********************************************************************* +* @purpose This function process the configurator control commands/request +* pair as a NOOP. +* +* @param pResponse - @b{(output)} Response always command complete. +* +* @param pReason - @b{(output)} Always 0 +* +* @returns SUCCESS - Always return this value. onse is available. +* +* +* @comments The following are valid response: +* CNFGR_CMD_COMPLETE +* +* @comments The following are valid error reason code: +* None. +* +* @end +*********************************************************************/ +RC_t authmgrCnfgrNoopProccess ( CNFGR_RESPONSE_t * pResponse, + CNFGR_ERR_RC_t * pReason) +{ + RC_t authmgrRC = SUCCESS; + + /* Return Value to caller */ + *pResponse = CNFGR_CMD_COMPLETE; + *pReason = 0; + return authmgrRC; +} + +/********************************************************************* +* @purpose This function process the configurator control commands/request +* pair Unconfigure Phase 2. +* +* @param pResponse - @b{(output)} Response if SUCCESS. +* +* @param pReason - @b{(output)} Reason if ERROR. +* +* @returns SUCCESS - There were no errors. Response is available. +* +* @returns ERROR - There were errors. Reason code is available. +* +* @comments The following are valid response: +* CNFGR_CMD_COMPLETE +* +* @comments The following are valid error reason code: +* CNFGR_ERR_RC_FATAL +* +* @end +*********************************************************************/ + +RC_t authmgrCnfgrUconfigPhase2 ( CNFGR_RESPONSE_t * pResponse, + CNFGR_ERR_RC_t * pReason) +{ + RC_t authmgrRC; + + *pResponse = CNFGR_CMD_COMPLETE; + *pReason = 0; + authmgrRC = SUCCESS; + + memset (authmgrCB->globalInfo->authmgrCfg, 0, sizeof (authmgrCfg_t)); + + authmgrCnfgrState = AUTHMGR_PHASE_WMU; + + return authmgrRC; +} + +/*************************************************************************** +* @purpose This function process the configurator control commands/request +* pair TERMINATE. +* +* @param pCmdData - @b{(input)} command data. +* +* @returns none. +* +* +* @notes +* +* @end +***************************************************************************/ +void authmgrCnfgrTerminateProcess ( CNFGR_CMD_DATA_t * pCmdData) +{ + +} + + diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_control.c b/src/sonic-pac/authmgr/mapping/auth_mgr_control.c new file mode 100644 index 000000000000..28f56d431bff --- /dev/null +++ b/src/sonic-pac/authmgr/mapping/auth_mgr_control.c @@ -0,0 +1,5503 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define MAC_EAPOL_PDU + +#include "auth_mgr_include.h" +#include "osapi_sem.h" +#include "auth_mgr_exports.h" +#include "auth_mgr_client.h" +#include "auth_mgr_timer.h" +#include "auth_mgr_struct.h" +#include "auth_mgr_auth_method.h" +#include "pac_cfg_authmgr.h" +#include "auth_mgr_vlan_db.h" +#include "pacoper_common.h" + +extern authmgrCB_t *authmgrCB; + +extern authmgrCnfgrState_t authmgrCnfgrState; + +extern authmgrLogicalPortInfo_t processInfo; + +RC_t authmgrClientHwInfoCleanupAndReadd(authmgrLogicalPortInfo_t *logicalPortInfo, + authmgrClientInfo_t *processInfo); + +RC_t authmgrAddMac (uint32 lIntIfNum); + +extern int osapi_proc_set (const char *path, const char *value); + +#define attributeCmp(a, b) \ + if (strlen(a) != 0) \ + { \ + if (memcmp(b, a, sizeof(b)) == 0) \ + { \ + entryFound = TRUE; \ + } \ + else \ + { \ + entryFound = FALSE; \ + break; \ + } \ + } + +#define attributeIntCmp(a, b) \ + if (a) \ + { \ + if (a == b) \ + { \ + entryFound = TRUE; \ + } \ + else \ + { \ + entryFound = FALSE; \ + break; \ + } \ + } + +/********************************************************************* +* @purpose function to compare auth mgr lists +* +* @param list1 auth mgr list1 +* @param list2 auth mgr list2 +* @return TRUE or FALSE +* +* @comments +* +* @end +*********************************************************************/ + BOOL authmgrListArrayCompare ( AUTHMGR_METHOD_t * list1, + AUTHMGR_METHOD_t * list2, + uint32 len) +{ + if (0 != memcmp (list1, list2, len)) + { + return FALSE; + } + + return TRUE; +} + +/********************************************************************* +* @purpose Initialize authmgr tasks and data +* +* @param none +* +* @returns SUCCESS or FAILURE +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrStartTasks () +{ + printf("%s:%d\r\n", __FUNCTION__, __LINE__); + + if (osapiRWLockCreate (&authmgrCB->authmgrRWLock, + OSAPI_RWLOCK_Q_PRIORITY) == FAILURE) + { + LOGF ( LOG_SEVERITY_INFO, + "Error creating authmgrRWlock semaphore \n"); + return FAILURE; + } + + if (osapiRWLockCreate (&authmgrCB->authmgrCfgRWLock, + OSAPI_RWLOCK_Q_PRIORITY) == FAILURE) + { + LOGF ( LOG_SEVERITY_INFO, + "Error creating authmgrCfgRWlock semaphore \n"); + return FAILURE; + } + + /* create authmgrTask - to service authmgr message queue */ + authmgrCB->authmgrTaskId = + osapiTaskCreate ("authmgrTask", (void *) authmgrTask, 0, 0, + 2 * authmgrSidDefaultStackSize (), + authmgrSidDefaultTaskPriority (), + authmgrSidDefaultTaskSlice ()); + + if (authmgrCB->authmgrTaskId == 0) + { + LOGF ( LOG_SEVERITY_INFO, + "Failed to create authmgr task.\n"); + return FAILURE; + } + + if (osapiWaitForTaskInit ( AUTHMGR_TASK_SYNC, WAIT_FOREVER) != + SUCCESS) + { + LOGF ( LOG_SEVERITY_INFO, + "Unable to initialize authmgr task.\n"); + return FAILURE; + } + + /* create authmgrSrvrTask - to service authmgr message queue */ + authmgrCB->authmgrSrvrTaskId = + osapiTaskCreate ("authmgrSrvrTask", (void *) authmgrSrvrTask, 0, 0, + 2 * authmgrSidDefaultStackSize (), + authmgrSidDefaultTaskPriority (), + authmgrSidDefaultTaskSlice ()); + + if (authmgrCB->authmgrSrvrTaskId == 0) + { + LOGF ( LOG_SEVERITY_INFO, + "Failed to create authmgr task.\n"); + return FAILURE; + } + + if (osapiWaitForTaskInit ( AUTHMGR_SRVR_TASK_SYNC, WAIT_FOREVER) != + SUCCESS) + { + LOGF ( LOG_SEVERITY_INFO, + "Unable to initialize authmgr srvr task.\n"); + return FAILURE; + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose authmgr task which serves the request queue +* +* @param none +* +* @returns void +* +* @comments User-interface writes and all are serviced off +* of the authmgrQueue +* +* @end +*********************************************************************/ +void authmgrTask () +{ + authmgrMsg_t msg; + authmgrBulkMsg_t bulkMsg; + authmgrVlanMsg_t vlanMsg; + + printf("%s:%d\r\n", __FUNCTION__, __LINE__); + + (void) osapiTaskInitDone ( AUTHMGR_TASK_SYNC); + + /* allocate the required data structures */ + authmgrCnfgrInitPhase1Process(); + + /* do inter component registration */ + authmgrCnfgrInitPhase2Process(); + + authmgrCnfgrInitPhase3Process( FALSE); + + for (;;) + { + /* Since we are reading from multiple queues, we cannot wait forever + * on the message receive from each queue. Rather than sleep between + * queue reads, use a semaphore to indicate whether any queue has + * data. Wait until data is available. */ + + if (osapiSemaTake(authmgrCB->authmgrTaskSyncSema, WAIT_FOREVER) != SUCCESS) + { + LOGF( LOG_SEVERITY_ERROR, + "Unable to acquire AUTHMGR message queue semaphore."); + continue; + } + + memset(&authmgrCB->processInfo, 0, sizeof(authmgrClientInfo_t)); + memset(&authmgrCB->oldInfo, 0, sizeof(authmgrClientInfo_t)); + + + if (osapiMessageReceive + (authmgrCB->authmgrVlanEventQueue, (void *) &vlanMsg, + (uint32) sizeof (authmgrVlanMsg_t), NO_WAIT) == SUCCESS) + { + (void) authmgrVlanDispatchCmd (&vlanMsg); + } + else if (osapiMessageReceive + (authmgrCB->authmgrQueue, (void *) &msg, + (uint32) sizeof (authmgrMsg_t), NO_WAIT) == SUCCESS) + { + (void) authmgrDispatchCmd (&msg); + } + else if (osapiMessageReceive + (authmgrCB->authmgrBulkQueue, (void *) &bulkMsg, + (uint32) sizeof (authmgrBulkMsg_t), NO_WAIT) == SUCCESS) + { + (void) authmgrBulkDispatchCmd (&bulkMsg); + } + } +} + +/********************************************************************* +* @purpose authmgr srvr task which serves the request queue +* +* @param none +* +* @returns void +* +* @comments external applications are serviced off +* of the authmgrQueue +* +* @end +*********************************************************************/ +void authmgrSrvrTask () +{ + printf("%s:%d\r\n", __FUNCTION__, __LINE__); + + (void) osapiTaskInitDone ( AUTHMGR_SRVR_TASK_SYNC); + + handle_async_resp_data (&authmgrCB->listen_sock); + return; +} + +/********************************************************************* +* @purpose Save the data in a message to a shared memory +* +* @param *data @b{(input)} pointer to data +* @param *msg @b{(input)} authmgr message +* +* @returns SUCCESS or FAILURE +* +* @comments Once the message is serviced, this variable size data will +* be retrieved +* +* @end +*********************************************************************/ +RC_t authmgrFillMsg (void *data, authmgrMsg_t * msg) +{ + switch (msg->event) + { + + case authmgrMgmtAdminModeEnable: + case authmgrMgmtAdminModeDisable: + case authmgrMethodOrderModify: + case authmgrMethodPriorityModify: + break; + + /* events originating from UI */ + case authmgrMgmtPortInitializeSet: + case authmgrMgmtLogicalPortInitializeSet: + case authmgrMgmtPortReauthenticateSet: + case authmgrMgmtLogicalPortReauthenticateSet: + case authmgrMgmtPortControlModeSet: + case authmgrMgmtHostControlModeSet: + case authmgrMgmtPortQuietPeriodSet: + case authmgrMgmtPortInactivePeriodSet: + case authmgrMgmtPortReAuthEnabledSet: + case authmgrMgmtPortMaxUsersSet: + case authmgrPaeCapabilitiesEvent: + case authmgrViolationModeSet: + case authmgrCtlPortInfoReset: + /* add to queue uint32 size */ + memcpy (&msg->data.msgParm, data, sizeof (uint32)); + break; + + case authmgrMgmtPortReAuthPeriodSet: + memcpy (&msg->data.timePeriod, data, sizeof (authmgrMgmtTimePeriod_t)); + break; + + case authmgrIntfChange: + /* add to queue a NIM correlator */ + memcpy (&msg->data.authmgrIntfChangeParms, data, + sizeof (authmgrIntfChangeParms_t)); + break; + + case authmgrIntfStartup: + /* add to queue a NIM correlator */ + memcpy (&msg->data.startupPhase, data, sizeof (NIM_STARTUP_PHASE_t)); + break; + + case authmgrClientTimeout: + case authmgrDelDuplicateEntry: + case authmgrAddMacInMacDB: + case authmgrTimeTick: + case authmgrAuthenticationStart: + case authmgrClientCleanup: + break; /* NULL data, proceed */ + + case authmgrAuthMethodCallbackEvent: + memcpy (&msg->data.authParams, data, sizeof (authmgrAuthRespParams_t)); + break; + + case authmgrAaaInfoReceived: + /* add to queue a char pointer */ + memcpy (&msg->data.authmgrAaaMsg, data, sizeof (authmgrAaaMsg_t)); + break; + + default: + /* unmatched event */ + return FAILURE; + } /* switch */ + + return SUCCESS; +} + +/********************************************************************* +* @purpose Save the bulk data in a message to a shared memory +* +* @param *data @b{(input)} pointer to data +* @param *msg @b{(input)} authmgr message +* +* @returns SUCCESS or FAILURE +* +* @comments Once the message is serviced, this variable size data will +* be retrieved +* +* @end +*********************************************************************/ +RC_t authmgrBulkFillMsg (void *data, authmgrBulkMsg_t * msg) +{ + switch (msg->event) + { + case authmgrUnauthAddrCallBackEvent: + memcpy (&msg->data.unauthParms, data, + sizeof (authmgrUnauthCallbackParms_t)); + break; + + default: + /* unmatched event */ + return FAILURE; + } /* switch */ + + return SUCCESS; +} + +/********************************************************************* +* @purpose Save the VLAN data in a message to a shared memory +* +* @param *data @b{(input)} pointer to data +* @param *msg @b{(input)} authmgr message +* +* @returns SUCCESS or FAILURE +* +* @comments Once the message is serviced, this variable size data will +* be retrieved +* +* @end +*********************************************************************/ +RC_t authmgrVlanFillMsg (void *data, authmgrVlanMsg_t * msg) +{ + switch (msg->event) + { + case authmgrVlanDeleteEvent: + case authmgrVlanAddEvent: + case authmgrVlanAddPortEvent: + case authmgrVlanDeletePortEvent: + case authmgrVlanPvidChangeEvent: + case authmgrVlanConfDeleteEvent: + case authmgrVlanConfPortDeleteEvent: + memcpy (&msg->data.vlanData, data, sizeof (dot1qNotifyData_t)); + break; + + default: + /* unmatched event */ + return FAILURE; + } /* switch */ + + return SUCCESS; +} + +/********************************************************************* +* @purpose Send a command to authmgr queue +* +* @param event @b{(input)} event type +* @param intIfNum @b{(input)} internal interface number +* @param *data @b{(input)} pointer to data +* +* @returns SUCCESS or FAILURE +* +* @comments Command is queued for service +* +* @end +*********************************************************************/ +RC_t authmgrIssueCmd (uint32 event, uint32 intIfNum, void *data) +{ + authmgrMsg_t msg; + authmgrBulkMsg_t bulkMsg; + authmgrVlanMsg_t vlanMsg; + + RC_t rc; + + memset(&msg, 0, sizeof(authmgrMsg_t)); + memset(&bulkMsg, 0, sizeof(authmgrBulkMsg_t)); + memset(&vlanMsg, 0, sizeof(authmgrVlanMsg_t)); + + + /* send message */ + if (event == authmgrUnauthAddrCallBackEvent) + { + if (data != NULLPTR) + { + bulkMsg.event = event; + bulkMsg.intf = intIfNum; + + (void) authmgrBulkFillMsg (data, &bulkMsg); + } + + rc = + osapiMessageSend (authmgrCB->authmgrBulkQueue, &bulkMsg, + (uint32) sizeof (authmgrBulkMsg_t), NO_WAIT, + MSG_PRIORITY_NORM); + } + else if ((event == authmgrVlanDeleteEvent) || + (event == authmgrVlanAddEvent) || + (event == authmgrVlanAddPortEvent) || + (event == authmgrVlanDeletePortEvent) || + (event == authmgrVlanPvidChangeEvent) || + (event == authmgrVlanConfDeleteEvent) || + (event == authmgrVlanConfPortDeleteEvent)) + { + if (data != NULLPTR) + { + vlanMsg.event = event; + vlanMsg.intf = intIfNum; + + (void) authmgrVlanFillMsg (data, &vlanMsg); + } + + rc = + osapiMessageSend (authmgrCB->authmgrVlanEventQueue, &vlanMsg, + (uint32) sizeof (authmgrVlanMsg_t), NO_WAIT, + MSG_PRIORITY_NORM); + } + else + { + msg.event = event; + msg.intf = intIfNum; + if (data != NULLPTR) + { + (void) authmgrFillMsg (data, &msg); + } + + rc = + osapiMessageSend (authmgrCB->authmgrQueue, &msg, + (uint32) sizeof (authmgrMsg_t), NO_WAIT, + MSG_PRIORITY_NORM); + } + + rc = osapiSemaGive(authmgrCB->authmgrTaskSyncSema); + if(rc != SUCCESS) + { + LOGF( LOG_SEVERITY_NOTICE, + "Failed to give msgQueue to Authmgr task sync semaphore.\n"); + } + + + if (rc != SUCCESS) + { + AUTHMGR_ERROR_SEVERE + ("Failed to send to authmgrQueue! Event: %u, interface: %s\n", event, + authmgrIntfIfNameGet(intIfNum)); + } + + return rc; +} + +/********************************************************************* +* @purpose Route the event to a handling function and grab the parms +* +* @param msg @b{(input)} authmgr message +* +* @returns SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrDispatchCmd (authmgrMsg_t * msg) +{ + RC_t rc = FAILURE; + + (void) osapiWriteLockTake (authmgrCB->authmgrRWLock, WAIT_FOREVER); + + memset(&authmgrCB->oldInfo, 0, sizeof(authmgrClientInfo_t)); + + switch (msg->event) + { + case authmgrIntfChange: + rc = authmgrIhProcessIntfChange (msg->intf, + msg->data.authmgrIntfChangeParms.intfEvent, + msg->data.authmgrIntfChangeParms. + nimCorrelator); + break; + + case authmgrIntfStartup: + rc = authmgrIhProcessIntfStartup (msg->data.startupPhase); + break; + + case authmgrTimeTick: + rc = authmgrTimerAction (); + break; + + case authmgrMgmtAdminModeEnable: + rc = authmgrCtlAdminModeEnable(); + break; + + case authmgrMgmtAdminModeDisable: + rc = authmgrCtlAdminModeDisable(); + break; + + case authmgrMgmtPortInitializeSet: + rc = authmgrCtlPortInitializeSet (msg->intf, msg->data.msgParm); + break; + + case authmgrMgmtLogicalPortInitializeSet: + rc = authmgrCtlLogicalPortInitializeSet (msg->intf); + break; + + case authmgrMgmtPortReauthenticateSet: + rc = authmgrCtlPortReauthenticateSet (msg->intf, msg->data.msgParm); + break; + + case authmgrMgmtLogicalPortReauthenticateSet: + rc = authmgrCtlLogicalPortReauthenticateSet (msg->intf, msg->data.msgParm); + break; + + case authmgrMgmtPortControlModeSet: + rc = authmgrCtlPortControlModeSet (msg->intf, msg->data.msgParm); + break; + + case authmgrPaeCapabilitiesEvent: + rc = authmgrPaeCapabilitiesEventProcess (msg->intf, msg->data.msgParm); + break; + + case authmgrViolationModeSet: + rc = authmgrViolationModeSetAction (msg->intf, msg->data.msgParm); + break; + + case authmgrMgmtHostControlModeSet: + rc = authmgrPortCtrlHostModeSet (msg->intf, msg->data.msgParm); + break; + + case authmgrMgmtPortQuietPeriodSet: + rc = authmgrCtlPortQuietPeriodSet (msg->intf, msg->data.msgParm); + break; + + case authmgrMgmtPortReAuthPeriodSet: + rc = authmgrCtlPortReAuthPeriodSet (msg->intf, &msg->data.timePeriod); + break; + + case authmgrMgmtPortReAuthEnabledSet: + rc = authmgrCtlPortReAuthEnabledSet (msg->intf, msg->data.msgParm); + break; + + case authmgrMgmtPortStatsClear: + rc = authmgrCtlPortStatsClear (msg->intf); + break; + + case authmgrMgmtApplyConfigData: + rc = authmgrCtlApplyConfigData (); + break; + + case authmgrMgmtApplyPortConfigData: + rc = authmgrCtlApplyPortConfigData (msg->intf); + break; + + case authmgrMgmtPortMaxUsersSet: + rc = authmgrCtlPortMaxUsersSet (msg->intf, msg->data.msgParm); + break; + + case authmgrAuthMethodCallbackEvent: + rc = authmgrClientCallbackEventProcess (msg->intf, &msg->data.authParams); + break; + + case authmgrClientTimeout: + case authmgrDelDuplicateEntry: + rc = authmgrCtlLogicalPortClientTimeout (msg->intf); + break; + + case authmgrClientCleanup: + rc = authmgrCtlClientCleanup (msg->intf); + break; + + case authmgrAddMacInMacDB: + rc = authmgrAddMac (msg->intf); + break; + + case authmgrAaaInfoReceived: + rc = authmgrRadiusResponseProcess (msg->intf, + msg->data.authmgrAaaMsg.status, + msg->data.authmgrAaaMsg.pResponse, + msg->data.authmgrAaaMsg.respLen); + break; + + case authmgrAuthenticationStart: + authmgrAuthenticationInitiate (msg->intf); + break; + + case authmgrMethodOrderModify: + case authmgrMethodPriorityModify: + rc = authmgrMethodModifyAction (msg->intf); + break; + + case authmgrCtlPortInfoReset: + rc = authmgrCtlPortReset(msg->intf, msg->data.msgParm); + break; + + default: + rc = FAILURE; + } + + (void) osapiWriteLockGive (authmgrCB->authmgrRWLock); + return rc; +} + +/********************************************************************* +* @purpose Route the event to a handling function and grab the parms +* +* @param msg @b{(input)} authmgr message +* +* @returns SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrBulkDispatchCmd (authmgrBulkMsg_t * msg) +{ + RC_t rc = FAILURE; + + (void) osapiWriteLockTake (authmgrCB->authmgrRWLock, WAIT_FOREVER); + + switch (msg->event) + { + case authmgrUnauthAddrCallBackEvent: + rc = + authmgrCtlPortUnauthAddrCallbackProcess (msg->intf, + msg->data.unauthParms.macAddr, + msg->data.unauthParms.vlanId); + break; + default: + rc = FAILURE; + } + + (void) osapiWriteLockGive (authmgrCB->authmgrRWLock); + return rc; +} + +/********************************************************************* +* @purpose Route the event to a handling function and grab the parms +* +* @param msg @b{(input)} authmgr message +* +* @returns SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrVlanDispatchCmd (authmgrVlanMsg_t * msg) +{ + RC_t rc = FAILURE; + + (void) osapiWriteLockTake (authmgrCB->authmgrRWLock, WAIT_FOREVER); + + switch (msg->event) + { + case authmgrVlanDeleteEvent: + case authmgrVlanAddEvent: + case authmgrVlanAddPortEvent: + case authmgrVlanDeletePortEvent: + case authmgrVlanPvidChangeEvent: + case authmgrVlanConfDeleteEvent: + case authmgrVlanConfPortDeleteEvent: + authmgrVlanChangeProcess (msg->event, msg->intf, &(msg->data.vlanData)); + rc = SUCCESS; + break; + + default: + rc = FAILURE; + } + + (void) osapiWriteLockGive (authmgrCB->authmgrRWLock); + return rc; +} + +/********************************************************************* +* @purpose Add supplicant MAC in MAC database +* +* @param lIntIfNum @b{(input)} logical interface number +* on which client is received +* +* @returns SUCCESS or FAILURE +* +* @end +*********************************************************************/ + +RC_t authmgrAddMac (uint32 lIntIfNum) +{ + authmgrLogicalPortInfo_t *entry = NULLPTR; + RC_t rc = FAILURE; + + entry = authmgrLogicalPortInfoGet (lIntIfNum); + if (entry != NULLPTR) + { + rc = authmgrMacAddrInfoAdd (&(entry->client.suppMacAddr), lIntIfNum); + } + return rc; +} + +/********************************************************************* +* @purpose Check if client is to be processed considering logical port +* use and availability using dynamic allocation +* +* @param *srcMac @b{(input)} supplicant mac address +* @param intIfNum @b{(input)} physical interface +* @param existing_node @b{(output)} is already existing node +* +* @returns SUCCESS or FAILURE +* +* @comments Command is queued for service +* +* @end +*********************************************************************/ +RC_t authmgrDynamicUserPduMapCheck (uint32 intIfNum, char8 * srcMac, + uint32 * lIntIfNum, + BOOL * existing_node) +{ + uint32 lIndex; + authmgrPortCfg_t *pCfg; + authmgrLogicalPortInfo_t *logicalPortInfo; + uint32 physPort = 0, lPort = 0, type = 0; + +#ifdef AUTHMGR_MAC_MOVE_ON + enetMacAddr_t macAddr; +#endif + + *existing_node = FALSE; + + /* Get the port mode */ + if ( TRUE != authmgrIntfIsConfigurable (intIfNum, &pCfg)) + { + return FAILURE; + } + + if ( AUTHMGR_PORT_AUTO == pCfg->portControlMode) + { + /* loop based on the intIfNum */ + lIndex = AUTHMGR_LOGICAL_PORT_ITERATE; + while ( NULLPTR != + (logicalPortInfo = + authmgrLogicalPortInfoGetNextNode (intIfNum, &lIndex))) + { + if (0 == + memcmp (srcMac, logicalPortInfo->client.suppMacAddr.addr, + MAC_ADDR_LEN)) + { + *lIntIfNum = lIndex; + *existing_node = TRUE; + return SUCCESS; + } + } + +#ifdef AUTHMGR_MAC_MOVE_ON + memcpy (macAddr.addr, srcMac, MAC_ADDR_LEN); + if ( SUCCESS == authmgrMacAddrInfoFind (&macAddr, lIntIfNum)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, intIfNum, + "\n%s:%d: Found the device : %s on interface:%s \n", + __FUNCTION__, __LINE__, AUTHMGR_PRINT_MAC_ADDR(srcMac), + authmgrIntfIfNameGet(intIfNum)); + + if ( NULLPTR != authmgrLogicalPortInfoGet (*lIntIfNum)) + { + /* get the key and unpack */ + AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, *lIntIfNum); + + if (physPort != intIfNum) + { + uchar8 ifNamel[ NIM_IF_ALIAS_SIZE + 1]; + + nimGetIntfName (physPort, ALIASNAME, ifNamel); + + /* Remove client from previous interface */ + if ( SUCCESS != authmgrCtlLogicalPortClientTimeout(*lIntIfNum)) + { + LOGF ( LOG_SEVERITY_DEBUG, + "Duplicate client %s detected on interface %s (intIfNum %d). Unable to remove.", + AUTHMGR_PRINT_MAC_ADDR(srcMac), ifNamel, physPort); + return FAILURE; + } + else + { + LOGF ( LOG_SEVERITY_DEBUG, + "Duplicate client %s detected on interface %s (intIfNum %d) and removed.", + AUTHMGR_PRINT_MAC_ADDR(srcMac), ifNamel, physPort); + } + } + } + } +#endif + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].numUsers >= + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].maxUsers) + { + return FAILURE; + } + + /* allocate a new logical port for this supplicant */ + logicalPortInfo = authmgrLogicalPortInfoAlloc (intIfNum); + + if (logicalPortInfo != NULLPTR) + { + authmgrLogicalPortInfoInit (logicalPortInfo->key.keyNum); + + /* logicalPortInfo->inUse = TRUE; */ + *existing_node = FALSE; + *lIntIfNum = logicalPortInfo->key.keyNum; + + memcpy (logicalPortInfo->client.suppMacAddr.addr, srcMac, + MAC_ADDR_LEN); + + /* add mac address to Mac Addr Database*/ + if (authmgrAddMac(logicalPortInfo->key.keyNum) != SUCCESS) + { + LOGF ( LOG_SEVERITY_ERROR, + "Failed to add MAC entry %s" + " in MAC database for interface %s (intIfNum %d, logical port %d). Reason: Failed to send event authmgrAddMacInMacDB\n", + AUTHMGR_PRINT_MAC_ADDR(srcMac), authmgrIntfIfNameGet(intIfNum), intIfNum, logicalPortInfo->key.keyNum); + authmgrLogicalPortInfoDeAlloc (logicalPortInfo); + return FAILURE; + } + + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].numUsers++; + /* authmgrCtlApplyLogicalPortConfigData(logicalPortInfo->key.keyNum); */ + return SUCCESS; + } + } + return FAILURE; +} + +/********************************************************************* +* @purpose Check if client is to be processed considering logical port +* use and availability +* +* @param intIfNum @b{(input)} physical interface +* @param *srcMac @b{(input)} supplicant mac address +* @param lIntIfNum @b{(input)} logical interface +* @param existing_node @b{(output)} is already existing node +* +* @returns SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrCheckMapPdu (uint32 intIfNum, char8 * srcMac, + uint32 * lIntIfNum, BOOL * existingNode) +{ + authmgrPortCfg_t *pCfg; + BOOL valid = FALSE; + + *existingNode = FALSE; + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + + /* Get the port mode */ + if ( TRUE != authmgrIntfIsConfigurable (intIfNum, &pCfg)) + { + return FAILURE; + } + + /* check the host mode validity */ + if ( SUCCESS != authmgrHostIsDynamicNodeAllocCheck + (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode, &valid)) + { + /* some thing is wrong. */ + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, intIfNum, + "%s:%d:Unable to get the host mode %s", __FUNCTION__, + __LINE__, + authmgrHostModeStringGet (authmgrCB->globalInfo-> + authmgrPortInfo[intIfNum]. + hostMode)); + return FAILURE; + } + + if ( FALSE == valid) + { + } + else + { + /* logical nodes are dynamically allocated */ + return authmgrDynamicUserPduMapCheck (intIfNum, srcMac, lIntIfNum, + existingNode); + } + return FAILURE; +} + +/********************************************************************* +* @purpose This routine starts the application timer +* +* @param none +* +* @returns SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrTimerAction () +{ + if (!AUTHMGR_IS_READY) + { + return SUCCESS; + } + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + + appTimerProcess (authmgrCB->globalInfo->authmgrTimerCB); + + return SUCCESS; +} + +void authmgrIntfOperBuildDefault(uint32 intIfNum) +{ + authmgrPortInfo_t *pOper; + + pOper = &authmgrCB->globalInfo->authmgrPortInfo[intIfNum]; + memset(pOper, 0, sizeof(authmgrPortInfo_t)); + + pOper->portControlMode = FD_AUTHMGR_PORT_MODE; + pOper->hostMode = FD_AUTHMGR_HOST_MODE; + pOper->quietPeriod = FD_AUTHMGR_RESTART_TIMER_VAL; + pOper->reAuthPeriod = FD_AUTHMGR_PORT_REAUTH_PERIOD; + pOper->reAuthEnabled = FD_AUTHMGR_PORT_REAUTH_ENABLED; + pOper->reAuthPeriodServer = FD_AUTHMGR_PORT_REAUTH_PERIOD_FROM_SERVER; + pOper->maxUsers = FD_AUTHMGR_PORT_MAX_USERS; + pOper->authFailRetryMaxCount = FD_AUTHMGR_RADIUS_MAX_AUTH_ATTEMPTS; + + pOper->paeCapabilities = FD_AUTHMGR_PORT_PAE_CAPABILITIES; + +} + +/********************************************************************* +* @purpose Set initialize value for a port +* +* @param intIfNum @b{(input)) internal interface number +* @param initialize @b{(input)) initialize value +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments This value is set to TRUE by management in order to force +* initialization of a port. It is re-set to FALSE after +* initialization has completed. +* +* @end +*********************************************************************/ +RC_t authmgrCtlPortInitializeSet (uint32 intIfNum, BOOL initialize) +{ + uchar8 paeCapabilities = 0; + RC_t rc = SUCCESS; + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, intIfNum, + "%s:Intialize physical port-%d \n", __FUNCTION__, + intIfNum); + + authmgrPortInfoCleanup (intIfNum); + + (void)authmgrDot1xPortPaeCapabilitiesGet(intIfNum, &paeCapabilities); + + if (paeCapabilities == DOT1X_PAE_PORT_AUTH_CAPABLE) + { + rc = authmgrCtlApplyPortConfigData(intIfNum); + } + + return rc; +} + +/********************************************************************* +* @purpose Set initialize logical port +* +* @param lIntIfNum @b{(input)) Logical internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrCtlLogicalPortInitializeSet (uint32 lIntIfNum) +{ + authmgrLogicalPortInfo_t *logicalPortInfo; + uint32 physPort = 0, lPort = 0, type = 0; + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum); + if (logicalPortInfo) + { + AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, + logicalPortInfo->key.keyNum); + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort, + "%s:Intialize Logical port-%d type %s\n", __FUNCTION__, + lIntIfNum, authmgrNodeTypeStringGet (type)); + + return authmgrCtlApplyLogicalPortConfigData (lIntIfNum); + } + return SUCCESS; +} + +/********************************************************************* +* @purpose Set reauthentication value for a port +* +* @param intIfNum @b{(input)) internal interface number +* @param reauthenticate @b{(input)) reauthentication value +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments This value is set to TRUE by management in order to force +* reauthentication of a port. It is re-set to FALSE after +* reauthentication has completed. +* +* @end +*********************************************************************/ +RC_t authmgrCtlPortReauthenticateSet (uint32 intIfNum, + BOOL reauthenticate) +{ + RC_t rc = SUCCESS; + uint32 lIntIfNum; + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + + lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE; + while (authmgrLogicalPortInfoGetNextNode (intIfNum, &lIntIfNum) != NULLPTR) + { + rc = authmgrCtlLogicalPortReauthenticateSet (lIntIfNum, reauthenticate); + } + return rc; +} + +/********************************************************************* +* @purpose Set reauthentication value for a port +* +* @param intIfNum @b{(input)) internal interface number +* @param reauthenticate @b{(input)) reauthentication value +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments This value is set to TRUE by management in order to force +* reauthentication of a port. It is re-set to FALSE after +* reauthentication has completed. +* +* @end +*********************************************************************/ +RC_t authmgrCtlLogicalPortReauthenticateSet (uint32 lIntIfNum, + BOOL reauthenticate) +{ + RC_t rc = SUCCESS; + uint32 physPort = 0, lPort = 0, type = 0; + authmgrLogicalPortInfo_t *logicalPortInfo; + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum); + + if (logicalPortInfo != NULLPTR) + { + AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, lIntIfNum); + if (0 != logicalPortInfo->key.keyNum) + { + if (AUTHMGR_AUTHENTICATED != logicalPortInfo->protocol.authState) + { + LOGF ( LOG_SEVERITY_DEBUG, + "Skipping reauthentication request for clients which are not already authenticated."); + return SUCCESS; + } + + logicalPortInfo->client.reAuthenticate = TRUE; + logicalPortInfo->protocol.reauth = TRUE; + + LOGF ( LOG_SEVERITY_INFO, + "re-authentication triggered for client with mac address %s on port %s.", + AUTHMGR_PRINT_MAC_ADDR(logicalPortInfo->client.suppMacAddr.addr), + authmgrIntfIfNameGet(physPort)); + + rc = authmgrStateMachineClassifier (authmgrReauthenticate, lIntIfNum); + } + } + else + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort, + "%s:Reauth set fail for client\n", __FUNCTION__); + + rc = FAILURE; + } + + return rc; +} + +/********************************************************************* +* @purpose Set port control mode based on the control mode +* +* @param intIfNum @b{(input)) internal interface number +* @param portControl @b{(input)) port control mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrPortCtrlModeSet (uint32 intIfNum, + AUTHMGR_PORT_CONTROL_t portControl) +{ + RC_t rc = SUCCESS; + authmgrPortCfg_t *pCfg; + uint32 i = 0; + char8 ifName[ NIM_IF_ALIAS_SIZE + 1]; + + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE) + { + return SUCCESS; + } + + authmgrHostModeHwPolicyApply ( AUTHMGR_INVALID_HOST_MODE, intIfNum, FALSE); + + switch (portControl) + { + case AUTHMGR_PORT_FORCE_UNAUTHORIZED: + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode = + portControl; + /* remove port from member of all vlans */ + authmgrVlanAcquirePort(intIfNum); + rc = authmgrPortControlForceUnAuthActionSet (intIfNum); + break; + + case AUTHMGR_PORT_FORCE_AUTHORIZED: + + if (nimGetIntfName (intIfNum, ALIASNAME, ifName) != SUCCESS) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to get alias for intf %s", authmgrIntfIfNameGet(intIfNum)); + return FAILURE; + } + + if ( TRUE != authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled) + { + authmgrVlanReleasePort(intIfNum); + return SUCCESS; + } + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode = + portControl; + + rc = authmgrPortPvidSet(intIfNum, 0); + + if (rc != SUCCESS) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to set PVID back to 0 for %s", ifName); + } + + authmgrVlanReleasePort(intIfNum); + rc = authmgrPortControlForceAuthActionSet (intIfNum); + break; + + case AUTHMGR_PORT_AUTO: + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode = + portControl; + /* remove port from member of all vlans */ + authmgrVlanAcquirePort(intIfNum); + authmgrIhPhysicalPortStatusSet(intIfNum, AUTHMGR_PORT_STATUS_UNAUTHORIZED); + rc = authmgrPortControlAutoActionSet (intIfNum); + break; + + default: + rc = FAILURE; + } + + for (i = 0; i < AUTHMGR_METHOD_MAX; i++) + { + if ( NULLPTR != authmgrCB->globalInfo->authmgrCallbacks[i].portCtrlFn) + { + authmgrCB->globalInfo->authmgrCallbacks[i].portCtrlFn (intIfNum, + portControl); + } + } + + return rc; +} + +/********************************************************************* +* @purpose control function to set port control mode +* +* @param intIfNum @b{(input)) internal interface number +* @param portControl @b{(input)) port control mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrCtlPortControlModeSet (uint32 intIfNum, + AUTHMGR_PORT_CONTROL_t portControl) +{ + RC_t rc = SUCCESS; + authmgrPortCfg_t *pCfg; + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE) + { + return SUCCESS; + } + + if ( DOT1X_PAE_PORT_AUTH_CAPABLE != + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities) + { + return rc; + } + if (portControl == + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode) + { + return rc; + } + + /* clean up previous info */ + authmgrPortInfoCleanup (intIfNum); + authmgrPortInfoInitialize (intIfNum, TRUE); + authmgrMethodOrderChangeProcess (intIfNum); + + return authmgrPortCtrlModeSet (intIfNum, portControl); +} + +/********************************************************************* +* @purpose Set authentication restart period value +* +* @param intIfNum @b{(input)) internal interface number +* @param quietPeriod @b{(input)) authentication restart period +* +* @returns SUCCESS +* +* @comments The quietPeriod is the initialization value for quietWhile, +* which is a timer used by the Authenticator state machine +* to define periods of time in which it will not attempt to +* acquire a Supplicant. +* +* @end +*********************************************************************/ +RC_t authmgrCtlPortQuietPeriodSet (uint32 intIfNum, uint32 quietPeriod) +{ + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].quietPeriod = quietPeriod; + return SUCCESS; +} + +/********************************************************************* +* @purpose Set the Reauthentication period +* +* @param intIfNum @b{(input)) internal interface number +* @param reAuthPeriod @b{(input)) reauthentication period +* +* @returns SUCCESS +* +* @comments The reAuthPeriod is the initialization value for reAuthWhen, +* which is a timer used by the Authenticator state machine to +* determine when reauthentication of the Supplicant takes place. +* +* @end +*********************************************************************/ +RC_t authmgrCtlPortReAuthPeriodSet (uint32 intIfNum, + authmgrMgmtTimePeriod_t * params) +{ + authmgrLogicalPortInfo_t *logicalPortInfo; + uint32 lIntIfNum = 0; + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthPeriodServer = + params->reAuthPeriodServer; + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthPeriod = params->val; + + lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE; + while ((logicalPortInfo = + authmgrLogicalPortInfoGetNextNode(intIfNum, + &lIntIfNum)) != NULLPTR) + { + if ( TRUE == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthEnabled) + { + authmgrTimerStart(logicalPortInfo, AUTHMGR_REAUTH_WHEN); + } + } + return SUCCESS; +} + +/********************************************************************* +* @purpose Set the Reauthentication mode +* +* @param intIfNum @b{(input)) internal interface number +* @param reAuthEnabled @b{(input)) reauthentication mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments The reAuthEnabled mode determines whether reauthentication +* of the Supplicant takes place. +* +* @end +*********************************************************************/ +RC_t authmgrCtlPortReAuthEnabledSet (uint32 intIfNum, + BOOL reAuthEnabled) +{ + RC_t rc = SUCCESS; + uint32 lIntIfNum = 0; + authmgrLogicalPortInfo_t *logicalPortInfo; + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + if (reAuthEnabled == + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthEnabled) + { + return SUCCESS; + } + + /* Whenever the reAuthEnabled setting is changed, reset the reAuthWhen timer + */ + + lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE; + while ((logicalPortInfo = + authmgrLogicalPortInfoGetNextNode (intIfNum, + &lIntIfNum)) != NULLPTR) + { + logicalPortInfo->client.reAuthenticate = + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthEnabled; + + if ( AUTHMGR_PORT_STATUS_AUTHORIZED == + logicalPortInfo->client.logicalPortStatus) + { + if (reAuthEnabled == FALSE) + { + if (AUTHMGR_REAUTH_WHEN == logicalPortInfo->authmgrTimer.cxt.type) + { + /* stop the timer */ + authmgrTimerDestroy (authmgrCB->globalInfo->authmgrTimerCB, + logicalPortInfo, AUTHMGR_REAUTH_WHEN); + } + } + else + { + authmgrTimerStart (logicalPortInfo, AUTHMGR_REAUTH_WHEN); + } + } + } + + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthEnabled = + reAuthEnabled; + return rc; +} + +/********************************************************************* +* @purpose Clear authmgr stats for specified port +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrCtlPortStatsClear (uint32 intIfNum) +{ + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + memset (&authmgrCB->globalInfo->authmgrPortStats[intIfNum], 0, + sizeof (authmgrPortStats_t)); + return SUCCESS; +} + +/********************************************************************* +* @purpose Apply authmgr config data +* +* @param void +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrCtlApplyConfigData (void) +{ + + /* Apply the global admin mode for authmgr */ + if (authmgrCB->globalInfo->authmgrCfg->adminMode == ENABLE) + { + authmgrCtlAdminModeEnable (); + } + else + { + authmgrCtlAdminModeDisable (); + } + return SUCCESS; +} + +/********************************************************************* +* @purpose Apply authmgr config data to specified interface +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrCtlApplyPortConfigData (uint32 intIfNum) +{ + authmgrPortCfg_t *pCfg; + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE) + { + return SUCCESS; + } + + authmgrPortInfoInitialize (intIfNum, TRUE); + + if ( DOT1X_PAE_PORT_AUTH_CAPABLE != + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities) + { + return SUCCESS; + } + authmgrMethodOrderChangeProcess (intIfNum); + + authmgrPortCtrlModeSet (intIfNum, pCfg->portControlMode); + return SUCCESS; +} + +/********************************************************************* +* @purpose Notifies authmgr has released the interface. +* +* @param intIfNum @b{(input)} internal interface number +* @param VlanId @b{(input)} VlanId +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrCtlPortAuthmgrRelease (uint32 intIfNum, uint32 vlanId) +{ + return SUCCESS; +} + +/********************************************************************* +* @purpose function to handle vlan ents +* +* @param event dot1q event +* @param intIfNum interface number +* @param vlanData vlan event data +* +* @comments +* +* @end +*********************************************************************/ +void authmgrVlanChangeProcess (uint32 event, uint32 intIfNum, + dot1qNotifyData_t * vlanData) +{ + uint32 i = 0, vlanId = 0, numVlans = 0; + RC_t rc; + dot1qTaggingMode_t tagging = DOT1Q_MEMBER_UNTAGGED; + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, 0, + "Authmgr not Enabled.\r\n"); + return; + } + + for (i = 1; i <= VLAN_MAX_MASK_BIT; i++) + { + { + vlanId = vlanData->data.vlanId; + /* For any continue, we will break out */ + i = VLAN_MAX_MASK_BIT + 1; + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, 0, + "authmgrEvent %d port %s vlan %d", event, authmgrIntfIfNameGet(intIfNum), vlanId); + } + switch (event) + { + case authmgrVlanDeleteEvent: + authmgrVlanDeleteProcess (vlanId); + break; + + case authmgrVlanDeletePortEvent: + if ( TRUE == vlanData->tagged) + { + tagging = DOT1Q_MEMBER_TAGGED; + } + authmgrVlanPortDeleteProcess (intIfNum, vlanId, tagging); + + break; + + case authmgrVlanAddEvent: + rc = authmgrVlanAddProcess (vlanId); + break; + + case authmgrVlanAddPortEvent: + if ( TRUE == vlanData->tagged) + { + tagging = DOT1Q_MEMBER_TAGGED; + } + rc = authmgrVlanPortAddProcess (intIfNum, vlanId, tagging); + break; + + case authmgrVlanPvidChangeEvent: + rc = authmgrVlanPVIDChangeEventProcess (intIfNum, vlanId); + break; + + case authmgrVlanConfDeleteEvent: + authmgrVlanConfDeleteProcess (vlanId); + break; + + case authmgrVlanConfPortDeleteEvent: + authmgrVlanConfPortDeleteProcess (intIfNum, vlanId); + break; + + } + numVlans++; + } +} + +/********************************************************************* +* @purpose Set max users value +* +* @param intIfNum @b{(input)) internal interface number +* @param maxUsers @b{(input)) max users +* +* @returns SUCCESS +* +* @comments The maxUsers is the maximum number of hosts that can be +* authenticated on a port using mac based authentication +* +* @end +*********************************************************************/ +RC_t authmgrCtlPortMaxUsersSet (uint32 intIfNum, uint32 maxUsers) +{ + RC_t rc = SUCCESS; + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + + /* Check the operating host mode. + Max users are applicable for multi-auth mode only. + Ignore if mode is different. */ + + if ( AUTHMGR_MULTI_AUTH_MODE == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode) + { + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].maxUsers = maxUsers; + + if ( AUTHMGR_PORT_AUTO == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode) + { + if (maxUsers < authmgrCB->globalInfo->authmgrPortInfo[intIfNum].numUsers) + { + LOGF ( LOG_SEVERITY_INFO, + "Cleaning all clients on port as new max user cfg [%d] < current no. of users [%d].", + maxUsers, authmgrCB->globalInfo->authmgrPortInfo[intIfNum].numUsers); + authmgrPortInfoCleanup(intIfNum); + rc = authmgrCtlApplyPortConfigData (intIfNum); + } + } + } + + return rc; +} + +/********************************************************************* +* @purpose Apply authmgr logical config data to specified interface +* +* @param lIntIfNum @b{(input)) Logical internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrCtlApplyLogicalPortConfigData (uint32 lIntIfNum) +{ + uint32 physPort; + + AUTHMGR_PORT_GET (physPort, lIntIfNum); + + /* Initialize state machines */ + if (authmgrCB->globalInfo->authmgrPortInfo[physPort].portControlMode == + AUTHMGR_PORT_AUTO + || authmgrCB->globalInfo->authmgrPortInfo[physPort].portEnabled == + FALSE) + { + authmgrLogicalPortInfoInit (lIntIfNum); + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose Reset authmgr session data to specified interface +* +* @param logicalPortInfo @b{(input)) Logical Port Info node +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrCtlResetLogicalPortSessionData (authmgrLogicalPortInfo_t * + logicalPortInfo) +{ + /* logicalPortInfo->client.sessionTime = simSystemUpTimeGet ();*/ + if (logicalPortInfo->client.sessionTimeout != 0) + logicalPortInfo->client.lastAuthTime = logicalPortInfo->client.sessionTime; + return SUCCESS; +} + +/********************************************************************* +* @purpose Reset authmgr session data to specified interface +* +* @param logicalPortInfo @b{(input)) Logical Port Info node +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrCtlStopLogicalPortSessionData (authmgrLogicalPortInfo_t * + logicalPortInfo) +{ + uint32 tempU32 = 0; + if (tempU32 > logicalPortInfo->client.sessionTime) + { + logicalPortInfo->client.sessionTime = + tempU32 - logicalPortInfo->client.sessionTime; + } + else + { + logicalPortInfo->client.sessionTime = 0xffffffff - + logicalPortInfo->client.sessionTime + tempU32; + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose Disable radius assigned vlan on a specified interface +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrCtlLogicalPortVlanAssignedReset (uint32 lIntIfNum) +{ + RC_t rc = FAILURE; + authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR; + + logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum); + rc = authmgrClientInfoCleanup (logicalPortInfo); + + return rc; +} + + +/********************************************************************* +* @purpose Process the unauthenticated Users on the port +* +* @param intIfNum @b{(input)) internal interface number +* @param macAddr @b{(input)) mac address +* @param vlanId @b{(input)} vlan id +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrCtlPortUnauthAddrCallbackProcess (uint32 intIfNum, + enetMacAddr_t macAddr, + ushort16 vlanId) +{ + uint32 lIntIfNum = 0; + BOOL exists; + authmgrPortCfg_t *pCfg; + authmgrLogicalPortInfo_t *logicalPortInfo; + authmgrLogicalPortInfo_t *lPortInfo; + char8 ifName[ NIM_IF_ALIAS_SIZE + 1]; + + if (nimGetIntfName (intIfNum, ALIASNAME, ifName) != SUCCESS) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to get alias for intf %d", intIfNum); + return FAILURE; + } + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, intIfNum, + "%s, %d, PAC not enabled on interface %s \n", + __func__, __LINE__, ifName); + return SUCCESS; + } + + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, intIfNum, + "%s, %d, PAC not configurable on interface %s \n", + __func__, __LINE__, ifName); + return SUCCESS; + } + + if ( TRUE != authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, intIfNum, + "%s, %d, PAC not operational on interface %s \n", + __func__, __LINE__, ifName); + return SUCCESS; + } + + if ( TRUE!= authmgrCB->globalInfo->authmgrPortInfo[intIfNum].unLearnMacPolicy) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, intIfNum, + "%s, %d, PAC unlearnt policy not enabled on interface %s \n", + __func__, __LINE__, ifName); + return SUCCESS; + } + + if (0 == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethodCount) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, intIfNum, + "%s, %d, PAC enabled method count is Zero on interface %s \n", + __func__, __LINE__, ifName); + return SUCCESS; + } + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, intIfNum, + "\n%s:%d: Check Source Mac: %s Interface: %s Vlan: %d \n", + __FUNCTION__, __LINE__, AUTHMGR_PRINT_MAC_ADDR(macAddr.addr), + ifName, vlanId); + + /* search the Mac address in the list of clients on the port */ + if (authmgrCheckMapPdu (intIfNum, macAddr.addr, &lIntIfNum, &exists) != + SUCCESS) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, intIfNum, + "Failed to Process the unauth Addr Callback \n"); + return SUCCESS; + } + + if (exists == FALSE) + { + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].numUsers > + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].maxUsers) + { + return FAILURE; + } + + logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum); + if (logicalPortInfo == NULLPTR) + { + /*Coverity 88470 fix: Should not come here as logical port would have been + created and assigned in authmgrCheckMapPdu function */ + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, intIfNum, + "Failed to create logiucal port %d \n", lIntIfNum); + return SUCCESS; + } + + logicalPortInfo->client.vlanId = vlanId; + logicalPortInfo->client.vlanType = AUTHMGR_VLAN_DEFAULT; + logicalPortInfo->client.blockVlanId = vlanId; + + if (!logicalPortInfo->protocol.authenticate) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, intIfNum, + "%s, %d, triggering event authmgrAuthenticationStart for logicalInterface %d \n", + __func__, __LINE__, lIntIfNum); + authmgrIssueCmd (authmgrAuthenticationStart, lIntIfNum, NULLPTR); + } + } + + lPortInfo = authmgrLogicalPortInfoGet (lIntIfNum); + AUTHMGR_IF_NULLPTR_RETURN_LOG(lPortInfo); + + /* nothing to do if the client is already authenticated */ + if ( AUTHMGR_PORT_STATUS_AUTHORIZED == + lPortInfo->client.logicalPortStatus) + { + /* client already authenticated. */ + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, intIfNum, + "%s, %d, client with logicalInterface %d to is already authenticated.\n", + __func__, __LINE__, lIntIfNum); + return SUCCESS; + } + /* Block further traffic from this client. */ + if ( FALSE == lPortInfo->client.dataBlocked) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, intIfNum, + "%s, %d, disabling the settings for logicalInterface %d to receive further packets to CPU\n", + __func__, __LINE__, lIntIfNum); + + if (pacCfgIntfClientBlock(ifName, macAddr.addr, vlanId) != TRUE) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to block port %s", ifName); + return FAILURE; + } + + lPortInfo->client.dataBlocked = TRUE; + lPortInfo->client.blockVlanId = vlanId; + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose Disconnect the client interface on expiry of client timer +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrCtlLogicalPortClientTimeout (uint32 lIntIfNum) +{ + RC_t rc = FAILURE; + authmgrLogicalPortInfo_t *logicalPortInfo; + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum); + + if ((logicalPortInfo != NULLPTR) + && (logicalPortInfo->key.keyNum != 0)) + { + if (logicalPortInfo->protocol.authState == AUTHMGR_AUTHENTICATED) + { + rc = authmgrClientInfoCleanup (logicalPortInfo); + } + } + + return rc; +} + +/********************************************************************* +* @purpose Disconnect the client +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrCtlClientCleanup (uint32 lIntIfNum) +{ + RC_t rc = FAILURE; + authmgrLogicalPortInfo_t *logicalPortInfo; + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + + logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum); + + if ((logicalPortInfo != NULLPTR) + && (logicalPortInfo->key.keyNum != 0)) + { + rc = authmgrClientInfoCleanup (logicalPortInfo); + } + + return rc; +} + + +/********************************************************************* +* @purpose Used to get method no response timeout +* +* @param val @b{(input)) periodic timeout in seconds +* +* @returns SUCCESS +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrCtlPortMethodNoRespPeriodGet (uint32 intIfNum, + uint32 * val) +{ + if ( NULLPTR == val) + { + return FAILURE; + } + + *val = FD_AUTHMGR_PORT_METHOD_NO_RESP_PERIOD; + + return SUCCESS; +} + +/********************************************************************* +* @purpose control mode function to set the port control mode to auto +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrPortControlAutoActionSet (uint32 intIfNum) +{ + RC_t rc = SUCCESS; + authmgrPortCfg_t *pCfg; + authmgrHostModeMap_t entry; + uint32 i = 0; + AUTHMGR_HOST_CONTROL_t hostMode = AUTHMGR_INVALID_HOST_MODE; + + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE) + { + return SUCCESS; + } + + /* check the configured host mode + and set the port accordingly */ + + memset (&entry, 0, sizeof (authmgrHostModeMap_t)); + + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode = AUTHMGR_PORT_AUTO; + if ( SUCCESS != authmgrHostModeMapInfoGet (pCfg->hostMode, &entry)) + { + /* failed to get the handler for the host mode */ + return FAILURE; + } + + + rc = entry.hostModeFn (intIfNum); + + for (i = 0; i < AUTHMGR_METHOD_MAX; i++) + { + if ( NULLPTR != authmgrCB->globalInfo->authmgrCallbacks[i].hostCtrlFn) + { + authmgrCB->globalInfo->authmgrCallbacks[i].hostCtrlFn (intIfNum, + hostMode); + } + } + return rc; +} + +/********************************************************************* +* @purpose control mode function to set the port host mode +* +* @param intIfNum @b{(input)) internal interface number +* @param hostMode @b{(input)) host mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrPortCtrlHostModeSet (uint32 intIfNum, + AUTHMGR_HOST_CONTROL_t hostMode) +{ + RC_t rc = SUCCESS; + authmgrPortCfg_t *pCfg; + authmgrHostModeMap_t entry; + uint32 i = 0; + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE) + { + return SUCCESS; + } + + if ( AUTHMGR_PORT_AUTO != + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode) + { + return FAILURE; + } + + if (hostMode == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode) + { + if (hostMode == AUTHMGR_MULTI_AUTH_MODE) + { + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].maxUsers = pCfg->maxUsers; + } + return SUCCESS; + } + + authmgrHostModeHwPolicyApply ( AUTHMGR_INVALID_HOST_MODE, intIfNum, + FALSE); + authmgrPortInfoCleanup (intIfNum); + authmgrPortInfoInitialize (intIfNum, TRUE); + authmgrMethodOrderChangeProcess (intIfNum); + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode = + AUTHMGR_PORT_AUTO; + + /* check the configured host mode + and set the port accordingly */ + memset (&entry, 0, sizeof (authmgrHostModeMap_t)); + if ( SUCCESS != authmgrHostModeMapInfoGet (hostMode, &entry)) + { + /* failed to get the handler for the host mode */ + return FAILURE; + } + + rc = entry.hostModeFn (intIfNum); + + for (i = 0; i < AUTHMGR_METHOD_MAX; i++) + { + if ( NULLPTR != authmgrCB->globalInfo->authmgrCallbacks[i].hostCtrlFn) + { + authmgrCB->globalInfo->authmgrCallbacks[i].hostCtrlFn (intIfNum, + hostMode); + } + } + + return rc; +} + +/********************************************************************* +* @purpose control function to set the host mode to multi host +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrControlMultiHostActionSet (uint32 intIfNum) +{ + RC_t rc = SUCCESS; + authmgrPortCfg_t *pCfg; + + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE) + { + return SUCCESS; + } + + /* Set the operating host mode */ + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode = + AUTHMGR_MULTI_HOST_MODE; + + rc = authmgrIhPhysicalPortStatusSet(intIfNum, AUTHMGR_PORT_STATUS_UNAUTHORIZED); + + if ( SUCCESS != rc) + { + LOGF ( LOG_SEVERITY_WARNING, + "Could not set status of Interface %u", intIfNum); + } + + return rc; +} + +/********************************************************************* +* @purpose control function to set the host mode to single host mode +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrControlSingleAuthActionSet (uint32 intIfNum) +{ + RC_t rc = SUCCESS; + authmgrPortCfg_t *pCfg; + + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE) + { + return SUCCESS; + } + + /* Set the operating host mode */ + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode = + AUTHMGR_SINGLE_AUTH_MODE; + + rc = authmgrIhPhysicalPortStatusSet(intIfNum, AUTHMGR_PORT_STATUS_UNAUTHORIZED); + + if ( SUCCESS != rc) + { + LOGF ( LOG_SEVERITY_WARNING, + "Could not set status of Interface %u", intIfNum); + } + return rc; +} + +/********************************************************************* +* @purpose control function to set the host mode to multi auth +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrControlMultAuthActionSet (uint32 intIfNum) +{ + RC_t rc = SUCCESS; + authmgrPortCfg_t *pCfg; + + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE) + { + return SUCCESS; + } + + /* Set the operating host mode */ + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode = + AUTHMGR_MULTI_AUTH_MODE; + + rc = authmgrIhPhysicalPortStatusSet(intIfNum, AUTHMGR_PORT_STATUS_UNAUTHORIZED); + + if ( SUCCESS != rc) + { + LOGF ( LOG_SEVERITY_WARNING, + "Could not set status of Interface %u", intIfNum); + } + + return rc; +} + +/********************************************************************* +* @purpose control function to set the to force authorized +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrPortControlForceAuthActionSet (uint32 intIfNum) +{ + RC_t rc = SUCCESS; + authmgrPortCfg_t *pCfg; + authmgrLogicalPortInfo_t *logicalPortInfo; + + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE) + { + return SUCCESS; + } + + /* Set the operating host mode */ + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode = + AUTHMGR_INVALID_HOST_MODE; + + if ( NULLPTR == (logicalPortInfo = authmgrLogicalPortInfoAlloc (intIfNum))) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, 0, + "%s:Logical port alloc failure\n", __FUNCTION__); + return FAILURE; + } + + /* Call the api to set the port to authorized */ + authmgrClientStatusSet (logicalPortInfo, AUTHMGR_PORT_STATUS_AUTHORIZED); + + /* call the api to send EAP success */ + authmgrTxCannedSuccess (logicalPortInfo->key.keyNum, AUTHMGR_LOGICAL_PORT); + return rc; +} + +/********************************************************************* +* @purpose control function to set the to force un-authorized +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrPortControlForceUnAuthActionSet (uint32 intIfNum) +{ + RC_t rc = SUCCESS; + authmgrPortCfg_t *pCfg; + authmgrLogicalPortInfo_t *logicalPortInfo; + + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE) + { + return SUCCESS; + } + + /* Set the operating host mode */ + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode = + AUTHMGR_INVALID_HOST_MODE; + + if ( NULLPTR == (logicalPortInfo = authmgrLogicalPortInfoAlloc (intIfNum))) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, 0, + "%s:Logical port alloc failure\n", __FUNCTION__); + return FAILURE; + } + + /* Call the api to set the port to unauthorized */ + authmgrClientStatusSet (logicalPortInfo, AUTHMGR_PORT_STATUS_UNAUTHORIZED); + + /* call the api to send EAP failure */ + authmgrTxCannedFail (logicalPortInfo->key.keyNum, AUTHMGR_LOGICAL_PORT); + + return rc; +} + +/********************************************************************* +* @purpose function to clean up authmgr port oper info +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrPortInfoCleanup (uint32 intIfNum) +{ + RC_t rc = SUCCESS; + uint32 lIntIfNum; + authmgrPortCfg_t *pCfg; + authmgrLogicalPortInfo_t *logicalPortInfo; +/* BOOL valid = FALSE; */ + + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE) + { + return SUCCESS; + } + + /* reset all the clients associated with the port */ + lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE; + while ( NULLPTR != + (logicalPortInfo = + authmgrLogicalPortInfoGetNextNode (intIfNum, &lIntIfNum))) + { + if (0 != logicalPortInfo->key.keyNum) + { + authmgrClientInfoCleanup (logicalPortInfo); + } + } + return rc; +} + +/********************************************************************* +* @purpose function to check policy validation based on host mode +* +* @param hostMode @b{(input)) hostmode +* @param intIfNum @b{(input)) interface number +* @param *appyPolicy @b{(input)) bool value +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrHostModeHwPolicyApply ( AUTHMGR_HOST_CONTROL_t hostMode, + uint32 intIfNum, BOOL install) +{ + RC_t rc = SUCCESS; + BOOL valid = FALSE; + + switch (hostMode) + { + case AUTHMGR_INVALID_HOST_MODE: + valid = FALSE; + break; + + case AUTHMGR_MULTI_HOST_MODE: + case AUTHMGR_SINGLE_AUTH_MODE: + case AUTHMGR_MULTI_AUTH_MODE: + valid = TRUE; + break; + + default: + rc = FAILURE; + } + + if ( SUCCESS == rc) + { + if (( TRUE == install) && ( TRUE == valid)) + { + /* apply the policy */ + authmgrIhPhyPortViolationCallbackSet (intIfNum, + AUTHMGR_PORT_VIOLATION_CALLBACK_ENABLE); + } + else + { + /* remove policy */ + authmgrIhPhyPortViolationCallbackSet (intIfNum, + AUTHMGR_PORT_VIOLATION_CALLBACK_DISABLE); + } + } + + return rc; +} + +/********************************************************************* +* @purpose function to get the auth restart timer value +* +* @param intIfNum internal interface number +* @param val timeout value +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrQuietPeriodGet (uint32 intIfNum, uint32 * val) +{ + if ( NULLPTR == val) + { + return FAILURE; + } + + *val = authmgrCB->globalInfo->authmgrPortInfo[intIfNum].quietPeriod; + + return SUCCESS; +} + +/********************************************************************* +* @purpose function to get the reauth period on interface +* +* @param intIfNum interface number +* @param val value of the reauth period +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrReAuthPeriodGet (uint32 intIfNum, uint32 * val) +{ + if ( NULLPTR == val) + { + return FAILURE; + } + + *val = authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthPeriod; + + return SUCCESS; +} + +/********************************************************************* +* @purpose Processes Authmgr-related event initiated by Dot1Q +* +* @param (in) vlanId Virtual LAN Id +* @param (in) intIfNum Interface Number +* @param (in) event +* +* @returns SUCCESS or FAILURE +* +* @end +*********************************************************************/ +RC_t authmgrVlanChangeCallback (dot1qNotifyData_t *vlanData, + uint32 intIfNum, uint32 event) +{ + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, 0, + "Received Vlan event %d for interface %s, vlan %d\n", + event, authmgrIntfIfNameGet(intIfNum), vlanData->data.vlanId); + + /* Vlan Change callbacks can be called during unconfig phase when dot1q is + trying + to restore the vlan config. */ + + INTF_TYPES_t intfType; + + if (!((AUTHMGR_IS_READY) || authmgrCnfgrState == AUTHMGR_PHASE_UNCONFIG_2)) + { + LOGF ( LOG_SEVERITY_INFO, + "Received an VLAN change callback while DOT1Q is not ready to receive it during unconfig state."); + return FAILURE; + } + + /* before performing any operations with interfaces, + check if NIM is ready to handle requests */ + if ((nimPhaseStatusCheck () == TRUE) + && (nimGetIntfType (intIfNum, &intfType) == SUCCESS)) + { + if (authmgrIsValidIntfType (intfType) != TRUE) + { + /* if AUTHMGR is not interested in this interface, + * inform event issuer that we have completed processing. + */ + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "Interface %s is not AUTHMGR configurable\n", + authmgrIntfIfNameGet(intIfNum)); + return SUCCESS; + } + } + + if ((intIfNum != 0) + && (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled != + TRUE) && (event != VLAN_DELETE_PORT_NOTIFY)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "Interface %s is not enabled \n", + authmgrIntfIfNameGet(intIfNum)); + return SUCCESS; + } + + switch (event) + { + case VLAN_DELETE_PENDING_NOTIFY: + authmgrIssueCmd (authmgrVlanDeleteEvent, intIfNum, vlanData); + break; + + case VLAN_ADD_NOTIFY: + if ( NOT_EXIST == authmgrVlanCheckValid(vlanData->data.vlanId)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, 0, + "Adding vlan %d\n", vlanData->data.vlanId); + authmgrIssueCmd (authmgrVlanAddEvent, intIfNum, vlanData); + } + break; + + case VLAN_ADD_PORT_NOTIFY: + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode == + AUTHMGR_PORT_AUTO) + { + authmgrIssueCmd (authmgrVlanAddPortEvent, intIfNum, vlanData); + } + break; + + case VLAN_DELETE_PORT_NOTIFY: + authmgrIssueCmd (authmgrVlanDeletePortEvent, intIfNum, vlanData); + break; + + case VLAN_PVID_CHANGE_NOTIFY: + authmgrIssueCmd (authmgrVlanPvidChangeEvent, intIfNum, vlanData); + + default: + break; + } + return SUCCESS; +} + +/********************************************************************* +* @purpose function to get hostmode map entry function entry +* +* @param type host control mode +* @param elem associated entry for the host mode +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrHostModeMapInfoGet ( AUTHMGR_HOST_CONTROL_t type, + authmgrHostModeMap_t * elem) +{ + uint32 i = 0; + static authmgrHostModeMap_t authmgrHostModeHandlerTable[] = { + { AUTHMGR_SINGLE_AUTH_MODE, authmgrControlSingleAuthActionSet}, + { AUTHMGR_MULTI_HOST_MODE, authmgrControlMultiHostActionSet}, + { AUTHMGR_MULTI_AUTH_MODE, authmgrControlMultAuthActionSet}, + }; + + for (i = 0; + i < + (sizeof (authmgrHostModeHandlerTable) / sizeof (authmgrHostModeMap_t)); + i++) + { + if (type == authmgrHostModeHandlerTable[i].hostMode) + { + *elem = authmgrHostModeHandlerTable[i]; + return SUCCESS; + } + } + return FAILURE; +} + +/********************************************************************* +* @purpose function to check whether attributes are changed, +* if changed, clean up the hardware info and readd the new info. +* +* @param logicalPortInfo @b{(inout)} Pointer to the Logical Port Info +* @param processInfo @b{(inout)} Pointer to the process Info +* +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrClientHwInfoCleanupAndReadd(authmgrLogicalPortInfo_t *logicalPortInfo, + authmgrClientInfo_t *processInfo) +{ + uint32 physPort = 0; + + AUTHMGR_PORT_GET (physPort, logicalPortInfo->key.keyNum); + + + /* check if the client params have been changed */ + + if ( SUCCESS != authmgrClientInfoCleanupCheck + (&logicalPortInfo->client, &authmgrCB->processInfo)) + { + if ( AUTHMGR_PORT_STATUS_AUTHORIZED == + logicalPortInfo->client.logicalPortStatus) + { + /* clean up previous data */ + if ( SUCCESS != authmgrClientHwInfoCleanup (logicalPortInfo)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort, + "%s:Unable to cleanup client hw info logicalPort num-%d\n", + __FUNCTION__, logicalPortInfo->key.keyNum); + return FAILURE; + } + } + + /* push the client info to hw */ + if ( SUCCESS != authmgrClientHwInfoAdd (logicalPortInfo, + logicalPortInfo->client.suppMacAddr, + authmgrCB->processInfo.vlanId, + logicalPortInfo->client.blockVlanId)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort, + "%s:Unable to add client hw info logicalPort num-%d\n", + __FUNCTION__, logicalPortInfo->key.keyNum); + return FAILURE; + } + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose function to handle update of new client +* +* @param lIntIfNum client logical interface number +* @param callbackParams authentication callback params +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrNewClientAction (uint32 lIntIfNum, + authmgrAuthRespParams_t * callbackParams) +{ + authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR; + uint32 physPort = 0; + + logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum); + /* Coverity Fix to handle the possible NULLL ptr from the + authmgrLogicalPortInfoGet */ + if (logicalPortInfo == NULLPTR) + { + /* Coverity defect fix. should never come here as authmgrCheckMapPdu would + have assigned a new node if a new client is detected + or returned existing logical interface number */ + return FAILURE; + } + + AUTHMGR_PORT_GET (physPort, lIntIfNum); + + if (AUTHMGR_UNAUTHENTICATED == logicalPortInfo->protocol.authState) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort, + "%s, %d, triggering event authmgrAuthenticationStart for logicalInterface %d \n", + __func__, __LINE__, lIntIfNum); + + authmgrIssueCmd (authmgrAuthenticationStart, lIntIfNum, NULLPTR); + authmgrStatsUpdate (physPort, callbackParams->method, authmgrStatsAuthEnter); + } + else + { + /* check if the client received is already authenticated */ + + if ( AUTHMGR_PORT_STATUS_AUTHORIZED == + logicalPortInfo->client.logicalPortStatus) + { + if (logicalPortInfo->client.authenticatedMethod != + callbackParams->method) + { + /* check if the received method is of higher priority than the existing one */ + + if (( AUTHMGR_METHOD_NONE != logicalPortInfo->client.authenticatedMethod) && + ( SUCCESS == authmgrPriorityPrecedenceValidate(physPort, + logicalPortInfo->client.authenticatedMethod, + callbackParams->method))) + { + + if (AUTHMGR_AUTHENTICATED == logicalPortInfo->protocol.authState) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort, + "%s, %d, Trigger from method %s received. " + "Client already authenticated with method %s for logicalInterface %d \n" + "Try to authenticate again as higher priority method is received\n", + __func__, __LINE__, authmgrMethodStringGet(callbackParams->method), + authmgrMethodStringGet(logicalPortInfo->client.authenticatedMethod),lIntIfNum); + logicalPortInfo->protocol.authenticatedRcvdStartAuth = TRUE; + logicalPortInfo->client.currentMethod = callbackParams->method; + authmgrGenerateEvents (lIntIfNum); + return SUCCESS; + } + else + { + /* ignore the trigger */ + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort, + "%s, %d, Trigger from method %s received. " + "Client already authenticated with method %s for logicalInterface %d \n" + "ignoring trigger as the client auth state is in %s\n", + __func__, __LINE__, authmgrMethodStringGet(callbackParams->method), + authmgrMethodStringGet(logicalPortInfo->client.authenticatedMethod),lIntIfNum, + authmgrAuthStateStringGet(logicalPortInfo->protocol.authState)); + return SUCCESS; + } + } + else if ( AUTHMGR_METHOD_NONE == logicalPortInfo->client.authenticatedMethod) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort, + "%s, %d, Trigger from method %s received. " + "Client already authenticated with method %s for logicalInterface %d \n" + "Initiate authentication\n", + __func__, __LINE__, authmgrMethodStringGet(callbackParams->method), + authmgrMethodStringGet(logicalPortInfo->client.authenticatedMethod),lIntIfNum); + + /* mimic authentication restart, if client state is not authenticating. + Using existing event to generate the same */ + if(AUTHMGR_AUTHENTICATING != logicalPortInfo->protocol.authState) + { + logicalPortInfo->protocol.authenticatedRcvdStartAuth = TRUE; + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort, + "Current auth method is none. Marking the current method with first method %s " + "for logicalInterface %d for new authentication on interface %s \n", + authmgrMethodStringGet(authmgrCB->globalInfo->authmgrPortInfo[physPort].enabledMethods[0]), + logicalPortInfo->key.keyNum, authmgrIntfIfNameGet(physPort)); + + /* Restart with the first enabled method */ + logicalPortInfo->client.currentMethod = authmgrCB->globalInfo->authmgrPortInfo[physPort].enabledMethods[0]; + authmgrGenerateEvents (lIntIfNum); + } + } + } + else + { + if ( AUTHMGR_METHOD_8021X == callbackParams->method) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort, + "%s, %d, Trigger from method %s received. " + "Client already authenticated with method %s for logicalInterface %d \n" + "since client is authenticated and received start generating further events\n", + __func__, __LINE__, authmgrMethodStringGet(callbackParams->method), + authmgrMethodStringGet(logicalPortInfo->client.authenticatedMethod),lIntIfNum); + + if(AUTHMGR_AUTHENTICATING != logicalPortInfo->protocol.authState) + { + logicalPortInfo->protocol.authenticatedRcvdStartAuth = TRUE; + authmgrGenerateEvents (lIntIfNum); + } + } + else + { + + /* just ignore */ + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort, + "%s, %d, Trigger from method %s received. " + "Client already authenticated with method %s for logicalInterface %d \n" + "Ignoring the request as the client already authenticated\n", + __func__, __LINE__, authmgrMethodStringGet(callbackParams->method), + authmgrMethodStringGet(logicalPortInfo->client.authenticatedMethod),lIntIfNum); + } + } + } + else + { + + if ((AUTHMGR_AUTHENTICATING == logicalPortInfo->protocol.authState) && + ( AUTHMGR_METHOD_8021X == callbackParams->method)&& + (logicalPortInfo->client.currentMethod == callbackParams->method)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort, + "%s, %d, Triggering authetication for method %s. " + "for logicalInterface %d , current auth state of client is %s\n", + __func__, __LINE__, authmgrMethodStringGet(callbackParams->method), lIntIfNum, + authmgrAuthStateStringGet(logicalPortInfo->protocol.authState)); + + authmgrAuthenticationTrigger(logicalPortInfo); + } + else + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort, + "%s, %d, Cannot trigger event authmgrAuthenticationStart " + "for logicalInterface %d authState %d\n", + __func__, __LINE__, lIntIfNum, logicalPortInfo->protocol.authState); + + if (AUTHMGR_AUTHENTICATING != logicalPortInfo->protocol.authState) + { + LOGF ( LOG_SEVERITY_INFO, + "Client not ready for authentication."); + } + } + } + } + + + return SUCCESS; +} + +/********************************************************************* +* @purpose function to handle RADIUS comm failure response from client +* +* @param lIntIfNum client logical interface number +* @param callbackParams authentication callback params +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrStatusServerCommFailAction (uint32 lIntIfNum, + authmgrAuthRespParams_t * callbackParams) +{ + authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR; + uint32 physPort = 0; + authmgrStatsUpdate_t status = authmgrStatsAuthFail; + + AUTHMGR_IF_NULLPTR_RETURN_LOG (callbackParams); + + logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum); + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + + AUTHMGR_PORT_GET (physPort, lIntIfNum); + + /* update statistics */ + status = authmgrStatsAuthFail; + authmgrStatsUpdate (physPort, callbackParams->method, status); + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort, + "%s:RADIUS server comm failure for logicalPort num-%d\n", + __FUNCTION__, logicalPortInfo->key.keyNum); + + if (0 != + strlen (callbackParams->clientParams.info.authInfo.authmgrUserName)) + { + memcpy (logicalPortInfo->client.authmgrUserName, + callbackParams->clientParams.info.authInfo.authmgrUserName, + AUTHMGR_USER_NAME_LEN); + logicalPortInfo->client.authmgrUserNameLength = + callbackParams->clientParams.info.authInfo.authmgrUserNameLength; + } + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort, + "%s:logicalPort num %d currentIdL %d\n", + __FUNCTION__, logicalPortInfo->key.keyNum, + callbackParams->clientParams.info.authInfo.attrInfo.idFromServer); + + logicalPortInfo->client.currentIdL = callbackParams->clientParams.info.authInfo.attrInfo.idFromServer; + + authmgrClientInfoCleanup (logicalPortInfo); + return SUCCESS; +} + +/********************************************************************* +* @purpose function to handle failure or timeout response from client +* +* @param lIntIfNum client logical interface number +* @param callbackParams authentication callback params +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrStatusNotSuccessAction (uint32 lIntIfNum, + authmgrAuthRespParams_t * callbackParams) +{ + authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR; + uint32 physPort = 0; + authmgrStatsUpdate_t status = authmgrStatsAuthFail; /* Need to check - TBD */ + authmgrClientType_t clientType = AUTHMGR_CLIENT_UNAWARE; + + AUTHMGR_IF_NULLPTR_RETURN_LOG (callbackParams); + /* update statistics */ + + logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum); + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + + AUTHMGR_PORT_GET (physPort, lIntIfNum); + + authmgrTimerDestroy (authmgrCB->globalInfo->authmgrTimerCB, + logicalPortInfo, AUTHMGR_METHOD_NO_RESP_TMR); + + authmgrCB->oldInfo = logicalPortInfo->client; + + if (0 != + strlen (callbackParams->clientParams.info.authInfo.authmgrUserName)) + { + memcpy (logicalPortInfo->client.authmgrUserName, + callbackParams->clientParams.info.authInfo.authmgrUserName, + AUTHMGR_USER_NAME_LEN); + logicalPortInfo->client.authmgrUserNameLength = + callbackParams->clientParams.info.authInfo.authmgrUserNameLength; + } + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort, + "%s:logicalPort num %d currentIdL %d\n", + __FUNCTION__, logicalPortInfo->key.keyNum, + callbackParams->clientParams.info.authInfo.attrInfo.idFromServer); + + logicalPortInfo->client.currentIdL = callbackParams->clientParams.info.authInfo.attrInfo.idFromServer; + + if (callbackParams->status == AUTHMGR_AUTH_FAIL) + { + logicalPortInfo->protocol.authFail = TRUE; + logicalPortInfo->client.reAuthCount++; + status = authmgrStatsAuthFail; + clientType = + (callbackParams->method == + AUTHMGR_METHOD_8021X ? AUTHMGR_CLIENT_AWARE : AUTHMGR_CLIENT_UNAWARE); + } + else if (callbackParams->status == AUTHMGR_AUTH_TIMEOUT) + { + logicalPortInfo->protocol.authTimeout = TRUE; + status = authmgrStatsAuthTimeout; + } + + if ((AUTHMGR_CLIENT_AWARE != logicalPortInfo->client.clientType) || + (AUTHMGR_CLIENT_UNASSIGNED == logicalPortInfo->client.clientType)) + { + logicalPortInfo->client.clientType = clientType; + } + + authmgrStatsUpdate (physPort, callbackParams->method, status); + + logicalPortInfo->protocol.authSuccess = FALSE; + + return authmgrGenerateEvents (lIntIfNum); +} + +/********************************************************************* +* @purpose function to handle auth disconnect of the client +* +* @param lIntIfNum client logical interface number +* @param callbackParams authentication callback params +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrStatusDisconnectAction (uint32 lIntIfNum, + authmgrAuthRespParams_t * callbackParams) +{ + authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR; + uint32 physPort = 0; + + AUTHMGR_IF_NULLPTR_RETURN_LOG (callbackParams); + /* update statistics */ + + logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum); + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + + AUTHMGR_PORT_GET (physPort, lIntIfNum); + + logicalPortInfo->client.currentIdL = callbackParams->clientParams.info.authInfo.attrInfo.idFromServer; + + /* check if the client is already authenticated using the same method. + If yes, remove the client details */ + if (( AUTHMGR_PORT_STATUS_AUTHORIZED == + logicalPortInfo->client.logicalPortStatus) + && (logicalPortInfo->client.authenticatedMethod == + logicalPortInfo->client.currentMethod)) + { + authmgrClientInfoCleanup (logicalPortInfo); + } + return SUCCESS; +} + +/********************************************************************* +* @purpose function to handle auth success of the client +* +* @param lIntIfNum client logical interface number +* @param callbackParams authentication callback params +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrStatusSuccessAction (uint32 lIntIfNum, + authmgrAuthRespParams_t * callbackParams) +{ + authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR; + uint32 physPort = 0; + authmgrClientType_t clientType = 0; + + logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum); + + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + AUTHMGR_IF_NULLPTR_RETURN_LOG (callbackParams); + + AUTHMGR_PORT_GET (physPort, logicalPortInfo->key.keyNum); + + authmgrTimerDestroy (authmgrCB->globalInfo->authmgrTimerCB, + logicalPortInfo, AUTHMGR_METHOD_NO_RESP_TMR); + + /* Received auth success. + Parse the received attributes and program + accordingly */ + + memset(&authmgrCB->processInfo, 0, sizeof(authmgrClientInfo_t)); + memset(&authmgrCB->oldInfo, 0, sizeof(authmgrClientInfo_t)); + memset(&authmgrCB->attrInfo, 0, sizeof(authmgrAuthAttributeInfo_t)); + + authmgrCB->oldInfo = logicalPortInfo->client; + memcpy(&authmgrCB->attrInfo, + &callbackParams->clientParams.info.authInfo.attrInfo, + sizeof(authmgrAuthAttributeInfo_t)); + + if (0 != strlen (callbackParams->clientParams.info.authInfo.authmgrUserName)) + { + memcpy (logicalPortInfo->client.authmgrUserName, + callbackParams->clientParams.info.authInfo.authmgrUserName, + AUTHMGR_USER_NAME_LEN); + logicalPortInfo->client.authmgrUserNameLength = + callbackParams->clientParams.info.authInfo.authmgrUserNameLength; + } + + if ( SUCCESS != authmgrRadiusAcceptPostProcess (logicalPortInfo, &authmgrCB->processInfo, AUTHMGR_ATTR_RADIUS)) + { + /* update failure stats and move further */ + authmgrStatsUpdate (physPort, callbackParams->method, authmgrStatsAuthFail); + + if ( AUTHMGR_METHOD_NONE != callbackParams->method) + { + /* clean up the info at the caller */ + if ( NULLPTR != authmgrCB->globalInfo->authmgrCallbacks[callbackParams->method].eventNotifyFn) + { + authmgrCB->globalInfo->authmgrCallbacks[callbackParams->method].eventNotifyFn + (physPort, authmgrClientDisconnect, &logicalPortInfo->client.suppMacAddr); + } + } + + logicalPortInfo->protocol.authSuccess = FALSE; + logicalPortInfo->protocol.authFail = TRUE; + + return authmgrGenerateEvents (logicalPortInfo->key.keyNum); + } + /* Update Session timeout and terminate action */ + authmgrCB->processInfo.sessionTimeout = authmgrCB->attrInfo.sessionTimeout; + authmgrCB->processInfo.terminationAction = RADIUS_TERMINATION_ACTION_DEFAULT; + if ((RADIUS_TERMINATION_ACTION_DEFAULT == authmgrCB->attrInfo.terminationAction) || + (RADIUS_TERMINATION_ACTION_RADIUS == authmgrCB->attrInfo.terminationAction)) + { + authmgrCB->processInfo.terminationAction = authmgrCB->attrInfo.terminationAction ; + } + + memcpy(&(logicalPortInfo->client.serverClass), + &(authmgrCB->attrInfo.serverClass), authmgrCB->attrInfo.serverClassLen); + logicalPortInfo->client.serverClassLen = authmgrCB->attrInfo.serverClassLen; + + if ( SUCCESS != authmgrClientHwInfoCleanupAndReadd(logicalPortInfo, + &authmgrCB->processInfo)) + { + if ( AUTHMGR_METHOD_NONE != callbackParams->method) + { + /* clean up the info at the caller */ + if ( NULLPTR != authmgrCB->globalInfo->authmgrCallbacks[callbackParams->method].eventNotifyFn) + { + authmgrCB->globalInfo->authmgrCallbacks[callbackParams->method].eventNotifyFn + (physPort, authmgrClientDisconnect, &logicalPortInfo->client.suppMacAddr); + } + } + + logicalPortInfo->protocol.authSuccess = FALSE; + logicalPortInfo->protocol.authFail = TRUE; + return authmgrGenerateEvents (lIntIfNum); + } + + logicalPortInfo->protocol.authSuccess = TRUE; + logicalPortInfo->protocol.authFail = FALSE; + + clientType = + (callbackParams->method == + AUTHMGR_METHOD_8021X ? AUTHMGR_CLIENT_AWARE : AUTHMGR_CLIENT_UNAWARE); + logicalPortInfo->client.clientType = clientType; + + if ( AUTH_METHOD_RADIUS == + callbackParams->clientParams.info.authInfo.authMethod) + { + logicalPortInfo->client.vlanType = AUTHMGR_VLAN_RADIUS; + } + else + { + logicalPortInfo->client.vlanType = AUTHMGR_VLAN_DEFAULT; + } + + logicalPortInfo->client.authenticatedMethod = callbackParams->method; + logicalPortInfo->client.authMethod = + callbackParams->clientParams.info.authInfo.authMethod; + + logicalPortInfo->client.vlanId = authmgrCB->processInfo.vlanId; + + logicalPortInfo->client.sessionTimeout = + authmgrCB->processInfo.sessionTimeout; + logicalPortInfo->client.terminationAction = + authmgrCB->processInfo.terminationAction; + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort, + "%s:logicalPort num %d currentIdL %d\n", + __FUNCTION__, logicalPortInfo->key.keyNum, + authmgrCB->attrInfo.idFromServer); + + logicalPortInfo->client.currentIdL = authmgrCB->attrInfo.idFromServer; + + /* update statistics */ + authmgrStatsUpdate (physPort, callbackParams->method, + authmgrStatsAuthSuccess); + return authmgrGenerateEvents (lIntIfNum); +} + +/********************************************************************* +* @purpose deletes all the authenticated clients using the method +* +* @param intIfNum @b{(input)) internal interface number +* @param method @b{(input)) method for which entris are to be deleted +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrClientsByMethodDelete (uint32 intIfNum, + AUTHMGR_METHOD_t method) +{ + /* This function purges all the clients who are + authenticated using this method */ + uint32 lIndex; + authmgrLogicalPortInfo_t *logicalPortInfo; + + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, intIfNum, + "%s:Deleting clients authenticated with method %d on Physical port-%d \n", + __FUNCTION__, method, intIfNum); + + lIndex = AUTHMGR_LOGICAL_PORT_ITERATE; + while ((logicalPortInfo = + authmgrLogicalPortInfoGetNextNode (intIfNum, &lIndex)) != NULLPTR) + { + if (logicalPortInfo->client.authenticatedMethod == method) + { + /* cleanup the client */ + authmgrClientInfoCleanup (logicalPortInfo); + } + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose interface function to hanlde auth method change event +* +* @param intIfNum internal interface number +* @param callbackParams authentication callback params +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrStatusAuthModifyAction (uint32 intIfNum, + authmgrAuthRespParams_t * callbackParams) +{ + AUTHMGR_METHOD_t orderList[ AUTHMGR_METHOD_LAST]; + AUTHMGR_IF_NULLPTR_RETURN_LOG (callbackParams); + + /* see if the method is disabled */ + + if ( FALSE == callbackParams->clientParams.info.enableStatus) + { + /* method is disabled. If enabled in the order, + delete all the authenticated clients and + remove the method from the order */ + authmgrClientsByMethodDelete (intIfNum, callbackParams->method); + } + + memcpy (orderList, authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority, + sizeof (orderList)); + authmgrMethodModifyAction (intIfNum); + + if (( AUTHMGR_METHOD_MAB == callbackParams->method) && + ( AUTHMGR_PORT_AUTO == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode) && + ( AUTHMGR_MULTI_HOST_MODE == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode) && + (0 == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount)) + { + if ( TRUE != + authmgrListArrayCompare (authmgrCB->globalInfo->authmgrPortInfo[intIfNum]. + enabledMethods, orderList, sizeof(orderList))) + { + authmgrPortLearningModify(intIfNum); + } + } + return SUCCESS; +} + +/********************************************************************* +* @purpose function to handle auth status of all clients +* +* @param callbackParams authentication callback param +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrStatusAuthModifyAllAction (authmgrAuthRespParams_t * + callbackParams) +{ + RC_t nimRc; + uint32 phyIntf; + + AUTHMGR_IF_NULLPTR_RETURN_LOG (callbackParams); + + /* loop through all the interfaces and initiate the changes */ + nimRc = authmgrFirstValidIntfNumber (&phyIntf); + while (nimRc == SUCCESS) + { + /* clean up the hw info */ + authmgrMethodModifyAction (phyIntf); + + if ( DISABLE == callbackParams->clientParams.info.enableStatus) + { + authmgrClientsByMethodDelete (phyIntf, callbackParams->method); + } + + nimRc = authmgrNextValidIntf (phyIntf, &phyIntf); + } + return SUCCESS; +} + +/************************************************************************* +* @purpose function to get function map entry for the given method +* +* @param type @b{(input)} method type +* @param elem @b{(input)} Pointer to map entry +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments none +* +* @end +*************************************************************************/ +RC_t authmgrStatusCalbackMapEntryGet ( AUTHMGR_STATUS_t type, + authmgrStatusMap_t * elem) +{ + uint32 i = 0; + static authmgrStatusMap_t authmgrStatusMap[] = { + { AUTHMGR_NEW_CLIENT, authmgrNewClientAction}, + { AUTHMGR_AUTH_FAIL, authmgrStatusNotSuccessAction}, + { AUTHMGR_AUTH_SUCCESS, authmgrStatusSuccessAction}, + { AUTHMGR_AUTH_TIMEOUT, authmgrStatusNotSuccessAction}, + { AUTHMGR_AUTH_SERVER_COMM_FAILURE, authmgrStatusServerCommFailAction}, + { AUTHMGR_CLIENT_DISCONNECTED, authmgrStatusDisconnectAction}, + { AUTHMGR_METHOD_CHANGE, authmgrStatusAuthModifyAction} + }; + + for (i = 0; i < (sizeof (authmgrStatusMap) / sizeof (authmgrStatusMap_t)); + i++) + { + if (type == authmgrStatusMap[i].type) + { + *elem = authmgrStatusMap[i]; + return SUCCESS; + } + } + + return FAILURE; +} + +/********************************************************************* +* @purpose Control function to handle the events received from methods +* +* @param intIfNum @b{(input)) internal interface number +* @param callbackParams @b{(input)) status from the calling applications like + 802.1X/MAB/CP +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrClientCallbackEventProcess (uint32 intIfNum, + authmgrAuthRespParams_t * + callbackParams) +{ + uint32 lIntIfNum = 0; + BOOL exists = FALSE; + authmgrStatusMap_t entry; + authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR; + uint32 physPort = 0, lPort = 0, type = 0; + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + if ( NULLPTR == callbackParams) + { + return FAILURE; + } + + if ( AUTHMGR_METHOD_CHANGE == callbackParams->status) + { + if ( FALSE == callbackParams->clientParams.info.enableStatus) + { + /* Allow some time for methods to disable. Otherwise Ping-Pong will return "enabled" for + disabled methods. However Ping-Pong should be optimized going forward and then this + delay should be taken out. */ + osapiSleepMSec(100); + } + + if ( ALL_INTERFACES == intIfNum) + { + authmgrStatusAuthModifyAllAction (callbackParams); + } + else + { + authmgrStatusAuthModifyAction (intIfNum, callbackParams); + } + return SUCCESS; + } + + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + if ( DOT1X_PAE_PORT_AUTH_CAPABLE != authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "Interface %d is not PAE capable port. Hence No action \n", intIfNum); + return SUCCESS; + } + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s Received Event - %s and mac address(%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x)for method- %s \n", + __FUNCTION__, + authmgrMethodStatusStringGet (callbackParams->status), + callbackParams->clientParams.info.authInfo.macAddr. + addr[0], + callbackParams->clientParams.info.authInfo.macAddr. + addr[1], + callbackParams->clientParams.info.authInfo.macAddr. + addr[2], + callbackParams->clientParams.info.authInfo.macAddr. + addr[3], + callbackParams->clientParams.info.authInfo.macAddr. + addr[4], + callbackParams->clientParams.info.authInfo.macAddr. + addr[5], authmgrMethodStringGet (callbackParams->method)); + + lIntIfNum = 0; + if (( AUTHMGR_AUTH_FAIL == callbackParams->status) || + ( AUTHMGR_AUTH_TIMEOUT == callbackParams->status) || + ( AUTHMGR_CLIENT_DISCONNECTED == callbackParams->status)) + { + if (( SUCCESS != authmgrMacAddrInfoFind (&callbackParams->clientParams.info.authInfo.macAddr, + &lIntIfNum)) || + (0 == lIntIfNum)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s client is not present. Ignoring the result \n", + __FUNCTION__); + + /* client doesn't exist, ignoring the result + for non existing client */ + return SUCCESS; + } + else + { + if ( NULLPTR != authmgrLogicalPortInfoGet (lIntIfNum)) + { + /* get the key and unpack */ + AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, lIntIfNum); + + if (physPort != intIfNum) + { + /* Event is received for a client on differnt interface. Hence return FAILURE. */ + uchar8 ifNameEvent[ NIM_IF_ALIAS_SIZE + 1]; + uchar8 ifNameClient[ NIM_IF_ALIAS_SIZE + 1]; + + nimGetIntfName (physPort, ALIASNAME, ifNameClient); + nimGetIntfName (intIfNum, ALIASNAME, ifNameEvent); + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "Event %s for the client %s is received on interface %s (intIfNum %d) but this client exists on the interface %s (intIfNum %d). " + "Hence ignoring.", authmgrMethodStatusStringGet (callbackParams->status), + AUTHMGR_PRINT_MAC_ADDR(callbackParams->clientParams.info.authInfo.macAddr.addr), + ifNameEvent, intIfNum, ifNameClient, physPort); + LOGF ( LOG_SEVERITY_NOTICE, + "Update for the client %s is received on interface %s (intIfNum %d) but this client exists on the interface %s (intIfNum %d).", + AUTHMGR_PRINT_MAC_ADDR(callbackParams->clientParams.info.authInfo.macAddr.addr), + ifNameEvent, intIfNum, ifNameClient, physPort); + return FAILURE; + } + else + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "Received client is present on %d port. \n", intIfNum); + } + } + } + } + + lIntIfNum = 0; + + if ( AUTHMGR_CLIENT_DISCONNECTED == callbackParams->status) + { + if ( SUCCESS == authmgrMacAddrInfoFind (&callbackParams->clientParams.info.authInfo.macAddr, + &lIntIfNum)) + { + logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum); + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + + + + /* check if the client received is already authenticated */ + if ( AUTHMGR_PORT_STATUS_AUTHORIZED == + logicalPortInfo->client.logicalPortStatus) + { + { + + if (logicalPortInfo->client.authenticatedMethod != + callbackParams->method) + { + /* check if the received method is of higher priority than the existing one */ + + if (( AUTHMGR_METHOD_NONE != logicalPortInfo->client.authenticatedMethod) && + ( SUCCESS != authmgrPriorityPrecedenceValidate(intIfNum, + logicalPortInfo->client.authenticatedMethod, + callbackParams->method))) + { + /* ignore the message for authentication + priority over rules */ + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, intIfNum, + "%s, %d, Trigger from method %s received. " + "Client already authenticated with method %s for logicalInterface %d \n" + "Ignoring the request as client current auth method has higher priority than received\n", + __func__, __LINE__, authmgrMethodStringGet(callbackParams->method), + authmgrMethodStringGet(logicalPortInfo->client.authenticatedMethod),lIntIfNum); + return SUCCESS; + } + } + } + } + authmgrClientInfoCleanup (logicalPortInfo); + } + else + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, intIfNum, + "%s:Client not found in AuthMgr. Calling Disconnect " + "for client with method %d on Physical port-%d \n", + __FUNCTION__, callbackParams->method, intIfNum); + if ( NULLPTR != + authmgrCB->globalInfo->authmgrCallbacks[callbackParams->method].eventNotifyFn) + { + (void)authmgrCB->globalInfo->authmgrCallbacks[callbackParams->method].eventNotifyFn + (intIfNum, authmgrClientDisconnect, + &callbackParams->clientParams.info.authInfo.macAddr); + } + } + return SUCCESS; + } + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, intIfNum, + "\n%s:%d: Check Source Mac: %s Interface: %s \n", + __FUNCTION__, __LINE__, + AUTHMGR_PRINT_MAC_ADDR(callbackParams->clientParams.info.authInfo.macAddr.addr), + authmgrIntfIfNameGet(intIfNum)); + + /* check for the associated node */ + /* search the Mac address in the list of clients on the port */ + if (authmgrCheckMapPdu + (intIfNum, callbackParams->clientParams.info.authInfo.macAddr.addr, + &lIntIfNum, &exists) != SUCCESS) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, intIfNum, + "Failed to Process the authmgrClientCallbackEvent \n"); + if ( NULLPTR != + authmgrCB->globalInfo->authmgrCallbacks[callbackParams->method].eventNotifyFn) + { + (void)authmgrCB->globalInfo->authmgrCallbacks[callbackParams->method].eventNotifyFn + (intIfNum, authmgrClientDisconnect, + &callbackParams->clientParams.info.authInfo.macAddr); + } + return SUCCESS; + } + + if ( TRUE == exists) + { + logicalPortInfo = authmgrLogicalPortInfoGet(lIntIfNum); + AUTHMGR_IF_NULLPTR_RETURN_LOG(logicalPortInfo); + } + else + { + logicalPortInfo = authmgrLogicalPortInfoGet(lIntIfNum); + AUTHMGR_IF_NULLPTR_RETURN_LOG(logicalPortInfo); + authmgrGenerateEvents (logicalPortInfo->key.keyNum); + } + + if (0 != callbackParams->clientParams.info.authInfo.eapolVersion) + { + logicalPortInfo = NULLPTR; + + logicalPortInfo = authmgrLogicalPortInfoGet(lIntIfNum); + AUTHMGR_IF_NULLPTR_RETURN_LOG(logicalPortInfo); + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s Status %s Received EAPoL version for mac address(%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x)using method- %s EAPoL Version - %d \n", + __FUNCTION__, + authmgrMethodStatusStringGet (callbackParams->status), + callbackParams->clientParams.info.authInfo.macAddr. + addr[0], + callbackParams->clientParams.info.authInfo.macAddr. + addr[1], + callbackParams->clientParams.info.authInfo.macAddr. + addr[2], + callbackParams->clientParams.info.authInfo.macAddr. + addr[3], + callbackParams->clientParams.info.authInfo.macAddr. + addr[4], + callbackParams->clientParams.info.authInfo.macAddr. + addr[5], authmgrMethodStringGet (callbackParams->method), + callbackParams->clientParams.info.authInfo.eapolVersion); + + if (logicalPortInfo->client.rcvdEapolVersion != callbackParams->clientParams.info.authInfo.eapolVersion) + { + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s Updating EAPoL version for mac address(%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x) from version %d to version - %d \n", + __FUNCTION__, + callbackParams->clientParams.info.authInfo.macAddr. + addr[0], + callbackParams->clientParams.info.authInfo.macAddr. + addr[1], + callbackParams->clientParams.info.authInfo.macAddr. + addr[2], + callbackParams->clientParams.info.authInfo.macAddr. + addr[3], + callbackParams->clientParams.info.authInfo.macAddr. + addr[4], + callbackParams->clientParams.info.authInfo.macAddr. + addr[5], + logicalPortInfo->client.rcvdEapolVersion, + callbackParams->clientParams.info.authInfo.eapolVersion); + + logicalPortInfo->client.rcvdEapolVersion = callbackParams->clientParams.info.authInfo.eapolVersion; + } + } + + if (( AUTHMGR_AUTH_SUCCESS == callbackParams->status) || + ( AUTHMGR_AUTH_FAIL == callbackParams->status) || + ( AUTHMGR_AUTH_TIMEOUT == callbackParams->status)) + { + uchar8 ifNameEvent[ NIM_IFNAME_SIZE + 1]; + nimGetIntfName (intIfNum, ALIASNAME, ifNameEvent); + + if (AUTHMGR_HELD == logicalPortInfo->protocol.authState) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "Event %s for the client %s is received on interface %s (intIfNum %d) but this client is in HELD state. " + "Hence ignoring.", authmgrMethodStatusStringGet (callbackParams->status), + AUTHMGR_PRINT_MAC_ADDR(callbackParams->clientParams.info.authInfo.macAddr.addr), + ifNameEvent, intIfNum); + + return SUCCESS; + } + + if ((AUTHMGR_AUTHENTICATED == logicalPortInfo->protocol.authState) && + (logicalPortInfo->client.authenticatedMethod != callbackParams->method)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "Event %s for the client %s is received on interface %s (intIfNum %d) " + "but this client's authenticated method (%s) is different from callback method (%s). " + "Hence ignoring.", authmgrMethodStatusStringGet (callbackParams->status), + AUTHMGR_PRINT_MAC_ADDR(callbackParams->clientParams.info.authInfo.macAddr.addr), + ifNameEvent, intIfNum, authmgrMethodStringGet (logicalPortInfo->client.authenticatedMethod), + authmgrMethodStringGet (callbackParams->method)); + + return SUCCESS; + } + } + + memset (&entry, 0, sizeof (authmgrStatusMap_t)); + if ( SUCCESS != + authmgrStatusCalbackMapEntryGet (callbackParams->status, &entry)) + { + return FAILURE; + } + + return entry.statusFn (lIntIfNum, callbackParams); +} + +/********************************************************************* +* @purpose Get the first operationally enabled method on a interface +* +* @param intIfNum @b{(input)) internal interface number +* @param nextMethod @b{(output)) pointer to the next method +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrFirstMethodGet (uint32 intIfNum, + AUTHMGR_METHOD_t * nextMethod) +{ + uint32 j; + + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + if ( AUTHMGR_METHOD_NONE == + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[0]) + { + return FAILURE; + } + + j = 0; + for (j = AUTHMGR_METHOD_MIN; j < AUTHMGR_METHOD_MAX; j++) + { + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[j] != + AUTHMGR_METHOD_NONE) + { + *nextMethod = + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[j]; + return SUCCESS; + } + } + return FAILURE; +} + +/********************************************************************* +* @purpose Get the next operationally enabled method on a interface +* +* @param intIfNum @b{(input)) internal interface number +* @param nextMethod @b{(output)) pointer to the next method +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrNextMethodGet (uint32 intIfNum, + AUTHMGR_METHOD_t * nextMethod) +{ + uint32 j; + + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + if ( AUTHMGR_METHOD_NONE == + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[0]) + { + return FAILURE; + } + + for (j = AUTHMGR_METHOD_MIN; j < AUTHMGR_METHOD_MAX; j++) + { + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[j] == + AUTHMGR_METHOD_NONE) + { + return FAILURE; + } + if ((*nextMethod == + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[j]) + && ((j + 1) < AUTHMGR_METHOD_MAX)) + { + if ( AUTHMGR_METHOD_NONE != + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[j + + 1]) + { + *nextMethod = + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[j + + 1]; + return SUCCESS; + } + else + { + return FAILURE; + } + } + } + return FAILURE; +} + +/********************************************************************* +* @purpose Get the next operationally enabled method on a interface +* +* @param intIfNum @b{(input)) internal interface number +* @param nextMethod @b{(output)) pointer to the next method +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ + +RC_t authmgrEnabledMethodNextGet (uint32 intIfNum, + AUTHMGR_METHOD_t * nextMethod) +{ + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + if ( AUTHMGR_METHOD_NONE == + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[0]) + { + return FAILURE; + } + + if ( AUTHMGR_METHOD_NONE == *nextMethod) + { + /* get the first method */ + return authmgrFirstMethodGet (intIfNum, nextMethod); + } + else + { + return authmgrNextMethodGet (intIfNum, nextMethod); + } +} + +/********************************************************************* +* @purpose Get the first operationally enabled method on a interface +* +* @param intIfNum @b{(input)) internal interface number +* @param nextPriority @b{(output)) pointer to the next method +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ + +RC_t authmgrFirstPriorityGet (uint32 intIfNum, + AUTHMGR_METHOD_t * nextPriority) +{ + uint32 j; + + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + if ( AUTHMGR_METHOD_NONE == + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[0]) + { + return FAILURE; + } + + j = 0; + for (j = AUTHMGR_METHOD_MIN; j < AUTHMGR_METHOD_MAX; j++) + { + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[j] != + AUTHMGR_METHOD_NONE) + { + *nextPriority = + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[j]; + return SUCCESS; + } + } + return FAILURE; +} + +/********************************************************************* +* @purpose Get the next operationally enabled method on a interface +* +* @param intIfNum @b{(input)) internal interface number +* @param method @b{(input)) input method for which next method is needed. +* @param nextPriority @b{(output)) pointer to the next method +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ + +RC_t authmgrNextPriorityGet (uint32 intIfNum, + AUTHMGR_METHOD_t * nextPriority) +{ + uint32 j; + + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + if ( AUTHMGR_METHOD_NONE == + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[0]) + { + return FAILURE; + } + + j = 0; + for (j = AUTHMGR_METHOD_MIN; j < AUTHMGR_METHOD_MAX; j++) + { + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[j] == + AUTHMGR_METHOD_NONE) + { + return FAILURE; + } + if ((*nextPriority == + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[j]) + && ((j + 1) < AUTHMGR_METHOD_MAX)) + { + if ( AUTHMGR_METHOD_NONE != + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[j + + 1]) + { + *nextPriority = + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[j + + 1]; + return SUCCESS; + } + else + { + return FAILURE; + } + } + } + return FAILURE; +} + +/********************************************************************* +* @purpose Get the next operationally enabled method on a interface +* +* @param intIfNum @b{(input)) internal interface number +* @param method @b{(input)) input method for which next method is needed. +* @param nextPriority @b{(output)) pointer to the next method +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ + +RC_t authmgrEnabledPriorityNextGet (uint32 intIfNum, + AUTHMGR_METHOD_t * nextPriority) +{ + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + if ( AUTHMGR_METHOD_NONE == + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[0]) + { + return FAILURE; + } + + if ( AUTHMGR_METHOD_NONE == *nextPriority) + { + /* get the first method */ + return authmgrFirstPriorityGet (intIfNum, nextPriority); + } + else + { + return authmgrNextPriorityGet (intIfNum, nextPriority); + } +} + +/********************************************************************* +* @purpose status function to update dot1x stats +* +* @param intIfNum interface number +* @param status +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrDot1xStatsUpdate (uint32 intIfNum, + authmgrStatsUpdate_t status) +{ + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + switch (status) + { + case authmgrStatsAuthEnter: + authmgrCB->globalInfo->authmgrPortStats[intIfNum].dot1x. + authEntersAuthenticating++; + break; + + case authmgrStatsAuthSuccess: + authmgrCB->globalInfo->authmgrPortStats[intIfNum].dot1x.authSuccess++; + break; + + case authmgrStatsAuthFail: + authmgrCB->globalInfo->authmgrPortStats[intIfNum].dot1x.authFailure++; + break; + + case authmgrStatsAuthTimeout: + authmgrCB->globalInfo->authmgrPortStats[intIfNum].dot1x.authTimeout++; + break; + + default: + break; + } + return SUCCESS; +} + +/********************************************************************* +* @purpose status function to update mab stats +* +* @param intIfNum interface number +* @param status +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrMabStatsUpdate (uint32 intIfNum, authmgrStatsUpdate_t status) +{ + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + switch (status) + { + case authmgrStatsAuthEnter: + authmgrCB->globalInfo->authmgrPortStats[intIfNum].mab. + authEntersAuthenticating++; + break; + + case authmgrStatsAuthSuccess: + authmgrCB->globalInfo->authmgrPortStats[intIfNum].mab.authSuccess++; + break; + + case authmgrStatsAuthFail: + authmgrCB->globalInfo->authmgrPortStats[intIfNum].mab.authFailure++; + break; + + case authmgrStatsAuthTimeout: + authmgrCB->globalInfo->authmgrPortStats[intIfNum].mab.authTimeout++; + break; + + default: + break; + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose status function to update captive portal stats +* +* @param intIfNum interface number +* @param status +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrCpStatsUpdate (uint32 intIfNum, authmgrStatsUpdate_t status) +{ + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + switch (status) + { + case authmgrStatsAuthEnter: + authmgrCB->globalInfo->authmgrPortStats[intIfNum].cp. + authEntersAuthenticating++; + break; + + case authmgrStatsAuthSuccess: + authmgrCB->globalInfo->authmgrPortStats[intIfNum].cp.authSuccess++; + break; + + case authmgrStatsAuthFail: + authmgrCB->globalInfo->authmgrPortStats[intIfNum].cp.authFailure++; + break; + + case authmgrStatsAuthTimeout: + authmgrCB->globalInfo->authmgrPortStats[intIfNum].cp.authTimeout++; + break; + + default: + break; + } + return SUCCESS; +} + +/************************************************************************* +* @purpose function to get function map entry for the given method +* +* @param type @b{(input)} method type +* @param elem @b{(input)} Pointer to map entry +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments none +* +* @end +*************************************************************************/ +RC_t authmgrAuthStatsMapEntryGet ( AUTHMGR_METHOD_t type, + authmgrStatsMap_t * elem) +{ + uint32 i = 0; + static authmgrStatsMap_t authmgrStatsMap[] = { + { AUTHMGR_METHOD_8021X, authmgrDot1xStatsUpdate}, + { AUTHMGR_METHOD_MAB, authmgrMabStatsUpdate} + }; + + for (i = 0; i < (sizeof (authmgrStatsMap) / sizeof (authmgrStatsMap_t)); i++) + { + if (type == authmgrStatsMap[i].type) + { + *elem = authmgrStatsMap[i]; + return SUCCESS; + } + } + + return FAILURE; +} + +/********************************************************************* +* @purpose Function to Update the statistics +* +* @param intIfNum @b{(input)) internal interface number +* @param method @b{(input)) 802.1x/mab/cp +* @param status @b{(input)) status +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrStatsUpdate (uint32 intIfNum, + AUTHMGR_METHOD_t method, + authmgrStatsUpdate_t status) +{ + authmgrStatsMap_t entry; + + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + if ( SUCCESS != authmgrAuthStatsMapEntryGet (method, &entry)) + { + return FAILURE; + } + + if ( NULLPTR != entry.statsFn) + { + return entry.statsFn (intIfNum, status); + } + + return FAILURE; +} + +/********************************************************************* +* @purpose function to map callbacks for the given method +* +* @param method authentication method +* @param entry auth mgr callback function map entry +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrRegisteredEntryFnMapGet ( AUTHMGR_METHOD_t method, + authmgrMethodCallbackNotifyMap_t * + entry) +{ + uint32 i = 0; + + if ( AUTHMGR_METHOD_NONE == method) + { + return FAILURE; + } + + for (i = 0; i < AUTHMGR_METHOD_LAST; i++) + { + if (method == authmgrCB->globalInfo->authmgrCallbacks[i].method) + { + *entry = authmgrCB->globalInfo->authmgrCallbacks[i]; + return SUCCESS; + } + } + return FAILURE; +} + +/********************************************************************* +* @purpose function to check the entry and populate in the list +* +* @param intIfNum interface number +* @param method authentication method +* @param methodEnabled TRUE if method is enabled +* @param out mehod value, if method is emabled +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrOperListEntryPopulate (uint32 intIfNum, + AUTHMGR_METHOD_t method, + BOOL * methodEnabled, + AUTHMGR_METHOD_t * out) +{ + authmgrMethodCallbackNotifyMap_t entry; + uint32 enabled = DISABLE; + + memset (&entry, 0, sizeof (authmgrMethodCallbackNotifyMap_t)); + + AUTHMGR_IF_NULLPTR_RETURN_LOG (methodEnabled); + AUTHMGR_IF_NULLPTR_RETURN_LOG (out); + + if ( SUCCESS != authmgrRegisteredEntryFnMapGet (method, &entry)) + { + return FAILURE; + } + + if ( NULLPTR == entry.enableGetFn) + { + return FAILURE; + } + + /* Explicitly releasing the locks temporarily + since , query is done for another component API + which contains readlocks. */ + + (void) osapiReadLockGive (authmgrCB->authmgrCfgRWLock); + (void) osapiWriteLockGive (authmgrCB->authmgrRWLock); + if (( SUCCESS == entry.enableGetFn (intIfNum, &enabled)) && + ( ENABLE != enabled)) + { + (void) osapiReadLockTake (authmgrCB->authmgrCfgRWLock, WAIT_FOREVER); + (void) osapiWriteLockTake (authmgrCB->authmgrRWLock, WAIT_FOREVER); + *methodEnabled = FALSE; + return SUCCESS; + } + + (void) osapiReadLockTake (authmgrCB->authmgrCfgRWLock, WAIT_FOREVER); + (void) osapiWriteLockTake (authmgrCB->authmgrRWLock, WAIT_FOREVER); + *methodEnabled = TRUE; + + *out = method; + return SUCCESS; +} + +/********************************************************************* +* @purpose function to populate the oper enabled methods +* +* @param intIfNum @b{(input)) internal interface number +* @param inArray @b{(input)) input list +* @param outArray @b{(output)) output list +* @param count @b{(output)) enabled count +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments The outArray should be memset before passing to the function +* +* @end +*********************************************************************/ +RC_t authmgrEnabledListPopulate (uint32 intIfNum, + AUTHMGR_METHOD_t * inArray, + AUTHMGR_METHOD_t * outArray, + uint32 * count) +{ + BOOL flag = FALSE; + uint32 i = 0, cnt = 0; + AUTHMGR_METHOD_t *pIn, *pOut; + + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + AUTHMGR_IF_NULLPTR_RETURN_LOG (inArray); + AUTHMGR_IF_NULLPTR_RETURN_LOG (outArray); + + pIn = inArray; + pOut = outArray; + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s repopulating the enabled methods list\n", + __FUNCTION__); + + /* Loop through the configured methods + and maintain an oper list */ + + for (i = 0; i < AUTHMGR_METHOD_MAX; i++) + { + if ( AUTHMGR_METHOD_NONE == *inArray) + { + break; + } + + flag = FALSE; + + if ( SUCCESS != + authmgrOperListEntryPopulate (intIfNum, *inArray, &flag, outArray)) + { + break; + } + + if (flag) + { + outArray++; + cnt++; + } + inArray++; + } + + *count = cnt; + outArray = pOut; + inArray = pIn; + + return SUCCESS; +} + +/********************************************************************* +* @purpose function to handle changes in enabled auth method list +* +* @param intIfNum internal interface number +* @param old old list +* @param new updated list +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrEnableListChangeAction (uint32 intIfNum, + AUTHMGR_METHOD_t * old, + AUTHMGR_METHOD_t * new) +{ + uint32 i = 0, j = 0; + BOOL exists = FALSE; + AUTHMGR_METHOD_t *temp = NULLPTR; + + AUTHMGR_IF_NULLPTR_RETURN_LOG (old); + AUTHMGR_IF_NULLPTR_RETURN_LOG (new); + + /* no lists in the order */ + while ((i < AUTHMGR_METHOD_MAX) && ( AUTHMGR_METHOD_NONE != *old)) + { + temp = old; + exists = FALSE; + for (j = 0; j < AUTHMGR_METHOD_MAX; j++) + { + if (*new == *old) + { + /* method is still present */ + exists = TRUE; + break; + } + temp++; + } + if (!(exists)) + { + /* clean up all the clients in the list by method */ + authmgrClientsByMethodDelete (intIfNum, + authmgrCB->globalInfo-> + authmgrPortInfo[intIfNum]. + enabledMethods[i]); + } + old++; + i++; + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose Control function to populate the oper enabled methods +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrPortEnabledListPopulate (uint32 intIfNum) +{ + authmgrPortCfg_t *pCfg = NULLPTR; + BOOL orderChanged = FALSE, priorityChanged = FALSE; + uint32 count = 0, count1 = 0; + uchar8 ifName[ NIM_IF_ALIAS_SIZE + 1]; + + AUTHMGR_METHOD_t orderList[ AUTHMGR_METHOD_LAST]; + AUTHMGR_METHOD_t priorityList[ AUTHMGR_METHOD_LAST]; + AUTHMGR_METHOD_t zeroList[ AUTHMGR_METHOD_LAST]; + + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE) + { + return FAILURE; + } + + AUTHMGR_IF_NULLPTR_RETURN_LOG (pCfg); + + if (nimGetIntfName (intIfNum, ALIASNAME, ifName) != SUCCESS) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "Unable to get alias for intf %d", intIfNum); + return FAILURE; + } + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s repopulating the oper methods list for intf %s\n", + __FUNCTION__, ifName); + + /* take the read lock */ + (void) osapiReadLockTake (authmgrCB->authmgrCfgRWLock, WAIT_FOREVER); + /* Loop through the configured methods + and maintain an oper list */ + + memset (orderList, 0, sizeof (orderList)); + memset (priorityList, 0, sizeof (priorityList)); + memset (zeroList, 0, sizeof (zeroList)); + + /* get the enabled order list */ + + if ( SUCCESS != + authmgrEnabledListPopulate (intIfNum, &pCfg->methodList[0], &orderList[0], + &count)) + { + (void) osapiReadLockGive (authmgrCB->authmgrCfgRWLock); + return FAILURE; + } + + if ( SUCCESS != + authmgrEnabledListPopulate (intIfNum, &pCfg->priorityList[0], + &priorityList[0], &count1)) + { + (void) osapiReadLockGive (authmgrCB->authmgrCfgRWLock); + return FAILURE; + } + + /* check if there is any change in the oper values */ + + if ( TRUE != + authmgrListArrayCompare (authmgrCB->globalInfo->authmgrPortInfo[intIfNum]. + enabledMethods, orderList, sizeof(orderList))) + { + orderChanged = TRUE; + } + + if ( TRUE != + authmgrListArrayCompare (authmgrCB->globalInfo->authmgrPortInfo[intIfNum]. + enabledPriority, priorityList, sizeof(priorityList))) + { + priorityChanged = TRUE; + } + + (void) osapiReadLockGive (authmgrCB->authmgrCfgRWLock); + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s intf %s, orderChanged %d, priorityChanged %d\n", + __FUNCTION__, ifName, orderChanged, priorityChanged); + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s %s -- cfgMethods[0] %d, cfgMethods[1] %d\n", + __FUNCTION__, ifName, pCfg->methodList[0], + pCfg->methodList[1]); + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s %s -- generated list- methods[0] %d, methods[1] %d\n", + __FUNCTION__, ifName, orderList[0], + orderList[1]); + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s %s current list- methods[0] %d, methods[1] %d\n", + __FUNCTION__, ifName, authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[0], + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[1]); + + if (orderChanged) + { + if ( SUCCESS != + authmgrEnableListChangeAction (intIfNum, + authmgrCB->globalInfo-> + authmgrPortInfo[intIfNum].enabledMethods, + orderList)) + { + return FAILURE; + } + + memcpy (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods, + orderList, sizeof (orderList)); + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s enabledMethods[0] %d, enabledMethods[1] %d\n", + __FUNCTION__, authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[0], + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[1]); + + /* we may need to alter the violation policy + based on the new list */ + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s Updating learn mode of %s\n", __FUNCTION__, ifName); + + authmgrViolationPolicyApply(intIfNum); + authmgrPortLearningModify(intIfNum); + + if ( TRUE == authmgrListArrayCompare (priorityList, zeroList, sizeof(priorityList))) + { + memcpy (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority, + orderList, sizeof (orderList)); + } + else if (priorityChanged) + { + memcpy (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority, + priorityList, sizeof (priorityList)); + } + + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethodCount = count; + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriorityCount = + count1; + } + else if (priorityChanged) + { + memcpy (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority, + priorityList, sizeof (priorityList)); + } + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s Updating DB: enabledMethods[0] %d, enabledMethods[1] %d\n", + __FUNCTION__, authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[0], + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[1]); + + /* Update Oper DB */ + + PacPortOperTblSet(intIfNum, + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods, + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority); + + return SUCCESS; +} + +/********************************************************************* +* @purpose Control function to handle the authentication method order changes +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrMethodOrderChangeProcess (uint32 intIfNum) +{ + authmgrPortCfg_t *pCfg; + + if ( TRUE != authmgrIntfIsConfigurable (intIfNum, &pCfg)) + { + return FAILURE; + } + + /* populate the methods if and only if + the control mode is valid */ + + if ( AUTHMGR_PORT_AUTO == pCfg->portControlMode) + { + /* Just re-populate the interface enabled list */ + authmgrPortEnabledListPopulate (intIfNum); + } + else + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s intf %d, Zeroing out methods for portControlMode %d\n", + __FUNCTION__, intIfNum, pCfg->portControlMode); + /* just memset the methods */ + memset (&authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods, 0, + sizeof (authmgrCB->globalInfo->authmgrPortInfo[intIfNum]. + enabledMethods)); + memset (&authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority, + 0, + sizeof (authmgrCB->globalInfo->authmgrPortInfo[intIfNum]. + enabledPriority)); + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethodCount = 0; + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriorityCount = 0; + } + return SUCCESS; +} + +/********************************************************************* +* @purpose function to trigger authentication for a client. +* +* @param logicalPortInfo logical port structure +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrAuthenticationTrigger (authmgrLogicalPortInfo_t * + logicalPortInfo) +{ + RC_t rc = SUCCESS; + uint32 physPort = 0; + enetMacAddr_t zeroMac; + + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + AUTHMGR_PORT_GET (physPort, logicalPortInfo->key.keyNum); + + if ( AUTHMGR_METHOD_NONE == logicalPortInfo->client.currentMethod) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort, + "logicalInterface %d failed to update %s to start authentication\n", + logicalPortInfo->key.keyNum, + authmgrMethodStringGet (logicalPortInfo->client. + currentMethod)); + rc = FAILURE; + } + + if (logicalPortInfo->client.currentMethod != + authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client. + currentMethod].method) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort, + "logicalInterface %d failed to update %s to start authentication\n" + "since the registered method is %s\n", + logicalPortInfo->key.keyNum, + authmgrMethodStringGet (logicalPortInfo->client. + currentMethod), + authmgrMethodStringGet (authmgrCB->globalInfo-> + authmgrCallbacks + [logicalPortInfo->client. + currentMethod].method)); + rc = FAILURE; + } + + if ( NULLPTR == + authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client. + currentMethod].eventNotifyFn) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort, + "logicalInterface %d failed to update %s to start authentication\n" + "since the callback function is not registered method\n", + logicalPortInfo->key.keyNum, + authmgrMethodStringGet (logicalPortInfo->client. + currentMethod)); + rc = FAILURE; + } + + /* check if the client mac is all 0s. + If yes, no need to validate against MAB */ + + memset (&zeroMac, 0, sizeof ( enetMacAddr_t)); + if ((0 == + memcmp (zeroMac.addr, + logicalPortInfo->client.suppMacAddr. + addr, ENET_MAC_ADDR_LEN)) && + ( AUTHMGR_METHOD_MAB == + logicalPortInfo->client.currentMethod)) + { + rc = FAILURE; + } + + if (AUTHMGR_AUTHENTICATING != logicalPortInfo->protocol.authState) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, physPort, + "client with logicalInterface %d is in state %s.\n", + logicalPortInfo->key.keyNum, authmgrAuthStateStringGet(logicalPortInfo->protocol.authState)); + return SUCCESS; + } + + if (( SUCCESS == rc) && ( NULLPTR != + authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client. + currentMethod].eventNotifyFn)) + { + rc = + authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client. + currentMethod].eventNotifyFn + (physPort, authmgrClientAuthStart, + &logicalPortInfo->client.suppMacAddr); + authmgrStatsUpdate (physPort, logicalPortInfo->client.currentMethod, + authmgrStatsAuthEnter); + + if ( SUCCESS == rc) + { + /* start the method_no_response timer. If this method doesn't + report back the result, we will move to next method */ + authmgrTimerStart (logicalPortInfo, AUTHMGR_METHOD_NO_RESP_TMR); + } + } + return rc; +} + +/********************************************************************* +* @purpose function to get the operationally enabled method count on an interface +* +* @param physPort internal interface number +* @param count count +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrPortEnabledMethodCountGet (uint32 physPort, uint32 * count) +{ + *count = authmgrCB->globalInfo->authmgrPortInfo[physPort].enabledMethodCount; + return SUCCESS; +} + +/********************************************************************* +* @purpose updates the port pae capabilities +* +* @param intIfNum +* @param mode pae capabilities +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrPaeCapabilitiesEventProcess (uint32 intIfNum, uint32 mode) +{ + uchar8 ifName[ NIM_IF_ALIAS_SIZE + 1]; + RC_t rc = FAILURE; + + if (!(AUTHMGR_IS_READY)) + { + return SUCCESS; + } + + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + if (mode == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities) + { + return SUCCESS; + } + + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities == DOT1X_PAE_PORT_AUTH_CAPABLE) + { + /* cleanup the clients on this port */ + authmgrPortInfoCleanup (intIfNum); + } + + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities = mode; + + if ( DOT1X_PAE_PORT_AUTH_CAPABLE == mode) + { + /* enable authentication on this interface */ + (void)authmgrCtlApplyPortConfigData(intIfNum); + } + else + { + authmgrIhPhysicalPortStatusSet(intIfNum, AUTHMGR_PORT_STATUS_AUTHORIZED); + if (nimGetIntfName (intIfNum, ALIASNAME, ifName) != SUCCESS) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to get alias for intf %d", intIfNum); + return FAILURE; + } + + rc = authmgrPortPvidSet(intIfNum, 0); + if (rc != SUCCESS) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to set PVID back to 0 for %d", intIfNum); + } + + authmgrVlanReleasePort(intIfNum); + + /* disable authentication on this interface */ + if ( TRUE == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled) + { + authmgrPhysicalPortStatusOpenSet(intIfNum); + } + else + { + authmgrPhysicalPortStatusBlockSet(intIfNum); + } + + pacCfgVlanMemberRemove(1, ifName); + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose updates the port violation mode +* +* @param intIfNum +* @param mode violation mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrViolationModeSetAction (uint32 intIfNum, + AUTHMGR_PORT_AUTH_VIOLATION_MODE_t mode) +{ + if (!(AUTHMGR_IS_READY)) + { + return SUCCESS; + } + + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + if (mode == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].violationMode) + { + return SUCCESS; + } + + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].violationMode = mode; + + return SUCCESS; +} + +/********************************************************************* +* @purpose set max auth retry attempts on port +* +* @param intIfNum +* @param intIfNum +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrAuthFailMaxRetryCountSetAction (uint32 intIfNum, + uint32 count) +{ + if (!(AUTHMGR_IS_READY)) + { + return SUCCESS; + } + + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + if (count == + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authFailRetryMaxCount) + { + return SUCCESS; + } + + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authFailRetryMaxCount = + count; + + return SUCCESS; +} + +/********************************************************************* +* @purpose interface function to clear all timers of specified type +* +* @param physIntf internal interface number +* @param type timer type +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrInterfaceTimerReset (uint32 physIntf, authmgrTimerType_t type) +{ + uint32 lIndex = 0; + authmgrLogicalPortInfo_t *logicalPortInfo; + + lIndex = AUTHMGR_LOGICAL_PORT_ITERATE; + while ((logicalPortInfo = + authmgrLogicalPortInfoGetNextNode (physIntf, &lIndex)) != NULLPTR) + { + authmgrTimerDestroy (authmgrCB->globalInfo->authmgrTimerCB, logicalPortInfo, + type); + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose function to clear all timers of specified type +* +* @param type timer type +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrTimerReset (authmgrTimerType_t type) +{ + RC_t nimRc; + uint32 phyIntf = 0; + + /* loop through all the interfaces and initiate the changes */ + nimRc = authmgrFirstValidIntfNumber (&phyIntf); + while (nimRc == SUCCESS) + { + /* clean up the timers on this interface info */ + authmgrInterfaceTimerReset (phyIntf, type); + nimRc = authmgrNextValidIntf (phyIntf, &phyIntf); + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose interface funtion to handle the auth method changes +* +* @param intIfNum internal interface number +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrMethodModifyAction (uint32 intIfNum) +{ + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + + authmgrMethodOrderChangeProcess (intIfNum); + return SUCCESS; +} + +/********************************************************************* +* @purpose function to get the reauthentication period of client +* +* @param lIntfNum client interface number +* @param val value +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrLogicalPortReAuthPeriodGet (uint32 lIntfNum, uint32 * val) +{ + uint32 physPort = 0; + authmgrLogicalPortInfo_t *logicalPortInfo; + + AUTHMGR_IF_NULLPTR_RETURN_LOG (val); + + logicalPortInfo = authmgrLogicalPortInfoGet (lIntfNum); + AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo); + + AUTHMGR_PORT_GET (physPort, lIntfNum); + + if ( FALSE == authmgrCB->globalInfo->authmgrPortInfo[physPort].reAuthEnabled) + { + *val = 0; + } + + if (authmgrCB->globalInfo->authmgrPortInfo[physPort].reAuthPeriodServer) + { + *val = logicalPortInfo->client.sessionTimeout; + } + else + { + authmgrReAuthPeriodGet (physPort, val); + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose interface level function to restart timers +* +* @param phyIntf interface number +* +* @comments +* +* @end +*********************************************************************/ +void authmgrIntfAuthClientsTimersRestart (uint32 phyIntf) +{ + uint32 lIntIfNum; + authmgrLogicalPortInfo_t *logicalPortInfo; + /* Authenticator timer actions */ + if (authmgrCB->globalInfo->authmgrPortInfo[phyIntf].paeCapabilities == + DOT1X_PAE_PORT_AUTH_CAPABLE) + { + lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE; + while ((logicalPortInfo = + authmgrLogicalPortInfoGetNextNode (phyIntf, + &lIntIfNum)) != NULLPTR) + { + if ((logicalPortInfo->key.keyNum != 0) && + ( AUTHMGR_PORT_STATUS_AUTHORIZED == + logicalPortInfo->client.logicalPortStatus)) + { + if (authmgrCB->globalInfo->authmgrPortInfo[phyIntf].portEnabled == + TRUE + && (authmgrCB->globalInfo->authmgrPortInfo[phyIntf]. + portControlMode == AUTHMGR_PORT_AUTO)) + { + if ( TRUE == authmgrCB->globalInfo->authmgrPortInfo[phyIntf].reAuthEnabled) + { + /* Start the reauthentication timer */ + authmgrTimerStart (logicalPortInfo, AUTHMGR_REAUTH_WHEN); + } + } + } + } + } +} + +/********************************************************************* +* @purpose function to restart all the timers +* +* @param none +* @returns none +* +* +* @comments +* +* @end +*********************************************************************/ +void authmgrAuthClientsTimersRestart () +{ + RC_t nimRc = SUCCESS; + uint32 phyIntf = 0; + + nimRc = authmgrFirstValidIntfNumber (&phyIntf); + while (nimRc == SUCCESS) + { + /* Authenticator timer actions */ + if (authmgrCB->globalInfo->authmgrPortInfo[phyIntf].paeCapabilities == + DOT1X_PAE_PORT_AUTH_CAPABLE) + { + authmgrIntfAuthClientsTimersRestart (phyIntf); + } + nimRc = authmgrNextValidIntf (phyIntf, &phyIntf); + } +} + +/********************************************************************* +* @purpose function to start timers on an interface +* +* @param phyIntf interface number +* @param type timer type +* @param flag start or stop +* +* @comments +* +* @end +*********************************************************************/ +void authmgrIntfClientsTimerStart (uint32 phyIntf, authmgrTimerType_t type, + BOOL flag) +{ + uint32 lIntIfNum; + authmgrLogicalPortInfo_t *logicalPortInfo; + /* Authenticator timer actions */ + if (authmgrCB->globalInfo->authmgrPortInfo[phyIntf].paeCapabilities == + DOT1X_PAE_PORT_AUTH_CAPABLE) + { + lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE; + while ((logicalPortInfo = + authmgrLogicalPortInfoGetNextNode (phyIntf, + &lIntIfNum)) != NULLPTR) + { + if (logicalPortInfo->key.keyNum != 0) + { + if (authmgrCB->globalInfo->authmgrPortInfo[phyIntf].portEnabled == + TRUE + && (authmgrCB->globalInfo->authmgrPortInfo[phyIntf]. + portControlMode == AUTHMGR_PORT_AUTO)) + { + if ( TRUE == flag) + { + authmgrTimerStart (logicalPortInfo, type); + } + else + { + authmgrTimerDestroy (authmgrCB->globalInfo->authmgrTimerCB, + logicalPortInfo, type); + } + } + } + } + } +} + +/********************************************************************* +* @purpose Function to start all timers of the given type +* +* @param type timer type +* @param flag start or stop +* +* @comments +* +* @end +*********************************************************************/ +void authmgrAllTimersStart (authmgrTimerType_t type, BOOL flag) +{ + RC_t nimRc = SUCCESS; + uint32 phyIntf = 0; + + nimRc = authmgrFirstValidIntfNumber (&phyIntf); + while (nimRc == SUCCESS) + { + /* Authenticator timer actions */ + + if (authmgrCB->globalInfo->authmgrPortInfo[phyIntf].paeCapabilities == + DOT1X_PAE_PORT_AUTH_CAPABLE) + { + authmgrIntfClientsTimerStart (phyIntf, type, flag); + } + nimRc = authmgrNextValidIntf (phyIntf, &phyIntf); + } +} + +/********************************************************************* + * @purpose Enable administrative mode setting for authmgr + * + * @param none + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @end + *********************************************************************/ +RC_t authmgrCtlAdminModeEnable() +{ + uint32 intIfNum; +/* uchar8 paeCapabilities = 0; */ + RC_t nimRc; + authmgrPortCfg_t *pCfg; + + if (!(AUTHMGR_IS_READY)) + return SUCCESS; + + /* Initialize the auth mgr global data */ + authmgrGlobalInfoPopulate(); + + /* Register for time ticks with appTimer */ + authmgrCB->globalInfo->authmgrTimerCB = + appTimerInit ( AUTHMGR_COMPONENT_ID, authmgrTimerExpiryHdlr, NULLPTR, + APP_TMR_1SEC, + authmgrCB->globalInfo->authmgrAppTimerBufferPoolId); + + auth_mgr_eap_socket_create(&authmgrCB->globalInfo->eap_socket); + + nimRc = authmgrFirstValidIntfNumber(&intIfNum); + while (nimRc == SUCCESS) + { + if (authmgrIntfIsConfigurable(intIfNum, &pCfg) != TRUE) + return FAILURE; + + + (void)authmgrPortInfoInitialize(intIfNum, TRUE); + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities == DOT1X_PAE_PORT_AUTH_CAPABLE) + { + (void)authmgrCtlApplyPortConfigData(intIfNum); + } + else + { + if ( TRUE == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled) + { + authmgrPhysicalPortStatusOpenSet(intIfNum); + } + else + { + authmgrPhysicalPortStatusBlockSet(intIfNum); + } + } + nimRc = authmgrNextValidIntf( intIfNum, &intIfNum); + } + return SUCCESS; +} + +/********************************************************************* + * @purpose Disable administrative mode setting for authmgr + * + * @param none + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @end + *********************************************************************/ +RC_t authmgrCtlAdminModeDisable() +{ + uint32 phyIntf; + RC_t nimRc; + + if (!(AUTHMGR_IS_READY)) + { + return SUCCESS; + } + + nimRc = authmgrFirstValidIntfNumber(&phyIntf); + + while (nimRc == SUCCESS) + { + authmgrPortInfoCleanup(phyIntf); + authmgrPhysicalPortAccessSet(phyIntf); + memset(&authmgrCB->globalInfo->authmgrPortInfo[phyIntf].enabledMethods[0], + 0, sizeof(authmgrCB->globalInfo->authmgrPortInfo[phyIntf].enabledMethods)); + + nimRc = authmgrNextValidIntf(phyIntf, &phyIntf); + } + + /* stop the timer */ + if ( NULLPTR != authmgrCB->globalInfo->authmgrTimerCB) + { + (void) appTimerDeInit (authmgrCB->globalInfo->authmgrTimerCB); + authmgrCB->globalInfo->authmgrTimerCB = NULLPTR; + } + + memset(&authmgrCB->globalInfo->authmgrVlanMask, 0, sizeof( VLAN_MASK_t)); + + return SUCCESS; +} + +/********************************************************************* +* @purpose Initialize the Authmgr Port Structure with Default Values +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrPortInfoInitialize(uint32 intIfNum, BOOL flag) +{ + authmgrPortCfg_t *pCfg; + uint32 linkState, adminState, maxUsers = 0; + ushort16 oldPvid = 0; + char8 ifName[ NIM_IF_ALIAS_SIZE + 1]; + RC_t rc; + AUTHMGR_PORT_CONTROL_t cfgPortControlMode = AUTHMGR_PORT_CONTROL_INVALID; + AUTHMGR_HOST_CONTROL_t cfgHostMode = AUTHMGR_INVALID_HOST_MODE; + uchar8 capabilities = DOT1X_PAE_PORT_NONE_CAPABLE; + + if (authmgrIntfIsConfigurable(intIfNum, &pCfg) != TRUE) + return SUCCESS; + + /* clean up previous info */ + oldPvid = authmgrCB->globalInfo->authmgrPortInfo[intIfNum].pvid; + if (oldPvid) + { + rc = authmgrPortPvidSet(intIfNum, 0); + if (rc != SUCCESS) + { + if (nimGetIntfName (intIfNum, ALIASNAME, ifName) != SUCCESS) + { + LOGF ( LOG_SEVERITY_ERROR, + "Unable to get alias for intf %s", authmgrIntfIfNameGet(intIfNum)); + return FAILURE; + } + LOGF ( LOG_SEVERITY_INFO, + "Unable to set PVID back to 0 for %s", ifName); + } + } + + memset(&authmgrCB->globalInfo->authmgrPortInfo[intIfNum], 0, sizeof(authmgrPortInfo_t)); + + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].maxUsers = AUTHMGR_MAX_USERS_PER_PORT; + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].numUsers = 0; + + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].initialize = FALSE; + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authVlan = 0; + + if ( (nimGetIntfLinkState(intIfNum, &linkState) == SUCCESS) && (linkState == UP) && + (nimGetIntfAdminState(intIfNum, &adminState) == SUCCESS) && (adminState == ENABLE) ) + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled = TRUE; + else + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled = FALSE; + + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount = 0; + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portStatus = AUTHMGR_PORT_STATUS_UNAUTHORIZED; + + (void)osapiReadLockTake(authmgrCB->authmgrCfgRWLock, WAIT_FOREVER); + cfgPortControlMode = pCfg->portControlMode; + cfgHostMode = pCfg->hostMode; + capabilities = pCfg->paeCapabilities; + (void)osapiReadLockGive(authmgrCB->authmgrCfgRWLock); + + /* Copy config data into operational data */ + if (cfgPortControlMode != AUTHMGR_PORT_AUTO) + { + AUTHMGR_EVENT_TRACE(AUTHMGR_TRACE_EVENTS,intIfNum, + "Setting the max users to %d on interface %d. Current port control mode is not Auto \n", + 1, intIfNum); + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].maxUsers = 1; + } + else + { + if ( SUCCESS != authmgrMaxUsersGet(intIfNum, &maxUsers)) + { + AUTHMGR_EVENT_TRACE(AUTHMGR_TRACE_FAILURE,intIfNum, + "Unable to retrieve the max users. Current host mode is %s \n", + authmgrHostModeStringGet(cfgHostMode)); + } + else + { + AUTHMGR_EVENT_TRACE(AUTHMGR_TRACE_EVENTS,intIfNum, + "Setting the max users to %d on interface %d. Current host mode is %s \n", + maxUsers, intIfNum, authmgrHostModeStringGet(cfgHostMode)); + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].maxUsers = maxUsers; + } + } + + (void)osapiReadLockTake(authmgrCB->authmgrCfgRWLock, WAIT_FOREVER); + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].quietPeriod = pCfg->quietPeriod; + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthPeriod = pCfg->reAuthPeriod; + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthPeriodServer = pCfg->reAuthPeriodServer; + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthEnabled = pCfg->reAuthEnabled; + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authFailRetryMaxCount = pCfg->maxAuthAttempts; + + (void)osapiReadLockGive(authmgrCB->authmgrCfgRWLock); + + /* Get the PAE capabilities */ + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities = capabilities; + + return SUCCESS; +} + +/********************************************************************* +* @purpose Set values of the Logical Authmgr Port Structure +* with Default Values of port it belongs to +* +* @param logicalPortInfo @b{(input)) Logical port Info +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrLogicalPortInfoInit(uint32 lIntIfNum) +{ + authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR; + uint32 physPort = 0, lPort = 0, type = 0, vlanId = 0; + + logicalPortInfo = authmgrLogicalPortInfoGet(lIntIfNum); + + AUTHMGR_IF_NULLPTR_RETURN_LOG(logicalPortInfo); + + AUTHMGR_LPORT_KEY_UNPACK(physPort, lPort, type, logicalPortInfo->key.keyNum); + AUTHMGR_EVENT_TRACE(AUTHMGR_TRACE_CLIENT, physPort, + "%s:Resetting information for linterface = %d . \n", + __FUNCTION__, lPort); + + if ( AUTHMGR_PORT_STATUS_AUTHORIZED == logicalPortInfo->client.logicalPortStatus) + { + /* Clean up the client hw info */ + AUTHMGR_EVENT_TRACE(AUTHMGR_TRACE_CLIENT,physPort, + "\n%s:Cleaning up hw info for linterface = %d\n", + __FUNCTION__,lIntIfNum); + + if ( SUCCESS != authmgrClientHwInfoCleanup(logicalPortInfo)) + { + AUTHMGR_EVENT_TRACE(AUTHMGR_TRACE_FAILURE,physPort, + "\n%s:Resetting client hw settings for linterface = %d failed. \n", + __FUNCTION__, lIntIfNum); + } + } + + memset(&logicalPortInfo->protocol, 0, sizeof(authmgrProtocolInfo_t)); + memset(&logicalPortInfo->client, 0, sizeof(authmgrClientInfo_t)); + + uchar8 ifName[ NIM_IF_ALIAS_SIZE + 1] = {'\0'}; + + if (nimGetIntfName(physPort, ALIASNAME, ifName) == SUCCESS) + { + pacCfgPortPVIDGet(ifName, &vlanId); + } + + + logicalPortInfo->client.vlanId = vlanId; + logicalPortInfo->client.vlanType = AUTHMGR_VLAN_DEFAULT; + logicalPortInfo->client.rcvdEapolVersion = DOT1X_PAE_PORT_PROTOCOL_VERSION_2; + authmgrStateMachineClassifier(authmgrInitialize, logicalPortInfo->key.keyNum); + + return SUCCESS; +} + +/********************************************************************* +* @purpose Populate Auth Manager Global Info structure +* +* @param none +* +* @returns none +* +* @comments +* +* @end +*********************************************************************/ +void authmgrGlobalInfoPopulate() +{ + memset(&authmgrCB->globalInfo->authmgrVlanMask, 0, sizeof( VLAN_MASK_t)); +} + + +RC_t authmgrVlanClientsCleanup(uint32 vlanId) +{ + uint32 intIfNum = 0, lIntIfNum = 0; + authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR; + RC_t nimRc = SUCCESS; + + nimRc = authmgrFirstValidIntfNumber (&intIfNum); + while (nimRc == SUCCESS) + { + if ((0 != authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount) + && ( AUTHMGR_PORT_AUTO == + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode)) + { + lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE; + while ((logicalPortInfo = + authmgrLogicalPortInfoGetNextNode (intIfNum, + &lIntIfNum)) != NULLPTR) + { + if (vlanId == logicalPortInfo->client.vlanId) + { + authmgrClientInfoCleanup(logicalPortInfo); + } + } + } + nimRc = authmgrNextValidIntf (intIfNum, &intIfNum); + } + return SUCCESS; +} + +/********************************************************************* +* @purpose To close the authenticated sessions gracefully. +* +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrTerminateAuthSessions() +{ + uint32 intIfNum = 0, lIntIfNum = 0, mgmtUnit = 0; + RC_t rc = SUCCESS; + authmgrLogicalPortInfo_t *logicalPortInfo; + nimUSP_t usp; + + /* Get the first Valid Interface and cleanup the authentication sessions + * belongs to this unit. + */ + rc = authmgrFirstValidIntfNumber(&intIfNum); + while (rc == SUCCESS) + { + memset((void *)&usp, 0, sizeof(nimUSP_t)); + if(nimGetUnitSlotPort(intIfNum, &usp) == SUCCESS) + { + if (usp.unit != ( uchar8)mgmtUnit) + { + rc = authmgrNextValidIntf(intIfNum, &intIfNum); + continue; + } + } + else + { + rc = authmgrNextValidIntf(intIfNum, &intIfNum); + continue; + } + + lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE; + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled = FALSE; + while ( NULLPTR != + (logicalPortInfo = authmgrLogicalPortInfoGetNextNode (intIfNum, &lIntIfNum))) + { + if (0 != logicalPortInfo->key.keyNum) + { + if ( AUTHMGR_PORT_STATUS_AUTHORIZED == logicalPortInfo->client.logicalPortStatus) + { + AUTHMGR_EVENT_TRACE(AUTHMGR_TRACE_API_CALLS,intIfNum, + "%s Auth Manager Cleanup the client session %d on port %s\n", + __FUNCTION__, logicalPortInfo->key.keyNum, authmgrIntfIfNameGet(intIfNum)); + + (void)authmgrClientInfoCleanup(logicalPortInfo); + } + } + } + rc = authmgrNextValidIntf(intIfNum, &intIfNum); + } + return SUCCESS; +} + +/********************************************************************* +* @purpose Reset port information +* +* @param intIfNum @b{(input)) internal interface number +* @param initialize @b{(input)) initialize value +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments This value is set to TRUE by management in order to force +* initialization of a port. It is re-set to FALSE after +* initialization has completed. +* +* @end +*********************************************************************/ +RC_t authmgrCtlPortReset(uint32 intIfNum, BOOL initialize) +{ + RC_t rc = SUCCESS; + + if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE) + { + return SUCCESS; + } + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, intIfNum, + "%s:Intialize physical port's oper values with default -%d \n", __FUNCTION__, + intIfNum); + + authmgrPortInfoCleanup (intIfNum); + authmgrPortCtrlModeSet (intIfNum, FD_AUTHMGR_PORT_MODE); + authmgrIntfOperBuildDefault(intIfNum); + + return rc; +} diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_debug.c b/src/sonic-pac/authmgr/mapping/auth_mgr_debug.c new file mode 100755 index 000000000000..cc1cb8df2c5d --- /dev/null +++ b/src/sonic-pac/authmgr/mapping/auth_mgr_debug.c @@ -0,0 +1,1409 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#include "auth_mgr_include.h" +#include +#include +#include "auth_mgr_struct.h" +#include "auth_mgr_api.h" +#include "auth_mgr_timer.h" + +extern authmgrCB_t *authmgrCB; + +#define AUTHMGR_DEBUG_PACKET_RX_FORMAT "Pkt RX - Intf: %s (%d,%s),SrcMac: %s DestMac: %s Type: %s\n" +#define AUTHMGR_DEBUG_PACKET_RX_EAP_FORMAT "Pkt RX - Intf: %s (%d,%s),SrcMac: %s DestMac: %s Type: %s Code: %s Id:%d\n" +#define AUTHMGR_DEBUG_PACKET_TX_FORMAT "Pkt TX - Intf: %s (%d,%s),SrcMac: %s DestMac: %s Type: %s Code: %s\n" +#define AUTHMGR_DEBUG_PACKET_TX_EAP_FORMAT "Pkt TX - Intf: %s (%d,%s),SrcMac: %s DestMac: %s Type: %s Code: %s Id:%d\n" + + BOOL authmgrDebugPacketTraceTxFlag = FALSE; + BOOL authmgrDebugPacketTraceRxFlag = FALSE; +uint32 authmgrDebugTraceFlag = 0; +uint32 authmgrDebugTraceIntf = 0; + +/* Function prototypes */ +void authmgrBuildTestIntfConfigData (authmgrPortCfg_t * pCfg, ushort16 seed); +void authmgrConfigDataTestShow (void); + + +/********************************************************************* +* @purpose Display the number of messages in the authmgr message queues +* +* @param none +* +* @returns void +* +* @comments devshell command +* +* @end +*********************************************************************/ +void authmgrDebugMsgQueue () +{ + int32 num; + + if (osapiMsgQueueGetNumMsgs (authmgrCB->authmgrBulkQueue, &num) == SUCCESS) + { + SYSAPI_PRINTF ( + "Authmgr Messages in bulk queue: %d\n", num); + } + + if (osapiMsgQueueGetNumMsgs (authmgrCB->authmgrQueue, &num) == SUCCESS) + { + SYSAPI_PRINTF ( + "Authmgr Messages in queue: %d\n", num); + } +} + +/********************************************************************* +* @purpose Display the ID of the authmgr Trace Buffer +* +* @param none +* +* @returns void +* +* @comments devshell command +* +* @end +*********************************************************************/ +void authmgrDebugTraceIdGet () +{ + SYSAPI_PRINTF ( + "Trace Id in use for authmgr is %d\n", + authmgrCB->globalInfo->authmgrInfo.traceId); + SYSAPI_PRINTF ( + "Use devshell traceBlockStart(traceId) and traceBlockStop(traceId)\n"); +} + +/********************************************************************* +* @purpose Display the sizes of the authmgr structures +* +* @param none +* +* @returns void +* +* @comments devshell command +* +* @end +*********************************************************************/ +void authmgrDebugSizesShow () +{ + SYSAPI_PRINTF ( + "AUTHMGR Data Structures:\r\n"); + SYSAPI_PRINTF ( + "----------------------\r\n"); + SYSAPI_PRINTF ( + "sizeof authmgrCB->globalInfo = %zd\r\n", + sizeof (authmgrGlobalInfo_t)); + SYSAPI_PRINTF ( + "sizeof authmgrPortInfo_t = %zd\r\n", + sizeof (authmgrPortInfo_t)); + SYSAPI_PRINTF ( + "sizeof authmgrPortStats_t = %zd\r\n", + sizeof (authmgrPortStats_t)); + SYSAPI_PRINTF ( + "sizeof authmgrCfg_t = %zd\r\n", sizeof (authmgrCfg_t)); + SYSAPI_PRINTF ( + " MAX_PORT_COUNT = %d\r\n", MAX_PORT_COUNT); + SYSAPI_PRINTF ( + " AUTHMGR_INTF_MAX_COUNT = %d\r\n", + AUTHMGR_INTF_MAX_COUNT); +} + +/********************************************************************* +* @purpose Display the config info for the specified port +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns void +* +* @comments devshell command +* +* @end +*********************************************************************/ +void authmgrDebugPortCfgShow (uint32 intIfNum) +{ + authmgrPortCfg_t *pCfg; + + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + SYSAPI_PRINTF ( + "intIfNum(%d) is not a valid authmgr interface\r\n", + intIfNum); + return; + } + + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE) + { + SYSAPI_PRINTF ( + "intIfNum(%d) is not a valid authmgr interface\r\n", + intIfNum); + return; + } + + SYSAPI_PRINTF ( + "AUTHMGR Cfg Info for port %d:\r\n", intIfNum); + SYSAPI_PRINTF ( + "--------------------------\r\n"); + + SYSAPI_PRINTF ( + "portControlMode = %d", pCfg->portControlMode); + switch (pCfg->portControlMode) + { + case AUTHMGR_PORT_FORCE_UNAUTHORIZED: + { + SYSAPI_PRINTF ( + " Force Unauthorized\r\n"); + } + break; + case AUTHMGR_PORT_AUTO: + { + SYSAPI_PRINTF (" Auto\r\n"); + } + break; + case AUTHMGR_PORT_FORCE_AUTHORIZED: + { + SYSAPI_PRINTF ( + " Force Authorized\r\n"); + } + break; + default: + { + SYSAPI_PRINTF (" Unknown\r\n"); + } + break; + } + + SYSAPI_PRINTF ( + "hostMode = %s\r\n", + authmgrHostModeStringGet (pCfg->hostMode)); + + SYSAPI_PRINTF ( + "quietPeriod = %d\r\n", pCfg->quietPeriod); + SYSAPI_PRINTF ( + "reAuthPeriod = %d\r\n", pCfg->reAuthPeriod); + + SYSAPI_PRINTF ( + "reAuthEnabled = %d\r\n", pCfg->reAuthEnabled); + + SYSAPI_PRINTF ( + "reAuthServerEnabled = %d", pCfg->reAuthPeriodServer); + if (authmgrCB->globalInfo->authmgrCfg->authmgrPortCfg[intIfNum]. + reAuthEnabled == TRUE) + { + SYSAPI_PRINTF (" True\r\n"); + } + else if (pCfg->reAuthEnabled == FALSE) + { + SYSAPI_PRINTF (" False\r\n"); + } + else + { + SYSAPI_PRINTF (" Unknown\r\n"); + } + + + SYSAPI_PRINTF ( + "Auth Server port Max Auth attempts = %d\r\n", pCfg->maxAuthAttempts); + +} + +/********************************************************************* +* @purpose Display the status info for the specified port +* +* @param lIntIfNum @b{(input)) Logical internal interface number +* +* @returns void +* +* @comments devshell command +* +* @end +*********************************************************************/ +void authmgrDebugPortMacInfoShow (uint32 lIntIfNum) +{ + uchar8 buf[64]; + uchar8 zeroV6[16]; + authmgrLogicalPortInfo_t *logicalPortInfo; + uint32 physPort = 0, lPort = 0, type = 0; + + authmgrLogicalPortInfoTakeLock (); + logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum); + if (logicalPortInfo == NULLPTR) + { + authmgrLogicalPortInfoGiveLock (); + return; + } + + AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, lIntIfNum); + + if (authmgrIsValidIntf (physPort) != TRUE) + { + SYSAPI_PRINTF ( + "intIfNum is not a valid authmgr interface(%d)\r\n", + physPort); + authmgrLogicalPortInfoGiveLock (); + return; + } + + SYSAPI_PRINTF ( + "AUTHMGR Info for port %d Phy port(%d) :\r\n", lIntIfNum, + physPort); + SYSAPI_PRINTF ( + "------------------------------\r\n"); + + if (0 == logicalPortInfo->key.keyNum) + { + SYSAPI_PRINTF ("Port is in Use\r\n"); + } + else + { + SYSAPI_PRINTF ("Port Not in Use\r\n"); + } + + SYSAPI_PRINTF ( + "Port Status = %d\n", + logicalPortInfo->client.logicalPortStatus); + + SYSAPI_PRINTF ( + "\n\rTimers operational \n\r"); + + SYSAPI_PRINTF ( + "---------- --------------- --------------- ---------- --------------\n\r"); + + SYSAPI_PRINTF ( + "%s\n", + authmgrTimerTypeStringGet (logicalPortInfo->authmgrTimer.cxt. + type)); + + SYSAPI_PRINTF ( + "auth state %s \r\n", + authmgrAuthStateStringGet (logicalPortInfo->protocol. + authState)); + + if (logicalPortInfo->client.serverStateLen > 0) + { + uint32 i; + SYSAPI_PRINTF ( + "serverState = "); + for (i = 0; i < logicalPortInfo->client.serverStateLen; i++) + { + SYSAPI_PRINTF ( + "%02X", logicalPortInfo->client.serverState[i]); + } + SYSAPI_PRINTF ("\r\n"); + } + else + { + SYSAPI_PRINTF ( + "serverState = NULL\r\n"); + } + + if (logicalPortInfo->client.serverClassLen > 0) + { + uint32 i; + SYSAPI_PRINTF ( + "serverClass = "); + for (i = 0; i < logicalPortInfo->client.serverClassLen; i++) + { + SYSAPI_PRINTF ( + "%02X", logicalPortInfo->client.serverClass[i]); + } + SYSAPI_PRINTF ("\r\n"); + } + else + { + SYSAPI_PRINTF ( + "serverClass = NULL\r\n"); + } + + SYSAPI_PRINTF ( + "sessionTimeout = %d\r\n", + logicalPortInfo->client.sessionTimeout); + + SYSAPI_PRINTF ( + "terminationAction = %d\r\n", + logicalPortInfo->client.terminationAction); + + memset (buf, 0, 32); + osapiSnprintf (( char8 *) buf, sizeof (buf), + "%02X:%02X:%02X:%02X:%02X:%02X", + logicalPortInfo->client.suppMacAddr.addr[0], + logicalPortInfo->client.suppMacAddr.addr[1], + logicalPortInfo->client.suppMacAddr.addr[2], + logicalPortInfo->client.suppMacAddr.addr[3], + logicalPortInfo->client.suppMacAddr.addr[4], + logicalPortInfo->client.suppMacAddr.addr[5]); + SYSAPI_PRINTF ( + "suppMacAddr = %s\r\n", buf); + + SYSAPI_PRINTF ( + "reAuthenticating = %d", + logicalPortInfo->client.reAuthenticating); + if (logicalPortInfo->client.reAuthenticating == TRUE) + { + SYSAPI_PRINTF (" True\r\n"); + } + else if (logicalPortInfo->client.reAuthenticating == FALSE) + { + SYSAPI_PRINTF (" False\r\n"); + } + else + { + SYSAPI_PRINTF (" Unknown\r\n"); + } + + SYSAPI_PRINTF ( + "Reauthentication count = %d\r\n", + logicalPortInfo->client.reAuthCount); + + SYSAPI_PRINTF ( + "suppRestarting = %d", + logicalPortInfo->client.suppRestarting); + if (logicalPortInfo->client.suppRestarting == TRUE) + { + SYSAPI_PRINTF (" True\r\n"); + } + else if (logicalPortInfo->client.suppRestarting == FALSE) + { + SYSAPI_PRINTF (" False\r\n"); + } + else + { + SYSAPI_PRINTF (" Unknown\r\n"); + } + + SYSAPI_PRINTF ( + "authMethod = %d", + logicalPortInfo->client.authMethod); + switch (logicalPortInfo->client.authMethod) + { + case AUTH_METHOD_UNDEFINED: + { + SYSAPI_PRINTF (" Undefined\r\n"); + } + break; + case AUTH_METHOD_LOCAL: + { + SYSAPI_PRINTF (" Local\r\n"); + } + break; + case AUTH_METHOD_RADIUS: + { + SYSAPI_PRINTF (" Radius\r\n"); + } + break; + case AUTH_METHOD_REJECT: + { + SYSAPI_PRINTF (" Reject\r\n"); + } + break; + default: + { + SYSAPI_PRINTF (" Unknown\r\n"); + } + break; + } + + SYSAPI_PRINTF ( + "Vlan type %s vlan Id = %d\r\n", + authmgrVlanTypeStringGet (logicalPortInfo->client.vlanType), + logicalPortInfo->client.vlanId); + + SYSAPI_PRINTF ( + "Client Session Timeout = %d\r\n", + logicalPortInfo->client.clientTimeout); + + SYSAPI_PRINTF ( + "Blocked Vlan Id = %d\r\n", + logicalPortInfo->client.blockVlanId); + + memset(buf, 0, sizeof(buf)); + memset(zeroV6, 0, 16); + + authmgrLogicalPortInfoGiveLock (); +} + +/********************************************************************* +* @purpose Display the status info for the specified port +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns void +* +* @comments devshell command +* +* @end +*********************************************************************/ +void authmgrDebugPortInfoShow (uint32 intIfNum) +{ + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + SYSAPI_PRINTF ( + "intIfNum is not a valid authmgr interface(%d)\r\n", + intIfNum); + return; + } + + SYSAPI_PRINTF ( + "AUTHMGR Status Info for port %d:\r\n", intIfNum); + SYSAPI_PRINTF ( + "------------------------------\r\n"); + + SYSAPI_PRINTF ( + "initialize = %d", + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].initialize); + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].initialize == TRUE) + { + SYSAPI_PRINTF (" True\r\n"); + } + else if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].initialize == + FALSE) + { + SYSAPI_PRINTF (" False\r\n"); + } + else + { + SYSAPI_PRINTF (" Unknown\r\n"); + } + + SYSAPI_PRINTF ( + "portControlMode = %d", + authmgrCB->globalInfo->authmgrPortInfo[intIfNum]. + portControlMode); + switch (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode) + { + case AUTHMGR_PORT_FORCE_UNAUTHORIZED: + { + SYSAPI_PRINTF ( + " Force Unauthorized\r\n"); + } + break; + case AUTHMGR_PORT_AUTO: + { + SYSAPI_PRINTF (" Auto\r\n"); + } + break; + case AUTHMGR_PORT_FORCE_AUTHORIZED: + { + SYSAPI_PRINTF ( + " Force Authorized\r\n"); + } + break; + default: + { + SYSAPI_PRINTF (" Unknown\r\n"); + } + break; + } + + SYSAPI_PRINTF ( + "hostMode = %s\r\n", + authmgrHostModeStringGet (authmgrCB->globalInfo-> + authmgrPortInfo[intIfNum].hostMode)); + + SYSAPI_PRINTF ( + "portEnabled = %d", + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled); + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled == TRUE) + { + SYSAPI_PRINTF (" True\r\n"); + } + else if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled == + FALSE) + { + SYSAPI_PRINTF (" False\r\n"); + } + else + { + SYSAPI_PRINTF (" Unknown\r\n"); + } + + SYSAPI_PRINTF ( + "portStatus = %d", + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portStatus); + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portStatus == + AUTHMGR_PORT_STATUS_AUTHORIZED) + { + SYSAPI_PRINTF (" Authorized\r\n"); + } + else if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portStatus == + AUTHMGR_PORT_STATUS_UNAUTHORIZED) + { + SYSAPI_PRINTF (" Unauthorized\r\n"); + } + else + { + SYSAPI_PRINTF (" Unknown\r\n"); + } + + SYSAPI_PRINTF ( + "nimStatus = %d \n", + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].nimStatus); + + SYSAPI_PRINTF ( + "quietPeriod = %d\r\n", + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].quietPeriod); + + SYSAPI_PRINTF ( + "reAuthPeriod = %d\r\n", + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthPeriod); + + SYSAPI_PRINTF ( + "reAuthEnabled = %d", + authmgrCB->globalInfo->authmgrPortInfo[intIfNum]. + reAuthEnabled); + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthEnabled == TRUE) + { + SYSAPI_PRINTF (" True\r\n"); + } + else if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthEnabled == + FALSE) + { + SYSAPI_PRINTF (" False\r\n"); + } + else + { + SYSAPI_PRINTF (" Unknown\r\n"); + } + + + SYSAPI_PRINTF ( + "Number of Authorizations = %d\r\n", + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount); + + SYSAPI_PRINTF ( + "Auth Fail retry count = %d\r\n", + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authFailRetryMaxCount); +} + +/********************************************************************* +* @purpose Display the status for the specified port +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns void +* +* @comments devshell command +* +* @end +*********************************************************************/ +void authmgrDebugPortStatsShow (uint32 intIfNum) +{ + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + SYSAPI_PRINTF ( + "intIfNum is not a valid interface(%d)\r\n", intIfNum); + return; + } + + SYSAPI_PRINTF ( + "AUTHMGR Stats for port %d:\r\n", intIfNum); + SYSAPI_PRINTF ( + "-----------------------\r\n"); + + SYSAPI_PRINTF ("\r\n"); + + SYSAPI_PRINTF ( + "AUTHMGR Debug Stats for port %d:\r\n", intIfNum); + + SYSAPI_PRINTF ( + "-----------------------------\r\n"); + SYSAPI_PRINTF ( + "dot1x authEntersAuthenticating = %d\r\n", + authmgrCB->globalInfo->authmgrPortStats[intIfNum].dot1x. + authEntersAuthenticating); + SYSAPI_PRINTF ( + "dot1x authAuthSuccess = %d\r\n", + authmgrCB->globalInfo->authmgrPortStats[intIfNum].dot1x. + authSuccess); + SYSAPI_PRINTF ( + "dot1x authFailure = %d\r\n", + authmgrCB->globalInfo->authmgrPortStats[intIfNum].dot1x. + authFailure); + SYSAPI_PRINTF ( + "auth authTimeout = %d\r\n", + authmgrCB->globalInfo->authmgrPortStats[intIfNum].dot1x. + authTimeout); +} + +/********************************************************************* +* @purpose Set the authmgr log trace mode +* +* @param mode @b{(input)) log trace mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrDebugLogTraceModeSet (uint32 mode) +{ + /* Validate input parm */ + if (mode != ENABLE && mode != DISABLE) + { + return FAILURE; + } + + /* If not changing mode, just return success */ + if (mode == authmgrCB->globalInfo->authmgrCfg->authmgrLogTraceMode) + { + return SUCCESS; + } + + authmgrCB->globalInfo->authmgrCfg->authmgrLogTraceMode = mode; + + authmgrCB->globalInfo->authmgrCfg->cfgHdr.dataChanged = TRUE; + return SUCCESS; +} + +/********************************************************************* +* @purpose Return the authmgr log trace mode +* +* @param mode @b{(input)) log trace mode +* +* @returns SUCCESS +* +* @comments none +* +* @end +*********************************************************************/ +uint32 authmgrDebugLogTraceModeGet () +{ + return authmgrCB->globalInfo->authmgrCfg->authmgrLogTraceMode; +} + +/********************************************************************* +* @purpose Trace authmgr events +* +* @param 0 - disable tracing +* 1 - enable port status events +* 2 - enable port events tracing +* +* +* @returns void +* +* @notes +* +* @end +* +*********************************************************************/ +void authmgrDebugTraceEvent (uint32 debug, uint32 intfNum) +{ + authmgrDebugTraceFlag = debug; + authmgrDebugTraceIntf = intfNum; +} + +/********************************************************************* +* @purpose show authmgr trace events help +* +* @param +* +* +* @returns void +* +* @notes +* +* @end +* +*********************************************************************/ +void authmgrDebugTraceEventHelp () +{ + SYSAPI_PRINTF ( + "\n Use authmgrDebugTraceEvent(,) to trace various events"); + SYSAPI_PRINTF ( + "\n Specify internal interface number to trace events for specific interface or 0 for all interfaces."); + + SYSAPI_PRINTF ("\n Trace Event Flags"); + SYSAPI_PRINTF ("\n-------------------"); + + SYSAPI_PRINTF ( + "\n Flag Description Value"); + SYSAPI_PRINTF ( + "\n ------------------------------- ----------------------------------------------------- -------"); + SYSAPI_PRINTF ( + "\n AUTHMGR_TRACE_PORT_STATUS Traces port authorization events %u", + AUTHMGR_TRACE_PORT_STATUS); + SYSAPI_PRINTF ( + "\n AUTHMGR_TRACE_EVENTS Traces callback events %u", + AUTHMGR_TRACE_EVENTS); + SYSAPI_PRINTF ( + "\n AUTHMGR_TRACE_API_CALLS Traces authmgr send packet events %u", + AUTHMGR_TRACE_API_CALLS); + SYSAPI_PRINTF ( + "\n AUTHMGR_TRACE_FSM_EVENTS Traces state machine events %u", + AUTHMGR_TRACE_FSM_EVENTS); + SYSAPI_PRINTF ( + "\n AUTHMGR_TRACE_FAILURE Traces failure events such as authentication failure %u", + AUTHMGR_TRACE_FAILURE); + SYSAPI_PRINTF ( + "\n AUTHMGR_TRACE_RADIUS Traces RADIUS related events %u", + AUTHMGR_TRACE_RADIUS); + SYSAPI_PRINTF ( + "\n AUTHMGR_TRACE_TIMER Traces Authmgr Timer Events %u", + AUTHMGR_TRACE_TIMER); + SYSAPI_PRINTF ( + "\n AUTHMGR_TRACE_MAC_ADDR_DB Traces Mac Address Database related events %u", + AUTHMGR_TRACE_MAC_ADDR_DB); +} + +/********************************************************************* +* @purpose Return Logical port Debug info +* +* @param intIfNum @b{(input)) interface number +* @param lIntIfNum @b{(input)) Logical internal interface number +* @param debugInfo @b{(output)) debug info +* +* @returns SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrDebugLogicalPortInfoNextGet (uint32 intIfNum, uint32 *lIntIfNum, + authmgrLogicalPortDebugInfo_t *debugInfo) +{ + authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR; + RC_t rc = SUCCESS; + authmgrPortCfg_t *pCfg; + AUTHMGR_PORT_CONTROL_t portControl = AUTHMGR_PORT_CONTROL_INVALID; + + if (authmgrIntfIsConfigurable(intIfNum, &pCfg) != TRUE) + return FAILURE; + + (void)osapiReadLockTake(authmgrCB->authmgrCfgRWLock, WAIT_FOREVER); + portControl = pCfg->portControlMode; + (void)osapiReadLockGive(authmgrCB->authmgrCfgRWLock); + + if ( AUTHMGR_PORT_AUTO != portControl) + { + return FAILURE; + } + + memset(debugInfo, 0, sizeof(*debugInfo)); + + authmgrLogicalPortInfoTakeLock (); + + if ((logicalPortInfo = authmgrLogicalPortInfoGetNextNode (intIfNum, + lIntIfNum)) != NULLPTR) + { + debugInfo->key = logicalPortInfo->key; + memcpy(&debugInfo->client, &logicalPortInfo->client, sizeof(debugInfo->client)); + memcpy(&debugInfo->protocol, &logicalPortInfo->protocol, sizeof(debugInfo->protocol)); + } + else + { + rc = FAILURE; + } + + authmgrLogicalPortInfoGiveLock (); + return rc; +} + +/********************************************************************* +* @purpose Display the status info for the specified port +* +* @param lIntIfNum @b{(input)) Logical internal interface number +* +* @returns void +* +* @comments devshell command +* +* @end +*********************************************************************/ +void authmgrDebugLogicalPortInfoShow (uint32 intIfNum, uint32 lIntIfNum) +{ + authmgrLogicalPortInfo_t *logicalPortInfo; + uint32 physPort = 0, lPort = 0, type = 0; + BOOL all = FALSE; + + if (lIntIfNum == 0) + { + all = TRUE; + logicalPortInfo = authmgrLogicalPortInfoFirstGet (intIfNum, &lIntIfNum); + } + else + { + authmgrLogicalPortInfoTakeLock (); + logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum); + } + + if (logicalPortInfo == NULLPTR) + { + if (all == FALSE) + { + authmgrLogicalPortInfoGiveLock (); + } + printf ("Cannot get logical port info for this log interface %d \n", + lIntIfNum); + return; + } + + AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum); + + if (authmgrIsValidIntf (physPort) != TRUE) + { + SYSAPI_PRINTF ( + "intIfNum is not a valid authmgr interface(%d)\r\n", + physPort); + if (all == FALSE) + { + authmgrLogicalPortInfoGiveLock (); + } + return; + } + + if (intIfNum != physPort) + { + sysapiPrintf ("Error! LogicalPort[%d] not belongs to Port[%d] \n\r", + logicalPortInfo->key.keyNum, intIfNum); + if (all == FALSE) + { + authmgrLogicalPortInfoGiveLock (); + } + return; + } + + SYSAPI_PRINTF ( + "Port Control Mode = %s\n\n\r", + (authmgrCB->globalInfo->authmgrPortInfo[intIfNum]. + portControlMode == + AUTHMGR_PORT_AUTO) ? "Auto" : "non-auto Based"); + + SYSAPI_PRINTF ( + "host Mode = %s\n\n\r", + authmgrHostModeStringGet (authmgrCB->globalInfo-> + authmgrPortInfo[intIfNum].hostMode)); + while (lIntIfNum != 0) + { + if (all == FALSE) + { + authmgrLogicalPortInfoGiveLock (); + } + + authmgrDebugPortMacInfoShow (lIntIfNum); + + if (all == TRUE) + { + logicalPortInfo = + authmgrLogicalPortInfoGetNextNode (intIfNum, &lIntIfNum); + if (logicalPortInfo == NULLPTR) + { + lIntIfNum = 0; + } + } + else + { + lIntIfNum = 0; + } + } /*While */ +} + +/********************************************************************* +* @purpose get the hostmode string from hostmode +* +* @param hostMode -- auth mgr host modes +* @return hostmode string +* +* @comments +* +* @end +*********************************************************************/ +char *authmgrHostModeStringGet ( AUTHMGR_HOST_CONTROL_t hostMode) +{ + switch (hostMode) + { + case AUTHMGR_SINGLE_AUTH_MODE: + return "AUTHMGR_SINGLE_AUTH_MODE"; + case AUTHMGR_MULTI_HOST_MODE: + return "AUTHMGR_MULTI_HOST_MODE"; + case AUTHMGR_MULTI_AUTH_MODE: + return "AUTHMGR_MULTI_AUTH_MODE"; + default: + return "Unknown host mode"; + } +} + +/********************************************************************* +* @purpose get the auth mgr port status string +* +* @param status -- auth mgr port status +* @return port status string +* +* @comments +* +* @end +*********************************************************************/ +char *authmgrAuthStatusStringGet ( AUTHMGR_PORT_STATUS_t status) +{ + switch (status) + { + case AUTHMGR_PORT_STATUS_AUTHORIZED: + return " AUTHMGR_PORT_STATUS_AUTHORIZED"; + case AUTHMGR_PORT_STATUS_UNAUTHORIZED: + return " AUTHMGR_PORT_STATUS_UNAUTHORIZED"; + case AUTHMGR_PORT_STATUS_NA: + return " AUTHMGR_PORT_STATUS_NA"; + default: + return "Unknown status"; + } +} + +/********************************************************************* +* @purpose get the client allocated node type string +* +* @param type client allocation node type +* @return node type string +* +* @comments +* +* @end +*********************************************************************/ +char *authmgrNodeTypeStringGet (authmgrNodeType_t type) +{ + switch (type) + { + case AUTHMGR_PHYSICAL: + return "AUTHMGR_PHYSICAL"; + case AUTHMGR_LOGICAL: + return "AUTHMGR_LOGICAL"; + default: + return "Undefined"; + } +} + +/********************************************************************* +* @purpose get the timer type string +* +* @param type -- auth mgr timer type +* @return timer type string +* +* @comments +* +* @end +*********************************************************************/ +char *authmgrTimerTypeStringGet (authmgrTimerType_t type) +{ + switch (type) + { + case AUTHMGR_QWHILE: + return "AUTHMGR_QWHILE"; + case AUTHMGR_REAUTH_WHEN: + return "AUTHMGR_REAUTH_WHEN"; + case AUTHMGR_METHOD_NO_RESP_TMR: + return "AUTHMGR_METHOD_NO_RESP_TMR"; + default: + return "Undefined"; + } +} + +/********************************************************************* +* @purpose get the vlan type string +* +* @param type -- vlan type +* @return vlan string +* +* @comments +* +* @end +*********************************************************************/ +char *authmgrVlanTypeStringGet (authmgrVlanType_t type) +{ + switch (type) + { + case AUTHMGR_VLAN_RADIUS: + return "RADIUS"; + case AUTHMGR_VLAN_BLOCKED: + return "BLOCKED"; + default: + return "Undefined"; + } +} + +/********************************************************************* +* @purpose get the client type string +* +* @param type -- auth mgr client type +* @return client type string +* +* @comments +* +* @end +*********************************************************************/ +char *authmgrClientTypeStringGet (authmgrClientType_t type) +{ + switch (type) + { + case AUTHMGR_CLIENT_AWARE: + return "AUTHMGR_CLIENT_AWARE"; + case AUTHMGR_CLIENT_UNAWARE: + return "AUTHMGR_CLIENT_UNAWARE"; + case AUTHMGR_CLIENT_MAB: + return "AUTHMGR_CLIENT_MAB"; + default: + return "Undefined"; + } +} + +/********************************************************************* +* @purpose get the authentication manager state string +* +* @param state authentication manager SM state +* @return state string +* +* @comments +* +* @end +*********************************************************************/ +char *authmgrAuthStateStringGet (AUTHMGR_STATES_t state) +{ + switch (state) + { + case AUTHMGR_INITIALIZE: + return "AUTHMGR_INITIALIZE"; + case AUTHMGR_AUTHENTICATING: + return "AUTHMGR_AUTHENTICATING"; + case AUTHMGR_AUTHENTICATED: + return "AUTHMGR_AUTHENTICATED"; + case AUTHMGR_UNAUTHENTICATED: + return "AUTHMGR_UNAUTHENTICATED"; + case AUTHMGR_HELD: + return "AUTHMGR_HELD"; + default: + return "Undefined"; + } +} + +/********************************************************************* +* @purpose get the authentication method string +* +* @param method -- authentication method +* @return method string +* +* @comments +* +* @end +*********************************************************************/ +char *authmgrMethodStringGet ( AUTHMGR_METHOD_t method) +{ + switch (method) + { + case AUTHMGR_METHOD_NONE: + return " AUTHMGR_METHOD_NONE"; + case AUTHMGR_METHOD_8021X: + return " AUTHMGR_METHOD_8021X"; + case AUTHMGR_METHOD_MAB: + return " AUTHMGR_METHOD_MAB"; + default: + return "Undefined"; + } +} + +/********************************************************************* +* @purpose get the client auth response event string +* +* @param status client response event +* @return event string +* +* @comments +* +* @end +*********************************************************************/ +char *authmgrMethodStatusStringGet ( AUTHMGR_STATUS_t status) +{ + switch (status) + { + case AUTHMGR_NEW_CLIENT: + return " AUTHMGR_NEW_CLIENT"; + case AUTHMGR_AUTH_FAIL: + return " AUTHMGR_AUTH_FAIL"; + case AUTHMGR_AUTH_SUCCESS: + return " AUTHMGR_AUTH_SUCCESS"; + case AUTHMGR_AUTH_TIMEOUT: + return " AUTHMGR_AUTH_TIMEOUT"; + case AUTHMGR_AUTH_SERVER_COMM_FAILURE: + return " AUTHMGR_AUTH_SERVER_COMM_FAILURE"; + case AUTHMGR_METHOD_CHANGE: + return " AUTHMGR_METHOD_CHANGE"; + case AUTHMGR_CLIENT_DISCONNECTED: + return " AUTHMGR_CLIENT_DISCONNECTED"; + default: + return "Undefined"; + } +} + +/********************************************************************* +* @purpose get the state machine event string +* +* @param event authmgr state machine event +* @return state machine event string +* +* @comments +* +* @end +*********************************************************************/ +char *authmgrSmEventStringGet (authmgrSmEvents_t event) +{ + switch (event) + { + case authmgrInitialize: + return "authmgrInitialize"; + case authmgrStartAuthenticate: + return "authmgrStartAuthenticate"; + case authmgrAuthSuccess: + return "authmgrAuthSuccess"; + case authmgrNotAuthSuccessNoNextMethod: + return "authmgrNotAuthSuccessNoNextMethod"; + case authmgrNotAuthSuccessNextMethod: + return "authmgrNotAuthSuccessNextMethod"; + case authmgrHeldTimerEqualsZero: + return "authmgrHeldTimerEqualsZero"; + case authmgrStopAuthenticate: + return "authmgrStopAuthenticate"; + case authmgrHigherAuthMethodAdded: + return "authmgrHigherAuthMethodAdded"; + case authmgrReauthenticate: + return "authmgrReauthenticate"; + case authmgrAuthFail: + return "authmgrAuthFail"; + case authmgrAuthenticatedRxEapolStart: + return "authenticatedRcvdEapolStart"; + case authmgrAbortAndRestartAuth: + return "authmgrAbortAndRestartAuth"; + default: + return "Undefined"; + } +} + +/********************************************************************* +* @purpose get the authentication list type string +* +* @param status list type +* @return string for the list type +* +* @comments +* +* @end +*********************************************************************/ +char *authmgrListTypeStringGet ( AUTHMGR_METHOD_TYPE_t status) +{ + switch (status) + { + case AUTHMGR_TYPE_ORDER: + return "Order"; + case AUTHMGR_TYPE_PRIORITY: + return "Priority"; + default: + return "Undefined"; + } +} + +/********************************************************************* +* @purpose get the authentication Back end method string +* +* @param authMethod BAM method +* @return method string +* +* @comments +* +* @end +*********************************************************************/ +char *authmgrAuthMethodStringGet (uint32 authMethod) +{ + switch (authMethod) + { + case AUTH_METHOD_UNDEFINED: + return " AUTH_METHOD_UNDEFINED"; + case AUTH_METHOD_RADIUS: + return " AUTH_METHOD_RADIUS"; + case AUTH_METHOD_LOCAL: + return " AUTH_METHOD_LOCAL"; + case AUTH_METHOD_REJECT: + return " AUTH_METHOD_REJECT"; + default: + return "Unknown"; + } +} + +/********************************************************************* +* @purpose function to print the supp mac address +* +* @param suppMacAddr -- mac address +* +* @comments +* +* @end +*********************************************************************/ +void authmgrSuppMacStringGet ( enetMacAddr_t * suppMacAddr) +{ + uchar8 buf[32]; + + memset (buf, 0, sizeof (buf)); + osapiSnprintf (( char8 *) buf, sizeof (buf), + "%02X:%02X:%02X:%02X:%02X:%02X", suppMacAddr->addr[0], + suppMacAddr->addr[1], suppMacAddr->addr[2], + suppMacAddr->addr[3], suppMacAddr->addr[4], + suppMacAddr->addr[5]); + sysapiPrintf ("%s\n", buf); +} + +/********************************************************************* +* @purpose debug function to dump attr info +* +* @param attrInfo -- received client attr info +* +* @comments +* +* @end +*********************************************************************/ +void authmgrAttrInfoDump (authmgrAuthAttributeInfo_t * attrInfo) +{ + if ( NULLPTR == attrInfo) + { + return; + } + + sysapiPrintf ("serverState = %s\n", attrInfo->serverState); + sysapiPrintf ("serverStateLen = %u\n", attrInfo->serverStateLen); + + sysapiPrintf ("serverClass = %s\n", attrInfo->serverClass); + sysapiPrintf ("serverClassLen = %u\n", attrInfo->serverClassLen); + sysapiPrintf ("sessionTimeout = %u\n", attrInfo->sessionTimeout); + sysapiPrintf ("terminationAction = %u\n", attrInfo->terminationAction); + sysapiPrintf ("accessLevel = %u\n", attrInfo->accessLevel); + sysapiPrintf ("idFromServer = %u\n", attrInfo->idFromServer); + sysapiPrintf ("vlanString = %s\n", attrInfo->vlanString); + sysapiPrintf ("vlanId = %u\n", attrInfo->vlanId); +} + +/********************************************************************* +* @purpose debug function to dump client info +* +* @param info -- client info of the logical port +* +* @comments +* +* @end +*********************************************************************/ +void authmgrLogicalPortClientInfoDump (authmgrClientInfo_t * info) +{ + uint32 i = 0; + + if ( NULLPTR == info) + { + return; + } + sysapiPrintf ("clientType = %s\n", + authmgrClientTypeStringGet (info->clientType)); + sysapiPrintf ("retryCount = %u\n", info->retryCount); + sysapiPrintf ("reAuthCount = %u\n", info->reAuthCount); + sysapiPrintf ("reAuthenticate = %u\n", info->reAuthenticate); + sysapiPrintf ("currentMethod = %s\n", + authmgrMethodStringGet (info->currentMethod)); + sysapiPrintf ("authenticatedMethod = %s\n", + authmgrMethodStringGet (info->authenticatedMethod)); + sysapiPrintf ("Executed Methods \n"); + + for (i = 0; i < AUTHMGR_METHOD_LAST; i++) + { + sysapiPrintf ("%s \n", authmgrMethodStringGet (info->executedMethod[i])); + } + sysapiPrintf ("\n"); + sysapiPrintf ("logicalPortStatus = %s\n", + authmgrAuthStatusStringGet (info->logicalPortStatus)); + sysapiPrintf ("authmgrUserName = %s\n", info->authmgrUserName); + sysapiPrintf ("authmgrUserNameLength = %u\n", info->authmgrUserNameLength); + sysapiPrintf ("currentIdL = %u\n", info->currentIdL); + sysapiPrintf ("supp mac addr "); + authmgrSuppMacStringGet (&info->suppMacAddr); + sysapiPrintf ("\n"); + sysapiPrintf ("vlanType = %s\n", authmgrVlanTypeStringGet (info->vlanType)); + sysapiPrintf ("vlanId = %u\n", (info->vlanId)); + sysapiPrintf ("blockvlanId = %u\n", (info->blockVlanId)); + + sysapiPrintf ("suppRestarting = %u\n", (info->suppRestarting)); + sysapiPrintf ("authMethod = %s\n", + authmgrAuthMethodStringGet (info->authMethod)); + sysapiPrintf ("sessionTime = %u\n", (info->sessionTime)); + sysapiPrintf ("clientTimeout = %u\n", (info->clientTimeout)); + sysapiPrintf ("sessionTimeout = %u\n", (info->sessionTimeout)); + sysapiPrintf ("terminationAction = %u\n", (info->terminationAction)); + sysapiPrintf ("\n"); +} + +/********************************************************************* +* @purpose function to get port from the key +* +* @param intIfNum -- interface number +* @param lIntIfNum -- key +* @return SUCCCESS +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrLportPortGet (uint32 * intIfNum, uint32 * lIntIfNum) +{ + AUTHMGR_IF_NULLPTR_RETURN_LOG (intIfNum); + AUTHMGR_IF_NULLPTR_RETURN_LOG (lIntIfNum); + AUTHMGR_PORT_GET (*intIfNum, *lIntIfNum); + return SUCCESS; +} + +/********************************************************************* +* @purpose debug function for auth count +* +* @param intIfNum -- interface number +* @param flag -- TRUE incerment/ FALSE -- decrement +* +* @comments +* +* @end +*********************************************************************/ +void authmgrAuthCountTest (uint32 intIfNum, BOOL flag) +{ + sysapiPrintf ("IntIf Num = %u, authCount %u \n", intIfNum, + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount); + if (flag) + { + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount++; + } + else + { + if (0 != authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount) + { + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount--; + } + } +} + +/********************************************************************* +* @purpose debug function to print User count on an interface +* +* @param intfIfNum +* +* +* @comments +* +* @end +*********************************************************************/ +void authmgrUserCountDump(uint32 intIfNum) +{ + sysapiPrintf ("Number of current users = %d\n\r", authmgrCB->globalInfo->authmgrPortInfo[intIfNum].numUsers); + sysapiPrintf ("Max users allowed = %d\n\r", authmgrCB->globalInfo->authmgrPortInfo[intIfNum].maxUsers); + return; +} + diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_dot1x.c b/src/sonic-pac/authmgr/mapping/auth_mgr_dot1x.c new file mode 100644 index 000000000000..13831934c079 --- /dev/null +++ b/src/sonic-pac/authmgr/mapping/auth_mgr_dot1x.c @@ -0,0 +1,200 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#include "auth_mgr_include.h" +#include "auth_mgr_auth_method.h" +#include "auth_mgr_struct.h" +#include "fpSonicUtils.h" + +extern authmgrCB_t *authmgrCB; + +static authmgrMethodEvent_t authmgrMethodEventTbl[] = { + {authmgrClientReAuthenticate, "EAPOL_REAUTH"}, + {authmgrClientAuthStart, "NEW_STA"}, + {authmgrClientDisconnect, "DEAUTHENTICATE"} +}; + +/********************************************************************* +* @purpose function to send auth mgr events to dot1x daemon +* +* @param intIfNum interface number +* @param event authmgr event +* @param macAddr client mac +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrDot1xEventSend (uint32 intIfNum, uint32 event, enetMacAddr_t *macAddr) +{ + size_t len = 0; + char8 ctrl_ifname[16] = {}; + char8 buf[1024] = {}; + char8 reply[1024] = {}; + + fpGetHostIntfName(intIfNum, ctrl_ifname); + + snprintf(buf, sizeof(buf), "%s %02X:%02X:%02X:%02X:%02X:%02X", authmgrMethodEventTbl[event-1].eventStr, + macAddr->addr[0], macAddr->addr[1], macAddr->addr[2], macAddr->addr[3], + macAddr->addr[4], macAddr->addr[5]); + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "authmgrDot1xEventSend sending %s on %s\n", buf, ctrl_ifname); + + memset(&reply, 0, sizeof(reply)); + + if (0 == wpa_sync_send(ctrl_ifname, buf, reply, &len)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s:%d reply = %s on %s\n", __func__, __LINE__, reply, ctrl_ifname); + + if (0 == strncmp("OK", reply, strlen("OK"))) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s:%d success iface %s\n", __func__, __LINE__, ctrl_ifname); + return SUCCESS; + } + else + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s:%d failure iface %s\n", __func__, __LINE__, ctrl_ifname); + } + } + + return FAILURE; +} + +/********************************************************************* +* @purpose function to get dot1x admin mode +* +* @param intIfNum interface number +* @param event authmgr event +* @param macAddr client mac +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrDot1xIntfAdminModeGet (uint32 intIfNum, BOOL *enabled) +{ + size_t len = 0; + char8 ctrl_ifname[16] = {}; + char8 buf[128] = {}; + + *enabled = FALSE; + + fpGetHostIntfName(intIfNum, ctrl_ifname); + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "sending PING on %s\n", ctrl_ifname); + + if (0 == wpa_sync_send(ctrl_ifname, "PING", buf, &len)) + { + if (0 == strncmp("PONG", buf, strlen("PONG"))) + { + *enabled = TRUE; + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "Received PONG on %s\n", ctrl_ifname); + } + } + else + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "wpa_sync_send not successful on %s\n", ctrl_ifname); + } + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "received buf = %s on %s \n", buf, ctrl_ifname); + return SUCCESS; +} + +/********************************************************************* +* @purpose function to set port control mode of the dot1x daemon +* +* @param intIfNum interface number +* @param event authmgr event +* @return SUCCESS or FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrDot1xIntfPortControlModeSet (uint32 intIfNum, AUTHMGR_PORT_CONTROL_t portControl) +{ +#define PORT_CNTRL_MODE_SET_STR "EAPOL_SET AdminControlledPortControl" + size_t len = 0; + char8 ctrl_ifname[16] = {}; + char8 buf[128] = {}; + char8 cmd[128] = {}; + + switch (portControl) + { + case AUTHMGR_PORT_AUTO: + snprintf(cmd, sizeof(cmd), "%s %s", PORT_CNTRL_MODE_SET_STR, "Auto"); + break; + case AUTHMGR_PORT_FORCE_AUTHORIZED: + snprintf(cmd, sizeof(cmd), "%s %s", PORT_CNTRL_MODE_SET_STR, "ForceAuthorized"); + break; + case AUTHMGR_PORT_FORCE_UNAUTHORIZED: + snprintf(cmd, sizeof(cmd), "%s %s", PORT_CNTRL_MODE_SET_STR, "ForceUnAuthorized"); + break; + default: + printf("invalid mode..\n"); + return FAILURE; + + } + + fpGetHostIntfName(intIfNum, ctrl_ifname); + + if (0 == wpa_sync_send(ctrl_ifname, cmd, buf, &len)) + { + if (0 == strncmp("OK", buf, strlen("OK"))) + { + printf("successfull\n"); + } + } + else + { + printf("wpa_sync_send not successful\n"); + } + + printf("buf = %s\n", buf); + return SUCCESS; +} + +/********************************************************************* +* @purpose Get the port's dot1x capabilities (Supplicant and/or Authenticator) +* +* @param intIfNum @b{(input)} internal interface number +* @param *capabilities @b{(output)} dot1x capabilities bitmask +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrDot1xPortPaeCapabilitiesGet (uint32 intIfNum, + uchar8 * capabilities) +{ + *capabilities = authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities; + return SUCCESS; +} + diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_ih.c b/src/sonic-pac/authmgr/mapping/auth_mgr_ih.c new file mode 100755 index 000000000000..f22d2fe61a66 --- /dev/null +++ b/src/sonic-pac/authmgr/mapping/auth_mgr_ih.c @@ -0,0 +1,754 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "auth_mgr_include.h" +#include "auth_mgr_client.h" +#include "auth_mgr_struct.h" +#include "pac_cfg_authmgr.h" + +extern authmgrCB_t *authmgrCB; + +extern authmgrCnfgrState_t authmgrCnfgrState; + +/********************************************************************* +* @purpose Handles events generated by NIM +* +* @param intIfNum @b{(input)) internal interface number +* @param intfEvent @b{(input)) interface event +* @param correlator @b{(input)) Correlator for the event +* @param eventData @b((input)) Additional event specific data +* +* @returns SUCCESS on a successful operation +* @returns FAILURE for any error +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrIntfChangeCallback (uint32 intIfNum, uint32 intfEvent, + NIM_CORRELATOR_t correlator, + NIM_EVENT_SPECIFIC_DATA_t eventData) +{ + authmgrIntfChangeParms_t parms; + + parms.intfEvent = intfEvent; + parms.nimCorrelator = correlator; + + return authmgrIssueCmd (authmgrIntfChange, intIfNum, &parms); +} + +/********************************************************************* +* @purpose Handles startup notification from NIM +* +* @param startupPhase @b{(input)) startupPhase +* +* @returns SUCCESS on a successful operation +* @returns FAILURE for any error +* +* @comments +* +* @end +*********************************************************************/ +void authmgrIntfStartupCallback (NIM_STARTUP_PHASE_t startupPhase) +{ + + /* hold NIM till authmgr is ready */ + while (!(AUTHMGR_IS_READY)) + { + LOGF ( LOG_SEVERITY_ERROR, + "Received an interface startup callback while AUTHMGR is not ready(startup phase=%d). waiting..", + startupPhase); + osapiSleep(1); + } + authmgrIssueCmd (authmgrIntfStartup, NULL, &startupPhase); +} + +/********************************************************************* +* @purpose Process NIM startup callback +* +* @param startupPhase @b{(input)) CREATE or ACTIVATE +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrIhProcessIntfStartup (NIM_STARTUP_PHASE_t startup_phase) +{ + RC_t rc; + uint32 intIfNum = 0; + PORTEVENT_MASK_t nimEventMask; + uint32 startTime, endTime; + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, 0, + "%s:%d Received event %d from NIM \n", + __FUNCTION__, __LINE__, startup_phase); + + startTime = osapiTimeMillisecondsGet (); + switch (startup_phase) + { + case NIM_INTERFACE_CREATE_STARTUP: + rc = nimFirstValidIntfNumber (&intIfNum); + + while (rc == SUCCESS) + { + if (authmgrIsValidIntf (intIfNum) == TRUE) + { + if (authmgrIntfCreate (intIfNum) != SUCCESS) + { + LOGF ( LOG_SEVERITY_ERROR, + "Error in creating interface %s.", authmgrIntfIfNameGet(intIfNum)); + } + } + rc = nimNextValidIntfNumber (intIfNum, &intIfNum); + } + + + /* Now ask NIM to send any future changes for these event types */ + memset (&nimEventMask, 0, sizeof (PORTEVENT_MASK_t)); + PORTEVENT_SETMASKBIT (nimEventMask, CREATE); + PORTEVENT_SETMASKBIT (nimEventMask, DELETE); + nimRegisterIntfEvents ( AUTHMGR_COMPONENT_ID, nimEventMask); + break; + + case NIM_INTERFACE_ACTIVATE_STARTUP: + + rc = authmgrIntfActivateStartup (); + + /* Now ask NIM to send any future changes for these event types */ + memset (&nimEventMask, 0, sizeof (PORTEVENT_MASK_t)); + PORTEVENT_SETMASKBIT (nimEventMask, CREATE); + PORTEVENT_SETMASKBIT (nimEventMask, DELETE); + PORTEVENT_SETMASKBIT (nimEventMask, ATTACH); + PORTEVENT_SETMASKBIT (nimEventMask, DETACH); + PORTEVENT_SETMASKBIT (nimEventMask, PORT_ENABLE); + PORTEVENT_SETMASKBIT (nimEventMask, PORT_DISABLE); + PORTEVENT_SETMASKBIT (nimEventMask, UP); + PORTEVENT_SETMASKBIT (nimEventMask, DOWN); + PORTEVENT_SETMASKBIT (nimEventMask, AUTHMGR_ACQUIRE); + nimRegisterIntfEvents ( AUTHMGR_COMPONENT_ID, nimEventMask); + + (void) osapiTaskInitDone ( AUTHMGR_DB_TASK_SYNC); + + break; + + default: + break; + } + + endTime = osapiTimeMillisecondsGet (); + + nimStartupEventDone ( AUTHMGR_COMPONENT_ID); + + return SUCCESS; +} + +/********************************************************************* +* @purpose Process Link state changes +* +* @param intIfNum @b{(input)) internal interface number +* @param intIfEvent @b{(input)) interface event +* @param correlator @b{(input)) correlator +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrIhProcessIntfChange (uint32 intIfNum, uint32 intfEvent, + NIM_CORRELATOR_t correlator) +{ + uint32 linkState, adminState; + RC_t rc = SUCCESS; + NIM_EVENT_COMPLETE_INFO_t status; + authmgrPortCfg_t *pCfg; + uint32 lIntIfNum; + authmgrLogicalPortInfo_t *logicalPortInfo; + BOOL portEnabled = FALSE; + + status.intIfNum = intIfNum; + status.component = AUTHMGR_COMPONENT_ID; + status.event = intfEvent; + status.correlator = correlator; + + if (!(AUTHMGR_IS_READY)) + { + LOGF ( LOG_SEVERITY_INFO, + "Received an interface change callback while AUTHMGR not ready to receive it."); + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, intIfNum, + "%s:%d Nim Event %d received for %s when authmgr is not ready \n", + __FUNCTION__, __LINE__, intfEvent, authmgrIntfIfNameGet(intIfNum)); + rc = FAILURE; + status.response.rc = rc; + nimEventStatusCallback (status); + return rc; + } + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s:%d Nim Event %d received for %s \n", __FUNCTION__, + __LINE__, intfEvent, authmgrIntfIfNameGet(intIfNum)); + + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + rc = SUCCESS; + status.response.rc = rc; + nimEventStatusCallback (status); + return rc; + } + + switch (intfEvent) + { + case UP: + case PORT_ENABLE: + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) == TRUE) + { + portEnabled = FALSE; + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled = FALSE; + if (nimGetIntfLinkState (intIfNum, &linkState) == SUCCESS) + { + if ((nimGetIntfAdminState (intIfNum, &adminState) == SUCCESS) && + (adminState == ENABLE) && + (nimGetIntfLinkState (intIfNum, &linkState) == SUCCESS) && + (linkState == UP)) + { + portEnabled = TRUE; + } + } + + if ( DOT1X_PAE_PORT_AUTH_CAPABLE != pCfg->paeCapabilities) + { + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled = portEnabled; + if ( TRUE == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled) + { + authmgrPhysicalPortStatusOpenSet(intIfNum); + } + else + { + authmgrPhysicalPortStatusBlockSet(intIfNum); + } + } + else + { + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities == + DOT1X_PAE_PORT_AUTH_CAPABLE) + { + if (( TRUE == portEnabled) && + (portEnabled != authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled)) + { + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled = TRUE; + + /* Cleanup any existing clients on the port before reset */ + authmgrPortInfoCleanup (intIfNum); + (void) authmgrPortReset (intIfNum); + (void) authmgrCtlApplyPortConfigData (intIfNum); + } + } + } + } + break; + + case DOWN: + case PORT_DISABLE: + if ( TRUE == authmgrIntfIsConfigurable (intIfNum, &pCfg)) + { + if ( DOT1X_PAE_PORT_AUTH_CAPABLE != pCfg->paeCapabilities) + { + authmgrPhysicalPortStatusBlockSet(intIfNum); + } + else + { + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled == + TRUE) + { + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled = FALSE; + + lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE; + while ((logicalPortInfo = + authmgrLogicalPortInfoGetNextNode (intIfNum, + &lIntIfNum)) != NULLPTR) + { + if (0 == logicalPortInfo->key.keyNum) + { + continue; + } + } + + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode == + AUTHMGR_PORT_AUTO) + { + authmgrPortInfoCleanup (intIfNum); + } + } + authmgrPhysicalPortStatusBlockSet(intIfNum); + } + } + break; + + case CREATE: + rc = authmgrIntfCreate (intIfNum); + break; + + case ATTACH: + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) == TRUE) + { + if ( DOT1X_PAE_PORT_AUTH_CAPABLE != pCfg->paeCapabilities) + { + /*authmgrPhysicalPortStatusOpenSet(intIfNum); */ + } + else + { + (void) authmgrPortReset (intIfNum); + /*rc = authmgrCtlApplyPortConfigData(intIfNum); */ + } + } + else + { + rc = FAILURE; + } + break; + + case DETACH: + rc = authmgrIntfDetach (intIfNum); + break; + + case DELETE: + rc = authmgrIntfDelete (intIfNum); + break; + + default: + break; + } + + status.response.rc = rc; + nimEventStatusCallback (status); + + return rc; +} + +/********************************************************************* +* @purpose bring up the individual interface +* +* @param intIfNum -- interface number +* @param warmRestart BOOL true if restart type is warm +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments Handle the events ATTACH, UP, Acquire etc +* +* @end +*********************************************************************/ +RC_t authmgrIntfStart (uint32 intIfNum, BOOL warmRestart) +{ + authmgrPortCfg_t *pCfg; + RC_t rc = FAILURE; + uint32 portLinkState; + uint32 adminState, count = 0; + BOOL restore = FALSE; + BOOL needCleanup = TRUE, skipFlag = FALSE; + + do + { + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE) + { + return rc; + } + + if ( DOT1X_PAE_PORT_AUTH_CAPABLE != pCfg->paeCapabilities) + { + authmgrPhysicalPortAccessSet(intIfNum); + return SUCCESS; + } + + /* Link state */ + rc = nimGetIntfLinkState (intIfNum, &portLinkState); + if (rc != SUCCESS) + { + break; + } + rc = nimGetIntfAdminState (intIfNum, &adminState); + if (rc != SUCCESS) + { + break; + } + + if (( TRUE != warmRestart) || + (0 == count)) + { + (void) authmgrPortReset (intIfNum); + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities == + DOT1X_PAE_PORT_AUTH_CAPABLE) + { + rc = authmgrCtlApplyPortConfigData (intIfNum); + } + else + { + rc = SUCCESS; + } + } + + + if ((portLinkState == UP) && + ( ENABLE == adminState)) + { + if ((warmRestart == TRUE) && (restore) && (skipFlag == TRUE) && + (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode == + AUTHMGR_PORT_AUTO)) + { + count = 0; + if (0 != count) + { + needCleanup = FALSE; + } + } + } /* end if link state is up */ + } + + while ( FALSE); + + if ((0 == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount) && + (portLinkState == DOWN)) + { + authmgrPhysicalPortStatusBlockSet(intIfNum); + } + return rc; +} + +/********************************************************************* +* @purpose Process the activate startup callback from NIM +* +* @param -- none +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrIntfActivateStartup () +{ + RC_t rc; + uint32 intIfNum = 0; + + rc = nimFirstValidIntfNumber (&intIfNum); + + while (rc == SUCCESS) + { + if (authmgrIsValidIntf (intIfNum) == TRUE) + { + authmgrIntfStart (intIfNum, FALSE); + } + + rc = nimNextValidIntfNumber (intIfNum, &intIfNum); + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose Make sure this is a valid interface for authmgr +* +* @param intIfNum @b{(input)) internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrIhIntfValidate (uint32 intIfNum) +{ + /* Check for valid interface number */ + if (nimCheckIfNumber (intIfNum) != SUCCESS) + { + return FAILURE; + } + + /* Check for physical interface interface */ + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + return SUCCESS; +} + +/********************************************************************* +* @purpose Obtain a pointer to the specified interface configuration data +* for this interface +* +* @param intIfNum @b{(input)} Internal Interface Number +* @param **pCfg @b{(output)} Ptr to authmgr port config structure +* or NULL if not needed +* +* @returns TRUE +* @returns FALSE +* +* +* @comments Facilitates pre-configuration, as it checks if the NIM +* interface exists and whether the component is in a state to +* be configured (regardless of whether the component is enabled +* or not). +* +* @comments The caller can set the pCfg parm to NULL if it does not +* want the value output from this function. +* +* @end +*********************************************************************/ + BOOL authmgrIntfIsConfigurable (uint32 intIfNum, authmgrPortCfg_t ** pCfg) +{ + nimConfigID_t configId; + + if (!(AUTHMGR_IS_READY)) + { + return FALSE; + } + + /* Check boundary conditions */ + if (intIfNum <= 0 || intIfNum >= AUTHMGR_INTF_MAX_COUNT) + { + return FALSE; + } + + /* verify that the configId in the config data table entry matches the + configId that NIM maps to + ** the intIfNum we are considering + */ + if (nimConfigIdGet (intIfNum, &configId) == SUCCESS) + { + if (NIM_CONFIG_ID_IS_EQUAL + (&configId, + &(authmgrCB->globalInfo->authmgrCfg->authmgrPortCfg[intIfNum]. + configId)) == TRUE) + { + *pCfg = &authmgrCB->globalInfo->authmgrCfg->authmgrPortCfg[intIfNum]; + return TRUE; + } + } + + /* if we get here, either we have a table management error between authmgrCfg + and authmgrMapTbl or + ** there is synchronization issue between NIM and components w.r.t. interface + **creation/deletion + */ + LOGF ( LOG_SEVERITY_INFO, + "Error accessing AUTHMGR config data for interface %s in AUTHMGR interface configuration.\n", + authmgrIntfIfNameGet(intIfNum)); + return FALSE; +} + +/********************************************************************* +* @purpose Obtain a pointer to the first free interface config struct +* +* @param intIfNum @b{(input)} Internal Interface Number +* @param **pCfg @b{(output)} Ptr to authmgr port config structure +* or NULL if not needed +* +* @returns TRUE +* @returns FALSE +* +* +* @comments Facilitates pre-configuration, as it checks if the NIM +* interface exists and whether the component is in a state to +* be configured (regardless of whether the component is enabled +* or not). +* +* @end +*********************************************************************/ + BOOL authmgrIntfConfigEntryGet (uint32 intIfNum, authmgrPortCfg_t ** pCfg) +{ + uint32 i; + nimConfigID_t configId; + nimConfigID_t configIdNull; + RC_t rc; + + memset (&configIdNull, 0, sizeof (nimConfigID_t)); + + if (!(AUTHMGR_IS_READY)) + { + return FALSE; + } + + if ((rc = nimConfigIdGet (intIfNum, &configId)) == SUCCESS) + { + for (i = 1; i < AUTHMGR_INTF_MAX_COUNT; i++) + { + if (NIM_CONFIG_ID_IS_EQUAL + (&authmgrCB->globalInfo->authmgrCfg->authmgrPortCfg[i].configId, + &configIdNull)) + { + authmgrCB->globalInfo->authmgrMapTbl[intIfNum] = i; + *pCfg = &authmgrCB->globalInfo->authmgrCfg->authmgrPortCfg[i]; + return TRUE; + } + } + } + + return FALSE; +} + +/********************************************************************* +* +* @purpose To process the Callback for CREATE +* +* @param uint32 intIfNum internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments none +* +* @end +* +*********************************************************************/ +RC_t authmgrIntfCreate (uint32 intIfNum) +{ + nimConfigID_t configId; + authmgrPortCfg_t *pCfg; + + if (authmgrIsValidIntf (intIfNum) != TRUE) + { + return FAILURE; + } + + if (nimConfigIdGet (intIfNum, &configId) != SUCCESS) + { + return FAILURE; + } + + pCfg = &authmgrCB->globalInfo->authmgrCfg->authmgrPortCfg[intIfNum]; + + if (!(NIM_CONFIG_ID_IS_EQUAL (&configId, &pCfg->configId))) + { + NIM_CONFIG_ID_COPY (&pCfg->configId, &configId); + /* If an interface configuration entry is not already assigned to the + interface, assign one */ + /* Update the configuration structure with the config id */ + authmgrBuildDefaultIntfConfigData (&configId, pCfg); + } + + /* Initialize the port info and clear the stats for this interface */ + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].nimStatus = + AUTHMGR_PORT_STATUS_NA; + (void) authmgrCtlPortStatsClear (intIfNum); + + return SUCCESS; +} + +/********************************************************************* +* +* @purpose To process the Callback for DETACH +* +* @param uint32 intIfNum internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments none +* +* @end +* +*********************************************************************/ +RC_t authmgrIntfDetach (uint32 intIfNum) +{ + authmgrPortCfg_t *pCfg; + + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) == TRUE) + { + authmgrPortInfoCleanup (intIfNum); + if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities == + DOT1X_PAE_PORT_AUTH_CAPABLE) + { + (void) authmgrCtlApplyPortConfigData (intIfNum); + } + } + + return SUCCESS; +} + +/********************************************************************* +* +* @purpose To process the Callback for DELETE +* +* @param uint32 intIfNum internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments none +* +* @end +* +*********************************************************************/ +RC_t authmgrIntfDelete (uint32 intIfNum) +{ + authmgrPortCfg_t *pCfg; + + if (authmgrIntfIsConfigurable (intIfNum, &pCfg) == TRUE) + { + authmgrPortInfoCleanup (intIfNum); + + memset ((void *) &pCfg->configId, 0, sizeof (nimConfigID_t)); + memset ((void *) &authmgrCB->globalInfo->authmgrMapTbl[intIfNum], 0, + sizeof (uint32)); + memset ((void *) &authmgrCB->globalInfo->authmgrPortInfo[intIfNum], 0, + sizeof (authmgrPortInfo_t)); + memset ((void *) &authmgrCB->globalInfo->authmgrPortStats[intIfNum], 0, + sizeof (authmgrPortStats_t)); + } + + return SUCCESS; +} + + +/********************************************************************* +* @purpose Set the Violation Callback in the driver +* +* @param intIfNum @b{(input)) internal interface number +* @param flag @b{(input)) True to set the value +* +* @returns SUCCESS +* @returns FAILURE +* @returns ERROR +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrIhPhyPortViolationCallbackSet (uint32 intIfNum, + AUTHMGR_PORT_VIOLATION_CALLBACK_t + flag) +{ + RC_t rc = SUCCESS; + + if ( AUTHMGR_PORT_VIOLATION_CALLBACK_ENABLE == flag) + { + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].unLearnMacPolicy = TRUE; + } + else + { + authmgrCB->globalInfo->authmgrPortInfo[intIfNum].unLearnMacPolicy = FALSE; + } + + return rc; +} + diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_mab.c b/src/sonic-pac/authmgr/mapping/auth_mgr_mab.c new file mode 100644 index 000000000000..76de095ffef5 --- /dev/null +++ b/src/sonic-pac/authmgr/mapping/auth_mgr_mab.c @@ -0,0 +1,134 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#include "auth_mgr_include.h" +#include "auth_mgr_auth_method.h" +#include + +/********************************************************************* + * * @purpose function to send auth mgr events to dot1x daemon + * * + * * @param intIfNum interface number + * * @param event authmgr event + * * @param macAddr client mac + * * @return SUCCESS or FAILURE + * * + * * @comments + * * + * * @end + * *********************************************************************/ +RC_t authmgrMabEventSend (uint32 intIfNum, uint32 event, enetMacAddr_t *macAddr) +{ + uchar8 ctrl_ifname[ NIM_IF_ALIAS_SIZE + 1]; + char8 reply[1024] = {}; + mab_pac_cmd_t cmd_buf; + unsigned int reply_len = sizeof(reply); + unsigned int retryCnt = 3; + + nimGetIntfName (intIfNum, ALIASNAME, ctrl_ifname); + + memset(&cmd_buf, 0, sizeof(cmd_buf)); + + strncpy(cmd_buf.intf, ctrl_ifname, sizeof(cmd_buf.intf)-1); + strncpy(cmd_buf.cmd, "event-notify", strlen("event-notify")+1); + + memcpy(cmd_buf.mac_addr, macAddr->addr, 6); + + cmd_buf.notif_event = event; + +retry: + + if (retryCnt) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "authmgrMabEventSend sending %s for interface %s\n", cmd_buf.cmd, ctrl_ifname); + + memset(&reply, 0, sizeof(reply)); + + if (0 == authmgrMabDataSend(&cmd_buf, reply, &reply_len)) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s:%d reply = %s\n", __func__, __LINE__, reply); + + if ((reply_len ) && (0 == strncmp("OK", reply, strlen("OK")))) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s:%d success\n", __func__, __LINE__); + return SUCCESS; + } + else + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s:%d failure\n", __func__, __LINE__); + usleep(10*1000); + } + } + retryCnt--; + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "%s:%d retrying again (%d)", __func__, __LINE__, retryCnt); + goto retry; + } + + return FAILURE; +} + +/********************************************************************* + * * @purpose function to get dot1x admin mode + * * + * * @param intIfNum interface number + * * @param event authmgr event + * * @param macAddr client mac + * * @return SUCCESS or FAILURE + * * + * * @comments + * * + * * @end + * *********************************************************************/ +RC_t authmgrMabIntfAdminModeGet (uint32 intIfNum, BOOL *enabled) +{ + mab_pac_cmd_t cmd_buf; + char8 ctrl_ifname[16] = {}; + char8 buf[128] = {}; + unsigned int len = sizeof(buf); + + *enabled = FALSE; + nimGetIntfName (intIfNum, ALIASNAME, ctrl_ifname); + + memset(&cmd_buf, 0, sizeof(cmd_buf)); + + strncpy(cmd_buf.intf, ctrl_ifname, sizeof(cmd_buf.intf)-1); + strncpy(cmd_buf.cmd, "PING", strlen("PING")+1); + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "authmgrMabDataSend PING for %s start \n", ctrl_ifname); + if (0 == authmgrMabDataSend(&cmd_buf, buf, &len)) + { + if (0 == strncmp("PONG", buf, strlen("PONG"))) + { + *enabled = TRUE; + } + } + else + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + "authmgrMabDataSend not successful\n"); + } + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum, + " Mab reply buf = %s\n", buf); + return SUCCESS; +} diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_socket.c b/src/sonic-pac/authmgr/mapping/auth_mgr_socket.c new file mode 100644 index 000000000000..1af178a1f0bd --- /dev/null +++ b/src/sonic-pac/authmgr/mapping/auth_mgr_socket.c @@ -0,0 +1,844 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "auth_mgr_include.h" +#include "auth_mgr_auth_method.h" +#include "wpa_ctrl.h" +#include "radius_attr_parse.h" +#include "fpSonicUtils.h" + +#define MAX_CLIENTS 1024 +#define NO_SOCKET -1 +#define TID_INIT -1 +#define SERVER_IPV4_ADDR "127.0.0.1" +#define SERVER_LISTEN_PORT 3434 +#define MAX_SEND_SIZE 1024 + +#define AUTH_MGR_COPY(_a) static int _a##_##COPY(void *in, void *out) +#define AUTH_MGR_ENTER(_a, _b, _c, _rc) _rc = _a##_##COPY(_b, _c) + +#define AUTH_MGR_STR_COPY(_dst_, _src_) memcpy(_dst_, _src_, min(sizeof(_src_), sizeof(_dst_))) + +#define ETH_P_PAE 0x888E + +typedef struct connection_list_e +{ + int socket; + pthread_t tid; +}connection_list_t; + +static connection_list_t connection_list[MAX_CLIENTS] = {}; + +unsigned int extra_detail_logs = 0; + +AUTH_MGR_COPY(INTERFACE) +{ + + char *intfStr = (char *)in; + unsigned int intf = 0; + + fpGetIntIfNumFromHostIfName(intfStr, &intf); + (*(unsigned int *)out) = intf; + + return 0; +} + +AUTH_MGR_COPY(BAM_METHOD) +{ + char *methodStr = ((clientStatusReply_t *)in)->info.authInfo.bam_used; + int retVal = 0; + + if (0 == strncmp("radius", methodStr, strlen("radius"))) + { + ((authmgrClientStatusInfo_t *)out)->info.authInfo.authMethod = AUTH_METHOD_RADIUS; + } + else if (0 == strncmp("local", methodStr, strlen("local"))) + { + ((authmgrClientStatusInfo_t *)out)->info.authInfo.authMethod = AUTH_METHOD_LOCAL; + } + else + { + retVal = -1; + } + + return retVal; +} + + +AUTH_MGR_COPY(METHOD_CHANGE) +{ + authmgrClientStatusInfo_t *cInfo = (authmgrClientStatusInfo_t *)out; + clientStatusReply_t *cReply = (clientStatusReply_t *)in; + int retVal = 0; + + if (0 == strncmp("enable", cReply->info.enableStatus, strlen("enable"))) + { + cInfo->info.enableStatus = ENABLE; + } + else if (0 == strncmp("disable", cReply->info.enableStatus, strlen("disable"))) + { + cInfo->info.enableStatus = DISABLE; + } + else + { + retVal = -1; + } + + return retVal; +} + +AUTH_MGR_COPY(METHOD) +{ + char *methodStr = (char *)in; + int retVal = 0; + + if (0 == strncmp("802.1X", methodStr, strlen("802.1X"))) + { + (*(unsigned int *)out) = AUTHMGR_METHOD_8021X; + } + else if (0 == strncmp("mab", methodStr, strlen("mab"))) + { + (*(unsigned int *)out) = AUTHMGR_METHOD_MAB; + } + else + { + retVal = -1; + } + + return retVal; +} + +AUTH_MGR_COPY(COMMON_PARAMS) +{ + authmgrClientStatusInfo_t *cInfo = (authmgrClientStatusInfo_t *)out; + clientStatusReply_t *cReply = (clientStatusReply_t *)in; + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "Received update for user %02X:%02X:%02X:%02X:%02X:%02X ", + (unsigned int)cReply->info.authInfo.addr[0], (unsigned int)cReply->info.authInfo.addr[1], (unsigned int)cReply->info.authInfo.addr[2], + (unsigned int)cReply->info.authInfo.addr[3], (unsigned int)cReply->info.authInfo.addr[4], (unsigned int)cReply->info.authInfo.addr[5]); + /* copy mac address */ + memcpy(cInfo->info.authInfo.macAddr.addr, cReply->info.authInfo.addr, 6); + /* copy eapol version */ + cInfo->info.authInfo.eapolVersion = cReply->info.authInfo.eapolVersion; + return 0; +} + +AUTH_MGR_COPY(NEW_CLIENT) +{ + int rc = 0; + + AUTH_MGR_ENTER(COMMON_PARAMS, in, out, rc); + return rc; +} + +AUTH_MGR_COPY(ATTR_INFO) +{ + + authmgrClientStatusInfo_t *cInfo = (authmgrClientStatusInfo_t *)out; + clientStatusReply_t *cReply = (clientStatusReply_t *)in; + + if (cReply->info.authInfo.attrInfo.userNameLen) + { + memcpy(cInfo->info.authInfo.attrInfo.userName, cReply->info.authInfo.attrInfo.userName, cReply->info.authInfo.attrInfo.userNameLen); + cInfo->info.authInfo.attrInfo.userNameLen = cReply->info.authInfo.attrInfo.userNameLen; + } + + if (cReply->info.authInfo.attrInfo.serverStateLen) + { + memcpy(cInfo->info.authInfo.attrInfo.serverState, cReply->info.authInfo.attrInfo.serverState, cReply->info.authInfo.attrInfo.serverStateLen); + cInfo->info.authInfo.attrInfo.serverStateLen = cReply->info.authInfo.attrInfo.serverStateLen; + } + + if (cReply->info.authInfo.attrInfo.serverClassLen) + { + memcpy(cInfo->info.authInfo.attrInfo.serverClass, cReply->info.authInfo.attrInfo.serverClass, cReply->info.authInfo.attrInfo.serverClassLen); + cInfo->info.authInfo.attrInfo.serverClassLen = cReply->info.authInfo.attrInfo.serverClassLen; + } + + cInfo->info.authInfo.attrInfo.sessionTimeout = cReply->info.authInfo.attrInfo.sessionTimeout; + cInfo->info.authInfo.attrInfo.terminationAction = cReply->info.authInfo.attrInfo.terminationAction; + cInfo->info.authInfo.attrInfo.idFromServer = cReply->info.authInfo.attrInfo.idFromServer; + strcpy(cInfo->info.authInfo.attrInfo.vlanString, cReply->info.authInfo.attrInfo.vlanString); + cInfo->info.authInfo.attrInfo.attrFlags = cReply->info.authInfo.attrInfo.attrFlags; + cInfo->info.authInfo.attrInfo.vlanAttrFlags = cReply->info.authInfo.attrInfo.vlanAttrFlags; + +#if 0 + memcpy(&cInfo->info.authInfo.attrInfo, &cReply->info.authInfo.attrInfo, + sizeof(cInfo->info.authInfo.attrInfo)); +#endif + return 0; +} + + +AUTH_MGR_COPY(AUTH_SUCCESS) +{ + int rc = 0; + + authmgrClientStatusInfo_t *cInfo = (authmgrClientStatusInfo_t *)out; + clientStatusReply_t *cReply = (clientStatusReply_t *)in; + /* copy the bam if the bam method is one of the supported */ + AUTH_MGR_ENTER(BAM_METHOD, in, out, rc); + + if (0 != rc) + goto fail; + + AUTH_MGR_ENTER(COMMON_PARAMS, in, out, rc); + + /* copy other auth-success related params */ + + /* user name */ + AUTH_MGR_STR_COPY(cInfo->info.authInfo.authmgrUserName, cReply->info.authInfo.userName); + cInfo->info.authInfo.authmgrUserNameLength = cReply->info.authInfo.userNameLength; + + AUTH_MGR_ENTER(ATTR_INFO, in, out, rc); + + return 0; + +fail: + return -1; +} + + + +AUTH_MGR_COPY(COMMON_FAIL) +{ + int rc = 0; + + + authmgrClientStatusInfo_t *cInfo = (authmgrClientStatusInfo_t *)out; + clientStatusReply_t *cReply = (clientStatusReply_t *)in; + + /* copy the bam if the bam method is one of the supported */ + AUTH_MGR_ENTER(BAM_METHOD, in, out, rc); + + AUTH_MGR_ENTER(COMMON_PARAMS, in, out, rc); + + /* user name */ + AUTH_MGR_STR_COPY(cInfo->info.authInfo.authmgrUserName, cReply->info.authInfo.userName); + cInfo->info.authInfo.authmgrUserNameLength = cReply->info.authInfo.userNameLength; + + return 0; +} + + +AUTH_MGR_COPY(AUTH_FAIL) +{ + int rc = 0; + + AUTH_MGR_ENTER(COMMON_FAIL, in, out, rc); + return rc; +} + +AUTH_MGR_COPY(AUTH_TIMEOUT) +{ + int rc = 0; + + AUTH_MGR_ENTER(COMMON_FAIL, in, out, rc); + return rc; +} + +AUTH_MGR_COPY(AUTH_SERVER_COMM_FAILURE) +{ + int rc = 0; + + AUTH_MGR_ENTER(COMMON_FAIL, in, out, rc); + return rc; +} + +AUTH_MGR_COPY(RADIUS_SERVERS_DEAD) +{ + int rc = 0; + + AUTH_MGR_ENTER(COMMON_FAIL, in, out, rc); + return rc; +} + +AUTH_MGR_COPY(CLIENT_DISCONNECTED) +{ + int rc = 0; + + AUTH_MGR_ENTER(COMMON_PARAMS, in, out, rc); + return rc; +} + + +AUTH_MGR_COPY(RADIUS_DACL_INFO) +{ +return 0; +} + + +AUTH_MGR_COPY(RADIUS_FIRST_PASS_DACL_DATA) +{ +return 0; +} + +AUTH_MGR_COPY(MKA_PEER_TIMEOUT) +{ +return 0; +} + +int auth_mgr_status_params_copy(authmgrClientStatusInfo_t *clientInfo, clientStatusReply_t *reply) +{ + void *in = (void *)reply; + void *out = (void *)clientInfo; + int rc = 0; + + switch (reply->status) + { + case NEW_CLIENT: + AUTH_MGR_ENTER(NEW_CLIENT, in, out, rc); + break; + + case AUTH_FAIL: + AUTH_MGR_ENTER(AUTH_FAIL, in, out, rc); + break; + + case AUTH_SUCCESS: + AUTH_MGR_ENTER(AUTH_SUCCESS, in, out, rc); + break; + + case AUTH_TIMEOUT: + AUTH_MGR_ENTER(AUTH_TIMEOUT, in, out, rc); + break; + + case AUTH_SERVER_COMM_FAILURE: + AUTH_MGR_ENTER(AUTH_SERVER_COMM_FAILURE, in, out, rc); + break; + + case CLIENT_DISCONNECTED: + AUTH_MGR_ENTER(CLIENT_DISCONNECTED, in, out, rc); + break; + + case METHOD_CHANGE: + AUTH_MGR_ENTER(METHOD_CHANGE, in, out, rc); + break; + + case RADIUS_SERVERS_DEAD: + AUTH_MGR_ENTER(RADIUS_SERVERS_DEAD, in, out, rc); + break; + + case RADIUS_FIRST_PASS_DACL_DATA: + AUTH_MGR_ENTER(RADIUS_FIRST_PASS_DACL_DATA, in, out, rc); + break; + + case RADIUS_DACL_INFO: + AUTH_MGR_ENTER(RADIUS_DACL_INFO, in, out, rc); + break; + + case MKA_PEER_TIMEOUT: + AUTH_MGR_ENTER(MKA_PEER_TIMEOUT, in, out, rc); + break; + + default: + rc = -1; + + } +return rc; +} + +int wpa_sync_send(char *ctrl_ifname, char * cmd, char *buf, size_t *len) +{ + static struct wpa_ctrl *ctrl_conn; + int ret; + char sock_file[128]; + + memset(sock_file, 0, sizeof(sock_file)); + sprintf(sock_file, "/var/run/hostapd/%s", ctrl_ifname); + + ctrl_conn = wpa_ctrl_open(sock_file); + + if (ctrl_conn == NULL) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "Not connected to hostapd - command dropped.. retrying..\n"); + usleep(10 * 1000); + + ctrl_conn = wpa_ctrl_open(sock_file); + + if (ctrl_conn == NULL) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "Not connected to hostapd - command dropped..\n"); + return -1; + } + } + + *len = sizeof(buf) - 1; + ret = wpa_ctrl_request(ctrl_conn, cmd, strlen(cmd), buf, len, NULL); + if (ret == -2) { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "'%s' command timed out.\n", cmd); + return -2; + } else if (ret < 0) { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "'%s' command failed.\n", cmd); + return -1; + } + if (1) { + buf[*len] = '\0'; + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"hostapd reply %s", buf); + } + + wpa_ctrl_close(ctrl_conn); + return 0; +} + +/* function to receive multiple connections */ + +/* Start listening socket listen_sock. */ +int start_listen_socket(int *listen_sock) +{ + int reuse = 1; + struct sockaddr_in my_addr; + + // Obtain a file descriptor for our "listening" socket. + *listen_sock = socket(AF_INET, SOCK_STREAM, 0); + if (*listen_sock < 0) + { + perror("socket"); + return -1; + } + + if (setsockopt(*listen_sock, SOL_SOCKET, SO_REUSEADDR, &reuse, sizeof(reuse)) != 0) { + perror("setsockopt"); + return -1; + } + + memset(&my_addr, 0, sizeof(my_addr)); + my_addr.sin_family = AF_INET; + my_addr.sin_addr.s_addr = inet_addr(SERVER_IPV4_ADDR); + my_addr.sin_port = htons(SERVER_LISTEN_PORT); + + if (bind(*listen_sock, (struct sockaddr*)&my_addr, sizeof(struct sockaddr)) != 0) { + perror("bind"); + return -1; + } + + // start accept client connections + if (listen(*listen_sock, 144) != 0) { + perror("listen"); + return -1; + } + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "Accepting connections on port %d.\n", (int)SERVER_LISTEN_PORT); + + return 0; +} + +static void close_connection(int conn_socket) +{ + /* Close it regardless */ + close(conn_socket); +} + +void shutdown_properly(int *listen_sock) +{ + int i; + + for (i = 0; i < MAX_CLIENTS; ++i) + if (connection_list[i].socket != NO_SOCKET) + close_connection(connection_list[i].socket); + + close(*listen_sock); + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"Shutdown server properly.\n"); + return; +} + + +int build_fd_sets(fd_set *read_fds, fd_set *write_fds, fd_set *except_fds, int listen_sock) +{ + + FD_ZERO(read_fds); + FD_SET(listen_sock, read_fds); + return 0; +} + +/* Receive message from peer and handle it with message_handler(). */ +int read_from_connection(int socket, char *buf, unsigned int buf_len, + unsigned int *bytes_read, bool *more_data) +{ + size_t len_to_receive; + ssize_t received_count = 0; + size_t received_total = 0; + + char *buf_ptr = buf; + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "Entering read_from_connection fd %d buf_len %d\n", socket, buf_len); + + do { + if (received_total >= buf_len) + { + /* still more to copy */ + *more_data = true; + *bytes_read = received_total; + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "fd: %d There is more data , Read %zd bytes till now\n", + socket, received_count); + return 0; + } + + /* Count bytes to receive.*/ + len_to_receive = buf_len; + if (len_to_receive > MAX_SEND_SIZE) + len_to_receive = MAX_SEND_SIZE; + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "fd: %d Let's try to recv() %zd bytes... ", socket, len_to_receive); + + received_count = recv(socket, buf_ptr, len_to_receive, NULL); + + if (received_count < 0) { + if (errno == EAGAIN || errno == EWOULDBLOCK) { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "fd %d peer is not ready right now, try again later.\n", socket); + continue; + } else { + perror("recv() from peer error"); + *more_data = false; + return -1; + } + } + /* If recv() returns 0, it means that peer gracefully shutdown. Shutdown client.*/ + else if (received_count == 0) { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "fd %d recv() 0 bytes. Peer gracefully shutdown.\n", socket); + *more_data = false; + break; + } + else if (received_count > 0) { + received_total += received_count; + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "fd %d recv() %zd bytes\n", socket, received_count); + + buf_ptr += received_count; + len_to_receive -= received_count; + } + } while (received_count > 0); + + *bytes_read = received_total; + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "fd %d Total recv()'ed %zu bytes.\n", socket, received_total); + return 0; +} + + +void *handle_connection(void *arg) +{ + int new_socket = *((int *)arg); + char *recv_buff = NULL; + char *buf = NULL; + unsigned int bytes_received; + bool more_data = true; + unsigned int buff_step_size = 2048; + int rem_len = 4* buff_step_size; + int buff_size = 4* buff_step_size; + clientStatusReply_t *clientReply = NULLPTR; + authmgrClientStatusInfo_t clientStatus; + int total_read = 0; + uint32 intf = 0; + uint32 method = 0, status = 0; + void *in = NULL; + void *out = NULL; + int rc = -1; + char8 paeCapabilities = 0; + + int i; + + recv_buff = (char *)malloc(buff_size); + + if (!recv_buff) + goto conn_close; + + memset(recv_buff, 0, buff_size); + buf = recv_buff; + + while(more_data) + { + more_data = false; + if (rem_len <= 0) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "fd %d More data to read, but not sufficient buffer !!\n", new_socket); + buff_size += buff_step_size; + recv_buff = (char *)realloc(recv_buff, buff_size); + buf = recv_buff + total_read; + rem_len = buff_size - total_read; + } + bytes_received = 0; + if (0 != read_from_connection(new_socket, buf, rem_len, &bytes_received, &more_data)) + { + break; + } + total_read += bytes_received; + buf = recv_buff + total_read; + rem_len = buff_size - total_read; + } + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"fd %d : buffer: total_read %d", new_socket, total_read); + + close(new_socket); + + if (extra_detail_logs) + { + char *ptr = recv_buff; + for (i =0; i<10; i++) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"0x%x ", ptr[i]); + } + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"\nstart processing !!\n"); + } + /* invoke api to decipher the data + * and post to the appropriate queue */ + + memset(&clientStatus, 0, sizeof(clientStatus)); + + clientReply = (clientStatusReply_t *)recv_buff; + + if (clientReply->status) + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "Read update from socket for user %02X:%02X:%02X:%02X:%02X:%02X on interface %s" + "status %s method %s", + (unsigned int)clientReply->info.authInfo.addr[0], + (unsigned int)clientReply->info.authInfo.addr[1], + (unsigned int)clientReply->info.authInfo.addr[2], + (unsigned int)clientReply->info.authInfo.addr[3], + (unsigned int)clientReply->info.authInfo.addr[4], + (unsigned int)clientReply->info.authInfo.addr[5], + clientReply->intf, authmgrMethodStatusStringGet(clientReply->status), clientReply->method); + + /* convert char intf to intf number */ + in = (void *)clientReply->intf; + out = (void *)&intf; + + AUTH_MGR_ENTER(INTERFACE, in, out, rc); + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"AUTH_MGR_ENTER INTERFACE !! rc %d \n", rc); + + if (-1 == rc) + goto conn_close; + + (void)authmgrDot1xPortPaeCapabilitiesGet(intf, &paeCapabilities); + if ( DOT1X_PAE_PORT_AUTH_CAPABLE != paeCapabilities) + goto conn_close; + + /* copy the method */ + in = (void *)clientReply->method; + out = (void *)&method; + + AUTH_MGR_ENTER(METHOD, in, out, rc); + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"AUTH_MGR_ENTER METHOD !! rc %d \n", rc); + if (-1 == rc) + goto conn_close; + + status = clientReply->status; + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"client reply Status %d \n", status); + rc = auth_mgr_status_params_copy(&clientStatus, clientReply); + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"AUTH_MGR_ENTER PARAMS COPY !! rc %d \n", rc); + if (-1 == rc) + goto conn_close; + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"AUTH_MGR_ENTER status update !! rc %d \n", rc); + authmgrPortClientAuthStatusUpdate (intf, method, + status, (void *) &clientStatus); + +conn_close: + if (recv_buff) + free(recv_buff); + free (arg); + pthread_exit(NULL); +} + +int open_new_connection(int new_client_sock) +{ + pthread_attr_t tattr; + static int cl_count; + int ret = 0; + int *new_sock; + + if ((ret = pthread_attr_init(&tattr)) !=0) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, 0, + "Failed to create thread - pthread_attr_init failed with %d\n", ret); + close(new_client_sock); + return -1; + } + + if ((ret = pthread_attr_setdetachstate(&tattr,PTHREAD_CREATE_DETACHED)) !=0) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, 0, + "Failed to create thread - pthread_attr_setdetachstate failed with %d\n", ret); + close(new_client_sock); + pthread_attr_destroy(&tattr); + return -1; + } + + new_sock = malloc(sizeof(*new_sock)); + *new_sock = new_client_sock; + + connection_list[cl_count].socket = new_client_sock; + connection_list[cl_count].tid = TID_INIT; + + if ((ret = pthread_create(&connection_list[cl_count].tid, &tattr, + handle_connection, (void*)new_sock)) !=0) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, 0, + "Failed to create thread with %d\n", ret); + free(new_sock); + close_connection(new_client_sock); + pthread_attr_destroy(&tattr); + return -1; + } + cl_count = (cl_count+1)%MAX_CLIENTS; + pthread_attr_destroy(&tattr); + return 0; +} + + +int handle_async_resp_data(int *listen_sock) +{ + int i; + int new_client_sock = -1; + struct sockaddr_in client_addr; + socklen_t client_len = sizeof(client_addr); + char client_ipv4_str[INET_ADDRSTRLEN]; + struct linger sl; + + + if (start_listen_socket(listen_sock) != 0) { + return -1; + } + + for (i = 0; i < MAX_CLIENTS; ++i) + { + connection_list[i].socket = NO_SOCKET; + connection_list[i].tid = TID_INIT; + } + + while (1) + { + new_client_sock = -1; + memset(&client_addr, 0, sizeof(client_addr)); + + new_client_sock = accept(*listen_sock, (struct sockaddr *)&client_addr, &client_len); + if (new_client_sock < 0) { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, 0, "accept failed"); + continue; + } + + sl.l_onoff = 1; /* enable linger option */ + sl.l_linger = 0; /* timeout interval in seconds */ + if (-1 == setsockopt(new_client_sock, SOL_SOCKET, SO_LINGER, &sl, sizeof(sl))) + { + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "unable to set SO_LINGER option socket with fd: %d\n", new_client_sock); + } + + + inet_ntop(AF_INET, &client_addr.sin_addr, client_ipv4_str, INET_ADDRSTRLEN); + + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, 0, + "received from client fd %d [%s:%u] ", + new_client_sock, inet_ntoa(client_addr.sin_addr), ntohs(client_addr.sin_port)); + open_new_connection(new_client_sock); + } + return 0; +} + +int authmgrMabDataSend(mab_pac_cmd_t *req, char *resp, unsigned int *len) +{ + struct sockaddr_in saddr; + int fd, rc; + struct hostent *local_host; + char *ptr = (char *)req; + struct sockaddr_in client; + socklen_t clientlen = sizeof(client); + + /* open the socket to MAB server */ + fd = socket(AF_INET, SOCK_STREAM, 0); + if (fd == -1) + { + fprintf(stderr, "socket failed [%s]\n", strerror(errno)); + return -1; + } + + saddr.sin_family = AF_INET; + saddr.sin_port = htons(3734); + local_host = gethostbyname("127.0.0.1"); + saddr.sin_addr = *((struct in_addr *)local_host->h_addr); + + rc = connect(fd, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in)); + if (-1 == rc) + { + fprintf(stderr, "connect failed [%s]\n", strerror(errno)); + goto close_soc; + } + + getsockname(fd, (struct sockaddr *) &client, &clientlen); + + AUTHMGR_EVENT_TRACE(AUTHMGR_TRACE_EVENTS, 0, + "The Socket is now connected fd %d [%s:%u] ", + fd, inet_ntoa(client.sin_addr), ntohs(client.sin_port)); + + /* Send the command req */ + rc = send(fd, ptr, sizeof(mab_pac_cmd_t), 0); + AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0, + "fd : %d Successfully sent data (len %lu bytes): %s", + fd, sizeof(mab_pac_cmd_t), req->cmd); + + /* read the resp */ + rc = recv(fd, resp, *len, NULL); + + *len = 0; + if (rc) + { + *len = rc; + } + +close_soc: + close(fd); + return 0; +} + + + + +RC_t auth_mgr_eap_socket_create( int32 *fd) +{ + *fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_PAE)); + if (*fd < 0) { + printf("%s, %d socket[PF_PACKET,SOCK_RAW]: %s", + __func__, __LINE__, strerror(errno)); + return FAILURE; + } +return SUCCESS; + + +}